PERFORCE change 90627 for review
Robert Watson
rwatson at FreeBSD.org
Sun Jan 29 16:35:43 GMT 2006
http://perforce.freebsd.org/chv.cgi?CH=90627
Change 90627 by rwatson at rwatson_peppercorn on 2006/01/29 16:35:27
Integrate TrustedBSD OpenBSM code into TrustedBSD audit3 branch:
- License cleanup
- $P4$
- README update
- auditreduce bug fixing and cleanup
- praudit cleanup
- Audit events update, cleanup, preference for Solaris definitions
over Darwin
Affected files ...
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/CHANGELOG#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/LICENSE#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/Makefile#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/README#5 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/TODO#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/VERSION#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/Makefile#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/Makefile#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.1#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.c#4 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.h#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/praudit/Makefile#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/praudit/praudit.1#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/praudit/praudit.c#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/Makefile#4 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#6 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_internal.h#5 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#13 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#4 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_uevents.h#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#4 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/compat/endian.h#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_class#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_control#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_event#8 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_user#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/etc/audit_warn#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/Makefile#4 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_class.3#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_control.3#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_event.3#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_free_token.3#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_io.3#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_mask.3#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_token.3#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/au_user.3#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_audit.c#6 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_class.c#7 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_control.c#6 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_event.c#6 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_flags.c#7 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#8 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_mask.c#6 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_notify.c#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_token.c#8 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_user.c#5 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_wrappers.c#5 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/libbsm.3#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/Makefile#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit.2#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit.log.5#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_class.5#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_control.5#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_event.5#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_user.5#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/audit_warn.5#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/auditctl.2#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/auditon.2#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/event_code.5#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/getaudit.2#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/getauid.2#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/setaudit.2#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/man/setauid.2#2 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/tools/Makefile#3 integrate
.. //depot/projects/trustedbsd/audit3/contrib/openbsm/tools/audump.c#4 integrate
Differences ...
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/CHANGELOG#3 (text+ko) ====
@@ -61,4 +61,6 @@
or static memory is returned for non-_r() versions of API calls.
_free() calls dropped as a result, and source code compatibility with
OpenSolaris improved significantly.
+- Annotate BSM events with origin OS and compatibility information.
+$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/CHANGELOG#3 $
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/LICENSE#3 (text+ko) ====
@@ -1,41 +1,14 @@
-OpenBSM is covered by a number of copyrights, with two variants of the BSD
-license depending on origination. The TrustedBSD Project would appreciate
-the contribution of fixes and enhancements under identical of substantially
-similar licenses.
+OpenBSM is covered by a number of copyrights, with licenses being either two
+or three clause BSD licenses. Individual file headers should be consulted
+for specific copyrights on specific components. The TrustedBSD Project would
+appreciate the contribution of fixes and enhancements under identical or
+substantially similar licenses:
- * Copyright (c) 2004 Apple Computer, Inc.
+ * Copyright (c) <year> <copyright holder>
* All rights reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
- * its contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
+ * <any additional comments or credits>
*
- * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRING LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
- * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
-
- * Copyright (c) 2005 SPARTA, Inc.
- * All rights reserved.
- *
- * This code was developed in part by Robert N. M. Watson, Senior Principal
- * Scientist, SPARTA, Inc.
- *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -56,3 +29,5 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
+
+$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/LICENSE#3 $
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/Makefile#2 (text+ko) ====
@@ -1,5 +1,5 @@
#
-#
+# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/Makefile#2 $
#
SUBDIR= bsm \
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/README#5 (text+ko) ====
@@ -77,3 +77,10 @@
Information on OpenBSM may be found on the OpenBSM home page:
+ http://www.OpenBSM.org/
+
+Information on TrustedBSD may be found on the TrustedBSD home page:
+
+ http://www.TrustedBSD.org/
+
+$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/README#5 $
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/TODO#3 (text+ko) ====
@@ -6,3 +6,5 @@
test that things work properly with respect to endianness of the local
platform.
