Compare commits
3 Commits
bf76779fb5
...
501b371936
| Author | SHA1 | Date | |
|---|---|---|---|
| 501b371936 | |||
| 5970632c31 | |||
| 0c7c123fd9 |
164
libbsm.go
164
libbsm.go
@ -225,8 +225,9 @@ type Tid32 struct {
|
||||
type Tid32Ex struct {
|
||||
Port uint32
|
||||
Ttype uint32
|
||||
IpVers uint32 // 0x10 = IPv6
|
||||
Addr [4]uint32 // 4 bytes long if IpVers == 0x10, 1 byte long if IpVers == 4
|
||||
IpVers uint32 // 0x10 = IPv6, 0x04 = IPv4
|
||||
Addr4 uint32 // 4 bytes long if IpVers == 0x04
|
||||
Addr6 [4]uint32 // 4x4 bytes long if IpVers == 0x10
|
||||
}
|
||||
|
||||
type Subject64 struct {
|
||||
@ -264,8 +265,9 @@ type Tid64 struct {
|
||||
type Tid64Ex struct {
|
||||
Port uint64
|
||||
Ttype uint32
|
||||
IpVers uint32 // 0x10 = IPv6
|
||||
Addr [4]uint32
|
||||
IpVers uint32 // 0x10 = IPv6, 0x04 = IPv4
|
||||
Addr4 uint32
|
||||
Addr6 [4]uint32
|
||||
}
|
||||
|
||||
type Exit struct {
|
||||
@ -273,6 +275,12 @@ type Exit struct {
|
||||
Ret uint32
|
||||
}
|
||||
|
||||
type Text struct {
|
||||
Length uint16
|
||||
Text []byte
|
||||
}
|
||||
|
||||
|
||||
/* Utilities */
|
||||
func PrintIpv6FromInt(ipv6int [4]uint32) string {
|
||||
//return fmt.Sprintf("%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x",
|
||||
@ -696,16 +704,36 @@ func (s *Subject32Ex) LoadFromBinary(file *os.File) error {
|
||||
err = binary.Read(file, binary.BigEndian, &s.Sid)
|
||||
if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Sid from file: %v", err) }
|
||||
|
||||
err = binary.Read(file, binary.BigEndian, &s.Tid)
|
||||
if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid from file: %v", err) }
|
||||
err = binary.Read(file, binary.BigEndian, &s.Tid.Port)
|
||||
if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid.Port from file: %v", err) }
|
||||
|
||||
err = binary.Read(file, binary.BigEndian, &s.Tid.Ttype)
|
||||
if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid.Ttype from file: %v", err) }
|
||||
|
||||
err = binary.Read(file, binary.BigEndian, &s.Tid.IpVers)
|
||||
if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid.IpVers from file: %v", err) }
|
||||
|
||||
if s.Tid.IpVers == 0x10 {
|
||||
err = binary.Read(file, binary.BigEndian, &s.Tid.Addr6)
|
||||
if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid.Addr6 from file: %v", err) }
|
||||
} else if s.Tid.IpVers == 0x04 {
|
||||
err = binary.Read(file, binary.BigEndian, &s.Tid.Addr4)
|
||||
if err != nil { return fmt.Errorf("Unable to read Subject32Ex.Tid.Addr4 from file: %v", err) }
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Subject32Ex) Print(file *os.File, delimiter string, flags int) {
|
||||
fmt.Fprintf(file, "subject_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, s.Euid,
|
||||
if s.Tid.IpVers == 0x04 {
|
||||
fmt.Fprintf(file, "subject_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, s.Euid,
|
||||
delimiter, s.Egid, delimiter, s.Ruid, delimiter, s.Rgid, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter,
|
||||
s.Tid.Ttype, delimiter, PrintIpv6FromInt(s.Tid.Addr))
|
||||
s.Tid.Ttype, delimiter, PrintIpv4FromInt(s.Tid.Addr4))
|
||||
} else {
|
||||
fmt.Fprintf(file, "subject_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, s.Euid,
|
||||
delimiter, s.Egid, delimiter, s.Ruid, delimiter, s.Rgid, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter,
|
||||
s.Tid.Ttype, delimiter, PrintIpv6FromInt(s.Tid.Addr6))
|
||||
}
|
||||
if 0 == (flags & PRT_ONELINE) {
|
||||
fmt.Fprintf(file, "\n")
|
||||
}
|
||||
@ -748,16 +776,36 @@ func (p *Process32Ex) LoadFromBinary(file *os.File) error {
|
||||
err = binary.Read(file, binary.BigEndian, &p.Sid)
|
||||
if err != nil { return fmt.Errorf("Unable to read Process32Ex.Sid from file: %v", err) }
|
||||
|
||||
err = binary.Read(file, binary.BigEndian, &p.Tid)
|
||||
if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid from file: %v", err) }
|
||||
err = binary.Read(file, binary.BigEndian, &p.Tid.Port)
|
||||
