bpo-39184: Add audit events to functions in `fcntl`, `msvcrt`, `os`, `resource`, `shutil`, `signal`, `syslog` (GH-18407)
diff --git a/Doc/library/fcntl.rst b/Doc/library/fcntl.rst
index 5c172b8..07a15d2 100644
--- a/Doc/library/fcntl.rst
+++ b/Doc/library/fcntl.rst
@@ -63,6 +63,8 @@
If the :c:func:`fcntl` fails, an :exc:`OSError` is raised.
+ .. audit-event:: fcntl.fcntl fd,cmd,arg fcntl.fcntl
+
.. function:: ioctl(fd, request, arg=0, mutate_flag=True)
@@ -112,6 +114,8 @@
>>> buf
array('h', [13341])
+ .. audit-event:: fcntl.ioctl fd,request,arg fcntl.ioctl
+
.. function:: flock(fd, operation)
@@ -122,6 +126,8 @@
If the :c:func:`flock` fails, an :exc:`OSError` exception is raised.
+ .. audit-event:: fcntl.flock fd,operation fcntl.flock
+
.. function:: lockf(fd, cmd, len=0, start=0, whence=0)
@@ -155,6 +161,8 @@
The default for *len* is 0 which means to lock to the end of the file. The
default for *whence* is also 0.
+ .. audit-event:: fcntl.lockf fd,cmd,len,start,whence fcntl.lockf
+
Examples (all on a SVR4 compliant system)::
import struct, fcntl, os
diff --git a/Doc/library/msvcrt.rst b/Doc/library/msvcrt.rst
index 14ad2cd..42fffee 100644
--- a/Doc/library/msvcrt.rst
+++ b/Doc/library/msvcrt.rst
@@ -42,6 +42,8 @@
regions in a file may be locked at the same time, but may not overlap. Adjacent
regions are not merged; they must be unlocked individually.
+ .. audit-event:: msvcrt.locking fd,mode,nbytes msvcrt.locking
+
.. data:: LK_LOCK
LK_RLCK
@@ -77,12 +79,16 @@
and :const:`os.O_TEXT`. The returned file descriptor may be used as a parameter
to :func:`os.fdopen` to create a file object.
+ .. audit-event:: msvcrt.open_osfhandle handle,flags msvcrt.open_osfhandle
+
.. function:: get_osfhandle(fd)
Return the file handle for the file descriptor *fd*. Raises :exc:`OSError` if
*fd* is not recognized.
+ .. audit-event:: msvcrt.get_osfhandle fd msvcrt.get_osfhandle
+
.. _msvcrt-console:
diff --git a/Doc/library/os.rst b/Doc/library/os.rst
index b06a318..af02a37 100644
--- a/Doc/library/os.rst
+++ b/Doc/library/os.rst
@@ -445,6 +445,8 @@
On some platforms, including FreeBSD and Mac OS X, setting ``environ`` may
cause memory leaks. Refer to the system documentation for :c:func:`putenv`.
+ .. audit-event:: os.putenv key,value os.putenv
+
.. versionchanged:: 3.9
The function is now always available.
@@ -640,6 +642,8 @@
don't update ``os.environ``, so it is actually preferable to delete items of
``os.environ``.
+ .. audit-event:: os.unsetenv key os.unsetenv
+
.. versionchanged:: 3.9
The function is now always available and is also available on Windows.
@@ -766,6 +770,8 @@
docs for :func:`chmod` for possible values of *mode*. As of Python 3.3, this
is equivalent to ``os.chmod(fd, mode)``.
+ .. audit-event:: os.chmod path,mode,dir_fd os.fchmod
+
.. availability:: Unix.
@@ -776,6 +782,8 @@
:func:`chown`. As of Python 3.3, this is equivalent to ``os.chown(fd, uid,
gid)``.
+ .. audit-event:: os.chown path,uid,gid,dir_fd os.fchown
+
.. availability:: Unix.
@@ -883,6 +891,8 @@
:data:`F_ULOCK` or :data:`F_TEST`.
*len* specifies the section of the file to lock.
+ .. audit-event:: os.lockf fd,cmd,len os.lockf
+
.. availability:: Unix.
.. versionadded:: 3.3
@@ -1603,6 +1613,8 @@
This function can raise :exc:`OSError` and subclasses such as
:exc:`FileNotFoundError`, :exc:`PermissionError`, and :exc:`NotADirectoryError`.
+ .. audit-event:: os.chdir path os.chdir
+
.. versionadded:: 3.3
Added support for specifying *path* as a file descriptor
on some platforms.
@@ -1631,6 +1643,8 @@
This function can support :ref:`not following symlinks <follow_symlinks>`.
+ .. audit-event:: os.chflags path,flags os.chflags
+
.. availability:: Unix.
.. versionadded:: 3.3
@@ -1676,6 +1690,8 @@
read-only flag with it (via the ``stat.S_IWRITE`` and ``stat.S_IREAD``
constants or a corresponding integer value). All other bits are ignored.
+ .. audit-event:: os.chmod path,mode,dir_fd os.chmod
+
.. versionadded:: 3.3
Added support for specifying *path* as an open file descriptor,
and the *dir_fd* and *follow_symlinks* arguments.
