Date: Thu, 19 Oct 2006 07:21:14 -0700 (PDT) From: Martin Voros <martin_voros@yahoo.com> To: trustedbsd-audit@FreeBSD.org Subject: praudit - xml output patches Message-ID: <20061019142114.30659.qmail@web55515.mail.re4.yahoo.com>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Hi all,
finally I found some time and prepared patches which add XML output for OpenBSM praudit utility and improve audit.log.5 manual page. I made these patches against OpenBSM 1.0 alpha 12 release. Unfortunately, I can't test 64 bits tokens and also I couldn't test some other tokens so I call for testing. Of course all comments and suggestions are welcome. I also added some token descriptions to audit.log.5 manual page.
Instructions:
# cd DIR_WITH_OBSM_alpha12
# patch < xml.patch
# patch < doc.patch
Best regards
MV
---------------------------------
Get your email and more, right on the new Yahoo.com
[-- Attachment #2 --]
Index: bin/praudit/praudit.c
===================================================================
--- bin/praudit/praudit.c Sat Sep 2 10:45:59 2006
+++ bin/praudit/praudit.c Wed Oct 11 15:50:21 2006
@@ -34,7 +34,7 @@
*/
/*
- * praudit [-lrs] [-ddel] [filenames]
+ * praudit [-lrsx] [-ddel] [filenames]
*/
#include <bsm/libbsm.h>
@@ -51,12 +51,13 @@
static int raw = 0;
static int shortfrm = 0;
static int partial = 0;
+static int xml = 0;
static void
usage()
{
- fprintf(stderr, "Usage: praudit [-lrs] [-ddel] [filenames]\n");
+ fprintf(stderr, "Usage: praudit [-lrsx] [-ddel] [filenames]\n");
exit(1);
}
@@ -88,7 +89,7 @@
if (-1 == au_fetch_tok(&tok, buf + bytesread,
reclen - bytesread))
break;
- au_print_tok(stdout, &tok, del, raw, shortfrm);
+ au_print_tok(stdout, &tok, del, raw, shortfrm, xml);
bytesread += tok.len;
if (oneline)
printf("%s", del);
@@ -109,7 +110,7 @@
int i;
FILE *fp;
- while ((ch = getopt(argc, argv, "lprsd:")) != -1) {
+ while ((ch = getopt(argc, argv, "lprsxd:")) != -1) {
switch(ch) {
case 'l':
oneline = 1;
@@ -127,6 +128,10 @@
shortfrm = 1;
break;
+ case 'x':
+ xml = 1;
+ break;
+
case 'd':
del = optarg;
break;
@@ -141,6 +146,9 @@
}
}
+ if (xml)
+ print_xml_header(stdout);
+
/* For each of the files passed as arguments dump the contents. */
if (optind == argc) {
print_tokens(stdin);
@@ -153,5 +161,9 @@
if (fp != NULL)
fclose(fp);
}
+
+ if (xml)
+ print_xml_footer(stdout);
+
return (1);
}
Index: bsm/libbsm.h
===================================================================
--- bsm/libbsm.h Tue Oct 3 11:28:31 2006
+++ bsm/libbsm.h Wed Oct 11 15:48:53 2006
@@ -770,7 +770,13 @@
int au_fetch_tok(tokenstr_t *tok, u_char *buf, int len);
//XXX The following interface has different prototype from BSM
void au_print_tok(FILE *outfp, tokenstr_t *tok,
- char *del, char raw, char sfrm);
+ char *del, char raw, char sfrm, char xml);
+
+/*
+ * Functoins relating to XML output
+ */
+void print_xml_header(FILE *outfp);
+void print_xml_footer(FILE *outfp);
__END_DECLS
/*
Index: libbsm/bsm_io.c
===================================================================
--- libbsm/bsm_io.c Tue Oct 3 11:28:35 2006
+++ libbsm/bsm_io.c Wed Oct 11 16:01:56 2006
@@ -207,16 +207,334 @@
}
/*
+ * Prints the beggining of attribute.
+ */
+static void
+open_attr(FILE *fp, u_char *str)
+{
+
+ fprintf(fp,"%s=\"", str);
+}
+
+/*
+ * Prints the end of attribute.
+ */
+static void
+close_attr(FILE *fp)
+{
+
+ fprintf(fp,"\" ");
+}
+
+/*
+ * Prints the end of tag.
+ */
+static void
+close_tag(FILE *fp, u_char type)
+{
+
+ switch(type) {
+ case AUT_HEADER32:
+ fprintf(fp, ">");
+ break;
+
+ case AUT_HEADER32_EX:
+ fprintf(fp, ">");
+ break;
+
+ case AUT_HEADER64:
+ fprintf(fp, ">");
+ break;
+
+ case AUT_HEADER64_EX:
+ fprintf(fp, ">");
+ break;
+
+ case AUT_ARG32:
+ fprintf(fp, "/>");
+ break;
+
+ case AUT_ARG64:
+ fprintf(fp, "/>");
+ break;
+
+ case AUT_ATTR32:
+ fprintf(fp, "/>");
+ break;
+
+ case AUT_ATTR64:
+ fprintf(fp, "/>");
+ break;
+
+ case AUT_EXIT:
+ fprintf(fp, "/>");
+ break;
+
+ case AUT_EXEC_ARGS:
+ fprintf(fp, "</exec_args>");
+ break;
+
+ case AUT_EXEC_ENV:
+ fprintf(fp, "</exec_env>");
+ break;
+
+ case AUT_OTHER_FILE32:
+ fprintf(fp, "</file>");
+ break;
+
+ case AUT_NEWGROUPS:
+ fprintf(fp, "</group>");
+ break;
+
+ case AUT_IN_ADDR:
+ fprintf(fp, "</ip_address>");
+ break;
+
+ case AUT_IN_ADDR_EX:
+ fprintf(fp, "</ip_address>");
+ break;
+
+ case AUT_IP:
+ fprintf(fp, "/>");
+ break;
+
+ case AUT_IPC:
+ fprintf(fp, "/>");
+ break;
+
+ case AUT_IPC_PERM:
+ fprintf(fp, "/>");
+ break;
+
+ case AUT_IPORT:
+ fprintf(fp, "</ip_port>");
+ break;
+
+ case AUT_OPAQUE:
+ fprintf(fp, "</opaque>");
+ break;
+
+ case AUT_PATH:
+ fprintf(fp, "</path>");
+ break;
+
+ case AUT_PROCESS32:
+ fprintf(fp, "/>");
+ break;
+
+ case AUT_PROCESS32_EX:
+ fprintf(fp, "/>");
+ break;
+
+ case AUT_RETURN32:
+ fprintf(fp, "/>");
+ break;
+
+ case AUT_RETURN64:
+ fprintf(fp, "/>");
+ break;
+
+ case AUT_SEQ:
+ fprintf(fp, "/>");
+ break;
+
+ case AUT_SOCKET:
+ fprintf(fp, "/>");
+ break;
+
+ case AUT_SOCKINET32:
+ fprintf(fp, "/>");
+ break;
+
+ case AUT_SOCKUNIX:
+ fprintf(fp, "/>");
+ break;
+
+ case AUT_SUBJECT32:
+ fprintf(fp, "/>");
+ break;
+
+ case AUT_SUBJECT64:
+ fprintf(fp, "/>");
+ break;
+
+ case AUT_SUBJECT32_EX:
+ fprintf(fp, "/>");
+ break;
+
+ case AUT_TEXT:
+ fprintf(fp, "</text>");
+ break;
+
+ case AUT_SOCKET_EX:
+ fprintf(fp, "/>");
+ break;
+
+ case AUT_DATA:
+ fprintf(fp, "</arbitrary>");
+ break;
+ }
+}
+
+/*
* Prints the token type in either the raw or the default form.
