From owner-p4-projects@FreeBSD.ORG Sat Nov 19 12:36:21 2005 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 9D32F16A421; Sat, 19 Nov 2005 12:36:20 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5CDAA16A420 for ; Sat, 19 Nov 2005 12:36:20 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 053A943D5A for ; Sat, 19 Nov 2005 12:36:06 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id jAJCa6Wc098044 for ; Sat, 19 Nov 2005 12:36:06 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id jAJCa60N098041 for perforce@freebsd.org; Sat, 19 Nov 2005 12:36:06 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Sat, 19 Nov 2005 12:36:06 GMT Message-Id: <200511191236.jAJCa60N098041@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 86953 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Nov 2005 12:36:21 -0000 http://perforce.freebsd.org/chv.cgi?CH=86953 Change 86953 by rwatson@rwatson_peppercorn on 2005/11/19 12:35:25 Integrate OpenBSM branch into Audit3 branch: - BSD license updates from Apple. - AU_IPv4, AU_IPv6 definitions, use for address tokens. - Additional generation and parsing of token types header32_ex, au_header64_ex. Affected files ... .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#4 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_internal.h#3 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#10 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#3 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#2 integrate .. //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#4 integrate Differences ... ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit.h#4 (text+ko) ==== @@ -1,24 +1,34 @@ /* - * @APPLE_LICENSE_HEADER_START@ + * Copyright (c) 2005 Apple Computer, Inc. + * All rights reserved. + * + * @APPLE_BSD_LICENSE_HEADER_START@ * - * Copyright (c) 1999-2004 Apple Computer, Inc. All Rights Reserved. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * its contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. + * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * @APPLE_LICENSE_HEADER_END@ + * @APPLE_BSD_LICENSE_HEADER_END@ */ #ifndef _BSM_AUDIT_H @@ -157,6 +167,13 @@ #define AU_FS_MINFREE 20 /* default min filesystem freespace, in percent */ +/* + * Type definitions used indicating the length of variable length addresses + * in tokens containing addresses, such as header fields. + */ +#define AU_IPv4 4 +#define AU_IPv6 16 + __BEGIN_DECLS typedef uid_t au_id_t; ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_internal.h#3 (text+ko) ==== @@ -1,29 +1,38 @@ /* - * @APPLE_LICENSE_HEADER_START@ - * - * Copyright (c) 1999-2004 Apple Computer, Inc. + * Copyright (c) 2005 Apple Computer, Inc. * Copyright (c) 2005 SPARTA, Inc. - * All Rights Reserved. + * All rights reserved. * * This code was developed in part by Robert N. M. Watson, Senior Principal * Scientist, SPARTA, Inc. * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. + * @APPLE_BSD_LICENSE_HEADER_START@ + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * its contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. + * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * @APPLE_LICENSE_HEADER_END@ + * @APPLE_BSD_LICENSE_HEADER_END@ */ #ifndef _LIBBSM_INTERNAL_H ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_kevents.h#10 (text+ko) ==== @@ -1,24 +1,34 @@ /* - * @APPLE_LICENSE_HEADER_START@ + * Copyright (c) 2005 Apple Computer, Inc. + * All rights reserved. + * + * @APPLE_BSD_LICENSE_HEADER_START@ * - * Copyright (c) 1999-2004 Apple Computer, Inc. All Rights Reserved. