diff options
author | wsalamon <wsalamon@FreeBSD.org> | 2006-06-17 13:53:04 +0000 |
---|---|---|
committer | wsalamon <wsalamon@FreeBSD.org> | 2006-06-17 13:53:04 +0000 |
commit | 3a6d7ed2cf9128621b9e35fd816b275b2dcef3e9 (patch) | |
tree | 05793437d5f56aa0f3d57083ac2559a2ff0ba982 /sys/security | |
parent | f9e76ed97b78149f582927edcf047ba9b85b6203 (diff) | |
download | FreeBSD-src-3a6d7ed2cf9128621b9e35fd816b275b2dcef3e9.zip FreeBSD-src-3a6d7ed2cf9128621b9e35fd816b275b2dcef3e9.tar.gz |
Make the size of the subject32_ex and process32_ex tokens depend on
whether we have an IPv6 address. Write the term ID as 4 or
16 bytes depending on address type. This change matches the recent
OpenBSM change, and what Solaris does.
Obtained from: TrustedBSD Project
Approved by: rwatson (mentor)
Diffstat (limited to 'sys/security')
-rw-r--r-- | sys/security/audit/audit_bsm_token.c | 38 |
1 files changed, 25 insertions, 13 deletions
diff --git a/sys/security/audit/audit_bsm_token.c b/sys/security/audit/audit_bsm_token.c index 23a9c7c..3ca74aa 100644 --- a/sys/security/audit/audit_bsm_token.c +++ b/sys/security/audit/audit_bsm_token.c @@ -30,7 +30,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#15 $ + * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#17 $ * $FreeBSD$ */ @@ -609,7 +609,7 @@ au_to_process(__unused au_id_t auid, __unused uid_t euid, * terminal ID * port ID 4 bytes/8 bytes (32-bit/64-bit value) * address type-len 4 bytes - * machine address 16 bytes + * machine address 4/16 bytes */ token_t * au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, @@ -618,7 +618,12 @@ au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, token_t *t; u_char *dptr = NULL; - GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * sizeof(u_int32_t)); + if (tid->at_type == AU_IPv6) + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * + sizeof(u_int32_t)); + else + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * + sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_PROCESS32_EX); ADD_U_INT32(dptr, auid); @@ -631,10 +636,11 @@ au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, ADD_U_INT32(dptr, tid->at_port); ADD_U_INT32(dptr, tid->at_type); ADD_U_INT32(dptr, tid->at_addr[0]); - ADD_U_INT32(dptr, tid->at_addr[1]); - ADD_U_INT32(dptr, tid->at_addr[2]); - ADD_U_INT32(dptr, tid->at_addr[3]); - + if (tid->at_type == AU_IPv6) { + ADD_U_INT32(dptr, tid->at_addr[1]); + ADD_U_INT32(dptr, tid->at_addr[2]); + ADD_U_INT32(dptr, tid->at_addr[3]); + } return (t); } @@ -938,7 +944,7 @@ au_to_subject(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid, * terminal ID * port ID 4 bytes/8 bytes (32-bit/64-bit value) * address type/length 4 bytes - * machine address 16 bytes + * machine address 4/16 bytes */ token_t * au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, @@ -947,7 +953,12 @@ au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, token_t *t; u_char *dptr = NULL; - GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * sizeof(u_int32_t)); + if (tid->at_type == AU_IPv6) + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * + sizeof(u_int32_t)); + else + GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 * + sizeof(u_int32_t)); ADD_U_CHAR(dptr, AUT_SUBJECT32_EX); ADD_U_INT32(dptr, auid); @@ -960,10 +971,11 @@ au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, ADD_U_INT32(dptr, tid->at_port); ADD_U_INT32(dptr, tid->at_type); ADD_U_INT32(dptr, tid->at_addr[0]); - ADD_U_INT32(dptr, tid->at_addr[1]); - ADD_U_INT32(dptr, tid->at_addr[2]); - ADD_U_INT32(dptr, tid->at_addr[3]); - + if (tid->at_type == AU_IPv6) { + ADD_U_INT32(dptr, tid->at_addr[1]); + ADD_U_INT32(dptr, tid->at_addr[2]); + ADD_U_INT32(dptr, tid->at_addr[3]); + } return (t); } |