1ca0716f5SRobert Watson /*- 2bb97b418SRobert Watson * Copyright (c) 2005-2006 Robert N. M. Watson 3ca0716f5SRobert Watson * All rights reserved. 4ca0716f5SRobert Watson * 5ca0716f5SRobert Watson * Redistribution and use in source and binary forms, with or without 6ca0716f5SRobert Watson * modification, are permitted provided that the following conditions 7ca0716f5SRobert Watson * are met: 8ca0716f5SRobert Watson * 1. Redistributions of source code must retain the above copyright 9ca0716f5SRobert Watson * notice, this list of conditions and the following disclaimer. 10ca0716f5SRobert Watson * 2. Redistributions in binary form must reproduce the above copyright 11ca0716f5SRobert Watson * notice, this list of conditions and the following disclaimer in the 12ca0716f5SRobert Watson * documentation and/or other materials provided with the distribution. 13ca0716f5SRobert Watson * 14ca0716f5SRobert Watson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15ca0716f5SRobert Watson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16ca0716f5SRobert Watson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17ca0716f5SRobert Watson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18ca0716f5SRobert Watson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19ca0716f5SRobert Watson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20ca0716f5SRobert Watson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21ca0716f5SRobert Watson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22ca0716f5SRobert Watson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23ca0716f5SRobert Watson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24ca0716f5SRobert Watson * SUCH DAMAGE. 25ca0716f5SRobert Watson * 2606edd2f1SRobert Watson * $P4: //depot/projects/trustedbsd/openbsm/tools/audump.c#8 $ 27ca0716f5SRobert Watson */ 28ca0716f5SRobert Watson 29ca0716f5SRobert Watson #include <bsm/libbsm.h> 30ca0716f5SRobert Watson #include <string.h> 31ca0716f5SRobert Watson #include <err.h> 32ca0716f5SRobert Watson #include <limits.h> 33ca0716f5SRobert Watson #include <stdio.h> 34ca0716f5SRobert Watson #include <stdlib.h> 35ca0716f5SRobert Watson 36ca0716f5SRobert Watson /* 37ca0716f5SRobert Watson * Simple tool to dump various /etc/security databases using the defined APIs. 38ca0716f5SRobert Watson */ 39ca0716f5SRobert Watson 40ca0716f5SRobert Watson static void 41ca0716f5SRobert Watson usage(void) 42ca0716f5SRobert Watson { 43ca0716f5SRobert Watson 44f4e380b0SRobert Watson fprintf(stderr, "usage: audump [class|class_r|control|event|event_r|" 45ca0716f5SRobert Watson "user|user_r]\n"); 46ca0716f5SRobert Watson exit(-1); 47ca0716f5SRobert Watson } 48ca0716f5SRobert Watson 49ca0716f5SRobert Watson static void 50ca0716f5SRobert Watson audump_class(void) 51ca0716f5SRobert Watson { 52ca0716f5SRobert Watson au_class_ent_t *cp; 53ca0716f5SRobert Watson 54ca0716f5SRobert Watson while ((cp = getauclassent()) != NULL) 55ca0716f5SRobert Watson printf("0x%08x:%s:%s\n", cp->ac_class, cp->ac_name, 56ca0716f5SRobert Watson cp->ac_desc); 57ca0716f5SRobert Watson } 58ca0716f5SRobert Watson 59ca0716f5SRobert Watson static void 60ca0716f5SRobert