6914628 Implement the user object audit token PSARC/2010/001 User object audit token

PSARC/2010/001 User object audit token
6580704 passwd gww produces a less optimal audit record.

4 files changed, 31 insertions, 4 deletions

diff --git a/usr/src/cmd/auditreduce/auditrd.h b/usr/src/cmd/auditreduce/auditrd.h
index 7cccc44b0f..8d620e5da5 100644
--- a/usr/src/cmd/auditreduce/auditrd.h
+++ b/usr/src/cmd/auditreduce/auditrd.h
@@ -61,6 +61,7 @@ uid_t	obj_owner;		/* object owner */
 int	subj_id;		/* subject identifier  */
 char	ipc_type;		/* 'o' object type - tell what type of IPC */
 scf_pattern_t fmri;		/* 'o' fmri value */
+uid_t	obj_user;		/* 'o' user value */
 
 /*
  * File selection options
diff --git a/usr/src/cmd/auditreduce/auditrt.h b/usr/src/cmd/auditreduce/auditrt.h
index 8a72146323..64d186d136 100644
--- a/usr/src/cmd/auditreduce/auditrt.h
+++ b/usr/src/cmd/auditreduce/auditrt.h
@@ -154,6 +154,7 @@ typedef struct audit_pcb audit_pcb_t;
 #define	OBJ_SHMGROUP	0x08000  /* 'o' shared memory [c]group */
 #define	OBJ_SHMOWNER	0x10000  /* 'o' shared memory [c]owner */
 #define	OBJ_FMRI	0x20000  /* 'o' fmri object */
+#define	OBJ_USER	0x40000  /* 'o' user object */
 
 #define	SOCKFLG_MACHINE 0	/* search socket token by machine name */
 #define	SOCKFLG_PORT    1	/* search socket token by port number */
@@ -186,6 +187,7 @@ extern uid_t	obj_owner;	/* object owner */
 extern int	subj_id; 	/* subject identifier */
 extern char	ipc_type;	/* 'o' object type - tell what type of IPC */
 extern scf_pattern_t fmri;	/* 'o' fmri value */
+extern uid_t	obj_user;	/* 'o' user value */
 
 /*
  * File selection options
diff --git a/usr/src/cmd/auditreduce/option.c b/usr/src/cmd/auditreduce/option.c
index 016070238a..aea0b14bd8 100644
--- a/usr/src/cmd/auditreduce/option.c
+++ b/usr/src/cmd/auditreduce/option.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -68,7 +68,8 @@ static obj_ent_t obj_tbl[] = {
 			{ "shmid", OBJ_SHM  },
 			{ "shmgroup", OBJ_SHMGROUP  },
 			{ "shmowner", OBJ_SHMOWNER  },
-			{ "sock", OBJ_SOCK } };
+			{ "sock", OBJ_SOCK },
+			{ "user", OBJ_USER } };
 
 extern int	derive_date(char *, struct tm *);
 extern int	parse_time(char *, int);
@@ -413,6 +414,9 @@ proc_object(char *optarg)
 	case OBJ_FMRI:
 		return (proc_fmri(obj_val));
 		/* NOTREACHED */
+	case OBJ_USER:
+		return (proc_user(obj_val, &obj_user));
+		/* NOTREACHED */
 	case OBJ_LP: /* lp objects have not yet been defined */
 	default: /* impossible */
 		(void) sprintf(errbuf, gettext("invalid object type (%s)"),
diff --git a/usr/src/cmd/auditreduce/token.c b/usr/src/cmd/auditreduce/token.c
index c9242ac877..71a0a32a1a 100644
--- a/usr/src/cmd/auditreduce/token.c
+++ b/usr/src/cmd/auditreduce/token.c
@@ -1179,7 +1179,6 @@ process64_ex_token(adr_t *adr)
  * Format of System V IPC token:
  *	System V IPC token id	adr_char
  *	object id		adr_int32
- *
  */
 int
 s5_IPC_token(adr_t *adr)
@@ -1203,7 +1202,6 @@ s5_IPC_token(adr_t *adr)
  *	socket_type		adrm_short
  *	remote_port		adrm_short
  *	remote_inaddr		adrm_int32
- *
  */
 int
 socket_token(adr_t *adr)
@@ -1805,6 +1803,28 @@ useofauth_token(adr_t *adr)
 	return (-1);
 }
 
+/*
+ * Format of user token:
+ *	user token id		adr_char
+ *	uid			adr_uid
+ * 	username		adr_string
+ */
+int
+user_token(adr_t *adr)
+{
+	uid_t	uid;
+
+	adrm_uid(adr, &uid, 1);
+	skip_string(adr);
+
+	if ((flags & M_OBJECT) && (obj_flag == OBJ_USER) &&
+	    (uid == obj_user)) {
+		checkflags |= M_OBJECT;
+	}
+
+	return (-1);
+}
+
 int
 xcolormap_token(adr_t *adr)
 {