Vendor import TrustedBSD OpenBSM 1.0 alpha 15, with the following change

history since the last import: OpenBSM 1.0 alpha 15 - Fix bug when processing in_addr_ex tokens. - Restore the behavior of printing the string/text specified while auditing arg32 tokens. - Synchronized audit event list to Solaris, picking up the *at(2) system call definitions, now required for FreeBSD and Linux. Added additional events for *at(2) system calls not present in Solaris. - Bugs in auditreduce(8) fixed allowing partial date strings to be used in filtering events. Approved by: re (hrs) MFC after: 3 weeks Obtained from: TrustedBSD Project
svn path=/vendor/openbsm/dist/; revision=171537
2024-12-01 17:12:46 +00:00 · 2007-07-22 12:18:31 +00:00 · 2007-07-22 12:18:31 +00:00 · 0814440e5f · 2020-12-20 02:59:44 +00:00
commit 0814440e5f
parent bc168a6cdd
22 changed files with 197 additions and 120 deletions
--- a/contrib/openbsm/HISTORY
+++ b/contrib/openbsm/HISTORY
@ -1,3 +1,14 @@
+OpenBSM 1.0 alpha 15
+
+- Fix bug when processing in_addr_ex tokens.
+- Restore the behavior of printing the string/text specified while
+  auditing arg32 tokens.
+- Synchronized audit event list to Solaris, picking up the *at(2) system call
+  definitions, now required for FreeBSD and Linux.  Added additional events
+  for *at(2) system calls not present in Solaris.
+- Bugs in auditreduce(8) fixed allowing partial date strings to be used in
+  filtering events.
+
 OpenBSM 1.0 alpha 14

 - Fix endian issues when processing IPv6 addresses for extended subject
@ -284,4 +295,4 @@ OpenBSM 1.0 alpha 1
  to support reloading of kernel event table.
 - Allow comments in /etc/security configuration files.

-$P4: //depot/projects/trustedbsd/openbsm/HISTORY#50 $
+$P4: //depot/projects/trustedbsd/openbsm/HISTORY#55 $
--- a/contrib/openbsm/README
+++ b/contrib/openbsm/README
@ -89,6 +89,7 @@ the development of OpenBSM:
    Ruslan Ermilov
    Martin Voros
    Diego Giagio
+    Alex Samorukov

 In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
 Software's FlexeLint tool were used to identify a number of bugs in the
@ -110,4 +111,4 @@ Information on TrustedBSD may be found on the TrustedBSD home page:

    http://www.TrustedBSD.org/

-$P4: //depot/projects/trustedbsd/openbsm/README#23 $
+$P4: //depot/projects/trustedbsd/openbsm/README#24 $
--- a/contrib/openbsm/VERSION
+++ b/contrib/openbsm/VERSION
@ -1 +1 @@
-OPENBSM_1_0_ALPHA_14
+OPENBSM_1_0_ALPHA_15
--- a/contrib/openbsm/bin/audit/audit.8
+++ b/contrib/openbsm/bin/audit/audit.8
@ -1,8 +1,6 @@
 .\" Copyright (c) 2004 Apple Computer, Inc.
 .\" All rights reserved.
 .\"
-.\" @APPLE_BSD_LICENSE_HEADER_START@
-.\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
@ -27,9 +25,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" @APPLE_BSD_LICENSE_HEADER_END@
-.\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#9 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#10 $
 .\"
 .Dd October 2, 2006
 .Dt AUDIT 8
--- a/contrib/openbsm/bin/audit/audit.c
+++ b/contrib/openbsm/bin/audit/audit.c
@ -2,8 +2,6 @@
 * Copyright (c) 2005 Apple Computer, Inc.
 * All rights reserved.
 *
- * @APPLE_BSD_LICENSE_HEADER_START@
- *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@ -28,9 +26,7 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
- * @APPLE_BSD_LICENSE_HEADER_END@
- *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#7 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#8 $
 */
 /*
 * Program to trigger the audit daemon with a message that is either:
--- a/contrib/openbsm/bin/auditd/audit_warn.c
+++ b/contrib/openbsm/bin/auditd/audit_warn.c
@ -2,8 +2,6 @@
 * Copyright (c) 2005 Apple Computer, Inc.
 * All rights reserved.
 *
- * @APPLE_BSD_LICENSE_HEADER_START@
- *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@ -28,9 +26,7 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
- * @APPLE_BSD_LICENSE_HEADER_END@
- *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#7 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/audit_warn.c#8 $
 */

 #include <sys/types.h>
--- a/contrib/openbsm/bin/auditd/auditd.8
+++ b/contrib/openbsm/bin/auditd/auditd.8
@ -1,8 +1,6 @@
 .\" Copyright (c) 2004 Apple Computer, Inc.
 .\" All rights reserved.
 .\"
-.\" @APPLE_BSD_LICENSE_HEADER_START@
-.\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
@ -27,9 +25,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" @APPLE_BSD_LICENSE_HEADER_END@
-.\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#12 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#13 $
 .\"
 .Dd October 2, 2006
 .Dt AUDITD 8
--- a/contrib/openbsm/bin/auditd/auditd.c
+++ b/contrib/openbsm/bin/auditd/auditd.c
@ -2,8 +2,6 @@
 * Copyright (c) 2004 Apple Computer, Inc.
 * All rights reserved.
 *
- * @APPLE_BSD_LICENSE_HEADER_START@
- *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@ -28,9 +26,7 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
- * @APPLE_BSD_LICENSE_HEADER_END@
- *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#25 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#26 $
 */

