bsm_io.c (162503) | bsm_io.c (168777) |
---|---|
1/* 2 * Copyright (c) 2004 Apple Computer, Inc. 3 * Copyright (c) 2005 SPARTA, Inc. 4 * Copyright (c) 2006 Robert N. M. Watson | 1/* 2 * Copyright (c) 2004 Apple Computer, Inc. 3 * Copyright (c) 2005 SPARTA, Inc. 4 * Copyright (c) 2006 Robert N. M. Watson |
5 * Copyright (c) 2006 Martin Voros |
|
5 * All rights reserved. 6 * 7 * This code was developed in part by Robert N. M. Watson, Senior Principal 8 * Scientist, SPARTA, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: --- 13 unchanged lines hidden (view full) --- 26 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 30 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 31 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 32 * POSSIBILITY OF SUCH DAMAGE. 33 * | 6 * All rights reserved. 7 * 8 * This code was developed in part by Robert N. M. Watson, Senior Principal 9 * Scientist, SPARTA, Inc. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: --- 13 unchanged lines hidden (view full) --- 27 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33 * POSSIBILITY OF SUCH DAMAGE. 34 * |
34 * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#41 $ | 35 * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#48 $ |
35 */ 36 37#include <sys/types.h> 38 39#include <config/config.h> 40#ifdef HAVE_SYS_ENDIAN_H 41#include <sys/endian.h> 42#else /* !HAVE_SYS_ENDIAN_H */ --- 78 unchanged lines hidden (view full) --- 121 (err) = 1; \ 122 else { \ 123 (ptr) = (buf) + (bytesread); \ 124 (bytesread) += (size); \ 125 } \ 126} while (0) 127 128/* | 36 */ 37 38#include <sys/types.h> 39 40#include <config/config.h> 41#ifdef HAVE_SYS_ENDIAN_H 42#include <sys/endian.h> 43#else /* !HAVE_SYS_ENDIAN_H */ --- 78 unchanged lines hidden (view full) --- 122 (err) = 1; \ 123 else { \ 124 (ptr) = (buf) + (bytesread); \ 125 (bytesread) += (size); \ 126 } \ 127} while (0) 128 129/* |
130 * XML option. 131 */ 132#define AU_PLAIN 0 133#define AU_XML 1 134 135/* |
|
129 * Prints the delimiter string. 130 */ 131static void 132print_delim(FILE *fp, const char *del) 133{ 134 135 fprintf(fp, "%s", del); 136} --- 52 unchanged lines hidden (view full) --- 189 fprintf(fp, "%x", data[i]); 190 } 191} 192 193/* 194 * Prints the given data bytes as a string. 195 */ 196static void | 136 * Prints the delimiter string. 137 */ 138static void 139print_delim(FILE *fp, const char *del) 140{ 141 142 fprintf(fp, "%s", del); 143} --- 52 unchanged lines hidden (view full) --- 196 fprintf(fp, "%x", data[i]); 197 } 198} 199 200/* 201 * Prints the given data bytes as a string. 202 */ 203static void |
197print_string(FILE *fp, u_char *str, size_t len) | 204print_string(FILE *fp, const char *str, size_t len) |
198{ 199 int i; 200 201 if (len > 0) { 202 for (i = 0; i < len; i++) { 203 if (str[i] != '\0') 204 fprintf(fp, "%c", str[i]); 205 } 206 } 207} 208 209/* | 205{ 206 int i; 207 208 if (len > 0) { 209 for (i = 0; i < len; i++) { 210 if (str[i] != '\0') 211 fprintf(fp, "%c", str[i]); 212 } 213 } 214} 215 216/* |
217 * Prints the beggining of attribute. 218 */ 219static void 220open_attr(FILE *fp, const char *str) 221{ 222 223 fprintf(fp,"%s=\"", str); 224} 225 226/* 227 * Prints the end of attribute. 228 */ 229static void 230close_attr(FILE *fp) 231{ 232 233 fprintf(fp,"\" "); 234} 235 236/* 237 * Prints the end of tag. 238 */ 239static void 240close_tag(FILE *fp, u_char type) 241{ 242 243 switch(type) { 244 case AUT_HEADER32: 245 fprintf(fp, ">"); 246 break; 247 248 case AUT_HEADER32_EX: 249 fprintf(fp, ">"); 250 break; 251 252 case AUT_HEADER64: 253 fprintf(fp, ">"); 254 break; 255 256 case AUT_HEADER64_EX: 257 fprintf(fp, ">"); 258 break; 259 260 case AUT_ARG32: 261 fprintf(fp, "/>"); 262 break; 263 264 case AUT_ARG64: 265 fprintf(fp, "/>"); 266 break; 267 268 case AUT_ATTR32: 269 fprintf(fp, "/>"); 270 break; 271 272 case AUT_ATTR64: 273 fprintf(fp, "/>"); 274 break; 275 276 case AUT_EXIT: 277 fprintf(fp, "/>"); 278 break; 279 280 case AUT_EXEC_ARGS: 281 fprintf(fp, "</exec_args>"); 282 break; 283 284 case AUT_EXEC_ENV: 285 fprintf(fp, "</exec_env>"); 286 break; 287 288 case AUT_OTHER_FILE32: 289 fprintf(fp, "</file>"); 290 break; 291 292 case AUT_NEWGROUPS: 293 fprintf(fp, "</group>"); 294 break; 295 296 case AUT_IN_ADDR: 297 fprintf(fp, "</ip_address>"); 298 break; 299 300 case AUT_IN_ADDR_EX: 301 fprintf(fp, "</ip_address>"); 302 break; 303 304 case AUT_IP: 305 fprintf(fp, "/>"); 306 break; 307 308 case AUT_IPC: 309 fprintf(fp, "/>"); 310 break; 311 312 case AUT_IPC_PERM: 313 fprintf(fp, "/>"); 314 break; 315 316 case AUT_IPORT: 317 fprintf(fp, "</ip_port>"); 318 break; 319 320 case AUT_OPAQUE: 321 fprintf(fp, "</opaque>"); 322 break; 323 324 case AUT_PATH: 325 fprintf(fp, "</path>"); 326 break; 327 328 case AUT_PROCESS32: 329 fprintf(fp, "/>"); 330 break; 331 332 case AUT_PROCESS32_EX: 333 fprintf(fp, "/>"); 334 break; 335 336 case AUT_PROCESS64: 337 fprintf(fp, "/>"); 338 break; 339 340 case AUT_PROCESS64_EX: 341 fprintf(fp, "/>"); 342 break; 343 344 case AUT_RETURN32: 345 fprintf(fp, "/>"); 346 break; 347 348 case AUT_RETURN64: 349 fprintf(fp, "/>"); 350 break; 351 352 case AUT_SEQ: 353 fprintf(fp, "/>"); 354 break; 355 356 case AUT_SOCKET: 357 fprintf(fp, "/>"); 358 break; 359 360 case AUT_SOCKINET32: 361 fprintf(fp, "/>"); 362 break; 363 364 case AUT_SOCKUNIX: 365 fprintf(fp, "/>"); 366 break; 367 368 case AUT_SUBJECT32: 369 fprintf(fp, "/>"); 370 break; 371 372 case AUT_SUBJECT64: 373 fprintf(fp, "/>"); 374 break; 375 376 case AUT_SUBJECT32_EX: 377 fprintf(fp, "/>"); 378 break; 379 380 case AUT_SUBJECT64_EX: 381 fprintf(fp, "/>"); 382 break; 383 384 case AUT_TEXT: 385 fprintf(fp, "</text>"); 386 break; 387 388 case AUT_SOCKET_EX: 389 fprintf(fp, "/>"); 390 break; 391 392 case AUT_DATA: 393 fprintf(fp, "</arbitrary>"); 394 break; 395 396 case AUT_ZONENAME: 397 fprintf(fp, "/>"); 398 break; 399 } 400} 401 402/* |
|
210 * Prints the token type in either the raw or the default form. 211 */ 212static void | 403 * Prints the token type in either the raw or the default form. 404 */ 405static void |
213print_tok_type(FILE *fp, u_char type, const char *tokname, char raw) | 406print_tok_type(FILE *fp, u_char type, const char *tokname, char raw, int xml) |
214{ 215 | 407{ 408 |
216 if (raw) 217 fprintf(fp, "%u", type); 218 else 219 fprintf(fp, "%s", tokname); | 409 if (xml) { 410 switch(type) { 411 case AUT_HEADER32: 412 fprintf(fp, "<record "); 413 break; 414 415 case AUT_HEADER32_EX: 416 fprintf(fp, "<record "); 417 break; 418 419 case AUT_HEADER64: 420 fprintf(fp, "<record "); 421 break; 422 423 case AUT_HEADER64_EX: 424 fprintf(fp, "<record "); 425 break; 426 427 case AUT_TRAILER: 428 fprintf(fp, "</record>"); 429 break; 430 431 case AUT_ARG32: 432 fprintf(fp, "<argument "); 433 break; 434 435 case AUT_ARG64: 436 fprintf(fp, "<argument "); 437 break; 438 439 case AUT_ATTR32: 440 fprintf(fp, "<attribute "); 441 break; 442 443 case AUT_ATTR64: 444 fprintf(fp, "<attribute "); 445 break; 446 447 case AUT_EXIT: 448 fprintf(fp, "<exit "); 449 break; 450 451 case AUT_EXEC_ARGS: 452 fprintf(fp, "<exec_args>"); 453 break; 454 455 case AUT_EXEC_ENV: 456 fprintf(fp, "<exec_env>"); 457 break; 458 459 case AUT_OTHER_FILE32: 460 fprintf(fp, "<file "); 461 break; 462 463 case AUT_NEWGROUPS: 464 fprintf(fp, "<group>"); 465 break; 466 467 case AUT_IN_ADDR: 468 fprintf(fp, "<ip_address>"); 469 break; 470 471 case AUT_IN_ADDR_EX: 472 fprintf(fp, "<ip_address>"); 473 break; 474 475 case AUT_IP: 476 fprintf(fp, "<ip "); 477 break; 478 479 case AUT_IPC: 480 fprintf(fp, "<IPC"); 481 break; 482 483 case AUT_IPC_PERM: 484 fprintf(fp, "<IPC_perm "); 485 break; 486 487 case AUT_IPORT: 488 fprintf(fp, "<ip_port>"); 489 break; 490 491 case AUT_OPAQUE: 492 fprintf(fp, "<opaque>"); 493 break; 494 495 case AUT_PATH: 496 fprintf(fp, "<path>"); 497 break; 498 499 case AUT_PROCESS32: 500 fprintf(fp, "<process "); 501 break; 502 503 case AUT_PROCESS32_EX: 504 fprintf(fp, "<process "); 505 break; 506 507 case AUT_PROCESS64: 508 fprintf(fp, "<process "); 509 break; 510 511 case AUT_PROCESS64_EX: 512 fprintf(fp, "<process "); 513 break; 514 515 case AUT_RETURN32: 516 fprintf(fp, "<return "); 517 break; 518 519 case AUT_RETURN64: 520 fprintf(fp, "<return "); 521 break; 522 523 case AUT_SEQ: 524 fprintf(fp, "<sequence "); 525 break; 526 527 case AUT_SOCKET: 528 fprintf(fp, "<socket "); 529 break; 530 531 case AUT_SOCKINET32: 532 fprintf(fp, "<old_socket"); 533 break; 534 535 case AUT_SOCKUNIX: 536 fprintf(fp, "<old_socket"); 537 break; 538 539 case AUT_SUBJECT32: 540 fprintf(fp, "<subject "); 541 break; 542 543 case AUT_SUBJECT64: 544 fprintf(fp, "<subject "); 545 break; 546 547 case AUT_SUBJECT32_EX: 548 fprintf(fp, "<subject "); 549 break; 550 551 case AUT_SUBJECT64_EX: 552 fprintf(fp, "<subject "); 553 break; 554 555 case AUT_TEXT: 556 fprintf(fp, "<text>"); 557 break; 558 559 case AUT_SOCKET_EX: 560 fprintf(fp, "<socket "); 561 break; 562 563 case AUT_DATA: 564 fprintf(fp, "<arbitrary "); 565 break; 566 567 case AUT_ZONENAME: 568 fprintf(fp, "<zone "); 569 break; 570 } 571 } else { 572 if (raw) 573 fprintf(fp, "%u", type); 574 else 575 fprintf(fp, "%s", tokname); 576 } |
220} 221 222/* 223 * Prints a user value. 224 */ 225static void 226print_user(FILE *fp, u_int32_t usr, char raw) 227{ --- 147 unchanged lines hidden (view full) --- 375print_ip_address(FILE *fp, u_int32_t ip) 376{ 377 struct in_addr ipaddr; 378 379 ipaddr.s_addr = ip; 380 fprintf(fp, "%s", inet_ntoa(ipaddr)); 381} 382 | 577} 578 579/* 580 * Prints a user value. 581 */ 582static void 583print_user(FILE *fp, u_int32_t usr, char raw) 584{ --- 147 unchanged lines hidden (view full) --- 732print_ip_address(FILE *fp, u_int32_t ip) 733{ 734 struct in_addr ipaddr; 735 736 ipaddr.s_addr = ip; 737 fprintf(fp, "%s", inet_ntoa(ipaddr)); 738} 739 |
383/* | 740/* |
384 * Prints a string value for the given ip address. 385 */ 386static void 387print_ip_ex_address(FILE *fp, u_int32_t type, u_int32_t *ipaddr) 388{ 389 struct in_addr ipv4; 390 struct in6_addr ipv6; 391 char dst[INET6_ADDRSTRLEN]; --- 58 unchanged lines hidden (view full) --- 450 else if (type == AT_IPC_SHM) 451 fprintf(fp, "Shared Memory IPC"); 452 else 453 fprintf(fp, "%u", type); 454 } 455} 456 457/* | 741 * Prints a string value for the given ip address. 742 */ 743static void 744print_ip_ex_address(FILE *fp, u_int32_t type, u_int32_t *ipaddr) 745{ 746 struct in_addr ipv4; 747 struct in6_addr ipv6; 748 char dst[INET6_ADDRSTRLEN]; --- 58 unchanged lines hidden (view full) --- 807 else if (type == AT_IPC_SHM) 808 fprintf(fp, "Shared Memory IPC"); 809 else 810 fprintf(fp, "%u", type); 811 } 812} 813 814/* |
815 * Print XML header. 816 */ 817void 818au_print_xml_header(FILE *outfp) 819{ 820 821 fprintf(outfp, "<?xml version='1.0' ?>\n"); 822 fprintf(outfp, "<audit>\n"); 823} 824 825/* 826 * Print XML footer. 827 */ 828void 829au_print_xml_footer(FILE *outfp) 830{ 831 832 fprintf(outfp, "</audit>\n"); 833} 834 835/* |
|
458 * record byte count 4 bytes 459 * version # 1 byte [2] 460 * event type 2 bytes 461 * event modifier 2 bytes 462 * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) 463 * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) 464 */ 465static int | 836 * record byte count 4 bytes 837 * version # 1 byte [2] 838 * event type 2 bytes 839 * event modifier 2 bytes 840 * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) 841 * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) 842 */ 843static int |
466fetch_header32_tok(tokenstr_t *tok, char *buf, int len) | 844fetch_header32_tok(tokenstr_t *tok, u_char *buf, int len) |
467{ 468 int err = 0; 469 470 READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32.size, tok->len, err); 471 if (err) 472 return (-1); 473 474 READ_TOKEN_U_CHAR(buf, len, tok->tt.hdr32.version, tok->len, err); --- 15 unchanged lines hidden (view full) --- 490 READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32.ms, tok->len, err); 491 if (err) 492 return (-1); 493 494 return (0); 495} 496 497static void | 845{ 846 int err = 0; 847 848 READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32.size, tok->len, err); 849 if (err) 850 return (-1); 851 852 READ_TOKEN_U_CHAR(buf, len, tok->tt.hdr32.version, tok->len, err); --- 15 unchanged lines hidden (view full) --- 868 READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32.ms, tok->len, err); 869 if (err) 870 return (-1); 871 872 return (0); 873} 874 875static void |
498print_header32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, char sfrm) | 876print_header32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, char sfrm, 877 int xml) |
499{ 500 | 878{ 879 |
501 print_tok_type(fp, tok->id, "header", raw); 502 print_delim(fp, del); 503 print_4_bytes(fp, tok->tt.hdr32.size, "%u"); 504 print_delim(fp, del); 505 print_1_byte(fp, tok->tt.hdr32.version, "%u"); 506 print_delim(fp, del); 507 print_event(fp, tok->tt.hdr32.e_type, raw, sfrm); 508 print_delim(fp, del); 509 print_evmod(fp, tok->tt.hdr32.e_mod, raw); 510 print_delim(fp, del); 511 print_sec32(fp, tok->tt.hdr32.s, raw); 512 print_delim(fp, del); 513 print_msec32(fp, tok->tt.hdr32.ms, raw); | 880 print_tok_type(fp, tok->id, "header", raw, xml); 881 if (xml) { 882 open_attr(fp, "version"); 883 print_1_byte(fp, tok->tt.hdr32.version, "%u"); 884 close_attr(fp); 885 open_attr(fp, "event"); 886 print_event(fp, tok->tt.hdr32.e_type, raw, sfrm); 887 close_attr(fp); 888 open_attr(fp, "modifier"); 889 print_evmod(fp, tok->tt.hdr32.e_mod, raw); 890 close_attr(fp); 891 open_attr(fp, "time"); 892 print_sec32(fp, tok->tt.hdr32.s, raw); 893 close_attr(fp); 894 open_attr(fp, "msec"); 895 print_msec32(fp, tok->tt.hdr32.ms, 1); 896 close_attr(fp); 897 close_tag(fp, tok->id); 898 } else { 899 print_delim(fp, del); 900 print_4_bytes(fp, tok->tt.hdr32.size, "%u"); 901 print_delim(fp, del); 902 print_1_byte(fp, tok->tt.hdr32.version, "%u"); 903 print_delim(fp, del); 904 print_event(fp, tok->tt.hdr32.e_type, raw, sfrm); 905 print_delim(fp, del); 906 print_evmod(fp, tok->tt.hdr32.e_mod, raw); 907 print_delim(fp, del); 908 print_sec32(fp, tok->tt.hdr32.s, raw); 909 print_delim(fp, del); 910 print_msec32(fp, tok->tt.hdr32.ms, raw); 911 } |
514} 515 516/* 517 * The Solaris specifications for AUE_HEADER32_EX seem to differ a bit 518 * depending on the bit of the specifications found. The OpenSolaris source 519 * code uses a 4-byte address length, followed by some number of bytes of 520 * address data. This contrasts with the Solaris audit.log.5 man page, which 521 * specifies a 1-byte length field. We use the Solaris 10 definition so that --- 5 unchanged lines hidden (view full) --- 527 * event modifier 2 bytes 528 * address type/length 4 bytes 529 * [ Solaris man page: address type/length 1 byte] 530 * machine address 4 bytes/16 bytes (IPv4/IPv6 address) 531 * seconds of time 4 bytes/8 bytes (32/64-bits) 532 * nanoseconds of time 4 bytes/8 bytes (32/64-bits) 533 */ 534static int | 912} 913 914/* 915 * The Solaris specifications for AUE_HEADER32_EX seem to differ a bit 916 * depending on the bit of the specifications found. The OpenSolaris source 917 * code uses a 4-byte address length, followed by some number of bytes of 918 * address data. This contrasts with the Solaris audit.log.5 man page, which 919 * specifies a 1-byte length field. We use the Solaris 10 definition so that --- 5 unchanged lines hidden (view full) --- 925 * event modifier 2 bytes 926 * address type/length 4 bytes 927 * [ Solaris man page: address type/length 1 byte] 928 * machine address 4 bytes/16 bytes (IPv4/IPv6 address) 929 * seconds of time 4 bytes/8 bytes (32/64-bits) 930 * nanoseconds of time 4 bytes/8 bytes (32/64-bits) 931 */ 932static int |
535fetch_header32_ex_tok(tokenstr_t *tok, char *buf, int len) | 933fetch_header32_ex_tok(tokenstr_t *tok, u_char *buf, int len) |
536{ 537 int err = 0; 538 539 READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.size, tok->len, err); 540 if (err) 541 return (-1); 542 543 READ_TOKEN_U_CHAR(buf, len, tok->tt.hdr32_ex.version, tok->len, err); --- 35 unchanged lines hidden (view full) --- 579 if (err) 580 return (-1); 581 582 return (0); 583} 584 585static void 586print_header32_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 934{ 935 int err = 0; 936 937 READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.size, tok->len, err); 938 if (err) 939 return (-1); 940 941 READ_TOKEN_U_CHAR(buf, len, tok->tt.hdr32_ex.version, tok->len, err); --- 35 unchanged lines hidden (view full) --- 977 if (err) 978 return (-1); 979 980 return (0); 981} 982 983static void 984print_header32_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
587 char sfrm) | 985 char sfrm, int xml) |
588{ 589 | 986{ 987 |