*/
static void
-print_tok_type(FILE *fp, u_char type, const char *tokname, char raw)
+print_tok_type(FILE *fp, u_char type, const char *tokname, char raw, char xml)
{
- if (raw)
- fprintf(fp, "%u", type);
- else
- fprintf(fp, "%s", tokname);
+ if (xml) {
+ switch(type) {
+ case AUT_HEADER32:
+ fprintf(fp, "<record ");
+ break;
+
+ case AUT_HEADER32_EX:
+ fprintf(fp, "<record ");
+ break;
+
+ case AUT_HEADER64:
+ fprintf(fp, "<record ");
+ break;
+
+ case AUT_HEADER64_EX:
+ fprintf(fp, "<record ");
+ break;
+
+ case AUT_TRAILER:
+ fprintf(fp, "</record>");
+ break;
+
+ case AUT_ARG32:
+ fprintf(fp, "<argument ");
+ break;
+
+ case AUT_ARG64:
+ fprintf(fp, "<argument ");
+ break;
+
+ case AUT_ATTR32:
+ fprintf(fp, "<attribute ");
+ break;
+
+ case AUT_ATTR64:
+ fprintf(fp, "<attribute ");
+ break;
+
+ case AUT_EXIT:
+ fprintf(fp, "<exit ");
+ break;
+
+ case AUT_EXEC_ARGS:
+ fprintf(fp, "<exec_args>");
+ break;
+
+ case AUT_EXEC_ENV:
+ fprintf(fp, "<exec_env>");
+ break;
+
+ case AUT_OTHER_FILE32:
+ fprintf(fp, "<file ");
+ break;
+
+ case AUT_NEWGROUPS:
+ fprintf(fp, "<group>");
+ break;
+
+ case AUT_IN_ADDR:
+ fprintf(fp, "<ip_address>");
+ break;
+
+ case AUT_IN_ADDR_EX:
+ fprintf(fp, "<ip_address>");
+ break;
+
+ case AUT_IP:
+ fprintf(fp, "<ip ");
+ break;
+
+ case AUT_IPC:
+ fprintf(fp, "<IPC");
+ break;
+
+ case AUT_IPC_PERM:
+ fprintf(fp, "<IPC_perm ");
+ break;
+
+ case AUT_IPORT:
+ fprintf(fp, "<ip_port>");
+ break;
+
+ case AUT_OPAQUE:
+ fprintf(fp, "<opaque>");
+ break;
+
+ case AUT_PATH:
+ fprintf(fp, "<path>");
+ break;
+
+ case AUT_PROCESS32:
+ fprintf(fp, "<process ");
+ break;
+
+ case AUT_PROCESS32_EX:
+ fprintf(fp, "<process ");
+ break;
+
+ case AUT_RETURN32:
+ fprintf(fp, "<return ");
+ break;
+
+ case AUT_RETURN64:
+ fprintf(fp, "<return ");
+ break;
+
+ case AUT_SEQ:
+ fprintf(fp, "<sequence ");
+ break;
+
+ case AUT_SOCKET:
+ fprintf(fp, "<socket ");
+ break;
+
+ case AUT_SOCKINET32:
+ fprintf(fp, "<old_socket");
+ break;
+
+ case AUT_SOCKUNIX:
+ fprintf(fp, "<old_socket");
+ break;
+
+ case AUT_SUBJECT32:
+ fprintf(fp, "<subject ");
+ break;
+
+ case AUT_SUBJECT64:
+ fprintf(fp, "<subject ");
+ break;
+
+ case AUT_SUBJECT32_EX:
+ fprintf(fp, "<subject ");
+ break;
+
+ case AUT_TEXT:
+ fprintf(fp, "<text>");
+ break;
+
+ case AUT_SOCKET_EX:
+ fprintf(fp, "<socket ");
+ break;
+
+ case AUT_DATA:
+ fprintf(fp, "<arbitrary ");
+ break;
+ }
+ } else {
+ if (raw)
+ fprintf(fp, "%u", type);
+ else
+ fprintf(fp, "%s", tokname);
+ }
}
/*
@@ -455,6 +773,27 @@
}
/*
+ * Print XML header
+ */
+void
+print_xml_header(FILE *outfp)
+{
+
+ fprintf(outfp, "<?xml version='1.0' ?>\n");
+ fprintf(outfp, "<audit>\n");
+}
+
+/*
+ * Print XML footer
+ */
+void
+print_xml_footer(FILE *outfp)
+{
+
+ fprintf(outfp, "</audit>\n");
+}
+
+/*
* record byte count 4 bytes
* version # 1 byte [2]
* event type 2 bytes
@@ -495,22 +834,41 @@
}
static void
-print_header32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, char sfrm)
+print_header32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "header", raw);
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.hdr32.size, "%u");
- print_delim(fp, del);
- print_1_byte(fp, tok->tt.hdr32.version, "%u");
- print_delim(fp, del);
- print_event(fp, tok->tt.hdr32.e_type, raw, sfrm);
- print_delim(fp, del);
- print_evmod(fp, tok->tt.hdr32.e_mod, raw);
- print_delim(fp, del);
- print_sec32(fp, tok->tt.hdr32.s, raw);
- print_delim(fp, del);
- print_msec32(fp, tok->tt.hdr32.ms, raw);
+ print_tok_type(fp, tok->id, "header", raw, xml);
+ if (xml) {
+ open_attr(fp, "version");
+ print_1_byte(fp, tok->tt.hdr32.version, "%u");
+ close_attr(fp);
+ open_attr(fp, "event");
+ print_event(fp, tok->tt.hdr32.e_type, raw, sfrm);
+ close_attr(fp);
+ open_attr(fp, "modifier");
+ print_evmod(fp, tok->tt.hdr32.e_mod, raw);
+ close_attr(fp);
+ open_attr(fp, "time");
+ print_sec32(fp, tok->tt.hdr32.s, raw);
+ close_attr(fp);
+ open_attr(fp, "msec");
+ print_msec32(fp, tok->tt.hdr32.ms, 1);
+ close_attr(fp);
+ close_tag(fp,tok->id);
+ } else {
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.hdr32.size, "%u");
+ print_delim(fp, del);
+ print_1_byte(fp, tok->tt.hdr32.version, "%u");
+ print_delim(fp, del);
+ print_event(fp, tok->tt.hdr32.e_type, raw, sfrm);
+ print_delim(fp, del);
+ print_evmod(fp, tok->tt.hdr32.e_mod, raw);
+ print_delim(fp, del);
+ print_sec32(fp, tok->tt.hdr32.s, raw);
+ print_delim(fp, del);
+ print_msec32(fp, tok->tt.hdr32.ms, raw);
+ }
}
/*
@@ -584,25 +942,48 @@
static void
print_header32_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- char sfrm)
+ char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "header_ex", raw);
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.hdr32_ex.size, "%u");
- print_delim(fp, del);
- print_1_byte(fp, tok->tt.hdr32_ex.version, "%u");
- print_delim(fp, del);
- print_event(fp, tok->tt.hdr32_ex.e_type, raw, sfrm);
- print_delim(fp, del);
- print_evmod(fp, tok->tt.hdr32_ex.e_mod, raw);
- print_delim(fp, del);
- print_ip_ex_address(fp, tok->tt.hdr32_ex.ad_type,
- tok->tt.hdr32_ex.addr);
- print_delim(fp, del);
- print_sec32(fp, tok->tt.hdr32_ex.s, raw);
- print_delim(fp, del);
- print_msec32(fp, tok->tt.hdr32_ex.ms, raw);
+ print_tok_type(fp, tok->id, "header_ex", raw, xml);
+ if (xml) {
+ open_attr(fp, "version");
+ print_1_byte(fp, tok->tt.hdr32_ex.version, "%u");
+ close_attr(fp);
+ open_attr(fp, "event");
+ print_event(fp, tok->tt.hdr32_ex.e_type, raw, sfrm);
+ close_attr(fp);
+ open_attr(fp, "modifier");
+ print_evmod(fp, tok->tt.hdr32_ex.e_mod, raw);
+ close_attr(fp);
+/* No attribut for add. type
+ print_ip_ex_address(fp, tok->tt.hdr32_ex.ad_type,
+ tok->tt.hdr32_ex.addr);
+*/
+ open_attr(fp, "time");
+ print_sec32(fp, tok->tt.hdr32_ex.s, raw);
+ close_attr(fp);
+ open_attr(fp, "msec");
+ print_msec32(fp, tok->tt.hdr32_ex.ms, raw);
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.hdr32_ex.size, "%u");
+ print_delim(fp, del);
+ print_1_byte(fp, tok->tt.hdr32_ex.version, "%u");
+ print_delim(fp, del);
+ print_event(fp, tok->tt.hdr32_ex.e_type, raw, sfrm);
+ print_delim(fp, del);
+ print_evmod(fp, tok->tt.hdr32_ex.e_mod, raw);
+ print_delim(fp, del);
+ print_ip_ex_address(fp, tok->tt.hdr32_ex.ad_type,
+ tok->tt.hdr32_ex.addr);
+ print_delim(fp, del);
+ print_sec32(fp, tok->tt.hdr32_ex.s, raw);
+ print_delim(fp, del);
+ print_msec32(fp, tok->tt.hdr32_ex.ms, raw);
+ }
}
/*
@@ -646,22 +1027,43 @@
}
static void
-print_header64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, char sfrm)
+print_header64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, char sfrm, char xml)
{
+
+ print_tok_type(fp, tok->id, "header", raw, xml);
+ if (xml) {
+ open_attr(fp, "version");
+ print_1_byte(fp, tok->tt.hdr64.version, "%u");
+ close_attr(fp);
+ open_attr(fp, "event");
+ print_event(fp, tok->tt.hdr64.e_type, raw, sfrm);
+ close_attr(fp);
+ open_attr(fp, "modifier");
+ print_evmod(fp, tok->tt.hdr64.e_mod, raw);
+ close_attr(fp);
+ open_attr(fp, "time");
+ print_sec64(fp, tok->tt.hdr64.s, raw);
+ close_attr(fp);
+ open_attr(fp, "msec");
+ print_msec64(fp, tok->tt.hdr64.ms, raw);
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.hdr64.size, "%u");
+ print_delim(fp, del);
+ print_1_byte(fp, tok->tt.hdr64.version, "%u");
+ print_delim(fp, del);
+ print_event(fp, tok->tt.hdr64.e_type, raw, sfrm);
+ print_delim(fp, del);
+ print_evmod(fp, tok->tt.hdr64.e_mod, raw);
+ print_delim(fp, del);
+ print_sec64(fp, tok->tt.hdr64.s, raw);
+ print_delim(fp, del);
+ print_msec64(fp, tok->tt.hdr64.ms, raw);
+ }
+
- print_tok_type(fp, tok->id, "header", raw);
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.hdr64.size, "%u");
- print_delim(fp, del);
- print_1_byte(fp, tok->tt.hdr64.version, "%u");
- print_delim(fp, del);
- print_event(fp, tok->tt.hdr64.e_type, raw, sfrm);
- print_delim(fp, del);
- print_evmod(fp, tok->tt.hdr64.e_mod, raw);
- print_delim(fp, del);
- print_sec64(fp, tok->tt.hdr64.s, raw);
- print_delim(fp, del);
- print_msec64(fp, tok->tt.hdr64.ms, raw);
}
/*
* record byte count 4 bytes
@@ -729,25 +1131,48 @@
}
static void
-print_header64_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, char sfrm)
+print_header64_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "header_ex", raw);
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.hdr64_ex.size, "%u");
- print_delim(fp, del);
- print_1_byte(fp, tok->tt.hdr64_ex.version, "%u");
