svn commit: r243727 - head/sys/security/audit

Fri, 30 Nov 2012 15:22:05 -0800 

Author: pjd
Date: Fri Nov 30 23:21:55 2012
New Revision: 243727
URL: http://svnweb.freebsd.org/changeset/base/243727

Log:
  IFp4 @208452:
  
  Audit handling for missing events:
  - AUE_READLINKAT
  - AUE_FACCESSAT
  - AUE_MKDIRAT
  - AUE_MKFIFOAT
  - AUE_MKNODAT
  - AUE_SYMLINKAT
  
  Sponsored by: FreeBSD Foundation (auditdistd)
  MFC after:    2 weeks

Modified:
  head/sys/security/audit/audit_bsm.c

Modified: head/sys/security/audit/audit_bsm.c
==============================================================================
--- head/sys/security/audit/audit_bsm.c Fri Nov 30 23:18:49 2012        
(r243726)
+++ head/sys/security/audit/audit_bsm.c Fri Nov 30 23:21:55 2012        
(r243727)
@@ -724,13 +724,6 @@ kaudit_to_bsm(struct kaudit_record *kar,
                 */
                break;
 
-       case AUE_MKFIFO:
-               if (ARG_IS_VALID(kar, ARG_MODE)) {
-                       tok = au_to_arg32(2, "mode", ar->ar_arg_mode);
-                       kau_write(rec, tok);
-               }
-               /* FALLTHROUGH */
-
        case AUE_CHDIR:
        case AUE_CHROOT:
        case AUE_FSTATAT:
@@ -743,6 +736,7 @@ kaudit_to_bsm(struct kaudit_record *kar,
        case AUE_LPATHCONF:
        case AUE_PATHCONF:
        case AUE_READLINK:
+       case AUE_READLINKAT:
        case AUE_REVOKE:
        case AUE_RMDIR:
        case AUE_SEARCHFS:
@@ -762,6 +756,8 @@ kaudit_to_bsm(struct kaudit_record *kar,
 
        case AUE_ACCESS:
        case AUE_EACCESS:
+       case AUE_FACCESSAT:
+               ATFD1_TOKENS(1);
                UPATH1_VNODE1_TOKENS;
                if (ARG_IS_VALID(kar, ARG_VALUE)) {
                        tok = au_to_arg32(2, "mode", ar->ar_arg_value);
@@ -1059,6 +1055,10 @@ kaudit_to_bsm(struct kaudit_record *kar,
                break;
 
        case AUE_MKDIR:
+       case AUE_MKDIRAT:
+       case AUE_MKFIFO:
+       case AUE_MKFIFOAT:
+               ATFD1_TOKENS(1);
                if (ARG_IS_VALID(kar, ARG_MODE)) {
                        tok = au_to_arg32(2, "mode", ar->ar_arg_mode);
                        kau_write(rec, tok);
@@ -1067,6 +1067,8 @@ kaudit_to_bsm(struct kaudit_record *kar,
                break;
 
        case AUE_MKNOD:
+       case AUE_MKNODAT:
+               ATFD1_TOKENS(1);
                if (ARG_IS_VALID(kar, ARG_MODE)) {
                        tok = au_to_arg32(2, "mode", ar->ar_arg_mode);
                        kau_write(rec, tok);
@@ -1546,10 +1548,12 @@ kaudit_to_bsm(struct kaudit_record *kar,
                break;
 
        case AUE_SYMLINK:
+       case AUE_SYMLINKAT:
                if (ARG_IS_VALID(kar, ARG_TEXT)) {
                        tok = au_to_text(ar->ar_arg_text);
                        kau_write(rec, tok);
                }
+               ATFD1_TOKENS(1);
                UPATH1_VNODE1_TOKENS;
                break;
 
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to