From owner-p4-projects Tue May 7 15:53:40 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id A927537B401; Tue, 7 May 2002 15:53:27 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 94CCE37B400 for ; Tue, 7 May 2002 15:53:26 -0700 (PDT) Received: (from perforce@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g47MrQ063576 for perforce@freebsd.org; Tue, 7 May 2002 15:53:26 -0700 (PDT) (envelope-from arr@freebsd.org) Date: Tue, 7 May 2002 15:53:26 -0700 (PDT) Message-Id: <200205072253.g47MrQ063576@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to arr@freebsd.org using -f From: "Andrew R. Reiter" Subject: PERFORCE change 10979 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=10979 Change 10979 by arr@arr_shibby on 2002/05/07 15:52:58 - Created AUDIT_EV_RESULT() to return "Success" or "Failure" string based upon a given ah_evresult from an audit header. - Created _dump_audit_hdr(), _dump_audit_subj(), and _dump_audit_obj() that just calls printf to display the record. - Moved _audit_print_record to audit.h for now. Affected files ... ... //depot/projects/trustedbsd/audit/sys/sys/audit.h#28 edit Differences ... ==== //depot/projects/trustedbsd/audit/sys/sys/audit.h#28 (text+ko) ==== @@ -51,7 +51,7 @@ #define AUDIT #endif -#define AUDIT_VERSION 0 +#define AUDIT_VERSION 1 typedef u_int audit_id_t; typedef u_char audit_status_t; @@ -211,7 +211,7 @@ typedef struct audit_header { audit_status_t ah_evresult; - unsigned short ah_v; + unsigned int ah_v; int ah_errno; audit_id_t ah_id; unsigned int ah_len; /* including hdr & evinfo */ @@ -223,6 +223,23 @@ /* Values for ah_evresult */ #define AUDIT_EVR_SUCCESS 1 #define AUDIT_EVR_FAILED 2 + +#define AUDIT_EV_RESULT(res) ((res == AUDIT_EVR_SUCCESS) ? "Success" : "Failure") + +static __inline +void +_dump_audit_hdr(audit_header_t *ahp) +{ + + printf("---[ HEADER ]---\n" + "-[ Version: %u, Record ID: %u\n" + "-[ Result: %s, errno: %d\n" + "-[ Time event occured: %x\n", + ahp->ah_v, ahp->ah_id, + AUDIT_EV_RESULT(ahp->ah_evresult), ahp->ah_errno, + &ahp->ah_evtime); +} + typedef struct audit_subject { uid_t as_euid; /* Effective UID */ @@ -231,7 +248,19 @@ uid_t as_uid; /* (real) User ID */ } audit_subject_t; #define AUDIT_SUBJ_LEN sizeof(audit_subject_t) - + +static __inline +void +_dump_audit_subj(audit_subject_t *asp) +{ + + printf("---[ SUBJECT ]---\n" + "-[ Process ID: %u\n" + "-[ Effective uid: %u, Real uid: %u\n" + "-[ Group ID: %u\n", + asp->as_pid, asp->as_euid, asp->as_uid, asp->as_gid); +} + /* * As with vattr fields, those that are unable to be filled will * be set to VNOVAL (or to 0 for ao_pathname). @@ -245,6 +274,16 @@ } audit_object_t; #define AUDIT_OBJ_LEN sizeof(audit_object_t) +static __inline +void +_dump_audit_obj(audit_object_t *aop) +{ + + printf("---[ OBJECT ]---\n" + "-[ User ID: %u, Group ID: %u\n", + aop->ao_uid, aop->ao_gid); +} + typedef struct audit_record { TAILQ_ENTRY(audit_record) ar_next; struct audit_header ar_hdr; @@ -254,6 +293,25 @@ } audit_record_t; TAILQ_HEAD(audit_record_list, audit_record); +static __inline +void +_audit_print_record(audit_record_t *ar) +{ + audit_header_t *ah; + audit_subject_t *as; + audit_object_t *ao; + + ah = &ar->ar_hdr; + as = &ar->ar_subj; + ao = &ar->ar_obj; + + printf("----------------------------------------------------------\n"); + _dump_audit_hdr(ah); + _dump_audit_subj(as); + _dump_audit_obj(ao); + printf("----------------------------------------------------------\n"); +} + void audit_init(void); void audit_shutdown(void); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message