- print_delim(fp, del);
- print_event(fp, tok->tt.hdr64_ex.e_type, raw, sfrm);
- print_delim(fp, del);
- print_evmod(fp, tok->tt.hdr64_ex.e_mod, raw);
- print_delim(fp, del);
- print_ip_ex_address(fp, tok->tt.hdr64_ex.ad_type,
- tok->tt.hdr64_ex.addr);
- print_delim(fp, del);
- print_sec64(fp, tok->tt.hdr64_ex.s, raw);
- print_delim(fp, del);
- print_msec64(fp, tok->tt.hdr64_ex.ms, raw);
+ print_tok_type(fp, tok->id, "header_ex", raw, xml);
+ if (xml) {
+ open_attr(fp, "version");
+ print_1_byte(fp, tok->tt.hdr64_ex.version, "%u");
+ close_attr(fp);
+ open_attr(fp, "event");
+ print_event(fp, tok->tt.hdr64_ex.e_type, raw, sfrm);
+ close_attr(fp);
+ open_attr(fp, "modifier");
+ print_evmod(fp, tok->tt.hdr64_ex.e_mod, raw);
+ close_attr(fp);
+/* No attribute for add. type
+ print_ip_ex_address(fp, tok->tt.hdr64_ex.ad_type,
+ tok->tt.hdr64_ex.addr);
+*/
+ open_attr(fp, "time");
+ print_sec64(fp, tok->tt.hdr64_ex.s, raw);
+ close_attr(fp);
+ open_attr(fp, "msec");
+ print_msec64(fp, tok->tt.hdr64_ex.ms, raw);
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.hdr64_ex.size, "%u");
+ print_delim(fp, del);
+ print_1_byte(fp, tok->tt.hdr64_ex.version, "%u");
+ print_delim(fp, del);
+ print_event(fp, tok->tt.hdr64_ex.e_type, raw, sfrm);
+ print_delim(fp, del);
+ print_evmod(fp, tok->tt.hdr64_ex.e_mod, raw);
+ print_delim(fp, del);
+ print_ip_ex_address(fp, tok->tt.hdr64_ex.ad_type,
+ tok->tt.hdr64_ex.addr);
+ print_delim(fp, del);
+ print_sec64(fp, tok->tt.hdr64_ex.s, raw);
+ print_delim(fp, del);
+ print_msec64(fp, tok->tt.hdr64_ex.ms, raw);
+ }
}
/*
@@ -772,12 +1197,14 @@
static void
print_trailer_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "trailer", raw);
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.trail.count, "%u");
+ print_tok_type(fp, tok->id, "trailer", raw, xml);
+ if (!xml) {
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.trail.count, "%u");
+ }
}
/*
@@ -813,16 +1240,28 @@
static void
print_arg32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "argument", raw);
- print_delim(fp, del);
- print_1_byte(fp, tok->tt.arg32.no, "%u");
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.arg32.val, "0x%x");
- print_delim(fp, del);
- print_string(fp, tok->tt.arg32.text, tok->tt.arg32.len);
+ print_tok_type(fp, tok->id, "argument", raw, xml);
+ if (xml) {
+ open_attr(fp, "arg-num");
+ print_1_byte(fp, tok->tt.arg32.no, "%u");
+ close_attr(fp);
+ open_attr(fp, "value");
+ print_4_bytes(fp, tok->tt.arg32.val, "0x%x");
+ close_attr(fp);
+ open_attr(fp, "desc");
+ print_string(fp, tok->tt.arg32.text, tok->tt.arg32.len);
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_1_byte(fp, tok->tt.arg32.no, "%u");
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.arg32.val, "0x%x");
+ print_delim(fp, del);
+ }
}
static int
@@ -852,16 +1291,29 @@
static void
print_arg64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "argument", raw);
- print_delim(fp, del);
- print_1_byte(fp, tok->tt.arg64.no, "%u");
- print_delim(fp, del);
- print_8_bytes(fp, tok->tt.arg64.val, "0x%llx");
- print_delim(fp, del);
- print_string(fp, tok->tt.arg64.text, tok->tt.arg64.len);
+ print_tok_type(fp, tok->id, "argument", raw, xml);
+ if (xml) {
+ open_attr(fp, "arg-num");
+ print_1_byte(fp, tok->tt.arg64.no, "%u");
+ close_attr(fp);
+ open_attr(fp, "value");
+ print_8_bytes(fp, tok->tt.arg64.val, "0x%llx");
+ close_attr(fp);
+ open_attr(fp, "desc");
+ print_string(fp, tok->tt.arg64.text, tok->tt.arg64.len);
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_1_byte(fp, tok->tt.arg64.no, "%u");
+ print_delim(fp, del);
+ print_8_bytes(fp, tok->tt.arg64.val, "0x%llx");
+ print_delim(fp, del);
+ print_string(fp, tok->tt.arg64.text, tok->tt.arg64.len);
+ }
}
/*
@@ -924,15 +1376,16 @@
static void
print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
char *str;
char *format;
size_t size;
int i;
- print_tok_type(fp, tok->id, "arbitrary", raw);
- print_delim(fp, del);
+ print_tok_type(fp, tok->id, "arbitrary", raw, xml);
+ if (!xml)
+ print_delim(fp, del);
switch(tok->tt.arb.howtopr) {
case AUP_BINARY:
@@ -964,56 +1417,117 @@
return;
}
- print_string(fp, str, strlen(str));
- print_delim(fp, del);
+ if (xml) {
+ open_attr(fp, "print");
+ fprintf(fp, "%s",str);
+ close_attr(fp);
+ } else {
+ print_string(fp, str, strlen(str));
+ print_delim(fp, del);
+ }
switch(tok->tt.arb.bu) {
case AUR_BYTE:
/* case AUR_CHAR: */
str = "byte";
size = AUR_BYTE_SIZE;
- print_string(fp, str, strlen(str));
- print_delim(fp, del);
- print_1_byte(fp, tok->tt.arb.uc, "%u");
- print_delim(fp, del);
- for (i = 0; i<tok->tt.arb.uc; i++)
- fprintf(fp, format, *(tok->tt.arb.data + (size * i)));
+ if (xml) {
+ open_attr(fp, "type");
+ fprintf(fp, "%u", size);
+ close_attr(fp);
+ open_attr(fp, "count");
+ print_1_byte(fp, tok->tt.arb.uc, "%u");
+ close_attr(fp);
+ fprintf(fp, ">");
+ for (i = 0; i<tok->tt.arb.uc; i++)
+ fprintf(fp, format, *(tok->tt.arb.data + (size * i)));
+ close_tag(fp, tok->id);
+ } else {
+ print_string(fp, str, strlen(str));
+ print_delim(fp, del);
+ print_1_byte(fp, tok->tt.arb.uc, "%u");
+ print_delim(fp, del);
+ for (i = 0; i<tok->tt.arb.uc; i++)
+ fprintf(fp, format, *(tok->tt.arb.data + (size * i)));
+ }
break;
case AUR_SHORT:
str = "short";
size = AUR_SHORT_SIZE;
- print_string(fp, str, strlen(str));
- print_delim(fp, del);
- print_1_byte(fp, tok->tt.arb.uc, "%u");
- print_delim(fp, del);
- for (i = 0; i < tok->tt.arb.uc; i++)
- fprintf(fp, format, *((u_int16_t *)(tok->tt.arb.data +
- (size * i))));
+ if (xml) {
+ open_attr(fp, "type");
+ fprintf(fp, "%u", size);
+ close_attr(fp);
+ open_attr(fp, "count");
+ print_1_byte(fp, tok->tt.arb.uc, "%u");
+ close_attr(fp);
+ fprintf(fp, ">");
+ for (i = 0; i < tok->tt.arb.uc; i++)
+ fprintf(fp, format, *((u_int16_t *)(tok->tt.arb.data +
+ (size * i))));
+ close_tag(fp, tok->id);
+ } else {
+ print_string(fp, str, strlen(str));
+ print_delim(fp, del);
+ print_1_byte(fp, tok->tt.arb.uc, "%u");
+ print_delim(fp, del);
+ for (i = 0; i < tok->tt.arb.uc; i++)
+ fprintf(fp, format, *((u_int16_t *)(tok->tt.arb.data +
+ (size * i))));
+ }
break;
case AUR_INT32:
/* case AUR_INT: */
str = "int";
size = AUR_INT32_SIZE;
- print_string(fp, str, strlen(str));
- print_delim(fp, del);
- print_1_byte(fp, tok->tt.arb.uc, "%u");
- print_delim(fp, del);
- for (i = 0; i < tok->tt.arb.uc; i++)
- fprintf(fp, format, *((u_int32_t *)(tok->tt.arb.data +
- (size * i))));
+ if (xml) {
+ open_attr(fp, "type");
+ fprintf(fp, "%u", size);
+ close_attr(fp);
+ open_attr(fp, "count");
+ print_1_byte(fp, tok->tt.arb.uc, "%u");
+ close_attr(fp);
+ fprintf(fp, ">");
+ for (i = 0; i < tok->tt.arb.uc; i++)
+ fprintf(fp, format, *((u_int32_t *)(tok->tt.arb.data +
+ (size * i))));
+ close_tag(fp, tok->id);
+ } else {
+ print_string(fp, str, strlen(str));
+ print_delim(fp, del);
+ print_1_byte(fp, tok->tt.arb.uc, "%u");
+ print_delim(fp, del);
+ for (i = 0; i < tok->tt.arb.uc; i++)
+ fprintf(fp, format, *((u_int32_t *)(tok->tt.arb.data +
+ (size * i))));
+ }
break;
case AUR_INT64:
str = "int64";
size = AUR_INT64_SIZE;
- print_string(fp, str, strlen(str));
- print_delim(fp, del);
- print_1_byte(fp, tok->tt.arb.uc, "%u");
- print_delim(fp, del);
- for (i = 0; i < tok->tt.arb.uc; i++)
- fprintf(fp, format, *((u_int64_t *)(tok->tt.arb.data +
- (size * i))));
+ if (xml) {
+ open_attr(fp, "type");
+ fprintf(fp, "%u", size);
+ close_attr(fp);
+ open_attr(fp, "count");
+ print_1_byte(fp, tok->tt.arb.uc, "%u");
+ close_attr(fp);
+ fprintf(fp, ">");
+ for (i = 0; i < tok->tt.arb.uc; i++)
+ fprintf(fp, format, *((u_int64_t *)(tok->tt.arb.data +
+ (size * i))));
+ close_tag(fp, tok->id);
+ } else {
+ print_string(fp, str, strlen(str));
+ print_delim(fp, del);
+ print_1_byte(fp, tok->tt.arb.uc, "%u");
+ print_delim(fp, del);
+ for (i = 0; i < tok->tt.arb.uc; i++)
+ fprintf(fp, format, *((u_int64_t *)(tok->tt.arb.data +
+ (size * i))));
+ }
break;
default:
@@ -1063,22 +1577,44 @@
static void
print_attr32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "attribute", raw);
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.attr32.mode, "%o");
- print_delim(fp, del);
- print_user(fp, tok->tt.attr32.uid, raw);
- print_delim(fp, del);
- print_group(fp, tok->tt.attr32.gid, raw);
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.attr32.fsid, "%u");
- print_delim(fp, del);
