aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKyle Evans <kevans@FreeBSD.org>2020-03-28 17:34:47 +0000
committerKyle Evans <kevans@FreeBSD.org>2020-03-28 17:34:47 +0000
commita05182219696fde2ccba4e7b8ed0041149df6b3b (patch)
tree009a7ede63377f14bc6e44787f4f08234ce24154
parent47192295e7ee42c5e669dfdb5cb146bc87a63fe5 (diff)
downloadsrc-vendor/openbsm.tar.gz
src-vendor/openbsm.zip
OpenBSM: import ee79d73e8df5: auditreduce: add a zone filtervendor/openbsm
This allows one to select audit records that match a -z zone glob. Sponsored by: Modirum MDPay, Klara Systems
Notes
Notes: svn path=/vendor/openbsm/dist/; revision=359401
-rw-r--r--bin/auditreduce/auditreduce.17
-rw-r--r--bin/auditreduce/auditreduce.c31
-rw-r--r--bin/auditreduce/auditreduce.h1
3 files changed, 37 insertions, 2 deletions
diff --git a/bin/auditreduce/auditreduce.1 b/bin/auditreduce/auditreduce.1
index 3266ad9bc160..0a197a872ace 100644
--- a/bin/auditreduce/auditreduce.1
+++ b/bin/auditreduce/auditreduce.1
@@ -25,7 +25,7 @@
.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd January 24, 2004
+.Dd February 20, 2020
.Dt AUDITREDUCE 1
.Os
.Sh NAME
@@ -47,6 +47,7 @@
.Op Fl r Ar ruid
.Op Fl u Ar auid
.Op Fl v
+.Op Fl z Ar zone
.Op Ar
.Sh DESCRIPTION
The
@@ -129,6 +130,10 @@ Select records with the given real user ID or name.
Select records with the given audit ID.
.It Fl v
Invert sense of matching, to select records that do not match.
+.It Fl z Ar zone
+Select records from the given zone(s).
+.Ar zone
+is a glob for zones to match.
.El
.Sh EXAMPLES
To select all records associated with effective user ID root from the audit
diff --git a/bin/auditreduce/auditreduce.c b/bin/auditreduce/auditreduce.c
index bc0b3d2e21fa..74732c601a8e 100644
--- a/bin/auditreduce/auditreduce.c
+++ b/bin/auditreduce/auditreduce.c
@@ -62,6 +62,7 @@
#include <bsm/libbsm.h>
#include <err.h>
+#include <fnmatch.h>
#include <grp.h>
#include <pwd.h>
#include <stdio.h>
@@ -94,6 +95,7 @@ static int p_egid; /* Effective group id. */
static int p_rgid; /* Real group id. */
static int p_ruid; /* Real user id. */
static int p_subid; /* Subject id. */
+static const char *p_zone; /* Zone. */
/*
* Maintain a dynamically sized array of events for -m
@@ -114,6 +116,8 @@ static char *p_sockobj = NULL;
static uint32_t opttochk = 0;
+static int select_zone(const char *zone, uint32_t *optchkd);
+
static void
parse_regexp(char *re_string)
{
@@ -186,6 +190,7 @@ usage(const char *msg)
fprintf(stderr, "\t-r <uid|name> : real user\n");
fprintf(stderr, "\t-u <uid|name> : audit user\n");
fprintf(stderr, "\t-v : select non-matching records\n");
+ fprintf(stderr, "\t-z <zone> : zone name\n");
exit(EX_USAGE);
}
@@ -493,6 +498,21 @@ select_subj32(tokenstr_t tok, uint32_t *optchkd)
}
/*
+ * Check if the given zone matches the selection criteria.
+ */
+static int
+select_zone(const char *zone, uint32_t *optchkd)
+{
+
+ SETOPT((*optchkd), OPT_z);
+ if (ISOPTSET(opttochk, OPT_z) && p_zone != NULL) {
+ if (fnmatch(p_zone, zone, FNM_PATHNAME) != 0)
+ return (0);
+ }
+ return (1);
+}
+
+/*
* Read each record from the audit trail. Check if it is selected after
* passing through each of the options
*/
@@ -559,6 +579,10 @@ select_records(FILE *fp)
tok_hdr32_copy, &optchkd);
break;
+ case AUT_ZONENAME:
+ selected = select_zone(tok.tt.zonename.zonename, &optchkd);
+ break;
+
default:
break;
}
@@ -629,7 +653,7 @@ main(int argc, char **argv)
converr = NULL;
- while ((ch = getopt(argc, argv, "Aa:b:c:d:e:f:g:j:m:o:r:u:v")) != -1) {
+ while ((ch = getopt(argc, argv, "Aa:b:c:d:e:f:g:j:m:o:r:u:vz:")) != -1) {
switch(ch) {
case 'A':
SETOPT(opttochk, OPT_A);
@@ -783,6 +807,11 @@ main(int argc, char **argv)
SETOPT(opttochk, OPT_v);
break;
+ case 'z':
+ p_zone = optarg;
+ SETOPT(opttochk, OPT_z);
+ break;
+
case '?':
default:
usage("Unknown option");
diff --git a/bin/auditreduce/auditreduce.h b/bin/auditreduce/auditreduce.h
index 655b45d21779..43250ceb0797 100644
--- a/bin/auditreduce/auditreduce.h
+++ b/bin/auditreduce/auditreduce.h
@@ -57,6 +57,7 @@ struct re_entry {
#define OPT_u 0x00010000
#define OPT_A 0x00020000
#define OPT_v 0x00040000
+#define OPT_z 0x00080000
#define FILEOBJ "file"
#define MSGQIDOBJ "msgqid"