1/*-
2 * Copyright (c) 2005-2009, 2016 Robert N. M. Watson
3 * All rights reserved.
4 *
5 * Portions of this software were developed by BAE Systems, the University of
6 * Cambridge Computer Laboratory, and Memorial University under DARPA/AFRL
7 * contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent
8 * Computing (TC) research program.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 *    notice, this list of conditions and the following disclaimer in the
17 *    documentation and/or other materials provided with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32#include <bsm/libbsm.h>
33#include <string.h>
34#include <err.h>
35#include <limits.h>
36#include <stdio.h>
37#include <stdlib.h>
38
39/*
40 * Simple tool to dump various /etc/security databases using the defined APIs.
41 */
42
43static void
44usage(void)
45{
46
47	fprintf(stderr, "usage: audump [class|class_r|control|event|event_r|"
48	    "user|user_r]\n");
49	exit(-1);
50}
51
52static void
53audump_class(void)
54{
55	au_class_ent_t *cp;
56
57	while ((cp = getauclassent()) != NULL)
58		printf("0x%08x:%s:%s\n", cp->ac_class, cp->ac_name,
59		    cp->ac_desc);
60}
61
62static void
63audump_class_r(void)
64{
65	char class_ent_name[AU_CLASS_NAME_MAX];
66	char class_ent_desc[AU_CLASS_DESC_MAX];
67	au_class_ent_t c, *cp;
68
69	bzero(&c, sizeof(c));
70	bzero(class_ent_name, sizeof(class_ent_name));
71	bzero(class_ent_desc, sizeof(class_ent_desc));
72	c.ac_name = class_ent_name;
73	c.ac_desc = class_ent_desc;
74
75	while ((cp = getauclassent_r(&c)) != NULL)
76		printf("0x%08x:%s:%s\n", cp->ac_class, cp->ac_name,
77		    cp->ac_desc);
78}
79
80static void
81audump_control(void)
82{
83	char string[PATH_MAX], string2[PATH_MAX];
84	int ret, val, qsz;
85	long policy;
86	time_t age;
87	size_t size;
88
89	ret = getacflg(string, PATH_MAX);
90	if (ret == -2)
91		err(-1, "getacflg");
92	if (ret != 0)
93		errx(-1, "getacflg: %d", ret);
94
95	printf("flags:%s\n", string);
96
97	ret = getacmin(&val);
98	if (ret == -2)
99		err(-1, "getacmin");
100	if (ret != 0)
101		errx(-1, "getacmin: %d", ret);
102
103	printf("min:%d\n", val);
104
105	ret = getacna(string, PATH_MAX);
106	if (ret == -2)
107		err(-1, "getacna");
108	if (ret != 0)
109		errx(-1, "getacna: %d", ret);
110
111	printf("naflags:%s\n", string);
112
113	setac();
114	do {
115		ret = getacdir(string, PATH_MAX);
116		if (ret == -1)
117			break;
118		if (ret == -2)
119			err(-1, "getacdir");
120		if (ret != 0)
121			errx(-1, "getacdir: %d", ret);
122		printf("dir:%s\n", string);
123
124	} while (ret == 0);
125
126	ret = getacpol(string, PATH_MAX);
127	if (ret != 0)
128		err(-1, "getacpol");
129	if (au_strtopol(string, &policy) < 0)
130		err(-1, "au_strtopol");
131	if (au_poltostr(policy, PATH_MAX, string2) < 0)
132		err(-1, "au_poltostr");
133	printf("policy:%s\n", string2);
134
135	ret = getacfilesz(&size);
136	if (ret == -2)
137		err(-1, "getacfilesz");
138	if (ret != 0)
139		err(-1, "getacfilesz: %d", ret);
140
141	printf("filesz:%ldB\n", size);
142
143	ret = getacqsize(&qsz);
144	if (ret == -2)
145		err(-1, "getacqsize");
