Merge OpenBSM alpha 4 from OpenBSM vendor branch to head, both

contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual
merge).  Add libauditd build parts and add to auditd's linkage;
force libbsm to build before libauditd.

OpenBSM history for imported revisions below for reference.

MFC after:      1 month
Sponsored by:   Apple Inc.
Obtained from:  TrustedBSD Project

OpenBSM 1.1 alpha 4

- With the addition of BSM error number mapping, we also need to map the
  local error number passed to audit_submit(3) to a BSM error number,
  rather than have the caller perform that conversion.
- Reallocate user audit events to avoid collisions with Solaris; adopt a
  more formal allocation scheme, and add some events allocated in Solaris
  that will be of immediate use on other platforms.
- Add an event for Calife.
- Add au_strerror(3), which allows generating strings for BSM errors
  directly, rather than requiring applications to map to the local error
  space, which might not be able to entirely represent the BSM error
  number space.
- Major auditd rewrite for launchd(8) support.  Add libauditd library
  that is shared between launchd and auditd.
- Add AUDIT_TRIGGER_INITIALIZE trigger (sent via 'audit -i') for
  (re)starting auditing under launchd(8) on Mac OS X.
- Add 'current' symlink to active audit trail.
- Add crash recovery of previous audit trail file when detected on audit
  startup that it has not been properly terminated.
- Add the event AUE_audit_recovery to indicated when an audit trail file
  has been recovered from not being properly terminated.  This event is
  stored in the new audit trail file and includes the path of recovered
  audit trail file.
- Mac OS X and FreeBSD dependent code in auditd.c is separated into
  auditd_darwin.c and auditd_fbsd.c files.
- Add an event for the posix_spawn(2) and fsgetpath(2) Mac OS X system
  calls.
- For Mac OS X, we use ASL(3) instead of syslog(3) for logging.
- Add support for NOTICE level logging.

OpenBSM 1.1 alpha 3

- Add two new functions, au_bsm_to_errno() and au_errno_to_bsm(), to map
  between BSM error numbers (largely the Solaris definitions) and local
  errno(2) values for 32-bit and 64-bit return tokens.  This is required
  as operating systems don't agree on some of the values of more recent
  error numbers.
- Fix a bug how au_to_exec_args(3) and au_to_exec_env(3) calculates the
  total size for the token.  This buge.
- Deprecated Darwin constants, such as TRAILER_PAD_MAGIC, removed.

7 files changed, 1100 insertions, 99 deletions

diff --git a/sys/bsm/audit.h b/sys/bsm/audit.h
index 029919f..284b0bd 100644
--- a/sys/bsm/audit.h
+++ b/sys/bsm/audit.h
@@ -33,9 +33,14 @@
 #ifndef _BSM_AUDIT_H
 #define	_BSM_AUDIT_H
 
+#ifdef	__APPLE__
+/* Temporary until rdar://problem/6133383 is resolved. */
+#include <sys/types.h>
 #include <sys/param.h>
+#include <sys/socket.h>
 #include <sys/cdefs.h>
 #include <sys/queue.h>
+#endif /* __APPLE__ */
 
 #define	AUDIT_RECORD_MAGIC	0x828a0f1b
 #define	MAX_AUDIT_RECORDS	20
@@ -60,8 +65,9 @@
 #define	AUDIT_TRIGGER_READ_FILE		3	/* Re-read config file. */
 #define	AUDIT_TRIGGER_CLOSE_AND_DIE	4	/* Terminate audit. */
 #define	AUDIT_TRIGGER_NO_SPACE		5	/* Below min free space. */
-#define	AUDIT_TRIGGER_ROTATE_USER	6	/* User requests roate. */
-#define	AUDIT_TRIGGER_MAX		6
+#define	AUDIT_TRIGGER_ROTATE_USER	6	/* User requests rotate. */
+#define	AUDIT_TRIGGER_INITIALIZE	7	/* Initialize audit. */
+#define	AUDIT_TRIGGER_MAX		7
 
 /*
  * The special device filename (FreeBSD).
@@ -72,7 +78,9 @@
 /*
  * Pre-defined audit IDs
  */
-#define	AU_DEFAUDITID	-1
+#define	AU_DEFAUDITID	(uid_t)(-1)
+#define	AU_DEFAUDITSID	 0
+#define	AU_ASSIGN_ASID	-1
 
