1 message in org.freebsd.p4-projectsPERFORCE change 10979 for review| From | Sent On | Attachments |
|---|---|---|
| Andrew R. Reiter | May 7, 2002 3:53 pm |
| Subject: | PERFORCE change 10979 for review | |
|---|---|---|
| From: | Andrew R. Reiter (ar...@FreeBSD.org) | |
| Date: | May 7, 2002 3:53:04 pm | |
| List: | org.freebsd.p4-projects | |
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=10979
Change 10979 by arr@arr_shibby on 2002/05/07 15:52:58
- Created AUDIT_EV_RESULT() to return "Success" or "Failure" string based upon a given ah_evresult from an audit header. - Created _dump_audit_hdr(), _dump_audit_subj(), and _dump_audit_obj() that just calls printf to display the record. - Moved _audit_print_record to audit.h for now.
Affected files ...
... //depot/projects/trustedbsd/audit/sys/sys/audit.h#28 edit
Differences ...
==== //depot/projects/trustedbsd/audit/sys/sys/audit.h#28 (text+ko) ====
@@ -51,7 +51,7 @@ #define AUDIT #endif
-#define AUDIT_VERSION 0 +#define AUDIT_VERSION 1
typedef u_int audit_id_t; typedef u_char audit_status_t; @@ -211,7 +211,7 @@
typedef struct audit_header {
audit_status_t ah_evresult;
- unsigned short ah_v;
+ unsigned int ah_v;
int ah_errno;
audit_id_t ah_id;
unsigned int ah_len; /* including hdr & evinfo */
@@ -223,6 +223,23 @@
/* Values for ah_evresult */
#define AUDIT_EVR_SUCCESS 1
#define AUDIT_EVR_FAILED 2
+
+#define AUDIT_EV_RESULT(res) ((res == AUDIT_EVR_SUCCESS) ? "Success" :
"Failure")
+
+static __inline
+void
+_dump_audit_hdr(audit_header_t *ahp)
+{
+
+ printf("---[ HEADER ]---\n"
+ "-[ Version: %u, Record ID: %u\n"
+ "-[ Result: %s, errno: %d\n"
+ "-[ Time event occured: %x\n",
+ ahp->ah_v, ahp->ah_id,
+ AUDIT_EV_RESULT(ahp->ah_evresult), ahp->ah_errno,
+ &ahp->ah_evtime);
+}
+
typedef struct audit_subject { uid_t as_euid; /* Effective UID */ @@ -231,7 +248,19 @@ uid_t as_uid; /* (real) User ID */ } audit_subject_t; #define AUDIT_SUBJ_LEN sizeof(audit_subject_t) - + +static __inline +void +_dump_audit_subj(audit_subject_t *asp) +{ + + printf("---[ SUBJECT ]---\n" + "-[ Process ID: %u\n" + "-[ Effective uid: %u, Real uid: %u\n" + "-[ Group ID: %u\n", + asp->as_pid, asp->as_euid, asp->as_uid, asp->as_gid); +} + /* * As with vattr fields, those that are unable to be filled will * be set to VNOVAL (or to 0 for ao_pathname). @@ -245,6 +274,16 @@ } audit_object_t; #define AUDIT_OBJ_LEN sizeof(audit_object_t)
+static __inline +void +_dump_audit_obj(audit_object_t *aop) +{ + + printf("---[ OBJECT ]---\n" + "-[ User ID: %u, Group ID: %u\n", + aop->ao_uid, aop->ao_gid); +} + typedef struct audit_record { TAILQ_ENTRY(audit_record) ar_next; struct audit_header ar_hdr; @@ -254,6 +293,25 @@ } audit_record_t; TAILQ_HEAD(audit_record_list, audit_record);
+static __inline +void +_audit_print_record(audit_record_t *ar) +{ + audit_header_t *ah; + audit_subject_t *as; + audit_object_t *ao; + + ah = &ar->ar_hdr; + as = &ar->ar_subj; + ao = &ar->ar_obj; + + printf("----------------------------------------------------------\n"); + _dump_audit_hdr(ah); + _dump_audit_subj(as); + _dump_audit_obj(ao); + printf("----------------------------------------------------------\n"); +} + void audit_init(void); void audit_shutdown(void);
To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe p4-projects" in the body of the message