yo/libbsm
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: yo:v.0.5
Branches Tags
yo:master
yo:v0.6.3 yo:v0.6.2 yo:v0.6.1 yo:v0.6 yo:v0.5.9c yo:v.0.5 yo:v.0.4 yo:v.0.3 yo:v.0.2
...
compare: yo:517bae6dd8d465a2f828d512ee7270c1f1695599
Branches Tags
yo:master
yo:v0.6.3 yo:v0.6.2 yo:v0.6.1 yo:v0.6 yo:v0.5.9c yo:v.0.5 yo:v.0.4 yo:v.0.3 yo:v.0.2

5 Commits
v.0.5 ... 517bae6dd8

Author SHA1 Message Date
yo
517bae6dd8 Add error messages 2023-01-17 20:50:44 +01:00
yo
744f087e6c More err check, https://github.com/openbsm/openbsm/pull/75 workaround 2023-01-17 20:50:44 +01:00
yo
9218ae6daa Code formatting 2022-07-01 17:20:56 +02:00
yo
dcecaf6c62 Code formatting 2022-07-01 17:15:54 +02:00
yo
8d87cc12c4 BUGFIX: *id were not displayed correctly using -n 2022-07-01 12:12:08 +02:00
3 changed files with 735 additions and 257 deletions
Expand all files Collapse all files

460
bsmerrno.go Normal file
View File

@ -0,0 +1,460 @@
// This is an implementation of libbsm
// Copyright johan@nosd.in 2023
//
//go:build freebsd
// +build freebsd
//
package main
import (
"fmt"
)
type BsmErrno struct {
Errno uint8
LocalErrno uint16
StrError string
}
const (
// From https://github.com/freebsd/freebsd-src/blob/main/sys/sys/errno.h
EPERM = 1 /* Operation not permitted */
ENOENT = 2 /* No such file or directory */
ESRCH = 3 /* No such process */
EINTR = 4 /* Interrupted system call */
EIO = 5 /* Input/output error */
ENXIO = 6 /* Device not configured */
E2BIG = 7 /* Argument list too long */
ENOEXEC = 8 /* Exec format error */
EBADF = 9 /* Bad file descriptor */
ECHILD = 10 /* No child processes */
EDEADLK = 11 /* Resource deadlock avoided */
ENOMEM = 12 /* Cannot allocate memory */
EACCES = 13 /* Permission denied */
EFAULT = 14 /* Bad address */
ENOTBLK = 15 /* Block device required */
EBUSY = 16 /* Device busy */
EEXIST = 17 /* File exists */
EXDEV = 18 /* Cross-device link */
ENODEV = 19 /* Operation not supported by device */
ENOTDIR = 20 /* Not a directory */
EISDIR = 21 /* Is a directory */
EINVAL = 22 /* Invalid argument */
ENFILE = 23 /* Too many open files in system */
EMFILE = 24 /* Too many open files */
ENOTTY = 25 /* Inappropriate ioctl for device */
ETXTBSY = 26 /* Text file busy */
EFBIG = 27 /* File too large */
ENOSPC = 28 /* No space left on device */
ESPIPE = 29 /* Illegal seek */
EROFS = 30 /* Read-only filesystem */
EMLINK = 31 /* Too many links */
EPIPE = 32 /* Broken pipe */
EDOM = 33 /* Numerical argument out of domain */
ERANGE = 34 /* Result too large */
EAGAIN = 35 /* Resource temporarily unavailable */
EWOULDBLOCK = EAGAIN /* Operation would block */
EINPROGRESS = 36 /* Operation now in progress */
EALREADY = 37 /* Operation already in progress */
ENOTSOCK = 38 /* Socket operation on non-socket */
EDESTADDRREQ = 39 /* Destination address required */
EMSGSIZE = 40 /* Message too long */
EPROTOTYPE = 41 /* Protocol wrong type for socket */
ENOPROTOOPT = 42 /* Protocol not available */
EPROTONOSUPPORT = 43 /* Protocol not supported */
ESOCKTNOSUPPORT = 44 /* Socket type not supported */
EOPNOTSUPP = 45 /* Operation not supported */
ENOTSUP = EOPNOTSUPP /* Operation not supported */
EPFNOSUPPORT = 46 /* Protocol family not supported */
EAFNOSUPPORT = 47 /* Address family not supported by protocol family */
EADDRINUSE = 48 /* Address already in use */
EADDRNOTAVAIL = 49 /* Can't assign requested address */
ENETDOWN = 50 /* Network is down */
ENETUNREACH = 51 /* Network is unreachable */
ENETRESET = 52 /* Network dropped connection on reset */
ECONNABORTED = 53 /* Software caused connection abort */
ECONNRESET = 54 /* Connection reset by peer */
ENOBUFS = 55 /* No buffer space available */
EISCONN = 56 /* Socket is already connected */
ENOTCONN = 57 /* Socket is not connected */
ESHUTDOWN = 58 /* Can't send after socket shutdown */
ETOOMANYREFS = 59 /* Too many references: can't splice */
ETIMEDOUT = 60 /* Operation timed out */
ECONNREFUSED = 61 /* Connection refused */
ELOOP = 62 /* Too many levels of symbolic links */
ENAMETOOLONG = 63 /* File name too long */
EHOSTDOWN = 64 /* Host is down */
EHOSTUNREACH = 65 /* No route to host */
ENOTEMPTY = 66 /* Directory not empty */
EPROCLIM = 67 /* Too many processes */
EUSERS = 68 /* Too many users */
EDQUOT = 69 /* Disc quota exceeded */
ESTALE = 70 /* Stale NFS file handle */
EREMOTE = 71 /* Too many levels of remote in path */
EBADRPC = 72 /* RPC struct is bad */
ERPCMISMATCH = 73 /* RPC version wrong */
EPROGUNAVAIL = 74 /* RPC prog. not avail */
