search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dmake: do not set MAKEFLAGS=k
[unleashed/tickless.git] / usr / src / cmd / auditreduce / option.c
blob8b2edfedafa903e46b786413b78b3f297ee002f6
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 /*
27 * Command line option processing for auditreduce.
28 * The entry point is process_options(), which is called by main().
29 * Process_options() is the only function visible outside this module.
30 */
31
32 #include <locale.h>
33 #include <sys/zone.h> /* for max zonename length */
34 #include "auditr.h"
35
36 /*
37 * Object entry.
38 * Maps object strings specified on the command line to a flag
39 * used when searching by object type.
40 */
41
42 struct obj_ent {
43 char *obj_str; /* string specified on the command line */
44 int obj_flag; /* flag used when searching */
45 };
46
47 typedef struct obj_ent obj_ent_t;
48
49 /*
50 * Supports searches by object type.
51 */
52 static obj_ent_t obj_tbl[] = {
53 { "file", OBJ_PATH },
54 { "filegroup", OBJ_FGROUP },
55 { "fileowner", OBJ_FOWNER },
56 { "fmri", OBJ_FMRI },
57 { "lp", OBJ_LP },
58 { "msgqid", OBJ_MSG },
59 { "msgqgroup", OBJ_MSGGROUP },
60 { "msgqowner", OBJ_MSGOWNER },
61 { "path", OBJ_PATH },
62 { "pid", OBJ_PROC },
63 { "procgroup", OBJ_PGROUP },
64 { "procowner", OBJ_POWNER },
65 { "semid", OBJ_SEM },
66 { "semgroup", OBJ_SEMGROUP },
67 { "semowner", OBJ_SEMOWNER },
68 { "shmid", OBJ_SHM },
69 { "shmgroup", OBJ_SHMGROUP },
70 { "shmowner", OBJ_SHMOWNER },
71 { "sock", OBJ_SOCK },
72 { "user", OBJ_USER } };
73
74 extern int derive_date(char *, struct tm *);
75 extern int parse_time(char *, int);
76 extern char *re_comp2(char *);
77 extern time_t tm_to_secs(struct tm *);
78
79 static int a_isnum(char *, int);
80 static int check_file(audit_fcb_t *, int);
81 static int gather_dir(char *);
82 static audit_pcb_t *get_next_pcb(char *);
83 static obj_ent_t *obj_lkup(char *);
84 static int proc_class(char *);
85 static int proc_date(char *, int);
86 static int proc_file(char *, int);
87 static int process_fileopt(int, char *argv[], int);
88 static int proc_group(char *, gid_t *);
89 static int proc_id(char *, int);
90 static int proc_object(char *);
91 static void proc_pcb(audit_pcb_t *, char *, int);
92 static int proc_subject(char *);
93 static int proc_sid(char *);
94 static int proc_type(char *);
95 static int proc_user(char *, uid_t *);
96 static int proc_zonename(char *);
97 static int proc_fmri(char *);
98
99 /*
100 * .func process_options - process command line options.
101 * .desc Process the user's command line options. These are of two types:
102 * single letter flags that are denoted by '-', and filenames. Some
103 * of the flags have arguments. Getopt() is used to get the flags.
104 * When this is done it calls process_fileopt() to handle any filenames
105 * that were there.
106 * .call ret = process_options(argc, argv).
107 * .arg argc - the original value.
108 * .arg argv - the original value.
109 * .ret 0 - no errors detected.
110 * .ret -1 - command line error detected (message already printed).
111 */
112 int
113 process_options(int argc, char **argv)
114 {
115 int opt;
116 int error = FALSE;
117 int error_combo = FALSE;
118 extern int optind; /* in getopt() */
119 extern char *optarg; /* in getopt() - holds arg to flag */
120
121 static char *options = "ACD:M:NQR:S:VO:"
122 "a:b:c:d:e:g:j:m:o:r:s:t:u:z:";
123
124 error_str = gettext("general error");
125
126 zonename = NULL;
127 /*
128 * Big switch to process the flags.
129 * Start_over: is for handling the '-' for standard input. Getopt()
130 * doesn't recognize it.