@@ -1696,6 +1712,8 @@
See :func:`shutil.chown` for a higher-level function that accepts names in
addition to numeric ids.
+ .. audit-event:: os.chown path,uid,gid,dir_fd os.chown
+
.. availability:: Unix.
.. versionadded:: 3.3
@@ -1722,6 +1740,8 @@
descriptor *fd*. The descriptor must refer to an opened directory, not an
open file. As of Python 3.3, this is equivalent to ``os.chdir(fd)``.
+ .. audit-event:: os.chdir path os.fchdir
+
.. availability:: Unix.
@@ -1746,6 +1766,8 @@
not follow symbolic links. As of Python 3.3, this is equivalent to
``os.chflags(path, flags, follow_symlinks=False)``.
+ .. audit-event:: os.chflags path,flags os.lchflags
+
.. availability:: Unix.
.. versionchanged:: 3.6
@@ -1759,6 +1781,8 @@
for possible values of *mode*. As of Python 3.3, this is equivalent to
``os.chmod(path, mode, follow_symlinks=False)``.
+ .. audit-event:: os.chmod path,mode,dir_fd os.lchmod
+
.. availability:: Unix.
.. versionchanged:: 3.6
@@ -1770,6 +1794,8 @@
function will not follow symbolic links. As of Python 3.3, this is equivalent
to ``os.chown(path, uid, gid, follow_symlinks=False)``.
+ .. audit-event:: os.chown path,uid,gid,dir_fd os.lchown
+
.. availability:: Unix.
.. versionchanged:: 3.6
@@ -1784,6 +1810,8 @@
supply :ref:`paths relative to directory descriptors <dir_fd>`, and :ref:`not
following symlinks <follow_symlinks>`.
+ .. audit-event:: os.link src,dst,src_dir_fd,dst_dir_fd os.link
+
.. availability:: Unix, Windows.
.. versionchanged:: 3.2
@@ -1886,6 +1914,8 @@
It is also possible to create temporary directories; see the
:mod:`tempfile` module's :func:`tempfile.mkdtemp` function.
+ .. audit-event:: os.mkdir path,mode,dir_fd os.mkdir
+
.. versionadded:: 3.3
The *dir_fd* argument.
@@ -1918,6 +1948,8 @@
This function handles UNC paths correctly.
+ .. audit-event:: os.mkdir path,mode,dir_fd os.makedirs
+
.. versionadded:: 3.2
The *exist_ok* parameter.
@@ -2083,6 +2115,8 @@
This function is semantically identical to :func:`unlink`.
+ .. audit-event:: os.remove path,dir_fd os.remove
+
.. versionadded:: 3.3
The *dir_fd* argument.
@@ -2103,6 +2137,8 @@
they are empty. Raises :exc:`OSError` if the leaf directory could not be
successfully removed.
+ .. audit-event:: os.remove path,dir_fd os.removedirs
+
.. versionchanged:: 3.6
Accepts a :term:`path-like object`.
@@ -2128,6 +2164,8 @@
If you want cross-platform overwriting of the destination, use :func:`replace`.
+ .. audit-event:: os.rename src,dst,src_dir_fd,dst_dir_fd os.rename
+
.. versionadded:: 3.3
The *src_dir_fd* and *dst_dir_fd* arguments.
@@ -2147,6 +2185,8 @@
This function can fail with the new directory structure made if you lack
permissions needed to remove the leaf directory or file.
+ .. audit-event:: os.rename src,dst,src_dir_fd,dst_dir_fd os.renames
+
.. versionchanged:: 3.6
Accepts a :term:`path-like object` for *old* and *new*.
@@ -2162,6 +2202,8 @@
This function can support specifying *src_dir_fd* and/or *dst_dir_fd* to
supply :ref:`paths relative to directory descriptors <dir_fd>`.
+ .. audit-event:: os.rename src,dst,src_dir_fd,dst_dir_fd os.replace
+
.. versionadded:: 3.3
.. versionchanged:: 3.6
@@ -2178,6 +2220,8 @@
This function can support :ref:`paths relative to directory descriptors
<dir_fd>`.
+ .. audit-event:: os.rmdir path,dir_fd os.rmdir
+
.. versionadded:: 3.3
The *dir_fd* parameter.
@@ -2821,6 +2865,8 @@
:exc:`OSError` is raised when the function is called by an unprivileged
user.
+ .. audit-event:: os.symlink src,dst,dir_fd os.symlink
+
.. availability:: Unix, Windows.
.. versionchanged:: 3.2
@@ -2873,6 +2919,8 @@
traditional Unix name. Please see the documentation for
:func:`remove` for further information.
+ .. audit-event:: os.remove path,dir_fd os.unlink
+
.. versionadded:: 3.3
The *dir_fd* parameter.
@@ -2910,6 +2958,8 @@
:ref:`paths relative to directory descriptors <dir_fd>` and :ref:`not
following symlinks <follow_symlinks>`.
+ .. audit-event:: os.utime path,times,ns,dir_fd os.utime
+
.. versionadded:: 3.3
Added support for specifying *path* as an open file descriptor,
and the *dir_fd*, *follow_symlinks*, and *ns* parameters.
@@ -3135,6 +3185,8 @@
This function can support :ref:`specifying a file descriptor <path_fd>` and
:ref:`not following symlinks <follow_symlinks>`.
