Jason Tang jtang@tresys.com
This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Definition in file seaudit_internal.h.
#include <config.h>
#include <seaudit/avc_message.h>
#include <seaudit/bool_message.h>
#include <seaudit/filter.h>
#include <seaudit/load_message.h>
#include <seaudit/log.h>
#include <seaudit/message.h>
#include <seaudit/model.h>
#include <seaudit/sort.h>
#include <apol/bst.h>
#include <apol/vector.h>
#include <libxml/uri.h>
Go to the source code of this file.
Classes | |
| struct | seaudit_log |
| struct | seaudit_message |
| struct | seaudit_avc_message |
| Definition of an avc message. More... | |
| struct | seaudit_bool_message_change |
| struct | seaudit_bool_message |
| struct | seaudit_load_message |
| struct | filter_parse_state |
Defines | |
| #define | FILTER_FILE_FORMAT_VERSION "1.3" |
| #define | SEAUDIT_MSG_ERR 1 |
| #define | SEAUDIT_MSG_WARN 2 |
| #define | SEAUDIT_MSG_INFO 3 |
| #define | ERR(handle, format,) seaudit_handle_msg(handle, SEAUDIT_MSG_ERR, format, __VA_ARGS__) |
| #define | WARN(handle, format,) seaudit_handle_msg(handle, SEAUDIT_MSG_WARN, format, __VA_ARGS__) |
| #define | INFO(handle, format,) seaudit_handle_msg(handle, SEAUDIT_MSG_INFO, format, __VA_ARGS__) |
Typedefs | |
| typedef enum seaudit_avc_message_class | seaudit_avc_message_class_e |
| typedef seaudit_bool_message_change | seaudit_bool_message_change_t |
| typedef int( | filter_read_func )(seaudit_filter_t *filter, const xmlChar *ch) |
Enumerations | |
| enum | seaudit_avc_message_class { SEAUDIT_AVC_DATA_INVALID = 0, SEAUDIT_AVC_DATA_MALFORMED, SEAUDIT_AVC_DATA_IPC, SEAUDIT_AVC_DATA_CAP, SEAUDIT_AVC_DATA_FS, SEAUDIT_AVC_DATA_NET } |
Functions | |
| int | log_append_model (seaudit_log_t *log, seaudit_model_t *model) |
| Notify a log that model is now watching it. | |
| void | log_remove_model (seaudit_log_t *log, seaudit_model_t *model) |
| Notify a log that model is no longer watching it. | |
| const apol_vector_t * | log_get_messages (const seaudit_log_t *log) |
| Get a vector of all messages from this seaudit log object. | |
| const apol_vector_t * | log_get_malformed_messages (const seaudit_log_t *log) |
| Get a vector of all malformed messages from this seaudit log object. | |
| seaudit_message_t * | message_create (seaudit_log_t *log, seaudit_message_type_e type) |
| Allocate a new seaudit message, append the message to the log, and return the message. | |
| void | message_free (void *msg) |
| Deallocate all space associated with a message, recursing into the message's data field. | |
| seaudit_avc_message_t * | avc_message_create (void) |
| Allocate and return a new seaudit AVC message. | |
| void | avc_message_free (seaudit_avc_message_t *avc) |
| Deallocate all space associated with an AVC message. | |
| char * | avc_message_to_string (const seaudit_message_t *msg, const char *date) |
| Given an avc message, allocate and return a string that approximates the message as it had appeared within the log file. | |
| char * | avc_message_to_string_html (const seaudit_message_t *msg, const char *date) |
| Given an avc change message, allocate and return a string, formatted in HTML, that approximates the message as it had appeared within the log file. | |
| char * | avc_message_to_misc_string (const seaudit_avc_message_t *avc) |
| Given an avc change message, allocate and return a string that gives miscellaneous info (e.g., ports, IP addresses). | |
| seaudit_bool_message_t * | bool_message_create (void) |
| Allocate and return a new seaudit boolean change message. | |
| int | bool_change_append (seaudit_log_t *log, seaudit_bool_message_t *boolm, const char *name, int value) |
| Append a boolean change to a particular boolean message. | |
| void | bool_message_free (seaudit_bool_message_t *boolm) |
| Deallocate all space associated with a boolean change message. | |
| char * | bool_message_to_string (const seaudit_message_t *msg, const char *date) |
| Given a boolean change message, allocate and return a string that approximates the message as it had appeared within the log file. | |
| char * | bool_message_to_string_html (const seaudit_message_t *msg, const char *date) |
| Given a boolean change message, allocate and return a string, formatted in HTML, that approximates the message as it had appeared within the log file. | |
| char * | bool_message_to_misc_string (const seaudit_bool_message_t *boolm) |
| Given a boolean change message, allocate and return a string that gives miscellaneous info (i.e., list of boolean names and their new values.). | |
| seaudit_load_message_t * | load_message_create (void) |
| Allocate and return a new seaudit policy load message. | |
| void | load_message_free (seaudit_load_message_t *msg) |
| Deallocate all space associated with a policy load message. | |
| char * | load_message_to_string (const seaudit_message_t *msg, const char *date) |
| Given a load message, allocate and return a string that approximates the message as it had appeared within the log file. | |
| char * | load_message_to_string_html (const seaudit_message_t *msg, const char *date) |
| Given a load message, allocate and return a string, formatted in HTML, that approximates the message as it had appeared within the log file. | |
| char * | load_message_to_misc_string (const seaudit_load_message_t *load) |
