Merge OpenBSM 1.1 alpha 2 from the OpenBSM vendor branch to head, both

contrib/openbsm (svn merge) and sys/{bsm,security/audit} (manual merge).

- Add OpenBSM contrib tree to include paths for audit(8) and auditd(8).
- Merge support for new tokens, fixes to existing token generation to
  audit_bsm_token.c.
- Synchronize bsm includes and definitions.

OpenBSM history for imported revisions below for reference.

MFC after:      1 month
Sponsored by:   Apple Inc.
Obtained from:  TrustedBSD Project

--

OpenBSM 1.1 alpha 2

- Include files in OpenBSM are now broken out into two parts: library builds
  required solely for user space, and system includes, which may also be
  required for use in the kernels of systems integrating OpenBSM.  Submitted
  by Stacey Son.
- Configure option --with-native-includes allows forcing the use of native
  include for system includes, rather than the versions bundled with OpenBSM.
  This is intended specifically for platforms that ship OpenBSM, have adapted
  versions of the system includes in a kernel source tree, and will use the
  OpenBSM build infrastructure with an unmodified OpenBSM distribution,
  allowing the customized system includes to be used with the OpenBSM build.
  Submitted by Stacey Son.
- Various strcpy()'s/strcat()'s have been changed to strlcpy()'s/strlcat()'s
  or asprintf().  Added compat/strlcpy.h for Linux.
- Remove compatibility defines for old Darwin token constant names; now only
  BSM token names are provided and used.
- Add support for extended header tokens, which contain space for information
  on the host generating the record.
- Add support for setting extended host information in the kernel, which is
  used for setting host information in extended header tokens.  The
  audit_control file now supports a "host" parameter which can be used by
  auditd to set the information; if not present, the kernel parameters won't
  be set and auditd uses unextended headers for records that it generates.

OpenBSM 1.1 alpha 1

- Add option to auditreduce(1) which allows users to invert sense of
  matching, such that BSM records that do not match, are selected.
- Fix bug in audit_write() where we commit an incomplete record in the
  event there is an error writing the subject token.  This was submitted
  by Diego Giagio.
- Build support for Mac OS X 10.5.1 submitted by Eric Hall.
- Fix a bug which resulted in host XML attributes not being arguments so
  that const strings can be passed as arguments to tokens.  This patch was
  submitted by Xin LI.
- Modify the -m option so users can select more then one audit event.
- For Mac OS X, added Mach IPC support for audit trigger messages.
- Fixed a bug in getacna() which resulted in a locking problem on Mac OS X.
- Added LOG_PERROR flag to openlog when -d option is used with auditd.
- AUE events added for Mac OS X Leopard system calls.

1 files changed, 403 insertions, 40 deletions

diff --git a/contrib/openbsm/configure b/contrib/openbsm/configure
index e6056ae..e6cb1ce 100755
--- a/contrib/openbsm/configure
+++ b/contrib/openbsm/configure
@@ -1,7 +1,7 @@
 #! /bin/sh
-# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#35 .
+# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#41 .
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.61 for OpenBSM 1.0.
+# Generated by GNU Autoconf 2.61 for OpenBSM 1.1alpha2.
 #
 # Report bugs to <trustedbsd-audit@TrustesdBSD.org>.
 #
@@ -729,8 +729,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
 # Identity of this package.
 PACKAGE_NAME='OpenBSM'
 PACKAGE_TARNAME='openbsm'
-PACKAGE_VERSION='1.0'
-PACKAGE_STRING='OpenBSM 1.0'
+PACKAGE_VERSION='1.1alpha2'
+PACKAGE_STRING='OpenBSM 1.1alpha2'
 PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org'
 
