Improvement for Distributed Audit Project

[Sergio Ligregni]

I am Sergio Ligregni, from Mexico, I am currently working in the Distributed
Audit Project at GSoC 2010, I want to ask your help in these things:

HELP NEEDED:

/*++++++++++++++++++++++*/

- which code should I base my development in getting parameters from a file?
(I've searched some audit.c, auditd_fbsd.c, auditd.c but not got the
function to do that, maybe I missed something), currently I have files like:
/var/audit
/var2/audit
1000
yes
53686

and got the parameters with sscanf, but the right way (the one I want to
know wich code to take as baseline):

dir:/var/audit /var2/audit
time: 1000
slave_dir: yes
port: 53686

and not to use sscanf (the avoiding of that function is a security concern
made by my mentor). I think I can do an algorithm to implement that, but
maybe there is a better/safer way to do in order to keeping the standard.

/*++++++++++++++++++++++*/
Currently I have this function to verify if a file is a trail, having it's
name, this is very poor and it needs to be improved, any ideas?

 /*
* When exploring /var/audit/ (or the directory where the trails are), not
* all files are trails so we must ensure we will only deal with the ones
* that are trails.
*/
static int
is_audit_trail(char *path)
{
  /*
   * We have these posibilities, only the first one is allowed
   * 20100619223115.20100619223131 20100619223131.not_terminated
   * current
   */
  if (strlen(path) == 29 && path[14] == '.' && isdigit(path[15])) {
    /* XXX To improve this checking later */
    return 1;
  }
  return 0;
}
/*++++++++++++++++++++++*/

By the way the Wiki and the Perforce Repository for this project are:

http://wiki.freebsd.org/SOC2010SergioLigregni
http://p4db.freebsd.org/depotTreeBrowser.cgi?FSPC=//depot/projects/soc2010/disaudit&HIDEDEL=NO

Thanks!
-- 
-----------------------------------------------------------
Sergio Andrés Ligregni Arredondo

Estudiante Ingeniería en Sistemas Computacionales, ITQ.
Is UNIX Hot Enough for You? | FreeBSD