- Document contents of libbsm "public" data structures in libbsm man pages.
+
+$P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/TODO#3 $
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/VERSION#2 (text+ko) ====
@@ -1,1 +1,1 @@
-1.0-PRERELEASE
+OPENBSM_1_0_ALPHA_1
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/Makefile#2 (text+ko) ====
@@ -1,5 +1,5 @@
#
-#
+# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/Makefile#2 $
#
SUBDIR= auditreduce \
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/Makefile#2 (text+ko) ====
@@ -1,5 +1,5 @@
#
-# $FreeBSD$
+# $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/Makefile#2 $
#
CFLAGS+= -I- -I ../.. -I ../../libbsm -L ../../libbsm -I.
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.1#2 (text+ko) ====
@@ -1,4 +1,5 @@
-.\" Copyright (c) 2004, Apple Computer, Inc. All rights reserved.
+.\" Copyright (c) 2004 Apple Computer, Inc.
+.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
@@ -24,6 +25,8 @@
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
+.\" $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.1#2 $
+.\"
.Dd Jan 24, 2004
.Dt AUDITREDUCE 1
.Os
==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.c#4 (text+ko) ====
@@ -1,5 +1,6 @@
/*
- * Copyright (c) 2004, Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2004 Apple Computer, Inc.
+ * All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -24,11 +25,13 @@
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $P4: //depot/projects/trustedbsd/audit3/contrib/openbsm/bin/auditreduce/auditreduce.c#4 $
*/
/*
* Tool used to merge and select audit records from audit trail files
- */
+ */
/*
* XXX Currently we do not support merging of records from multiple
@@ -50,33 +53,32 @@
#include "auditreduce.h"
+extern char *optarg;
+extern int optind, optopt, opterr,optreset;
-extern char *optarg;
-extern int optind, optopt, opterr,optreset;
+static au_mask_t maskp; /* Class. */
+static time_t p_atime; /* Created after this time. */
+static time_t p_btime; /* Created before this time. */
+static uint16_t p_evtype; /* Event that we are searching for. */
+static int p_auid; /* Audit id. */
+static int p_euid; /* Effective user id. */
+static int p_egid; /* Effective group id. */
+static int p_rgid; /* Real group id. */
+static int p_ruid; /* Real user id. */
+static int p_subid; /* Subject id. */
-static au_mask_t maskp; /* Used while selecting based on class */
-static time_t p_atime;/* select records created after this time */
-static time_t p_btime;/* select records created before this time */
-static uint16_t p_evtype; /* The event that we are searching for */
-static int p_auid; /* audit id */
-static int p_euid; /* effective user id */
-static int p_egid; /* effective group id */
-static int p_rgid; /* real group id */
-static int p_ruid; /* real user id */
-static int p_subid; /* subject id */
-
-/* Following are the objects (-o option) that we can select upon */
-static char *p_fileobj = NULL;
-static char *p_msgqobj = NULL;
-static char *p_pidobj = NULL;
-static char *p_semobj = NULL;
-static char *p_shmobj = NULL;
-static char *p_sockobj = NULL;
+/*
+ * Following are the objects (-o option) that we can select upon.
+ */
+static char *p_fileobj = NULL;
+static char *p_msgqobj = NULL;
+static char *p_pidobj = NULL;
+static char *p_semobj = NULL;
+static char *p_shmobj = NULL;
+static char *p_sockobj = NULL;
-
static uint32_t opttochk = 0;
-
static void
usage(const char *msg)
{
@@ -105,179 +107,177 @@
}
/*
- * Check if the given auid matches the selection criteria
+ * Check if the given auid matches the selection criteria.
*/
-static int select_auid(int au)
+static int
+select_auid(int au)
{
- /* check if we want to select on auid */
- if(ISOPTSET(opttochk, OPT_u)) {
- if(au != p_auid) {
- return 0;
- }
+
+ /* Check if we want to select on auid. */
+ if (ISOPTSET(opttochk, OPT_u)) {
+ if (au != p_auid)
+ return (0);
}
- return 1;
+ return (1);
}
/*
- * Check if the given euid matches the selection criteria
+ * Check if the given euid matches the selection criteria.