146	if (ret != 0)
147		err(-1, "getacqzize: %d", ret);
148
149	printf("qsize:%d\n", qsz);
150
151	ret = getachost(string, PATH_MAX);
152	if (ret == -2)
153		err(-1, "getachost");
154	if (ret == -3)
155		err(-1, "getachost: %d", ret);
156	if (ret == 0 && ret != 1)
157		printf("host:%s\n", string);
158
159	ret = getacexpire(&val, &age, &size);
160	if (ret == -2)
161		err(-1, "getacexpire");
162	if (ret == -1)
163		err(-1, "getacexpire: %d", ret);
164	if (ret == 0 && ret != 1)
165		printf("expire-after:%ldB  %s %lds\n", size,
166		    val ? "AND" : "OR", age);
167}
168
169static void
170printf_classmask(au_class_t classmask)
171{
172	au_class_ent_t *c;
173	u_int32_t i;
174	int first;
175
176	first = 1;
177	for (i = 0; i < 32; i++) {
178		if (classmask & (1 << i)) {
179			if (first)
180				first = 0;
181			else
182				printf(",");
183			c = getauclassnum(1 << i);
184			if (c != NULL)
185				printf("%s", c->ac_name);
186			else
187				printf("0x%x", 1 << i);
188		}
189	}
190}
191
192static void
193audump_event(void)
194{
195	au_event_ent_t *ep;
196
197	while ((ep = getauevent()) != NULL) {
198		printf("%d:%s:%s:", ep->ae_number, ep->ae_name, ep->ae_desc);
199		printf_classmask(ep->ae_class);
200		printf("\n");
201	}
202}
203
204static void
205audump_event_r(void)
206{
207	char event_ent_name[AU_EVENT_NAME_MAX];
208	char event_ent_desc[AU_EVENT_DESC_MAX];
209	au_event_ent_t e, *ep;
210
211	bzero(&e, sizeof(e));
212	bzero(event_ent_name, sizeof(event_ent_name));
213	bzero(event_ent_desc, sizeof(event_ent_desc));
214	e.ae_name = event_ent_name;
215	e.ae_desc = event_ent_desc;
216
217	while ((ep = getauevent_r(&e)) != NULL) {
218		printf("%d:%s:%s:", ep->ae_number, ep->ae_name, ep->ae_desc);
219		printf_classmask(ep->ae_class);
220		printf("\n");
221	}
222}
223
224static void
225audump_user(void)
226{
227	au_user_ent_t *up;
228
229	while ((up = getauuserent()) != NULL) {
230		printf("%s:", up->au_name);
231		// printf_classmask(up->au_always);
232		printf(":");
233		// printf_classmask(up->au_never);
234		printf("\n");
235	}
236}
237
238static void
239audump_user_r(void)
240{
241	char user_ent_name[AU_USER_NAME_MAX];
242	au_user_ent_t u, *up;
243
244	bzero(&u, sizeof(u));
245	bzero(user_ent_name, sizeof(user_ent_name));
246	u.au_name = user_ent_name;
247
248	while ((up = getauuserent_r(&u)) != NULL) {
249		printf("%s:", up->au_name);
250		// printf_classmask(up->au_always);
251		printf(":");
252		// printf_classmask(up->au_never);
253		printf("\n");
254	}
255}
256
257int
258main(int argc, char *argv[])
259{
260
261	if (argc != 2)
262		usage();
263
264	if (strcmp(argv[1], "class") == 0)
265		audump_class();
266	else if (strcmp(argv[1], "class_r") == 0)
267		audump_class_r();
268	else if (strcmp(argv[1], "control") == 0)
269		audump_control();
270	else if (strcmp(argv[1], "event") == 0)
271		audump_event();
272	else if (strcmp(argv[1], "event_r") == 0)
273		audump_event_r();
274	else if (strcmp(argv[1], "user") == 0)
275		audump_user();
276	else if (strcmp(argv[1], "user_r") == 0)
277		audump_user_r();
278	else
279		usage();
280
281	return (0);
282}
283