 /*
  * IPC types.
@@ -116,6 +124,7 @@
 #define	A_GETKAUDIT	29
 #define	A_SETKAUDIT	30
 #define	A_SENDTRIGGER	31
+#define	A_GETSINFO_ADDR	32
 
 /*
  * Audit policy controls.
@@ -196,6 +205,7 @@ struct auditinfo_addr {
 	au_mask_t	ai_mask;	/* Audit masks. */
 	au_tid_addr_t	ai_termid;	/* Terminal ID. */
 	au_asid_t	ai_asid;	/* Audit session ID. */
+	u_int64_t	ai_flags;	/* Audit session flags. */
 };
 typedef	struct auditinfo_addr	auditinfo_addr_t;
 
@@ -205,6 +215,7 @@ struct auditpinfo {
 	au_mask_t	ap_mask;	/* Audit masks. */
 	au_tid_t	ap_termid;	/* Terminal ID. */
 	au_asid_t	ap_asid;	/* Audit session ID. */
+	u_int64_t	ap_flags;	/* Audit session flags. */
 };
 typedef	struct auditpinfo	auditpinfo_t;
 
@@ -217,6 +228,16 @@ struct auditpinfo_addr {
 };
 typedef	struct auditpinfo_addr	auditpinfo_addr_t;
 
