1155131Srwatson/*-
2196031Srwatson * Copyright (c) 2005-2009 Robert N. M. Watson
3155131Srwatson * All rights reserved.
4155131Srwatson *
5155131Srwatson * Redistribution and use in source and binary forms, with or without
6155131Srwatson * modification, are permitted provided that the following conditions
7155131Srwatson * are met:
8155131Srwatson * 1. Redistributions of source code must retain the above copyright
9155131Srwatson *    notice, this list of conditions and the following disclaimer.
10155131Srwatson * 2. Redistributions in binary form must reproduce the above copyright
11155131Srwatson *    notice, this list of conditions and the following disclaimer in the
12155131Srwatson *    documentation and/or other materials provided with the distribution.
13155131Srwatson *
14155131Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15155131Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16155131Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17155131Srwatson * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18155131Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19155131Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20155131Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21155131Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22155131Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23155131Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24155131Srwatson * SUCH DAMAGE.
25155131Srwatson *
26196031Srwatson * $P4: //depot/projects/trustedbsd/openbsm/tools/audump.c#9 $
27155131Srwatson */
28155131Srwatson
29155131Srwatson#include <bsm/libbsm.h>
30155131Srwatson#include <string.h>
31155131Srwatson#include <err.h>
32155131Srwatson#include <limits.h>
33155131Srwatson#include <stdio.h>
34155131Srwatson#include <stdlib.h>
35155131Srwatson
36155131Srwatson/*
37155131Srwatson * Simple tool to dump various /etc/security databases using the defined APIs.
38155131Srwatson */
39155131Srwatson
40155131Srwatsonstatic void
41155131Srwatsonusage(void)
42155131Srwatson{
43155131Srwatson
44155518Srwatson	fprintf(stderr, "usage: audump [class|class_r|control|event|event_r|"
45155131Srwatson	    "user|user_r]\n");
46155131Srwatson	exit(-1);
47155131Srwatson}
48155131Srwatson
49155131Srwatsonstatic void
50155131Srwatsonaudump_class(void)
51155131Srwatson{
52155131Srwatson	au_class_ent_t *cp;
53155131Srwatson
54155131Srwatson	while ((cp = getauclassent()) != NULL)
55155131Srwatson		printf("0x%08x:%s:%s\n", cp->ac_class, cp->ac_name,
56155131Srwatson		    cp->ac_desc);
57155131Srwatson}
58155131Srwatson
59155131Srwatsonstatic void
60155131Srwatsonaudump_class_r(void)
61155131Srwatson{
62155131Srwatson	char class_ent_name[AU_CLASS_NAME_MAX];
63155131Srwatson	char class_ent_desc[AU_CLASS_DESC_MAX];
64155131Srwatson	au_class_ent_t c, *cp;
65155131Srwatson
66155131Srwatson	bzero(&c, sizeof(c));
67155131Srwatson	bzero(class_ent_name, sizeof(class_ent_name));
68155131Srwatson	bzero(class_ent_desc, sizeof(class_ent_desc));
69155131Srwatson	c.ac_name = class_ent_name;
70155131Srwatson	c.ac_desc = class_ent_desc;
71155131Srwatson
72155131Srwatson	while ((cp = getauclassent_r(&c)) != NULL)
73155131Srwatson		printf("0x%08x:%s:%s\n", cp->ac_class, cp->ac_name,
74155131Srwatson		    cp->ac_desc);
75155131Srwatson}
76155131Srwatson
77155131Srwatsonstatic void
78155131Srwatsonaudump_control(void)
79155131Srwatson{
80162503Srwatson	char string[PATH_MAX], string2[PATH_MAX];
81155131Srwatson	int ret, val;