Watson audump_class_r(void) 61ca0716f5SRobert Watson { 62ca0716f5SRobert Watson char class_ent_name[AU_CLASS_NAME_MAX]; 63ca0716f5SRobert Watson char class_ent_desc[AU_CLASS_DESC_MAX]; 64ca0716f5SRobert Watson au_class_ent_t c, *cp; 65ca0716f5SRobert Watson 66ca0716f5SRobert Watson bzero(&c, sizeof(c)); 67ca0716f5SRobert Watson bzero(class_ent_name, sizeof(class_ent_name)); 68ca0716f5SRobert Watson bzero(class_ent_desc, sizeof(class_ent_desc)); 69ca0716f5SRobert Watson c.ac_name = class_ent_name; 70ca0716f5SRobert Watson c.ac_desc = class_ent_desc; 71ca0716f5SRobert Watson 72ca0716f5SRobert Watson while ((cp = getauclassent_r(&c)) != NULL) 73ca0716f5SRobert Watson printf("0x%08x:%s:%s\n", cp->ac_class, cp->ac_name, 74ca0716f5SRobert Watson cp->ac_desc); 75ca0716f5SRobert Watson } 76ca0716f5SRobert Watson 77ca0716f5SRobert Watson static void 78ca0716f5SRobert Watson audump_control(void) 79ca0716f5SRobert Watson { 80bb97b418SRobert Watson char string[PATH_MAX], string2[PATH_MAX]; 81ca0716f5SRobert Watson int ret, val; 82bb97b418SRobert Watson long policy; 8306edd2f1SRobert Watson time_t age; 8406edd2f1SRobert Watson size_t size; 85ca0716f5SRobert Watson 86ca0716f5SRobert Watson ret = getacflg(string, PATH_MAX); 87ca0716f5SRobert Watson if (ret == -2) 88ca0716f5SRobert Watson err(-1, "getacflg"); 89ca0716f5SRobert Watson if (ret != 0) 90ca0716f5SRobert Watson errx(-1, "getacflg: %d", ret); 91ca0716f5SRobert Watson 92ca0716f5SRobert Watson printf("flags:%s\n", string); 93ca0716f5SRobert Watson 94ca0716f5SRobert Watson ret = getacmin(&val); 95ca0716f5SRobert Watson if (ret == -2) 96ca0716f5SRobert Watson err(-1, "getacmin"); 97ca0716f5SRobert Watson if (ret != 0) 98ca0716f5SRobert Watson errx(-1, "getacmin: %d", ret); 99ca0716f5SRobert Watson 100ca0716f5SRobert Watson printf("min:%d\n", val); 101ca0716f5SRobert Watson 102ca0716f5SRobert Watson ret = getacna(string, PATH_MAX); 103ca0716f5SRobert Watson if (ret == -2) 104ca0716f5SRobert Watson err(-1, "getacna"); 105ca0716f5SRobert Watson if (ret != 0) 106ca0716f5SRobert Watson errx(-1, "getacna: %d", ret); 107ca0716f5SRobert Watson 108ca0716f5SRobert Watson printf("naflags:%s\n", string); 109ca0716f5SRobert Watson 110ca0716f5SRobert Watson setac(); 111ca0716f5SRobert Watson do { 112ca0716f5SRobert Watson ret = getacdir(string, PATH_MAX); 113ca0716f5SRobert Watson if (ret == -1) 114ca0716f5SRobert Watson break; 115ca0716f5SRobert Watson if (ret == -2) 116ca0716f5SRobert Watson err(-1, "getacdir"); 117ca0716f5SRobert Watson if (ret != 0) 118ca0716f5SRobert Watson errx(-1, "getacdir: %d", ret); 119ca0716f5SRobert Watson printf("dir:%s\n", string); 120ca0716f5SRobert Watson 121ca0716f5SRobert Watson } while (ret == 0); 122bb97b418SRobert Watson 123bb97b418SRobert Watson ret = getacpol(string, PATH_MAX); 124bb97b418SRobert Watson if (ret != 0) 125bb97b418SRobert Watson err(-1, "getacpol"); 126bb97b418SRobert Watson if (au_strtopol(string, &policy) < 0) 127bb97b418SRobert Watson err(-1, "au_strtopol"); 128bc168a6cSRobert Watson if (au_poltostr(policy, PATH_MAX, string2) < 0) 129bb97b418SRobert Watson err(-1, "au_poltostr"); 130bb97b418SRobert Watson