EPROGMISMATCH = 75 /* Program version wrong */
EPROCUNAVAIL = 76 /* Bad procedure for program */
ENOLCK = 77 /* No locks available */
ENOSYS = 78 /* Function not implemented */
EFTYPE = 79 /* Inappropriate file type or format */
EAUTH = 80 /* Authentication error */
ENEEDAUTH = 81 /* Need authenticator */
EIDRM = 82 /* Identifier removed */
ENOMSG = 83 /* No message of desired type */
EOVERFLOW = 84 /* Value too large to be stored in data type */
ECANCELED = 85 /* Operation canceled */
EILSEQ = 86 /* Illegal byte sequence */
ENOATTR = 87 /* Attribute not found */
EDOOFUS = 88 /* Programming error */
EBADMSG = 89 /* Bad message */
EMULTIHOP = 90 /* Multihop attempted */
ENOLINK = 91 /* Link has been severed */
EPROTO = 92 /* Protocol error */
ENOTCAPABLE = 93 /* Capabilities insufficient */
ECAPMODE = 94 /* Not permitted in capability mode */
ENOTRECOVERABLE = 95 /* State not recoverable */
EOWNERDEAD = 96 /* Previous owner died */
EINTEGRITY = 97 /* Integrity check failed */
// From https://github.com/freebsd/freebsd-src/blob/373ffc62c158e52cde86a5b934ab4a51307f9f2e/contrib/openbsm/sys/bsm/audit_errno.h
BSM_ERRNO_ESUCCESS = 0
BSM_ERRNO_EPERM = 1
BSM_ERRNO_ENOENT = 2
BSM_ERRNO_ESRCH = 3
BSM_ERRNO_EINTR = 4
BSM_ERRNO_EIO = 5
BSM_ERRNO_ENXIO = 6
BSM_ERRNO_E2BIG = 7
BSM_ERRNO_ENOEXEC = 8
BSM_ERRNO_EBADF = 9
BSM_ERRNO_ECHILD = 10
BSM_ERRNO_EAGAIN = 11
BSM_ERRNO_ENOMEM = 12
BSM_ERRNO_EACCES = 13
BSM_ERRNO_EFAULT = 14
BSM_ERRNO_ENOTBLK = 15
BSM_ERRNO_EBUSY = 16
BSM_ERRNO_EEXIST = 17
BSM_ERRNO_EXDEV = 18
BSM_ERRNO_ENODEV = 19
BSM_ERRNO_ENOTDIR = 20
BSM_ERRNO_EISDIR = 21
BSM_ERRNO_EINVAL = 22
BSM_ERRNO_ENFILE = 23
BSM_ERRNO_EMFILE = 24
BSM_ERRNO_ENOTTY = 25
BSM_ERRNO_ETXTBSY = 26
BSM_ERRNO_EFBIG = 27
BSM_ERRNO_ENOSPC = 28
BSM_ERRNO_ESPIPE = 29
BSM_ERRNO_EROFS = 30
BSM_ERRNO_EMLINK = 31
BSM_ERRNO_EPIPE = 32
BSM_ERRNO_EDOM = 33
BSM_ERRNO_ERANGE = 34
BSM_ERRNO_ENOMSG = 35
BSM_ERRNO_EIDRM = 36
BSM_ERRNO_ECHRNG = 37 /* Solaris/Linux-specific. */
BSM_ERRNO_EL2NSYNC = 38 /* Solaris/Linux-specific. */
BSM_ERRNO_EL3HLT = 39 /* Solaris/Linux-specific. */
BSM_ERRNO_EL3RST = 40 /* Solaris/Linux-specific. */
BSM_ERRNO_ELNRNG = 41 /* Solaris/Linux-specific. */
BSM_ERRNO_EUNATCH = 42 /* Solaris/Linux-specific. */
BSM_ERRNO_ENOCSI = 43 /* Solaris/Linux-specific. */
BSM_ERRNO_EL2HLT = 44 /* Solaris/Linux-specific. */
BSM_ERRNO_EDEADLK = 45
BSM_ERRNO_ENOLCK = 46
BSM_ERRNO_ECANCELED = 47
BSM_ERRNO_ENOTSUP = 48
BSM_ERRNO_EDQUOT = 49
BSM_ERRNO_EBADE = 50 /* Solaris/Linux-specific. */
BSM_ERRNO_EBADR = 51 /* Solaris/Linux-specific. */
BSM_ERRNO_EXFULL = 52 /* Solaris/Linux-specific. */
BSM_ERRNO_ENOANO = 53 /* Solaris/Linux-specific. */
BSM_ERRNO_EBADRQC = 54 /* Solaris/Linux-specific. */
BSM_ERRNO_EBADSLT = 55 /* Solaris/Linux-specific. */
BSM_ERRNO_EDEADLOCK = 56 /* Solaris-specific. */
BSM_ERRNO_EBFONT = 57 /* Solaris/Linux-specific. */
BSM_ERRNO_EOWNERDEAD = 58 /* Solaris/Linux-specific. */
BSM_ERRNO_ENOTRECOVERABLE = 59 /* Solaris/Linux-specific. */
BSM_ERRNO_ENOSTR = 60 /* Solaris/Darwin/Linux-specific. */
BSM_ERRNO_ENODATA = 61 /* Solaris/Darwin/Linux-specific. */
BSM_ERRNO_ETIME = 62 /* Solaris/Darwin/Linux-specific. */
BSM_ERRNO_ENOSR = 63 /* Solaris/Darwin/Linux-specific. */
BSM_ERRNO_ENONET = 64 /* Solaris/Linux-specific. */
BSM_ERRNO_ENOPKG = 65 /* Solaris/Linux-specific. */
BSM_ERRNO_EREMOTE = 66
BSM_ERRNO_ENOLINK = 67
BSM_ERRNO_EADV = 68 /* Solaris/Linux-specific. */
BSM_ERRNO_ESRMNT = 69 /* Solaris/Linux-specific. */
BSM_ERRNO_ECOMM = 70 /* Solaris/Linux-specific. */
BSM_ERRNO_EPROTO = 71
BSM_ERRNO_ELOCKUNMAPPED = 72 /* Solaris-specific. */
BSM_ERRNO_ENOTACTIVE = 73 /* Solaris-specific. */
BSM_ERRNO_EMULTIHOP = 74
BSM_ERRNO_EBADMSG = 77
BSM_ERRNO_ENAMETOOLONG = 78
BSM_ERRNO_EOVERFLOW = 79
BSM_ERRNO_ENOTUNIQ = 80 /* Solaris/Linux-specific. */
BSM_ERRNO_EBADFD = 81 /* Solaris/Linux-specific. */
BSM_ERRNO_EREMCHG = 82 /* Solaris/Linux-specific. */
BSM_ERRNO_ELIBACC = 83 /* Solaris/Linux-specific. */
BSM_ERRNO_ELIBBAD = 84 /* Solaris/Linux-specific. */
BSM_ERRNO_ELIBSCN = 85 /* Solaris/Linux-specific. */
BSM_ERRNO_ELIBMAX = 86 /* Solaris/Linux-specific. */
BSM_ERRNO_ELIBEXEC = 87 /* Solaris/Linux-specific. */
BSM_ERRNO_EILSEQ = 88
BSM_ERRNO_ENOSYS = 89
BSM_ERRNO_ELOOP = 90
BSM_ERRNO_ERESTART = 91
BSM_ERRNO_ESTRPIPE = 92 /* Solaris/Linux-specific. */
BSM_ERRNO_ENOTEMPTY = 93
BSM_ERRNO_EUSERS = 94
BSM_ERRNO_ENOTSOCK = 95
BSM_ERRNO_EDESTADDRREQ = 96
BSM_ERRNO_EMSGSIZE = 97
BSM_ERRNO_EPROTOTYPE = 98
