Attachment #137127 for bug #182521

View | Details | Raw Unified | Return to bug 182521
Collapse All | Expand All




	u_int32_t	egid;
	u_int32_t	ruid;
	u_int32_t	rgid;
	u_int32_t	lwpid;
	u_int32_t	pid;
	u_int32_t	sid;
	au_tid32_t	tid;

	u_int32_t	egid;
	u_int32_t	ruid;
	u_int32_t	rgid;
	u_int32_t	lwpid;
	u_int32_t	pid;
	u_int32_t	sid;
	au_tid64_t	tid;

	u_int32_t	egid;
	u_int32_t	ruid;
	u_int32_t	rgid;
	u_int32_t	lwpid;
	u_int32_t	pid;
	u_int32_t	sid;
	au_tidaddr32_t	tid;

	u_int32_t	egid;
	u_int32_t	ruid;
	u_int32_t	rgid;
	u_int32_t	lwpid;
	u_int32_t	pid;
	u_int32_t	sid;
	au_tidaddr64_t	tid;

 * XXXRW: In Apple's bsm-8, these are marked __APPLE_API_PRIVATE.
 */
int	audit_write_success(short event_code, token_t *misctok, au_id_t auid,
	    uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, lwpid_t lwpid, 
	    pid_t pid, au_asid_t sid, au_tid_t *tid);

/*
 * audit_write_success_self()

 */
int	audit_write_failure(short event_code, char *errmsg, int errret,
	    au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
	    lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid);

/*
 * audit_write_failure_self()

 * XXXRW: In Apple's bsm-8, these are marked __APPLE_API_PRIVATE.
 */
int	audit_write_failure_na(short event_code, char *errmsg, int errret,
	    uid_t euid, gid_t egid, lwpid_t lwpid, pid_t pid, au_tid_t *tid);

/* END au_write() WRAPPERS */


Lines 44-49 Link Here

(-)src/contrib/openbsm/libauditd/auditd_lib.c (-1 / +5 lines)
44		44
45	#include <sys/stat.h>	45	#include <sys/stat.h>
46	#include <sys/time.h>	46	#include <sys/time.h>
		47	#include <sys/thr.h>
47		48
48	#include <netinet/in.h>	49	#include <netinet/in.h>
49		50
Lines 943-952 Link Here
943	int aufd;	944	int aufd;
944	uid_t uid;	945	uid_t uid;
945	pid_t pid;	946	pid_t pid;
		947	long lwpid = -1;
946	char *autext = NULL;	948	char *autext = NULL;
947	token_t *tok;	949	token_t *tok;
948	struct auditinfo_addr aia;	950	struct auditinfo_addr aia;
949		951
		952	thr_self(&lwpid);
		953
950	if (event == AUE_audit_startup)	954	if (event == AUE_audit_startup)
951	asprintf(&autext, "%s::Audit startup", getprogname());	955	asprintf(&autext, "%s::Audit startup", getprogname());
952	else if (event == AUE_audit_shutdown)	956	else if (event == AUE_audit_shutdown)
Lines 965-971 Link Here
965	bzero(&aia, sizeof(aia));	969	bzero(&aia, sizeof(aia));
966	uid = getuid(); pid = getpid();	970	uid = getuid(); pid = getpid();
967	if ((tok = au_to_subject32_ex(uid, geteuid(), getegid(), uid, getgid(),	971	if ((tok = au_to_subject32_ex(uid, geteuid(), getegid(), uid, getgid(),
968	pid, pid, &aia.ai_termid)) != NULL)	972	(lwpid_t)lwpid, pid, pid, &aia.ai_termid)) != NULL)
969	au_write(aufd, tok);	973	au_write(aufd, tok);
970	if ((tok = au_to_text(autext)) != NULL)	974	if ((tok = au_to_text(autext)) != NULL)
971	au_write(aufd, tok);	975	au_write(aufd, tok);




			fprintf(fp, "<socket-inet6 ");

		case AUT_SUBJECT32:
			fprintf(fp, "<subject type=\"32\" ");
			break;

		case AUT_SUBJECT64:
			fprintf(fp, "<subject type=\"64\" ");
			break;

		case AUT_SUBJECT32_EX:
			fprintf(fp, "<subject type=\"32_ex\" ");
			break;

		case AUT_SUBJECT64_EX:
			fprintf(fp, "<subject type=\"64_ex\" ");
			break;

		case AUT_TEXT:

	if (err)
		return (-1);

	READ_TOKEN_U_INT32(buf, len, tok->tt.subj32.lwpid, tok->len, err);
	if (err)
		return (-1);

	READ_TOKEN_U_INT32(buf, len, tok->tt.subj32.pid, tok->len, err);
	if (err)
		return (-1);

		open_attr(fp, "rgid");
		print_group(fp, tok->tt.subj32.rgid, raw);
		close_attr(fp);
		open_attr(fp, "lwpid");
		print_user(fp, tok->tt.subj32.lwpid, raw);
		close_attr(fp);
		open_attr(fp,"pid");
		print_4_bytes(fp, tok->tt.subj32.pid, "%u");
		close_attr(fp);

		print_delim(fp, del);
		print_group(fp, tok->tt.subj32.rgid, raw);
		print_delim(fp, del);
		print_4_bytes(fp, tok->tt.subj32.lwpid, "%u");
		print_delim(fp, del);
		print_4_bytes(fp, tok->tt.subj32.pid, "%u");
		print_delim(fp, del);
		print_4_bytes(fp, tok->tt.subj32.sid, "%u");

	if (err)
		return (-1);

	READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.lwpid, tok->len, err);
	if (err)
		return (-1);

	READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.pid, tok->len, err);
	if (err)
		return (-1);

		open_attr(fp, "rgid");
		print_group(fp, tok->tt.subj64.rgid, raw);
		close_attr(fp);
		open_attr(fp, "lwpid");
		print_4_bytes(fp, tok->tt.subj64.lwpid, "%u");
		close_attr(fp);
		open_attr(fp, "pid");
		print_4_bytes(fp, tok->tt.subj64.pid, "%u");
		close_attr(fp);

		print_delim(fp, del);
		print_group(fp, tok->tt.subj64.rgid, raw);
		print_delim(fp, del);
		print_4_bytes(fp, tok->tt.subj64.lwpid, "%u");
		print_delim(fp, del);
		print_4_bytes(fp, tok->tt.subj64.pid, "%u");
		print_delim(fp, del);
		print_4_bytes(fp, tok->tt.subj64.sid, "%u");

	if (err)
		return (-1);

	READ_TOKEN_U_INT32(buf, len, tok->tt.subj32_ex.lwpid, tok->len, err);
	if (err)
		return (-1);

	READ_TOKEN_U_INT32(buf, len, tok->tt.subj32_ex.pid, tok->len, err);
	if (err)
		return (-1);

		open_attr(fp, "rgid");
		print_group(fp, tok->tt.subj32_ex.rgid, raw);
		close_attr(fp);
		open_attr(fp, "lwpid");
		print_4_bytes(fp, tok->tt.subj32_ex.lwpid, "%u");
		close_attr(fp);
		open_attr(fp, "pid");
		print_4_bytes(fp, tok->tt.subj32_ex.pid, "%u");
		close_attr(fp);

		print_delim(fp, del);
		print_group(fp, tok->tt.subj32_ex.rgid, raw);
		print_delim(fp, del);
		print_4_bytes(fp, tok->tt.subj32_ex.lwpid, "%u");
		print_delim(fp, del);
		print_4_bytes(fp, tok->tt.subj32_ex.pid, "%u");
		print_delim(fp, del);
		print_4_bytes(fp, tok->tt.subj32_ex.sid, "%u");

	if (err)
		return (-1);

	READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.lwpid, tok->len, err);
	if (err)
		return (-1);

	READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.pid, tok->len, err);
	if (err)
		return (-1);

		open_attr(fp, "rgid");
		print_group(fp, tok->tt.subj64_ex.rgid, raw);
		close_attr(fp);
		open_attr(fp, "lwpid");
		print_4_bytes(fp, tok->tt.subj64_ex.lwpid, "%u");
		close_attr(fp);
		open_attr(fp, "pid");
		print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u");
		close_attr(fp);

		print_delim(fp, del);
		print_group(fp, tok->tt.subj64_ex.rgid, raw);
		print_delim(fp, del);
		print_4_bytes(fp, tok->tt.subj64_ex.lwpid, "%u");
		print_delim(fp, del);
		print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u");
		print_delim(fp, del);
		print_4_bytes(fp, tok->tt.subj64_ex.sid, "%u");




#include <sys/socket.h>
#include <sys/time.h>
#include <sys/un.h>
#include <sys/thr.h>

#include <sys/ipc.h>


#include <bsm/audit_internal.h>
#include <bsm/libbsm.h>


#define	GET_TOKEN_AREA(t, dptr, length) do {				\
	(t) = malloc(sizeof(token_t));					\
	if ((t) != NULL) {						\

 */
token_t *
au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
    lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid)
{
	token_t *t;
	u_char *dptr = NULL;

	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * sizeof(u_int32_t));
	if (t == NULL)
		return (NULL);


	ADD_U_INT32(dptr, egid);
	ADD_U_INT32(dptr, ruid);
	ADD_U_INT32(dptr, rgid);
	ADD_U_INT32(dptr, lwpid);
	ADD_U_INT32(dptr, pid);
	ADD_U_INT32(dptr, sid);
	ADD_U_INT32(dptr, tid->port);


token_t *
au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
    lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid)
{
	token_t *t;
	u_char *dptr = NULL;

