Mercurial > illumos > illumos-gate

changeset 10645:f0fd61da7838

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6864075 adt.xml is missing support for tokens needed by the ILB project 6879490 libbsm private au_to_in_addr_ex produces bad tokens
author gww <gww@eng.sun.com>
date Thu, 24 Sep 2009 14:25:39 -0700
parents 7fee69b6853b
children 9d107b7bd2f0
files usr/src/lib/libbsm/auditxml usr/src/lib/libbsm/common/adt.h usr/src/lib/libbsm/common/adt.xml usr/src/lib/libbsm/common/adt_token.c usr/src/lib/libbsm/common/adt_xlate.h usr/src/lib/libbsm/common/au_to.c
diffstat 6 files changed, 118 insertions(+), 15 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/lib/libbsm/auditxml	Thu Sep 24 13:34:13 2009 -0700
+++ b/usr/src/lib/libbsm/auditxml	Thu Sep 24 14:25:39 2009 -0700
@@ -596,10 +596,11 @@
 	#	  'groups'      	=> 'AUT_GROUPS',	# not defined
 	#	  'header'      	=> 'AUT_HEADER',	# not defined
 		  'in_peer'     	=> 'ADT_IN_PEER',	# dummy token id
+		  'in_remote'     	=> 'ADT_IN_REMOTE',	# dummy token id
 		  'tid'          	=> 'AUT_TID',
 	#	  'ipc'         	=> 'AUT_IPC',		# not defined
 	#	  'ipc_perm'    	=> 'AUT_IPC_PERM',	# not defined
-	#	  'iport'		=> 'AUT_IPORT',		# not defined
+		  'iport'		=> 'AUT_IPORT',
 		  'label'		=> 'AUT_LABEL',
 		  'newgroups'   	=> 'AUT_NEWGROUPS',
 	#	  'opaque'      	=> 'AUT_OPAQUE',	# not defined
--- a/usr/src/lib/libbsm/common/adt.h	Thu Sep 24 13:34:13 2009 -0700
+++ b/usr/src/lib/libbsm/common/adt.h	Thu Sep 24 14:25:39 2009 -0700
@@ -21,7 +21,7 @@
 /*
  * adt.h
  *
- * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  *
  * This is a contract private interface and is subject to change
@@ -48,8 +48,8 @@
 /*
  * terminal id types
  */
-#define	ADT_IPv4	0
-#define	ADT_IPv6	1
+#define	ADT_IPv4	1
+#define	ADT_IPv6	2
 
 /*
  * for adt_set_user(): ADT_NEW if creating a session for a newly
--- a/usr/src/lib/libbsm/common/adt.xml	Thu Sep 24 13:34:13 2009 -0700
+++ b/usr/src/lib/libbsm/common/adt.xml	Thu Sep 24 14:25:39 2009 -0700
@@ -2052,9 +2052,22 @@
     </token>
     <token id="groups">
     </token>
+    <!--
+    	the iport token take a single argument of type uint16_t
+	if there are any other tokens following it that have arguments
+	the last of the iport tokens in the event description must
+	be followed by a dummy iport token that is optional.
+	This is to ensure proper structure alignment across all
+	compliers and architectures.
+    -->
+    <token id="iport">
+    </token>
     <!-- pseudo token; in_addr and in_port of peer -->
     <token id="in_peer">
     </token>
+    <!-- pseudo token; specified in_addr -->
+    <token id="in_remote">
+    </token>
     <token id="ipc">
     </token>
     <token id="ipc_perm">
--- a/usr/src/lib/libbsm/common/adt_token.c	Thu Sep 24 13:34:13 2009 -0700
+++ b/usr/src/lib/libbsm/common/adt_token.c	Thu Sep 24 14:25:39 2009 -0700
@@ -911,6 +911,77 @@
 	}
 }
 