590 print_tok_type(fp, tok->id, "header_ex", raw); 591 print_delim(fp, del); 592 print_4_bytes(fp, tok->tt.hdr32_ex.size, "%u"); 593 print_delim(fp, del); 594 print_1_byte(fp, tok->tt.hdr32_ex.version, "%u"); 595 print_delim(fp, del); 596 print_event(fp, tok->tt.hdr32_ex.e_type, raw, sfrm); 597 print_delim(fp, del); 598 print_evmod(fp, tok->tt.hdr32_ex.e_mod, raw); 599 print_delim(fp, del); 600 print_ip_ex_address(fp, tok->tt.hdr32_ex.ad_type, 601 tok->tt.hdr32_ex.addr); 602 print_delim(fp, del); 603 print_sec32(fp, tok->tt.hdr32_ex.s, raw); 604 print_delim(fp, del); 605 print_msec32(fp, tok->tt.hdr32_ex.ms, raw); | 988 print_tok_type(fp, tok->id, "header_ex", raw, xml); 989 if (xml) { 990 open_attr(fp, "version"); 991 print_1_byte(fp, tok->tt.hdr32_ex.version, "%u"); 992 close_attr(fp); 993 open_attr(fp, "event"); 994 print_event(fp, tok->tt.hdr32_ex.e_type, raw, sfrm); 995 close_attr(fp); 996 open_attr(fp, "modifier"); 997 print_evmod(fp, tok->tt.hdr32_ex.e_mod, raw); 998 close_attr(fp); 999 /* 1000 * No attribute for additional types. 1001 * 1002 print_ip_ex_address(fp, tok->tt.hdr32_ex.ad_type, 1003 tok->tt.hdr32_ex.addr); 1004 */ 1005 open_attr(fp, "time"); 1006 print_sec32(fp, tok->tt.hdr32_ex.s, raw); 1007 close_attr(fp); 1008 open_attr(fp, "msec"); 1009 print_msec32(fp, tok->tt.hdr32_ex.ms, raw); 1010 close_attr(fp); 1011 close_tag(fp, tok->id); 1012 } else { 1013 print_delim(fp, del); 1014 print_4_bytes(fp, tok->tt.hdr32_ex.size, "%u"); 1015 print_delim(fp, del); 1016 print_1_byte(fp, tok->tt.hdr32_ex.version, "%u"); 1017 print_delim(fp, del); 1018 print_event(fp, tok->tt.hdr32_ex.e_type, raw, sfrm); 1019 print_delim(fp, del); 1020 print_evmod(fp, tok->tt.hdr32_ex.e_mod, raw); 1021 print_delim(fp, del); 1022 print_ip_ex_address(fp, tok->tt.hdr32_ex.ad_type, 1023 tok->tt.hdr32_ex.addr); 1024 print_delim(fp, del); 1025 print_sec32(fp, tok->tt.hdr32_ex.s, raw); 1026 print_delim(fp, del); 1027 print_msec32(fp, tok->tt.hdr32_ex.ms, raw); 1028 } |
606} 607 608/* 609 * record byte count 4 bytes 610 * event type 2 bytes 611 * event modifier 2 bytes 612 * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) 613 * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) | 1029} 1030 1031/* 1032 * record byte count 4 bytes 1033 * event type 2 bytes 1034 * event modifier 2 bytes 1035 * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) 1036 * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) |
614 * version # | 1037 * version # |
615 */ 616static int | 1038 */ 1039static int |
617fetch_header64_tok(tokenstr_t *tok, char *buf, int len) | 1040fetch_header64_tok(tokenstr_t *tok, u_char *buf, int len) |
618{ 619 int err = 0; 620 621 READ_TOKEN_U_INT32(buf, len, tok->tt.hdr64.size, tok->len, err); 622 if (err) 623 return (-1); 624 625 READ_TOKEN_U_CHAR(buf, len, tok->tt.hdr64.version, tok->len, err); --- 15 unchanged lines hidden (view full) --- 641 READ_TOKEN_U_INT64(buf, len, tok->tt.hdr64.ms, tok->len, err); 642 if (err) 643 return (-1); 644 645 return (0); 646} 647 648static void | 1041{ 1042 int err = 0; 1043 1044 READ_TOKEN_U_INT32(buf, len, tok->tt.hdr64.size, tok->len, err); 1045 if (err) 1046 return (-1); 1047 1048 READ_TOKEN_U_CHAR(buf, len, tok->tt.hdr64.version, tok->len, err); --- 15 unchanged lines hidden (view full) --- 1064 READ_TOKEN_U_INT64(buf, len, tok->tt.hdr64.ms, tok->len, err); 1065 if (err) 1066 return (-1); 1067 1068 return (0); 1069} 1070 1071static void |
649print_header64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, char sfrm) | 1072print_header64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, char sfrm, 1073 int xml) |
650{ | 1074{ |
651 652 print_tok_type(fp, tok->id, "header", raw); 653 print_delim(fp, del); 654 print_4_bytes(fp, tok->tt.hdr64.size, "%u"); 655 print_delim(fp, del); 656 print_1_byte(fp, tok->tt.hdr64.version, "%u"); 657 print_delim(fp, del); 658 print_event(fp, tok->tt.hdr64.e_type, raw, sfrm); 659 print_delim(fp, del); 660 print_evmod(fp, tok->tt.hdr64.e_mod, raw); 661 print_delim(fp, del); 662 print_sec64(fp, tok->tt.hdr64.s, raw); 663 print_delim(fp, del); 664 print_msec64(fp, tok->tt.hdr64.ms, raw); | 1075 1076 print_tok_type(fp, tok->id, "header", raw, xml); 1077 if (xml) { 1078 open_attr(fp, "version"); 1079 print_1_byte(fp, tok->tt.hdr64.version, "%u"); 1080 close_attr(fp); 1081 open_attr(fp, "event"); 1082 print_event(fp, tok->tt.hdr64.e_type, raw, sfrm); 1083 close_attr(fp); 1084 open_attr(fp, "modifier"); 1085 print_evmod(fp, tok->tt.hdr64.e_mod, raw); 1086 close_attr(fp); 1087 open_attr(fp, "time"); 1088 print_sec64(fp, tok->tt.hdr64.s, raw); 1089 close_attr(fp); 1090 open_attr(fp, "msec"); 1091 print_msec64(fp, tok->tt.hdr64.ms, raw); 1092 close_attr(fp); 1093 close_tag(fp, tok->id); 1094 } else { 1095 print_delim(fp, del); 1096 print_4_bytes(fp, tok->tt.hdr64.size, "%u"); 1097 print_delim(fp, del); 1098 print_1_byte(fp, tok->tt.hdr64.version, "%u"); 1099 print_delim(fp, del); 1100 print_event(fp, tok->tt.hdr64.e_type, raw, sfrm); 1101 print_delim(fp, del); 1102 print_evmod(fp, tok->tt.hdr64.e_mod, raw); 1103 print_delim(fp, del); 1104 print_sec64(fp, tok->tt.hdr64.s, raw); 1105 print_delim(fp, del); 1106 print_msec64(fp, tok->tt.hdr64.ms, raw); 1107 } |
665} | 1108} |
1109 |
|
666/* 667 * record byte count 4 bytes 668 * version # 1 byte [2] 669 * event type 2 bytes 670 * event modifier 2 bytes 671 * address type/length 4 bytes 672 * [ Solaris man page: address type/length 1 byte] 673 * machine address 4 bytes/16 bytes (IPv4/IPv6 address) 674 * seconds of time 4 bytes/8 bytes (32/64-bits) 675 * nanoseconds of time 4 bytes/8 bytes (32/64-bits) 676 * 677 * XXXAUDIT: See comment by fetch_header32_ex_tok() for details on the 678 * accuracy of the BSM spec. 679 */ 680static int | 1110/* 1111 * record byte count 4 bytes 1112 * version # 1 byte [2] 1113 * event type 2 bytes 1114 * event modifier 2 bytes 1115 * address type/length 4 bytes 1116 * [ Solaris man page: address type/length 1 byte] 1117 * machine address 4 bytes/16 bytes (IPv4/IPv6 address) 1118 * seconds of time 4 bytes/8 bytes (32/64-bits) 1119 * nanoseconds of time 4 bytes/8 bytes (32/64-bits) 1120 * 1121 * XXXAUDIT: See comment by fetch_header32_ex_tok() for details on the 1122 * accuracy of the BSM spec. 1123 */ 1124static int |
681fetch_header64_ex_tok(tokenstr_t *tok, char *buf, int len) | 1125fetch_header64_ex_tok(tokenstr_t *tok, u_char *buf, int len) |
682{ 683 int err = 0; 684 685 READ_TOKEN_U_INT32(buf, len, tok->tt.hdr64_ex.size, tok->len, err); 686 if (err) 687 return (-1); 688 689 READ_TOKEN_U_CHAR(buf, len, tok->tt.hdr64_ex.version, tok->len, err); --- 34 unchanged lines hidden (view full) --- 724 READ_TOKEN_U_INT64(buf, len, tok->tt.hdr64_ex.ms, tok->len, err); 725 if (err) 726 return (-1); 727 728 return (0); 729} 730 731static void | 1126{ 1127 int err = 0; 1128 1129 READ_TOKEN_U_INT32(buf, len, tok->tt.hdr64_ex.size, tok->len, err); 1130 if (err) 1131 return (-1); 1132 1133 READ_TOKEN_U_CHAR(buf, len, tok->tt.hdr64_ex.version, tok->len, err); --- 34 unchanged lines hidden (view full) --- 1168 READ_TOKEN_U_INT64(buf, len, tok->tt.hdr64_ex.ms, tok->len, err); 1169 if (err) 1170 return (-1); 1171 1172 return (0); 1173} 1174 1175static void |
732print_header64_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, char sfrm) | 1176print_header64_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, 1177 char sfrm, int xml) |
733{ 734 | 1178{ 1179 |
735 print_tok_type(fp, tok->id, "header_ex", raw); 736 print_delim(fp, del); 737 print_4_bytes(fp, tok->tt.hdr64_ex.size, "%u"); 738 print_delim(fp, del); 739 print_1_byte(fp, tok->tt.hdr64_ex.version, "%u"); 740 print_delim(fp, del); 741 print_event(fp, tok->tt.hdr64_ex.e_type, raw, sfrm); 742 print_delim(fp, del); 743 print_evmod(fp, tok->tt.hdr64_ex.e_mod, raw); 744 print_delim(fp, del); 745 print_ip_ex_address(fp, tok->tt.hdr64_ex.ad_type, 746 tok->tt.hdr64_ex.addr); 747 print_delim(fp, del); 748 print_sec64(fp, tok->tt.hdr64_ex.s, raw); 749 print_delim(fp, del); 750 print_msec64(fp, tok->tt.hdr64_ex.ms, raw); | 1180 print_tok_type(fp, tok->id, "header_ex", raw, xml); 1181 if (xml) { 1182 open_attr(fp, "version"); 1183 print_1_byte(fp, tok->tt.hdr64_ex.version, "%u"); 1184 close_attr(fp); 1185 open_attr(fp, "event"); 1186 print_event(fp, tok->tt.hdr64_ex.e_type, raw, sfrm); 1187 close_attr(fp); 1188 open_attr(fp, "modifier"); 1189 print_evmod(fp, tok->tt.hdr64_ex.e_mod, raw); 1190 close_attr(fp); 1191 /* 1192 * No attribute for additional types. 1193 * 1194 print_ip_ex_address(fp, tok->tt.hdr64_ex.ad_type, 1195 tok->tt.hdr64_ex.addr); 1196 */ 1197 open_attr(fp, "time"); 1198 print_sec64(fp, tok->tt.hdr64_ex.s, raw); 1199 close_attr(fp); 1200 open_attr(fp, "msec"); 1201 print_msec64(fp, tok->tt.hdr64_ex.ms, raw); 1202 close_attr(fp); 1203 close_tag(fp, tok->id); 1204 } else { 1205 print_delim(fp, del); 1206 print_4_bytes(fp, tok->tt.hdr64_ex.size, "%u"); 1207 print_delim(fp, del); 1208 print_1_byte(fp, tok->tt.hdr64_ex.version, "%u"); 1209 print_delim(fp, del); 1210 print_event(fp, tok->tt.hdr64_ex.e_type, raw, sfrm); 1211 print_delim(fp, del); 1212 print_evmod(fp, tok->tt.hdr64_ex.e_mod, raw); 1213 print_delim(fp, del); 1214 print_ip_ex_address(fp, tok->tt.hdr64_ex.ad_type, 1215 tok->tt.hdr64_ex.addr); 1216 print_delim(fp, del); 1217 print_sec64(fp, tok->tt.hdr64_ex.s, raw); 1218 print_delim(fp, del); 1219 print_msec64(fp, tok->tt.hdr64_ex.ms, raw); 1220 } |
751} 752 753/* 754 * trailer magic 2 bytes 755 * record size 4 bytes 756 */ 757static int | 1221} 1222 1223/* 1224 * trailer magic 2 bytes 1225 * record size 4 bytes 1226 */ 1227static int |
758fetch_trailer_tok(tokenstr_t *tok, char *buf, int len) | 1228fetch_trailer_tok(tokenstr_t *tok, u_char *buf, int len) |
759{ 760 int err = 0; 761 762 READ_TOKEN_U_INT16(buf, len, tok->tt.trail.magic, tok->len, err); 763 if (err) 764 return (-1); 765 766 READ_TOKEN_U_INT32(buf, len, tok->tt.trail.count, tok->len, err); 767 if (err) 768 return (-1); 769 770 return (0); 771} 772 773static void 774print_trailer_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 1229{ 1230 int err = 0; 1231 1232 READ_TOKEN_U_INT16(buf, len, tok->tt.trail.magic, tok->len, err); 1233 if (err) 1234 return (-1); 1235 1236 READ_TOKEN_U_INT32(buf, len, tok->tt.trail.count, tok->len, err); 1237 if (err) 1238 return (-1); 1239 1240 return (0); 1241} 1242 1243static void 1244print_trailer_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
775 __unused char sfrm) | 1245 __unused char sfrm, int xml) |
776{ 777 | 1246{ 1247 |
778 print_tok_type(fp, tok->id, "trailer", raw); 779 print_delim(fp, del); 780 print_4_bytes(fp, tok->tt.trail.count, "%u"); | 1248 print_tok_type(fp, tok->id, "trailer", raw, xml); 1249 if (!xml) { 1250 print_delim(fp, del); 1251 print_4_bytes(fp, tok->tt.trail.count, "%u"); 1252 } |
781} 782 783/* 784 * argument # 1 byte 785 * argument value 4 bytes/8 bytes (32-bit/64-bit value) 786 * text length 2 bytes 787 * text N bytes + 1 terminating NULL byte 788 */ 789static int | 1253} 1254 1255/* 1256 * argument # 1 byte 1257 * argument value 4 bytes/8 bytes (32-bit/64-bit value) 1258 * text length 2 bytes 1259 * text N bytes + 1 terminating NULL byte 1260 */ 1261static int |
790fetch_arg32_tok(tokenstr_t *tok, char *buf, int len) | 1262fetch_arg32_tok(tokenstr_t *tok, u_char *buf, int len) |
791{ 792 int err = 0; 793 794 READ_TOKEN_U_CHAR(buf, len, tok->tt.arg32.no, tok->len, err); 795 if (err) 796 return (-1); 797 798 READ_TOKEN_U_INT32(buf, len, tok->tt.arg32.val, tok->len, err); 799 if (err) 800 return (-1); 801 802 READ_TOKEN_U_INT16(buf, len, tok->tt.arg32.len, tok->len, err); 803 if (err) 804 return (-1); 805 | 1263{ 1264 int err = 0; 1265 1266 READ_TOKEN_U_CHAR(buf, len, tok->tt.arg32.no, tok->len, err); 1267 if (err) 1268 return (-1); 1269 1270 READ_TOKEN_U_INT32(buf, len, tok->tt.arg32.val, tok->len, err); 1271 if (err) 1272 return (-1); 1273 1274 READ_TOKEN_U_INT16(buf, len, tok->tt.arg32.len, tok->len, err); 1275 if (err) 1276 return (-1); 1277 |
806 SET_PTR(buf, len, tok->tt.arg32.text, tok->tt.arg32.len, tok->len, 807 err); | 1278 SET_PTR((char*)buf, len, tok->tt.arg32.text, tok->tt.arg32.len, 1279 tok->len, err); |
808 if (err) 809 return (-1); 810 811 return (0); 812} 813 814static void 815print_arg32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 1280 if (err) 1281 return (-1); 1282 1283 return (0); 1284} 1285 1286static void 1287print_arg32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
816 __unused char sfrm) | 1288 __unused char sfrm, int xml) |
817{ 818 | 1289{ 1290 |
819 print_tok_type(fp, tok->id, "argument", raw); 820 print_delim(fp, del); 821 print_1_byte(fp, tok->tt.arg32.no, "%u"); 822 print_delim(fp, del); 823 print_4_bytes(fp, tok->tt.arg32.val, "0x%x"); 824 print_delim(fp, del); 825 print_string(fp, tok->tt.arg32.text, tok->tt.arg32.len); | 1291 print_tok_type(fp, tok->id, "argument", raw, xml); 1292 if (xml) { 1293 open_attr(fp, "arg-num"); 1294 print_1_byte(fp, tok->tt.arg32.no, "%u"); 1295 close_attr(fp); 1296 open_attr(fp, "value"); 1297 print_4_bytes(fp, tok->tt.arg32.val, "0x%x"); 1298 close_attr(fp); 1299 open_attr(fp, "desc"); 1300 print_string(fp, tok->tt.arg32.text, tok->tt.arg32.len); 1301 close_attr(fp); 1302 close_tag(fp, tok->id); 1303 } else { 1304 print_delim(fp, del); 1305 print_1_byte(fp, tok->tt.arg32.no, "%u"); 1306 print_delim(fp, del); 1307 print_4_bytes(fp, tok->tt.arg32.val, "0x%x"); 1308 print_delim(fp, del); 1309 } |
826} 827 828static int | 1310} 1311 1312static int |
829fetch_arg64_tok(tokenstr_t *tok, char *buf, int len) | 1313fetch_arg64_tok(tokenstr_t *tok, u_char *buf, int len) |
830{ 831 int err = 0; 832 833 READ_TOKEN_U_CHAR(buf, len, tok->tt.arg64.no, tok->len, err); 834 if (err) 835 return (-1); 836 837 READ_TOKEN_U_INT64(buf, len, tok->tt.arg64.val, tok->len, err); 838 if (err) 839 return (-1); 840 841 READ_TOKEN_U_INT16(buf, len, tok->tt.arg64.len, tok->len, err); 842 if (err) 843 return (-1); 844 | 1314{ 1315 int err = 0; 1316 1317 READ_TOKEN_U_CHAR(buf, len, tok->tt.arg64.no, tok->len, err); 1318 if (err) 1319 return (-1); 1320 1321 READ_TOKEN_U_INT64(buf, len, tok->tt.arg64.val, tok->len, err); 1322 if (err) 1323 return (-1); 1324 1325 READ_TOKEN_U_INT16(buf, len, tok->tt.arg64.len, tok->len, err); 1326 if (err) 1327 return (-1); 1328 |
845 SET_PTR(buf, len, tok->tt.arg64.text, tok->tt.arg64.len, tok->len, 846 err); | 1329 SET_PTR((char*)buf, len, tok->tt.arg64.text, tok->tt.arg64.len, 1330 tok->len, err); |
847 if (err) 848 return (-1); 849 850 return (0); 851} 852 853static void 854print_arg64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 1331 if (err) 1332 return (-1); 1333 1334 return (0); 1335} 1336 1337static void 1338print_arg64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
855 __unused char sfrm) | 1339 __unused char sfrm, int xml) |
856{ 857 | 1340{ 1341 |
858 print_tok_type(fp, tok->id, "argument", raw); 859 print_delim(fp, del); 860 print_1_byte(fp, tok->tt.arg64.no, "%u"); 861 print_delim(fp, del); 862 print_8_bytes(fp, tok->tt.arg64.val, "0x%llx"); 863 print_delim(fp, del); 864 print_string(fp, tok->tt.arg64.text, tok->tt.arg64.len); | 1342 print_tok_type(fp, tok->id, "argument", raw, xml); 1343 if (xml) { 1344 open_attr(fp, "arg-num"); 1345 print_1_byte(fp, tok->tt.arg64.no, "%u"); 1346 close_attr(fp); 1347 open_attr(fp, "value"); 1348 print_8_bytes(fp, tok->tt.arg64.val, "0x%llx"); 1349 close_attr(fp); 1350 open_attr(fp, "desc"); 1351 print_string(fp, tok->tt.arg64.text, tok->tt.arg64.len); 1352 close_attr(fp); 1353 close_tag(fp, tok->id); 1354 } else { 1355 print_delim(fp, del); 1356 print_1_byte(fp, tok->tt.arg64.no, "%u"); 1357 print_delim(fp, del); 1358 print_8_bytes(fp, tok->tt.arg64.val, "0x%llx"); 1359 print_delim(fp, del); 1360 print_string(fp, tok->tt.arg64.text, tok->tt.arg64.len); 1361 } |
865} 866 867/* 868 * how to print 1 byte 869 * basic unit 1 byte 870 * unit count 1 byte 871 * data items (depends on basic unit) 872 */ 873static int | 1362} 1363 1364/* 1365 * how to print 1 byte 1366 * basic unit 1 byte 1367 * unit count 1 byte 1368 * data items (depends on basic unit) 1369 */ 1370static int |
874fetch_arb_tok(tokenstr_t *tok, char *buf, int len) | 1371fetch_arb_tok(tokenstr_t *tok, u_char *buf, int len) |
875{ 876 int err = 0; 877 int datasize; 878 879 READ_TOKEN_U_CHAR(buf, len, tok->tt.arb.howtopr, tok->len, err); 880 if (err) 881 return (-1); 882 --- 36 unchanged lines hidden (view full) --- 919 if (err) 920 return (-1); 921 922 return (0); 923} 924 925static void 926print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 1372{ 1373 int err = 0; 1374 int datasize; 1375 1376 READ_TOKEN_U_CHAR(buf, len, tok->tt.arb.howtopr, tok->len, err); 1377 if (err) 1378 return (-1); 1379 --- 36 unchanged lines hidden (view full) --- 1416 if (err) 1417 return (-1); 1418 1419 return (0); 1420} 1421 1422static void 1423print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
927 __unused char sfrm) | 1424 __unused char sfrm, int xml) |
928{ 929 char *str; 930 char *format; 931 size_t size; 932 int i; 933 | 1425{ 1426 char *str; 1427 char *format; 1428 size_t size; 1429 int i; 1430 |
934 print_tok_type(fp, tok->id, "arbitrary", raw); 935 print_delim(fp, del); | 1431 print_tok_type(fp, tok->id, "arbitrary", raw, xml); 1432 if (!xml) 1433 print_delim(fp, del); |
936 937 switch(tok->tt.arb.howtopr) { 938 case AUP_BINARY: 939 str = "binary"; 940 format = " %c"; 941 break; 942 943 case AUP_OCTAL: --- 15 unchanged lines hidden (view full) --- 959 str = "string"; 960 format = "%c"; 961 break; 962 963 default: 964 return; 965 } 966 | 1434 1435 switch(tok->tt.arb.howtopr) { 1436 case AUP_BINARY: 1437 str = "binary"; 1438 format = " %c"; 1439 break; 1440 1441 case AUP_OCTAL: --- 15 unchanged lines hidden (view full) --- 1457 str = "string"; 1458 format = "%c"; 1459 break; 1460 1461 default: 1462 return; 1463 } 1464 |
967 print_string(fp, str, strlen(str)); 968 print_delim(fp, del); | 1465 if (xml) { 1466 open_attr(fp, "print"); 1467 fprintf(fp, "%s",str); 1468 close_attr(fp); 1469 } else { 1470 print_string(fp, str, strlen(str)); 1471 print_delim(fp, del); 1472 } |
969 switch(tok->tt.arb.bu) { 970 case AUR_BYTE: 971 /* case AUR_CHAR: */ 972 str = "byte"; 973 size = AUR_BYTE_SIZE; | 1473 switch(tok->tt.arb.bu) { 1474 case AUR_BYTE: 1475 /* case AUR_CHAR: */ 1476 str = "byte"; 1477 size = AUR_BYTE_SIZE; |