	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 8 * sizeof(u_int32_t) +
	    sizeof(u_int64_t) + sizeof(u_int32_t));
	if (t == NULL)
		return (NULL);

	ADD_U_INT32(dptr, egid);
	ADD_U_INT32(dptr, ruid);
	ADD_U_INT32(dptr, rgid);
	ADD_U_INT32(dptr, lwpid);
	ADD_U_INT32(dptr, pid);
	ADD_U_INT32(dptr, sid);
	ADD_U_INT64(dptr, tid->port);


token_t *
au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
    lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid)
{

	return (au_to_subject32(auid, euid, egid, ruid, rgid, lwpid, pid, 
	    sid, tid));
}

/*

 */
token_t *
au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
    gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
{
	token_t *t;
	u_char *dptr = NULL;

	if (tid->at_type == AU_IPv4)
		GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 11 *
		    sizeof(u_int32_t));
	else if (tid->at_type == AU_IPv6)
		GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 14 *
		    sizeof(u_int32_t));
	else {
		errno = EINVAL;

	ADD_U_INT32(dptr, egid);
	ADD_U_INT32(dptr, ruid);
	ADD_U_INT32(dptr, rgid);
	ADD_U_INT32(dptr, lwpid);
	ADD_U_INT32(dptr, pid);
	ADD_U_INT32(dptr, sid);
	ADD_U_INT32(dptr, tid->at_port);


token_t *
au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
    gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
{
	token_t *t;
	u_char *dptr = NULL;

	if (tid->at_type == AU_IPv4)
		GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
		    8 * sizeof(u_int32_t) + sizeof(u_int64_t) +
		    2 * sizeof(u_int32_t));
	else if (tid->at_type == AU_IPv6)
		GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
		    8 * sizeof(u_int32_t) + sizeof(u_int64_t) +
		    5 * sizeof(u_int32_t));
	else {
		errno = EINVAL;

	ADD_U_INT32(dptr, egid);
	ADD_U_INT32(dptr, ruid);
	ADD_U_INT32(dptr, rgid);
	ADD_U_INT32(dptr, lwpid);
	ADD_U_INT32(dptr, pid);
	ADD_U_INT32(dptr, sid);
	ADD_U_INT64(dptr, tid->at_port);


token_t *
au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
    gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
{

	return (au_to_subject32_ex(auid, euid, egid, ruid, rgid, lwpid, pid, 
	    sid, tid));
}

#if !defined(_KERNEL) && !defined(KERNEL) && defined(HAVE_AUDIT_SYSCALLS)

{
	auditinfo_t auinfo;
	auditinfo_addr_t aia;
	long lwpid = -1;

	thr_self(&lwpid);

	/*
	 * Try to use getaudit_addr(2) first.  If this kernel does not support

			if (getaudit(&auinfo) != 0)
				return (NULL);
			return (au_to_subject32(auinfo.ai_auid, geteuid(),
				getegid(), getuid(), getgid(), (lwpid_t)lwpid,
				getpid(), auinfo.ai_asid, &auinfo.ai_termid));
		} else {
			/* getaudit_addr(2) failed for some other reason. */
			return (NULL); 

	} 

	return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(),
		getgid(), (lwpid_t)lwpid, getpid(), aia.ai_asid, 
		&aia.ai_termid));
}
#endif





#endif

#include <sys/sysctl.h>
#include <sys/thr.h>

#include <bsm/libbsm.h>


	int acond;
	va_list ap;
	pid_t pid;
	long lwpid = -1;
	int error, afd, subj_ex;
	struct auditinfo ai;
	struct auditinfo_addr aia;

	if (aia.ai_termid.at_type == AU_IPv6)
		subj_ex = 1;
	pid = getpid();
	thr_self(&lwpid);
	if (subj_ex == 0) {
		atid.port = aia.ai_termid.at_port;
		atid.machine = aia.ai_termid.at_addr[0];
		token = au_to_subject32(auid, geteuid(), getegid(),
		    getuid(), getgid(), (lwpid_t)lwpid, pid, pid, &atid);
	} else
		token = au_to_subject_ex(auid, geteuid(), getegid(),
		    getuid(), getgid(), (lwpid_t)lwpid, pid, pid, 
		    &aia.ai_termid);
	if (token == NULL) {
		syslog(LOG_AUTH | LOG_ERR,
		    "audit: unable to build subject token");

 */
int
audit_write_success(short event_code, token_t *tok, au_id_t auid, uid_t euid,
    gid_t egid, uid_t ruid, gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid,
    au_tid_t *tid)
{
	char *func = "audit_write_success()";
	token_t *subject = NULL;

	/* Tokenize and save subject. */
	subject = au_to_subject32(auid, euid, egid, ruid, rgid, lwpid, pid, sid,
	    tid);
	if (subject == NULL) {
		syslog(LOG_ERR, "%s: au_to_subject32() failed", func);

 */
int
audit_write_failure(short event_code, char *errmsg, int errcode, au_id_t auid,
    uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, lwpid_t lwpid, pid_t pid, 
    au_asid_t sid, au_tid_t *tid)
{
	char *func = "audit_write_failure()";
	token_t *subject, *errtok;

	subject = au_to_subject32(auid, euid, egid, ruid, rgid, lwpid, pid, 
		sid, tid);
	if (subject == NULL) {
		syslog(LOG_ERR, "%s: au_to_subject32() failed", func);
		return (kAUMakeSubjectTokErr);

 */
int
audit_write_failure_na(short event_code, char *errmsg, int errret, uid_t euid,
    uid_t egid, lwpid_t lwpid, pid_t pid, au_tid_t *tid)
{

	return (audit_write_failure(event_code, errmsg, errret, -1, euid,
	    egid, -1, -1, lwpid, pid, -1, tid));
}

/* END OF au_write() WRAPPERS */




token_t	*au_to_sock_inet128(struct sockaddr_in6 *so);
token_t	*au_to_sock_unix(struct sockaddr_un *so);
token_t	*au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
	    gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid);
token_t	*au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
	    gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid);
token_t	*au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
	    gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid);
token_t	*au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
	    gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
token_t	*au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
	    gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
token_t	*au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
	    gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
#if defined(_KERNEL) || defined(KERNEL)
token_t	*au_to_exec_args(char *args, int argc);
token_t	*au_to_exec_env(char *envs, int envc);

Lines 318-323 Link Here

(-)src/sys/kern/kern_thr.c (+2 lines)
318	PROC_LOCK(p);	318	PROC_LOCK(p);
319	racct_sub(p, RACCT_NTHR, 1);	319	racct_sub(p, RACCT_NTHR, 1);
320		320
		321	AUDIT_ARG_PROCESS(p);
		322
321	/*	323	/*
322	* Shutting down last thread in the proc. This will actually	324	* Shutting down last thread in the proc. This will actually
323	* call exit() in the trampoline when it returns.	325	* call exit() in the trampoline when it returns.





#include <net/vnet.h>

#include <security/audit/audit.h>
#include <security/mac/mac_framework.h>

#include <vm/uma.h>

	if (valsize > len)
		sopt->sopt_valsize = valsize = len;

	/* This if block indicates a request coming from userland. */
	if (sopt->sopt_td != NULL)
	{
		int ret = copyin(sopt->sopt_val, buf, valsize);

		/* Unfortunately, there's no AUDIT_ARG_*() macro that can be used 
 		 * to copy arbitrary buffers in audit records. However, we can use
 		 * the following switch-case to catch some common valsize values.
 		 */
		switch(valsize)
		{
			case 1:
				AUDIT_ARG_VALUE(*(int8_t *)buf);
				break;
			case 2:
				AUDIT_ARG_VALUE(*(int16_t *)buf);
				break;
			case 4:
				AUDIT_ARG_VALUE(*(int32_t *)buf);
				break;
		}
		return (ret);
	}

	bcopy(sopt->sopt_val, buf, valsize);
	return (0);