+struct au_session {
+	auditinfo_addr_t	*as_aia_p;	/* Ptr to full audit info. */
+#define	as_asid			as_aia_p->ai_asid
+#define	as_auid			as_aia_p->ai_auid
+#define	as_termid		as_aia_p->ai_termid
+
+	au_mask_t		 as_mask;	/* Process Audit Masks. */
+};
+typedef struct au_session       au_session_t;
+
 /*
  * Contents of token_t are opaque outside of libbsm.
  */
diff --git a/sys/bsm/audit_errno.h b/sys/bsm/audit_errno.h
new file mode 100644
index 0000000..5fe2d3e
--- /dev/null
+++ b/sys/bsm/audit_errno.h
@@ -0,0 +1,215 @@
+/*-
+ * Copyright (c) 2008 Apple Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE. 
+ *
+ * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_errno.h#4
+ * $FreeBSD$
+ */
+
+#ifndef _BSM_AUDIT_ERRNO_H_
+#define	_BSM_AUDIT_ERRNO_H_
+
+/*
+ * For the purposes of portable encoding, we convert between local error
+ * numbers and Solaris error numbers (as well as some extensions for error
+ * numbers that don't exist in Solaris).  Although the first 35 or so
+ * constants are the same across all OS's, we don't handle that in any
+ * special way.
+ *
+ * When adding constants here, also add them to bsm_errno.c.
+ */
+#define	BSM_ESUCCESS		0
+#define	BSM_EPERM		1
+#define	BSM_ENOENT		2
+#define	BSM_ESRCH		3
+#define	BSM_EINTR		4
+#define	BSM_EIO			5
+#define	BSM_ENXIO		6
+#define	BSM_E2BIG		7
+#define	BSM_ENOEXEC		8
+#define	BSM_EBADF		9
+#define	BSM_ECHILD		10
+#define	BSM_EAGAIN		11
+#define	BSM_ENOMEM		12
+#define	BSM_EACCES		13
+#define	BSM_EFAULT		14
+#define	BSM_ENOTBLK		15
+#define	BSM_EBUSY		16
+#define	BSM_EEXIST		17
+#define	BSM_EXDEV		18
+#define	BSM_ENODEV		19
+#define	BSM_ENOTDIR		20
+#define	BSM_EISDIR		21
+#define	BSM_EINVAL		22
+#define	BSM_ENFILE		23
+#define	BSM_EMFILE		24
+#define	BSM_ENOTTY		25
+#define	BSM_ETXTBSY		26
+#define	BSM_EFBIG		27
+#define	BSM_ENOSPC		28
+#define	BSM_ESPIPE		29
+#define	BSM_EROFS		30
+#define	BSM_EMLINK		31
+#define	BSM_EPIPE		32
+#define	BSM_EDOM		33
+#define	BSM_ERANGE		34
+#define	BSM_ENOMSG		35
+#define	BSM_EIDRM		36
+#define	BSM_ECHRNG		37	/* Solaris/Linux-specific. */
+#define	BSM_EL2NSYNC		38	/* Solaris/Linux-specific. */
+#define	BSM_EL3HLT		39	/* Solaris/Linux-specific. */
+#define	BSM_EL3RST		40	/* Solaris/Linux-specific. */
+#define	BSM_ELNRNG		41	/* Solaris/Linux-specific. */
+#define	BSM_EUNATCH		42	/* Solaris/Linux-specific. */
+#define	BSM_ENOCSI		43	/* Solaris/Linux-specific. */
+#define	BSM_EL2HLT		44	/* Solaris/Linux-specific. */
+#define	BSM_EDEADLK		45
+#define	BSM_ENOLCK		46
+#define	BSM_ECANCELED		47
+#define	BSM_ENOTSUP		48
+#define	BSM_EDQUOT		49
+#define	BSM_EBADE		50	/* Solaris/Linux-specific. */
+#define	BSM_EBADR		51	/* Solaris/Linux-specific. */
+#define	BSM_EXFULL		52	/* Solaris/Linux-specific. */
+#define	BSM_ENOANO		53	/* Solaris/Linux-specific. */
+#define	BSM_EBADRQC		54	/* Solaris/Linux-specific. */
+#define	BSM_EBADSLT		55	/* Solaris/Linux-specific. */
+#define	BSM_EDEADLOCK		56	/* Solaris-specific. */
+#define	BSM_EBFONT		57	/* Solaris/Linux-specific. */
