From 744f087e6c6b9f0669614e887afee2394b0d1b93 Mon Sep 17 00:00:00 2001 From: yo Date: Mon, 16 Jan 2023 21:30:30 +0100 Subject: [PATCH 1/3] More err check, https://github.com/openbsm/openbsm/pull/75 workaround --- libbsm.go | 53 ++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 36 insertions(+), 17 deletions(-) diff --git a/libbsm.go b/libbsm.go index 5e1376f..be146f5 100644 --- a/libbsm.go +++ b/libbsm.go @@ -412,14 +412,17 @@ func getGroupNameByGid(gid uint32) (group, error) { func getEventName(event uint16) (string,error) { if len(gEventDB) == 0 { - loadEventDB() + err := loadEventDB() + if err != nil { + fmt.Printf("%v\n", err) + } } for _, ev := range gEventDB { if ev.Type == int(event) { return ev.Desc, nil } } - return "", fmt.Errorf("Event ID not found: %x\n", event) + return "", fmt.Errorf("Event ID not found: %d\n", event) } // We load the entire file in memory @@ -438,30 +441,43 @@ func loadEventDB() error { continue } eventStr := strings.Split(line, ":") - if len(eventStr) != 4 { + // Wait for https://github.com/openbsm/openbsm/pull/75 + //if len(eventStr) != 4 { + if (len(eventStr) != 4 && eventStr[0] != "43082") || (len(eventStr) == 5 && eventStr[0] != "43082") { continue } - t, _ := strconv.Atoi(eventStr[0]) - gEventDB = append(gEventDB, event{Type: t, - Name: eventStr[1], - Desc: eventStr[2], - Class: eventStr[3],}) + t, err := strconv.Atoi(eventStr[0]) + if err != nil { + return fmt.Errorf("Unable to convert to int: %v\n", eventStr[0]) + } + // Wait for https://github.com/openbsm/openbsm/pull/75 + if t == 43082 && (len(eventStr) == 5) { + gEventDB = append(gEventDB, event{Type: t, + Name: eventStr[1], + Desc: eventStr[3], + Class: eventStr[4],}) + } else { + gEventDB = append(gEventDB, event{Type: t, + Name: eventStr[1], + Desc: eventStr[2], + Class: eventStr[3],}) + } } return nil } func PrintIpv4FromInt(ipv4int uint32) string { return fmt.Sprintf("%d.%d.%d.%d", ipv4int & 0xFF000000 >> 24, ipv4int & 0x00FF0000 >> 16, - ipv4int & 0x0000FF00 >> 8, ipv4int & 0x000000FF) + ipv4int & 0x0000FF00 >> 8, ipv4int & 0x000000FF) } func PrintIpv6FromInt(ipv6int [4]uint32) string { //return fmt.Sprintf("%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x", return fmt.Sprintf("%x:%x:%x:%x:%x:%x:%x:%x", - ipv6int[0] & 0xFFFF0000 >> 16, ipv6int[0] & 0x0000FFFF, - ipv6int[1] & 0xFFFF0000 >> 16, ipv6int[1] & 0x0000FFFF, - ipv6int[2] & 0xFFFF0000 >> 16, ipv6int[2] & 0x0000FFFF, - ipv6int[3] & 0xFFFF0000 >> 16, ipv6int[3] & 0x0000FFFF) + ipv6int[0] & 0xFFFF0000 >> 16, ipv6int[0] & 0x0000FFFF, + ipv6int[1] & 0xFFFF0000 >> 16, ipv6int[1] & 0x0000FFFF, + ipv6int[2] & 0xFFFF0000 >> 16, ipv6int[2] & 0x0000FFFF, + ipv6int[3] & 0xFFFF0000 >> 16, ipv6int[3] & 0x0000FFFF) } /* Records structs implementation */ @@ -521,11 +537,14 @@ func (h *Header32) Print(file *os.File, delimiter string, flags int) { t := time.Unix((int64)(h.S), 0) timeval = t.Format(time.UnixDate) } - // We dont care for error - evdesc, _ := getEventName(h.E_type) + evdesc, err := getEventName(h.E_type) + if err != nil { + fmt.Printf("%v\n", err) + return + } fmt.Fprintf(file, "header%s%d%s%d%s%s%s%v%s%s%s%d", delimiter, h.Size, delimiter, h.Version, delimiter, - //h.E_type, delimiter, h.E_mod, delimiter, t.Format(time.UnixDate), delimiter, h.Msec) - evdesc, delimiter, h.E_mod, delimiter, timeval, delimiter, h.Msec) + //h.E_type, delimiter, h.E_mod, delimiter, t.Format(time.UnixDate), delimiter, h.Msec) + evdesc, delimiter, h.E_mod, delimiter, timeval, delimiter, h.Msec) if 0 == (flags & PRT_ONELINE) { fmt.Fprintf(file, "\n") } else { From 517bae6dd8d465a2f828d512ee7270c1f1695599 Mon Sep 17 00:00:00 2001 From: yo Date: Tue, 17 Jan 2023 20:49:24 +0100 Subject: [PATCH 2/3] Add error messages --- bsmerrno.go | 460 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 460 insertions(+) create mode 100644 bsmerrno.go diff --git a/bsmerrno.go b/bsmerrno.go new file mode 100644 index 0000000..97a3a81 --- /dev/null +++ b/bsmerrno.go @@ -0,0 +1,460 @@ +// This is an implementation of libbsm +// Copyright johan@nosd.in 2023 +// +//go:build freebsd +// +build freebsd + +// + +package main + +import ( + "fmt" +) + +type BsmErrno struct { + Errno uint8 + LocalErrno uint16 + StrError string +} + +const ( + + // From https://github.com/freebsd/freebsd-src/blob/main/sys/sys/errno.h + EPERM = 1 /* Operation not permitted */ + ENOENT = 2 /* No such file or directory */ + ESRCH = 3 /* No such process */ + EINTR = 4 /* Interrupted system call */ + EIO = 5 /* Input/output error */ + ENXIO = 6 /* Device not configured */ + E2BIG = 7 /* Argument list too long */ + ENOEXEC = 8 /* Exec format error */ + EBADF = 9 /* Bad file descriptor */ + ECHILD = 10 /* No child processes */ + EDEADLK = 11 /* Resource deadlock avoided */ + ENOMEM = 12 /* Cannot allocate memory */ + EACCES = 13 /* Permission denied */ + EFAULT = 14 /* Bad address */ + ENOTBLK = 15 /* Block device required */ + EBUSY = 16 /* Device busy */ + EEXIST = 17 /* File exists */ + EXDEV = 18 /* Cross-device link */ + ENODEV = 19 /* Operation not supported by device */ + ENOTDIR = 20 /* Not a directory */ + EISDIR = 21 /* Is a directory */ + EINVAL = 22 /* Invalid argument */ + ENFILE = 23 /* Too many open files in system */ + EMFILE = 24 /* Too many open files */ + ENOTTY = 25 /* Inappropriate ioctl for device */ + ETXTBSY = 26 /* Text file busy */ + EFBIG = 27 /* File too large */ + ENOSPC = 28 /* No space left on device */ + ESPIPE = 29 /* Illegal seek */ + EROFS = 30 /* Read-only filesystem */ + EMLINK = 31 /* Too many links */ + EPIPE = 32 /* Broken pipe */ + EDOM = 33 /* Numerical argument out of domain */ + ERANGE = 34 /* Result too large */ + EAGAIN = 35 /* Resource temporarily unavailable */ + EWOULDBLOCK = EAGAIN /* Operation would block */ + EINPROGRESS = 36 /* Operation now in progress */ + EALREADY = 37 /* Operation already in progress */ + ENOTSOCK = 38 /* Socket operation on non-socket */ + EDESTADDRREQ = 39 /* Destination address required */ + EMSGSIZE = 40 /* Message too long */ + EPROTOTYPE = 41 /* Protocol wrong type for socket */ + ENOPROTOOPT = 42 /* Protocol not available */ + EPROTONOSUPPORT = 43 /* Protocol not supported */ + ESOCKTNOSUPPORT = 44 /* Socket type not supported */ + EOPNOTSUPP = 45 /* Operation not supported */ + ENOTSUP = EOPNOTSUPP /* Operation not supported */ + EPFNOSUPPORT = 46 /* Protocol family not supported */ + EAFNOSUPPORT = 47 /* Address family not supported by protocol family */ + EADDRINUSE = 48 /* Address already in use */ + EADDRNOTAVAIL = 49 /* Can't assign requested address */ + ENETDOWN = 50 /* Network is down */ + ENETUNREACH = 51 /* Network is unreachable */ + ENETRESET = 52 /* Network dropped connection on reset */ + ECONNABORTED = 53 /* Software caused connection abort */ + ECONNRESET = 54 /* Connection reset by peer */ + ENOBUFS = 55 /* No buffer space available */ + EISCONN = 56 /* Socket is already connected */ + ENOTCONN = 57 /* Socket is not connected */ + ESHUTDOWN = 58 /* Can't send after socket shutdown */ + ETOOMANYREFS = 59 /* Too many references: can't splice */ + ETIMEDOUT = 60 /* Operation timed out */ + ECONNREFUSED = 61 /* Connection refused */ + ELOOP = 62 /* Too many levels of symbolic links */ + ENAMETOOLONG = 63 /* File name too long */ + EHOSTDOWN = 64 /* Host is down */ + EHOSTUNREACH = 65 /* No route to host */ + ENOTEMPTY = 66 /* Directory not empty */ + EPROCLIM = 67 /* Too many processes */ + EUSERS = 68 /* Too many users */ + EDQUOT = 69 /* Disc quota exceeded */ + ESTALE = 70 /* Stale NFS file handle */ + EREMOTE = 71 /* Too many levels of remote in path */ + EBADRPC = 72 /* RPC struct is bad */ + ERPCMISMATCH = 73 /* RPC version wrong */ + EPROGUNAVAIL = 74 /* RPC prog. not avail */ + EPROGMISMATCH = 75 /* Program version wrong */ + EPROCUNAVAIL = 76 /* Bad procedure for program */ + ENOLCK = 77 /* No locks available */ + ENOSYS = 78 /* Function not implemented */ + EFTYPE = 79 /* Inappropriate file type or format */ + EAUTH = 80 /* Authentication error */ + ENEEDAUTH = 81 /* Need authenticator */ + EIDRM = 82 /* Identifier removed */ + ENOMSG = 83 /* No message of desired type */ + EOVERFLOW = 84 /* Value too large to be stored in data type */ + ECANCELED = 85 /* Operation canceled */ + EILSEQ = 86 /* Illegal byte sequence */ + ENOATTR = 87 /* Attribute not found */ + EDOOFUS = 88 /* Programming error */ + EBADMSG = 89 /* Bad message */ + EMULTIHOP = 90 /* Multihop attempted */ + ENOLINK = 91 /* Link has been severed */ + EPROTO = 92 /* Protocol error */ + ENOTCAPABLE = 93 /* Capabilities insufficient */ + ECAPMODE = 94 /* Not permitted in capability mode */ + ENOTRECOVERABLE = 95 /* State not recoverable */ + EOWNERDEAD = 96 /* Previous owner died */ + EINTEGRITY = 97 /* Integrity check failed */ + + // From https://github.com/freebsd/freebsd-src/blob/373ffc62c158e52cde86a5b934ab4a51307f9f2e/contrib/openbsm/sys/bsm/audit_errno.h + BSM_ERRNO_ESUCCESS = 0 + BSM_ERRNO_EPERM = 1 + BSM_ERRNO_ENOENT = 2 + BSM_ERRNO_ESRCH = 3 + BSM_ERRNO_EINTR = 4 + BSM_ERRNO_EIO = 5 + BSM_ERRNO_ENXIO = 6 + BSM_ERRNO_E2BIG = 7 + BSM_ERRNO_ENOEXEC = 8 + BSM_ERRNO_EBADF = 9 + BSM_ERRNO_ECHILD = 10 + BSM_ERRNO_EAGAIN = 11 + BSM_ERRNO_ENOMEM = 12 + BSM_ERRNO_EACCES = 13 + BSM_ERRNO_EFAULT = 14 + BSM_ERRNO_ENOTBLK = 15 + BSM_ERRNO_EBUSY = 16 + BSM_ERRNO_EEXIST = 17 + BSM_ERRNO_EXDEV = 18 + BSM_ERRNO_ENODEV = 19 + BSM_ERRNO_ENOTDIR = 20 + BSM_ERRNO_EISDIR = 21 + BSM_ERRNO_EINVAL = 22 + BSM_ERRNO_ENFILE = 23 + BSM_ERRNO_EMFILE = 24 + BSM_ERRNO_ENOTTY = 25 + BSM_ERRNO_ETXTBSY = 26 + BSM_ERRNO_EFBIG = 27 + BSM_ERRNO_ENOSPC = 28 + BSM_ERRNO_ESPIPE = 29 + BSM_ERRNO_EROFS = 30 + BSM_ERRNO_EMLINK = 31 + BSM_ERRNO_EPIPE = 32 + BSM_ERRNO_EDOM = 33 + BSM_ERRNO_ERANGE = 34 + BSM_ERRNO_ENOMSG = 35 + BSM_ERRNO_EIDRM = 36 + BSM_ERRNO_ECHRNG = 37 /* Solaris/Linux-specific. */ + BSM_ERRNO_EL2NSYNC = 38 /* Solaris/Linux-specific. */ + BSM_ERRNO_EL3HLT = 39 /* Solaris/Linux-specific. */ + BSM_ERRNO_EL3RST = 40 /* Solaris/Linux-specific. */ + BSM_ERRNO_ELNRNG = 41 /* Solaris/Linux-specific. */ + BSM_ERRNO_EUNATCH = 42 /* Solaris/Linux-specific. */ + BSM_ERRNO_ENOCSI = 43 /* Solaris/Linux-specific. */ + BSM_ERRNO_EL2HLT = 44 /* Solaris/Linux-specific. */ + BSM_ERRNO_EDEADLK = 45 + BSM_ERRNO_ENOLCK = 46 + BSM_ERRNO_ECANCELED = 47 + BSM_ERRNO_ENOTSUP = 48 + BSM_ERRNO_EDQUOT = 49 + BSM_ERRNO_EBADE = 50 /* Solaris/Linux-specific. */ + BSM_ERRNO_EBADR = 51 /* Solaris/Linux-specific. */ + BSM_ERRNO_EXFULL = 52 /* Solaris/Linux-specific. */ + BSM_ERRNO_ENOANO = 53 /* Solaris/Linux-specific. */ + BSM_ERRNO_EBADRQC = 54 /* Solaris/Linux-specific. */ + BSM_ERRNO_EBADSLT = 55 /* Solaris/Linux-specific. */ + BSM_ERRNO_EDEADLOCK = 56 /* Solaris-specific. */ + BSM_ERRNO_EBFONT = 57 /* Solaris/Linux-specific. */ + BSM_ERRNO_EOWNERDEAD = 58 /* Solaris/Linux-specific. */ + BSM_ERRNO_ENOTRECOVERABLE = 59 /* Solaris/Linux-specific. */ + BSM_ERRNO_ENOSTR = 60 /* Solaris/Darwin/Linux-specific. */ + BSM_ERRNO_ENODATA = 61 /* Solaris/Darwin/Linux-specific. */ + BSM_ERRNO_ETIME = 62 /* Solaris/Darwin/Linux-specific. */ + BSM_ERRNO_ENOSR = 63 /* Solaris/Darwin/Linux-specific. */ + BSM_ERRNO_ENONET = 64 /* Solaris/Linux-specific. */ + BSM_ERRNO_ENOPKG = 65 /* Solaris/Linux-specific. */ + BSM_ERRNO_EREMOTE = 66 + BSM_ERRNO_ENOLINK = 67 + BSM_ERRNO_EADV = 68 /* Solaris/Linux-specific. */ + BSM_ERRNO_ESRMNT = 69 /* Solaris/Linux-specific. */ + BSM_ERRNO_ECOMM = 70 /* Solaris/Linux-specific. */ + BSM_ERRNO_EPROTO = 71 + BSM_ERRNO_ELOCKUNMAPPED = 72 /* Solaris-specific. */ + BSM_ERRNO_ENOTACTIVE = 73 /* Solaris-specific. */ + BSM_ERRNO_EMULTIHOP = 74 + BSM_ERRNO_EBADMSG = 77 + BSM_ERRNO_ENAMETOOLONG = 78 + BSM_ERRNO_EOVERFLOW = 79 + BSM_ERRNO_ENOTUNIQ = 80 /* Solaris/Linux-specific. */ + BSM_ERRNO_EBADFD = 81 /* Solaris/Linux-specific. */ + BSM_ERRNO_EREMCHG = 82 /* Solaris/Linux-specific. */ + BSM_ERRNO_ELIBACC = 83 /* Solaris/Linux-specific. */ + BSM_ERRNO_ELIBBAD = 84 /* Solaris/Linux-specific. */ + BSM_ERRNO_ELIBSCN = 85 /* Solaris/Linux-specific. */ + BSM_ERRNO_ELIBMAX = 86 /* Solaris/Linux-specific. */ + BSM_ERRNO_ELIBEXEC = 87 /* Solaris/Linux-specific. */ + BSM_ERRNO_EILSEQ = 88 + BSM_ERRNO_ENOSYS = 89 + BSM_ERRNO_ELOOP = 90 + BSM_ERRNO_ERESTART = 91 + BSM_ERRNO_ESTRPIPE = 92 /* Solaris/Linux-specific. */ + BSM_ERRNO_ENOTEMPTY = 93 + BSM_ERRNO_EUSERS = 94 + BSM_ERRNO_ENOTSOCK = 95 + BSM_ERRNO_EDESTADDRREQ = 96 + BSM_ERRNO_EMSGSIZE = 97 + BSM_ERRNO_EPROTOTYPE = 98 + BSM_ERRNO_ENOPROTOOPT = 99 + BSM_ERRNO_EPROTONOSUPPORT = 120 + BSM_ERRNO_ESOCKTNOSUPPORT = 121 + BSM_ERRNO_EOPNOTSUPP = 122 + BSM_ERRNO_EPFNOSUPPORT = 123 + BSM_ERRNO_EAFNOSUPPORT = 124 + BSM_ERRNO_EADDRINUSE = 125 + BSM_ERRNO_EADDRNOTAVAIL = 126 + BSM_ERRNO_ENETDOWN = 127 + BSM_ERRNO_ENETUNREACH = 128 + BSM_ERRNO_ENETRESET = 129 + BSM_ERRNO_ECONNABORTED = 130 + BSM_ERRNO_ECONNRESET = 131 + BSM_ERRNO_ENOBUFS = 132 + BSM_ERRNO_EISCONN = 133 + BSM_ERRNO_ENOTCONN = 134 + BSM_ERRNO_ESHUTDOWN = 143 + BSM_ERRNO_ETOOMANYREFS = 144 + BSM_ERRNO_ETIMEDOUT = 145 + BSM_ERRNO_ECONNREFUSED = 146 + BSM_ERRNO_EHOSTDOWN = 147 + BSM_ERRNO_EHOSTUNREACH = 148 + BSM_ERRNO_EALREADY = 149 + BSM_ERRNO_EINPROGRESS = 150 + BSM_ERRNO_ESTALE = 151 + BSM_ERRNO_EPROCLIM = 190 /* FreeBSD/Darwin-specific. */ + BSM_ERRNO_EBADRPC = 191 /* FreeBSD/Darwin-specific. */ + BSM_ERRNO_ERPCMISMATCH = 192 /* FreeBSD/Darwin-specific. */ + BSM_ERRNO_EPROGUNAVAIL = 193 /* FreeBSD/Darwin-specific. */ + BSM_ERRNO_EPROGMISMATCH = 194 /* FreeBSD/Darwin-specific. */ + BSM_ERRNO_EPROCUNAVAIL = 195 /* FreeBSD/Darwin-specific. */ + BSM_ERRNO_EFTYPE = 196 /* FreeBSD/Darwin-specific. */ + BSM_ERRNO_EAUTH = 197 /* FreeBSD/Darwin-specific. */ + BSM_ERRNO_ENEEDAUTH = 198 /* FreeBSD/Darwin-specific. */ + BSM_ERRNO_ENOATTR = 199 /* FreeBSD/Darwin-specific. */ + BSM_ERRNO_EDOOFUS = 200 /* FreeBSD-specific. */ + BSM_ERRNO_EJUSTRETURN = 201 /* FreeBSD-specific. */ + BSM_ERRNO_ENOIOCTL = 202 /* FreeBSD-specific. */ + BSM_ERRNO_EDIRIOCTL = 203 /* FreeBSD-specific. */ + BSM_ERRNO_EPWROFF = 204 /* Darwin-specific. */ + BSM_ERRNO_EDEVERR = 205 /* Darwin-specific. */ + BSM_ERRNO_EBADEXEC = 206 /* Darwin-specific. */ + BSM_ERRNO_EBADARCH = 207 /* Darwin-specific. */ + BSM_ERRNO_ESHLIBVERS = 208 /* Darwin-specific. */ + BSM_ERRNO_EBADMACHO = 209 /* Darwin-specific. */ + BSM_ERRNO_EPOLICY = 210 /* Darwin-specific. */ + BSM_ERRNO_EDOTDOT = 211 /* Linux-specific. */ + BSM_ERRNO_EUCLEAN = 212 /* Linux-specific. */ + BSM_ERRNO_ENOTNAM = 213 /* Linux(Xenix?)