From 8fd6e20cbd19137153f6bac9d41d6d98ebd41867 Mon Sep 17 00:00:00 2001 From: yo Date: Tue, 4 Jan 2022 18:48:18 +0100 Subject: [PATCH] Resolve auid --- libbsm.go | 40 ++++++++++++++++++++++++++++++++-------- 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/libbsm.go b/libbsm.go index 355ff82..926f1b4 100644 --- a/libbsm.go +++ b/libbsm.go @@ -750,22 +750,25 @@ func (s *Subject32) LoadFromBinary(file *os.File) error { } func (s *Subject32) Print(file *os.File, delimiter string, flags int) { + var auser string var euser string var egroup string var ruser string var rgroup string if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER { + auser = string(s.Auid) euser = string(s.Euid) egroup = string(s.Egid) ruser = string(s.Ruid) rgroup = string(s.Rgid) } else { + auser, _ = getUserName(s.Auid) euser, _ = getUserName(s.Euid) egroup, _ = getGroupName(s.Egid) ruser, _ = getUserName(s.Ruid) rgroup, _ = getGroupName(s.Rgid) } - fmt.Fprintf(file, "subject%s%v%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, euser, delimiter, egroup, + fmt.Fprintf(file, "subject%s%s%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, auser, delimiter, euser, delimiter, egroup, delimiter, ruser, delimiter, rgroup, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter, s.Tid.IpVers, delimiter, PrintIpv4FromInt(s.Tid.Addr)) if 0 == (flags & PRT_ONELINE) { @@ -818,22 +821,25 @@ func (p *Process32) LoadFromBinary(file *os.File) error { } func (p *Process32) Print(file *os.File, delimiter string, flags int) { + var auser string var euser string var egroup string var ruser string var rgroup string if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER { + auser = string(p.Auid) euser = string(p.Euid) egroup = string(p.Egid) ruser = string(p.Ruid) rgroup = string(p.Rgid) } else { + auser, _ = getUserName(p.Auid) euser, _ = getUserName(p.Euid) egroup, _ = getGroupName(p.Egid) ruser, _ = getUserName(p.Ruid) rgroup, _ = getGroupName(p.Rgid) } - fmt.Fprintf(file, "process%s%v%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, euser, delimiter, egroup, + fmt.Fprintf(file, "process%s%s%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, auser, delimiter, euser, delimiter, egroup, delimiter, ruser, delimiter, rgroup, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter, p.Tid.IpVers, delimiter, PrintIpv4FromInt(p.Tid.Addr)) if 0 == (flags & PRT_ONELINE) { @@ -901,17 +907,20 @@ func (s *Subject32Ex) LoadFromBinary(file *os.File) error { } func (s *Subject32Ex) Print(file *os.File, delimiter string, flags int) { + var auser string var euser string var egroup string var ruser string var rgroup string var ip string if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER { + auser = string(s.Auid) euser = string(s.Euid) egroup = string(s.Egid) ruser = string(s.Ruid) rgroup = string(s.Rgid) } else { + auser, _ = getUserName(s.Auid) euser, _ = getUserName(s.Euid) egroup, _ = getGroupName(s.Egid) ruser, _ = getUserName(s.Ruid) @@ -922,7 +931,7 @@ func (s *Subject32Ex) Print(file *os.File, delimiter string, flags int) { } else { ip = PrintIpv6FromInt(s.Tid.Addr6) } - fmt.Fprintf(file, "subject_ex%s%v%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, euser, + fmt.Fprintf(file, "subject_ex%s%s%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, auser, delimiter, euser, delimiter, egroup, delimiter, ruser, delimiter, rgroup, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter, s.Tid.Ttype, delimiter, ip) @@ -991,17 +1000,20 @@ func (p *Process32Ex) LoadFromBinary(file *os.File) error { } func (p *Process32Ex) Print(file *os.File, delimiter string, flags int) { + var auser string var euser string var egroup string var ruser string var rgroup string var ip string if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER { + auser = string(p.Auid) euser = string(p.Euid) egroup = string(p.Egid) ruser = string(p.Ruid) rgroup = string(p.Rgid) } else { + auser, _ = getUserName(p.Auid) euser, _ = getUserName(p.Euid) egroup, _ = getGroupName(p.Egid) ruser, _ = getUserName(p.Ruid) @@ -1014,7 +1026,7 @@ func (p *Process32Ex) Print(file *os.File, delimiter string, flags int) { ip = PrintIpv6FromInt(p.Tid.Addr6) } - fmt.Fprintf(file, "process_ex%s%v%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, euser, + fmt.Fprintf(file, "process_ex%s%s%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, auser, delimiter, euser, delimiter, egroup, delimiter, ruser, delimiter, rgroup, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter, p.Tid.Ttype, delimiter, ip) @@ -1068,22 +1080,25 @@ func (s *Subject64) LoadFromBinary(file *os.File) error { } func (s *Subject64) Print(file *os.File, delimiter string, flags int) { + var auser string var euser string var egroup string var ruser string var rgroup string if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER { + auser = string(s.Auid) euser = string(s.Euid) egroup = string(s.Egid) ruser = string(s.Ruid) rgroup = string(s.Rgid) } else { + auser, _ = getUserName(s.Auid) euser, _ = getUserName(s.Euid) egroup, _ = getGroupName(s.Egid) ruser, _ = getUserName(s.Ruid) rgroup, _ = getGroupName(s.Rgid) } - fmt.Fprintf(file, "subject%s%v%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, euser, delimiter, egroup, + fmt.Fprintf(file, "subject%s%s%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, auser, delimiter, euser, delimiter, egroup, delimiter, ruser, delimiter, rgroup, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter, s.Tid.IpVers, delimiter, PrintIpv4FromInt(s.Tid.Addr)) if 0 == (flags & PRT_ONELINE) { @@ -1136,22 +1151,25 @@ func (p *Process64) LoadFromBinary(file *os.File) error { } func (p *Process64) Print(file *os.File, delimiter string, flags int) { + var auser string var euser string var egroup string var ruser string var rgroup string if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER { + auser = string(p.Auid) euser = string(p.Euid) egroup = string(p.Egid) ruser = string(p.Ruid) rgroup = string(p.Rgid) } else { + auser, _ = getUserName(p.Auid) euser, _ = getUserName(p.Euid) egroup, _ = getGroupName(p.Egid) ruser, _ = getUserName(p.Ruid) rgroup, _ = getGroupName(p.Rgid) } - fmt.Fprintf(file, "process%s%v%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, euser, delimiter, egroup, + fmt.Fprintf(file, "process%s%s%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, auser, delimiter, euser, delimiter, egroup, delimiter, ruser, delimiter, rgroup, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter, p.Tid.IpVers, delimiter, PrintIpv4FromInt(p.Tid.Addr)) if 0 == (flags & PRT_ONELINE) { @@ -1218,17 +1236,20 @@ func (s *Subject64Ex) LoadFromBinary(file *os.File) error { } func (s *Subject64Ex) Print(file *os.File, delimiter string, flags int) { + var auser string var euser string var egroup string var ruser string var rgroup string var ip string if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER { + auser = string(s.Auid) euser = string(s.Euid) egroup = string(s.Egid) ruser = string(s.Ruid) rgroup = string(s.Rgid) } else { + auser, _ = getUserName(s.Auid) euser, _ = getUserName(s.Euid) egroup, _ = getGroupName(s.Egid) ruser, _ = getUserName(s.Ruid) @@ -1240,7 +1261,7 @@ func (s *Subject64Ex) Print(file *os.File, delimiter string, flags int) { ip = PrintIpv6FromInt(s.Tid.Addr6) } - fmt.Fprintf(file, "subject_ex%s%v%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, euser, + fmt.Fprintf(file, "subject_ex%s%s%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, auser, delimiter, euser, delimiter, egroup, delimiter, ruser, delimiter, rgroup, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter, s.Tid.Ttype, delimiter, ip) @@ -1308,17 +1329,20 @@ func (p *Process64Ex) LoadFromBinary(file *os.File) error { } func (p *Process64Ex) Print(file *os.File, delimiter string, flags int) { + var auser string var euser string var egroup string var ruser string var rgroup string var ip string if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER { + auser = string(p.Auid) euser = string(p.Euid) egroup = string(p.Egid) ruser = string(p.Ruid) rgroup = string(p.Rgid) } else { + auser, _ = getUserName(p.Auid) euser, _ = getUserName(p.Euid) egroup, _ = getGroupName(p.Egid) ruser, _ = getUserName(p.Ruid) @@ -1330,7 +1354,7 @@ func (p *Process64Ex) Print(file *os.File, delimiter string, flags int) { ip = PrintIpv6FromInt(p.Tid.Addr6) } - fmt.Fprintf(file, "process_ex%s%v%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, euser, + fmt.Fprintf(file, "process_ex%s%s%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, auser, delimiter, euser, delimiter, egroup, delimiter, ruser, delimiter, rgroup, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter, p.Tid.Ttype, delimiter, ip)