Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 2 Dec 2008 23:26:43 +0000 (UTC)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r185573 - in head: contrib/openbsm contrib/openbsm/bin contrib/openbsm/bin/audit contrib/openbsm/bin/auditd contrib/openbsm/bin/auditfilterd contrib/openbsm/bin/auditreduce contrib/open...
Message-ID:  <200812022326.mB2NQheJ074455@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: rwatson
Date: Tue Dec  2 23:26:43 2008
New Revision: 185573
URL: http://svn.freebsd.org/changeset/base/185573

Log:
  Merge OpenBSM 1.1 alpha 2 from the OpenBSM vendor branch to head, both
  contrib/openbsm (svn merge) and sys/{bsm,security/audit} (manual merge).
  
  - Add OpenBSM contrib tree to include paths for audit(8) and auditd(8).
  - Merge support for new tokens, fixes to existing token generation to
    audit_bsm_token.c.
  - Synchronize bsm includes and definitions.
  
  OpenBSM history for imported revisions below for reference.
  
  MFC after:      1 month
  Sponsored by:   Apple Inc.
  Obtained from:  TrustedBSD Project
  
  --
  
  OpenBSM 1.1 alpha 2
  
  - Include files in OpenBSM are now broken out into two parts: library builds
    required solely for user space, and system includes, which may also be
    required for use in the kernels of systems integrating OpenBSM.  Submitted
    by Stacey Son.
  - Configure option --with-native-includes allows forcing the use of native
    include for system includes, rather than the versions bundled with OpenBSM.
    This is intended specifically for platforms that ship OpenBSM, have adapted
    versions of the system includes in a kernel source tree, and will use the
    OpenBSM build infrastructure with an unmodified OpenBSM distribution,
    allowing the customized system includes to be used with the OpenBSM build.
    Submitted by Stacey Son.
  - Various strcpy()'s/strcat()'s have been changed to strlcpy()'s/strlcat()'s
    or asprintf().  Added compat/strlcpy.h for Linux.
  - Remove compatibility defines for old Darwin token constant names; now only
    BSM token names are provided and used.
  - Add support for extended header tokens, which contain space for information
    on the host generating the record.
  - Add support for setting extended host information in the kernel, which is
    used for setting host information in extended header tokens.  The
    audit_control file now supports a "host" parameter which can be used by
    auditd to set the information; if not present, the kernel parameters won't
    be set and auditd uses unextended headers for records that it generates.
  
  OpenBSM 1.1 alpha 1
  
  - Add option to auditreduce(1) which allows users to invert sense of
    matching, such that BSM records that do not match, are selected.
  - Fix bug in audit_write() where we commit an incomplete record in the
    event there is an error writing the subject token.  This was submitted
    by Diego Giagio.
  - Build support for Mac OS X 10.5.1 submitted by Eric Hall.
  - Fix a bug which resulted in host XML attributes not being arguments so
    that const strings can be passed as arguments to tokens.  This patch was
    submitted by Xin LI.
  - Modify the -m option so users can select more then one audit event.
  - For Mac OS X, added Mach IPC support for audit trigger messages.
  - Fixed a bug in getacna() which resulted in a locking problem on Mac OS X.
  - Added LOG_PERROR flag to openlog when -d option is used with auditd.
  - AUE events added for Mac OS X Leopard system calls.

Added:
  head/contrib/openbsm/CREDITS
     - copied unchanged from r185494, vendor/openbsm/dist/CREDITS
  head/contrib/openbsm/INSTALL
     - copied unchanged from r185494, vendor/openbsm/dist/INSTALL
  head/contrib/openbsm/NEWS
     - copied unchanged from r185494, vendor/openbsm/dist/NEWS
  head/contrib/openbsm/bin/auditd/audit_triggers.defs
     - copied unchanged from r185494, vendor/openbsm/dist/bin/auditd/audit_triggers.defs
  head/contrib/openbsm/bin/auditd/auditd_control.defs
     - copied unchanged from r185494, vendor/openbsm/dist/bin/auditd/auditd_control.defs
  head/contrib/openbsm/compat/strlcpy.h
     - copied unchanged from r185494, vendor/openbsm/dist/compat/strlcpy.h
  head/contrib/openbsm/sys/
     - copied from r185494, vendor/openbsm/dist/sys/
Deleted:
  head/contrib/openbsm/HISTORY
Modified:
  head/contrib/openbsm/   (props changed)
  head/contrib/openbsm/LICENSE
  head/contrib/openbsm/Makefile.am
  head/contrib/openbsm/Makefile.in
  head/contrib/openbsm/README
  head/contrib/openbsm/TODO
  head/contrib/openbsm/VERSION
  head/contrib/openbsm/bin/Makefile.in
  head/contrib/openbsm/bin/audit/Makefile.am
  head/contrib/openbsm/bin/audit/Makefile.in
  head/contrib/openbsm/bin/audit/audit.8
  head/contrib/openbsm/bin/audit/audit.c
  head/contrib/openbsm/bin/auditd/Makefile.am
  head/contrib/openbsm/bin/auditd/Makefile.in
  head/contrib/openbsm/bin/auditd/audit_warn.c
  head/contrib/openbsm/bin/auditd/auditd.8
  head/contrib/openbsm/bin/auditd/auditd.c
  head/contrib/openbsm/bin/auditd/auditd.h
  head/contrib/openbsm/bin/auditfilterd/Makefile.am
  head/contrib/openbsm/bin/auditfilterd/Makefile.in
  head/contrib/openbsm/bin/auditfilterd/auditfilterd.c
  head/contrib/openbsm/bin/auditreduce/Makefile.am
  head/contrib/openbsm/bin/auditreduce/Makefile.in
  head/contrib/openbsm/bin/auditreduce/auditreduce.1
  head/contrib/openbsm/bin/auditreduce/auditreduce.c
  head/contrib/openbsm/bin/auditreduce/auditreduce.h
  head/contrib/openbsm/bin/praudit/Makefile.am
  head/contrib/openbsm/bin/praudit/Makefile.in
  head/contrib/openbsm/bin/praudit/praudit.1
  head/contrib/openbsm/bin/praudit/praudit.c
  head/contrib/openbsm/bsm/Makefile.am
  head/contrib/openbsm/bsm/Makefile.in
  head/contrib/openbsm/bsm/audit_uevents.h
  head/contrib/openbsm/bsm/libbsm.h
  head/contrib/openbsm/compat/clock_gettime.h
  head/contrib/openbsm/compat/strlcat.h
  head/contrib/openbsm/config/config.h
  head/contrib/openbsm/config/config.h.in
  head/contrib/openbsm/configure
  head/contrib/openbsm/configure.ac
  head/contrib/openbsm/etc/audit_event
  head/contrib/openbsm/libbsm/Makefile.am
  head/contrib/openbsm/libbsm/Makefile.in
  head/contrib/openbsm/libbsm/au_class.3
  head/contrib/openbsm/libbsm/au_free_token.3
  head/contrib/openbsm/libbsm/au_token.3
  head/contrib/openbsm/libbsm/audit_submit.3
  head/contrib/openbsm/libbsm/bsm_audit.c
  head/contrib/openbsm/libbsm/bsm_class.c
  head/contrib/openbsm/libbsm/bsm_control.c
  head/contrib/openbsm/libbsm/bsm_event.c
  head/contrib/openbsm/libbsm/bsm_flags.c
  head/contrib/openbsm/libbsm/bsm_io.c
  head/contrib/openbsm/libbsm/bsm_mask.c
  head/contrib/openbsm/libbsm/bsm_notify.c
  head/contrib/openbsm/libbsm/bsm_token.c
  head/contrib/openbsm/libbsm/bsm_user.c
  head/contrib/openbsm/libbsm/bsm_wrappers.c
  head/contrib/openbsm/man/Makefile.in
  head/contrib/openbsm/man/audit.2
  head/contrib/openbsm/man/audit.log.5
  head/contrib/openbsm/man/audit_class.5
  head/contrib/openbsm/man/audit_control.5
  head/contrib/openbsm/man/audit_event.5
  head/contrib/openbsm/man/audit_user.5
  head/contrib/openbsm/man/audit_warn.5
  head/contrib/openbsm/man/auditctl.2
  head/contrib/openbsm/man/auditon.2
  head/contrib/openbsm/man/getaudit.2
  head/contrib/openbsm/man/getauid.2
  head/contrib/openbsm/man/setaudit.2
  head/contrib/openbsm/man/setauid.2
  head/contrib/openbsm/modules/Makefile.in
  head/contrib/openbsm/modules/auditfilter_noop/Makefile.am
  head/contrib/openbsm/modules/auditfilter_noop/Makefile.in
  head/contrib/openbsm/modules/auditfilter_noop/auditfilter_noop.c
  head/contrib/openbsm/test/Makefile.am
  head/contrib/openbsm/test/Makefile.in
  head/contrib/openbsm/test/bsm/Makefile.am
  head/contrib/openbsm/test/bsm/Makefile.in
  head/contrib/openbsm/tools/Makefile.am
  head/contrib/openbsm/tools/Makefile.in
  head/sys/bsm/audit.h
  head/sys/bsm/audit_internal.h
  head/sys/bsm/audit_kevents.h
  head/sys/bsm/audit_record.h
  head/sys/security/audit/audit_bsm_token.c
  head/usr.sbin/audit/Makefile
  head/usr.sbin/auditd/Makefile

