praudit.c revision 173143 
1/*
2 * Copyright (c) 2004 Apple Computer, Inc.
3 * Copyright (c) 2006 Martin Voros
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1.  Redistributions of source code must retain the above copyright
10 *     notice, this list of conditions and the following disclaimer.
11 * 2.  Redistributions in binary form must reproduce the above copyright
12 *     notice, this list of conditions and the following disclaimer in the
13 *     documentation and/or other materials provided with the distribution.
14 * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
15 *     its contributors may be used to endorse or promote products derived
16 *     from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
22 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
26 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
27 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28 * POSSIBILITY OF SUCH DAMAGE.
29 *
30 * $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.c#12 $
31 */
32
33/*
34 * Tool used to parse audit records conforming to the BSM structure.
35 */
36
37/*
38 * praudit [-lpx] [-r | -s] [-d del] [file ...]
39 */
40
41#include <bsm/libbsm.h>
42
43#include <stdio.h>
44#include <stdlib.h>
45#include <unistd.h>
46
47extern char	*optarg;
48extern int	 optind, optopt, opterr,optreset;
49
50static char	*del = ",";	/* Default delimiter. */
51static int	 oneline = 0;
52static int	 raw = 0;
53static int	 shortfrm = 0;
54static int	 partial = 0;
55static int	 xml = 0;
56
57static void
58usage(void)
59{
60
61	fprintf(stderr, "usage: praudit [-lpx] [-r | -s] [-d del] "
62	    "[file ...]\n");
63	exit(1);
64}
65
66/*
67 * Token printing for each token type .
68 */
69static int
70print_tokens(FILE *fp)
71{
72	u_char *buf;
73	tokenstr_t tok;
74	int reclen;
75	int bytesread;
76
77	/* Allow tail -f | praudit to work. */
78	if (partial) {
79		u_char type = 0;
80		/* Record must begin with a header token. */
81		do {
82			type = fgetc(fp);
83		} while(type != AU_HEADER_32_TOKEN);
84		ungetc(type, fp);
85	}
86
87	while ((reclen = au_read_rec(fp, &buf)) != -1) {
88		bytesread = 0;
89		while (bytesread < reclen) {
90			/* Is this an incomplete record? */
91			if (-1 == au_fetch_tok(&tok, buf + bytesread,
92			    reclen - bytesread))
93				break;
94			if (xml)
95				au_print_tok_xml(stdout, &tok, del, raw,
96				    shortfrm);
97			else
98				au_print_tok(stdout, &tok, del, raw,
99				    shortfrm);
100			bytesread += tok.len;
101			if (oneline) {
102				if (!xml)
103					printf("%s", del);
104			} else
105				printf("\n");
106		}
107		free(buf);
108		if (oneline)
109			printf("\n");
110		fflush(stdout);
111	}
112	return (0);
113}
114
115int
116main(int argc, char **argv)
117{
118	int ch;
119	int i;
120	FILE *fp;
121
122	while ((ch = getopt(argc, argv, "d:lprsx")) != -1) {
123		switch(ch) {
124		case 'd':
125			del = optarg;
126			break;
127
128		case 'l':
129			oneline = 1;
130			break;
131
132		case 'p':
133			partial = 1;
134			break;
135
136		case 'r':
137			if (shortfrm)
138				usage();	/* Exclusive from shortfrm. */
139			raw = 1;
140			break;
141
142		case 's':
143			if (raw)
144				usage();	/* Exclusive from raw. */
145			shortfrm = 1;
146			break;
147
148		case 'x':
149			xml = 1;
150			break;
151
152		case '?':
153		default:
154			usage();
155		}
156	}
157
158	if (xml)
159		au_print_xml_header(stdout);
160
161	/* For each of the files passed as arguments dump the contents. */
162	if (optind == argc) {
163		print_tokens(stdin);
164		return (1);
165	}
166	for (i = optind; i < argc; i++) {
167		fp = fopen(argv[i], "r");
168		if ((fp == NULL) || (print_tokens(fp) == -1))
169			perror(argv[i]);
170		if (fp != NULL)
171			fclose(fp);
172	}
173
174	if (xml)
175		au_print_xml_footer(stdout);
176
177	return (1);
178}
179