- print_8_bytes(fp, tok->tt.attr32.nid, "%lld");
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.attr32.dev, "%u");
+ print_tok_type(fp, tok->id, "attribute", raw, xml);
+ if (xml) {
+ open_attr(fp, "mode");
+ print_4_bytes(fp, tok->tt.attr32.mode, "%o");
+ close_attr(fp);
+ open_attr(fp, "uid");
+ print_user(fp, tok->tt.attr32.uid, raw);
+ close_attr(fp);
+ open_attr(fp, "gid");
+ print_group(fp, tok->tt.attr32.gid, raw);
+ close_attr(fp);
+ open_attr(fp, "fsid");
+ print_4_bytes(fp, tok->tt.attr32.fsid, "%u");
+ close_attr(fp);
+ open_attr(fp, "nodeid");
+ print_8_bytes(fp, tok->tt.attr32.nid, "%lld");
+ close_attr(fp);
+ open_attr(fp, "device");
+ print_4_bytes(fp, tok->tt.attr32.dev, "%u");
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.attr32.mode, "%o");
+ print_delim(fp, del);
+ print_user(fp, tok->tt.attr32.uid, raw);
+ print_delim(fp, del);
+ print_group(fp, tok->tt.attr32.gid, raw);
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.attr32.fsid, "%u");
+ print_delim(fp, del);
+ print_8_bytes(fp, tok->tt.attr32.nid, "%lld");
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.attr32.dev, "%u");
+ }
}
/*
@@ -1123,22 +1659,44 @@
static void
print_attr64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "attribute", raw);
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.attr64.mode, "%o");
- print_delim(fp, del);
- print_user(fp, tok->tt.attr64.uid, raw);
- print_delim(fp, del);
- print_group(fp, tok->tt.attr64.gid, raw);
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.attr64.fsid, "%u");
- print_delim(fp, del);
- print_8_bytes(fp, tok->tt.attr64.nid, "%lld");
- print_delim(fp, del);
- print_8_bytes(fp, tok->tt.attr64.dev, "%llu");
+ print_tok_type(fp, tok->id, "attribute", raw, xml);
+ if (xml) {
+ open_attr(fp, "mode");
+ print_4_bytes(fp, tok->tt.attr64.mode, "%o");
+ close_attr(fp);
+ open_attr(fp, "uid");
+ print_user(fp, tok->tt.attr64.uid, raw);
+ close_attr(fp);
+ open_attr(fp, "gid");
+ print_group(fp, tok->tt.attr64.gid, raw);
+ close_attr(fp);
+ open_attr(fp, "fsid");
+ print_4_bytes(fp, tok->tt.attr64.fsid, "%u");
+ close_attr(fp);
+ open_attr(fp, "nodeid");
+ print_8_bytes(fp, tok->tt.attr64.nid, "%lld");
+ close_attr(fp);
+ open_attr(fp, "device");
+ print_8_bytes(fp, tok->tt.attr64.dev, "%llu");
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.attr64.mode, "%o");
+ print_delim(fp, del);
+ print_user(fp, tok->tt.attr64.uid, raw);
+ print_delim(fp, del);
+ print_group(fp, tok->tt.attr64.gid, raw);
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.attr64.fsid, "%u");
+ print_delim(fp, del);
+ print_8_bytes(fp, tok->tt.attr64.nid, "%lld");
+ print_delim(fp, del);
+ print_8_bytes(fp, tok->tt.attr64.dev, "%llu");
+ }
}
/*
@@ -1163,14 +1721,24 @@
static void
print_exit_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "exit", raw);
- print_delim(fp, del);
- print_errval(fp, tok->tt.exit.status);
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.exit.ret, "%u");
+ print_tok_type(fp, tok->id, "exit", raw, xml);
+ if (xml) {
+ open_attr(fp, "errval");
+ print_errval(fp, tok->tt.exit.status);
+ close_attr(fp);
+ open_attr(fp, "retval");
+ print_4_bytes(fp, tok->tt.exit.ret, "%u");
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_errval(fp, tok->tt.exit.status);
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.exit.ret, "%u");
+ }
}
/*
@@ -1211,16 +1779,25 @@
static void
print_execarg_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
int i;
- print_tok_type(fp, tok->id, "exec arg", raw);
+ print_tok_type(fp, tok->id, "exec arg", raw, xml);
for (i = 0; i < tok->tt.execarg.count; i++) {
- print_delim(fp, del);
- print_string(fp, tok->tt.execarg.text[i],
- strlen(tok->tt.execarg.text[i]));
+ if (xml) {
+ fprintf(fp, "<arg>");
+ print_string(fp, tok->tt.execarg.text[i],
+ strlen(tok->tt.execarg.text[i]));
+ fprintf(fp, "</arg>");
+ } else {
+ print_delim(fp, del);
+ print_string(fp, tok->tt.execarg.text[i],
+ strlen(tok->tt.execarg.text[i]));
+ }
}
+ if (xml)
+ close_tag(fp, tok->id);
}
/*
@@ -1261,16 +1838,25 @@
static void
print_execenv_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
int i;
- print_tok_type(fp, tok->id, "exec env", raw);
+ print_tok_type(fp, tok->id, "exec env", raw, xml);
for (i = 0; i< tok->tt.execenv.count; i++) {
- print_delim(fp, del);
- print_string(fp, tok->tt.execenv.text[i],
- strlen(tok->tt.execenv.text[i]));
+ if (xml) {
+ fprintf(fp, "<env>");
+ print_string(fp, tok->tt.execenv.text[i],
+ strlen(tok->tt.execenv.text[i]));
+ fprintf(fp, "</env>");
+ } else {
+ print_delim(fp, del);
+ print_string(fp, tok->tt.execenv.text[i],
+ strlen(tok->tt.execenv.text[i]));
+ }
}
+ if (xml)
+ close_tag(fp, tok->id);
}
/*
@@ -1305,16 +1891,28 @@
static void
print_file_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "file", raw);
- print_delim(fp, del);
- print_sec32(fp, tok->tt.file.s, raw);
- print_delim(fp, del);
- print_msec32(fp, tok->tt.file.ms, raw);
- print_delim(fp, del);
- print_string(fp, tok->tt.file.name, tok->tt.file.len);
+ print_tok_type(fp, tok->id, "file", raw, xml);
+ if (xml) {
+ open_attr(fp, "time");
+ print_sec32(fp, tok->tt.file.s, raw);
+ close_attr(fp);
+ open_attr(fp, "msec");
+ print_msec32(fp, tok->tt.file.ms, raw);
+ close_attr(fp);
+ fprintf(fp, ">");
+ print_string(fp, tok->tt.file.name, tok->tt.file.len);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_sec32(fp, tok->tt.file.s, raw);
+ print_delim(fp, del);
+ print_msec32(fp, tok->tt.file.ms, raw);
+ print_delim(fp, del);
+ print_string(fp, tok->tt.file.name, tok->tt.file.len);
+ }
}
/*
@@ -1343,14 +1941,21 @@
static void
print_newgroups_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
int i;
- print_tok_type(fp, tok->id, "group", raw);
+ print_tok_type(fp, tok->id, "group", raw, xml);
for (i = 0; i < tok->tt.grps.no; i++) {
- print_delim(fp, del);
- print_group(fp, tok->tt.grps.list[i], raw);
+ if (xml) {
+ fprintf(fp, "<gid>");
+ print_group(fp, tok->tt.grps.list[i], raw);
+ fprintf(fp, "</gid>");
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_group(fp, tok->tt.grps.list[i], raw);
+ }
}
}
@@ -1373,12 +1978,17 @@
static void
print_inaddr_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "ip addr", raw);
- print_delim(fp, del);
- print_ip_address(fp, tok->tt.inaddr.addr);
+ print_tok_type(fp, tok->id, "ip addr", raw, xml);
+ if (xml) {
+ print_ip_address(fp, tok->tt.inaddr.addr);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_ip_address(fp, tok->tt.inaddr.addr);
+ }
}
/*
@@ -1412,13 +2022,19 @@
static void
print_inaddr_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "ip addr ex", raw);
- print_delim(fp, del);
- print_ip_ex_address(fp, tok->tt.inaddr_ex.type,
- tok->tt.inaddr_ex.addr);
+ print_tok_type(fp, tok->id, "ip addr ex", raw, xml);
+ if (xml) {
+ print_ip_ex_address(fp, tok->tt.inaddr_ex.type,
+ tok->tt.inaddr_ex.addr);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_ip_ex_address(fp, tok->tt.inaddr_ex.type,
+ tok->tt.inaddr_ex.addr);
+ }
}
/*
@@ -1480,30 +2096,64 @@
static void
print_ip_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "ip", raw);
- print_delim(fp, del);
- print_mem(fp, (u_char *)(&tok->tt.ip.version), sizeof(u_char));
- print_delim(fp, del);
- print_mem(fp, (u_char *)(&tok->tt.ip.tos), sizeof(u_char));
- print_delim(fp, del);
- print_2_bytes(fp, ntohs(tok->tt.ip.len), "%u");
- print_delim(fp, del);
- print_2_bytes(fp, ntohs(tok->tt.ip.id), "%u");
- print_delim(fp, del);
- print_2_bytes(fp, ntohs(tok->tt.ip.offset), "%u");
- print_delim(fp, del);
- print_mem(fp, (u_char *)(&tok->tt.ip.ttl), sizeof(u_char));
- print_delim(fp, del);
- print_mem(fp, (u_char *)(&tok->tt.ip.prot), sizeof(u_char));
- print_delim(fp, del);
- print_2_bytes(fp, ntohs(tok->tt.ip.chksm), "%u");
- print_delim(fp, del);
- print_ip_address(fp, tok->tt.ip.src);
- print_delim(fp, del);
- print_ip_address(fp, tok->tt.ip.dest);
+ print_tok_type(fp, tok->id, "ip", raw, xml);
+ if (xml) {
+ open_attr(fp, "version");
+ print_mem(fp, (u_char *)(&tok->tt.ip.version), sizeof(u_char));
+ close_attr(fp);
+ open_attr(fp, "service_type");
+ print_mem(fp, (u_char *)(&tok->tt.ip.tos), sizeof(u_char));
+ close_attr(fp);
+ open_attr(fp, "len");
+ print_2_bytes(fp, ntohs(tok->tt.ip.len), "%u");
+ close_attr(fp);
+ open_attr(fp, "id");
+ print_2_bytes(fp, ntohs(tok->tt.ip.id), "%u");
+ close_attr(fp);
+ open_attr(fp, "offset");
