6607434 praudit(1M) output in error --- no newline after exec_args,0

6624513 return token values from userland should be able to include errno.
6624525 praudit:token.c has nits
6627669 the PSARC/2000/517 audit interfaces do not support the in_peer token
6629752 praudit displays the ip port token in HEX rather than in_port_t

6 files changed, 188 insertions, 80 deletions

diff --git a/usr/src/lib/libbsm/auditxml b/usr/src/lib/libbsm/auditxml
index 6392ecb631..fda81b8786 100644
--- a/usr/src/lib/libbsm/auditxml
+++ b/usr/src/lib/libbsm/auditxml
@@ -555,28 +555,32 @@ sub generateTableC {
     my $omit = shift;
 
     my %tokenType = (
-		  'acl'			=> 'AUT_ACL',
-		  'arbitrary'		=> 'AUT_ARBITRARY',
-		  'arg'			=> 'AUT_ARG',
-		  'attr'		=> 'AUT_ATTR',
+	#
+	#	tokenTypes are the ones that are actually defined
+	#	for use in adt.xml audit records
+	#
+
+	#	  'acl'			=> 'AUT_ACL',		# not defined
+	#	  'arbitrary'		=> 'AUT_ARBITRARY',	# not defined
+	#	  'arg'			=> 'AUT_ARG',		# not defined
+	#	  'attr'		=> 'AUT_ATTR',
 		  'command'		=> 'AUT_CMD',
 		  'command_1'		=> 'ADT_CMD_ALT',	# dummy token id
-		  'date'		=> 'AUT_TEXT',
-		  'exec_args'   	=> 'AUT_EXEC_ARGS',
-		  'exec_env'    	=> 'AUT_EXEC_ENV',
-		  'exit'        	=> 'AUT_EXIT',
-		  'file'        	=> 'AUT_FILE',
+	#	  'date'		=> 'AUT_TEXT',		# not used
+	#	  'exec_args'   	=> 'AUT_EXEC_ARGS',	# not defined
+	#	  'exec_env'    	=> 'AUT_EXEC_ENV',	# not defined
+	#	  'exit'        	=> 'AUT_EXIT',		# not defined
 		  'fmri'        	=> 'AUT_FMRI',
-		  'groups'      	=> 'AUT_GROUPS',
-	#	  'header'      	=> 'AUT_HEADER',	# not used
-		  'in_addr'     	=> 'AUT_IN_ADDR',
+	#	  'groups'      	=> 'AUT_GROUPS',	# not defined
+	#	  'header'      	=> 'AUT_HEADER',	# not defined
+		  'in_peer'     	=> 'ADT_IN_PEER',	# dummy token id
 		  'tid'          	=> 'AUT_TID',
-		  'ipc'         	=> 'AUT_IPC',
-		  'ipc_perm'    	=> 'AUT_IPC_PERM',
-		  'iport'		=> 'AUT_IPORT',
+	#	  'ipc'         	=> 'AUT_IPC',		# not defined
+	#	  'ipc_perm'    	=> 'AUT_IPC_PERM',	# not defined
+	#	  'iport'		=> 'AUT_IPORT',		# not defined
 		  'label'		=> 'AUT_LABEL',
 		  'newgroups'   	=> 'AUT_NEWGROUPS',
-		  'opaque'      	=> 'AUT_OPAQUE',
+	#	  'opaque'      	=> 'AUT_OPAQUE',	# not defined
 		  'path'        	=> 'AUT_PATH',
 		  'path_list'		=> '-AUT_PATH',		# dummy token id
 		  'process'     	=> 'AUT_PROCESS',
@@ -584,12 +588,12 @@ sub generateTableC {
 		  'priv_limit'		=> 'ADT_AUT_PRIV_L', 	# dummy token id
 		  'priv_inherit'	=> 'ADT_AUT_PRIV_I',	# dummy token id
 		  'return'      	=> 'AUT_RETURN',
-		  'seq'         	=> 'AUT_SEQ',
-		  'socket'      	=> 'AUT_SOCKET',
-		  'socket-inet' 	=> 'AUT_SOCKET_INET',
+	#	  'seq'         	=> 'AUT_SEQ',		# not defined
+	#	  'socket'      	=> 'AUT_SOCKET',	# not defined
+	#	  'socket-inet' 	=> 'AUT_SOCKET_INET',
 		  'subject'     	=> 'AUT_SUBJECT',
 		  'text'        	=> 'AUT_TEXT',
-	#	  'trailer'     	=> 'AUT_TRAILER',	# not used
+	#	  'trailer'     	=> 'AUT_TRAILER',	# not defined
 		  'uauth'		=> 'AUT_UAUTH',
 		  'zonename'		=> 'AUT_ZONENAME'
 		 );
diff --git a/usr/src/lib/libbsm/common/adt.xml b/usr/src/lib/libbsm/common/adt.xml
index b0d2ccfb69..4ed659ce3c 100644
--- a/usr/src/lib/libbsm/common/adt.xml
+++ b/usr/src/lib/libbsm/common/adt.xml
@@ -1347,7 +1347,8 @@ Use is subject to license terms.
     </token>
     <token id="groups">
     </token>
-    <token id="in_addr">
+    <!-- pseudo token; in_addr and in_port of peer -->
+    <token id="in_peer">
     </token>
     <token id="ipc">
     </token>
diff --git a/usr/src/lib/libbsm/common/adt_token.c b/usr/src/lib/libbsm/common/adt_token.c
index 69c6fe373b..3f89703ee6 100644
--- a/usr/src/lib/libbsm/common/adt_token.c
+++ b/usr/src/lib/libbsm/common/adt_token.c
@@ -31,6 +31,7 @@
 #include <bsm/adt.h>
 #include <bsm/adt_event.h>
 #include <bsm/audit.h>
+
 #include <adt_xlate.h>
 #include <assert.h>
 #include <netdb.h>
@@ -38,12 +39,15 @@
 #include <string.h>
 #include <strings.h>
 #include <stdlib.h>
+#include <time.h>
+#include <unistd.h>
+
 #include <sys/priv_names.h>
+#include <sys/socket.h>
 #include <sys/types.h>
 #include <sys/vnode.h>
+
 #include <tsol/label.h>
-#include <time.h>
-#include <unistd.h>
 