Lines 240-245 Link Here

(-)src/sys/kern/uipc_syscalls.c (+14 lines)
240	int error;	240	int error;
241		241
242	AUDIT_ARG_FD(fd);	242	AUDIT_ARG_FD(fd);
		243	AUDIT_ARG_SOCKADDR(td, sa);
243	error = getsock_cap(td->td_proc->p_fd, fd, CAP_BIND, &fp, NULL);	244	error = getsock_cap(td->td_proc->p_fd, fd, CAP_BIND, &fp, NULL);
244	if (error)	245	if (error)
245	return (error);	246	return (error);
Lines 440-445 Link Here
440	(void) fo_ioctl(nfp, FIOASYNC, &tmp, td->td_ucred, td);	441	(void) fo_ioctl(nfp, FIOASYNC, &tmp, td->td_ucred, td);
441	sa = 0;	442	sa = 0;
442	error = soaccept(so, &sa);	443	error = soaccept(so, &sa);
		444	if (sa)
		445	AUDIT_ARG_SOCKADDR(td, sa);
		446
443	if (error) {	447	if (error) {
444	/*	448	/*
445	* return a namelen of zero for older code which might	449	* return a namelen of zero for older code which might
Lines 549-554 Link Here
549	int interrupted = 0;	553	int interrupted = 0;
550		554
551	AUDIT_ARG_FD(fd);	555	AUDIT_ARG_FD(fd);
		556	AUDIT_ARG_SOCKADDR(td, sa);
552	error = getsock_cap(td->td_proc->p_fd, fd, CAP_CONNECT, &fp, NULL);	557	error = getsock_cap(td->td_proc->p_fd, fd, CAP_CONNECT, &fp, NULL);
553	if (error)	558	if (error)
554	return (error);	559	return (error);
Lines 1349-1357 Link Here
1349	}	1354	}
1350		1355
1351	AUDIT_ARG_FD(s);	1356	AUDIT_ARG_FD(s);
		1357	/* There are no specific AUDIT_ARG_*() macros for setsockopt(), but we
		1358	* can use AUDIT_ARG_VALUE() and AUDIT_ARG_CMD().
		1359	*/
		1360	AUDIT_ARG_CMD(((level & 0xffff) << 16) \| (name & 0xffff));
1352	error = getsock_cap(td->td_proc->p_fd, s, CAP_SETSOCKOPT, &fp, NULL);	1361	error = getsock_cap(td->td_proc->p_fd, s, CAP_SETSOCKOPT, &fp, NULL);
1353	if (error == 0) {	1362	if (error == 0) {
1354	so = fp->f_data;	1363	so = fp->f_data;
		1364	/* To audit the option itself we need to issue a copyin(). Postpone
		1365	* that until sooptcopyin() is called.
		1366	*/
1355	error = sosetopt(so, &sopt);	1367	error = sosetopt(so, &sopt);
1356	fdrop(fp, td);	1368	fdrop(fp, td);
1357	}	1369	}
Lines 1428-1433 Link Here
1428	}	1440	}
1429		1441
1430	AUDIT_ARG_FD(s);	1442	AUDIT_ARG_FD(s);
		1443	/* See kern_setsockopt() above... */
		1444	AUDIT_ARG_CMD(((level & 0xffff) << 16) \| (name & 0xffff));
1431	error = getsock_cap(td->td_proc->p_fd, s, CAP_GETSOCKOPT, &fp, NULL);	1445	error = getsock_cap(td->td_proc->p_fd, s, CAP_GETSOCKOPT, &fp, NULL);
1432	if (error == 0) {	1446	if (error == 0) {
1433	so = fp->f_data;	1447	so = fp->f_data;

Lines 220-225 Link Here

(-)src/sys/security/audit/audit.c (+5 lines)
220	ar->k_ar.ar_magic = AUDIT_RECORD_MAGIC;	220	ar->k_ar.ar_magic = AUDIT_RECORD_MAGIC;
221	nanotime(&ar->k_ar.ar_starttime);	221	nanotime(&ar->k_ar.ar_starttime);
222		222
		223	/* I think this is the most appropriate place to initialize k_uthread
		224	* which otherwise remains unused.
		225	*/
		226	ar->k_uthread = (struct uthread *)td;
		227
223	/*	228	/*
224	* Export the subject credential.	229	* Export the subject credential.
225	*/	230	*/

Lines 191-196 Link Here

(-)src/sys/security/audit/audit.h (+5 lines)
191	audit_arg_fd((fd)); \	191	audit_arg_fd((fd)); \
192	} while (0)	192	} while (0)
193		193
		194	#define AUDIT_ARG_SOCKADDR(td, sa) do { \
		195	if (AUDITING_TD(curthread)) \
		196	audit_arg_sockaddr((td), (sa)); \
		197	} while(0)
		198
194	#define AUDIT_ARG_FILE(p, fp) do { \	199	#define AUDIT_ARG_FILE(p, fp) do { \
195	if (AUDITING_TD(curthread)) \	200	if (AUDITING_TD(curthread)) \
196	audit_arg_file((p), (fp)); \	201	audit_arg_file((p), (fp)); \




#include <sys/fcntl.h>
#include <sys/user.h>
#include <sys/systm.h>
#include <sys/proc.h>

#include <bsm/audit.h>
#include <bsm/audit_internal.h>

		    ar->ar_subj_egid,	/* eff group id */
		    ar->ar_subj_ruid,	/* real uid */
		    ar->ar_subj_rgid,	/* real group id */
		    ((struct thread *)kar->k_uthread)->td_tid,
		    ar->ar_subj_pid,	/* process id */
		    ar->ar_subj_asid,	/* session ID */
		    &tid);

		    ar->ar_subj_egid,
		    ar->ar_subj_ruid,
		    ar->ar_subj_rgid,
		    ((struct thread *)kar->k_uthread)->td_tid,
		    ar->ar_subj_pid,
		    ar->ar_subj_asid,
		    &ar->ar_subj_term_addr);

		    ar->ar_subj_egid,
		    ar->ar_subj_ruid,
		    ar->ar_subj_rgid,
		    ((struct thread *)kar->k_uthread)->td_tid,
		    ar->ar_subj_pid,
		    ar->ar_subj_asid,
		    &tid);

			kau_write(rec, tok);
			UPATH1_TOKENS;
		}
		/* XXX: I think it would be better to modify au_to_sock_inet() 
 		 * rather than calling au_to_sock_inet128() directly here. 
 		 */
		if (ARG_IS_VALID(kar, ARG_SADDRINET6)) {
			tok = au_to_sock_inet128((struct sockaddr_in6 *)
			    &ar->ar_arg_sockaddr);
			kau_write(rec, tok);
		}
		break;

	case AUE_SOCKET:

		break;

	case AUE_SETSOCKOPT:
		if (ARG_IS_VALID(kar, ARG_FD)) {
			tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
			kau_write(rec, tok);
		}
		if (ARG_IS_VALID(kar, ARG_CMD)) {
			tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd);
			kau_write(rec, tok);
		}
		if (ARG_IS_VALID(kar, ARG_VALUE)) {
			tok = au_to_arg32(3, "value", ar->ar_arg_value);
			kau_write(rec, tok);
		}
		break;

	case AUE_SHUTDOWN:
		if (ARG_IS_VALID(kar, ARG_FD)) {
			tok = au_to_arg32(1, "fd", ar->ar_arg_fd);

