4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 /*
27 * Main processor for auditreduce.
28 * Mproc() is the entry point for this module. It is the only visible
29 * function in this module.
30 */
31
32 #include <sys/types.h>
33 #include <locale.h>
34 #include <bsm/libbsm.h>
35 #include <bsm/audit.h>
36 #include "auditr.h"
37
38 extern int write_header();
39 extern int token_processing();
40
41 static void asort();
42 static audit_pcb_t *aget();
43 static int get_file();
790 /*
791 * Process tokens until we hit the end of the record
792 */
793 while ((uint_t)(adr.adr_now - adr.adr_stream) < bytes) {
794 adrm_char(&adr, &tokenid, 1);
795 rc = token_processing(&adr, tokenid);
796
797 /* Any Problems? */
798 if (rc == -2) {
799 (void) fprintf(stderr,
800 gettext("auditreduce: bad token %u, terminating "
801 "file %s\n"), tokenid, (pcb->pcb_cur)->fcb_file);
802 return (-2);
803 }
804
805 /* Are we finished? */
806 if (flags == checkflags)
807 return (0);
808 }
809
810 /*
811 * So, we haven't seen all that we need to see. Reject record.
812 */
813
814 return (-1);
815 }
816
817
818 /*
819 * .func check_order - Check temporal sequence.
820 * .call check_order(pcb).
821 * .arg pcb - ptr to audit_pcb_t.
822 * .desc Check to see if the records are out of temporal sequence, ie,
823 * a record has a time stamp older than its predecessor.
824 * Also check to see if the current record is within the bounds of
825 * the file itself.
826 * This routine prints a diagnostic message, unless the QUIET
827 * option was selected.
828 * .call check_order(pcb).
829 * .arg pcb - ptr to pcb holding the records.
830 * .ret void.
831 */
832 static void
833 check_order(pcb)
834 register audit_pcb_t *pcb;
|
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 *
25 * Copyright 2018 Nexenta Systems, Inc. All rights reserved.
26 */
27
28 /*
29 * Main processor for auditreduce.
30 * Mproc() is the entry point for this module. It is the only visible
31 * function in this module.
32 */
33
34 #include <sys/types.h>
35 #include <locale.h>
36 #include <bsm/libbsm.h>
37 #include <bsm/audit.h>
38 #include "auditr.h"
39
40 extern int write_header();
41 extern int token_processing();
42
43 static void asort();
44 static audit_pcb_t *aget();
45 static int get_file();
792 /*
793 * Process tokens until we hit the end of the record
794 */
795 while ((uint_t)(adr.adr_now - adr.adr_stream) < bytes) {
796 adrm_char(&adr, &tokenid, 1);
797 rc = token_processing(&adr, tokenid);
798
799 /* Any Problems? */
800 if (rc == -2) {
801 (void) fprintf(stderr,
802 gettext("auditreduce: bad token %u, terminating "
803 "file %s\n"), tokenid, (pcb->pcb_cur)->fcb_file);
804 return (-2);
805 }
806
807 /* Are we finished? */
808 if (flags == checkflags)
809 return (0);
810 }
811
812 /* let PAD_FAILURE satisfy success/failure selection */
813 if ((flags & M_SORF) != 0 && (checkflags & M_SORF) == 0 &&
814 (((global_class & mask.am_success) != 0 &&
815 (id_modifier & PAD_FAILURE) == 0) ||
816 ((global_class & mask.am_failure) != 0 &&
817 (id_modifier & PAD_FAILURE) != 0))) {
818 checkflags |= M_SORF;
819 }
820
821
822 /*
823 * If we haven't seen all that we need to see, reject the record.
824 */
825
826 return ((checkflags == flags) ? 0 : -1);
827 }
828
829
830 /*
831 * .func check_order - Check temporal sequence.
832 * .call check_order(pcb).
833 * .arg pcb - ptr to audit_pcb_t.
834 * .desc Check to see if the records are out of temporal sequence, ie,
835 * a record has a time stamp older than its predecessor.
836 * Also check to see if the current record is within the bounds of
837 * the file itself.
838 * This routine prints a diagnostic message, unless the QUIET
839 * option was selected.
840 * .call check_order(pcb).
841 * .arg pcb - ptr to pcb holding the records.
842 * .ret void.
843 */
844 static void
845 check_order(pcb)
846 register audit_pcb_t *pcb;
|