BSM_ERRNO_ENOPROTOOPT = 99
BSM_ERRNO_EPROTONOSUPPORT = 120
BSM_ERRNO_ESOCKTNOSUPPORT = 121
BSM_ERRNO_EOPNOTSUPP = 122
BSM_ERRNO_EPFNOSUPPORT = 123
BSM_ERRNO_EAFNOSUPPORT = 124
BSM_ERRNO_EADDRINUSE = 125
BSM_ERRNO_EADDRNOTAVAIL = 126
BSM_ERRNO_ENETDOWN = 127
BSM_ERRNO_ENETUNREACH = 128
BSM_ERRNO_ENETRESET = 129
BSM_ERRNO_ECONNABORTED = 130
BSM_ERRNO_ECONNRESET = 131
BSM_ERRNO_ENOBUFS = 132
BSM_ERRNO_EISCONN = 133
BSM_ERRNO_ENOTCONN = 134
BSM_ERRNO_ESHUTDOWN = 143
BSM_ERRNO_ETOOMANYREFS = 144
BSM_ERRNO_ETIMEDOUT = 145
BSM_ERRNO_ECONNREFUSED = 146
BSM_ERRNO_EHOSTDOWN = 147
BSM_ERRNO_EHOSTUNREACH = 148
BSM_ERRNO_EALREADY = 149
BSM_ERRNO_EINPROGRESS = 150
BSM_ERRNO_ESTALE = 151
BSM_ERRNO_EPROCLIM = 190 /* FreeBSD/Darwin-specific. */
BSM_ERRNO_EBADRPC = 191 /* FreeBSD/Darwin-specific. */
BSM_ERRNO_ERPCMISMATCH = 192 /* FreeBSD/Darwin-specific. */
BSM_ERRNO_EPROGUNAVAIL = 193 /* FreeBSD/Darwin-specific. */
BSM_ERRNO_EPROGMISMATCH = 194 /* FreeBSD/Darwin-specific. */
BSM_ERRNO_EPROCUNAVAIL = 195 /* FreeBSD/Darwin-specific. */
BSM_ERRNO_EFTYPE = 196 /* FreeBSD/Darwin-specific. */
BSM_ERRNO_EAUTH = 197 /* FreeBSD/Darwin-specific. */
BSM_ERRNO_ENEEDAUTH = 198 /* FreeBSD/Darwin-specific. */
BSM_ERRNO_ENOATTR = 199 /* FreeBSD/Darwin-specific. */
BSM_ERRNO_EDOOFUS = 200 /* FreeBSD-specific. */
BSM_ERRNO_EJUSTRETURN = 201 /* FreeBSD-specific. */
BSM_ERRNO_ENOIOCTL = 202 /* FreeBSD-specific. */
BSM_ERRNO_EDIRIOCTL = 203 /* FreeBSD-specific. */
BSM_ERRNO_EPWROFF = 204 /* Darwin-specific. */
BSM_ERRNO_EDEVERR = 205 /* Darwin-specific. */
BSM_ERRNO_EBADEXEC = 206 /* Darwin-specific. */
BSM_ERRNO_EBADARCH = 207 /* Darwin-specific. */
BSM_ERRNO_ESHLIBVERS = 208 /* Darwin-specific. */
BSM_ERRNO_EBADMACHO = 209 /* Darwin-specific. */
BSM_ERRNO_EPOLICY = 210 /* Darwin-specific. */
BSM_ERRNO_EDOTDOT = 211 /* Linux-specific. */
BSM_ERRNO_EUCLEAN = 212 /* Linux-specific. */
BSM_ERRNO_ENOTNAM = 213 /* Linux(Xenix?)-specific. */
BSM_ERRNO_ENAVAIL = 214 /* Linux(Xenix?)-specific. */
BSM_ERRNO_EISNAM = 215 /* Linux(Xenix?)-specific. */
BSM_ERRNO_EREMOTEIO = 216 /* Linux-specific. */
BSM_ERRNO_ENOMEDIUM = 217 /* Linux-specific. */
BSM_ERRNO_EMEDIUMTYPE = 218 /* Linux-specific. */
BSM_ERRNO_ENOKEY = 219 /* Linux-specific. */
BSM_ERRNO_EKEYEXPIRED = 220 /* Linux-specific. */
BSM_ERRNO_EKEYREVOKED = 221 /* Linux-specific. */
BSM_ERRNO_EKEYREJECTED = 222 /* Linux-specific. */
BSM_ERRNO_ENOTCAPABLE = 223 /* FreeBSD-specific. */
BSM_ERRNO_ECAPMODE = 224 /* FreeBSD-specific. */
BSM_ERRNO_EINTEGRITY = 225 /* FreeBSD-specific. */
BSM_ERRNO_UNKNOWN = 250 /* OpenBSM-specific. */
// From https://github.com/freebsd/freebsd-src/blob/373ffc62c158e52cde86a5b934ab4a51307f9f2e/sys/security/audit/bsm_errno.c
// But we dont want to use int16, so use 255
//ERRNO_NO_LOCAL_MAPPING int16 = -600
ERRNO_NO_LOCAL_MAPPING = 255
)
var (
BsmErrnos = []BsmErrno{
{BSM_ERRNO_ESUCCESS, 0, "Success"},
{BSM_ERRNO_EPERM, EPERM, "Operation not permitted"},
{BSM_ERRNO_ENOENT, ENOENT, "No such file or directory"},
{BSM_ERRNO_ESRCH, ESRCH, "No such process"},
{BSM_ERRNO_EINTR, EINTR, "Interrupted system call"},
{BSM_ERRNO_EIO, EIO, "Input/output error"},
{BSM_ERRNO_ENXIO, ENXIO, "Device not configured"},
{BSM_ERRNO_E2BIG, E2BIG, "Argument list too long"},
{BSM_ERRNO_ENOEXEC, ENOEXEC, "Exec format error"},
{BSM_ERRNO_EBADF, EBADF, "Bad file descriptor"},
{BSM_ERRNO_ECHILD, ECHILD, "No child processes"},
{BSM_ERRNO_EAGAIN, EAGAIN, "Resource temporarily unavailable"},
{BSM_ERRNO_ENOMEM, ENOMEM, "Cannot allocate memory"},
{BSM_ERRNO_EACCES, EACCES, "Permission denied"},
{BSM_ERRNO_EFAULT, EFAULT, "Bad address"},
{BSM_ERRNO_ENOTBLK, ENOTBLK, "Block device required"},
{BSM_ERRNO_EBUSY, EBUSY, "Device busy"},
{BSM_ERRNO_EEXIST, EEXIST, "File exists"},
{BSM_ERRNO_EXDEV, EXDEV, "Cross-device link"},
{BSM_ERRNO_ENODEV, ENODEV, "Operation not supported by device"},
{BSM_ERRNO_ENOTDIR, ENOTDIR, "Not a directory"},
{BSM_ERRNO_EISDIR, EISDIR, "Is a directory"},
{BSM_ERRNO_EINVAL, EINVAL, "Invalid argument"},
{BSM_ERRNO_ENFILE, ENFILE, "Too many open files in system"},
{BSM_ERRNO_EMFILE, EMFILE, "Too many open files"},
{BSM_ERRNO_ENOTTY, ENOTTY, "Inappropriate ioctl for device"},
{BSM_ERRNO_ETXTBSY, ETXTBSY, "Text file busy"},
{BSM_ERRNO_EFBIG, EFBIG, "File too large"},
{BSM_ERRNO_ENOSPC, ENOSPC, "No space left on device"},
{BSM_ERRNO_ESPIPE, ESPIPE, "Illegal seek"},
{BSM_ERRNO_EROFS, EROFS, "Read-only file system"},
{BSM_ERRNO_EMLINK, EMLINK, "Too many links"},