if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid.Port from file: %v", err) }
|
||||
|
||||
err = binary.Read(file, binary.BigEndian, &p.Tid.Ttype)
|
||||
if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid.Ttype from file: %v", err) }
|
||||
|
||||
err = binary.Read(file, binary.BigEndian, &p.Tid.IpVers)
|
||||
if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid.IpVers from file: %v", err) }
|
||||
|
||||
if p.Tid.IpVers == 0x10 {
|
||||
err = binary.Read(file, binary.BigEndian, &p.Tid.Addr6)
|
||||
if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid.Addr6 from file: %v", err) }
|
||||
} else if p.Tid.IpVers == 0x04 {
|
||||
err = binary.Read(file, binary.BigEndian, &p.Tid.Addr4)
|
||||
if err != nil { return fmt.Errorf("Unable to read Process32Ex.Tid.Addr4 from file: %v", err) }
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *Process32Ex) Print(file *os.File, delimiter string, flags int) {
|
||||
fmt.Fprintf(file, "process_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, p.Euid,
|
||||
if p.Tid.IpVers == 0x04 {
|
||||
fmt.Fprintf(file, "process_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, p.Euid,
|
||||
delimiter, p.Egid, delimiter, p.Ruid, delimiter, p.Rgid, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter,
|
||||
p.Tid.Ttype, delimiter, PrintIpv6FromInt(p.Tid.Addr))
|
||||
p.Tid.Ttype, delimiter, PrintIpv4FromInt(p.Tid.Addr4))
|
||||
} else {
|
||||
fmt.Fprintf(file, "process_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, p.Euid,
|
||||
delimiter, p.Egid, delimiter, p.Ruid, delimiter, p.Rgid, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter,
|
||||
p.Tid.Ttype, delimiter, PrintIpv6FromInt(p.Tid.Addr6))
|
||||
}
|
||||
if 0 == (flags & PRT_ONELINE) {
|
||||
fmt.Fprintf(file, "\n")
|
||||
}
|
||||
@ -901,16 +949,36 @@ func (s *Subject64Ex) LoadFromBinary(file *os.File) error {
|
||||
err = binary.Read(file, binary.BigEndian, &s.Sid)
|
||||
if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Sid from file: %v", err) }
|
||||
|
||||
err = binary.Read(file, binary.BigEndian, &s.Tid)
|
||||
if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid from file: %v", err) }
|
||||
err = binary.Read(file, binary.BigEndian, &s.Tid.Port)
|
||||
if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid.Port from file: %v", err) }
|
||||
|
||||
err = binary.Read(file, binary.BigEndian, &s.Tid.Ttype)
|
||||
if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid.Ttype from file: %v", err) }
|
||||
|
||||
err = binary.Read(file, binary.BigEndian, &s.Tid.IpVers)
|
||||
if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid.IpVers from file: %v", err) }
|
||||
|
||||
if s.Tid.IpVers == 0x10 {
|
||||
err = binary.Read(file, binary.BigEndian, &s.Tid.Addr6)
|
||||
if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid.Addr6 from file: %v", err) }
|
||||
} else if s.Tid.IpVers == 0x04 {
|
||||
err = binary.Read(file, binary.BigEndian, &s.Tid.Addr4)
|
||||
if err != nil { return fmt.Errorf("Unable to read Subject64Ex.Tid.Addr4 from file: %v", err) }
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *Subject64Ex) Print(file *os.File, delimiter string, flags int) {
|
||||
fmt.Fprintf(file, "subject_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, s.Euid,
|
||||
if s.Tid.IpVers == 0x04 {
|
||||
fmt.Fprintf(file, "subject_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, s.Euid,
|
||||
delimiter, s.Egid, delimiter, s.Ruid, delimiter, s.Rgid, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter,
|
||||
s.Tid.Ttype, delimiter, PrintIpv6FromInt(s.Tid.Addr))
|
||||
s.Tid.Ttype, delimiter, PrintIpv4FromInt(s.Tid.Addr4))
|
||||
} else {
|
||||
fmt.Fprintf(file, "subject_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, s.Auid, delimiter, s.Euid,
|
||||
delimiter, s.Egid, delimiter, s.Ruid, delimiter, s.Rgid, delimiter, s.Sid, delimiter, s.Tid.Port, delimiter,
|
||||
s.Tid.Ttype, delimiter, PrintIpv6FromInt(s.Tid.Addr6))
|
||||
}
|
||||
if 0 == (flags & PRT_ONELINE) {
|
