PERFORCE change 87630 for review
Wayne Salamon
wsalamon at FreeBSD.org
Fri Dec 2 02:24:26 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=87630
Change 87630 by wsalamon at gretsch on 2005/12/02 02:23:53
Wrap the usage of audit arguments with conditionals to check that
the argument was actually captured.
Affected files ...
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#30 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#30 (text+ko) ====
@@ -207,6 +207,10 @@
} while (0)
#define FD_VNODE1_TOKENS do { \
+ if (ARG_IS_VALID(kar, ARG_FD)) { \
+ tok = au_to_arg32(1, "fd", ar->ar_arg_fd); \
+ kau_write(rec, tok); \
+ } \
if (ARG_IS_VALID(kar, ARG_VNODE1)) { \
tok = au_to_attr32(&ar->ar_arg_vnode1); \
kau_write(rec, tok); \
@@ -222,10 +226,8 @@
} \
} while (0)
-/*
- * XXXAUDIT: We read ar_arg_pid without testing that it is valid first.
- */
#define PROCESS_PID_TOKENS(argn) do { \
+ if (ARG_IS_VALID(kar, ARG_PID)) { \
if ((ar->ar_arg_pid > 0) /* Kill a single process */ \
&& (ARG_IS_VALID(kar, ARG_PROCESS))) { \
tok = au_to_process(ar->ar_arg_auid, \
@@ -239,7 +241,8 @@
ar->ar_arg_pid); \
kau_write(rec, tok); \
} \
- } while (0) \
+ } \
+} while (0) \
/*
* Implement auditing for the auditon() system call. The audit tokens that
@@ -399,8 +402,10 @@
case AUE_RECVMSG:
case AUE_SENDMSG:
case AUE_SENDTO:
- tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_FD)) {
+ tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
+ kau_write(rec, tok);
+ }
if (ARG_IS_VALID(kar, ARG_SADDRINET)) {
tok = au_to_sock_inet(
(struct sockaddr_in *)&ar->ar_arg_sockaddr);
@@ -417,18 +422,25 @@
case AUE_SOCKET:
case AUE_SOCKETPAIR:
- tok = au_to_arg32(1,"domain", ar->ar_arg_sockinfo.so_domain);
- kau_write(rec, tok);
- tok = au_to_arg32(2,"type", ar->ar_arg_sockinfo.so_type);
- kau_write(rec, tok);
- tok = au_to_arg32(3,"protocol",ar->ar_arg_sockinfo.so_protocol);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_SOCKINFO)) {
+ tok = au_to_arg32(1,"domain",
+ ar->ar_arg_sockinfo.so_domain);
+ kau_write(rec, tok);
+ tok = au_to_arg32(2,"type",
+ ar->ar_arg_sockinfo.so_type);
+ kau_write(rec, tok);
+ tok = au_to_arg32(3,"protocol",
+ ar->ar_arg_sockinfo.so_protocol);
+ kau_write(rec, tok);
+ }
break;
case AUE_SETSOCKOPT:
case AUE_SHUTDOWN:
- tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_FD)) {
+ tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
+ kau_write(rec, tok);
+ }
break;
case AUE_ACCT:
@@ -441,8 +453,10 @@
break;
case AUE_SETAUID:
- tok = au_to_arg32(2, "setauid", ar->ar_arg_auid);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_AUID)) {
+ tok = au_to_arg32(2, "setauid", ar->ar_arg_auid);
+ kau_write(rec, tok);
+ }
break;
case AUE_SETAUDIT:
@@ -471,8 +485,10 @@
case AUE_AUDITON:
/* For AUDITON commands without own event, audit the cmd */
- tok = au_to_arg32(1, "cmd", ar->ar_arg_cmd);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_CMD)) {
+ tok = au_to_arg32(1, "cmd", ar->ar_arg_cmd);
+ kau_write(rec, tok);
+ }
/* fall thru */
case AUE_AUDITON_GETCAR:
@@ -501,8 +517,11 @@
break;
case AUE_EXIT:
- tok = au_to_exit(ar->ar_arg_exitretval, ar->ar_arg_exitstatus);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_EXIT)) {
+ tok = au_to_exit(ar->ar_arg_exitretval,
+ ar->ar_arg_exitstatus);
+ kau_write(rec, tok);
+ }
break;
case AUE_ADJTIME:
@@ -545,24 +564,32 @@
case AUE_CHFLAGS:
case AUE_LCHFLAGS:
- tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
+ tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
+ kau_write(rec, tok);
+ }
UPATH1_VNODE1_TOKENS;
break;
case AUE_CHMOD:
case AUE_LCHMOD:
- tok = au_to_arg32(2, "new file mode", ar->ar_arg_mode);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_MODE)) {
+ tok = au_to_arg32(2, "new file mode", ar->ar_arg_mode);
+ kau_write(rec, tok);
+ }
UPATH1_VNODE1_TOKENS;
break;
case AUE_CHOWN:
case AUE_LCHOWN:
- tok = au_to_arg32(2, "new file uid", ar->ar_arg_uid);
- kau_write(rec, tok);
- tok = au_to_arg32(3, "new file gid", ar->ar_arg_gid);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_UID)) {
+ tok = au_to_arg32(2, "new file uid", ar->ar_arg_uid);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_GID)) {
+ tok = au_to_arg32(3, "new file gid", ar->ar_arg_gid);
+ kau_write(rec, tok);
+ }
UPATH1_VNODE1_TOKENS;
break;
@@ -572,14 +599,18 @@
break;
case AUE_CLOSE:
- tok = au_to_arg32(2, "fd", ar->ar_arg_fd);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_FD)) {
+ tok = au_to_arg32(2, "fd", ar->ar_arg_fd);
+ kau_write(rec, tok);
+ }
UPATH1_VNODE1_TOKENS;
break;
case AUE_FCHMOD:
- tok = au_to_arg32(2, "new file mode", ar->ar_arg_mode);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_MODE)) {
+ tok = au_to_arg32(2, "new file mode", ar->ar_arg_mode);
+ kau_write(rec, tok);
+ }
FD_VNODE1_TOKENS;
break;
@@ -595,73 +626,100 @@
break;
case AUE_FCHOWN:
- tok = au_to_arg32(2, "new file uid", ar->ar_arg_uid);
- kau_write(rec, tok);
- tok = au_to_arg32(3, "new file gid", ar->ar_arg_gid);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_UID)) {
+ tok = au_to_arg32(2, "new file uid", ar->ar_arg_uid);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_GID)) {
+ tok = au_to_arg32(3, "new file gid", ar->ar_arg_gid);
+ kau_write(rec, tok);
+ }
FD_VNODE1_TOKENS;
break;
case AUE_FCNTL:
if (ar->ar_arg_cmd == F_GETLK || ar->ar_arg_cmd == F_SETLK ||
ar->ar_arg_cmd == F_SETLKW) {
- tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_CMD)) {
+ tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd);
+ kau_write(rec, tok);
+ }
FD_VNODE1_TOKENS;
}
break;
case AUE_FCHFLAGS:
- tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
+ tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
+ kau_write(rec, tok);
+ }
FD_VNODE1_TOKENS;
break;
case AUE_FLOCK:
- tok = au_to_arg32(2, "operation", ar->ar_arg_cmd);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_CMD)) {
+ tok = au_to_arg32(2, "operation", ar->ar_arg_cmd);
+ kau_write(rec, tok);
+ }
FD_VNODE1_TOKENS;
break;
case AUE_RFORK:
- tok = au_to_arg32(1, "flags", ar->ar_arg_fflags);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
+ tok = au_to_arg32(1, "flags", ar->ar_arg_fflags);
+ kau_write(rec, tok);
+ }
/* fall through */
case AUE_FORK:
case AUE_VFORK:
- tok = au_to_arg32(0, "child PID", ar->ar_arg_pid);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_PID)) {
+ tok = au_to_arg32(0, "child PID", ar->ar_arg_pid);
+ kau_write(rec, tok);
+ }
break;
case AUE_IOCTL:
- tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd);
- kau_write(rec, tok);
- tok = au_to_arg32(1, "arg", (u_int32_t)ar->ar_arg_addr);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_CMD)) {
+ tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_ADDR)) {
+ tok = au_to_arg32(1, "arg", (u_int32_t)ar->ar_arg_addr);
+ kau_write(rec, tok);
+ }
if (ARG_IS_VALID(kar, ARG_VNODE1)) {
FD_VNODE1_TOKENS;
} else {
if (ARG_IS_VALID(kar, ARG_SOCKINFO)) {
- tok = kau_to_socket(&ar->ar_arg_sockinfo);
- kau_write(rec, tok);
+ tok = kau_to_socket(&ar->ar_arg_sockinfo);
+ kau_write(rec, tok);
} else {
- tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_FD)) {
+ tok = au_to_arg32(1, "fd",
+ ar->ar_arg_fd);
+ kau_write(rec, tok);
+ }
}
}
break;
case AUE_KILL:
- tok = au_to_arg32(2, "signal", ar->ar_arg_signum);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_SIGNUM)) {
+ tok = au_to_arg32(2, "signal", ar->ar_arg_signum);
+ kau_write(rec, tok);
+ }
PROCESS_PID_TOKENS(1);
break;
case AUE_KTRACE:
- tok = au_to_arg32(2, "ops", ar->ar_arg_cmd);
- kau_write(rec, tok);
- tok = au_to_arg32(3, "trpoints", ar->ar_arg_value);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_CMD)) {
+ tok = au_to_arg32(2, "ops", ar->ar_arg_cmd);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_VALUE)) {
+ tok = au_to_arg32(3, "trpoints", ar->ar_arg_value);
+ kau_write(rec, tok);
+ }
PROCESS_PID_TOKENS(4);
UPATH1_VNODE1_TOKENS;
break;
@@ -673,22 +731,31 @@
break;
case AUE_LOADSHFILE:
- tok = au_to_arg32(4, "base addr", (u_int32_t)ar->ar_arg_addr);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_ADDR)) {
+ tok = au_to_arg32(4, "base addr",
+ (u_int32_t)ar->ar_arg_addr);
+ kau_write(rec, tok);
+ }
UPATH1_VNODE1_TOKENS;
break;
case AUE_MKDIR:
- tok = au_to_arg32(2, "mode", ar->ar_arg_mode);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_MODE)) {
+ tok = au_to_arg32(2, "mode", ar->ar_arg_mode);
+ kau_write(rec, tok);
+ }
UPATH1_VNODE1_TOKENS;
break;
case AUE_MKNOD:
- tok = au_to_arg32(2, "mode", ar->ar_arg_mode);
- kau_write(rec, tok);
- tok = au_to_arg32(3, "dev", ar->ar_arg_dev);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_MODE)) {
+ tok = au_to_arg32(2, "mode", ar->ar_arg_mode);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_DEV)) {
+ tok = au_to_arg32(3, "dev", ar->ar_arg_dev);
+ kau_write(rec, tok);
+ }
UPATH1_VNODE1_TOKENS;
break;
@@ -698,26 +765,39 @@
case AUE_MLOCK:
case AUE_MUNLOCK:
case AUE_MINHERIT:
- tok = au_to_arg32(1, "addr", (u_int32_t)ar->ar_arg_addr);
- kau_write(rec, tok);
- tok = au_to_arg32(2, "len", ar->ar_arg_len);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_ADDR)) {
+ tok = au_to_arg32(1, "addr",
+ (u_int32_t)ar->ar_arg_addr);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_LEN)) {
+ tok = au_to_arg32(2, "len", ar->ar_arg_len);
+ kau_write(rec, tok);
+ }