974 print_string(fp, str, strlen(str)); 975 print_delim(fp, del); 976 print_1_byte(fp, tok->tt.arb.uc, "%u"); 977 print_delim(fp, del); 978 for (i = 0; i<tok->tt.arb.uc; i++) 979 fprintf(fp, format, *(tok->tt.arb.data + (size * i))); | 1478 if (xml) { 1479 open_attr(fp, "type"); 1480 fprintf(fp, "%u", size); 1481 close_attr(fp); 1482 open_attr(fp, "count"); 1483 print_1_byte(fp, tok->tt.arb.uc, "%u"); 1484 close_attr(fp); 1485 fprintf(fp, ">"); 1486 for (i = 0; i<tok->tt.arb.uc; i++) 1487 fprintf(fp, format, *(tok->tt.arb.data + 1488 (size * i))); 1489 close_tag(fp, tok->id); 1490 } else { 1491 print_string(fp, str, strlen(str)); 1492 print_delim(fp, del); 1493 print_1_byte(fp, tok->tt.arb.uc, "%u"); 1494 print_delim(fp, del); 1495 for (i = 0; i<tok->tt.arb.uc; i++) 1496 fprintf(fp, format, *(tok->tt.arb.data + 1497 (size * i))); 1498 } |
980 break; 981 982 case AUR_SHORT: 983 str = "short"; 984 size = AUR_SHORT_SIZE; | 1499 break; 1500 1501 case AUR_SHORT: 1502 str = "short"; 1503 size = AUR_SHORT_SIZE; |
985 print_string(fp, str, strlen(str)); 986 print_delim(fp, del); 987 print_1_byte(fp, tok->tt.arb.uc, "%u"); 988 print_delim(fp, del); 989 for (i = 0; i < tok->tt.arb.uc; i++) 990 fprintf(fp, format, *((u_int16_t *)(tok->tt.arb.data + 991 (size * i)))); | 1504 if (xml) { 1505 open_attr(fp, "type"); 1506 fprintf(fp, "%u", size); 1507 close_attr(fp); 1508 open_attr(fp, "count"); 1509 print_1_byte(fp, tok->tt.arb.uc, "%u"); 1510 close_attr(fp); 1511 fprintf(fp, ">"); 1512 for (i = 0; i < tok->tt.arb.uc; i++) 1513 fprintf(fp, format, 1514 *((u_int16_t *)(tok->tt.arb.data + 1515 (size * i)))); 1516 close_tag(fp, tok->id); 1517 } else { 1518 print_string(fp, str, strlen(str)); 1519 print_delim(fp, del); 1520 print_1_byte(fp, tok->tt.arb.uc, "%u"); 1521 print_delim(fp, del); 1522 for (i = 0; i < tok->tt.arb.uc; i++) 1523 fprintf(fp, format, 1524 *((u_int16_t *)(tok->tt.arb.data + 1525 (size * i)))); 1526 } |
992 break; 993 994 case AUR_INT32: 995 /* case AUR_INT: */ 996 str = "int"; 997 size = AUR_INT32_SIZE; | 1527 break; 1528 1529 case AUR_INT32: 1530 /* case AUR_INT: */ 1531 str = "int"; 1532 size = AUR_INT32_SIZE; |
998 print_string(fp, str, strlen(str)); 999 print_delim(fp, del); 1000 print_1_byte(fp, tok->tt.arb.uc, "%u"); 1001 print_delim(fp, del); 1002 for (i = 0; i < tok->tt.arb.uc; i++) 1003 fprintf(fp, format, *((u_int32_t *)(tok->tt.arb.data + 1004 (size * i)))); | 1533 if (xml) { 1534 open_attr(fp, "type"); 1535 fprintf(fp, "%u", size); 1536 close_attr(fp); 1537 open_attr(fp, "count"); 1538 print_1_byte(fp, tok->tt.arb.uc, "%u"); 1539 close_attr(fp); 1540 fprintf(fp, ">"); 1541 for (i = 0; i < tok->tt.arb.uc; i++) 1542 fprintf(fp, format, 1543 *((u_int32_t *)(tok->tt.arb.data + 1544 (size * i)))); 1545 close_tag(fp, tok->id); 1546 } else { 1547 print_string(fp, str, strlen(str)); 1548 print_delim(fp, del); 1549 print_1_byte(fp, tok->tt.arb.uc, "%u"); 1550 print_delim(fp, del); 1551 for (i = 0; i < tok->tt.arb.uc; i++) 1552 fprintf(fp, format, 1553 *((u_int32_t *)(tok->tt.arb.data + 1554 (size * i)))); 1555 } |
1005 break; 1006 1007 case AUR_INT64: 1008 str = "int64"; 1009 size = AUR_INT64_SIZE; | 1556 break; 1557 1558 case AUR_INT64: 1559 str = "int64"; 1560 size = AUR_INT64_SIZE; |
1010 print_string(fp, str, strlen(str)); 1011 print_delim(fp, del); 1012 print_1_byte(fp, tok->tt.arb.uc, "%u"); 1013 print_delim(fp, del); 1014 for (i = 0; i < tok->tt.arb.uc; i++) 1015 fprintf(fp, format, *((u_int64_t *)(tok->tt.arb.data + 1016 (size * i)))); | 1561 if (xml) { 1562 open_attr(fp, "type"); 1563 fprintf(fp, "%u", size); 1564 close_attr(fp); 1565 open_attr(fp, "count"); 1566 print_1_byte(fp, tok->tt.arb.uc, "%u"); 1567 close_attr(fp); 1568 fprintf(fp, ">"); 1569 for (i = 0; i < tok->tt.arb.uc; i++) 1570 fprintf(fp, format, 1571 *((u_int64_t *)(tok->tt.arb.data + 1572 (size * i)))); 1573 close_tag(fp, tok->id); 1574 } else { 1575 print_string(fp, str, strlen(str)); 1576 print_delim(fp, del); 1577 print_1_byte(fp, tok->tt.arb.uc, "%u"); 1578 print_delim(fp, del); 1579 for (i = 0; i < tok->tt.arb.uc; i++) 1580 fprintf(fp, format, 1581 *((u_int64_t *)(tok->tt.arb.data + 1582 (size * i)))); 1583 } |
1017 break; 1018 1019 default: 1020 return; 1021 } 1022} 1023 1024/* 1025 * file access mode 4 bytes 1026 * owner user ID 4 bytes 1027 * owner group ID 4 bytes 1028 * file system ID 4 bytes 1029 * node ID 8 bytes 1030 * device 4 bytes/8 bytes (32-bit/64-bit) 1031 */ 1032static int | 1584 break; 1585 1586 default: 1587 return; 1588 } 1589} 1590 1591/* 1592 * file access mode 4 bytes 1593 * owner user ID 4 bytes 1594 * owner group ID 4 bytes 1595 * file system ID 4 bytes 1596 * node ID 8 bytes 1597 * device 4 bytes/8 bytes (32-bit/64-bit) 1598 */ 1599static int |
1033fetch_attr32_tok(tokenstr_t *tok, char *buf, int len) | 1600fetch_attr32_tok(tokenstr_t *tok, u_char *buf, int len) |
1034{ 1035 int err = 0; 1036 1037 READ_TOKEN_U_INT32(buf, len, tok->tt.attr32.mode, tok->len, err); 1038 if (err) 1039 return (-1); 1040 1041 READ_TOKEN_U_INT32(buf, len, tok->tt.attr32.uid, tok->len, err); --- 16 unchanged lines hidden (view full) --- 1058 if (err) 1059 return (-1); 1060 1061 return (0); 1062} 1063 1064static void 1065print_attr32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 1601{ 1602 int err = 0; 1603 1604 READ_TOKEN_U_INT32(buf, len, tok->tt.attr32.mode, tok->len, err); 1605 if (err) 1606 return (-1); 1607 1608 READ_TOKEN_U_INT32(buf, len, tok->tt.attr32.uid, tok->len, err); --- 16 unchanged lines hidden (view full) --- 1625 if (err) 1626 return (-1); 1627 1628 return (0); 1629} 1630 1631static void 1632print_attr32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
1066 __unused char sfrm) | 1633 __unused char sfrm, int xml) |
1067{ 1068 | 1634{ 1635 |
1069 print_tok_type(fp, tok->id, "attribute", raw); 1070 print_delim(fp, del); 1071 print_4_bytes(fp, tok->tt.attr32.mode, "%o"); 1072 print_delim(fp, del); 1073 print_user(fp, tok->tt.attr32.uid, raw); 1074 print_delim(fp, del); 1075 print_group(fp, tok->tt.attr32.gid, raw); 1076 print_delim(fp, del); 1077 print_4_bytes(fp, tok->tt.attr32.fsid, "%u"); 1078 print_delim(fp, del); 1079 print_8_bytes(fp, tok->tt.attr32.nid, "%lld"); 1080 print_delim(fp, del); 1081 print_4_bytes(fp, tok->tt.attr32.dev, "%u"); | 1636 print_tok_type(fp, tok->id, "attribute", raw, xml); 1637 if (xml) { 1638 open_attr(fp, "mode"); 1639 print_4_bytes(fp, tok->tt.attr32.mode, "%o"); 1640 close_attr(fp); 1641 open_attr(fp, "uid"); 1642 print_user(fp, tok->tt.attr32.uid, raw); 1643 close_attr(fp); 1644 open_attr(fp, "gid"); 1645 print_group(fp, tok->tt.attr32.gid, raw); 1646 close_attr(fp); 1647 open_attr(fp, "fsid"); 1648 print_4_bytes(fp, tok->tt.attr32.fsid, "%u"); 1649 close_attr(fp); 1650 open_attr(fp, "nodeid"); 1651 print_8_bytes(fp, tok->tt.attr32.nid, "%lld"); 1652 close_attr(fp); 1653 open_attr(fp, "device"); 1654 print_4_bytes(fp, tok->tt.attr32.dev, "%u"); 1655 close_attr(fp); 1656 close_tag(fp, tok->id); 1657 } else { 1658 print_delim(fp, del); 1659 print_4_bytes(fp, tok->tt.attr32.mode, "%o"); 1660 print_delim(fp, del); 1661 print_user(fp, tok->tt.attr32.uid, raw); 1662 print_delim(fp, del); 1663 print_group(fp, tok->tt.attr32.gid, raw); 1664 print_delim(fp, del); 1665 print_4_bytes(fp, tok->tt.attr32.fsid, "%u"); 1666 print_delim(fp, del); 1667 print_8_bytes(fp, tok->tt.attr32.nid, "%lld"); 1668 print_delim(fp, del); 1669 print_4_bytes(fp, tok->tt.attr32.dev, "%u"); 1670 } |
1082} 1083 1084/* 1085 * file access mode 4 bytes 1086 * owner user ID 4 bytes 1087 * owner group ID 4 bytes 1088 * file system ID 4 bytes 1089 * node ID 8 bytes 1090 * device 4 bytes/8 bytes (32-bit/64-bit) 1091 */ 1092static int | 1671} 1672 1673/* 1674 * file access mode 4 bytes 1675 * owner user ID 4 bytes 1676 * owner group ID 4 bytes 1677 * file system ID 4 bytes 1678 * node ID 8 bytes 1679 * device 4 bytes/8 bytes (32-bit/64-bit) 1680 */ 1681static int |
1093fetch_attr64_tok(tokenstr_t *tok, char *buf, int len) | 1682fetch_attr64_tok(tokenstr_t *tok, u_char *buf, int len) |
1094{ 1095 int err = 0; 1096 1097 READ_TOKEN_U_INT32(buf, len, tok->tt.attr64.mode, tok->len, err); 1098 if (err) 1099 return (-1); 1100 1101 READ_TOKEN_U_INT32(buf, len, tok->tt.attr64.uid, tok->len, err); --- 16 unchanged lines hidden (view full) --- 1118 if (err) 1119 return (-1); 1120 1121 return (0); 1122} 1123 1124static void 1125print_attr64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 1683{ 1684 int err = 0; 1685 1686 READ_TOKEN_U_INT32(buf, len, tok->tt.attr64.mode, tok->len, err); 1687 if (err) 1688 return (-1); 1689 1690 READ_TOKEN_U_INT32(buf, len, tok->tt.attr64.uid, tok->len, err); --- 16 unchanged lines hidden (view full) --- 1707 if (err) 1708 return (-1); 1709 1710 return (0); 1711} 1712 1713static void 1714print_attr64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
1126 __unused char sfrm) | 1715 __unused char sfrm, int xml) |
1127{ 1128 | 1716{ 1717 |
1129 print_tok_type(fp, tok->id, "attribute", raw); 1130 print_delim(fp, del); 1131 print_4_bytes(fp, tok->tt.attr64.mode, "%o"); 1132 print_delim(fp, del); 1133 print_user(fp, tok->tt.attr64.uid, raw); 1134 print_delim(fp, del); 1135 print_group(fp, tok->tt.attr64.gid, raw); 1136 print_delim(fp, del); 1137 print_4_bytes(fp, tok->tt.attr64.fsid, "%u"); 1138 print_delim(fp, del); 1139 print_8_bytes(fp, tok->tt.attr64.nid, "%lld"); 1140 print_delim(fp, del); 1141 print_8_bytes(fp, tok->tt.attr64.dev, "%llu"); | 1718 print_tok_type(fp, tok->id, "attribute", raw, xml); 1719 if (xml) { 1720 open_attr(fp, "mode"); 1721 print_4_bytes(fp, tok->tt.attr64.mode, "%o"); 1722 close_attr(fp); 1723 open_attr(fp, "uid"); 1724 print_user(fp, tok->tt.attr64.uid, raw); 1725 close_attr(fp); 1726 open_attr(fp, "gid"); 1727 print_group(fp, tok->tt.attr64.gid, raw); 1728 close_attr(fp); 1729 open_attr(fp, "fsid"); 1730 print_4_bytes(fp, tok->tt.attr64.fsid, "%u"); 1731 close_attr(fp); 1732 open_attr(fp, "nodeid"); 1733 print_8_bytes(fp, tok->tt.attr64.nid, "%lld"); 1734 close_attr(fp); 1735 open_attr(fp, "device"); 1736 print_8_bytes(fp, tok->tt.attr64.dev, "%llu"); 1737 close_attr(fp); 1738 close_tag(fp, tok->id); 1739 } else { 1740 print_delim(fp, del); 1741 print_4_bytes(fp, tok->tt.attr64.mode, "%o"); 1742 print_delim(fp, del); 1743 print_user(fp, tok->tt.attr64.uid, raw); 1744 print_delim(fp, del); 1745 print_group(fp, tok->tt.attr64.gid, raw); 1746 print_delim(fp, del); 1747 print_4_bytes(fp, tok->tt.attr64.fsid, "%u"); 1748 print_delim(fp, del); 1749 print_8_bytes(fp, tok->tt.attr64.nid, "%lld"); 1750 print_delim(fp, del); 1751 print_8_bytes(fp, tok->tt.attr64.dev, "%llu"); 1752 } |
1142} 1143 1144/* 1145 * status 4 bytes 1146 * return value 4 bytes 1147 */ 1148static int | 1753} 1754 1755/* 1756 * status 4 bytes 1757 * return value 4 bytes 1758 */ 1759static int |
1149fetch_exit_tok(tokenstr_t *tok, char *buf, int len) | 1760fetch_exit_tok(tokenstr_t *tok, u_char *buf, int len) |
1150{ 1151 int err = 0; 1152 1153 READ_TOKEN_U_INT32(buf, len, tok->tt.exit.status, tok->len, err); 1154 if (err) 1155 return (-1); 1156 1157 READ_TOKEN_U_INT32(buf, len, tok->tt.exit.ret, tok->len, err); 1158 if (err) 1159 return (-1); 1160 1161 return (0); 1162} 1163 1164static void 1165print_exit_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 1761{ 1762 int err = 0; 1763 1764 READ_TOKEN_U_INT32(buf, len, tok->tt.exit.status, tok->len, err); 1765 if (err) 1766 return (-1); 1767 1768 READ_TOKEN_U_INT32(buf, len, tok->tt.exit.ret, tok->len, err); 1769 if (err) 1770 return (-1); 1771 1772 return (0); 1773} 1774 1775static void 1776print_exit_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
1166 __unused char sfrm) | 1777 __unused char sfrm, int xml) |
1167{ 1168 | 1778{ 1779 |
1169 print_tok_type(fp, tok->id, "exit", raw); 1170 print_delim(fp, del); 1171 print_errval(fp, tok->tt.exit.status); 1172 print_delim(fp, del); 1173 print_4_bytes(fp, tok->tt.exit.ret, "%u"); | 1780 print_tok_type(fp, tok->id, "exit", raw, xml); 1781 if (xml) { 1782 open_attr(fp, "errval"); 1783 print_errval(fp, tok->tt.exit.status); 1784 close_attr(fp); 1785 open_attr(fp, "retval"); 1786 print_4_bytes(fp, tok->tt.exit.ret, "%u"); 1787 close_attr(fp); 1788 close_tag(fp, tok->id); 1789 } else { 1790 print_delim(fp, del); 1791 print_errval(fp, tok->tt.exit.status); 1792 print_delim(fp, del); 1793 print_4_bytes(fp, tok->tt.exit.ret, "%u"); 1794 } |
1174} 1175 1176/* 1177 * count 4 bytes 1178 * text count null-terminated string(s) 1179 */ 1180static int | 1795} 1796 1797/* 1798 * count 4 bytes 1799 * text count null-terminated string(s) 1800 */ 1801static int |
1181fetch_execarg_tok(tokenstr_t *tok, char *buf, int len) | 1802fetch_execarg_tok(tokenstr_t *tok, u_char *buf, int len) |
1182{ 1183 int err = 0; 1184 int i; | 1803{ 1804 int err = 0; 1805 int i; |
1185 char *bptr; | 1806 u_char *bptr; |
1186 1187 READ_TOKEN_U_INT32(buf, len, tok->tt.execarg.count, tok->len, err); 1188 if (err) 1189 return (-1); 1190 1191 for (i = 0; i < tok->tt.execarg.count; i++) { 1192 bptr = buf + tok->len; 1193 if (i < AUDIT_MAX_ARGS) | 1807 1808 READ_TOKEN_U_INT32(buf, len, tok->tt.execarg.count, tok->len, err); 1809 if (err) 1810 return (-1); 1811 1812 for (i = 0; i < tok->tt.execarg.count; i++) { 1813 bptr = buf + tok->len; 1814 if (i < AUDIT_MAX_ARGS) |
1194 tok->tt.execarg.text[i] = bptr; | 1815 tok->tt.execarg.text[i] = (char*)bptr; |
1195 1196 /* Look for a null terminated string. */ 1197 while (bptr && (*bptr != '\0')) { 1198 if (++tok->len >=len) 1199 return (-1); 1200 bptr = buf + tok->len; 1201 } 1202 if (!bptr) 1203 return (-1); 1204 tok->len++; /* \0 character */ 1205 } 1206 if (tok->tt.execarg.count > AUDIT_MAX_ARGS) 1207 tok->tt.execarg.count = AUDIT_MAX_ARGS; 1208 1209 return (0); 1210} 1211 1212static void 1213print_execarg_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 1816 1817 /* Look for a null terminated string. */ 1818 while (bptr && (*bptr != '\0')) { 1819 if (++tok->len >=len) 1820 return (-1); 1821 bptr = buf + tok->len; 1822 } 1823 if (!bptr) 1824 return (-1); 1825 tok->len++; /* \0 character */ 1826 } 1827 if (tok->tt.execarg.count > AUDIT_MAX_ARGS) 1828 tok->tt.execarg.count = AUDIT_MAX_ARGS; 1829 1830 return (0); 1831} 1832 1833static void 1834print_execarg_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
1214 __unused char sfrm) | 1835 __unused char sfrm, int xml) |
1215{ 1216 int i; 1217 | 1836{ 1837 int i; 1838 |
1218 print_tok_type(fp, tok->id, "exec arg", raw); | 1839 print_tok_type(fp, tok->id, "exec arg", raw, xml); |
1219 for (i = 0; i < tok->tt.execarg.count; i++) { | 1840 for (i = 0; i < tok->tt.execarg.count; i++) { |
1220 print_delim(fp, del); 1221 print_string(fp, tok->tt.execarg.text[i], 1222 strlen(tok->tt.execarg.text[i])); | 1841 if (xml) { 1842 fprintf(fp, "<arg>"); 1843 print_string(fp, tok->tt.execarg.text[i], 1844 strlen(tok->tt.execarg.text[i])); 1845 fprintf(fp, "</arg>"); 1846 } else { 1847 print_delim(fp, del); 1848 print_string(fp, tok->tt.execarg.text[i], 1849 strlen(tok->tt.execarg.text[i])); 1850 } |
1223 } | 1851 } |
1852 if (xml) 1853 close_tag(fp, tok->id); |
|
1224} 1225 1226/* 1227 * count 4 bytes 1228 * text count null-terminated string(s) 1229 */ 1230static int | 1854} 1855 1856/* 1857 * count 4 bytes 1858 * text count null-terminated string(s) 1859 */ 1860static int |
1231fetch_execenv_tok(tokenstr_t *tok, char *buf, int len) | 1861fetch_execenv_tok(tokenstr_t *tok, u_char *buf, int len) |
1232{ 1233 int err = 0; 1234 int i; | 1862{ 1863 int err = 0; 1864 int i; |
1235 char *bptr; | 1865 u_char *bptr; |
1236 1237 READ_TOKEN_U_INT32(buf, len, tok->tt.execenv.count, tok->len, err); 1238 if (err) 1239 return (-1); 1240 1241 for (i = 0; i < tok->tt.execenv.count; i++) { 1242 bptr = buf + tok->len; 1243 if (i < AUDIT_MAX_ENV) | 1866 1867 READ_TOKEN_U_INT32(buf, len, tok->tt.execenv.count, tok->len, err); 1868 if (err) 1869 return (-1); 1870 1871 for (i = 0; i < tok->tt.execenv.count; i++) { 1872 bptr = buf + tok->len; 1873 if (i < AUDIT_MAX_ENV) |
1244 tok->tt.execenv.text[i] = bptr; | 1874 tok->tt.execenv.text[i] = (char*)bptr; |
1245 1246 /* Look for a null terminated string. */ 1247 while (bptr && (*bptr != '\0')) { 1248 if (++tok->len >=len) 1249 return (-1); 1250 bptr = buf + tok->len; 1251 } 1252 if (!bptr) 1253 return (-1); 1254 tok->len++; /* \0 character */ 1255 } 1256 if (tok->tt.execenv.count > AUDIT_MAX_ENV) 1257 tok->tt.execenv.count = AUDIT_MAX_ENV; 1258 1259 return (0); 1260} 1261 1262static void 1263print_execenv_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 1875 1876 /* Look for a null terminated string. */ 1877 while (bptr && (*bptr != '\0')) { 1878 if (++tok->len >=len) 1879 return (-1); 1880 bptr = buf + tok->len; 1881 } 1882 if (!bptr) 1883 return (-1); 1884 tok->len++; /* \0 character */ 1885 } 1886 if (tok->tt.execenv.count > AUDIT_MAX_ENV) 1887 tok->tt.execenv.count = AUDIT_MAX_ENV; 1888 1889 return (0); 1890} 1891 1892static void 1893print_execenv_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
1264 __unused char sfrm) | 1894 __unused char sfrm, int xml) |
1265{ 1266 int i; 1267 | 1895{ 1896 int i; 1897 |
1268 print_tok_type(fp, tok->id, "exec env", raw); | 1898 print_tok_type(fp, tok->id, "exec env", raw, xml); |
1269 for (i = 0; i< tok->tt.execenv.count; i++) { | 1899 for (i = 0; i< tok->tt.execenv.count; i++) { |
1270 print_delim(fp, del); 1271 print_string(fp, tok->tt.execenv.text[i], 1272 strlen(tok->tt.execenv.text[i])); | 1900 if (xml) { 1901 fprintf(fp, "<env>"); 1902 print_string(fp, tok->tt.execenv.text[i], 1903 strlen(tok->tt.execenv.text[i])); 1904 fprintf(fp, "</env>"); 1905 } else { 1906 print_delim(fp, del); 1907 print_string(fp, tok->tt.execenv.text[i], 1908 strlen(tok->tt.execenv.text[i])); 1909 } |
1273 } | 1910 } |
1911 if (xml) 1912 close_tag(fp, tok->id); |
|