| Given a load message, allocate and return a string that gives miscellaneous info (e.g., number of types in the new policy). | |
| void | model_remove_log (seaudit_model_t *model, seaudit_log_t *log) |
| Notify a model to stop watching a log. | |
| void | model_notify_log_changed (seaudit_model_t *model, seaudit_log_t *log) |
| Notify a model that a log has been changed; the model will need to recalculate its messages. | |
| void | model_notify_filter_changed (seaudit_model_t *model, seaudit_filter_t *filter) |
| Notify a model that a filter has been changed; the model will need to recalculate its messages. | |
| void | filter_set_model (seaudit_filter_t *filter, seaudit_model_t *model) |
| Link a model to a filter. | |
| int | filter_is_accepted (const seaudit_filter_t *filter, const seaudit_message_t *msg) |
| Given a filter and a message, return non-zero if the msg is accepted by the filter according to the filter's criteria. | |
| int | filter_parse_xml (struct filter_parse_state *state, const char *filename) |
| Parse the given XML file and fill in the passed in struct. | |
| void | filter_append_to_file (const seaudit_filter_t *filter, FILE *file, int tabs) |
| Append the given filter's values, in XML format, to a file handler. | |
| seaudit_sort_t * | sort_create_from_sort (const seaudit_sort_t *sort) |
| Create and return a new sort object, initialized with the data from an existing sort object. | |
| seaudit_sort_t * | sort_create_from_name (const char *name, int direction) |
| Create and return a new sort object based upon the name of the sort (as returned by sort_get_name()). | |
| int | sort_is_supported (const seaudit_sort_t *sort, const seaudit_message_t *msg) |
| Given a sort object and a message, return non-zero if this sort object could operate on the message, 0 if not. | |
| int | sort_comp (const seaudit_sort_t *sort, const seaudit_message_t *a, const seaudit_message_t *b) |
| Invoke a sort object's comparison function. | |
| const char * | sort_get_name (const seaudit_sort_t *sort) |
| Return the type of sort this sort object is. | |
| int | sort_get_direction (const seaudit_sort_t *sort) |
| Return the sort direction for a sort object. | |
| void | seaudit_handle_msg (const seaudit_log_t *log, int level, const char *fmt,...) |
| Write a message to the callback stored within a seaudit_log_t handler. | |
| __attribute__ ((format(printf, 3, 4))) extern void seaudit_handle_msg(const seaudit_log_t *log | |
Variables | |
| int | level |
| int const char * | fmt |
|
|
Definition at line 44 of file seaudit_internal.h. Referenced by seaudit_filter_save_to_file(), and seaudit_model_save_to_file(). |
|
|
Definition at line 626 of file seaudit_internal.h. Referenced by seaudit_handle_default_callback(). |
|
|
Definition at line 627 of file seaudit_internal.h. Referenced by seaudit_handle_default_callback(). |
|
|
Definition at line 628 of file seaudit_internal.h. Referenced by seaudit_handle_default_callback(). |
|
|
Definition at line 650 of file seaudit_internal.h. |
|
|
Definition at line 651 of file seaudit_internal.h. |
|
|
Definition at line 652 of file seaudit_internal.h. |
|
|
|
|
|
Referenced by bool_change_append(), bool_message_to_misc_string(), and seaudit_bool_change_free(). |
|
|
Definition at line 489 of file seaudit_internal.h. Referenced by filter_get_read_func(). |
|
|
Definition at line 154 of file seaudit_internal.h. 00155 {
00156 SEAUDIT_AVC_DATA_INVALID = 0,
00157 SEAUDIT_AVC_DATA_MALFORMED,
00158 SEAUDIT_AVC_DATA_IPC,
00159 SEAUDIT_AVC_DATA_CAP, /* capability */
00160 SEAUDIT_AVC_DATA_FS,
00161 SEAUDIT_AVC_DATA_NET,
00162 } seaudit_avc_message_class_e;
|
|
||||||||||||
|
Notify a log that model is now watching it.
Definition at line 161 of file log.c. References apol_vector_append(), ERR, seaudit_log::models, seaudit_log_t, and seaudit_model_t. Referenced by seaudit_model_append_log(), seaudit_model_create(), and seaudit_model_create_from_model(). 00162 {
00163 if (apol_vector_append(log->models, model) < 0) {
00164 int error = errno;
00165 ERR(log, "%s", strerror(error));
00166 errno = error;
00167 return -1;
00168 }
00169 return 0;
00170 }
|
|
||||||||||||
|
Notify a log that model is no longer watching it.
Definition at line 172 of file log.c. References apol_vector_get_index(), apol_vector_remove(), seaudit_log::models, seaudit_log_t, and seaudit_model_t. Referenced by seaudit_model_destroy(). 00173 {
00174 size_t i;
00175 if (apol_vector_get_index(log->models, model, NULL, NULL, &i) == 0) {
00176 apol_vector_remove(log->models, i);
00177 }
00178 }
|
|
|
Get a vector of all messages from this seaudit log object.
Definition at line 180 of file log.c. References apol_vector_t, seaudit_log::messages, and seaudit_log_t. Referenced by model_refresh(). 00181 {
00182 return log->messages;
00183 }
|
|
|
Get a vector of all malformed messages from this seaudit log object. These are SELinux messages that did not parse cleanly for some reason. They will be returned in the same order in which they were read from the log file.
Definition at line 185 of file log.c. References apol_vector_t, seaudit_log::malformed_msgs, and seaudit_log_t. Referenced by model_refresh(). 00186 {
00187 return log->malformed_msgs;
00188 }
|
|
||||||||||||
|
Allocate a new seaudit message, append the message to the log, and return the message.