+ .. audit-event:: os.getxattr path,attribute os.getxattr
+
.. versionchanged:: 3.6
Accepts a :term:`path-like object` for *path* and *attribute*.
@@ -3149,6 +3201,8 @@
This function can support :ref:`specifying a file descriptor <path_fd>` and
:ref:`not following symlinks <follow_symlinks>`.
+ .. audit-event:: os.listxattr path os.listxattr
+
.. versionchanged:: 3.6
Accepts a :term:`path-like object`.
@@ -3163,6 +3217,8 @@
This function can support :ref:`specifying a file descriptor <path_fd>` and
:ref:`not following symlinks <follow_symlinks>`.
+ .. audit-event:: os.removexattr path,attribute os.removexattr
+
.. versionchanged:: 3.6
Accepts a :term:`path-like object` for *path* and *attribute*.
@@ -3186,6 +3242,8 @@
A bug in Linux kernel versions less than 2.6.39 caused the flags argument
to be ignored on some filesystems.
+ .. audit-event:: os.setxattr path,attribute,value,flags os.setxattr
+
.. versionchanged:: 3.6
Accepts a :term:`path-like object` for *path* and *attribute*.
@@ -3248,6 +3306,8 @@
<https://msdn.microsoft.com/44228cf2-6306-466c-8f16-f513cd3ba8b5>`_
for more information about how DLLs are loaded.
+ .. audit-event:: os.add_dll_directory path os.add_dll_directory
+
.. availability:: Windows.
.. versionadded:: 3.8
@@ -3480,6 +3540,8 @@
Note that some platforms including FreeBSD <= 6.3 and Cygwin have
known issues when using ``fork()`` from a thread.
+ .. audit-event:: os.fork "" os.fork
+
.. versionchanged:: 3.8
Calling ``fork()`` in a subinterpreter is no longer supported
(:exc:`RuntimeError` is raised).
@@ -3499,6 +3561,8 @@
master end of the pseudo-terminal. For a more portable approach, use the
:mod:`pty` module. If an error occurs :exc:`OSError` is raised.
+ .. audit-event:: os.forkpty "" os.forkpty
+
.. versionchanged:: 3.8
Calling ``forkpty()`` in a subinterpreter is no longer supported
(:exc:`RuntimeError` is raised).
@@ -3525,6 +3589,8 @@
See also :func:`signal.pthread_kill`.
+ .. audit-event:: os.kill pid,sig os.kill
+
.. versionadded:: 3.2
Windows support.
@@ -3537,6 +3603,8 @@
Send the signal *sig* to the process group *pgid*.
+ .. audit-event:: os.killpg pgid,sig os.killpg
+
.. availability:: Unix.
diff --git a/Doc/library/resource.rst b/Doc/library/resource.rst
index 3573da7..e4eac43 100644
--- a/Doc/library/resource.rst
+++ b/Doc/library/resource.rst
@@ -78,6 +78,9 @@
VxWorks only supports setting :data:`RLIMIT_NOFILE`.
+ .. audit-event:: resource.setrlimit resource,limits resource.setrlimit
+
+
.. function:: prlimit(pid, resource[, limits])
Combines :func:`setrlimit` and :func:`getrlimit` in one function and
@@ -94,6 +97,8 @@
:exc:`PermissionError` when the user doesn't have ``CAP_SYS_RESOURCE`` for
the process.
+ .. audit-event:: resource.prlimit pid,resource,limits resource.prlimit
+
.. availability:: Linux 2.6.36 or later with glibc 2.13 or later.
.. versionadded:: 3.4
diff --git a/Doc/library/shutil.rst b/Doc/library/shutil.rst
index 59390d0..c7c63e6 100644
--- a/Doc/library/shutil.rst
+++ b/Doc/library/shutil.rst
@@ -67,6 +67,8 @@
a new symbolic link will be created instead of copying the
file *src* points to.
+ .. audit-event:: shutil.copyfile src,dst shutil.copyfile
+
.. versionchanged:: 3.3
:exc:`IOError` used to be raised instead of :exc:`OSError`.
Added *follow_symlinks* argument.
@@ -101,6 +103,8 @@
:func:`copymode` cannot modify symbolic links on the local platform, and it
is asked to do so, it will do nothing and return.
+ .. audit-event:: shutil.copymode src,dst shutil.copymode
+
.. versionchanged:: 3.3
Added *follow_symlinks* argument.
@@ -146,6 +150,8 @@
Please see :data:`os.supports_follow_symlinks`
for more information.
+ .. audit-event:: shutil.copystat src,dst shutil.copystat
+
.. versionchanged:: 3.3
Added *follow_symlinks* argument and support for Linux extended attributes.
@@ -167,6 +173,10 @@
To preserve all file metadata from the original, use
:func:`~shutil.copy2` instead.
+ .. audit-event:: shutil.copyfile src,dst shutil.copy
+
+ .. audit-event:: shutil.copymode src,dst shutil.copy
+
.. versionchanged:: 3.3
Added *follow_symlinks* argument.
Now returns path to the newly created file.
@@ -194,6 +204,10 @@
Please see :func:`copystat` for more information
about platform support for modifying symbolic link metadata.