Lines 1003-1009 Link Here

(-)src/sys/security/audit/audit_bsm_token.c (-17 / +25 lines)
1003	ADD_U_CHAR(dptr, 0);	1003	ADD_U_CHAR(dptr, 0);
1004	ADD_U_CHAR(dptr, so->sin6_family);	1004	ADD_U_CHAR(dptr, so->sin6_family);
1005		1005
1006	ADD_U_INT16(dptr, so->sin6_port);	1006	/* No, it should be ADD_MEM() instead, otherwise AF_INET6 related
		1007	* tokens, get a port number with reversed endianness.
		1008	*/
		1009	/* ADD_U_INT16(dptr, so->sin6_port); */
		1010	ADD_MEM(dptr, &so->sin6_port, sizeof(uint16_t));
1007	ADD_MEM(dptr, &so->sin6_addr, 4 * sizeof(uint32_t));	1011	ADD_MEM(dptr, &so->sin6_addr, 4 * sizeof(uint32_t));
1008		1012
1009	return (t);	1013	return (t);
Lines 1031-1042 Link Here
1031	*/	1035	*/
1032	token_t *	1036	token_t *
1033	au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,	1037	au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
1034	pid_t pid, au_asid_t sid, au_tid_t *tid)	1038	lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid)
1035	{	1039	{
1036	token_t *t;	1040	token_t *t;
1037	u_char *dptr = NULL;	1041	u_char *dptr = NULL;
1038		1042
1039	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t));	1043	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * sizeof(u_int32_t));
1040		1044
1041	ADD_U_CHAR(dptr, AUT_SUBJECT32);	1045	ADD_U_CHAR(dptr, AUT_SUBJECT32);
1042	ADD_U_INT32(dptr, auid);	1046	ADD_U_INT32(dptr, auid);
Lines 1044-1049 Link Here
1044	ADD_U_INT32(dptr, egid);	1048	ADD_U_INT32(dptr, egid);
1045	ADD_U_INT32(dptr, ruid);	1049	ADD_U_INT32(dptr, ruid);
1046	ADD_U_INT32(dptr, rgid);	1050	ADD_U_INT32(dptr, rgid);
		1051	ADD_U_INT32(dptr, lwpid);
1047	ADD_U_INT32(dptr, pid);	1052	ADD_U_INT32(dptr, pid);
1048	ADD_U_INT32(dptr, sid);	1053	ADD_U_INT32(dptr, sid);
1049	ADD_U_INT32(dptr, tid->port);	1054	ADD_U_INT32(dptr, tid->port);
Lines 1054-1065 Link Here
1054		1059
1055	token_t *	1060	token_t *
1056	au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,	1061	au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
1057	pid_t pid, au_asid_t sid, au_tid_t *tid)	1062	lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid)
1058	{	1063	{
1059	token_t *t;	1064	token_t *t;
1060	u_char *dptr = NULL;	1065	u_char *dptr = NULL;
1061		1066
1062	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) +	1067	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 8 * sizeof(u_int32_t) +
1063	sizeof(u_int64_t) + sizeof(u_int32_t));	1068	sizeof(u_int64_t) + sizeof(u_int32_t));
1064		1069
1065	ADD_U_CHAR(dptr, AUT_SUBJECT64);	1070	ADD_U_CHAR(dptr, AUT_SUBJECT64);
Lines 1068-1073 Link Here
1068	ADD_U_INT32(dptr, egid);	1073	ADD_U_INT32(dptr, egid);
1069	ADD_U_INT32(dptr, ruid);	1074	ADD_U_INT32(dptr, ruid);
1070	ADD_U_INT32(dptr, rgid);	1075	ADD_U_INT32(dptr, rgid);
		1076	ADD_U_INT32(dptr, lwpid);
1071	ADD_U_INT32(dptr, pid);	1077	ADD_U_INT32(dptr, pid);
1072	ADD_U_INT32(dptr, sid);	1078	ADD_U_INT32(dptr, sid);
1073	ADD_U_INT64(dptr, tid->port);	1079	ADD_U_INT64(dptr, tid->port);
Lines 1078-1088 Link Here
1078		1084
1079	token_t *	1085	token_t *
1080	au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,	1086	au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
1081	pid_t pid, au_asid_t sid, au_tid_t *tid)	1087	lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid)
1082	{	1088	{
1083		1089
1084	return (au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid,	1090	return (au_to_subject32(auid, euid, egid, ruid, rgid, lwpid, pid,
1085	tid));	1091	sid, tid));
1086	}	1092	}
1087		1093
1088	/*	1094	/*
Lines 1101-1107 Link Here
1101	*/	1107	*/
1102	token_t *	1108	token_t *
1103	au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,	1109	au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
1104	gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)	1110	gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
1105	{	1111	{
1106	token_t *t;	1112	token_t *t;
1107	u_char *dptr = NULL;	1113	u_char *dptr = NULL;
Lines 1110-1119 Link Here
1110	("au_to_subject32_ex: type %u", (unsigned int)tid->at_type));	1116	("au_to_subject32_ex: type %u", (unsigned int)tid->at_type));
1111		1117
1112	if (tid->at_type == AU_IPv4)	1118	if (tid->at_type == AU_IPv4)
1113	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 *	1119	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 11 *
1114	sizeof(u_int32_t));	1120	sizeof(u_int32_t));
1115	else	1121	else
1116	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 *	1122	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 14 *
1117	sizeof(u_int32_t));	1123	sizeof(u_int32_t));
1118		1124
1119	ADD_U_CHAR(dptr, AUT_SUBJECT32_EX);	1125	ADD_U_CHAR(dptr, AUT_SUBJECT32_EX);
Lines 1122-1127 Link Here
1122	ADD_U_INT32(dptr, egid);	1128	ADD_U_INT32(dptr, egid);
1123	ADD_U_INT32(dptr, ruid);	1129	ADD_U_INT32(dptr, ruid);
1124	ADD_U_INT32(dptr, rgid);	1130	ADD_U_INT32(dptr, rgid);
		1131	ADD_U_INT32(dptr, lwpid);
1125	ADD_U_INT32(dptr, pid);	1132	ADD_U_INT32(dptr, pid);
1126	ADD_U_INT32(dptr, sid);	1133	ADD_U_INT32(dptr, sid);
1127	ADD_U_INT32(dptr, tid->at_port);	1134	ADD_U_INT32(dptr, tid->at_port);
Lines 1136-1142 Link Here
1136		1143
1137	token_t *	1144	token_t *
1138	au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,	1145	au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
1139	gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)	1146	gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
1140	{	1147	{
1141	token_t *t;	1148	token_t *t;
1142	u_char *dptr = NULL;	1149	u_char *dptr = NULL;
Lines 1146-1156 Link Here
1146		1153
1147	if (tid->at_type == AU_IPv4)	1154	if (tid->at_type == AU_IPv4)
1148	GET_TOKEN_AREA(t, dptr, sizeof(u_char) +	1155	GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
1149	7 * sizeof(u_int32_t) + sizeof(u_int64_t) +	1156	8 * sizeof(u_int32_t) + sizeof(u_int64_t) +
1150	2 * sizeof(u_int32_t));	1157	2 * sizeof(u_int32_t));
1151	else	1158	else
1152	GET_TOKEN_AREA(t, dptr, sizeof(u_char) +	1159	GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
1153	7 * sizeof(u_int32_t) + sizeof(u_int64_t) +	1160	8 * sizeof(u_int32_t) + sizeof(u_int64_t) +
1154	5 * sizeof(u_int32_t));	1161	5 * sizeof(u_int32_t));
1155		1162
1156	ADD_U_CHAR(dptr, AUT_SUBJECT64_EX);	1163	ADD_U_CHAR(dptr, AUT_SUBJECT64_EX);
Lines 1159-1164 Link Here
1159	ADD_U_INT32(dptr, egid);	1166	ADD_U_INT32(dptr, egid);
1160	ADD_U_INT32(dptr, ruid);	1167	ADD_U_INT32(dptr, ruid);
1161	ADD_U_INT32(dptr, rgid);	1168	ADD_U_INT32(dptr, rgid);
		1169	ADD_U_INT32(dptr, lwpid);
1162	ADD_U_INT32(dptr, pid);	1170	ADD_U_INT32(dptr, pid);
1163	ADD_U_INT32(dptr, sid);	1171	ADD_U_INT32(dptr, sid);
1164	ADD_U_INT64(dptr, tid->at_port);	1172	ADD_U_INT64(dptr, tid->at_port);
Lines 1173-1183 Link Here
1173		1181
1174	token_t *	1182	token_t *
1175	au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,	1183	au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
1176	gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)	1184	gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
1177	{	1185	{
1178		1186
1179	return (au_to_subject32_ex(auid, euid, egid, ruid, rgid, pid, sid,	1187	return (au_to_subject32_ex(auid, euid, egid, ruid, rgid, lwpid, pid,
1180	tid));	1188	sid, tid));
1181	}	1189	}
1182		1190
1183	#if !defined(_KERNEL) && !defined(KERNEL) && defined(HAVE_AUDIT_SYSCALLS)	1191	#if !defined(_KERNEL) && !defined(KERNEL) && defined(HAVE_AUDIT_SYSCALLS)

Lines 35-40 Link Here

(-)src/usr.bin/login/login_audit.c (-6 / +16 lines)
35	__FBSDID("$FreeBSD: release/9.0.0/usr.bin/login/login_audit.c 191297 2009-04-19 23:34:22Z rwatson $");	35	__FBSDID("$FreeBSD: release/9.0.0/usr.bin/login/login_audit.c 191297 2009-04-19 23:34:22Z rwatson $");
36		36
37	#include <sys/types.h>	37	#include <sys/types.h>
		38	#include <sys/thr.h>
38		39
39	#include <bsm/libbsm.h>	40	#include <bsm/libbsm.h>
40	#include <bsm/audit_uevents.h>	41	#include <bsm/audit_uevents.h>
Lines 67-74 Link Here
67	uid_t uid = pwd->pw_uid;	68	uid_t uid = pwd->pw_uid;
68	gid_t gid = pwd->pw_gid;	69	gid_t gid = pwd->pw_gid;
69	pid_t pid = getpid();	70	pid_t pid = getpid();
		71	long lwpid = -1;
70	int au_cond;	72	int au_cond;
71		73
		74	thr_self(&lwpid);
		75
72	/* If we are not auditing, don't cut an audit record; just return. */	76	/* If we are not auditing, don't cut an audit record; just return. */
73	if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) {	77	if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) {
74	if (errno == ENOSYS)	78	if (errno == ENOSYS)
Lines 93-100 Link Here
93	if ((aufd = au_open()) == -1)	97	if ((aufd = au_open()) == -1)
94	errx(1,"login: Audit Error: au_open() failed");	98	errx(1,"login: Audit Error: au_open() failed");
95		99
96	if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid, pid,	100	if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid,
97	pid, &tid)) == NULL)	101	(lwpid_t)lwpid, pid, pid, &tid)) == NULL)
98	errx(1, "login: Audit Error: au_to_subject32() failed");	102	errx(1, "login: Audit Error: au_to_subject32() failed");
99	au_write(aufd, tok);	103	au_write(aufd, tok);
100		104
Lines 119-124 Link Here
119	uid_t uid;	123	uid_t uid;
120	gid_t gid;	124	gid_t gid;
121	pid_t pid = getpid();	125	pid_t pid = getpid();
		126	long lwpid = -1;
		127
		128	thr_self(&lwpid);
122		129
123	/* If we are not auditing, don't cut an audit record; just return. */	130	/* If we are not auditing, don't cut an audit record; just return. */
124	if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) {	131	if (auditon(A_GETCOND, &au_cond, sizeof(au_cond)) < 0) {
Lines 138-151 Link Here
138	* within a user's session => auid,asid == -1.	145	* within a user's session => auid,asid == -1.
139	*/	146	*/
140	if ((tok = au_to_subject32(-1, geteuid(), getegid(), -1, -1,	147	if ((tok = au_to_subject32(-1, geteuid(), getegid(), -1, -1,
141	pid, -1, &tid)) == NULL)	148	(lwpid_t)lwpid, pid, -1, &tid)) == NULL)
142	errx(1, "login: Audit Error: au_to_subject32() failed");	149	errx(1, "login: Audit Error: au_to_subject32() failed");
143	} else {	150	} else {
144	/* We know the subject -- so use its value instead. */	151	/* We know the subject -- so use its value instead. */
145	uid = pwd->pw_uid;	152	uid = pwd->pw_uid;
146	gid = pwd->pw_gid;	153	gid = pwd->pw_gid;
147	if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid,	154	if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid,
148	gid, pid, pid, &tid)) == NULL)	155	gid, (lwpid_t)lwpid, pid, pid, &tid)) == NULL)
149	errx(1, "login: Audit Error: au_to_subject32() failed");	156	errx(1, "login: Audit Error: au_to_subject32() failed");
150	}	157	}
151	au_write(aufd, tok);	158	au_write(aufd, tok);
Lines 175-182 Link Here
175	uid_t uid = pwd->pw_uid;	182	uid_t uid = pwd->pw_uid;
176	gid_t gid = pwd->pw_gid;	183	gid_t gid = pwd->pw_gid;
177	pid_t pid = getpid();	184	pid_t pid = getpid();
		185	long lwpid = -1;
178	int au_cond;	186	int au_cond;
179		187
		188	thr_self(&lwpid);
		189
180	/* If we are not auditing, don't cut an audit record; just return. */	190	/* If we are not auditing, don't cut an audit record; just return. */
181	if (auditon(A_GETCOND, &au_cond, sizeof(int)) < 0) {	191	if (auditon(A_GETCOND, &au_cond, sizeof(int)) < 0) {
182	if (errno == ENOSYS)	192	if (errno == ENOSYS)
Lines 190-197 Link Here
190	errx(1, "login: Audit Error: au_open() failed");	200	errx(1, "login: Audit Error: au_open() failed");
191		201
192	/* The subject that is created (euid, egid of the current process). */	202	/* The subject that is created (euid, egid of the current process). */
193	if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid, pid,	203	if ((tok = au_to_subject32(uid, geteuid(), getegid(), uid, gid,
194	pid, &tid)) == NULL)	204	(lwpid_t)lwpid, pid, pid, &tid)) == NULL)
195	errx(1, "login: Audit Error: au_to_subject32() failed");	205	errx(1, "login: Audit Error: au_to_subject32() failed");
196	au_write(aufd, tok);	206	au_write(aufd, tok);