 #include <sys/types.h>
--- a/contrib/openbsm/bin/auditd/auditd.h
+++ b/contrib/openbsm/bin/auditd/auditd.h
@ -2,8 +2,6 @@
 * Copyright (c) 2005 Apple Computer, Inc.
 * All rights reserved.
 *
- * @APPLE_BSD_LICENSE_HEADER_START@
- *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@ -28,9 +26,7 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
- * @APPLE_BSD_LICENSE_HEADER_END@
- *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#7 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#8 $
 */

 #ifndef _AUDITD_H_
--- a/contrib/openbsm/bin/auditreduce/auditreduce.c
+++ b/contrib/openbsm/bin/auditreduce/auditreduce.c
@ -26,7 +26,7 @@
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#18 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#19 $
 */

 /* 
@ -629,6 +629,7 @@ main(int argc, char **argv)
 				usage("d is exclusive with a and b");
 			}
 			SETOPT(opttochk, OPT_a);
+			bzero(&tm, sizeof(tm));
 			strptime(optarg, "%Y%m%d%H%M%S", &tm);
 			strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S",
 			    &tm);
@ -641,6 +642,7 @@ main(int argc, char **argv)
 				usage("d is exclusive with a and b");
 			}
 			SETOPT(opttochk, OPT_b);
+			bzero(&tm, sizeof(tm));
 			strptime(optarg, "%Y%m%d%H%M%S", &tm);
 			strftime(timestr, sizeof(timestr), "%Y%m%d%H%M%S",
 			    &tm);
@ -661,6 +663,7 @@ main(int argc, char **argv)
 			    OPT_a))
 				usage("'d' is exclusive with 'a' and 'b'");
 			SETOPT(opttochk, OPT_d);
+			bzero(&tm, sizeof(tm));
 			strptime(optarg, "%Y%m%d", &tm);
 			strftime(timestr, sizeof(timestr), "%Y%m%d", &tm);
 			/* fprintf(stderr, "Time converted = %s\n", timestr); */
--- a/contrib/openbsm/bsm/audit.h
+++ b/contrib/openbsm/bsm/audit.h
@ -2,8 +2,6 @@
 * Copyright (c) 2005 Apple Computer, Inc.
 * All rights reserved.
 *
- * @APPLE_BSD_LICENSE_HEADER_START@
- *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@ -28,9 +26,7 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
- * @APPLE_BSD_LICENSE_HEADER_END@
- *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#21 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#22 $
 */

 #ifndef _BSM_AUDIT_H
--- a/contrib/openbsm/bsm/audit_internal.h
+++ b/contrib/openbsm/bsm/audit_internal.h
@ -6,8 +6,6 @@
 * This code was developed in part by Robert N. M. Watson, Senior Principal
 * Scientist, SPARTA, Inc.
 *
- * @APPLE_BSD_LICENSE_HEADER_START@
- *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@ -32,9 +30,7 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
- * @APPLE_BSD_LICENSE_HEADER_END@
- *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_internal.h#15 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_internal.h#16 $
 */

 #ifndef _AUDIT_INTERNAL_H
--- a/contrib/openbsm/bsm/audit_kevents.h
+++ b/contrib/openbsm/bsm/audit_kevents.h
@ -2,8 +2,6 @@
 * Copyright (c) 2005 Apple Computer, Inc.
 * All rights reserved.
 *
- * @APPLE_BSD_LICENSE_HEADER_START@
- *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@ -28,9 +26,7 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
- * @APPLE_BSD_LICENSE_HEADER_END@
- *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#47 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#52 $
 */