+ .. audit-event:: shutil.copyfile src,dst shutil.copy2
+
+ .. audit-event:: shutil.copystat src,dst shutil.copy2
+
.. versionchanged:: 3.3
Added *follow_symlinks* argument, try to copy extended
file system attributes too (currently Linux only).
@@ -342,6 +356,8 @@
*copy_function* allows the move to succeed when it is not possible to also
copy the metadata, at the expense of not copying any of the metadata.
+ .. audit-event:: shutil.move src,dst shutil.move
+
.. versionchanged:: 3.3
Added explicit symlink handling for foreign filesystems, thus adapting
it to the behavior of GNU's :program:`mv`.
@@ -381,6 +397,8 @@
See also :func:`os.chown`, the underlying function.
+ .. audit-event:: shutil.chown path,user,group shutil.chown
+
.. availability:: Unix.
.. versionadded:: 3.3
@@ -632,6 +650,8 @@
registered for that extension. In case none is found,
a :exc:`ValueError` is raised.
+ .. audit-event:: shutil.unpack_archive filename,extract_dir,format shutil.unpack_archive
+
.. versionchanged:: 3.7
Accepts a :term:`path-like object` for *filename* and *extract_dir*.
diff --git a/Doc/library/signal.rst b/Doc/library/signal.rst
index a79fc50..8b3ab41 100644
--- a/Doc/library/signal.rst
+++ b/Doc/library/signal.rst
@@ -277,6 +277,8 @@
If *signalnum* is 0, then no signal is sent, but error checking is still
performed; this can be used to check if the target thread is still running.
+ .. audit-event:: signal.pthread_kill thread_id,signalnum signal.pthread_kill
+
.. availability:: Unix. See the man page :manpage:`pthread_kill(3)` for further
information.
diff --git a/Doc/library/syslog.rst b/Doc/library/syslog.rst
index 7151527..d264a33 100644
--- a/Doc/library/syslog.rst
+++ b/Doc/library/syslog.rst
@@ -31,6 +31,8 @@
If :func:`openlog` has not been called prior to the call to :func:`syslog`,
``openlog()`` will be called with no arguments.
+ .. audit-event:: syslog.syslog priority,message syslog.syslog
+
.. function:: openlog([ident[, logoption[, facility]]])
@@ -45,6 +47,8 @@
keyword argument (default is :const:`LOG_USER`) sets the default facility for
messages which do not have a facility explicitly encoded.
+ .. audit-event:: syslog.openlog ident,logoption,facility syslog.openlog
+
.. versionchanged:: 3.2
In previous versions, keyword arguments were not allowed, and *ident* was
required. The default for *ident* was dependent on the system libraries,
@@ -60,6 +64,8 @@
:func:`openlog` hasn't already been called), and *ident* and other
:func:`openlog` parameters are reset to defaults.
+ .. audit-event:: syslog.closelog "" syslog.closelog
+
.. function:: setlogmask(maskpri)
@@ -70,6 +76,8 @@
``LOG_UPTO(pri)`` calculates the mask for all priorities up to and including
*pri*.
+ .. audit-event:: syslog.setlogmask maskpri syslog.setlogmask
+
The module defines the following constants:
Priority levels (high to low):
diff --git a/Lib/shutil.py b/Lib/shutil.py
index 9a83a32..a4ce2c0 100644
--- a/Lib/shutil.py
+++ b/Lib/shutil.py
@@ -235,6 +235,8 @@
symlink will be created instead of copying the file it points to.
"""
+ sys.audit("shutil.copyfile", src, dst)
+
if _samefile(src, dst):
raise SameFileError("{!r} and {!r} are the same file".format(src, dst))
@@ -289,6 +291,8 @@
(e.g. Linux) this method does nothing.
"""
+ sys.audit("shutil.copymode", src, dst)
+
if not follow_symlinks and _islink(src) and os.path.islink(dst):
if hasattr(os, 'lchmod'):
stat_func, chmod_func = os.lstat, os.lchmod
@@ -340,6 +344,8 @@
If the optional flag `follow_symlinks` is not set, symlinks aren't
followed if and only if both `src` and `dst` are symlinks.
"""
+ sys.audit("shutil.copystat", src, dst)
+
def _nop(*args, ns=None, follow_symlinks=None):
pass
@@ -778,6 +784,7 @@
the issues this implementation glosses over.
"""
+ sys.audit("shutil.move", src, dst)
real_dst = dst
if os.path.isdir(dst):
if _samefile(src, dst):
@@ -1208,6 +1215,8 @@
In case none is found, a ValueError is raised.
"""
+ sys.audit("shutil.unpack_archive", filename, extract_dir, format)
+
if extract_dir is None:
extract_dir = os.getcwd()
@@ -1275,6 +1284,7 @@
user and group can be the uid/gid or the user/group names, and in that case,
they are converted to their respective uid/gid.
"""
+ sys.audit('shutil.chown', path, user, group)
if user is None and group is None:
raise ValueError("user and/or group must be set")
diff --git a/Misc/NEWS.d/next/Security/2020-02-07-23-54-18.bpo-39184.v-ue-v.rst b/Misc/NEWS.d/next/Security/2020-02-07-23-54-18.bpo-39184.v-ue-v.rst
new file mode 100644
index 0000000..cf25c24
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2020-02-07-23-54-18.bpo-39184.v-ue-v.rst
@@ -0,0 +1 @@
+Add audit events to functions in `fcntl`, `msvcrt`, `os`, `resource`, `shutil`, `signal` and `syslog`.