1274} 1275 1276/* 1277 * seconds of time 4 bytes 1278 * milliseconds of time 4 bytes 1279 * file name len 2 bytes 1280 * file pathname N bytes + 1 terminating NULL byte 1281 */ 1282static int | 1913} 1914 1915/* 1916 * seconds of time 4 bytes 1917 * milliseconds of time 4 bytes 1918 * file name len 2 bytes 1919 * file pathname N bytes + 1 terminating NULL byte 1920 */ 1921static int |
1283fetch_file_tok(tokenstr_t *tok, char *buf, int len) | 1922fetch_file_tok(tokenstr_t *tok, u_char *buf, int len) |
1284{ 1285 int err = 0; 1286 1287 READ_TOKEN_U_INT32(buf, len, tok->tt.file.s, tok->len, err); 1288 if (err) 1289 return (-1); 1290 1291 READ_TOKEN_U_INT32(buf, len, tok->tt.file.ms, tok->len, err); 1292 if (err) 1293 return (-1); 1294 1295 READ_TOKEN_U_INT16(buf, len, tok->tt.file.len, tok->len, err); 1296 if (err) 1297 return (-1); 1298 | 1923{ 1924 int err = 0; 1925 1926 READ_TOKEN_U_INT32(buf, len, tok->tt.file.s, tok->len, err); 1927 if (err) 1928 return (-1); 1929 1930 READ_TOKEN_U_INT32(buf, len, tok->tt.file.ms, tok->len, err); 1931 if (err) 1932 return (-1); 1933 1934 READ_TOKEN_U_INT16(buf, len, tok->tt.file.len, tok->len, err); 1935 if (err) 1936 return (-1); 1937 |
1299 SET_PTR(buf, len, tok->tt.file.name, tok->tt.file.len, tok->len, err); | 1938 SET_PTR((char*)buf, len, tok->tt.file.name, tok->tt.file.len, tok->len, 1939 err); |
1300 if (err) 1301 return (-1); 1302 1303 return (0); 1304} 1305 1306static void 1307print_file_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 1940 if (err) 1941 return (-1); 1942 1943 return (0); 1944} 1945 1946static void 1947print_file_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
1308 __unused char sfrm) | 1948 __unused char sfrm, int xml) |
1309{ 1310 | 1949{ 1950 |
1311 print_tok_type(fp, tok->id, "file", raw); 1312 print_delim(fp, del); 1313 print_sec32(fp, tok->tt.file.s, raw); 1314 print_delim(fp, del); 1315 print_msec32(fp, tok->tt.file.ms, raw); 1316 print_delim(fp, del); 1317 print_string(fp, tok->tt.file.name, tok->tt.file.len); | 1951 print_tok_type(fp, tok->id, "file", raw, xml); 1952 if (xml) { 1953 open_attr(fp, "time"); 1954 print_sec32(fp, tok->tt.file.s, raw); 1955 close_attr(fp); 1956 open_attr(fp, "msec"); 1957 print_msec32(fp, tok->tt.file.ms, raw); 1958 close_attr(fp); 1959 fprintf(fp, ">"); 1960 print_string(fp, tok->tt.file.name, tok->tt.file.len); 1961 close_tag(fp, tok->id); 1962 } else { 1963 print_delim(fp, del); 1964 print_sec32(fp, tok->tt.file.s, raw); 1965 print_delim(fp, del); 1966 print_msec32(fp, tok->tt.file.ms, raw); 1967 print_delim(fp, del); 1968 print_string(fp, tok->tt.file.name, tok->tt.file.len); 1969 } |
1318} 1319 1320/* 1321 * number groups 2 bytes 1322 * group list count * 4 bytes 1323 */ 1324static int | 1970} 1971 1972/* 1973 * number groups 2 bytes 1974 * group list count * 4 bytes 1975 */ 1976static int |
1325fetch_newgroups_tok(tokenstr_t *tok, char *buf, int len) | 1977fetch_newgroups_tok(tokenstr_t *tok, u_char *buf, int len) |
1326{ 1327 int i; 1328 int err = 0; 1329 1330 READ_TOKEN_U_INT16(buf, len, tok->tt.grps.no, tok->len, err); 1331 if (err) 1332 return (-1); 1333 --- 4 unchanged lines hidden (view full) --- 1338 return (-1); 1339 } 1340 1341 return (0); 1342} 1343 1344static void 1345print_newgroups_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 1978{ 1979 int i; 1980 int err = 0; 1981 1982 READ_TOKEN_U_INT16(buf, len, tok->tt.grps.no, tok->len, err); 1983 if (err) 1984 return (-1); 1985 --- 4 unchanged lines hidden (view full) --- 1990 return (-1); 1991 } 1992 1993 return (0); 1994} 1995 1996static void 1997print_newgroups_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
1346 __unused char sfrm) | 1998 __unused char sfrm, int xml) |
1347{ 1348 int i; 1349 | 1999{ 2000 int i; 2001 |
1350 print_tok_type(fp, tok->id, "group", raw); | 2002 print_tok_type(fp, tok->id, "group", raw, xml); |
1351 for (i = 0; i < tok->tt.grps.no; i++) { | 2003 for (i = 0; i < tok->tt.grps.no; i++) { |
1352 print_delim(fp, del); 1353 print_group(fp, tok->tt.grps.list[i], raw); | 2004 if (xml) { 2005 fprintf(fp, "<gid>"); 2006 print_group(fp, tok->tt.grps.list[i], raw); 2007 fprintf(fp, "</gid>"); 2008 close_tag(fp, tok->id); 2009 } else { 2010 print_delim(fp, del); 2011 print_group(fp, tok->tt.grps.list[i], raw); 2012 } |
1354 } 1355} 1356 1357/* 1358 * Internet addr 4 bytes 1359 */ 1360static int | 2013 } 2014} 2015 2016/* 2017 * Internet addr 4 bytes 2018 */ 2019static int |
1361fetch_inaddr_tok(tokenstr_t *tok, char *buf, int len) | 2020fetch_inaddr_tok(tokenstr_t *tok, u_char *buf, int len) |
1362{ 1363 int err = 0; 1364 1365 READ_TOKEN_BYTES(buf, len, &tok->tt.inaddr.addr, sizeof(uint32_t), 1366 tok->len, err); 1367 if (err) 1368 return (-1); 1369 1370 return (0); 1371 1372} 1373 1374static void 1375print_inaddr_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 2021{ 2022 int err = 0; 2023 2024 READ_TOKEN_BYTES(buf, len, &tok->tt.inaddr.addr, sizeof(uint32_t), 2025 tok->len, err); 2026 if (err) 2027 return (-1); 2028 2029 return (0); 2030 2031} 2032 2033static void 2034print_inaddr_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
1376 __unused char sfrm) | 2035 __unused char sfrm, int xml) |
1377{ 1378 | 2036{ 2037 |
1379 print_tok_type(fp, tok->id, "ip addr", raw); 1380 print_delim(fp, del); 1381 print_ip_address(fp, tok->tt.inaddr.addr); | 2038 print_tok_type(fp, tok->id, "ip addr", raw, xml); 2039 if (xml) { 2040 print_ip_address(fp, tok->tt.inaddr.addr); 2041 close_tag(fp, tok->id); 2042 } else { 2043 print_delim(fp, del); 2044 print_ip_address(fp, tok->tt.inaddr.addr); 2045 } |
1382} 1383 1384/* 1385 * type 4 bytes 1386 * address 16 bytes 1387 */ 1388static int | 2046} 2047 2048/* 2049 * type 4 bytes 2050 * address 16 bytes 2051 */ 2052static int |
1389fetch_inaddr_ex_tok(tokenstr_t *tok, char *buf, int len) | 2053fetch_inaddr_ex_tok(tokenstr_t *tok, u_char *buf, int len) |
1390{ 1391 int err = 0; 1392 1393 READ_TOKEN_U_INT32(buf, len, tok->tt.inaddr_ex.type, tok->len, err); 1394 if (err) 1395 return (-1); 1396 1397 if (tok->tt.inaddr_ex.type == AU_IPv4) { --- 9 unchanged lines hidden (view full) --- 1407 } else 1408 return (-1); 1409 1410 return (0); 1411} 1412 1413static void 1414print_inaddr_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 2054{ 2055 int err = 0; 2056 2057 READ_TOKEN_U_INT32(buf, len, tok->tt.inaddr_ex.type, tok->len, err); 2058 if (err) 2059 return (-1); 2060 2061 if (tok->tt.inaddr_ex.type == AU_IPv4) { --- 9 unchanged lines hidden (view full) --- 2071 } else 2072 return (-1); 2073 2074 return (0); 2075} 2076 2077static void 2078print_inaddr_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
1415 __unused char sfrm) | 2079 __unused char sfrm, int xml) |
1416{ 1417 | 2080{ 2081 |
1418 print_tok_type(fp, tok->id, "ip addr ex", raw); 1419 print_delim(fp, del); 1420 print_ip_ex_address(fp, tok->tt.inaddr_ex.type, 1421 tok->tt.inaddr_ex.addr); | 2082 print_tok_type(fp, tok->id, "ip addr ex", raw, xml); 2083 if (xml) { 2084 print_ip_ex_address(fp, tok->tt.inaddr_ex.type, 2085 tok->tt.inaddr_ex.addr); 2086 close_tag(fp, tok->id); 2087 } else { 2088 print_delim(fp, del); 2089 print_ip_ex_address(fp, tok->tt.inaddr_ex.type, 2090 tok->tt.inaddr_ex.addr); 2091 } |
1422} 1423 1424/* 1425 * ip header 20 bytes 1426 */ 1427static int | 2092} 2093 2094/* 2095 * ip header 20 bytes 2096 */ 2097static int |
1428fetch_ip_tok(tokenstr_t *tok, char *buf, int len) | 2098fetch_ip_tok(tokenstr_t *tok, u_char *buf, int len) |
1429{ 1430 int err = 0; 1431 1432 READ_TOKEN_U_CHAR(buf, len, tok->tt.ip.version, tok->len, err); 1433 if (err) 1434 return (-1); 1435 1436 READ_TOKEN_U_CHAR(buf, len, tok->tt.ip.tos, tok->len, err); --- 38 unchanged lines hidden (view full) --- 1475 if (err) 1476 return (-1); 1477 1478 return (0); 1479} 1480 1481static void 1482print_ip_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 2099{ 2100 int err = 0; 2101 2102 READ_TOKEN_U_CHAR(buf, len, tok->tt.ip.version, tok->len, err); 2103 if (err) 2104 return (-1); 2105 2106 READ_TOKEN_U_CHAR(buf, len, tok->tt.ip.tos, tok->len, err); --- 38 unchanged lines hidden (view full) --- 2145 if (err) 2146 return (-1); 2147 2148 return (0); 2149} 2150 2151static void 2152print_ip_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
1483 __unused char sfrm) | 2153 __unused char sfrm, int xml) |
1484{ 1485 | 2154{ 2155 |
1486 print_tok_type(fp, tok->id, "ip", raw); 1487 print_delim(fp, del); 1488 print_mem(fp, (u_char *)(&tok->tt.ip.version), sizeof(u_char)); 1489 print_delim(fp, del); 1490 print_mem(fp, (u_char *)(&tok->tt.ip.tos), sizeof(u_char)); 1491 print_delim(fp, del); 1492 print_2_bytes(fp, ntohs(tok->tt.ip.len), "%u"); 1493 print_delim(fp, del); 1494 print_2_bytes(fp, ntohs(tok->tt.ip.id), "%u"); 1495 print_delim(fp, del); 1496 print_2_bytes(fp, ntohs(tok->tt.ip.offset), "%u"); 1497 print_delim(fp, del); 1498 print_mem(fp, (u_char *)(&tok->tt.ip.ttl), sizeof(u_char)); 1499 print_delim(fp, del); 1500 print_mem(fp, (u_char *)(&tok->tt.ip.prot), sizeof(u_char)); 1501 print_delim(fp, del); 1502 print_2_bytes(fp, ntohs(tok->tt.ip.chksm), "%u"); 1503 print_delim(fp, del); 1504 print_ip_address(fp, tok->tt.ip.src); 1505 print_delim(fp, del); 1506 print_ip_address(fp, tok->tt.ip.dest); | 2156 print_tok_type(fp, tok->id, "ip", raw, xml); 2157 if (xml) { 2158 open_attr(fp, "version"); 2159 print_mem(fp, (u_char *)(&tok->tt.ip.version), 2160 sizeof(u_char)); 2161 close_attr(fp); 2162 open_attr(fp, "service_type"); 2163 print_mem(fp, (u_char *)(&tok->tt.ip.tos), sizeof(u_char)); 2164 close_attr(fp); 2165 open_attr(fp, "len"); 2166 print_2_bytes(fp, ntohs(tok->tt.ip.len), "%u"); 2167 close_attr(fp); 2168 open_attr(fp, "id"); 2169 print_2_bytes(fp, ntohs(tok->tt.ip.id), "%u"); 2170 close_attr(fp); 2171 open_attr(fp, "offset"); 2172 print_2_bytes(fp, ntohs(tok->tt.ip.offset), "%u"); 2173 close_attr(fp); 2174 open_attr(fp, "time_to_live"); 2175 print_mem(fp, (u_char *)(&tok->tt.ip.ttl), sizeof(u_char)); 2176 close_attr(fp); 2177 open_attr(fp, "protocol"); 2178 print_mem(fp, (u_char *)(&tok->tt.ip.prot), sizeof(u_char)); 2179 close_attr(fp); 2180 open_attr(fp, "cksum"); 2181 print_2_bytes(fp, ntohs(tok->tt.ip.chksm), "%u"); 2182 close_attr(fp); 2183 open_attr(fp, "src_addr"); 2184 print_ip_address(fp, tok->tt.ip.src); 2185 close_attr(fp); 2186 open_attr(fp, "dest_addr"); 2187 print_ip_address(fp, tok->tt.ip.dest); 2188 close_attr(fp); 2189 close_tag(fp, tok->id); 2190 } else { 2191 print_delim(fp, del); 2192 print_mem(fp, (u_char *)(&tok->tt.ip.version), 2193 sizeof(u_char)); 2194 print_delim(fp, del); 2195 print_mem(fp, (u_char *)(&tok->tt.ip.tos), sizeof(u_char)); 2196 print_delim(fp, del); 2197 print_2_bytes(fp, ntohs(tok->tt.ip.len), "%u"); 2198 print_delim(fp, del); 2199 print_2_bytes(fp, ntohs(tok->tt.ip.id), "%u"); 2200 print_delim(fp, del); 2201 print_2_bytes(fp, ntohs(tok->tt.ip.offset), "%u"); 2202 print_delim(fp, del); 2203 print_mem(fp, (u_char *)(&tok->tt.ip.ttl), sizeof(u_char)); 2204 print_delim(fp, del); 2205 print_mem(fp, (u_char *)(&tok->tt.ip.prot), sizeof(u_char)); 2206 print_delim(fp, del); 2207 print_2_bytes(fp, ntohs(tok->tt.ip.chksm), "%u"); 2208 print_delim(fp, del); 2209 print_ip_address(fp, tok->tt.ip.src); 2210 print_delim(fp, del); 2211 print_ip_address(fp, tok->tt.ip.dest); 2212 } |
1507} 1508 1509/* 1510 * object ID type 1 byte 1511 * Object ID 4 bytes 1512 */ 1513static int | 2213} 2214 2215/* 2216 * object ID type 1 byte 2217 * Object ID 4 bytes 2218 */ 2219static int |
1514fetch_ipc_tok(tokenstr_t *tok, char *buf, int len) | 2220fetch_ipc_tok(tokenstr_t *tok, u_char *buf, int len) |
1515{ 1516 int err = 0; 1517 1518 READ_TOKEN_U_CHAR(buf, len, tok->tt.ipc.type, tok->len, err); 1519 if (err) 1520 return (-1); 1521 1522 READ_TOKEN_U_INT32(buf, len, tok->tt.ipc.id, tok->len, err); 1523 if (err) 1524 return (-1); 1525 1526 return (0); 1527} 1528 1529static void 1530print_ipc_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 2221{ 2222 int err = 0; 2223 2224 READ_TOKEN_U_CHAR(buf, len, tok->tt.ipc.type, tok->len, err); 2225 if (err) 2226 return (-1); 2227 2228 READ_TOKEN_U_INT32(buf, len, tok->tt.ipc.id, tok->len, err); 2229 if (err) 2230 return (-1); 2231 2232 return (0); 2233} 2234 2235static void 2236print_ipc_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
1531 __unused char sfrm) | 2237 __unused char sfrm, int xml) |
1532{ 1533 | 2238{ 2239 |
1534 print_tok_type(fp, tok->id, "IPC", raw); 1535 print_delim(fp, del); 1536 print_ipctype(fp, tok->tt.ipc.type, raw); 1537 print_delim(fp, del); 1538 print_4_bytes(fp, tok->tt.ipc.id, "%u"); | 2240 print_tok_type(fp, tok->id, "IPC", raw, xml); 2241 if (xml) { 2242 open_attr(fp, "ipc-type"); 2243 print_ipctype(fp, tok->tt.ipc.type, raw); 2244 close_attr(fp); 2245 open_attr(fp, "ipc-id"); 2246 print_4_bytes(fp, tok->tt.ipc.id, "%u"); 2247 close_attr(fp); 2248 close_tag(fp, tok->id); 2249 } else { 2250 print_delim(fp, del); 2251 print_ipctype(fp, tok->tt.ipc.type, raw); 2252 print_delim(fp, del); 2253 print_4_bytes(fp, tok->tt.ipc.id, "%u"); 2254 } |
1539} 1540 1541/* 1542 * owner user id 4 bytes 1543 * owner group id 4 bytes 1544 * creator user id 4 bytes 1545 * creator group id 4 bytes 1546 * access mode 4 bytes 1547 * slot seq 4 bytes 1548 * key 4 bytes 1549 */ 1550static int | 2255} 2256 2257/* 2258 * owner user id 4 bytes 2259 * owner group id 4 bytes 2260 * creator user id 4 bytes 2261 * creator group id 4 bytes 2262 * access mode 4 bytes 2263 * slot seq 4 bytes 2264 * key 4 bytes 2265 */ 2266static int |
1551fetch_ipcperm_tok(tokenstr_t *tok, char *buf, int len) | 2267fetch_ipcperm_tok(tokenstr_t *tok, u_char *buf, int len) |
1552{ 1553 int err = 0; 1554 1555 READ_TOKEN_U_INT32(buf, len, tok->tt.ipcperm.uid, tok->len, err); 1556 if (err) 1557 return (-1); 1558 1559 READ_TOKEN_U_INT32(buf, len, tok->tt.ipcperm.gid, tok->len, err); --- 20 unchanged lines hidden (view full) --- 1580 if (err) 1581 return (-1); 1582 1583 return (0); 1584} 1585 1586static void 1587print_ipcperm_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 2268{ 2269 int err = 0; 2270 2271 READ_TOKEN_U_INT32(buf, len, tok->tt.ipcperm.uid, tok->len, err); 2272 if (err) 2273 return (-1); 2274 2275 READ_TOKEN_U_INT32(buf, len, tok->tt.ipcperm.gid, tok->len, err); --- 20 unchanged lines hidden (view full) --- 2296 if (err) 2297 return (-1); 2298 2299 return (0); 2300} 2301 2302static void 2303print_ipcperm_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
1588 __unused char sfrm) | 2304 __unused char sfrm, int xml) |
1589{ 1590 | 2305{ 2306 |
1591 print_tok_type(fp, tok->id, "IPC perm", raw); 1592 print_delim(fp, del); 1593 print_user(fp, tok->tt.ipcperm.uid, raw); 1594 print_delim(fp, del); 1595 print_group(fp, tok->tt.ipcperm.gid, raw); 1596 print_delim(fp, del); 1597 print_user(fp, tok->tt.ipcperm.puid, raw); 1598 print_delim(fp, del); 1599 print_group(fp, tok->tt.ipcperm.pgid, raw); 1600 print_delim(fp, del); 1601 print_4_bytes(fp, tok->tt.ipcperm.mode, "%o"); 1602 print_delim(fp, del); 1603 print_4_bytes(fp, tok->tt.ipcperm.seq, "%u"); 1604 print_delim(fp, del); 1605 print_4_bytes(fp, tok->tt.ipcperm.key, "%u"); | 2307 print_tok_type(fp, tok->id, "IPC perm", raw, xml); 2308 if (xml) { 2309 open_attr(fp, "uid"); 2310 print_user(fp, tok->tt.ipcperm.uid, raw); 2311 close_attr(fp); 2312 open_attr(fp, "gid"); 2313 print_group(fp, tok->tt.ipcperm.gid, raw); 2314 close_attr(fp); 2315 open_attr(fp, "creator-uid"); 2316 print_user(fp, tok->tt.ipcperm.puid, raw); 2317 close_attr(fp); 2318 open_attr(fp, "creator-gid"); 2319 print_group(fp, tok->tt.ipcperm.pgid, raw); 2320 close_attr(fp); 2321 open_attr(fp, "mode"); 2322 print_4_bytes(fp, tok->tt.ipcperm.mode, "%o"); 2323 close_attr(fp); 2324 open_attr(fp, "seq"); 2325 print_4_bytes(fp, tok->tt.ipcperm.seq, "%u"); 2326 close_attr(fp); 2327 open_attr(fp, "key"); 2328 print_4_bytes(fp, tok->tt.ipcperm.key, "%u"); 2329 close_attr(fp); 2330 close_tag(fp, tok->id); 2331 } else { 2332 print_delim(fp, del); 2333 print_user(fp, tok->tt.ipcperm.uid, raw); 2334 print_delim(fp, del); 2335 print_group(fp, tok->tt.ipcperm.gid, raw); 2336 print_delim(fp, del); 2337 print_user(fp, tok->tt.ipcperm.puid, raw); 2338 print_delim(fp, del); 2339 print_group(fp, tok->tt.ipcperm.pgid, raw); 2340 print_delim(fp, del); 2341 print_4_bytes(fp, tok->tt.ipcperm.mode, "%o"); 2342 print_delim(fp, del); 2343 print_4_bytes(fp, tok->tt.ipcperm.seq, "%u"); 2344 print_delim(fp, del); 2345 print_4_bytes(fp, tok->tt.ipcperm.key, "%u"); 2346 } |
1606} 1607 1608/* 1609 * port Ip address 2 bytes 1610 */ 1611static int | 2347} 2348 2349/* 2350 * port Ip address 2 bytes 2351 */ 2352static int |
1612fetch_iport_tok(tokenstr_t *tok, char *buf, int len) | 2353fetch_iport_tok(tokenstr_t *tok, u_char *buf, int len) |
1613{ 1614 int err = 0; 1615 1616 READ_TOKEN_BYTES(buf, len, &tok->tt.iport.port, sizeof(uint16_t), 1617 tok->len, err); 1618 if (err) 1619 return (-1); 1620 1621 return (0); 1622} 1623 1624static void 1625print_iport_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 2354{ 2355 int err = 0; 2356 2357 READ_TOKEN_BYTES(buf, len, &tok->tt.iport.port, sizeof(uint16_t), 2358 tok->len, err); 2359 if (err) 2360 return (-1); 2361 2362 return (0); 2363} 2364 2365static void 2366print_iport_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
1626 __unused char sfrm) | 2367 __unused char sfrm, int xml) |
1627{ 1628 | 2368{ 2369 |
1629 print_tok_type(fp, tok->id, "ip port", raw); 1630 print_delim(fp, del); 1631 print_2_bytes(fp, ntohs(tok->tt.iport.port), "%#x"); | 2370 print_tok_type(fp, tok->id, "ip port", raw, xml); 2371 if (xml) { 2372 print_2_bytes(fp, ntohs(tok->tt.iport.port), "%#x"); 2373 close_tag(fp, tok->id); 2374 } else { 2375 print_delim(fp, del); 2376 print_2_bytes(fp, ntohs(tok->tt.iport.port), "%#x"); 2377 } |