 #ifndef _BSM_AUDIT_KEVENTS_H_
@ -48,11 +44,12 @@
 #define	AUE_NULL		0
 #define	AUE_EXIT		1
 #define	AUE_FORK		2
+#define	AUE_FORKALL		AUE_FORK	/* Solaris-specific. */
 #define	AUE_OPEN		3
 #define	AUE_CREAT		4
 #define	AUE_LINK		5
 #define	AUE_UNLINK		6
-#define	AUE_DELETE		AUE_UNLINK
+#define	AUE_DELETE		AUE_UNLINK	/* Darwin-specific. */
 #define	AUE_EXEC		7
 #define	AUE_CHDIR		8
 #define	AUE_MKNOD		9
@ -61,7 +58,7 @@
 #define	AUE_UMOUNT		12
 #define	AUE_JUNK		13	/* Solaris-specific. */
 #define	AUE_ACCESS		14
-#define	AUE_CHECKUSERACCESS	AUE_ACCESS
+#define	AUE_CHECKUSERACCESS	AUE_ACCESS	/* Darwin-specific. */
 #define	AUE_KILL		15
 #define	AUE_STAT		16
 #define	AUE_LSTAT		17
@ -160,7 +157,7 @@
 #define	AUE_SEMOP		110
 #define	AUE_CORE		111	/* Solaris-specific, currently. */
 #define	AUE_CLOSE		112
-#define	AUE_SYSTEMBOOT		113
+#define	AUE_SYSTEMBOOT		113	/* Solaris-specific. */
 #define	AUE_ASYNC_DAEMON_EXIT	114	/* Solaris-specific. */
 #define	AUE_NFSSVC_EXIT		115	/* Solaris-specific. */
 #define	AUE_WRITEL		128	/* Solaris-specific. */
@ -183,9 +180,14 @@
 #define	AUE_GETKERNSTATE	147	/* Solaris-specific. */
 #define	AUE_SETKERNSTATE	148	/* Solaris-specific. */
 #define	AUE_GETPORTAUDIT	149	/* Solaris-specific. */
-#define	AUE_AUDISTAT		150	/* Solaris-specific. */
+#define	AUE_AUDITSTAT		150	/* Solaris-specific. */
+#define	AUE_REVOKE		151
+#define	AUE_MAC			152	/* Solaris-specific. */
 #define	AUE_ENTERPROM		153	/* Solaris-specific. */
 #define	AUE_EXITPROM		154	/* Solaris-specific. */
+#define	AUE_IFLOAT		155	/* Solaris-specific. */
+#define	AUE_PFLOAT		156	/* Solaris-specific. */
+#define	AUE_UPRIV		157	/* Solaris-specific. */
 #define	AUE_IOCTL		158
 #define	AUE_SOCKET		183
 #define	AUE_SENDTO		184
@ -197,28 +199,30 @@
 #define	AUE_RECVMSG		190
 #define	AUE_RECVFROM		191
 #define	AUE_READ		192
+#define	AUE_GETDENTS		193
 #define	AUE_LSEEK		194
 #define	AUE_WRITE		195
 #define	AUE_WRITEV		196
 #define	AUE_NFS			197	/* Solaris-specific. */
 #define	AUE_READV		198
-					/* XXXRW: XXX Solaris old stat()? */
+#define	AUE_OSTAT		199	/* Solaris-specific. */
 #define	AUE_SETUID		200	/* XXXRW: Solaris old setuid? */
 #define	AUE_STIME		201	/* XXXRW: Solaris old stime? */
 #define	AUE_UTIME		202	/* XXXRW: Solaris old utime? */
 #define	AUE_NICE		203	/* XXXRW: Solaris old nice? */
-					/* XXXRW: Solaris old setpgrp? */
-#define	AUE_SETGID		205	/* XXXRW: Solaris old setgid? */
-					/* XXXRW: Solaris readl? */
-					/* XXXRW: Solaris readvl()? */
+#define	AUE_OSETPGRP		204	/* Solaris-specific. */
+#define	AUE_SETGID		205
+#define	AUE_READL		206	/* Solaris-specific. */
+#define	AUE_READVL		207	/* Solaris-specific. */
+#define	AUE_FSTAT		208
 #define	AUE_DUP2		209
 #define	AUE_MMAP		210
 #define	AUE_AUDIT		211
-#define	AUE_PRIOCNTLSYS		212
+#define	AUE_PRIOCNTLSYS		212	/* Solaris-specific. */
 #define	AUE_MUNMAP		213
 #define	AUE_SETEGID		214
 #define	AUE_SETEUID		215
-#define	AUE_PUTMSG		216
+#define	AUE_PUTMSG		216	/* Solaris-specific. */
 #define	AUE_GETMSG		217	/* Solaris-specific. */
 #define	AUE_PUTPMSG		218	/* Solaris-specific. */
 #define	AUE_GETPMSG		219	/* Solaris-specific. */
@ -235,26 +239,27 @@
 #define	AUE_AUDITON_SETCOND	230
 #define	AUE_AUDITON_GETCLASS	231
 #define	AUE_AUDITON_SETCLASS	232
-#define	AUE_UTSSYS		233	/* Solaris-specific. */
+#define	AUE_FUSERS		233	/* Solaris-specific; also UTSSYS? */
 #define	AUE_STATVFS		234
-#define	AUE_XSTAT		235
-#define	AUE_LXSTAT		236
+#define	AUE_XSTAT		235	/* Solaris-specific. */
+#define	AUE_LXSTAT		236	/* Solaris-specific. */
 #define	AUE_LCHOWN		237
 #define	AUE_MEMCNTL		238	/* Solaris-specific. */
 #define	AUE_SYSINFO		239	/* Solaris-specific. */
 #define	AUE_XMKNOD		240	/* Solaris-specific. */
 #define	AUE_FORK1		241
-					/* XXXRW: Solaris modctl()? */
+#define	AUE_MODCTL		242	/* Solaris-specific. */
 #define	AUE_MODLOAD		243
 #define	AUE_MODUNLOAD		244
 #define	AUE_MODCONFIG		245	/* Solaris-specific. */
 #define	AUE_MODADDMAJ		246	/* Solaris-specific. */
-#define	AUE_SOCKACCEPT		247
-#define	AUE_SOCKCONNECT		248
-#define	AUE_SOCKSEND		249
-#define	AUE_SOCKRECEIVE		250
+#define	AUE_SOCKACCEPT		247	/* Solaris-specific. */
+#define	AUE_SOCKCONNECT		248	/* Solaris-specific. */
+#define	AUE_SOCKSEND		249	/* Solaris-specific. */
+#define	AUE_SOCKRECEIVE		250	/* Solaris-specific. */
 #define	AUE_ACLSET		251
 #define	AUE_FACLSET		252
+#define	AUE_DOORFS		253	/* Solaris-specific. */
 #define	AUE_DOORFS_DOOR_CALL	254	/* Solaris-specific. */
 #define	AUE_DOORFS_DOOR_RETURN	255	/* Solaris-specific. */
 #define	AUE_DOORFS_DOOR_CREATE	256	/* Solaris-specific. */
@ -266,11 +271,42 @@
 #define	AUE_P_ONLINE		262	/* Solaris-specific. */
 #define	AUE_PROCESSOR_BIND	263	/* Solaris-specific. */
 #define	AUE_INST_SYNC		264	/* Solaris-specific. */
-#define	AUE_SOCK_CONFIG		265	/* Solaris-specific. */
+#define	AUE_SOCKCONFIG		265	/* Solaris-specific. */
 #define	AUE_SETAUDIT_ADDR	266
 #define	AUE_GETAUDIT_ADDR	267
+#define	AUE_UMOUNT2		268	/* Solaris-specific. */
+#define	AUE_FSAT		269	/* Solaris-specific. */
+#define	AUE_OPENAT_R		270
+#define	AUE_OPENAT_RC		271
+#define	AUE_OPENAT_RT		272
+#define	AUE_OPENAT_RTC		273
+#define	AUE_OPENAT_W		274
+#define	AUE_OPENAT_WC		275
+#define	AUE_OPENAT_WT		276
+#define	AUE_OPENAT_WTC		277
+#define	AUE_OPENAT_RW		278
+#define	AUE_OPENAT_RWC		279
+#define	AUE_OPENAT_RWT		280
+#define	AUE_OPENAT_RWTC		281
+#define	AUE_RENAMEAT		282
+#define	AUE_FSTATAT		283
+#define	AUE_FCHOWNAT		284
+#define	AUE_FUTIMESAT		285
+#define	AUE_UNLINKAT		286
 #define	AUE_CLOCK_SETTIME	287
 #define	AUE_NTP_ADJTIME		288
+#define	AUE_SETPPRIV		289	/* Solaris-specific. */
+#define	AUE_MODDEVPLCY		290	/* Solaris-specific. */
+#define	AUE_MODADDPRIV		291	/* Solaris-specific. */
+#define	AUE_CRYPTOADM		292	/* Solaris-specific. */
+#define	AUE_CONFIGKSSL		293	/* Solaris-specific. */
+#define	AUE_BRANDSYS		294	/* Solaris-specific. */
+#define	AUE_PF_POLICY_ADDRULE	295	/* Solaris-specific. */
+#define	AUE_PF_POLICY_DELRULE	296	/* Solaris-specific. */
+#define	AUE_PF_POLICY_CLONE	297	/* Solaris-specific. */
+#define	AUE_PF_POLICY_FLIP	298	/* Solaris-specific. */
+#define	AUE_PF_POLICY_FLUSH	299	/* Solaris-specific. */
+#define	AUE_PF_POLICY_ALGS	300	/* Solaris-specific. */