\ No newline at end of file
diff --git a/Modules/fcntlmodule.c b/Modules/fcntlmodule.c
index 11906aa..43f9b22 100644
--- a/Modules/fcntlmodule.c
+++ b/Modules/fcntlmodule.c
@@ -66,6 +66,10 @@
char buf[1024];
int async_err = 0;
+ if (PySys_Audit("fcntl.fcntl", "iiO", fd, code, arg ? arg : Py_None) < 0) {
+ return NULL;
+ }
+
if (arg != NULL) {
int parse_result;
@@ -171,6 +175,11 @@
Py_ssize_t len;
char buf[IOCTL_BUFSZ+1]; /* argument plus NUL byte */
+ if (PySys_Audit("fcntl.ioctl", "iIO", fd, code,
+ ob_arg ? ob_arg : Py_None) < 0) {
+ return NULL;
+ }
+
if (ob_arg != NULL) {
if (PyArg_Parse(ob_arg, "w*:ioctl", &pstr)) {
char *arg;
@@ -288,6 +297,10 @@
int ret;
int async_err = 0;
+ if (PySys_Audit("fcntl.flock", "ii", fd, code) < 0) {
+ return NULL;
+ }
+
#ifdef HAVE_FLOCK
do {
Py_BEGIN_ALLOW_THREADS
@@ -372,6 +385,11 @@
int ret;
int async_err = 0;
+ if (PySys_Audit("fcntl.lockf", "iiOOi", fd, code, lenobj ? lenobj : Py_None,
+ startobj ? startobj : Py_None, whence) < 0) {
+ return NULL;
+ }
+
#ifndef LOCK_SH
#define LOCK_SH 1 /* shared lock */
#define LOCK_EX 2 /* exclusive lock */
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
index ec3da4f..4d6d255 100644
--- a/Modules/posixmodule.c
+++ b/Modules/posixmodule.c
@@ -2911,6 +2911,10 @@
{
int result;
+ if (PySys_Audit("os.chdir", "(O)", path->object) < 0) {
+ return NULL;
+ }
+
Py_BEGIN_ALLOW_THREADS
#ifdef MS_WINDOWS
/* on unix, success = 0, on windows, success = !0 */
@@ -2950,6 +2954,9 @@
os_fchdir_impl(PyObject *module, int fd)
/*[clinic end generated code: output=42e064ec4dc00ab0 input=18e816479a2fa985]*/
{
+ if (PySys_Audit("os.chdir", "(i)", fd) < 0) {
+ return NULL;
+ }
return posix_fildes_fd(fd, fchdir);
}
#endif /* HAVE_FCHDIR */
@@ -3007,6 +3014,11 @@
return NULL;
#endif
+ if (PySys_Audit("os.chmod", "Oii", path->object, mode,
+ dir_fd == DEFAULT_DIR_FD ? -1 : dir_fd) < 0) {
+ return NULL;
+ }
+
#ifdef MS_WINDOWS
Py_BEGIN_ALLOW_THREADS
attr = GetFileAttributesW(path->wide);
@@ -3103,6 +3115,10 @@
int res;
int async_err = 0;
+ if (PySys_Audit("os.chmod", "iii", fd, mode, -1) < 0) {
+ return NULL;
+ }
+
do {
Py_BEGIN_ALLOW_THREADS
res = fchmod(fd, mode);
@@ -3134,6 +3150,9 @@
/*[clinic end generated code: output=082344022b51a1d5 input=90c5663c7465d24f]*/
{
int res;
+ if (PySys_Audit("os.chmod", "Oii", path->object, mode, -1) < 0) {
+ return NULL;
+ }
Py_BEGIN_ALLOW_THREADS
res = lchmod(path->narrow, mode);
Py_END_ALLOW_THREADS
@@ -3176,6 +3195,10 @@
return NULL;
#endif
+ if (PySys_Audit("os.chflags", "Ok", path->object, flags) < 0) {
+ return NULL;
+ }
+
Py_BEGIN_ALLOW_THREADS
#ifdef HAVE_LCHFLAGS
if (!follow_symlinks)
@@ -3211,6 +3234,9 @@
/*[clinic end generated code: output=30ae958695c07316 input=f9f82ea8b585ca9d]*/
{
int res;
+ if (PySys_Audit("os.chflags", "Ok", path->object, flags) < 0) {
+ return NULL;
+ }
Py_BEGIN_ALLOW_THREADS
res = lchflags(path->narrow, flags);
Py_END_ALLOW_THREADS
@@ -3373,6 +3399,11 @@
}
#endif
+ if (PySys_Audit("os.chown", "OIIi", path->object, uid, gid,
+ dir_fd == DEFAULT_DIR_FD ? -1 : dir_fd) < 0) {
+ return NULL;
+ }
+
Py_BEGIN_ALLOW_THREADS
#ifdef HAVE_FCHOWN
if (path->fd != -1)
@@ -3422,6 +3453,10 @@
int res;
int async_err = 0;
+ if (PySys_Audit("os.chown", "iIIi", fd, uid, gid, -1) < 0) {
+ return NULL;
+ }
+
do {
Py_BEGIN_ALLOW_THREADS
res = fchown(fd, uid, gid);
@@ -3454,6 +3489,9 @@
/*[clinic end generated code: output=25eaf6af412fdf2f input=b1c6014d563a7161]*/
{
int res;