{BSM_ERRNO_EPIPE, EPIPE, "Broken pipe"},
{BSM_ERRNO_EDOM, EDOM, "Numerical argument out of domain"},
{BSM_ERRNO_ERANGE, ERANGE, "Result too large"},
{BSM_ERRNO_ENOMSG, ENOMSG, "No message of desired type"},
{BSM_ERRNO_EIDRM, EIDRM, "Identifier removed"},
{BSM_ERRNO_ECHRNG, ERRNO_NO_LOCAL_MAPPING, "Channel number out of range"},
{BSM_ERRNO_EL2NSYNC, ERRNO_NO_LOCAL_MAPPING, "Level 2 not synchronized"},
{BSM_ERRNO_EL3HLT, ERRNO_NO_LOCAL_MAPPING, "Level 3 halted"},
{BSM_ERRNO_EL3RST, ERRNO_NO_LOCAL_MAPPING, "Level 3 reset"},
{BSM_ERRNO_ELNRNG, ERRNO_NO_LOCAL_MAPPING, "Link number out of range"},
{BSM_ERRNO_EUNATCH, ERRNO_NO_LOCAL_MAPPING, "Protocol driver not attached"},
{BSM_ERRNO_ENOCSI, ERRNO_NO_LOCAL_MAPPING, "No CSI structure available"},
{BSM_ERRNO_EL2HLT, ERRNO_NO_LOCAL_MAPPING, "Level 2 halted"},
{BSM_ERRNO_EDEADLK, EDEADLK, "Resource deadlock avoided"},
{BSM_ERRNO_ENOLCK, ENOLCK, "No locks available"},
{BSM_ERRNO_ECANCELED, ECANCELED, "Operation canceled"},
{BSM_ERRNO_ENOTSUP, ENOTSUP, "Operation not supported"},
{BSM_ERRNO_EDQUOT, EDQUOT, "Disc quota exceeded"},
{BSM_ERRNO_EBADE, ERRNO_NO_LOCAL_MAPPING, "Invalid exchange"},
{BSM_ERRNO_EBADR, ERRNO_NO_LOCAL_MAPPING, "Invalid request descriptor"},
{BSM_ERRNO_EXFULL, ERRNO_NO_LOCAL_MAPPING, "Exchange full"},
{BSM_ERRNO_ENOANO, ERRNO_NO_LOCAL_MAPPING, "No anode"},
{BSM_ERRNO_EBADRQC, ERRNO_NO_LOCAL_MAPPING, "Invalid request descriptor"},
{BSM_ERRNO_EBADSLT, ERRNO_NO_LOCAL_MAPPING, "Invalid slot"},
{BSM_ERRNO_EDEADLOCK, ERRNO_NO_LOCAL_MAPPING, "Resource deadlock avoided"},
{BSM_ERRNO_EBFONT, ERRNO_NO_LOCAL_MAPPING, "Bad font file format"},
{BSM_ERRNO_EOWNERDEAD, ERRNO_NO_LOCAL_MAPPING, "Process died with the lock"},
{BSM_ERRNO_EINTEGRITY, ERRNO_NO_LOCAL_MAPPING, "Integrity check failed"},
{BSM_ERRNO_ENOTRECOVERABLE, ERRNO_NO_LOCAL_MAPPING, "Lock is not recoverable"},
{BSM_ERRNO_ENOSTR, ERRNO_NO_LOCAL_MAPPING, "Device not a stream"},
{BSM_ERRNO_ENONET, ERRNO_NO_LOCAL_MAPPING, "Machine is not on the network"},
{BSM_ERRNO_ENOPKG, ERRNO_NO_LOCAL_MAPPING, "Package not installed"},
{BSM_ERRNO_EREMOTE, EREMOTE, "Too many levels of remote in path"},
{BSM_ERRNO_ENOLINK, ERRNO_NO_LOCAL_MAPPING, "Link has been severed"},
{BSM_ERRNO_EADV, ERRNO_NO_LOCAL_MAPPING, "Advertise error"},
{BSM_ERRNO_ESRMNT, ERRNO_NO_LOCAL_MAPPING, "srmount error"},
{BSM_ERRNO_ECOMM, ERRNO_NO_LOCAL_MAPPING, "Communication error on send"},
{BSM_ERRNO_EPROTO, ERRNO_NO_LOCAL_MAPPING, "Protocol error"},
{BSM_ERRNO_ELOCKUNMAPPED, ERRNO_NO_LOCAL_MAPPING, "Locked lock was unmapped"},
{BSM_ERRNO_ENOTACTIVE, ERRNO_NO_LOCAL_MAPPING, "Facility is not active"},
{BSM_ERRNO_EMULTIHOP, ERRNO_NO_LOCAL_MAPPING, "Multihop attempted"},
{BSM_ERRNO_EBADMSG, ERRNO_NO_LOCAL_MAPPING, "Bad message"},
{BSM_ERRNO_ENAMETOOLONG, ENAMETOOLONG, "File name too long"},
{BSM_ERRNO_EOVERFLOW, EOVERFLOW, "Value too large to be stored in data type"},
{BSM_ERRNO_ENOTUNIQ, ERRNO_NO_LOCAL_MAPPING, "Given log name not unique"},
{BSM_ERRNO_EBADFD, ERRNO_NO_LOCAL_MAPPING, "Given f.d. invalid for this operation"},
{BSM_ERRNO_EREMCHG, ERRNO_NO_LOCAL_MAPPING, "Remote address changed"},
{BSM_ERRNO_ELIBACC, ERRNO_NO_LOCAL_MAPPING, "Can't access a needed shared lib"},
{BSM_ERRNO_ELIBBAD, ERRNO_NO_LOCAL_MAPPING, "Accessing a corrupted shared lib"},
{BSM_ERRNO_ELIBSCN, ERRNO_NO_LOCAL_MAPPING, ".lib section in a.out corrupted"},
{BSM_ERRNO_ELIBMAX, ERRNO_NO_LOCAL_MAPPING, "Attempting to link in too many libs"},
{BSM_ERRNO_ELIBEXEC, ERRNO_NO_LOCAL_MAPPING, "Attempting to exec a shared library"},
{BSM_ERRNO_EILSEQ, EILSEQ, "Illegal byte sequence"},
{BSM_ERRNO_ENOSYS, ENOSYS, "Function not implemented"},
{BSM_ERRNO_ELOOP, ELOOP, "Too many levels of symbolic links"},
{BSM_ERRNO_ERESTART, ERRNO_NO_LOCAL_MAPPING, "Restart syscall"},
{BSM_ERRNO_ESTRPIPE, ERRNO_NO_LOCAL_MAPPING, "If pipe/FIFO, don't sleep in stream head"},
{BSM_ERRNO_ENOTEMPTY, ENOTEMPTY, "Directory not empty"},
{BSM_ERRNO_EUSERS, EUSERS, "Too many users"},
{BSM_ERRNO_ENOTSOCK, ENOTSOCK, "Socket operation on non-socket"},
{BSM_ERRNO_EDESTADDRREQ, EDESTADDRREQ, "Destination address required"},
{BSM_ERRNO_EMSGSIZE, EMSGSIZE, "Message too long"},
{BSM_ERRNO_EPROTOTYPE, EPROTOTYPE, "Protocol wrong type for socket"},
{BSM_ERRNO_ENOPROTOOPT, ENOPROTOOPT, "Protocol not available"},
{BSM_ERRNO_EPROTONOSUPPORT, EPROTONOSUPPORT, "Protocol not supported"},
{BSM_ERRNO_ESOCKTNOSUPPORT, ESOCKTNOSUPPORT, "Socket type not supported"},
{BSM_ERRNO_EOPNOTSUPP, EOPNOTSUPP, "Operation not supported"},
