mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
fix aa-decode by backporting all changes from trunk to 2.8 branch
Acked-By: John Johansen (up to r2072)
Acked-by: Steve Beattie <sbeattie@ubuntu.com> (including r2088)
In detail, the changes are (bzr log from trunk):
------------------------------------------------------------
revno: 2088
committer: Christian Boltz <apparmor@cboltz.de>
branch nick: apparmor
timestamp: Tue 2013-01-01 20:15:04 +0100
message:
speed up aa-decode by using a bash regex matching instead of calling egrep for each line.
Acked-by: Steve Beattie <sbeattie@ubuntu.com>
(Patch sent 2012-11-01, Acked-by from 2013-01-01)
------------------------------------------------------------
revno: 2072
committer: Christian Boltz <apparmor@cboltz.de>
branch nick: apparmor
timestamp: Tue 2012-10-16 00:19:49 +0200
message:
Fix aa-decode handling of stdin
Handling stdin was totally broken (= no output) with the current log
format because aa-decode expected name= to be the last entry in the
log line.
This patch for stdin handling
- fixes the pattern to match the current log format (name= is NOT the
last part in the log entry)
- uses bash replacement to avoid some sed calls (which also means the
script now needs an explicit "#!/bin/bash")
- prints decoded filenames in double instead of single quotes to be
consistent with filenames that were not encoded
- also prints lines that do not contain an encoded filename (instead of
grepping them away)
- replace tr calls by perl's uc() (also for non-stdin mode)
- also handle encoded profile names (introduced by Steve)
- don't fail if a file or profile name contains a '
In other words: you can pipe your audit.log through aa-decode, and the
only difference to the raw audit.log is that filenames are decoded.
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
------------------------------------------------------------
revno: 2068
committer: Christian Boltz <apparmor@cboltz.de>
branch nick: apparmor
timestamp: Mon 2012-09-17 23:55:28 +0200
message:
fix error handling in aa-decode
Acked-By: Steve Beattie <sbeattie@ubuntu.com>
Looks-Good-By: ;-) Seth Arnold <seth.arnold@gmail.com>
------------------------------------------------------------
This commit is contained in:
Christian Boltz
parent
c48e4a76d3
commit
78cd88c56d
1 changed files with 28 additions and 12 deletions
|
|
@ -1,6 +1,7 @@
|
|||
#!/bin/sh
|
||||
#!/bin/bash
|
||||
#
|
||||
# Copyright (C) 2009-2010 Canonical Ltd.
|
||||
# Copyright (C) 2009-2010, 2012 Canonical Ltd.
|
||||
# Copyright (C) 2012 Christian Boltz
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of version 2 of the GNU General Public
|
||||
|
|
@ -36,7 +37,7 @@ EOM
|
|||
}
|
||||
|
||||
decode() {
|
||||
decoded=`perl -le "\\$s = '$1' ; print pack 'H*', \\$s"`
|
||||
decoded=`perl -le "\\$s = uc('$1') ; if (\\$s =~ /^[0-9A-F]*$/) { print pack 'H*', \\$s; }"`
|
||||
echo "$decoded"
|
||||
}
|
||||
|
||||
|
|
@ -47,10 +48,10 @@ fi
|
|||
|
||||
# if have an argument, then use it, otherwise process stdin
|
||||
if [ -n "$1" ]; then
|
||||
e=`echo "$1" | tr -s '[:lower:]' '[:upper:]'`
|
||||
if ! echo "$e" | egrep -q "^[0-9A-F]+$" ; then
|
||||
e="$1"
|
||||
if ! echo "$e" | egrep -q "^[0-9A-Fa-f]+$" ; then
|
||||
echo "String should only contain hex characters (0-9, a-f, A-F)"
|
||||
return
|
||||
exit 1
|
||||
fi
|
||||
|
||||
d=`decode $e`
|
||||
|
|
@ -63,13 +64,28 @@ if [ -n "$1" ]; then
|
|||
exit 0
|
||||
fi
|
||||
|
||||
# For now just look at 'name=...' which is usually the last in the log entry,
|
||||
# For now just look at 'name=...' and 'profile=...',
|
||||
# so validate input against this and output based on it.
|
||||
# TODO: better handle other cases too
|
||||
egrep ' name=2[fF][0-9a-fA-F]*$' | while read line ; do
|
||||
e=`echo "$line" | sed 's/.* name=\(.*\)/\\1/g' | tr -s '[:lower:]' '[:upper:]'`
|
||||
d=`decode $e`
|
||||
echo -n "$line" | sed "s/\(.*\) name=.*/\1 name=/g"
|
||||
echo "'$d'"
|
||||
while read line ; do
|
||||
|
||||
# check if line contains encoded name= or profile=
|
||||
if [[ "$line" =~ \ (name|profile)=[0-9a-fA-F] ]]; then
|
||||
|
||||
# cut the encoded filename/profile name out of the line and decode it
|
||||
ne=`echo "$line" | sed 's/.* name=\([^ ]*\).*$/\\1/g'`
|
||||
nd="$(decode ${ne/\'/\\\'})"
|
||||
|
||||
pe=`echo "$line" | sed 's/.* profile=\([^ ]*\).*$/\\1/g'`
|
||||
pd="$(decode ${pe/\'/\\\'})"
|
||||
|
||||
# replace encoded name and profile with its decoded counterparts (only if it was encoded)
|
||||
test -n "$nd" && line="${line/name=$ne/name=\"$nd\"}"
|
||||
test -n "$pd" && line="${line/profile=$pe/profile=\"$pd\"}"
|
||||
|
||||
fi
|
||||
|
||||
echo "$line"
|
||||
|
||||
done
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue