PERFORCE change 143689 for review
Vincenzo Iozzo
snagg at FreeBSD.org
Wed Jun 18 11:40:55 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=143689
Change 143689 by snagg at snagg_macosx on 2008/06/18 11:40:21
Finished the first event-specific framework part, added also a testing program. Some other bugs were corrected in the utils. Still need some testing
Affected files ...
.. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/audit_pipe_ioctl_events.c#2 delete
.. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/audit_pipe_regression_test_utils.c#3 edit
.. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/audit_pipe_regression_test_utils.h#2 edit
.. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_open.c#1 add
.. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/tests/open_test.c#1 add
Differences ...
==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/audit_pipe_regression_test_utils.c#3 (text+ko) ====
@@ -1,47 +1,6 @@
#include "audit_pipe_regression_test_utils.h"
-struct audit_record *del_record_au(struct audit_record *head, int index)
-{
- struct audit_record *tmp;
- struct audit_record *p;
-
- tmp = head;
- if(tmp == NULL)
- return NULL;
- for(; tmp->next != NULL; tmp = tmp->next)
- {
- if(tmp->next->index == index) {
- p = tmp->next;
- tmp->next = tmp->next->next;
- free(p);
- return head;
- }
- }
-
- return NULL;
-}
-
-struct audit_record
-*add_field_au(struct audit_record *head, struct audit_record *new)
-{
- struct audit_record *tmp;
-
- tmp = head;
- if(tmp == NULL) {
- new->next = NULL;
- return new;
- }
-
- for(; tmp->next != NULL;tmp = tmp->next);
- new->index = tmp->index +1;
- tmp->next= new;
- new->next = NULL;
-
- return head;
-}
-
-
void init_channel()
{
key_t key;
@@ -101,7 +60,7 @@
/*
* Every string in the shared-memory channel is of the form
- * value:!!audit-field:**type.
+ * value\\!!audit-field:**type.
* Here we parse the audit-field part
*/
char *get_descr(char *string)
@@ -110,7 +69,7 @@
str = string;
- if((string = strsep(&str, ":!!")) != NULL)
+ if((string = strsep(&str, "\\!!")) != NULL)
{
str +=2;
return str;
@@ -119,7 +78,7 @@
/*
* Every string in the shared-memory channel is of the form
- * value:!!audit-field:**type.
+ * value\!!audit-field:**type.
* Here we parse the type part
*/
int parse_string(char *string)
@@ -179,47 +138,49 @@
* We fetch every token from auditpipe and eventually dump them to a file
* Modified version of praudit function.
*/
-struct audit_record
-*audit_print_record(FILE *st, FILE *in)
+
+int
+audit_print_record(FILE *st, char *buffer, int buflen, struct audit_record rec)
{
- u_char *buf;
- tokenstr_t tok;
- int reclen;
- int bytesread;
int count;
u_char type;
- struct audit_record *rec;
-
+ int i, exit;
+
type = 0;
count = 0;
- rec = malloc(sizeof(struct audit_record));
- if(rec == NULL)
- err(-1, "MALLOC");
-
+ exit = 0;
+
/* Record must begin with a header token. */
- do {
- type = fgetc(in);
- } while(type != AU_HEADER_32_TOKEN);
- ungetc(type, in);
+ for( i = 0; i< buflen; i++) {
+ type = buffer[i];
+ if(type == AU_HEADER_32_TOKEN) {
+ buffer +=i;
+ buflen -=i;
+ break;
+ }
+ }
+ while (buflen > 0) {
- while ((reclen = au_read_rec(in, &buf)) != -1) {
- bytesread = 0;
- while (bytesread < reclen) {
-
- /* Is this an incomplete record? */
- if (-1 == au_fetch_tok(&tok, buf + bytesread,
- reclen - bytesread))
- break;
- rec->toks[count] = tok;
- rec->count = count;
- au_print_tok_xml(st, &tok, ",", 0, 0);
- fprintf(st, "\n");
- bytesread += tok.len;
- }
- free(buf);
- fflush(st);
+ /* XXX: Is this an incomplete record? */
+ if (au_fetch_tok(&(rec.toks[count]), buffer, buflen) == -1)
+ break;
+
+ rec.count = count;
+ au_print_tok_xml(st, &(rec.toks[count]), ",", 0, 0);
+ buflen -= rec.toks[count].len;
+ buffer += rec.toks[count].len;
+ fprintf(st, "\n");
+ count++;
+ if(count == 20)
+ return -1;
+ if(exit)
+ break;
+ if(*buffer == AU_TRAILER_TOKEN)
+ exit = 1;
}
- return rec;
+
+ fflush(st);
+ return 0;
}
/*
@@ -239,25 +200,19 @@
return f;
}
-void report_error(tokenstr_t tok, struct audit_record *rec, FILE *f)
+void report_error(tokenstr_t tok, FILE *f)
{
- int i;
- if(rec == NULL)
- return;
- for(i = 0; i <= rec->count; i++) {
- au_print_tok_xml(f, &(rec->toks[i]), ",", 0, 0);
- fprintf(f, "\n");
- }
- fprintf(f, "ERROR:***");
+ fprintf(f, "ERROR:***\n");
au_print_tok_xml(f, &tok, ",", 0, 0);
fprintf(f, "\n");
+
}
/*
* Check the return value of a bsm-token
*/
-int check_ret(au_exit_t ret, int r, char *val)
+int check_ret(au_ret32_t ret, int r, char *val)
{
if(ret.ret == r)
//if(!strncmp(ret.status, val, strlen(ret.status) > strlen(val)?
==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/audit_pipe_regression_test_utils.h#2 (text+ko) ====
@@ -46,6 +46,9 @@
#include <semaphore.h>
#include <string.h>
+#define AUDIT_BUFFER_LEN 65536
+#define AUDIT_RECORD_MAX 256
+
#define SHMSZ 512
#define SEM_NAME "/audit-test"
#define SEM_CLIENT_NAME "/client"
@@ -59,17 +62,27 @@
CHAR_TYPE
};
+/*
+ * NOT = do not validate anything
+ * GOT_READLINK = we took the last function (a readlink) of the standard
+ * "prologue" of every process
+ * VALID = we need to validate stuff
+ * WAITING = this is not the right syscall to parse
+ */
+enum VALIDATE {
+ NOT,
+ GOT_READLINK,
+ VALID,
+ WAITING
+};
+
struct audit_record
{
tokenstr_t toks[20];
int count;
int index;
- struct audit_record *next;
};
-struct audit_record *del_record_au(struct audit_record *head, int index);
-struct audit_record *add_field_au(struct audit_record *head,
- struct audit_record *new);
void init_channel();
void end_channel();
char *read_string();
@@ -77,11 +90,11 @@
int parse_string(char *string);
long get_int(char *string);
char get_c(char *string);
-struct audit_record *audit_print_record(FILE *st, FILE *in);
+int audit_print_record(FILE *st, char *buffer, int buflen,
+ struct audit_record rec);
FILE *init_log(pid_t pid);
-void report_error(tokenstr_t tok, struct audit_record *rec,
- FILE *f);
-int check_ret(au_exit_t ret, int r, char *val);
+void report_error(tokenstr_t tok, FILE *f);
+int check_ret(au_ret32_t ret, int r, char *val);
int check_path(au_path_t path, char *val);
int check_arg(au_arg32_t arg, long val);
int check_priv(au_proc32ex_t priv, pid_t pid);
More information about the p4-projects
mailing list