131 */
132 start_over:
133 while ((opt = getopt(argc, argv, options)) != EOF) {
134 switch (opt) {
135 case 'A': /* all records from the files */
136 f_all = TRUE;
137 break;
138 case 'C': /* process only completed files */
139 f_complete = TRUE;
140 break;
141 case 'D': /* delete the files when done */
142 /* force 'A' 'C' 'O' to be active */
143 f_all = f_complete = TRUE;
144 f_outfile = optarg;
145 f_delete = TRUE;
146 break;
147 case 'M': /* only files from a certain machine */
148 f_machine = optarg;
149 break;
150 case 'N': /* new object selection mode */
151 new_mode = TRUE;
152 break;
153 case 'Q': /* no file error reporting */
154 f_quiet = TRUE;
155 break;
156 case 'R': /* from specified root */
157 f_root = optarg;
158 break;
159 case 'S': /* from specified server */
160 f_server = optarg;
161 break;
162 case 'V': /* list all files as they are opened */
163 f_verbose = TRUE;
164 break;
165 case 'O': /* write to outfile */
166 f_outfile = optarg;
167 break;
168 case 'a': /* after 'date' */
169 case 'b': /* before 'date' */
170 case 'd': /* from 'day' */
171 if (proc_date(optarg, opt))
172 error = TRUE;
173 break;
174 case 'j': /* subject */
175 if (proc_subject(optarg))
176 error = TRUE;
177 break;
178 case 'm': /* message 'type' */
179 if (proc_type(optarg))
180 error = TRUE;
181 break;
182 case 'o': /* object type */
183 if (proc_object(optarg))
184 error = TRUE;
185 break;
186 case 'c': /* message class */
187 if (proc_class(optarg))
188 error = TRUE;
189 break;
190 case 'u': /* form audit user */
191 case 'e': /* form effective user */
192 case 'r': /* form real user */
193 case 'f': /* form effective group */
194 case 'g': /* form real group */
195 if (proc_id(optarg, opt))
196 error = TRUE;
197 break;
198 case 's': /* session ID */
199 if (proc_sid(optarg))
200 error = TRUE;
201 break;
202 case 'z': /* zone name */
203 if (proc_zonename(optarg))
204 error = TRUE;
205 break;
206 case 't': /* termial ID reserved for later */
207 default:
208 return (-1);
209 }
210 if (error) {
211 (void) fprintf(stderr,
212 gettext("%s command line error - %s.\n"),
213 ar, error_str);
214 return (-1);
215 }
216 }
217 /* catch '-' option for stdin processing - getopt() won't see it */
218 if (optind < argc) {
219 if (argv[optind][0] == '-' && argv[optind][1] == '\0') {
220 optind++;
221 f_stdin = TRUE;
222 goto start_over;
223 }
224 }
225 /*
226 * Give a default value for 'b' option if not specified.
227 */
228 if (m_before == 0)
229 m_before = MAXLONG; /* forever */
230 /*
231 * Validate combinations of options.
232 * The following are done:
233 * 1. Can't have 'M' or 'S' or 'R' with filenames.
234 * 2. Can't have an after ('a') time after a before ('b') time.
235 * 3. Delete ('D') must have 'C' and 'A' and 'O' with it.
236 * 4. Input from stdin ('-') can't have filenames too.
237 */
238 if ((f_machine || f_server || f_root) && (argc != optind)) {
239 error_str = gettext(
240 "no filenames allowed with 'M' or 'S' or 'R' options");
241 error_combo = TRUE;
242 }
243 if (m_after >= m_before) {
244 error_str =
245 gettext("'a' parameter must be before 'b' parameter");
246 error_combo = TRUE;
247 }
248 if (f_delete &&
249 (!f_complete || !f_all || !f_outfile)) {
250 error_str = gettext(
251 "'C', 'A', and 'O' must be specified with 'D'");
252 error_combo = TRUE;
253 }
254 if (f_stdin && (argc != optind)) {
255 error_str = gettext("no filenames allowed with '-' option");
256 error_combo = TRUE;
257 }
258 /*
259 * If error with option combos then print message and exit.
260 * If there was an error with just an option then exit.
261 */
262 if (error_combo) {
263 (void) fprintf(stderr,
264 gettext("%s command line error - %s.\n"), ar, error_str);
265 return (-1);
266 }
267 if (f_root == NULL)
268 f_root = "/etc/security/audit";
269 /*
270 * Now handle any filenames included in the command line.
