diff options
Diffstat (limited to 'contrib/openbsm/bin/praudit/praudit.c')
-rw-r--r-- | contrib/openbsm/bin/praudit/praudit.c | 157 |
1 files changed, 157 insertions, 0 deletions
diff --git a/contrib/openbsm/bin/praudit/praudit.c b/contrib/openbsm/bin/praudit/praudit.c new file mode 100644 index 0000000..920f6d4 --- /dev/null +++ b/contrib/openbsm/bin/praudit/praudit.c @@ -0,0 +1,157 @@ +/* + * Copyright (c) 2004 Apple Computer, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * its contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING + * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.c#7 $ + */ + +/* + * Tool used to parse audit records conforming to the BSM structure. + */ + +/* + * praudit [-lrs] [-ddel] [filenames] + */ + +#include <bsm/libbsm.h> + +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> + +extern char *optarg; +extern int optind, optopt, opterr,optreset; + +static char *del = ","; /* Default delimiter. */ +static int oneline = 0; +static int raw = 0; +static int shortfrm = 0; +static int partial = 0; + +static void +usage() +{ + + fprintf(stderr, "Usage: praudit [-lrs] [-ddel] [filenames]\n"); + exit(1); +} + +/* + * Token printing for each token type . + */ +static int +print_tokens(FILE *fp) +{ + u_char *buf; + tokenstr_t tok; + int reclen; + int bytesread; + + /* Allow tail -f | praudit to work. */ + if (partial) { + u_char type = 0; + /* Record must begin with a header token. */ + do { + type = fgetc(fp); + } while(type != AU_HEADER_32_TOKEN); + ungetc(type, fp); + } + + while ((reclen = au_read_rec(fp, &buf)) != -1) { + bytesread = 0; + while (bytesread < reclen) { + /* Is this an incomplete record? */ + if (-1 == au_fetch_tok(&tok, buf + bytesread, + reclen - bytesread)) + break; + au_print_tok(stdout, &tok, del, raw, shortfrm); + bytesread += tok.len; + if (oneline) + printf("%s", del); + else + printf("\n"); + } + free(buf); + if (oneline) + printf("\n"); + } + return (0); +} + +int +main(int argc, char **argv) +{ + char ch; + int i; + FILE *fp; + + while ((ch = getopt(argc, argv, "lprsd:")) != -1) { + switch(ch) { + case 'l': + oneline = 1; + break; + + case 'r': + if (shortfrm) + usage(); /* Exclusive from shortfrm. */ + raw = 1; + break; + + case 's': + if (raw) + usage(); /* Exclusive from raw. */ + shortfrm = 1; + break; + + case 'd': + del = optarg; + break; + + case 'p': + partial = 1; + break; + + case '?': + default: + usage(); + } + } + + /* For each of the files passed as arguments dump the contents. */ + if (optind == argc) { + print_tokens(stdin); + return (1); + } + for (i = optind; i < argc; i++) { + fp = fopen(argv[i], "r"); + if ((fp == NULL) || (print_tokens(fp) == -1)) + perror(argv[i]); + if (fp != NULL) + fclose(fp); + } + return (1); +} |