 #ifdef	C2_DEBUG
 #define	DPRINTF(x) {printf x; }
@@ -96,9 +100,9 @@ adt_token_open(struct adt_event_state *event)
 			adt_write_syslog("au_open failed", ENOMEM);
 			have_syslogged = 1;
 		}
-	}
-	else
+	} else {
 		have_syslogged = 0;
+	}
 }
 
 /*
@@ -203,10 +207,11 @@ adt_to_cmd1(datadef *def, void *p_data, int required,
 	string = ((union convert *)p_data)->tcharstar;
 
 	if (string == NULL) {
-		if (required)
+		if (required) {
 			string = empty;
-		else
+		} else {
 			return;
+		}
 	}
 	/* argc is hardcoded as 1 */
 	(void) au_write(event->ae_event_handle, au_to_cmd(1, &string,
@@ -281,10 +286,11 @@ adt_to_frmi(datadef *def, void *p_data, int required,
 	fmri = ((union convert *)p_data)->tcharstar;
 
 	if (fmri == NULL) {
-		if (required)
+		if (required) {
 			fmri = empty;
-		else
+		} else {
 			return;
+		}
 	}
 	DPRINTF(("  fmri=%s\n", fmri));
 	(void) au_write(event->ae_event_handle, au_to_fmri(fmri));
@@ -333,8 +339,9 @@ adt_to_newgroups(datadef *def, void *p_data, int required,
 	if (n < 1) {
 		if (required) {
 			n = 0;  /* in case negative n was passed */
-		} else
+		} else {
 			return;
+		}
 	}
 	p_data = adt_adjust_address(p_data, sizeof (int), sizeof (int32_t *));
 
