ORT_AUDIT(3) | Library Functions Manual | ORT_AUDIT(3) |
ort_audit
— audit
role operations in a configuration
library “libort”
#include
<sys/queue.h>
#include <stdio.h>
#include <ort.h>
struct auditq *
ort_audit
(const struct role *r,
const struct config *cfg);
Audits the configuration cfg and returns all operations and access possible by r.
The audit results are returned as a queue of operations and components that describe what the role may do.
The result should be freed by ort_auditq_free(3) after use.
The cfg must be fully linked as driven by ort_parse_close(3).
The type of audit target is defined in enum audidt, which may be any of the following:
AUDIT_INSERT
insert
operations.AUDIT_UPDATE
delete
and update
operations.AUDIT_QUERY
count
, iterate
,
list
, and search
operations.AUDIT_REACHABLE
The returned structure is a queue of struct audit, which consists of the following:
AUDIT_INSERT
.AUDIT_UPDATE
.AUDIT_QUERY
.AUDIT_REACHABLE
.Reachable structures are described by struct auditreach, which consists of the following:
NULL
) path from the origin
structure to the target, and whether the target is exported or not.Returns the audit report or NULL
on memory
allocation failure.
The following audits the user role in a configuration db.ort.
struct config *cfg; struct auditq *aq; const struct role *r; if ((cfg = ort_config_alloc()) == NULL) err(1, NULL); if (!ort_parse_file(cfg, stdin, "<stdin>")) errx(1, "failed parsing"); if (!ort_parse_close(cfg)) errx(1, "failed linking"); TAILQ_FOREACH(r, &cfg->arq, allentries) if (strcasecmp(r->name, "user") == 0) break; if (r == NULL) errx(1, "user: role not found"); if ((aq = ort_audit(r, cfg)) == NULL) err(1, NULL); /* Do something with aq. */ ort_auditq_free(aq); ort_config_free(cfg);
October 25, 2021 | OpenBSD 6.7 |