-specific. */ + BSM_ERRNO_ENAVAIL = 214 /* Linux(Xenix?)-specific. */ + BSM_ERRNO_EISNAM = 215 /* Linux(Xenix?)-specific. */ + BSM_ERRNO_EREMOTEIO = 216 /* Linux-specific. */ + BSM_ERRNO_ENOMEDIUM = 217 /* Linux-specific. */ + BSM_ERRNO_EMEDIUMTYPE = 218 /* Linux-specific. */ + BSM_ERRNO_ENOKEY = 219 /* Linux-specific. */ + BSM_ERRNO_EKEYEXPIRED = 220 /* Linux-specific. */ + BSM_ERRNO_EKEYREVOKED = 221 /* Linux-specific. */ + BSM_ERRNO_EKEYREJECTED = 222 /* Linux-specific. */ + BSM_ERRNO_ENOTCAPABLE = 223 /* FreeBSD-specific. */ + BSM_ERRNO_ECAPMODE = 224 /* FreeBSD-specific. */ + BSM_ERRNO_EINTEGRITY = 225 /* FreeBSD-specific. */ + BSM_ERRNO_UNKNOWN = 250 /* OpenBSM-specific. */ + + // From https://github.com/freebsd/freebsd-src/blob/373ffc62c158e52cde86a5b934ab4a51307f9f2e/sys/security/audit/bsm_errno.c + // But we dont want to use int16, so use 255 + //ERRNO_NO_LOCAL_MAPPING int16 = -600 + ERRNO_NO_LOCAL_MAPPING = 255 +) + +var ( + BsmErrnos = []BsmErrno{ + {BSM_ERRNO_ESUCCESS, 0, "Success"}, + {BSM_ERRNO_EPERM, EPERM, "Operation not permitted"}, + {BSM_ERRNO_ENOENT, ENOENT, "No such file or directory"}, + {BSM_ERRNO_ESRCH, ESRCH, "No such process"}, + {BSM_ERRNO_EINTR, EINTR, "Interrupted system call"}, + {BSM_ERRNO_EIO, EIO, "Input/output error"}, + {BSM_ERRNO_ENXIO, ENXIO, "Device not configured"}, + {BSM_ERRNO_E2BIG, E2BIG, "Argument list too long"}, + {BSM_ERRNO_ENOEXEC, ENOEXEC, "Exec format error"}, + {BSM_ERRNO_EBADF, EBADF, "Bad file descriptor"}, + {BSM_ERRNO_ECHILD, ECHILD, "No child processes"}, + {BSM_ERRNO_EAGAIN, EAGAIN, "Resource temporarily unavailable"}, + {BSM_ERRNO_ENOMEM, ENOMEM, "Cannot allocate memory"}, + {BSM_ERRNO_EACCES, EACCES, "Permission denied"}, + {BSM_ERRNO_EFAULT, EFAULT, "Bad address"}, + {BSM_ERRNO_ENOTBLK, ENOTBLK, "Block device required"}, + {BSM_ERRNO_EBUSY, EBUSY, "Device busy"}, + {BSM_ERRNO_EEXIST, EEXIST, "File exists"}, + {BSM_ERRNO_EXDEV, EXDEV, "Cross-device link"}, + {BSM_ERRNO_ENODEV, ENODEV, "Operation not supported by device"}, + {BSM_ERRNO_ENOTDIR, ENOTDIR, "Not a directory"}, + {BSM_ERRNO_EISDIR, EISDIR, "Is a directory"}, + {BSM_ERRNO_EINVAL, EINVAL, "Invalid argument"}, + {BSM_ERRNO_ENFILE, ENFILE, "Too many open files in system"}, + {BSM_ERRNO_EMFILE, EMFILE, "Too many open files"}, + {BSM_ERRNO_ENOTTY, ENOTTY, "Inappropriate ioctl for device"}, + {BSM_ERRNO_ETXTBSY, ETXTBSY, "Text file busy"}, + {BSM_ERRNO_EFBIG, EFBIG, "File too large"}, + {BSM_ERRNO_ENOSPC, ENOSPC, "No space left on device"}, + {BSM_ERRNO_ESPIPE, ESPIPE, "Illegal seek"}, + {BSM_ERRNO_EROFS, EROFS, "Read-only file system"}, + {BSM_ERRNO_EMLINK, EMLINK, "Too many links"}, + {BSM_ERRNO_EPIPE, EPIPE, "Broken pipe"}, + {BSM_ERRNO_EDOM, EDOM, "Numerical argument out of domain"}, + {BSM_ERRNO_ERANGE, ERANGE, "Result too large"}, + {BSM_ERRNO_ENOMSG, ENOMSG, "No message of desired type"}, + {BSM_ERRNO_EIDRM, EIDRM, "Identifier removed"}, + {BSM_ERRNO_ECHRNG, ERRNO_NO_LOCAL_MAPPING, "Channel number out of range"}, + {BSM_ERRNO_EL2NSYNC, ERRNO_NO_LOCAL_MAPPING, "Level 2 not synchronized"}, + {BSM_ERRNO_EL3HLT, ERRNO_NO_LOCAL_MAPPING, "Level 3 halted"}, + {BSM_ERRNO_EL3RST, ERRNO_NO_LOCAL_MAPPING, "Level 3 reset"}, + {BSM_ERRNO_ELNRNG, ERRNO_NO_LOCAL_MAPPING, "Link number out of range"}, + {BSM_ERRNO_EUNATCH, ERRNO_NO_LOCAL_MAPPING, "Protocol driver not attached"}, + {BSM_ERRNO_ENOCSI, ERRNO_NO_LOCAL_MAPPING, "No CSI structure available"}, + {BSM_ERRNO_EL2HLT, ERRNO_NO_LOCAL_MAPPING, "Level 2 halted"}, + {BSM_ERRNO_EDEADLK, EDEADLK, "Resource deadlock avoided"}, + {BSM_ERRNO_ENOLCK, ENOLCK, "No locks available"}, + {BSM_ERRNO_ECANCELED, ECANCELED, "Operation canceled"}, + {BSM_ERRNO_ENOTSUP, ENOTSUP, "Operation not supported"}, + {BSM_ERRNO_EDQUOT, EDQUOT, "Disc quota exceeded"}, + {BSM_ERRNO_EBADE, ERRNO_NO_LOCAL_MAPPING, "Invalid exchange"}, + {BSM_ERRNO_EBADR, ERRNO_NO_LOCAL_MAPPING, "Invalid request descriptor"}, + {BSM_ERRNO_EXFULL, ERRNO_NO_LOCAL_MAPPING, "Exchange full"}, + {BSM_ERRNO_ENOANO, ERRNO_NO_LOCAL_MAPPING, "No anode"}, + {BSM_ERRNO_EBADRQC, ERRNO_NO_LOCAL_MAPPING, "Invalid request descriptor"}, + {BSM_ERRNO_EBADSLT, ERRNO_NO_LOCAL_MAPPING, "Invalid slot"}, + {BSM_ERRNO_EDEADLOCK, ERRNO_NO_LOCAL_MAPPING, "Resource deadlock avoided"}, + {BSM_ERRNO_EBFONT, ERRNO_NO_LOCAL_MAPPING, "Bad font file format"}, + {BSM_ERRNO_EOWNERDEAD, ERRNO_NO_LOCAL_MAPPING, "Process died with the lock"}, + {BSM_ERRNO_EINTEGRITY, ERRNO_NO_LOCAL_MAPPING, "Integrity check failed"}, + {BSM_ERRNO_ENOTRECOVERABLE, ERRNO_NO_LOCAL_MAPPING, "Lock is not recoverable"}, + {BSM_ERRNO_ENOSTR, ERRNO_NO_LOCAL_MAPPING, "Device not a stream"}, + {BSM_ERRNO_ENONET, ERRNO_NO_LOCAL_MAPPING, "Machine is not on the network"}, + {BSM_ERRNO_ENOPKG, ERRNO_NO_LOCAL_MAPPING, "Package not installed"}, + {BSM_ERRNO_EREMOTE, EREMOTE, "Too many levels of remote in path"}, + {BSM_ERRNO_ENOLINK, ERRNO_NO_LOCAL_MAPPING, "Link has been severed"}, + {BSM_ERRNO_EADV, ERRNO_NO_LOCAL_MAPPING, "Advertise error"}, + {BSM_ERRNO_ESRMNT, ERRNO_NO_LOCAL_MAPPING, "srmount error"}, + {BSM_ERRNO_ECOMM, ERRNO_NO_LOCAL_MAPPING, "Communication error on send"}, + {BSM_ERRNO_EPROTO, ERRNO_NO_LOCAL_MAPPING, "Protocol error"}, + {BSM_ERRNO_ELOCKUNMAPPED, ERRNO_NO_LOCAL_MAPPING, "Locked lock was unmapped"}, + {BSM_ERRNO_ENOTACTIVE, ERRNO_NO_LOCAL_MAPPING, "Facility is not active"}, + {BSM_ERRNO_EMULTIHOP, ERRNO_NO_LOCAL_MAPPING, "Multihop attempted"}, + {BSM_ERRNO_EBADMSG, ERRNO_NO_LOCAL_MAPPING, "Bad message"}, + {BSM_ERRNO_ENAMETOOLONG, ENAMETOOLONG, "File name too long"}, + {BSM_ERRNO_EOVERFLOW, EOVERFLOW, "Value too large to be stored in data type"}, + {BSM_ERRNO_ENOTUNIQ, ERRNO_NO_LOCAL_MAPPING, "Given log name not unique"}, + {BSM_ERRNO_EBADFD, ERRNO_NO_LOCAL_MAPPING, "Given f.d. invalid for this operation"}, + {BSM_ERRNO_EREMCHG, ERRNO_NO_LOCAL_MAPPING, "Remote address changed"}, + {BSM_ERRNO_ELIBACC, ERRNO_NO_LOCAL_MAPPING, "Can't access a needed shared lib"}, + {BSM_ERRNO_ELIBBAD, ERRNO_NO_LOCAL_MAPPING, "Accessing a corrupted shared lib"}, + {BSM_ERRNO_ELIBSCN, ERRNO_NO_LOCAL_MAPPING, ".lib section in a.out corrupted"}, + {BSM_ERRNO_ELIBMAX, ERRNO_NO_LOCAL_MAPPING, "Attempting to link in too many libs"}, + {BSM_ERRNO_ELIBEXEC, ERRNO_NO_LOCAL_MAPPING, "Attempting to exec a shared library"}, + {BSM_ERRNO_EILSEQ, EILSEQ, "Illegal byte sequence"}, + {BSM_ERRNO_ENOSYS, ENOSYS, "Function not implemented"}, + {BSM_ERRNO_ELOOP, ELOOP, "Too many levels of symbolic links"}, + {BSM_ERRNO_ERESTART, ERRNO_NO_LOCAL_MAPPING, "Restart syscall"}, + {BSM_ERRNO_ESTRPIPE, ERRNO_NO_LOCAL_MAPPING, "If pipe/FIFO, don't sleep in stream head"}, + {BSM_ERRNO_ENOTEMPTY, ENOTEMPTY, "Directory not empty"}, + {BSM_ERRNO_EUSERS, EUSERS, "Too many users"}, + {BSM_ERRNO_ENOTSOCK, ENOTSOCK, "Socket operation on non-socket"}, + {BSM_ERRNO_EDESTADDRREQ, EDESTADDRREQ, "Destination address required"}, + {BSM_ERRNO_EMSGSIZE, EMSGSIZE, "Message too long"}, + {BSM_ERRNO_EPROTOTYPE, EPROTOTYPE, "Protocol wrong type for socket"}, + {BSM_ERRNO_ENOPROTOOPT, ENOPROTOOPT, "Protocol not available"}, + {BSM_ERRNO_EPROTONOSUPPORT, EPROTONOSUPPORT, "Protocol not supported"}, + {BSM_ERRNO_ESOCKTNOSUPPORT, ESOCKTNOSUPPORT, "Socket type not supported"}, + {BSM_ERRNO_EOPNOTSUPP, EOPNOTSUPP, "Operation not supported"}, + {BSM_ERRNO_EPFNOSUPPORT, EPFNOSUPPORT, "Protocol family not supported"}, + {BSM_ERRNO_EAFNOSUPPORT, EAFNOSUPPORT, "Address family not supported by protocol family"}, + {BSM_ERRNO_EADDRINUSE, EADDRINUSE, "Address already in use"}, + {BSM_ERRNO_EADDRNOTAVAIL, EADDRNOTAVAIL, "Can't assign requested address"}, + {BSM_ERRNO_ENETDOWN, ENETDOWN, "Network is down"}, + {BSM_ERRNO_ENETRESET, ENETRESET, "Network dropped connection on reset"}, + {BSM_ERRNO_ECONNABORTED, ECONNABORTED, "Software caused connection abort"}, + {BSM_ERRNO_ECONNRESET, ECONNRESET, "Connection reset by peer"}, + {BSM_ERRNO_ENOBUFS, ENOBUFS, "No buffer space available"}, + {BSM_ERRNO_EISCONN, EISCONN, "Socket is already connected"}, + {BSM_ERRNO_ENOTCONN, ENOTCONN, "Socket is not connected"}, + {BSM_ERRNO_ESHUTDOWN, ESHUTDOWN, "Can't send after socket shutdown"}, + {BSM_ERRNO_ETOOMANYREFS, ETOOMANYREFS, "Too many references: can't splice"}, + {BSM_ERRNO_ETIMEDOUT, ETIMEDOUT, "Operation timed out"}, + {BSM_ERRNO_ECONNREFUSED, ECONNREFUSED, "Connection refused"}, + {BSM_ERRNO_EHOSTDOWN, EHOSTDOWN, "Host is down"}, + {BSM_ERRNO_EHOSTUNREACH, EHOSTUNREACH, "No route to host"}, + {BSM_ERRNO_EALREADY, EALREADY, "Operation already in progress"}, + {BSM_ERRNO_EINPROGRESS, EINPROGRESS, "Operation now in progress"}, + {BSM_ERRNO_ESTALE, ESTALE, "Stale NFS file handle"}, + {BSM_ERRNO_EPROCLIM, EPROCLIM, "Too many processes"}, + {BSM_ERRNO_EBADRPC, EBADRPC, "RPC struct is bad"}, + {BSM_ERRNO_ERPCMISMATCH, ERPCMISMATCH, "RPC version wrong"}, + {BSM_ERRNO_EPROGUNAVAIL, EPROGUNAVAIL, "RPC prog. not avail"}, + {BSM_ERRNO_EPROGMISMATCH, EPROGMISMATCH, "RPC version wrong"}, + {BSM_ERRNO_EPROCUNAVAIL, EPROCUNAVAIL, "Bad procedure for program"}, + {BSM_ERRNO_EFTYPE, EFTYPE, "Inappropriate file type or format"}, + {BSM_ERRNO_EAUTH, EAUTH, "Authenticateion error"}, + {BSM_ERRNO_ENEEDAUTH, ENEEDAUTH, "Need authenticator"}, + {BSM_ERRNO_ENOATTR, ENOATTR, "Attribute not found"}, + {BSM_ERRNO_EDOOFUS, EDOOFUS, "Programming error"}, + {BSM_ERRNO_EJUSTRETURN, ERRNO_NO_LOCAL_MAPPING, "Just return"}, + {BSM_ERRNO_ENOIOCTL, ERRNO_NO_LOCAL_MAPPING, "ioctl not handled by this layer"}, + {BSM_ERRNO_EDIRIOCTL, ERRNO_NO_LOCAL_MAPPING, "do direct ioctl in GEOM"}, + {BSM_ERRNO_EPWROFF, ERRNO_NO_LOCAL_MAPPING, "Device power is off"}, + {BSM_ERRNO_EDEVERR, ERRNO_NO_LOCAL_MAPPING, "Device error"}, + {BSM_ERRNO_EBADEXEC, ERRNO_NO_LOCAL_MAPPING, "Bad executable"}, + {BSM_ERRNO_EBADARCH, ERRNO_NO_LOCAL_MAPPING, "Bad CPU type in executable"}, + {BSM_ERRNO_ESHLIBVERS, ERRNO_NO_LOCAL_MAPPING, "Shared library version mismatch"}, + {BSM_ERRNO_EBADMACHO, ERRNO_NO_LOCAL_MAPPING, "Malformed Macho file"}, + {BSM_ERRNO_EPOLICY, ERRNO_NO_LOCAL_MAPPING, "Operation failed by policy"}, + {BSM_ERRNO_EDOTDOT, ERRNO_NO_LOCAL_MAPPING, "RFS specific error"}, + {BSM_ERRNO_EUCLEAN, ERRNO_NO_LOCAL_MAPPING, "Structure needs cleaning"}, + {BSM_ERRNO_ENOTNAM, ERRNO_NO_LOCAL_MAPPING, "Not a XENIX named type file"}, + {BSM_ERRNO_ENAVAIL, ERRNO_NO_LOCAL_MAPPING, "No XENIX semaphores available"}, + {BSM_ERRNO_EISNAM, ERRNO_NO_LOCAL_MAPPING, "Is a named type file"}, + {BSM_ERRNO_EREMOTEIO, ERRNO_NO_LOCAL_MAPPING, "Remote I/O error"}, + {BSM_ERRNO_ENOMEDIUM, ERRNO_NO_LOCAL_MAPPING, "No medium found"}, + {BSM_ERRNO_EMEDIUMTYPE, ERRNO_NO_LOCAL_MAPPING, "Wrong medium type"}, + {BSM_ERRNO_ENOKEY, ERRNO_NO_LOCAL_MAPPING, "Required key not available"}, + {BSM_ERRNO_EKEYEXPIRED, ERRNO_NO_LOCAL_MAPPING, "Key has expired"}, + {BSM_ERRNO_EKEYREVOKED, ERRNO_NO_LOCAL_MAPPING, "Key has been revoked"}, + {BSM_ERRNO_EKEYREJECTED, ERRNO_NO_LOCAL_MAPPING, "Key was rejected by service"}, + {BSM_ERRNO_ENOTCAPABLE, ENOTCAPABLE, "Capabilities insufficient"}, + {BSM_ERRNO_ECAPMODE, ECAPMODE, "Not permitted in capability mode"}, + } +) + +func lookupErrno(errno uint8) (BsmErrno, error) { + var res BsmErrno + + for _, res = range BsmErrnos { + if res.Errno == errno { + return res, nil + } + } + + return res, fmt.Errorf("ErrNo not found") +} From 4b06c3064b171badebe5ce5044c697ca91e657f7 Mon Sep 17 00:00:00 2001 From: yo Date: Wed, 18 Jan 2023 17:19:39 +0100 Subject: [PATCH 3/3] Manual merge --- libbsm.go | 2150 +++++++++++++++++++++++++++++++++-------------------- 1 file changed, 1342 insertions(+), 808 deletions(-) diff --git a/libbsm.go b/libbsm.go index be146f5..0475c21 100644 --- a/libbsm.go +++ b/libbsm.go @@ -1,7 +1,9 @@ // This is an implementation of libbsm // Copyright johan@nosd.in 2021 // +//go:build freebsd // +build freebsd + // // Use libc to get pw name from uid @@ -19,318 +21,363 @@ package main import "C" import ( - "io" - "os" - "fmt" - "time" "bufio" "bytes" - "strings" - "strconv" "encoding/binary" + "fmt" + "io" + "os" + "strconv" + "strings" + "time" ) const ( - // bsm/libbsm.h - AUDIT_MAX_ARGS = 128 - AUDIT_EVENT_FILE = "/etc/security/audit_event" + // bsm/libbsm.h + AUDIT_MAX_ARGS = 128 + AUDIT_EVENT_FILE = "/etc/security/audit_event" - // sys/bsm/audit.h - MAXAUDITDATA = (0x8000 - 1) - MAX_AUDIT_RECORD_SIZE = MAXAUDITDATA + // sys/bsm/audit.h + MAXAUDITDATA = (0x8000 - 1) + MAX_AUDIT_RECORD_SIZE = MAXAUDITDATA - // Max length for a Path (AUT_PATH) or an arg (AUT_EXEC_ARGS) - MAX_AUDIT_ARG_LENGTH = 