+#define	BSM_EOWNERDEAD		58	/* Solaris/Linux-specific. */
+#define	BSM_ENOTRECOVERABLE	59	/* Solaris/Linux-specific. */
+#define	BSM_ENOSTR		60	/* Solaris/Darwin/Linux-specific. */
+#define	BSM_ENODATA		61	/* Solaris/Darwin/Linux-specific. */
+#define	BSM_ETIME		62	/* Solaris/Darwin/Linux-specific. */
+#define	BSM_ENOSR		63	/* Solaris/Darwin/Linux-specific. */
+#define	BSM_ENONET		64	/* Solaris/Linux-specific. */
+#define	BSM_ENOPKG		65	/* Solaris/Linux-specific. */
+#define	BSM_EREMOTE		66
+#define	BSM_ENOLINK		67
+#define	BSM_EADV		68	/* Solaris/Linux-specific. */
+#define	BSM_ESRMNT		69	/* Solaris/Linux-specific. */
+#define	BSM_ECOMM		70	/* Solaris/Linux-specific. */
+#define	BSM_EPROTO		71
+#define	BSM_ELOCKUNMAPPED	72	/* Solaris-specific. */
+#define	BSM_ENOTACTIVE		73	/* Solaris-specific. */
+#define	BSM_EMULTIHOP		74
+#define	BSM_EBADMSG		77
+#define	BSM_ENAMETOOLONG	78
+#define	BSM_EOVERFLOW		79
+#define	BSM_ENOTUNIQ		80	/* Solaris/Linux-specific. */
+#define	BSM_EBADFD		81	/* Solaris/Linux-specific. */
+#define	BSM_EREMCHG		82	/* Solaris/Linux-specific. */
+#define	BSM_ELIBACC		83	/* Solaris/Linux-specific. */
+#define	BSM_ELIBBAD		84	/* Solaris/Linux-specific. */
+#define	BSM_ELIBSCN		85	/* Solaris/Linux-specific. */
+#define	BSM_ELIBMAX		86	/* Solaris/Linux-specific. */
+#define	BSM_ELIBEXEC		87	/* Solaris/Linux-specific. */
+#define	BSM_EILSEQ		88
+#define	BSM_ENOSYS		89
+#define	BSM_ELOOP		90
+#define	BSM_ERESTART		91
+#define	BSM_ESTRPIPE		92	/* Solaris/Linux-specific. */
+#define	BSM_ENOTEMPTY		93
+#define	BSM_EUSERS		94
+#define	BSM_ENOTSOCK		95
+#define	BSM_EDESTADDRREQ	96
+#define	BSM_EMSGSIZE		97
+#define	BSM_EPROTOTYPE		98
+#define	BSM_ENOPROTOOPT		99
+#define	BSM_EPROTONOSUPPORT	120
+#define	BSM_ESOCKTNOSUPPORT	121
+#define	BSM_EOPNOTSUPP		122
+#define	BSM_EPFNOSUPPORT	123
+#define	BSM_EAFNOSUPPORT	124
+#define	BSM_EADDRINUSE		125
+#define	BSM_EADDRNOTAVAIL	126
+#define	BSM_ENETDOWN		127
+#define	BSM_ENETUNREACH		128
+#define	BSM_ENETRESET		129
+#define	BSM_ECONNABORTED	130
+#define	BSM_ECONNRESET		131
+#define	BSM_ENOBUFS		132
+#define	BSM_EISCONN		133
+#define	BSM_ENOTCONN		134
+#define	BSM_ESHUTDOWN		143
+#define	BSM_ETOOMANYREFS	144
+#define	BSM_ETIMEDOUT		145
+#define	BSM_ECONNREFUSED	146
+#define	BSM_EHOSTDOWN		147
+#define	BSM_EHOSTUNREACH	148
+#define	BSM_EALREADY		149
+#define	BSM_EINPROGRESS		150
+#define	BSM_ESTALE		151
+
+/*
+ * OpenBSM constants for error numbers not defined in Solaris.  In the event
+ * that these errors are added to Solaris, we will deprecate the OpenBSM
+ * numbers in the same way we do for audit event constants.
+ *
+ * ELAST doesn't get a constant in the BSM space.
+ */
+#define	BSM_EPROCLIM		190	/* FreeBSD/Darwin-specific. */
+#define	BSM_EBADRPC		191	/* FreeBSD/Darwin-specific. */
+#define	BSM_ERPCMISMATCH	192	/* FreeBSD/Darwin-specific. */
+#define	BSM_EPROGUNAVAIL	193	/* FreeBSD/Darwin-specific. */
+#define	BSM_EPROGMISMATCH	194	/* FreeBSD/Darwin-specific. */
+#define	BSM_EPROCUNAVAIL	195	/* FreeBSD/Darwin-specific. */