+ print_2_bytes(fp, ntohs(tok->tt.ip.offset), "%u");
+ close_attr(fp);
+ open_attr(fp, "time_to_live");
+ print_mem(fp, (u_char *)(&tok->tt.ip.ttl), sizeof(u_char));
+ close_attr(fp);
+ open_attr(fp, "protocol");
+ print_mem(fp, (u_char *)(&tok->tt.ip.prot), sizeof(u_char));
+ close_attr(fp);
+ open_attr(fp, "cksum");
+ print_2_bytes(fp, ntohs(tok->tt.ip.chksm), "%u");
+ close_attr(fp);
+ open_attr(fp, "src_addr");
+ print_ip_address(fp, tok->tt.ip.src);
+ close_attr(fp);
+ open_attr(fp, "dest_addr");
+ print_ip_address(fp, tok->tt.ip.dest);
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_mem(fp, (u_char *)(&tok->tt.ip.version), sizeof(u_char));
+ print_delim(fp, del);
+ print_mem(fp, (u_char *)(&tok->tt.ip.tos), sizeof(u_char));
+ print_delim(fp, del);
+ print_2_bytes(fp, ntohs(tok->tt.ip.len), "%u");
+ print_delim(fp, del);
+ print_2_bytes(fp, ntohs(tok->tt.ip.id), "%u");
+ print_delim(fp, del);
+ print_2_bytes(fp, ntohs(tok->tt.ip.offset), "%u");
+ print_delim(fp, del);
+ print_mem(fp, (u_char *)(&tok->tt.ip.ttl), sizeof(u_char));
+ print_delim(fp, del);
+ print_mem(fp, (u_char *)(&tok->tt.ip.prot), sizeof(u_char));
+ print_delim(fp, del);
+ print_2_bytes(fp, ntohs(tok->tt.ip.chksm), "%u");
+ print_delim(fp, del);
+ print_ip_address(fp, tok->tt.ip.src);
+ print_delim(fp, del);
+ print_ip_address(fp, tok->tt.ip.dest);
+ }
}
/*
@@ -1528,14 +2178,24 @@
static void
print_ipc_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "IPC", raw);
- print_delim(fp, del);
- print_ipctype(fp, tok->tt.ipc.type, raw);
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.ipc.id, "%u");
+ print_tok_type(fp, tok->id, "IPC", raw, xml);
+ if (xml) {
+ open_attr(fp, "ipc-type");
+ print_ipctype(fp, tok->tt.ipc.type, raw);
+ close_attr(fp);
+ open_attr(fp, "ipc-id");
+ print_4_bytes(fp, tok->tt.ipc.id, "%u");
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_ipctype(fp, tok->tt.ipc.type, raw);
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.ipc.id, "%u");
+ }
}
/*
@@ -1585,24 +2245,49 @@
static void
print_ipcperm_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "IPC perm", raw);
- print_delim(fp, del);
- print_user(fp, tok->tt.ipcperm.uid, raw);
- print_delim(fp, del);
- print_group(fp, tok->tt.ipcperm.gid, raw);
- print_delim(fp, del);
- print_user(fp, tok->tt.ipcperm.puid, raw);
- print_delim(fp, del);
- print_group(fp, tok->tt.ipcperm.pgid, raw);
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.ipcperm.mode, "%o");
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.ipcperm.seq, "%u");
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.ipcperm.key, "%u");
+ print_tok_type(fp, tok->id, "IPC perm", raw, xml);
+ if (xml) {
+ open_attr(fp, "uid");
+ print_user(fp, tok->tt.ipcperm.uid, raw);
+ close_attr(fp);
+ open_attr(fp, "gid");
+ print_group(fp, tok->tt.ipcperm.gid, raw);
+ close_attr(fp);
+ open_attr(fp, "creator-uid");
+ print_user(fp, tok->tt.ipcperm.puid, raw);
+ close_attr(fp);
+ open_attr(fp, "creator-gid");
+ print_group(fp, tok->tt.ipcperm.pgid, raw);
+ close_attr(fp);
+ open_attr(fp, "mode");
+ print_4_bytes(fp, tok->tt.ipcperm.mode, "%o");
+ close_attr(fp);
+ open_attr(fp, "seq");
+ print_4_bytes(fp, tok->tt.ipcperm.seq, "%u");
+ close_attr(fp);
+ open_attr(fp, "key");
+ print_4_bytes(fp, tok->tt.ipcperm.key, "%u");
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_user(fp, tok->tt.ipcperm.uid, raw);
+ print_delim(fp, del);
+ print_group(fp, tok->tt.ipcperm.gid, raw);
+ print_delim(fp, del);
+ print_user(fp, tok->tt.ipcperm.puid, raw);
+ print_delim(fp, del);
+ print_group(fp, tok->tt.ipcperm.pgid, raw);
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.ipcperm.mode, "%o");
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.ipcperm.seq, "%u");
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.ipcperm.key, "%u");
+ }
}
/*
@@ -1623,12 +2308,18 @@
static void
print_iport_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "ip port", raw);
- print_delim(fp, del);
- print_2_bytes(fp, ntohs(tok->tt.iport.port), "%#x");
+ print_tok_type(fp, tok->id, "ip port", raw, xml);
+ if (xml) {
+ print_2_bytes(fp, ntohs(tok->tt.iport.port), "%#x");
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_2_bytes(fp, ntohs(tok->tt.iport.port), "%#x");
+ }
+
}
/*
@@ -1654,14 +2345,19 @@
static void
print_opaque_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "opaque", raw);
- print_delim(fp, del);
- print_2_bytes(fp, tok->tt.opaque.size, "%u");
- print_delim(fp, del);
- print_mem(fp, tok->tt.opaque.data, tok->tt.opaque.size);
+ print_tok_type(fp, tok->id, "opaque", raw, xml);
+ if (xml) {
+ print_mem(fp, tok->tt.opaque.data, tok->tt.opaque.size);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_2_bytes(fp, tok->tt.opaque.size, "%u");
+ print_delim(fp, del);
+ print_mem(fp, tok->tt.opaque.data, tok->tt.opaque.size);
+ }
}
/*
@@ -1686,12 +2382,17 @@
static void
print_path_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "path", raw);
- print_delim(fp, del);
- print_string(fp, tok->tt.path.path, tok->tt.path.len);
+ print_tok_type(fp, tok->id, "path", raw, xml);
+ if (xml) {
+ print_string(fp, tok->tt.path.path, tok->tt.path.len);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_string(fp, tok->tt.path.path, tok->tt.path.len);
+ }
}
/*
@@ -1754,28 +2455,57 @@
static void
print_process32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "process", raw);
- print_delim(fp, del);
- print_user(fp, tok->tt.proc32.auid, raw);
- print_delim(fp, del);
- print_user(fp, tok->tt.proc32.euid, raw);
- print_delim(fp, del);
- print_group(fp, tok->tt.proc32.egid, raw);
- print_delim(fp, del);
- print_user(fp, tok->tt.proc32.ruid, raw);
- print_delim(fp, del);
- print_group(fp, tok->tt.proc32.rgid, raw);
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.proc32.pid, "%u");
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.proc32.sid, "%u");
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.proc32.tid.port, "%u");
- print_delim(fp, del);
- print_ip_address(fp, tok->tt.proc32.tid.addr);
+ print_tok_type(fp, tok->id, "process", raw, xml);
+ if (xml) {
+ open_attr(fp, "audit-uid");
+ print_user(fp, tok->tt.proc32.auid, raw);
+ close_attr(fp);
+ open_attr(fp, "uid");
+ print_user(fp, tok->tt.proc32.euid, raw);
+ close_attr(fp);
+ open_attr(fp, "gid");
+ print_group(fp, tok->tt.proc32.egid, raw);
+ close_attr(fp);
+ open_attr(fp, "ruid");
+ print_user(fp, tok->tt.proc32.ruid, raw);
+ close_attr(fp);
+ open_attr(fp, "rgid");
+ print_group(fp, tok->tt.proc32.rgid, raw);
+ close_attr(fp);
+ open_attr(fp, "pid");
+ print_4_bytes(fp, tok->tt.proc32.pid, "%u");
+ close_attr(fp);
+ open_attr(fp, "sid");
+ print_4_bytes(fp, tok->tt.proc32.sid, "%u");
+ close_attr(fp);
+ open_attr(fp, "tid");
+ print_4_bytes(fp, tok->tt.proc32.tid.port, "%u");
+ print_ip_address(fp, tok->tt.proc32.tid.addr);
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_user(fp, tok->tt.proc32.auid, raw);
+ print_delim(fp, del);
+ print_user(fp, tok->tt.proc32.euid, raw);
+ print_delim(fp, del);
+ print_group(fp, tok->tt.proc32.egid, raw);
+ print_delim(fp, del);
+ print_user(fp, tok->tt.proc32.ruid, raw);
+ print_delim(fp, del);
+ print_group(fp, tok->tt.proc32.rgid, raw);
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.proc32.pid, "%u");
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.proc32.sid, "%u");
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.proc32.tid.port, "%u");
+ print_delim(fp, del);
+ print_ip_address(fp, tok->tt.proc32.tid.addr);
+ }
}
static int
@@ -1839,29 +2569,59 @@
static void
print_process32ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "process_ex", raw);
- print_delim(fp, del);
- print_user(fp, tok->tt.proc32_ex.auid, raw);
- print_delim(fp, del);
- print_user(fp, tok->tt.proc32_ex.euid, raw);
- print_delim(fp, del);
- print_group(fp, tok->tt.proc32_ex.egid, raw);
- print_delim(fp, del);
- print_user(fp, tok->tt.proc32_ex.ruid, raw);
- print_delim(fp, del);
- print_group(fp, tok->tt.proc32_ex.rgid, raw);
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.proc32_ex.pid, "%u");
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.proc32_ex.sid, "%u");
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.proc32_ex.tid.port, "%u");
- print_delim(fp, del);
- print_ip_ex_address(fp, tok->tt.proc32_ex.tid.type,
- tok->tt.proc32_ex.tid.addr);
+ print_tok_type(fp, tok->id, "process_ex", raw, xml);