 ac_unique_file="bin/auditreduce/auditreduce.c"
@@ -812,6 +812,9 @@ target_alias
 MAINTAINER_MODE_TRUE
 MAINTAINER_MODE_FALSE
 MAINT
+USE_NATIVE_INCLUDES_TRUE
+USE_NATIVE_INCLUDES_FALSE
+MIG
 CC
 CFLAGS
 LDFLAGS
@@ -880,6 +883,8 @@ am__fastdepCXX_FALSE
 LIBOBJS
 HAVE_AUDIT_SYSCALLS_TRUE
 HAVE_AUDIT_SYSCALLS_FALSE
+USE_MACH_IPC_TRUE
+USE_MACH_IPC_FALSE
 LTLIBOBJS'
 ac_subst_files=''
       ac_precious_vars='build_alias
@@ -1399,7 +1404,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures OpenBSM 1.0 to adapt to many kinds of systems.
+\`configure' configures OpenBSM 1.1alpha2 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1469,7 +1474,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of OpenBSM 1.0:";;
+     short | recursive ) echo "Configuration of OpenBSM 1.1alpha2:";;
    esac
   cat <<\_ACEOF
 
@@ -1489,6 +1494,8 @@ Optional Features:
 Optional Packages:
   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
   --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
+  --with-native-includes  Use the system native include files instead of those
+                          included with openbsm.
   --with-gnu-ld           assume the C compiler uses GNU ld [default=no]
   --with-pic              try to use only PIC/non-PIC objects [default=use
                           both]
@@ -1573,7 +1580,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-OpenBSM configure 1.0
+OpenBSM configure 1.1alpha2
 generated by GNU Autoconf 2.61
 
 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -1587,7 +1594,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by OpenBSM $as_me 1.0, which was
+It was created by OpenBSM $as_me 1.1alpha2, which was
 generated by GNU Autoconf 2.61.  Invocation command line was
 
   $ $0 $@
@@ -2001,6 +2008,77 @@ fi
 
 
 
+# --with-native-includes forces the use of the system bsm headers.
+
+# Check whether --with-native-includes was given.
+if test "${with_native_includes+set}" = set; then
+  withval=$with_native_includes;
+
+cat >>confdefs.h <<\_ACEOF
+#define USE_NATIVE_INCLUDES
+_ACEOF
+
+use_native_includes=true
+
+else
+  use_native_includes=false
+fi
+
+ if $use_native_includes; then
+  USE_NATIVE_INCLUDES_TRUE=
+  USE_NATIVE_INCLUDES_FALSE='#'
+else
+  USE_NATIVE_INCLUDES_TRUE='#'
+  USE_NATIVE_INCLUDES_FALSE=
+fi
+
+
+for ac_prog in mig
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
+if test "${ac_cv_path_MIG+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  case $MIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_MIG="$MIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_path_MIG="$as_dir/$ac_word$ac_exec_ext"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+MIG=$ac_cv_path_MIG
+if test -n "$MIG"; then
+  { echo "$as_me:$LINENO: result: $MIG" >&5
+echo "${ECHO_T}$MIG" >&6; }
+else
+  { echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+fi
+
+
+  test -n "$MIG" && break
+done
+
+
 # Checks for programs.
 ac_ext=c
 ac_cpp='$CPP $CPPFLAGS'
@@ -3809,7 +3887,7 @@ ia64-*-hpux*)
   ;;
 *-*-irix6*)
   # Find out which ABI we are using.
-  echo '#line 3812 "configure"' > conftest.$ac_ext
+  echo '#line 3890 "configure"' > conftest.$ac_ext
   if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
@@ -6443,11 +6521,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:6446: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:6524: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:6450: \$? = $ac_status" >&5
+   echo "$as_me:6528: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -6733,11 +6811,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:6736: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:6814: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:6740: \$? = $ac_status" >&5
+   echo "$as_me:6818: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -6837,11 +6915,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:6840: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:6918: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:6844: \$? = $ac_status" >&5
+   echo "$as_me:6922: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -9186,7 +9264,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<EOF
-#line 9189 "configure"
+#line 9267 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -9286,7 +9364,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<EOF
-#line 9289 "configure"
+#line 9367 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -11706,11 +11784,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:11709: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:11787: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:11713: \$? = $ac_status" >&5
+   echo "$as_me:11791: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -11810,11 +11888,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:11813: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:11891: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:11817: \$? = $ac_status" >&5
+   echo "$as_me:11895: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -13372,11 +13450,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:13375: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:13453: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:13379: \$? = $ac_status" >&5
+   echo "$as_me:13457: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -13476,11 +13554,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:13479: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:13557: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:13483: \$? = $ac_status" >&5
+   echo "$as_me:13561: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -15663,11 +15741,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:15666: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:15744: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:15670: \$? = $ac_status" >&5
+   echo "$as_me:15748: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -15953,11 +16031,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:15956: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:16034: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:15960: \$? = $ac_status" >&5
+   echo "$as_me:16038: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -16057,11 +16135,11 @@ else
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:16060: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:16138: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:16064: \$? = $ac_status" >&5
+   echo "$as_me:16142: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -18998,7 +19076,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE=OpenBSM
- VERSION=1.0
+ VERSION=1.1alpha2
 
