Print this page
11842 Want audit events for auditon(A_SETPMASK) and friends
Reviewed by: John Levon <john.levon@joyent.com>
Reviewed by: Andy Fiddaman <andy@omniosce.org>

@@ -3037,12 +3037,25 @@
                         e = AUE_AUDITON_GETCLASS;
                         break;
                 case A_SETCLASS:
                         e = AUE_AUDITON_SETCLASS;
                         break;
+                case A_GETPINFO:
+                case A_GETPINFO_ADDR:
+                        e = AUE_AUDITON_GETPINFO;
+                        break;
+                case A_SETPMASK:
+                        e = AUE_AUDITON_SETPMASK;
+                        break;
+                case A_GETKAUDIT:
+                        e = AUE_AUDITON_GETKAUDIT;
+                        break;
+                case A_SETKAUDIT:
+                        e = AUE_AUDITON_SETKAUDIT;
+                        break;
                 default:
-                        e = AUE_NULL;
+                        e = AUE_AUDITON_OTHER;
                         break;
                 }
                 break;
         default:
                 e = AUE_NULL;

@@ -3059,10 +3072,11 @@
 {
         klwp_t *clwp = ttolwp(curthread);
         uintptr_t a1, a2;
         STRUCT_DECL(auditinfo, ainfo);
         STRUCT_DECL(auditinfo_addr, ainfo_addr);
+        STRUCT_DECL(auditpinfo, apinfo);
         au_evclass_map_t event;
         au_mask_t mask;
         int auditstate, policy;
         au_id_t auid;
 

@@ -3236,10 +3250,57 @@
                 au_uwrite(au_to_arg32(
                     2, "setclass:ec_event", (uint32_t)event.ec_number));
                 au_uwrite(au_to_arg32(
                     3, "setclass:ec_class", (uint32_t)event.ec_class));
                 break;
+        case AUE_AUDITON_SETPMASK:
+                STRUCT_INIT(apinfo, get_udatamodel());
+                if (copyin((caddr_t)uap->a2, STRUCT_BUF(apinfo),
+                    STRUCT_SIZE(apinfo))) {
+                        return;
+                }
+                au_uwrite(au_to_arg32(3, "setpmask:pid",
+                    (uint32_t)STRUCT_FGET(apinfo, ap_pid)));
+                au_uwrite(au_to_arg32(3, "setpmask:as_success",
+                    (uint32_t)STRUCT_FGET(apinfo, ap_mask.as_success)));
+                au_uwrite(au_to_arg32(3, "setpmask:as_failure",
+                    (uint32_t)STRUCT_FGET(apinfo, ap_mask.as_failure)));
+                break;
+        case AUE_AUDITON_SETKAUDIT:
+                STRUCT_INIT(ainfo_addr, get_udatamodel());
+                if (copyin((caddr_t)a1, STRUCT_BUF(ainfo_addr),
+                    STRUCT_SIZE(ainfo_addr))) {
+                                return;
+                }
+                au_uwrite(au_to_arg32((char)1, "auid",
+                    (uint32_t)STRUCT_FGET(ainfo_addr, ai_auid)));
+#ifdef _LP64
+                au_uwrite(au_to_arg64((char)1, "port",
+                    (uint64_t)STRUCT_FGET(ainfo_addr, ai_termid.at_port)));
+#else
+                au_uwrite(au_to_arg32((char)1, "port",
+                    (uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_port)));
+#endif
+                au_uwrite(au_to_arg32((char)1, "type",
+                    (uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_type)));
+                if ((uint32_t)STRUCT_FGET(ainfo_addr, ai_termid.at_type) ==
+                    AU_IPv4) {
+                        au_uwrite(au_to_in_addr(
+                            (struct in_addr *)STRUCT_FGETP(ainfo_addr,
+                            ai_termid.at_addr)));
+                } else {
+                        au_uwrite(au_to_in_addr_ex(
+                            (int32_t *)STRUCT_FGETP(ainfo_addr,
+                            ai_termid.at_addr)));
+                }
+                au_uwrite(au_to_arg32((char)1, "as_success",
+                    (uint32_t)STRUCT_FGET(ainfo_addr, ai_mask.as_success)));
+                au_uwrite(au_to_arg32((char)1, "as_failure",
+                    (uint32_t)STRUCT_FGET(ainfo_addr, ai_mask.as_failure)));
+                au_uwrite(au_to_arg32((char)1, "asid",
+                    (uint32_t)STRUCT_FGET(ainfo_addr, ai_asid)));
+                break;
         case AUE_GETAUID:
         case AUE_GETAUDIT:
         case AUE_GETAUDIT_ADDR:
         case AUE_AUDIT:
         case AUE_AUDITON_GPOLICY:

@@ -3250,10 +3311,13 @@
         case AUE_AUDITON_GETCAR:
         case AUE_AUDITON_GETSTAT:
         case AUE_AUDITON_SETSTAT:
         case AUE_AUDITON_GETCOND:
         case AUE_AUDITON_GETCLASS:
+        case AUE_AUDITON_GETPINFO:
+        case AUE_AUDITON_GETKAUDIT:
+        case AUE_AUDITON_OTHER:
                 break;
         default:
                 break;
         }