1/*-
2 * Copyright (c) 2005-2009 Robert N. M. Watson
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
26 * $P4: //depot/projects/trustedbsd/openbsm/tools/audump.c#9 $
27 */
28
29#include <bsm/libbsm.h>
30#include <string.h>
31#include <err.h>
32#include <limits.h>
33#include <stdio.h>
34#include <stdlib.h>
35
36/*
37 * Simple tool to dump various /etc/security databases using the defined APIs.
38 */
39
40static void
41usage(void)
42{
43
44	fprintf(stderr, "usage: audump [class|class_r|control|event|event_r|"
45	    "user|user_r]\n");
46	exit(-1);
47}
48
49static void
50audump_class(void)
51{
52	au_class_ent_t *cp;
53
54	while ((cp = getauclassent()) != NULL)
55		printf("0x%08x:%s:%s\n", cp->ac_class, cp->ac_name,
56		    cp->ac_desc);
57}
58
59static void
60audump_class_r(void)
61{
62	char class_ent_name[AU_CLASS_NAME_MAX];
63	char class_ent_desc[AU_CLASS_DESC_MAX];
64	au_class_ent_t c, *cp;
65
66	bzero(&c, sizeof(c));
67	bzero(class_ent_name, sizeof(class_ent_name));
68	bzero(class_ent_desc, sizeof(class_ent_desc));
69	c.ac_name = class_ent_name;
70	c.ac_desc = class_ent_desc;
71
72	while ((cp = getauclassent_r(&c)) != NULL)
73		printf("0x%08x:%s:%s\n", cp->ac_class, cp->ac_name,
74		    cp->ac_desc);
75}
76
77static void
78audump_control(void)
79{
80	char string[PATH_MAX], string2[PATH_MAX];
81	int ret, val;
82	long policy;
83	time_t age;
84	size_t size;
85
86	ret = getacflg(string, PATH_MAX);
87	if (ret == -2)
88		err(-1, "getacflg");
89	if (ret != 0)
90		errx(-1, "getacflg: %d", ret);
91
92	printf("flags:%s\n", string);
93
94	ret = getacmin(&val);
95	if (ret == -2)
96		err(-1, "getacmin");
97	if (ret != 0)
98		errx(-1, "getacmin: %d", ret);
99
100	printf("min:%d\n", val);
101
102	ret = getacna(string, PATH_MAX);
103	if (ret == -2)
104		err(-1, "getacna");
105	if (ret != 0)
106		errx(-1, "getacna: %d", ret);
107
108	printf("naflags:%s\n", string);
109
110	setac();
111	do {
112		ret = getacdir(string, PATH_MAX);
113		if (ret == -1)
114			break;
115		if (ret == -2)
116			err(-1, "getacdir");
117		if (ret != 0)
118			errx(-1, "getacdir: %d", ret);
119		printf("dir:%s\n", string);
120
121	} while (ret == 0);
122
123	ret = getacpol(string, PATH_MAX);
124	if (ret != 0)
125		err(-1, "getacpol");
126	if (au_strtopol(string, &policy) < 0)
127		err(-1, "au_strtopol");
128	if (au_poltostr(policy, PATH_MAX, string2) < 0)
129		err(-1, "au_poltostr");
130	printf("policy:%s\n", string2);
131
132	ret = getacfilesz(&size);
133	if (ret == -2)
134		err(-1, "getacfilesz");
135	if (ret != 0)
136		err(-1, "getacfilesz: %d", ret);
137
138	printf("filesz:%ldB\n", size);
139
140
141	ret = getachost(string, PATH_MAX);
142	if (ret == -2)
143		err(-1, "getachost");
144	if (ret == -3)
145		err(-1, "getachost: %d", ret);
146	if (ret == 0 && ret != 1)
147		printf("host:%s\n", string);
148
149	ret = getacexpire(&val, &age, &size);
150	if (ret == -2)
151		err(-1, "getacexpire");
152	if (ret == -1)
153		err(-1, "getacexpire: %d", ret);
154	if (ret == 0 && ret != 1)
155		printf("expire-after:%ldB  %s %lds\n", size,
156		    val ? "AND" : "OR", age);
157}
158
159static void
160printf_classmask(au_class_t classmask)
161{
162	au_class_ent_t *c;
163	u_int32_t i;
164	int first;
165
166	first = 1;
167	for (i = 0; i < 32; i++) {
168		if (classmask & (1 << i)) {
169			if (first)
170				first = 0;
171			else
172				printf(",");
173			c = getauclassnum(1 << i);
174			if (c != NULL)
175				printf("%s", c->ac_name);
176			else
177				printf("0x%x", 1 << i);
178		}
179	}
180}
181
182static void
183audump_event(void)
184{
185	au_event_ent_t *ep;
186
187	while ((ep = getauevent()) != NULL) {
188		printf("%d:%s:%s:", ep->ae_number, ep->ae_name, ep->ae_desc);
189		printf_classmask(ep->ae_class);
190		printf("\n");
191	}
192}
193
194static void
195audump_event_r(void)
196{
197	char event_ent_name[AU_EVENT_NAME_MAX];
198	char event_ent_desc[AU_EVENT_DESC_MAX];
199	au_event_ent_t e, *ep;
200
201	bzero(&e, sizeof(e));
202	bzero(event_ent_name, sizeof(event_ent_name));
203	bzero(event_ent_desc, sizeof(event_ent_desc));
204	e.ae_name = event_ent_name;
205	e.ae_desc = event_ent_desc;
206
207	while ((ep = getauevent_r(&e)) != NULL) {
208		printf("%d:%s:%s:", ep->ae_number, ep->ae_name, ep->ae_desc);
209		printf_classmask(ep->ae_class);
210		printf("\n");
211	}
212}
213
214static void
215audump_user(void)
216{
217	au_user_ent_t *up;
218
219	while ((up = getauuserent()) != NULL) {
220		printf("%s:", up->au_name);
221		// printf_classmask(up->au_always);
222		printf(":");
223		// printf_classmask(up->au_never);
224		printf("\n");
225	}
226}
227
228static void
229audump_user_r(void)
230{
231	char user_ent_name[AU_USER_NAME_MAX];
232	au_user_ent_t u, *up;
233
234	bzero(&u, sizeof(u));
235	bzero(user_ent_name, sizeof(user_ent_name));
236	u.au_name = user_ent_name;
237
238	while ((up = getauuserent_r(&u)) != NULL) {
239		printf("%s:", up->au_name);
240		// printf_classmask(up->au_always);
241		printf(":");
242		// printf_classmask(up->au_never);
243		printf("\n");
244	}
245}
246
247int
248main(int argc, char *argv[])
249{
250
251	if (argc != 2)
252		usage();
253
254	if (strcmp(argv[1], "class") == 0)
255		audump_class();
256	else if (strcmp(argv[1], "class_r") == 0)
257		audump_class_r();
258	else if (strcmp(argv[1], "control") == 0)
259		audump_control();
260	else if (strcmp(argv[1], "event") == 0)
261		audump_event();
262	else if (strcmp(argv[1], "event_r") == 0)
263		audump_event_r();
264	else if (strcmp(argv[1], "user") == 0)
265		audump_user();
266	else if (strcmp(argv[1], "user_r") == 0)
267		audump_user_r();
268	else
269		usage();
270
271	return (0);
272}
273