{BSM_ERRNO_EPFNOSUPPORT, EPFNOSUPPORT, "Protocol family not supported"},
{BSM_ERRNO_EAFNOSUPPORT, EAFNOSUPPORT, "Address family not supported by protocol family"},
{BSM_ERRNO_EADDRINUSE, EADDRINUSE, "Address already in use"},
{BSM_ERRNO_EADDRNOTAVAIL, EADDRNOTAVAIL, "Can't assign requested address"},
{BSM_ERRNO_ENETDOWN, ENETDOWN, "Network is down"},
{BSM_ERRNO_ENETRESET, ENETRESET, "Network dropped connection on reset"},
{BSM_ERRNO_ECONNABORTED, ECONNABORTED, "Software caused connection abort"},
{BSM_ERRNO_ECONNRESET, ECONNRESET, "Connection reset by peer"},
{BSM_ERRNO_ENOBUFS, ENOBUFS, "No buffer space available"},
{BSM_ERRNO_EISCONN, EISCONN, "Socket is already connected"},
{BSM_ERRNO_ENOTCONN, ENOTCONN, "Socket is not connected"},
{BSM_ERRNO_ESHUTDOWN, ESHUTDOWN, "Can't send after socket shutdown"},
{BSM_ERRNO_ETOOMANYREFS, ETOOMANYREFS, "Too many references: can't splice"},
{BSM_ERRNO_ETIMEDOUT, ETIMEDOUT, "Operation timed out"},
{BSM_ERRNO_ECONNREFUSED, ECONNREFUSED, "Connection refused"},
{BSM_ERRNO_EHOSTDOWN, EHOSTDOWN, "Host is down"},
{BSM_ERRNO_EHOSTUNREACH, EHOSTUNREACH, "No route to host"},
{BSM_ERRNO_EALREADY, EALREADY, "Operation already in progress"},
{BSM_ERRNO_EINPROGRESS, EINPROGRESS, "Operation now in progress"},
{BSM_ERRNO_ESTALE, ESTALE, "Stale NFS file handle"},
{BSM_ERRNO_EPROCLIM, EPROCLIM, "Too many processes"},
{BSM_ERRNO_EBADRPC, EBADRPC, "RPC struct is bad"},
{BSM_ERRNO_ERPCMISMATCH, ERPCMISMATCH, "RPC version wrong"},
{BSM_ERRNO_EPROGUNAVAIL, EPROGUNAVAIL, "RPC prog. not avail"},
{BSM_ERRNO_EPROGMISMATCH, EPROGMISMATCH, "RPC version wrong"},
{BSM_ERRNO_EPROCUNAVAIL, EPROCUNAVAIL, "Bad procedure for program"},
{BSM_ERRNO_EFTYPE, EFTYPE, "Inappropriate file type or format"},
{BSM_ERRNO_EAUTH, EAUTH, "Authenticateion error"},
{BSM_ERRNO_ENEEDAUTH, ENEEDAUTH, "Need authenticator"},
{BSM_ERRNO_ENOATTR, ENOATTR, "Attribute not found"},
{BSM_ERRNO_EDOOFUS, EDOOFUS, "Programming error"},
{BSM_ERRNO_EJUSTRETURN, ERRNO_NO_LOCAL_MAPPING, "Just return"},
{BSM_ERRNO_ENOIOCTL, ERRNO_NO_LOCAL_MAPPING, "ioctl not handled by this layer"},
{BSM_ERRNO_EDIRIOCTL, ERRNO_NO_LOCAL_MAPPING, "do direct ioctl in GEOM"},
{BSM_ERRNO_EPWROFF, ERRNO_NO_LOCAL_MAPPING, "Device power is off"},
{BSM_ERRNO_EDEVERR, ERRNO_NO_LOCAL_MAPPING, "Device error"},
{BSM_ERRNO_EBADEXEC, ERRNO_NO_LOCAL_MAPPING, "Bad executable"},
{BSM_ERRNO_EBADARCH, ERRNO_NO_LOCAL_MAPPING, "Bad CPU type in executable"},
{BSM_ERRNO_ESHLIBVERS, ERRNO_NO_LOCAL_MAPPING, "Shared library version mismatch"},
{BSM_ERRNO_EBADMACHO, ERRNO_NO_LOCAL_MAPPING, "Malformed Macho file"},
{BSM_ERRNO_EPOLICY, ERRNO_NO_LOCAL_MAPPING, "Operation failed by policy"},
{BSM_ERRNO_EDOTDOT, ERRNO_NO_LOCAL_MAPPING, "RFS specific error"},
{BSM_ERRNO_EUCLEAN, ERRNO_NO_LOCAL_MAPPING, "Structure needs cleaning"},
{BSM_ERRNO_ENOTNAM, ERRNO_NO_LOCAL_MAPPING, "Not a XENIX named type file"},
{BSM_ERRNO_ENAVAIL, ERRNO_NO_LOCAL_MAPPING, "No XENIX semaphores available"},
{BSM_ERRNO_EISNAM, ERRNO_NO_LOCAL_MAPPING, "Is a named type file"},
{BSM_ERRNO_EREMOTEIO, ERRNO_NO_LOCAL_MAPPING, "Remote I/O error"},
{BSM_ERRNO_ENOMEDIUM, ERRNO_NO_LOCAL_MAPPING, "No medium found"},
{BSM_ERRNO_EMEDIUMTYPE, ERRNO_NO_LOCAL_MAPPING, "Wrong medium type"},
{BSM_ERRNO_ENOKEY, ERRNO_NO_LOCAL_MAPPING, "Required key not available"},
{BSM_ERRNO_EKEYEXPIRED, ERRNO_NO_LOCAL_MAPPING, "Key has expired"},
{BSM_ERRNO_EKEYREVOKED, ERRNO_NO_LOCAL_MAPPING, "Key has been revoked"},
{BSM_ERRNO_EKEYREJECTED, ERRNO_NO_LOCAL_MAPPING, "Key was rejected by service"},
{BSM_ERRNO_ENOTCAPABLE, ENOTCAPABLE, "Capabilities insufficient"},
{BSM_ERRNO_ECAPMODE, ECAPMODE, "Not permitted in capability mode"},
}
)
func lookupErrno(errno uint8) (BsmErrno, error) {
var res BsmErrno
for _, res = range BsmErrnos {
if res.Errno == errno {
return res, nil
}
}
return res, fmt.Errorf("ErrNo not found")
}

530
libbsm.go
View File

@ -31,110 +31,109 @@ import (
)
const (
// bsm/libbsm.h
AUDIT_MAX_ARGS = 128
AUDIT_EVENT_FILE = "/etc/security/audit_event"
// bsm/libbsm.h
AUDIT_MAX_ARGS = 128
AUDIT_EVENT_FILE = "/etc/security/audit_event"
// sys/bsm/audit.h
MAXAUDITDATA = (0x8000 - 1)
MAX_AUDIT_RECORD_SIZE = MAXAUDITDATA
// sys/bsm/audit.h
MAXAUDITDATA = (0x8000 - 1)
MAX_AUDIT_RECORD_SIZE = MAXAUDITDATA
// Max length for a Path (AUT_PATH) or an arg (AUT_EXEC_ARGS)
MAX_AUDIT_ARG_LENGTH = 1024
// Max length for a Path (AUT_PATH) or an arg (AUT_EXEC_ARGS)
MAX_AUDIT_ARG_LENGTH = 1024
/*
* Token type identifiers.