82162503Srwatson	long policy;
83189279Srwatson	time_t age;
84189279Srwatson	size_t size;
85155131Srwatson
86155131Srwatson	ret = getacflg(string, PATH_MAX);
87155131Srwatson	if (ret == -2)
88155131Srwatson		err(-1, "getacflg");
89155131Srwatson	if (ret != 0)
90155131Srwatson		errx(-1, "getacflg: %d", ret);
91155131Srwatson
92155131Srwatson	printf("flags:%s\n", string);
93155131Srwatson
94155131Srwatson	ret = getacmin(&val);
95155131Srwatson	if (ret == -2)
96155131Srwatson		err(-1, "getacmin");
97155131Srwatson	if (ret != 0)
98155131Srwatson		errx(-1, "getacmin: %d", ret);
99155131Srwatson
100155131Srwatson	printf("min:%d\n", val);
101155131Srwatson
102155131Srwatson	ret = getacna(string, PATH_MAX);
103155131Srwatson	if (ret == -2)
104155131Srwatson		err(-1, "getacna");
105155131Srwatson	if (ret != 0)
106155131Srwatson		errx(-1, "getacna: %d", ret);
107155131Srwatson
108155131Srwatson	printf("naflags:%s\n", string);
109155131Srwatson
110155131Srwatson	setac();
111155131Srwatson	do {
112155131Srwatson		ret = getacdir(string, PATH_MAX);
113155131Srwatson		if (ret == -1)
114155131Srwatson			break;
115155131Srwatson		if (ret == -2)
116155131Srwatson			err(-1, "getacdir");
117155131Srwatson		if (ret != 0)
118155131Srwatson			errx(-1, "getacdir: %d", ret);
119155131Srwatson		printf("dir:%s\n", string);
120155131Srwatson
121155131Srwatson	} while (ret == 0);
122162503Srwatson
123162503Srwatson	ret = getacpol(string, PATH_MAX);
124162503Srwatson	if (ret != 0)
125162503Srwatson		err(-1, "getacpol");
126162503Srwatson	if (au_strtopol(string, &policy) < 0)
127162503Srwatson		err(-1, "au_strtopol");
128168777Srwatson	if (au_poltostr(policy, PATH_MAX, string2) < 0)
129162503Srwatson		err(-1, "au_poltostr");
130162503Srwatson	printf("policy:%s\n", string2);
131189279Srwatson
132189279Srwatson	ret = getacfilesz(&size);
133189279Srwatson	if (ret == -2)
134189279Srwatson		err(-1, "getacfilesz");
135189279Srwatson	if (ret != 0)
136189279Srwatson		err(-1, "getacfilesz: %d", ret);
137189279Srwatson
138189279Srwatson	printf("filesz:%ldB\n", size);
139189279Srwatson
140189279Srwatson
141189279Srwatson	ret = getachost(string, PATH_MAX);
142189279Srwatson	if (ret == -2)
143189279Srwatson		err(-1, "getachost");
144189279Srwatson	if (ret == -3)
145189279Srwatson		err(-1, "getachost: %d", ret);
146189279Srwatson	if (ret == 0 && ret != 1)
147189279Srwatson		printf("host:%s\n", string);
148189279Srwatson
149189279Srwatson	ret = getacexpire(&val, &age, &size);
150189279Srwatson	if (ret == -2)
151189279Srwatson		err(-1, "getacexpire");
152189279Srwatson	if (ret == -1)
153189279Srwatson		err(-1, "getacexpire: %d", ret);
154189279Srwatson	if (ret == 0 && ret != 1)
155189279Srwatson		printf("expire-after:%ldB  %s %lds\n", size,
156189279Srwatson		    val ? "AND" : "OR", age);
157155131Srwatson}
158155131Srwatson
159155131Srwatsonstatic void
160155131Srwatsonprintf_classmask(au_class_t classmask)
161155131Srwatson{
162155131Srwatson	au_class_ent_t *c;
163155131Srwatson	u_int32_t i;
164155131Srwatson	int first;
165155131Srwatson
166155131Srwatson	first = 1;
167155131Srwatson	for (i = 0; i < 32; i++) {
168196031Srwatson		if (classmask & (1 << i)) {
169155131Srwatson			if (first)
170155131Srwatson				first = 0;
171155131Srwatson			else
172155131Srwatson				printf(",");
173196031Srwatson			c = getauclassnum(1 << i);
174155131Srwatson			if (c != NULL)
175155131Srwatson				printf("%s", c->ac_name);
176155131Srwatson			else
177196031Srwatson				printf("0x%x", 1 << i);