271 */
272 return (process_fileopt(argc, argv, optind));
273 }
274
275 int
276 proc_subject(char *optarg)
277 {
278 if (flags & M_SUBJECT) {
279 error_str = gettext("'j' option specified multiple times");
280 return (-1);
281 }
282 flags |= M_SUBJECT;
283 subj_id = atol(optarg);
284 return (0);
285 }
286
287 int
288 proc_sid(char *optarg)
289 {
290 if (flags & M_SID) {
291 error_str = gettext("'s' option specified multiple times");
292 return (-1);
293 }
294 flags |= M_SID;
295 m_sid = (au_asid_t)atol(optarg);
296 return (0);
297 }
298
299 int
300 proc_object(char *optarg)
301 {
302 char *obj_str;
303 char *obj_val;
304 char *obj_arg;
305 int err;
306
307 obj_ent_t *oep;
308 struct hostent *he;
309
310 if (flags & M_OBJECT) {
311 error_str = gettext("'o' option specified multiple times");
312 return (-1);
313 }
314 flags |= M_OBJECT;
315 if ((obj_arg = strdup(optarg)) == NULL)
316 return (-1);
317 if ((obj_str = strtok(optarg, "=")) == NULL ||
318 (oep = obj_lkup(obj_str)) == (obj_ent_t *)0 ||
319 (obj_val = strtok(NULL, "=")) == NULL) {
320 (void) sprintf(errbuf, gettext("invalid object arg (%s)"),
321 obj_arg);
322 error_str = errbuf;
323 return (-1);
324 }
325
326 obj_flag = oep->obj_flag;
327
328 switch (obj_flag) {
329 case OBJ_PATH:
330 if ((error_str = re_comp2(obj_val)) != NULL) {
331 return (-1);
332 }
333 return (0);
334 case OBJ_SOCK:
335 if (!a_isnum(obj_val, TRUE)) {
336 obj_id = atol(obj_val);
337 socket_flag = SOCKFLG_PORT;
338 return (0);
339 }
340 if (*obj_val == '0') {
341 (void) sscanf(obj_val, "%x", (uint_t *)&obj_id);
342 socket_flag = SOCKFLG_PORT;
343 return (0);
344 }
345
346 he = getipnodebyname((const void *)obj_val, AF_INET6, 0, &err);
347 if (he == 0) {
348 he = getipnodebyname((const void *)obj_val, AF_INET,
349 0, &err);
350 if (he == 0) {
351 (void) sprintf(errbuf,
352 gettext("invalid machine name (%s)"),
353 obj_val);
354 error_str = errbuf;
355 return (-1);
356 }
357 }
358
359 if (he->h_addrtype == AF_INET6) {
360 /* LINTED */
361 if (IN6_IS_ADDR_V4MAPPED(
362 (in6_addr_t *)he->h_addr_list[0])) {
363 /* address is IPv4 (32 bits) */
364 (void) memcpy(&obj_id,
365 he->h_addr_list[0] + 12, 4);
366 ip_type = AU_IPv4;
367 } else {
368 (void) memcpy(ip_ipv6, he->h_addr_list[0], 16);
369 ip_type = AU_IPv6;
370 }
371 } else {
372 /* address is IPv4 (32 bits) */
373 (void) memcpy(&obj_id, he->h_addr_list[0], 4);
374 ip_type = AU_IPv4;
375 }
376
377 freehostent(he);
378 socket_flag = SOCKFLG_MACHINE;
379 return (0);
380 case OBJ_MSG:
381 case OBJ_SEM:
382 case OBJ_SHM:
383 case OBJ_PROC:
384 obj_id = atol(obj_val);
385 return (0);
386 case OBJ_FGROUP:
387 case OBJ_MSGGROUP:
388 case OBJ_SEMGROUP:
389 case OBJ_SHMGROUP:
390 case OBJ_PGROUP:
391 return (proc_group(obj_val, &obj_group));
392 case OBJ_FOWNER:
393 case OBJ_MSGOWNER:
394 case OBJ_SEMOWNER:
395 case OBJ_SHMOWNER:
396 case OBJ_POWNER:
397 return (proc_user(obj_val, &obj_owner));
398 case OBJ_FMRI:
399 return (proc_fmri(obj_val));
400 case OBJ_USER:
401 return (proc_user(obj_val, &obj_user));
402 case OBJ_LP: /* lp objects have not yet been defined */
403 default: /* impossible */
404 (void) sprintf(errbuf, gettext("invalid object type (%s)"),
405 obj_str);
406 error_str = errbuf;
407 return (-1);
408 } /* switch */
409 /*NOTREACHED*/
410 }
411
412
413 obj_ent_t *
414 obj_lkup(char *obj_str)
415 {
416 int i;
417
418 for (i = 0; i < sizeof (obj_tbl) / sizeof (obj_ent_t); i++)
419 if (strcmp(obj_str, obj_tbl[i].obj_str) == 0)
420 return (&obj_tbl[i]);
421
422 /* not in table */
423 return (NULL);
424 }
425
426
427 /*
428 * .func proc_type - process record type.
429 * .desc Process a record type. It is either as a number or a mnemonic.
430 * .call ret = proc_type(optstr).
431 * .arg optstr - ptr to name or number.
432 * .ret 0 - no errors detected.
433 * .ret -1 - error detected (error_str contains description).
434 */
435 int
436 proc_type(char *optstr)
437 {
438 struct au_event_ent *aep;
439
440 /*
441 * Either a number or a name.
442 */
443
444 if (flags & M_TYPE) {
445 error_str = gettext("'m' option specified multiple times");
446 return (-1);
447 }
448 flags |= M_TYPE;
449 m_type = 0;
450 if (a_isnum(optstr, TRUE)) {
451 if ((aep = getauevnam(optstr)) != NULL)
452 m_type = aep->ae_number;
453 } else {
454 if ((aep = getauevnum((au_event_t)atoi(optstr))) != NULL)
455 m_type = aep->ae_number;
456 }
457 if ((m_type == 0)) {
458 (void) sprintf(errbuf, gettext("invalid event (%s)"), optstr);
459 error_str = errbuf;
460 return (-1);
461 }
462 return (0);
463 }
464
465
466 /*
467 * .func a_isnum - is it a number?
468 * .desc Determine if a string is a number or a name.
469 * A number may have a leading '+' or '-', but then must be
470 * all digits.