Definition at line 139 of file message.c. References apol_vector_append(), avc_message_create(), bool_message_create(), ERR, load_message_create(), message_free(), seaudit_log::messages, seaudit_log_t, seaudit_message_t, SEAUDIT_MESSAGE_TYPE_AVC, SEAUDIT_MESSAGE_TYPE_BOOL, SEAUDIT_MESSAGE_TYPE_LOAD, and seaudit_message::type. Referenced by avc_parse(), bool_parse(), and load_parse(). 00140 {
00141 seaudit_message_t *m;
00142 int error, rt = 0;
00143 if (type == SEAUDIT_MESSAGE_TYPE_INVALID) {
00144 ERR(log, "%s", strerror(EINVAL));
00145 errno = EINVAL;
00146 return NULL;
00147 }
00148 if ((m = calloc(1, sizeof(*m))) == NULL || apol_vector_append(log->messages, m) < 0) {
00149 error = errno;
00150 message_free(m);
00151 ERR(log, "%s", strerror(error));
00152 errno = errno;
00153 return NULL;
00154 }
00155 m->type = type;
00156 switch (m->type) {
00157 case SEAUDIT_MESSAGE_TYPE_AVC:
00158 if ((m->data.avc = avc_message_create()) == NULL) {
00159 rt = -1;
00160 }
00161 break;
00162 case SEAUDIT_MESSAGE_TYPE_BOOL:
00163 if ((m->data.boolm = bool_message_create()) == NULL) {
00164 rt = -1;
00165 }
00166 break;
00167 case SEAUDIT_MESSAGE_TYPE_LOAD:
00168 if ((m->data.load = load_message_create()) == NULL) {
00169 rt = -1;
00170 }
00171 break;
00172 default: /* shouldn't get here */
00173 assert(0);
00174 }
00175 if (rt < 0) {
00176 error = errno;
00177 ERR(log, "%s", strerror(error));
00178 errno = errno;
00179 return NULL;
00180 }
00181 return m;
00182 }
|
|
|
|
Allocate and return a new seaudit AVC message.
Definition at line 308 of file avc_message.c. References apol_vector_create_with_capacity(), avc_message_free(), seaudit_avc_message::perms, and seaudit_avc_message_t. Referenced by message_create(). 00309 {
00310 seaudit_avc_message_t *avc = calloc(1, sizeof(seaudit_avc_message_t));
00311 if (avc == NULL) {
00312 return NULL;
00313 }
00314 if ((avc->perms = apol_vector_create_with_capacity(1, NULL)) == NULL) {
00315 int error = errno;
00316 avc_message_free(avc);
00317 errno = error;
00318 return NULL;
00319 }
00320 return avc;
00321 }
|
|
|
Deallocate all space associated with an AVC message.
Definition at line 323 of file avc_message.c. References apol_vector_destroy(), seaudit_avc_message::comm, seaudit_avc_message::daddr, seaudit_avc_message::dev, seaudit_avc_message::exe, seaudit_avc_message::faddr, seaudit_avc_message::ipaddr, seaudit_avc_message::laddr, seaudit_avc_message::name, seaudit_avc_message::netif, seaudit_avc_message::path, seaudit_avc_message::perms, seaudit_avc_message::saddr, and seaudit_avc_message_t. Referenced by avc_message_create(), and message_free(). 00324 {
00325 if (avc != NULL) {
00326 free(avc->exe);
00327 free(avc->comm);
00328 free(avc->path);
00329 free(avc->dev);
00330 free(avc->netif);
00331 free(avc->laddr);
00332 free(avc->faddr);
00333 free(avc->saddr);
00334 free(avc->daddr);
00335 free(avc->name);
00336 free(avc->ipaddr);
00337 apol_vector_destroy(&avc->perms);
00338 free(avc);
00339 }
00340 }
|
|
||||||||||||
|
Given an avc message, allocate and return a string that approximates the message as it had appeared within the log file.
Definition at line 397 of file avc_message.c. References apol_str_append(), apol_str_appendf(), apol_vector_get_element(), apol_vector_get_size(), seaudit_message::avc, avc_message_get_misc_string(), seaudit_avc_message::comm, seaudit_message::data, seaudit_avc_message::exe, seaudit_message::host, seaudit_avc_message::inode, seaudit_avc_message::is_inode, seaudit_avc_message::is_pid, seaudit_message::manager, seaudit_avc_message::msg, seaudit_avc_message::name, seaudit_avc_message::path, seaudit_avc_message::perms, seaudit_avc_message::pid, SEAUDIT_AVC_DENIED, SEAUDIT_AVC_GRANTED, seaudit_avc_message_t, seaudit_message_t, seaudit_avc_message::serial, seaudit_avc_message::srole, seaudit_avc_message::stype, seaudit_avc_message::suser, seaudit_avc_message::tclass, seaudit_avc_message::tm_stmp_nano, seaudit_avc_message::tm_stmp_sec, seaudit_avc_message::trole, seaudit_avc_message::ttype, and seaudit_avc_message::tuser. Referenced by seaudit_message_to_string(). 00398 {
00399 seaudit_avc_message_t *avc = msg->data.avc;
00400 const char *host = msg->host;
00401 const char *manager = msg->manager;
00402 char *s = NULL, *misc_string = NULL, *perm;
00403 size_t i, len = 0;
00404 if (apol_str_appendf(&s, &len, "%s %s %s: ", date, host, manager) < 0) {
00405 return NULL;
00406 }
00407 if (!(avc->tm_stmp_sec == 0 && avc->tm_stmp_nano == 0 && avc->serial == 0)) {
00408 if (apol_str_appendf(&s, &len, "audit(%lu.%03lu:%u): ", avc->tm_stmp_sec, avc->tm_stmp_nano, avc->serial) < 0) {
00409 return NULL;
00410 }
00411 }
00412 if (apol_str_appendf(&s, &len,
00413 "avc: %s ",
00414 (avc->msg == SEAUDIT_AVC_DENIED ? "denied" :
00415 avc->msg == SEAUDIT_AVC_GRANTED ? "granted" : "<unknown>")) < 0) {
00416 return NULL;
00417 }
00418
00419 if (apol_vector_get_size(avc->perms) > 0) {
00420 if (apol_str_append(&s, &len, "{ ") < 0) {
00421 return NULL;
00422 }
00423 for (i = 0; i < apol_vector_get_size(avc->perms); i++) {
00424 perm = apol_vector_get_element(avc->perms, i);
00425 if (apol_str_appendf(&s, &len, "%s ", perm) < 0) {
00426 return NULL;
00427 }
00428 }
00429 if (apol_str_append(&s, &len, "} for ") < 0) {
00430 return NULL;
00431 }
00432 }
00433 if (avc->is_pid && apol_str_appendf(&s, &len, "pid=%d ", avc->pid) < 0) {
00434 return NULL;
00435 }
