1/*
2 * Copyright (c) 2004 Apple Computer, Inc.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
14 * its contributors may be used to endorse or promote products derived
15 * from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 * POSSIBILITY OF SUCH DAMAGE.
28 *
| 1/*
2 * Copyright (c) 2004 Apple Computer, Inc.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
14 * its contributors may be used to endorse or promote products derived
15 * from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 * POSSIBILITY OF SUCH DAMAGE.
28 *
|
29 * $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.c#7 $
| 29 * $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.c#9 $
|
30 */
31
32/*
33 * Tool used to parse audit records conforming to the BSM structure.
34 */
35
36/*
37 * praudit [-lrs] [-ddel] [filenames]
38 */
39
40#include <bsm/libbsm.h>
41
42#include <stdio.h>
43#include <stdlib.h>
44#include <unistd.h>
45
46extern char *optarg;
47extern int optind, optopt, opterr,optreset;
48
49static char *del = ","; /* Default delimiter. */
50static int oneline = 0;
51static int raw = 0;
52static int shortfrm = 0;
53static int partial = 0;
54
55static void
56usage()
57{
58
59 fprintf(stderr, "Usage: praudit [-lrs] [-ddel] [filenames]\n");
60 exit(1);
61}
62
63/*
64 * Token printing for each token type .
65 */
66static int
67print_tokens(FILE *fp)
68{
69 u_char *buf;
70 tokenstr_t tok;
71 int reclen;
72 int bytesread;
73
74 /* Allow tail -f | praudit to work. */
75 if (partial) {
76 u_char type = 0;
77 /* Record must begin with a header token. */
78 do {
79 type = fgetc(fp);
80 } while(type != AU_HEADER_32_TOKEN);
81 ungetc(type, fp);
82 }
83
84 while ((reclen = au_read_rec(fp, &buf)) != -1) {
85 bytesread = 0;
86 while (bytesread < reclen) {
87 /* Is this an incomplete record? */
88 if (-1 == au_fetch_tok(&tok, buf + bytesread,
89 reclen - bytesread))
90 break;
91 au_print_tok(stdout, &tok, del, raw, shortfrm);
92 bytesread += tok.len;
93 if (oneline)
94 printf("%s", del);
95 else
96 printf("\n");
97 }
98 free(buf);
99 if (oneline)
100 printf("\n");
101 }
102 return (0);
103}
104
105int
106main(int argc, char **argv)
107{
| 30 */
31
32/*
33 * Tool used to parse audit records conforming to the BSM structure.
34 */
35
36/*
37 * praudit [-lrs] [-ddel] [filenames]
38 */
39
40#include <bsm/libbsm.h>
41
42#include <stdio.h>
43#include <stdlib.h>
44#include <unistd.h>
45
46extern char *optarg;
47extern int optind, optopt, opterr,optreset;
48
49static char *del = ","; /* Default delimiter. */
50static int oneline = 0;
51static int raw = 0;
52static int shortfrm = 0;
53static int partial = 0;
54
55static void
56usage()
57{
58
59 fprintf(stderr, "Usage: praudit [-lrs] [-ddel] [filenames]\n");
60 exit(1);
61}
62
63/*
64 * Token printing for each token type .
65 */
66static int
67print_tokens(FILE *fp)
68{
69 u_char *buf;
70 tokenstr_t tok;
71 int reclen;
72 int bytesread;
73
74 /* Allow tail -f | praudit to work. */
75 if (partial) {
76 u_char type = 0;
77 /* Record must begin with a header token. */
78 do {
79 type = fgetc(fp);
80 } while(type != AU_HEADER_32_TOKEN);
81 ungetc(type, fp);
82 }
83
84 while ((reclen = au_read_rec(fp, &buf)) != -1) {
85 bytesread = 0;
86 while (bytesread < reclen) {
87 /* Is this an incomplete record? */
88 if (-1 == au_fetch_tok(&tok, buf + bytesread,
89 reclen - bytesread))
90 break;
91 au_print_tok(stdout, &tok, del, raw, shortfrm);
92 bytesread += tok.len;
93 if (oneline)
94 printf("%s", del);
95 else
96 printf("\n");
97 }
98 free(buf);
99 if (oneline)
100 printf("\n");
101 }
102 return (0);
103}
104
105int
106main(int argc, char **argv)
107{
|
108 char ch;
| 108 int ch;
|
109 int i;
110 FILE *fp;
111
112 while ((ch = getopt(argc, argv, "lprsd:")) != -1) {
113 switch(ch) {
114 case 'l':
115 oneline = 1;
116 break;
117
118 case 'r':
119 if (shortfrm)
120 usage(); /* Exclusive from shortfrm. */
121 raw = 1;
122 break;
123
124 case 's':
125 if (raw)
126 usage(); /* Exclusive from raw. */
127 shortfrm = 1;
128 break;
129
130 case 'd':
131 del = optarg;
132 break;
133
134 case 'p':
135 partial = 1;
136 break;
137
138 case '?':
139 default:
140 usage();
141 }
142 }
143
144 /* For each of the files passed as arguments dump the contents. */
145 if (optind == argc) {
146 print_tokens(stdin);
147 return (1);
148 }
149 for (i = optind; i < argc; i++) {
150 fp = fopen(argv[i], "r");
151 if ((fp == NULL) || (print_tokens(fp) == -1))
152 perror(argv[i]);
153 if (fp != NULL)
154 fclose(fp);
155 }
156 return (1);
157}
| 109 int i;
110 FILE *fp;
111
112 while ((ch = getopt(argc, argv, "lprsd:")) != -1) {
113 switch(ch) {
114 case 'l':
115 oneline = 1;
116 break;
117
118 case 'r':
119 if (shortfrm)
120 usage(); /* Exclusive from shortfrm. */
121 raw = 1;
122 break;
123
124 case 's':
125 if (raw)
126 usage(); /* Exclusive from raw. */
127 shortfrm = 1;
128 break;
129
130 case 'd':
131 del = optarg;
132 break;
133
134 case 'p':
135 partial = 1;
136 break;
137
138 case '?':
139 default:
140 usage();
141 }
142 }
143
144 /* For each of the files passed as arguments dump the contents. */
145 if (optind == argc) {
146 print_tokens(stdin);
147 return (1);
148 }
149 for (i = optind; i < argc; i++) {
150 fp = fopen(argv[i], "r");
151 if ((fp == NULL) || (print_tokens(fp) == -1))
152 perror(argv[i]);
153 if (fp != NULL)
154 fclose(fp);
155 }
156 return (1);
157}
|