From owner-p4-projects@FreeBSD.ORG  Tue Oct 18 14:54:37 2005
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 7C94516A421; Tue, 18 Oct 2005 14:54:36 +0000 (GMT)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 414F516A41F
	for <perforce@freebsd.org>; Tue, 18 Oct 2005 14:54:36 +0000 (GMT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AD05943D48
	for <perforce@freebsd.org>; Tue, 18 Oct 2005 14:54:35 +0000 (GMT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j9IEsZI4080337
	for <perforce@freebsd.org>; Tue, 18 Oct 2005 14:54:35 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j9IEsZf2080334
	for perforce@freebsd.org; Tue, 18 Oct 2005 14:54:35 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Tue, 18 Oct 2005 14:54:35 GMT
Message-Id: <200510181454.j9IEsZf2080334@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 85501 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2005 14:54:37 -0000

http://perforce.freebsd.org/chv.cgi?CH=85501

Change 85501 by rwatson@rwatson_fledge on 2005/10/18 14:53:45

	Use AU_IP{v4,v6}, not AF_INET and AF_INET6, which will result in
	mis-handling of addresses (BSD/Darwin addresses will not be
	readable by Solaris and vice versa).  Now we use the Solaris
	convention.
	
	The address type in AUT_HEADER32_EX is actually 4 bytes long, not 1
	byte as documented in the BSM documentation.
	
	This corrects handling of the IP address and time fields in
	header32_ex.

Affected files ...

.. //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#3 edit
.. //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#17 edit

Differences ...

==== //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#3 (text+ko) ====

@@ -348,7 +348,7 @@
 	u_char version;
 	u_int16_t e_type;
 	u_int16_t e_mod;
-	u_char ad_type;
+	u_int32_t ad_type;
 	u_int32_t addr[4];
 	u_int32_t s;
 	u_int32_t ms;

==== //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#17 (text+ko) ====

@@ -366,15 +366,19 @@
 	char dst[INET6_ADDRSTRLEN];
 	const char *ret = NULL;
 
-	if (type == AF_INET) {
+	switch (type) {
+	case AU_IPv4:
 		ipv4.s_addr = (in_addr_t)(ipaddr[0]);
-		ret = inet_ntop(type, &ipv4, dst, INET6_ADDRSTRLEN);
-	} else if (type == AF_INET6) {
+		ret = inet_ntop(AF_INET, &ipv4, dst, INET6_ADDRSTRLEN);
+		break;
+
+	case AU_IPv6:
 		ipv6.__u6_addr.__u6_addr32[0] = ipaddr[0];
 		ipv6.__u6_addr.__u6_addr32[1] = ipaddr[1];
 		ipv6.__u6_addr.__u6_addr32[2] = ipaddr[2];
 		ipv6.__u6_addr.__u6_addr32[3] = ipaddr[3];
-		ret = inet_ntop(type, &ipv6, dst, INET6_ADDRSTRLEN);
+		ret = inet_ntop(AF_INET6, &ipv6, dst, INET6_ADDRSTRLEN);
+		break;
 	}
 
 	if (ret != NULL) {
@@ -489,11 +493,19 @@
 }
 
 /*
+ * The Solaris specifications for AUE_HEADER32_EX seem to differ a bit
+ * depending on the bit of the specifications found.  The OpenSolaris source
+ * code uses a 4-byte address length, followed by some number of bytes of
+ * address data.  This contrasts with the Solaris audit.log.5 man page, which
+ * specifies a 1-byte length field.  We use the Solaris 10 definition so that
+ * we can parse audit trails from that system.
+ *
  * record byte count       4 bytes
  * version #               1 byte     [2]
  * event type              2 bytes
  * event modifier          2 bytes
- * address type/length     1 byte
+ * address type/length     4 bytes
+ *   [ Solaris man page: address type/length     1 byte]
  * machine address         4 bytes/16 bytes (IPv4/IPv6 address)
  * seconds of time         4 bytes/8 bytes  (32/64-bits)
  * nanoseconds of time     4 bytes/8 bytes  (32/64-bits)
@@ -519,36 +531,22 @@
 	if (err)
 		return (-1);
 