Copied: head/contrib/openbsm/CREDITS (from r185494, vendor/openbsm/dist/CREDITS)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/contrib/openbsm/CREDITS	Tue Dec  2 23:26:43 2008	(r185573, copy of r185494, vendor/openbsm/dist/CREDITS)
@@ -0,0 +1,33 @@
+OpenBSM Credits
+
+The following organizations and individuals have contributed substantially to
+the development of OpenBSM:
+
+    Apple Inc.
+    McAfee Research, McAfee, Inc.
+    SPARTA, Inc.
+    Robert Watson
+    Wayne Salamon
+    Suresh Krishnaswamy
+    Kevin Van Vechten
+    Tom Rhodes
+    Wojciech Koszek
+    Chunyang Yuan
+    Poul-Henning Kamp
+    Christian Brueffer
+    Olivier Houchard
+    Christian Peron
+    Martin Fong
+    Pawel Worach
+    Martin Englund
+    Ruslan Ermilov
+    Martin Voros
+    Diego Giagio
+    Alex Samorukov
+    Eric Hall
+    Xin LI
+    Stacey Son
+
+In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
+Software's FlexeLint tool were used to identify a number of bugs in the
+OpenBSM implementation.

Copied: head/contrib/openbsm/INSTALL (from r185494, vendor/openbsm/dist/INSTALL)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/contrib/openbsm/INSTALL	Tue Dec  2 23:26:43 2008	(r185573, copy of r185494, vendor/openbsm/dist/INSTALL)
@@ -0,0 +1,29 @@
+OpenBSM Build and Installation Instructions
+
+OpenBSM is currently built using autoconf and automake, which should allow
+for building on a range of operating systems, including FreeBSD, Mac OS X,
+and Linux.  Depending on the availability of audit facilities in the
+underlying operating system, some components that depend on kernel audit
+support are built conditionally.  Typically, build will be performed using:
+
+    ./configure
+    make
+
+To install, use:
+
+    make install
+
+You may wish to specify that the OpenBSM components not be installed in the
+base system, rather in a specific directory.  This may be done using the
+--prefix argument to configure.  If installing to a specific directory,
+remember to update your library path so that running tools from that
+directory the correct libbsm is used:
+
+    ./configure --prefix=/home/rwatson/openbsm
+    make
+    make install
+    LD_LIBRARY_PATH=/home/rwatson/openbsm/libbsm ; export LD_LIBRARY_PATH
+
+You will need to manually propagate openbsm/etc/* into /etc/security on your
+system; this is not done automatically so as to avoid disrupting the current
+configuration.  Currently, the locations of these files is not configurable.

Modified: head/contrib/openbsm/LICENSE
==============================================================================
--- head/contrib/openbsm/LICENSE	Tue Dec  2 22:45:01 2008	(r185572)
+++ head/contrib/openbsm/LICENSE	Tue Dec  2 23:26:43 2008	(r185573)
@@ -1,3 +1,5 @@
+OpenBSM Copyrights and Licensing
+
 OpenBSM is covered by a number of copyrights, with licenses being either two
 or three clause BSD licenses.  Individual file headers should be consulted
 for specific copyrights on specific components.  The TrustedBSD Project would
@@ -30,4 +32,4 @@ substantially similar licenses:
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
 
-$P4: //depot/projects/trustedbsd/openbsm/LICENSE#4 $
+$P4: //depot/projects/trustedbsd/openbsm/LICENSE#5 $

Modified: head/contrib/openbsm/Makefile.am
==============================================================================
--- head/contrib/openbsm/Makefile.am	Tue Dec  2 22:45:01 2008	(r185572)
+++ head/contrib/openbsm/Makefile.am	Tue Dec  2 23:26:43 2008	(r185573)
@@ -1,5 +1,5 @@
 #
-# $P4: //depot/projects/trustedbsd/openbsm/Makefile.am#2 $
+# $P4: //depot/projects/trustedbsd/openbsm/Makefile.am#3 $
 #
 
