PERFORCE change 85501 for review

Robert Watson rwatson at FreeBSD.org
Tue Oct 18 14:54:35 GMT 2005 

http://perforce.freebsd.org/chv.cgi?CH=85501

Change 85501 by rwatson at rwatson_fledge on 2005/10/18 14:53:45

	Use AU_IP{v4,v6}, not AF_INET and AF_INET6, which will result in
	mis-handling of addresses (BSD/Darwin addresses will not be
	readable by Solaris and vice versa).  Now we use the Solaris
	convention.
	
	The address type in AUT_HEADER32_EX is actually 4 bytes long, not 1
	byte as documented in the BSM documentation.
	
	This corrects handling of the IP address and time fields in
	header32_ex.

Affected files ...

.. //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#3 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#17 edit

Differences ...

==== //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#3 (text+ko) ====

@@ -348,7 +348,7 @@
 	u_char version;
 	u_int16_t e_type;
 	u_int16_t e_mod;
-	u_char ad_type;
+	u_int32_t ad_type;
 	u_int32_t addr[4];
 	u_int32_t s;
 	u_int32_t ms;

==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#17 (text+ko) ====

@@ -366,15 +366,19 @@
 	char dst[INET6_ADDRSTRLEN];
 	const char *ret = NULL;
 
-	if (type == AF_INET) {
+	switch (type) {
+	case AU_IPv4:
 		ipv4.s_addr = (in_addr_t)(ipaddr[0]);
-		ret = inet_ntop(type, &ipv4, dst, INET6_ADDRSTRLEN);
-	} else if (type == AF_INET6) {
+		ret = inet_ntop(AF_INET, &ipv4, dst, INET6_ADDRSTRLEN);
+		break;
+
+	case AU_IPv6:
 		ipv6.__u6_addr.__u6_addr32[0] = ipaddr[0];
 		ipv6.__u6_addr.__u6_addr32[1] = ipaddr[1];
 		ipv6.__u6_addr.__u6_addr32[2] = ipaddr[2];
 		ipv6.__u6_addr.__u6_addr32[3] = ipaddr[3];
-		ret = inet_ntop(type, &ipv6, dst, INET6_ADDRSTRLEN);
+		ret = inet_ntop(AF_INET6, &ipv6, dst, INET6_ADDRSTRLEN);
+		break;
 	}
 
 	if (ret != NULL) {
@@ -489,11 +493,19 @@
 }
 
 /*
+ * The Solaris specifications for AUE_HEADER32_EX seem to differ a bit
+ * depending on the bit of the specifications found.  The OpenSolaris source
+ * code uses a 4-byte address length, followed by some number of bytes of
+ * address data.  This contrasts with the Solaris audit.log.5 man page, which
+ * specifies a 1-byte length field.  We use the Solaris 10 definition so that
+ * we can parse audit trails from that system.
+ *
  * record byte count       4 bytes
  * version #               1 byte     [2]
  * event type              2 bytes
  * event modifier          2 bytes
- * address type/length     1 byte
+ * address type/length     4 bytes
+ *   [ Solaris man page: address type/length     1 byte]
  * machine address         4 bytes/16 bytes (IPv4/IPv6 address)
  * seconds of time         4 bytes/8 bytes  (32/64-bits)
  * nanoseconds of time     4 bytes/8 bytes  (32/64-bits)
@@ -519,36 +531,22 @@
 	if (err)
 		return (-1);
 
-	READ_TOKEN_U_CHAR(buf, len, tok->tt.hdr32_ex.ad_type, tok->len, err);
+	READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.ad_type, tok->len, err);
 	if (err)
 		return (-1);
 
 	bzero(tok->tt.hdr32_ex.addr, sizeof(tok->tt.hdr32_ex.addr));
 	switch (tok->tt.hdr32_ex.ad_type) {
-	case AF_INET:
-		READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.addr[0],
-		    tok->len, err);
+	case AU_IPv4:
+		READ_TOKEN_BYTES(buf, len, &tok->tt.hdr32_ex.addr[0],
+		    sizeof(tok->tt.hdr32_ex.addr[0]), tok->len, err);
 		if (err)
 			return (-1);
 		break;
 
-	case AF_INET6:
-		READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.addr[0],
-		    tok->len, err);
-		if (err)
-			return (-1);
-		READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.addr[1],
-		    tok->len, err);
-		if (err)
-			return (-1);
-		READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.addr[2],
-		    tok->len, err);
-		if (err)
-			return (-1);
-		READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.addr[3],
-		    tok->len, err);
-		if (err)
-			return (-1);
+	case AU_IPv6:
+		READ_TOKEN_BYTES(buf, len, &tok->tt.hdr32_ex.addr,
+		    sizeof(tok->tt.hdr32_ex.addr), tok->len, err);
 		break;
 	}
 
@@ -1249,12 +1247,12 @@
 	if (err)
 		return (-1);
 
-	if (tok->tt.inaddr_ex.type == AF_INET) {
+	if (tok->tt.inaddr_ex.type == AU_IPv4) {
 		READ_TOKEN_BYTES(buf, len, &tok->tt.inaddr_ex.addr[0],
 		    sizeof(tok->tt.inaddr_ex.addr[0]), tok->len, err);
 		if (err)
 			return (-1);
-	} else if (tok->tt.inaddr_ex.type == AF_INET6) {
+	} else if (tok->tt.inaddr_ex.type == AU_IPv6) {
 		READ_TOKEN_BYTES(buf, len, &tok->tt.inaddr_ex.addr,
 		    sizeof(tok->tt.inaddr_ex.addr), tok->len, err);
 		if (err)
@@ -1662,12 +1660,12 @@
 	if (err)
 		return (-1);
 
-	if (tok->tt.proc32_ex.tid.type == AF_INET) {
+	if (tok->tt.proc32_ex.tid.type == AU_IPv4) {
 		READ_TOKEN_BYTES(buf, len, &tok->tt.proc32_ex.tid.addr[0],
 		    sizeof(tok->tt.proc32_ex.tid.addr[0]), tok->len, err);
 		if (err)
 			return (-1);
-	} else if (tok->tt.proc32_ex.tid.type == AF_INET6) {
+	} else if (tok->tt.proc32_ex.tid.type == AU_IPv6) {
 		READ_TOKEN_BYTES(buf, len, &tok->tt.proc32_ex.tid.addr,
 		    sizeof(tok->tt.proc32_ex.tid.addr), tok->len, err);
 		if (err)
@@ -2134,12 +2132,12 @@
 	if (err)
 		return (-1);
 
-	if (tok->tt.subj32_ex.tid.type == AF_INET) {
+	if (tok->tt.subj32_ex.tid.type == AU_IPv4) {
 		READ_TOKEN_BYTES(buf, len, &tok->tt.subj32_ex.tid.addr[0],
 		    sizeof(tok->tt.subj32_ex.tid.addr[0]), tok->len, err);
 		if (err)
 			return (-1);
-	} else if (tok->tt.subj32_ex.tid.type == AF_INET6) {
+	} else if (tok->tt.subj32_ex.tid.type == AU_IPv6) {
 		READ_TOKEN_BYTES(buf, len, &tok->tt.subj32_ex.tid.addr,
 		    sizeof(tok->tt.subj32_ex.tid.addr), tok->len, err);
 		if (err)
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list