 /*
 * Events added for Apple Darwin that potentially collide with future Solaris
@ -285,30 +321,30 @@
 #define	AUE_DARWIN_PROFILE	305
 #define	AUE_DARWIN_KTRACE	306
 #define	AUE_DARWIN_SETLOGIN	307
-#define	AUE_DARWIN_REBOOT	308	/* XXX: See AUE_REBOOT. */
+#define	AUE_DARWIN_REBOOT	308
 #define	AUE_DARWIN_REVOKE	309
 #define	AUE_DARWIN_UMASK	310
 #define	AUE_DARWIN_MPROTECT	311
-#define	AUE_DARWIN_SETPRIORITY	312	/* XXX: See AUE_SETPRIORITY. */
-#define	AUE_DARWIN_SETTIMEOFDAY	313	/* XXX: See AUE_SETTIMEOFDAY. */
-#define	AUE_DARWIN_FLOCK	314	/* XXX: See AUE_FLOCK. */
+#define	AUE_DARWIN_SETPRIORITY	312
+#define	AUE_DARWIN_SETTIMEOFDAY	313
+#define	AUE_DARWIN_FLOCK	314
 #define	AUE_DARWIN_MKFIFO	315
 #define	AUE_DARWIN_POLL		316
-#define	AUE_DARWIN_SOCKETPAIR	317	/* XXXRW: See AUE_SOCKETPAIR. */
+#define	AUE_DARWIN_SOCKETPAIR	317
 #define	AUE_DARWIN_FUTIMES	318
 #define	AUE_DARWIN_SETSID	319
 #define	AUE_DARWIN_SETPRIVEXEC	320	/* Darwin-specific. */
-#define	AUE_DARWIN_NFSSVC	321	/* XXX: See AUE_NFS_SVC. */
-#define	AUE_DARWIN_GETFH	322	/* XXX: See AUE_NFS_GETFH. */
-#define	AUE_DARWIN_QUOTACTL	323	/* XXX: See AUE_QUOTACTL. */
+#define	AUE_DARWIN_NFSSVC	321
+#define	AUE_DARWIN_GETFH	322
+#define	AUE_DARWIN_QUOTACTL	323
 #define	AUE_DARWIN_ADDPROFILE	324	/* Darwin-specific. */
 #define	AUE_DARWIN_KDEBUGTRACE	325	/* Darwin-specific. */
 #define	AUE_DARWIN_KDBUGTRACE	AUE_KDEBUGTRACE
 #define	AUE_DARWIN_FSTAT	326
 #define	AUE_DARWIN_FPATHCONF	327
 #define	AUE_DARWIN_GETDIRENTRIES	328
-#define	AUE_DARWIN_TRUNCATE	329	/* XXX: See AUE_TRUNCATE. */
-#define	AUE_DARWIN_FTRUNCATE	330	/* XXX: See AUE_FTRUNCATE. */
+#define	AUE_DARWIN_TRUNCATE	329
+#define	AUE_DARWIN_FTRUNCATE	330
 #define	AUE_DARWIN_SYSCTL	331
 #define	AUE_DARWIN_MLOCK	332
 #define	AUE_DARWIN_MUNLOCK	333
@ -347,6 +383,11 @@
 * These often duplicate events added to the Solaris set by Darwin, but use
 * event identifiers in a higher range in order to avoid colliding with
 * future Solaris additions.
+ *
+ * If an event in this section is later added to Solaris, we prefer the
+ * Solaris event identifier, and add _OPENBSM_ to the OpenBSM-specific
+ * identifier so that old trails can still be processed, but new trails use
+ * the Solaris identifier.
 */
 #define	AUE_GETFSSTAT		43001
 #define	AUE_PTRACE		43002
@ -355,7 +396,7 @@
 #define	AUE_PROFILE		43005
 #define	AUE_KTRACE		43006
 #define	AUE_SETLOGIN		43007
-#define	AUE_REVOKE		43008
+#define	AUE_OPENBSM_REVOKE	43008	/* Solaris event now preferred. */
 #define	AUE_UMASK		43009
 #define	AUE_MPROTECT		43010
 #define	AUE_MKFIFO		43011
@ -366,7 +407,7 @@
 #define	AUE_ADDPROFILE		43016	/* Darwin-specific. */
 #define	AUE_KDEBUGTRACE		43017	/* Darwin-specific. */
 #define	AUE_KDBUGTRACE		AUE_KDEBUGTRACE
-#define	AUE_FSTAT		43018
+#define	AUE_OPENBSM_FSTAT	43018	/* Solaris event now preferred. */
 #define	AUE_FPATHCONF		43019
 #define	AUE_GETDIRENTRIES	43020
 #define	AUE_SYSCTL		43021
@ -496,6 +537,16 @@
 #define	AUE_LISTEN		43140	/* FreeBSD/Darwin/Linux. */
 #define	AUE_MLOCKALL		43141	/* FreeBSD. */
 #define	AUE_MUNLOCKALL		43142	/* FreeBSD. */
+#define	AUE_CLOSEFROM		43143	/* FreeBSD. */
+#define	AUE_FEXECVE		43144	/* FreeBSD. */
+#define	AUE_FACCESSAT		43145	/* FreeBSD. */
+#define	AUE_FCHMODAT		43146	/* FreeBSD. */
+#define	AUE_LINKAT		43147	/* FreeBSD. */
+#define	AUE_MKDIRAT		43148	/* FreeBSD. */
+#define	AUE_MKFIFOAT		43149	/* FreeBSD. */
+#define	AUE_MKNODAT		43150	/* FreeBSD. */
+#define	AUE_READLINKAT		43151	/* FreeBSD. */
+#define	AUE_SYMLINKAT		43152	/* FreeBSD. */

