diff options
| author | gww <gww@eng.sun.com> | 2009-09-24 14:25:39 -0700 |
|---|---|---|
| committer | gww <gww@eng.sun.com> | 2009-09-24 14:25:39 -0700 |
| commit | 11bc41c8d344c50e04ea4015552fe4efbf0cdfc4 (patch) | |
| tree | 27d7034d15a3b3cbd772f90eb98a1959e708ff30 | |
| parent | 0a4675b3d422aaa480e8a456bc5dd2d67cc50222 (diff) | |
| download | illumos-joyent-11bc41c8d344c50e04ea4015552fe4efbf0cdfc4.tar.gz | |
6864075 adt.xml is missing support for tokens needed by the ILB project
6879490 libbsm private au_to_in_addr_ex produces bad tokens
| -rw-r--r-- | usr/src/lib/libbsm/auditxml | 3 | ||||
| -rw-r--r-- | usr/src/lib/libbsm/common/adt.h | 6 | ||||
| -rw-r--r-- | usr/src/lib/libbsm/common/adt.xml | 13 | ||||
| -rw-r--r-- | usr/src/lib/libbsm/common/adt_token.c | 75 | ||||
| -rw-r--r-- | usr/src/lib/libbsm/common/adt_xlate.h | 4 | ||||
| -rw-r--r-- | usr/src/lib/libbsm/common/au_to.c | 32 |
6 files changed, 118 insertions, 15 deletions
diff --git a/usr/src/lib/libbsm/auditxml b/usr/src/lib/libbsm/auditxml index 163e3d8ad4..ae44223d06 100644 --- a/usr/src/lib/libbsm/auditxml +++ b/usr/src/lib/libbsm/auditxml @@ -596,10 +596,11 @@ sub generateTableC { # 'groups' => 'AUT_GROUPS', # not defined # 'header' => 'AUT_HEADER', # not defined 'in_peer' => 'ADT_IN_PEER', # dummy token id + 'in_remote' => 'ADT_IN_REMOTE', # dummy token id 'tid' => 'AUT_TID', # 'ipc' => 'AUT_IPC', # not defined # 'ipc_perm' => 'AUT_IPC_PERM', # not defined - # 'iport' => 'AUT_IPORT', # not defined + 'iport' => 'AUT_IPORT', 'label' => 'AUT_LABEL', 'newgroups' => 'AUT_NEWGROUPS', # 'opaque' => 'AUT_OPAQUE', # not defined diff --git a/usr/src/lib/libbsm/common/adt.h b/usr/src/lib/libbsm/common/adt.h index 969baed722..2cae8133e9 100644 --- a/usr/src/lib/libbsm/common/adt.h +++ b/usr/src/lib/libbsm/common/adt.h @@ -21,7 +21,7 @@ /* * adt.h * - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * * This is a contract private interface and is subject to change @@ -48,8 +48,8 @@ extern "C" { /* * terminal id types */ -#define ADT_IPv4 0 -#define ADT_IPv6 1 +#define ADT_IPv4 1 +#define ADT_IPv6 2 /* * for adt_set_user(): ADT_NEW if creating a session for a newly diff --git a/usr/src/lib/libbsm/common/adt.xml b/usr/src/lib/libbsm/common/adt.xml index 7424537353..c58ad56398 100644 --- a/usr/src/lib/libbsm/common/adt.xml +++ b/usr/src/lib/libbsm/common/adt.xml @@ -2052,9 +2052,22 @@ Use is subject to license terms. </token> <token id="groups"> </token> + <!-- + the iport token take a single argument of type uint16_t + if there are any other tokens following it that have arguments + the last of the iport tokens in the event description must + be followed by a dummy iport token that is optional. + This is to ensure proper structure alignment across all + compliers and architectures. + --> + <token id="iport"> + </token> <!-- pseudo token; in_addr and in_port of peer --> <token id="in_peer"> </token> + <!-- pseudo token; specified in_addr --> + <token id="in_remote"> + </token> <token id="ipc"> </token> <token id="ipc_perm"> diff --git a/usr/src/lib/libbsm/common/adt_token.c b/usr/src/lib/libbsm/common/adt_token.c index 0d706973f6..fcb537e3f5 100644 --- a/usr/src/lib/libbsm/common/adt_token.c +++ b/usr/src/lib/libbsm/common/adt_token.c @@ -911,6 +911,77 @@ adt_to_in_peer(datadef *def, void *p_data, int required, } } +/* + * ADT_IN_REMOTE dummy token + * + * Similar to ADT_IN_PEER except the input is + * an IP address type (ADT_IPv4 | ADT_IPv6) and an address V4/V6 + */ + +/* ARGSUSED */ +static void +adt_to_in_remote(datadef *def, void *p_data, int required, + struct adt_event_state *event, char *notUsed) +{ + int32_t type; + + DPRINTF((" adt_to_in_remote dd_datatype=%d\n", def->dd_datatype)); + + type = ((union convert *)p_data)->tuint32; + + if (type == 0) { + if (required == 0) { + return; + } + /* required and not specified */ + adt_write_syslog("adt_to_in_remote required address not " + "specified", 0); + type = ADT_IPv4; + } + p_data = adt_adjust_address(p_data, sizeof (int32_t), + sizeof (uint32_t)); + + switch (type) { + case ADT_IPv4: + (void) au_write(event->ae_event_handle, au_to_in_addr( + (struct in_addr *)&(((union convert *)p_data)->tuint32))); + break; + case ADT_IPv6: + (void) au_write(event->ae_event_handle, au_to_in_addr_ex( + (struct in6_addr *)&(((union convert *)p_data)->tuint32))); + break; + default: + adt_write_syslog("adt_to_in_remote invalid type", EINVAL); + return; + } +} + +/* + * adt_to_iport takes a uint16_t IP port. + */ + +/* ARGSUSED */ +static void +adt_to_iport(datadef *def, void *p_data, int required, + struct adt_event_state *event, char *notUsed) +{ + ushort_t port; + + DPRINTF((" adt_to_iport dd_datatype=%d\n", def->dd_datatype)); + + port = ((union convert *)p_data)->tuint16; + + if (port == 0) { + if (required == 0) { + return; + } + /* required and not specified */ + adt_write_syslog("adt_to_iport no required port", 0); + } + (void) au_write(event->ae_event_handle, au_to_iport(port)); + +} + /* * This is a compact table that defines only the tokens that are @@ -920,7 +991,7 @@ adt_to_in_peer(datadef *def, void *p_data, int required, * adt_xlate.h), and the -AUT_PATH value. */ -#define MAX_TOKEN_JMP 18 +#define MAX_TOKEN_JMP 20 static struct token_jmp token_table[MAX_TOKEN_JMP] = { @@ -928,6 +999,8 @@ static struct token_jmp token_table[MAX_TOKEN_JMP] = {ADT_CMD_ALT, adt_to_cmd1}, {AUT_FMRI, adt_to_frmi}, {ADT_IN_PEER, adt_to_in_peer}, + {ADT_IN_REMOTE, adt_to_in_remote}, + {AUT_IPORT, adt_to_iport}, {AUT_LABEL, adt_to_label}, {AUT_NEWGROUPS, adt_to_newgroups}, {AUT_PATH, adt_to_path}, diff --git a/usr/src/lib/libbsm/common/adt_xlate.h b/usr/src/lib/libbsm/common/adt_xlate.h index 8d94a96217..c4491ed24a 100644 --- a/usr/src/lib/libbsm/common/adt_xlate.h +++ b/usr/src/lib/libbsm/common/adt_xlate.h @@ -69,9 +69,9 @@ extern "C" { #define ADT_AUT_PRIV_L -100 /* limit set */ #define ADT_AUT_PRIV_I -101 /* inherited set */ #define ADT_AUT_PRIV_E -102 /* effective set */ -/* dummy token type for alternate command */ -#define ADT_CMD_ALT -103 +#define ADT_CMD_ALT -103 /* dummy token type for alternate command */ #define ADT_IN_PEER -104 /* peer address in_addr and in_port */ +#define ADT_IN_REMOTE -105 /* specified address in_addr */ enum adt_generic {ADT_GENERIC}; /* base for text enums */ diff --git a/usr/src/lib/libbsm/common/au_to.c b/usr/src/lib/libbsm/common/au_to.c index d3e9cb0885..c31ed8ba41 100644 --- a/usr/src/lib/libbsm/common/au_to.c +++ b/usr/src/lib/libbsm/common/au_to.c @@ -935,16 +935,32 @@ au_to_in_addr_ex(struct in6_addr *addr) { token_t *token; adr_t adr; - char data_header = AUT_IN_ADDR_EX; - if ((token = get_token(sizeof (char) + sizeof (struct in6_addr))) - == NULL) { - return (NULL); - } + if (IN6_IS_ADDR_V4MAPPED(addr)) { + ipaddr_t in4; - adr_start(&adr, token->tt_data); - adr_char(&adr, &data_header, 1); - adr_char(&adr, (char *)addr, sizeof (struct in6_addr)); + /* + * An IPv4-mapped IPv6 address is really an IPv4 address + * in IPv6 format. + */ + + IN6_V4MAPPED_TO_IPADDR(addr, in4); + return (au_to_in_addr((struct in_addr *)&in4)); + + } else { + char data_header = AUT_IN_ADDR_EX; + int32_t type = AU_IPv6; + + if ((token = get_token(sizeof (char) + sizeof (int32_t) + + sizeof (struct in6_addr))) == NULL) { + return (NULL); + } + + adr_start(&adr, token->tt_data); + adr_char(&adr, &data_header, 1); + adr_int32(&adr, &type, 1); + adr_char(&adr, (char *)addr, sizeof (struct in6_addr)); + } return (token); } |