1632} 1633 1634/* 1635 * size 2 bytes 1636 * data size bytes 1637 */ 1638static int | 2378} 2379 2380/* 2381 * size 2 bytes 2382 * data size bytes 2383 */ 2384static int |
1639fetch_opaque_tok(tokenstr_t *tok, char *buf, int len) | 2385fetch_opaque_tok(tokenstr_t *tok, u_char *buf, int len) |
1640{ 1641 int err = 0; 1642 1643 READ_TOKEN_U_INT16(buf, len, tok->tt.opaque.size, tok->len, err); 1644 if (err) 1645 return (-1); 1646 | 2386{ 2387 int err = 0; 2388 2389 READ_TOKEN_U_INT16(buf, len, tok->tt.opaque.size, tok->len, err); 2390 if (err) 2391 return (-1); 2392 |
1647 SET_PTR(buf, len, tok->tt.opaque.data, tok->tt.opaque.size, tok->len, 1648 err); | 2393 SET_PTR((char*)buf, len, tok->tt.opaque.data, tok->tt.opaque.size, 2394 tok->len, err); |
1649 if (err) 1650 return (-1); 1651 1652 return (0); 1653} 1654 1655static void 1656print_opaque_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 2395 if (err) 2396 return (-1); 2397 2398 return (0); 2399} 2400 2401static void 2402print_opaque_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
1657 __unused char sfrm) | 2403 __unused char sfrm, int xml) |
1658{ 1659 | 2404{ 2405 |
1660 print_tok_type(fp, tok->id, "opaque", raw); 1661 print_delim(fp, del); 1662 print_2_bytes(fp, tok->tt.opaque.size, "%u"); 1663 print_delim(fp, del); 1664 print_mem(fp, tok->tt.opaque.data, tok->tt.opaque.size); | 2406 print_tok_type(fp, tok->id, "opaque", raw, xml); 2407 if (xml) { 2408 print_mem(fp, (u_char*)tok->tt.opaque.data, 2409 tok->tt.opaque.size); 2410 close_tag(fp, tok->id); 2411 } else { 2412 print_delim(fp, del); 2413 print_2_bytes(fp, tok->tt.opaque.size, "%u"); 2414 print_delim(fp, del); 2415 print_mem(fp, (u_char*)tok->tt.opaque.data, 2416 tok->tt.opaque.size); 2417 } |
1665} 1666 1667/* 1668 * size 2 bytes 1669 * data size bytes 1670 */ 1671static int | 2418} 2419 2420/* 2421 * size 2 bytes 2422 * data size bytes 2423 */ 2424static int |
1672fetch_path_tok(tokenstr_t *tok, char *buf, int len) | 2425fetch_path_tok(tokenstr_t *tok, u_char *buf, int len) |
1673{ 1674 int err = 0; 1675 1676 READ_TOKEN_U_INT16(buf, len, tok->tt.path.len, tok->len, err); 1677 if (err) 1678 return (-1); 1679 | 2426{ 2427 int err = 0; 2428 2429 READ_TOKEN_U_INT16(buf, len, tok->tt.path.len, tok->len, err); 2430 if (err) 2431 return (-1); 2432 |
1680 SET_PTR(buf, len, tok->tt.path.path, tok->tt.path.len, tok->len, err); | 2433 SET_PTR((char*)buf, len, tok->tt.path.path, tok->tt.path.len, tok->len, 2434 err); |
1681 if (err) 1682 return (-1); 1683 1684 return (0); 1685} 1686 1687static void 1688print_path_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 2435 if (err) 2436 return (-1); 2437 2438 return (0); 2439} 2440 2441static void 2442print_path_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
1689 __unused char sfrm) | 2443 __unused char sfrm, int xml) |
1690{ 1691 | 2444{ 2445 |
1692 print_tok_type(fp, tok->id, "path", raw); 1693 print_delim(fp, del); 1694 print_string(fp, tok->tt.path.path, tok->tt.path.len); | 2446 print_tok_type(fp, tok->id, "path", raw, xml); 2447 if (xml) { 2448 print_string(fp, tok->tt.path.path, tok->tt.path.len); 2449 close_tag(fp, tok->id); 2450 } else { 2451 print_delim(fp, del); 2452 print_string(fp, tok->tt.path.path, tok->tt.path.len); 2453 } |
1695} 1696 1697/* 1698 * token ID 1 byte 1699 * audit ID 4 bytes 1700 * euid 4 bytes 1701 * egid 4 bytes 1702 * ruid 4 bytes 1703 * rgid 4 bytes 1704 * pid 4 bytes 1705 * sessid 4 bytes 1706 * terminal ID 1707 * portid 4 bytes 1708 * machine id 4 bytes 1709 */ 1710static int | 2454} 2455 2456/* 2457 * token ID 1 byte 2458 * audit ID 4 bytes 2459 * euid 4 bytes 2460 * egid 4 bytes 2461 * ruid 4 bytes 2462 * rgid 4 bytes 2463 * pid 4 bytes 2464 * sessid 4 bytes 2465 * terminal ID 2466 * portid 4 bytes 2467 * machine id 4 bytes 2468 */ 2469static int |
1711fetch_process32_tok(tokenstr_t *tok, char *buf, int len) | 2470fetch_process32_tok(tokenstr_t *tok, u_char *buf, int len) |
1712{ 1713 int err = 0; 1714 1715 READ_TOKEN_U_INT32(buf, len, tok->tt.proc32.auid, tok->len, err); 1716 if (err) 1717 return (-1); 1718 1719 READ_TOKEN_U_INT32(buf, len, tok->tt.proc32.euid, tok->len, err); --- 29 unchanged lines hidden (view full) --- 1749 if (err) 1750 return (-1); 1751 1752 return (0); 1753} 1754 1755static void 1756print_process32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 2471{ 2472 int err = 0; 2473 2474 READ_TOKEN_U_INT32(buf, len, tok->tt.proc32.auid, tok->len, err); 2475 if (err) 2476 return (-1); 2477 2478 READ_TOKEN_U_INT32(buf, len, tok->tt.proc32.euid, tok->len, err); --- 29 unchanged lines hidden (view full) --- 2508 if (err) 2509 return (-1); 2510 2511 return (0); 2512} 2513 2514static void 2515print_process32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
1757 __unused char sfrm) | 2516 __unused char sfrm, int xml) |
1758{ 1759 | 2517{ 2518 |
1760 print_tok_type(fp, tok->id, "process", raw); 1761 print_delim(fp, del); 1762 print_user(fp, tok->tt.proc32.auid, raw); 1763 print_delim(fp, del); 1764 print_user(fp, tok->tt.proc32.euid, raw); 1765 print_delim(fp, del); 1766 print_group(fp, tok->tt.proc32.egid, raw); 1767 print_delim(fp, del); 1768 print_user(fp, tok->tt.proc32.ruid, raw); 1769 print_delim(fp, del); 1770 print_group(fp, tok->tt.proc32.rgid, raw); 1771 print_delim(fp, del); 1772 print_4_bytes(fp, tok->tt.proc32.pid, "%u"); 1773 print_delim(fp, del); 1774 print_4_bytes(fp, tok->tt.proc32.sid, "%u"); 1775 print_delim(fp, del); 1776 print_4_bytes(fp, tok->tt.proc32.tid.port, "%u"); 1777 print_delim(fp, del); 1778 print_ip_address(fp, tok->tt.proc32.tid.addr); | 2519 print_tok_type(fp, tok->id, "process", raw, xml); 2520 if (xml) { 2521 open_attr(fp, "audit-uid"); 2522 print_user(fp, tok->tt.proc32.auid, raw); 2523 close_attr(fp); 2524 open_attr(fp, "uid"); 2525 print_user(fp, tok->tt.proc32.euid, raw); 2526 close_attr(fp); 2527 open_attr(fp, "gid"); 2528 print_group(fp, tok->tt.proc32.egid, raw); 2529 close_attr(fp); 2530 open_attr(fp, "ruid"); 2531 print_user(fp, tok->tt.proc32.ruid, raw); 2532 close_attr(fp); 2533 open_attr(fp, "rgid"); 2534 print_group(fp, tok->tt.proc32.rgid, raw); 2535 close_attr(fp); 2536 open_attr(fp, "pid"); 2537 print_4_bytes(fp, tok->tt.proc32.pid, "%u"); 2538 close_attr(fp); 2539 open_attr(fp, "sid"); 2540 print_4_bytes(fp, tok->tt.proc32.sid, "%u"); 2541 close_attr(fp); 2542 open_attr(fp, "tid"); 2543 print_4_bytes(fp, tok->tt.proc32.tid.port, "%u"); 2544 print_ip_address(fp, tok->tt.proc32.tid.addr); 2545 close_attr(fp); 2546 close_tag(fp, tok->id); 2547 } else { 2548 print_delim(fp, del); 2549 print_user(fp, tok->tt.proc32.auid, raw); 2550 print_delim(fp, del); 2551 print_user(fp, tok->tt.proc32.euid, raw); 2552 print_delim(fp, del); 2553 print_group(fp, tok->tt.proc32.egid, raw); 2554 print_delim(fp, del); 2555 print_user(fp, tok->tt.proc32.ruid, raw); 2556 print_delim(fp, del); 2557 print_group(fp, tok->tt.proc32.rgid, raw); 2558 print_delim(fp, del); 2559 print_4_bytes(fp, tok->tt.proc32.pid, "%u"); 2560 print_delim(fp, del); 2561 print_4_bytes(fp, tok->tt.proc32.sid, "%u"); 2562 print_delim(fp, del); 2563 print_4_bytes(fp, tok->tt.proc32.tid.port, "%u"); 2564 print_delim(fp, del); 2565 print_ip_address(fp, tok->tt.proc32.tid.addr); 2566 } |
1779} 1780 | 2567} 2568 |
2569/* 2570 * token ID 1 byte 2571 * audit ID 4 bytes 2572 * euid 4 bytes 2573 * egid 4 bytes 2574 * ruid 4 bytes 2575 * rgid 4 bytes 2576 * pid 4 bytes 2577 * sessid 4 bytes 2578 * terminal ID 2579 * portid 8 bytes 2580 * machine id 4 bytes 2581 */ |
|
1781static int | 2582static int |
1782fetch_process32ex_tok(tokenstr_t *tok, char *buf, int len) | 2583fetch_process64_tok(tokenstr_t *tok, u_char *buf, int len) |
1783{ 1784 int err = 0; 1785 | 2584{ 2585 int err = 0; 2586 |
2587 READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.auid, tok->len, err); 2588 if (err) 2589 return (-1); 2590 2591 READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.euid, tok->len, err); 2592 if (err) 2593 return (-1); 2594 2595 READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.egid, tok->len, err); 2596 if (err) 2597 return (-1); 2598 2599 READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.ruid, tok->len, err); 2600 if (err) 2601 return (-1); 2602 2603 READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.rgid, tok->len, err); 2604 if (err) 2605 return (-1); 2606 2607 READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.pid, tok->len, err); 2608 if (err) 2609 return (-1); 2610 2611 READ_TOKEN_U_INT32(buf, len, tok->tt.proc64.sid, tok->len, err); 2612 if (err) 2613 return (-1); 2614 2615 READ_TOKEN_U_INT64(buf, len, tok->tt.proc64.tid.port, tok->len, err); 2616 if (err) 2617 return (-1); 2618 2619 READ_TOKEN_BYTES(buf, len, &tok->tt.proc64.tid.addr, 2620 sizeof(tok->tt.proc64.tid.addr), tok->len, err); 2621 if (err) 2622 return (-1); 2623 2624 return (0); 2625} 2626 2627static void 2628print_process64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, 2629 __unused char sfrm, int xml) 2630{ 2631 print_tok_type(fp, tok->id, "process", raw, xml); 2632 if (xml) { 2633 open_attr(fp, "audit-uid"); 2634 print_user(fp, tok->tt.proc64.auid, raw); 2635 close_attr(fp); 2636 open_attr(fp, "uid"); 2637 print_user(fp, tok->tt.proc64.euid, raw); 2638 close_attr(fp); 2639 open_attr(fp, "gid"); 2640 print_group(fp, tok->tt.proc64.egid, raw); 2641 close_attr(fp); 2642 open_attr(fp, "ruid"); 2643 print_user(fp, tok->tt.proc64.ruid, raw); 2644 close_attr(fp); 2645 open_attr(fp, "rgid"); 2646 print_group(fp, tok->tt.proc64.rgid, raw); 2647 close_attr(fp); 2648 open_attr(fp, "pid"); 2649 print_4_bytes(fp, tok->tt.proc64.pid, "%u"); 2650 close_attr(fp); 2651 open_attr(fp, "sid"); 2652 print_4_bytes(fp, tok->tt.proc64.sid, "%u"); 2653 close_attr(fp); 2654 open_attr(fp, "tid"); 2655 print_8_bytes(fp, tok->tt.proc64.tid.port, "%llu"); 2656 print_ip_address(fp, tok->tt.proc64.tid.addr); 2657 close_attr(fp); 2658 close_tag(fp, tok->id); 2659 } else { 2660 print_delim(fp, del); 2661 print_user(fp, tok->tt.proc64.auid, raw); 2662 print_delim(fp, del); 2663 print_user(fp, tok->tt.proc64.euid, raw); 2664 print_delim(fp, del); 2665 print_group(fp, tok->tt.proc64.egid, raw); 2666 print_delim(fp, del); 2667 print_user(fp, tok->tt.proc64.ruid, raw); 2668 print_delim(fp, del); 2669 print_group(fp, tok->tt.proc64.rgid, raw); 2670 print_delim(fp, del); 2671 print_4_bytes(fp, tok->tt.proc64.pid, "%u"); 2672 print_delim(fp, del); 2673 print_4_bytes(fp, tok->tt.proc64.sid, "%u"); 2674 print_delim(fp, del); 2675 print_8_bytes(fp, tok->tt.proc64.tid.port, "%llu"); 2676 print_delim(fp, del); 2677 print_ip_address(fp, tok->tt.proc64.tid.addr); 2678 } 2679} 2680 2681/* 2682 * token ID 1 byte 2683 * audit ID 4 bytes 2684 * effective user ID 4 bytes 2685 * effective group ID 4 bytes 2686 * real user ID 4 bytes 2687 * real group ID 4 bytes 2688 * process ID 4 bytes 2689 * session ID 4 bytes 2690 * terminal ID 2691 * port ID 4 bytes 2692 * address type-len 4 bytes 2693 * machine address 16 bytes 2694 */ 2695static int 2696fetch_process32ex_tok(tokenstr_t *tok, u_char *buf, int len) 2697{ 2698 int err = 0; 2699 |
|
1786 READ_TOKEN_U_INT32(buf, len, tok->tt.proc32_ex.auid, tok->len, err); 1787 if (err) 1788 return (-1); 1789 1790 READ_TOKEN_U_INT32(buf, len, tok->tt.proc32_ex.euid, tok->len, err); 1791 if (err) 1792 return (-1); 1793 --- 40 unchanged lines hidden (view full) --- 1834 } else 1835 return (-1); 1836 1837 return (0); 1838} 1839 1840static void 1841print_process32ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 2700 READ_TOKEN_U_INT32(buf, len, tok->tt.proc32_ex.auid, tok->len, err); 2701 if (err) 2702 return (-1); 2703 2704 READ_TOKEN_U_INT32(buf, len, tok->tt.proc32_ex.euid, tok->len, err); 2705 if (err) 2706 return (-1); 2707 --- 40 unchanged lines hidden (view full) --- 2748 } else 2749 return (-1); 2750 2751 return (0); 2752} 2753 2754static void 2755print_process32ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
1842 __unused char sfrm) | 2756 __unused char sfrm, int xml) |
1843{ 1844 | 2757{ 2758 |
1845 print_tok_type(fp, tok->id, "process_ex", raw); 1846 print_delim(fp, del); 1847 print_user(fp, tok->tt.proc32_ex.auid, raw); 1848 print_delim(fp, del); 1849 print_user(fp, tok->tt.proc32_ex.euid, raw); 1850 print_delim(fp, del); 1851 print_group(fp, tok->tt.proc32_ex.egid, raw); 1852 print_delim(fp, del); 1853 print_user(fp, tok->tt.proc32_ex.ruid, raw); 1854 print_delim(fp, del); 1855 print_group(fp, tok->tt.proc32_ex.rgid, raw); 1856 print_delim(fp, del); 1857 print_4_bytes(fp, tok->tt.proc32_ex.pid, "%u"); 1858 print_delim(fp, del); 1859 print_4_bytes(fp, tok->tt.proc32_ex.sid, "%u"); 1860 print_delim(fp, del); 1861 print_4_bytes(fp, tok->tt.proc32_ex.tid.port, "%u"); 1862 print_delim(fp, del); 1863 print_ip_ex_address(fp, tok->tt.proc32_ex.tid.type, 1864 tok->tt.proc32_ex.tid.addr); | 2759 print_tok_type(fp, tok->id, "process_ex", raw, xml); 2760 if (xml) { 2761 open_attr(fp, "audit-uid"); 2762 print_user(fp, tok->tt.proc32_ex.auid, raw); 2763 close_attr(fp); 2764 open_attr(fp, "uid"); 2765 print_user(fp, tok->tt.proc32_ex.euid, raw); 2766 close_attr(fp); 2767 open_attr(fp, "gid"); 2768 print_group(fp, tok->tt.proc32_ex.egid, raw); 2769 close_attr(fp); 2770 open_attr(fp, "ruid"); 2771 print_user(fp, tok->tt.proc32_ex.ruid, raw); 2772 close_attr(fp); 2773 open_attr(fp, "rgid"); 2774 print_group(fp, tok->tt.proc32_ex.rgid, raw); 2775 close_attr(fp); 2776 open_attr(fp, "pid"); 2777 print_4_bytes(fp, tok->tt.proc32_ex.pid, "%u"); 2778 close_attr(fp); 2779 open_attr(fp, "sid"); 2780 print_4_bytes(fp, tok->tt.proc32_ex.sid, "%u"); 2781 close_attr(fp); 2782 open_attr(fp, "tid"); 2783 print_4_bytes(fp, tok->tt.proc32_ex.tid.port, "%u"); 2784 print_ip_ex_address(fp, tok->tt.proc32_ex.tid.type, 2785 tok->tt.proc32_ex.tid.addr); 2786 close_attr(fp); 2787 close_tag(fp, tok->id); 2788 } else { 2789 print_delim(fp, del); 2790 print_user(fp, tok->tt.proc32_ex.auid, raw); 2791 print_delim(fp, del); 2792 print_user(fp, tok->tt.proc32_ex.euid, raw); 2793 print_delim(fp, del); 2794 print_group(fp, tok->tt.proc32_ex.egid, raw); 2795 print_delim(fp, del); 2796 print_user(fp, tok->tt.proc32_ex.ruid, raw); 2797 print_delim(fp, del); 2798 print_group(fp, tok->tt.proc32_ex.rgid, raw); 2799 print_delim(fp, del); 2800 print_4_bytes(fp, tok->tt.proc32_ex.pid, "%u"); 2801 print_delim(fp, del); 2802 print_4_bytes(fp, tok->tt.proc32_ex.sid, "%u"); 2803 print_delim(fp, del); 2804 print_4_bytes(fp, tok->tt.proc32_ex.tid.port, "%u"); 2805 print_delim(fp, del); 2806 print_ip_ex_address(fp, tok->tt.proc32_ex.tid.type, 2807 tok->tt.proc32_ex.tid.addr); 2808 } |
1865} 1866 1867/* | 2809} 2810 2811/* |
2812 * token ID 1 byte 2813 * audit ID 4 bytes 2814 * effective user ID 4 bytes 2815 * effective group ID 4 bytes 2816 * real user ID 4 bytes 2817 * real group ID 4 bytes 2818 * process ID 4 bytes 2819 * session ID 4 bytes 2820 * terminal ID 2821 * port ID 8 bytes 2822 * address type-len 4 bytes 2823 * machine address 16 bytes 2824 */ 2825static int 2826fetch_process64ex_tok(tokenstr_t *tok, u_char *buf, int len) 2827{ 2828 int err = 0; 2829 2830 READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.auid, tok->len, err); 2831 if (err) 2832 return (-1); 2833 2834 READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.euid, tok->len, err); 2835 if (err) 2836 return (-1); 2837 2838 READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.egid, tok->len, err); 2839 if (err) 2840 return (-1); 2841 2842 READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.ruid, tok->len, err); 2843 if (err) 2844 return (-1); 2845 2846 READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.rgid, tok->len, err); 2847 if (err) 2848 return (-1); 2849 2850 READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.pid, tok->len, err); 2851 if (err) 2852 return (-1); 2853 2854 READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.sid, tok->len, err); 2855 if (err) 2856 return (-1); 2857 2858 READ_TOKEN_U_INT64(buf, len, tok->tt.proc64_ex.tid.port, tok->len, 2859 err); 2860 if (err) 2861 return (-1); 2862 2863 READ_TOKEN_U_INT32(buf, len, tok->tt.proc64_ex.tid.type, tok->len, 2864 err); 2865 if (err) 2866 return (-1); 2867 2868 if (tok->tt.proc64_ex.tid.type == AU_IPv4) { 2869 READ_TOKEN_BYTES(buf, len, &tok->tt.proc64_ex.tid.addr[0], 2870 sizeof(tok->tt.proc64_ex.tid.addr[0]), tok->len, err); 2871 if (err) 2872 return (-1); 2873 } else if (tok->tt.proc64_ex.tid.type == AU_IPv6) { 2874 READ_TOKEN_BYTES(buf, len, tok->tt.proc64_ex.tid.addr, 2875 sizeof(tok->tt.proc64_ex.tid.addr), tok->len, err); 2876 if (err) 2877 return (-1); 2878 } else 2879 return (-1); 2880 2881 return (0); 2882} 2883 2884static void 2885print_process64ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, 2886 __unused char sfrm, int xml) 2887{ 2888 print_tok_type(fp, tok->id, "process_ex", raw, xml); 2889 if (xml) { 2890 open_attr(fp, "audit-uid"); 2891 print_user(fp, tok->tt.proc64_ex.auid, raw); 2892 close_attr(fp); 2893 open_attr(fp, "uid"); 2894 print_user(fp, tok->tt.proc64_ex.euid, raw); 2895 close_attr(fp); 2896 open_attr(fp, "gid"); 2897 print_group(fp, tok->tt.proc64_ex.egid, raw); 2898 close_attr(fp); 2899 open_attr(fp, "ruid"); 2900 print_user(fp, tok->tt.proc64_ex.ruid, raw); 2901 close_attr(fp); 2902 open_attr(fp, "rgid"); 2903 print_group(fp, tok->tt.proc64_ex.rgid, raw); 2904 close_attr(fp); 2905 open_attr(fp, "pid"); 2906 print_4_bytes(fp, tok->tt.proc64_ex.pid, "%u"); 2907 close_attr(fp); 2908 open_attr(fp, "sid"); 2909 print_4_bytes(fp, tok->tt.proc64_ex.sid, "%u"); 2910 close_attr(fp); 2911 open_attr(fp, "tid"); 2912 print_8_bytes(fp, tok->tt.proc64_ex.tid.port, "%llu"); 2913 print_ip_ex_address(fp, tok->tt.proc64_ex.tid.type, 2914 tok->tt.proc64_ex.tid.addr); 2915 close_attr(fp); 2916 close_tag(fp, tok->id); 2917 } else { 2918 print_delim(fp, del); 2919 print_user(fp, tok->tt.proc64_ex.auid, raw); 2920 print_delim(fp, del); 2921 print_user(fp, tok->tt.proc64_ex.euid, raw); 2922 print_delim(fp, del); 2923 print_group(fp, tok->tt.proc64_ex.egid, raw); 2924 print_delim(fp, del); 2925 print_user(fp, tok->tt.proc64_ex.ruid, raw); 2926 print_delim(fp, del); 2927 print_group(fp, tok->tt.proc64_ex.rgid, raw); 2928 print_delim(fp, del); 2929 print_4_bytes(fp, tok->tt.proc64_ex.pid, "%u"); 2930 print_delim(fp, del); 2931 print_4_bytes(fp, tok->tt.proc64_ex.sid, "%u"); 2932 print_delim(fp, del); 2933 print_8_bytes(fp, tok->tt.proc64_ex.tid.port, "%llu"); 2934 print_delim(fp, del); 2935 print_ip_ex_address(fp, tok->tt.proc64_ex.tid.type, 2936 tok->tt.proc64_ex.tid.addr); 2937 } 2938} 2939 2940/* |