1024 + // Max length for a Path (AUT_PATH) or an arg (AUT_EXEC_ARGS) + MAX_AUDIT_ARG_LENGTH = 1024 -/* - * Token type identifiers. - From https://github.com/freebsd/freebsd-src/blob/main/contrib/openbsm/sys/bsm/audit_record.h - */ - AUT_INVALID = 0x00 - AUT_OTHER_FILE32 = 0x11 - AUT_OHEADER = 0x12 - AUT_TRAILER = 0x13 - AUT_HEADER32 = 0x14 - AUT_HEADER32_EX = 0x15 - AUT_DATA = 0x21 - AUT_IPC = 0x22 - AUT_PATH = 0x23 - AUT_SUBJECT32 = 0x24 - AUT_XATPATH = 0x25 - AUT_PROCESS32 = 0x26 - AUT_RETURN32 = 0x27 - AUT_TEXT = 0x28 - AUT_OPAQUE = 0x29 - AUT_IN_ADDR = 0x2a - AUT_IP = 0x2b - AUT_IPORT = 0x2c - AUT_ARG32 = 0x2d - AUT_SOCKET = 0x2e - AUT_SEQ = 0x2f - AUT_ACL = 0x30 - AUT_ATTR = 0x31 - AUT_IPC_PERM = 0x32 - AUT_LABEL = 0x33 - AUT_GROUPS = 0x34 - AUT_ACE = 0x35 - AUT_PRIV = 0x38 - AUT_UPRIV = 0x39 - AUT_LIAISON = 0x3a - AUT_NEWGROUPS = 0x3b - AUT_EXEC_ARGS = 0x3c - AUT_EXEC_ENV = 0x3d - AUT_ATTR32 = 0x3e - AUT_UNAUTH = 0x3f - AUT_XATOM = 0x40 - AUT_XOBJ = 0x41 - AUT_XPROTO = 0x42 - AUT_XSELECT = 0x43 - AUT_XCOLORMAP = 0x44 - AUT_XCURSOR = 0x45 - AUT_XFONT = 0x46 - AUT_XGC = 0x47 - AUT_XPIXMAP = 0x48 - AUT_XPROPERTY = 0x49 - AUT_XWINDOW = 0x4a - AUT_XCLIENT = 0x4b - AUT_CMD = 0x51 - AUT_EXIT = 0x52 - AUT_ZONENAME = 0x60 - AUT_HOST = 0x70 - AUT_ARG64 = 0x71 - AUT_RETURN64 = 0x72 - AUT_ATTR64 = 0x73 - AUT_HEADER64 = 0x74 - AUT_SUBJECT64 = 0x75 - AUT_PROCESS64 = 0x77 - AUT_OTHER_FILE64 = 0x78 - AUT_HEADER64_EX = 0x79 - AUT_SUBJECT32_EX = 0x7a - AUT_PROCESS32_EX = 0x7b - AUT_SUBJECT64_EX = 0x7c - AUT_PROCESS64_EX = 0x7d - AUT_IN_ADDR_EX = 0x7e - AUT_SOCKET_EX = 0x7f + ISIPV4 = 4 + ISIPV6 = 16 + /* + * Token type identifiers. + From https://github.com/freebsd/freebsd-src/blob/main/contrib/openbsm/sys/bsm/audit_record.h + */ + AUT_INVALID = 0x00 + AUT_OTHER_FILE32 = 0x11 + AUT_OHEADER = 0x12 + AUT_TRAILER = 0x13 + AUT_HEADER32 = 0x14 + AUT_HEADER32_EX = 0x15 + AUT_DATA = 0x21 + AUT_IPC = 0x22 + AUT_PATH = 0x23 + AUT_SUBJECT32 = 0x24 + AUT_XATPATH = 0x25 + AUT_PROCESS32 = 0x26 + AUT_RETURN32 = 0x27 + AUT_TEXT = 0x28 + AUT_OPAQUE = 0x29 + AUT_IN_ADDR = 0x2a + AUT_IP = 0x2b + AUT_IPORT = 0x2c + AUT_ARG32 = 0x2d + AUT_SOCKET = 0x2e + AUT_SEQ = 0x2f + AUT_ACL = 0x30 + AUT_ATTR = 0x31 + AUT_IPC_PERM = 0x32 + AUT_LABEL = 0x33 + AUT_GROUPS = 0x34 + AUT_ACE = 0x35 + AUT_PRIV = 0x38 + AUT_UPRIV = 0x39 + AUT_LIAISON = 0x3a + AUT_NEWGROUPS = 0x3b + AUT_EXEC_ARGS = 0x3c + AUT_EXEC_ENV = 0x3d + AUT_ATTR32 = 0x3e + AUT_UNAUTH = 0x3f + AUT_XATOM = 0x40 + AUT_XOBJ = 0x41 + AUT_XPROTO = 0x42 + AUT_XSELECT = 0x43 + AUT_XCOLORMAP = 0x44 + AUT_XCURSOR = 0x45 + AUT_XFONT = 0x46 + AUT_XGC = 0x47 + AUT_XPIXMAP = 0x48 + AUT_XPROPERTY = 0x49 + AUT_XWINDOW = 0x4a + AUT_XCLIENT = 0x4b + AUT_CMD = 0x51 + AUT_EXIT = 0x52 + AUT_ZONENAME = 0x60 + AUT_HOST = 0x70 + AUT_ARG64 = 0x71 + AUT_RETURN64 = 0x72 + AUT_ATTR64 = 0x73 + AUT_HEADER64 = 0x74 + AUT_SUBJECT64 = 0x75 + AUT_PROCESS64 = 0x77 + AUT_OTHER_FILE64 = 0x78 + AUT_HEADER64_EX = 0x79 + AUT_SUBJECT32_EX = 0x7a + AUT_PROCESS32_EX = 0x7b + AUT_SUBJECT64_EX = 0x7c + AUT_PROCESS64_EX = 0x7d + AUT_IN_ADDR_EX = 0x7e + AUT_SOCKET_EX = 0x7f + AUT_SOCKINET32 = 0x80 + AUT_SOCKINET128 = 0x81 + AUT_SOCKUNIX = 0x82 - // Display control - PRT_ONELINE = 1 - PRT_NORESOLVE_USER = 2 - PRT_TIMESTAMP = 4 + // Display control + PRT_ONELINE = 1 + PRT_NORESOLVE_USER = 2 + PRT_TIMESTAMP = 4 ) var ( - // A global user/uid cache - gUsers []user - // A global group/gid cache - gGroups []group - // Cache of audit_event file - gEventDB []event + // A global user/uid cache + gUsers []user + // A global group/gid cache + gGroups []group + // Cache of audit_event file + gEventDB []event ) - type event struct { - Type int - Name string - Desc string - Class string + Type int + Name string + Desc string + Class string } - // Fields types, from https://github.com/freebsd/freebsd-src/blob/main/contrib/openbsm/bsm/libbsm.h // Abstraction of a record type Record interface { - GetType() uint8 - //Length() - LoadFromBinary(rdr *bufio.Reader) error - Print(*os.File, string, int) + GetType() uint8 + // Length() + LoadFromBinary(rdr *bufio.Reader) error + Print(*os.File, string, int) } type Header32 struct { - Size uint32 // Record byte count - Version uint8 // version # (uchar) - E_type uint16 // Event type - E_mod uint16 // Event modifier - S uint32 // Seconds of time - Msec uint32 // Milliseconds of time + Size uint32 // Record byte count + Version uint8 // version # (uchar) + E_type uint16 // Event type + E_mod uint16 // Event modifier + S uint32 // Seconds of time + Msec uint32 // Milliseconds of time } type Header32Ex struct { - Size uint32 // Record byte count - Version uint8 // version # (uchar) - E_type uint16 // Event type - E_mod uint16 // Event modifier - Ad_type uint32 // Address type/Length - Addr [4]uint32 // Ipv4 or IPv6 - S uint32 // Seconds of time - Msec uint32 // Milliseconds of time + Size uint32 // Record byte count + Version uint8 // version # (uchar) + E_type uint16 // Event type + E_mod uint16 // Event modifier + Ad_type uint32 // Address type/Length + Addr [4]uint32 // Ipv4 or IPv6 + S uint32 // Seconds of time + Msec uint32 // Milliseconds of time } type Trailer struct { - Magic uint16 - Count uint32 + Magic uint16 + Count uint32 } type Arg32 struct { - No byte // Argument # - Val uint32 // Argument value - Length uint16 // Text length - Text []byte // Text + No byte // Argument # + Val uint32 // Argument value + Length uint16 // Text length + Text []byte // Text } type Arg64 struct { - No byte // Argument # - Val uint64 // Argument value - Length uint16 // Text length - Text []byte // Text + No byte // Argument # + Val uint64 // Argument value + Length uint16 // Text length + Text []byte // Text } type Attribute32 struct { - Mode uint32 // file access mode - Uid uint32 // Owner user ID - Gid uint32 // Owner group ID - Fsid uint32 // File system ID - Nid uint64 // Node ID - Dev uint32 // Device + Mode uint32 // file access mode + Uid uint32 // Owner user ID + Gid uint32 // Owner group ID + Fsid uint32 // File system ID + Nid uint64 // Node ID + Dev uint32 // Device } type Attribute64 struct { - Mode uint32 // file access mode - Uid uint32 // Owner user ID - Gid uint32 // Owner group ID - Fsid uint32 // File system ID - Nid uint64 // Node ID - Dev uint64 // Device + Mode uint32 // file access mode + Uid uint32 // Owner user ID + Gid uint32 // Owner group ID + Fsid uint32 // File system ID + Nid uint64 // Node ID + Dev uint64 // Device } /* * count 4 bytes * text count null-terminated string(s) -*/ + */ type ExecArg struct { - Count uint32 -//Text [AUDIT_MAX_ARGS][]byte - Text [][]byte + Count uint32 + //Text [AUDIT_MAX_ARGS][]byte + Text [][]byte } type Path struct { - Length uint16 // path length - Path []byte + Length uint16 // path length + Path []byte } type Return32 struct { - Status byte // Error status - Ret uint32 // Return code + Status byte // Error status + Ret uint32 // Return code } type Return64 struct { - Status byte // Error status - Ret uint64 // Return code + Status byte // Error status + Ret uint64 // Return code } type Subject32 struct { - Auid uint32 // Audit ID - Euid uint32 // Effective user ID - Egid uint32 // Effective Group ID - Ruid uint32 // Real User ID - Rgid uint32 // Real Group ID - Pid uint32 // Process ID - Sid uint32 // Session ID - Tid Tid32 + Auid uint32 // Audit ID + Euid uint32 // Effective user ID + Egid uint32 // Effective Group ID + Ruid uint32 // Real User ID + Rgid uint32 // Real Group ID + Pid uint32 // Process ID + Sid uint32 // Session ID + Tid Tid32 } type Process32 Subject32 type Subject32Ex struct { - Auid uint32 // Audit ID - Euid uint32 // Effective user ID - Egid uint32 // Effective Group ID - Ruid uint32 // Real User ID - Rgid uint32 // Real Group ID - Pid uint32 // Process ID - Sid uint32 // Session ID - Tid Tid32Ex + Auid uint32 // Audit ID + Euid uint32 // Effective user ID + Egid uint32 // Effective Group ID + Ruid uint32 // Real User ID + Rgid uint32 // Real Group ID + Pid uint32 // Process ID + Sid uint32 // Session ID + Tid Tid32Ex } type Process32Ex Subject32Ex type Tid32 struct { - Port uint32 - IpVers uint32 // 0x10 = IPv6 - Addr uint32 + Port uint32 + IpVers uint32 // 0x10 = IPv6 + Addr uint32 } type Tid32Ex struct { - Port uint32 - Ttype uint32 - IpVers uint32 // 0x10 = IPv6, 0x04 = IPv4 - Addr4 uint32 // 4 bytes long if IpVers == 0x04 - Addr6 [4]uint32 // 4x4 bytes long if IpVers == 0x10 + Port uint32 + Ttype uint32 + IpVers uint32 // 0x10 = IPv6, 0x04 = IPv4 + Addr4 uint32 // 4 bytes long if IpVers == 0x04 + Addr6 [4]uint32 // 4x4 bytes long if IpVers == 0x10 } type Subject64 struct { - Auid uint32 // Audit ID - Euid uint32 // Effective user ID - Egid uint32 // Effective Group ID - Ruid uint32 // Real User ID - Rgid uint32 // Real Group ID - Pid uint32 // Process ID - Sid uint32 // Session ID - Tid Tid64 + Auid uint32 // Audit ID + Euid uint32 // Effective user ID + Egid uint32 // Effective Group ID + Ruid uint32 // Real User ID + Rgid uint32 // Real Group ID + Pid uint32 // Process ID + Sid uint32 // Session ID + Tid Tid64 } type Process64 Subject64 type Subject64Ex struct { - Auid uint32 // Audit ID - Euid uint32 // Effective user ID - Egid uint32 // Effective Group ID - Ruid uint32 // Real User ID - Rgid uint32 // Real Group ID - Pid uint32 // Process ID - Sid uint32 // Session ID - Tid Tid64Ex + Auid uint32 // Audit ID + Euid uint32 // Effective user ID + Egid uint32 // Effective Group ID + Ruid uint32 // Real User ID + Rgid uint32 // Real Group ID + Pid uint32 // Process ID + Sid uint32 // Session ID + Tid Tid64Ex } type Process64Ex Subject64Ex type Tid64 struct { - Port uint64 - IpVers uint32 - Addr uint32 + Port uint64 + IpVers uint32 + Addr uint32 } type Tid64Ex struct { - Port uint64 - Ttype uint32 - IpVers uint32 // 0x10 = IPv6, 0x04 = IPv4 - Addr4 uint32 - Addr6 [4]uint32 + Port uint64 + Ttype uint32 + IpVers uint32 // 0x10 = IPv6, 0x04 = IPv4 + Addr4 uint32 + Addr6 [4]uint32 +} + +/* + * socket domain 2 bytes + * socket type 2 bytes + * address type 2 bytes + * local port 2 bytes + * local Internet address 4/16 bytes + * remote port 2 bytes + * remote Internet address 4/16 bytes + */ +type SocketEx struct { + Domain uint16 + SockType uint16 + AddrType uint16 + LocalPort uint16 + LocalAddr4 uint32 + LocalAddr6 [4]uint32 + RemotePort uint16 + RemoteAddr4 uint32 + RemoteAddr6 [4]uint32 +} + +type SockInet32 struct { + Family uint16 + Lport uint16 + Addr4 uint32 +} + +type SockInet128 struct { + Family uint16 + Lport uint16 + Addr6 [4]uint32 +} + +/* + * token ID 1 byte + * socket family 2 bytes + * path (up to) 104 bytes + NULL (NULL terminated string) + */ +type SockUnix struct { + Family uint16 + Path []byte } type Exit struct { - Status uint32 - Ret uint32 + Status uint32 + Ret uint32 } type Text struct { - Length uint16 - Text []byte + Length uint16 + Text []byte } - /* Utilities */ // users ID for resolution type user struct { - uid uint32 - name string + uid uint32 + name string } // groups ID for resolution type group struct { - gid uint32 - name string + gid uint32 + name string } /* Utilities */ @@ -358,21 +405,20 @@ func getUserName(uid uint32) (string, error) { return u.name, nil } func getUserNameByUid(uid uint32) (user, error) { - var pw *C.struct_passwd - var usr user + var pw *C.struct_passwd + var usr user - pw = C.getpwuid((C.uint32_t)(uid)) - if pw == nil { - return usr, fmt.Errorf("User ID not found") - } + pw = C.getpwuid((C.uint32_t)(uid)) + if pw == nil { + return usr, fmt.Errorf("User ID not found") + } - usr.uid = uid - usr.name = C.GoString(pw.pw_name) + usr.uid = uid + usr.name = C.GoString(pw.pw_name) - return usr, nil + return usr, nil } - func getGroupName(gid uint32) (string, error) { for _, g := range gGroups { if g.gid == gid { @@ -396,21 +442,21 @@ func getGroupName(gid uint32) (string, error) { return g.name, nil } func getGroupNameByGid(gid uint32) (group, error) { - var gr *C.struct_group - var grp group + var gr *C.struct_group + var grp group - gr = C.getgrgid((C.uint32_t)(gid)) - if gr == nil { - return grp, fmt.Errorf("Group ID not found") - } + gr = C.getgrgid((C.uint32_t)(gid)) + if gr == nil { + return grp, fmt.Errorf("Group ID not found") + } - grp.gid = gid - grp.name = C.GoString(gr.gr_name) + grp.gid = gid + grp.name = C.GoString(gr.gr_name) - return grp, nil + return grp, nil } -func getEventName(event uint16) (string,error) { +func getEventName(event uint16) (string, error) { if len(gEventDB) == 0 { err := loadEventDB() if err != nil { @@ -453,42 +499,42 @@ func loadEventDB() error { // Wait for https://github.com/openbsm/openbsm/pull/75 if t == 43082 && (len(eventStr) == 5) { gEventDB = append(gEventDB, event{Type: t, - Name: eventStr[1], - Desc: eventStr[3], - Class: eventStr[4],}) + Name: eventStr[1], + Desc: eventStr[3], + Class: eventStr[4]}) } else { gEventDB = append(gEventDB, event{Type: t, - Name: eventStr[1], - Desc: eventStr[2], - Class: eventStr[3],}) + Name: eventStr[1], + Desc: eventStr[2], + Class: eventStr[3]}) } } return nil } func PrintIpv4FromInt(ipv4int uint32) string { - return fmt.Sprintf("%d.%d.%d.%d", ipv4int & 0xFF000000 >> 24, ipv4int & 0x00FF0000 >> 16, - ipv4int & 0x0000FF00 >> 8, ipv4int & 0x000000FF) + return fmt.Sprintf("%d.%d.%d.