aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/openbsm/bin/auditreduce/auditreduce.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/openbsm/bin/auditreduce/auditreduce.c')
-rw-r--r--contrib/openbsm/bin/auditreduce/auditreduce.c120
1 files changed, 103 insertions, 17 deletions
diff --git a/contrib/openbsm/bin/auditreduce/auditreduce.c b/contrib/openbsm/bin/auditreduce/auditreduce.c
index 25a14ff453a5..31bd8922e41c 100644
--- a/contrib/openbsm/bin/auditreduce/auditreduce.c
+++ b/contrib/openbsm/bin/auditreduce/auditreduce.c
@@ -26,7 +26,7 @@
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#14 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#18 $
*/
/*
@@ -40,6 +40,13 @@
* XXX the records present within the file and between the files themselves
*/
+#include <config/config.h>
+#ifdef HAVE_FULL_QUEUE_H
+#include <sys/queue.h>
+#else
+#include <compat/queue.h>
+#endif
+
#include <bsm/libbsm.h>
#include <err.h>
@@ -51,9 +58,14 @@
#include <string.h>
#include <time.h>
#include <unistd.h>
+#include <regex.h>
+#include <errno.h>
#include "auditreduce.h"
+static TAILQ_HEAD(tailhead, re_entry) re_head =
+ TAILQ_HEAD_INITIALIZER(re_head);
+
extern char *optarg;
extern int optind, optopt, opterr,optreset;
@@ -81,10 +93,57 @@ static char *p_sockobj = NULL;
static uint32_t opttochk = 0;
static void
+parse_regexp(char *re_string)
+{
+ char *orig, *copy, re_error[64];
+ struct re_entry *rep;
+ int error, nstrs, i, len;
+
+ copy = strdup(re_string);
+ orig = copy;
+ len = strlen(copy);
+ for (nstrs = 0, i = 0; i < len; i++) {
+ if (copy[i] == ',' && i > 0) {
+ if (copy[i - 1] == '\\')
+ strcpy(&copy[i - 1], &copy[i]);
+ else {
+ nstrs++;
+ copy[i] = '\0';
+ }
+ }
+ }
+ TAILQ_INIT(&re_head);
+ for (i = 0; i < nstrs + 1; i++) {
+ rep = calloc(1, sizeof(*rep));
+ if (rep == NULL) {
+ (void) fprintf(stderr, "calloc: %s\n",
+ strerror(errno));
+ exit(1);
+ }
+ if (*copy == '~') {
+ copy++;
+ rep->re_negate = 1;
+ }
+ rep->re_pattern = strdup(copy);
+ error = regcomp(&rep->re_regexp, rep->re_pattern,
+ REG_EXTENDED | REG_NOSUB);
+ if (error != 0) {
+ regerror(error, &rep->re_regexp, re_error, 64);
+ (void) fprintf(stderr, "regcomp: %s\n", re_error);
+ exit(1);
+ }
+ TAILQ_INSERT_TAIL(&re_head, rep, re_glue);
+ len = strlen(copy);
+ copy += len + 1;
+ }
+ free(orig);
+}
+
+static void
usage(const char *msg)
{
fprintf(stderr, "%s\n", msg);
- fprintf(stderr, "Usage: auditreduce [options] audit-trail-file [....] \n");
+ fprintf(stderr, "Usage: auditreduce [options] [file ...]\n");
fprintf(stderr, "\tOptions are : \n");
fprintf(stderr, "\t-A : all records\n");
fprintf(stderr, "\t-a YYYYMMDD[HH[[MM[SS]]] : after date\n");
@@ -258,23 +317,20 @@ select_ipcobj(u_char type, uint32_t id, uint32_t *optchkd)
static int
select_filepath(char *path, uint32_t *optchkd)
{
- char *loc;
+ struct re_entry *rep;
+ int match;
SETOPT((*optchkd), OPT_of);
+ match = 1;
if (ISOPTSET(opttochk, OPT_of)) {
- if (p_fileobj[0] == '~') {
- /* Object should not be in path. */
- loc = strstr(path, p_fileobj + 1);
- if ((loc != NULL) && (loc == path))
- return (0);
- } else {
- /* Object should be in path. */
- loc = strstr(path, p_fileobj);
- if ((loc == NULL) || (loc != path))
- return (0);
+ match = 0;
+ TAILQ_FOREACH(rep, &re_head, re_glue) {
+ if (regexec(&rep->re_regexp, path, 0, NULL,
+ 0) != REG_NOMATCH)
+ return (!rep->re_negate);
}
}
- return (1);
+ return (match);
}
/*
@@ -328,6 +384,24 @@ select_hdr32(tokenstr_t tok, uint32_t *optchkd)
return (1);
}
+static int
+select_return32(tokenstr_t tok_ret32, tokenstr_t tok_hdr32, uint32_t *optchkd)
+{
+ int sorf;
+
+ SETOPT((*optchkd), (OPT_c));
+ if (tok_ret32.tt.ret32.status == 0)
+ sorf = AU_PRS_SUCCESS;
+ else
+ sorf = AU_PRS_FAILURE;
+ if (ISOPTSET(opttochk, OPT_c)) {
+ if (au_preselect(tok_hdr32.tt.hdr32.e_type, &maskp, sorf,
+ AU_PRS_USECACHE) != 1)
+ return (0);
+ }
+ return (1);
+}
+
/*
* Return 1 if checks for the the following succeed
* auid,
@@ -395,6 +469,7 @@ select_subj32(tokenstr_t tok, uint32_t *optchkd)
static int
select_records(FILE *fp)
{
+ tokenstr_t tok_hdr32_copy;
u_char *buf;
tokenstr_t tok;
int reclen;
@@ -423,6 +498,8 @@ select_records(FILE *fp)
case AU_HEADER_32_TOKEN:
selected = select_hdr32(tok,
&optchkd);
+ bcopy(&tok, &tok_hdr32_copy,
+ sizeof(tok));
break;
case AU_PROCESS_32_TOKEN:
@@ -451,6 +528,11 @@ select_records(FILE *fp)
tok.tt.path.path, &optchkd);
break;
+ case AU_RETURN_32_TOKEN:
+ selected = select_return32(tok,
+ tok_hdr32_copy, &optchkd);
+ break;
+
/*
* The following tokens dont have any relevant
* attributes that we can select upon.
@@ -465,7 +547,6 @@ select_records(FILE *fp)
case AU_IPCPERM_TOKEN:
case AU_IPORT_TOKEN:
case AU_OPAQUE_TOKEN:
- case AU_RETURN_32_TOKEN:
case AU_SEQ_TOKEN:
case AU_TEXT_TOKEN:
case AU_ARB_TOKEN:
@@ -500,6 +581,7 @@ parse_object_type(char *name, char *val)
if (!strcmp(name, FILEOBJ)) {
p_fileobj = val;
+ parse_regexp(val);
SETOPT(opttochk, OPT_of);
} else if (!strcmp(name, MSGQIDOBJ)) {
p_msgqobj = val;
@@ -679,8 +761,12 @@ main(int argc, char **argv)
argv += optind;
argc -= optind;
- if (argc == 0)
- usage("Filename needed");
+ if (argc == 0) {
+ if (select_records(stdin) == -1)
+ errx(EXIT_FAILURE,
+ "Couldn't select records from stdin");
+ exit(EXIT_SUCCESS);
+ }
/*
* XXX: We should actually be merging records here.