|
1868 * errno 1 byte 1869 * return value 4 bytes 1870 */ 1871static int | 2941 * errno 1 byte 2942 * return value 4 bytes 2943 */ 2944static int |
1872fetch_return32_tok(tokenstr_t *tok, char *buf, int len) | 2945fetch_return32_tok(tokenstr_t *tok, u_char *buf, int len) |
1873{ 1874 int err = 0; 1875 1876 READ_TOKEN_U_CHAR(buf, len, tok->tt.ret32.status, tok->len, err); 1877 if (err) 1878 return (-1); 1879 1880 READ_TOKEN_U_INT32(buf, len, tok->tt.ret32.ret, tok->len, err); 1881 if (err) 1882 return (-1); 1883 1884 return (0); 1885} 1886 1887static void 1888print_return32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 2946{ 2947 int err = 0; 2948 2949 READ_TOKEN_U_CHAR(buf, len, tok->tt.ret32.status, tok->len, err); 2950 if (err) 2951 return (-1); 2952 2953 READ_TOKEN_U_INT32(buf, len, tok->tt.ret32.ret, tok->len, err); 2954 if (err) 2955 return (-1); 2956 2957 return (0); 2958} 2959 2960static void 2961print_return32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
1889 __unused char sfrm) | 2962 __unused char sfrm, int xml) |
1890{ 1891 | 2963{ 2964 |
1892 print_tok_type(fp, tok->id, "return", raw); 1893 print_delim(fp, del); 1894 print_retval(fp, tok->tt.ret32.status, raw); 1895 print_delim(fp, del); 1896 print_4_bytes(fp, tok->tt.ret32.ret, "%u"); | 2965 print_tok_type(fp, tok->id, "return", raw, xml); 2966 if (xml) { 2967 open_attr(fp ,"errval"); 2968 print_retval(fp, tok->tt.ret32.status, raw); 2969 close_attr(fp); 2970 open_attr(fp, "retval"); 2971 print_4_bytes(fp, tok->tt.ret32.ret, "%u"); 2972 close_attr(fp); 2973 close_tag(fp, tok->id); 2974 } else { 2975 print_delim(fp, del); 2976 print_retval(fp, tok->tt.ret32.status, raw); 2977 print_delim(fp, del); 2978 print_4_bytes(fp, tok->tt.ret32.ret, "%u"); 2979 } |
1897} 1898 1899static int | 2980} 2981 2982static int |
1900fetch_return64_tok(tokenstr_t *tok, char *buf, int len) | 2983fetch_return64_tok(tokenstr_t *tok, u_char *buf, int len) |
1901{ 1902 int err = 0; 1903 1904 READ_TOKEN_U_CHAR(buf, len, tok->tt.ret64.err, tok->len, err); 1905 if (err) 1906 return (-1); 1907 1908 READ_TOKEN_U_INT64(buf, len, tok->tt.ret64.val, tok->len, err); 1909 if (err) 1910 return (-1); 1911 1912 return (0); 1913} 1914 1915static void 1916print_return64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 2984{ 2985 int err = 0; 2986 2987 READ_TOKEN_U_CHAR(buf, len, tok->tt.ret64.err, tok->len, err); 2988 if (err) 2989 return (-1); 2990 2991 READ_TOKEN_U_INT64(buf, len, tok->tt.ret64.val, tok->len, err); 2992 if (err) 2993 return (-1); 2994 2995 return (0); 2996} 2997 2998static void 2999print_return64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
1917 __unused char sfrm) | 3000 __unused char sfrm, int xml) |
1918{ 1919 | 3001{ 3002 |
1920 print_tok_type(fp, tok->id, "return", raw); 1921 print_delim(fp, del); 1922 print_retval(fp, tok->tt.ret64.err, raw); 1923 print_delim(fp, del); 1924 print_8_bytes(fp, tok->tt.ret64.val, "%lld"); | 3003 print_tok_type(fp, tok->id, "return", raw, xml); 3004 if (xml) { 3005 open_attr(fp, "errval"); 3006 print_retval(fp, tok->tt.ret64.err, raw); 3007 close_attr(fp); 3008 open_attr(fp, "retval"); 3009 print_8_bytes(fp, tok->tt.ret64.val, "%lld"); 3010 close_attr(fp); 3011 close_tag(fp, tok->id); 3012 } else { 3013 print_delim(fp, del); 3014 print_retval(fp, tok->tt.ret64.err, raw); 3015 print_delim(fp, del); 3016 print_8_bytes(fp, tok->tt.ret64.val, "%lld"); 3017 } |
1925} 1926 1927/* 1928 * seq 4 bytes 1929 */ 1930static int | 3018} 3019 3020/* 3021 * seq 4 bytes 3022 */ 3023static int |
1931fetch_seq_tok(tokenstr_t *tok, char *buf, int len) | 3024fetch_seq_tok(tokenstr_t *tok, u_char *buf, int len) |
1932{ 1933 int err = 0; 1934 1935 READ_TOKEN_U_INT32(buf, len, tok->tt.seq.seqno, tok->len, err); 1936 if (err) 1937 return (-1); 1938 1939 return (0); 1940} 1941 1942static void 1943print_seq_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 3025{ 3026 int err = 0; 3027 3028 READ_TOKEN_U_INT32(buf, len, tok->tt.seq.seqno, tok->len, err); 3029 if (err) 3030 return (-1); 3031 3032 return (0); 3033} 3034 3035static void 3036print_seq_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
1944 __unused char sfrm) | 3037 __unused char sfrm, int xml) |
1945{ 1946 | 3038{ 3039 |
1947 print_tok_type(fp, tok->id, "sequence", raw); 1948 print_delim(fp, del); 1949 print_4_bytes(fp, tok->tt.seq.seqno, "%u"); | 3040 print_tok_type(fp, tok->id, "sequence", raw, xml); 3041 if (xml) { 3042 open_attr(fp, "seq-num"); 3043 print_4_bytes(fp, tok->tt.seq.seqno, "%u"); 3044 close_attr(fp); 3045 close_tag(fp, tok->id); 3046 } else { 3047 print_delim(fp, del); 3048 print_4_bytes(fp, tok->tt.seq.seqno, "%u"); 3049 } |
1950} 1951 1952/* 1953 * socket family 2 bytes 1954 * local port 2 bytes 1955 * socket address 4 bytes 1956 */ 1957static int | 3050} 3051 3052/* 3053 * socket family 2 bytes 3054 * local port 2 bytes 3055 * socket address 4 bytes 3056 */ 3057static int |
1958fetch_sock_inet32_tok(tokenstr_t *tok, char *buf, int len) | 3058fetch_sock_inet32_tok(tokenstr_t *tok, u_char *buf, int len) |
1959{ 1960 int err = 0; 1961 1962 READ_TOKEN_U_INT16(buf, len, tok->tt.sockinet32.family, tok->len, 1963 err); 1964 if (err) 1965 return (-1); 1966 --- 7 unchanged lines hidden (view full) --- 1974 if (err) 1975 return (-1); 1976 1977 return (0); 1978} 1979 1980static void 1981print_sock_inet32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 3059{ 3060 int err = 0; 3061 3062 READ_TOKEN_U_INT16(buf, len, tok->tt.sockinet32.family, tok->len, 3063 err); 3064 if (err) 3065 return (-1); 3066 --- 7 unchanged lines hidden (view full) --- 3074 if (err) 3075 return (-1); 3076 3077 return (0); 3078} 3079 3080static void 3081print_sock_inet32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
1982 __unused char sfrm) | 3082 __unused char sfrm, int xml) |
1983{ 1984 | 3083{ 3084 |
1985 print_tok_type(fp, tok->id, "socket-inet", raw); 1986 print_delim(fp, del); 1987 print_2_bytes(fp, tok->tt.sockinet32.family, "%u"); 1988 print_delim(fp, del); 1989 print_2_bytes(fp, ntohs(tok->tt.sockinet32.port), "%u"); 1990 print_delim(fp, del); 1991 print_ip_address(fp, tok->tt.sockinet32.addr); | 3085 print_tok_type(fp, tok->id, "socket-inet", raw, xml); 3086 if (xml) { 3087 open_attr(fp, "type"); 3088 print_2_bytes(fp, tok->tt.sockinet32.family, "%u"); 3089 close_attr(fp); 3090 open_attr(fp, "port"); 3091 print_2_bytes(fp, ntohs(tok->tt.sockinet32.port), "%u"); 3092 close_attr(fp); 3093 open_attr(fp, "addr"); 3094 print_ip_address(fp, tok->tt.sockinet32.addr); 3095 close_attr(fp); 3096 close_tag(fp, tok->id); 3097 } else { 3098 print_delim(fp, del); 3099 print_2_bytes(fp, tok->tt.sockinet32.family, "%u"); 3100 print_delim(fp, del); 3101 print_2_bytes(fp, ntohs(tok->tt.sockinet32.port), "%u"); 3102 print_delim(fp, del); 3103 print_ip_address(fp, tok->tt.sockinet32.addr); 3104 } |
1992} 1993 1994/* 1995 * socket family 2 bytes 1996 * path 104 bytes 1997 */ 1998static int | 3105} 3106 3107/* 3108 * socket family 2 bytes 3109 * path 104 bytes 3110 */ 3111static int |
1999fetch_sock_unix_tok(tokenstr_t *tok, char *buf, int len) | 3112fetch_sock_unix_tok(tokenstr_t *tok, u_char *buf, int len) |
2000{ 2001 int err = 0; 2002 2003 READ_TOKEN_U_INT16(buf, len, tok->tt.sockunix.family, tok->len, err); 2004 if (err) 2005 return (-1); 2006 2007 READ_TOKEN_BYTES(buf, len, tok->tt.sockunix.path, 104, tok->len, 2008 err); 2009 if (err) 2010 return (-1); 2011 2012 return (0); 2013} 2014 2015static void 2016print_sock_unix_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 3113{ 3114 int err = 0; 3115 3116 READ_TOKEN_U_INT16(buf, len, tok->tt.sockunix.family, tok->len, err); 3117 if (err) 3118 return (-1); 3119 3120 READ_TOKEN_BYTES(buf, len, tok->tt.sockunix.path, 104, tok->len, 3121 err); 3122 if (err) 3123 return (-1); 3124 3125 return (0); 3126} 3127 3128static void 3129print_sock_unix_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
2017 __unused char sfrm) | 3130 __unused char sfrm, int xml) |
2018{ 2019 | 3131{ 3132 |
2020 print_tok_type(fp, tok->id, "socket-unix", raw); 2021 print_delim(fp, del); 2022 print_2_bytes(fp, tok->tt.sockunix.family, "%u"); 2023 print_delim(fp, del); 2024 print_string(fp, tok->tt.sockunix.path, 2025 strlen(tok->tt.sockunix.path)); | 3133 print_tok_type(fp, tok->id, "socket-unix", raw, xml); 3134 if (xml) { 3135 open_attr(fp, "type"); 3136 print_2_bytes(fp, tok->tt.sockunix.family, "%u"); 3137 close_attr(fp); 3138 open_attr(fp, "port"); 3139 close_attr(fp); 3140 open_attr(fp, "addr"); 3141 print_string(fp, tok->tt.sockunix.path, 3142 strlen(tok->tt.sockunix.path)); 3143 close_attr(fp); 3144 close_tag(fp, tok->id); 3145 } else { 3146 print_delim(fp, del); 3147 print_2_bytes(fp, tok->tt.sockunix.family, "%u"); 3148 print_delim(fp, del); 3149 print_string(fp, tok->tt.sockunix.path, 3150 strlen(tok->tt.sockunix.path)); 3151 } |
2026} 2027 2028/* 2029 * socket type 2 bytes 2030 * local port 2 bytes 2031 * local address 4 bytes 2032 * remote port 2 bytes 2033 * remote address 4 bytes 2034 */ 2035static int | 3152} 3153 3154/* 3155 * socket type 2 bytes 3156 * local port 2 bytes 3157 * local address 4 bytes 3158 * remote port 2 bytes 3159 * remote address 4 bytes 3160 */ 3161static int |
2036fetch_socket_tok(tokenstr_t *tok, char *buf, int len) | 3162fetch_socket_tok(tokenstr_t *tok, u_char *buf, int len) |
2037{ 2038 int err = 0; 2039 2040 READ_TOKEN_U_INT16(buf, len, tok->tt.socket.type, tok->len, err); 2041 if (err) 2042 return (-1); 2043 2044 READ_TOKEN_BYTES(buf, len, &tok->tt.socket.l_port, sizeof(uint16_t), --- 16 unchanged lines hidden (view full) --- 2061 if (err) 2062 return (-1); 2063 2064 return (0); 2065} 2066 2067static void 2068print_socket_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 3163{ 3164 int err = 0; 3165 3166 READ_TOKEN_U_INT16(buf, len, tok->tt.socket.type, tok->len, err); 3167 if (err) 3168 return (-1); 3169 3170 READ_TOKEN_BYTES(buf, len, &tok->tt.socket.l_port, sizeof(uint16_t), --- 16 unchanged lines hidden (view full) --- 3187 if (err) 3188 return (-1); 3189 3190 return (0); 3191} 3192 3193static void 3194print_socket_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
2069 __unused char sfrm) | 3195 __unused char sfrm, int xml) |
2070{ 2071 | 3196{ 3197 |
2072 print_tok_type(fp, tok->id, "socket", raw); 2073 print_delim(fp, del); 2074 print_2_bytes(fp, tok->tt.socket.type, "%u"); 2075 print_delim(fp, del); 2076 print_2_bytes(fp, ntohs(tok->tt.socket.l_port), "%u"); 2077 print_delim(fp, del); 2078 print_ip_address(fp, tok->tt.socket.l_addr); 2079 print_delim(fp, del); 2080 print_2_bytes(fp, ntohs(tok->tt.socket.r_port), "%u"); 2081 print_delim(fp, del); 2082 print_ip_address(fp, tok->tt.socket.r_addr); | 3198 print_tok_type(fp, tok->id, "socket", raw, xml); 3199 if (xml) { 3200 open_attr(fp, "sock_type"); 3201 print_2_bytes(fp, tok->tt.socket.type, "%u"); 3202 close_attr(fp); 3203 open_attr(fp, "lport"); 3204 print_2_bytes(fp, ntohs(tok->tt.socket.l_port), "%u"); 3205 close_attr(fp); 3206 open_attr(fp, "laddr"); 3207 print_ip_address(fp, tok->tt.socket.l_addr); 3208 close_attr(fp); 3209 open_attr(fp, "fport"); 3210 print_2_bytes(fp, ntohs(tok->tt.socket.r_port), "%u"); 3211 close_attr(fp); 3212 open_attr(fp, "faddr"); 3213 print_ip_address(fp, tok->tt.socket.r_addr); 3214 close_attr(fp); 3215 close_tag(fp, tok->id); 3216 } else { 3217 print_delim(fp, del); 3218 print_2_bytes(fp, tok->tt.socket.type, "%u"); 3219 print_delim(fp, del); 3220 print_2_bytes(fp, ntohs(tok->tt.socket.l_port), "%u"); 3221 print_delim(fp, del); 3222 print_ip_address(fp, tok->tt.socket.l_addr); 3223 print_delim(fp, del); 3224 print_2_bytes(fp, ntohs(tok->tt.socket.r_port), "%u"); 3225 print_delim(fp, del); 3226 print_ip_address(fp, tok->tt.socket.r_addr); 3227 } |
2083} 2084 2085/* 2086 * audit ID 4 bytes 2087 * euid 4 bytes 2088 * egid 4 bytes 2089 * ruid 4 bytes 2090 * rgid 4 bytes 2091 * pid 4 bytes 2092 * sessid 4 bytes 2093 * terminal ID 2094 * portid 4 bytes/8 bytes (32-bit/64-bit value) 2095 * machine id 4 bytes 2096 */ 2097static int | 3228} 3229 3230/* 3231 * audit ID 4 bytes 3232 * euid 4 bytes 3233 * egid 4 bytes 3234 * ruid 4 bytes 3235 * rgid 4 bytes 3236 * pid 4 bytes 3237 * sessid 4 bytes 3238 * terminal ID 3239 * portid 4 bytes/8 bytes (32-bit/64-bit value) 3240 * machine id 4 bytes 3241 */ 3242static int |
2098fetch_subject32_tok(tokenstr_t *tok, char *buf, int len) | 3243fetch_subject32_tok(tokenstr_t *tok, u_char *buf, int len) |
2099{ 2100 int err = 0; 2101 2102 READ_TOKEN_U_INT32(buf, len, tok->tt.subj32.auid, tok->len, err); 2103 if (err) 2104 return (-1); 2105 2106 READ_TOKEN_U_INT32(buf, len, tok->tt.subj32.euid, tok->len, err); --- 29 unchanged lines hidden (view full) --- 2136 if (err) 2137 return (-1); 2138 2139 return (0); 2140} 2141 2142static void 2143print_subject32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 3244{ 3245 int err = 0; 3246 3247 READ_TOKEN_U_INT32(buf, len, tok->tt.subj32.auid, tok->len, err); 3248 if (err) 3249 return (-1); 3250 3251 READ_TOKEN_U_INT32(buf, len, tok->tt.subj32.euid, tok->len, err); --- 29 unchanged lines hidden (view full) --- 3281 if (err) 3282 return (-1); 3283 3284 return (0); 3285} 3286 3287static void 3288print_subject32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
2144 __unused char sfrm) | 3289 __unused char sfrm, int xml) |
2145{ 2146 | 3290{ 3291 |
2147 print_tok_type(fp, tok->id, "subject", raw); 2148 print_delim(fp, del); 2149 print_user(fp, tok->tt.subj32.auid, raw); 2150 print_delim(fp, del); 2151 print_user(fp, tok->tt.subj32.euid, raw); 2152 print_delim(fp, del); 2153 print_group(fp, tok->tt.subj32.egid, raw); 2154 print_delim(fp, del); 2155 print_user(fp, tok->tt.subj32.ruid, raw); 2156 print_delim(fp, del); 2157 print_group(fp, tok->tt.subj32.rgid, raw); 2158 print_delim(fp, del); 2159 print_4_bytes(fp, tok->tt.subj32.pid, "%u"); 2160 print_delim(fp, del); 2161 print_4_bytes(fp, tok->tt.subj32.sid, "%u"); 2162 print_delim(fp, del); 2163 print_4_bytes(fp, tok->tt.subj32.tid.port, "%u"); 2164 print_delim(fp, del); 2165 print_ip_address(fp, tok->tt.subj32.tid.addr); | 3292 print_tok_type(fp, tok->id, "subject", raw, xml); 3293 if (xml) { 3294 open_attr(fp, "audit-uid"); 3295 print_user(fp, tok->tt.subj32.auid, raw); 3296 close_attr(fp); 3297 open_attr(fp, "uid"); 3298 print_user(fp, tok->tt.subj32.euid, raw); 3299 close_attr(fp); 3300 open_attr(fp, "gid"); 3301 print_group(fp, tok->tt.subj32.egid, raw); 3302 close_attr(fp); 3303 open_attr(fp, "ruid"); 3304 print_user(fp, tok->tt.subj32.ruid, raw); 3305 close_attr(fp); 3306 open_attr(fp, "rgid"); 3307 print_group(fp, tok->tt.subj32.rgid, raw); 3308 close_attr(fp); 3309 open_attr(fp,"pid"); 3310 print_4_bytes(fp, tok->tt.subj32.pid, "%u"); 3311 close_attr(fp); 3312 open_attr(fp,"sid"); 3313 print_4_bytes(fp, tok->tt.subj32.sid, "%u"); 3314 close_attr(fp); 3315 open_attr(fp,"tid"); 3316 print_4_bytes(fp, tok->tt.subj32.tid.port, "%u "); 3317 print_ip_address(fp, tok->tt.subj32.tid.addr); 3318 close_attr(fp); 3319 close_tag(fp, tok->id); 3320 } else { 3321 print_delim(fp, del); 3322 print_user(fp, tok->tt.subj32.auid, raw); 3323 print_delim(fp, del); 3324 print_user(fp, tok->tt.subj32.euid, raw); 3325 print_delim(fp, del); 3326 print_group(fp, tok->tt.subj32.egid, raw); 3327 print_delim(fp, del); 3328 print_user(fp, tok->tt.subj32.ruid, raw); 3329 print_delim(fp, del); 3330 print_group(fp, tok->tt.subj32.rgid, raw); 3331 print_delim(fp, del); 3332 print_4_bytes(fp, tok->tt.subj32.pid, "%u"); 3333 print_delim(fp, del); 3334 print_4_bytes(fp, tok->tt.subj32.sid, "%u"); 3335 print_delim(fp, del); 3336 print_4_bytes(fp, tok->tt.subj32.tid.port, "%u"); 3337 print_delim(fp, del); 3338 print_ip_address(fp, tok->tt.subj32.tid.addr); 3339 } |
2166} 2167 2168/* 2169 * audit ID 4 bytes 2170 * euid 4 bytes 2171 * egid 4 bytes 2172 * ruid 4 bytes 2173 * rgid 4 bytes 2174 * pid 4 bytes 2175 * sessid 4 bytes 2176 * terminal ID 2177 * portid 4 bytes/8 bytes (32-bit/64-bit value) 2178 * machine id 4 bytes 2179 */ 2180static int | 3340} 3341 3342/* 3343 * audit ID 4 bytes 3344 * euid 4 bytes 3345 * egid 4 bytes 3346 * ruid 4 bytes 3347 * rgid 4 bytes 3348 * pid 4 bytes 3349 * sessid 4 bytes 3350 * terminal ID 3351 * portid 4 bytes/8 bytes (32-bit/64-bit value) 3352 * machine id 4 bytes 3353 */ 3354static int |
2181fetch_subject64_tok(tokenstr_t *tok, char *buf, int len) | 3355fetch_subject64_tok(tokenstr_t *tok, u_char *buf, int len) |