+ if (xml) {
+ open_attr(fp, "audit-uid");
+ print_user(fp, tok->tt.proc32_ex.auid, raw);
+ close_attr(fp);
+ open_attr(fp, "uid");
+ print_user(fp, tok->tt.proc32_ex.euid, raw);
+ close_attr(fp);
+ open_attr(fp, "gid");
+ print_group(fp, tok->tt.proc32_ex.egid, raw);
+ close_attr(fp);
+ open_attr(fp, "ruid");
+ print_user(fp, tok->tt.proc32_ex.ruid, raw);
+ close_attr(fp);
+ open_attr(fp, "rgid");
+ print_group(fp, tok->tt.proc32_ex.rgid, raw);
+ close_attr(fp);
+ open_attr(fp, "pid");
+ print_4_bytes(fp, tok->tt.proc32_ex.pid, "%u");
+ close_attr(fp);
+ open_attr(fp, "sid");
+ print_4_bytes(fp, tok->tt.proc32_ex.sid, "%u");
+ close_attr(fp);
+ open_attr(fp, "tid");
+ print_4_bytes(fp, tok->tt.proc32_ex.tid.port, "%u");
+ print_ip_ex_address(fp, tok->tt.proc32_ex.tid.type,
+ tok->tt.proc32_ex.tid.addr);
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_user(fp, tok->tt.proc32_ex.auid, raw);
+ print_delim(fp, del);
+ print_user(fp, tok->tt.proc32_ex.euid, raw);
+ print_delim(fp, del);
+ print_group(fp, tok->tt.proc32_ex.egid, raw);
+ print_delim(fp, del);
+ print_user(fp, tok->tt.proc32_ex.ruid, raw);
+ print_delim(fp, del);
+ print_group(fp, tok->tt.proc32_ex.rgid, raw);
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.proc32_ex.pid, "%u");
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.proc32_ex.sid, "%u");
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.proc32_ex.tid.port, "%u");
+ print_delim(fp, del);
+ print_ip_ex_address(fp, tok->tt.proc32_ex.tid.type,
+ tok->tt.proc32_ex.tid.addr);
+ }
}
/*
@@ -1886,14 +2646,24 @@
static void
print_return32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "return", raw);
- print_delim(fp, del);
- print_retval(fp, tok->tt.ret32.status, raw);
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.ret32.ret, "%u");
+ print_tok_type(fp, tok->id, "return", raw, xml);
+ if (xml) {
+ open_attr(fp ,"errval");
+ print_retval(fp, tok->tt.ret32.status, raw);
+ close_attr(fp);
+ open_attr(fp, "retval");
+ print_4_bytes(fp, tok->tt.ret32.ret, "%u");
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_retval(fp, tok->tt.ret32.status, raw);
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.ret32.ret, "%u");
+ }
}
static int
@@ -1914,14 +2684,24 @@
static void
print_return64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "return", raw);
- print_delim(fp, del);
- print_retval(fp, tok->tt.ret64.err, raw);
- print_delim(fp, del);
- print_8_bytes(fp, tok->tt.ret64.val, "%lld");
+ print_tok_type(fp, tok->id, "return", raw, xml);
+ if (xml) {
+ open_attr(fp, "errval");
+ print_retval(fp, tok->tt.ret64.err, raw);
+ close_attr(fp);
+ open_attr(fp, "retval");
+ print_8_bytes(fp, tok->tt.ret64.val, "%lld");
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_retval(fp, tok->tt.ret64.err, raw);
+ print_delim(fp, del);
+ print_8_bytes(fp, tok->tt.ret64.val, "%lld");
+ }
}
/*
@@ -1941,12 +2721,19 @@
static void
print_seq_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "sequence", raw);
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.seq.seqno, "%u");
+ print_tok_type(fp, tok->id, "sequence", raw, xml);
+ if (xml) {
+ open_attr(fp, "seq-num");
+ print_4_bytes(fp, tok->tt.seq.seqno, "%u");
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.seq.seqno, "%u");
+ }
}
/*
@@ -1979,16 +2766,29 @@
static void
print_sock_inet32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "socket-inet", raw);
- print_delim(fp, del);
- print_2_bytes(fp, tok->tt.sockinet32.family, "%u");
- print_delim(fp, del);
- print_2_bytes(fp, ntohs(tok->tt.sockinet32.port), "%u");
- print_delim(fp, del);
- print_ip_address(fp, tok->tt.sockinet32.addr);
+ print_tok_type(fp, tok->id, "socket-inet", raw, xml);
+ if (xml) {
+ open_attr(fp, "type");
+ print_2_bytes(fp, tok->tt.sockinet32.family, "%u");
+ close_attr(fp);
+ open_attr(fp, "port");
+ print_2_bytes(fp, ntohs(tok->tt.sockinet32.port), "%u");
+ close_attr(fp);
+ open_attr(fp, "addr");
+ print_ip_address(fp, tok->tt.sockinet32.addr);
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_2_bytes(fp, tok->tt.sockinet32.family, "%u");
+ print_delim(fp, del);
+ print_2_bytes(fp, ntohs(tok->tt.sockinet32.port), "%u");
+ print_delim(fp, del);
+ print_ip_address(fp, tok->tt.sockinet32.addr);
+ }
}
/*
@@ -2014,15 +2814,28 @@
static void
print_sock_unix_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "socket-unix", raw);
- print_delim(fp, del);
- print_2_bytes(fp, tok->tt.sockunix.family, "%u");
- print_delim(fp, del);
- print_string(fp, tok->tt.sockunix.path,
- strlen(tok->tt.sockunix.path));
+ print_tok_type(fp, tok->id, "socket-unix", raw, xml);
+ if (xml) {
+ open_attr(fp, "type");
+ print_2_bytes(fp, tok->tt.sockunix.family, "%u");
+ close_attr(fp);
+ open_attr(fp, "port");
+ close_attr(fp);
+ open_attr(fp, "addr");
+ print_string(fp, tok->tt.sockunix.path,
+ strlen(tok->tt.sockunix.path));
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_2_bytes(fp, tok->tt.sockunix.family, "%u");
+ print_delim(fp, del);
+ print_string(fp, tok->tt.sockunix.path,
+ strlen(tok->tt.sockunix.path));
+ }
}
/*
@@ -2066,20 +2879,39 @@
static void
print_socket_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "socket", raw);
- print_delim(fp, del);
- print_2_bytes(fp, tok->tt.socket.type, "%u");
- print_delim(fp, del);
- print_2_bytes(fp, ntohs(tok->tt.socket.l_port), "%u");
- print_delim(fp, del);
- print_ip_address(fp, tok->tt.socket.l_addr);
- print_delim(fp, del);
- print_2_bytes(fp, ntohs(tok->tt.socket.r_port), "%u");
- print_delim(fp, del);
- print_ip_address(fp, tok->tt.socket.r_addr);
+ print_tok_type(fp, tok->id, "socket", raw, xml);
+ if (xml) {
+ open_attr(fp, "sock_type");
+ print_2_bytes(fp, tok->tt.socket.type, "%u");
+ close_attr(fp);
+ open_attr(fp, "lport");
+ print_2_bytes(fp, ntohs(tok->tt.socket.l_port), "%u");
+ close_attr(fp);
+ open_attr(fp, "laddr");
+ print_ip_address(fp, tok->tt.socket.l_addr);
+ close_attr(fp);
+ open_attr(fp, "fport");
+ print_2_bytes(fp, ntohs(tok->tt.socket.r_port), "%u");
+ close_attr(fp);
+ open_attr(fp, "faddr");
+ print_ip_address(fp, tok->tt.socket.r_addr);
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_2_bytes(fp, tok->tt.socket.type, "%u");
+ print_delim(fp, del);
+ print_2_bytes(fp, ntohs(tok->tt.socket.l_port), "%u");
+ print_delim(fp, del);
+ print_ip_address(fp, tok->tt.socket.l_addr);
+ print_delim(fp, del);
+ print_2_bytes(fp, ntohs(tok->tt.socket.r_port), "%u");
+ print_delim(fp, del);
+ print_ip_address(fp, tok->tt.socket.r_addr);
+ }
}
/*
@@ -2141,28 +2973,57 @@
static void
print_subject32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "subject", raw);
- print_delim(fp, del);
- print_user(fp, tok->tt.subj32.auid, raw);
- print_delim(fp, del);
- print_user(fp, tok->tt.subj32.euid, raw);
- print_delim(fp, del);
- print_group(fp, tok->tt.subj32.egid, raw);
- print_delim(fp, del);
- print_user(fp, tok->tt.subj32.ruid, raw);
- print_delim(fp, del);
- print_group(fp, tok->tt.subj32.rgid, raw);
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.subj32.pid, "%u");
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.subj32.sid, "%u");
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.subj32.tid.port, "%u");
- print_delim(fp, del);
- print_ip_address(fp, tok->tt.subj32.tid.addr);
+ print_tok_type(fp, tok->id, "subject", raw, xml);
+ if (xml) {
+ open_attr(fp, "audit-uid");
+ print_user(fp, tok->tt.subj32.auid, raw);
+ close_attr(fp);
+ open_attr(fp, "uid");
+ print_user(fp, tok->tt.subj32.euid, raw);
+ close_attr(fp);
+ open_attr(fp, "gid");
+ print_group(fp, tok->tt.subj32.egid, raw);
+ close_attr(fp);
+ open_attr(fp, "ruid");
+ print_user(fp, tok->tt.subj32.ruid, raw);
+ close_attr(fp);
+ open_attr(fp, "rgid");
+ print_group(fp, tok->tt.subj32.rgid, raw);
+ close_attr(fp);
+ open_attr(fp,"pid");
+ print_4_bytes(fp, tok->tt.subj32.pid, "%u");
+ close_attr(fp);
+ open_attr(fp,"sid");
+ print_4_bytes(fp, tok->tt.subj32.sid, "%u");
+ close_attr(fp);
+ open_attr(fp,"tid");
+ print_4_bytes(fp, tok->tt.subj32.tid.port, "%u ");
+ print_ip_address(fp, tok->tt.subj32.tid.addr);
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_user(fp, tok->tt.subj32.auid, raw);
+ print_delim(fp, del);
+ print_user(fp, tok->tt.subj32.euid, raw);
+ print_delim(fp, del);
+ print_group(fp, tok->tt.subj32.egid, raw);
+ print_delim(fp, del);
+ print_user(fp, tok->tt.subj32.ruid, raw);
