yo/libbsm
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Code formatting

Browse Source
This commit is contained in:
yo
2022-07-01 17:15:54 +02:00
parent 8d87cc12c4
commit dcecaf6c62
1 changed files with 192 additions and 193 deletions
Download Patch File Download Diff File Expand all files Collapse all files

385
libbsm.go
View File

@ -31,110 +31,109 @@ import (
)
const (
// bsm/libbsm.h
AUDIT_MAX_ARGS = 128
AUDIT_EVENT_FILE = "/etc/security/audit_event"
// bsm/libbsm.h
AUDIT_MAX_ARGS = 128
AUDIT_EVENT_FILE = "/etc/security/audit_event"
// sys/bsm/audit.h
MAXAUDITDATA = (0x8000 - 1)
MAX_AUDIT_RECORD_SIZE = MAXAUDITDATA
// sys/bsm/audit.h
MAXAUDITDATA = (0x8000 - 1)
MAX_AUDIT_RECORD_SIZE = MAXAUDITDATA
// Max length for a Path (AUT_PATH) or an arg (AUT_EXEC_ARGS)
MAX_AUDIT_ARG_LENGTH = 1024
// Max length for a Path (AUT_PATH) or an arg (AUT_EXEC_ARGS)
MAX_AUDIT_ARG_LENGTH = 1024
/*
* Token type identifiers.
From https://github.com/freebsd/freebsd-src/blob/main/contrib/openbsm/sys/bsm/audit_record.h
*/
AUT_INVALID = 0x00
AUT_OTHER_FILE32 = 0x11
AUT_OHEADER = 0x12
AUT_TRAILER = 0x13
AUT_HEADER32 = 0x14
AUT_HEADER32_EX = 0x15
AUT_DATA = 0x21
AUT_IPC = 0x22
AUT_PATH = 0x23
AUT_SUBJECT32 = 0x24
AUT_XATPATH = 0x25
AUT_PROCESS32 = 0x26
AUT_RETURN32 = 0x27
AUT_TEXT = 0x28
AUT_OPAQUE = 0x29
AUT_IN_ADDR = 0x2a
AUT_IP = 0x2b
AUT_IPORT = 0x2c
AUT_ARG32 = 0x2d
AUT_SOCKET = 0x2e
AUT_SEQ = 0x2f
AUT_ACL = 0x30
AUT_ATTR = 0x31
AUT_IPC_PERM = 0x32
AUT_LABEL = 0x33
AUT_GROUPS = 0x34
AUT_ACE = 0x35
AUT_PRIV = 0x38
AUT_UPRIV = 0x39
AUT_LIAISON = 0x3a
AUT_NEWGROUPS = 0x3b
AUT_EXEC_ARGS = 0x3c
AUT_EXEC_ENV = 0x3d
AUT_ATTR32 = 0x3e
AUT_UNAUTH = 0x3f
AUT_XATOM = 0x40
AUT_XOBJ = 0x41
AUT_XPROTO = 0x42
AUT_XSELECT = 0x43
AUT_XCOLORMAP = 0x44
AUT_XCURSOR = 0x45
AUT_XFONT = 0x46
AUT_XGC = 0x47
AUT_XPIXMAP = 0x48
AUT_XPROPERTY = 0x49
AUT_XWINDOW = 0x4a
AUT_XCLIENT = 0x4b
AUT_CMD = 0x51
AUT_EXIT = 0x52
AUT_ZONENAME = 0x60
AUT_HOST = 0x70
AUT_ARG64 = 0x71
AUT_RETURN64 = 0x72
AUT_ATTR64 = 0x73
AUT_HEADER64 = 0x74
AUT_SUBJECT64 = 0x75
AUT_PROCESS64 = 0x77
AUT_OTHER_FILE64 = 0x78
AUT_HEADER64_EX = 0x79
AUT_SUBJECT32_EX = 0x7a
AUT_PROCESS32_EX = 0x7b
AUT_SUBJECT64_EX = 0x7c
AUT_PROCESS64_EX = 0x7d
AUT_IN_ADDR_EX = 0x7e
AUT_SOCKET_EX = 0x7f
AUT_INVALID = 0x00
AUT_OTHER_FILE32 = 0x11
AUT_OHEADER = 0x12
AUT_TRAILER = 0x13
AUT_HEADER32 = 0x14
AUT_HEADER32_EX = 0x15
AUT_DATA = 0x21
AUT_IPC = 0x22
AUT_PATH = 0x23
AUT_SUBJECT32 = 0x24
AUT_XATPATH = 0x25
AUT_PROCESS32 = 0x26
AUT_RETURN32 = 0x27
AUT_TEXT = 0x28
AUT_OPAQUE = 0x29
AUT_IN_ADDR = 0x2a
AUT_IP = 0x2b
AUT_IPORT = 0x2c
AUT_ARG32 = 0x2d
AUT_SOCKET = 0x2e
AUT_SEQ = 0x2f
AUT_ACL = 0x30
AUT_ATTR = 0x31
AUT_IPC_PERM = 0x32
AUT_LABEL = 0x33
AUT_GROUPS = 0x34
AUT_ACE = 0x35
AUT_PRIV = 0x38
AUT_UPRIV = 0x39
AUT_LIAISON = 0x3a
AUT_NEWGROUPS = 0x3b
AUT_EXEC_ARGS = 0x3c
AUT_EXEC_ENV = 0x3d
AUT_ATTR32 = 0x3e
AUT_UNAUTH = 0x3f
AUT_XATOM = 0x40
AUT_XOBJ = 0x41
AUT_XPROTO = 0x42
AUT_XSELECT = 0x43
AUT_XCOLORMAP = 0x44
AUT_XCURSOR = 0x45
AUT_XFONT = 0x46
AUT_XGC = 0x47
AUT_XPIXMAP = 0x48
AUT_XPROPERTY = 0x49
AUT_XWINDOW = 0x4a
AUT_XCLIENT = 0x4b
AUT_CMD = 0x51
AUT_EXIT = 0x52
AUT_ZONENAME = 0x60
AUT_HOST = 0x70
AUT_ARG64 = 0x71
AUT_RETURN64 = 0x72
AUT_ATTR64 = 0x73
AUT_HEADER64 = 0x74
AUT_SUBJECT64 = 0x75
AUT_PROCESS64 = 0x77
AUT_OTHER_FILE64 = 0x78
AUT_HEADER64_EX = 0x79
AUT_SUBJECT32_EX = 0x7a
AUT_PROCESS32_EX = 0x7b
AUT_SUBJECT64_EX = 0x7c
AUT_PROCESS64_EX = 0x7d
AUT_IN_ADDR_EX = 0x7e
AUT_SOCKET_EX = 0x7f
// Display control
PRT_ONELINE = 1
PRT_NORESOLVE_USER = 2
PRT_TIMESTAMP = 4
// Display control
PRT_ONELINE = 1
PRT_NORESOLVE_USER = 2
PRT_TIMESTAMP = 4
)
var (
// A global user/uid cache
gUsers []user
// A global group/gid cache
gGroups []group
// Cache of audit_event file
gEventDB []event
// A global user/uid cache
gUsers []user
// A global group/gid cache
gGroups []group
// Cache of audit_event file
gEventDB []event
)
type event struct {
Type int
Name string
Desc string
Class string
Type int
Name string
Desc string
Class string
}
@ -142,67 +141,67 @@ type event struct {
// Abstraction of a record
type Record interface {
GetType() uint8
// Length()
LoadFromBinary(rdr *bufio.Reader) error
Print(*os.File, string, int)
GetType() uint8
//Length()
LoadFromBinary(rdr *bufio.Reader) error
Print(*os.File, string, int)
}
type Header32 struct {
Size uint32 // Record byte count
Version uint8 // version # (uchar)
E_type uint16 // Event type
E_mod uint16 // Event modifier
S uint32 // Seconds of time
Msec uint32 // Milliseconds of time
Size uint32 // Record byte count
Version uint8 // version # (uchar)
E_type uint16 // Event type
E_mod uint16 // Event modifier
S uint32 // Seconds of time
Msec uint32 // Milliseconds of time
}
type Header32Ex struct {
Size uint32 // Record byte count
Version uint8 // version # (uchar)
E_type uint16 // Event type
E_mod uint16 // Event modifier
Ad_type uint32 // Address type/Length
Addr [4]uint32 // Ipv4 or IPv6
S uint32 // Seconds of time
Msec uint32 // Milliseconds of time
Size uint32 // Record byte count
Version uint8 // version # (uchar)
E_type uint16 // Event type
E_mod uint16 // Event modifier
Ad_type uint32 // Address type/Length
Addr [4]uint32 // Ipv4 or IPv6
S uint32 // Seconds of time
Msec uint32 // Milliseconds of time
}
type Trailer struct {
Magic uint16
Count uint32
Magic uint16
Count uint32
}
type Arg32 struct {
No byte // Argument #
Val uint32 // Argument value
Length uint16 // Text length
Text []byte // Text
No byte // Argument #
Val uint32 // Argument value
Length uint16 // Text length
Text []byte // Text
}
type Arg64 struct {
No byte // Argument #
Val uint64 // Argument value
Length uint16 // Text length
Text []byte // Text
No byte // Argument #
Val uint64 // Argument value
Length uint16 // Text length
Text []byte // Text
}
type Attribute32 struct {
Mode uint32 // file access mode
Uid uint32 // Owner user ID
Gid uint32 // Owner group ID
Fsid uint32 // File system ID
Nid uint64 // Node ID
Dev uint32 // Device
Mode uint32 // file access mode
Uid uint32 // Owner user ID
Gid uint32 // Owner group ID
Fsid uint32 // File system ID
Nid uint64 // Node ID
Dev uint32 // Device
}
type Attribute64 struct {
Mode uint32 // file access mode
Uid uint32 // Owner user ID
Gid uint32 // Owner group ID
Fsid uint32 // File system ID
Nid uint64 // Node ID
Dev uint64 // Device
Mode uint32 // file access mode
Uid uint32 // Owner user ID
Gid uint32 // Owner group ID
Fsid uint32 // File system ID
Nid uint64 // Node ID
Dev uint64 // Device
}
/*
@ -210,128 +209,128 @@ type Attribute64 struct {
* text count null-terminated string(s)
*/
type ExecArg struct {
Count uint32
//Text [AUDIT_MAX_ARGS][]byte
Text [][]byte
Count uint32
//Text [AUDIT_MAX_ARGS][]byte
Text [][]byte
}
type Path struct {
Length uint16 // path length