2182{ 2183 int err = 0; 2184 2185 READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.auid, tok->len, err); 2186 if (err) 2187 return (-1); 2188 2189 READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.euid, tok->len, err); --- 29 unchanged lines hidden (view full) --- 2219 if (err) 2220 return (-1); 2221 2222 return (0); 2223} 2224 2225static void 2226print_subject64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 3356{ 3357 int err = 0; 3358 3359 READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.auid, tok->len, err); 3360 if (err) 3361 return (-1); 3362 3363 READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.euid, tok->len, err); --- 29 unchanged lines hidden (view full) --- 3393 if (err) 3394 return (-1); 3395 3396 return (0); 3397} 3398 3399static void 3400print_subject64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
2227 __unused char sfrm) | 3401 __unused char sfrm, int xml) |
2228{ 2229 | 3402{ 3403 |
2230 print_tok_type(fp, tok->id, "subject", raw); 2231 print_delim(fp, del); 2232 print_user(fp, tok->tt.subj64.auid, raw); 2233 print_delim(fp, del); 2234 print_user(fp, tok->tt.subj64.euid, raw); 2235 print_delim(fp, del); 2236 print_group(fp, tok->tt.subj64.egid, raw); 2237 print_delim(fp, del); 2238 print_user(fp, tok->tt.subj64.ruid, raw); 2239 print_delim(fp, del); 2240 print_group(fp, tok->tt.subj64.rgid, raw); 2241 print_delim(fp, del); 2242 print_4_bytes(fp, tok->tt.subj64.pid, "%u"); 2243 print_delim(fp, del); 2244 print_4_bytes(fp, tok->tt.subj64.sid, "%u"); 2245 print_delim(fp, del); 2246 print_8_bytes(fp, tok->tt.subj64.tid.port, "%llu"); 2247 print_delim(fp, del); 2248 print_ip_address(fp, tok->tt.subj64.tid.addr); | 3404 print_tok_type(fp, tok->id, "subject", raw, xml); 3405 if (xml) { 3406 open_attr(fp, "audit-uid"); 3407 print_user(fp, tok->tt.subj64.auid, raw); 3408 close_attr(fp); 3409 open_attr(fp, "uid"); 3410 print_user(fp, tok->tt.subj64.euid, raw); 3411 close_attr(fp); 3412 open_attr(fp, "gid"); 3413 print_group(fp, tok->tt.subj64.egid, raw); 3414 close_attr(fp); 3415 open_attr(fp, "ruid"); 3416 print_user(fp, tok->tt.subj64.ruid, raw); 3417 close_attr(fp); 3418 open_attr(fp, "rgid"); 3419 print_group(fp, tok->tt.subj64.rgid, raw); 3420 close_attr(fp); 3421 open_attr(fp, "pid"); 3422 print_4_bytes(fp, tok->tt.subj64.pid, "%u"); 3423 close_attr(fp); 3424 open_attr(fp, "sid"); 3425 print_4_bytes(fp, tok->tt.subj64.sid, "%u"); 3426 close_attr(fp); 3427 open_attr(fp, "tid"); 3428 print_8_bytes(fp, tok->tt.subj64.tid.port, "%llu"); 3429 print_ip_address(fp, tok->tt.subj64.tid.addr); 3430 close_attr(fp); 3431 close_tag(fp, tok->id); 3432 } else { 3433 print_delim(fp, del); 3434 print_user(fp, tok->tt.subj64.auid, raw); 3435 print_delim(fp, del); 3436 print_user(fp, tok->tt.subj64.euid, raw); 3437 print_delim(fp, del); 3438 print_group(fp, tok->tt.subj64.egid, raw); 3439 print_delim(fp, del); 3440 print_user(fp, tok->tt.subj64.ruid, raw); 3441 print_delim(fp, del); 3442 print_group(fp, tok->tt.subj64.rgid, raw); 3443 print_delim(fp, del); 3444 print_4_bytes(fp, tok->tt.subj64.pid, "%u"); 3445 print_delim(fp, del); 3446 print_4_bytes(fp, tok->tt.subj64.sid, "%u"); 3447 print_delim(fp, del); 3448 print_8_bytes(fp, tok->tt.subj64.tid.port, "%llu"); 3449 print_delim(fp, del); 3450 print_ip_address(fp, tok->tt.subj64.tid.addr); 3451 } |
2249} 2250 2251/* 2252 * audit ID 4 bytes 2253 * euid 4 bytes 2254 * egid 4 bytes 2255 * ruid 4 bytes 2256 * rgid 4 bytes 2257 * pid 4 bytes 2258 * sessid 4 bytes 2259 * terminal ID 2260 * portid 4 bytes 2261 * type 4 bytes 2262 * machine id 16 bytes 2263 */ 2264static int | 3452} 3453 3454/* 3455 * audit ID 4 bytes 3456 * euid 4 bytes 3457 * egid 4 bytes 3458 * ruid 4 bytes 3459 * rgid 4 bytes 3460 * pid 4 bytes 3461 * sessid 4 bytes 3462 * terminal ID 3463 * portid 4 bytes 3464 * type 4 bytes 3465 * machine id 16 bytes 3466 */ 3467static int |
2265fetch_subject32ex_tok(tokenstr_t *tok, char *buf, int len) | 3468fetch_subject32ex_tok(tokenstr_t *tok, u_char *buf, int len) |
2266{ 2267 int err = 0; 2268 2269 READ_TOKEN_U_INT32(buf, len, tok->tt.subj32_ex.auid, tok->len, err); 2270 if (err) 2271 return (-1); 2272 2273 READ_TOKEN_U_INT32(buf, len, tok->tt.subj32_ex.euid, tok->len, err); --- 43 unchanged lines hidden (view full) --- 2317 } else 2318 return (-1); 2319 2320 return (0); 2321} 2322 2323static void 2324print_subject32ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 3469{ 3470 int err = 0; 3471 3472 READ_TOKEN_U_INT32(buf, len, tok->tt.subj32_ex.auid, tok->len, err); 3473 if (err) 3474 return (-1); 3475 3476 READ_TOKEN_U_INT32(buf, len, tok->tt.subj32_ex.euid, tok->len, err); --- 43 unchanged lines hidden (view full) --- 3520 } else 3521 return (-1); 3522 3523 return (0); 3524} 3525 3526static void 3527print_subject32ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
2325 __unused char sfrm) | 3528 __unused char sfrm, int xml) |
2326{ 2327 | 3529{ 3530 |
2328 print_tok_type(fp, tok->id, "subject_ex", raw); 2329 print_delim(fp, del); 2330 print_user(fp, tok->tt.subj32_ex.auid, raw); 2331 print_delim(fp, del); 2332 print_user(fp, tok->tt.subj32_ex.euid, raw); 2333 print_delim(fp, del); 2334 print_group(fp, tok->tt.subj32_ex.egid, raw); 2335 print_delim(fp, del); 2336 print_user(fp, tok->tt.subj32_ex.ruid, raw); 2337 print_delim(fp, del); 2338 print_group(fp, tok->tt.subj32_ex.rgid, raw); 2339 print_delim(fp, del); 2340 print_4_bytes(fp, tok->tt.subj32_ex.pid, "%u"); 2341 print_delim(fp, del); 2342 print_4_bytes(fp, tok->tt.subj32_ex.sid, "%u"); 2343 print_delim(fp, del); 2344 print_4_bytes(fp, tok->tt.subj32_ex.tid.port, "%u"); 2345 print_delim(fp, del); 2346 print_ip_ex_address(fp, tok->tt.subj32_ex.tid.type, 2347 tok->tt.subj32_ex.tid.addr); | 3531 print_tok_type(fp, tok->id, "subject_ex", raw, xml); 3532 if (xml) { 3533 open_attr(fp, "audit-uid"); 3534 print_user(fp, tok->tt.subj32_ex.auid, raw); 3535 close_attr(fp); 3536 open_attr(fp, "uid"); 3537 print_user(fp, tok->tt.subj32_ex.euid, raw); 3538 close_attr(fp); 3539 open_attr(fp, "gid"); 3540 print_group(fp, tok->tt.subj32_ex.egid, raw); 3541 close_attr(fp); 3542 open_attr(fp, "ruid"); 3543 print_user(fp, tok->tt.subj32_ex.ruid, raw); 3544 close_attr(fp); 3545 open_attr(fp, "rgid"); 3546 print_group(fp, tok->tt.subj32_ex.rgid, raw); 3547 close_attr(fp); 3548 open_attr(fp, "pid"); 3549 print_4_bytes(fp, tok->tt.subj32_ex.pid, "%u"); 3550 close_attr(fp); 3551 open_attr(fp, "sid"); 3552 print_4_bytes(fp, tok->tt.subj32_ex.sid, "%u"); 3553 close_attr(fp); 3554 open_attr(fp, "tid"); 3555 print_4_bytes(fp, tok->tt.subj32_ex.tid.port, "%u"); 3556 print_ip_ex_address(fp, tok->tt.subj32_ex.tid.type, 3557 tok->tt.subj32_ex.tid.addr); 3558 close_attr(fp); 3559 close_tag(fp, tok->id); 3560 } else { 3561 print_delim(fp, del); 3562 print_user(fp, tok->tt.subj32_ex.auid, raw); 3563 print_delim(fp, del); 3564 print_user(fp, tok->tt.subj32_ex.euid, raw); 3565 print_delim(fp, del); 3566 print_group(fp, tok->tt.subj32_ex.egid, raw); 3567 print_delim(fp, del); 3568 print_user(fp, tok->tt.subj32_ex.ruid, raw); 3569 print_delim(fp, del); 3570 print_group(fp, tok->tt.subj32_ex.rgid, raw); 3571 print_delim(fp, del); 3572 print_4_bytes(fp, tok->tt.subj32_ex.pid, "%u"); 3573 print_delim(fp, del); 3574 print_4_bytes(fp, tok->tt.subj32_ex.sid, "%u"); 3575 print_delim(fp, del); 3576 print_4_bytes(fp, tok->tt.subj32_ex.tid.port, "%u"); 3577 print_delim(fp, del); 3578 print_ip_ex_address(fp, tok->tt.subj32_ex.tid.type, 3579 tok->tt.subj32_ex.tid.addr); 3580 } |
2348} 2349 2350/* | 3581} 3582 3583/* |
3584 * audit ID 4 bytes 3585 * euid 4 bytes 3586 * egid 4 bytes 3587 * ruid 4 bytes 3588 * rgid 4 bytes 3589 * pid 4 bytes 3590 * sessid 4 bytes 3591 * terminal ID 3592 * portid 8 bytes 3593 * type 4 bytes 3594 * machine id 16 bytes 3595 */ 3596static int 3597fetch_subject64ex_tok(tokenstr_t *tok, u_char *buf, int len) 3598{ 3599 int err = 0; 3600 3601 READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.auid, tok->len, err); 3602 if (err) 3603 return (-1); 3604 3605 READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.euid, tok->len, err); 3606 if (err) 3607 return (-1); 3608 3609 READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.egid, tok->len, err); 3610 if (err) 3611 return (-1); 3612 3613 READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.ruid, tok->len, err); 3614 if (err) 3615 return (-1); 3616 3617 READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.rgid, tok->len, err); 3618 if (err) 3619 return (-1); 3620 3621 READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.pid, tok->len, err); 3622 if (err) 3623 return (-1); 3624 3625 READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.sid, tok->len, err); 3626 if (err) 3627 return (-1); 3628 3629 READ_TOKEN_U_INT64(buf, len, tok->tt.subj64_ex.tid.port, tok->len, 3630 err); 3631 if (err) 3632 return (-1); 3633 3634 READ_TOKEN_U_INT32(buf, len, tok->tt.subj64_ex.tid.type, tok->len, 3635 err); 3636 if (err) 3637 return (-1); 3638 3639 if (tok->tt.subj64_ex.tid.type == AU_IPv4) { 3640 READ_TOKEN_BYTES(buf, len, &tok->tt.subj64_ex.tid.addr[0], 3641 sizeof(tok->tt.subj64_ex.tid.addr[0]), tok->len, err); 3642 if (err) 3643 return (-1); 3644 } else if (tok->tt.subj64_ex.tid.type == AU_IPv6) { 3645 READ_TOKEN_BYTES(buf, len, tok->tt.subj64_ex.tid.addr, 3646 sizeof(tok->tt.subj64_ex.tid.addr), tok->len, err); 3647 if (err) 3648 return (-1); 3649 } else 3650 return (-1); 3651 3652 return (0); 3653} 3654 3655static void 3656print_subject64ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, 3657 __unused char sfrm, int xml) 3658{ 3659 print_tok_type(fp, tok->id, "subject_ex", raw, xml); 3660 if (xml) { 3661 open_attr(fp, "audit-uid"); 3662 print_user(fp, tok->tt.subj64_ex.auid, raw); 3663 close_attr(fp); 3664 open_attr(fp, "uid"); 3665 print_user(fp, tok->tt.subj64_ex.euid, raw); 3666 close_attr(fp); 3667 open_attr(fp, "gid"); 3668 print_group(fp, tok->tt.subj64_ex.egid, raw); 3669 close_attr(fp); 3670 open_attr(fp, "ruid"); 3671 print_user(fp, tok->tt.subj64_ex.ruid, raw); 3672 close_attr(fp); 3673 open_attr(fp, "rgid"); 3674 print_group(fp, tok->tt.subj64_ex.rgid, raw); 3675 close_attr(fp); 3676 open_attr(fp, "pid"); 3677 print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u"); 3678 close_attr(fp); 3679 open_attr(fp, "sid"); 3680 print_4_bytes(fp, tok->tt.subj64_ex.sid, "%u"); 3681 close_attr(fp); 3682 open_attr(fp, "tid"); 3683 print_8_bytes(fp, tok->tt.subj64_ex.tid.port, "%llu"); 3684 print_ip_ex_address(fp, tok->tt.subj64_ex.tid.type, 3685 tok->tt.subj64_ex.tid.addr); 3686 close_attr(fp); 3687 close_tag(fp, tok->id); 3688 } else { 3689 print_delim(fp, del); 3690 print_user(fp, tok->tt.subj64_ex.auid, raw); 3691 print_delim(fp, del); 3692 print_user(fp, tok->tt.subj64_ex.euid, raw); 3693 print_delim(fp, del); 3694 print_group(fp, tok->tt.subj64_ex.egid, raw); 3695 print_delim(fp, del); 3696 print_user(fp, tok->tt.subj64_ex.ruid, raw); 3697 print_delim(fp, del); 3698 print_group(fp, tok->tt.subj64_ex.rgid, raw); 3699 print_delim(fp, del); 3700 print_4_bytes(fp, tok->tt.subj64_ex.pid, "%u"); 3701 print_delim(fp, del); 3702 print_4_bytes(fp, tok->tt.subj64_ex.sid, "%u"); 3703 print_delim(fp, del); 3704 print_8_bytes(fp, tok->tt.subj64_ex.tid.port, "%llu"); 3705 print_delim(fp, del); 3706 print_ip_ex_address(fp, tok->tt.subj64_ex.tid.type, 3707 tok->tt.subj64_ex.tid.addr); 3708 } 3709} 3710 3711/* |
|
2351 * size 2 bytes 2352 * data size bytes 2353 */ 2354static int | 3712 * size 2 bytes 3713 * data size bytes 3714 */ 3715static int |
2355fetch_text_tok(tokenstr_t *tok, char *buf, int len) | 3716fetch_text_tok(tokenstr_t *tok, u_char *buf, int len) |
2356{ 2357 int err = 0; 2358 2359 READ_TOKEN_U_INT16(buf, len, tok->tt.text.len, tok->len, err); 2360 if (err) 2361 return (-1); 2362 | 3717{ 3718 int err = 0; 3719 3720 READ_TOKEN_U_INT16(buf, len, tok->tt.text.len, tok->len, err); 3721 if (err) 3722 return (-1); 3723 |
2363 SET_PTR(buf, len, tok->tt.text.text, tok->tt.text.len, tok->len, | 3724 SET_PTR((char*)buf, len, tok->tt.text.text, tok->tt.text.len, tok->len, |
2364 err); 2365 if (err) 2366 return (-1); 2367 2368 return (0); 2369} 2370 2371static void 2372print_text_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 3725 err); 3726 if (err) 3727 return (-1); 3728 3729 return (0); 3730} 3731 3732static void 3733print_text_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
2373 __unused char sfrm) | 3734 __unused char sfrm, int xml) |
2374{ 2375 | 3735{ 3736 |
2376 print_tok_type(fp, tok->id, "text", raw); 2377 print_delim(fp, del); 2378 print_string(fp, tok->tt.text.text, tok->tt.text.len); | 3737 print_tok_type(fp, tok->id, "text", raw, xml); 3738 if (xml) { 3739 print_string(fp, tok->tt.text.text, tok->tt.text.len); 3740 close_tag(fp, tok->id); 3741 } else { 3742 print_delim(fp, del); 3743 print_string(fp, tok->tt.text.text, tok->tt.text.len); 3744 } |
2379} 2380 2381/* 2382 * socket type 2 bytes 2383 * local port 2 bytes 2384 * address type/length 4 bytes 2385 * local Internet address 4 bytes 2386 * remote port 4 bytes 2387 * address type/length 4 bytes 2388 * remote Internet address 4 bytes 2389 */ 2390static int | 3745} 3746 3747/* 3748 * socket type 2 bytes 3749 * local port 2 bytes 3750 * address type/length 4 bytes 3751 * local Internet address 4 bytes 3752 * remote port 4 bytes 3753 * address type/length 4 bytes 3754 * remote Internet address 4 bytes 3755 */ 3756static int |
2391fetch_socketex32_tok(tokenstr_t *tok, char *buf, int len) | 3757fetch_socketex32_tok(tokenstr_t *tok, u_char *buf, int len) |
2392{ 2393 int err = 0; 2394 2395 READ_TOKEN_U_INT16(buf, len, tok->tt.socket_ex32.type, tok->len, 2396 err); 2397 if (err) 2398 return (-1); 2399 --- 27 unchanged lines hidden (view full) --- 2427 if (err) 2428 return (-1); 2429 2430 return (0); 2431} 2432 2433static void 2434print_socketex32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 3758{ 3759 int err = 0; 3760 3761 READ_TOKEN_U_INT16(buf, len, tok->tt.socket_ex32.type, tok->len, 3762 err); 3763 if (err) 3764 return (-1); 3765 --- 27 unchanged lines hidden (view full) --- 3793 if (err) 3794 return (-1); 3795 3796 return (0); 3797} 3798 3799static void 3800print_socketex32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
2435 __unused char sfrm) | 3801 __unused char sfrm, int xml) |
2436{ 2437 | 3802{ 3803 |
2438 print_tok_type(fp, tok->id, "socket", raw); 2439 print_delim(fp, del); 2440 print_2_bytes(fp, tok->tt.socket_ex32.type, "%#x"); 2441 print_delim(fp, del); 2442 print_2_bytes(fp, ntohs(tok->tt.socket_ex32.l_port), "%#x"); 2443 print_delim(fp, del); 2444 print_ip_address(fp, tok->tt.socket_ex32.l_addr); 2445 print_delim(fp, del); 2446 print_4_bytes(fp, ntohs(tok->tt.socket_ex32.r_port), "%#x"); 2447 print_delim(fp, del); 2448 print_ip_address(fp, tok->tt.socket_ex32.r_addr); | 3804 print_tok_type(fp, tok->id, "socket", raw, xml); 3805 if (xml) { 3806 open_attr(fp, "sock_type"); 3807 print_2_bytes(fp, tok->tt.socket_ex32.type, "%#x"); 3808 close_attr(fp); 3809 open_attr(fp, "lport"); 3810 print_2_bytes(fp, ntohs(tok->tt.socket_ex32.l_port), "%#x"); 3811 close_attr(fp); 3812 open_attr(fp, "laddr"); 3813 print_ip_address(fp, tok->tt.socket_ex32.l_addr); 3814 close_attr(fp); 3815 open_attr(fp, "faddr"); 3816 print_ip_address(fp, tok->tt.socket_ex32.r_addr); 3817 close_attr(fp); 3818 open_attr(fp, "fport"); 3819 print_2_bytes(fp, tok->tt.socket_ex32.type, "%#x"); 3820 close_attr(fp); 3821 close_tag(fp, tok->id); 3822 } else { 3823 print_delim(fp, del); 3824 print_2_bytes(fp, tok->tt.socket_ex32.type, "%#x"); 3825 print_delim(fp, del); 3826 print_2_bytes(fp, ntohs(tok->tt.socket_ex32.l_port), "%#x"); 3827 print_delim(fp, del); 3828 print_ip_address(fp, tok->tt.socket_ex32.l_addr); 3829 print_delim(fp, del); 3830 print_4_bytes(fp, ntohs(tok->tt.socket_ex32.r_port), "%#x"); 3831 print_delim(fp, del); 3832 print_ip_address(fp, tok->tt.socket_ex32.r_addr); 3833 } |
2449} 2450 2451static int | 3834} 3835 3836static int |
2452fetch_invalid_tok(tokenstr_t *tok, char *buf, int len) | 3837fetch_invalid_tok(tokenstr_t *tok, u_char *buf, int len) |
2453{ 2454 int err = 0; 2455 int recoversize; 2456 2457 recoversize = len - (tok->len + AUDIT_TRAILER_SIZE); 2458 if (recoversize <= 0) 2459 return (-1); 2460 2461 tok->tt.invalid.length = recoversize; 2462 | 3838{ 3839 int err = 0; 3840 int recoversize; 3841 3842 recoversize = len - (tok->len + AUDIT_TRAILER_SIZE); 3843 if (recoversize <= 0) 3844 return (-1); 3845 3846 tok->tt.invalid.length = recoversize; 3847 |
2463 SET_PTR(buf, len, tok->tt.invalid.data, recoversize, tok->len, err); | 3848 SET_PTR((char*)buf, len, tok->tt.invalid.data, recoversize, tok->len, 3849 err); |
2464 if (err) 2465 return (-1); 2466 2467 return (0); 2468} 2469 2470static void 2471print_invalid_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, | 3850 if (err) 3851 return (-1); 3852 3853 return (0); 3854} 3855 3856static void 3857print_invalid_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, |
2472 __unused char sfrm) | 3858 __unused char sfrm, int xml) |
2473{ 2474 | 3859{ 3860 |
2475 print_tok_type(fp, tok->id, "unknown", raw); 2476 print_delim(fp, del); 2477 print_mem(fp, tok->tt.invalid.data, tok->tt.invalid.length); | 3861 if (!xml) { 3862 print_tok_type(fp, tok->id, "unknown", raw, 0); 3863 print_delim(fp, del); 3864 print_mem(fp, (u_char*)tok->tt.invalid.data, 3865 tok->tt.invalid.length); 3866 } |
2478} 2479 2480 2481/* | 3867} 3868 3869 3870/* |
