Date: Fri, 2 Dec 2005 02:24:26 GMT From: Wayne Salamon <wsalamon@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 87630 for review Message-ID: <200512020224.jB22OQQL005287@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=87630 Change 87630 by wsalamon@gretsch on 2005/12/02 02:23:53 Wrap the usage of audit arguments with conditionals to check that the argument was actually captured. Affected files ... .. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#30 edit Differences ... ==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_audit.c#30 (text+ko) ==== @@ -207,6 +207,10 @@ } while (0) #define FD_VNODE1_TOKENS do { \ + if (ARG_IS_VALID(kar, ARG_FD)) { \ + tok = au_to_arg32(1, "fd", ar->ar_arg_fd); \ + kau_write(rec, tok); \ + } \ if (ARG_IS_VALID(kar, ARG_VNODE1)) { \ tok = au_to_attr32(&ar->ar_arg_vnode1); \ kau_write(rec, tok); \ @@ -222,10 +226,8 @@ } \ } while (0) -/* - * XXXAUDIT: We read ar_arg_pid without testing that it is valid first. - */ #define PROCESS_PID_TOKENS(argn) do { \ + if (ARG_IS_VALID(kar, ARG_PID)) { \ if ((ar->ar_arg_pid > 0) /* Kill a single process */ \ && (ARG_IS_VALID(kar, ARG_PROCESS))) { \ tok = au_to_process(ar->ar_arg_auid, \ @@ -239,7 +241,8 @@ ar->ar_arg_pid); \ kau_write(rec, tok); \ } \ - } while (0) \ + } \ +} while (0) \ /* * Implement auditing for the auditon() system call. The audit tokens that @@ -399,8 +402,10 @@ case AUE_RECVMSG: case AUE_SENDMSG: case AUE_SENDTO: - tok = au_to_arg32(1, "fd", ar->ar_arg_fd); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_FD)) { + tok = au_to_arg32(1, "fd", ar->ar_arg_fd); + kau_write(rec, tok); + } if (ARG_IS_VALID(kar, ARG_SADDRINET)) { tok = au_to_sock_inet( (struct sockaddr_in *)&ar->ar_arg_sockaddr); @@ -417,18 +422,25 @@ case AUE_SOCKET: case AUE_SOCKETPAIR: - tok = au_to_arg32(1,"domain", ar->ar_arg_sockinfo.so_domain); - kau_write(rec, tok); - tok = au_to_arg32(2,"type", ar->ar_arg_sockinfo.so_type); - kau_write(rec, tok); - tok = au_to_arg32(3,"protocol",ar->ar_arg_sockinfo.so_protocol); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_SOCKINFO)) { + tok = au_to_arg32(1,"domain", + ar->ar_arg_sockinfo.so_domain); + kau_write(rec, tok); + tok = au_to_arg32(2,"type", + ar->ar_arg_sockinfo.so_type); + kau_write(rec, tok); + tok = au_to_arg32(3,"protocol", + ar->ar_arg_sockinfo.so_protocol); + kau_write(rec, tok); + } break; case AUE_SETSOCKOPT: case AUE_SHUTDOWN: - tok = au_to_arg32(1, "fd", ar->ar_arg_fd); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_FD)) { + tok = au_to_arg32(1, "fd", ar->ar_arg_fd); + kau_write(rec, tok); + } break; case AUE_ACCT: @@ -441,8 +453,10 @@ break; case AUE_SETAUID: - tok = au_to_arg32(2, "setauid", ar->ar_arg_auid); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_AUID)) { + tok = au_to_arg32(2, "setauid", ar->ar_arg_auid); + kau_write(rec, tok); + } break; case AUE_SETAUDIT: @@ -471,8 +485,10 @@ case AUE_AUDITON: /* For AUDITON commands without own event, audit the cmd */ - tok = au_to_arg32(1, "cmd", ar->ar_arg_cmd); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_CMD)) { + tok = au_to_arg32(1, "cmd", ar->ar_arg_cmd); + kau_write(rec, tok); + } /* fall