Lines Matching +full:user +full:- +full:selected
1 /*-
2 * Copyright (c) 2004-2008 Apple Inc.
8 * contract FA8650-15-C-7558 ("CADETS"), as part of the DARPA Transparent
43 * XXX We assume that records are sorted chronologically - both wrt to
93 static int p_euid; /* Effective user id. */
96 static int p_ruid; /* Real user id. */
101 * Maintain a dynamically sized array of events for -m
108 * Following are the objects (-o option) that we can select upon.
133 if (copy[i - 1] == '\\') in parse_regexp()
134 strlcpy(©[i - 1], ©[i], len); in parse_regexp()
151 rep->re_negate = 1; in parse_regexp()
153 rep->re_pattern = strdup(copy); in parse_regexp()
154 error = regcomp(&rep->re_regexp, rep->re_pattern, in parse_regexp()
157 regerror(error, &rep->re_regexp, re_error, 64); in parse_regexp()
174 fprintf(stderr, "\t-A : all records\n"); in usage()
175 fprintf(stderr, "\t-a YYYYMMDD[HH[[MM[SS]]] : after date\n"); in usage()
176 fprintf(stderr, "\t-b YYYYMMDD[HH[[MM[SS]]] : before date\n"); in usage()
177 fprintf(stderr, "\t-c <flags> : matching class\n"); in usage()
178 fprintf(stderr, "\t-d YYYYMMDD : on date\n"); in usage()
179 fprintf(stderr, "\t-e <uid|name> : effective user\n"); in usage()
180 fprintf(stderr, "\t-f <gid|group> : effective group\n"); in usage()
181 fprintf(stderr, "\t-g <gid|group> : real group\n"); in usage()
182 fprintf(stderr, "\t-j <pid> : subject id \n"); in usage()
183 fprintf(stderr, "\t-m <evno|evname> : matching event\n"); in usage()
184 fprintf(stderr, "\t-o objecttype=objectvalue\n"); in usage()
190 fprintf(stderr, "\t-r <uid|name> : real user\n"); in usage()
191 fprintf(stderr, "\t-u <uid|name> : audit user\n"); in usage()
192 fprintf(stderr, "\t-v : select non-matching records\n"); in usage()
193 fprintf(stderr, "\t-z <zone> : zone name\n"); in usage()
261 select_ruid(int user) in select_ruid() argument
266 if (user != p_ruid) in select_ruid()
334 /* Unknown type -- filter if *any* ipc filtering is required. */ in select_ipcobj()
357 if (regexec(&rep->re_regexp, path, 0, NULL, in select_filepath()
359 return (!rep->re_negate); in select_filepath()
368 * before-time,
516 * Read each record from the audit trail. Check if it is selected after
527 int selected; in select_records() local
532 while ((reclen = au_read_rec(fp, &buf)) != -1) { in select_records()
535 selected = 1; in select_records()
536 while ((selected == 1) && (bytesread < reclen)) { in select_records()
537 if (-1 == au_fetch_tok(&tok, buf + bytesread, in select_records()
538 reclen - bytesread)) { in select_records()
550 selected = select_hdr32(tok, in select_records()
557 selected = select_proc32(tok, in select_records()
562 selected = select_subj32(tok, in select_records()
567 selected = select_ipcobj( in select_records()
573 selected = select_filepath( in select_records()
578 selected = select_return32(tok, in select_records()
583 selected = select_zone(tok.tt.zonename.zonename, &optchkd); in select_records()
592 print = ((selected == 1) && (!err) && (!(opttochk & ~optchkd))); in select_records()
603 * The -o option has the form object_type=object_value. Identify the object
632 usage("unknown value for -o"); in parse_object_type()
656 while ((ch = getopt(argc, argv, "Aa:b:c:d:e:f:g:j:m:o:r:u:vz:")) != -1) { in main()
720 p_euid = pw->pw_uid; in main()
731 p_egid = grp->gr_gid; in main()
742 p_rgid = grp->gr_gid; in main()
791 p_ruid = pw->pw_uid; in main()
801 p_auid = pw->pw_uid; in main()
821 argc -= optind; in main()
829 if (select_records(stdin) == -1) in main()
861 if (select_records(fp) == -1) in main()
872 if (select_records(fp) == -1) in main()