+ if (PySys_Audit("os.chown", "OIIi", path->object, uid, gid, -1) < 0) {
+ return NULL;
+ }
Py_BEGIN_ALLOW_THREADS
res = lchown(path->narrow, uid, gid);
Py_END_ALLOW_THREADS
@@ -3647,6 +3685,12 @@
}
#endif
+ if (PySys_Audit("os.link", "OOii", src->object, dst->object,
+ src_dir_fd == DEFAULT_DIR_FD ? -1 : src_dir_fd,
+ dst_dir_fd == DEFAULT_DIR_FD ? -1 : dst_dir_fd) < 0) {
+ return NULL;
+ }
+
#ifdef MS_WINDOWS
Py_BEGIN_ALLOW_THREADS
result = CreateHardLinkW(dst->wide, src->wide, NULL);
@@ -4114,6 +4158,11 @@
{
int result;
+ if (PySys_Audit("os.mkdir", "Oii", path->object, mode,
+ dir_fd == DEFAULT_DIR_FD ? -1 : dir_fd) < 0) {
+ return NULL;
+ }
+
#ifdef MS_WINDOWS
Py_BEGIN_ALLOW_THREADS
result = CreateDirectoryW(path->wide, NULL);
@@ -4259,6 +4308,12 @@
}
#endif
+ if (PySys_Audit("os.rename", "OOii", src->object, dst->object,
+ src_dir_fd == DEFAULT_DIR_FD ? -1 : src_dir_fd,
+ dst_dir_fd == DEFAULT_DIR_FD ? -1 : dst_dir_fd) < 0) {
+ return NULL;
+ }
+
#ifdef MS_WINDOWS
Py_BEGIN_ALLOW_THREADS
result = MoveFileExW(src->wide, dst->wide, flags);
@@ -4359,6 +4414,11 @@
{
int result;
+ if (PySys_Audit("os.rmdir", "Oi", path->object,
+ dir_fd == DEFAULT_DIR_FD ? -1 : dir_fd) < 0) {
+ return NULL;
+ }
+
Py_BEGIN_ALLOW_THREADS
#ifdef MS_WINDOWS
/* Windows, success=1, UNIX, success=0 */
@@ -4517,6 +4577,11 @@
{
int result;
+ if (PySys_Audit("os.remove", "Oi", path->object,
+ dir_fd == DEFAULT_DIR_FD ? -1 : dir_fd) < 0) {
+ return NULL;
+ }
+
Py_BEGIN_ALLOW_THREADS
_Py_BEGIN_SUPPRESS_IPH
#ifdef MS_WINDOWS
@@ -4933,6 +4998,11 @@
}
#endif
+ if (PySys_Audit("os.utime", "OOOi", path->object, times, ns ? ns : Py_None,
+ dir_fd == DEFAULT_DIR_FD ? -1 : dir_fd) < 0) {
+ return NULL;
+ }
+
#ifdef MS_WINDOWS
Py_BEGIN_ALLOW_THREADS
hFile = CreateFileW(path->wide, FILE_WRITE_ATTRIBUTES, 0,
@@ -5234,8 +5304,7 @@
return NULL;
}
- if (PySys_Audit("os.exec", "OOO", path->object ? path->object : Py_None,
- argv, Py_None) < 0) {
+ if (PySys_Audit("os.exec", "OOO", path->object, argv, Py_None) < 0) {
free_string_array(argvlist, argc);
return NULL;
}
@@ -5311,8 +5380,7 @@
if (envlist == NULL)
goto fail_0;
- if (PySys_Audit("os.exec", "OOO", path->object ? path->object : Py_None,
- argv, env) < 0) {
+ if (PySys_Audit("os.exec", "OOO", path->object, argv, env) < 0) {
goto fail_1;
}
@@ -5665,8 +5733,7 @@
}
attrp = &attr;
- if (PySys_Audit("os.posix_spawn", "OOO",
- path->object ? path->object : Py_None, argv, env) < 0) {
+ if (PySys_Audit("os.posix_spawn", "OOO", path->object, argv, env) < 0) {
goto exit;
}
@@ -5910,8 +5977,7 @@
mode = _P_OVERLAY;
#endif
- if (PySys_Audit("os.spawn", "iOOO", mode,
- path->object ? path->object : Py_None, argv,
+ if (PySys_Audit("os.spawn", "iOOO", mode, path->object, argv,
Py_None) < 0) {
free_string_array(argvlist, argc);
return NULL;
@@ -6026,8 +6092,7 @@
mode = _P_OVERLAY;
#endif
- if (PySys_Audit("os.spawn", "iOOO", mode,
- path->object ? path->object : Py_None, argv, env) < 0) {
+ if (PySys_Audit("os.spawn", "iOOO", mode, path->object, argv, env) < 0) {
goto fail_2;
}
@@ -6182,6 +6247,9 @@
PyErr_SetString(PyExc_RuntimeError, "fork not supported for subinterpreters");
return NULL;
}
+ if (PySys_Audit("os.fork", NULL) < 0) {
+ return NULL;
+ }
PyOS_BeforeFork();
pid = fork();
if (pid == 0) {
@@ -6788,6 +6856,9 @@
PyErr_SetString(PyExc_RuntimeError, "fork not supported for subinterpreters");
return NULL;
}
+ if (PySys_Audit("os.forkpty", NULL) < 0) {
+ return NULL;
+ }
PyOS_BeforeFork();
pid = forkpty(&master_fd, NULL, NULL, NULL);
if (pid == 0) {