From https://github.com/freebsd/freebsd-src/blob/main/contrib/openbsm/sys/bsm/audit_record.h
*/
AUT_INVALID = 0x00
AUT_OTHER_FILE32 = 0x11
AUT_OHEADER = 0x12
AUT_TRAILER = 0x13
AUT_HEADER32 = 0x14
AUT_HEADER32_EX = 0x15
AUT_DATA = 0x21
AUT_IPC = 0x22
AUT_PATH = 0x23
AUT_SUBJECT32 = 0x24
AUT_XATPATH = 0x25
AUT_PROCESS32 = 0x26
AUT_RETURN32 = 0x27
AUT_TEXT = 0x28
AUT_OPAQUE = 0x29
AUT_IN_ADDR = 0x2a
AUT_IP = 0x2b
AUT_IPORT = 0x2c
AUT_ARG32 = 0x2d
AUT_SOCKET = 0x2e
AUT_SEQ = 0x2f
AUT_ACL = 0x30
AUT_ATTR = 0x31
AUT_IPC_PERM = 0x32
AUT_LABEL = 0x33
AUT_GROUPS = 0x34
AUT_ACE = 0x35
AUT_PRIV = 0x38
AUT_UPRIV = 0x39
AUT_LIAISON = 0x3a
AUT_NEWGROUPS = 0x3b
AUT_EXEC_ARGS = 0x3c
AUT_EXEC_ENV = 0x3d
AUT_ATTR32 = 0x3e
AUT_UNAUTH = 0x3f
AUT_XATOM = 0x40
AUT_XOBJ = 0x41
AUT_XPROTO = 0x42
AUT_XSELECT = 0x43
AUT_XCOLORMAP = 0x44
AUT_XCURSOR = 0x45
AUT_XFONT = 0x46
AUT_XGC = 0x47
AUT_XPIXMAP = 0x48
AUT_XPROPERTY = 0x49
AUT_XWINDOW = 0x4a
AUT_XCLIENT = 0x4b
AUT_CMD = 0x51
AUT_EXIT = 0x52
AUT_ZONENAME = 0x60
AUT_HOST = 0x70
AUT_ARG64 = 0x71
AUT_RETURN64 = 0x72
AUT_ATTR64 = 0x73
AUT_HEADER64 = 0x74
AUT_SUBJECT64 = 0x75
AUT_PROCESS64 = 0x77
AUT_OTHER_FILE64 = 0x78
AUT_HEADER64_EX = 0x79
AUT_SUBJECT32_EX = 0x7a
AUT_PROCESS32_EX = 0x7b
AUT_SUBJECT64_EX = 0x7c
AUT_PROCESS64_EX = 0x7d
AUT_IN_ADDR_EX = 0x7e
AUT_SOCKET_EX = 0x7f
AUT_INVALID = 0x00
AUT_OTHER_FILE32 = 0x11
AUT_OHEADER = 0x12
AUT_TRAILER = 0x13
AUT_HEADER32 = 0x14
AUT_HEADER32_EX = 0x15
AUT_DATA = 0x21
AUT_IPC = 0x22
AUT_PATH = 0x23
AUT_SUBJECT32 = 0x24
AUT_XATPATH = 0x25
AUT_PROCESS32 = 0x26
AUT_RETURN32 = 0x27
AUT_TEXT = 0x28
AUT_OPAQUE = 0x29
AUT_IN_ADDR = 0x2a
AUT_IP = 0x2b
AUT_IPORT = 0x2c
AUT_ARG32 = 0x2d
AUT_SOCKET = 0x2e
AUT_SEQ = 0x2f
AUT_ACL = 0x30
AUT_ATTR = 0x31
AUT_IPC_PERM = 0x32
AUT_LABEL = 0x33
AUT_GROUPS = 0x34
AUT_ACE = 0x35
AUT_PRIV = 0x38
AUT_UPRIV = 0x39
AUT_LIAISON = 0x3a
AUT_NEWGROUPS = 0x3b
AUT_EXEC_ARGS = 0x3c
AUT_EXEC_ENV = 0x3d
AUT_ATTR32 = 0x3e
AUT_UNAUTH = 0x3f
AUT_XATOM = 0x40
AUT_XOBJ = 0x41
AUT_XPROTO = 0x42
AUT_XSELECT = 0x43
AUT_XCOLORMAP = 0x44
AUT_XCURSOR = 0x45
AUT_XFONT = 0x46
AUT_XGC = 0x47
AUT_XPIXMAP = 0x48
AUT_XPROPERTY = 0x49
AUT_XWINDOW = 0x4a
AUT_XCLIENT = 0x4b
AUT_CMD = 0x51
AUT_EXIT = 0x52
AUT_ZONENAME = 0x60
AUT_HOST = 0x70
AUT_ARG64 = 0x71
AUT_RETURN64 = 0x72
AUT_ATTR64 = 0x73
AUT_HEADER64 = 0x74
AUT_SUBJECT64 = 0x75
AUT_PROCESS64 = 0x77
AUT_OTHER_FILE64 = 0x78
AUT_HEADER64_EX = 0x79
AUT_SUBJECT32_EX = 0x7a
AUT_PROCESS32_EX = 0x7b
AUT_SUBJECT64_EX = 0x7c
AUT_PROCESS64_EX = 0x7d
AUT_IN_ADDR_EX = 0x7e
AUT_SOCKET_EX = 0x7f
// Display control
PRT_ONELINE = 1
PRT_NORESOLVE_USER = 2
PRT_TIMESTAMP = 4
// Display control
PRT_ONELINE = 1
PRT_NORESOLVE_USER = 2
PRT_TIMESTAMP = 4
)
var (
// A global user/uid cache
gUsers []user
// A global group/gid cache
gGroups []group
// Cache of audit_event file
gEventDB []event
// A global user/uid cache
gUsers []user
// A global group/gid cache
gGroups []group
// Cache of audit_event file
gEventDB []event
)
type event struct {
Type int
Name string
Desc string
Class string
Type int
Name string
Desc string
Class string
}
@ -142,67 +141,67 @@ type event struct {
// Abstraction of a record
type Record interface {
GetType() uint8
// Length()
LoadFromBinary(rdr *bufio.Reader) error
Print(*os.File, string, int)
GetType() uint8
//Length()
LoadFromBinary(rdr *bufio.Reader) error
Print(*os.File, string, int)
}
type Header32 struct {
Size uint32 // Record byte count
Version uint8 // version # (uchar)
E_type uint16 // Event type
E_mod uint16 // Event modifier
S uint32 // Seconds of time
Msec uint32 // Milliseconds of time
Size uint32 // Record byte count
Version uint8 // version # (uchar)
E_type uint16 // Event type
E_mod uint16 // Event modifier
S uint32 // Seconds of time
Msec uint32 // Milliseconds of time
}
type Header32Ex struct {
Size uint32 // Record byte count
Version uint8 // version # (uchar)
E_type uint16 // Event type
E_mod uint16 // Event modifier
Ad_type uint32 // Address type/Length
Addr [4]uint32 // Ipv4 or IPv6
S uint32 // Seconds of time
Msec uint32 // Milliseconds of time
Size uint32 // Record byte count
Version uint8 // version # (uchar)
E_type uint16 // Event type
E_mod uint16 // Event modifier
Ad_type uint32 // Address type/Length
Addr [4]uint32 // Ipv4 or IPv6
S uint32 // Seconds of time
Msec uint32 // Milliseconds of time
}
type Trailer struct {
Magic uint16
Count uint32
Magic uint16
Count uint32
}
type Arg32 struct {
No byte // Argument #
Val uint32 // Argument value
Length uint16 // Text length
Text []byte // Text
No byte // Argument #
Val uint32 // Argument value
Length uint16 // Text length
Text []byte // Text
}
type Arg64 struct {
No byte // Argument #
Val uint64 // Argument value
Length uint16 // Text length
Text []byte // Text
No byte // Argument #
Val uint64 // Argument value
Length uint16 // Text length
Text []byte // Text
}
type Attribute32 struct {
Mode uint32 // file access mode
Uid uint32 // Owner user ID
Gid uint32 // Owner group ID
Fsid uint32 // File system ID
Nid uint64 // Node ID
Dev uint32 // Device
Mode uint32 // file access mode
Uid uint32 // Owner user ID
Gid uint32 // Owner group ID
Fsid uint32 // File system ID
Nid uint64 // Node ID
Dev uint32 // Device
}
type Attribute64 struct {
Mode uint32 // file access mode
Uid uint32 // Owner user ID
Gid uint32 // Owner group ID
Fsid uint32 // File system ID
Nid uint64 // Node ID
Dev uint64 // Device
Mode uint32 // file access mode
Uid uint32 // Owner user ID
Gid uint32 // Owner group ID
Fsid uint32 // File system ID
Nid uint64 // Node ID
Dev uint64 // Device
}
/*
@ -210,128 +209,128 @@ type Attribute64 struct {
* text count null-terminated string(s)
*/
type ExecArg struct {
Count uint32
//Text [AUDIT_MAX_ARGS][]byte
Text [][]byte
Count uint32
//Text [AUDIT_MAX_ARGS][]byte
Text [][]byte
}
type Path struct {
Length uint16 // path length
Path []byte
Length uint16 // path length
Path []byte
}
type Return32 struct {
Status byte // Error status
Ret uint32 // Return code