 SUBDIRS =		\
@@ -7,7 +7,8 @@ SUBDIRS =		\
 	libbsm		\
 	bin		\
 	man		\
-	modules
+	modules		\
+	sys
 
 EXTRA_DIST =		\
 	CHANGELOG	\

Modified: head/contrib/openbsm/Makefile.in
==============================================================================
--- head/contrib/openbsm/Makefile.in	Tue Dec  2 22:45:01 2008	(r185572)
+++ head/contrib/openbsm/Makefile.in	Tue Dec  2 23:26:43 2008	(r185573)
@@ -15,7 +15,7 @@
 @SET_MAKE@
 
 #
-# $P4: //depot/projects/trustedbsd/openbsm/Makefile.in#5 $
+# $P4: //depot/projects/trustedbsd/openbsm/Makefile.in#8 $
 #
 VPATH = @srcdir@
 pkgdatadir = $(datadir)/@PACKAGE@
@@ -38,7 +38,7 @@ host_triplet = @host@
 subdir = .
 DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
 	$(srcdir)/Makefile.in $(top_srcdir)/config/config.h.in \
-	$(top_srcdir)/configure TODO config/config.guess \
+	$(top_srcdir)/configure INSTALL NEWS TODO config/config.guess \
 	config/config.sub config/depcomp config/install-sh \
 	config/ltmain.sh config/missing
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -116,6 +116,7 @@ LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
+MIG = @MIG@
 MKDIR_P = @MKDIR_P@
 OBJEXT = @OBJEXT@
 PACKAGE = @PACKAGE@
@@ -187,7 +188,8 @@ SUBDIRS = \
 	libbsm		\
 	bin		\
 	man		\
-	modules
+	modules		\
+	sys
 