 /*
 * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
--- a/contrib/openbsm/bsm/audit_record.h
+++ b/contrib/openbsm/bsm/audit_record.h
@ -2,8 +2,6 @@
 * Copyright (c) 2005 Apple Computer, Inc.
 * All rights reserved.
 *
- * @APPLE_BSD_LICENSE_HEADER_START@
- *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@ -28,9 +26,7 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
- * @APPLE_BSD_LICENSE_HEADER_END@
- *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#25 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#26 $
 */

 #ifndef _BSM_AUDIT_RECORD_H_
--- a/contrib/openbsm/configure
+++ b/contrib/openbsm/configure
@ -1,7 +1,7 @@
 #! /bin/sh
 # From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#33 .
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.59 for OpenBSM 1.0alpha14.
+# Generated by GNU Autoconf 2.59 for OpenBSM 1.0alpha15.
 #
 # Report bugs to <trustedbsd-audit@TrustesdBSD.org>.
 #
@ -424,8 +424,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
 # Identity of this package.
 PACKAGE_NAME='OpenBSM'
 PACKAGE_TARNAME='openbsm'
-PACKAGE_VERSION='1.0alpha14'
-PACKAGE_STRING='OpenBSM 1.0alpha14'
+PACKAGE_VERSION='1.0alpha15'
+PACKAGE_STRING='OpenBSM 1.0alpha15'
 PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org'

 ac_unique_file="bin/auditreduce/auditreduce.c"
@ -955,7 +955,7 @@ if test "$ac_init_help" = "long"; then
  # Omit some internal or obsolete options to make the list less imposing.
  # This message is too long to be a string in the A/UX 3.1 sh.
  cat <<_ACEOF
-\`configure' configures OpenBSM 1.0alpha14 to adapt to many kinds of systems.
+\`configure' configures OpenBSM 1.0alpha15 to adapt to many kinds of systems.