Return to bug 182521

Lines 601-606 Link Here

(-)src/contrib/openbsm/bsm/libbsm.h (-4 / +8 lines)
601	u_int32_t egid;	601	u_int32_t egid;
602	u_int32_t ruid;	602	u_int32_t ruid;
603	u_int32_t rgid;	603	u_int32_t rgid;
		604	u_int32_t lwpid;
604	u_int32_t pid;	605	u_int32_t pid;
605	u_int32_t sid;	606	u_int32_t sid;
606	au_tid32_t tid;	607	au_tid32_t tid;
Lines 612-617 Link Here
612	u_int32_t egid;	613	u_int32_t egid;
613	u_int32_t ruid;	614	u_int32_t ruid;
614	u_int32_t rgid;	615	u_int32_t rgid;
		616	u_int32_t lwpid;
615	u_int32_t pid;	617	u_int32_t pid;
616	u_int32_t sid;	618	u_int32_t sid;
617	au_tid64_t tid;	619	au_tid64_t tid;
Lines 636-641 Link Here
636	u_int32_t egid;	638	u_int32_t egid;
637	u_int32_t ruid;	639	u_int32_t ruid;
638	u_int32_t rgid;	640	u_int32_t rgid;
		641	u_int32_t lwpid;
639	u_int32_t pid;	642	u_int32_t pid;
640	u_int32_t sid;	643	u_int32_t sid;
641	au_tidaddr32_t tid;	644	au_tidaddr32_t tid;
Lines 647-652 Link Here
647	u_int32_t egid;	650	u_int32_t egid;
648	u_int32_t ruid;	651	u_int32_t ruid;
649	u_int32_t rgid;	652	u_int32_t rgid;
		653	u_int32_t lwpid;
650	u_int32_t pid;	654	u_int32_t pid;
651	u_int32_t sid;	655	u_int32_t sid;
652	au_tidaddr64_t tid;	656	au_tidaddr64_t tid;
Lines 1088-1095 Link Here
1088	* XXXRW: In Apple's bsm-8, these are marked __APPLE_API_PRIVATE.	1092	* XXXRW: In Apple's bsm-8, these are marked __APPLE_API_PRIVATE.
1089	*/	1093	*/
1090	int audit_write_success(short event_code, token_t *misctok, au_id_t auid,	1094	int audit_write_success(short event_code, token_t *misctok, au_id_t auid,
1091	uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid,	1095	uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, lwpid_t lwpid,
1092	au_asid_t sid, au_tid_t *tid);	1096	pid_t pid, au_asid_t sid, au_tid_t *tid);
1093		1097
1094	/*	1098	/*
1095	* audit_write_success_self()	1099	* audit_write_success_self()
Lines 1158-1164 Link Here
1158	*/	1162	*/
1159	int audit_write_failure(short event_code, char *errmsg, int errret,	1163	int audit_write_failure(short event_code, char *errmsg, int errret,
1160	au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,	1164	au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
1161	pid_t pid, au_asid_t sid, au_tid_t *tid);	1165	lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid);
1162		1166
1163	/*	1167	/*
1164	* audit_write_failure_self()	1168	* audit_write_failure_self()
Lines 1215-1221 Link Here
1215	* XXXRW: In Apple's bsm-8, these are marked __APPLE_API_PRIVATE.	1219	* XXXRW: In Apple's bsm-8, these are marked __APPLE_API_PRIVATE.
1216	*/	1220	*/
1217	int audit_write_failure_na(short event_code, char *errmsg, int errret,	1221	int audit_write_failure_na(short event_code, char *errmsg, int errret,
1218	uid_t euid, gid_t egid, pid_t pid, au_tid_t *tid);	1222	uid_t euid, gid_t egid, lwpid_t lwpid, pid_t pid, au_tid_t *tid);
1219		1223
1220	/* END au_write() WRAPPERS */	1224	/* END au_write() WRAPPERS */
1221		1225

