Compare commits
No commits in common. "501b371936e9829e4aa5b6c7f973c93ed58776a5" and "bf76779fb5752422d60d04cb2b62ba3fbae5df13" have entirely different histories.
501b371936
...
bf76779fb5
164
libbsm.go
164
libbsm.go
@ -225,9 +225,8 @@ type Tid32 struct {
|
|||||||
type Tid32Ex struct {
|
type Tid32Ex struct {
|
||||||
Port uint32
|
Port uint32
|
||||||
Ttype uint32
|
Ttype uint32
|
||||||
IpVers uint32 // 0x10 = IPv6, 0x04 = IPv4
|
IpVers uint32 // 0x10 = IPv6
|
||||||
Addr4 uint32 // 4 bytes long if IpVers == 0x04
|
Addr [4]uint32 // 4 bytes long if IpVers == 0x10, 1 byte long if IpVers == 4
|
||||||
Addr6 [4]uint32 // 4x4 bytes long if IpVers == 0x10
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type Subject64 struct {
|
type Subject64 struct {
|
||||||
@ -265,9 +264,8 @@ type Tid64 struct {
|
|||||||
type Tid64Ex struct {
|
type Tid64Ex struct {
|
||||||
Port uint64
|
Port uint64
|
||||||
Ttype uint32
|
Ttype uint32
|
||||||
IpVers uint32 // 0x10 = IPv6, 0x04 = IPv4
|
IpVers uint32 // 0x10 = IPv6
|
||||||
Addr4 uint32
|
Addr [4]uint32
|
||||||
Addr6 [4]uint32
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type Exit struct {
|
type Exit struct {
|
||||||
@ -275,12 +273,6 @@ type Exit struct {
|
|||||||
Ret uint32
|
Ret uint32
|
||||||
}
|
}
|
||||||
|
|
||||||
type Text struct {
|
|
||||||
Length uint16
|
|
||||||
Text []byte
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/* Utilities */
|
/* Utilities */
|
||||||
func PrintIpv6FromInt(ipv6int [4]uint32) string {
|
func PrintIpv6FromInt(ipv6int [4]uint32) string {
|
||||||
//return fmt.Sprintf("%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x",
|
//return fmt.Sprintf("%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x",
|
||||||
@ -704,36 +696,16 @@ func (s *Subject32Ex) LoadFromBinary(file *os.File) error {
|
|||||||
err = binary.Read(file, binary.BigEndian, &s.Sid)
|
err = binary.Read(file, binary.BigEndian, &s.Sid)
|
||||||
if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Sid from file: %v", err) }
|
if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Sid from file: %v", err) }
|
||||||
|
|
||||||
err = binary.Read(file, binary.BigEndian, &s.Tid.Port)
|
err = binary.Read(file, binary.BigEndian, &s.Tid)
|
||||||
if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid.Port from file: %v", err) }
|
if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid from file: %v", err) }
|
||||||
|
|
||||||
err = binary.Read(file, binary.BigEndian, &s.Tid.Ttype)
|
|
||||||
if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid.Ttype from file: %v", err) }
|
|
||||||
|
|
||||||
err = binary.Read(file, binary.BigEndian, &s.Tid.IpVers)
|
|
||||||
if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid.IpVers from file: %v", err) }
|
|
||||||
|
|
||||||
if s.Tid.IpVers == 0x10 {
|
|
||||||
err = binary.Read(file, binary.BigEndian, &s.Tid.Addr6)
|
|
||||||
if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid.Addr6 from file: %v", err) }
|
|
||||||
} else if s.Tid.IpVers == 0x04 {
|
|
||||||
err = binary.Read(file, binary.BigEndian, &s.Tid.Addr4)
|
|
||||||
if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid.Addr4 from file: %v", err) }
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Subject32Ex) Print(file *os.File, delimiter string, flags int) {
|
func (s *Subject32Ex) Print(file *os.File, delimiter string, flags int) {
|
||||||
if s.Tid.IpVers == 0x04 {
|
fmt.Fprintf(file, "subject_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, s.Euid,
|
||||||
fmt.Fprintf(file, "subject_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, s.Euid,
|
|
||||||
delimiter, s.Egid, delimiter, s.Ruid, delimiter, s.Rgid, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter,
