/*
* Read the default system wide audit classes from audit_control, combine with
* the per-user audit class and update the binary preselection mask.
*/
int
au_user_mask(char *username, au_mask_t *mask_p)
{
char auditstring[MAX_AUDITSTRING_LEN + 1];
char user_ent_name[AU_USER_NAME_MAX];
struct au_user_ent u, *up;
bzero(&u, sizeof(u));
bzero(user_ent_name, sizeof(user_ent_name));
u.au_name = user_ent_name;
/* Get user mask. */
if ((up = getauusernam_r(&u, username)) != NULL) {
if (-1 == getfauditflags(&up->au_always, &up->au_never,
mask_p))
return (-1);
return (0);
}
/* Read the default system mask. */
if (getacflg(auditstring, MAX_AUDITSTRING_LEN) == 0) {
if (-1 == getauditflagsbin(auditstring, mask_p))
return (-1);
return (0);
}
/* No masks defined. */
return (-1);
}
/*
* Generate the process audit state by combining the audit masks passed as
* parameters with the system audit masks.
*/
int
getfauditflags(au_mask_t *usremask, au_mask_t *usrdmask, au_mask_t *lastmask)
{
char auditstring[MAX_AUDITSTRING_LEN + 1];
if ((usremask == NULL) || (usrdmask == NULL) || (lastmask == NULL))
return (-1);
lastmask->am_success = 0;
lastmask->am_failure = 0;
/* Get the system mask. */
if (getacflg(auditstring, MAX_AUDITSTRING_LEN) == 0) {
if (getauditflagsbin(auditstring, lastmask) != 0)
return (-1);
}
ADDMASK(lastmask, usremask);
SUBMASK(lastmask, usrdmask);
return (0);
}
static void
audump_control(void)
{
char string[PATH_MAX], string2[PATH_MAX];
int ret, val;
long policy;
time_t age;
size_t size;
ret = getacflg(string, PATH_MAX);
if (ret == -2)
err(-1, "getacflg");
if (ret != 0)
errx(-1, "getacflg: %d", ret);
printf("flags:%s\n", string);
ret = getacmin(&val);
if (ret == -2)
err(-1, "getacmin");
if (ret != 0)
errx(-1, "getacmin: %d", ret);
printf("min:%d\n", val);
ret = getacna(string, PATH_MAX);
if (ret == -2)
err(-1, "getacna");
if (ret != 0)
errx(-1, "getacna: %d", ret);
printf("naflags:%s\n", string);
setac();
do {
ret = getacdir(string, PATH_MAX);
if (ret == -1)
break;
if (ret == -2)
err(-1, "getacdir");
if (ret != 0)
errx(-1, "getacdir: %d", ret);
printf("dir:%s\n", string);
} while (ret == 0);
ret = getacpol(string, PATH_MAX);
if (ret != 0)
err(-1, "getacpol");
if (au_strtopol(string, &policy) < 0)
err(-1, "au_strtopol");
if (au_poltostr(policy, PATH_MAX, string2) < 0)
err(-1, "au_poltostr");
printf("policy:%s\n", string2);
ret = getacfilesz(&size);
if (ret == -2)
err(-1, "getacfilesz");
if (ret != 0)
err(-1, "getacfilesz: %d", ret);
printf("filesz:%ldB\n", size);
ret = getachost(string, PATH_MAX);
if (ret == -2)
err(-1, "getachost");
if (ret == -3)
err(-1, "getachost: %d", ret);
if (ret == 0 && ret != 1)
printf("host:%s\n", string);
ret = getacexpire(&val, &age, &size);
if (ret == -2)
err(-1, "getacexpire");
if (ret == -1)
err(-1, "getacexpire: %d", ret);
if (ret == 0 && ret != 1)
printf("expire-after:%ldB %s %lds\n", size,
val ? "AND" : "OR", age);
}