+#define	BSM_EFTYPE		196	/* FreeBSD/Darwin-specific. */
+#define	BSM_EAUTH		197	/* FreeBSD/Darwin-specific. */
+#define	BSM_ENEEDAUTH		198	/* FreeBSD/Darwin-specific. */
+#define	BSM_ENOATTR		199	/* FreeBSD/Darwin-specific. */
+#define	BSM_EDOOFUS		200	/* FreeBSD-specific. */
+#define	BSM_EJUSTRETURN		201	/* FreeBSD-specific. */
+#define	BSM_ENOIOCTL		202	/* FreeBSD-specific. */
+#define	BSM_EDIRIOCTL		203	/* FreeBSD-specific. */
+#define	BSM_EPWROFF		204	/* Darwin-specific. */
+#define	BSM_EDEVERR		205	/* Darwin-specific. */
+#define	BSM_EBADEXEC		206	/* Darwin-specific. */
+#define	BSM_EBADARCH		207	/* Darwin-specific. */
+#define	BSM_ESHLIBVERS		208	/* Darwin-specific. */
+#define	BSM_EBADMACHO		209	/* Darwin-specific. */
+#define	BSM_EPOLICY		210	/* Darwin-specific. */
+#define	BSM_EDOTDOT		211	/* Linux-specific. */
+#define	BSM_EUCLEAN		212	/* Linux-specific. */
+#define	BSM_ENOTNAM		213	/* Linux(Xenix?)-specific. */
+#define	BSM_ENAVAIL		214	/* Linux(Xenix?)-specific. */
+#define	BSM_EISNAM		215	/* Linux(Xenix?)-specific. */
+#define	BSM_EREMOTEIO		216	/* Linux-specific. */
+#define	BSM_ENOMEDIUM		217	/* Linux-specific. */
+#define	BSM_EMEDIUMTYPE		218	/* Linux-specific. */
+#define	BSM_ENOKEY		219	/* Linux-specific. */
+#define	BSM_EKEYEXPIRED		220	/* Linux-specific. */
+#define	BSM_EKEYREVOKED		221	/* Linux-specific. */
+#define	BSM_EKEYREJECTED	222	/* Linux-specific. */
+
+/*
+ * In the event that OpenBSM doesn't have a file representation of a local
+ * error number, use this.
+ */
+#define	BSM_UNKNOWNERR		250	/* OpenBSM-specific. */
+
+#endif /* !_BSM_AUDIT_ERRNO_H_ */
diff --git a/sys/bsm/audit_internal.h b/sys/bsm/audit_internal.h
index dc583ab..e4ad353 100644
--- a/sys/bsm/audit_internal.h
+++ b/sys/bsm/audit_internal.h
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2005 Apple Inc.
+ * Copyright (c) 2005-2008 Apple Inc.
  * Copyright (c) 2005 SPARTA, Inc.
  * All rights reserved.
  *
diff --git a/sys/bsm/audit_kevents.h b/sys/bsm/audit_kevents.h
index a881d78..950462a 100644
--- a/sys/bsm/audit_kevents.h
+++ b/sys/bsm/audit_kevents.h
@@ -59,7 +59,6 @@
 #define	AUE_UMOUNT		12
 #define	AUE_JUNK		13	/* Solaris-specific. */
 #define	AUE_ACCESS		14
-#define	AUE_CHECKUSERACCESS	AUE_ACCESS	/* Darwin-specific. */
 #define	AUE_KILL		15
 #define	AUE_STAT		16
 #define	AUE_LSTAT		17
@@ -561,7 +560,7 @@
 #define	AUE_ACCESS_EXTENDED	43162	/* Darwin. */
 #define	AUE_CHMOD_EXTENDED	43163	/* Darwin. */
 #define	AUE_FCHMOD_EXTENDED	43164	/* Darwin. */
-#define	AUE_FSTAT_EXTENDED	43165	/* Dariwn. */
+#define	AUE_FSTAT_EXTENDED	43165	/* Darwin. */
 #define	AUE_LSTAT_EXTENDED	43166	/* Darwin. */
 #define	AUE_MKDIR_EXTENDED	43167	/* Darwin. */
 #define	AUE_MKFIFO_EXTENDED	43168	/* Darwin. */
@@ -586,6 +585,8 @@
 #define	AUE_CAP_GETRIGHTS	43187	/* TrustedBSD. */
 #define	AUE_CAP_ENTER		43188	/* TrustedBSD. */
 #define	AUE_CAP_GETMODE		43189	/* TrustedBSD. */
+#define	AUE_POSIX_SPAWN		43190	/* Darwin. */
+#define	AUE_FSGETPATH		43191	/* Darwin. */
 