*/
-static int select_euid(int euser)
+static int
+select_euid(int euser)
{
- /* check if we want to select on euid */
- if(ISOPTSET(opttochk, OPT_e)) {
- if(euser != p_euid) {
- return 0;
- }
+
+ /* Check if we want to select on euid. */
+ if (ISOPTSET(opttochk, OPT_e)) {
+ if (euser != p_euid)
+ return (0);
}
- return 1;
+ return (1);
}
/*
- * Check if the given egid matches the selection criteria
+ * Check if the given egid matches the selection criteria.
*/
-static int select_egid(int egrp)
+static int
+select_egid(int egrp)
{
- /* check if we want to select on egid */
- if(ISOPTSET(opttochk, OPT_f)) {
- if(egrp != p_egid) {
- return 0;
- }
+
+ /* Check if we want to select on egid. */
+ if (ISOPTSET(opttochk, OPT_f)) {
+ if (egrp != p_egid)
+ return (0);
}
- return 1;
+ return (1);
}
/*
- * Check if the given rgid matches the selection criteria
+ * Check if the given rgid matches the selection criteria.
*/
-static int select_rgid(int grp)
+static int
+select_rgid(int grp)
{
- /* check if we want to select on rgid */
- if(ISOPTSET(opttochk, OPT_g)) {
- if(grp != p_rgid) {
- return 0;
- }
+
+ /* Check if we want to select on rgid. */
+ if (ISOPTSET(opttochk, OPT_g)) {
+ if (grp != p_rgid)
+ return (0);
}
- return 1;
+ return (1);
}
/*
- * Check if the given ruid matches the selection criteria
+ * Check if the given ruid matches the selection criteria.
*/
-static int select_ruid(int user)
+static int
+select_ruid(int user)
{
- /* check if we want to select on rgid */
- if(ISOPTSET(opttochk, OPT_r)) {
- if(user != p_ruid) {
- return 0;
- }
+
+ /* Check if we want to select on rgid. */
+ if (ISOPTSET(opttochk, OPT_r)) {
+ if (user != p_ruid)
+ return (0);
}
- return 1;
+ return (1);
}
/*
- * Check if the given subject id (pid) matches the selection criteria
+ * Check if the given subject id (pid) matches the selection criteria.
*/
-static int select_subid(int subid)
+static int
+select_subid(int subid)
{
- /* check if we want to select on subject uid */
- if(ISOPTSET(opttochk, OPT_j)) {
- if(subid != p_subid) {
- return 0;
- }
+
+ /* Check if we want to select on subject uid. */
+ if (ISOPTSET(opttochk, OPT_j)) {
+ if (subid != p_subid)
+ return (0);
}
- return 1;
+ return (1);
}
/*
- * Check if object's pid maches the given pid
+ * Check if object's pid maches the given pid.
*/
-static int select_pidobj(uint32_t pid)
+static int
+select_pidobj(uint32_t pid)
{
- if(ISOPTSET(opttochk, OPT_op)) {
- if(pid != strtol(p_pidobj, (char **)NULL, 10)) {
- return 0;
- }
+
+ if (ISOPTSET(opttochk, OPT_op)) {
+ if (pid != strtol(p_pidobj, (char **)NULL, 10))
+ return (0);
}
- return 1;
+ return (1);
}
/*
- * Check if the given ipc object with the given type matches the
- * selection criteria
+ * Check if the given ipc object with the given type matches the selection
+ * criteria.