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * its contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. + * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * @APPLE_LICENSE_HEADER_END@ + * @APPLE_BSD_LICENSE_HEADER_END@ */ #ifndef _BSM_AUDIT_KEVENTS_H_ ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/audit_record.h#3 (text+ko) ==== @@ -1,24 +1,34 @@ /* - * @APPLE_LICENSE_HEADER_START@ + * Copyright (c) 2005 Apple Computer, Inc. + * All rights reserved. + * + * @APPLE_BSD_LICENSE_HEADER_START@ * - * Copyright (c) 1999-2004 Apple Computer, Inc. All Rights Reserved. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * This file contains Original Code and/or Modifications of Original Code - * as defined in and that are subject to the Apple Public Source License - * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Apple Computer, Inc. ("Apple") nor the names of + * its contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. * - * The Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER - * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, - * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. - * Please see the License for the specific language governing rights and - * limitations under the License. + * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY + * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND + * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * @APPLE_LICENSE_HEADER_END@ + * @APPLE_BSD_LICENSE_HEADER_END@ */ #ifndef _BSM_AUDIT_RECORD_H_ ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/bsm/libbsm.h#2 (text+ko) ==== @@ -332,6 +332,29 @@ } au_header32_t; +/* + * record byte count 4 bytes + * version # 1 byte [2] + * event type 2 bytes + * event modifier 2 bytes + * address type/length 1 byte (XXX: actually, 4 bytes) + * machine address 4 bytes/16 bytes (IPv4/IPv6 address) + * seconds of time 4 bytes/8 bytes (32/64-bits) + * nanoseconds of time 4 bytes/8 bytes (32/64-bits) + */ +typedef struct { + + u_int32_t size; + u_char version; + u_int16_t e_type; + u_int16_t e_mod; + u_int32_t ad_type; + u_int32_t addr[4]; + u_int32_t s; + u_int32_t ms; + +} au_header32_ex_t; + typedef struct { u_int32_t size; @@ -343,7 +366,20 @@ } au_header64_t; +typedef struct { + u_int32_t size; + u_char version; + u_int16_t e_type; + u_int16_t e_mod; + u_int32_t ad_type; + u_int32_t addr[4]; + u_int64_t s; + u_int64_t ms; + +} au_header64_ex_t; + + /* * internet address 4 bytes */ @@ -740,7 +776,9 @@ au_file_t file; au_groups_t grps; au_header32_t hdr32; + au_header32_ex_t hdr32_ex; au_header64_t hdr64; + au_header64_ex_t hdr64_ex; au_inaddr_t inaddr; au_inaddr_ex_t inaddr_ex; au_ip_t ip; ==== //depot/projects/trustedbsd/audit3/contrib/openbsm/libbsm/bsm_io.c#4 (text+ko) ==== @@ -366,15 +366,19 @@ char dst[INET6_ADDRSTRLEN]; const char *ret = NULL; - if (type == AF_INET) { + switch (type) { + case AU_IPv4: ipv4.s_addr = (in_addr_t)(ipaddr[0]); - ret = inet_ntop(type, &ipv4, dst, INET6_ADDRSTRLEN); - } else if (type == AF_INET6) { + ret = inet_ntop(AF_INET, &ipv4, dst, INET6_ADDRSTRLEN); + break; + + case AU_IPv6: ipv6.__u6_addr.__u6_addr32[0] = ipaddr[0]; ipv6.__u6_addr.__u6_addr32[1] = ipaddr[1]; ipv6.__u6_addr.__u6_addr32[2] = ipaddr[2]; ipv6.__u6_addr.