-	READ_TOKEN_U_CHAR(buf, len, tok->tt.hdr32_ex.ad_type, tok->len, err);
+	READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.ad_type, tok->len, err);
 	if (err)
 		return (-1);
 
 	bzero(tok->tt.hdr32_ex.addr, sizeof(tok->tt.hdr32_ex.addr));
 	switch (tok->tt.hdr32_ex.ad_type) {
-	case AF_INET:
-		READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.addr[0],
-		    tok->len, err);
+	case AU_IPv4:
+		READ_TOKEN_BYTES(buf, len, &tok->tt.hdr32_ex.addr[0],
+		    sizeof(tok->tt.hdr32_ex.addr[0]), tok->len, err);
 		if (err)
 			return (-1);
 		break;
 
-	case AF_INET6:
-		READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.addr[0],
-		    tok->len, err);
-		if (err)
-			return (-1);
-		READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.addr[1],
-		    tok->len, err);
-		if (err)
-			return (-1);
-		READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.addr[2],
-		    tok->len, err);
-		if (err)
-			return (-1);
-		READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.addr[3],
-		    tok->len, err);
-		if (err)
-			return (-1);
+	case AU_IPv6:
+		READ_TOKEN_BYTES(buf, len, &tok->tt.hdr32_ex.addr,
+		    sizeof(tok->tt.hdr32_ex.addr), tok->len, err);
 		break;
 	}
 
@@ -1249,12 +1247,12 @@
 	if (err)
 		return (-1);
 
-	if (tok->tt.inaddr_ex.type == AF_INET) {
+	if (tok->tt.inaddr_ex.type == AU_IPv4) {
 		READ_TOKEN_BYTES(buf, len, &tok->tt.inaddr_ex.addr[0],
 		    sizeof(tok->tt.inaddr_ex.addr[0]), tok->len, err);
 		if (err)
 			return (-1);
-	} else if (tok->tt.inaddr_ex.type == AF_INET6) {
+	} else if (tok->tt.inaddr_ex.type == AU_IPv6) {
 		READ_TOKEN_BYTES(buf, len, &tok->tt.inaddr_ex.addr,
 		    sizeof(tok->tt.inaddr_ex.addr), tok->len, err);
 		if (err)
@@ -1662,12 +1660,12 @@
 	if (err)
 		return (-1);
 
-	if (tok->tt.proc32_ex.tid.type == AF_INET) {
+	if (tok->tt.proc32_ex.tid.type == AU_IPv4) {
 		READ_TOKEN_BYTES(buf, len, &tok->tt.proc32_ex.tid.addr[0],
 		    sizeof(tok->tt.proc32_ex.tid.addr[0]), tok->len, err);
 		if (err)
 			return (-1);
-	} else if (tok->tt.proc32_ex.tid.type == AF_INET6) {
+	} else if (tok->tt.proc32_ex.tid.type == AU_IPv6) {
 		READ_TOKEN_BYTES(buf, len, &tok->tt.proc32_ex.tid.addr,
 		    sizeof(tok->tt.proc32_ex.tid.addr), tok->len, err);
 		if (err)
@@ -2134,12 +2132,12 @@
 	if (err)
 		return (-1);
 
-	if (tok->tt.subj32_ex.tid.type == AF_INET) {
+	if (tok->tt.subj32_ex.tid.type == AU_IPv4) {
 		READ_TOKEN_BYTES(buf, len, &tok->tt.subj32_ex.tid.addr[0],
 		    sizeof(tok->tt.subj32_ex.tid.addr[0]), tok->len, err);
 		if (err)
 			return (-1);
-	} else if (tok->tt.subj32_ex.tid.type == AF_INET6) {
+	} else if (tok->tt.subj32_ex.tid.type == AU_IPv6) {
 		READ_TOKEN_BYTES(buf, len, &tok->tt.subj32_ex.tid.addr,
 		    sizeof(tok->tt.subj32_ex.tid.addr), tok->len, err);
 		if (err)