Compare commits
2 Commits
4b06c3064b
...
079361c8cd
Author | SHA1 | Date | |
---|---|---|---|
079361c8cd | |||
811d2c40d4 |
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
||||
./20211228134923.20211228151348
|
||||
tmpwrk
|
||||
|
50
libbsm.go
50
libbsm.go
@ -367,6 +367,11 @@ type Text struct {
|
||||
Text []byte
|
||||
}
|
||||
|
||||
type ZoneName struct {
|
||||
Length uint16 `json:"length"` // zone name length
|
||||
Zone []byte `json:"zone"`
|
||||
}
|
||||
|
||||
/* Utilities */
|
||||
// users ID for resolution
|
||||
type user struct {
|
||||
@ -2111,6 +2116,44 @@ func (t *Text) Print(file *os.File, delimiter string, flags int) {
|
||||
}
|
||||
}
|
||||
|
||||
func NewZoneName(z ZoneName) *ZoneName {
|
||||
return &ZoneName{
|
||||
Length: z.Length,
|
||||
Zone: z.Zone,
|
||||
}
|
||||
}
|
||||
|
||||
func (z *ZoneName) GetType() uint8 {
|
||||
return AUT_ZONENAME
|
||||
}
|
||||
|
||||
func (z *ZoneName) LoadFromBinary(rdr *bufio.Reader) error {
|
||||
err := binary.Read(rdr, binary.BigEndian, &z.Length)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Unable to read ZoneName.Length: %v", err)
|
||||
}
|
||||
|
||||
zone := make([]byte, z.Length)
|
||||
err = binary.Read(rdr, binary.BigEndian, &zone)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Unable to read ZoneName.Zone: %v", err)
|
||||
}
|
||||
z.Zone = zone[:len(zone)-1]
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (z *ZoneName) Print(file *os.File, delimiter string, flags int) {
|
||||
fmt.Fprintf(file, "zone%s%s", delimiter, z.Zone)
|
||||
if 0 == (flags & PRT_ONELINE) {
|
||||
fmt.Fprintf(file, "\n")
|
||||
} else {
|
||||
fmt.Fprintf(file, "%s", delimiter)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// From sys/bsm/audit_record.h
|
||||
func readRecordToStruct(reader *bufio.Reader) (Record, error) {
|
||||
var rec Record
|
||||
|
||||
@ -2271,6 +2314,13 @@ func readRecordToStruct(reader *bufio.Reader) (Record, error) {
|
||||
return rec, fmt.Errorf("Unable to read: %v", err)
|
||||
}
|
||||
return NewSockUnix(s), nil
|
||||
case AUT_ZONENAME:
|
||||
var z ZoneName
|
||||
err := z.LoadFromBinary(reader)
|
||||
if err != nil {
|
||||
return rec, fmt.Errorf("Unable to read: %v", err)
|
||||
}
|
||||
return NewZoneName(z), nil
|
||||
}
|
||||
|
||||
return rec, fmt.Errorf("Event type not supported: 0x%x", hdr[0])
|
||||
|
Loading…
Reference in New Issue
Block a user