 EXTRA_DIST = \
 	CHANGELOG	\

Copied: head/contrib/openbsm/NEWS (from r185494, vendor/openbsm/dist/NEWS)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/contrib/openbsm/NEWS	Tue Dec  2 23:26:43 2008	(r185573, copy of r185494, vendor/openbsm/dist/NEWS)
@@ -0,0 +1,351 @@
+OpenBSM Version History
+
+OpenBSM 1.1 alpha 2
+
+- Include files in OpenBSM are now broken out into two parts: library builds
+  required solely for user space, and system includes, which may also be
+  required for use in the kernels of systems integrating OpenBSM.  Submitted
+  by Stacey Son.
+- Configure option --with-native-includes allows forcing the use of native
+  include for system includes, rather than the versions bundled with OpenBSM.
+  This is intended specifically for platforms that ship OpenBSM, have adapted
+  versions of the system includes in a kernel source tree, and will use the
+  OpenBSM build infrastructure with an unmodified OpenBSM distribution,
+  allowing the customized system includes to be used with the OpenBSM build.
+  Submitted by Stacey Son.
+- Various strcpy()'s/strcat()'s have been changed to strlcpy()'s/strlcat()'s
+  or asprintf().  Added compat/strlcpy.h for Linux.
+- Remove compatibility defines for old Darwin token constant names; now only
+  BSM token names are provided and used.
+- Add support for extended header tokens, which contain space for information
+  on the host generating the record.
+- Add support for setting extended host information in the kernel, which is
+  used for setting host information in extended header tokens.  The
+  audit_control file now supports a "host" parameter which can be used by
+  auditd to set the information; if not present, the kernel parameters won't
+  be set and auditd uses unextended headers for records that it generates.
+
+OpenBSM 1.1 alpha 1
+
+- Add option to auditreduce(1) which allows users to invert sense of
+  matching, such that BSM records that do not match, are selected.
+- Fix bug in audit_write() where we commit an incomplete record in the
+  event there is an error writing the subject token.  This was submitted
+  by Diego Giagio.
+- Build support for Mac OS X 10.5.1 submitted by Eric Hall.
+- Fix a bug which resulted in host XML attributes not being printed
+  while processing extended header tokens.  This patch was submitted by
+  Martin Voros.
+- Constification of function arguments so that const strings can be passed
+  as arguments to tokens.  This patch was submitted by Xin LI.
+- Modify the -m option so users can select more then one audit event.
+- For Mac OS X, added Mach IPC support for audit trigger messages.
+- Fixed a bug in getacna() which resulted in a locking problem on Mac OS X.
+- Added LOG_PERROR flag to openlog when -d option is used with auditd.
+- AUE events added for Mac OS X Leopard system calls.
+
+OpenBSM 1.0
+
+- Fix bug in auditreduce(1) which resulted in a memory fault/crash when
+  the user specified an event name with -m.
+- Remove AU_.* hard-coded audit class constants, as audit classes are now
+  entirely dynamically configured using /etc/security/audit_class.
+
+OpenBSM 1.0 alpha 15
+
+- Fix bug when processing in_addr_ex tokens.
+- Restore the behavior of printing the string/text specified while
+  auditing arg32 tokens.
+- Synchronized audit event list to Solaris, picking up the *at(2) system call
+  definitions, now required for FreeBSD and Linux.  Added additional events
+  for *at(2) system calls not present in Solaris.
+- Bugs in auditreduce(1) fixed allowing partial date strings to be used in
+  filtering events.
+
+OpenBSM 1.0 alpha 14
+
+- Fix endian issues when processing IPv6 addresses for extended subject
+  and process tokens.
+- gcc41 warnings clean.
+- Teach audit_submit(3) about getaudit_addr(2).
+- Add support for zonename tokens.
+
+OpenBSM 1.0 alpha 13
+
+- compat/clock_gettime.h now provides a compatibility implementation of
+  clock_gettime(), which fixes building on Mac OS X.
+- Countless man page improvements, markup fixes, content fixs, etc.
+- XML printing support via "praudit -x".
+- audit.log.5 expanded to include additional BSM token types.
+- Added encoding and decoding routines for process64_ex, process32_ex,
+  subject32_ex, header64, and attr64 tokens.
+- Additional audit event identifiers for listen, mlockall/munlockall,
+  getpath, POSIX message queues, and mandatory access control.
+
+OpenBSM 1.0 alpha 12
+
+- Correct bug in auditreduce which prevented the -c option from working
+  correctly when the user specifies to process successful or failed events.
+  The problem stemmed from not having access to the return token at the time
+  the initial preselection occurred, but now a second preselection process
+  occurs while processing the return token.
+- getacfilesz(3) API added to read new audit_control(5) filesz setting,
+  which auditd(8) now sets the kernel audit trail rotation size to.
+- auditreduce(1) now uses stdin if no file names are specified on the command
+  line; this was the documented behavior previously, but it was not
+  implemented.  Be more specific in auditreduce(1)'s examples section about
+  what might be done with the output of auditreduce.
+- Add audit_warn(5) closefile event so that administrators can hook
+  termination of an audit trail file.  For example, this might be used to
+  compress the trail file after it is closed.
+- auditreduce(1) now uses regular expressions for pathname matching. Users can
+  now supply one or more (comma delimited) regular expressions for searching
+  the pathnames. If one of the regular expressions is prefixed with a tilde
+  (~), and a path matches, it will be excluded from the search results.
+
+OpenBSM 1.0 alpha 11
+
+- Reclassify certain read/write operations as having no class rather than the
+  fr/fw class; our default classes audit intent (open) not operations (read,
+  write).
+- Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads
+  and writes of sysctls as separate events.  Add additional kernel
+  environment and jail events for FreeBSD.
+- Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER
+  (issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued
+  by the kernel audit implementation) so that they can be distinguished.
+- Disable rate limiting of rotate requests; as the kernel doesn't retransmit
+  a dropped request, the log file will otherwise grow indefinitely if the
+  trigger is dropped.
+- Improve auditd debugging output.
+- Fix a number of threading related bugs in audit_control file reading
+  routines.
+- Add APIs au_poltostr() and au_strtopol() to convert between text
+  representations of audit_control policy flags and the flags passed to
+  auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY).
+- Add API getacpol() to return the 'policy:' entry from audit_control, an
+  extension to the Solaris file format to allow specification of policy
+  persistent flags.
+- Update audump to print the audit_control policy field.
+- Update auditd to read the audit_control policy field and set the kernel
+  policy to match it when configuring/reconfiguring.  Remove the -s and -h
+  arguments as these policies are now set via the configuration file.  If a
+  policy line is not found in the configuration file, continue with the
+  current default of setting AUDIT_CNT.
+- Fix bugs in the parsing of large execve(2) arguments and environmental
+  variable tokens; increase maximum parsed argument and variable count.
+- configure now detects strlcat(), used by policy-related functions.
+- Reference token and record sample files added to test tree.
+
+OpenBSM 1.0 alpha 10
+
+- auditd now generates complete audit records for its events, as required for
+  application-submitted audit records in the FreeBSD kernel audit
+  implementation.
+
+OpenBSM 1.0 alpha 9
+
+- Rename many OpenBSM-specific constants and API elements containing the
+  strings "BSM" and "bsm" to "AUDIT" and "audit", observing that this is true
+  for almost all existing constants and APIs.
+- Instead of passing a per-instance cookie directly into all audit filter
+  APIs, pass in the audit filter daemon state pointer, which is then used by
+  the module using an audit_filter_{get,set}cookie() API.  This will allow
+  future service APIs provided by the filter daemon to maintain their own
+  state -- for example, per-module preselection state.
+
+OpenBSM 1.0 alpha 8
+
+- Correct typo in definition of AUR_INT.
+- Adopt OpenSolaris constant values for AUDIT_* configuration flags.
+- Arguments to au_to_exec_args() and au_to_exec_env() no longer const.
+- Add kernel versions of au_to_exec_args() and au_to_exec_env().
+- Fix exec argument type that is printed for env strings from 'arg' to 'env'.
+- New OpenBSM token version number assigned, constants added for other
+  commonly seen version numbers.
+- OpenBSM-specific events assigned numbers in the 43xxx range to avoid future
+  collisions with Solaris.  Darwin events renamed to AUE_DARWIN_foo, as they
+  are now deprecated numberings.
+- autoconf now detects clock_gettime(), which is not available on Darwin.
+- praudit output fixes relating to arg32 and arg64 tokens.
+- Maximum record size updated to 64k-1 to match Solaris record size limit.
+- Various style and comment cleanups in include files.
+
+OpenBSM 1.0 alpha 7
+
+- Adopted Solaris-compatible format for subject32_ex and subject64_ex