00436 if (avc->exe && apol_str_appendf(&s, &len, "exe=%s ", avc->exe) < 0) {
00437 return NULL;
00438 }
00439 if (avc->comm && apol_str_appendf(&s, &len, "comm=%s ", avc->comm) < 0) {
00440 return NULL;
00441 }
00442 if (avc->path && apol_str_appendf(&s, &len, "path=%s ", avc->path) < 0) {
00443 return NULL;
00444 }
00445 if (avc->name && apol_str_appendf(&s, &len, "name=%s ", avc->name) < 0) {
00446 return NULL;
00447 }
00448 if (avc->is_inode && apol_str_appendf(&s, &len, "ino=%lu ", avc->inode) < 0) {
00449 return NULL;
00450 }
00451 if ((misc_string = avc_message_get_misc_string(avc)) == NULL || apol_str_append(&s, &len, misc_string) < 0) {
00452 int error = errno;
00453 free(misc_string);
00454 errno = error;
00455 return NULL;
00456 }
00457 free(misc_string);
00458 if (avc->suser && apol_str_appendf(&s, &len, "scontext=%s:%s:%s ", avc->suser, avc->srole, avc->stype) < 0) {
00459 return NULL;
00460 }
00461 if (avc->tuser && apol_str_appendf(&s, &len, "tcontext=%s:%s:%s ", avc->tuser, avc->trole, avc->ttype) < 0) {
00462 return NULL;
00463 }
00464 if (avc->tclass && apol_str_appendf(&s, &len, "tclass=%s ", avc->tclass) < 0) {
00465 return NULL;
00466 }
00467 return s;
00468 }
|
|
||||||||||||
|
Given an avc change message, allocate and return a string, formatted in HTML, that approximates the message as it had appeared within the log file.
Definition at line 470 of file avc_message.c. References apol_str_append(), apol_str_appendf(), apol_vector_get_element(), apol_vector_get_size(), seaudit_message::avc, avc_message_get_misc_string(), seaudit_avc_message::comm, seaudit_message::data, seaudit_avc_message::exe, seaudit_message::host, seaudit_avc_message::inode, seaudit_avc_message::is_inode, seaudit_avc_message::is_pid, seaudit_message::manager, seaudit_avc_message::msg, seaudit_avc_message::name, seaudit_avc_message::path, seaudit_avc_message::perms, seaudit_avc_message::pid, SEAUDIT_AVC_DENIED, SEAUDIT_AVC_GRANTED, seaudit_avc_message_t, seaudit_message_t, seaudit_avc_message::serial, seaudit_avc_message::srole, seaudit_avc_message::stype, seaudit_avc_message::suser, seaudit_avc_message::tclass, seaudit_avc_message::tm_stmp_nano, seaudit_avc_message::tm_stmp_sec, seaudit_avc_message::trole, seaudit_avc_message::ttype, and seaudit_avc_message::tuser. Referenced by seaudit_message_to_string_html(). 00471 {
00472 seaudit_avc_message_t *avc = msg->data.avc;
00473 const char *host = msg->host;
00474 const char *manager = msg->manager;
00475 char *s = NULL, *misc_string = NULL, *perm;
00476 size_t i, len = 0;
00477 if (apol_str_appendf(&s, &len,
00478 "<font class=\"message_date\">%s</font> "
00479 "<font class=\"host_name\">%s</font> " "%s: ", date, host, manager) < 0) {
00480 return NULL;
00481 }
00482 if (!(avc->tm_stmp_sec == 0 && avc->tm_stmp_nano == 0 && avc->serial == 0)) {
00483 if (apol_str_appendf(&s, &len,
00484 "<font class=\"syscall_timestamp\">audit(%lu.%03lu:%u): </font>",
00485 avc->tm_stmp_sec, avc->tm_stmp_nano, avc->serial) < 0) {
00486 return NULL;
00487 }
00488 }
00489 if (apol_str_appendf(&s, &len,
00490 "avc: %s ",
00491 (avc->msg == SEAUDIT_AVC_DENIED ? "<font class=\"avc_deny\">denied</font> " :
00492 avc->msg == SEAUDIT_AVC_GRANTED ? "<font class=\"avc_grant\">granted</font>" : "<unknown>")) < 0) {
00493 return NULL;
00494 }
00495
00496 if (apol_vector_get_size(avc->perms) > 0) {
00497 if (apol_str_append(&s, &len, "{ ") < 0) {
00498 return NULL;
00499 }
00500 for (i = 0; i < apol_vector_get_size(avc->perms); i++) {
00501 perm = apol_vector_get_element(avc->perms, i);
00502 if (apol_str_appendf(&s, &len, "%s ", perm) < 0) {
00503 return NULL;
00504 }
00505 }
00506 if (apol_str_append(&s, &len, "} for ") < 0) {
00507 return NULL;
00508 }
00509 }
00510 if (avc->is_pid && apol_str_appendf(&s, &len, "pid=%d ", avc->pid) < 0) {
00511 return NULL;
00512 }
00513 if (avc->exe && apol_str_appendf(&s, &len, "<font class=\"exe\">exe=%s</font> ", avc->exe) < 0) {
00514 return NULL;
00515 }
00516 if (avc->comm && apol_str_appendf(&s, &len, "comm=%s ", avc->comm) < 0) {
00517 return NULL;
00518 }
00519 if (avc->path && apol_str_appendf(&s, &len, "path=%s ", avc->path) < 0) {
00520 return NULL;
00521 }
00522 if (avc->name && apol_str_appendf(&s, &len, "name=%s ", avc->name) < 0) {
00523 return NULL;
00524 }
00525 if (avc->is_inode && apol_str_appendf(&s, &len, "ino=%lu ", avc->inode) < 0) {
00526 return NULL;
00527 }
00528 if ((misc_string = avc_message_get_misc_string(avc)) == NULL || apol_str_append(&s, &len, misc_string) < 0) {
00529 int error = errno;
00530 free(misc_string);
00531 errno = error;
00532 return NULL;
00533 }
00534 free(misc_string);
00535 if (avc->suser &&
00536 apol_str_appendf(&s, &len, "<font class=\"src_context\">scontext=%s:%s:%s</font> ",
00537 avc->suser, avc->srole, avc->stype) < 0) {
00538 return NULL;
00539 }
00540 if (avc->tuser &&
00541 apol_str_appendf(&s, &len, "<font class=\"tgt_context\">tcontext=%s:%s:%s</font> ",
00542 avc->tuser, avc->trole, avc->ttype) < 0) {
00543 return NULL;
00544 }
00545 if (avc->tclass && apol_str_appendf(&s, &len, "<font class=\"obj_class\">tclass=%s</font> ", avc->tclass) < 0) {
00546 return NULL;
00547 }
00548 if (apol_str_appendf(&s, &len, "<br>") < 0) {
00549 return NULL;
00550 }
00551 return s;
00552 }
|
|
|
Given an avc change message, allocate and return a string that gives miscellaneous info (e.g., ports, IP addresses).