thru */ case AUE_AUDITON_GETCAR: @@ -501,8 +517,11 @@ break; case AUE_EXIT: - tok = au_to_exit(ar->ar_arg_exitretval, ar->ar_arg_exitstatus); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_EXIT)) { + tok = au_to_exit(ar->ar_arg_exitretval, + ar->ar_arg_exitstatus); + kau_write(rec, tok); + } break; case AUE_ADJTIME: @@ -545,24 +564,32 @@ case AUE_CHFLAGS: case AUE_LCHFLAGS: - tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_FFLAGS)) { + tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); + kau_write(rec, tok); + } UPATH1_VNODE1_TOKENS; break; case AUE_CHMOD: case AUE_LCHMOD: - tok = au_to_arg32(2, "new file mode", ar->ar_arg_mode); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_MODE)) { + tok = au_to_arg32(2, "new file mode", ar->ar_arg_mode); + kau_write(rec, tok); + } UPATH1_VNODE1_TOKENS; break; case AUE_CHOWN: case AUE_LCHOWN: - tok = au_to_arg32(2, "new file uid", ar->ar_arg_uid); - kau_write(rec, tok); - tok = au_to_arg32(3, "new file gid", ar->ar_arg_gid); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_UID)) { + tok = au_to_arg32(2, "new file uid", ar->ar_arg_uid); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_GID)) { + tok = au_to_arg32(3, "new file gid", ar->ar_arg_gid); + kau_write(rec, tok); + } UPATH1_VNODE1_TOKENS; break; @@ -572,14 +599,18 @@ break; case AUE_CLOSE: - tok = au_to_arg32(2, "fd", ar->ar_arg_fd); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_FD)) { + tok = au_to_arg32(2, "fd", ar->ar_arg_fd); + kau_write(rec, tok); + } UPATH1_VNODE1_TOKENS; break; case AUE_FCHMOD: - tok = au_to_arg32(2, "new file mode", ar->ar_arg_mode); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_MODE)) { + tok = au_to_arg32(2, "new file mode", ar->ar_arg_mode); + kau_write(rec, tok); + } FD_VNODE1_TOKENS; break; @@ -595,73 +626,100 @@ break; case AUE_FCHOWN: - tok = au_to_arg32(2, "new file uid", ar->ar_arg_uid); - kau_write(rec, tok); - tok = au_to_arg32(3, "new file gid", ar->ar_arg_gid); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_UID)) { + tok = au_to_arg32(2, "new file uid", ar->ar_arg_uid); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_GID)) { + tok = au_to_arg32(3, "new file gid", ar->ar_arg_gid); + kau_write(rec, tok); + } FD_VNODE1_TOKENS; break; case AUE_FCNTL: if (ar->ar_arg_cmd == F_GETLK || ar->ar_arg_cmd == F_SETLK || ar->ar_arg_cmd == F_SETLKW) { - tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_CMD)) { + tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd); + kau_write(rec, tok); + } FD_VNODE1_TOKENS; } break; case AUE_FCHFLAGS: - tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_FFLAGS)) { + tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); + kau_write(rec, tok); + } FD_VNODE1_TOKENS; break; case AUE_FLOCK: - tok = au_to_arg32(2, "operation", ar->ar_arg_cmd); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_CMD)) { + tok = au_to_arg32(2, "operation", ar->ar_arg_cmd); + kau_write(rec, tok); + } FD_VNODE1_TOKENS; break; case AUE_RFORK: - tok = au_to_arg32(1, "flags", ar->ar_arg_fflags); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_FFLAGS)) { + tok = au_to_arg32(1, "flags", ar->ar_arg_fflags); + kau_write(rec, tok); + } /* fall through */ case AUE_FORK: case AUE_VFORK: - tok = au_to_arg32(0, "child PID", ar->ar_arg_pid); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_PID)) { + tok = au_to_arg32(0, "child PID", ar->ar_arg_pid); + kau_write(rec, tok); + } break; case AUE_IOCTL: - tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd); - kau_write(rec, tok); - tok = au_to_arg32(1, "arg", (u_int32_t)ar->ar_arg_addr); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_CMD)) { + tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_ADDR)) { + tok = au_to_arg32(1, "arg", (u_int32_t)ar->ar_arg_addr); + kau_write(rec, tok); + } if (ARG_IS_VALID(kar, ARG_VNODE1)) { FD_VNODE1_TOKENS; } else { if (ARG_IS_VALID(kar, ARG_SOCKINFO)) { - tok = kau_to_socket(&ar->ar_arg_sockinfo); - kau_write(rec, tok); + tok = kau_to_socket(&ar->ar_arg_sockinfo); + kau_write(rec, tok); } else { - tok = au_to_arg32(1, "fd", ar->ar_arg_fd); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_FD)) { + tok = au_to_arg32(1, "fd", + ar->ar_arg_fd); + kau_write(rec, tok); + } } } break; case AUE_KILL: - tok = au_to_arg32(2, "signal", ar->ar_arg_signum); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_SIGNUM)) { + tok = au_to_arg32(2, "signal", ar->ar_arg_signum); + kau_write(rec, tok); + } PROCESS_PID_TOKENS(1); break; case AUE_KTRACE: - tok = au_to_arg32(2, "ops", ar->ar_arg_cmd); - kau_write(rec, tok); - tok = au_to_arg32(3, "trpoints", ar->ar_arg_value); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_CMD)) { + tok = au_to_arg32(2, "ops", ar->ar_arg_cmd); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_VALUE)) { + tok = au_to_arg32(3, "trpoints", ar->ar_arg_value); + kau_write(rec, tok); + } PROCESS_PID_TOKENS(4); UPATH1_VNODE1_TOKENS; break; @@ -673,22 +731,31 @@ break; case AUE_LOADSHFILE: - tok = au_to_arg32(4, "base addr", (u_int32_t)ar->ar_arg_addr); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_ADDR)) { + tok = au_to_arg32(4, "base addr", + (u_int32_t)ar->ar_arg_addr); + kau_write(rec, tok); + } UPATH1_VNODE1_TOKENS; break; case AUE_MKDIR: - tok = au_to_arg32(2, "mode", ar->ar_arg_mode); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_MODE)) { + tok = au_to_arg32(2, "mode", ar->ar_arg_mode); + kau_write(rec, tok); + } UPATH1_VNODE1_TOKENS; break; case AUE_MKNOD: - tok = au_to_arg32(2, "mode", ar->ar_arg_mode); - kau_write(rec, tok); - tok = au_to_arg32(3, "dev", ar->ar_arg_dev); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_MODE)) { + tok = au_to_arg32(2, "mode", ar->ar_arg_mode); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_DEV)) { + tok = au_to_arg32(3, "dev", ar->ar_arg_dev); + kau_write(rec, tok); + } UPATH1_VNODE1_TOKENS; break; @@ -698,26 +765,39 @@ case AUE_MLOCK: case AUE_MUNLOCK: case AUE_MINHERIT: - tok = au_to_arg32(1, "addr", (u_int32_t)ar->ar_arg_addr); - kau_write(rec, tok); - tok = au_to_arg32(2, "len", ar->ar_arg_len); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_ADDR)) { + tok = au_to_arg32(1, "addr", + (u_int32_t)ar->ar_arg_addr); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_LEN)) { + tok = au_to_arg32(2, "len", ar->ar_arg_len); + kau_write(rec, tok); + } if (ar->ar_event == AUE_MMAP) FD_VNODE1_TOKENS; if (ar->ar_event == AUE_MPROTECT) { - tok = au_to_arg32(3, "protection", ar->ar_arg_value); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_VALUE)) { + tok = au_to_arg32(3, "protection", + ar->ar_arg_value); + kau_write(rec, tok); + } } if (ar->ar_event == AUE_MINHERIT) { - tok = au_to_arg32(3, "inherit", ar->ar_arg_value); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_VALUE)) { + tok = au_to_arg32(3, "inherit", + ar->ar_arg_value); + kau_write(rec, tok); + } } break; case AUE_MOUNT: /* XXX Need to handle NFS mounts */ - tok = au_to_arg32(3, "flags", ar->ar_arg_fflags); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_FFLAGS)) { + tok = au_to_arg32(3, "flags", ar->ar_arg_fflags); + kau_write(rec, tok); + } if (ARG_IS_VALID(kar, ARG_TEXT)) { tok = au_to_text(ar->ar_arg_text); kau_write(rec, tok); @@ -742,14 +822,20 @@ case AUE_MSGGET: if (ar->ar_errno == 0) { - tok = au_to_ipc(AT_IPC_MSG, ar->ar_arg_svipc_id); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_SVIPC_ID)) { + tok = au_to_ipc(AT_IPC_MSG, + ar->ar_arg_svipc_id); + kau_write(rec, tok); + } } break; case AUE_RESETSHFILE: - tok = au_to_arg32(1, "base addr", (u_int32_t)ar->ar_arg_addr); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_ADDR)) { + tok = au_to_arg32(1, "base addr", + (u_int32_t)ar->ar_arg_addr); + kau_write(rec, tok); + } break; case AUE_OPEN_RC: @@ -759,8 +845,10 @@ case AUE_OPEN_WC: case AUE_OPEN_WTC: /* case AUE_O_CREAT: */ /* AUE_O_CREAT == AUE_OPEN_RWTC */ - tok = au_to_arg32(3, "mode", ar->ar_arg_mode); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_MODE)) { + tok = au_to_arg32(3, "mode", ar->ar_arg_mode); + kau_write(rec, tok); + } /* fall through */ case AUE_OPEN_R: @@ -769,94 +857,143 @@ case AUE_OPEN_RWT: case AUE_OPEN_W: case AUE_OPEN_WT: - tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_FFLAGS)) { + tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); + kau_write(rec, tok); + } UPATH1_VNODE1_TOKENS; break; case AUE_PTRACE: - tok = au_to_arg32(1, "request", ar->ar_arg_cmd); - kau_write(rec, tok); - tok = au_to_arg32(3, "addr", (u_int32_t)ar->ar_arg_addr); - kau_write(rec, tok); - tok = au_to_arg32(4, "data", ar->ar_arg_value); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_CMD)) { + tok = au_to_arg32(1, "request", ar->ar_arg_cmd); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_ADDR)) { + tok = au_to_arg32(3, "addr", + (u_int32_t)ar->ar_arg_addr); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_VALUE)) { + tok = au_to_arg32(4, "data", ar->ar_arg_value); + kau_write(rec, tok); + } PROCESS_PID_TOKENS(2); break; case AUE_QUOTACTL: - tok = au_to_arg32(2, "command", ar->ar_arg_cmd); - kau_write(rec, tok); - tok = au_to_arg32(3, "uid", ar->ar_arg_uid); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_CMD)) { + tok = au_to_arg32(2, "command", ar->ar_arg_cmd); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_UID)) { + tok = au_to_arg32(3, "uid", ar->ar_arg_uid); + kau_write(rec, tok); + } UPATH1_VNODE1_TOKENS; break; case