+  tokens, which previously did not correctly implement variable length
+  address storage.
+- Prefer inttypes.h to stdint.h; enhance queue.h detection to test for
+  TAILQ_FOREACH_SAFE(), which is present in recent BSD queue.h's, but not
+  older ones.  OpenBSM now builds on some FreeBSD 4.x versions.
+- New event types for extended attributes, ACLs, and scheduling.
+
+OpenBSM 1.0 alpha 6
+
+- Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close();
+  previously we used hard-coded 0 and 1 values.
+- Add man page for au_open(), au_write(), au_close(), and
+  au_close_buffer().
+- Support a more complete range of data types for the arbitrary data token:
+  add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias
+  to AUR_INT), add AUR_INT64.
+- Add au_close_token(), which allows writing a single token_t to a memory
+  buffer.  Not likely to be used much by applications, but useful for
+  writing test tools.
+- Modify au_to_file() so that it accepts a timeval in user space, not just
+  kernel -- this is not a Solaris BSM API so can be modified without
+  causing compatibility issues.
+- Define a new API, au_to_header32_tm(), which adds a struct timeval
+  argument to the ordinary au_to_header32(), which is now implemented by
+  wrapping au_to_header32_tm() and calling gettimeofday().  #ifndef KERNEL
+  the APIs that invoke gettimeofday(), rather than having a variable
+  definition.  Don't try to retrieve time zone information using
+  gettimeofday(), as it's not needed, and introduces possible failure
+  modes.
+- Don't perform byte order transformations on the addr/machine fields of
+  the terminal ID that appears in the process32/subject32 tokens.  These
+  are assumed to be IP addresses, and as such, to be in network byte
+  order.
+- Universally, APIs now assume that IP addresses and ports are provided
+  in network byte order.  APIs now generally provide these types in
+  network byte order when decoding.
+- Beginnings of an OpenBSM test framework can now be found in openbsm/test.
+  This code is not built or installed by default.
+- auditd now assigns more appropriate syslog levels to its debugging and
+  error information.
+- Support for audit filters introduced: audit filters are dynamically
+  loaded shared objects that run in the context of a new daemon,
+  auditfilterd.  The daemon reads from an audit pipe and feeds both BSM and
+  parsed versions of records to shared objects using a module API.  This
+  will provide a framework for the writing of intrusion detection services.
+- New utility API, audit_submit(), added to capture common elements of audit
+  record submission for many applications.
+
+OpenBSM 1.0 alpha 5
+
+- Update install notes to indicate /etc files are to be installed manually.
+- On systems without LOG_SECURITY, use LOG_AUTH.
+- Convert to autoconf/automake in order to move to a more portable (not
+  BSD-specific) build infrastructure, and more easy conditional building of
+  components.  Currently, the primary feature loss is that automake does
+  not have native support for manual symlinks.  This will be addressed in a
+  future OpenBSM release.
+- Add compat/queue.h, to be used on systems dated BSD queue macro libraries
+  (as found on Linux).
+- Rename CHANGELOG to HISTORY, as our change log doesn't follow some of the
+  existing conventions for a CHANGELOG.
+- Some private data structures moved from audit.h to audit_internal.h to
+  prevent inappropriate use by applications and name space pollution.
+- Improved detection and use of endian macros using autoconf.
+- Avoid non-portable use of struct in6_addr, which is largely opaque.
+- Avoid leaking BSD kernel socket related token code to user space in
+  bsm_token.c.
+- Teach System V IPC calls to look for Linux naming variations for certain
+  struct ipc_perm fields.
+- Test for audit system calls, and if not present, don't build
+  bsm_wrappers.c, bsm_notify.c, audit(8), and auditd(8), which rely on
+  those system calls.
+- au_close() is not implemented on systems that don't have audit system
+  calls, but au_close_buffer() is.
+- Work around missing BSDisms in bsm_wrapper.c.
+- Fix nested includes so including libbsm.h in an application on Linux
+  picks up the necessary definitions.
+
+OpenBSM 1.0 alpha 4
+
+- Remove "audit" user example from audit_user, as it's not present on most
+  systems.
+- Add cannot_audit() function non-Darwin systems that wraps auditon();
+  required by OpenSSH BSM support.  Convert Darwin cannot_audit() into a
+  function rather than a macro.
+- Library build fixed on Darwin following include file tweaks.  The native
+  Darwin sys/audit.h conflicts with bsm/audit.h due to duplicate types, so
+  for now we force bsm_wrappers.c to not perform a nested include of
+  sys/audit.h.
+
+OpenBSM 1.0 alpha 3
+
+- Man page formatting, cross reference, mlinks, and accuracy improvements.
+- auditd and tools now compile and run on FreeBSD/arm.
+- auditd will now fchown() the trail file to the audit review group, if
+  defined at compile-time.
+- Added AUE_SYSARCH for FreeBSD.
+- Definition of AUE_SETFSGID fixed for Linux.
+
+OpenBSM 1.0 alpha 2
+
+- Man page formatting improvements.
+- A number of new audit event identifiers for FreeBSD, Linux, and POSIX.1b
+  events.
+- Remove 'tfm' class, unused in OpenBSM.
+
+OpenBSM 1.0 alpha 1
+
+- Import of Darwin74 BSM drop
+- Use 'syslog' for audit log warnings, rather than echoing to a file in
+  audit_warn.
+- Compile using BSD make infrastructure.
+- Integrate bsm/ include files from Darwin74 XNU drop into OpenBSM.
+- Narrow set of symbols and defines that are exposed in user space: don't
+  compile in code relying on kernel-only types such as 'struct socket'.
+- Add README, including basic build documentation.
+- Compilation of Apple-specific notify and Machroutines now #ifdef __APPLE__.
+- Staticize libbsm global variables to avoid leakage into applications.
+- Add free_au_user_ent() so that au_user_ent's don't have to be leaked.
+- Clean up bogus nul-termination checks in libbsm.
+- Add libbsm API man pages: au_class.3 au_control.3 au_event.3
+  au_free_token.3 au_io.3 au_mask.3 au_token.3 au_user.3 libbsm.3.
+- Add man pages for BSM system calls: audit.2 auditctl.2 auditon.2 getaudit.2
+  getauid.2 setaudit.2 setauid.2
+- Modify various libbsm interfaces to more consistently return 'errno' values
+  on failure.
+- Break out au_close() into constituent parts, allowing records to be written
+  to memory as well as files.
+- Prefix various defines with 'BSM_' to reduce name space pollution.
+- Added audit_internal.h, which can be used by a kernel audit implementation
+  wanting to rely on libbsm components.
+- Build with warnings, and eliminate warnings.
+- Make libbsm endian-independent, storing and reading BSM are big endian
+  (network byte order) rather than native byte order.  More consistently
+  print IP addresses using the IP address print routine.  These changes
+  make use of sys/endian.h from *BSD; since this isn't present on Darwin,
+  add it to OpenBSM as compat/endian.h, which is used only on Darwin.
+- Import of Darwin80 BSM drop, including 64-bit file IDs, better
+  documentation of private APIs, and bug fixes.
+- White space cleanup.
+- Add audit.log.5, a first cut at a man page documenting the BSM file format.
+- Teach au_read_rec() to recognize stand-alone file tokens, which are present
+  at the beginning and end of Solaris audit trails.  Technically, these
+  appear to violate the high level BSM spec, which suggests that all tokens
+  are present in records, but need to be supported.
+- Implement HEADER64, ATTR64, SUBJECT64 token types, which make it possible
+  to run praudit(1) on basic Solaris BSM streams.
+- Switched to Solaris spelling of token names; Darwin spellings are now
+  deprecated and will be removed in a future version of OpenBSM.
+- Adopt Solaris model for representing IPv4 and IPv6 addresses.
+- Prefer C99 types.
+- Attempt to universally adopt the BSD style(9) coding style for
+  consistency.
+- auditreduce(1) now has a usage message.
+- Update support for auditctl(2) system call to support FreeBSD.
+- Add support for /dev/audit as the trigger source on FreeBSD.
+- Add additional event types for Darwin, FreeBSD, and Solaris.  Annotate
+  conflicts (there are a few, unfortunately).  Correct spellings, comment,
+  sort, etc.  These include {get,set}res[ug]id(), sendfile(), lchflags(),
+  eaccess(), kqueue(), kevent(), poll(), lchmod().
+- Relicensed under a BSD license, many thanks to Apple, Inc!
+- Many bug fixes, cleanups, thread safety in the class, control, event,
+  and user system audit databases.  Annotate some persisting atomicity
+  bugs associated with the API and implementation.
+- Add audump test tool.
+- Adopt OpenSolaris BSM API memory semantics: caller allocates memory,
+  or static memory is returned for non-_r() versions of API calls.
+  _free() calls dropped as a result, and source code compatibility with
+  OpenSolaris improved significantly.
+- Annotate BSM events with origin OS and compatibility information.
+- auditd(8), audit(8) added to the OpenBSM distribution.  auditd extended
+  to support reloading of kernel event table.
+- Allow comments in /etc/security configuration files.
+
+$P4: //depot/projects/trustedbsd/openbsm/NEWS#9 $

