From 80a044ea4651edbdf88a5f55afb47f789950bc66 Mon Sep 17 00:00:00 2001
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
Date: Fri, 30 Nov 2012 23:21:55 +0000
Subject: [PATCH] IFp4 @208452:

Audit handling for missing events:
- AUE_READLINKAT
- AUE_FACCESSAT
- AUE_MKDIRAT
- AUE_MKFIFOAT
- AUE_MKNODAT
- AUE_SYMLINKAT

Sponsored by:	FreeBSD Foundation (auditdistd)
MFC after:	2 weeks
---
 sys/security/audit/audit_bsm.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c
index a8fcd8fbb49c..6e49b518b763 100644
--- a/sys/security/audit/audit_bsm.c
+++ b/sys/security/audit/audit_bsm.c
@@ -724,13 +724,6 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
 		 */
 		break;
 
-	case AUE_MKFIFO:
-		if (ARG_IS_VALID(kar, ARG_MODE)) {
-			tok = au_to_arg32(2, "mode", ar->ar_arg_mode);
-			kau_write(rec, tok);
-		}
-		/* FALLTHROUGH */
-
 	case AUE_CHDIR:
 	case AUE_CHROOT:
 	case AUE_FSTATAT:
@@ -743,6 +736,7 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
 	case AUE_LPATHCONF:
 	case AUE_PATHCONF:
 	case AUE_READLINK:
+	case AUE_READLINKAT:
 	case AUE_REVOKE:
 	case AUE_RMDIR:
 	case AUE_SEARCHFS:
@@ -762,6 +756,8 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
 
 	case AUE_ACCESS:
 	case AUE_EACCESS:
+	case AUE_FACCESSAT:
+		ATFD1_TOKENS(1);
 		UPATH1_VNODE1_TOKENS;
 		if (ARG_IS_VALID(kar, ARG_VALUE)) {
 			tok = au_to_arg32(2, "mode", ar->ar_arg_value);
@@ -1059,6 +1055,10 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
 		break;
 
 	case AUE_MKDIR:
+	case AUE_MKDIRAT:
+	case AUE_MKFIFO:
+	case AUE_MKFIFOAT:
+		ATFD1_TOKENS(1);
 		if (ARG_IS_VALID(kar, ARG_MODE)) {
 			tok = au_to_arg32(2, "mode", ar->ar_arg_mode);
 			kau_write(rec, tok);
@@ -1067,6 +1067,8 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
 		break;
 
 	case AUE_MKNOD:
+	case AUE_MKNODAT:
+		ATFD1_TOKENS(1);
 		if (ARG_IS_VALID(kar, ARG_MODE)) {
 			tok = au_to_arg32(2, "mode", ar->ar_arg_mode);
 			kau_write(rec, tok);
@@ -1546,10 +1548,12 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
 		break;
 
 	case AUE_SYMLINK:
+	case AUE_SYMLINKAT:
 		if (ARG_IS_VALID(kar, ARG_TEXT)) {
 			tok = au_to_text(ar->ar_arg_text);
 			kau_write(rec, tok);
 		}
+		ATFD1_TOKENS(1);
 		UPATH1_VNODE1_TOKENS;
 		break;