@@ -357,9 +364,10 @@ adt_to_path(datadef *def, void *p_data, int required,
 		(void) au_write(event->ae_event_handle, au_to_path(path));
 	} else {
 		DPRINTF(("  Null path\n"));
-		if (required)
+		if (required) {
 			(void) au_write(event->ae_event_handle,
 			    au_to_path(empty));
+		}
 	}
 }
 
@@ -383,9 +391,10 @@ adt_to_pathlist(datadef *def, void *p_data, int required,
 		working_buf = strdup(pathlist);
 		if (working_buf == NULL) {
 			adt_write_syslog("audit failure", errno);
-			if (required)
+			if (required) {
 				(void) au_write(event->ae_event_handle,
 				    au_to_path(empty));
+			}
 			return;
 		}
 		for (path = strtok_r(working_buf, " ", &last_str);
@@ -464,10 +473,11 @@ getCharacteristics(struct auditpinfo_addr *info, pid_t *pid)
 {
 	int	rc;
 
-	if (*pid == 0)			/* getpinfo for this pid */
+	if (*pid == 0) {		/* getpinfo for this pid */
 		info->ap_pid = getpid();
-	else
+	} else {
 		info->ap_pid = *pid;
+	}
 
 	rc = auditon(A_GETPINFO_ADDR, (caddr_t)info,
 	    sizeof (struct auditpinfo_addr));
@@ -614,9 +624,9 @@ adt_write_text(int handle, char *main_text, const char *format)
 {
 	char	buffer[TEXT_LENGTH * 2 + 1];
 
-	if (format == NULL)
+	if (format == NULL) {
 		(void) au_write(handle, au_to_text(main_text));
-	else {
+	} else {
 		(void) snprintf(buffer, TEXT_LENGTH * 2, format, main_text);
 		(void) au_write(handle, au_to_text(buffer));
 	}
@@ -652,11 +662,12 @@ adt_to_text(datadef *def, void *p_data, int required,
 		date = ((union convert *)p_data)->tlong;
 		if (strftime(buffer, sizeof (buffer), "%x",
 		    localtime_r(&date, &tm)) > TEXT_LENGTH) {
-			if (required)
+			if (required) {
 				(void) strncpy(buffer, "invalid date",
 				    TEXT_LENGTH);
-			else
+			} else {
 				break;
+			}
 		}
 		DPRINTF(("  text=%s\n", buffer));
 		adt_write_text(event->ae_event_handle, buffer, format);
@@ -671,17 +682,19 @@ adt_to_text(datadef *def, void *p_data, int required,
 		list_index = ((union convert *)p_data)->msg_selector;
 
 		if ((list_index + list->ml_offset < list->ml_min_index) ||
-		    (list_index + list->ml_offset > list->ml_max_index))
+		    (list_index + list->ml_offset > list->ml_max_index)) {
 			string = "Invalid message index";
-		else
+		} else {
 			string = list->ml_msg_list[list_index +
 			    list->ml_offset];
+		}
 
 		if (string == NULL) {	/* null is valid; means skip */
 			if (required) {
 				string = empty;
-			} else
+			} else {
 				break;
+			}
 		}
 		DPRINTF(("  text=%s\n", string));
 		adt_write_text(event->ae_event_handle, string, format);
@@ -734,10 +747,11 @@ adt_to_text(datadef *def, void *p_data, int required,
 				string += written;
 				available -= written;
 			}
-		} else if (required)
+		} else if (required) {
 			string = empty;
-		else
+		} else {
 			break;
+		}
 
 		adt_write_text(event->ae_event_handle, buffer, format);
 		break;
@@ -759,10 +773,11 @@ adt_to_text(datadef *def, void *p_data, int required,
 		string = ((union convert *)p_data)->tcharstar;
 
 		if (string == NULL) {
-			if (required)
+			if (required) {
 				string = empty;
-			else
+			} else {
 				break;
+			}
 		}
 		DPRINTF(("  text=%s\n", string));
 		adt_write_text(event->ae_event_handle, string, format);
@@ -783,10 +798,11 @@ adt_to_text(datadef *def, void *p_data, int required,
 					adt_write_text(event->ae_event_handle,
 					    string, format);
 			}
-		} else if (required)
+		} else if (required) {
 			adt_write_text(event->ae_event_handle, empty, format);
-		else
+		} else {
 			break;
+		}
 		break;
 	default:
 		if (!have_syslogged) { /* don't flood the log */
@@ -799,6 +815,10 @@ adt_to_text(datadef *def, void *p_data, int required,
 	DFLUSH
 }
 