printf("policy:%s\n", string2); 13106edd2f1SRobert Watson 13206edd2f1SRobert Watson ret = getacfilesz(&size); 13306edd2f1SRobert Watson if (ret == -2) 13406edd2f1SRobert Watson err(-1, "getacfilesz"); 13506edd2f1SRobert Watson if (ret != 0) 13606edd2f1SRobert Watson err(-1, "getacfilesz: %d", ret); 13706edd2f1SRobert Watson 13806edd2f1SRobert Watson printf("filesz:%ldB\n", size); 13906edd2f1SRobert Watson 14006edd2f1SRobert Watson 14106edd2f1SRobert Watson ret = getachost(string, PATH_MAX); 14206edd2f1SRobert Watson if (ret == -2) 14306edd2f1SRobert Watson err(-1, "getachost"); 14406edd2f1SRobert Watson if (ret == -3) 14506edd2f1SRobert Watson err(-1, "getachost: %d", ret); 14606edd2f1SRobert Watson if (ret == 0 && ret != 1) 14706edd2f1SRobert Watson printf("host:%s\n", string); 14806edd2f1SRobert Watson 14906edd2f1SRobert Watson ret = getacexpire(&val, &age, &size); 15006edd2f1SRobert Watson if (ret == -2) 15106edd2f1SRobert Watson err(-1, "getacexpire"); 15206edd2f1SRobert Watson if (ret == -1) 15306edd2f1SRobert Watson err(-1, "getacexpire: %d", ret); 15406edd2f1SRobert Watson if (ret == 0 && ret != 1) 15506edd2f1SRobert Watson printf("expire-after:%ldB %s %lds\n", size, 15606edd2f1SRobert Watson val ? "AND" : "OR", age); 157ca0716f5SRobert Watson } 158ca0716f5SRobert Watson 159ca0716f5SRobert Watson static void 160ca0716f5SRobert Watson printf_classmask(au_class_t classmask) 161ca0716f5SRobert Watson { 162ca0716f5SRobert Watson au_class_ent_t *c; 163ca0716f5SRobert Watson u_int32_t i; 164ca0716f5SRobert Watson int first; 165ca0716f5SRobert Watson 166ca0716f5SRobert Watson first = 1; 167ca0716f5SRobert Watson for (i = 0; i < 32; i++) { 168ca0716f5SRobert Watson if (classmask & (2 << i)) { 169ca0716f5SRobert Watson if (first) 170ca0716f5SRobert Watson first = 0; 171ca0716f5SRobert Watson else 172ca0716f5SRobert Watson printf(","); 173ca0716f5SRobert Watson c = getauclassnum(2 << i); 174ca0716f5SRobert Watson if (c != NULL) 175ca0716f5SRobert Watson printf("%s", c->ac_name); 176ca0716f5SRobert Watson else 177ca0716f5SRobert Watson printf("0x%x", 2 << i); 178ca0716f5SRobert Watson } 179ca0716f5SRobert Watson } 180ca0716f5SRobert Watson } 181ca0716f5SRobert Watson 182ca0716f5SRobert Watson static void 183ca0716f5SRobert Watson audump_event(void) 184ca0716f5SRobert Watson { 185ca0716f5SRobert Watson au_event_ent_t *ep; 186ca0716f5SRobert Watson 187ca0716f5SRobert Watson while ((ep = getauevent()) != NULL) { 188ca0716f5SRobert Watson printf("%d:%s:%s:", ep->ae_number, ep->ae_name, ep->ae_desc); 189ca0716f5SRobert Watson printf_classmask(ep->ae_class); 190ca0716f5SRobert Watson printf("\n"); 191ca0716f5SRobert Watson } 192ca0716f5SRobert Watson } 193ca0716f5SRobert Watson 194ca0716f5SRobert Watson static void 195ca0716f5SRobert Watson audump_event_r(void) 196ca0716f5SRobert Watson { 197ca0716f5SRobert Watson char event_ent_name[AU_EVENT_NAME_MAX]; 198ca0716f5SRobert Watson char event_ent_desc[AU_EVENT_DESC_MAX]; 199ca0716f5SRobert Watson au_event_ent_t e, *ep; 200ca0716f5SRobert Watson 201ca0716f5SRobert Watson bzero(&e, sizeof(e)); 202ca0716f5SRobert Watson bzero(event_ent_name, sizeof(event_ent_name)); 