From owner-p4-projects@FreeBSD.ORG  Sun Jan 20 00:08:49 2008
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 5D2D616A475; Sun, 20 Jan 2008 00:08:49 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 06E5716A46B
	for <perforce@freebsd.org>; Sun, 20 Jan 2008 00:08:49 +0000 (UTC)
	(envelope-from csjp@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id E3A4413C4D5
	for <perforce@freebsd.org>; Sun, 20 Jan 2008 00:08:48 +0000 (UTC)
	(envelope-from csjp@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id m0K08mUs009543
	for <perforce@freebsd.org>; Sun, 20 Jan 2008 00:08:48 GMT
	(envelope-from csjp@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.14.1/8.14.1/Submit) id m0K08mOx009540
	for perforce@freebsd.org; Sun, 20 Jan 2008 00:08:48 GMT
	(envelope-from csjp@freebsd.org)
Date: Sun, 20 Jan 2008 00:08:48 GMT
Message-Id: <200801200008.m0K08mOx009540@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	csjp@freebsd.org using -f
From: "Christian S.J. Peron" <csjp@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 133695 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Jan 2008 00:08:49 -0000

http://perforce.freebsd.org/chv.cgi?CH=133695

Change 133695 by csjp@csjp_xor on 2008/01/20 00:08:27

	- Add option to auditreduce(1) which allows users to invert the sense
	  of matching.  If -v is specified, we will select records that do not
	  the specified criteria.
	- Document the option in auditreduce.1 man page.
	- Add a section to the HISTORY file.
	- Tweak a few documentation bugs in HISTORY, auditreduce should be
	  considered a general tool, not system maintenance procedure.
	  (auditreduce(8) -> auditreduce(1))
	
	Discussed with:	rwatson

Affected files ...

.. //depot/projects/trustedbsd/openbsm/HISTORY#60 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#15 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#21 edit
.. //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.h#6 edit

Differences ...

==== //depot/projects/trustedbsd/openbsm/HISTORY#60 (text+ko) ====

@@ -1,8 +1,11 @@
 OpenBSM 1.1 alpha 1
 
+- Add option to auditreduce(1) which allows users to invert sense of
+  matching, such that BSM records that do not match, are selected.
+
 OpenBSM 1.0
 
-- Fix bug in auditreduce(8) which resulted in a memory fault/crash when
+- Fix bug in auditreduce(1) which resulted in a memory fault/crash when
   the user specified an event name with -m.
 - Remove AU_.* hard-coded audit class constants, as udit classes are now
   entirely dynamically configured using /etc/security/audit_class.
@@ -15,7 +18,7 @@
 - Synchronized audit event list to Solaris, picking up the *at(2) system call
   definitions, now required for FreeBSD and Linux.  Added additional events
   for *at(2) system calls not present in Solaris.
-- Bugs in auditreduce(8) fixed allowing partial date strings to be used in
+- Bugs in auditreduce(1) fixed allowing partial date strings to be used in
   filtering events.
 
 OpenBSM 1.0 alpha 14
@@ -304,4 +307,4 @@
   to support reloading of kernel event table.
 - Allow comments in /etc/security configuration files.
 
-$P4: //depot/projects/trustedbsd/openbsm/HISTORY#59 $
+$P4: //depot/projects/trustedbsd/openbsm/HISTORY#60 $

==== //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#15 (text+ko) ====

@@ -25,7 +25,7 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#14 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#15 $
 .\"
 .Dd January 24, 2004
 .Dt AUDITREDUCE 1
@@ -48,6 +48,7 @@
 .Op Fl o Ar object Ns = Ns Ar value
 .Op Fl r Ar ruid
 .Op Fl u Ar auid
+.Op Fl v
 .Op Ar
 .Sh DESCRIPTION
 The
@@ -127,6 +128,8 @@
 Select records with the given real user ID or name.
 .It Fl u Ar auid
 Select records with the given audit ID.
+.It Fl v
+Invert sense of matching, to select records that do not match.
 .El
 .Sh EXAMPLES
 To select all records associated with effective user ID root from the audit

==== //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#21 (text+ko) ====

@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#20 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#21 $
  */
 
 /* 
@@ -346,7 +346,7 @@
 select_hdr32(tokenstr_t tok, uint32_t *optchkd)
 {
 
-	SETOPT((*optchkd), (OPT_A | OPT_a | OPT_b | OPT_c | OPT_m));
+	SETOPT((*optchkd), (OPT_A | OPT_a | OPT_b | OPT_c | OPT_m | OPT_v));
 
 	/* The A option overrides a, b and d. */
 	if (!ISOPTSET(opttochk, OPT_A)) {
@@ -476,6 +476,7 @@
 	int bytesread;
 	int selected;
 	uint32_t optchkd;
+	int print;
 
 	int err = 0;
 	while ((reclen = au_read_rec(fp, &buf)) != -1) {
@@ -556,14 +557,12 @@
 			}
 			bytesread += tok.len;
 		}
-		if ((selected == 1) && (!err)) {
-			/* Check if all the options were matched. */
-			if (!(opttochk & ~optchkd)) {
-				/* XXX Write this record to the output file. */
-				/* default to stdout */
-				fwrite(buf, 1, reclen, stdout);
-			}
-		}
+		/* Check if all the options were matched. */
+		print = ((selected == 1) && (!err) && (!(opttochk & ~optchkd)));
+		if (ISOPTSET(opttochk, OPT_v))
+			print = !print;
+		if (print)
+			(void) fwrite(buf, 1, reclen, stdout);
 		free(buf);
 	}
 	return (0);
@@ -618,7 +617,7 @@
 
 	converr = NULL;
 
-	while ((ch = getopt(argc, argv, "Aa:b:c:d:e:f:g:j:m:o:r:u:")) != -1) {
+	while ((ch = getopt(argc, argv, "Aa:b:c:d:e:f:g:j:m:o:r:u:v")) != -1) {
 		switch(ch) {
 		case 'A':
 			SETOPT(opttochk, OPT_A);
@@ -755,6 +754,10 @@
 			SETOPT(opttochk, OPT_u);
 			break;
 
+		case 'v':
+			SETOPT(opttochk, OPT_v);
+			break;
+
 		case '?':
 		default:
 			usage("Unknown option");

==== //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.h#6 (text+ko) ====

@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.h#5 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.h#6 $
  */
 
 #ifndef _AUDITREDUCE_H_
@@ -58,6 +58,7 @@
 #define OPT_r	0x00008000
 #define OPT_u	0x00010000
 #define OPT_A	0x00020000
+#define OPT_v	0x00040000
 
 #define FILEOBJ "file"
 #define MSGQIDOBJ "msgqid"