+/*
+ * AUT_UAUTH
+ */
+
 /* ARGSUSED */
 static void
 adt_to_uauth(datadef *def, void *p_data, int required,
@@ -811,15 +831,20 @@ adt_to_uauth(datadef *def, void *p_data, int required,
 	string = ((union convert *)p_data)->tcharstar;
 
 	if (string == NULL) {
-		if (required)
+		if (required) {
 			string = empty;
-		else
+		} else {
 			return;
+		}
 	}
 	DPRINTF(("  text=%s\n", string));
 	(void) au_write(event->ae_event_handle, au_to_uauth(string));
 }
 
+/*
+ * AUT_ZONENAME
+ */
+
 /* ARGSUSED */
 static void
 adt_to_zonename(datadef *def, void *p_data, int required,
@@ -834,33 +859,77 @@ adt_to_zonename(datadef *def, void *p_data, int required,
 		(void) au_write(event->ae_event_handle, au_to_zonename(name));
 	} else {
 		DPRINTF(("  Null name\n"));
-		if (required)
+		if (required) {
 			(void) au_write(event->ae_event_handle,
 			    au_to_zonename(empty));
+		}
+	}
+}
+
+/*
+ * ADT_IN_PEER dummy token
+ */
+
+/* ARGSUSED */
+static void
+adt_to_in_peer(datadef *def, void *p_data, int required,
+    struct adt_event_state *event, char *notUsed)
+{
+	int	sock;
+	struct sockaddr_in6 peer;
+	int	peerlen = sizeof (peer);
+
+	DPRINTF(("    adt_to_in_peer dd_datatype=%d\n", def->dd_datatype));
+
+	sock = ((union convert *)p_data)->tint;
+
+	if (sock < 0) {
+		DPRINTF(("  Socket fd %d\n", sock));
+		return;
+	}
+	if (getpeername(sock, (struct sockaddr *)&peer, (socklen_t *)&peerlen)
+	    < 0) {
+
+		adt_write_syslog("adt_to_in_addr getpeername", errno);
+	}
+	if (peer.sin6_family == AF_INET6) {
+		(void) au_write(event->ae_event_handle,
+		    au_to_in_addr_ex(&(peer.sin6_addr)));
+		(void) au_write(event->ae_event_handle,
+		    au_to_iport((ushort_t)peer.sin6_port));
+	} else {
+		(void) au_write(event->ae_event_handle,
+		    au_to_in_addr(&(((struct sockaddr_in *)&peer)->sin_addr)));
+		(void) au_write(event->ae_event_handle,
+		    au_to_iport(
+		    (ushort_t)(((struct sockaddr_in *)&peer)->sin_port)));
 	}
 }
 
 
 /*
- * no function for header -- the header is generated by au_close()
- *
- * no function for trailer -- the trailer is generated by au_close()
+ *	This is a compact table that defines only the tokens that are
+ * actually generated in the adt.xml file.  It can't be a  pure
+ * indexed table because the adt.xml language defines internal extension
+ * tokens for some processing.  VIZ. ADT_CMD_ALT, ADT_AUT_PRIV_* (see
+ * adt_xlate.h), and the -AUT_PATH value.
  */
 