|
delimiter, s.Egid, delimiter, s.Ruid, delimiter, s.Rgid, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter,
|
||||||
s.Tid.Ttype, delimiter, PrintIpv4FromInt(s.Tid.Addr4))
|
s.Tid.Ttype, delimiter, PrintIpv6FromInt(s.Tid.Addr))
|
||||||
} else {
|
|
||||||
fmt.Fprintf(file, "subject_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, s.Euid,
|
|
||||||
delimiter, s.Egid, delimiter, s.Ruid, delimiter, s.Rgid, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter,
|
|
||||||
s.Tid.Ttype, delimiter, PrintIpv6FromInt(s.Tid.Addr6))
|
|
||||||
}
|
|
||||||
if 0 == (flags & PRT_ONELINE) {
|
if 0 == (flags & PRT_ONELINE) {
|
||||||
fmt.Fprintf(file, "\n")
|
fmt.Fprintf(file, "\n")
|
||||||
}
|
}
|
||||||
@ -776,36 +748,16 @@ func (p *Process32Ex) LoadFromBinary(file *os.File) error {
|
|||||||
err = binary.Read(file, binary.BigEndian, &p.Sid)
|
err = binary.Read(file, binary.BigEndian, &p.Sid)
|
||||||
if err != nil { return fmt.Errorf("Unable to read Process32Ex.Sid from file: %v", err) }
|
if err != nil { return fmt.Errorf("Unable to read Process32Ex.Sid from file: %v", err) }
|
||||||
|
|
||||||
err = binary.Read(file, binary.BigEndian, &p.Tid.Port)
|
err = binary.Read(file, binary.BigEndian, &p.Tid)
|
||||||
if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid.Port from file: %v", err) }
|
if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid from file: %v", err) }
|
||||||
|
|
||||||
err = binary.Read(file, binary.BigEndian, &p.Tid.Ttype)
|
|
||||||
if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid.Ttype from file: %v", err) }
|
|
||||||
|
|
||||||
err = binary.Read(file, binary.BigEndian, &p.Tid.IpVers)
|
|
||||||
if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid.IpVers from file: %v", err) }
|
|
||||||
|
|
||||||
if p.Tid.IpVers == 0x10 {
|
|
||||||
err = binary.Read(file, binary.BigEndian, &p.Tid.Addr6)
|
|
||||||
if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid.Addr6 from file: %v", err) }
|
|
||||||
} else if p.Tid.IpVers == 0x04 {
|
|
||||||
err = binary.Read(file, binary.BigEndian, &p.Tid.Addr4)
|
|
||||||
if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid.Addr4 from file: %v", err) }
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *Process32Ex) Print(file *os.File, delimiter string, flags int) {
|
func (p *Process32Ex) Print(file *os.File, delimiter string, flags int) {
|
||||||
if p.Tid.IpVers == 0x04 {
|
fmt.Fprintf(file, "process_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, p.Euid,
|
||||||
fmt.Fprintf(file, "process_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, p.Euid,
|
|
||||||
delimiter, p.Egid, delimiter, p.Ruid, delimiter, p.Rgid, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter,
|
delimiter, p.Egid, delimiter, p.Ruid, delimiter, p.Rgid, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter,
|
||||||
p.Tid.Ttype, delimiter, PrintIpv4FromInt(p.Tid.Addr4))
|
p.Tid.Ttype, delimiter, PrintIpv6FromInt(p.Tid.Addr))
|
||||||
} else {
|
|
||||||
fmt.Fprintf(file, "process_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, p.Euid,
|
|
||||||
delimiter, p.Egid, delimiter, p.Ruid, delimiter, p.Rgid, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter,
|
|
||||||
p.Tid.Ttype, delimiter, PrintIpv6FromInt(p.Tid.Addr6))
|
|
||||||
}
|
|
||||||
if 0 == (flags & PRT_ONELINE) {
|
if 0 == (flags & PRT_ONELINE) {
|
||||||
fmt.Fprintf(file, "\n")
|
fmt.Fprintf(file, "\n")
|
||||||
}
|
}
|
||||||
@ -949,36 +901,16 @@ func (s *Subject64Ex) LoadFromBinary(file *os.File) error {
|
|||||||
err = binary.Read(file, binary.BigEndian, &s.Sid)
|
err = binary.Read(file, binary.BigEndian, &s.Sid)