Definition at line 554 of file avc_message.c. References apol_str_appendf(), avc_message_get_misc_string(), seaudit_avc_message_t, seaudit_avc_message::serial, seaudit_avc_message::tm_stmp_nano, and seaudit_avc_message::tm_stmp_sec. Referenced by seaudit_message_to_misc_string(). 00555 {
00556 char *s = avc_message_get_misc_string(avc);
00557 size_t len;
00558 if (s == NULL) {
00559 return NULL;
00560 }
00561 len = strlen(s) + 1;
00562 if (!(avc->tm_stmp_sec == 0 && avc->tm_stmp_nano == 0 && avc->serial == 0)) {
00563 if (apol_str_appendf(&s, &len, "%stimestamp=%lu.%03lu serial=%u",
00564 (len > 1 ? " " : ""), avc->tm_stmp_sec, avc->tm_stmp_nano, avc->serial) < 0) {
00565 return NULL;
00566 }
00567 }
00568 return s;
00569 }
|
|
|
Allocate and return a new seaudit boolean change message.
Definition at line 43 of file bool_message.c. References apol_vector_create(), bool_message_free(), seaudit_bool_message::changes, seaudit_bool_change_free(), and seaudit_bool_message_t. Referenced by message_create(). 00044 {
00045 seaudit_bool_message_t *boolm = calloc(1, sizeof(seaudit_bool_message_t));
00046 if (boolm == NULL) {
00047 return NULL;
00048 }
00049 if ((boolm->changes = apol_vector_create(seaudit_bool_change_free)) == NULL) {
00050 bool_message_free(boolm);
00051 return NULL;
00052 }
00053 return boolm;
00054 }
|
|
||||||||||||||||||||
|
Append a boolean change to a particular boolean message. This will add the boolean name to the log's BST as needed.
Definition at line 56 of file bool_message.c. References apol_bst_insert_and_get(), apol_vector_append(), seaudit_log::bools, seaudit_bool_message::changes, ERR, seaudit_bool_message_change_t, seaudit_bool_message_t, and seaudit_log_t. Referenced by boolean_msg_insert_bool(). 00057 {
00058 char *s = strdup(name);
00059 seaudit_bool_message_change_t *bc = NULL;
00060 int error;
00061 if (s == NULL || apol_bst_insert_and_get(log->bools, (void **)&s, NULL) < 0) {
00062 error = errno;
00063 free(s);
00064 ERR(log, "%s", strerror(error));
00065 errno = error;
00066 return -1;
00067 }
00068 if ((bc = calloc(1, sizeof(*bc))) == NULL || apol_vector_append(boolm->changes, bc) < 0) {
00069 error = errno;
00070 free(s);
00071 ERR(log, "%s", strerror(error));
00072 errno = error;
00073 return -1;
00074 }
00075 bc->boolean = s;
00076 bc->value = value;
00077 return 0;
00078 }
|
|
|
Deallocate all space associated with a boolean change message.
Definition at line 80 of file bool_message.c. References apol_vector_destroy(), seaudit_bool_message::changes, and seaudit_bool_message_t. Referenced by bool_message_create(), and message_free(). 00081 {
00082 if (boolm != NULL) {
00083 apol_vector_destroy(&boolm->changes);
00084 free(boolm);
00085 }
00086 }
|
|
||||||||||||
|
Given a boolean change message, allocate and return a string that approximates the message as it had appeared within the log file.
Definition at line 88 of file bool_message.c. References apol_str_append(), apol_str_appendf(), apol_vector_get_size(), bool_message_to_misc_string(), seaudit_message::boolm, seaudit_bool_message::changes, seaudit_message::data, seaudit_message::host, seaudit_message::manager, seaudit_bool_message_t, and seaudit_message_t. Referenced by seaudit_message_to_string(). 00089 {
00090 seaudit_bool_message_t *boolm = msg->data.boolm;
00091 const char *host = msg->host;
00092 const char *manager = msg->manager;
00093 char *s = NULL, *misc_string;
00094 size_t len = 0;
00095 char *open_brace = "", *close_brace = "";
00096 if (apol_vector_get_size(boolm->changes) > 0) {
00097 open_brace = "{ ";
00098 close_brace = " }";
00099 }
00100 if (apol_str_appendf(&s, &len, "%s %s %s: security: committed booleans: %s", date, host, manager, open_brace) < 0) {
00101 return NULL;
00102 }
00103 if ((misc_string = bool_message_to_misc_string(boolm)) == NULL ||
00104 apol_str_appendf(&s, &len, misc_string) < 0 || apol_str_append(&s, &len, close_brace) < 0) {
00105 free(misc_string);
00106 return NULL;
00107 }
00108 free(misc_string);
00109 return s;
00110 }
|
|
||||||||||||
|
Given a boolean change message, allocate and return a string, formatted in HTML, that approximates the message as it had appeared within the log file.