%d", ipv4int&0xFF000000>>24, ipv4int&0x00FF0000>>16, + ipv4int&0x0000FF00>>8, ipv4int&0x000000FF) } func PrintIpv6FromInt(ipv6int [4]uint32) string { - //return fmt.Sprintf("%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x", - return fmt.Sprintf("%x:%x:%x:%x:%x:%x:%x:%x", - ipv6int[0] & 0xFFFF0000 >> 16, ipv6int[0] & 0x0000FFFF, - ipv6int[1] & 0xFFFF0000 >> 16, ipv6int[1] & 0x0000FFFF, - ipv6int[2] & 0xFFFF0000 >> 16, ipv6int[2] & 0x0000FFFF, - ipv6int[3] & 0xFFFF0000 >> 16, ipv6int[3] & 0x0000FFFF) + //return fmt.Sprintf("%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x", + return fmt.Sprintf("%x:%x:%x:%x:%x:%x:%x:%x", + ipv6int[0]&0xFFFF0000>>16, ipv6int[0]&0x0000FFFF, + ipv6int[1]&0xFFFF0000>>16, ipv6int[1]&0x0000FFFF, + ipv6int[2]&0xFFFF0000>>16, ipv6int[2]&0x0000FFFF, + ipv6int[3]&0xFFFF0000>>16, ipv6int[3]&0x0000FFFF) } /* Records structs implementation */ func NewHeader32(h Header32) *Header32 { return &Header32{ - Size: h.Size, + Size: h.Size, Version: h.Version, - E_type: h.E_type, - E_mod: h.E_mod, - S: h.S, - Msec: h.Msec, + E_type: h.E_type, + E_mod: h.E_mod, + S: h.S, + Msec: h.Msec, } } @@ -499,7 +545,9 @@ func (h *Header32) GetType() uint8 { // TODO : Take *io.Reader as arg? func (h *Header32) LoadFromBinary(rdr *bufio.Reader) error { err := binary.Read(rdr, binary.BigEndian, &h.Size) - if err != nil { return fmt.Errorf("Unable to read Header32.Size: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Header32.Size: %v", err) + } /* Check for recsize sanity: We already read 32 bits + 8 bits */ if h.Size < (4 + 1) { @@ -507,31 +555,40 @@ func (h *Header32) LoadFromBinary(rdr *bufio.Reader) error { } err = binary.Read(rdr, binary.BigEndian, &h.Version) - if err != nil { return fmt.Errorf("Unable to read Header32.Version: %v", err) } - + if err != nil { + return fmt.Errorf("Unable to read Header32.Version: %v", err) + } + err = binary.Read(rdr, binary.BigEndian, &h.E_type) - if err != nil { return fmt.Errorf("Unable to read Header32.E_type: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Header32.E_type: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &h.E_mod) - if err != nil { return fmt.Errorf("Unable to read Header32.E_mod: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Header32.E_mod: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &h.S) - if err != nil { return fmt.Errorf("Unable to read Header32.S: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Header32.S: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &h.Msec) - if err != nil { return fmt.Errorf("Unable to read Header32.Msec: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Header32.Msec: %v", err) + } return nil } - /* Implementation of - static void - print_header32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) +static void +print_header32_tok(FILE *fp, tokenstr_t *tok, char *del, int oflags) */ func (h *Header32) Print(file *os.File, delimiter string, flags int) { var timeval string - if PRT_TIMESTAMP == flags & PRT_TIMESTAMP { + if PRT_TIMESTAMP == flags&PRT_TIMESTAMP { timeval = strconv.Itoa(int(h.S)) } else { t := time.Unix((int64)(h.S), 0) @@ -543,8 +600,8 @@ func (h *Header32) Print(file *os.File, delimiter string, flags int) { return } fmt.Fprintf(file, "header%s%d%s%d%s%s%s%v%s%s%s%d", delimiter, h.Size, delimiter, h.Version, delimiter, - //h.E_type, delimiter, h.E_mod, delimiter, t.Format(time.UnixDate), delimiter, h.Msec) - evdesc, delimiter, h.E_mod, delimiter, timeval, delimiter, h.Msec) + //h.E_type, delimiter, h.E_mod, delimiter, t.Format(time.UnixDate), delimiter, h.Msec) + evdesc, delimiter, h.E_mod, delimiter, timeval, delimiter, h.Msec) if 0 == (flags & PRT_ONELINE) { fmt.Fprintf(file, "\n") } else { @@ -554,8 +611,8 @@ func (h *Header32) Print(file *os.File, delimiter string, flags int) { func NewExecArg(e ExecArg) *ExecArg { return &ExecArg{ - Count: e.Count, - Text: e.Text, + Count: e.Count, + Text: e.Text, } } @@ -565,9 +622,11 @@ func (e *ExecArg) GetType() uint8 { func (e *ExecArg) LoadFromBinary(rdr *bufio.Reader) error { err := binary.Read(rdr, binary.BigEndian, &e.Count) - if err != nil { return fmt.Errorf("Unable to read ExecArg.Count: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read ExecArg.Count: %v", err) + } - for i := uint32(0) ; i < e.Count ; i++ { + for i := uint32(0); i < e.Count; i++ { // Get this arg length arg, err := rdr.ReadBytes((byte)(0x00)) if err != nil { @@ -576,13 +635,13 @@ func (e *ExecArg) LoadFromBinary(rdr *bufio.Reader) error { e.Text = append(e.Text, arg[:len(arg)-1]) } - return nil + return nil } func (e *ExecArg) Print(file *os.File, delimiter string, flags int) { fmt.Fprintf(file, "exec arg%s", delimiter) - for i := uint32(0) ; i < e.Count ; i++ { - if i < e.Count - 1 { + for i := uint32(0); i < e.Count; i++ { + if i < e.Count-1 { fmt.Fprintf(file, "%s%s", string(e.Text[i]), delimiter) } else { fmt.Fprintf(file, "%s", string(e.Text[i])) @@ -597,8 +656,8 @@ func (e *ExecArg) Print(file *os.File, delimiter string, flags int) { func NewPath(p Path) *Path { return &Path{ - Length: p.Length, - Path: p.Path, + Length: p.Length, + Path: p.Path, } } @@ -608,7 +667,9 @@ func (p *Path) GetType() uint8 { func (p *Path) LoadFromBinary(rdr *bufio.Reader) error { err := binary.Read(rdr, binary.BigEndian, &p.Length) - if err != nil { return fmt.Errorf("Unable to read Path.Length: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Path.Length: %v", err) + } arg, err := rdr.ReadBytes((byte)(0x00)) if err != nil { @@ -630,55 +691,67 @@ func (p *Path) Print(file *os.File, delimiter string, flags int) { func NewAttribute32(a Attribute32) *Attribute32 { return &Attribute32{ - Mode: a.Mode, - Uid: a.Uid, - Gid: a.Gid, - Fsid: a.Fsid, - Nid: a.Nid, - Dev: a.Dev, + Mode: a.Mode, + Uid: a.Uid, + Gid: a.Gid, + Fsid: a.Fsid, + Nid: a.Nid, + Dev: a.Dev, } } -func (a* Attribute32) GetType() uint8 { +func (a *Attribute32) GetType() uint8 { return AUT_ATTR32 } func (a *Attribute32) LoadFromBinary(rdr *bufio.Reader) error { err := binary.Read(rdr, binary.BigEndian, &a.Mode) - if err != nil { return fmt.Errorf("Unable to read Attribute32.Mode: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Attribute32.Mode: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &a.Uid) - if err != nil { return fmt.Errorf("Unable to read Attribute32.Uid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Attribute32.Uid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &a.Gid) - if err != nil { return fmt.Errorf("Unable to read Attribute32.Gid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Attribute32.Gid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &a.Fsid) - if err != nil { return fmt.Errorf("Unable to read Attribute32.Fsid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Attribute32.Fsid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &a.Nid) - if err != nil { return fmt.Errorf("Unable to read Attribute32.Nid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Attribute32.Nid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &a.Dev) - if err != nil { return fmt.Errorf("Unable to read Attribute32.Dev: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Attribute32.Dev: %v", err) + } return nil } func (a *Attribute32) Print(file *os.File, delimiter string, flags int) { - var user string - var group string + var user string + var group string - if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER { + if PRT_NORESOLVE_USER == flags&PRT_NORESOLVE_USER { user = strconv.Itoa(int(a.Uid)) group = strconv.Itoa(int(a.Gid)) } else { user, _ = getUserName(a.Uid) group, _ = getGroupName(a.Gid) } - + fmt.Fprintf(file, "attribute%s%o%s%s%s%s%s%v%s%v%s%v", delimiter, a.Mode, delimiter, user, delimiter, - group, delimiter, a.Fsid, delimiter, a.Nid, delimiter, a.Dev) + group, delimiter, a.Fsid, delimiter, a.Nid, delimiter, a.Dev) if 0 == (flags & PRT_ONELINE) { fmt.Fprintf(file, "\n") @@ -689,37 +762,49 @@ func (a *Attribute32) Print(file *os.File, delimiter string, flags int) { func NewAttribute64(a Attribute64) *Attribute64 { return &Attribute64{ - Mode: a.Mode, - Uid: a.Uid, - Gid: a.Gid, - Fsid: a.Fsid, - Nid: a.Nid, - Dev: a.Dev, + Mode: a.Mode, + Uid: a.Uid, + Gid: a.Gid, + Fsid: a.Fsid, + Nid: a.Nid, + Dev: a.Dev, } } -func (a* Attribute64) GetType() uint8 { +func (a *Attribute64) GetType() uint8 { return AUT_ATTR64 } func (a *Attribute64) LoadFromBinary(rdr *bufio.Reader) error { err := binary.Read(rdr, binary.BigEndian, &a.Mode) - if err != nil { return fmt.Errorf("Unable to read Attribute64.Mode: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Attribute64.Mode: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &a.Uid) - if err != nil { return fmt.Errorf("Unable to read Attribute64.Uid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Attribute64.Uid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &a.Gid) - if err != nil { return fmt.Errorf("Unable to read Attribute64.Gid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Attribute64.Gid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &a.Fsid) - if err != nil { return fmt.Errorf("Unable to read Attribute64.Fsid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Attribute64.Fsid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &a.Nid) - if err != nil { return fmt.Errorf("Unable to read Attribute64.Nid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Attribute64.Nid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &a.Dev) - if err != nil { return fmt.Errorf("Unable to read Attribute64.Dev: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Attribute64.Dev: %v", err) + } return nil } @@ -728,15 +813,15 @@ func (a *Attribute64) Print(file *os.File, delimiter string, flags int) { var user string var group string // TODO : resolve Uid and Gid (also support domain accounts) - if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER { - user = strconv.Itoa(int(a.Uid)) - group = strconv.Itoa(int(a.Gid)) + if PRT_NORESOLVE_USER == flags&PRT_NORESOLVE_USER { + user = strconv.Itoa(int(a.Uid)) + group = strconv.Itoa(int(a.Gid)) } else { - user, _ = getUserName(a.Uid) - group, _ = getGroupName(a.Gid) + user, _ = getUserName(a.Uid) + group, _ = getGroupName(a.Gid) } fmt.Fprintf(file, "attribute%s%o%s%v%s%v%s%v%s%v%s%v", delimiter, a.Mode, delimiter, user, delimiter, - group, delimiter, a.Fsid, delimiter, a.Nid, delimiter, a.Dev) + group, delimiter, a.Fsid, delimiter, a.Nid, delimiter, a.Dev) if 0 == (flags & PRT_ONELINE) { fmt.Fprintf(file, "\n") } else { @@ -746,14 +831,14 @@ func (a *Attribute64) Print(file *os.File, delimiter string, flags int) { func NewSubject32(s Subject32) *Subject32 { return &Subject32{ - Auid: s.Auid, - Euid: s.Euid, - Egid: s.Egid, - Ruid: s.Ruid, - Rgid: s.Rgid, - Pid: s.Pid, - Sid: s.Sid, - Tid: s.Tid, + Auid: s.Auid, + Euid: s.Euid, + Egid: s.Egid, + Ruid: s.Ruid, + Rgid: s.Rgid, + Pid: s.Pid, + Sid: s.Sid, + Tid: s.Tid, } } @@ -763,51 +848,65 @@ func (s *Subject32) GetType() uint8 { func (s *Subject32) LoadFromBinary(rdr *bufio.Reader) error { err := binary.Read(rdr, binary.BigEndian, &s.Auid) - if err != nil { return fmt.Errorf("Unable to read Sibject32.Auid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Sibject32.Auid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Euid) - if err != nil { return fmt.Errorf("Unable to read Subject32.Euid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject32.Euid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Egid) - if err != nil { return fmt.Errorf("Unable to read Subject32.Egid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject32.Egid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Ruid) - if err != nil { return fmt.Errorf("Unable to read Subject32.Ruid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject32.Ruid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Rgid) - if err != nil { return fmt.Errorf("Unable to read Subject32.Rgid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject32.Rgid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Sid) - if err != nil { return fmt.Errorf("Unable to read Subject32.Sid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject32.Sid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Tid) - if err != nil { return fmt.Errorf("Unable to read Subject32.Tid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject32.Tid: %v", err) + } return nil } func (s *Subject32) Print(file *os.File, delimiter string, flags int) { - var auser string - var euser string - var egroup string - var ruser string - var rgroup string - if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER { - auser = strconv.Itoa(int(s.Auid)) - euser = strconv.Itoa(int(s.Euid)) - egroup = strconv.Itoa(int(s.Egid)) - ruser = strconv.Itoa(int(s.Ruid)) - rgroup = strconv.Itoa(int(s.Rgid)) + var auser string + var euser string + var egroup string + var ruser string + var rgroup string + if PRT_NORESOLVE_USER == flags&PRT_NORESOLVE_USER { + auser = strconv.Itoa(int(s.Auid)) + euser = strconv.Itoa(int(s.Euid)) + egroup = strconv.Itoa(int(s.Egid)) + ruser = strconv.Itoa(int(s.Ruid)) + rgroup = strconv.Itoa(int(s.Rgid)) } else { - auser, _ = getUserName(s.Auid) - euser, _ = getUserName(s.Euid) - egroup, _ = getGroupName(s.Egid) - ruser, _ = getUserName(s.Ruid) - rgroup, _ = getGroupName(s.Rgid) + auser, _ = getUserName(s.Auid) + euser, _ = getUserName(s.Euid) + egroup, _ = getGroupName(s.Egid) + ruser, _ = getUserName(s.Ruid) + rgroup, _ = getGroupName(s.Rgid) } fmt.Fprintf(file, "subject%s%s%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, auser, delimiter, euser, delimiter, egroup, - delimiter, ruser, delimiter, rgroup, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter, s.Tid.IpVers, - delimiter, PrintIpv4FromInt(s.Tid.Addr)) + delimiter, ruser, delimiter, rgroup, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter, s.Tid.IpVers, + delimiter, PrintIpv4FromInt(s.Tid.Addr)) if 