@@ -7309,14 +7380,15 @@
static PyObject *
os_kill_impl(PyObject *module, pid_t pid, Py_ssize_t signal)
/*[clinic end generated code: output=8e346a6701c88568 input=61a36b86ca275ab9]*/
-#ifndef MS_WINDOWS
{
+ if (PySys_Audit("os.kill", "in", pid, signal) < 0) {
+ return NULL;
+ }
+#ifndef MS_WINDOWS
if (kill(pid, (int)signal) == -1)
return posix_error();
Py_RETURN_NONE;
-}
#else /* !MS_WINDOWS */
-{
PyObject *result;
DWORD sig = (DWORD)signal;
DWORD err;
@@ -7351,8 +7423,8 @@
CloseHandle(handle);
return result;
-}
#endif /* !MS_WINDOWS */
+}
#endif /* HAVE_KILL */
@@ -7371,6 +7443,9 @@
os_killpg_impl(PyObject *module, pid_t pgid, int signal)
/*[clinic end generated code: output=6dbcd2f1fdf5fdba input=38b5449eb8faec19]*/
{
+ if (PySys_Audit("os.killpg", "ii", pgid, signal) < 0) {
+ return NULL;
+ }
/* XXX some man pages make the `pgid` parameter an int, others
a pid_t. Since getpgrp() returns a pid_t, we assume killpg should
take the same type. Moreover, pid_t is always at least as wide as
@@ -8143,6 +8218,11 @@
int result;
#endif
+ if (PySys_Audit("os.symlink", "OOi", src->object, dst->object,
+ dir_fd == DEFAULT_DIR_FD ? -1 : dir_fd) < 0) {
+ return NULL;
+ }
+
#ifdef MS_WINDOWS
if (windows_has_symlink_unprivileged_flag) {
@@ -8745,6 +8825,10 @@
{
int res;
+ if (PySys_Audit("os.lockf", "iiL", fd, command, length) < 0) {
+ return NULL;
+ }
+
Py_BEGIN_ALLOW_THREADS
res = lockf(fd, command, length);
Py_END_ALLOW_THREADS
@@ -10147,6 +10231,9 @@
os_putenv_impl(PyObject *module, PyObject *name, PyObject *value)
/*[clinic end generated code: output=d29a567d6b2327d2 input=ba586581c2e6105f]*/
{
+ if (PySys_Audit("os.putenv", "OO", name, value) < 0) {
+ return NULL;
+ }
return win32_putenv(name, value);
}
#else
@@ -10172,6 +10259,10 @@
return NULL;
}
+ if (PySys_Audit("os.putenv", "OO", name, value) < 0) {
+ return NULL;
+ }
+
if (setenv(name_string, value_string, 1)) {
return posix_error();
}
@@ -10193,6 +10284,9 @@
os_unsetenv_impl(PyObject *module, PyObject *name)
/*[clinic end generated code: output=54c4137ab1834f02 input=4d6a1747cc526d2f]*/
{
+ if (PySys_Audit("os.unsetenv", "(O)", name) < 0) {
+ return NULL;
+ }
return win32_putenv(name, NULL);
}
#else
@@ -10208,6 +10302,9 @@
os_unsetenv_impl(PyObject *module, PyObject *name)
/*[clinic end generated code: output=54c4137ab1834f02 input=2bb5288a599c7107]*/
{
+ if (PySys_Audit("os.unsetenv", "(O)", name) < 0) {
+ return NULL;
+ }
#ifdef HAVE_BROKEN_UNSETENV
unsetenv(PyBytes_AS_STRING(name));
#else
@@ -11730,9 +11827,7 @@
"startfile not available on this platform");
}
- if (PySys_Audit("os.startfile", "Ou",
- filepath->object ? filepath->object : Py_None,
- operation) < 0) {
+ if (PySys_Audit("os.startfile", "Ou", filepath->object, operation) < 0) {
return NULL;
}
@@ -11910,6 +12005,10 @@
if (fd_and_follow_symlinks_invalid("getxattr", path->fd, follow_symlinks))
return NULL;
+ if (PySys_Audit("os.getxattr", "OO", path->object, attribute->object) < 0) {
+ return NULL;
+ }
+
for (i = 0; ; i++) {
void *ptr;
ssize_t result;
@@ -11981,6 +12080,11 @@
if (fd_and_follow_symlinks_invalid("setxattr", path->fd, follow_symlinks))
return NULL;
+ if (PySys_Audit("os.setxattr", "OOy#i", path->object, attribute->object,
+ value->buf, value->len, flags) < 0) {
+ return NULL;
+ }
+
Py_BEGIN_ALLOW_THREADS;
if (path->fd > -1)
result = fsetxattr(path->fd, attribute->narrow,
@@ -12029,6 +12133,10 @@
if (fd_and_follow_symlinks_invalid("removexattr", path->fd, follow_symlinks))
return NULL;