Definition at line 112 of file bool_message.c. References apol_str_appendf(), apol_vector_get_size(), bool_message_to_misc_string(), seaudit_message::boolm, seaudit_bool_message::changes, seaudit_message::data, seaudit_message::host, seaudit_message::manager, seaudit_bool_message_t, and seaudit_message_t. Referenced by seaudit_message_to_string_html(). 00113 {
00114 seaudit_bool_message_t *boolm = msg->data.boolm;
00115 const char *host = msg->host;
00116 const char *manager = msg->manager;
00117 char *s = NULL, *misc_string;
00118 size_t len = 0;
00119 char *open_brace = "", *close_brace = "";
00120 if (apol_vector_get_size(boolm->changes) > 0) {
00121 open_brace = "{ ";
00122 close_brace = " }";
00123 }
00124 if (apol_str_appendf(&s, &len,
00125 "<font class=\"message_date\">%s</font> "
00126 "<font class=\"host_name\">%s</font> "
00127 "%s: security: committed booleans: %s", date, host, manager, open_brace) < 0) {
00128 return NULL;
00129 }
00130 if ((misc_string = bool_message_to_misc_string(boolm)) == NULL ||
00131 apol_str_appendf(&s, &len, misc_string) < 0 || apol_str_appendf(&s, &len, "%s%s<br>", s, close_brace) < 0) {
00132 free(misc_string);
00133 return NULL;
00134 }
00135 free(misc_string);
00136 return s;
00137 }
|
|
|
Given a boolean change message, allocate and return a string that gives miscellaneous info (i.e., list of boolean names and their new values.).
Definition at line 139 of file bool_message.c. References apol_str_appendf(), apol_vector_get_element(), apol_vector_get_size(), seaudit_bool_message_change::boolean, seaudit_bool_message::changes, seaudit_bool_message_change_t, seaudit_bool_message_t, and seaudit_bool_message_change::value. Referenced by bool_message_to_string(), bool_message_to_string_html(), and seaudit_message_to_misc_string(). 00140 {
00141 char *s = NULL;
00142 size_t len = 0, i;
00143 for (i = 0; i < apol_vector_get_size(boolm->changes); i++) {
00144 seaudit_bool_message_change_t *bc = apol_vector_get_element(boolm->changes, i);
00145 if (apol_str_appendf(&s, &len, "%s%s:%d", (i == 0 ? "" : ", "), bc->boolean, bc->value) < 0) {
00146 return NULL;
00147 }
00148 }
00149 if (s == NULL) {
00150 return strdup("");
00151 }
00152 return s;
00153 }
|
|
|
Allocate and return a new seaudit policy load message.
Definition at line 33 of file load_message.c. References seaudit_load_message_t. Referenced by message_create(). 00034 {
00035 return calloc(1, sizeof(seaudit_load_message_t));
00036 }
|
|
|
Deallocate all space associated with a policy load message.
Definition at line 38 of file load_message.c. References seaudit_load_message::binary, and seaudit_load_message_t. Referenced by message_free(). 00039 {
00040 if (msg != NULL) {
00041 free(msg->binary);
00042 free(msg);
00043 }
00044 }
|
|
||||||||||||
|
Given a load message, allocate and return a string that approximates the message as it had appeared within the log file.
Definition at line 46 of file load_message.c. References seaudit_load_message::bools, seaudit_load_message::classes, seaudit_message::data, seaudit_message::host, seaudit_message::load, seaudit_message::manager, seaudit_load_message::roles, seaudit_load_message::rules, seaudit_load_message_t, seaudit_message_t, seaudit_load_message::types, and seaudit_load_message::users. Referenced by seaudit_message_to_string(). 00047 {
00048 seaudit_load_message_t *load = msg->data.load;
00049 const char *host = msg->host;
00050 const char *manager = msg->manager;
00051 char *s = NULL;
00052 if (asprintf(&s,
00053 "%s %s %s: security: %d users, %d roles, %d types, %d bools\n"
00054 "%s %s %s: security: %d classes, %d rules",
00055 date, host, manager, load->users, load->roles, load->types, load->bools, date, host, manager, load->classes,
00056 load->rules) < 0) {
00057 return NULL;
00058 }
00059 return s;
00060 }
|
|
||||||||||||
|
Given a load message, allocate and return a string, formatted in HTML, that approximates the message as it had appeared within the log file.
Definition at line 62 of file load_message.c. References seaudit_load_message::bools, seaudit_load_message::classes, seaudit_message::data, seaudit_message::host, seaudit_message::load, seaudit_message::manager, seaudit_load_message::roles, seaudit_load_message::rules, seaudit_load_message_t, seaudit_message_t, seaudit_load_message::types, and seaudit_load_message::users. Referenced by seaudit_message_to_string_html(). 00063 {
00064 seaudit_load_message_t *load = msg->data.load;
00065 const char *host = msg->host;
00066 const char *manager = msg->manager;
00067 char *s = NULL;
00068 if (asprintf(&s,
00069 "<font class=\"message_date\">%s</font> "
00070 "<font class=\"host_name\">%s</font> "
00071 "%s: security: %d users, %d roles, %d types, %d bools<br>\n"
00072 "<font class=\"message_date\">%s</font> "
00073 "<font class=\"host_name\">%s</font> "
00074 "%s: security: %d classes, %d rules<br>",
00075 date, host, manager, load->users, load->roles, load->types, load->bools, date, host, manager, load->classes,
00076 load->rules) < 0) {
00077 return NULL;
00078 }
00079 return s;
00080 }
|
|
|
Given a load message, allocate and return a string that gives miscellaneous info (e.g., number of types in the new policy).