*/
-static int select_ipcobj(u_char type, uint32_t id, uint32_t *optchkd)
+static int
+select_ipcobj(u_char type, uint32_t id, uint32_t *optchkd)
{
- if(type == AT_IPC_MSG) {
+
+ if (type == AT_IPC_MSG) {
SETOPT((*optchkd), OPT_om);
- if(ISOPTSET(opttochk, OPT_om)) {
- if(id != strtol(p_msgqobj, (char **)NULL, 10)) {
- return 0;
- }
+ if (ISOPTSET(opttochk, OPT_om)) {
+ if (id != strtol(p_msgqobj, (char **)NULL, 10))
+ return (0);
}
- return 1;
- }
- else if(type == AT_IPC_SEM) {
+ return (1);
+ } else if (type == AT_IPC_SEM) {
SETOPT((*optchkd), OPT_ose);
- if(ISOPTSET(opttochk, OPT_ose)) {
- if(id != strtol(p_semobj, (char **)NULL, 10)) {
- return 0;
- }
+ if (ISOPTSET(opttochk, OPT_ose)) {
+ if (id != strtol(p_semobj, (char **)NULL, 10))
+ return (0);
}
- return 1;
- }
- else if (type == AT_IPC_SHM) {
+ return (1);
+ } else if (type == AT_IPC_SHM) {
SETOPT((*optchkd), OPT_osh);
- if(ISOPTSET(opttochk, OPT_osh)) {
- if(id != strtol(p_shmobj, (char **)NULL, 10)) {
- return 0;
- }
+ if (ISOPTSET(opttochk, OPT_osh)) {
+ if (id != strtol(p_shmobj, (char **)NULL, 10))
+ return (0);
}
- return 1;
+ return (1);
}
- /* unknown type -- filter if *any* ipc filtering is required */
- if(ISOPTSET(opttochk, OPT_om)
- || ISOPTSET(opttochk, OPT_ose)
- || ISOPTSET(opttochk, OPT_osh)) {
- return 0;
- }
+ /* Unknown type -- filter if *any* ipc filtering is required. */
+ if (ISOPTSET(opttochk, OPT_om) || ISOPTSET(opttochk, OPT_ose)
+ || ISOPTSET(opttochk, OPT_osh))
+ return (0);
- return 1;
+ return (1);
}
/*
- * Check if the file name matches selection criteria
+ * Check if the file name matches selection criteria.
*/
-static int select_filepath(char *path, uint32_t *optchkd)
+static int
+select_filepath(char *path, uint32_t *optchkd)
{
char *loc;
SETOPT((*optchkd), OPT_of);
- if(ISOPTSET(opttochk, OPT_of)) {
- if(p_fileobj[0] == '~') {
- /* object should not be in path */
+ if (ISOPTSET(opttochk, OPT_of)) {
+ if (p_fileobj[0] == '~') {
+ /* Object should not be in path. */
loc = strstr(path, p_fileobj + 1);
- if((loc != NULL) && (loc == path)) {
- return 0;
- }
- }
- else {
- /* object should be in path */
+ if ((loc != NULL) && (loc == path))
+ return (0);
+ } else {
+ /* Object should be in path. */
loc = strstr(path, p_fileobj);
- if((loc == NULL) || (loc != path)) {
- return 0;
- }
+ if ((loc == NULL) || (loc != path))
+ return (0);
}
}
- return 1;
+ return (1);
}
-
-
/*
- * Returns 1 if the following pass the selection rules:
+ * Returns 1 if the following pass the selection rules:
*
* before-time,
* after time,
@@ -285,44 +285,46 @@
* class,
* event
*/
-static int select_hdr32(tokenstr_t tok, uint32_t *optchkd)
+static int
+select_hdr32(tokenstr_t tok, uint32_t *optchkd)
{
+
SETOPT((*optchkd), (OPT_A | OPT_a | OPT_b | OPT_c | OPT_m));
- /* The A option overrides a,b and d */
- if(!ISOPTSET(opttochk, OPT_A)) {
- if(ISOPTSET(opttochk, OPT_a)) {
+ /* The A option overrides a, b and d. */
+ if (!ISOPTSET(opttochk, OPT_A)) {
+ if (ISOPTSET(opttochk, OPT_a)) {
if (difftime((time_t)tok.tt.hdr32.s, p_atime) < 0) {
- /* record was created before p_atime */
- return 0;
+ /* Record was created before p_atime. */
+ return (0);
}
}
- if(ISOPTSET(opttochk, OPT_b)) {
+ if (ISOPTSET(opttochk, OPT_b)) {
if (difftime(p_btime, (time_t)tok.tt.hdr32.s) < 0) {
- /* record was created after p_btime */
- return 0;
+ /* Record was created after p_btime. */
+ return (0);
}
}
}
- if(ISOPTSET(opttochk, OPT_c)) {
+ if (ISOPTSET(opttochk, OPT_c)) {
+ /*
+ * Check if the classes represented by the event matches
+ * given class.
