From owner-p4-projects@FreeBSD.ORG  Tue Oct 18 14:10:42 2005
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 3029716A421; Tue, 18 Oct 2005 14:10:42 +0000 (GMT)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CE2E716A41F
	for <perforce@freebsd.org>; Tue, 18 Oct 2005 14:10:41 +0000 (GMT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 896DF43D46
	for <perforce@freebsd.org>; Tue, 18 Oct 2005 14:10:41 +0000 (GMT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j9IEAf1H078665
	for <perforce@freebsd.org>; Tue, 18 Oct 2005 14:10:41 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j9IEAfqA078662
	for perforce@freebsd.org; Tue, 18 Oct 2005 14:10:41 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Tue, 18 Oct 2005 14:10:41 GMT
Message-Id: <200510181410.j9IEAfqA078662@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 85498 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2005 14:10:43 -0000

http://perforce.freebsd.org/chv.cgi?CH=85498

Change 85498 by rwatson@rwatson_fledge on 2005/10/18 14:10:23

	Teach OpenBSM about AUT_HEADER32_EX, which is required to parse
	Solaris 10 audit trails.

Affected files ...

.. //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#2 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#16 edit

Differences ...

==== //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#2 (text+ko) ====

@@ -332,6 +332,29 @@
 
 } au_header32_t;
 
+/*
+ * record byte count       4 bytes
+ * version #               1 byte     [2]
+ * event type              2 bytes
+ * event modifier          2 bytes
+ * address type/length     1 byte
+ * machine address         4 bytes/16 bytes (IPv4/IPv6 address)
+ * seconds of time         4 bytes/8 bytes  (32/64-bits)
+ * nanoseconds of time     4 bytes/8 bytes  (32/64-bits)
+ */
+typedef struct {
+
+	u_int32_t size;
+	u_char version;
+	u_int16_t e_type;
+	u_int16_t e_mod;
+	u_char ad_type;
+	u_int32_t addr[4];
+	u_int32_t s;
+	u_int32_t ms;
+
+} au_header32_ex_t;
+
 typedef struct {
 
 	u_int32_t size;
@@ -740,6 +763,7 @@
 		au_file_t		file;
 		au_groups_t		grps;
 		au_header32_t		hdr32;
+		au_header32_ex_t	hdr32_ex;
 		au_header64_t		hdr64;
 		au_inaddr_t		inaddr;
 		au_inaddr_ex_t		inaddr_ex;

==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#16 (text+ko) ====

@@ -490,8 +490,106 @@
 
 /*
  * record byte count       4 bytes
+ * version #               1 byte     [2]
  * event type              2 bytes
  * event modifier          2 bytes
+ * address type/length     1 byte
+ * machine address         4 bytes/16 bytes (IPv4/IPv6 address)
+ * seconds of time         4 bytes/8 bytes  (32/64-bits)
+ * nanoseconds of time     4 bytes/8 bytes  (32/64-bits)
+ */
+static int
+fetch_header32_ex_tok(tokenstr_t *tok, char *buf, int len)
+{
+	int err = 0;
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.size, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_CHAR(buf, len, tok->tt.hdr32_ex.version, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT16(buf, len, tok->tt.hdr32_ex.e_type, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT16(buf, len, tok->tt.hdr32_ex.e_mod, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_CHAR(buf, len, tok->tt.hdr32_ex.ad_type, tok->len, err);
+	if (err)
+		return (-1);
+
+	bzero(tok->tt.hdr32_ex.addr, sizeof(tok->tt.hdr32_ex.addr));
+	switch (tok->tt.hdr32_ex.ad_type) {
+	case AF_INET:
+		READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.addr[0],
+		    tok->len, err);
+		if (err)
+			return (-1);
+		break;
+
+	case AF_INET6:
+		READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.addr[0],
+		    tok->len, err);
+		if (err)
+			return (-1);
+		READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.addr[1],
+		    tok->len, err);
+		if (err)
+			return (-1);
+		READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.addr[2],
+		    tok->len, err);
+		if (err)
+			return (-1);
+		READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.addr[3],
+		    tok->len, err);
+		if (err)
+			return (-1);
+		break;
+	}
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.s, tok->len, err);
+	if (err)
+		return (-1);
+
+	READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.ms, tok->len, err);
+	if (err)
+		return (-1);
+
+	return (0);
+}
+
+static void
+print_header32_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
+    char sfrm)
+{
+
+	print_tok_type(fp, tok->id, "header_ex", raw);
+	print_delim(fp, del);
+	print_4_bytes(fp, tok->tt.hdr32_ex.size, "%u");
+	print_delim(fp, del);
+	print_1_byte(fp, tok->tt.hdr32_ex.version, "%u");
+	print_delim(fp, del);
+	print_event(fp, tok->tt.hdr32_ex.e_type, raw, sfrm);
+	print_delim(fp, del);
+	print_evmod(fp, tok->tt.hdr32_ex.e_mod, raw);
+	print_delim(fp, del);
+	print_ip_ex_address(fp, tok->tt.hdr32_ex.ad_type,
+	    tok->tt.hdr32_ex.addr);
+	print_delim(fp, del);
+	print_sec32(fp, tok->tt.hdr32_ex.s, raw);
+	print_delim(fp, del);
+	print_msec32(fp, tok->tt.hdr32_ex.ms, raw);
+}
+
+/*
+ * record byte count       4 bytes
+ * event type              2 bytes
+ * event modifier          2 bytes
  * seconds of time         4 bytes/8 bytes (32-bit/64-bit value)
  * milliseconds of time    4 bytes/8 bytes (32-bit/64-bit value)
  * version #              
@@ -2211,7 +2309,8 @@
 /*
  * Reads the token beginning at buf into tok.
  */
-int au_fetch_tok(tokenstr_t *tok, u_char *buf, int len)
+int
+au_fetch_tok(tokenstr_t *tok, u_char *buf, int len)
 {
 
 	if (len <= 0)
@@ -2225,6 +2324,9 @@
 	case AUT_HEADER32:
 		return (fetch_header32_tok(tok, buf, len));
 
+	case AUT_HEADER32_EX:
+		return (fetch_header32_ex_tok(tok, buf, len));
+
 	case AUT_HEADER64:
 		return (fetch_header64_tok(tok, buf, len));
 
@@ -2340,6 +2442,9 @@
 	case AUT_HEADER32:
 		return (print_header32_tok(outfp, tok, del, raw, sfrm));
 
+	case AUT_HEADER32_EX:
+		return (print_header32_ex_tok(outfp, tok, del, raw, sfrm));
+
 	case AUT_HEADER64:
 		return (print_header64_tok(outfp, tok, del, raw, sfrm));