Date: Mon, 16 Jun 2008 01:05:38 GMT From: Vincenzo Iozzo <snagg@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 143560 for review Message-ID: <200806160105.m5G15cxu023248@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=143560 Change 143560 by snagg@snagg_macosx on 2008/06/16 01:04:51 Some functionalities for the testing framework Affected files ... .. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/audit_pipe_regression_test_utils.c#2 edit .. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/audit_pipe_regression_test_utils.h#1 add Differences ... ==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/audit_pipe_regression_test_utils.c#2 (text+ko) ==== @@ -1,64 +1,47 @@ -/*- - * Copyright (c) 2008 Vincenzo Iozzo <snagg@FreeBSD.org> - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - */ +#include "audit_pipe_regression_test_utils.h" -#include <sys/types.h> -#include <sys/ioctl.h> -#include <sys/wait.h> -#include <sys/ipc.h> -#include <sys/shm.h> +struct audit_record *del_record_au(struct audit_record *head, int index) +{ + struct audit_record *tmp; + struct audit_record *p; + + tmp = head; + if(tmp == NULL) + return NULL; + for(; tmp->next != NULL; tmp = tmp->next) + { + if(tmp->next->index == index) { + p = tmp->next; + tmp->next = tmp->next->next; + free(p); + return head; + } + } + + return NULL; +} + +struct audit_record +*add_field_au(struct audit_record *head, struct audit_record *new) +{ + struct audit_record *tmp; + + tmp = head; + if(tmp == NULL) { + new->next = NULL; + return new; + } + + for(; tmp->next != NULL;tmp = tmp->next); + + new->index = tmp->index +1; + tmp->next= new; + new->next = NULL; + + return head; +} -#include <bsm/libbsm.h> -#include <bsm/audit.h> - -#include <security/audit/audit_ioctl.h> - -#include <err.h> -#include <fcntl.h> -#include <poll.h> -#include <errno.h> -#include <unistd.h> -#include <stdlib.h> -#include <semaphore.h> -#include <string.h> - -#define AUDIT_BUFFER_LEN 65536 -#define SHMSZ 512 -char SEM_NAME[]= "/audit-test"; -char SEM_CLIENT_NAME[]="/client"; -sem_t *mutex, *mutex_client; -char *shm; -int shmid; - -enum TYPES{ - INT_TYPE, - STRING_TYPE, - CHAR_TYPE -}; - + void init_channel() { key_t key; @@ -194,30 +177,55 @@ /* * We fetch every token from auditpipe and eventually dump them to a file + * Modified version of praudit function. */ -tokenstr_t -audit_print_record(char *buffer, int buflen, FILE *st) +struct audit_record +*audit_print_record(FILE *st, FILE *in) { + u_char *buf; tokenstr_t tok; + int reclen; + int bytesread; + int count; + u_char type; + struct audit_record *rec; - while (buflen > 0) { + type = 0; + count = 0; + rec = malloc(sizeof(struct audit_record)); + if(rec == NULL) + err(-1, "MALLOC"); + + /* Record must begin with a header token. */ + do { + type = fgetc(in); + } while(type != AU_HEADER_32_TOKEN); + ungetc(type, in); - /* XXX: Is this an incomplete record? */ - if (au_fetch_tok(&tok, buffer, buflen) == -1) - break; - au_print_tok_xml(st, &tok, ",", 0, 0); - buflen -= tok.len; - buffer += tok.len; - fprintf(st, "\n"); + while ((reclen = au_read_rec(in, &buf)) != -1) { + bytesread = 0; + while (bytesread < reclen) { + + /* Is this an incomplete record? */ + if (-1 == au_fetch_tok(&tok, buf + bytesread, + reclen - bytesread)) + break; + rec->toks[count] = tok; + rec->count = count; + au_print_tok_xml(st, &tok, ",", 0, 0); + fprintf(st, "\n"); + bytesread += tok.len; + } + free(buf); + fflush(st); } - fflush(st); - return tok; + return rec; } /* * Init log file for evaluation */ -FILE *f init_log(pid_t pid) +FILE *init_log(pid_t pid) { FILE *f; char path[512]; @@ -231,6 +239,33 @@ return f; } +void report_error(tokenstr_t tok, struct audit_record *rec, FILE *f) +{ + int i; + + if(rec == NULL) + return; + for(i = 0; i <= rec->count; i++) { + au_print_tok_xml(f, &(rec->toks[i]), ",", 0, 0); + fprintf(f, "\n"); + } + fprintf(f, "ERROR:***"); + au_print_tok_xml(f, &tok, ",", 0, 0); + fprintf(f, "\n"); +} + +/* + * Check the return value of a bsm-token + */ +int check_ret(au_exit_t ret, int r, char *val) +{ + if(ret.ret == r) + //if(!strncmp(ret.status, val, strlen(ret.status) > strlen(val)? + // strlen(ret.status): strlen(val))) + return 1; + return 0; +} + /* * Check the path field of a bsm-token */ @@ -238,5 +273,51 @@ { if(!path.len) return -1; - return strncmp(path.path, val, path.len); -} + + if(!strncmp(path.path, val, path.len > strlen(val)? path.len: strlen(val))) + return 1; + + return 0; +} + +/* + * Check the arg field of a bsm-token + */ +int check_arg(au_arg32_t arg, long val) +{ + if(!arg.len) + return -1; + + if(arg.val == val) + return 1; + + return 0; +} + +/* + * Check the pid and privilege of a bsm-token + */ +int check_priv(au_proc32ex_t priv, pid_t pid) +{ + if(priv.pid == pid && priv.euid == geteuid() && priv.ruid == getuid() && + priv.rgid == getgid() && priv.egid == getegid()) + return 1; + + return 0; +} + +/* + * Check attributes of fd from a bsm-token + */ +int check_fd(au_attr32_t attr, int fd) +{ + struct stat s; + + if(fstat(fd, &s) == -1) + return -1; + if(attr.mode == s.st_mode && attr.uid == s.st_uid && attr.gid == s.st_gid && + attr.nid == s.st_ino && attr.dev == s.st_dev) + return 1; + + return 0; +}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200806160105.m5G15cxu023248>