auditreduce

Kyle Evans Sat, 28 Mar 2020 11:46:01 -0700

Author: kevans
Date: Sat Mar 28 17:34:47 2020
New Revision: 359401
URL: https://svnweb.freebsd.org/changeset/base/359401


Log:
  OpenBSM: import ee79d73e8df5: auditreduce: add a zone filter
  
  This allows one to select audit records that match a -z zone glob.
  
  Sponsored by: Modirum MDPay, Klara Systems

Modified:
  vendor/openbsm/dist/bin/auditreduce/auditreduce.1
  vendor/openbsm/dist/bin/auditreduce/auditreduce.c
  vendor/openbsm/dist/bin/auditreduce/auditreduce.h

Modified: vendor/openbsm/dist/bin/auditreduce/auditreduce.1
==============================================================================
--- vendor/openbsm/dist/bin/auditreduce/auditreduce.1   Sat Mar 28 17:11:54 
2020        (r359400)
+++ vendor/openbsm/dist/bin/auditreduce/auditreduce.1   Sat Mar 28 17:34:47 
2020        (r359401)
@@ -25,7 +25,7 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd January 24, 2004
+.Dd February 20, 2020
 .Dt AUDITREDUCE 1
 .Os
 .Sh NAME
@@ -47,6 +47,7 @@
 .Op Fl r Ar ruid
 .Op Fl u Ar auid
 .Op Fl v
+.Op Fl z Ar zone
 .Op Ar
 .Sh DESCRIPTION
 The
@@ -129,6 +130,10 @@ Select records with the given real user ID or name.
 Select records with the given audit ID.
 .It Fl v
 Invert sense of matching, to select records that do not match.
+.It Fl z Ar zone
+Select records from the given zone(s).
+.Ar zone
+is a glob for zones to match.
 .El
 .Sh EXAMPLES
 To select all records associated with effective user ID root from the audit

Modified: vendor/openbsm/dist/bin/auditreduce/auditreduce.c
==============================================================================
--- vendor/openbsm/dist/bin/auditreduce/auditreduce.c   Sat Mar 28 17:11:54 
2020        (r359400)
+++ vendor/openbsm/dist/bin/auditreduce/auditreduce.c   Sat Mar 28 17:34:47 
2020        (r359401)
@@ -62,6 +62,7 @@
 #include <bsm/libbsm.h>
 
 #include <err.h>
+#include <fnmatch.h>
 #include <grp.h>
 #include <pwd.h>
 #include <stdio.h>
@@ -94,6 +95,7 @@ static int             p_egid;        /* Effective group id. 
*/ 
 static int              p_rgid;        /* Real group id. */ 
 static int              p_ruid;        /* Real user id. */ 
 static int              p_subid;       /* Subject id. */
+static const char      *p_zone;        /* Zone. */
 
 /*
  * Maintain a dynamically sized array of events for -m
@@ -114,6 +116,8 @@ static char *p_sockobj = NULL; 
 
 static uint32_t opttochk = 0;
 
+static int     select_zone(const char *zone, uint32_t *optchkd);
+
 static void
 parse_regexp(char *re_string)
 {
@@ -186,6 +190,7 @@ usage(const char *msg)
        fprintf(stderr, "\t-r <uid|name> : real user\n");
        fprintf(stderr, "\t-u <uid|name> : audit user\n");
        fprintf(stderr, "\t-v : select non-matching records\n");
+       fprintf(stderr, "\t-z <zone> : zone name\n");
        exit(EX_USAGE);
 }
 
@@ -493,6 +498,21 @@ select_subj32(tokenstr_t tok, uint32_t *optchkd)
 }
 
 /*
+ * Check if the given zone matches the selection criteria.
+  */
+static int
+select_zone(const char *zone, uint32_t *optchkd)
+{
+
+       SETOPT((*optchkd), OPT_z);
+       if (ISOPTSET(opttochk, OPT_z) && p_zone != NULL) {
+               if (fnmatch(p_zone, zone, FNM_PATHNAME) != 0)
+                       return (0);
+       }
+       return (1);
+}
+
+/*
  * Read each record from the audit trail.  Check if it is selected after
  * passing through each of the options 
  */
@@ -559,6 +579,10 @@ select_records(FILE *fp)
                                    tok_hdr32_copy, &optchkd);
                                break;
 
+                       case AUT_ZONENAME:
+                               selected = 
select_zone(tok.tt.zonename.zonename, &optchkd);
+                               break;
+
                        default:
                                break;
                        }
@@ -629,7 +653,7 @@ main(int argc, char **argv)
 
        converr = NULL;
 
-       while ((ch = getopt(argc, argv, "Aa:b:c:d:e:f:g:j:m:o:r:u:v")) != -1) {
+       while ((ch = getopt(argc, argv, "Aa:b:c:d:e:f:g:j:m:o:r:u:vz:")) != -1) 
{
                switch(ch) {
                case 'A':
                        SETOPT(opttochk, OPT_A);
@@ -781,6 +805,11 @@ main(int argc, char **argv)
 
                case 'v':
                        SETOPT(opttochk, OPT_v);
+                       break;
+
+               case 'z':
+                       p_zone = optarg;
+                       SETOPT(opttochk, OPT_z);
                        break;
 
                case '?':

Modified: vendor/openbsm/dist/bin/auditreduce/auditreduce.h
==============================================================================
--- vendor/openbsm/dist/bin/auditreduce/auditreduce.h   Sat Mar 28 17:11:54 
2020        (r359400)
+++ vendor/openbsm/dist/bin/auditreduce/auditreduce.h   Sat Mar 28 17:34:47 
2020        (r359401)
@@ -57,6 +57,7 @@ struct re_entry {
 #define OPT_u  0x00010000
 #define OPT_A  0x00020000
 #define OPT_v  0x00040000
+#define OPT_z  0x00080000
 
 #define FILEOBJ "file"
 #define MSGQIDOBJ "msgqid"
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r359401 - vendor/openbsm/dist/bin/auditreduce

Reply via email to