 
 cat >>confdefs.h <<_ACEOF
@@ -20403,6 +20481,116 @@ _ACEOF
 fi
 
 
+{ echo "$as_me:$LINENO: checking for struct ipc_perm._key" >&5
+echo $ECHO_N "checking for struct ipc_perm._key... $ECHO_C" >&6; }
+if test "${ac_cv_member_struct_ipc_perm__key+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <sys/ipc.h>
+
+
+int
+main ()
+{
+static struct ipc_perm ac_aggr;
+if (ac_aggr._key)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_ipc_perm__key=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <sys/ipc.h>
+
+
+int
+main ()
+{
+static struct ipc_perm ac_aggr;
+if (sizeof ac_aggr._key)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_ipc_perm__key=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_member_struct_ipc_perm__key=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_ipc_perm__key" >&5
+echo "${ECHO_T}$ac_cv_member_struct_ipc_perm__key" >&6; }
+if test $ac_cv_member_struct_ipc_perm__key = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_IPC_PERM__KEY
+_ACEOF
+
+fi
+
+
 { echo "$as_me:$LINENO: checking for struct ipc_perm.__seq" >&5
 echo $ECHO_N "checking for struct ipc_perm.__seq... $ECHO_C" >&6; }
 if test "${ac_cv_member_struct_ipc_perm___seq+set}" = set; then
@@ -20513,6 +20701,116 @@ _ACEOF
 fi
 
 
+{ echo "$as_me:$LINENO: checking for struct ipc_perm._seq" >&5
+echo $ECHO_N "checking for struct ipc_perm._seq... $ECHO_C" >&6; }
+if test "${ac_cv_member_struct_ipc_perm__seq+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <sys/ipc.h>
+
+
+int
+main ()
+{
+static struct ipc_perm ac_aggr;
+if (ac_aggr._seq)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_ipc_perm__seq=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+#include <sys/types.h>
+#include <sys/ipc.h>
+
+
+int
+main ()
+{
+static struct ipc_perm ac_aggr;
+if (sizeof ac_aggr._seq)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_cv_member_struct_ipc_perm__seq=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_member_struct_ipc_perm__seq=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_member_struct_ipc_perm__seq" >&5
+echo "${ECHO_T}$ac_cv_member_struct_ipc_perm__seq" >&6; }
+if test $ac_cv_member_struct_ipc_perm__seq = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_IPC_PERM__SEQ
+_ACEOF
+
+fi
+
+
 { echo "$as_me:$LINENO: checking whether time.h and sys/time.h may both be included" >&5
 echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6; }
 if test "${ac_cv_header_time+set}" = set; then
@@ -22503,7 +22801,8 @@ done
 
 
 
-for ac_func in bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strlcat strrchr strstr strtol strtoul
+
+for ac_func in bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strlcat strlcpy strrchr strstr strtol strtoul
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
 { echo "$as_me:$LINENO: checking for $ac_func" >&5
@@ -22732,7 +23031,50 @@ else
 fi
 