AUE_REBOOT: - tok = au_to_arg32(1, "howto", ar->ar_arg_cmd); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_CMD)) { + tok = au_to_arg32(1, "howto", ar->ar_arg_cmd); + kau_write(rec, tok); + } break; case AUE_SEMCTL: ar->ar_event = semctl_to_event(ar->ar_arg_svipc_cmd); /* Fall through */ case AUE_SEMOP: - tok = au_to_arg32(1, "sem ID", ar->ar_arg_svipc_id); - kau_write(rec, tok); - if (ar->ar_errno != EINVAL) { - tok = au_to_ipc(AT_IPC_SEM, ar->ar_arg_svipc_id); + if (ARG_IS_VALID(kar, ARG_SVIPC_ID)) { + tok = au_to_arg32(1, "sem ID", ar->ar_arg_svipc_id); kau_write(rec, tok); + if (ar->ar_errno != EINVAL) { + tok = au_to_ipc(AT_IPC_SEM, + ar->ar_arg_svipc_id); + kau_write(rec, tok); + } } break; case AUE_SEMGET: if (ar->ar_errno == 0) { - tok = au_to_ipc(AT_IPC_SEM, ar->ar_arg_svipc_id); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_SVIPC_ID)) { + tok = au_to_ipc(AT_IPC_SEM, + ar->ar_arg_svipc_id); + kau_write(rec, tok); + } } break; case AUE_SETEGID: - tok = au_to_arg32(1, "gid", ar->ar_arg_egid); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_EGID)) { + tok = au_to_arg32(1, "gid", ar->ar_arg_egid); + kau_write(rec, tok); + } break; case AUE_SETEUID: - tok = au_to_arg32(1, "uid", ar->ar_arg_euid); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_EUID)) { + tok = au_to_arg32(1, "uid", ar->ar_arg_euid); + kau_write(rec, tok); + } break; case AUE_SETREGID: - tok = au_to_arg32(1, "rgid", ar->ar_arg_rgid); - kau_write(rec, tok); - tok = au_to_arg32(2, "egid", ar->ar_arg_egid); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_RGID)) { + tok = au_to_arg32(1, "rgid", ar->ar_arg_rgid); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_EGID)) { + tok = au_to_arg32(2, "egid", ar->ar_arg_egid); + kau_write(rec, tok); + } break; case AUE_SETREUID: - tok = au_to_arg32(1, "ruid", ar->ar_arg_ruid); - kau_write(rec, tok); - tok = au_to_arg32(2, "euid", ar->ar_arg_euid); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_RUID)) { + tok = au_to_arg32(1, "ruid", ar->ar_arg_ruid); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_EUID)) { + tok = au_to_arg32(2, "euid", ar->ar_arg_euid); + kau_write(rec, tok); + } break; case AUE_SETRESGID: - tok = au_to_arg32(1, "rgid", ar->ar_arg_rgid); - kau_write(rec, tok); - tok = au_to_arg32(2, "egid", ar->ar_arg_egid); - kau_write(rec, tok); - tok = au_to_arg32(3, "sgid", ar->ar_arg_sgid); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_RGID)) { + tok = au_to_arg32(1, "rgid", ar->ar_arg_rgid); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_EGID)) { + tok = au_to_arg32(2, "egid", ar->ar_arg_egid); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_SGID)) { + tok = au_to_arg32(3, "sgid", ar->ar_arg_sgid); + kau_write(rec, tok); + } break; case AUE_SETRESUID: - tok = au_to_arg32(1, "ruid", ar->ar_arg_ruid); - kau_write(rec, tok); - tok = au_to_arg32(2, "euid", ar->ar_arg_euid); - kau_write(rec, tok); - tok = au_to_arg32(3, "suid", ar->ar_arg_suid); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_RUID)) { + tok = au_to_arg32(1, "ruid", ar->ar_arg_ruid); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_EUID)) { + tok = au_to_arg32(2, "euid", ar->ar_arg_euid); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_SUID)) { + tok = au_to_arg32(3, "suid", ar->ar_arg_suid); + kau_write(rec, tok); + } break; case AUE_SETGID: - tok = au_to_arg32(1, "gid", ar->ar_arg_gid); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_GID)) { + tok = au_to_arg32(1, "gid", ar->ar_arg_gid); + kau_write(rec, tok); + } break; case AUE_SETUID: - tok = au_to_arg32(1, "uid", ar->ar_arg_uid); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_UID)) { + tok = au_to_arg32(1, "uid", ar->ar_arg_uid); + kau_write(rec, tok); + } break; case AUE_SETGROUPS: if (ARG_IS_VALID(kar, ARG_GROUPSET)) { @@ -876,62 +1013,68 @@ break; case AUE_SETPRIORITY: - tok = au_to_arg32(1, "which", ar->ar_arg_cmd); - kau_write(rec, tok); - tok = au_to_arg32(2, "who", ar->ar_arg_uid); - kau_write(rec, tok); - tok = au_to_arg32(2, "priority", ar->ar_arg_value); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_CMD)) { + tok = au_to_arg32(1, "which", ar->ar_arg_cmd); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_UID)) { + tok = au_to_arg32(2, "who", ar->ar_arg_uid); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_VALUE)) { + tok = au_to_arg32(2, "priority", ar->ar_arg_value); + kau_write(rec, tok); + } break; case AUE_SETPRIVEXEC: - tok = au_to_arg32(1, "flag", ar->ar_arg_value); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_VALUE)) { + tok = au_to_arg32(1, "flag", ar->ar_arg_value); + kau_write(rec, tok); + } break; /* AUE_SHMAT, AUE_SHMCTL, AUE_SHMDT and AUE_SHMGET are SysV IPC */ case AUE_SHMAT: - tok = au_to_arg32(1, "shmid", ar->ar_arg_svipc_id); - kau_write(rec, tok); - tok = au_to_arg32(2, "shmaddr", (int)ar->ar_arg_svipc_addr); - kau_write(rec, tok); - if (ARG_IS_VALID(kar, ARG_SVIPC_PERM)) { + if (ARG_IS_VALID(kar, ARG_SVIPC_ID)) { + tok = au_to_arg32(1, "shmid", ar->ar_arg_svipc_id); + kau_write(rec, tok); + /* XXXAUDIT: Does having the ipc token make sense? */ tok = au_to_ipc(AT_IPC_SHM, ar->ar_arg_svipc_id); kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_SVIPC_ADDR)) { + tok = au_to_arg32(2, "shmaddr", + (int)ar->ar_arg_svipc_addr); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_SVIPC_PERM)) { tok = au_to_ipc_perm(&ar->ar_arg_svipc_perm); kau_write(rec, tok); } break; case AUE_SHMCTL: - tok = au_to_arg32(1, "shmid", ar->ar_arg_svipc_id); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_SVIPC_ID)) { + tok = au_to_arg32(1, "shmid", ar->ar_arg_svipc_id); + kau_write(rec, tok); + /* XXXAUDIT: Does having the ipc token make sense? */ + tok = au_to_ipc(AT_IPC_SHM, ar->ar_arg_svipc_id); + kau_write(rec, tok); + } switch (ar->ar_arg_svipc_cmd) { case IPC_STAT: ar->ar_event = AUE_SHMCTL_STAT; - if (ARG_IS_VALID(kar, ARG_SVIPC_PERM)) { - tok = au_to_ipc(AT_IPC_SHM, - ar->ar_arg_svipc_id); - kau_write(rec, tok); - } break; case IPC_RMID: ar->ar_event = AUE_SHMCTL_RMID; - if (ARG_IS_VALID(kar, ARG_SVIPC_PERM)) { - tok = au_to_ipc(AT_IPC_SHM, - ar->ar_arg_svipc_id); - kau_write(rec, tok); - } break; case IPC_SET: ar->ar_event = AUE_SHMCTL_SET; if (ARG_IS_VALID(kar, ARG_SVIPC_PERM)) { - tok = au_to_ipc(AT_IPC_SHM, - ar->ar_arg_svipc_id); - kau_write(rec, tok); tok = au_to_ipc_perm(&ar->ar_arg_svipc_perm); kau_write(rec, tok); - } + } break; default: break; /* We will audit a bad command */ @@ -939,17 +1082,22 @@ break; case AUE_SHMDT: - tok = au_to_arg32(1, "shmaddr", (int)ar->ar_arg_svipc_addr); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_SVIPC_ADDR)) { + tok = au_to_arg32(1, "shmaddr", + (int)ar->ar_arg_svipc_addr); + kau_write(rec, tok); + } break; case AUE_SHMGET: /* This is unusual; the return value is in an argument token */ - tok = au_to_arg32(0, "shmid", ar->ar_arg_svipc_id); - kau_write(rec, tok); - if (ARG_IS_VALID(kar, ARG_SVIPC_PERM)) { + if (ARG_IS_VALID(kar, ARG_SVIPC_ID)) { + tok = au_to_arg32(0, "shmid", ar->ar_arg_svipc_id); + kau_write(rec, tok); tok = au_to_ipc(AT_IPC_SHM, ar->ar_arg_svipc_id); kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_SVIPC_PERM)) { tok = au_to_ipc_perm(&ar->ar_arg_svipc_perm); kau_write(rec, tok); } @@ -958,10 +1106,14 @@ /* AUE_SHMOPEN, AUE_SHMUNLINK, AUE_SEMOPEN, AUE_SEMCLOSE * and AUE_SEMUNLINK are Posix IPC */ case AUE_SHMOPEN: - tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); - kau_write(rec, tok); - tok = au_to_arg32(3, "mode", ar->ar_arg_mode); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_SVIPC_ADDR)) { + tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_MODE)) { + tok = au_to_arg32(3, "mode", ar->ar_arg_mode); + kau_write(rec, tok); + } case AUE_SHMUNLINK: if (ARG_IS_VALID(kar, ARG_TEXT)) { tok = au_to_text(ar->ar_arg_text); @@ -983,12 +1135,18 @@ break; case AUE_SEMOPEN: - tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); - kau_write(rec, tok); - tok = au_to_arg32(3, "mode", ar->ar_arg_mode); - kau_write(rec, tok); - tok = au_to_arg32(4, "value", ar->ar_arg_value); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_FFLAGS)) { + tok = au_to_arg32(2, "flags", ar->ar_arg_fflags); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_MODE)) { + tok = au_to_arg32(3, "mode", ar->ar_arg_mode); + kau_write(rec, tok); + } + if (ARG_IS_VALID(kar, ARG_VALUE)) { + tok = au_to_arg32(4, "value", ar->ar_arg_value); + kau_write(rec, tok); + } /* fall through */ case AUE_SEMUNLINK: if (ARG_IS_VALID(kar, ARG_TEXT)) { @@ -1011,8 +1169,10 @@ break; case AUE_SEMCLOSE: - tok = au_to_arg32(1, "sem", ar->ar_arg_fd); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_FD)) { + tok = au_to_arg32(1, "sem", ar->ar_arg_fd); + kau_write(rec, tok); + } break; case AUE_SYMLINK: @@ -1041,15 +1201,19 @@ break; case AUE_UMASK: - tok = au_to_arg32(1, "new mask", ar->ar_arg_mask); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_MASK)) { + tok = au_to_arg32(1, "new mask", ar->ar_arg_mask); + kau_write(rec, tok); + } tok = au_to_arg32(0, "prev mask", ar->ar_retval); kau_write(rec, tok); break; case AUE_WAIT4: - tok = au_to_arg32(0, "pid", ar->ar_arg_pid); - kau_write(rec, tok); + if (ARG_IS_VALID(kar, ARG_PID)) { + tok = au_to_arg32(0, "pid", ar->ar_arg_pid); + kau_write(rec, tok); + } break; default: /* We shouldn't fall through to here. */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512020224.jB22OQQL005287>