Modified: head/contrib/openbsm/README
==============================================================================
--- head/contrib/openbsm/README	Tue Dec  2 22:45:01 2008	(r185572)
+++ head/contrib/openbsm/README	Tue Dec  2 23:26:43 2008	(r185573)
@@ -1,4 +1,4 @@
-OpenBSM 1.0
+OpenBSM 1.1 alpha 1
 
   Introduction
 
@@ -16,12 +16,13 @@ may be found in the FreeBSD and Mac OS X
 OpenBSM consists of several directories:
 
     bin/           Audit-related command line tools
-    bsm/           System include files for BSM
+    bsm/           Library include files for BSM
     compat/        Compatibility code to build on various OS's
     etc/           Sample /etc/security configuration files
     libbsm/        Implementation of BSM library interfaces and man pages
     man/           System call and configuration file man pages
     modules/       Directory for auditfilterd module source
+    sys/           System include files for BSM
     test/          Test token sets and geneneration program
     tools/         Tool directory, including audump to dump databases
 
@@ -34,66 +35,9 @@ The following programs are included with
     audump         Debugging tool to parse and print audit databases
     praudit        Tool to print audit trails
 
-  Building
+  Build and Installation
 
-OpenBSM is currently built using autoconf and automake, which should allow
-for building on a range of operating systems, including FreeBSD, Mac OS X,
-and Linux.  Depending on the availability of audit facilities in the
-underlying operating system, some components that depend on kernel audit
-support are built conditionally.  Typically, build will be performed using:
-
-    ./configure
-    make
-
-To install, use:
-
-    make install
-
-You may wish to specify that the OpenBSM components not be installed in the
-base system, rather in a specific directory.  This may be done using the
---prefix argument to configure.  If installing to a specific directory,
-remember to update your library path so that running tools from that
-directory the correct libbsm is used:
-
-    ./configure --prefix=/home/rwatson/openbsm
-    make
-    make install
-    LD_LIBRARY_PATH=/home/rwatson/openbsm/libbsm ; export LD_LIBRARY_PATH
-
-You will need to manually propagate openbsm/etc/* into /etc on your system;
-this is not done automatically so as to avoid disrupting the current
-configuration.  Currently, the locations of these files is not configurable.
-
-  Credits
-
-The following organizations and individuals have contributed substantially to
-the development of OpenBSM:
-
-    Apple Computer, Inc.
-    McAfee Research, McAfee, Inc.
-    SPARTA, Inc.
-    Robert Watson
-    Wayne Salamon
-    Suresh Krishnaswamy
-    Kevin Van Vechten
-    Tom Rhodes
-    Wojciech Koszek
-    Chunyang Yuan
-    Poul-Henning Kamp
-    Christian Brueffer
-    Olivier Houchard
-    Christian Peron
-    Martin Fong
-    Pawel Worach
-    Martin Englund
-    Ruslan Ermilov
-    Martin Voros
-    Diego Giagio
-    Alex Samorukov
-
-In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
-Software's FlexeLint tool were used to identify a number of bugs in the
-OpenBSM implementation.
+Please see the file INSTALL for build and installation instructions.
 
   Contributions
 
@@ -111,4 +55,4 @@ Information on TrustedBSD may be found o
 
     http://www.TrustedBSD.org/
 
-$P4: //depot/projects/trustedbsd/openbsm/README#24 $
+$P4: //depot/projects/trustedbsd/openbsm/README#32 $

Modified: head/contrib/openbsm/TODO
==============================================================================
--- head/contrib/openbsm/TODO	Tue Dec  2 22:45:01 2008	(r185572)
+++ head/contrib/openbsm/TODO	Tue Dec  2 23:26:43 2008	(r185573)
@@ -1,5 +1,5 @@
-- Teach libbsm about any additional 64-bit token types that are present
-  in more recent Solaris versions.
+OpenBSM TODO
+
 - Build a regression test suite for libbsm that generates each token
   type and then compares the results with known good data.  Make sure to
   test that things work properly with respect to endianness of the local
@@ -18,5 +18,7 @@
   trailer context.
 - Put hostname in trail file name.
 - Document audit_warn event arguments.
+- Allow the path /etc/security to be configured at configure-time so that
+  alternative locations can be used.
 
-$P4: //depot/projects/trustedbsd/openbsm/TODO#9 $
+$P4: //depot/projects/trustedbsd/openbsm/TODO#11 $

Modified: head/contrib/openbsm/VERSION
==============================================================================
--- head/contrib/openbsm/VERSION	Tue Dec  2 22:45:01 2008	(r185572)
+++ head/contrib/openbsm/VERSION	Tue Dec  2 23:26:43 2008	(r185573)
@@ -1 +1 @@
-OPENBSM_1_0
+OPENBSM_1_1_ALPHA_2

Modified: head/contrib/openbsm/bin/Makefile.in
==============================================================================
--- head/contrib/openbsm/bin/Makefile.in	Tue Dec  2 22:45:01 2008	(r185572)
+++ head/contrib/openbsm/bin/Makefile.in	Tue Dec  2 23:26:43 2008	(r185573)
@@ -15,7 +15,7 @@
 @SET_MAKE@
 
 #
-# $P4: //depot/projects/trustedbsd/openbsm/bin/Makefile.in#5 $
+# $P4: //depot/projects/trustedbsd/openbsm/bin/Makefile.in#8 $
 #
 VPATH = @srcdir@
 pkgdatadir = $(datadir)/@PACKAGE@
@@ -104,6 +104,7 @@ LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
+MIG = @MIG@
 MKDIR_P = @MKDIR_P@
 OBJEXT = @OBJEXT@
 PACKAGE = @PACKAGE@

Modified: head/contrib/openbsm/bin/audit/Makefile.am
==============================================================================
--- head/contrib/openbsm/bin/audit/Makefile.am	Tue Dec  2 22:45:01 2008	(r185572)
+++ head/contrib/openbsm/bin/audit/Makefile.am	Tue Dec  2 23:26:43 2008	(r185573)
@@ -1,10 +1,23 @@
 #
-# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.am#1 $
+# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.am#4 $
 #
 
-INCLUDES = -I$(top_srcdir)
+if USE_NATIVE_INCLUDES
+INCLUDES = -I$(top_builddir) -I$(top_srcdir)
+else
+INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys
+endif
 
 sbin_PROGRAMS = audit
-audit_SOURCES = audit.c
 audit_LDADD = $(top_builddir)/libbsm/libbsm.la
 man8_MANS = audit.8
+
+if USE_MACH_IPC
+audit_SOURCES = auditd_control_user.c audit.c
+CLEANFILES = auditd_control_user.c auditd_control_user.h
+
+auditd_control_user.c: $(top_srcdir)/bin/auditd/auditd_control.defs 
+	$(MIG)	-user auditd_control_user.c -header auditd_control_user.h -server /dev/null -sheader /dev/null $(top_srcdir)/bin/auditd/auditd_control.defs
+else
+audit_SOURCES = audit.c
+endif

Modified: head/contrib/openbsm/bin/audit/Makefile.in
==============================================================================
--- head/contrib/openbsm/bin/audit/Makefile.in	Tue Dec  2 22:45:01 2008	(r185572)
+++ head/contrib/openbsm/bin/audit/Makefile.in	Tue Dec  2 23:26:43 2008	(r185573)
@@ -15,7 +15,7 @@
 @SET_MAKE@
 