471 * .call ret = a_isnum(str).
472 * .arg str - ptr to the string.
473 * .arg leading - TRUE if leading '+-' allowed.
474 * .ret 0 - is a number.
475 * .ret 1 - is not a number.
476 */
477 int
478 a_isnum(char *str, int leading)
479 {
480 char *strs;
481
482 if ((leading == TRUE) && (*str == '-' || *str == '+'))
483 strs = str + 1;
484 else
485 strs = str;
486
487 if (strlen(strs) == strspn(strs, "0123456789"))
488 return (0);
489 else
490 return (1);
491 }
492
493
494 /*
495 * .func proc_id - process user/group id's/
496 * .desc Process either a user number/name or group number/name.
497 * For names check to see if the name is active in the system
498 * to derive the number. If it is not active then fail. For a number
499 * also check to see if it is active, but only print a warning if it
500 * is not. An administrator may be looking at activity of a 'phantom'
501 * user.
502 * .call ret = proc_id(optstr, opt).
503 * .arg optstr - ptr to name or number.
504 * .arg opt - 'u' - audit user, 'e' - effective user, 'r' - real user,
505 * 'g' - group, 'f' - effective group.
506 * .ret 0 - no errors detected.
507 * .ret -1 - error detected (error_str contains description).
508 */
509 int
510 proc_id(char *optstr, int opt)
511 {
512 switch (opt) {
513 case 'e': /* effective user id */
514 if (flags & M_USERE) {
515 error_str = gettext(
516 "'e' option specified multiple times");
517 return (-1);
518 }
519 flags |= M_USERE;
520 return (proc_user(optstr, &m_usere));
521 case 'f': /* effective group id */
522 if (flags & M_GROUPE) {
523 error_str = gettext(
524 "'f' option specified multiple times");
525 return (-1);
526 }
527 flags |= M_GROUPE;
528 return (proc_group(optstr, &m_groupe));
529 case 'r': /* real user id */
530 if (flags & M_USERR) {
531 error_str = gettext(
532 "'r' option specified multiple times");
533 return (-1);
534 }
535 flags |= M_USERR;
536 return (proc_user(optstr, &m_userr));
537 case 'u': /* audit user id */
538 if (flags & M_USERA) {
539 error_str = gettext(
540 "'u' option specified multiple times");
541 return (-1);
542 }
543 flags |= M_USERA;
544 return (proc_user(optstr, &m_usera));
545 case 'g': /* real group id */
546 if (flags & M_GROUPR) {
547 error_str = gettext(
548 "'g' option specified multiple times");
549 return (-1);
550 }
551 flags |= M_GROUPR;
552 return (proc_group(optstr, &m_groupr));
553 default: /* impossible */
554 (void) sprintf(errbuf, gettext("'%c' unknown option"), opt);
555 error_str = errbuf;
556 return (-1);
557 }
558 /*NOTREACHED*/
559 }
560
561
562 int
563 proc_group(char *optstr, gid_t *gid)
564 {
565 struct group *grp;
566
567 if ((grp = getgrnam(optstr)) == NULL) {
568 if (!a_isnum(optstr, TRUE)) {
569 *gid = (gid_t)atoi(optstr);
570 return (0);
571 }
572 (void) sprintf(errbuf, gettext("group name invalid (%s)"),
573 optstr);
574 error_str = errbuf;
575 return (-1);
576 }
577 *gid = grp->gr_gid;
578 return (0);
579 }
580
581
582 int
583 proc_user(char *optstr, uid_t *uid)
584 {
585 struct passwd *usr;
586
587 if ((usr = getpwnam(optstr)) == NULL) {
588 if (!a_isnum(optstr, TRUE)) {
589 *uid = (uid_t)atoi(optstr);
590 return (0);
591 }
592 (void) sprintf(errbuf, gettext("user name invalid (%s)"),
593 optstr);
594 error_str = errbuf;
595 return (-1);
596 }
597 *uid = usr->pw_uid;
598 return (0);
599 }
600
601
602 /*
603 * .func proc_date - process date argument.
604 * .desc Handle a date/time argument. See if the user has erred in combining
605 * the types of date arguments. Then parse the string and check for
606 * validity of each part.
607 * .call ret = proc_date(optstr, opt).
608 * .arg optstr - ptr to date/time string.
609 * .arg opt - 'd' for day, 'a' for after, or 'b' for before.
610 * .ret 0 - no errors detected.
611 * .ret -1 - errors detected (error_str knows what it is).