 Usage: $0 [OPTION]... [VAR=VALUE]...

@ -1021,7 +1021,7 @@ fi

 if test -n "$ac_init_help"; then
  case $ac_init_help in
-     short | recursive ) echo "Configuration of OpenBSM 1.0alpha14:";;
+     short | recursive ) echo "Configuration of OpenBSM 1.0alpha15:";;
   esac
  cat <<\_ACEOF

@ -1162,7 +1162,7 @@ fi
 test -n "$ac_init_help" && exit 0
 if $ac_init_version; then
  cat <<\_ACEOF
-OpenBSM configure 1.0alpha14
+OpenBSM configure 1.0alpha15
 generated by GNU Autoconf 2.59

 Copyright (C) 2003 Free Software Foundation, Inc.
@ -1176,7 +1176,7 @@ cat >&5 <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.

-It was created by OpenBSM $as_me 1.0alpha14, which was
+It was created by OpenBSM $as_me 1.0alpha15, which was
 generated by GNU Autoconf 2.59.  Invocation command line was

  $ $0 $@
@ -19278,7 +19278,7 @@ fi

 # Define the identity of the package.
 PACKAGE=OpenBSM
- VERSION=1.0alpha14
+ VERSION=1.0alpha15


 cat >>confdefs.h <<_ACEOF
@ -23479,7 +23479,7 @@ _ASBOX
 } >&5
 cat >&5 <<_CSEOF

-This file was extended by OpenBSM $as_me 1.0alpha14, which was
+This file was extended by OpenBSM $as_me 1.0alpha15, which was
 generated by GNU Autoconf 2.59.  Invocation command line was

  CONFIG_FILES    = $CONFIG_FILES
@ -23542,7 +23542,7 @@ _ACEOF

 cat >>$CONFIG_STATUS <<_ACEOF
 ac_cs_version="\\
-OpenBSM config.status 1.0alpha14
+OpenBSM config.status 1.0alpha15
 configured by $0, generated by GNU Autoconf 2.59,
  with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"

--- a/contrib/openbsm/configure.ac
+++ b/contrib/openbsm/configure.ac
@ -2,8 +2,8 @@
 # Process this file with autoconf to produce a configure script.

