Date: Wed, 18 Jun 2008 11:40:53 GMT From: Vincenzo Iozzo <snagg@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 143689 for review Message-ID: <200806181140.m5IBer35032987@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=143689 Change 143689 by snagg@snagg_macosx on 2008/06/18 11:40:21 Finished the first event-specific framework part, added also a testing program. Some other bugs were corrected in the utils. Still need some testing Affected files ... .. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/audit_pipe_ioctl_events.c#2 delete .. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/audit_pipe_regression_test_utils.c#3 edit .. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/audit_pipe_regression_test_utils.h#2 edit .. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/specific-event/audit_pipe_event_open.c#1 add .. //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/tests/open_test.c#1 add Differences ... ==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/audit_pipe_regression_test_utils.c#3 (text+ko) ==== @@ -1,47 +1,6 @@ #include "audit_pipe_regression_test_utils.h" -struct audit_record *del_record_au(struct audit_record *head, int index) -{ - struct audit_record *tmp; - struct audit_record *p; - - tmp = head; - if(tmp == NULL) - return NULL; - for(; tmp->next != NULL; tmp = tmp->next) - { - if(tmp->next->index == index) { - p = tmp->next; - tmp->next = tmp->next->next; - free(p); - return head; - } - } - - return NULL; -} - -struct audit_record -*add_field_au(struct audit_record *head, struct audit_record *new) -{ - struct audit_record *tmp; - - tmp = head; - if(tmp == NULL) { - new->next = NULL; - return new; - } - - for(; tmp->next != NULL;tmp = tmp->next); - new->index = tmp->index +1; - tmp->next= new; - new->next = NULL; - - return head; -} - - void init_channel() { key_t key; @@ -101,7 +60,7 @@ /* * Every string in the shared-memory channel is of the form - * value:!!audit-field:**type. + * value\\!!audit-field:**type. * Here we parse the audit-field part */ char *get_descr(char *string) @@ -110,7 +69,7 @@ str = string; - if((string = strsep(&str, ":!!")) != NULL) + if((string = strsep(&str, "\\!!")) != NULL) { str +=2; return str; @@ -119,7 +78,7 @@ /* * Every string in the shared-memory channel is of the form - * value:!!audit-field:**type. + * value\!!audit-field:**type. * Here we parse the type part */ int parse_string(char *string) @@ -179,47 +138,49 @@ * We fetch every token from auditpipe and eventually dump them to a file * Modified version of praudit function. */ -struct audit_record -*audit_print_record(FILE *st, FILE *in) + +int +audit_print_record(FILE *st, char *buffer, int buflen, struct audit_record rec) { - u_char *buf; - tokenstr_t tok; - int reclen; - int bytesread; int count; u_char type; - struct audit_record *rec; - + int i, exit; + type = 0; count = 0; - rec = malloc(sizeof(struct audit_record)); - if(rec == NULL) - err(-1, "MALLOC"); - + exit = 0; + /* Record must begin with a header token. */ - do { - type = fgetc(in); - } while(type != AU_HEADER_32_TOKEN); - ungetc(type, in); + for( i = 0; i< buflen; i++) { + type = buffer[i]; + if(type == AU_HEADER_32_TOKEN) { + buffer +=i; + buflen -=i; + break; + } + } + while (buflen > 0) { - while ((reclen = au_read_rec(in, &buf)) != -1) { - bytesread = 0; - while (bytesread < reclen) { - - /* Is this an incomplete record? */ - if (-1 == au_fetch_tok(&tok, buf + bytesread, - reclen - bytesread)) - break; - rec->toks[count] = tok; - rec->count = count; - au_print_tok_xml(st, &tok, ",", 0, 0); - fprintf(st, "\n"); - bytesread += tok.len; - } - free(buf); - fflush(st); + /* XXX: Is this an incomplete record? */ + if (au_fetch_tok(&(rec.toks[count]), buffer, buflen) == -1) + break; + + rec.count = count; + au_print_tok_xml(st, &(rec.toks[count]), ",", 0, 0); + buflen -= rec.toks[count].len; + buffer += rec.toks[count].len; + fprintf(st, "\n"); + count++; + if(count == 20) + return -1; + if(exit) + break; + if(*buffer == AU_TRAILER_TOKEN) + exit = 1; } - return rec; + + fflush(st); + return 0; } /* @@ -239,25 +200,19 @@ return f; } -void report_error(tokenstr_t tok, struct audit_record *rec, FILE *f) +void report_error(tokenstr_t tok, FILE *f) { - int i; - if(rec == NULL) - return; - for(i = 0; i <= rec->count; i++) { - au_print_tok_xml(f, &(rec->toks[i]), ",", 0, 0); - fprintf(f, "\n"); - } - fprintf(f, "ERROR:***"); + fprintf(f, "ERROR:***\n"); au_print_tok_xml(f, &tok, ",", 0, 0); fprintf(f, "\n"); + } /* * Check the return value of a bsm-token */ -int check_ret(au_exit_t ret, int r, char *val) +int check_ret(au_ret32_t ret, int r, char *val) { if(ret.ret == r) //if(!strncmp(ret.status, val, strlen(ret.status) > strlen(val)? ==== //depot/projects/soc2008/snagg-audit/tools/regression/audit/audit_pipe/audit_pipe_regression_test_utils.h#2 (text+ko) ==== @@ -46,6 +46,9 @@ #include <semaphore.h> #include <string.h> +#define AUDIT_BUFFER_LEN 65536 +#define AUDIT_RECORD_MAX 256 + #define SHMSZ 512 #define SEM_NAME "/audit-test" #define SEM_CLIENT_NAME "/client" @@ -59,17 +62,27 @@ CHAR_TYPE }; +/* + * NOT = do not validate anything + * GOT_READLINK = we took the last function (a readlink) of the standard + * "prologue" of every process + * VALID = we need to validate stuff + * WAITING = this is not the right syscall to parse + */ +enum VALIDATE { + NOT, + GOT_READLINK, + VALID, + WAITING +}; + struct audit_record { tokenstr_t toks[20]; int count; int index; - struct audit_record *next; }; -struct audit_record *del_record_au(struct audit_record *head, int index); -struct audit_record *add_field_au(struct audit_record *head, - struct audit_record *new); void init_channel(); void end_channel(); char *read_string(); @@ -77,11 +90,11 @@ int parse_string(char *string); long get_int(char *string); char get_c(char *string); -struct audit_record *audit_print_record(FILE *st, FILE *in); +int audit_print_record(FILE *st, char *buffer, int buflen, + struct audit_record rec); FILE *init_log(pid_t pid); -void report_error(tokenstr_t tok, struct audit_record *rec, - FILE *f); -int check_ret(au_exit_t ret, int r, char *val); +void report_error(tokenstr_t tok, FILE *f); +int check_ret(au_ret32_t ret, int r, char *val); int check_path(au_path_t path, char *val); int check_arg(au_arg32_t arg, long val); int check_priv(au_proc32ex_t priv, pid_t pid);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200806181140.m5IBer35032987>