Status byte // Error status
Ret uint32 // Return code
}
type Return64 struct {
Status byte // Error status
Ret uint64 // Return code
Status byte // Error status
Ret uint64 // Return code
}
type Subject32 struct {
Auid uint32 // Audit ID
Euid uint32 // Effective user ID
Egid uint32 // Effective Group ID
Ruid uint32 // Real User ID
Rgid uint32 // Real Group ID
Pid uint32 // Process ID
Sid uint32 // Session ID
Tid Tid32
Auid uint32 // Audit ID
Euid uint32 // Effective user ID
Egid uint32 // Effective Group ID
Ruid uint32 // Real User ID
Rgid uint32 // Real Group ID
Pid uint32 // Process ID
Sid uint32 // Session ID
Tid Tid32
}
type Process32 Subject32
type Subject32Ex struct {
Auid uint32 // Audit ID
Euid uint32 // Effective user ID
Egid uint32 // Effective Group ID
Ruid uint32 // Real User ID
Rgid uint32 // Real Group ID
Pid uint32 // Process ID
Sid uint32 // Session ID
Tid Tid32Ex
Auid uint32 // Audit ID
Euid uint32 // Effective user ID
Egid uint32 // Effective Group ID
Ruid uint32 // Real User ID
Rgid uint32 // Real Group ID
Pid uint32 // Process ID
Sid uint32 // Session ID
Tid Tid32Ex
}
type Process32Ex Subject32Ex
type Tid32 struct {
Port uint32
IpVers uint32 // 0x10 = IPv6
Addr uint32
Port uint32
IpVers uint32 // 0x10 = IPv6
Addr uint32
}
type Tid32Ex struct {
Port uint32
Ttype uint32
IpVers uint32 // 0x10 = IPv6, 0x04 = IPv4
Addr4 uint32 // 4 bytes long if IpVers == 0x04
Addr6 [4]uint32 // 4x4 bytes long if IpVers == 0x10
Port uint32
Ttype uint32
IpVers uint32 // 0x10 = IPv6, 0x04 = IPv4
Addr4 uint32 // 4 bytes long if IpVers == 0x04
Addr6 [4]uint32 // 4x4 bytes long if IpVers == 0x10
}
type Subject64 struct {
Auid uint32 // Audit ID
Euid uint32 // Effective user ID
Egid uint32 // Effective Group ID
Ruid uint32 // Real User ID
Rgid uint32 // Real Group ID
Pid uint32 // Process ID
Sid uint32 // Session ID
Tid Tid64
Auid uint32 // Audit ID
Euid uint32 // Effective user ID
Egid uint32 // Effective Group ID
Ruid uint32 // Real User ID
Rgid uint32 // Real Group ID
Pid uint32 // Process ID
Sid uint32 // Session ID
Tid Tid64
}
type Process64 Subject64
type Subject64Ex struct {
Auid uint32 // Audit ID
Euid uint32 // Effective user ID
Egid uint32 // Effective Group ID
Ruid uint32 // Real User ID
Rgid uint32 // Real Group ID
Pid uint32 // Process ID
Sid uint32 // Session ID
Tid Tid64Ex
Auid uint32 // Audit ID
Euid uint32 // Effective user ID
Egid uint32 // Effective Group ID
Ruid uint32 // Real User ID
Rgid uint32 // Real Group ID
Pid uint32 // Process ID
Sid uint32 // Session ID
Tid Tid64Ex
}
type Process64Ex Subject64Ex
type Tid64 struct {
Port uint64
IpVers uint32
Addr uint32
Port uint64
IpVers uint32
Addr uint32
}
type Tid64Ex struct {
Port uint64
Ttype uint32
IpVers uint32 // 0x10 = IPv6, 0x04 = IPv4
Addr4 uint32
Addr6 [4]uint32
Port uint64
Ttype uint32
IpVers uint32 // 0x10 = IPv6, 0x04 = IPv4
Addr4 uint32
Addr6 [4]uint32
}
type Exit struct {
Status uint32
Ret uint32
Status uint32
Ret uint32
}
type Text struct {
Length uint16
Text []byte
Length uint16
Text []byte
}
/* Utilities */
// users ID for resolution
type user struct {
uid uint32
name string
uid uint32
name string
}
// groups ID for resolution
type group struct {
gid uint32
name string
gid uint32
name string
}
/* Utilities */
@ -413,14 +412,17 @@ func getGroupNameByGid(gid uint32) (group, error) {
func getEventName(event uint16) (string,error) {
if len(gEventDB) == 0 {
loadEventDB()
err := loadEventDB()
if err != nil {
fmt.Printf("%v\n", err)
}
}
for _, ev := range gEventDB {
if ev.Type == int(event) {
return ev.Desc, nil
}
}
return "", fmt.Errorf("Event ID not found: %x\n", event)
return "", fmt.Errorf("Event ID not found: %d\n", event)
}
// We load the entire file in memory
@ -439,30 +441,43 @@ func loadEventDB() error {
continue
}
eventStr := strings.Split(line, ":")
if len(eventStr) != 4 {
// Wait for https://github.com/openbsm/openbsm/pull/75
//if len(eventStr) != 4 {
if (len(eventStr) != 4 && eventStr[0] != "43082") || (len(eventStr) == 5 && eventStr[0] != "43082") {
continue
}
t, _ := strconv.Atoi(eventStr[0])
gEventDB = append(gEventDB, event{Type: t,
Name: eventStr[1],
Desc: eventStr[2],
Class: eventStr[3],})
t, err := strconv.Atoi(eventStr[0])
if err != nil {
return fmt.Errorf("Unable to convert to int: %v\n", eventStr[0])
}
// Wait for https://github.com/openbsm/openbsm/pull/75
if t == 43082 && (len(eventStr) == 5) {
gEventDB = append(gEventDB, event{Type: t,
Name: eventStr[1],
Desc: eventStr[3],
Class: eventStr[4],})
} else {
gEventDB = append(gEventDB, event{Type: t,
Name: eventStr[1],
Desc: eventStr[2],
Class: eventStr[3],})
}
}
return nil
}
func PrintIpv4FromInt(ipv4int uint32) string {
return fmt.Sprintf("%d.%d.%d.%d", ipv4int & 0xFF000000 >> 24, ipv4int & 0x00FF0000 >> 16,
ipv4int & 0x0000FF00 >> 8, ipv4int & 0x000000FF)
ipv4int & 0x0000FF00 >> 8, ipv4int & 0x000000FF)
}
func PrintIpv6FromInt(ipv6int [4]uint32) string {
//return fmt.Sprintf("%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x",
return fmt.Sprintf("%x:%x:%x:%x:%x:%x:%x:%x",
ipv6int[0] & 0xFFFF0000 >> 16, ipv6int[0] & 0x0000FFFF,
ipv6int[1] & 0xFFFF0000 >> 16, ipv6int[1] & 0x0000FFFF,
ipv6int[2] & 0xFFFF0000 >> 16, ipv6int[2] & 0x0000FFFF,
ipv6int[3] & 0xFFFF0000 >> 16, ipv6int[3] & 0x0000FFFF)
ipv6int[0] & 0xFFFF0000 >> 16, ipv6int[0] & 0x0000FFFF,
ipv6int[1] & 0xFFFF0000 >> 16, ipv6int[1] & 0x0000FFFF,
ipv6int[2] & 0xFFFF0000 >> 16, ipv6int[2] & 0x0000FFFF,
ipv6int[3] & 0xFFFF0000 >> 16, ipv6int[3] & 0x0000FFFF)
}
/* Records structs implementation */
@ -522,11 +537,14 @@ func (h *Header32) Print(file *os.File, delimiter string, flags int) {
t := time.Unix((int64)(h.S), 0)
timeval = t.Format(time.UnixDate)
}
// We dont care for error
evdesc, _ := getEventName(h.E_type)
evdesc, err := getEventName(h.E_type)
if err != nil {
fmt.Printf("%v\n", err)
return
}
fmt.Fprintf(file, "header%s%d%s%d%s%s%s%v%s%s%s%d", delimiter, h.Size, delimiter, h.Version, delimiter,