203ca0716f5SRobert Watson bzero(event_ent_desc, sizeof(event_ent_desc)); 204ca0716f5SRobert Watson e.ae_name = event_ent_name; 205ca0716f5SRobert Watson e.ae_desc = event_ent_desc; 206ca0716f5SRobert Watson 207ca0716f5SRobert Watson while ((ep = getauevent_r(&e)) != NULL) { 208ca0716f5SRobert Watson printf("%d:%s:%s:", ep->ae_number, ep->ae_name, ep->ae_desc); 209ca0716f5SRobert Watson printf_classmask(ep->ae_class); 210ca0716f5SRobert Watson printf("\n"); 211ca0716f5SRobert Watson } 212ca0716f5SRobert Watson } 213ca0716f5SRobert Watson 214ca0716f5SRobert Watson static void 215ca0716f5SRobert Watson audump_user(void) 216ca0716f5SRobert Watson { 217ca0716f5SRobert Watson au_user_ent_t *up; 218ca0716f5SRobert Watson 219ca0716f5SRobert Watson while ((up = getauuserent()) != NULL) { 220ca0716f5SRobert Watson printf("%s:", up->au_name); 221ca0716f5SRobert Watson // printf_classmask(up->au_always); 222ca0716f5SRobert Watson printf(":"); 223ca0716f5SRobert Watson // printf_classmask(up->au_never); 224ca0716f5SRobert Watson printf("\n"); 225ca0716f5SRobert Watson } 226ca0716f5SRobert Watson } 227ca0716f5SRobert Watson 228ca0716f5SRobert Watson static void 229ca0716f5SRobert Watson audump_user_r(void) 230ca0716f5SRobert Watson { 231ca0716f5SRobert Watson char user_ent_name[AU_USER_NAME_MAX]; 232ca0716f5SRobert Watson au_user_ent_t u, *up; 233ca0716f5SRobert Watson 234ca0716f5SRobert Watson bzero(&u, sizeof(u)); 235ca0716f5SRobert Watson bzero(user_ent_name, sizeof(user_ent_name)); 236ca0716f5SRobert Watson u.au_name = user_ent_name; 237ca0716f5SRobert Watson 238ca0716f5SRobert Watson while ((up = getauuserent_r(&u)) != NULL) { 239ca0716f5SRobert Watson printf("%s:", up->au_name); 240ca0716f5SRobert Watson // printf_classmask(up->au_always); 241ca0716f5SRobert Watson printf(":"); 242ca0716f5SRobert Watson // printf_classmask(up->au_never); 243ca0716f5SRobert Watson printf("\n"); 244ca0716f5SRobert Watson } 245ca0716f5SRobert Watson } 246ca0716f5SRobert Watson 247ca0716f5SRobert Watson int 248ca0716f5SRobert Watson main(int argc, char *argv[]) 249ca0716f5SRobert Watson { 250ca0716f5SRobert Watson 251ca0716f5SRobert Watson if (argc != 2) 252ca0716f5SRobert Watson usage(); 253ca0716f5SRobert Watson 254ca0716f5SRobert Watson if (strcmp(argv[1], "class") == 0) 255ca0716f5SRobert Watson audump_class(); 256ca0716f5SRobert Watson else if (strcmp(argv[1], "class_r") == 0) 257ca0716f5SRobert Watson audump_class_r(); 258ca0716f5SRobert Watson else if (strcmp(argv[1], "control") == 0) 259ca0716f5SRobert Watson audump_control(); 260ca0716f5SRobert Watson else if (strcmp(argv[1], "event") == 0) 261ca0716f5SRobert Watson audump_event(); 262ca0716f5SRobert Watson else if (strcmp(argv[1], "event_r") == 0) 263ca0716f5SRobert Watson audump_event_r(); 264ca0716f5SRobert Watson else if (strcmp(argv[1], "user") == 0) 265ca0716f5SRobert Watson audump_user(); 266ca0716f5SRobert Watson else if (strcmp(argv[1], "user_r") == 0) 267ca0716f5SRobert Watson audump_user_r(); 268ca0716f5SRobert Watson else 269ca0716f5SRobert Watson usage(); 270ca0716f5SRobert Watson 271ca0716f5SRobert Watson return (0); 272ca0716f5SRobert Watson } 273