Lines 544-562 Link Here

(-)src/contrib/openbsm/libbsm/bsm_io.c (-4 / +40 lines)
544	fprintf(fp, "<socket-inet6 ");	544	fprintf(fp, "<socket-inet6 ");
545		545
546	case AUT_SUBJECT32:	546	case AUT_SUBJECT32:
547	fprintf(fp, "<subject ");	547	fprintf(fp, "<subject type=\"32\" ");
548	break;	548	break;
549		549
550	case AUT_SUBJECT64:	550	case AUT_SUBJECT64:
551	fprintf(fp, "<subject ");	551	fprintf(fp, "<subject type=\"64\" ");
552	break;	552	break;
553		553
554	case AUT_SUBJECT32_EX:	554	case AUT_SUBJECT32_EX:
555	fprintf(fp, "<subject ");	555	fprintf(fp, "<subject type=\"32_ex\" ");
556	break;	556	break;
557		557
558	case AUT_SUBJECT64_EX:	558	case AUT_SUBJECT64_EX:
559	fprintf(fp, "<subject ");	559	fprintf(fp, "<subject type=\"64_ex\" ");
560	break;	560	break;
561		561
562	case AUT_TEXT:	562	case AUT_TEXT:
Lines 3340-3345 Link Here
3340	if (err)	3340	if (err)
3341	return (-1);	3341	return (-1);
3342		3342
		3343	READ_TOKEN_U_INT32(buf, len, tok->tt.subj32.lwpid, tok->len, err);
		3344	if (err)
		3345	return (-1);
		3346
3343	READ_TOKEN_U_INT32(buf, len, tok->tt.subj32.pid, tok->len, err);	3347	READ_TOKEN_U_INT32(buf, len, tok->tt.subj32.pid, tok->len, err);
3344	if (err)	3348	if (err)
3345	return (-1);	3349	return (-1);
Lines 3382-3387 Link Here
3382	open_attr(fp, "rgid");	3386	open_attr(fp, "rgid");
3383	print_group(fp, tok->tt.subj32.rgid, raw);	3387	print_group(fp, tok->tt.subj32.rgid, raw);
3384	close_attr(fp);	3388	close_attr(fp);
		3389	open_attr(fp, "lwpid");
		3390	print_user(fp, tok->tt.subj32.lwpid, raw);
		3391	close_attr(fp);
3385	open_attr(fp,"pid");	3392	open_attr(fp,"pid");
3386	print_4_bytes(fp, tok->tt.subj32.pid, "%u");	3393	print_4_bytes(fp, tok->tt.subj32.pid, "%u");
3387	close_attr(fp);	3394	close_attr(fp);
Lines 3405-3410 Link Here
3405	print_delim(fp, del);	3412	print_delim(fp, del);
3406	print_group(fp, tok->tt.subj32.rgid, raw);	3413	print_group(fp, tok->tt.subj32.rgid, raw);
3407	print_delim(fp, del);	3414	print_delim(fp, del);
		3415	print_4_bytes(fp, tok->tt.subj32.lwpid, "%u");
		3416	print_delim(fp, del);
3408	print_4_bytes(fp, tok->tt.subj32.pid, "%u");	3417	print_4_bytes(fp, tok->tt.subj32.pid, "%u");
3409	print_delim(fp, del);	3418	print_delim(fp, del);
3410	print_4_bytes(fp, tok->tt.subj32.sid, "%u");	3419	print_4_bytes(fp, tok->tt.subj32.sid, "%u");
Lines 3452-3457 Link Here
3452	if (err)	3461	if (err)
3453	return (-1);	3462	return (-1);
3454		3463
		3464	READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.lwpid, tok->len, err);
		3465	if (err)
		3466	return (-1);
		3467
3455	READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.pid, tok->len, err);	3468	READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.pid, tok->len, err);
3456	if (err)	3469	if (err)
3457	return (-1);	3470	return (-1);
Lines 3494-3499 Link Here
3494	open_attr(fp, "rgid");	3507	open_attr(fp, "rgid");
3495	print_group(fp, tok->tt.subj64.rgid, raw);	3508	print_group(fp, tok->tt.subj64.rgid, raw);
3496	close_attr(fp);	3509	close_attr(fp);
		3510	open_attr(fp, "lwpid");
		3511	print_4_bytes(fp, tok->tt.subj64.lwpid, "%u");
		3512	close_attr(fp);
3497	open_attr(fp, "pid");	3513	open_attr(fp, "pid");
3498	print_4_bytes(fp, tok->tt.subj64.pid, "%u");	3514	print_4_bytes(fp, tok->tt.subj64.pid, "%u");
3499	close_attr(fp);	3515	close_attr(fp);
Lines 3517-3522 Link Here
3517	print_delim(fp, del);	3533	print_delim(fp, del);
3518	print_group(fp, tok->tt.subj64.rgid, raw);	3534	print_group(fp, tok->tt.subj64.rgid, raw);
3519	print_delim(fp, del);	3535	print_delim(fp, del);
		3536	print_4_bytes(fp, tok->tt.subj64.lwpid, "%u");
		3537	print_delim(fp, del);
3520	print_4_bytes(fp, tok->tt.subj64.pid, "%u");	3538	print_4_bytes(fp, tok->tt.subj64.pid, "%u");
3521	print_delim(fp, del);	3539	print_delim(fp, del);
3522	print_4_bytes(fp, tok->tt.subj64.sid, "%u");	3540	print_4_bytes(fp, tok->tt.subj64.sid, "%u");
Lines 3565-3570 Link Here
3565	if (err)	3583	if (err)
3566	return (-1);	3584	return (-1);
3567		3585
		3586	READ_TOKEN_U_INT32(buf, len, tok->tt.subj32_ex.lwpid, tok->len, err);
		3587	if (err)
		3588	return (-1);
		3589
3568	READ_TOKEN_U_INT32(buf, len, tok->tt.subj32_ex.pid, tok->len, err);	3590	READ_TOKEN_U_INT32(buf, len, tok->tt.subj32_ex.pid, tok->len, err);
3569	if (err)	3591	if (err)
3570	return (-1);	3592	return (-1);
Lines 3621-3626 Link Here
3621	open_attr(fp, "rgid");	3643	open_attr(fp, "rgid");
3622	print_group(fp, tok->tt.subj32_ex.rgid, raw);	3644	print_group(fp, tok->tt.subj32_ex.rgid, raw);
3623	close_attr(fp);	3645	close_attr(fp);
		3646	open_attr(fp, "lwpid");
		3647	print_4_bytes(fp, tok->tt.subj32_ex.lwpid, "%u");
		3648	close_attr(fp);
3624	open_attr(fp, "pid");	3649	open_attr(fp, "pid");
3625	print_4_bytes(fp, tok->tt.subj32_ex.pid, "%u");	3650	print_4_bytes(fp, tok->tt.subj32_ex.pid, "%u");
3626	close_attr(fp);	3651	close_attr(fp);
Lines 3645-3650 Link Here
3645	print_delim(fp, del);	3670	print_delim(fp, del);
3646	print_group(fp, tok->tt.subj32_ex.rgid, raw);	3671	print_group(fp, tok->tt.subj32_ex.rgid, raw);
3647	print_delim(fp, del);	3672	print_delim(fp, del);
		3673	print_4_bytes(fp, tok->tt.subj32_ex.lwpid, "%u");
		3674	print_delim(fp, del);
3648	print_4_bytes(fp, tok->tt.subj32_ex.pid, "%u");	3675	print_4_bytes(fp, tok->tt.subj32_ex.pid, "%u");
3649	print_delim(fp, del);	3676	print_delim(fp, del);
3650	print_4_bytes(fp, tok->tt.subj32_ex.sid, "%u");	3677	print_4_bytes(fp, tok->tt.subj32_ex.sid, "%u");
Lines 3694-3699 Link Here
3694	if (err)	3721	if (err)
3695	return (-1);	3722	return (-1);
3696		3723
		3724	READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.lwpid, tok->len, err);
		3725	if (err)
		3726	return (-1);
		3727
3697	READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.pid, tok->len, err);	3728	READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.pid, tok->len, err);
3698	if (err)	3729	if (err)
3699	return (-1);	3730	return (-1);
Lines 3749-3754 Link Here
3749	open_attr(fp, "rgid");	3780	open_attr(fp, "rgid");
3750	print_group(fp, tok->tt.subj64_ex.rgid, raw);	3781	print_group(fp, tok->tt.subj64_ex.rgid, raw);
3751	close_attr(fp);	3782	close_attr(fp);
		3783	open_attr(fp, "lwpid");
		3784	print_4_bytes(fp, tok->tt.subj64_ex.lwpid, "%u");
		3785	close_attr(fp);
3752	open_attr(fp, "pid");	3786	open_attr(fp, "pid");
3753	print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u");	3787	print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u");
3754	close_attr(fp);	3788	close_attr(fp);
Lines 3773-3778 Link Here
3773	print_delim(fp, del);	3807	print_delim(fp, del);
3774	print_group(fp, tok->tt.subj64_ex.rgid, raw);	3808	print_group(fp, tok->tt.subj64_ex.rgid, raw);
3775	print_delim(fp, del);	3809	print_delim(fp, del);
		3810	print_4_bytes(fp, tok->tt.subj64_ex.lwpid, "%u");
		3811	print_delim(fp, del);
3776	print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u");	3812	print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u");
3777	print_delim(fp, del);	3813	print_delim(fp, del);
3778	print_4_bytes(fp, tok->tt.subj64_ex.sid, "%u");	3814	print_4_bytes(fp, tok->tt.subj64_ex.sid, "%u");