+ */
+ if (au_preselect(tok.tt.hdr32.e_type, &maskp, AU_PRS_BOTH,
+ AU_PRS_USECACHE) != 1)
+ return (0);
+ }
- /* check if the classes represented by the event matches given class */
- if(au_preselect(tok.tt.hdr32.e_type, &maskp,
- AU_PRS_BOTH, AU_PRS_USECACHE) != 1) {
- return 0;
- }
- }
-
- /* check if event matches */
- if(ISOPTSET(opttochk, OPT_m)) {
- if(tok.tt.hdr32.e_type != p_evtype) {
- return 0;
- }
+ /* Check if event matches. */
+ if (ISOPTSET(opttochk, OPT_m)) {
+ if (tok.tt.hdr32.e_type != p_evtype)
+ return (0);
}
- return 1;
+ return (1);
}
/*
@@ -334,31 +336,25 @@
* ruid,
* process id
*/
-static int select_proc32(tokenstr_t tok, uint32_t *optchkd)
+static int
+select_proc32(tokenstr_t tok, uint32_t *optchkd)
{
+
SETOPT((*optchkd), (OPT_u | OPT_e | OPT_f | OPT_g | OPT_r | OPT_op));
- if( !select_auid(tok.tt.proc32.auid)) {
- return 0;
- }
- if( !select_euid(tok.tt.proc32.euid)) {
- return 0;
- }
- if( !select_egid(tok.tt.proc32.egid)) {
- return 0;
- }
- if( !select_rgid(tok.tt.proc32.rgid)) {
- return 0;
- }
- if( !select_ruid(tok.tt.proc32.ruid)) {
- return 0;
- }
-
- if( !select_pidobj(tok.tt.proc32.pid)) {
- return 0;
- }
-
- return 1;
+ if (!select_auid(tok.tt.proc32.auid))
+ return (0);
+ if (!select_euid(tok.tt.proc32.euid))
+ return (0);
+ if (!select_egid(tok.tt.proc32.egid))
+ return (0);
+ if (!select_rgid(tok.tt.proc32.rgid))
+ return (0);
+ if (!select_ruid(tok.tt.proc32.ruid))
+ return (0);
+ if (!select_pidobj(tok.tt.proc32.pid))
+ return (0);
+ return (1);
}
/*
@@ -370,169 +366,159 @@
* ruid,
* subject id
*/
-static int select_subj32(tokenstr_t tok, uint32_t *optchkd)
+static int
+select_subj32(tokenstr_t tok, uint32_t *optchkd)
{
+
SETOPT((*optchkd), (OPT_u | OPT_e | OPT_f | OPT_g | OPT_r | OPT_j));
- if( !select_auid(tok.tt.subj32.auid)) {
- return 0;
- }
- if( !select_euid(tok.tt.subj32.euid)) {
- return 0;
- }
- if( !select_egid(tok.tt.subj32.egid)) {
- return 0;
- }
- if( !select_rgid(tok.tt.subj32.rgid)) {
- return 0;
- }
- if( !select_ruid(tok.tt.subj32.ruid)) {
- return 0;
- }
- if( !select_subid(tok.tt.subj32.pid)) {
- return 0;
- }
- return 1;
+ if (!select_auid(tok.tt.subj32.auid))
+ return (0);
+ if (!select_euid(tok.tt.subj32.euid))
+ return (0);
+ if (!select_egid(tok.tt.subj32.egid))
+ return (0);
+ if (!select_rgid(tok.tt.subj32.rgid))
+ return (0);
+ if (!select_ruid(tok.tt.subj32.ruid))
+ return (0);
+ if (!select_subid(tok.tt.subj32.pid))
+ return (0);
+ return (1);
}
/*
- * Read each record from the audit trail.
