Compare commits

...

2 Commits

Author SHA1 Message Date
yo
079361c8cd Add support for zone name 2023-09-10 09:32:45 +02:00
yo
811d2c40d4 temporary work dir 2023-09-10 09:32:29 +02:00
2 changed files with 51 additions and 0 deletions

1
.gitignore vendored
View File

@ -1 +1,2 @@
./20211228134923.20211228151348
tmpwrk

View File

@ -367,6 +367,11 @@ type Text struct {
Text []byte
}
type ZoneName struct {
Length uint16 `json:"length"` // zone name length
Zone []byte `json:"zone"`
}
/* Utilities */
// users ID for resolution
type user struct {
@ -2111,6 +2116,44 @@ func (t *Text) Print(file *os.File, delimiter string, flags int) {
}
}
func NewZoneName(z ZoneName) *ZoneName {
return &ZoneName{
Length: z.Length,
Zone: z.Zone,
}
}
func (z *ZoneName) GetType() uint8 {
return AUT_ZONENAME
}
func (z *ZoneName) LoadFromBinary(rdr *bufio.Reader) error {
err := binary.Read(rdr, binary.BigEndian, &z.Length)
if err != nil {
return fmt.Errorf("Unable to read ZoneName.Length: %v", err)
}
zone := make([]byte, z.Length)
err = binary.Read(rdr, binary.BigEndian, &zone)
if err != nil {
return fmt.Errorf("Unable to read ZoneName.Zone: %v", err)
}
z.Zone = zone[:len(zone)-1]
return nil
}
func (z *ZoneName) Print(file *os.File, delimiter string, flags int) {
fmt.Fprintf(file, "zone%s%s", delimiter, z.Zone)
if 0 == (flags & PRT_ONELINE) {
fmt.Fprintf(file, "\n")
} else {
fmt.Fprintf(file, "%s", delimiter)
}
}
// From sys/bsm/audit_record.h
func readRecordToStruct(reader *bufio.Reader) (Record, error) {
var rec Record
@ -2271,6 +2314,13 @@ func readRecordToStruct(reader *bufio.Reader) (Record, error) {
return rec, fmt.Errorf("Unable to read: %v", err)
}
return NewSockUnix(s), nil
case AUT_ZONENAME:
var z ZoneName
err := z.LoadFromBinary(reader)
if err != nil {
return rec, fmt.Errorf("Unable to read: %v", err)
}
return NewZoneName(z), nil
}
return rec, fmt.Errorf("Event type not supported: 0x%x", hdr[0])