Definition at line 82 of file load_message.c. References seaudit_load_message::bools, seaudit_load_message::classes, seaudit_load_message::roles, seaudit_load_message::rules, seaudit_load_message_t, seaudit_load_message::types, and seaudit_load_message::users. Referenced by seaudit_message_to_misc_string(). 00083 {
00084 char *s = NULL;
00085 if (asprintf(&s,
00086 "users=%d roles=%d types=%d bools=%d classes=%d rules=%d",
00087 load->users, load->roles, load->types, load->bools, load->classes, load->rules) < 0) {
00088 return NULL;
00089 }
00090 return s;
00091 }
|
|
||||||||||||
|
Notify a model to stop watching a log.
Definition at line 785 of file model.c. References apol_vector_get_index(), apol_vector_remove(), seaudit_model::dirty, seaudit_model::logs, seaudit_log_t, and seaudit_model_t. Referenced by seaudit_log_destroy(). 00786 {
00787 size_t i;
00788 if (apol_vector_get_index(model->logs, log, NULL, NULL, &i) == 0) {
00789 apol_vector_remove(model->logs, i);
00790 model->dirty = 1;
00791 }
00792 }
|
|
||||||||||||
|
Notify a model that a log has been changed; the model will need to recalculate its messages.
Definition at line 794 of file model.c. References apol_vector_get_index(), seaudit_model::dirty, seaudit_model::logs, seaudit_log_t, and seaudit_model_t. Referenced by seaudit_log_clear(), seaudit_log_parse(), and seaudit_log_parse_buffer(). 00795 {
00796 size_t i;
00797 if (apol_vector_get_index(model->logs, log, NULL, NULL, &i) == 0) {
00798 model->dirty = 1;
00799 }
00800 }
|
|
||||||||||||
|
Notify a model that a filter has been changed; the model will need to recalculate its messages.
Definition at line 802 of file model.c. References apol_vector_get_index(), seaudit_model::dirty, seaudit_model::filters, seaudit_filter_t, and seaudit_model_t. Referenced by filter_set_int(), filter_set_string(), filter_set_uint(), filter_set_ulong(), filter_set_vector(), seaudit_filter_set_date(), seaudit_filter_set_match(), seaudit_filter_set_message_type(), and seaudit_filter_set_strict(). 00803 {
00804 size_t i;
00805 if (apol_vector_get_index(model->filters, filter, NULL, NULL, &i) == 0) {
00806 model->dirty = 1;
00807 }
00808 }
|
|
||||||||||||
|
Link a model to a filter. Whenever the filter changes, it should call model_notify_filter_changed(); that way the model will recalculate itself.
Definition at line 1037 of file filter.c. References seaudit_filter::model, seaudit_filter_t, and seaudit_model_t. Referenced by model_filter_dup(), and seaudit_model_append_filter(). 01038 {
01039 filter->model = model;
01040 }
|
|
||||||||||||
|
Given a filter and a message, return non-zero if the msg is accepted by the filter according to the filter's criteria. If the filter does not have enough information to decide (because the message is incomplete) then this should return 0.
Definition at line 1173 of file filter-internal.c. References filter_criteria_t::accept, filter_criteria, filter_criteria_t::is_set, seaudit_filter::match, SEAUDIT_FILTER_MATCH_ALL, SEAUDIT_FILTER_MATCH_ANY, seaudit_filter_t, seaudit_message_t, seaudit_filter::strict, and filter_criteria_t::support. Referenced by model_filter_message(). 01174 {
01175 bool tried_criterion = false;
01176 int acceptval;
01177 size_t i;
01178
01179 for (i = 0; i < sizeof(filter_criteria) / sizeof(filter_criteria[0]); i++) {
01180 if (filter_criteria[i].is_set(filter)) {
01181 tried_criterion = true;
01182 if (filter_criteria[i].support(msg)) {
01183 acceptval = filter_criteria[i].accept(filter, msg);
01184 } else if (filter->strict) {
01185 /* if filter is strict, then an
01186 unsupported criterion is assumed to
01187 not match */
01188 acceptval = 0;
01189 } else {
01190 /* for unstrict filters, unsupported
01191 criterion is assumed to be a don't
01192 care state */
01193 continue;
01194 }
01195 if (filter->match == SEAUDIT_FILTER_MATCH_ANY && acceptval == 1) {
01196 return 1;
01197 }
01198 if (filter->match == SEAUDIT_FILTER_MATCH_ALL && acceptval == 0) {
01199 return 0;
01200 }
01201 }
01202 }
01203 if (!tried_criterion) {
01204 /* if got here, then the filter had no set criterion */
01205 if (filter->strict) {
01206 /* a strict empty filter matches nothing */
01207 return 0;
01208 }
01209 return 1;
01210 }
01211 if (filter->match == SEAUDIT_FILTER_MATCH_ANY) {
01212 /* if got here, then no criterion was met */
01213 return 0;
01214 }
01215 /* if got here, then all criteria were met */
01216 return 1;
01217 }
|
|
||||||||||||
|
Parse the given XML file and fill in the passed in struct. The caller must create the struct and the vector within. Upon return, the caller must destroy the vector and free view_name.