-#define	MAX_TOKEN_JMP 17
+#define	MAX_TOKEN_JMP 18
 
 static struct token_jmp token_table[MAX_TOKEN_JMP] =
 {
 	{AUT_CMD, adt_to_cmd},
 	{ADT_CMD_ALT, adt_to_cmd1},
-	{ADT_AUT_PRIV_L, adt_to_priv_limit},
-	{ADT_AUT_PRIV_I, adt_to_priv_inherit},
-	{ADT_AUT_PRIV_E, adt_to_priv_effective},
-	{AUT_NEWGROUPS, adt_to_newgroups},
 	{AUT_FMRI, adt_to_frmi},
+	{ADT_IN_PEER, adt_to_in_peer},
 	{AUT_LABEL, adt_to_label},
+	{AUT_NEWGROUPS, adt_to_newgroups},
 	{AUT_PATH, adt_to_path},
 	{-AUT_PATH, adt_to_pathlist},	/* private extension of token values */
+	{ADT_AUT_PRIV_L, adt_to_priv_limit},
+	{ADT_AUT_PRIV_I, adt_to_priv_inherit},
+	{ADT_AUT_PRIV_E, adt_to_priv_effective},
 	{AUT_PROCESS, adt_to_process},
 	{AUT_RETURN, adt_to_return},
 	{AUT_SUBJECT, adt_to_subject},
@@ -869,26 +938,34 @@ static struct token_jmp token_table[MAX_TOKEN_JMP] =
 	{AUT_UAUTH, adt_to_uauth},
 	{AUT_ZONENAME, adt_to_zonename}
 };
+
 /*
- * {AUT_ARG, adt_to_arg},		   not used
- * {AUT_ACL, adt_to_acl},                  not used
- * {AUT_ARBITRARY, adt_to_arbitrary},      AUT_ARBITRARY is undefined
- * {AUT_ATTR, adt_to_attr},		   not used in mountd
- * {AUT_EXEC_ARGS, adt_to_exec_args},      not used
- * {AUT_EXEC_ENV, adt_to_exec_env},        not used
- * {AUT_EXIT, adt_to_exit},		   obsolete
- * {AUT_FILE, adt_to_file},                AUT_FILE is undefined
- * {AUT_GROUPS, adt_to_groups},            obsolete
- * {AUT_HEADER, adt_to_header}             not used
- * {AUT_IN_ADDR, adt_to_in_addr},	   not used
- * {AUT_IP, adt_to_ip},			   not used
- * {AUT_IPC, adt_to_ipc},                  not used
- * {AUT_IPC_PERM, adt_to_ipc_perm},        not used
- * {AUT_OPAQUE, adt_to_opaque},            not used
- * {AUT_SEQ, adt_to_seq},                  not used
- * {AUT_SOCKET, adt_to_socket},            not used
- * {AUT_SOCKET_INET, adt_to_socket_inet},  AUT_SOCKET_INET is undefined
- * {AUT_TRAILER, adt_to_trailer}           not used
+ *	{AUT_ACL, adt_to_acl},			not used
+ *	{AUT_ARBITRARY, adt_to_arbitrary},	AUT_ARBITRARY is undefined
+ *	{AUT_ARG, adt_to_arg},			not used
+ *	{AUT_ATTR, adt_to_attr},		not used in mountd
+ *	{AUT_XATOM, adt_to_atom},		not used
+ *	{AUT_EXEC_ARGS, adt_to_exec_args},	not used
+ *	{AUT_EXEC_ENV, adt_to_exec_env},	not used
+ *	{AUT_EXIT, adt_to_exit},		obsolete
+ *	{AUT_FILE, adt_to_file},		AUT_FILE is undefined
+ *	{AUT_XCOLORMAP, adt_to_colormap},	not used
+ *	{AUT_XCURSOR, adt_to_cursor},		not used
+ *	{AUT_XFONT, adt_to_font},		not used
+ *	{AUT_XGC, adt_to_gc},			not used
+ *	{AUT_GROUPS, adt_to_groups},		obsolete
+ *	{AUT_HEADER, adt_to_header},		generated by au_close
+ *	{AUT_IP, adt_to_ip},			not used
+ *	{AUT_IPC, adt_to_ipc},			not used
+ *	{AUT_IPC_PERM, adt_to_ipc_perm},	not used
+ *	{AUT_OPAQUE, adt_to_opaque},		not used
+ *	{AUT_XPIXMAP, adt_to_pixmap},		not used
+ *	{AUT_XPROPERTY, adt_to_property},	not used
+ *	{AUT_SEQ, adt_to_seq},			not used
+ *	{AUT_SOCKET, adt_to_socket},		not used
+ *	{AUT_SOCKET_INET, adt_to_socket_inet},  AUT_SOCKET_INET is undefined
+ *	{AUT_TRAILER, adt_to_trailer},		generated by au_close
+ *	{AUT_XCLIENT, adt_to_xclient}		not used
  */
 