Path []byte
Length uint16 // path length
Path []byte
}
type Return32 struct {
Status byte // Error status
Ret uint32 // Return code
Status byte // Error status
Ret uint32 // Return code
}
type Return64 struct {
Status byte // Error status
Ret uint64 // Return code
Status byte // Error status
Ret uint64 // Return code
}
type Subject32 struct {
Auid uint32 // Audit ID
Euid uint32 // Effective user ID
Egid uint32 // Effective Group ID
Ruid uint32 // Real User ID
Rgid uint32 // Real Group ID
Pid uint32 // Process ID
Sid uint32 // Session ID
Tid Tid32
Auid uint32 // Audit ID
Euid uint32 // Effective user ID
Egid uint32 // Effective Group ID
Ruid uint32 // Real User ID
Rgid uint32 // Real Group ID
Pid uint32 // Process ID
Sid uint32 // Session ID
Tid Tid32
}
type Process32 Subject32
type Subject32Ex struct {
Auid uint32 // Audit ID
Euid uint32 // Effective user ID
Egid uint32 // Effective Group ID
Ruid uint32 // Real User ID
Rgid uint32 // Real Group ID
Pid uint32 // Process ID
Sid uint32 // Session ID
Tid Tid32Ex
Auid uint32 // Audit ID
Euid uint32 // Effective user ID
Egid uint32 // Effective Group ID
Ruid uint32 // Real User ID
Rgid uint32 // Real Group ID
Pid uint32 // Process ID
Sid uint32 // Session ID
Tid Tid32Ex
}
type Process32Ex Subject32Ex
type Tid32 struct {
Port uint32
IpVers uint32 // 0x10 = IPv6
Addr uint32
Port uint32
IpVers uint32 // 0x10 = IPv6
Addr uint32
}
type Tid32Ex struct {
Port uint32
Ttype uint32
IpVers uint32 // 0x10 = IPv6, 0x04 = IPv4
Addr4 uint32 // 4 bytes long if IpVers == 0x04
Addr6 [4]uint32 // 4x4 bytes long if IpVers == 0x10
Port uint32
Ttype uint32
IpVers uint32 // 0x10 = IPv6, 0x04 = IPv4
Addr4 uint32 // 4 bytes long if IpVers == 0x04
Addr6 [4]uint32 // 4x4 bytes long if IpVers == 0x10
}
type Subject64 struct {
Auid uint32 // Audit ID
Euid uint32 // Effective user ID
Egid uint32 // Effective Group ID
Ruid uint32 // Real User ID
Rgid uint32 // Real Group ID
Pid uint32 // Process ID
Sid uint32 // Session ID
Tid Tid64
Auid uint32 // Audit ID
Euid uint32 // Effective user ID
Egid uint32 // Effective Group ID
Ruid uint32 // Real User ID
Rgid uint32 // Real Group ID
Pid uint32 // Process ID
Sid uint32 // Session ID
Tid Tid64
}
type Process64 Subject64
type Subject64Ex struct {
Auid uint32 // Audit ID
Euid uint32 // Effective user ID
Egid uint32 // Effective Group ID
Ruid uint32 // Real User ID
Rgid uint32 // Real Group ID
Pid uint32 // Process ID
Sid uint32 // Session ID
Tid Tid64Ex
Auid uint32 // Audit ID
Euid uint32 // Effective user ID
Egid uint32 // Effective Group ID
Ruid uint32 // Real User ID
Rgid uint32 // Real Group ID
Pid uint32 // Process ID
Sid uint32 // Session ID
Tid Tid64Ex
}
type Process64Ex Subject64Ex
type Tid64 struct {
Port uint64
IpVers uint32
Addr uint32
Port uint64
IpVers uint32
Addr uint32
}
type Tid64Ex struct {
Port uint64
Ttype uint32
IpVers uint32 // 0x10 = IPv6, 0x04 = IPv4
Addr4 uint32
Addr6 [4]uint32
Port uint64
Ttype uint32
IpVers uint32 // 0x10 = IPv6, 0x04 = IPv4
Addr4 uint32
Addr6 [4]uint32
}
type Exit struct {
Status uint32
Ret uint32
Status uint32
Ret uint32
}
type Text struct {
Length uint16
Text []byte
Length uint16
Text []byte
}
/* Utilities */
// users ID for resolution
type user struct {
uid uint32
name string
uid uint32
name string
}
// groups ID for resolution
type group struct {
gid uint32
name string
gid uint32
name string
}
/* Utilities */