From fbfb35189ef6666707097704b43e052cb2f919ae Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@sun.com>
Date: Wed, 1 Nov 2006 15:11:48 -0800
Subject: [PATCH 1/2] Bug #1997: AUDIT messages should contain uid for local
 accesses

<https://bugs.freedesktop.org/show_bug.cgi?id=1997>
---
 os/connection.c | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/os/connection.c b/os/connection.c
index 571ba58ab..60f3b9f51 100644
--- a/os/connection.c
+++ b/os/connection.c
@@ -549,7 +549,9 @@ AuthAudit (ClientPtr client, Bool letin,
 {
     char addr[128];
     char *out = addr;
-
+    int client_uid;
+    char client_uid_string[32];
+    
     if (!len)
         strcpy(out, "local host");
     else
@@ -585,14 +587,22 @@ AuthAudit (ClientPtr client, Bool letin,
 	default:
 	    strcpy(out, "unknown address");
 	}
+
+    if (LocalClientCred(client, &client_uid, NULL) != -1) {
+	snprintf(client_uid_string, sizeof(client_uid_string),
+		 " (uid %d)", client_uid);
+    } else {
+	client_uid_string[0] = '\0';
+    }
     
     if (proto_n)
-	AuditF("client %d %s from %s\n  Auth name: %.*s ID: %d\n", 
+	AuditF("client %d %s from %s%s\n  Auth name: %.*s ID: %d\n", 
 	       client->index, letin ? "connected" : "rejected", addr,
-	       (int)proto_n, auth_proto, auth_id);
+	       client_uid_string, (int)proto_n, auth_proto, auth_id);
     else 
-	AuditF("client %d %s from %s\n", 
-	       client->index, letin ? "connected" : "rejected", addr);
+	AuditF("client %d %s from %s%s\n", 
+	       client->index, letin ? "connected" : "rejected", addr,
+	       client_uid_string);
 }
 
 XID

From a7b944f0d96c3e0e15e75378a04def1ac96089fb Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@sun.com>
Date: Wed, 1 Nov 2006 16:17:49 -0800
Subject: [PATCH 2/2] If getpeerucred() is available, include pid & zoneid in
 audit messages too

---
 os/connection.c | 30 +++++++++++++++++++++++++++---
 1 file changed, 27 insertions(+), 3 deletions(-)

diff --git a/os/connection.c b/os/connection.c
index 60f3b9f51..6ca4010e2 100644
--- a/os/connection.c
+++ b/os/connection.c
@@ -165,6 +165,11 @@ extern __const__ int _nfiles;
 #include <netdnet/dn.h>
 #endif /* DNETCONN */
 
+#ifdef HAS_GETPEERUCRED
+# include <ucred.h>
+# include <zone.h>
+#endif
+
 int lastfdesc;			/* maximum file descriptor */
 
 fd_set WellKnownConnections;	/* Listener mask */
@@ -550,8 +555,13 @@ AuthAudit (ClientPtr client, Bool letin,
     char addr[128];
     char *out = addr;
     int client_uid;
-    char client_uid_string[32];
-    
+    char client_uid_string[64];
+#ifdef HAS_GETPEERUCRED
+    ucred_t *peercred = NULL;
+    pid_t client_pid = -1;
+    zoneid_t client_zid = -1;
+#endif
+
     if (!len)
         strcpy(out, "local host");
     else
@@ -588,10 +598,24 @@ AuthAudit (ClientPtr client, Bool letin,
 	    strcpy(out, "unknown address");
 	}
 
+#ifdef HAS_GETPEERUCRED
+    if (getpeerucred(((OsCommPtr)client->osPrivate)->fd, &peercred) >= 0) {
+	client_uid = ucred_geteuid(peercred);
+	client_pid = ucred_getpid(peercred);
+	client_zid = ucred_getzoneid(peercred);
+
+	ucred_free(peercred);
+	snprintf(client_uid_string, sizeof(client_uid_string),
+		 " (uid %ld, pid %ld, zone %ld)",
+		 (long) client_uid, (long) client_pid, (long) client_zid);
+    }
+#else    
     if (LocalClientCred(client, &client_uid, NULL) != -1) {
 	snprintf(client_uid_string, sizeof(client_uid_string),
 		 " (uid %d)", client_uid);
-    } else {
+    }
+#endif
+    else {
 	client_uid_string[0] = '\0';
     }