178155131Srwatson		}
179155131Srwatson	}
180155131Srwatson}
181155131Srwatson
182155131Srwatsonstatic void
183155131Srwatsonaudump_event(void)
184155131Srwatson{
185155131Srwatson	au_event_ent_t *ep;
186155131Srwatson
187155131Srwatson	while ((ep = getauevent()) != NULL) {
188155131Srwatson		printf("%d:%s:%s:", ep->ae_number, ep->ae_name, ep->ae_desc);
189155131Srwatson		printf_classmask(ep->ae_class);
190155131Srwatson		printf("\n");
191155131Srwatson	}
192155131Srwatson}
193155131Srwatson
194155131Srwatsonstatic void
195155131Srwatsonaudump_event_r(void)
196155131Srwatson{
197155131Srwatson	char event_ent_name[AU_EVENT_NAME_MAX];
198155131Srwatson	char event_ent_desc[AU_EVENT_DESC_MAX];
199155131Srwatson	au_event_ent_t e, *ep;
200155131Srwatson
201155131Srwatson	bzero(&e, sizeof(e));
202155131Srwatson	bzero(event_ent_name, sizeof(event_ent_name));
203155131Srwatson	bzero(event_ent_desc, sizeof(event_ent_desc));
204155131Srwatson	e.ae_name = event_ent_name;
205155131Srwatson	e.ae_desc = event_ent_desc;
206155131Srwatson
207155131Srwatson	while ((ep = getauevent_r(&e)) != NULL) {
208155131Srwatson		printf("%d:%s:%s:", ep->ae_number, ep->ae_name, ep->ae_desc);
209155131Srwatson		printf_classmask(ep->ae_class);
210155131Srwatson		printf("\n");
211155131Srwatson	}
212155131Srwatson}
213155131Srwatson
214155131Srwatsonstatic void
215155131Srwatsonaudump_user(void)
216155131Srwatson{
217155131Srwatson	au_user_ent_t *up;
218155131Srwatson
219155131Srwatson	while ((up = getauuserent()) != NULL) {
220155131Srwatson		printf("%s:", up->au_name);
221155131Srwatson		// printf_classmask(up->au_always);
222155131Srwatson		printf(":");
223155131Srwatson		// printf_classmask(up->au_never);
224155131Srwatson		printf("\n");
225155131Srwatson	}
226155131Srwatson}
227155131Srwatson
228155131Srwatsonstatic void
229155131Srwatsonaudump_user_r(void)
230155131Srwatson{
231155131Srwatson	char user_ent_name[AU_USER_NAME_MAX];
232155131Srwatson	au_user_ent_t u, *up;
233155131Srwatson
234155131Srwatson	bzero(&u, sizeof(u));
235155131Srwatson	bzero(user_ent_name, sizeof(user_ent_name));
236155131Srwatson	u.au_name = user_ent_name;
237155131Srwatson
238155131Srwatson	while ((up = getauuserent_r(&u)) != NULL) {
239155131Srwatson		printf("%s:", up->au_name);
240155131Srwatson		// printf_classmask(up->au_always);
241155131Srwatson		printf(":");
242155131Srwatson		// printf_classmask(up->au_never);
243155131Srwatson		printf("\n");
244155131Srwatson	}
245155131Srwatson}
246155131Srwatson
247155131Srwatsonint
248155131Srwatsonmain(int argc, char *argv[])
249155131Srwatson{
250155131Srwatson
251155131Srwatson	if (argc != 2)
252155131Srwatson		usage();
253155131Srwatson
254155131Srwatson	if (strcmp(argv[1], "class") == 0)
255155131Srwatson		audump_class();
256155131Srwatson	else if (strcmp(argv[1], "class_r") == 0)
257155131Srwatson		audump_class_r();
258155131Srwatson	else if (strcmp(argv[1], "control") == 0)
259155131Srwatson		audump_control();
260155131Srwatson	else if (strcmp(argv[1], "event") == 0)
261155131Srwatson		audump_event();
262155131Srwatson	else if (strcmp(argv[1], "event_r") == 0)
263155131Srwatson		audump_event_r();
264155131Srwatson	else if (strcmp(argv[1], "user") == 0)
265155131Srwatson		audump_user();
266155131Srwatson	else if (strcmp(argv[1], "user_r") == 0)
267155131Srwatson		audump_user_r();
268155131Srwatson	else
269155131Srwatson		usage();
270155131Srwatson
271155131Srwatson	return (0);
272155131Srwatson}
273