 #
-# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.in#4 $
+# $P4: //depot/projects/trustedbsd/openbsm/bin/audit/Makefile.in#9 $
 #
 
 VPATH = @srcdir@
@@ -49,7 +49,10 @@ CONFIG_CLEAN_FILES =
 am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"
 sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
 PROGRAMS = $(sbin_PROGRAMS)
-am_audit_OBJECTS = audit.$(OBJEXT)
+am__audit_SOURCES_DIST = audit.c auditd_control_user.c
+@USE_MACH_IPC_FALSE@am_audit_OBJECTS = audit.$(OBJEXT)
+@USE_MACH_IPC_TRUE@am_audit_OBJECTS = auditd_control_user.$(OBJEXT) \
+@USE_MACH_IPC_TRUE@	audit.$(OBJEXT)
 audit_OBJECTS = $(am_audit_OBJECTS)
 audit_DEPENDENCIES = $(top_builddir)/libbsm/libbsm.la
 DEFAULT_INCLUDES = -I. -I$(top_builddir)/config@am__isrc@
@@ -65,7 +68,7 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLF
 	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
 	$(LDFLAGS) -o $@
 SOURCES = $(audit_SOURCES)
-DIST_SOURCES = $(audit_SOURCES)
+DIST_SOURCES = $(am__audit_SOURCES_DIST)
 man8dir = $(mandir)/man8
 NROFF = nroff
 MANS = $(man8_MANS)
@@ -113,6 +116,7 @@ LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
+MIG = @MIG@
 MKDIR_P = @MKDIR_P@
 OBJEXT = @OBJEXT@
 PACKAGE = @PACKAGE@
@@ -179,10 +183,13 @@ sysconfdir = @sysconfdir@
 target_alias = @target_alias@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
-INCLUDES = -I$(top_srcdir)
-audit_SOURCES = audit.c
+@USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys
+@USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir)
 audit_LDADD = $(top_builddir)/libbsm/libbsm.la
 man8_MANS = audit.8
+@USE_MACH_IPC_FALSE@audit_SOURCES = audit.c
+@USE_MACH_IPC_TRUE@audit_SOURCES = auditd_control_user.c audit.c
+@USE_MACH_IPC_TRUE@CLEANFILES = auditd_control_user.c auditd_control_user.h
 all: all-am
 
 .SUFFIXES:
@@ -255,6 +262,7 @@ distclean-compile:
 	-rm -f *.tab.c
 
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/audit.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auditd_control_user.Po@am__quote@
 
 .c.o:
 @am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -426,6 +434,7 @@ install-strip:
 mostlyclean-generic:
 
 clean-generic:
+	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
 
 distclean-generic:
 	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
@@ -511,6 +520,9 @@ uninstall-man: uninstall-man8
 	tags uninstall uninstall-am uninstall-man uninstall-man8 \
 	uninstall-sbinPROGRAMS
 
+
+@USE_MACH_IPC_TRUE@auditd_control_user.c: $(top_srcdir)/bin/auditd/auditd_control.defs 
+@USE_MACH_IPC_TRUE@	$(MIG)	-user auditd_control_user.c -header auditd_control_user.h -server /dev/null -sheader /dev/null $(top_srcdir)/bin/auditd/auditd_control.defs
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:

Modified: head/contrib/openbsm/bin/audit/audit.8
==============================================================================
--- head/contrib/openbsm/bin/audit/audit.8	Tue Dec  2 22:45:01 2008	(r185572)
+++ head/contrib/openbsm/bin/audit/audit.8	Tue Dec  2 23:26:43 2008	(r185573)
@@ -1,4 +1,4 @@
-.\" Copyright (c) 2004 Apple Computer, Inc.
+.\" Copyright (c) 2004 Apple Inc.
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -10,7 +10,7 @@
 .\" 2.  Redistributions in binary form must reproduce the above copyright
 .\"     notice, this list of conditions and the following disclaimer in the
 .\"     documentation and/or other materials provided with the distribution.
-.\" 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+.\" 3.  Neither the name of Apple Inc. ("Apple") nor the names of
 .\"     its contributors may be used to endorse or promote products derived
 .\"     from this software without specific prior written permission.
 .\"
@@ -25,7 +25,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#10 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#11 $
 .\"
 .Dd October 2, 2006
 .Dt AUDIT 8

Modified: head/contrib/openbsm/bin/audit/audit.c
==============================================================================
--- head/contrib/openbsm/bin/audit/audit.c	Tue Dec  2 22:45:01 2008	(r185572)
+++ head/contrib/openbsm/bin/audit/audit.c	Tue Dec  2 23:26:43 2008	(r185573)
@@ -1,5 +1,5 @@
-/*
- * Copyright (c) 2005 Apple Computer, Inc.
+/*-
+ * Copyright (c) 2005-2008 Apple Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -11,7 +11,7 @@
  * 2.  Redistributions in binary form must reproduce the above copyright
  *     notice, this list of conditions and the following disclaimer in the
  *     documentation and/or other materials provided with the distribution.
- * 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+ * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
  *     its contributors may be used to endorse or promote products derived
  *     from this software without specific prior written permission.
  *
@@ -26,7 +26,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#8 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#11 $
  */
 /*
  * Program to trigger the audit daemon with a message that is either:
@@ -37,7 +37,12 @@
  */
 
 #include <sys/types.h>
+#include <config/config.h>
+#ifdef HAVE_FULL_QUEUE_H
 #include <sys/queue.h>
+#else /* !HAVE_FULL_QUEUE_H */
+#include <compat/queue.h>
+#endif /* !HAVE_FULL_QUEUE_H */
 #include <sys/uio.h>
 
 #include <bsm/libbsm.h>
@@ -47,6 +52,58 @@
 #include <stdlib.h>
 #include <unistd.h>
 
+
+static int send_trigger(unsigned int);
+
+#ifdef USE_MACH_IPC
+#include <mach/mach.h>
+#include <servers/netname.h>
+#include <mach/message.h>
+#include <mach/port.h>
+#include <mach/mach_error.h>
+#include <mach/host_special_ports.h>
+#include <servers/bootstrap.h>
+
+#include "auditd_control_user.h"
+
+static int
+send_trigger(unsigned int trigger)
+{
+	mach_port_t     serverPort;
+	kern_return_t	error;
+
+	error = host_get_audit_control_port(mach_host_self(), &serverPort);
+	if (error != KERN_SUCCESS) {
+		mach_error("Cannot get auditd_control Mach port: ", error);
+		return (-1);
+	}
+
+	error = auditd_control(serverPort, trigger);
+	if (error != KERN_SUCCESS) {
+		mach_error("Error sending trigger: ", error);
+		return (-1);
+	}
+	
+	return (0);
+}
+
+#else /* ! USE_MACH_IPC */
+
+static int
+send_trigger(unsigned int trigger)
+{
+	int error;
+
+	error = auditon(A_SENDTRIGGER, &trigger, sizeof(trigger));
+	if (error != 0) {
+		perror("Error sending trigger");
+		return (-1);
+	}
+
+	return (0);
+}
+#endif /* ! USE_MACH_IPC */
+
 static void
 usage(void)
 {
@@ -88,11 +145,9 @@ main(int argc, char **argv)
 			break;
 		}
 	}
-	if (auditon(A_SENDTRIGGER, &trigger, sizeof(trigger)) < 0) {
-		perror("Error sending trigger");
+	if (send_trigger(trigger) < 0) 
 		exit(-1);
-	} else {
-		printf("Trigger sent.\n");
-		exit (0);
-	}
+
+	printf("Trigger sent.\n");
+	exit (0);
 }

