Mercurial > illumos > illumos-gate
changeset 10645:f0fd61da7838
6864075 adt.xml is missing support for tokens needed by the ILB project
6879490 libbsm private au_to_in_addr_ex produces bad tokens
author | gww <gww@eng.sun.com> |
---|---|
date | Thu, 24 Sep 2009 14:25:39 -0700 |
parents | 7fee69b6853b |
children | 9d107b7bd2f0 |
files | usr/src/lib/libbsm/auditxml usr/src/lib/libbsm/common/adt.h usr/src/lib/libbsm/common/adt.xml usr/src/lib/libbsm/common/adt_token.c usr/src/lib/libbsm/common/adt_xlate.h usr/src/lib/libbsm/common/au_to.c |
diffstat | 6 files changed, 118 insertions(+), 15 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/lib/libbsm/auditxml Thu Sep 24 13:34:13 2009 -0700 +++ b/usr/src/lib/libbsm/auditxml Thu Sep 24 14:25:39 2009 -0700 @@ -596,10 +596,11 @@ # 'groups' => 'AUT_GROUPS', # not defined # 'header' => 'AUT_HEADER', # not defined 'in_peer' => 'ADT_IN_PEER', # dummy token id + 'in_remote' => 'ADT_IN_REMOTE', # dummy token id 'tid' => 'AUT_TID', # 'ipc' => 'AUT_IPC', # not defined # 'ipc_perm' => 'AUT_IPC_PERM', # not defined - # 'iport' => 'AUT_IPORT', # not defined + 'iport' => 'AUT_IPORT', 'label' => 'AUT_LABEL', 'newgroups' => 'AUT_NEWGROUPS', # 'opaque' => 'AUT_OPAQUE', # not defined
--- a/usr/src/lib/libbsm/common/adt.h Thu Sep 24 13:34:13 2009 -0700 +++ b/usr/src/lib/libbsm/common/adt.h Thu Sep 24 14:25:39 2009 -0700 @@ -21,7 +21,7 @@ /* * adt.h * - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * * This is a contract private interface and is subject to change @@ -48,8 +48,8 @@ /* * terminal id types */ -#define ADT_IPv4 0 -#define ADT_IPv6 1 +#define ADT_IPv4 1 +#define ADT_IPv6 2 /* * for adt_set_user(): ADT_NEW if creating a session for a newly
--- a/usr/src/lib/libbsm/common/adt.xml Thu Sep 24 13:34:13 2009 -0700 +++ b/usr/src/lib/libbsm/common/adt.xml Thu Sep 24 14:25:39 2009 -0700 @@ -2052,9 +2052,22 @@ </token> <token id="groups"> </token> + <!-- + the iport token take a single argument of type uint16_t + if there are any other tokens following it that have arguments + the last of the iport tokens in the event description must + be followed by a dummy iport token that is optional. + This is to ensure proper structure alignment across all + compliers and architectures. + --> + <token id="iport"> + </token> <!-- pseudo token; in_addr and in_port of peer --> <token id="in_peer"> </token> + <!-- pseudo token; specified in_addr --> + <token id="in_remote"> + </token> <token id="ipc"> </token> <token id="ipc_perm">
--- a/usr/src/lib/libbsm/common/adt_token.c Thu Sep 24 13:34:13 2009 -0700 +++ b/usr/src/lib/libbsm/common/adt_token.c Thu Sep 24 14:25:39 2009 -0700 @@ -911,6 +911,77 @@ } } +/* + * ADT_IN_REMOTE dummy token + * + * Similar to ADT_IN_PEER except the input is + * an IP address type (ADT_IPv4 | ADT_IPv6) and an address V4/V6 + */ + +/* ARGSUSED */ +static void +adt_to_in_remote(datadef *def, void *p_data, int required, + struct adt_event_state *event, char *notUsed) +{ + int32_t type; + + DPRINTF((" adt_to_in_remote dd_datatype=%d\n", def->dd_datatype)); + + type = ((union convert *)p_data)->tuint32; + + if (type == 0) { + if (required == 0) { + return; + } + /* required and not specified */ + adt_write_syslog("adt_to_in_remote required address not " + "specified", 0); + type = ADT_IPv4; + } + p_data = adt_adjust_address(p_data, sizeof (int32_t), + sizeof (uint32_t)); + + switch (type) { + case ADT_IPv4: + (void) au_write(event->ae_event_handle, au_to_in_addr( + (struct in_addr *)&(((union convert *)p_data)->tuint32))); + break; + case ADT_IPv6: + (void) au_write(event->ae_event_handle, au_to_in_addr_ex( + (struct in6_addr *)&(((union convert *)p_data)->tuint32))); + break; + default: + adt_write_syslog("adt_to_in_remote invalid type", EINVAL); + return; + } +} + +/* + * adt_to_iport takes a uint16_t IP port. + */ + +/* ARGSUSED */ +static void +adt_to_iport(datadef *def, void *p_data, int required, + struct adt_event_state *event, char *notUsed) +{ + ushort_t port; + + DPRINTF((" adt_to_iport dd_datatype=%d\n", def->dd_datatype)); + + port = ((union convert *)p_data)->tuint16; + + if (port == 0) { + if (required == 0) { + return; + } + /* required and not specified */ + adt_write_syslog("adt_to_iport no required port", 0); + } + (void) au_write(event->ae_event_handle, au_to_iport(port)); + +} + /* * This is a compact table that defines only the tokens that are @@ -920,7 +991,7 @@ * adt_xlate.h), and the -AUT_PATH value. */ -#define MAX_TOKEN_JMP 18 +#define MAX_TOKEN_JMP 20 static struct token_jmp token_table[MAX_TOKEN_JMP] = { @@ -928,6 +999,8 @@ {ADT_CMD_ALT, adt_to_cmd1}, {AUT_FMRI, adt_to_frmi}, {ADT_IN_PEER, adt_to_in_peer}, + {ADT_IN_REMOTE, adt_to_in_remote}, + {AUT_IPORT, adt_to_iport}, {AUT_LABEL, adt_to_label}, {AUT_NEWGROUPS, adt_to_newgroups}, {AUT_PATH, adt_to_path},
--- a/usr/src/lib/libbsm/common/adt_xlate.h Thu Sep 24 13:34:13 2009 -0700 +++ b/usr/src/lib/libbsm/common/adt_xlate.h Thu Sep 24 14:25:39 2009 -0700 @@ -69,9 +69,9 @@ #define ADT_AUT_PRIV_L -100 /* limit set */ #define ADT_AUT_PRIV_I -101 /* inherited set */ #define ADT_AUT_PRIV_E -102 /* effective set */ -/* dummy token type for alternate command */ -#define ADT_CMD_ALT -103 +#define ADT_CMD_ALT -103 /* dummy token type for alternate command */ #define ADT_IN_PEER -104 /* peer address in_addr and in_port */ +#define ADT_IN_REMOTE -105 /* specified address in_addr */ enum adt_generic {ADT_GENERIC}; /* base for text enums */
--- a/usr/src/lib/libbsm/common/au_to.c Thu Sep 24 13:34:13 2009 -0700 +++ b/usr/src/lib/libbsm/common/au_to.c Thu Sep 24 14:25:39 2009 -0700 @@ -935,17 +935,33 @@ { token_t *token; adr_t adr; - char data_header = AUT_IN_ADDR_EX; + + if (IN6_IS_ADDR_V4MAPPED(addr)) { + ipaddr_t in4; + + /* + * An IPv4-mapped IPv6 address is really an IPv4 address + * in IPv6 format. + */ + + IN6_V4MAPPED_TO_IPADDR(addr, in4); + return (au_to_in_addr((struct in_addr *)&in4)); - if ((token = get_token(sizeof (char) + sizeof (struct in6_addr))) - == NULL) { - return (NULL); + } else { + char data_header = AUT_IN_ADDR_EX; + int32_t type = AU_IPv6; + + if ((token = get_token(sizeof (char) + sizeof (int32_t) + + sizeof (struct in6_addr))) == NULL) { + return (NULL); + } + + adr_start(&adr, token->tt_data); + adr_char(&adr, &data_header, 1); + adr_int32(&adr, &type, 1); + adr_char(&adr, (char *)addr, sizeof (struct in6_addr)); } - adr_start(&adr, token->tt_data); - adr_char(&adr, &data_header, 1); - adr_char(&adr, (char *)addr, sizeof (struct in6_addr)); - return (token); }