diff options
Diffstat (limited to 'contrib/openbsm/bin/auditreduce/auditreduce.c')
-rw-r--r-- | contrib/openbsm/bin/auditreduce/auditreduce.c | 120 |
1 files changed, 103 insertions, 17 deletions
diff --git a/contrib/openbsm/bin/auditreduce/auditreduce.c b/contrib/openbsm/bin/auditreduce/auditreduce.c index 25a14ff..31bd892 100644 --- a/contrib/openbsm/bin/auditreduce/auditreduce.c +++ b/contrib/openbsm/bin/auditreduce/auditreduce.c @@ -26,7 +26,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#14 $ + * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#18 $ */ /* @@ -40,6 +40,13 @@ * XXX the records present within the file and between the files themselves */ +#include <config/config.h> +#ifdef HAVE_FULL_QUEUE_H +#include <sys/queue.h> +#else +#include <compat/queue.h> +#endif + #include <bsm/libbsm.h> #include <err.h> @@ -51,9 +58,14 @@ #include <string.h> #include <time.h> #include <unistd.h> +#include <regex.h> +#include <errno.h> #include "auditreduce.h" +static TAILQ_HEAD(tailhead, re_entry) re_head = + TAILQ_HEAD_INITIALIZER(re_head); + extern char *optarg; extern int optind, optopt, opterr,optreset; @@ -81,10 +93,57 @@ static char *p_sockobj = NULL; static uint32_t opttochk = 0; static void +parse_regexp(char *re_string) +{ + char *orig, *copy, re_error[64]; + struct re_entry *rep; + int error, nstrs, i, len; + + copy = strdup(re_string); + orig = copy; + len = strlen(copy); + for (nstrs = 0, i = 0; i < len; i++) { + if (copy[i] == ',' && i > 0) { + if (copy[i - 1] == '\\') + strcpy(©[i - 1], ©[i]); + else { + nstrs++; + copy[i] = '\0'; + } + } + } + TAILQ_INIT(&re_head); + for (i = 0; i < nstrs + 1; i++) { + rep = calloc(1, sizeof(*rep)); + if (rep == NULL) { + (void) fprintf(stderr, "calloc: %s\n", + strerror(errno)); + exit(1); + } + if (*copy == '~') { + copy++; + rep->re_negate = 1; + } + rep->re_pattern = strdup(copy); + error = regcomp(&rep->re_regexp, rep->re_pattern, + REG_EXTENDED | REG_NOSUB); + if (error != 0) { + regerror(error, &rep->re_regexp, re_error, 64); + (void) fprintf(stderr, "regcomp: %s\n", re_error); + exit(1); + } + TAILQ_INSERT_TAIL(&re_head, rep, re_glue); + len = strlen(copy); + copy += len + 1; + } + free(orig); +} + +static void usage(const char *msg) { fprintf(stderr, "%s\n", msg); - fprintf(stderr, "Usage: auditreduce [options] audit-trail-file [....] \n"); + fprintf(stderr, "Usage: auditreduce [options] [file ...]\n"); fprintf(stderr, "\tOptions are : \n"); fprintf(stderr, "\t-A : all records\n"); fprintf(stderr, "\t-a YYYYMMDD[HH[[MM[SS]]] : after date\n"); @@ -258,23 +317,20 @@ select_ipcobj(u_char type, uint32_t id, uint32_t *optchkd) static int select_filepath(char *path, uint32_t *optchkd) { - char *loc; + struct re_entry *rep; + int match; SETOPT((*optchkd), OPT_of); + match = 1; if (ISOPTSET(opttochk, OPT_of)) { - if (p_fileobj[0] == '~') { - /* Object should not be in path. */ - loc = strstr(path, p_fileobj + 1); - if ((loc != NULL) && (loc == path)) - return (0); - } else { - /* Object should be in path. */ - loc = strstr(path, p_fileobj); - if ((loc == NULL) || (loc != path)) - return (0); + match = 0; + TAILQ_FOREACH(rep, &re_head, re_glue) { + if (regexec(&rep->re_regexp, path, 0, NULL, + 0) != REG_NOMATCH) + return (!rep->re_negate); } } - return (1); + return (match); } /* @@ -328,6 +384,24 @@ select_hdr32(tokenstr_t tok, uint32_t *optchkd) return (1); } +static int +select_return32(tokenstr_t tok_ret32, tokenstr_t tok_hdr32, uint32_t *optchkd) +{ + int sorf; + + SETOPT((*optchkd), (OPT_c)); + if (tok_ret32.tt.ret32.status == 0) + sorf = AU_PRS_SUCCESS; + else + sorf = AU_PRS_FAILURE; + if (ISOPTSET(opttochk, OPT_c)) { + if (au_preselect(tok_hdr32.tt.hdr32.e_type, &maskp, sorf, + AU_PRS_USECACHE) != 1) + return (0); + } + return (1); +} + /* * Return 1 if checks for the the following succeed * auid, @@ -395,6 +469,7 @@ select_subj32(tokenstr_t tok, uint32_t *optchkd) static int select_records(FILE *fp) { + tokenstr_t tok_hdr32_copy; u_char *buf; tokenstr_t tok; int reclen; @@ -423,6 +498,8 @@ select_records(FILE *fp) case AU_HEADER_32_TOKEN: selected = select_hdr32(tok, &optchkd); + bcopy(&tok, &tok_hdr32_copy, + sizeof(tok)); break; case AU_PROCESS_32_TOKEN: @@ -451,6 +528,11 @@ select_records(FILE *fp) tok.tt.path.path, &optchkd); break; + case AU_RETURN_32_TOKEN: + selected = select_return32(tok, + tok_hdr32_copy, &optchkd); + break; + /* * The following tokens dont have any relevant * attributes that we can select upon. @@ -465,7 +547,6 @@ select_records(FILE *fp) case AU_IPCPERM_TOKEN: case AU_IPORT_TOKEN: case AU_OPAQUE_TOKEN: - case AU_RETURN_32_TOKEN: case AU_SEQ_TOKEN: case AU_TEXT_TOKEN: case AU_ARB_TOKEN: @@ -500,6 +581,7 @@ parse_object_type(char *name, char *val) if (!strcmp(name, FILEOBJ)) { p_fileobj = val; + parse_regexp(val); SETOPT(opttochk, OPT_of); } else if (!strcmp(name, MSGQIDOBJ)) { p_msgqobj = val; @@ -679,8 +761,12 @@ main(int argc, char **argv) argv += optind; argc -= optind; - if (argc == 0) - usage("Filename needed"); + if (argc == 0) { + if (select_records(stdin) == -1) + errx(EXIT_FAILURE, + "Couldn't select records from stdin"); + exit(EXIT_SUCCESS); + } /* * XXX: We should actually be merging records here. |