Modified: head/contrib/openbsm/bin/auditd/Makefile.am
==============================================================================
--- head/contrib/openbsm/bin/auditd/Makefile.am	Tue Dec  2 22:45:01 2008	(r185572)
+++ head/contrib/openbsm/bin/auditd/Makefile.am	Tue Dec  2 23:26:43 2008	(r185573)
@@ -1,10 +1,26 @@
 #
-# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.am#1 $
+# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.am#4 $
 #
 
-INCLUDES = -I$(top_srcdir)
+if USE_NATIVE_INCLUDES
+INCLUDES = -I$(top_builddir) -I$(top_srcdir)
+else
+INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys
+endif
 
 sbin_PROGRAMS = auditd
-auditd_SOURCES = audit_warn.c auditd.c
 auditd_LDADD = $(top_builddir)/libbsm/libbsm.la
 man8_MANS = auditd.8
+
+if USE_MACH_IPC
+auditd_SOURCES = auditd_control_server.c audit_triggers_server.c audit_warn.c auditd.c
+CLEANFILES = auditd_control_server.c auditd_control_server.h audit_triggers_server.c audit_triggers_server.h
+
+auditd_control_server.c: auditd_control.defs
+	$(MIG) -user /dev/null -header /dev/null -server auditd_control_server.c -sheader auditd_control_server.h $(top_srcdir)/bin/auditd/auditd_control.defs
+
+audit_triggers_server.c: audit_triggers.defs
+	$(MIG) -user /dev/null -header /dev/null -server audit_triggers_server.c -sheader audit_triggers_server.h $(top_srcdir)/bin/auditd/audit_triggers.defs
+else
+auditd_SOURCES = audit_warn.c auditd.c
+endif

Modified: head/contrib/openbsm/bin/auditd/Makefile.in
==============================================================================
--- head/contrib/openbsm/bin/auditd/Makefile.in	Tue Dec  2 22:45:01 2008	(r185572)
+++ head/contrib/openbsm/bin/auditd/Makefile.in	Tue Dec  2 23:26:43 2008	(r185573)
@@ -15,7 +15,7 @@
 @SET_MAKE@
 
 #
-# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.in#4 $
+# $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/Makefile.in#9 $
 #
 
 VPATH = @srcdir@
@@ -49,7 +49,14 @@ CONFIG_CLEAN_FILES =
 am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"
 sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
 PROGRAMS = $(sbin_PROGRAMS)
-am_auditd_OBJECTS = audit_warn.$(OBJEXT) auditd.$(OBJEXT)
+am__auditd_SOURCES_DIST = audit_warn.c auditd.c \
+	auditd_control_server.c audit_triggers_server.c
+@USE_MACH_IPC_FALSE@am_auditd_OBJECTS = audit_warn.$(OBJEXT) \
+@USE_MACH_IPC_FALSE@	auditd.$(OBJEXT)
+@USE_MACH_IPC_TRUE@am_auditd_OBJECTS =  \
+@USE_MACH_IPC_TRUE@	auditd_control_server.$(OBJEXT) \
+@USE_MACH_IPC_TRUE@	audit_triggers_server.$(OBJEXT) \
+@USE_MACH_IPC_TRUE@	audit_warn.$(OBJEXT) auditd.$(OBJEXT)
 auditd_OBJECTS = $(am_auditd_OBJECTS)
 auditd_DEPENDENCIES = $(top_builddir)/libbsm/libbsm.la
 DEFAULT_INCLUDES = -I. -I$(top_builddir)/config@am__isrc@
@@ -65,7 +72,7 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLF
 	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
 	$(LDFLAGS) -o $@
 SOURCES = $(auditd_SOURCES)
-DIST_SOURCES = $(auditd_SOURCES)
+DIST_SOURCES = $(am__auditd_SOURCES_DIST)
 man8dir = $(mandir)/man8
 NROFF = nroff
 MANS = $(man8_MANS)
@@ -113,6 +120,7 @@ LN_S = @LN_S@
 LTLIBOBJS = @LTLIBOBJS@
 MAINT = @MAINT@
 MAKEINFO = @MAKEINFO@
+MIG = @MIG@
 MKDIR_P = @MKDIR_P@
 OBJEXT = @OBJEXT@
 PACKAGE = @PACKAGE@
@@ -179,10 +187,13 @@ sysconfdir = @sysconfdir@
 target_alias = @target_alias@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
-INCLUDES = -I$(top_srcdir)
-auditd_SOURCES = audit_warn.c auditd.c
+@USE_NATIVE_INCLUDES_FALSE@INCLUDES = -I$(top_builddir) -I$(top_srcdir) -I$(top_srcdir)/sys
+@USE_NATIVE_INCLUDES_TRUE@INCLUDES = -I$(top_builddir) -I$(top_srcdir)
 auditd_LDADD = $(top_builddir)/libbsm/libbsm.la
 man8_MANS = auditd.8
+@USE_MACH_IPC_FALSE@auditd_SOURCES = audit_warn.c auditd.c
+@USE_MACH_IPC_TRUE@auditd_SOURCES = auditd_control_server.c audit_triggers_server.c audit_warn.c auditd.c
+@USE_MACH_IPC_TRUE@CLEANFILES = auditd_control_server.c auditd_control_server.h audit_triggers_server.c audit_triggers_server.h
 all: all-am
 
 .SUFFIXES:
@@ -254,8 +265,10 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/audit_triggers_server.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/audit_warn.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auditd.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auditd_control_server.Po@am__quote@
 
 .c.o:
 @am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -427,6 +440,7 @@ install-strip:
 mostlyclean-generic:
 
 clean-generic:
+	-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
 
 distclean-generic:
 	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
@@ -512,6 +526,12 @@ uninstall-man: uninstall-man8
 	tags uninstall uninstall-am uninstall-man uninstall-man8 \

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812022326.mB2NQheJ074455>