- * Check if it is selected after passing through each of the options
+ * Read each record from the audit trail. Check if it is selected after
+ * passing through each of the options
*/
-static int select_records(FILE *fp)
+static int
+select_records(FILE *fp)
{
u_char *buf;
tokenstr_t tok;
int reclen;
- int bytesread;
+ int bytesread;
int selected;
uint32_t optchkd;
int err = 0;
-
- while((reclen = au_read_rec(fp, &buf)) != -1) {
-
+ while ((reclen = au_read_rec(fp, &buf)) != -1) {
optchkd = 0;
bytesread = 0;
selected = 1;
-
while ((selected == 1) && (bytesread < reclen)) {
-
- if(-1 == au_fetch_tok(&tok, buf + bytesread, reclen - bytesread)) {
- /* is this an incomplete record ? */
+ if (-1 == au_fetch_tok(&tok, buf + bytesread,
+ reclen - bytesread)) {
+ /* Is this an incomplete record? */
err = 1;
break;
}
- /* For each token type we have have different selection criteria */
+ /*
+ * For each token type we have have different
+ * selection criteria.
+ */
switch(tok.id) {
- case AU_HEADER_32_TOKEN :
- selected = select_hdr32(tok, &optchkd);
- break;
+ case AU_HEADER_32_TOKEN:
+ selected = select_hdr32(tok,
+ &optchkd);
+ break;
- case AU_PROCESS_32_TOKEN :
- selected = select_proc32(tok, &optchkd);
- break;
+ case AU_PROCESS_32_TOKEN:
+ selected = select_proc32(tok,
+ &optchkd);
+ break;
- case AU_SUBJECT_32_TOKEN :
- selected = select_subj32(tok, &optchkd);
- break;
+ case AU_SUBJECT_32_TOKEN:
+ selected = select_subj32(tok,
+ &optchkd);
+ break;
- case AU_IPC_TOKEN :
- selected = select_ipcobj(tok.tt.ipc.type, tok.tt.ipc.id, &optchkd);
- break;
+ case AU_IPC_TOKEN:
+ selected = select_ipcobj(
+ tok.tt.ipc.type, tok.tt.ipc.id,
+ &optchkd);
+ break;
- case AU_FILE_TOKEN :
- selected = select_filepath(tok.tt.file.name, &optchkd);
- break;
+ case AU_FILE_TOKEN:
+ selected = select_filepath(
+ tok.tt.file.name, &optchkd);
+ break;
- case AU_PATH_TOKEN :
- selected = select_filepath(tok.tt.path.path, &optchkd);
- break;
+ case AU_PATH_TOKEN:
+ selected = select_filepath(
+ tok.tt.path.path, &optchkd);
+ break;
- /*
- * The following tokens dont have any relevant attributes
- * that we can select upon
- */
- case AU_TRAILER_TOKEN :
- case AU_ARG32_TOKEN :
- case AU_ATTR32_TOKEN :
- case AU_EXIT_TOKEN :
- case AU_NEWGROUPS_TOKEN :
- case AU_IN_ADDR_TOKEN :
- case AU_IP_TOKEN :
- case AU_IPCPERM_TOKEN :
- case AU_IPORT_TOKEN :
- case AU_OPAQUE_TOKEN :
- case AU_RETURN_32_TOKEN :
- case AU_SEQ_TOKEN :
- case AU_TEXT_TOKEN :
- case AU_ARB_TOKEN :
- case AU_SOCK_TOKEN :
- default:
- break;
+ /*
+ * The following tokens dont have any relevant
+ * attributes that we can select upon.
