Teamtrack ID (Bug/RFE/Task):
BUG87157: Backward IP address octets in SSO logs
Root Cause (Bug) or Purpose (RFE/Task):
The exception list obtain ip address from the configuration file, then invoke the function inet_aton to save ipaddress as network byte order. So don't invoke the function "htonl" when outputting the debug message. The functon "htonl" converts from host byte order to network byte order, used to network transmission. Obviously, in this scene it only outputs the message, not network transmission.
Note: Using the same version, the logs are normal in the newport(PPC platform) box, but the logs are abnormal in the vashon(x86 platform) box. Since x86 platform is little-endian. PPC platform is big-endian. The function "htonl" does nothing in the PPC platorm.
Solution:
In this scene, don't convert byte order when output the debug message.
Unit test:
(1). Configure SSO on the newport and vashon box respectively.
(2). Increase diagnostic logging for Authentication to "debug".
(3). Input some SSO exceptions in the UI and save it to the firebox.
(3.1). The input ip address are as folows in the vashon box.
"1.2.3.4", "5.6.7.8".
(3.2). The input ip address are as folows in the newport box.
"5.6.7.8", "1.2.3.4".
(4). Observe log output to see the backward IP addresses. The following is a snapshot.
(4.1) The logs are as follows in the vashon(x86 platform) box.
Aug 11 05:41:17 2015 XTM535 local3.info admd[2448]: wgadmHandleCfgapi(): cfg update for xpath=x/profile/system-parameters/single-sign-on
Aug 11 05:41:17 2015 XTM535 local3.info admd[2448]: wgadmHandleCfgapi(): cfg update for xpath=*/profile/system-parameters/single-sign-on
Aug 11 05:41:17 2015 XTM535 local3.info admd[2448]: SSO: read enableSSO=1
Aug 11 05:41:17 2015 XTM535 local3.info admd[2448]: SSO: read cache timeout=600
Aug 11 05:41:17 2015 XTM535 local3.info admd[2448]: SSO: read ssoAgent ip=10.139.36.39
Aug 11 05:41:17 2015 XTM535 local3.debug admd[2448]: The IP=1.2.3.4(0x4030201)
Aug 11 05:41:17 2015 XTM535 local3.debug admd[2448]: The IP=5.6.7.8(0x8070605)
Aug 11 05:41:17 2015 XTM535 local3.info admd[2448]: ====wgadmDumpSsoExceptionList: ====BEGIN
Aug 11 05:41:17 2015 XTM535 local3.info admd[2448]: SSO:==== EXCLUDE IP LIST====
Aug 11 05:41:17 2015 XTM535 local3.info admd[2448]: IP=1.2.3.4(0x4030201)
Aug 11 05:41:17 2015 XTM535 local3.info admd[2448]: IP=5.6.7.8(0x8070605)
Aug 11 05:41:17 2015 XTM535 local3.info admd[2448]: SSO:==== EXCLUDE SUBNET LIST====
Aug 11 05:41:17 2015 XTM535 local3.info admd[2448]: SSO:==== EXCLUDE RANGE LIST====
Aug 11 05:41:17 2015 XTM535 local3.info admd[2448]: ====wgadmDumpSsoExceptionList: ====END
(4.2) The logs area as follows in the newport(ppc platform) box.
Aug 11 05:46:21 2015 XTM33-W local3.info admd[6654]: SSO: not connect to sso agent yet in 8 seconds
Aug 11 05:46:24 2015 XTM33-W local3.info admd[6654]: wgadmHandleCfgapi(): cfg update for xpath=x/profile/system-parameters/single-sign-on
Aug 11 05:46:24 2015 XTM33-W local3.info admd[6654]: wgadmHandleCfgapi(): cfg update for xpath=*/profile/system-parameters/single-sign-on
Aug 11 05:46:24 2015 XTM33-W local3.info admd[6654]: SSO: read enableSSO=1
Aug 11 05:46:24 2015 XTM33-W local3.info admd[6654]: SSO: read cache timeout=600
Aug 11 05:46:24 2015 XTM33-W local3.info admd[6654]: SSO: read ssoAgent ip=10.10.10.9
Aug 11 05:46:24 2015 XTM33-W local3.debug admd[6654]: The IP=5.6.7.8(0x5060708)
Aug 11 05:46:24 2015 XTM33-W local3.debug admd[6654]: The IP=1.2.3.4(0x1020304)
Aug 11 05:46:24 2015 XTM33-W local3.info admd[6654]: ====wgadmDumpSsoExceptionList: ====BEGIN
Aug 11 05:46:24 2015 XTM33-W local3.info admd[6654]: SSO:==== EXCLUDE IP LIST====
Aug 11 05:46:24 2015 XTM33-W local3.info admd[6654]: IP=5.6.7.8(0x5060708)
Aug 11 05:46:24 2015 XTM33-W local3.info admd[6654]: IP=1.2.3.4(0x1020304)
Aug 11 05:46:24 2015 XTM33-W local3.info admd[6654]: SSO:==== EXCLUDE SUBNET LIST====
Aug 11 05:46:24 2015 XTM33-W local3.info admd[6654]: SSO:==== EXCLUDE RANGE LIST====
Aug 11 05:46:24 2015 XTM33-W local3.info admd[6654]: ====wgadmDumpSsoExceptionList: ====END