 
-ac_config_files="$ac_config_files Makefile bin/Makefile bin/audit/Makefile bin/auditd/Makefile bin/auditfilterd/Makefile bin/auditreduce/Makefile bin/praudit/Makefile bsm/Makefile libbsm/Makefile modules/Makefile modules/auditfilter_noop/Makefile man/Makefile test/Makefile test/bsm/Makefile tools/Makefile"
+# Check to see if Mach IPC is used for trigger messages.  If so, use Mach IPC
+# instead of the default for sending trigger messages to the audit components.
+{ echo "$as_me:$LINENO: checking for /usr/include/mach/audit_triggers.defs" >&5
+echo $ECHO_N "checking for /usr/include/mach/audit_triggers.defs... $ECHO_C" >&6; }
+if test "${ac_cv_file__usr_include_mach_audit_triggers_defs+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  test "$cross_compiling" = yes &&
+  { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5
+echo "$as_me: error: cannot check for file existence when cross compiling" >&2;}
+   { (exit 1); exit 1; }; }
+if test -r "/usr/include/mach/audit_triggers.defs"; then
+  ac_cv_file__usr_include_mach_audit_triggers_defs=yes
+else
+  ac_cv_file__usr_include_mach_audit_triggers_defs=no
+fi
+fi
+{ echo "$as_me:$LINENO: result: $ac_cv_file__usr_include_mach_audit_triggers_defs" >&5
+echo "${ECHO_T}$ac_cv_file__usr_include_mach_audit_triggers_defs" >&6; }
+if test $ac_cv_file__usr_include_mach_audit_triggers_defs = yes; then
+
+
+cat >>confdefs.h <<\_ACEOF
+#define USE_MACH_IPC
+_ACEOF
+
+use_mach_ipc=true
+
+else
+
+use_mach_ipc=false
+
+fi
+
+ if $use_mach_ipc; then
+  USE_MACH_IPC_TRUE=
+  USE_MACH_IPC_FALSE='#'
+else
+  USE_MACH_IPC_TRUE='#'
+  USE_MACH_IPC_FALSE=
+fi
+
+
+ac_config_files="$ac_config_files Makefile bin/Makefile bin/audit/Makefile bin/auditd/Makefile bin/auditfilterd/Makefile bin/auditreduce/Makefile bin/praudit/Makefile bsm/Makefile libbsm/Makefile modules/Makefile modules/auditfilter_noop/Makefile man/Makefile sys/Makefile sys/bsm/Makefile test/Makefile test/bsm/Makefile tools/Makefile"
 
 
 cat >confcache <<\_ACEOF
@@ -22838,6 +23180,13 @@ echo "$as_me: error: conditional \"MAINTAINER_MODE\" was never defined.
 Usually this means the macro was only invoked conditionally." >&2;}
    { (exit 1); exit 1; }; }
 fi
+if test -z "${USE_NATIVE_INCLUDES_TRUE}" && test -z "${USE_NATIVE_INCLUDES_FALSE}"; then
+  { { echo "$as_me:$LINENO: error: conditional \"USE_NATIVE_INCLUDES\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"USE_NATIVE_INCLUDES\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
 if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
   { { echo "$as_me:$LINENO: error: conditional \"AMDEP\" was never defined.
 Usually this means the macro was only invoked conditionally." >&5
@@ -22866,6 +23215,13 @@ echo "$as_me: error: conditional \"HAVE_AUDIT_SYSCALLS\" was never defined.
 Usually this means the macro was only invoked conditionally." >&2;}
    { (exit 1); exit 1; }; }
 fi
+if test -z "${USE_MACH_IPC_TRUE}" && test -z "${USE_MACH_IPC_FALSE}"; then
+  { { echo "$as_me:$LINENO: error: conditional \"USE_MACH_IPC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&5
+echo "$as_me: error: conditional \"USE_MACH_IPC\" was never defined.
+Usually this means the macro was only invoked conditionally." >&2;}
+   { (exit 1); exit 1; }; }
+fi
 