612 */
613 int
614 proc_date(char *optstr, int opt)
615 {
616 static int m_day = FALSE;
617
618 if (opt == 'd') {
619 if (m_day == TRUE) {
620 error_str = gettext(
621 "'d' option may not be used with 'a' or 'b'");
622 return (-1);
623 }
624 m_day = TRUE;
625 }
626 if ((opt == 'd') && (m_before || m_after)) {
627 error_str = gettext(
628 "'d' option may not be used with 'a' or 'b'");
629 return (-1);
630 }
631 if ((opt == 'a' || opt == 'b') && m_day) {
632 error_str = gettext(
633 "'a' or 'b' option may not be used with 'd'");
634 return (-1);
635 }
636 if ((opt == 'a') && (m_after != 0)) {
637 error_str = gettext("'a' option specified multiple times");
638 return (-1);
639 }
640 if ((opt == 'b') && (m_before != 0)) {
641 error_str = gettext("'b' option specified multiple times");
642 return (-1);
643 }
644 if (parse_time(optstr, opt))
645 return (-1);
646 return (0);
647 }
648
649
650 /*
651 * .func proc_class - process message class argument.
652 * .desc Process class type and see if it is for real.
653 * .call ret = proc_class(optstr).
654 * .arg optstr - ptr to class.
655 * .ret 0 - class has class.
656 * .ret -1 - class in no good.
657 */
658 int
659 proc_class(char *optstr)
660 {
661 if (flags & M_CLASS) {
662 error_str = gettext("'c' option specified multiple times");
663 return (-1);
664 }
665 flags |= M_CLASS;
666
667 if (getauditflagsbin(optstr, &mask) != 0) {
668 (void) sprintf(errbuf, gettext("unknown class (%s)"), optstr);
669 error_str = errbuf;
670 return (-1);
671 }
672
673 if (mask.am_success != mask.am_failure) {
674 flags |= M_SORF;
675 }
676
677 return (0);
678 }
679
680
681 /*
682 * .func process_fileopt - process command line file options.
683 * .desc Process the command line file options and gather the specified files
684 * together in file groups based upon file name suffix. The user can
685 * specify files explicitly on the command line or via a directory.
686 * This is called after the command line flags are processed (as
687 * denoted by '-').
688 * .call ret = process_fileopt(argc, argv, optindex).
689 * .arg argc - current value of argc.
690 * .arg argv - current value of argv.
691 * .arg optindex- current index into argv (as setup by getopt()).
692 * .ret 0 - no errors detected.
693 * .ret -1 - error detected (message already printed).
694 */
695 int
696 process_fileopt(int argc, char **argv, int optindex)
697 {
698 int f_mode = FM_ALLDIR;
699 char f_dr[MAXNAMLEN+1];
700 char *f_dir = f_dr;
701 char *fname;
702 static char *std = "standard input";
703 audit_fcb_t *fcb;
704 DIR * dirp;
705 struct dirent *dp;
706 audit_pcb_t *pcb;
707
708 /*
709 * Take input from stdin, not any files.
710 * Use a single fcb to do this.
711 */
712 if (f_stdin) {
713 fcb = (audit_fcb_t *)a_calloc(1, sizeof (*fcb) + strlen(std));
714 (void) strcpy(fcb->fcb_file, std);
715 fcb->fcb_suffix = fcb->fcb_name = fcb->fcb_file;
716 fcb->fcb_next = NULL;
717 fcb->fcb_start = 0;
718 fcb->fcb_end = MAXLONG; /* forever */
719 if ((pcb = get_next_pcb(NULL)) == NULL)
720 return (-1);
721 pcb->pcb_suffix = fcb->fcb_file;
722 pcb->pcb_dfirst = pcb->pcb_first = fcb; /* one-item list */
723 pcb->pcb_dlast = pcb->pcb_last = fcb;
724 pcb->pcb_cur = fcb;
725 }
726 /*
727 * No files specified on the command line.
728 * Process a directory of files or subdirectories.
729 */
730 else if (argc == optindex) {
731 /*
732 * A specific server directory was requested.
733 */
734 if (f_server) {
735 if (strchr(f_server, '/')) { /* given full path */
736 f_dir = f_server;
737 f_mode = FM_ALLFILE; /* all files here */
738 } else { /* directory off audit root */
739 f_dir[0] = '\0';
740 (void) strcat(f_dir, f_root);
741 (void) strcat(f_dir, "/");
742 (void) strcat(f_dir, f_server);
743 f_mode = FM_ALLFILE;
744 }
745 }
746 /*
747 * Gather all of the files in the directory 'f_dir'.
748 */
749 if (f_mode == FM_ALLFILE) {
750 if (gather_dir(f_dir)) { /* get those files together */
751 return (-1);
752 }
753 } else {
754 /*
755 * Gather all of the files in all of the
756 * directories in 'f_root'.
757 */
758 if ((dirp = opendir(f_root)) == NULL) {
759 (void) sprintf(errbuf, gettext(
760 "%s can't open directory %s"), ar, f_root);
761 perror(errbuf);
762 return (-1);
763 }
764 /* read the directory and process all of the subs */
765 for (dp = readdir(dirp);
766 dp != NULL; dp = readdir(dirp)) {
767 if (dp->d_name[0] == '.')
768 continue;
769 f_dir[0] = '\0';
770 (void) strcat(f_dir, f_root);
771 (void) strcat(f_dir, "/");
772 (void) strcat(f_dir, dp->d_name);
773 if (gather_dir(f_dir)) /* process a sub */
774 return (-1);
775 }
776 (void) closedir(dirp);
777 }
778 } else {
779 /*
780 * User specified filenames on the comm and line.