0 == (flags & PRT_ONELINE) { fmt.Fprintf(file, "\n") } else { @@ -817,14 +916,14 @@ func (s *Subject32) Print(file *os.File, delimiter string, flags int) { func NewProcess32(s Process32) *Process32 { return &Process32{ - Auid: s.Auid, - Euid: s.Euid, - Egid: s.Egid, - Ruid: s.Ruid, - Rgid: s.Rgid, - Pid: s.Pid, - Sid: s.Sid, - Tid: s.Tid, + Auid: s.Auid, + Euid: s.Euid, + Egid: s.Egid, + Ruid: s.Ruid, + Rgid: s.Rgid, + Pid: s.Pid, + Sid: s.Sid, + Tid: s.Tid, } } @@ -834,51 +933,65 @@ func (p *Process32) GetType() uint8 { func (p *Process32) LoadFromBinary(rdr *bufio.Reader) error { err := binary.Read(rdr, binary.BigEndian, &p.Auid) - if err != nil { return fmt.Errorf("Unable to read Process32.Auid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process32.Auid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Euid) - if err != nil { return fmt.Errorf("Unable to read Process32.Euid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process32.Euid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Egid) - if err != nil { return fmt.Errorf("Unable to read Process32.Egid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process32.Egid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Ruid) - if err != nil { return fmt.Errorf("Unable to read Process32.Ruid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process32.Ruid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Rgid) - if err != nil { return fmt.Errorf("Unable to read Process32.Rgid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process32.Rgid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Sid) - if err != nil { return fmt.Errorf("Unable to read Process32.Sid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process32.Sid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Tid) - if err != nil { return fmt.Errorf("Unable to read Process32.Tid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process32.Tid: %v", err) + } return nil } func (p *Process32) Print(file *os.File, delimiter string, flags int) { - var auser string - var euser string - var egroup string - var ruser string - var rgroup string - if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER { - auser = strconv.Itoa(int(p.Auid)) - euser = strconv.Itoa(int(p.Euid)) - egroup = strconv.Itoa(int(p.Egid)) - ruser = strconv.Itoa(int(p.Ruid)) - rgroup = strconv.Itoa(int(p.Rgid)) + var auser string + var euser string + var egroup string + var ruser string + var rgroup string + if PRT_NORESOLVE_USER == flags&PRT_NORESOLVE_USER { + auser = strconv.Itoa(int(p.Auid)) + euser = strconv.Itoa(int(p.Euid)) + egroup = strconv.Itoa(int(p.Egid)) + ruser = strconv.Itoa(int(p.Ruid)) + rgroup = strconv.Itoa(int(p.Rgid)) } else { - auser, _ = getUserName(p.Auid) - euser, _ = getUserName(p.Euid) - egroup, _ = getGroupName(p.Egid) - ruser, _ = getUserName(p.Ruid) - rgroup, _ = getGroupName(p.Rgid) + auser, _ = getUserName(p.Auid) + euser, _ = getUserName(p.Euid) + egroup, _ = getGroupName(p.Egid) + ruser, _ = getUserName(p.Ruid) + rgroup, _ = getGroupName(p.Rgid) } fmt.Fprintf(file, "process%s%s%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, auser, delimiter, euser, delimiter, egroup, - delimiter, ruser, delimiter, rgroup, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter, p.Tid.IpVers, - delimiter, PrintIpv4FromInt(p.Tid.Addr)) + delimiter, ruser, delimiter, rgroup, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter, p.Tid.IpVers, + delimiter, PrintIpv4FromInt(p.Tid.Addr)) if 0 == (flags & PRT_ONELINE) { fmt.Fprintf(file, "\n") } else { @@ -888,14 +1001,14 @@ func (p *Process32) Print(file *os.File, delimiter string, flags int) { func NewSubject32Ex(s Subject32Ex) *Subject32Ex { return &Subject32Ex{ - Auid: s.Auid, - Euid: s.Euid, - Egid: s.Egid, - Ruid: s.Ruid, - Rgid: s.Rgid, - Pid: s.Pid, - Sid: s.Sid, - Tid: s.Tid, + Auid: s.Auid, + Euid: s.Euid, + Egid: s.Egid, + Ruid: s.Ruid, + Rgid: s.Rgid, + Pid: s.Pid, + Sid: s.Sid, + Tid: s.Tid, } } @@ -906,62 +1019,84 @@ func (s *Subject32Ex) GetType() uint8 { func (s *Subject32Ex) LoadFromBinary(rdr *bufio.Reader) error { err := binary.Read(rdr, binary.BigEndian, &s.Auid) - if err != nil { return fmt.Errorf("Unable to read Sibject32Ex.Auid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Sibject32Ex.Auid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Euid) - if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Euid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject32Ex.Euid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Egid) - if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Egid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject32Ex.Egid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Ruid) - if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Ruid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject32Ex.Ruid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Rgid) - if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Rgid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject32Ex.Rgid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Sid) - if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Sid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject32Ex.Sid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Tid.Port) - if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid.Port: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject32Ex.Tid.Port: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Tid.Ttype) - if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid.Ttype: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject32Ex.Tid.Ttype: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Tid.IpVers) - if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid.IpVers: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject32Ex.Tid.IpVers: %v", err) + } if s.Tid.IpVers == 0x10 { err = binary.Read(rdr, binary.BigEndian, &s.Tid.Addr6) - if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid.Addr6: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject32Ex.Tid.Addr6: %v", err) + } } else if s.Tid.IpVers == 0x04 { err = binary.Read(rdr, binary.BigEndian, &s.Tid.Addr4) - if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid.Addr4: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject32Ex.Tid.Addr4: %v", err) + } } return nil } func (s *Subject32Ex) Print(file *os.File, delimiter string, flags int) { - var auser string - var euser string - var egroup string - var ruser string - var rgroup string - var ip string - if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER { - auser = strconv.Itoa(int(s.Auid)) - euser = strconv.Itoa(int(s.Euid)) - egroup = strconv.Itoa(int(s.Egid)) - ruser = strconv.Itoa(int(s.Ruid)) - rgroup = strconv.Itoa(int(s.Rgid)) + var auser string + var euser string + var egroup string + var ruser string + var rgroup string + var ip string + if PRT_NORESOLVE_USER == flags&PRT_NORESOLVE_USER { + auser = strconv.Itoa(int(s.Auid)) + euser = strconv.Itoa(int(s.Euid)) + egroup = strconv.Itoa(int(s.Egid)) + ruser = strconv.Itoa(int(s.Ruid)) + rgroup = strconv.Itoa(int(s.Rgid)) } else { - auser, _ = getUserName(s.Auid) - euser, _ = getUserName(s.Euid) - egroup, _ = getGroupName(s.Egid) - ruser, _ = getUserName(s.Ruid) - rgroup, _ = getGroupName(s.Rgid) + auser, _ = getUserName(s.Auid) + euser, _ = getUserName(s.Euid) + egroup, _ = getGroupName(s.Egid) + ruser, _ = getUserName(s.Ruid) + rgroup, _ = getGroupName(s.Rgid) } if s.Tid.IpVers == 0x04 { ip = PrintIpv4FromInt(s.Tid.Addr4) @@ -969,9 +1104,9 @@ func (s *Subject32Ex) Print(file *os.File, delimiter string, flags int) { ip = PrintIpv6FromInt(s.Tid.Addr6) } fmt.Fprintf(file, "subject_ex%s%s%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, auser, delimiter, euser, - delimiter, egroup, delimiter, ruser, delimiter, rgroup, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter, - s.Tid.Ttype, delimiter, ip) - + delimiter, egroup, delimiter, ruser, delimiter, rgroup, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter, + s.Tid.Ttype, delimiter, ip) + if 0 == (flags & PRT_ONELINE) { fmt.Fprintf(file, "\n") } else { @@ -981,14 +1116,14 @@ func (s *Subject32Ex) Print(file *os.File, delimiter string, flags int) { func NewProcess32Ex(p Process32Ex) *Process32Ex { return &Process32Ex{ - Auid: p.Auid, - Euid: p.Euid, - Egid: p.Egid, - Ruid: p.Ruid, - Rgid: p.Rgid, - Pid: p.Pid, - Sid: p.Sid, - Tid: p.Tid, + Auid: p.Auid, + Euid: p.Euid, + Egid: p.Egid, + Ruid: p.Ruid, + Rgid: p.Rgid, + Pid: p.Pid, + Sid: p.Sid, + Tid: p.Tid, } } @@ -999,64 +1134,86 @@ func (s *Process32Ex) GetType() uint8 { func (p *Process32Ex) LoadFromBinary(rdr *bufio.Reader) error { err := binary.Read(rdr, binary.BigEndian, &p.Auid) - if err != nil { return fmt.Errorf("Unable to read Process32Ex.Auid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process32Ex.Auid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Euid) - if err != nil { return fmt.Errorf("Unable to read Process32Ex.Euid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process32Ex.Euid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Egid) - if err != nil { return fmt.Errorf("Unable to read Process32Ex.Egid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process32Ex.Egid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Ruid) - if err != nil { return fmt.Errorf("Unable to read Process32Ex.Ruid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process32Ex.Ruid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Rgid) - if err != nil { return fmt.Errorf("Unable to read Process32Ex.Rgid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process32Ex.Rgid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Sid) - if err != nil { return fmt.Errorf("Unable to read Process32Ex.Sid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process32Ex.Sid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Tid.Port) - if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid.Port: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process32Ex.Tid.Port: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Tid.Ttype) - if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid.Ttype: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process32Ex.Tid.Ttype: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Tid.IpVers) - if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid.IpVers: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process32Ex.Tid.IpVers: %v", err) + } if p.Tid.IpVers == 0x10 { err = binary.Read(rdr, binary.BigEndian, &p.Tid.Addr6) - if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid.Addr6: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process32Ex.Tid.Addr6: %v", err) + } } else if p.Tid.IpVers == 0x04 { err = binary.Read(rdr, binary.BigEndian, &p.Tid.Addr4) - if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid.Addr4: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process32Ex.Tid.Addr4: %v", err) + } } return nil } func (p *Process32Ex) Print(file *os.File, delimiter string, flags int) { - var auser string - var euser string - var egroup string - var ruser string - var rgroup string - var ip string - if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER { - auser = strconv.Itoa(int(p.Auid)) - euser = strconv.Itoa(int(p.Euid)) - egroup = strconv.Itoa(int(p.Egid)) - ruser = strconv.Itoa(int(p.Ruid)) - rgroup = strconv.Itoa(int(p.Rgid)) + var auser string + var euser string + var egroup string + var ruser string + var rgroup string + var ip string + if PRT_NORESOLVE_USER == flags&PRT_NORESOLVE_USER { + auser = strconv.Itoa(int(p.Auid)) + euser = strconv.Itoa(int(p.Euid)) + egroup = strconv.Itoa(int(p.Egid)) + ruser = strconv.Itoa(int(p.Ruid)) + rgroup = strconv.Itoa(int(p.Rgid)) } else { - auser, _ = getUserName(p.Auid) - euser, _ = getUserName(p.Euid) - egroup, _ = getGroupName(p.Egid) - ruser, _ = getUserName(p.Ruid) - rgroup, _ = getGroupName(p.Rgid) + auser, _ = getUserName(p.Auid) + euser, _ = getUserName(p.Euid) + egroup, _ = getGroupName(p.Egid) + ruser, _ = getUserName(p.Ruid) + rgroup, _ = getGroupName(p.Rgid) } - + if p.Tid.IpVers == 0x04 { ip = PrintIpv4FromInt(p.Tid.Addr4) } else { @@ -1064,9 +1221,9 @@ func (p *Process32Ex) Print(file *os.File, delimiter string, flags int) { } fmt.Fprintf(file, "process_ex%s%s%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, auser, delimiter, euser, - delimiter, egroup, delimiter, ruser, delimiter, rgroup, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter, - p.Tid.Ttype, delimiter, ip) - + delimiter, egroup, delimiter, ruser, delimiter, rgroup, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter, + p.Tid.Ttype, delimiter, ip) + if 0 == (flags & PRT_ONELINE) { fmt.Fprintf(file, "\n") } else { @@ -1076,14 +1233,14 @@ func (p *Process32Ex) Print(file *os.File, delimiter string, flags int) { func NewSubject64(s Subject64) *Subject64 { return &Subject64{ - Auid: s.Auid, - Euid: s.Euid, - Egid: s.Egid, - Ruid: s.Ruid, - Rgid: s.Rgid, - Pid: s.Pid, - Sid: s.Sid, - Tid: s.Tid, + Auid: s.Auid, + Euid: s.Euid, + Egid: s.Egid, + Ruid: s.Ruid, + Rgid: s.Rgid, + Pid: s.Pid, + Sid: s.Sid, + Tid: s.Tid, } } @@ -1093,51 +1250,65 @@ func (s *Subject64) GetType() uint8 { func (s *Subject64) LoadFromBinary(rdr *bufio.Reader) error { err := binary.Read(rdr, binary.BigEndian, &s.Auid) - if err != nil { return fmt.Errorf("Unable to read Sibject64.Auid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Sibject64.Auid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Euid) - if err != nil { return fmt.Errorf("Unable to read Subject64.Euid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject64.Euid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Egid) - if err != nil { return fmt.Errorf("Unable to read Subject64.Egid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject64.Egid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Ruid) - if err != nil { return fmt.Errorf("Unable to read Subject64.Ruid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject64.Ruid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Rgid) - if err != nil { return fmt.Errorf("Unable to read Subject64.Rgid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject64.Rgid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Sid) - if err != nil { return fmt.Errorf("Unable to read Subject64.Sid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject64.Sid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Tid) - if err != nil { return fmt.Errorf("Unable to read Subject64.Tid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject64.Tid: %v", err) + } return nil } func (s *Subject64) Print(file *os.File, delimiter string, flags int) { - var auser string - var euser string - var egroup string - var ruser string - var rgroup string - if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER { - auser = strconv.Itoa(int(s.Auid)) - euser = strconv.Itoa(int(s.Euid)) - egroup = strconv.Itoa(int(s.Egid)) - ruser = strconv.Itoa(int(s.Ruid)) - rgroup = strconv.Itoa(int(s.Rgid)) + var auser string + var euser string + var egroup string + var ruser string + var rgroup string + if PRT_NORESOLVE_USER == flags&PRT_NORESOLVE_USER { + auser = strconv.Itoa(int(s.Auid)) + euser = strconv.Itoa(int(s.Euid)) + egroup = strconv.Itoa(int(s.Egid)) + ruser = strconv.Itoa(int(s.Ruid)) + rgroup = strconv.Itoa(int(s.Rgid)) } else { - auser, _ = getUserName(s.Auid) - euser, _ = getUserName(s.Euid) - egroup, _ = getGroupName(s.Egid) - ruser, _ = getUserName(s.Ruid) - rgroup, _ = getGroupName(s.Rgid) + auser, _ = getUserName(s.Auid) + euser, _ = getUserName(s.Euid) + egroup, _ = getGroupName(s.Egid) + ruser, _ = getUserName(s.Ruid) + rgroup, _ = getGroupName(s.Rgid) } fmt.Fprintf(file, "subject%s%s%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, auser, delimiter, euser, delimiter, egroup, - delimiter, ruser, delimiter, rgroup, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter, s.Tid.IpVers, - delimiter, PrintIpv4FromInt(s.Tid.Addr)) + delimiter, ruser, delimiter, rgroup, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter, s.Tid.IpVers, + delimiter, PrintIpv4FromInt(s.Tid.Addr)) if 0 == (flags & PRT_ONELINE) { fmt.Fprintf(file, "\n") } else { @@ -1147,14 +1318,14 @@ func (s *Subject64) Print(file *os.File, delimiter string, flags int) { func NewProcess64(p Process64) *Process64 { return &Process64{ - Auid: p.Auid, - Euid: p.Euid, - Egid: p.Egid, - Ruid: p.Ruid, - Rgid: p.Rgid, - Pid: p.Pid, - Sid: p.Sid, - Tid: p.Tid, + Auid: p.Auid, + Euid: p.Euid, + Egid: p.Egid, + Ruid: p.Ruid, + Rgid: p.Rgid, + Pid: p.Pid, + Sid: p.Sid, + Tid: p.Tid, } } @@ -1164,51 +1335,65 @@ func (s *Process64) GetType() uint8 { func (p *Process64) LoadFromBinary(rdr *bufio.Reader) error { err := binary.Read(rdr, binary.BigEndian, &p.Auid) - if err != nil { return fmt.Errorf("Unable to read Process64.Auid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process64.Auid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Euid) - if err != nil { return fmt.Errorf("Unable to read Process64.Euid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process64.Euid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Egid) - if err != nil { return fmt.Errorf("Unable to read Process64.Egid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process64.Egid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Ruid) - if err != nil { return fmt.Errorf("Unable to read Process64.Ruid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process64.Ruid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Rgid) - if err != nil { return fmt.Errorf("Unable to read Process64.Rgid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process64.Rgid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Sid) - if err != nil { return fmt.Errorf("Unable to read Process64.Sid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process64.Sid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Tid) - if err != nil { return fmt.Errorf("Unable to read Process64.Tid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process64.Tid: %v", err) + } return nil } func (p *Process64) Print(file *os.File, delimiter string, flags int) { - var auser string - var euser string - var egroup string - var ruser string - var rgroup string - if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER { - auser = strconv.Itoa(int(p.Auid)) - euser = strconv.Itoa(int(p.Euid)) - egroup = strconv.Itoa(int(p.Egid)) - ruser = strconv.Itoa(int(p.Ruid)) - rgroup = strconv.Itoa(int(p.Rgid)) + var auser string + var euser string + var egroup string + var ruser string + var rgroup string + if PRT_NORESOLVE_USER == flags&PRT_NORESOLVE_USER { + auser = strconv.Itoa(int(p.Auid)) + euser = strconv.Itoa(int(p.Euid)) + egroup = strconv.Itoa(int(p.Egid)) + ruser = strconv.Itoa(int(p.Ruid)) + rgroup = strconv.Itoa(int(p.Rgid)) } else { - auser, _ = getUserName(p.Auid) - euser, _ = getUserName(p.Euid) - egroup, _ = getGroupName(p.Egid) - ruser, _ = getUserName(p.Ruid) - rgroup, _ = getGroupName(p.Rgid) + auser, _ = getUserName(p.Auid) + euser, _ = getUserName(p.Euid) + egroup, _ = getGroupName(p.Egid) + ruser, _ = getUserName(p.Ruid) + rgroup, _ = getGroupName(p.Rgid) } fmt.Fprintf(file, "process%s%s%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, auser, delimiter, euser, delimiter, egroup, - delimiter, ruser, delimiter, rgroup, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter, p.Tid.IpVers, - delimiter, PrintIpv4FromInt(p.Tid.Addr)) + delimiter, ruser, delimiter, rgroup, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter, p.Tid.IpVers, + delimiter, PrintIpv4FromInt(p.Tid.Addr)) if 0 == (flags & PRT_ONELINE) { fmt.Fprintf(file, "\n") } else { @@ -1218,14 +1403,14 @@ func (p *Process64) Print(file *os.File, delimiter string, flags int) { func NewSubject64Ex(s Subject64Ex) *Subject64Ex { return &Subject64Ex{ - Auid: s.Auid, - Euid: s.Euid, - Egid: s.Egid, - Ruid: s.Ruid, - Rgid: s.Rgid, - Pid: s.Pid, - Sid: s.Sid, - Tid: s.Tid, + Auid: s.Auid, + Euid: s.Euid, + Egid: s.Egid, + Ruid: s.Ruid, + Rgid: s.Rgid, + Pid: s.Pid, + Sid: s.Sid, + Tid: s.Tid, } } @@ -1235,73 +1420,95 @@ func (s *Subject64Ex) GetType() uint8 { func (s *Subject64Ex) LoadFromBinary(rdr *bufio.Reader) error { err := binary.Read(rdr, binary.BigEndian, &s.Auid) - if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Auid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject64Ex.Auid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Euid) - if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Euid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject64Ex.Euid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Egid) - if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Egid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject64Ex.Egid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Ruid) - if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Ruid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject64Ex.Ruid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Rgid) - if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Rgid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject64Ex.Rgid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Sid) - if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Sid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject64Ex.Sid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Tid.Port) - if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid.Port: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject64Ex.Tid.Port: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Tid.Ttype) - if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid.Ttype: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject64Ex.Tid.Ttype: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &s.Tid.IpVers) - if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid.IpVers: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject64Ex.Tid.IpVers: %v", err) + } - if s.Tid.IpVers == 0x10 { + if s.Tid.IpVers == ISIPV6 { err = binary.Read(rdr, binary.BigEndian, &s.Tid.Addr6) - if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid.Addr6: %v", err) } - } else if s.Tid.IpVers == 0x04 { + if err != nil { + return fmt.Errorf("Unable to read Subject64Ex.Tid.Addr6: %v", err) + } + } else if s.Tid.IpVers == ISIPV4 { err = binary.Read(rdr, binary.BigEndian, &s.Tid.Addr4) - if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid.Addr4: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Subject64Ex.Tid.Addr4: %v", err) + } } return nil } func (s *Subject64Ex) Print(file *os.File, delimiter string, flags int) { - var auser string - var euser string - var egroup string - var ruser string - var rgroup string - var ip string - if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER { - auser = strconv.Itoa(int(s.Auid)) - euser = strconv.Itoa(int(s.Euid)) - egroup = strconv.Itoa(int(s.Egid)) - ruser = strconv.Itoa(int(s.Ruid)) - rgroup = strconv.Itoa(int(s.Rgid)) + var auser string + var euser string + var egroup string + var ruser string + var rgroup string + var ip string + if PRT_NORESOLVE_USER == flags&PRT_NORESOLVE_USER { + auser = strconv.Itoa(int(s.Auid)) + euser = strconv.Itoa(int(s.Euid)) + egroup = strconv.Itoa(int(s.Egid)) + ruser = strconv.Itoa(int(s.Ruid)) + rgroup = strconv.Itoa(int(s.Rgid)) } else { - auser, _ = getUserName(s.Auid) - euser, _ = getUserName(s.Euid) - egroup, _ = getGroupName(s.Egid) - ruser, _ = getUserName(s.Ruid) - rgroup, _ = getGroupName(s.Rgid) + auser, _ = getUserName(s.Auid) + euser, _ = getUserName(s.Euid) + egroup, _ = getGroupName(s.Egid) + ruser, _ = getUserName(s.Ruid) + rgroup, _ = getGroupName(s.Rgid) } - if s.Tid.IpVers == 0x04 { + if s.Tid.IpVers == ISIPV4 { ip = PrintIpv4FromInt(s.Tid.Addr4) } else { ip = PrintIpv6FromInt(s.Tid.Addr6) } fmt.Fprintf(file, "subject_ex%s%s%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, auser, delimiter, euser, - delimiter, egroup, delimiter, ruser, delimiter, rgroup, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter, - s.Tid.Ttype, delimiter, ip) - + delimiter, egroup, delimiter, ruser, delimiter, rgroup, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter, + s.Tid.Ttype, delimiter, ip) + if 0 == (flags & PRT_ONELINE) { fmt.Fprintf(file, "\n") } else { @@ -1311,14 +1518,14 @@ func (s *Subject64Ex) Print(file *os.File, delimiter string, flags int) { func NewProcess64Ex(p Process64Ex) *Process64Ex { return &Process64Ex{ - Auid: p.Auid, - Euid: p.Euid, - Egid: p.Egid, - Ruid: p.Ruid, - Rgid: p.Rgid, - Pid: p.Pid, - Sid: p.Sid, - Tid: p.Tid, + Auid: p.Auid, + Euid: p.Euid, + Egid: p.Egid, + Ruid: p.Ruid, + Rgid: p.Rgid, + Pid: p.Pid, + Sid: p.Sid, + Tid: p.Tid, } } @@ -1328,62 +1535,84 @@ func (p *Process64Ex) GetType() uint8 { func (p *Process64Ex) LoadFromBinary(rdr *bufio.Reader) error { err := binary.Read(rdr, binary.BigEndian, &p.Auid) - if err != nil { return fmt.Errorf("Unable to read Process64Ex.Auid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process64Ex.Auid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Euid) - if err != nil { return fmt.Errorf("Unable to read Process64Ex.Euid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process64Ex.Euid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Egid) - if err != nil { return fmt.Errorf("Unable to read Process64Ex.Egid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process64Ex.Egid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Ruid) - if err != nil { return fmt.Errorf("Unable to read Process64Ex.Ruid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process64Ex.Ruid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Rgid) - if err != nil { return fmt.Errorf("Unable to read Process64Ex.Rgid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process64Ex.Rgid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Sid) - if err != nil { return fmt.Errorf("Unable to read Process64Ex.Sid: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process64Ex.Sid: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Tid.Port) - if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid.Port: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process64Ex.Tid.Port: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Tid.Ttype) - if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid.Ttype: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process64Ex.Tid.Ttype: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &p.Tid.IpVers) - if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid.IpVers: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process64Ex.Tid.IpVers: %v", err) + } if p.Tid.IpVers == 0x10 { err = binary.Read(rdr, binary.BigEndian, &p.Tid.Addr6) - if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid.Addr6: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process64Ex.Tid.Addr6: %v", err) + } } else if p.Tid.IpVers == 0x04 { err = binary.Read(rdr, binary.BigEndian, &p.Tid.Addr4) - if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid.Addr4: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Process64Ex.Tid.Addr4: %v", err) + } } return nil } func (p *Process64Ex) Print(file *os.File, delimiter string, flags int) { - var auser string - var euser string - var egroup string - var ruser string - var rgroup string - var ip string - if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER { - auser = strconv.Itoa(int(p.Auid)) - euser = strconv.Itoa(int(p.Euid)) - egroup = strconv.Itoa(int(p.Egid)) - ruser = strconv.Itoa(int(p.Ruid)) - rgroup = strconv.Itoa(int(p.Rgid)) + var auser string + var euser string + var egroup string + var ruser string + var rgroup string + var ip string + if PRT_NORESOLVE_USER == flags&PRT_NORESOLVE_USER { + auser = strconv.Itoa(int(p.Auid)) + euser = strconv.Itoa(int(p.Euid)) + egroup = strconv.Itoa(int(p.Egid)) + ruser = strconv.Itoa(int(p.Ruid)) + rgroup = strconv.Itoa(int(p.Rgid)) } else { - auser, _ = getUserName(p.Auid) - euser, _ = getUserName(p.Euid) - egroup, _ = getGroupName(p.Egid) - ruser, _ = getUserName(p.Ruid) - rgroup, _ = getGroupName(p.Rgid) + auser, _ = getUserName(p.Auid) + euser, _ = getUserName(p.Euid) + egroup, _ = getGroupName(p.Egid) + ruser, _ = getUserName(p.Ruid) + rgroup, _ = getGroupName(p.Rgid) } if p.Tid.IpVers == 0x04 { ip = PrintIpv4FromInt(p.Tid.Addr4) @@ -1392,9 +1621,9 @@ func (p *Process64Ex) Print(file *os.File, delimiter string, flags int) { } fmt.Fprintf(file, "process_ex%s%s%s%s%s%s%s%s%s%s%s%v%s%v%s%v%s%s", delimiter, auser, delimiter, euser, - delimiter, egroup, delimiter, ruser, delimiter, rgroup, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter, - p.Tid.Ttype, delimiter, ip) - + delimiter, egroup, delimiter, ruser, delimiter, rgroup, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter, + p.Tid.Ttype, delimiter, ip) + if 0 == (flags & PRT_ONELINE) { fmt.Fprintf(file, "\n") } else { @@ -1404,8 +1633,8 @@ func (p *Process64Ex) Print(file *os.File, delimiter string, flags int) { func NewReturn32(r Return32) *Return32 { return &Return32{ - Status: r.Status, - Ret: r.Ret, + Status: r.Status, + Ret: r.Ret, } } @@ -1415,27 +1644,36 @@ func (r *Return32) GetType() uint8 { func (r *Return32) LoadFromBinary(rdr *bufio.Reader) error { err := binary.Read(rdr, binary.BigEndian, &r.Status) - if err != nil { return fmt.Errorf("Unable to read Return32.Status: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Return32.Status: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &r.Ret) - if err != nil { return fmt.Errorf("Unable to read Return32.Ret: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Return32.Ret: %v", err) + } return nil } func (r *Return32) Print(file *os.File, delimiter string, flags int) { - fmt.Fprintf(file, "return%s%v%s%v", delimiter, r.Status, delimiter, r.Ret) - if 0 == (flags & PRT_ONELINE) { - fmt.Fprintf(file, "\n") + errNo, err := lookupErrno(r.Status) + if err == nil { + fmt.Fprintf(file, "return%s%s%s%v", delimiter, errNo.StrError, delimiter, r.Ret) + if 0 == (flags & PRT_ONELINE) { + fmt.Fprintf(file, "\n") + } else { + fmt.Fprintf(file, "%s", delimiter) + } } else { - fmt.Fprintf(file, "%s", delimiter) + fmt.Fprintf(file, "return%sgodit error: error code not found(%v)%s%s%v", delimiter, r.Status, delimiter, r.Ret) } } func NewReturn64(r Return64) *Return64 { return &Return64{ - Status: r.Status, - Ret: r.Ret, + Status: r.Status, + Ret: r.Ret, } } @@ -1445,10 +1683,14 @@ func (r *Return64) GetType() uint8 { func (r *Return64) LoadFromBinary(rdr *bufio.Reader) error { err := binary.Read(rdr, binary.BigEndian, &r.Status) - if err != nil { return fmt.Errorf("Unable to read Return64.Status: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Return64.Status: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &r.Ret) - if err != nil { return fmt.Errorf("Unable to read Return64.Ret: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Return64.Ret: %v", err) + } return nil } @@ -1464,8 +1706,8 @@ func (r *Return64) Print(file *os.File, delimiter string, flags int) { func NewTrailer(t Trailer) *Trailer { return &Trailer{ - Magic: t.Magic, - Count: t.Count, + Magic: t.Magic, + Count: t.Count, } } @@ -1475,26 +1717,30 @@ func (t *Trailer) GetType() uint8 { func (t *Trailer) LoadFromBinary(rdr *bufio.Reader) error { err := binary.Read(rdr, binary.BigEndian, &t.Magic) - if err != nil { return fmt.Errorf("Unable to read Trailer.Magic: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Trailer.Magic: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &t.Count) - if err != nil { return fmt.Errorf("Unable to read Trailer.Count: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Trailer.Count: %v", err) + } return nil } func (t *Trailer) Print(file *os.File, delimiter string, flags int) { fmt.Fprintf(file, "trailer%s%v", delimiter, t.Count) -// The trailer close the record print, whatever the oneLine flag value + // The trailer close the record print, whatever the oneLine flag value fmt.Fprintf(file, "\n") } func NewArg32(a Arg32) *Arg32 { return &Arg32{ - No: a.No, - Val: a.Val, - Length: a.Length, - Text: a.Text, + No: a.No, + Val: a.Val, + Length: a.Length, + Text: a.Text, } } @@ -1504,13 +1750,19 @@ func (a *Arg32) GetType() uint8 { func (a *Arg32) LoadFromBinary(rdr *bufio.Reader) error { err := binary.Read(rdr, binary.BigEndian, &a.No) - if err != nil { return fmt.Errorf("Unable to read Arg32.No: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Arg32.No: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &a.Val) - if err != nil { return fmt.Errorf("Unable to read Arg32.Val: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Arg32.Val: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &a.Length) - if err != nil { return fmt.Errorf("Unable to read Arg32.Length: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Arg32.Length: %v", err) + } // Search for null terminating byte arg, err := rdr.ReadBytes((byte)(0x00)) @@ -1533,10 +1785,10 @@ func (a *Arg32) Print(file *os.File, delimiter string, flags int) { func NewArg64(a Arg64) *Arg64 { return &Arg64{ - No: a.No, - Val: a.Val, - Length: a.Length, - Text: a.Text, + No: a.No, + Val: a.Val, + Length: a.Length, + Text: a.Text, } } @@ -1546,13 +1798,19 @@ func (a *Arg64) GetType() uint8 { func (a *Arg64) LoadFromBinary(rdr *bufio.Reader) error { err := binary.Read(rdr, binary.BigEndian, &a.No) - if err != nil { return fmt.Errorf("Unable to read Arg64.No: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Arg64.No: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &a.Val) - if err != nil { return fmt.Errorf("Unable to read Arg64.Val: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Arg64.Val: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &a.Length) - if err != nil { return fmt.Errorf("Unable to read Arg64.Length: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Arg64.Length: %v", err) + } // Search for null terminating byte arg, err := rdr.ReadBytes((byte)(0x00)) @@ -1573,10 +1831,220 @@ func (a *Arg64) Print(file *os.File, delimiter string, flags int) { } } +func NewSocketEx(s SocketEx) *SocketEx { + return &SocketEx{ + Domain: s.Domain, + SockType: s.SockType, + AddrType: s.AddrType, + LocalPort: s.LocalPort, + LocalAddr4: s.LocalAddr4, + LocalAddr6: s.LocalAddr6, + RemotePort: s.RemotePort, + RemoteAddr4: s.RemoteAddr4, + RemoteAddr6: s.RemoteAddr6, + } +} + +func (s *SocketEx) GetType() uint8 { + return AUT_SOCKET_EX +} + +func (s *SocketEx) LoadFromBinary(rdr *bufio.Reader) error { + err := binary.Read(rdr, binary.BigEndian, &s.Domain) + if err != nil { + return fmt.Errorf("Unable to read SocketEx.Domain: %v", err) + } + + err = binary.Read(rdr, binary.BigEndian, &s.SockType) + if err != nil { + return fmt.Errorf("Unable to read SocketEx.SockType: %v", err) + } + + err = binary.Read(rdr, binary.BigEndian, &s.AddrType) + if err != nil { + return fmt.Errorf("Unable to read SocketEx.AddrType: %v", err) + } + + err = binary.Read(rdr, binary.BigEndian, &s.LocalPort) + if err != nil { + return fmt.Errorf("Unable to read SocketEx.LocalPort: %v", err) + } + + if s.AddrType == ISIPV4 { + err = binary.Read(rdr, binary.BigEndian, &s.LocalAddr4) + if err != nil { + return fmt.Errorf("Unable to read SocketEx.LocalAddr4: %v", err) + } + } else if s.AddrType == ISIPV6 { + err = binary.Read(rdr, binary.BigEndian, &s.LocalAddr6) + if err != nil { + return fmt.Errorf("Unable to read SocketEx.LocalAddr6: %v", err) + } + } + + err = binary.Read(rdr, binary.BigEndian, &s.RemotePort) + if err != nil { + return fmt.Errorf("Unable to read SocketEx.RemotePort: %v", err) + } + + if s.AddrType == ISIPV4 { + err = binary.Read(rdr, binary.BigEndian, &s.RemoteAddr4) + if err != nil { + return fmt.Errorf("Unable to read SocketEx.RemoteAddr4: %v", err) + } + } else if s.AddrType == ISIPV6 { + err = binary.Read(rdr, binary.BigEndian, &s.RemoteAddr6) + if err != nil { + return fmt.Errorf("Unable to read SocketEx.RemoteAddr6: %v", err) + } + } else { + // TODO: Invalid packet + } + + return nil +} + +func (s *SocketEx) Print(file *os.File, delimiter string, flags int) { + var lip string + var rip string + if s.AddrType == ISIPV4 { + lip = PrintIpv4FromInt(s.LocalAddr4) + rip = PrintIpv4FromInt(s.RemoteAddr4) + } else if s.AddrType == ISIPV6 { + lip = PrintIpv6FromInt(s.LocalAddr6) + rip = PrintIpv6FromInt(s.RemoteAddr6) + } else { + // TODO : Handle error + } + fmt.Fprintf(file, "socket%s%v%s%v%s%v%s%s%s%v%s%s", delimiter, s.Domain, delimiter, s.SockType, delimiter, s.LocalPort, delimiter, + lip, delimiter, s.RemotePort, delimiter, rip) + if 0 == (flags & PRT_ONELINE) { + fmt.Fprintf(file, "\n") + } else { + fmt.Fprintf(file, "%s", delimiter) + } +} + +func NewSockInet32(s SockInet32) *SockInet32 { + return &SockInet32{ + Family: s.Family, + Lport: s.Lport, + Addr4: s.Addr4, + } +} + +func (s *SockInet32) GetType() uint8 { + return AUT_SOCKINET32 +} + +func (s *SockInet32) LoadFromBinary(rdr *bufio.Reader) error { + err := binary.Read(rdr, binary.BigEndian, &s.Family) + if err != nil { + return fmt.Errorf("Unable to read SockInet32.Family: %v", err) + } + + err = binary.Read(rdr, binary.BigEndian, &s.Lport) + if err != nil { + return fmt.Errorf("Unable to read SockInet32.Lport: %v", err) + } + + err = binary.Read(rdr, binary.BigEndian, &s.Addr4) + if err != nil { + return fmt.Errorf("Unable to read SockInet32.Addr4: %v", err) + } + + return nil +} + +func (s *SockInet32) Print(file *os.File, delimiter string, flags int) { + fmt.Fprintf(file, "socket-inet%s%v%s%v%s%s", delimiter, s.Family, delimiter, s.Lport, delimiter, PrintIpv4FromInt(s.Addr4)) + if 0 == (flags & PRT_ONELINE) { + fmt.Fprintf(file, "\n") + } else { + fmt.Fprintf(file, "%s", delimiter) + } +} + +func NewSockInet128(s SockInet128) *SockInet128 { + return &SockInet128{ + Family: s.Family, + Lport: s.Lport, + Addr6: s.Addr6, + } +} + +func (s *SockInet128) GetType() uint8 { + return AUT_SOCKINET128 +} + +func (s *SockInet128) LoadFromBinary(rdr *bufio.Reader) error { + err := binary.Read(rdr, binary.BigEndian, &s.Family) + if err != nil { + return fmt.Errorf("Unable to read SockInet128.Family: %v", err) + } + + err = binary.Read(rdr, binary.BigEndian, &s.Lport) + if err != nil { + return fmt.Errorf("Unable to read SockInet128.Lport: %v", err) + } + + err = binary.Read(rdr, binary.BigEndian, &s.Addr6) + if err != nil { + return fmt.Errorf("Unable to read SockInet128.Addr6: %v", err) + } + + return nil +} + +func (s *SockInet128) Print(file *os.File, delimiter string, flags int) { + fmt.Fprintf(file, "socket-inet6%s%v%s%v%s%s", delimiter, s.Family, delimiter, s.Lport, delimiter, PrintIpv6FromInt(s.Addr6)) + if 0 == (flags & PRT_ONELINE) { + fmt.Fprintf(file, "\n") + } else { + fmt.Fprintf(file, "%s", delimiter) + } +} + +func NewSockUnix(s SockUnix) *SockUnix { + return &SockUnix{ + Family: s.Family, + Path: s.Path, + } +} + +func (s *SockUnix) GetType() uint8 { + return AUT_SOCKUNIX +} + +func (s *SockUnix) LoadFromBinary(rdr *bufio.Reader) error { + err := binary.Read(rdr, binary.BigEndian, &s.Family) + if err != nil { + return fmt.Errorf("Unable to read SockUnix.Family: %v", err) + } + + // Search for null terminating byte + arg, err := rdr.ReadBytes((byte)(0x00)) + if err != nil { + return fmt.Errorf("Error searching for null terminated SockUnix.Path: %v", err) + } + s.Path = arg[:len(arg)-1] + + return nil +} + +func (s *SockUnix) Print(file *os.File, delimiter string, flags int) { + fmt.Fprintf(file, "socket-unix%s%v%s%s", delimiter, s.Family, delimiter, string(s.Path)) + if 0 == (flags & PRT_ONELINE) { + fmt.Fprintf(file, "\n") + } else { + fmt.Fprintf(file, "%s", delimiter) + } +} + func NewExit(e Exit) *Exit { return &Exit{ - Status: e.Status, - Ret: e.Ret, + Status: e.Status, + Ret: e.Ret, } } @@ -1586,10 +2054,14 @@ func (e *Exit) GetType() uint8 { func (e *Exit) LoadFromBinary(rdr *bufio.Reader) error { err := binary.Read(rdr, binary.BigEndian, &e.Status) - if err != nil { return fmt.Errorf("Unable to read Exit.Status: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Exit.Status: %v", err) + } err = binary.Read(rdr, binary.BigEndian, &e.Ret) - if err != nil { return fmt.Errorf("Unable to