 : ${CONFIG_STATUS=./config.status}
 ac_clean_files_save=$ac_clean_files
@@ -23166,7 +23522,7 @@ exec 6>&1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by OpenBSM $as_me 1.0, which was
+This file was extended by OpenBSM $as_me 1.1alpha2, which was
 generated by GNU Autoconf 2.61.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -23219,7 +23575,7 @@ Report bugs to <bug-autoconf@gnu.org>."
 _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF
 ac_cs_version="\\
-OpenBSM config.status 1.0
+OpenBSM config.status 1.1alpha2
 configured by $0, generated by GNU Autoconf 2.61,
   with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
 
@@ -23347,6 +23703,8 @@ do
     "modules/Makefile") CONFIG_FILES="$CONFIG_FILES modules/Makefile" ;;
     "modules/auditfilter_noop/Makefile") CONFIG_FILES="$CONFIG_FILES modules/auditfilter_noop/Makefile" ;;
     "man/Makefile") CONFIG_FILES="$CONFIG_FILES man/Makefile" ;;
+    "sys/Makefile") CONFIG_FILES="$CONFIG_FILES sys/Makefile" ;;
+    "sys/bsm/Makefile") CONFIG_FILES="$CONFIG_FILES sys/bsm/Makefile" ;;
     "test/Makefile") CONFIG_FILES="$CONFIG_FILES test/Makefile" ;;
     "test/bsm/Makefile") CONFIG_FILES="$CONFIG_FILES test/bsm/Makefile" ;;
     "tools/Makefile") CONFIG_FILES="$CONFIG_FILES tools/Makefile" ;;
@@ -23452,6 +23810,9 @@ target_alias!$target_alias$ac_delim
 MAINTAINER_MODE_TRUE!$MAINTAINER_MODE_TRUE$ac_delim
 MAINTAINER_MODE_FALSE!$MAINTAINER_MODE_FALSE$ac_delim
 MAINT!$MAINT$ac_delim
+USE_NATIVE_INCLUDES_TRUE!$USE_NATIVE_INCLUDES_TRUE$ac_delim
+USE_NATIVE_INCLUDES_FALSE!$USE_NATIVE_INCLUDES_FALSE$ac_delim
+MIG!$MIG$ac_delim
 CC!$CC$ac_delim
 CFLAGS!$CFLAGS$ac_delim
 LDFLAGS!$LDFLAGS$ac_delim
@@ -23506,9 +23867,6 @@ AMTAR!$AMTAR$ac_delim
 am__tar!$am__tar$ac_delim
 am__untar!$am__untar$ac_delim
 DEPDIR!$DEPDIR$ac_delim
-am__include!$am__include$ac_delim
-am__quote!$am__quote$ac_delim
-AMDEP_TRUE!$AMDEP_TRUE$ac_delim
 _ACEOF
 
   if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
@@ -23550,6 +23908,9 @@ _ACEOF
 ac_delim='%!_!# '
 for ac_last_try in false false false false false :; do
   cat >conf$$subs.sed <<_ACEOF
+am__include!$am__include$ac_delim
+am__quote!$am__quote$ac_delim
+AMDEP_TRUE!$AMDEP_TRUE$ac_delim
 AMDEP_FALSE!$AMDEP_FALSE$ac_delim
 AMDEPBACKSLASH!$AMDEPBACKSLASH$ac_delim
 CCDEPMODE!$CCDEPMODE$ac_delim
@@ -23561,10 +23922,12 @@ am__fastdepCXX_FALSE!$am__fastdepCXX_FALSE$ac_delim
 LIBOBJS!$LIBOBJS$ac_delim
 HAVE_AUDIT_SYSCALLS_TRUE!$HAVE_AUDIT_SYSCALLS_TRUE$ac_delim
 HAVE_AUDIT_SYSCALLS_FALSE!$HAVE_AUDIT_SYSCALLS_FALSE$ac_delim
+USE_MACH_IPC_TRUE!$USE_MACH_IPC_TRUE$ac_delim
+USE_MACH_IPC_FALSE!$USE_MACH_IPC_FALSE$ac_delim
 LTLIBOBJS!$LTLIBOBJS$ac_delim
 _ACEOF
 
-  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 12; then
+  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 17; then
     break
   elif $ac_last_try; then
     { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5