//h.E_type, delimiter, h.E_mod, delimiter, t.Format(time.UnixDate), delimiter, h.Msec)
evdesc, delimiter, h.E_mod, delimiter, timeval, delimiter, h.Msec)
//h.E_type, delimiter, h.E_mod, delimiter, t.Format(time.UnixDate), delimiter, h.Msec)
evdesc, delimiter, h.E_mod, delimiter, timeval, delimiter, h.Msec)
if 0 == (flags & PRT_ONELINE) {
fmt.Fprintf(file, "\n")
} else {
@ -650,16 +668,16 @@ func (a *Attribute32) LoadFromBinary(rdr *bufio.Reader) error {
func (a *Attribute32) Print(file *os.File, delimiter string, flags int) {
var user string
var group string
// TODO : resolve Uid and Gid (also support domain accounts)
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
user = string(a.Uid)
group = string(a.Gid)
user = strconv.Itoa(int(a.Uid))
group = strconv.Itoa(int(a.Gid))
} else {
user, _ = getUserName(a.Uid)
group, _ = getGroupName(a.Gid)
}
fmt.Fprintf(file, "attribute%s%o%s%v%s%v%s%v%s%v%s%v", delimiter, a.Mode, delimiter, user, delimiter,
fmt.Fprintf(file, "attribute%s%o%s%s%s%s%s%v%s%v%s%v", delimiter, a.Mode, delimiter, user, delimiter,
group, delimiter, a.Fsid, delimiter, a.Nid, delimiter, a.Dev)
if 0 == (flags & PRT_ONELINE) {
@ -711,8 +729,8 @@ func (a *Attribute64) Print(file *os.File, delimiter string, flags int) {
var group string
// TODO : resolve Uid and Gid (also support domain accounts)
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
user = string(a.Uid)
group = string(a.Gid)
user = strconv.Itoa(int(a.Uid))
group = strconv.Itoa(int(a.Gid))
} else {
user, _ = getUserName(a.Uid)
group, _ = getGroupName(a.Gid)
@ -775,11 +793,11 @@ func (s *Subject32) Print(file *os.File, delimiter string, flags int) {
var ruser string
var rgroup string
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
auser = string(s.Auid)
euser = string(s.Euid)
egroup = string(s.Egid)
ruser = string(s.Ruid)
rgroup = string(s.Rgid)
auser = strconv.Itoa(int(s.Auid))
euser = strconv.Itoa(int(s.Euid))
egroup = strconv.Itoa(int(s.Egid))
ruser = strconv.Itoa(int(s.Ruid))
rgroup = strconv.Itoa(int(s.Rgid))
} else {
auser, _ = getUserName(s.Auid)
euser, _ = getUserName(s.Euid)
@ -846,11 +864,11 @@ func (p *Process32) Print(file *os.File, delimiter string, flags int) {
var ruser string
var rgroup string
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
auser = string(p.Auid)
euser = string(p.Euid)
egroup = string(p.Egid)
ruser = string(p.Ruid)
rgroup = string(p.Rgid)
auser = strconv.Itoa(int(p.Auid))
euser = strconv.Itoa(int(p.Euid))
egroup = strconv.Itoa(int(p.Egid))
ruser = strconv.Itoa(int(p.Ruid))
rgroup = strconv.Itoa(int(p.Rgid))
} else {
auser, _ = getUserName(p.Auid)
euser, _ = getUserName(p.Euid)
@ -933,11 +951,11 @@ func (s *Subject32Ex) Print(file *os.File, delimiter string, flags int) {
var rgroup string
var ip string
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
auser = string(s.Auid)
euser = string(s.Euid)
egroup = string(s.Egid)
ruser = string(s.Ruid)
rgroup = string(s.Rgid)
auser = strconv.Itoa(int(s.Auid))
euser = strconv.Itoa(int(s.Euid))
egroup = strconv.Itoa(int(s.Egid))
ruser = strconv.Itoa(int(s.Ruid))
rgroup = strconv.Itoa(int(s.Rgid))
} else {
auser, _ = getUserName(s.Auid)
euser, _ = getUserName(s.Euid)
@ -1026,11 +1044,11 @@ func (p *Process32Ex) Print(file *os.File, delimiter string, flags int) {
var rgroup string
var ip string
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
auser = string(p.Auid)
euser = string(p.Euid)
egroup = string(p.Egid)
ruser = string(p.Ruid)
rgroup = string(p.Rgid)
auser = strconv.Itoa(int(p.Auid))
euser = strconv.Itoa(int(p.Euid))
egroup = strconv.Itoa(int(p.Egid))
ruser = strconv.Itoa(int(p.Ruid))
rgroup = strconv.Itoa(int(p.Rgid))
} else {
auser, _ = getUserName(p.Auid)
euser, _ = getUserName(p.Euid)
@ -1105,11 +1123,11 @@ func (s *Subject64) Print(file *os.File, delimiter string, flags int) {
var ruser string
var rgroup string
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
auser = string(s.Auid)
euser = string(s.Euid)
egroup = string(s.Egid)
ruser = string(s.Ruid)
rgroup = string(s.Rgid)
auser = strconv.Itoa(int(s.Auid))
euser = strconv.Itoa(int(s.Euid))
egroup = strconv.Itoa(int(s.Egid))
ruser = strconv.Itoa(int(s.Ruid))
rgroup = strconv.Itoa(int(s.Rgid))
} else {
auser, _ = getUserName(s.Auid)
euser, _ = getUserName(s.Euid)
@ -1176,11 +1194,11 @@ func (p *Process64) Print(file *os.File, delimiter string, flags int) {
var ruser string
var rgroup string
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
auser = string(p.Auid)
euser = string(p.Euid)
egroup = string(p.Egid)
ruser = string(p.Ruid)
rgroup = string(p.Rgid)
auser = strconv.Itoa(int(p.Auid))
euser = strconv.Itoa(int(p.Euid))
egroup = strconv.Itoa(int(p.Egid))
ruser = strconv.Itoa(int(p.Ruid))
rgroup = strconv.Itoa(int(p.Rgid))
} else {
auser, _ = getUserName(p.Auid)
euser, _ = getUserName(p.Euid)
@ -1262,11 +1280,11 @@ func (s *Subject64Ex) Print(file *os.File, delimiter string, flags int) {
var rgroup string
var ip string
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
auser = string(s.Auid)
euser = string(s.Euid)
egroup = string(s.Egid)
ruser = string(s.Ruid)
rgroup = string(s.Rgid)
auser = strconv.Itoa(int(s.Auid))
euser = strconv.Itoa(int(s.Euid))
egroup = strconv.Itoa(int(s.Egid))
ruser = strconv.Itoa(int(s.Ruid))
rgroup = strconv.Itoa(int(s.Rgid))
} else {
auser, _ = getUserName(s.Auid)
euser, _ = getUserName(s.Euid)
@ -1355,11 +1373,11 @@ func (p *Process64Ex) Print(file *os.File, delimiter string, flags int) {
var rgroup string
var ip string
if PRT_NORESOLVE_USER == flags & PRT_NORESOLVE_USER {
auser = string(p.Auid)
euser = string(p.Euid)
egroup = string(p.Egid)
ruser = string(p.Ruid)
rgroup = string(p.Rgid)
auser = strconv.Itoa(int(p.Auid))
euser = strconv.Itoa(int(p.Euid))
egroup = strconv.Itoa(int(p.Egid))
ruser = strconv.Itoa(int(p.Ruid))
rgroup = strconv.Itoa(int(p.Rgid))
} else {
auser, _ = getUserName(p.Auid)
euser, _ = getUserName(p.Euid)

2
main.go
View File

@ -31,7 +31,7 @@ import (
)
const (
version = "0.5"
version = "0.5.1"
)
var (