From: Sarah Day <sarahday@mit.edu>
Date: Mon, 7 Dec 2015 18:48:22 +0000 (-0500)
Subject: Add IPv6 address logging support to audit plugin
X-Git-Tag: krb5-1.15-beta1~314
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5e063638032912f93df1426dc92cdae5e65c5e5a;p=thirdparty%2Fkrb5.git

Add IPv6 address logging support to audit plugin

The jsonwalker.py test was failing due to the audit plugin only
logging the IP for IPv4.  The audit plugin should log the IP address
for both IPv4 and IPv6.  Rename the JSON "ipv4" field in the
"fromaddr" JSON object to "ip" and set the field if either an IPv4 or
an IPv6 address is present.  Any parsers of the audit log can tell
which address is stored in the "ip" field by checking the "type" field
in "fromaddr".  Also update the jsonwalker.py reference JSON file,
au_dict.json, to handle this new field name.

old audit:

{"fromaddr":{"type":<int>,"length":<int>,"ipv4":[<4 int>]}

where "ipv4" only occurs when type is ADDRTYPE_INET

new audit:

{"fromaddr":{"type":<int>,"length":<int>,"ip":[<<length> int>]}

where "ip" only occurs when type is ADDRTYPE_INET or ADDRTYPE_INET6

[tlyu@mit.edu: minor commit message edits]

ticket: 8298
---

diff --git a/src/plugins/audit/j_dict.h b/src/plugins/audit/j_dict.h
index 2ca48b05b0..65962e331f 100644
--- a/src/plugins/audit/j_dict.h
+++ b/src/plugins/audit/j_dict.h
@@ -44,7 +44,7 @@
 #define AU_FROMPORT           "fromport"
 #define AU_FROMADDR           "fromaddr"
 #define AU_TYPE               "type" /* used by fromaddr */
-#define AU_IPV4               "ipv4" /* used by fromaddr */
+#define AU_IP                 "ip" /* used by fromaddr */
 #define AU_SESS_ETYPE         "sess_etype"
 #define AU_SRV_ETYPE          "srv_etype"
 #define AU_REP_ETYPE          "rep_etype"
diff --git a/src/plugins/audit/kdc_j_encode.c b/src/plugins/audit/kdc_j_encode.c
index c3f913cd29..e24f4d8510 100755
--- a/src/plugins/audit/kdc_j_encode.c
+++ b/src/plugins/audit/kdc_j_encode.c
@@ -616,7 +616,7 @@ addr_to_obj(krb5_address *a, k5_json_object obj)
     if (ret)
         goto error;
 
-    if (a->addrtype == ADDRTYPE_INET) {
+    if (a->addrtype == ADDRTYPE_INET || a->addrtype == ADDRTYPE_INET6) {
         ret = k5_json_array_create(&arr);
         if (ret)
             goto error;
@@ -629,7 +629,7 @@ addr_to_obj(krb5_address *a, k5_json_object obj)
             if (ret)
                 goto error;
         }
-        ret = k5_json_object_set(obj, AU_IPV4, arr);
+        ret = k5_json_object_set(obj, AU_IP, arr);
         if (ret)
             goto error;
     }
diff --git a/src/tests/au_dict.json b/src/tests/au_dict.json
index c0a6e64606..c4379327e7 100644
--- a/src/tests/au_dict.json
+++ b/src/tests/au_dict.json
@@ -6,7 +6,7 @@
 "fromaddr":{
 	"type":0,
 	"length":0,
-	"ipv4":[]},
+	"ip":[]},
 "kdc_status":"",
 "rep_etype":0,
 "rep.ticket":{