+ print_delim(fp, del);
+ print_group(fp, tok->tt.subj32.rgid, raw);
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.subj32.pid, "%u");
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.subj32.sid, "%u");
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.subj32.tid.port, "%u");
+ print_delim(fp, del);
+ print_ip_address(fp, tok->tt.subj32.tid.addr);
+ }
}
/*
@@ -2224,28 +3085,57 @@
static void
print_subject64_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "subject", raw);
- print_delim(fp, del);
- print_user(fp, tok->tt.subj64.auid, raw);
- print_delim(fp, del);
- print_user(fp, tok->tt.subj64.euid, raw);
- print_delim(fp, del);
- print_group(fp, tok->tt.subj64.egid, raw);
- print_delim(fp, del);
- print_user(fp, tok->tt.subj64.ruid, raw);
- print_delim(fp, del);
- print_group(fp, tok->tt.subj64.rgid, raw);
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.subj64.pid, "%u");
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.subj64.sid, "%u");
- print_delim(fp, del);
- print_8_bytes(fp, tok->tt.subj64.tid.port, "%llu");
- print_delim(fp, del);
- print_ip_address(fp, tok->tt.subj64.tid.addr);
+ print_tok_type(fp, tok->id, "subject", raw, xml);
+ if (xml) {
+ open_attr(fp, "audit-uid");
+ print_user(fp, tok->tt.subj64.auid, raw);
+ close_attr(fp);
+ open_attr(fp, "uid");
+ print_user(fp, tok->tt.subj64.euid, raw);
+ close_attr(fp);
+ open_attr(fp, "gid");
+ print_group(fp, tok->tt.subj64.egid, raw);
+ close_attr(fp);
+ open_attr(fp, "ruid");
+ print_user(fp, tok->tt.subj64.ruid, raw);
+ close_attr(fp);
+ open_attr(fp, "rgid");
+ print_group(fp, tok->tt.subj64.rgid, raw);
+ close_attr(fp);
+ open_attr(fp, "pid");
+ print_4_bytes(fp, tok->tt.subj64.pid, "%u");
+ close_attr(fp);
+ open_attr(fp, "sid");
+ print_4_bytes(fp, tok->tt.subj64.sid, "%u");
+ close_attr(fp);
+ open_attr(fp, "tid");
+ print_8_bytes(fp, tok->tt.subj64.tid.port, "%llu");
+ print_ip_address(fp, tok->tt.subj64.tid.addr);
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_user(fp, tok->tt.subj64.auid, raw);
+ print_delim(fp, del);
+ print_user(fp, tok->tt.subj64.euid, raw);
+ print_delim(fp, del);
+ print_group(fp, tok->tt.subj64.egid, raw);
+ print_delim(fp, del);
+ print_user(fp, tok->tt.subj64.ruid, raw);
+ print_delim(fp, del);
+ print_group(fp, tok->tt.subj64.rgid, raw);
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.subj64.pid, "%u");
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.subj64.sid, "%u");
+ print_delim(fp, del);
+ print_8_bytes(fp, tok->tt.subj64.tid.port, "%llu");
+ print_delim(fp, del);
+ print_ip_address(fp, tok->tt.subj64.tid.addr);
+ }
}
/*
@@ -2322,29 +3212,59 @@
static void
print_subject32ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "subject_ex", raw);
- print_delim(fp, del);
- print_user(fp, tok->tt.subj32_ex.auid, raw);
- print_delim(fp, del);
- print_user(fp, tok->tt.subj32_ex.euid, raw);
- print_delim(fp, del);
- print_group(fp, tok->tt.subj32_ex.egid, raw);
- print_delim(fp, del);
- print_user(fp, tok->tt.subj32_ex.ruid, raw);
- print_delim(fp, del);
- print_group(fp, tok->tt.subj32_ex.rgid, raw);
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.subj32_ex.pid, "%u");
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.subj32_ex.sid, "%u");
- print_delim(fp, del);
- print_4_bytes(fp, tok->tt.subj32_ex.tid.port, "%u");
- print_delim(fp, del);
- print_ip_ex_address(fp, tok->tt.subj32_ex.tid.type,
- tok->tt.subj32_ex.tid.addr);
+ print_tok_type(fp, tok->id, "subject_ex", raw, xml);
+ if (xml) {
+ open_attr(fp, "audit-uid");
+ print_user(fp, tok->tt.subj32_ex.auid, raw);
+ close_attr(fp);
+ open_attr(fp, "uid");
+ print_user(fp, tok->tt.subj32_ex.euid, raw);
+ close_attr(fp);
+ open_attr(fp, "gid");
+ print_group(fp, tok->tt.subj32_ex.egid, raw);
+ close_attr(fp);
+ open_attr(fp, "ruid");
+ print_user(fp, tok->tt.subj32_ex.ruid, raw);
+ close_attr(fp);
+ open_attr(fp, "rgid");
+ print_group(fp, tok->tt.subj32_ex.rgid, raw);
+ close_attr(fp);
+ open_attr(fp, "pid");
+ print_4_bytes(fp, tok->tt.subj32_ex.pid, "%u");
+ close_attr(fp);
+ open_attr(fp, "sid");
+ print_4_bytes(fp, tok->tt.subj32_ex.sid, "%u");
+ close_attr(fp);
+ open_attr(fp, "tid");
+ print_4_bytes(fp, tok->tt.subj32_ex.tid.port, "%u");
+ print_ip_ex_address(fp, tok->tt.subj32_ex.tid.type,
+ tok->tt.subj32_ex.tid.addr);
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_user(fp, tok->tt.subj32_ex.auid, raw);
+ print_delim(fp, del);
+ print_user(fp, tok->tt.subj32_ex.euid, raw);
+ print_delim(fp, del);
+ print_group(fp, tok->tt.subj32_ex.egid, raw);
+ print_delim(fp, del);
+ print_user(fp, tok->tt.subj32_ex.ruid, raw);
+ print_delim(fp, del);
+ print_group(fp, tok->tt.subj32_ex.rgid, raw);
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.subj32_ex.pid, "%u");
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.subj32_ex.sid, "%u");
+ print_delim(fp, del);
+ print_4_bytes(fp, tok->tt.subj32_ex.tid.port, "%u");
+ print_delim(fp, del);
+ print_ip_ex_address(fp, tok->tt.subj32_ex.tid.type,
+ tok->tt.subj32_ex.tid.addr);
+ }
}
/*
@@ -2370,12 +3290,17 @@
static void
print_text_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "text", raw);
- print_delim(fp, del);
- print_string(fp, tok->tt.text.text, tok->tt.text.len);
+ print_tok_type(fp, tok->id, "text", raw, xml);
+ if (xml) {
+ print_string(fp, tok->tt.text.text, tok->tt.text.len);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_string(fp, tok->tt.text.text, tok->tt.text.len);
+ }
}
/*
@@ -2432,20 +3357,39 @@
static void
print_socketex32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "socket", raw);
- print_delim(fp, del);
- print_2_bytes(fp, tok->tt.socket_ex32.type, "%#x");
- print_delim(fp, del);
- print_2_bytes(fp, ntohs(tok->tt.socket_ex32.l_port), "%#x");
- print_delim(fp, del);
- print_ip_address(fp, tok->tt.socket_ex32.l_addr);
- print_delim(fp, del);
- print_4_bytes(fp, ntohs(tok->tt.socket_ex32.r_port), "%#x");
- print_delim(fp, del);
- print_ip_address(fp, tok->tt.socket_ex32.r_addr);
+ print_tok_type(fp, tok->id, "socket", raw, xml);
+ if (xml) {
+ open_attr(fp, "sock_type");
+ print_2_bytes(fp, tok->tt.socket_ex32.type, "%#x");
+ close_attr(fp);
+ open_attr(fp, "lport");
+ print_2_bytes(fp, ntohs(tok->tt.socket_ex32.l_port), "%#x");
+ close_attr(fp);
+ open_attr(fp, "laddr");
+ print_ip_address(fp, tok->tt.socket_ex32.l_addr);
+ close_attr(fp);
+ open_attr(fp, "faddr");
+ print_ip_address(fp, tok->tt.socket_ex32.r_addr);
+ close_attr(fp);
+ open_attr(fp, "fport");
+ print_2_bytes(fp, tok->tt.socket_ex32.type, "%#x");
+ close_attr(fp);
+ close_tag(fp, tok->id);
+ } else {
+ print_delim(fp, del);
+ print_2_bytes(fp, tok->tt.socket_ex32.type, "%#x");
+ print_delim(fp, del);
+ print_2_bytes(fp, ntohs(tok->tt.socket_ex32.l_port), "%#x");
+ print_delim(fp, del);
+ print_ip_address(fp, tok->tt.socket_ex32.l_addr);
+ print_delim(fp, del);
+ print_4_bytes(fp, ntohs(tok->tt.socket_ex32.r_port), "%#x");
+ print_delim(fp, del);
+ print_ip_address(fp, tok->tt.socket_ex32.r_addr);
+ }
}
static int
@@ -2469,12 +3413,14 @@
static void
print_invalid_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
- __unused char sfrm)
+ __unused char sfrm, char xml)
{
- print_tok_type(fp, tok->id, "unknown", raw);
- print_delim(fp, del);
- print_mem(fp, tok->tt.invalid.data, tok->tt.invalid.length);
+ if (!xml) {
+ print_tok_type(fp, tok->id, "unknown", raw, 0);
+ print_delim(fp, del);
+ print_mem(fp, tok->tt.invalid.data, tok->tt.invalid.length);
+ }
}
@@ -2610,156 +3556,156 @@
* 'prints' the token out to outfp
*/
void
-au_print_tok(FILE *outfp, tokenstr_t *tok, char *del, char raw, char sfrm)
+au_print_tok(FILE *outfp, tokenstr_t *tok, char *del, char raw, char sfrm, char xml)
{
switch(tok->id) {
case AUT_HEADER32:
- print_header32_tok(outfp, tok, del, raw, sfrm);
+ print_header32_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_HEADER32_EX:
- print_header32_ex_tok(outfp, tok, del, raw, sfrm);
+ print_header32_ex_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_HEADER64:
- print_header64_tok(outfp, tok, del, raw, sfrm);
+ print_header64_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_HEADER64_EX:
- print_header64_ex_tok(outfp, tok, del, raw, sfrm);
+ print_header64_ex_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_TRAILER:
- print_trailer_tok(outfp, tok, del, raw, sfrm);