 /* find function to generate token */
diff --git a/usr/src/lib/libbsm/common/adt_xlate.h b/usr/src/lib/libbsm/common/adt_xlate.h
index 9c2bdb9015..283a3f66c0 100644
--- a/usr/src/lib/libbsm/common/adt_xlate.h
+++ b/usr/src/lib/libbsm/common/adt_xlate.h
@@ -70,6 +70,7 @@ extern "C" {
 #define	ADT_AUT_PRIV_E	-102	/* effective set */
 /* dummy token type for alternate command */
 #define	ADT_CMD_ALT	-103
+#define	ADT_IN_PEER	-104	/* peer address in_addr and in_port */
 
 enum adt_generic {ADT_GENERIC}; /* base for text enums */
 
diff --git a/usr/src/lib/libbsm/common/au_to.c b/usr/src/lib/libbsm/common/au_to.c
index 47ff60b5d8..813efe7571 100644
--- a/usr/src/lib/libbsm/common/au_to.c
+++ b/usr/src/lib/libbsm/common/au_to.c
@@ -907,7 +907,7 @@ au_to_opaque(char *opaque, short bytes)
 /*
  * au_to_in_addr
  * return s:
- *	pointer to a internet address token
+ *	pointer to an internet address token
  */
 token_t *
 au_to_in_addr(struct in_addr *internet_addr)
@@ -916,12 +916,36 @@ au_to_in_addr(struct in_addr *internet_addr)
 	adr_t adr;			/* adr memory stream header */
 	char data_header = AUT_IN_ADDR;	/* header for this token */
 
-	token = get_token(sizeof (char) + sizeof (uint32_t));
+	token = get_token(sizeof (char) + sizeof (struct in_addr));
 	if (token == NULL)
 		return (NULL);
 	adr_start(&adr, token->tt_data);
 	adr_char(&adr, &data_header, 1);
-	adr_int32(&adr, (int32_t *)internet_addr, 1);
+	adr_char(&adr, (char *)internet_addr, sizeof (struct in_addr));
+
+	return (token);
+}
+
+/*
+ * au_to_in_addr_ex
+ * return s:
+ *	pointer to an internet extended token
+ */
+token_t *
+au_to_in_addr_ex(struct in6_addr *addr)
+{
+	token_t *token;
+	adr_t adr;
+	char data_header = AUT_IN_ADDR_EX;
+
+	if ((token = get_token(sizeof (char) + sizeof (struct in6_addr)))
+	    == NULL) {
+		return (NULL);
+	}
+
+	adr_start(&adr, token->tt_data);
+	adr_char(&adr, &data_header, 1);
+	adr_char(&adr, (char *)addr, sizeof (struct in6_addr));
 
 	return (token);
 }
diff --git a/usr/src/lib/libbsm/common/mapfile-vers b/usr/src/lib/libbsm/common/mapfile-vers
index 1efd828b2c..cdadac09e6 100644
--- a/usr/src/lib/libbsm/common/mapfile-vers
+++ b/usr/src/lib/libbsm/common/mapfile-vers
@@ -254,6 +254,7 @@ SUNWprivate_1.1 {
 	au_to_fmri;
 	au_to_header;
 	au_to_header_ex;
+	au_to_in_addr_ex;
 	au_to_label;
 	au_to_mylabel;
 	au_to_privset;