__u6_addr32[3] = ipaddr[3]; - ret = inet_ntop(type, &ipv6, dst, INET6_ADDRSTRLEN); + ret = inet_ntop(AF_INET6, &ipv6, dst, INET6_ADDRSTRLEN); + break; } if (ret != NULL) { @@ -489,9 +493,101 @@ } /* + * The Solaris specifications for AUE_HEADER32_EX seem to differ a bit + * depending on the bit of the specifications found. The OpenSolaris source + * code uses a 4-byte address length, followed by some number of bytes of + * address data. This contrasts with the Solaris audit.log.5 man page, which + * specifies a 1-byte length field. We use the Solaris 10 definition so that + * we can parse audit trails from that system. + * * record byte count 4 bytes + * version # 1 byte [2] * event type 2 bytes * event modifier 2 bytes + * address type/length 4 bytes + * [ Solaris man page: address type/length 1 byte] + * machine address 4 bytes/16 bytes (IPv4/IPv6 address) + * seconds of time 4 bytes/8 bytes (32/64-bits) + * nanoseconds of time 4 bytes/8 bytes (32/64-bits) + */ +static int +fetch_header32_ex_tok(tokenstr_t *tok, char *buf, int len) +{ + int err = 0; + + READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.size, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_CHAR(buf, len, tok->tt.hdr32_ex.version, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT16(buf, len, tok->tt.hdr32_ex.e_type, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT16(buf, len, tok->tt.hdr32_ex.e_mod, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.ad_type, tok->len, err); + if (err) + return (-1); + + bzero(tok->tt.hdr32_ex.addr, sizeof(tok->tt.hdr32_ex.addr)); + switch (tok->tt.hdr32_ex.ad_type) { + case AU_IPv4: + READ_TOKEN_BYTES(buf, len, &tok->tt.hdr32_ex.addr[0], + sizeof(tok->tt.hdr32_ex.addr[0]), tok->len, err); + if (err) + return (-1); + break; + + case AU_IPv6: + READ_TOKEN_BYTES(buf, len, &tok->tt.hdr32_ex.addr, + sizeof(tok->tt.hdr32_ex.addr), tok->len, err); + break; + } + + READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.s, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.hdr32_ex.ms, tok->len, err); + if (err) + return (-1); + + return (0); +} + +static void +print_header32_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, + char sfrm) +{ + + print_tok_type(fp, tok->id, "header_ex", raw); + print_delim(fp, del); + print_4_bytes(fp, tok->tt.hdr32_ex.size, "%u"); + print_delim(fp, del); + print_1_byte(fp, tok->tt.hdr32_ex.version, "%u"); + print_delim(fp, del); + print_event(fp, tok->tt.hdr32_ex.e_type, raw, sfrm); + print_delim(fp, del); + print_evmod(fp, tok->tt.hdr32_ex.e_mod, raw); + print_delim(fp, del); + print_ip_ex_address(fp, tok->tt.hdr32_ex.ad_type, + tok->tt.hdr32_ex.addr); + print_delim(fp, del); + print_sec32(fp, tok->tt.hdr32_ex.s, raw); + print_delim(fp, del); + print_msec32(fp, tok->tt.hdr32_ex.ms, raw); +} + +/* + * record byte count 4 bytes + * event type 2 bytes + * event modifier 2 bytes * seconds of time 4 bytes/8 bytes (32-bit/64-bit value) * milliseconds of time 4 bytes/8 bytes (32-bit/64-bit value) * version # @@ -546,6 +642,92 @@ print_delim(fp, del); print_msec64(fp, tok->tt.hdr64.ms, raw); } +/* + * record byte count 4 bytes + * version # 1 byte [2] + * event type 2 bytes + * event modifier 2 bytes + * address type/length 4 bytes + * [ Solaris man page: address type/length 1 byte] + * machine address 4 bytes/16 bytes (IPv4/IPv6 address) + * seconds of time 4 bytes/8 bytes (32/64-bits) + * nanoseconds of time 4 bytes/8 bytes (32/64-bits) + * + * XXXAUDIT: See comment by fetch_header32_ex_tok() for details on the + * accuracy of the BSM spec. + */ +static int +fetch_header64_ex_tok(tokenstr_t *tok, char *buf, int len) +{ + int err = 0; + + READ_TOKEN_U_INT32(buf, len, tok->tt.hdr64_ex.size, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_CHAR(buf, len, tok->tt.hdr64_ex.version, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT16(buf, len, tok->tt.hdr64_ex.e_type, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT16(buf, len, tok->tt.hdr64_ex.e_mod, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT32(buf, len, tok->tt.hdr64_ex.ad_type, tok->len, err); + if (err) + return (-1); + + bzero(tok->tt.hdr64_ex.addr, sizeof(tok->tt.hdr64_ex.addr)); + switch (tok->tt.hdr64_ex.ad_type) { + case