Definition at line 1350 of file filter-internal.c. References filter_parse_state::cur_string, and filter_parse_state::warnings. Referenced by seaudit_filter_create_from_file(), and seaudit_model_create_from_file(). 01351 {
01352 xmlSAXHandler handler;
01353 int err;
01354
01355 memset(&handler, 0, sizeof(xmlSAXHandler));
01356 handler.startElement = filter_parse_start_element;
01357 handler.endElement = filter_parse_end_element;
01358 handler.characters = filter_parse_characters;
01359 err = xmlSAXUserParseFile(&handler, state, filename);
01360 free(state->cur_string);
01361 state->cur_string = NULL;
01362 if (err) {
01363 errno = EIO;
01364 return -1;
01365 }
01366 if (state->warnings) {
01367 return 1;
01368 }
01369 return 0;
01370 }
|
|
||||||||||||||||
|
Append the given filter's values, in XML format, to a file handler. This includes the filter's name and criteria.
Definition at line 1372 of file filter-internal.c. References seaudit_filter::desc, filter_criteria, seaudit_filter::match, seaudit_filter::name, filter_criteria_t::print, SEAUDIT_FILTER_MATCH_ALL, seaudit_filter_t, and seaudit_filter::strict. Referenced by seaudit_filter_save_to_file(), and seaudit_model_save_to_file(). 01373 {
01374 xmlChar *escaped;
01375 xmlChar *str_xml;
01376 int i;
01377 size_t j;
01378
01379 if (filter == NULL || file == NULL) {
01380 errno = EINVAL;
01381 return;
01382 }
01383
01384 if (filter->name == NULL) {
01385 str_xml = xmlCharStrdup("Unnamed");
01386 } else {
01387 str_xml = xmlCharStrdup(filter->name);
01388 }
01389 escaped = xmlURIEscapeStr(str_xml, NULL);
01390 for (i = 0; i < tabs; i++)
01391 fprintf(file, "\t");
01392 fprintf(file, "<filter name=\"%s\" match=\"%s\" strict=\"%s\">\n", escaped,
01393 filter->match == SEAUDIT_FILTER_MATCH_ALL ? "all" : "any", filter->strict ? "true" : "false");
01394 free(escaped);
01395 free(str_xml);
01396
01397 if (filter->desc != NULL) {
01398 str_xml = xmlCharStrdup(filter->desc);
01399 escaped = xmlURIEscapeStr(str_xml, NULL);
01400 for (i = 0; i < tabs + 1; i++)
01401 fprintf(file, "\t");
01402 fprintf(file, "<desc>%s</desc>\n", escaped);
01403 free(escaped);
01404 free(str_xml);
01405 }
01406 for (j = 0; j < sizeof(filter_criteria) / sizeof(filter_criteria[0]); j++) {
01407 filter_criteria[j].print(filter, filter_criteria[j].name, file, tabs + 1);
01408 }
01409 for (i = 0; i < tabs; i++)
01410 fprintf(file, "\t");
01411 fprintf(file, "</filter>\n");
01412 }
|
|
|
Create and return a new sort object, initialized with the data from an existing sort object. The new sort object will not be attached to any models.
Definition at line 89 of file sort.c. References seaudit_sort::comp, seaudit_sort::direction, seaudit_sort::name, seaudit_sort_t, sort_create(), and seaudit_sort::support. Referenced by model_sort_dup(). 00090 {
00091 if (sort == NULL) {
00092 errno = EINVAL;
00093 return NULL;
00094 }
00095 return sort_create(sort->name, sort->comp, sort->support, sort->direction);
00096 }
|
|
||||||||||||
|
Create and return a new sort object based upon the name of the sort (as returned by sort_get_name()). The new sort object will not be attached to any models.
Definition at line 648 of file sort.c. References sort_name_map::create_fn, create_map, sort_name_map::name, and seaudit_sort_t. 00649 {
00650 size_t i;
00651 for (i = 0; create_map[i].name != NULL; i++) {
00652 if (strcmp(create_map[i].name, name) == 0) {
00653 return create_map[i].create_fn(direction);
00654 }
00655 }
00656 errno = EINVAL;
00657 return NULL;
00658 }
|
|
||||||||||||
|
Given a sort object and a message, return non-zero if this sort object could operate on the message, 0 if not. (Messages may have incomplete information due to parser warnings.)
Definition at line 660 of file sort.c. References seaudit_message_t, seaudit_sort_t, and seaudit_sort::support. Referenced by message_comp(), and model_sort(). 00661 {
00662 return sort->support(sort, msg);
00663 }
|
|
||||||||||||||||
|
Invoke a sort object's comparison function.
Definition at line 665 of file sort.c. References seaudit_sort::comp, seaudit_sort::direction, seaudit_message_t, and seaudit_sort_t. Referenced by message_comp(). 00666 {
00667 int retval = sort->comp(sort, a, b);
00668 return (sort->direction >= 0 ? retval : -1 * retval);
00669 }
|
|
|
Return the type of sort this sort object is. The name is valid for sort_create_from_name()'s first parameter.
Definition at line 671 of file sort.c. References seaudit_sort::name, and seaudit_sort_t. 00672 {
00673 return sort->name;
00674 }
|
|
|
Return the sort direction for a sort object.
Definition at line 676 of file sort.c. References seaudit_sort::direction, and seaudit_sort_t. 00677 {
00678 return sort->direction;
00679 }
|
|
||||||||||||||||||||
|
Write a message to the callback stored within a seaudit_log_t handler. If the msg_callback field is empty then suppress the message.
Definition at line 216 of file log.c. References fmt, seaudit_log::fn, seaudit_log::handle_arg, level, seaudit_handle_default_callback(), and seaudit_log_t. 00217 {
00218 va_list ap;
00219 va_start(ap, fmt);
00220 if (log == NULL || log->fn == NULL) {
00221 seaudit_handle_default_callback(NULL, NULL, level, fmt, ap);
00222 } else {
00223 log->fn(log->handle_arg, log, level, fmt, ap);
00224 }
00225 va_end(ap);
00226 }
|
|
|
|
|
|
Definition at line 644 of file seaudit_internal.h. |
|
|
Definition at line 644 of file seaudit_internal.h. |