781 */
782 f_cmdline = TRUE;
783 for (; optindex < argc; optindex++) {
784 fname = argv[optindex]; /* get a filename */
785 if (proc_file(fname, FALSE))
786 return (-1);
787 }
788 }
789 return (0);
790 }
791
792
793 /*
794 * .func gather_dir - gather a directory's files together.
795 * .desc Process all of the files in a specific directory. The files may
796 * be checked for adherence to the file name form at.
797 * If the directory can't be opened that is ok - just print
798 * a message and continue.
799 * .call ret = gather_dir(dir).
800 * .arg dir - ptr to full pathname of directory.
801 * .ret 0 - no errors detected.
802 * .ret -1 - error detected (message already printed).
803 */
804 int
805 gather_dir(char *dir)
806 {
807 char dname[MAXNAMLEN+1];
808 char fname[MAXNAMLEN+1];
809 DIR * dirp;
810 struct dirent *dp;
811
812 (void) snprintf(dname, sizeof (dname), "%s/files", dir);
813
814 if ((dirp = opendir(dname)) == NULL) {
815 if (errno != ENOTDIR) {
816 (void) sprintf(errbuf,
817 gettext("%s can't open directory - %s"), ar, dname);
818 perror(errbuf);
819 }
820 return (0);
821 }
822 for (dp = readdir(dirp); dp != NULL; dp = readdir(dirp)) {
823 if (dp->d_name[0] == '.') /* can't see hidden files */
824 continue;
825 fname[0] = '\0';
826 (void) strcat(fname, dname); /* create pathname of file */
827 (void) strcat(fname, "/");
828 (void) strcat(fname, dp->d_name);
829 if (proc_file(fname, TRUE))
830 return (-1);
831 }
832 (void) closedir(dirp);
833 return (0);
834 }
835
836
837 /*
838 * .func proc_file - process a single candidate file.
839 * .desc Check out a file to see if it should be used in the merge.
840 * This includes checking the name (mode is TRUE) against the
841 * file format, checking access rights to the file, and thence
842 * getting and fcb and installing the fcb into the correct pcb.
843 * If the file fails then the fcb is not installed into a pcb
844 * and the file dissapears from view.
845 * .call proc_file(fname, mode).
846 * .arg fname - ptr to full pathna me of file.
847 * .arg mode - TRUE if checking adherence to file name format.
848 * .ret 0 - no fatal errors detected.
849 * .ret -1 - fatal error detected - quit altogether
850 * (message already printed).
851 */
852 int
853 proc_file(char *fname, int mode)
854 {
855 int reject = FALSE;
856 size_t len;
857 struct stat stat_buf;
858 audit_fcb_t *fcb, *fcbp, *fcbprev;
859 audit_pcb_t *pcb;
860
861 /*
862 * See if it is a weird file like a directory or
863 * character special (around here?).
864 */
865 if (stat(fname, &stat_buf)) {
866 return (0);
867 }
868 if (!S_ISREG(stat_buf.st_mode))
869 return (0);
870 /*
871 * Allocate a new fcb to hold fcb and full filename.
872 */
873 len = sizeof (audit_fcb_t) + strlen(fname);
874 fcb = (audit_fcb_t *)a_calloc(1, len);
875 (void) strcpy(fcb->fcb_file, fname);
876 if (check_file(fcb, mode)) { /* check file name */
877 if (!f_quiet) {
878 (void) fprintf(stderr, "%s %s:\n %s.\n", ar,
879 error_str, fname);
880 }
881 reject = TRUE;
882 } else {
883 /*
884 * Check against file criteria.
885 * Check finish-time here, and start-time later on
886 * while processing.
887 * This is because the start time on a file can be after
888 * the first record(s).
889 */
890 if (f_complete && (fcb->fcb_flags & FF_NOTTERM) && !f_cmdline)
891 reject = TRUE;
892 if (!f_all && (fcb->fcb_end < m_after))
893 reject = TRUE;
894 if (f_machine) {
895 if (strlen(fcb->fcb_suffix) != strlen(f_machine) ||
896 (strcmp(fcb->fcb_suffix, f_machine) != 0)) {
897 reject = TRUE;
898 }
899 }
900 }
901 if (reject == FALSE) {
902 filenum++; /* count of total files to be processed */
903 fcb->fcb_next = NULL;
904 if ((pcb = get_next_pcb(fcb->fcb_suffix)) == NULL) {
905 return (-1);
906 }
907 /* Place FCB into the PCB in order - oldest first. */
908 fcbp = pcb->pcb_first;
909 fcbprev = NULL;
910 while (fcbp != NULL) {
911 if (fcb->fcb_start < fcbp->fcb_start) {
912 if (fcbprev)
913 fcbprev->fcb_next = fcb;
914 else
915 pcb->pcb_dfirst = pcb->pcb_first = fcb;
916 fcb->fcb_next = fcbp;
917 break;
918 }
919 fcbprev = fcbp;
920 fcbp = fcbp->fcb_next;
921 }
922 /* younger than all || empty list */
923 if (!fcb->fcb_next) {
924 if (pcb->pcb_first == NULL)
925 pcb->pcb_dfirst = pcb->pcb_first = fcb;
926 pcb->pcb_dlast = pcb->pcb_last = fcb;
927 if (fcbprev)
928 fcbprev->fcb_next = fcb;
929 }
930 } else {
931 free((char *)fcb); /* rejected */
932 }
933 return (0);
934 }
935
936
937 /*
938 * .func check_file - check filename and setup fcb.