AU_IPv4: + READ_TOKEN_BYTES(buf, len, &tok->tt.hdr64_ex.addr[0], + sizeof(tok->tt.hdr64_ex.addr[0]), tok->len, err); + if (err) + return (-1); + break; + + case AU_IPv6: + READ_TOKEN_BYTES(buf, len, &tok->tt.hdr64_ex.addr, + sizeof(tok->tt.hdr64_ex.addr), tok->len, err); + break; + } + + READ_TOKEN_U_INT64(buf, len, tok->tt.hdr64_ex.s, tok->len, err); + if (err) + return (-1); + + READ_TOKEN_U_INT64(buf, len, tok->tt.hdr64_ex.ms, tok->len, err); + if (err) + return (-1); + + return (0); +} + +static void +print_header64_ex_tok(FILE *fp, tokenstr_t *tok, char *del, char raw, char sfrm) +{ + + print_tok_type(fp, tok->id, "header_ex", raw); + print_delim(fp, del); + print_4_bytes(fp, tok->tt.hdr64_ex.size, "%u"); + print_delim(fp, del); + print_1_byte(fp, tok->tt.hdr64_ex.version, "%u"); + print_delim(fp, del); + print_event(fp, tok->tt.hdr64_ex.e_type, raw, sfrm); + print_delim(fp, del); + print_evmod(fp, tok->tt.hdr64_ex.e_mod, raw); + print_delim(fp, del); + print_ip_ex_address(fp, tok->tt.hdr64_ex.ad_type, + tok->tt.hdr64_ex.addr); + print_delim(fp, del); + print_sec64(fp, tok->tt.hdr64_ex.s, raw); + print_delim(fp, del); + print_msec64(fp, tok->tt.hdr64_ex.ms, raw); +} /* * trailer magic 2 bytes @@ -1151,12 +1333,12 @@ if (err) return (-1); - if (tok->tt.inaddr_ex.type == AF_INET) { + if (tok->tt.inaddr_ex.type == AU_IPv4) { READ_TOKEN_BYTES(buf, len, &tok->tt.inaddr_ex.addr[0], sizeof(tok->tt.inaddr_ex.addr[0]), tok->len, err); if (err) return (-1); - } else if (tok->tt.inaddr_ex.type == AF_INET6) { + } else if (tok->tt.inaddr_ex.type == AU_IPv6) { READ_TOKEN_BYTES(buf, len, &tok->tt.inaddr_ex.addr, sizeof(tok->tt.inaddr_ex.addr), tok->len, err); if (err) @@ -1564,12 +1746,12 @@ if (err) return (-1); - if (tok->tt.proc32_ex.tid.type == AF_INET) { + if (tok->tt.proc32_ex.tid.type == AU_IPv4) { READ_TOKEN_BYTES(buf, len, &tok->tt.proc32_ex.tid.addr[0], sizeof(tok->tt.proc32_ex.tid.addr[0]), tok->len, err); if (err) return (-1); - } else if (tok->tt.proc32_ex.tid.type == AF_INET6) { + } else if (tok->tt.proc32_ex.tid.type == AU_IPv6) { READ_TOKEN_BYTES(buf, len, &tok->tt.proc32_ex.tid.addr, sizeof(tok->tt.proc32_ex.tid.addr), tok->len, err); if (err) @@ -2036,12 +2218,12 @@ if (err) return (-1); - if (tok->tt.subj32_ex.tid.type == AF_INET) { + if (tok->tt.subj32_ex.tid.type == AU_IPv4) { READ_TOKEN_BYTES(buf, len, &tok->tt.subj32_ex.tid.addr[0], sizeof(tok->tt.subj32_ex.tid.addr[0]), tok->len, err); if (err) return (-1); - } else if (tok->tt.subj32_ex.tid.type == AF_INET6) { + } else if (tok->tt.subj32_ex.tid.type == AU_IPv6) { READ_TOKEN_BYTES(buf, len, &tok->tt.subj32_ex.tid.addr, sizeof(tok->tt.subj32_ex.tid.addr), tok->len, err); if (err) @@ -2211,7 +2393,8 @@ /* * Reads the token beginning at buf into tok. */ -int au_fetch_tok(tokenstr_t *tok, u_char *buf, int len) +int +au_fetch_tok(tokenstr_t *tok, u_char *buf, int len) { if (len <= 0) @@ -2225,9 +2408,15 @@ case AUT_HEADER32: return (fetch_header32_tok(tok, buf, len)); + case AUT_HEADER32_EX: + return (fetch_header32_ex_tok(tok, buf, len)); + case AUT_HEADER64: return (fetch_header64_tok(tok, buf, len)); + case AUT_HEADER64_EX: + return (fetch_header64_ex_tok(tok, buf, len)); + case AUT_TRAILER: return (fetch_trailer_tok(tok, buf, len)); @@ -2340,9 +2529,15 @@ case AUT_HEADER32: return (print_header32_tok(outfp, tok, del, raw, sfrm)); + case AUT_HEADER32_EX: + return (print_header32_ex_tok(outfp, tok, del, raw, sfrm)); + case AUT_HEADER64: return (print_header64_tok(outfp, tok, del, raw, sfrm)); + case AUT_HEADER64_EX: + return (print_header64_ex_tok(outfp, tok, del, raw, sfrm)); + case AUT_TRAILER: return (print_trailer_tok(outfp, tok, del, raw, sfrm));