read Exit.Ret: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Exit.Ret: %v", err) + } return nil } @@ -1605,8 +2077,8 @@ func (e *Exit) Print(file *os.File, delimiter string, flags int) { func NewText(t Text) *Text { return &Text{ - Length: t.Length, - Text: t.Text, + Length: t.Length, + Text: t.Text, } } @@ -1616,12 +2088,15 @@ func (t *Text) GetType() uint8 { func (t *Text) LoadFromBinary(rdr *bufio.Reader) error { err := binary.Read(rdr, binary.BigEndian, &t.Length) - if err != nil { return fmt.Errorf("Unable to read Text.Length: %v", err) } - + if err != nil { + return fmt.Errorf("Unable to read Text.Length: %v", err) + } text := make([]byte, t.Length) err = binary.Read(rdr, binary.BigEndian, &text) - if err != nil { return fmt.Errorf("Unable to read Text.Text: %v", err) } + if err != nil { + return fmt.Errorf("Unable to read Text.Text: %v", err) + } t.Text = text[:len(text)-1] return nil @@ -1648,99 +2123,160 @@ func readRecordToStruct(reader *bufio.Reader) (Record, error) { return rec, err } - switch (int8)(hdr[0]) { - case AUT_HEADER32: - var h Header32 - err := h.LoadFromBinary(reader) - if err != nil { return rec, fmt.Errorf("Unable to read: %v", err) } - return NewHeader32(h), nil - case AUT_EXEC_ARGS: - var e ExecArg - err := e.LoadFromBinary(reader) - if err != nil { return rec, fmt.Errorf("Unable to read: %v", err) } - return NewExecArg(e), nil - case AUT_PATH: - var p Path - err := p.LoadFromBinary(reader) - if err != nil { return rec, fmt.Errorf("Unable to read: %v", err) } - return NewPath(p), nil - case AUT_ATTR32: - var a Attribute32 - err := a.LoadFromBinary(reader) - if err != nil { return rec, fmt.Errorf("Unable to read: %v", err) } - return NewAttribute32(a), nil - case AUT_ATTR64: - var a Attribute64 - err := a.LoadFromBinary(reader) - if err != nil { return rec, fmt.Errorf("Unable to read: %v", err) } - return NewAttribute64(a), nil - case AUT_SUBJECT32: - var s Subject32 - err := s.LoadFromBinary(reader) - if err != nil { return rec, fmt.Errorf("Unable to read: %v", err) } - return NewSubject32(s), nil - case AUT_SUBJECT32_EX: - var s Subject32Ex - err := s.LoadFromBinary(reader) - if err != nil { return rec, fmt.Errorf("Unable to read: %v", err) } - return NewSubject32Ex(s), nil - case AUT_RETURN32: - var r Return32 - err := r.LoadFromBinary(reader) - if err != nil { return rec, fmt.Errorf("Unable to read: %v", err) } - return NewReturn32(r), nil - case AUT_TRAILER: - var t Trailer - err := t.LoadFromBinary(reader) - if err != nil { return rec, fmt.Errorf("Unable to read: %v", err) } - return NewTrailer(t), nil - case AUT_ARG32: - var a Arg32 - err := a.LoadFromBinary(reader) - if err != nil { return rec, fmt.Errorf("Unable to read: %v", err) } - return NewArg32(a), nil - case AUT_ARG64: - var a Arg64 - err := a.LoadFromBinary(reader) - if err != nil { return rec, fmt.Errorf("Unable to read: %v", err) } - return NewArg64(a), nil - case AUT_EXIT: - var e Exit - err := e.LoadFromBinary(reader) - if err != nil { return rec, fmt.Errorf("Unable to read: %v", err) } - return NewExit(e), nil - case AUT_PROCESS32: - var p Process32 - err := p.LoadFromBinary(reader) - if err != nil { return rec, fmt.Errorf("Unable to read: %v", err) } - return NewProcess32(p), nil - case AUT_PROCESS32_EX: - var p Process32Ex - err := p.LoadFromBinary(reader) - if err != nil { return rec, fmt.Errorf("Unable to read: %v", err) } - return NewProcess32Ex(p), nil - case AUT_PROCESS64: - var p Process64 - err := p.LoadFromBinary(reader) - if err != nil { return rec, fmt.Errorf("Unable to read: %v", err) } - return NewProcess64(p), nil - case AUT_PROCESS64_EX: - var p Process64Ex - err := p.LoadFromBinary(reader) - if err != nil { return rec, fmt.Errorf("Unable to read: %v", err) } - return NewProcess64Ex(p), nil - case AUT_TEXT: - var t Text - err := t.LoadFromBinary(reader) - if err != nil { return rec, fmt.Errorf("Unable to read: %v", err) } - return NewText(t), nil + switch (uint8)(hdr[0]) { + case AUT_HEADER32: + var h Header32 + err := h.LoadFromBinary(reader) + if err != nil { + return rec, fmt.Errorf("Unable to read: %v", err) + } + return NewHeader32(h), nil + case AUT_EXEC_ARGS: + var e ExecArg + err := e.LoadFromBinary(reader) + if err != nil { + return rec, fmt.Errorf("Unable to read: %v", err) + } + return NewExecArg(e), nil + case AUT_PATH: + var p Path + err := p.LoadFromBinary(reader) + if err != nil { + return rec, fmt.Errorf("Unable to read: %v", err) + } + return NewPath(p), nil + case AUT_ATTR32: + var a Attribute32 + err := a.LoadFromBinary(reader) + if err != nil { + return rec, fmt.Errorf("Unable to read: %v", err) + } + return NewAttribute32(a), nil + case AUT_ATTR64: + var a Attribute64 + err := a.LoadFromBinary(reader) + if err != nil { + return rec, fmt.Errorf("Unable to read: %v", err) + } + return NewAttribute64(a), nil + case AUT_SUBJECT32: + var s Subject32 + err := s.LoadFromBinary(reader) + if err != nil { + return rec, fmt.Errorf("Unable to read: %v", err) + } + return NewSubject32(s), nil + case AUT_SUBJECT32_EX: + var s Subject32Ex + err := s.LoadFromBinary(reader) + if err != nil { + return rec, fmt.Errorf("Unable to read: %v", err) + } + return NewSubject32Ex(s), nil + case AUT_RETURN32: + var r Return32 + err := r.LoadFromBinary(reader) + if err != nil { + return rec, fmt.Errorf("Unable to read: %v", err) + } + return NewReturn32(r), nil + case AUT_TRAILER: + var t Trailer + err := t.LoadFromBinary(reader) + if err != nil { + return rec, fmt.Errorf("Unable to read: %v", err) + } + return NewTrailer(t), nil + case AUT_ARG32: + var a Arg32 + err := a.LoadFromBinary(reader) + if err != nil { + return rec, fmt.Errorf("Unable to read: %v", err) + } + return NewArg32(a), nil + case AUT_ARG64: + var a Arg64 + err := a.LoadFromBinary(reader) + if err != nil { + return rec, fmt.Errorf("Unable to read: %v", err) + } + return NewArg64(a), nil + case AUT_EXIT: + var e Exit + err := e.LoadFromBinary(reader) + if err != nil { + return rec, fmt.Errorf("Unable to read: %v", err) + } + return NewExit(e), nil + case AUT_PROCESS32: + var p Process32 + err := p.LoadFromBinary(reader) + if err != nil { + return rec, fmt.Errorf("Unable to read: %v", err) + } + return NewProcess32(p), nil + case AUT_PROCESS32_EX: + var p Process32Ex + err := p.LoadFromBinary(reader) + if err != nil { + return rec, fmt.Errorf("Unable to read: %v", err) + } + return NewProcess32Ex(p), nil + case AUT_PROCESS64: + var p Process64 + err := p.LoadFromBinary(reader) + if err != nil { + return rec, fmt.Errorf("Unable to read: %v", err) + } + return NewProcess64(p), nil + case AUT_PROCESS64_EX: + var p Process64Ex + err := p.LoadFromBinary(reader) + if err != nil { + return rec, fmt.Errorf("Unable to read: %v", err) + } + return NewProcess64Ex(p), nil + case AUT_TEXT: + var t Text + err := t.LoadFromBinary(reader) + if err != nil { + return rec, fmt.Errorf("Unable to read: %v", err) + } + return NewText(t), nil + case AUT_SOCKET_EX: + var s SocketEx + err := s.LoadFromBinary(reader) + if err != nil { + return rec, fmt.Errorf("Unable to read: %v", err) + } + return NewSocketEx(s), nil + case AUT_SOCKINET32: + var s SockInet32 + err := s.LoadFromBinary(reader) + if err != nil { + return rec, fmt.Errorf("Unable to read: %v", err) + } + return NewSockInet32(s), nil + case AUT_SOCKINET128: + var s SockInet128 + err := s.LoadFromBinary(reader) + if err != nil { + return rec, fmt.Errorf("Unable to read: %v", err) + } + return NewSockInet128(s), nil + case AUT_SOCKUNIX: + var s SockUnix + err := s.LoadFromBinary(reader) + if err != nil { + return rec, fmt.Errorf("Unable to read: %v", err) + } + return NewSockUnix(s), nil } return rec, fmt.Errorf("Event type not supported: 0x%x", hdr[0]) } - -/* Implementation of +/* Implementation of int au_read_rec(FILE *fp, u_char **buf) source: https://github.com/freebsd/freebsd-src/blob/main/contrib/openbsm/libbsm/bsm_io.c @@ -1757,96 +2293,94 @@ func readRecord(file *os.File) ([]byte, error) { //switch hdr.(int8) { switch (int8)(hdr[0]) { - case AUT_HEADER32, AUT_HEADER32_EX, AUT_HEADER64, AUT_HEADER64_EX: - err := binary.Read(file, binary.BigEndian, &recSize) - if err != nil { - return hdr, fmt.Errorf("Unable to read file") - } + case AUT_HEADER32, AUT_HEADER32_EX, AUT_HEADER64, AUT_HEADER64_EX: + err := binary.Read(file, binary.BigEndian, &recSize) + if err != nil { + return hdr, fmt.Errorf("Unable to read file") + } - /* Check for recsize sanity: We already read 32 bits + 8 bits */ - if recSize < (4 + 1) { - return hdr, fmt.Errorf("Record size is corrupted: %d", recSize) - } + /* Check for recsize sanity: We already read 32 bits + 8 bits */ + if recSize < (4 + 1) { + return hdr, fmt.Errorf("Record size is corrupted: %d", recSize) + } - /* store the token contents already read, back to the buffer*/ - data := make([]byte, 0) - buf = bytes.NewBuffer(data) - err = binary.Write(buf, binary.BigEndian, (int8)(hdr[0])) - if err != nil { - return hdr, fmt.Errorf("Unable to concatenate header to data") - } - err = binary.Write(buf, binary.BigEndian, recSize) - if err != nil { - return hdr, fmt.Errorf("Unable to concatenate recordsize to existing data") - } + /* store the token contents already read, back to the buffer*/ + data := make([]byte, 0) + buf = bytes.NewBuffer(data) + err = binary.Write(buf, binary.BigEndian, (int8)(hdr[0])) + if err != nil { + return hdr, fmt.Errorf("Unable to concatenate header to data") + } + err = binary.Write(buf, binary.BigEndian, recSize) + if err != nil { + return hdr, fmt.Errorf("Unable to concatenate recordsize to existing data") + } - /* now read remaining record bytes */ - remainSize := recSize - (4 + 1) - remain := make([]byte, remainSize) - n, err = file.Read(remain) - if err != nil || (int32)(n) < remainSize { - return hdr, fmt.Errorf("Unable to read data from file") - } - n, err = buf.Write(remain) - if err != nil { - return hdr, fmt.Errorf("Unable to write data to buffer") - } + /* now read remaining record bytes */ + remainSize := recSize - (4 + 1) + remain := make([]byte, remainSize) + n, err = file.Read(remain) + if err != nil || (int32)(n) < remainSize { + return hdr, fmt.Errorf("Unable to read data from file") + } + n, err = buf.Write(remain) + if err != nil { + return hdr, fmt.Errorf("Unable to write data to buffer") + } - case AUT_OTHER_FILE32: - var sec int32 - var msec int32 - var filenamelen int16 + case AUT_OTHER_FILE32: + var sec int32 + var msec int32 + var filenamelen int16 - err := binary.Read(file, binary.BigEndian, &sec) - if err != nil { - return hdr, fmt.Errorf("Unable to read file") - } - err = binary.Read(file, binary.BigEndian, &msec) - if err != nil { - return hdr, fmt.Errorf("Unable to read file") - } - err = binary.Read(file, binary.BigEndian, &filenamelen) - if err != nil { - return hdr, fmt.Errorf("Unable to read file") - } - - recSize = 1 + 4 + 4 + 2 + int32(filenamelen) - data := make([]byte, 0) - buf = bytes.NewBuffer(data) + err := binary.Read(file, binary.BigEndian, &sec) + if err != nil { + return hdr, fmt.Errorf("Unable to read file") + } + err = binary.Read(file, binary.BigEndian, &msec) + if err != nil { + return hdr, fmt.Errorf("Unable to read file") + } + err = binary.Read(file, binary.BigEndian, &filenamelen) + if err != nil { + return hdr, fmt.Errorf("Unable to read file") + } - /* store the token contents already read, back to the buffer*/ - err = binary.Write(buf, binary.BigEndian, (int8)(hdr[0])) - if err != nil { - return hdr, fmt.Errorf("Unable to concatenate header to data") - } - err = binary.Write(buf, binary.BigEndian, sec) - if err != nil { - return hdr, fmt.Errorf("Unable to concatenate sec to data") - } - err = binary.Write(buf, binary.BigEndian, msec) - if err != nil { - return hdr, fmt.Errorf("Unable to concatenate msec to data") - } - err = binary.Write(buf, binary.BigEndian, filenamelen) - if err != nil { - return hdr, fmt.Errorf("Unable to concatenate filenamelen to data") - } - - filename := make([]byte, filenamelen) - n, err = file.Read(filename) - if err != nil || n < int(filenamelen) { - return hdr, fmt.Errorf("Unable to read filename from file") - } - n, err = buf.Write(filename) - if err != nil { - return hdr, fmt.Errorf("Unable to concatenate filename to buffer") - } - - default: - return hdr, fmt.Errorf("Record type not implemented: %v", hdr) + recSize = 1 + 4 + 4 + 2 + int32(filenamelen) + data := make([]byte, 0) + buf = bytes.NewBuffer(data) + + /* store the token contents already read, back to the buffer*/ + err = binary.Write(buf, binary.BigEndian, (int8)(hdr[0])) + if err != nil { + return hdr, fmt.Errorf("Unable to concatenate header to data") + } + err = binary.Write(buf, binary.BigEndian, sec) + if err != nil { + return hdr, fmt.Errorf("Unable to concatenate sec to data") + } + err = binary.Write(buf, binary.BigEndian, msec) + if err != nil { + return hdr, fmt.Errorf("Unable to concatenate msec to data") + } + err = binary.Write(buf, binary.BigEndian, filenamelen) + if err != nil { + return hdr, fmt.Errorf("Unable to concatenate filenamelen to data") + } + + filename := make([]byte, filenamelen) + n, err = file.Read(filename) + if err != nil || n < int(filenamelen) { + return hdr, fmt.Errorf("Unable to read filename from file") + } + n, err = buf.Write(filename) + if err != nil { + return hdr, fmt.Errorf("Unable to concatenate filename to buffer") + } + + default: + return hdr, fmt.Errorf("Record type not implemented: %v", hdr) } return buf.Bytes(), nil } - -