From owner-p4-projects@FreeBSD.ORG  Mon Jun 12 20:30:05 2006
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 2760616A49E; Mon, 12 Jun 2006 20:30:05 +0000 (UTC)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C7A4E16A41A
	for <perforce@freebsd.org>; Mon, 12 Jun 2006 20:30:04 +0000 (UTC)
	(envelope-from wsalamon@computer.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 764A043D66
	for <perforce@freebsd.org>; Mon, 12 Jun 2006 20:30:01 +0000 (GMT)
	(envelope-from wsalamon@computer.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k5CKRji6007509
	for <perforce@freebsd.org>; Mon, 12 Jun 2006 20:27:45 GMT
	(envelope-from wsalamon@computer.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k5CKRjLa007506
	for perforce@freebsd.org; Mon, 12 Jun 2006 20:27:45 GMT
	(envelope-from wsalamon@computer.org)
Date: Mon, 12 Jun 2006 20:27:45 GMT
Message-Id: <200606122027.k5CKRjLa007506@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	wsalamon@computer.org using -f
From: Wayne Salamon <wsalamon@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 99077 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jun 2006 20:30:05 -0000

http://perforce.freebsd.org/chv.cgi?CH=99077

Change 99077 by wsalamon@vh1 on 2006/06/12 20:27:30

	Make the size of the subject32_ex and process32_ex tokens depend on
	whether we have an IPv6 address, or not. Write the term ID as 4 or
	16 bytes depending on address type. This change matches the recent
	OpenBSM change, and what Solaris does.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#17 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#17 (text+ko) ====

@@ -30,7 +30,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#16 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#17 $
  * $FreeBSD: src/sys/security/audit/audit_bsm_token.c,v 1.3 2006/06/05 13:13:02 rwatson Exp $
  */
 
@@ -609,7 +609,7 @@
  * terminal ID
  *   port ID               4 bytes/8 bytes (32-bit/64-bit value)
  *   address type-len      4 bytes
- *   machine address      16 bytes
+ *   machine address    4/16 bytes
  */
 token_t *
 au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
@@ -618,7 +618,12 @@
 	token_t *t;
 	u_char *dptr = NULL;
 
-	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * sizeof(u_int32_t));
+	if (tid->at_type == AU_IPv6)
+		GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 *
+		    sizeof(u_int32_t));
+	else
+		GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 *
+		    sizeof(u_int32_t));
 
 	ADD_U_CHAR(dptr, AUT_PROCESS32_EX);
 	ADD_U_INT32(dptr, auid);
@@ -631,10 +636,11 @@
 	ADD_U_INT32(dptr, tid->at_port);
 	ADD_U_INT32(dptr, tid->at_type);
 	ADD_U_INT32(dptr, tid->at_addr[0]);
-	ADD_U_INT32(dptr, tid->at_addr[1]);
-	ADD_U_INT32(dptr, tid->at_addr[2]);
-	ADD_U_INT32(dptr, tid->at_addr[3]);
-
+	if (tid->at_type == AU_IPv6) {
+		ADD_U_INT32(dptr, tid->at_addr[1]);
+		ADD_U_INT32(dptr, tid->at_addr[2]);
+		ADD_U_INT32(dptr, tid->at_addr[3]);
+	}
 	return (t);
 }
 
@@ -938,7 +944,7 @@
  * terminal ID
  *   port ID               4 bytes/8 bytes (32-bit/64-bit value)
  *   address type/length   4 bytes
- *   machine address      16 bytes
+ *   machine address    4/16 bytes
  */
 token_t *
 au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
@@ -947,7 +953,12 @@
 	token_t *t;
 	u_char *dptr = NULL;
 
-	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * sizeof(u_int32_t));
+	if (tid->at_type == AU_IPv6)
+		GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 *
+		    sizeof(u_int32_t));
+	else
+		GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 *
+		    sizeof(u_int32_t));
 
 	ADD_U_CHAR(dptr, AUT_SUBJECT32_EX);
 	ADD_U_INT32(dptr, auid);
@@ -960,10 +971,11 @@
 	ADD_U_INT32(dptr, tid->at_port);
 	ADD_U_INT32(dptr, tid->at_type);
 	ADD_U_INT32(dptr, tid->at_addr[0]);
-	ADD_U_INT32(dptr, tid->at_addr[1]);
-	ADD_U_INT32(dptr, tid->at_addr[2]);
-	ADD_U_INT32(dptr, tid->at_addr[3]);
-
+	if (tid->at_type == AU_IPv6) {
+		ADD_U_INT32(dptr, tid->at_addr[1]);
+		ADD_U_INT32(dptr, tid->at_addr[2]);
+		ADD_U_INT32(dptr, tid->at_addr[3]);
+	}
 	return (t);
 }