|
||||||
if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Sid from file: %v", err) }
|
if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Sid from file: %v", err) }
|
||||||
|
|
||||||
err = binary.Read(file, binary.BigEndian, &s.Tid.Port)
|
err = binary.Read(file, binary.BigEndian, &s.Tid)
|
||||||
if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid.Port from file: %v", err) }
|
if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid from file: %v", err) }
|
||||||
|
|
||||||
err = binary.Read(file, binary.BigEndian, &s.Tid.Ttype)
|
|
||||||
if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid.Ttype from file: %v", err) }
|
|
||||||
|
|
||||||
err = binary.Read(file, binary.BigEndian, &s.Tid.IpVers)
|
|
||||||
if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid.IpVers from file: %v", err) }
|
|
||||||
|
|
||||||
if s.Tid.IpVers == 0x10 {
|
|
||||||
err = binary.Read(file, binary.BigEndian, &s.Tid.Addr6)
|
|
||||||
if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid.Addr6 from file: %v", err) }
|
|
||||||
} else if s.Tid.IpVers == 0x04 {
|
|
||||||
err = binary.Read(file, binary.BigEndian, &s.Tid.Addr4)
|
|
||||||
if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid.Addr4 from file: %v", err) }
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Subject64Ex) Print(file *os.File, delimiter string, flags int) {
|
func (s *Subject64Ex) Print(file *os.File, delimiter string, flags int) {
|
||||||
if s.Tid.IpVers == 0x04 {
|
fmt.Fprintf(file, "subject_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, s.Euid,
|
||||||
fmt.Fprintf(file, "subject_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, s.Euid,
|
|
||||||
delimiter, s.Egid, delimiter, s.Ruid, delimiter, s.Rgid, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter,
|
delimiter, s.Egid, delimiter, s.Ruid, delimiter, s.Rgid, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter,
|
||||||
s.Tid.Ttype, delimiter, PrintIpv4FromInt(s.Tid.Addr4))
|
s.Tid.Ttype, delimiter, PrintIpv6FromInt(s.Tid.Addr))
|
||||||
} else {
|
|
||||||
fmt.Fprintf(file, "subject_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, s.Euid,
|
|
||||||
delimiter, s.Egid, delimiter, s.Ruid, delimiter, s.Rgid, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter,
|
|
||||||
s.Tid.Ttype, delimiter, PrintIpv6FromInt(s.Tid.Addr6))
|
|
||||||
}
|
|
||||||
if 0 == (flags & PRT_ONELINE) {
|
if 0 == (flags & PRT_ONELINE) {
|
||||||
fmt.Fprintf(file, "\n")
|
fmt.Fprintf(file, "\n")
|
||||||
}
|
}
|
||||||
@ -1020,36 +952,16 @@ func (p *Process64Ex) LoadFromBinary(file *os.File) error {
|
|||||||
err = binary.Read(file, binary.BigEndian, &p.Sid)
|
err = binary.Read(file, binary.BigEndian, &p.Sid)
|
||||||
if err != nil { return fmt.Errorf("Unable to read Process64Ex.Sid from file: %v", err) }
|
if err != nil { return fmt.Errorf("Unable to read Process64Ex.Sid from file: %v", err) }
|
||||||
|
|
||||||
err = binary.Read(file, binary.BigEndian, &p.Tid.Port)
|
err = binary.Read(file, binary.BigEndian, &p.Tid)
|
||||||
if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid.Port from file: %v", err) }
|
if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid from file: %v", err) }
|
||||||
|
|
||||||
err = binary.Read(file, binary.BigEndian, &p.Tid.Ttype)
|
|
||||||
if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid.Ttype from file: %v", err) }
|
|
||||||
|
|
||||||
err = binary.Read(file, binary.BigEndian, &p.Tid.IpVers)
|
|
||||||
if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid.IpVers from file: %v", err) }
|
|
||||||
|
|
||||||
if p.Tid.IpVers == 0x10 {
|
|
||||||
err = binary.Read(file, binary.BigEndian, &p.Tid.Addr6)