 AC_PREREQ(2.59)
-AC_INIT([OpenBSM], [1.0alpha14], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
-AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#34 $])
+AC_INIT([OpenBSM], [1.0alpha15], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
+AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#35 $])
 AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c])
 AC_CONFIG_AUX_DIR(config)
 AC_CONFIG_HEADER([config/config.h])
--- a/contrib/openbsm/etc/audit_event
+++ b/contrib/openbsm/etc/audit_event
@ -1,5 +1,5 @@
 #
-# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#20 $
+# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#25 $
 #
 0:AUE_NULL:indir system call:no
 1:AUE_EXIT:exit(2):pc
@ -140,8 +140,13 @@
 148:AUE_SETKERNSTATE:setkernstate(2):ad
 149:AUE_GETPORTAUDIT:getportaudit(2):ad
 150:AUE_AUDITSTAT:auditstat(2):ad
+151:AUE_REVOKE:revoke(2):cl
+152:AUE_MAC:Solaris AUE_MAC:no
 153:AUE_ENTERPROM:enter prom:ad
 154:AUE_EXITPROM:exit prom:ad
+155:AUE_IFLOAT:Solaris AUE_IFLOAT:no
+156:AUE_PFLOAT:Solaris AUE_PFLOAT:no
+157:AUE_UPRIV:Solaris AUE_UPRIV:no
 158:AUE_IOCTL:ioctl(2):io
 173:AUE_ONESIDE:one-sided session record:nt
 174:AUE_MSGGETL:msggetl(2):ip
@ -165,19 +170,19 @@
 196:AUE_WRITEV:writev(2):no
 197:AUE_NFS:nfs server:ad
 198:AUE_READV:readv(2):no
-199:AUE_OSTAT:old stat(2):fa
+199:AUE_OSTAT:Solaris old stat(2):fa
 200:AUE_SETUID:setuid(2):pc
 201:AUE_STIME:old stime(2):ad
 202:AUE_UTIME:old utime(2):fm
 203:AUE_NICE:old nice(2):pc
-204:AUE_OSETPGRP:old setpgrp(2):pc
+204:AUE_OSETPGRP:Solaris old setpgrp(2):pc
 205:AUE_SETGID:setgid(2):pc
 206:AUE_READL:readl(2):no
 207:AUE_READVL:readvl(2):no
 209:AUE_DUP2:dup2(2):no
 210:AUE_MMAP:mmap(2):no
 211:AUE_AUDIT:audit(2):ot
-212:AUE_PRIOCNTLSYS:priocntlsys(2):pc
+212:AUE_PRIOCNTLSYS:Solaris priocntlsys(2):pc
 213:AUE_MUNMAP:munmap(2):cl
 214:AUE_SETEGID:setegid(2):pc
 215:AUE_SETEUID:seteuid(2):pc
@ -201,7 +206,7 @@
 233:AUE_UTSSYS:utssys(2) - fusers:ad
 234:AUE_STATVFS:statvfs(2):fa
 235:AUE_XSTAT:xstat(2):fa
-236:AUE_LXSTAT:lx6stat(2):fa
+236:AUE_LXSTAT:lxstat(2):fa
 237:AUE_LCHOWN:lchown(2):fm
 238:AUE_MEMCNTL:memcntl(2):ot
 239:AUE_SYSINFO:sysinfo(2):ad
@ -230,12 +235,43 @@
 262:AUE_P_ONLINE:p_online(2):ad
 263:AUE_PROCESSOR_BIND:processor_bind(2):ad
 264:AUE_INST_SYNC:inst_sync(2):ad
+265:AUE_SOCKCONFIG:configure socket:nt
 266:AUE_SETAUDIT_ADDR:setaudit_addr(2):ad
 267:AUE_GETAUDIT_ADDR:getaudit_addr(2):ad
-268:AUE_CLOCK_SETTIME:clock_settime(2):ad
-269:AUE_NTP_ADJTIME:ntp_adjtime(2):ad
+268:AUE_UMOUNT2:Solaris umount(2):ad
+269:AUE_FSAT:fsat(2) - place holder:no
+270:AUE_OPENAT_R:openat(2) - read:fr
+271:AUE_OPENAT_RC:openat(2) - read,creat:fc,fr,fa,fm
+272:AUE_OPENAT_RT:openat(2) - read,trunc:fd,fr,fa,fm
+273:AUE_OPENAT_RTC:openat(2) - read,creat,trunc:fc,fd,fr,fa,fm
+274:AUE_OPENAT_W:openat(2) - write:fw
+275:AUE_OPENAT_WC:openat(2) - write,creat:fc,fw,fa,fm
+276:AUE_OPENAT_WT:openat(2) - write,trunc:fd,fw,fa,fm
+277:AUE_OPENAT_WTC:openat(2) - write,creat,trunc:fc,fd,fw,fa,fm
+278:AUE_OPENAT_RW:openat(2) - read,write:fr,fw
+279:AUE_OPENAT_RWC:openat(2) - read,write,create:fc,fw,fr,fa,fm
+280:AUE_OPENAT_RWTC:openat(2) - read,write,creat,trunc:fc,fd,fw,fr,fa,fm
+282:AUE_RENAMEAT:renameat(2):fc,fd
+283:AUE_FSTATAT:fstatat(2):fa
+284:AUE_FCHOWNAT:fchownat(2):fm
+285:AUE_FUTIMESAT:futimesat(2):fm
+286:AUE_UNLINKAT:unlinkat(2):fd
+287:AUE_CLOCK_SETTIME:clock_settime(2):ad
+288:AUE_NTP_ADJTIME:ntp_adjtime(2):ad
+289:AUE_SETPPRIV:setppriv(2):pc
+290:AUE_MODDEVPLCY:modctl(2) - configure device policy:ad
+291:AUE_MODADDPRIV:modctl(2) - configure additional privilege:ad
+292:AUE_CRYPTOADM:kernel cryptographic framework:ad
+293:AUE_CONFIGKSSL:configure kernel SSL:ad
+294:AUE_BRANDSYS:brandsys(2):ot
+295:AUE_PF_POLICY_ADDRULE:Add IPsec policy rule:ad
+296:AUE_PF_POLICY_DELRULE:Delete IPsec policy rule:ad
+297:AUE_PF_POLICY_CLONE:Clone IPsec policy:ad
+298:AUE_PF_POLICY_FLIP:Flip IPsec policy:ad
+299:AUE_PF_POLICY_FLUSH:Flush IPsec policy rules:ad
+300:AUE_PF_POLICY_ALGS:Update IPsec algorithms:ad
 #
-# What follows are deprecated Darwin event numbers that may someday conflict
+# What follows are deprecated Darwin event numbers that may soon conflict
 # with Solaris events.
 #
 301:AUE_DARWIN_GETFSSTAT:getfsstat(2):fa
@ -292,7 +328,7 @@
 352:AUE_DARWIN_AUDITCTL:auditctl(2):ad
