6914628 Implement the user object audit token PSARC/2010/001 User object audit token

PSARC/2010/001 User object audit token
6580704 passwd gww produces a less optimal audit record.

2 files changed, 18 insertions, 0 deletions

diff --git a/usr/src/lib/auditd_plugins/syslog/systoken.c b/usr/src/lib/auditd_plugins/syslog/systoken.c
index 466887e2d9..d068514675 100644
--- a/usr/src/lib/auditd_plugins/syslog/systoken.c
+++ b/usr/src/lib/auditd_plugins/syslog/systoken.c
@@ -1332,6 +1332,22 @@ useofauth_token(parse_context_t *ctx)
 }
 
 /*
+ * Format of user token:
+ *	user token id		adr_char
+ *	uid			adr_uid
+ * 	username		adr_string
+ *
+ */
+int
+user_token(parse_context_t *ctx)
+{
+	ctx->adr.adr_now += sizeof (uid_t);
+	skip_bytes(ctx);
+
+	return (0);
+}
+
+/*
  * Format of zonename token:
  *	zonename token id		adr_char
  * 	zonename			adr_string
diff --git a/usr/src/lib/auditd_plugins/syslog/systoken.h b/usr/src/lib/auditd_plugins/syslog/systoken.h
index d1423ca85e..0d3f1acee4 100644
--- a/usr/src/lib/auditd_plugins/syslog/systoken.h
+++ b/usr/src/lib/auditd_plugins/syslog/systoken.h
@@ -105,6 +105,7 @@ extern void	exec_args_token(adr_t *, parse_context_t *);
 extern void	exec_env_token(adr_t *, parse_context_t *);
 extern void	attribute32_token(adr_t *, parse_context_t *);
 extern void	useofauth_token(adr_t *, parse_context_t *);
+extern void	user_token(adr_t *, parse_context_t *);
 
 /*
  * X windows tokens
@@ -157,6 +158,7 @@ extern void	subject64_ex_token(adr_t *, parse_context_t *);
 extern void	process64_ex_token(adr_t *, parse_context_t *);
 extern void	ip_addr_ex_token(adr_t *, parse_context_t *);
 extern void	socket_ex_token(adr_t *, parse_context_t *);
+extern void	tid_token(adr_t *, parse_context_t *);
 #endif
 
 #ifdef __cplusplus