|
|
||||||
if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid.Addr6 from file: %v", err) }
|
|
||||||
} else if p.Tid.IpVers == 0x04 {
|
|
||||||
err = binary.Read(file, binary.BigEndian, &p.Tid.Addr4)
|
|
||||||
if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid.Addr4 from file: %v", err) }
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *Process64Ex) Print(file *os.File, delimiter string, flags int) {
|
func (p *Process64Ex) Print(file *os.File, delimiter string, flags int) {
|
||||||
if p.Tid.IpVers == 0x04 {
|
fmt.Fprintf(file, "process_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, p.Euid,
|
||||||
fmt.Fprintf(file, "process_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, p.Euid,
|
|
||||||
delimiter, p.Egid, delimiter, p.Ruid, delimiter, p.Rgid, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter,
|
delimiter, p.Egid, delimiter, p.Ruid, delimiter, p.Rgid, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter,
|
||||||
p.Tid.Ttype, delimiter, PrintIpv4FromInt(p.Tid.Addr4))
|
p.Tid.Ttype, delimiter, PrintIpv6FromInt(p.Tid.Addr))
|
||||||
} else {
|
|
||||||
fmt.Fprintf(file, "process_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, p.Euid,
|
|
||||||
delimiter, p.Egid, delimiter, p.Ruid, delimiter, p.Rgid, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter,
|
|
||||||
p.Tid.Ttype, delimiter, PrintIpv6FromInt(p.Tid.Addr6))
|
|
||||||
}
|
|
||||||
if 0 == (flags & PRT_ONELINE) {
|
if 0 == (flags & PRT_ONELINE) {
|
||||||
fmt.Fprintf(file, "\n")
|
fmt.Fprintf(file, "\n")
|
||||||
}
|
}
|
||||||
@ -1287,37 +1199,6 @@ func (e *Exit) Print(file *os.File, delimiter string, flags int) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewText(t Text) *Text {
|
|
||||||
return &Text{
|
|
||||||
Length: t.Length,
|
|
||||||
Text: t.Text,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (t *Text) GetType() uint8 {
|
|
||||||
return AUT_TEXT
|
|
||||||
}
|
|
||||||
|
|
||||||
func (t *Text) LoadFromBinary(file *os.File) error {
|
|
||||||
err := binary.Read(file, binary.BigEndian, &t.Length)
|
|
||||||
if err != nil { return fmt.Errorf("Unable to read Text.Length from file: %v", err) }
|
|
||||||
|
|
||||||
|
|
||||||
text := make([]byte, t.Length)
|
|
||||||
err = binary.Read(file, binary.BigEndian, &text)
|
|
||||||
if err != nil { return fmt.Errorf("Unable to read Text.Text from file: %v", err) }
|
|
||||||
t.Text = text
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (t *Text) Print(file *os.File, delimiter string, flags int) {
|
|
||||||
fmt.Fprintf(file, "text%s%s", delimiter, t.Text)
|
|
||||||
if 0 == (flags & PRT_ONELINE) {
|
|
||||||
fmt.Fprintf(file, "\n")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func readRecordToStruct(file *os.File) (Record, error) {
|
func readRecordToStruct(file *os.File) (Record, error) {
|
||||||
var rec Record
|
var rec Record
|
||||||
|
|
||||||
@ -1413,11 +1294,6 @@ func readRecordToStruct(file *os.File) (Record, error) {
|
|||||||
err := p.LoadFromBinary(file)
|
err := p.LoadFromBinary(file)
|
||||||
if err != nil { return rec, fmt.Errorf("Unable to read file: %v", err) }
|
if err != nil { return rec, fmt.Errorf("Unable to read file: %v", err) }
|
||||||
return NewProcess64Ex(p), nil
|
return NewProcess64Ex(p), nil
|
||||||
case AUT_TEXT:
|
|
||||||
var t Text
|
|
||||||
err := t.LoadFromBinary(file)
|
|
||||||
if err != nil { return rec, fmt.Errorf("Unable to read file: %v", err) }
|
|
||||||
return NewText(t), nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
startOf, _ := file.Seek(0, io.SeekCurrent)
|
startOf, _ := file.Seek(0, io.SeekCurrent)
|
||||||
|
Loading…
Reference in New Issue
Block a user