3871 * size 2 bytes; 3872 * zonename size bytes; 3873 */ 3874static int 3875fetch_zonename_tok(tokenstr_t *tok, char *buf, int len) 3876{ 3877 int err = 0; 3878 3879 READ_TOKEN_U_INT16(buf, len, tok->tt.zonename.len, tok->len, err); 3880 if (err) 3881 return (-1); 3882 SET_PTR(buf, len, tok->tt.zonename.zonename, tok->tt.zonename.len, 3883 tok->len, err); 3884 if (err) 3885 return (-1); 3886 return (0); 3887} 3888 3889static void 3890print_zonename_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, 3891 __unused char sfrm, int xml) 3892{ 3893 3894 print_tok_type(fp, tok->id, "zone", raw, xml); 3895 if (xml) { 3896 open_attr(fp, "name"); 3897 print_string(fp, tok->tt.zonename.zonename, 3898 tok->tt.zonename.len); 3899 close_attr(fp); 3900 close_tag(fp, tok->id); 3901 } else { 3902 print_delim(fp, del); 3903 print_string(fp, tok->tt.zonename.zonename, 3904 tok->tt.zonename.len); 3905 } 3906} 3907 3908/* |
|
2482 * Reads the token beginning at buf into tok. 2483 */ 2484int 2485au_fetch_tok(tokenstr_t *tok, u_char *buf, int len) 2486{ 2487 2488 if (len <= 0) 2489 return (-1); --- 70 unchanged lines hidden (view full) --- 2560 return (fetch_path_tok(tok, buf, len)); 2561 2562 case AUT_PROCESS32: 2563 return (fetch_process32_tok(tok, buf, len)); 2564 2565 case AUT_PROCESS32_EX: 2566 return (fetch_process32ex_tok(tok, buf, len)); 2567 | 3909 * Reads the token beginning at buf into tok. 3910 */ 3911int 3912au_fetch_tok(tokenstr_t *tok, u_char *buf, int len) 3913{ 3914 3915 if (len <= 0) 3916 return (-1); --- 70 unchanged lines hidden (view full) --- 3987 return (fetch_path_tok(tok, buf, len)); 3988 3989 case AUT_PROCESS32: 3990 return (fetch_process32_tok(tok, buf, len)); 3991 3992 case AUT_PROCESS32_EX: 3993 return (fetch_process32ex_tok(tok, buf, len)); 3994 |
3995 case AUT_PROCESS64: 3996 return (fetch_process64_tok(tok, buf, len)); 3997 3998 case AUT_PROCESS64_EX: 3999 return (fetch_process64ex_tok(tok, buf, len)); 4000 |
|
2568 case AUT_RETURN32: 2569 return (fetch_return32_tok(tok, buf, len)); 2570 2571 case AUT_RETURN64: 2572 return (fetch_return64_tok(tok, buf, len)); 2573 2574 case AUT_SEQ: 2575 return (fetch_seq_tok(tok, buf, len)); --- 5 unchanged lines hidden (view full) --- 2581 return (fetch_sock_inet32_tok(tok, buf, len)); 2582 2583 case AUT_SOCKUNIX: 2584 return (fetch_sock_unix_tok(tok, buf, len)); 2585 2586 case AUT_SUBJECT32: 2587 return (fetch_subject32_tok(tok, buf, len)); 2588 | 4001 case AUT_RETURN32: 4002 return (fetch_return32_tok(tok, buf, len)); 4003 4004 case AUT_RETURN64: 4005 return (fetch_return64_tok(tok, buf, len)); 4006 4007 case AUT_SEQ: 4008 return (fetch_seq_tok(tok, buf, len)); --- 5 unchanged lines hidden (view full) --- 4014 return (fetch_sock_inet32_tok(tok, buf, len)); 4015 4016 case AUT_SOCKUNIX: 4017 return (fetch_sock_unix_tok(tok, buf, len)); 4018 4019 case AUT_SUBJECT32: 4020 return (fetch_subject32_tok(tok, buf, len)); 4021 |
4022 case AUT_SUBJECT32_EX: 4023 return (fetch_subject32ex_tok(tok, buf, len)); 4024 |
|
2589 case AUT_SUBJECT64: 2590 return (fetch_subject64_tok(tok, buf, len)); 2591 | 4025 case AUT_SUBJECT64: 4026 return (fetch_subject64_tok(tok, buf, len)); 4027 |
2592 case AUT_SUBJECT32_EX: 2593 return (fetch_subject32ex_tok(tok, buf, len)); | 4028 case AUT_SUBJECT64_EX: 4029 return (fetch_subject64ex_tok(tok, buf, len)); |
2594 2595 case AUT_TEXT: 2596 return (fetch_text_tok(tok, buf, len)); 2597 2598 case AUT_SOCKET_EX: 2599 return (fetch_socketex32_tok(tok, buf, len)); 2600 2601 case AUT_DATA: 2602 return (fetch_arb_tok(tok, buf, len)); 2603 | 4030 4031 case AUT_TEXT: 4032 return (fetch_text_tok(tok, buf, len)); 4033 4034 case AUT_SOCKET_EX: 4035 return (fetch_socketex32_tok(tok, buf, len)); 4036 4037 case AUT_DATA: 4038 return (fetch_arb_tok(tok, buf, len)); 4039 |
4040 case AUT_ZONENAME: 4041 return (fetch_zonename_tok(tok, buf, len)); 4042 |
|
2604 default: 2605 return (fetch_invalid_tok(tok, buf, len)); 2606 } 2607} 2608 2609/* | 4043 default: 4044 return (fetch_invalid_tok(tok, buf, len)); 4045 } 4046} 4047 4048/* |
2610 * 'prints' the token out to outfp | 4049 * 'prints' the token out to outfp. |
2611 */ 2612void 2613au_print_tok(FILE *outfp, tokenstr_t *tok, char *del, char raw, char sfrm) 2614{ 2615 2616 switch(tok->id) { 2617 case AUT_HEADER32: | 4050 */ 4051void 4052au_print_tok(FILE *outfp, tokenstr_t *tok, char *del, char raw, char sfrm) 4053{ 4054 4055 switch(tok->id) { 4056 case AUT_HEADER32: |
2618 print_header32_tok(outfp, tok, del, raw, sfrm); | 4057 print_header32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2619 return; 2620 2621 case AUT_HEADER32_EX: | 4058 return; 4059 4060 case AUT_HEADER32_EX: |
2622 print_header32_ex_tok(outfp, tok, del, raw, sfrm); | 4061 print_header32_ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2623 return; 2624 2625 case AUT_HEADER64: | 4062 return; 4063 4064 case AUT_HEADER64: |
2626 print_header64_tok(outfp, tok, del, raw, sfrm); | 4065 print_header64_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2627 return; 2628 2629 case AUT_HEADER64_EX: | 4066 return; 4067 4068 case AUT_HEADER64_EX: |
2630 print_header64_ex_tok(outfp, tok, del, raw, sfrm); | 4069 print_header64_ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2631 return; 2632 2633 case AUT_TRAILER: | 4070 return; 4071 4072 case AUT_TRAILER: |
2634 print_trailer_tok(outfp, tok, del, raw, sfrm); | 4073 print_trailer_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2635 return; 2636 2637 case AUT_ARG32: | 4074 return; 4075 4076 case AUT_ARG32: |
2638 print_arg32_tok(outfp, tok, del, raw, sfrm); | 4077 print_arg32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2639 return; 2640 2641 case AUT_ARG64: | 4078 return; 4079 4080 case AUT_ARG64: |
2642 print_arg64_tok(outfp, tok, del, raw, sfrm); | 4081 print_arg64_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2643 return; 2644 2645 case AUT_DATA: | 4082 return; 4083 4084 case AUT_DATA: |
2646 print_arb_tok(outfp, tok, del, raw, sfrm); | 4085 print_arb_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2647 return; 2648 2649 case AUT_ATTR32: | 4086 return; 4087 4088 case AUT_ATTR32: |
2650 print_attr32_tok(outfp, tok, del, raw, sfrm); | 4089 print_attr32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2651 return; 2652 2653 case AUT_ATTR64: | 4090 return; 4091 4092 case AUT_ATTR64: |
2654 print_attr64_tok(outfp, tok, del, raw, sfrm); | 4093 print_attr64_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2655 return; 2656 2657 case AUT_EXIT: | 4094 return; 4095 4096 case AUT_EXIT: |
2658 print_exit_tok(outfp, tok, del, raw, sfrm); | 4097 print_exit_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2659 return; 2660 2661 case AUT_EXEC_ARGS: | 4098 return; 4099 4100 case AUT_EXEC_ARGS: |
2662 print_execarg_tok(outfp, tok, del, raw, sfrm); | 4101 print_execarg_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2663 return; 2664 2665 case AUT_EXEC_ENV: | 4102 return; 4103 4104 case AUT_EXEC_ENV: |
2666 print_execenv_tok(outfp, tok, del, raw, sfrm); | 4105 print_execenv_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2667 return; 2668 2669 case AUT_OTHER_FILE32: | 4106 return; 4107 4108 case AUT_OTHER_FILE32: |
2670 print_file_tok(outfp, tok, del, raw, sfrm); | 4109 print_file_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2671 return; 2672 2673 case AUT_NEWGROUPS: | 4110 return; 4111 4112 case AUT_NEWGROUPS: |
2674 print_newgroups_tok(outfp, tok, del, raw, sfrm); | 4113 print_newgroups_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2675 return; 2676 2677 case AUT_IN_ADDR: | 4114 return; 4115 4116 case AUT_IN_ADDR: |
2678 print_inaddr_tok(outfp, tok, del, raw, sfrm); | 4117 print_inaddr_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2679 return; 2680 2681 case AUT_IN_ADDR_EX: | 4118 return; 4119 4120 case AUT_IN_ADDR_EX: |
2682 print_inaddr_ex_tok(outfp, tok, del, raw, sfrm); | 4121 print_inaddr_ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2683 return; 2684 2685 case AUT_IP: | 4122 return; 4123 4124 case AUT_IP: |
2686 print_ip_tok(outfp, tok, del, raw, sfrm); | 4125 print_ip_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2687 return; 2688 2689 case AUT_IPC: | 4126 return; 4127 4128 case AUT_IPC: |
2690 print_ipc_tok(outfp, tok, del, raw, sfrm); | 4129 print_ipc_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2691 return; 2692 2693 case AUT_IPC_PERM: | 4130 return; 4131 4132 case AUT_IPC_PERM: |
2694 print_ipcperm_tok(outfp, tok, del, raw, sfrm); | 4133 print_ipcperm_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2695 return; 2696 2697 case AUT_IPORT: | 4134 return; 4135 4136 case AUT_IPORT: |
2698 print_iport_tok(outfp, tok, del, raw, sfrm); | 4137 print_iport_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2699 return; 2700 2701 case AUT_OPAQUE: | 4138 return; 4139 4140 case AUT_OPAQUE: |
2702 print_opaque_tok(outfp, tok, del, raw, sfrm); | 4141 print_opaque_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2703 return; 2704 2705 case AUT_PATH: | 4142 return; 4143 4144 case AUT_PATH: |
2706 print_path_tok(outfp, tok, del, raw, sfrm); | 4145 print_path_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2707 return; 2708 2709 case AUT_PROCESS32: | 4146 return; 4147 4148 case AUT_PROCESS32: |
2710 print_process32_tok(outfp, tok, del, raw, sfrm); | 4149 print_process32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2711 return; 2712 2713 case AUT_PROCESS32_EX: | 4150 return; 4151 4152 case AUT_PROCESS32_EX: |
2714 print_process32ex_tok(outfp, tok, del, raw, sfrm); | 4153 print_process32ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2715 return; 2716 | 4154 return; 4155 |
4156 case AUT_PROCESS64: 4157 print_process64_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); 4158 return; 4159 4160 case AUT_PROCESS64_EX: 4161 print_process64ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); 4162 return; 4163 |
|
2717 case AUT_RETURN32: | 4164 case AUT_RETURN32: |
2718 print_return32_tok(outfp, tok, del, raw, sfrm); | 4165 print_return32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2719 return; 2720 2721 case AUT_RETURN64: | 4166 return; 4167 4168 case AUT_RETURN64: |
2722 print_return64_tok(outfp, tok, del, raw, sfrm); | 4169 print_return64_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2723 return; 2724 2725 case AUT_SEQ: | 4170 return; 4171 4172 case AUT_SEQ: |
2726 print_seq_tok(outfp, tok, del, raw, sfrm); | 4173 print_seq_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2727 return; 2728 2729 case AUT_SOCKET: | 4174 return; 4175 4176 case AUT_SOCKET: |
2730 print_socket_tok(outfp, tok, del, raw, sfrm); | 4177 print_socket_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2731 return; 2732 2733 case AUT_SOCKINET32: | 4178 return; 4179 4180 case AUT_SOCKINET32: |
2734 print_sock_inet32_tok(outfp, tok, del, raw, sfrm); | 4181 print_sock_inet32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2735 return; 2736 2737 case AUT_SOCKUNIX: | 4182 return; 4183 4184 case AUT_SOCKUNIX: |
2738 print_sock_unix_tok(outfp, tok, del, raw, sfrm); | 4185 print_sock_unix_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2739 return; 2740 2741 case AUT_SUBJECT32: | 4186 return; 4187 4188 case AUT_SUBJECT32: |
2742 print_subject32_tok(outfp, tok, del, raw, sfrm); | 4189 print_subject32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2743 return; 2744 2745 case AUT_SUBJECT64: | 4190 return; 4191 4192 case AUT_SUBJECT64: |
2746 print_subject64_tok(outfp, tok, del, raw, sfrm); | 4193 print_subject64_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2747 return; 2748 2749 case AUT_SUBJECT32_EX: | 4194 return; 4195 4196 case AUT_SUBJECT32_EX: |
2750 print_subject32ex_tok(outfp, tok, del, raw, sfrm); | 4197 print_subject32ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2751 return; 2752 | 4198 return; 4199 |
4200 case AUT_SUBJECT64_EX: 4201 print_subject64ex_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); 4202 return; 4203 |
|
2753 case AUT_TEXT: | 4204 case AUT_TEXT: |
2754 print_text_tok(outfp, tok, del, raw, sfrm); | 4205 print_text_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2755 return; 2756 2757 case AUT_SOCKET_EX: | 4206 return; 4207 4208 case AUT_SOCKET_EX: |
2758 print_socketex32_tok(outfp, tok, del, raw, sfrm); | 4209 print_socketex32_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2759 return; 2760 | 4210 return; 4211 |
4212 case AUT_ZONENAME: 4213 print_zonename_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); 4214 return; 4215 |
|
2761 default: | 4216 default: |
2762 print_invalid_tok(outfp, tok, del, raw, sfrm); | 4217 print_invalid_tok(outfp, tok, del, raw, sfrm, AU_PLAIN); |
2763 } 2764} 2765 2766/* | 4218 } 4219} 4220 4221/* |
4222 * 'prints' the token out to outfp in XML format. 4223 */ 4224void 4225au_print_tok_xml(FILE *outfp, tokenstr_t *tok, char *del, char raw, 4226 char sfrm) 4227{ 4228 4229 switch(tok->id) { 4230 case AUT_HEADER32: 4231 print_header32_tok(outfp, tok, del, raw, sfrm, AU_XML); 4232 return; 4233 4234 case AUT_HEADER32_EX: 4235 print_header32_ex_tok(outfp, tok, del, raw, sfrm, AU_XML); 4236 return; 4237 4238 case AUT_HEADER64: 4239 print_header64_tok(outfp, tok, del, raw, sfrm, AU_XML); 4240 return; 4241 4242 case AUT_HEADER64_EX: 4243 print_header64_ex_tok(outfp, tok, del, raw, sfrm, AU_XML); 4244 return; 4245 4246 case AUT_TRAILER: 4247 print_trailer_tok(outfp, tok, del, raw, sfrm, AU_XML); 4248 return; 4249 4250 case AUT_ARG32: 4251 print_arg32_tok(outfp, tok, del, raw, sfrm, AU_XML); 4252 return; 4253 4254 case AUT_ARG64: 4255 print_arg64_tok(outfp, tok, del, raw, sfrm, AU_XML); 4256 return; 4257 4258 case AUT_DATA: 4259 print_arb_tok(outfp, tok, del, raw, sfrm, AU_XML); 4260 return; 4261 4262 case AUT_ATTR32: 4263 print_attr32_tok(outfp, tok, del, raw, sfrm, AU_XML); 4264 return; 4265 4266 case AUT_ATTR64: 4267 print_attr64_tok(outfp, tok, del, raw, sfrm, AU_XML); 4268 return; 4269 4270 case AUT_EXIT: 4271 print_exit_tok(outfp, tok, del, raw, sfrm, AU_XML); 4272 return; 4273 4274 case AUT_EXEC_ARGS: 4275 print_execarg_tok(outfp, tok, del, raw, sfrm, AU_XML); 4276 return; 4277 4278 case AUT_EXEC_ENV: 4279 print_execenv_tok(outfp, tok, del, raw, sfrm, AU_XML); 4280 return; 4281 4282 case AUT_OTHER_FILE32: 4283 print_file_tok(outfp, tok, del, raw, sfrm, AU_XML); 4284 return; 4285 4286 case AUT_NEWGROUPS: 4287 print_newgroups_tok(outfp, tok, del, raw, sfrm, AU_XML); 4288 return; 4289 4290 case AUT_IN_ADDR: 4291 print_inaddr_tok(outfp, tok, del, raw, sfrm, AU_XML); 4292 return; 4293 4294 case AUT_IN_ADDR_EX: 4295 print_inaddr_ex_tok(outfp, tok, del, raw, sfrm, AU_XML); 4296 return; 4297 4298 case AUT_IP: 4299 print_ip_tok(outfp, tok, del, raw, sfrm, AU_XML); 4300 return; 4301 4302 case AUT_IPC: 4303 print_ipc_tok(outfp, tok, del, raw, sfrm, AU_XML); 4304 return; 4305 4306 case AUT_IPC_PERM: 4307 print_ipcperm_tok(outfp, tok, del, raw, sfrm, AU_XML); 4308 return; 4309 4310 case AUT_IPORT: 4311 print_iport_tok(outfp, tok, del, raw, sfrm, AU_XML); 4312 return; 4313 4314 case AUT_OPAQUE: 4315 print_opaque_tok(outfp, tok, del, raw, sfrm, AU_XML); 4316 return; 4317 4318 case AUT_PATH: 4319 print_path_tok(outfp, tok, del, raw, sfrm, AU_XML); 4320 return; 4321 4322 case AUT_PROCESS32: 4323 print_process32_tok(outfp, tok, del, raw, sfrm, AU_XML); 4324 return; 4325 4326 case AUT_PROCESS32_EX: 4327 print_process32ex_tok(outfp, tok, del, raw, sfrm, AU_XML); 4328 return; 4329 4330 case AUT_PROCESS64: 4331 print_process64_tok(outfp, tok, del, raw, sfrm, AU_XML); 4332 return; 4333 4334 case AUT_PROCESS64_EX: 4335 print_process64ex_tok(outfp, tok, del, raw, sfrm, AU_XML); 4336 return; 4337 4338 case AUT_RETURN32: 4339 print_return32_tok(outfp, tok, del, raw, sfrm, AU_XML); 4340 return; 4341 4342 case AUT_RETURN64: 4343 print_return64_tok(outfp, tok, del, raw, sfrm, AU_XML); 4344 return; 4345 4346 case AUT_SEQ: 4347 print_seq_tok(outfp, tok, del, raw, sfrm, AU_XML); 4348 return; 4349 4350 case AUT_SOCKET: 4351 print_socket_tok(outfp, tok, del, raw, sfrm, AU_XML); 4352 return; 4353 4354 case AUT_SOCKINET32: 4355 print_sock_inet32_tok(outfp, tok, del, raw, sfrm, AU_XML); 4356 return; 4357 4358 case AUT_SOCKUNIX: 4359 print_sock_unix_tok(outfp, tok, del, raw, sfrm, AU_XML); 4360 return; 4361 4362 case AUT_SUBJECT32: 4363 print_subject32_tok(outfp, tok, del, raw, sfrm, AU_XML); 4364 return; 4365 4366 case AUT_SUBJECT64: 4367 print_subject64_tok(outfp, tok, del, raw, sfrm, AU_XML); 4368 return; 4369 4370 case AUT_SUBJECT32_EX: 4371 print_subject32ex_tok(outfp, tok, del, raw, sfrm, AU_XML); 4372 return; 4373 4374 case AUT_SUBJECT64_EX: 4375 print_subject64ex_tok(outfp, tok, del, raw, sfrm, AU_XML); 4376 return; 4377 4378 case AUT_TEXT: 4379 print_text_tok(outfp, tok, del, raw, sfrm, AU_XML); 4380 return; 4381 4382 case AUT_SOCKET_EX: 4383 print_socketex32_tok(outfp, tok, del, raw, sfrm, AU_XML); 4384 return; 4385 4386 case AUT_ZONENAME: 4387 print_zonename_tok(outfp, tok, del, raw, sfrm, AU_XML); 4388 return; 4389 4390 default: 4391 print_invalid_tok(outfp, tok, del, raw, sfrm, AU_XML); 4392 } 4393} 4394 4395/* |
|
2767 * Read a record from the file pointer, store data in buf memory for buf is 2768 * also allocated in this function and has to be free'd outside this call. 2769 * 2770 * au_read_rec() handles two possibilities: a stand-alone file token, or a 2771 * complete audit record. 2772 * 2773 * XXXRW: Note that if we hit an error, we leave the stream in an unusable 2774 * state, because it will be partly offset into a record. We should rewind --- 109 unchanged lines hidden --- | 4396 * Read a record from the file pointer, store data in buf memory for buf is 4397 * also allocated in this function and has to be free'd outside this call. 4398 * 4399 * au_read_rec() handles two possibilities: a stand-alone file token, or a 4400 * complete audit record. 4401 * 4402 * XXXRW: Note that if we hit an error, we leave the stream in an unusable 4403 * state, because it will be partly offset into a record. We should rewind --- 109 unchanged lines hidden --- |