if (ar->ar_event == AUE_MMAP)
FD_VNODE1_TOKENS;
if (ar->ar_event == AUE_MPROTECT) {
- tok = au_to_arg32(3, "protection", ar->ar_arg_value);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_VALUE)) {
+ tok = au_to_arg32(3, "protection",
+ ar->ar_arg_value);
+ kau_write(rec, tok);
+ }
}
if (ar->ar_event == AUE_MINHERIT) {
- tok = au_to_arg32(3, "inherit", ar->ar_arg_value);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_VALUE)) {
+ tok = au_to_arg32(3, "inherit",
+ ar->ar_arg_value);
+ kau_write(rec, tok);
+ }
}
break;
case AUE_MOUNT:
/* XXX Need to handle NFS mounts */
- tok = au_to_arg32(3, "flags", ar->ar_arg_fflags);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
+ tok = au_to_arg32(3, "flags", ar->ar_arg_fflags);
+ kau_write(rec, tok);
+ }
if (ARG_IS_VALID(kar, ARG_TEXT)) {
tok = au_to_text(ar->ar_arg_text);
kau_write(rec, tok);
@@ -742,14 +822,20 @@
case AUE_MSGGET:
if (ar->ar_errno == 0) {
- tok = au_to_ipc(AT_IPC_MSG, ar->ar_arg_svipc_id);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_SVIPC_ID)) {
+ tok = au_to_ipc(AT_IPC_MSG,
+ ar->ar_arg_svipc_id);
+ kau_write(rec, tok);
+ }
}
break;
case AUE_RESETSHFILE:
- tok = au_to_arg32(1, "base addr", (u_int32_t)ar->ar_arg_addr);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_ADDR)) {
+ tok = au_to_arg32(1, "base addr",
+ (u_int32_t)ar->ar_arg_addr);
+ kau_write(rec, tok);
+ }
break;
case AUE_OPEN_RC:
@@ -759,8 +845,10 @@
case AUE_OPEN_WC:
case AUE_OPEN_WTC:
/* case AUE_O_CREAT: */ /* AUE_O_CREAT == AUE_OPEN_RWTC */
- tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_MODE)) {
+ tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
+ kau_write(rec, tok);
+ }
/* fall through */
case AUE_OPEN_R:
@@ -769,94 +857,143 @@
case AUE_OPEN_RWT:
case AUE_OPEN_W:
case AUE_OPEN_WT:
- tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
+ tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
+ kau_write(rec, tok);
+ }
UPATH1_VNODE1_TOKENS;
break;
case AUE_PTRACE:
- tok = au_to_arg32(1, "request", ar->ar_arg_cmd);
- kau_write(rec, tok);
- tok = au_to_arg32(3, "addr", (u_int32_t)ar->ar_arg_addr);
- kau_write(rec, tok);
- tok = au_to_arg32(4, "data", ar->ar_arg_value);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_CMD)) {
+ tok = au_to_arg32(1, "request", ar->ar_arg_cmd);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_ADDR)) {
+ tok = au_to_arg32(3, "addr",
+ (u_int32_t)ar->ar_arg_addr);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_VALUE)) {
+ tok = au_to_arg32(4, "data", ar->ar_arg_value);
+ kau_write(rec, tok);
+ }
PROCESS_PID_TOKENS(2);
break;
case AUE_QUOTACTL:
- tok = au_to_arg32(2, "command", ar->ar_arg_cmd);
- kau_write(rec, tok);
- tok = au_to_arg32(3, "uid", ar->ar_arg_uid);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_CMD)) {
+ tok = au_to_arg32(2, "command", ar->ar_arg_cmd);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_UID)) {
+ tok = au_to_arg32(3, "uid", ar->ar_arg_uid);
+ kau_write(rec, tok);
+ }
UPATH1_VNODE1_TOKENS;
break;
case AUE_REBOOT:
- tok = au_to_arg32(1, "howto", ar->ar_arg_cmd);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_CMD)) {