Lines 59-64 Link Here

(-)src/contrib/openbsm/libbsm/bsm_token.c (-19 / +29 lines)
59	#include <sys/socket.h>	59	#include <sys/socket.h>
60	#include <sys/time.h>	60	#include <sys/time.h>
61	#include <sys/un.h>	61	#include <sys/un.h>
		62	#include <sys/thr.h>
62		63
63	#include <sys/ipc.h>	64	#include <sys/ipc.h>
64		65
Lines 75-80 Link Here
75	#include <bsm/audit_internal.h>	76	#include <bsm/audit_internal.h>
76	#include <bsm/libbsm.h>	77	#include <bsm/libbsm.h>
77		78
		79
78	#define GET_TOKEN_AREA(t, dptr, length) do { \	80	#define GET_TOKEN_AREA(t, dptr, length) do { \
79	(t) = malloc(sizeof(token_t)); \	81	(t) = malloc(sizeof(token_t)); \
80	if ((t) != NULL) { \	82	if ((t) != NULL) { \
Lines 1102-1113 Link Here
1102	*/	1104	*/
1103	token_t *	1105	token_t *
1104	au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,	1106	au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
1105	pid_t pid, au_asid_t sid, au_tid_t *tid)	1107	lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid)
1106	{	1108	{
1107	token_t *t;	1109	token_t *t;
1108	u_char *dptr = NULL;	1110	u_char *dptr = NULL;
1109		1111
1110	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 9 * sizeof(u_int32_t));	1112	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * sizeof(u_int32_t));
1111	if (t == NULL)	1113	if (t == NULL)
1112	return (NULL);	1114	return (NULL);
1113		1115
Lines 1117-1122 Link Here
1117	ADD_U_INT32(dptr, egid);	1119	ADD_U_INT32(dptr, egid);
1118	ADD_U_INT32(dptr, ruid);	1120	ADD_U_INT32(dptr, ruid);
1119	ADD_U_INT32(dptr, rgid);	1121	ADD_U_INT32(dptr, rgid);
		1122	ADD_U_INT32(dptr, lwpid);
1120	ADD_U_INT32(dptr, pid);	1123	ADD_U_INT32(dptr, pid);
1121	ADD_U_INT32(dptr, sid);	1124	ADD_U_INT32(dptr, sid);
1122	ADD_U_INT32(dptr, tid->port);	1125	ADD_U_INT32(dptr, tid->port);
Lines 1127-1138 Link Here
1127		1130
1128	token_t *	1131	token_t *
1129	au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,	1132	au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
1130	pid_t pid, au_asid_t sid, au_tid_t *tid)	1133	lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid)
1131	{	1134	{
1132	token_t *t;	1135	token_t *t;
1133	u_char *dptr = NULL;	1136	u_char *dptr = NULL;
1134		1137
1135	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 7 * sizeof(u_int32_t) +	1138	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 8 * sizeof(u_int32_t) +
1136	sizeof(u_int64_t) + sizeof(u_int32_t));	1139	sizeof(u_int64_t) + sizeof(u_int32_t));
1137	if (t == NULL)	1140	if (t == NULL)
1138	return (NULL);	1141	return (NULL);
Lines 1143-1148 Link Here
1143	ADD_U_INT32(dptr, egid);	1146	ADD_U_INT32(dptr, egid);
1144	ADD_U_INT32(dptr, ruid);	1147	ADD_U_INT32(dptr, ruid);
1145	ADD_U_INT32(dptr, rgid);	1148	ADD_U_INT32(dptr, rgid);
		1149	ADD_U_INT32(dptr, lwpid);
1146	ADD_U_INT32(dptr, pid);	1150	ADD_U_INT32(dptr, pid);
1147	ADD_U_INT32(dptr, sid);	1151	ADD_U_INT32(dptr, sid);
1148	ADD_U_INT64(dptr, tid->port);	1152	ADD_U_INT64(dptr, tid->port);
Lines 1153-1163 Link Here
1153		1157
1154	token_t *	1158	token_t *
1155	au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,	1159	au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
1156	pid_t pid, au_asid_t sid, au_tid_t *tid)	1160	lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid)
1157	{	1161	{
1158		1162
1159	return (au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid,	1163	return (au_to_subject32(auid, euid, egid, ruid, rgid, lwpid, pid,
1160	tid));	1164	sid, tid));
1161	}	1165	}
1162		1166
1163	/*	1167	/*
Lines 1176-1191 Link Here
1176	*/	1180	*/
1177	token_t *	1181	token_t *
1178	au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,	1182	au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
1179	gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)	1183	gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
1180	{	1184	{
1181	token_t *t;	1185	token_t *t;
1182	u_char *dptr = NULL;	1186	u_char *dptr = NULL;
1183		1187
1184	if (tid->at_type == AU_IPv4)	1188	if (tid->at_type == AU_IPv4)
1185	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 *	1189	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 11 *
1186	sizeof(u_int32_t));	1190	sizeof(u_int32_t));
1187	else if (tid->at_type == AU_IPv6)	1191	else if (tid->at_type == AU_IPv6)
1188	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 *	1192	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 14 *
1189	sizeof(u_int32_t));	1193	sizeof(u_int32_t));
1190	else {	1194	else {
1191	errno = EINVAL;	1195	errno = EINVAL;
Lines 1200-1205 Link Here
1200	ADD_U_INT32(dptr, egid);	1204	ADD_U_INT32(dptr, egid);
1201	ADD_U_INT32(dptr, ruid);	1205	ADD_U_INT32(dptr, ruid);
1202	ADD_U_INT32(dptr, rgid);	1206	ADD_U_INT32(dptr, rgid);
		1207	ADD_U_INT32(dptr, lwpid);
1203	ADD_U_INT32(dptr, pid);	1208	ADD_U_INT32(dptr, pid);
1204	ADD_U_INT32(dptr, sid);	1209	ADD_U_INT32(dptr, sid);
1205	ADD_U_INT32(dptr, tid->at_port);	1210	ADD_U_INT32(dptr, tid->at_port);
Lines 1214-1231 Link Here
1214		1219
1215	token_t *	1220	token_t *
1216	au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,	1221	au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
1217	gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)	1222	gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
1218	{	1223	{
1219	token_t *t;	1224	token_t *t;
1220	u_char *dptr = NULL;	1225	u_char *dptr = NULL;
1221		1226
1222	if (tid->at_type == AU_IPv4)	1227	if (tid->at_type == AU_IPv4)
1223	GET_TOKEN_AREA(t, dptr, sizeof(u_char) +	1228	GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
1224	7 * sizeof(u_int32_t) + sizeof(u_int64_t) +	1229	8 * sizeof(u_int32_t) + sizeof(u_int64_t) +
1225	2 * sizeof(u_int32_t));	1230	2 * sizeof(u_int32_t));
1226	else if (tid->at_type == AU_IPv6)	1231	else if (tid->at_type == AU_IPv6)
1227	GET_TOKEN_AREA(t, dptr, sizeof(u_char) +	1232	GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
1228	7 * sizeof(u_int32_t) + sizeof(u_int64_t) +	1233	8 * sizeof(u_int32_t) + sizeof(u_int64_t) +
1229	5 * sizeof(u_int32_t));	1234	5 * sizeof(u_int32_t));
1230	else {	1235	else {
1231	errno = EINVAL;	1236	errno = EINVAL;
Lines 1240-1245 Link Here
1240	ADD_U_INT32(dptr, egid);	1245	ADD_U_INT32(dptr, egid);
1241	ADD_U_INT32(dptr, ruid);	1246	ADD_U_INT32(dptr, ruid);
1242	ADD_U_INT32(dptr, rgid);	1247	ADD_U_INT32(dptr, rgid);
		1248	ADD_U_INT32(dptr, lwpid);
1243	ADD_U_INT32(dptr, pid);	1249	ADD_U_INT32(dptr, pid);
1244	ADD_U_INT32(dptr, sid);	1250	ADD_U_INT32(dptr, sid);
1245	ADD_U_INT64(dptr, tid->at_port);	1251	ADD_U_INT64(dptr, tid->at_port);
Lines 1254-1264 Link Here
1254		1260
1255	token_t *	1261	token_t *
1256	au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,	1262	au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
1257	gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)	1263	gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid)
1258	{	1264	{
1259		1265
1260	return (au_to_subject32_ex(auid, euid, egid, ruid, rgid, pid, sid,	1266	return (au_to_subject32_ex(auid, euid, egid, ruid, rgid, lwpid, pid,
1261	tid));	1267	sid, tid));
1262	}	1268	}
1263		1269
1264	#if !defined(_KERNEL) && !defined(KERNEL) && defined(HAVE_AUDIT_SYSCALLS)	1270	#if !defined(_KERNEL) && !defined(KERNEL) && defined(HAVE_AUDIT_SYSCALLS)
Lines 1271-1276 Link Here
1271	{	1277	{
1272	auditinfo_t auinfo;	1278	auditinfo_t auinfo;
1273	auditinfo_addr_t aia;	1279	auditinfo_addr_t aia;
		1280	long lwpid = -1;
		1281
		1282	thr_self(&lwpid);
1274		1283
1275	/*	1284	/*
1276	* Try to use getaudit_addr(2) first. If this kernel does not support	1285	* Try to use getaudit_addr(2) first. If this kernel does not support
Lines 1281-1288 Link Here
1281	if (getaudit(&auinfo) != 0)	1290	if (getaudit(&auinfo) != 0)
1282	return (NULL);	1291	return (NULL);
1283	return (au_to_subject32(auinfo.ai_auid, geteuid(),	1292	return (au_to_subject32(auinfo.ai_auid, geteuid(),
1284	getegid(), getuid(), getgid(), getpid(),	1293	getegid(), getuid(), getgid(), (lwpid_t)lwpid,
1285	auinfo.ai_asid, &auinfo.ai_termid));	1294	getpid(), auinfo.ai_asid, &auinfo.ai_termid));
1286	} else {	1295	} else {
1287	/* getaudit_addr(2) failed for some other reason. */	1296	/* getaudit_addr(2) failed for some other reason. */
1288	return (NULL);	1297	return (NULL);
Lines 1290-1296 Link Here
1290	}	1299	}
1291		1300
1292	return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(),	1301	return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(),
1293	getgid(), getpid(), aia.ai_asid, &aia.ai_termid));	1302	getgid(), (lwpid_t)lwpid, getpid(), aia.ai_asid,
		1303	&aia.ai_termid));
1294	}	1304	}
1295	#endif	1305	#endif
1296		1306

Lines 41-46 Link Here

(-)src/contrib/openbsm/libbsm/bsm_wrappers.c (-9 / +14 lines)
41	#endif	41	#endif
42		42
43	#include <sys/sysctl.h>	43	#include <sys/sysctl.h>
		44	#include <sys/thr.h>
44		45
45	#include <bsm/libbsm.h>	46	#include <bsm/libbsm.h>
46		47
Lines 66-71 Link Here
66	int acond;	67	int acond;
67	va_list ap;	68	va_list ap;
68	pid_t pid;	69	pid_t pid;
		70	long lwpid = -1;
69	int error, afd, subj_ex;	71	int error, afd, subj_ex;
70	struct auditinfo ai;	72	struct auditinfo ai;
71	struct auditinfo_addr aia;	73	struct auditinfo_addr aia;
Lines 134-147 Link Here
134	if (aia.ai_termid.at_type == AU_IPv6)	136	if (aia.ai_termid.at_type == AU_IPv6)
135	subj_ex = 1;	137	subj_ex = 1;
136	pid = getpid();	138	pid = getpid();
		139	thr_self(&lwpid);
137	if (subj_ex == 0) {	140	if (subj_ex == 0) {
138	atid.port = aia.ai_termid.at_port;	141	atid.port = aia.ai_termid.at_port;
139	atid.machine = aia.ai_termid.at_addr[0];	142	atid.machine = aia.ai_termid.at_addr[0];
140	token = au_to_subject32(auid, geteuid(), getegid(),	143	token = au_to_subject32(auid, geteuid(), getegid(),
141	getuid(), getgid(), pid, pid, &atid);	144	getuid(), getgid(), (lwpid_t)lwpid, pid, pid, &atid);
142	} else	145	} else
143	token = au_to_subject_ex(auid, geteuid(), getegid(),	146	token = au_to_subject_ex(auid, geteuid(), getegid(),
144	getuid(), getgid(), pid, pid, &aia.ai_termid);	147	getuid(), getgid(), (lwpid_t)lwpid, pid, pid,
		148	&aia.ai_termid);
145	if (token == NULL) {	149	if (token == NULL) {
146	syslog(LOG_AUTH \| LOG_ERR,	150	syslog(LOG_AUTH \| LOG_ERR,
147	"audit: unable to build subject token");	151	"audit: unable to build subject token");
Lines 351-364 Link Here
351	*/	355	*/
352	int	356	int
353	audit_write_success(short event_code, token_t *tok, au_id_t auid, uid_t euid,	357	audit_write_success(short event_code, token_t *tok, au_id_t auid, uid_t euid,
354	gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid,	358	gid_t egid, uid_t ruid, gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid,
355	au_tid_t *tid)	359	au_tid_t *tid)
356	{	360	{
357	char *func = "audit_write_success()";	361	char *func = "audit_write_success()";
358	token_t *subject = NULL;	362	token_t *subject = NULL;
359		363
360	/* Tokenize and save subject. */	364	/* Tokenize and save subject. */
361	subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid,	365	subject = au_to_subject32(auid, euid, egid, ruid, rgid, lwpid, pid, sid,
362	tid);	366	tid);
363	if (subject == NULL) {	367	if (subject == NULL) {
364	syslog(LOG_ERR, "%s: au_to_subject32() failed", func);	368	syslog(LOG_ERR, "%s: au_to_subject32() failed", func);
Lines 395-407 Link Here
395	*/	399	*/
396	int	400	int
397	audit_write_failure(short event_code, char *errmsg, int errcode, au_id_t auid,	401	audit_write_failure(short event_code, char *errmsg, int errcode, au_id_t auid,
398	uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid,	402	uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, lwpid_t lwpid, pid_t pid,
399	au_tid_t *tid)	403	au_asid_t sid, au_tid_t *tid)
400	{	404	{
401	char *func = "audit_write_failure()";	405	char *func = "audit_write_failure()";
402	token_t subject, errtok;	406	token_t subject, errtok;
403		407
404	subject = au_to_subject32(auid, euid, egid, ruid, rgid, pid, sid, tid);	408	subject = au_to_subject32(auid, euid, egid, ruid, rgid, lwpid, pid,
		409	sid, tid);
405	if (subject == NULL) {	410	if (subject == NULL) {
406	syslog(LOG_ERR, "%s: au_to_subject32() failed", func);	411	syslog(LOG_ERR, "%s: au_to_subject32() failed", func);
407	return (kAUMakeSubjectTokErr);	412	return (kAUMakeSubjectTokErr);
Lines 452-462 Link Here
452	*/	457	*/
453	int	458	int
454	audit_write_failure_na(short event_code, char *errmsg, int errret, uid_t euid,	459	audit_write_failure_na(short event_code, char *errmsg, int errret, uid_t euid,
455	uid_t egid, pid_t pid, au_tid_t *tid)	460	uid_t egid, lwpid_t lwpid, pid_t pid, au_tid_t *tid)
456	{	461	{
457		462
458	return (audit_write_failure(event_code, errmsg, errret, -1, euid,	463	return (audit_write_failure(event_code, errmsg, errret, -1, euid,
459	egid, -1, -1, pid, -1, tid));	464	egid, -1, -1, lwpid, pid, -1, tid));
460	}	465	}
461		466
462	/* END OF au_write() WRAPPERS */	467	/* END OF au_write() WRAPPERS */

