Date: Tue, 7 May 2002 15:53:26 -0700 (PDT) From: "Andrew R. Reiter" <arr@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 10979 for review Message-ID: <200205072253.g47MrQ063576@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=10979 Change 10979 by arr@arr_shibby on 2002/05/07 15:52:58 - Created AUDIT_EV_RESULT() to return "Success" or "Failure" string based upon a given ah_evresult from an audit header. - Created _dump_audit_hdr(), _dump_audit_subj(), and _dump_audit_obj() that just calls printf to display the record. - Moved _audit_print_record to audit.h for now. Affected files ... ... //depot/projects/trustedbsd/audit/sys/sys/audit.h#28 edit Differences ... ==== //depot/projects/trustedbsd/audit/sys/sys/audit.h#28 (text+ko) ==== @@ -51,7 +51,7 @@ #define AUDIT #endif -#define AUDIT_VERSION 0 +#define AUDIT_VERSION 1 typedef u_int audit_id_t; typedef u_char audit_status_t; @@ -211,7 +211,7 @@ typedef struct audit_header { audit_status_t ah_evresult; - unsigned short ah_v; + unsigned int ah_v; int ah_errno; audit_id_t ah_id; unsigned int ah_len; /* including hdr & evinfo */ @@ -223,6 +223,23 @@ /* Values for ah_evresult */ #define AUDIT_EVR_SUCCESS 1 #define AUDIT_EVR_FAILED 2 + +#define AUDIT_EV_RESULT(res) ((res == AUDIT_EVR_SUCCESS) ? "Success" : "Failure") + +static __inline +void +_dump_audit_hdr(audit_header_t *ahp) +{ + + printf("---[ HEADER ]---\n" + "-[ Version: %u, Record ID: %u\n" + "-[ Result: %s, errno: %d\n" + "-[ Time event occured: %x\n", + ahp->ah_v, ahp->ah_id, + AUDIT_EV_RESULT(ahp->ah_evresult), ahp->ah_errno, + &ahp->ah_evtime); +} + typedef struct audit_subject { uid_t as_euid; /* Effective UID */ @@ -231,7 +248,19 @@ uid_t as_uid; /* (real) User ID */ } audit_subject_t; #define AUDIT_SUBJ_LEN sizeof(audit_subject_t) - + +static __inline +void +_dump_audit_subj(audit_subject_t *asp) +{ + + printf("---[ SUBJECT ]---\n" + "-[ Process ID: %u\n" + "-[ Effective uid: %u, Real uid: %u\n" + "-[ Group ID: %u\n", + asp->as_pid, asp->as_euid, asp->as_uid, asp->as_gid); +} + /* * As with vattr fields, those that are unable to be filled will * be set to VNOVAL (or to 0 for ao_pathname). @@ -245,6 +274,16 @@ } audit_object_t; #define AUDIT_OBJ_LEN sizeof(audit_object_t) +static __inline +void +_dump_audit_obj(audit_object_t *aop) +{ + + printf("---[ OBJECT ]---\n" + "-[ User ID: %u, Group ID: %u\n", + aop->ao_uid, aop->ao_gid); +} + typedef struct audit_record { TAILQ_ENTRY(audit_record) ar_next; struct audit_header ar_hdr; @@ -254,6 +293,25 @@ } audit_record_t; TAILQ_HEAD(audit_record_list, audit_record); +static __inline +void +_audit_print_record(audit_record_t *ar) +{ + audit_header_t *ah; + audit_subject_t *as; + audit_object_t *ao; + + ah = &ar->ar_hdr; + as = &ar->ar_subj; + ao = &ar->ar_obj; + + printf("----------------------------------------------------------\n"); + _dump_audit_hdr(ah); + _dump_audit_subj(as); + _dump_audit_obj(ao); + printf("----------------------------------------------------------\n"); +} + void audit_init(void); void audit_shutdown(void); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205072253.g47MrQ063576>