+ tok = au_to_arg32(1, "howto", ar->ar_arg_cmd);
+ kau_write(rec, tok);
+ }
break;
case AUE_SEMCTL:
ar->ar_event = semctl_to_event(ar->ar_arg_svipc_cmd);
/* Fall through */
case AUE_SEMOP:
- tok = au_to_arg32(1, "sem ID", ar->ar_arg_svipc_id);
- kau_write(rec, tok);
- if (ar->ar_errno != EINVAL) {
- tok = au_to_ipc(AT_IPC_SEM, ar->ar_arg_svipc_id);
+ if (ARG_IS_VALID(kar, ARG_SVIPC_ID)) {
+ tok = au_to_arg32(1, "sem ID", ar->ar_arg_svipc_id);
kau_write(rec, tok);
+ if (ar->ar_errno != EINVAL) {
+ tok = au_to_ipc(AT_IPC_SEM,
+ ar->ar_arg_svipc_id);
+ kau_write(rec, tok);
+ }
}
break;
case AUE_SEMGET:
if (ar->ar_errno == 0) {
- tok = au_to_ipc(AT_IPC_SEM, ar->ar_arg_svipc_id);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_SVIPC_ID)) {
+ tok = au_to_ipc(AT_IPC_SEM,
+ ar->ar_arg_svipc_id);
+ kau_write(rec, tok);
+ }
}
break;
case AUE_SETEGID:
- tok = au_to_arg32(1, "gid", ar->ar_arg_egid);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_EGID)) {
+ tok = au_to_arg32(1, "gid", ar->ar_arg_egid);
+ kau_write(rec, tok);
+ }
break;
case AUE_SETEUID:
- tok = au_to_arg32(1, "uid", ar->ar_arg_euid);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_EUID)) {
+ tok = au_to_arg32(1, "uid", ar->ar_arg_euid);
+ kau_write(rec, tok);
+ }
break;
case AUE_SETREGID:
- tok = au_to_arg32(1, "rgid", ar->ar_arg_rgid);
- kau_write(rec, tok);
- tok = au_to_arg32(2, "egid", ar->ar_arg_egid);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_RGID)) {
+ tok = au_to_arg32(1, "rgid", ar->ar_arg_rgid);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_EGID)) {
+ tok = au_to_arg32(2, "egid", ar->ar_arg_egid);
+ kau_write(rec, tok);
+ }
break;
case AUE_SETREUID:
- tok = au_to_arg32(1, "ruid", ar->ar_arg_ruid);
- kau_write(rec, tok);
- tok = au_to_arg32(2, "euid", ar->ar_arg_euid);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_RUID)) {
+ tok = au_to_arg32(1, "ruid", ar->ar_arg_ruid);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_EUID)) {
+ tok = au_to_arg32(2, "euid", ar->ar_arg_euid);
+ kau_write(rec, tok);
+ }
break;
case AUE_SETRESGID:
- tok = au_to_arg32(1, "rgid", ar->ar_arg_rgid);
- kau_write(rec, tok);
- tok = au_to_arg32(2, "egid", ar->ar_arg_egid);
- kau_write(rec, tok);
- tok = au_to_arg32(3, "sgid", ar->ar_arg_sgid);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_RGID)) {
+ tok = au_to_arg32(1, "rgid", ar->ar_arg_rgid);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_EGID)) {
+ tok = au_to_arg32(2, "egid", ar->ar_arg_egid);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_SGID)) {
+ tok = au_to_arg32(3, "sgid", ar->ar_arg_sgid);
+ kau_write(rec, tok);
+ }
break;
case AUE_SETRESUID:
- tok = au_to_arg32(1, "ruid", ar->ar_arg_ruid);
- kau_write(rec, tok);
- tok = au_to_arg32(2, "euid", ar->ar_arg_euid);
- kau_write(rec, tok);
- tok = au_to_arg32(3, "suid", ar->ar_arg_suid);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_RUID)) {
+ tok = au_to_arg32(1, "ruid", ar->ar_arg_ruid);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_EUID)) {