+ if (PySys_Audit("os.removexattr", "OO", path->object, attribute->object) < 0) {
+ return NULL;
+ }
+
Py_BEGIN_ALLOW_THREADS;
if (path->fd > -1)
result = fremovexattr(path->fd, attribute->narrow);
@@ -12074,6 +12182,11 @@
if (fd_and_follow_symlinks_invalid("listxattr", path->fd, follow_symlinks))
goto exit;
+ if (PySys_Audit("os.listxattr", "(O)",
+ path->object ? path->object : Py_None) < 0) {
+ return NULL;
+ }
+
name = path->narrow ? path->narrow : ".";
for (i = 0; ; i++) {
@@ -13550,6 +13663,10 @@
DLL_DIRECTORY_COOKIE cookie = 0;
DWORD err = 0;
+ if (PySys_Audit("os.add_dll_directory", "(O)", path->object) < 0) {
+ return NULL;
+ }
+
/* For Windows 7, we have to load this. As this will be a fairly
infrequent operation, just do it each time. Kernel32 is always
loaded. */
diff --git a/Modules/resource.c b/Modules/resource.c
index 87c72e7..afde03c 100644
--- a/Modules/resource.c
+++ b/Modules/resource.c
@@ -224,6 +224,11 @@
return NULL;
}
+ if (PySys_Audit("resource.setrlimit", "iO", resource,
+ limits ? limits : Py_None) < 0) {
+ return NULL;
+ }
+
if (py2rlimit(limits, &rl) < 0) {
return NULL;
}
@@ -269,6 +274,11 @@
return NULL;
}
+ if (PySys_Audit("resource.prlimit", "iiO", pid, resource,
+ limits ? limits : Py_None) < 0) {
+ return NULL;
+ }
+
if (group_right_1) {
if (py2rlimit(limits, &new_limit) < 0) {
return NULL;
diff --git a/Modules/signalmodule.c b/Modules/signalmodule.c
index 693b90b..a197673 100644
--- a/Modules/signalmodule.c
+++ b/Modules/signalmodule.c
@@ -1236,6 +1236,10 @@
{
int err;
+ if (PySys_Audit("signal.pthread_kill", "ki", thread_id, signalnum) < 0) {
+ return NULL;
+ }
+
err = pthread_kill((pthread_t)thread_id, signalnum);
if (err != 0) {
errno = err;
diff --git a/Modules/syslogmodule.c b/Modules/syslogmodule.c
index 539224f..2451792 100644
--- a/Modules/syslogmodule.c
+++ b/Modules/syslogmodule.c
@@ -144,6 +144,10 @@
return NULL;
}
+ if (PySys_Audit("syslog.openlog", "sll", ident, logopt, facility) < 0) {
+ return NULL;
+ }
+
openlog(ident, logopt, facility);
S_log_open = 1;
@@ -170,6 +174,10 @@
if (message == NULL)
return NULL;
+ if (PySys_Audit("syslog.syslog", "is", priority, message) < 0) {
+ return NULL;
+ }
+
/* if log is not opened, open it now */
if (!S_log_open) {
PyObject *openargs;
@@ -194,6 +202,9 @@
static PyObject *
syslog_closelog(PyObject *self, PyObject *unused)
{
+ if (PySys_Audit("syslog.closelog", NULL) < 0) {
+ return NULL;
+ }
if (S_log_open) {
closelog();
Py_CLEAR(S_ident_o);
@@ -209,6 +220,9 @@
if (!PyArg_ParseTuple(args, "l;mask for priority", &maskpri))
return NULL;
+ if (PySys_Audit("syslog.setlogmask", "(O)", args ? args : Py_None) < 0) {
+ return NULL;
+ }
omaskpri = setlogmask(maskpri);
return PyLong_FromLong(omaskpri);
}
diff --git a/PC/msvcrtmodule.c b/PC/msvcrtmodule.c
index c4113e5..5c06ec2 100644
--- a/PC/msvcrtmodule.c
+++ b/PC/msvcrtmodule.c
@@ -116,6 +116,10 @@
{
int err;
+ if (PySys_Audit("msvcrt.locking", "iil", fd, mode, nbytes) < 0) {
+ return NULL;
+ }
+
Py_BEGIN_ALLOW_THREADS
_Py_BEGIN_SUPPRESS_IPH
err = _locking(fd, mode, nbytes);
@@ -175,6 +179,10 @@
{
int fd;
+ if (PySys_Audit("msvcrt.open_osfhandle", "Ki", handle, flags) < 0) {
+ return NULL;
+ }
+
_Py_BEGIN_SUPPRESS_IPH
fd = _open_osfhandle((intptr_t)handle, flags);
_Py_END_SUPPRESS_IPH
@@ -201,6 +209,10 @@
{
intptr_t handle = -1;
+ if (PySys_Audit("msvcrt.get_osfhandle", "(i)", fd) < 0) {
+ return NULL;
+ }
+
_Py_BEGIN_SUPPRESS_IPH
handle = _get_osfhandle(fd);
_Py_END_SUPPRESS_IPH