2 * Copyright (c) 2004 Apple Computer, Inc.
3 * Copyright (c) 2006 Robert N. M. Watson
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of
15 * its contributors may be used to endorse or promote products derived
16 * from this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
22 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
26 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
27 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28 * POSSIBILITY OF SUCH DAMAGE.
30 * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_flags.c#13 $
33 #include <bsm/libbsm.h>
39 static const char *flagdelim = ",";
42 * Convert the character representation of audit values into the au_mask_t
46 getauditflagsbin(char *auditstr, au_mask_t *masks)
48 char class_ent_name[AU_CLASS_NAME_MAX];
49 char class_ent_desc[AU_CLASS_DESC_MAX];
50 struct au_class_ent c;
56 bzero(class_ent_name, sizeof(class_ent_name));
57 bzero(class_ent_desc, sizeof(class_ent_desc));
58 c.ac_name = class_ent_name;
59 c.ac_desc = class_ent_desc;
61 masks->am_success = 0;
62 masks->am_failure = 0;
64 tok = strtok_r(auditstr, flagdelim, &last);
66 /* Check for the events that should not be audited. */
73 /* Check for the events to be audited for success. */
77 } else if (tok[0] == '-') {
83 if ((getauclassnam_r(&c, tok)) != NULL) {
85 SUB_FROM_MASK(masks, c.ac_class, sel);
87 ADD_TO_MASK(masks, c.ac_class, sel);
93 /* Get the next class. */
94 tok = strtok_r(NULL, flagdelim, &last);
100 * Convert the au_mask_t fields into a string value. If verbose is non-zero
101 * the long flag names are used else the short (2-character)flag names are
104 * XXXRW: If bits are specified that are not matched by any class, they are
105 * omitted rather than rejected with EINVAL.
107 * XXXRW: This is not thread-safe as it relies on atomicity between
108 * setauclass() and sequential calls to getauclassent(). This could be
109 * fixed by iterating through the bitmask fields rather than iterating
110 * through the classes.
113 getauditflagschar(char *auditstr, au_mask_t *masks, int verbose)
115 char class_ent_name[AU_CLASS_NAME_MAX];
116 char class_ent_desc[AU_CLASS_DESC_MAX];
117 struct au_class_ent c;
118 char *strptr = auditstr;
121 bzero(&c, sizeof(c));
122 bzero(class_ent_name, sizeof(class_ent_name));
123 bzero(class_ent_desc, sizeof(class_ent_desc));
124 c.ac_name = class_ent_name;
125 c.ac_desc = class_ent_desc;
128 * Enumerate the class entries, check if each is selected in either
129 * the success or failure masks.
132 while ((getauclassent_r(&c)) != NULL) {
135 /* Dont do anything for class = no. */
139 sel |= ((c.ac_class & masks->am_success) == c.ac_class) ?
141 sel |= ((c.ac_class & masks->am_failure) == c.ac_class) ?
145 * No prefix should be attached if both success and failure
148 if ((sel & AU_PRS_BOTH) == 0) {
149 if ((sel & AU_PRS_SUCCESS) != 0) {
152 } else if ((sel & AU_PRS_FAILURE) != 0) {
160 strcpy(strptr, c.ac_desc);
161 strptr += strlen(c.ac_desc);
163 strcpy(strptr, c.ac_name);
164 strptr += strlen(c.ac_name);
166 *strptr = ','; /* delimiter */
171 /* Overwrite the last delimiter with the string terminator. */
172 if (strptr != auditstr)