+ tok = au_to_arg32(2, "euid", ar->ar_arg_euid);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_SUID)) {
+ tok = au_to_arg32(3, "suid", ar->ar_arg_suid);
+ kau_write(rec, tok);
+ }
break;
case AUE_SETGID:
- tok = au_to_arg32(1, "gid", ar->ar_arg_gid);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_GID)) {
+ tok = au_to_arg32(1, "gid", ar->ar_arg_gid);
+ kau_write(rec, tok);
+ }
break;
case AUE_SETUID:
- tok = au_to_arg32(1, "uid", ar->ar_arg_uid);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_UID)) {
+ tok = au_to_arg32(1, "uid", ar->ar_arg_uid);
+ kau_write(rec, tok);
+ }
break;
case AUE_SETGROUPS:
if (ARG_IS_VALID(kar, ARG_GROUPSET)) {
@@ -876,62 +1013,68 @@
break;
case AUE_SETPRIORITY:
- tok = au_to_arg32(1, "which", ar->ar_arg_cmd);
- kau_write(rec, tok);
- tok = au_to_arg32(2, "who", ar->ar_arg_uid);
- kau_write(rec, tok);
- tok = au_to_arg32(2, "priority", ar->ar_arg_value);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_CMD)) {
+ tok = au_to_arg32(1, "which", ar->ar_arg_cmd);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_UID)) {
+ tok = au_to_arg32(2, "who", ar->ar_arg_uid);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_VALUE)) {
+ tok = au_to_arg32(2, "priority", ar->ar_arg_value);
+ kau_write(rec, tok);
+ }
break;
case AUE_SETPRIVEXEC:
- tok = au_to_arg32(1, "flag", ar->ar_arg_value);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_VALUE)) {
+ tok = au_to_arg32(1, "flag", ar->ar_arg_value);
+ kau_write(rec, tok);
+ }
break;
/* AUE_SHMAT, AUE_SHMCTL, AUE_SHMDT and AUE_SHMGET are SysV IPC */
case AUE_SHMAT:
- tok = au_to_arg32(1, "shmid", ar->ar_arg_svipc_id);
- kau_write(rec, tok);
- tok = au_to_arg32(2, "shmaddr", (int)ar->ar_arg_svipc_addr);
- kau_write(rec, tok);
- if (ARG_IS_VALID(kar, ARG_SVIPC_PERM)) {
+ if (ARG_IS_VALID(kar, ARG_SVIPC_ID)) {
+ tok = au_to_arg32(1, "shmid", ar->ar_arg_svipc_id);
+ kau_write(rec, tok);
+ /* XXXAUDIT: Does having the ipc token make sense? */
tok = au_to_ipc(AT_IPC_SHM, ar->ar_arg_svipc_id);
kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_SVIPC_ADDR)) {
+ tok = au_to_arg32(2, "shmaddr",
+ (int)ar->ar_arg_svipc_addr);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_SVIPC_PERM)) {
tok = au_to_ipc_perm(&ar->ar_arg_svipc_perm);
kau_write(rec, tok);
}
break;
case AUE_SHMCTL:
- tok = au_to_arg32(1, "shmid", ar->ar_arg_svipc_id);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_SVIPC_ID)) {
+ tok = au_to_arg32(1, "shmid", ar->ar_arg_svipc_id);
+ kau_write(rec, tok);
+ /* XXXAUDIT: Does having the ipc token make sense? */
+ tok = au_to_ipc(AT_IPC_SHM, ar->ar_arg_svipc_id);
+ kau_write(rec, tok);
+ }
switch (ar->ar_arg_svipc_cmd) {
case IPC_STAT:
ar->ar_event = AUE_SHMCTL_STAT;
- if (ARG_IS_VALID(kar, ARG_SVIPC_PERM)) {
- tok = au_to_ipc(AT_IPC_SHM,
- ar->ar_arg_svipc_id);
- kau_write(rec, tok);
- }
break;
case IPC_RMID:
ar->ar_event = AUE_SHMCTL_RMID;
- if (ARG_IS_VALID(kar, ARG_SVIPC_PERM)) {
- tok = au_to_ipc(AT_IPC_SHM,
- ar->ar_arg_svipc_id);
- kau_write(rec, tok);
- }
break;
case IPC_SET:
ar->ar_event = AUE_SHMCTL_SET;
if (ARG_IS_VALID(kar, ARG_SVIPC_PERM)) {
- tok = au_to_ipc(AT_IPC_SHM,
