MFV r359401: OpenBSM: import ee79d73e8df5: auditreduce: add a zone filter

This allows one to select audit records that match a -z zone glob. MFC after: 1 week Sponsored by: Modirum MDPay, Klara Systems
2020-03-28 17:36:39 +00:00 · 2020-03-28 17:36:39 +00:00 · 71f8f48356
commit 71f8f48356
parent c1b2af731b a051822196
3 changed files with 37 additions and 2 deletions
--- a/contrib/openbsm/bin/auditreduce/auditreduce.1
+++ b/contrib/openbsm/bin/auditreduce/auditreduce.1
@ -25,7 +25,7 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd January 24, 2004
+.Dd February 20, 2020
 .Dt AUDITREDUCE 1
 .Os
 .Sh NAME
@ -47,6 +47,7 @@
 .Op Fl r Ar ruid
 .Op Fl u Ar auid
 .Op Fl v
+.Op Fl z Ar zone
 .Op Ar
 .Sh DESCRIPTION
 The
@ -129,6 +130,10 @@ Select records with the given real user ID or name.
 Select records with the given audit ID.
 .It Fl v
 Invert sense of matching, to select records that do not match.
+.It Fl z Ar zone
+Select records from the given zone(s).
+.Ar zone
+is a glob for zones to match.
 .El
 .Sh EXAMPLES
 To select all records associated with effective user ID root from the audit
--- a/contrib/openbsm/bin/auditreduce/auditreduce.c
+++ b/contrib/openbsm/bin/auditreduce/auditreduce.c
@ -62,6 +62,7 @@
 #include <bsm/libbsm.h>

 #include <err.h>
+#include <fnmatch.h>
 #include <grp.h>
 #include <pwd.h>
 #include <stdio.h>
@ -94,6 +95,7 @@ static int		 p_egid;	/* Effective group id. */
 static int		 p_rgid;	/* Real group id. */ 
 static int		 p_ruid;	/* Real user id. */ 
 static int		 p_subid;	/* Subject id. */
+static const char	*p_zone;	/* Zone. */

 /*
 * Maintain a dynamically sized array of events for -m
@ -114,6 +116,8 @@ static char	*p_sockobj = NULL;

 static uint32_t opttochk = 0;

+static int	select_zone(const char *zone, uint32_t *optchkd);
+
 static void
 parse_regexp(char *re_string)
 {
@ -186,6 +190,7 @@ usage(const char *msg)
 	fprintf(stderr, "\t-r <uid|name> : real user\n");
 	fprintf(stderr, "\t-u <uid|name> : audit user\n");
 	fprintf(stderr, "\t-v : select non-matching records\n");
+	fprintf(stderr, "\t-z <zone> : zone name\n");
 	exit(EX_USAGE);
 }

@ -492,6 +497,21 @@ select_subj32(tokenstr_t tok, uint32_t *optchkd)
 	return (1);
 }

+/*
+ * Check if the given zone matches the selection criteria.
+  */
+static int
+select_zone(const char *zone, uint32_t *optchkd)
+{
+
+	SETOPT((*optchkd), OPT_z);
+	if (ISOPTSET(opttochk, OPT_z) && p_zone != NULL) {
+		if (fnmatch(p_zone, zone, FNM_PATHNAME) != 0)
+			return (0);
+	}
+	return (1);
+}
+
 /*
 * Read each record from the audit trail.  Check if it is selected after
 * passing through each of the options 
@ -559,6 +579,10 @@ select_records(FILE *fp)
 				    tok_hdr32_copy, &optchkd);
 				break;

+			case AUT_ZONENAME:
+				selected = select_zone(tok.tt.zonename.zonename, &optchkd);
+				break;
+
 			default:
 				break;
 			}
@ -629,7 +653,7 @@ main(int argc, char **argv)

 	converr = NULL;

-	while ((ch = getopt(argc, argv, "Aa:b:c:d:e:f:g:j:m:o:r:u:v")) != -1) {
+	while ((ch = getopt(argc, argv, "Aa:b:c:d:e:f:g:j:m:o:r:u:vz:")) != -1) {
 		switch(ch) {
 		case 'A':
 			SETOPT(opttochk, OPT_A);
@ -783,6 +807,11 @@ main(int argc, char **argv)
 			SETOPT(opttochk, OPT_v);
 			break;

+		case 'z':
+			p_zone = optarg;
+			SETOPT(opttochk, OPT_z);
+			break;
+
 		case '?':
 		default:
 			usage("Unknown option");
--- a/contrib/openbsm/bin/auditreduce/auditreduce.h
+++ b/contrib/openbsm/bin/auditreduce/auditreduce.h
@ -57,6 +57,7 @@ struct re_entry {
 #define OPT_u	0x00010000
 #define OPT_A	0x00020000
 #define OPT_v	0x00040000
+#define OPT_z	0x00080000

 #define FILEOBJ "file"
 #define MSGQIDOBJ "msgqid"