+ print_trailer_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_ARG32:
- print_arg32_tok(outfp, tok, del, raw, sfrm);
+ print_arg32_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_ARG64:
- print_arg64_tok(outfp, tok, del, raw, sfrm);
+ print_arg64_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_DATA:
- print_arb_tok(outfp, tok, del, raw, sfrm);
+ print_arb_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_ATTR32:
- print_attr32_tok(outfp, tok, del, raw, sfrm);
+ print_attr32_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_ATTR64:
- print_attr64_tok(outfp, tok, del, raw, sfrm);
+ print_attr64_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_EXIT:
- print_exit_tok(outfp, tok, del, raw, sfrm);
+ print_exit_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_EXEC_ARGS:
- print_execarg_tok(outfp, tok, del, raw, sfrm);
+ print_execarg_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_EXEC_ENV:
- print_execenv_tok(outfp, tok, del, raw, sfrm);
+ print_execenv_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_OTHER_FILE32:
- print_file_tok(outfp, tok, del, raw, sfrm);
+ print_file_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_NEWGROUPS:
- print_newgroups_tok(outfp, tok, del, raw, sfrm);
+ print_newgroups_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_IN_ADDR:
- print_inaddr_tok(outfp, tok, del, raw, sfrm);
+ print_inaddr_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_IN_ADDR_EX:
- print_inaddr_ex_tok(outfp, tok, del, raw, sfrm);
+ print_inaddr_ex_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_IP:
- print_ip_tok(outfp, tok, del, raw, sfrm);
+ print_ip_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_IPC:
- print_ipc_tok(outfp, tok, del, raw, sfrm);
+ print_ipc_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_IPC_PERM:
- print_ipcperm_tok(outfp, tok, del, raw, sfrm);
+ print_ipcperm_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_IPORT:
- print_iport_tok(outfp, tok, del, raw, sfrm);
+ print_iport_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_OPAQUE:
- print_opaque_tok(outfp, tok, del, raw, sfrm);
+ print_opaque_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_PATH:
- print_path_tok(outfp, tok, del, raw, sfrm);
+ print_path_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_PROCESS32:
- print_process32_tok(outfp, tok, del, raw, sfrm);
+ print_process32_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_PROCESS32_EX:
- print_process32ex_tok(outfp, tok, del, raw, sfrm);
+ print_process32ex_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_RETURN32:
- print_return32_tok(outfp, tok, del, raw, sfrm);
+ print_return32_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_RETURN64:
- print_return64_tok(outfp, tok, del, raw, sfrm);
+ print_return64_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_SEQ:
- print_seq_tok(outfp, tok, del, raw, sfrm);
+ print_seq_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_SOCKET:
- print_socket_tok(outfp, tok, del, raw, sfrm);
+ print_socket_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_SOCKINET32:
- print_sock_inet32_tok(outfp, tok, del, raw, sfrm);
+ print_sock_inet32_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_SOCKUNIX:
- print_sock_unix_tok(outfp, tok, del, raw, sfrm);
+ print_sock_unix_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_SUBJECT32:
- print_subject32_tok(outfp, tok, del, raw, sfrm);
+ print_subject32_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_SUBJECT64:
- print_subject64_tok(outfp, tok, del, raw, sfrm);
+ print_subject64_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_SUBJECT32_EX:
- print_subject32ex_tok(outfp, tok, del, raw, sfrm);
+ print_subject32ex_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_TEXT:
- print_text_tok(outfp, tok, del, raw, sfrm);
+ print_text_tok(outfp, tok, del, raw, sfrm, xml);
return;
case AUT_SOCKET_EX:
- print_socketex32_tok(outfp, tok, del, raw, sfrm);
+ print_socketex32_tok(outfp, tok, del, raw, sfrm, xml);
return;
default:
- print_invalid_tok(outfp, tok, del, raw, sfrm);
+ print_invalid_tok(outfp, tok, del, raw, sfrm, xml);
}
}
[-- Attachment #3 --]
Index: man/audit.log.5
===================================================================
--- man/audit.log.5 Thu Oct 19 13:31:13 2006
+++ man/audit.log.5 Sun Sep 24 20:20:11 2006
@@ -414,8 +414,7 @@
.Ss System V IPC Token
The
.Dv System V IPC
-token contains the System V IPC message handle, semaphore handle or shared memory handle. A System V IPC token may be created using
-.Xr au_to_ipc 3 .
+token ...
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
.It Sy "Field" Ta Sy Bytes Ta Sy Description
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
@@ -478,55 +477,38 @@
.Ss System V IPC Permission Token
The
.Dv System V IPC permission
-token contains a System V IPC access permissions. A IPC permission token may be created using
-.Xr au_to_ipc_perm 3 .
+token ...
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
.It Sy "Field" Ta Sy Bytes Ta Sy Description
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
-.It Li "Owner user ID" Ta "4 bytes" Ta "User ID of IPC owner"
-.It Li "Owner group ID" Ta "4 bytes" Ta "Group ID of IPC owner"
-.It Li "Creator user ID" Ta "4 bytes" Ta "User ID of IPC creator"
-.It Li "Creator group ID" Ta "4 bytes" Ta "Group ID of IPC creator"
-.It Li "Access mode" Ta "4 bytes" Ta "Access mode"
-.It Li "Sequnce number" Ta "4 bytes" Ta "Sequnce number"
-.It Li "Key" Ta "4 bytes" Ta "IPC key"
+.It Li XXXXX
.El
.Ss Arg Token
The
.Dv arg
-token contains informations about arguments of the system call. Depend on size of argument value an Arg token may be created using
-.Xr au_to_arg32 3
-or
-.Xr au_to_arg64 3 .
+token ...
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
.It Sy "Field" Ta Sy Bytes Ta Sy Description
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
-.It Li "Argument ID" Ta "1 byte" Ta "Argument ID"
-.It Li "Argument value" Ta "4/8 bytes" Ta "Argument value"
-.It Li "Length" Ta "2 bytes" Ta "Length of the text"
-.It Li "Text" Ta "N bytes + 1 nul" Ta "The string including nul"
+.It Li XXXXX
.El
.Ss exec_args Token
The
.Dv exec_args
-token contains informations about arguements of the exec() system call. A exec_args token may be created using
-.Xr au_to_exec_args 3 .
+token ...
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
.It Sy "Field" Ta Sy Bytes Ta Sy Description
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
-.It Li "Count" Ta "4 bytes" Ta "Number of arguments"
-.It Li "Text" Ta "* bytes" Ta "Count null-terminated strings"
+.It Li XXXXX
.El
.Ss exec_env Token
The
.Dv exec_env
-token contains current eviroment variables to an exec() system call. A exec_args token may be created using
-.Xr au_to_exec_env 3 .
+token ...
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
.It Sy "Field" Ta Sy Bytes Ta Sy Description
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
-.It Li "Count ID" Ta "4 bytes" Ta "Number of variables"
-.It Li "Text" Ta "* bytes" Ta "Count null-terminated strings"
+.It Li XXXXX
.El
.Ss Exit Token
The
@@ -545,27 +527,11 @@
.Ss Socket Token
The
.Dv socket
-token contains informations about Internet socket. Token has four fields or eight fields. Depend on type of socket a socket token may be created using
-.Xr au_to_sock_unix 3 ,
-.Xr au_to_sock_inet32 3 or
-.Xr au_to_sock_inet128 3 .
-.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
-.It Sy "Field" Ta Sy Bytes Ta Sy Description
-.It Li "Token ID" Ta "1 byte" Ta "Token ID"
-.It Li "Socket family" Ta "2 bytes" Ta "Socket family"
-.It Li "Local port" Ta "2 bytes" Ta "Local port"
-.It Li "Socket address" Ta "4 bytes" Ta "Socket address"
-.El
+token ...
.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
.It Sy "Field" Ta Sy Bytes Ta Sy Description
.It Li "Token ID" Ta "1 byte" Ta "Token ID"
-.It Li "Socket domain" Ta "4 bytes" Ta "Socket domain"
-.It Li "Socket family" Ta "2 bytes" Ta "Socket family"
-.It Li "Address type" Ta "1 byte" Ta "Address type (IPv4/IPv6)"
-.It Li "Local port" Ta "2 bytes" Ta "Local port"
-.It Li "Local IP address" Ta "4/16 bytes" Ta "Local IP address"
-.It Li "Remote port" Ta "2 bytes" Ta "Remote port"
-.It Li "Remote IP address" Ta "4/16 bytes" Ta "Remote IP address"
+.It Li XXXXX
.El
.Ss Expanded Socket Token
The
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061019142114.30659.qmail>