+/*
+ * ADT_IN_REMOTE dummy token
+ *
+ * Similar to ADT_IN_PEER except the input is
+ * an IP address type (ADT_IPv4 | ADT_IPv6) and an address V4/V6
+ */
+
+/* ARGSUSED */
+static void
+adt_to_in_remote(datadef *def, void *p_data, int required,
+    struct adt_event_state *event, char *notUsed)
+{
+	int32_t	type;
+
+	DPRINTF(("    adt_to_in_remote dd_datatype=%d\n", def->dd_datatype));
+
+	type = ((union convert *)p_data)->tuint32;
+
+	if (type ==  0) {
+		if (required == 0) {
+			return;
+		}
+		/* required and not specified */
+		adt_write_syslog("adt_to_in_remote required address not "
+		    "specified", 0);
+		type = ADT_IPv4;
+	}
+	p_data = adt_adjust_address(p_data, sizeof (int32_t),
+	    sizeof (uint32_t));
+
+	switch (type) {
+	case ADT_IPv4:
+		(void) au_write(event->ae_event_handle, au_to_in_addr(
+		    (struct in_addr *)&(((union convert *)p_data)->tuint32)));
+		break;
+	case ADT_IPv6:
+		(void) au_write(event->ae_event_handle, au_to_in_addr_ex(
+		    (struct in6_addr *)&(((union convert *)p_data)->tuint32)));
+		break;
+	default:
+		adt_write_syslog("adt_to_in_remote invalid type", EINVAL);
+		return;
+	}
+}
+
+/*
+ * adt_to_iport takes a uint16_t IP port.
+ */
+
+/* ARGSUSED */
+static void
+adt_to_iport(datadef *def, void *p_data, int required,
+    struct adt_event_state *event, char *notUsed)
+{
+	ushort_t port;
+
+	DPRINTF(("  adt_to_iport dd_datatype=%d\n", def->dd_datatype));
+
+	port = ((union convert *)p_data)->tuint16;
+
+	if (port == 0) {
+		if (required == 0) {
+			return;
+		}
+		/* required and not specified */
+		adt_write_syslog("adt_to_iport no required port", 0);
+	}
+	(void) au_write(event->ae_event_handle, au_to_iport(port));
+
+}
+
 
 /*
  *	This is a compact table that defines only the tokens that are
@@ -920,7 +991,7 @@
  * adt_xlate.h), and the -AUT_PATH value.
  */
 
-#define	MAX_TOKEN_JMP 18
+#define	MAX_TOKEN_JMP 20
 
 static struct token_jmp token_table[MAX_TOKEN_JMP] =
 {
@@ -928,6 +999,8 @@
 	{ADT_CMD_ALT, adt_to_cmd1},
 	{AUT_FMRI, adt_to_frmi},
 	{ADT_IN_PEER, adt_to_in_peer},
+	{ADT_IN_REMOTE, adt_to_in_remote},
+	{AUT_IPORT, adt_to_iport},
 	{AUT_LABEL, adt_to_label},
 	{AUT_NEWGROUPS, adt_to_newgroups},
 	{AUT_PATH, adt_to_path},
--- a/usr/src/lib/libbsm/common/adt_xlate.h	Thu Sep 24 13:34:13 2009 -0700
+++ b/usr/src/lib/libbsm/common/adt_xlate.h	Thu Sep 24 14:25:39 2009 -0700
@@ -69,9 +69,9 @@
 #define	ADT_AUT_PRIV_L	-100	/* limit set */
 #define	ADT_AUT_PRIV_I	-101	/* inherited set */
 #define	ADT_AUT_PRIV_E	-102	/* effective set */
-/* dummy token type for alternate command */
-#define	ADT_CMD_ALT	-103
+#define	ADT_CMD_ALT	-103	/* dummy token type for alternate command */
 #define	ADT_IN_PEER	-104	/* peer address in_addr and in_port */
+#define	ADT_IN_REMOTE	-105	/* specified address in_addr */
 
 enum adt_generic {ADT_GENERIC}; /* base for text enums */
 
--- a/usr/src/lib/libbsm/common/au_to.c	Thu Sep 24 13:34:13 2009 -0700
+++ b/usr/src/lib/libbsm/common/au_to.c	Thu Sep 24 14:25:39 2009 -0700
@@ -935,17 +935,33 @@
 {
 	token_t *token;
 	adr_t adr;
-	char data_header = AUT_IN_ADDR_EX;
+
+	if (IN6_IS_ADDR_V4MAPPED(addr)) {
+		ipaddr_t in4;
+
+		/*
+		 * An IPv4-mapped IPv6 address is really an IPv4 address
+		 * in IPv6 format.
+		 */
+
+		IN6_V4MAPPED_TO_IPADDR(addr, in4);
+		return (au_to_in_addr((struct in_addr *)&in4));
 
-	if ((token = get_token(sizeof (char) + sizeof (struct in6_addr)))
-	    == NULL) {
-		return (NULL);
+	} else {
+		char data_header = AUT_IN_ADDR_EX;
+		int32_t	type = AU_IPv6;
+
+		if ((token = get_token(sizeof (char) + sizeof (int32_t) +
+		    sizeof (struct in6_addr))) == NULL) {
+			return (NULL);
+		}
+
+		adr_start(&adr, token->tt_data);
+		adr_char(&adr, &data_header, 1);
+		adr_int32(&adr, &type, 1);
+		adr_char(&adr, (char *)addr, sizeof (struct in6_addr));
 	}
 
-	adr_start(&adr, token->tt_data);
-	adr_char(&adr, &data_header, 1);
-	adr_char(&adr, (char *)addr, sizeof (struct in6_addr));
-
 	return (token);
 }