939 * .desc Check adherence to the file format (do_check is TRUE) and setup
940 * the fcb with useful information.
941 * filename format: yyyymmddhhmmss.yyyymmddhhmmss.suffix
942 * yyyymmddhhmmss.not_terminated.suffix
943 * If do_check is FALSE then still see if the filename does confirm
944 * to the format. If it does then extract useful information from
945 * it (start time and end time). But if it doesn't then don't print
946 * any error messages.
947 * .call ret = check_file(fcb, do_check).
948 * .arg fcb - ptr to fcb that holds the file.
949 * .arg do_check - if TRUE do check adherence to file format.
950 * .ret 0 - no errors detected.
951 * .ret -1 - file failed somehow (error_str tells why).
952 */
953 int
954 check_file(audit_fcb_t *fcb, int do_check)
955 {
956 int ret;
957 char *namep, *slp;
958 char errb[256]; /* build error message */
959 struct tm tme;
960
961 errb[0] = '\0';
962 /* get just the filename */
963 for (slp = namep = fcb->fcb_file; *namep; namep++) {
964 if (*namep == '/')
965 slp = namep + 1; /* slp -> the filename itself */
966 }
967 if (do_check == FALSE) {
968 fcb->fcb_end = MAXLONG; /* forever */
969 fcb->fcb_suffix = NULL;
970 fcb->fcb_name = slp;
971 ret = 0;
972 } else {
973 ret = -1;
974 }
975 if ((int)strlen(slp) < 31) {
976 (void) sprintf(errbuf, gettext("filename too short (%d)"),
977 strlen(slp));
978 error_str = errbuf;
979 return (ret);
980 }
981 /*
982 * Get working copy of filename.
983 */
984 namep = (char *)a_calloc(1, strlen(slp) + 1);
985 (void) strcpy(namep, slp);
986 if (namep[14] != '.' || namep[29] != '.') {
987 (void) sprintf(errbuf,
988 gettext("invalid filename format (%c or %c)"), namep[14],
989 namep[29]);
990 error_str = errbuf;
991 free(namep);
992 return (ret);
993 }
994 namep[14] = '\0'; /* mark off start time */
995 namep[29] = '\0'; /* mark off finish time */
996 if (derive_date(namep, &tme)) {
997 (void) strcat(errb, gettext("starting time-stamp invalid - "));
998 (void) strcat(errb, error_str);
999 (void) strcpy(errbuf, errb);
1000 error_str = errbuf;
1001 free(namep);
1002 return (ret);
1003 }
1004 /*
1005 * Keep start time from filename. Use it to order files in
1006 * the file list. Later we will update this when we read
1007 * the first record from the file.
1008 */
1009 fcb->fcb_start = tm_to_secs(&tme);
1010
1011 if (strcmp(&namep[15], "not_terminated") == 0) {
1012 fcb->fcb_end = MAXLONG; /* forever */
1013 /*
1014 * Only treat a 'not_terminated' file as such if
1015 * it is not on the command line.
1016 */
1017 if (do_check == TRUE)
1018 fcb->fcb_flags |= FF_NOTTERM;
1019 } else if (derive_date(&namep[15], &tme)) {
1020 (void) strcat(errb, gettext("ending time-stamp invalid - "));
1021 (void) strcat(errb, error_str);
1022 (void) strcpy(errbuf, errb);
1023 error_str = errbuf;
1024 free(namep);
1025 return (ret);
1026 } else {
1027 fcb->fcb_end = tm_to_secs(&tme);
1028 }
1029 fcb->fcb_name = slp;
1030 fcb->fcb_suffix = &slp[30];
1031 free(namep);
1032 return (0);
1033 }
1034
1035
1036 /*
1037 * .func get_next_pcb - get a pcb to use.
1038 * .desc The pcb's in the array audit_pcbs are used to hold single file
1039 * groups in the form of a linked list. Each pcb holds files that
1040 * are tied together by a common suffix in the file name. Here we
1041 * get either 1. the existing pcb holding a specified sufix or
1042 * 2. a new pcb if we can't find an existing one.
1043 * .call pcb = get_next_pcb(suffix).
1044 * .arg suffix - ptr to suffix we are seeking.
1045 * .ret pcb - ptr to pcb that hold s the sought suffix.
