From owner-p4-projects@FreeBSD.ORG Mon May 2 15:18:55 2005 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id ABD7916A4D0; Mon, 2 May 2005 15:18:54 +0000 (GMT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 53FE116A4CE; Mon, 2 May 2005 15:18:54 +0000 (GMT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 810F043D39; Mon, 2 May 2005 15:18:51 +0000 (GMT) (envelope-from arr@watson.org) Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.13.3/8.13.3) with ESMTP id j42FLx03091028; Mon, 2 May 2005 11:21:59 -0400 (EDT) (envelope-from arr@watson.org) Received: from localhost (arr@localhost)j42FLxq5091025; Mon, 2 May 2005 11:21:59 -0400 (EDT) (envelope-from arr@watson.org) X-Authentication-Warning: fledge.watson.org: arr owned process doing -bs Date: Mon, 2 May 2005 11:21:59 -0400 (EDT) From: "Andrew R. Reiter" To: Robert Watson In-Reply-To: <200505012123.j41LNpOv077763@repoman.freebsd.org> Message-ID: <20050502112106.R90331@fledge.watson.org> References: <200505012123.j41LNpOv077763@repoman.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: Perforce Change Reviews Subject: Re: PERFORCE change 76336 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2005 15:18:55 -0000 On Sun, 1 May 2005, Robert Watson wrote: :http://perforce.freebsd.org/chv.cgi?CH=76336 : :Change 76336 by rwatson@rwatson_paprika on 2005/05/01 21:23:34 : : Rename print_sec() to print_sec32(); add a print_sec64() that : truncates the value of a 64-bit second count since we assume that : time_t is 32-bit. : : Rename print_msec() to print_msec32(); add a print_msec64() that : truncates the value of a 64-bit millisecond count since that's : silly. : : Implement fetch_header64_tok(), print_header64_tok(), : fetch_attr64_tok(), print_attr64_tok(), fetch_subject64_tok(), : print_subject64_tok(). : : It's now possible to print the basic 64-bit record types from a : 64-bit Solaris BSM token stream. Ausome (he he, au* humor, ok, stupid ;)). Is there an audit log from 64bit solaris I could use to play around with this code base? : :Affected files ... : :.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#10 edit : :Differences ... : :==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#10 (text+ko) ==== : :@@ -281,7 +281,7 @@ : /* : * Prints seconds in the ctime format : */ :-static void print_sec(FILE *fp, u_int32_t sec, char raw) :+static void print_sec32(FILE *fp, u_int32_t sec, char raw) : { : time_t time; : char timestr[26]; :@@ -298,9 +298,29 @@ : } : : /* :+ * XXXRW: 64-bit token streams make use of 64-bit time stamps; since we :+ * assume a 32-bit time_t, we simply truncate for now. :+ */ :+static void print_sec64(FILE *fp, u_int64_t sec, char raw) :+{ :+ time_t time; :+ char timestr[26]; :+ :+ if(raw) { :+ fprintf(fp, "%u", (u_int32_t)sec); :+ } :+ else { :+ time = (time_t)sec; :+ ctime_r(&time, timestr); :+ timestr[24] = '\0'; /* No new line */ :+ fprintf(fp, "%s", timestr); :+ } :+} :+ :+/* : * Prints the excess milliseconds : */ :-static void print_msec(FILE *fp, u_int32_t msec, char raw) :+static void print_msec32(FILE *fp, u_int32_t msec, char raw) : { : if(raw) { : fprintf(fp, "%u", msec); :@@ -310,7 +330,23 @@ : } : } : :+/* :+ * XXXRW: 64-bit token streams make use of 64-bit time stamps; since we :+ * assume a 32-bit msec, we simply truncate for now. :+ */ :+static void print_msec64(FILE *fp, u_int64_t msec, char raw) :+{ : :+ msec &= 0xffffffff; :+ if(raw) { :+ fprintf(fp, "%u", (u_int32_t)msec); :+ } :+ else { :+ fprintf(fp, " + %u msec", (u_int32_t)msec); :+ } :+} :+ :+ : /* prints a dotted form for the IP addres */ : static void print_ip_address(FILE *fp, u_int32_t ip) : { :@@ -448,9 +484,72 @@ : print_delim(fp, del); : print_evmod(fp, tok->tt.hdr32.e_mod, raw); : print_delim(fp, del); :- print_sec(fp, tok->tt.hdr32.s, raw); :+ print_sec32(fp, tok->tt.hdr32.s, raw); :+ print_delim(fp, del); :+ print_msec32(fp, tok->tt.hdr32.ms, raw); :+} :+ :+/* :+ * record byte count 4 bytes :+ * event type 2 bytes :+ * event modifier 2 bytes :+ * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) :+ * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) :+ * version # :+ */ :+static int fetch_header64_tok(tokenstr_t *tok, char *buf, int len) :+{ :+ int err = 0; :+ :+ READ_TOKEN_U_INT32(buf, len, tok->tt.hdr64.size, tok->len, err); :+ if(err) { :+ return -1; :+ } :+ :+ READ_TOKEN_U_CHAR(buf, len, tok->tt.hdr64.version, tok->len, err); :+ if(err) { :+ return -1; :+ } :+ :+ READ_TOKEN_U_INT16(buf, len, tok->tt.hdr64.e_type, tok->len, err); :+ if(err) { :+ return -1; :+ } :+ :+ READ_TOKEN_U_INT16(buf, len, tok->tt.hdr64.e_mod, tok->len, err); :+ if(err) { :+ return -1; :+ } :+ :+ READ_TOKEN_U_INT64(buf, len, tok->tt.hdr64.s, tok->len, err); :+ if(err) { :+ return -1; :+ } :+ :+ READ_TOKEN_U_INT64(buf, len, tok->tt.hdr64.ms, tok->len, err); :+ if(err) { :+ return -1; :+ } :+ :+ return 0; :+} :+ :+static void print_header64_tok(FILE *fp, tokenstr_t *tok, char *del, :+ char raw, char sfrm) :+{ :+ print_tok_type(fp, tok->id, "header", raw); :+ print_delim(fp, del); :+ print_4_bytes(fp, tok->tt.hdr64.size, "%u"); :+ print_delim(fp, del); :+ print_1_byte(fp, tok->tt.hdr64.version, "%u"); :+ print_delim(fp, del); :+ print_event(fp, tok->tt.hdr64.e_type, raw, sfrm); :+ print_delim(fp, del); :+ print_evmod(fp, tok->tt.hdr64.e_mod, raw); :+ print_delim(fp, del); :+ print_sec64(fp, tok->tt.hdr64.s, raw); : print_delim(fp, del); :- print_msec(fp, tok->tt.hdr32.ms, raw); :+ print_msec64(fp, tok->tt.hdr64.ms, raw); : } : : /* :@@ -763,6 +862,69 @@ : } : : /* :+ * file access mode 4 bytes :+ * owner user ID 4 bytes :+ * owner group ID 4 bytes :+ * file system ID 4 bytes :+ * node ID 8 bytes :+ * device 4 bytes/8 bytes (32-bit/64-bit) :+ */ :+static int fetch_attr64_tok(tokenstr_t *tok, char *buf, int len) :+{ :+ int err = 0; :+ :+ READ_TOKEN_U_INT32(buf, len, tok->tt.attr64.mode, tok->len, err); :+ if(err) { :+ return -1; :+ } :+ :+ READ_TOKEN_U_INT32(buf, len, tok->tt.attr64.uid, tok->len, err); :+ if(err) { :+ return -1; :+ } :+ :+ READ_TOKEN_U_INT32(buf, len, tok->tt.attr64.gid, tok->len, err); :+ if(err) { :+ return -1; :+ } :+ :+ READ_TOKEN_U_INT32(buf, len, tok->tt.attr64.fsid, tok->len, err); :+ if(err) { :+ return -1; :+ } :+ :+ READ_TOKEN_U_INT64(buf, len, tok->tt.attr64.nid, tok->len, err); :+ if(err) { :+ return -1; :+ } :+ :+ READ_TOKEN_U_INT64(buf, len, tok->tt.attr64.dev, tok->len, err); :+ if(err) { :+ return -1; :+ } :+ :+ return 0; :+} :+ :+static void print_attr64_tok(FILE *fp, tokenstr_t *tok, char *del, :+ char raw, char sfrm) :+{ :+ print_tok_type(fp, tok->id, "attribute", raw); :+ print_delim(fp, del); :+ print_4_bytes(fp, tok->tt.attr64.mode, "%o"); :+ print_delim(fp, del); :+ print_user(fp, tok->tt.attr64.uid, raw); :+ print_delim(fp, del); :+ print_group(fp, tok->tt.attr64.gid, raw); :+ print_delim(fp, del); :+ print_4_bytes(fp, tok->tt.attr64.fsid, "%u"); :+ print_delim(fp, del); :+ print_8_bytes(fp, tok->tt.attr64.nid, "%lld"); :+ print_delim(fp, del); :+ print_8_bytes(fp, tok->tt.attr64.dev, "%llu"); :+} :+ :+/* : * status 4 bytes : * return value 4 bytes : */ :@@ -919,9 +1081,9 @@ : { : print_tok_type(fp, tok->id, "file", raw); : print_delim(fp, del); :- print_sec(fp, tok->tt.file.s, raw); :+ print_sec32(fp, tok->tt.file.s, raw); : print_delim(fp, del); :- print_msec(fp, tok->tt.file.ms, raw); :+ print_msec32(fp, tok->tt.file.ms, raw); : print_delim(fp, del); : print_string(fp, tok->tt.file.name, tok->tt.file.len); : } :@@ -1704,7 +1866,7 @@ : * pid 4 bytes : * sessid 4 bytes : * terminal ID :- * portid 4 bytes :+ * portid 4 bytes/8 bytes (32-bit/64-bit value) : * machine id 4 bytes : */ : static int fetch_subject32_tok(tokenstr_t *tok, char *buf, int len) :@@ -1792,6 +1954,94 @@ : * pid 4 bytes : * sessid 4 bytes : * terminal ID :+ * portid 4 bytes/8 bytes (32-bit/64-bit value) :+ * machine id 4 bytes :+ */ :+static int fetch_subject64_tok(tokenstr_t *tok, char *buf, int len) :+{ :+ int err = 0; :+ :+ READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.auid, tok->len, err); :+ if(err) { :+ return -1; :+ } :+ :+ READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.euid, tok->len, err); :+ if(err) { :+ return -1; :+ } :+ :+ READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.egid, tok->len, err); :+ if(err) { :+ return -1; :+ } :+ :+ READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.ruid, tok->len, err); :+ if(err) { :+ return -1; :+ } :+ :+ READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.rgid, tok->len, err); :+ if(err) { :+ return -1; :+ } :+ :+ READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.pid, tok->len, err); :+ if(err) { :+ return -1; :+ } :+ :+ READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.sid, tok->len, err); :+ if(err) { :+ return -1; :+ } :+ :+ READ_TOKEN_U_INT64(buf, len, tok->tt.subj64.tid.port, tok->len, err); :+ if(err) { :+ return -1; :+ } :+ :+ READ_TOKEN_U_INT32(buf, len, tok->tt.subj64.tid.addr, tok->len, err); :+ if(err) { :+ return -1; :+ } :+ :+ return 0; :+} :+ :+static void print_subject64_tok(FILE *fp, tokenstr_t *tok, char *del, :+ char raw, char sfrm) :+{ :+ print_tok_type(fp, tok->id, "subject", raw); :+ print_delim(fp, del); :+ print_user(fp, tok->tt.subj64.auid, raw); :+ print_delim(fp, del); :+ print_user(fp, tok->tt.subj64.euid, raw); :+ print_delim(fp, del); :+ print_group(fp, tok->tt.subj64.egid, raw); :+ print_delim(fp, del); :+ print_user(fp, tok->tt.subj64.ruid, raw); :+ print_delim(fp, del); :+ print_group(fp, tok->tt.subj64.rgid, raw); :+ print_delim(fp, del); :+ print_4_bytes(fp, tok->tt.subj64.pid, "%u"); :+ print_delim(fp, del); :+ print_4_bytes(fp, tok->tt.subj64.sid, "%u"); :+ print_delim(fp, del); :+ print_8_bytes(fp, tok->tt.subj64.tid.port, "%llu"); :+ print_delim(fp, del); :+ print_ip_address(fp, tok->tt.subj64.tid.addr); :+} :+ :+/* :+ * audit ID 4 bytes :+ * euid 4 bytes :+ * egid 4 bytes :+ * ruid 4 bytes :+ * rgid 4 bytes :+ * pid 4 bytes :+ * sessid 4 bytes :+ * terminal ID : * portid 4 bytes : * type 4 bytes : * machine id 16 bytes :@@ -2039,6 +2289,9 @@ : case AU_HEADER_32_TOKEN : : return fetch_header32_tok(tok, buf, len); : :+ case AU_HEADER_64_TOKEN : :+ return fetch_header64_tok(tok, buf, len); :+ : case AU_TRAILER_TOKEN : : return fetch_trailer_tok(tok, buf, len); : :@@ -2051,6 +2304,9 @@ : case AU_ATTR32_TOKEN : : return fetch_attr32_tok(tok, buf, len); : :+ case AU_ATTR64_TOKEN : :+ return fetch_attr64_tok(tok, buf, len); :+ : case AU_EXIT_TOKEN : : return fetch_exit_tok(tok, buf, len); : :@@ -2117,6 +2373,9 @@ : case AU_SUBJECT_32_TOKEN : : return fetch_subject32_tok(tok, buf, len); : :+ case AU_SUBJECT_64_TOKEN : :+ return fetch_subject64_tok(tok, buf, len); :+ : case AU_SUBJECT_32_EX_TOKEN : : return fetch_subject32ex_tok(tok, buf, len); : :@@ -2144,6 +2403,9 @@ : case AU_HEADER_32_TOKEN : : return print_header32_tok(outfp, tok, del, raw, sfrm); : :+ case AU_HEADER_64_TOKEN: :+ return print_header64_tok(outfp, tok, del, raw, sfrm); :+ : case AU_TRAILER_TOKEN : : return print_trailer_tok(outfp, tok, del, raw, sfrm); : :@@ -2159,6 +2421,9 @@ : case AU_ATTR32_TOKEN : : return print_attr32_tok(outfp, tok, del, raw, sfrm); : :+ case AU_ATTR64_TOKEN : :+ return print_attr64_tok(outfp, tok, del, raw, sfrm); :+ : case AU_EXIT_TOKEN : : return print_exit_tok(outfp, tok, del, raw, sfrm); : :@@ -2225,6 +2490,9 @@ : case AU_SUBJECT_32_TOKEN : : return print_subject32_tok(outfp, tok, del, raw, sfrm); : :+ case AU_SUBJECT_64_TOKEN : :+ return print_subject64_tok(outfp, tok, del, raw, sfrm); :+ : case AU_SUBJECT_32_EX_TOKEN : : return print_subject32ex_tok(outfp, tok, del, raw, sfrm); : : : -- Andrew R. Reiter arr@watson.org arr@FreeBSD.org