+ */
+ case AU_TRAILER_TOKEN:
+ case AU_ARG32_TOKEN:
+ case AU_ATTR32_TOKEN:
+ case AU_EXIT_TOKEN:
+ case AU_NEWGROUPS_TOKEN:
+ case AU_IN_ADDR_TOKEN:
+ case AU_IP_TOKEN:
+ case AU_IPCPERM_TOKEN:
+ case AU_IPORT_TOKEN:
+ case AU_OPAQUE_TOKEN:
+ case AU_RETURN_32_TOKEN:
+ case AU_SEQ_TOKEN:
+ case AU_TEXT_TOKEN:
+ case AU_ARB_TOKEN:
+ case AU_SOCK_TOKEN:
+ default:
+ break;
}
-
bytesread += tok.len;
}
-
- if((selected == 1) && (!err)) {
-
- /* check if all the options were matched */
- if(!(opttochk & ~optchkd)) {
- /* XXX write this record to the output file */
-
+ if ((selected == 1) && (!err)) {
+ /* Check if all the options were matched. */
+ if (!(opttochk & ~optchkd)) {
+ /* XXX Write this record to the output file. */
/* default to stdout */
fwrite(buf, 1, reclen, stdout);
}
}
-
free(buf);
}
-
- return 0;
+ return (0);
}
-
/*
- * The -o option has the form object_type=object_value
- * Identify the object components
+ * The -o option has the form object_type=object_value. Identify the object
+ * components.
*/
-void parse_object_type(char *name, char *val)
+void
+parse_object_type(char *name, char *val)
{
- if(val == NULL)
+ if (val == NULL)
return;
- if(!strcmp(name, FILEOBJ)) {
+ if (!strcmp(name, FILEOBJ)) {
p_fileobj = val;
SETOPT(opttochk, OPT_of);
- }
- else if( !strcmp(name, MSGQIDOBJ)) {
+ } else if (!strcmp(name, MSGQIDOBJ)) {
p_msgqobj = val;
SETOPT(opttochk, OPT_om);
- }
- else if( !strcmp(name, PIDOBJ)) {
+ } else if (!strcmp(name, PIDOBJ)) {
p_pidobj = val;
SETOPT(opttochk, OPT_op);
- }
- else if( !strcmp(name, SEMIDOBJ)) {
+ } else if (!strcmp(name, SEMIDOBJ)) {
p_semobj = val;
SETOPT(opttochk, OPT_ose);
- }
- else if( !strcmp(name, SHMIDOBJ)) {
+ } else if (!strcmp(name, SHMIDOBJ)) {
p_shmobj = val;
SETOPT(opttochk, OPT_osh);
- }
- else if( !strcmp(name, SOCKOBJ)) {
+ } else if (!strcmp(name, SOCKOBJ)) {
p_sockobj = val;
SETOPT(opttochk, OPT_oso);
- }
- else {
+ } else
usage("unknown value for -o");
- }
}
-
int
main(int argc, char **argv)
{
@@ -540,11 +526,12 @@
struct passwd *pw;
struct tm tm;
au_event_t *n;
- FILE *fp;
+ FILE *fp;
int i;
char *objval, *converr;
char ch;
char timestr[128];
+ char *fname;
converr = NULL;
@@ -553,28 +540,33 @@
case 'A':
SETOPT(opttochk, OPT_A);
break;
+
case 'a':
if (ISOPTSET(opttochk, OPT_a)) {
usage("d is exclusive with a and b");
}
SETOPT(opttochk, OPT_a);
strptime(optarg, "%Y%m%d%H%M%S", &tm);
- strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S", &tm);
- //fprintf(stderr, "Time converted = %s\n", timestr);
+ strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S",
+ &tm);
+ /* fprintf(stderr, "Time converted = %s\n", timestr); */
p_atime = mktime(&tm);
>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list