 353:AUE_DARWIN_RFORK:rfork(2):pc
 354:AUE_DARWIN_LCHMOD:lchmod(2):fm
-355:AUE_DARWIN_SWAPOFF:swapoff():ad
+355:AUE_DARWIN_SWAPOFF:swapoff(2):ad
 356:AUE_DARWIN_INITPROCESS:init_process():pc
 357:AUE_DARWIN_MAPFD:map_fd():fa
 358:AUE_DARWIN_TASKFORPID:task_for_pid():pc
@ -309,7 +345,7 @@
 43005:AUE_PROFILE:profil(2):pc
 43006:AUE_KTRACE:ktrace(2):pc
 43007:AUE_SETLOGIN:setlogin(2):pc
-43008:AUE_REVOKE:revoke(2):cl
+43008:AUE_OPENBSM_REVOKE:revoke(2):cl
 43009:AUE_UMASK:umask(2):pc
 43010:AUE_MPROTECT:mprotect(2):fm
 43011:AUE_MKFIFO:mkfifo(2):fc
@ -319,7 +355,7 @@
 43015:AUE_SETPRIVEXEC:setprivexec(2):pc
 43016:AUE_ADDPROFILE:system call:pc
 43017:AUE_KDEBUGTRACE:system call:pc
-43018:AUE_FSTAT:fstat(2):fa
+43018:AUE_OPENBSM_FSTAT:fstat(2):fa
 43019:AUE_FPATHCONF:fpathconf(2):fa
 43020:AUE_GETDIRENTRIES:getdirentries(2):no
 43021:AUE_SYSCTL:sysctl(3):ot
@ -346,13 +382,13 @@
 43042:AUE_AUDITCTL:auditctl(2):ad
 43043:AUE_RFORK:rfork(2):pc
 43044:AUE_LCHMOD:lchmod(2):fm
-43045:AUE_SWAPOFF:swapoff():ad
+43045:AUE_SWAPOFF:swapoff(2):ad
 43046:AUE_INITPROCESS:init_process():pc
 43047:AUE_MAPFD:map_fd():fa
 43048:AUE_TASKFORPID:task_for_pid():pc
 43049:AUE_PIDFORTASK:pid_for_task():pc
 43050:AUE_SYSCTL_NONADMIN:sysctl() - non-admin:ot
-43051:AUE_COPYFILE:copyfile():fr,fw
+43051:AUE_COPYFILE:copyfile(2):fr,fw
 43052:AUE_LUTIMES:lutimes(2):fm
 43053:AUE_LCHFLAGS:lchflags(2):fm
 43054:AUE_SENDFILE:sendfile(2):nt
@ -444,6 +480,16 @@
 43140:AUE_LISTEN:listen(2):nt
 43141:AUE_MLOCKALL:mlockall(2):pc
 43142:AUE_MUNLOCKALL:munlockall(2):pc
+43143:AUE_CLOSEFROM:closefrom(2):cl
+43144:AUE_FEXECVE:fexecve(2):pc,ex
+43145:AUE_FACCESSAT:faccessat(2):fa
+43146:AUE_FCHMODAT:fchmodat(2):fm
+43147:AUE_LINKAT:linkat(2):fc
+43148:AUE_MKDIRAT:mkdirat(2):fc
+43149:AUE_MKFIFOAT:mkfifoat(2):fc
+43150:AUE_MKNODAT:mknodat(2):fc
+43151:AUE_READLINKAT:readlinkat(2):fr
+43152:AUE_SYMLINKAT:symlinkat(2):fc
 #
 # User space system events.
 #
--- a/contrib/openbsm/libbsm/au_control.3
+++ b/contrib/openbsm/libbsm/au_control.3
@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#8 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#9 $
 .\"
 .Dd April 19, 2005
 .Dt AU_CONTROL 3
@ -77,7 +77,7 @@ resets the database iterator to the beginning of the database; see the
 section for more information.
 .Pp
 The
-.Fn sendac
+.Fn endac
 function
 closes the
 .Xr audit_control 5
--- a/contrib/openbsm/libbsm/au_event.3
+++ b/contrib/openbsm/libbsm/au_event.3
@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_event.3#7 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_event.3#8 $
 .\"
 .Dd April 19, 2005
 .Dt AU_EVENT 3
@ -131,7 +131,7 @@ Functions
 .Fn getauevnum ,
 .Fn getauevnum_r ,
 and
-.Fn getauevnuam
+.Fn getauevnonam
 will return a reference to a
 .Vt "struct au_event_ent"
 or
--- a/contrib/openbsm/libbsm/audit_submit.3
+++ b/contrib/openbsm/libbsm/audit_submit.3
@ -27,7 +27,7 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/audit_submit.3#11 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/audit_submit.3#12 $
 .\"
 .Dd May 29, 2006
 .Dt audit_submit 3
@ -54,7 +54,7 @@ The header will contain the event class specified by
 .Fa au_event .
 The subject token will be generated based on
 .Fa au_ctx .
-The return token is dependant on the
+The return token is dependent on the
 .Fa status
 and
 .Fa reterr
--- a/contrib/openbsm/libbsm/bsm_io.c
+++ b/contrib/openbsm/libbsm/bsm_io.c
@ -32,7 +32,7 @@
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#48 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#49 $
 */

 #include <sys/types.h>
@ -1306,6 +1306,7 @@ print_arg32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
 		print_delim(fp, del);
 		print_4_bytes(fp, tok->tt.arg32.val, "0x%x");
 		print_delim(fp, del);
+		print_string(fp, tok->tt.arg32.text, tok->tt.arg32.len);
 	}
 }

--- a/contrib/openbsm/libbsm/bsm_token.c
+++ b/contrib/openbsm/libbsm/bsm_token.c
@ -30,7 +30,7 @@
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#62 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#63 $
 */

 #include <sys/types.h>
@ -411,7 +411,7 @@ au_to_in_addr_ex(struct in6_addr *internet_addr)

 	ADD_U_CHAR(dptr, AUT_IN_ADDR_EX);
 	ADD_U_INT32(dptr, type);
-	ADD_MEM(dptr, internet_addr, 5 * sizeof(uint32_t));
+	ADD_MEM(dptr, internet_addr, 4 * sizeof(uint32_t));

 	return (t);
 }