1046 * .ret NULL- serious failure in memory allocation. Quit processing.
1047 */
1048 audit_pcb_t *
1049 get_next_pcb(char *suffix)
1050 {
1051 int i = 0;
1052 int zerosize;
1053 unsigned int size;
1054 audit_pcb_t *pcb;
1055
1056 /* Search through (maybe) entire array. */
1057 while (i < pcbsize) {
1058 pcb = &audit_pcbs[i++];
1059 if (pcb->pcb_first == NULL) {
1060 proc_pcb(pcb, suffix, i);
1061 return (pcb); /* came to an unused one */
1062 }
1063 if (suffix) {
1064 if (strcmp(pcb->pcb_suffix, suffix) == 0)
1065 return (pcb); /* matched one with suffix */
1066 }
1067 }
1068 /*
1069 * Uh-oh, the entire array is used and we haven't gotten one yet.
1070 * Allocate a bigger array.
1071 */
1072 pcbsize += PCB_INC;
1073 size = pcbsize * sizeof (audit_pcb_t);
1074 zerosize = size - ((pcbsize - PCB_INC) * sizeof (audit_pcb_t));
1075 if ((audit_pcbs = (audit_pcb_t *)realloc((char *)audit_pcbs, size)) ==
1076 NULL) {
1077 (void) sprintf(errbuf,
1078 gettext("%s memory reallocation failed (%d bytes)"), ar,
1079 size);
1080 perror(errbuf);
1081 audit_stats(); /* give user statistics on usage */
1082 return (NULL); /* really bad thing to have happen */
1083 }
1084 /*
1085 * Don't know if realloc clears the new memory like calloc would.
1086 */
1087 (void) memset(&audit_pcbs[pcbsize-PCB_INC], 0, (size_t)zerosize);
1088 pcb = &audit_pcbs[pcbsize-PCB_INC]; /* allocate the first new one */
1089 proc_pcb(pcb, suffix, pcbsize - PCB_INC);
1090 return (pcb);
1091 }
1092
1093
1094 /*
1095 * .func proc_pcb - process pcb.
1096 * .desc Common pcb processing for above routine.
1097 * .call proc_pcb(pcb, suffix, i).
1098 * .arg pcb - ptr to pcb.
1099 * .arg suffix - prt to suffix tha t ties this group together.
1100 * .arg i - index into audit_pcbs[ ].
1101 * .ret void.
1102 */
1103 void
1104 proc_pcb(audit_pcb_t *pcb, char *suffix, int i)
1105 {
1106 if (suffix)
1107 pcb->pcb_suffix = suffix;
1108 pcbnum++; /* one more pcb in use */
1109 pcb->pcb_size = AUDITBUFSIZE;
1110 pcb->pcb_rec = (char *)a_calloc(1, AUDITBUFSIZE);
1111 pcb->pcb_time = -1;
1112 pcb->pcb_flags |= PF_USEFILE; /* note this one controls files */
1113 pcb->pcb_procno = i; /* save index into audit_pcbs [] for id */
1114 }
1115
1116 /*
1117 * proc_zonename - pick up zone name.
1118 *
1119 * all non-empty and not-too-long strings are valid since any name
1120 * may be valid.
1121 *
1122 * ret 0: non-empty string
1123 * ret -1: empty string or string is too long.
1124 */
1125 static int
1126 proc_zonename(char *optstr)
1127 {
1128 size_t length = strlen(optstr);
1129 if ((length < 1) || (length > ZONENAME_MAX)) {
1130 (void) sprintf(errbuf,
1131 gettext("invalid zone name: %s"), optstr);
1132 error_str = errbuf;
1133 return (-1);
1134 }
1135 zonename = strdup(optstr);
1136 flags |= M_ZONENAME;
1137 return (0);
1138 }
1139
1140 /*
1141 * proc_frmi - set up frmi for pattern matching.
1142 * Logic ripped off of scf_walk_fmri()
1143 * Thanks to the smf team.
1144 *
1145 * ret 0: OK
1146 * ret -1: error
1147 */
1148 static int
1149 proc_fmri(char *optstr)
1150 {
1151 if (strpbrk(optstr, "*?[") != NULL) {
1152 /* have a pattern to glob for */
1153
1154 fmri.sp_type = PATTERN_GLOB;
1155 if (optstr[0] == '*' ||
1156 (strlen(optstr) >= 4 && optstr[3] == ':')) {
1157 fmri.sp_arg = strdup(optstr);
1158 } else if ((fmri.sp_arg = malloc(strlen(optstr) + 6)) != NULL) {
1159 (void) snprintf(fmri.sp_arg, strlen(optstr) + 6,
1160 "svc:/%s", optstr);
1161 }
1162 } else {
1163 fmri.sp_type = PATTERN_PARTIAL;
1164 fmri.sp_arg = strdup(optstr);
1165 }
1166 if (fmri.sp_arg == NULL)
1167 return (-1);
1168
1169 return (0);
1170 }
unleashed repo fork