||||
fmt.Fprintf(file, "\n")
|
||||
}
|
||||
@ -952,16 +1020,36 @@ func (p *Process64Ex) LoadFromBinary(file *os.File) error {
|
||||
err = binary.Read(file, binary.BigEndian, &p.Sid)
|
||||
if err != nil { return fmt.Errorf("Unable to read Process64Ex.Sid from file: %v", err) }
|
||||
|
||||
err = binary.Read(file, binary.BigEndian, &p.Tid)
|
||||
if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid from file: %v", err) }
|
||||
err = binary.Read(file, binary.BigEndian, &p.Tid.Port)
|
||||
if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid.Port from file: %v", err) }
|
||||
|
||||
err = binary.Read(file, binary.BigEndian, &p.Tid.Ttype)
|
||||
if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid.Ttype from file: %v", err) }
|
||||
|
||||
err = binary.Read(file, binary.BigEndian, &p.Tid.IpVers)
|
||||
if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid.IpVers from file: %v", err) }
|
||||
|
||||
if p.Tid.IpVers == 0x10 {
|
||||
err = binary.Read(file, binary.BigEndian, &p.Tid.Addr6)
|
||||
if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid.Addr6 from file: %v", err) }
|
||||
} else if p.Tid.IpVers == 0x04 {
|
||||
err = binary.Read(file, binary.BigEndian, &p.Tid.Addr4)
|
||||
if err != nil { return fmt.Errorf("Unable to read Process64Ex.Tid.Addr4 from file: %v", err) }
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (p *Process64Ex) Print(file *os.File, delimiter string, flags int) {
|
||||
fmt.Fprintf(file, "process_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, p.Euid,
|
||||
if p.Tid.IpVers == 0x04 {
|
||||
fmt.Fprintf(file, "process_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, p.Euid,
|
||||
delimiter, p.Egid, delimiter, p.Ruid, delimiter, p.Rgid, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter,
|
||||
p.Tid.Ttype, delimiter, PrintIpv6FromInt(p.Tid.Addr))
|
||||
p.Tid.Ttype, delimiter, PrintIpv4FromInt(p.Tid.Addr4))
|
||||
} else {
|
||||
fmt.Fprintf(file, "process_ex%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%v%s%s", delimiter, p.Auid, delimiter, p.Euid,
|
||||
delimiter, p.Egid, delimiter, p.Ruid, delimiter, p.Rgid, delimiter, p.Sid, delimiter, p.Tid.Port, delimiter,
|
||||
p.Tid.Ttype, delimiter, PrintIpv6FromInt(p.Tid.Addr6))
|
||||
}
|
||||
if 0 == (flags & PRT_ONELINE) {
|
||||
fmt.Fprintf(file, "\n")
|
||||
}
|
||||
@ -1199,6 +1287,37 @@ func (e *Exit) Print(file *os.File, delimiter string, flags int) {
|
||||
}
|
||||
}
|
||||
|
||||
func NewText(t Text) *Text {
|
||||
return &Text{
|
||||
Length: t.Length,
|
||||
Text: t.Text,
|
||||
}
|
||||
}
|
||||
|
||||
func (t *Text) GetType() uint8 {
|
||||
return AUT_TEXT
|
||||
}
|
||||
|
||||
func (t *Text) LoadFromBinary(file *os.File) error {
|
||||
err := binary.Read(file, binary.BigEndian, &t.Length)
|
||||
if err != nil { return fmt.Errorf("Unable to read Text.Length from file: %v", err) }
|
||||
|
||||
|
||||
text := make([]byte, t.Length)
|
||||
err = binary.Read(file, binary.BigEndian, &text)
|
||||
if err != nil { return fmt.Errorf("Unable to read Text.Text from file: %v", err) }
|
||||
t.Text = text
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (t *Text) Print(file *os.File, delimiter string, flags int) {
|
||||
fmt.Fprintf(file, "text%s%s", delimiter, t.Text)
|
||||
if 0 == (flags & PRT_ONELINE) {
|
||||
fmt.Fprintf(file, "\n")
|
||||
}
|
||||
}
|
||||
|
||||
func readRecordToStruct(file *os.File) (Record, error) {
|
||||
var rec Record
|
||||
|
||||
@ -1294,6 +1413,11 @@ func readRecordToStruct(file *os.File) (Record, error) {
|
||||
err := p.LoadFromBinary(file)
|
||||
if err != nil { return rec, fmt.Errorf("Unable to read file: %v", err) }
|
||||
return NewProcess64Ex(p), nil
|
||||
case AUT_TEXT:
|
||||
var t Text
|
||||
err := t.LoadFromBinary(file)
|
||||
if err != nil { return rec, fmt.Errorf("Unable to read file: %v", err) }
|
||||
return NewText(t), nil
|
||||
}
|
||||
|
||||
startOf, _ := file.Seek(0, io.SeekCurrent)
|
||||
|
||||
Reference in New Issue
Block a user