- ar->ar_arg_svipc_id);
- kau_write(rec, tok);
tok = au_to_ipc_perm(&ar->ar_arg_svipc_perm);
kau_write(rec, tok);
- }
+ }
break;
default:
break; /* We will audit a bad command */
@@ -939,17 +1082,22 @@
break;
case AUE_SHMDT:
- tok = au_to_arg32(1, "shmaddr", (int)ar->ar_arg_svipc_addr);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_SVIPC_ADDR)) {
+ tok = au_to_arg32(1, "shmaddr",
+ (int)ar->ar_arg_svipc_addr);
+ kau_write(rec, tok);
+ }
break;
case AUE_SHMGET:
/* This is unusual; the return value is in an argument token */
- tok = au_to_arg32(0, "shmid", ar->ar_arg_svipc_id);
- kau_write(rec, tok);
- if (ARG_IS_VALID(kar, ARG_SVIPC_PERM)) {
+ if (ARG_IS_VALID(kar, ARG_SVIPC_ID)) {
+ tok = au_to_arg32(0, "shmid", ar->ar_arg_svipc_id);
+ kau_write(rec, tok);
tok = au_to_ipc(AT_IPC_SHM, ar->ar_arg_svipc_id);
kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_SVIPC_PERM)) {
tok = au_to_ipc_perm(&ar->ar_arg_svipc_perm);
kau_write(rec, tok);
}
@@ -958,10 +1106,14 @@
/* AUE_SHMOPEN, AUE_SHMUNLINK, AUE_SEMOPEN, AUE_SEMCLOSE
* and AUE_SEMUNLINK are Posix IPC */
case AUE_SHMOPEN:
- tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
- kau_write(rec, tok);
- tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_SVIPC_ADDR)) {
+ tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_MODE)) {
+ tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
+ kau_write(rec, tok);
+ }
case AUE_SHMUNLINK:
if (ARG_IS_VALID(kar, ARG_TEXT)) {
tok = au_to_text(ar->ar_arg_text);
@@ -983,12 +1135,18 @@
break;
case AUE_SEMOPEN:
- tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
- kau_write(rec, tok);
- tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
- kau_write(rec, tok);
- tok = au_to_arg32(4, "value", ar->ar_arg_value);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_FFLAGS)) {
+ tok = au_to_arg32(2, "flags", ar->ar_arg_fflags);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_MODE)) {
+ tok = au_to_arg32(3, "mode", ar->ar_arg_mode);
+ kau_write(rec, tok);
+ }
+ if (ARG_IS_VALID(kar, ARG_VALUE)) {
+ tok = au_to_arg32(4, "value", ar->ar_arg_value);
+ kau_write(rec, tok);
+ }
/* fall through */
case AUE_SEMUNLINK:
if (ARG_IS_VALID(kar, ARG_TEXT)) {
@@ -1011,8 +1169,10 @@
break;
case AUE_SEMCLOSE:
- tok = au_to_arg32(1, "sem", ar->ar_arg_fd);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_FD)) {
+ tok = au_to_arg32(1, "sem", ar->ar_arg_fd);
+ kau_write(rec, tok);
+ }
break;
case AUE_SYMLINK:
@@ -1041,15 +1201,19 @@
break;
case AUE_UMASK:
- tok = au_to_arg32(1, "new mask", ar->ar_arg_mask);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_MASK)) {
+ tok = au_to_arg32(1, "new mask", ar->ar_arg_mask);
+ kau_write(rec, tok);
+ }
tok = au_to_arg32(0, "prev mask", ar->ar_retval);
kau_write(rec, tok);
break;
case AUE_WAIT4:
- tok = au_to_arg32(0, "pid", ar->ar_arg_pid);
- kau_write(rec, tok);
+ if (ARG_IS_VALID(kar, ARG_PID)) {
+ tok = au_to_arg32(0, "pid", ar->ar_arg_pid);
+ kau_write(rec, tok);
+ }
break;
default: /* We shouldn't fall through to here. */
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list