Lines 258-274 Link Here

(-)src/sys/bsm/audit_record.h (-6 / +6 lines)
258	token_t au_to_sock_inet128(struct sockaddr_in6 so);	258	token_t au_to_sock_inet128(struct sockaddr_in6 so);
259	token_t au_to_sock_unix(struct sockaddr_un so);	259	token_t au_to_sock_unix(struct sockaddr_un so);
260	token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,	260	token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
261	gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);	261	gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid);
262	token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,	262	token_t *au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
263	gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);	263	gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid);
264	token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,	264	token_t *au_to_subject64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
265	gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);	265	gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_t *tid);
266	token_t *au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,	266	token_t *au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
267	gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);	267	gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
268	token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,	268	token_t *au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
269	gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);	269	gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
270	token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,	270	token_t *au_to_subject64_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
271	gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);	271	gid_t rgid, lwpid_t lwpid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
272	#if defined(_KERNEL) \|\| defined(KERNEL)	272	#if defined(_KERNEL) \|\| defined(KERNEL)
273	token_t au_to_exec_args(char args, int argc);	273	token_t au_to_exec_args(char args, int argc);
274	token_t au_to_exec_env(char envs, int envc);	274	token_t au_to_exec_env(char envs, int envc);

Lines 138-143 Link Here

(-)src/sys/kern/uipc_socket.c (-1 / +23 lines)
138		138
139	#include <net/vnet.h>	139	#include <net/vnet.h>
140		140
		141	#include <security/audit/audit.h>
141	#include <security/mac/mac_framework.h>	142	#include <security/mac/mac_framework.h>
142		143
143	#include <vm/uma.h>	144	#include <vm/uma.h>
Lines 2399-2406 Link Here
2399	if (valsize > len)	2400	if (valsize > len)
2400	sopt->sopt_valsize = valsize = len;	2401	sopt->sopt_valsize = valsize = len;
2401		2402
		2403	/* This if block indicates a request coming from userland. */
2402	if (sopt->sopt_td != NULL)	2404	if (sopt->sopt_td != NULL)
2403	return (copyin(sopt->sopt_val, buf, valsize));	2405	{
		2406	int ret = copyin(sopt->sopt_val, buf, valsize);
		2407
		2408	/* Unfortunately, there's no AUDIT_ARG_*() macro that can be used
		2409	* to copy arbitrary buffers in audit records. However, we can use
		2410	* the following switch-case to catch some common valsize values.
		2411	*/
		2412	switch(valsize)
		2413	{
		2414	case 1:
		2415	AUDIT_ARG_VALUE((int8_t )buf);
		2416	break;
		2417	case 2:
		2418	AUDIT_ARG_VALUE((int16_t )buf);
		2419	break;
		2420	case 4:
		2421	AUDIT_ARG_VALUE((int32_t )buf);
		2422	break;
		2423	}
		2424	return (ret);
		2425	}
2404		2426
2405	bcopy(sopt->sopt_val, buf, valsize);	2427	bcopy(sopt->sopt_val, buf, valsize);
2406	return (0);	2428	return (0);

Lines 41-46 Link Here

(-)src/sys/security/audit/audit_bsm.c (-1 / +26 lines)
41	#include <sys/fcntl.h>	41	#include <sys/fcntl.h>
42	#include <sys/user.h>	42	#include <sys/user.h>
43	#include <sys/systm.h>	43	#include <sys/systm.h>
		44	#include <sys/proc.h>
44		45
45	#include <bsm/audit.h>	46	#include <bsm/audit.h>
46	#include <bsm/audit_internal.h>	47	#include <bsm/audit_internal.h>
Lines 486-491 Link Here
486	ar->ar_subj_egid, /* eff group id */	487	ar->ar_subj_egid, /* eff group id */
487	ar->ar_subj_ruid, /* real uid */	488	ar->ar_subj_ruid, /* real uid */
488	ar->ar_subj_rgid, /* real group id */	489	ar->ar_subj_rgid, /* real group id */
		490	((struct thread *)kar->k_uthread)->td_tid,
489	ar->ar_subj_pid, /* process id */	491	ar->ar_subj_pid, /* process id */
490	ar->ar_subj_asid, /* session ID */	492	ar->ar_subj_asid, /* session ID */
491	&tid);	493	&tid);
Lines 496-501 Link Here
496	ar->ar_subj_egid,	498	ar->ar_subj_egid,
497	ar->ar_subj_ruid,	499	ar->ar_subj_ruid,
498	ar->ar_subj_rgid,	500	ar->ar_subj_rgid,
		501	((struct thread *)kar->k_uthread)->td_tid,
499	ar->ar_subj_pid,	502	ar->ar_subj_pid,
500	ar->ar_subj_asid,	503	ar->ar_subj_asid,
501	&ar->ar_subj_term_addr);	504	&ar->ar_subj_term_addr);
Lines 507-512 Link Here
507	ar->ar_subj_egid,	510	ar->ar_subj_egid,
508	ar->ar_subj_ruid,	511	ar->ar_subj_ruid,
509	ar->ar_subj_rgid,	512	ar->ar_subj_rgid,
		513	((struct thread *)kar->k_uthread)->td_tid,
510	ar->ar_subj_pid,	514	ar->ar_subj_pid,
511	ar->ar_subj_asid,	515	ar->ar_subj_asid,
512	&tid);	516	&tid);
Lines 548-554 Link Here
548	kau_write(rec, tok);	552	kau_write(rec, tok);
549	UPATH1_TOKENS;	553	UPATH1_TOKENS;
550	}	554	}
551	/* XXX Need to handle ARG_SADDRINET6 */	555	/* XXX: I think it would be better to modify au_to_sock_inet()
		556	* rather than calling au_to_sock_inet128() directly here.
		557	*/
		558	if (ARG_IS_VALID(kar, ARG_SADDRINET6)) {
		559	tok = au_to_sock_inet128((struct sockaddr_in6 *)
		560	&ar->ar_arg_sockaddr);
		561	kau_write(rec, tok);
		562	}
552	break;	563	break;
553		564
554	case AUE_SOCKET:	565	case AUE_SOCKET:
Lines 567-572 Link Here
567	break;	578	break;
568		579
569	case AUE_SETSOCKOPT:	580	case AUE_SETSOCKOPT:
		581	if (ARG_IS_VALID(kar, ARG_FD)) {
		582	tok = au_to_arg32(1, "fd", ar->ar_arg_fd);
		583	kau_write(rec, tok);
		584	}
		585	if (ARG_IS_VALID(kar, ARG_CMD)) {
		586	tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd);
		587	kau_write(rec, tok);
		588	}
		589	if (ARG_IS_VALID(kar, ARG_VALUE)) {
		590	tok = au_to_arg32(3, "value", ar->ar_arg_value);
		591	kau_write(rec, tok);
		592	}
		593	break;
		594
570	case AUE_SHUTDOWN:	595	case AUE_SHUTDOWN:
571	if (ARG_IS_VALID(kar, ARG_FD)) {	596	if (ARG_IS_VALID(kar, ARG_FD)) {
572	tok = au_to_arg32(1, "fd", ar->ar_arg_fd);	597	tok = au_to_arg32(1, "fd", ar->ar_arg_fd);