 /*
  * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
@@ -657,13 +658,42 @@
 /*
  * Possible desired future values based on review of BSD/Darwin system calls.
  */
+#define	AUE_ACCESSEXTENDED	AUE_NULL
+#define	AUE_ATGETMSG		AUE_NULL
+#define	AUE_ATPUTMSG		AUE_NULL
+#define	AUE_ATSOCKET		AUE_NULL
+#define	AUE_ATPGETREQ		AUE_NULL
+#define	AUE_ATPGETRSP		AUE_NULL
+#define	AUE_ATPSNDREQ		AUE_NULL
+#define	AUE_ATPSNDRSP		AUE_NULL
+#define	AUE_BSDTHREADCREATE	AUE_NULL
+#define	AUE_BSDTHREADTERMINATE	AUE_NULL
+#define	AUE_BSDTHREADREGISTER	AUE_NULL
+#define	AUE_CHMODEXTENDED	AUE_NULL
+#define	AUE_CHUD		AUE_NULL
+#define	AUE_CSOPS		AUE_NULL
 #define	AUE_DUP			AUE_NULL
+#define	AUE_FCHMODEXTENDED	AUE_NULL
+#define	AUE_FDATASYNC		AUE_NULL
+#define	AUE_FFSCTL		AUE_NULL
+#define	AUE_FGETATTRLIST	AUE_NULL
+#define	AUE_FGETXATTR		AUE_NULL
+#define	AUE_FLISTXATTR		AUE_NULL
+#define	AUE_FREMOVEXATTR	AUE_NULL
 #define	AUE_FSCTL		AUE_NULL
+#define	AUE_FSETATTRLIST	AUE_NULL
+#define	AUE_FSETXATTR		AUE_NULL
+#define	AUE_FSTATEXTENDED	AUE_NULL
+#define	AUE_FSTATFS64		AUE_NULL
 #define	AUE_FSTATV		AUE_NULL
+#define	AUE_FSTAT64		AUE_NULL
+#define	AUE_FSTAT64EXTENDED	AUE_NULL
 #define	AUE_GCCONTROL		AUE_NULL
+#define	AUE_GETDIRENTRIES64	AUE_NULL
 #define	AUE_GETDTABLESIZE	AUE_NULL
 #define	AUE_GETEGID		AUE_NULL
 #define	AUE_GETEUID		AUE_NULL
+#define	AUE_GETFSSTAT64		AUE_NULL
 #define	AUE_GETGID		AUE_NULL
 #define	AUE_GETGROUPS		AUE_NULL
 #define	AUE_GETITIMER		AUE_NULL
@@ -676,24 +706,53 @@
 #define	AUE_GETPRIORITY		AUE_NULL
 #define	AUE_GETRLIMIT		AUE_NULL
 #define	AUE_GETRUSAGE		AUE_NULL
+#define	AUE_GETSGROUPS		AUE_NULL
 #define	AUE_GETSID		AUE_NULL
 #define	AUE_GETSOCKNAME		AUE_NULL
 #define	AUE_GETTIMEOFDAY	AUE_NULL
+#define	AUE_GETTID		AUE_NULL
 #define	AUE_GETUID		AUE_NULL
 #define	AUE_GETSOCKOPT		AUE_NULL
-#define	AUE_GTSOCKOPT		AUE_GETSOCKOPT	/* XXX: Typo in Darwin. */
+#define	AUE_GETWGROUPS		AUE_NULL
+#define	AUE_GETXATTR		AUE_NULL
+#define	AUE_IDENTITYSVC		AUE_NULL
+#define	AUE_INITGROUPS		AUE_NULL
+#define	AUE_IOPOLICYSYS		AUE_NULL
 #define	AUE_ISSETUGID		AUE_NULL
+#define	AUE_LIOLISTIO		AUE_NULL
+#define	AUE_LISTXATTR		AUE_NULL
+#define	AUE_LSTATEXTENDED	AUE_NULL
 #define	AUE_LSTATV		AUE_NULL
+#define	AUE_LSTAT64		AUE_NULL
+#define	AUE_LSTAT64EXTENDED	AUE_NULL
 #define	AUE_MADVISE		AUE_NULL
 #define	AUE_MINCORE		AUE_NULL
 #define	AUE_MKCOMPLEX		AUE_NULL
+#define	AUE_MKDIREXTENDED	AUE_NULL
+#define	AUE_MKFIFOEXTENDED	AUE_NULL
 #define	AUE_MODWATCH		AUE_NULL
 #define	AUE_MSGCL		AUE_NULL
 #define	AUE_MSYNC		AUE_NULL
+#define	AUE_OPENEXTENDED	AUE_NULL
 #define	AUE_PREAD		AUE_NULL
 #define	AUE_PWRITE		AUE_NULL
 #define	AUE_PREADV		AUE_NULL
+#define	AUE_PROCINFO		AUE_NULL
+#define	AUE_PTHREADCANCELED	AUE_NULL
+#define	AUE_PTHREADCHDIR	AUE_NULL
+#define	AUE_PTHREADCONDBROADCAST	AUE_NULL
+#define	AUE_PTHREADCONDDESTORY	AUE_NULL
+#define	AUE_PTHREADCONDINIT	AUE_NULL
+#define	AUE_PTHREADCONDSIGNAL	AUE_NULL
+#define	AUE_PTHREADCONDWAIT	AUE_NULL
+#define	AUE_PTHREADFCHDIR	AUE_NULL
+#define	AUE_PTHREADMARK		AUE_NULL
+#define	AUE_PTHREADMUTEXDESTROY	AUE_NULL
+#define	AUE_PTHREADMUTEXINIT	AUE_NULL
+#define	AUE_PTHREADMUTEXTRYLOCK	AUE_NULL
+#define	AUE_PTHREADMUTEXUNLOCK	AUE_NULL
 #define	AUE_PWRITEV		AUE_NULL
+#define	AUE_REMOVEXATTR		AUE_NULL
 #define	AUE_SBRK		AUE_NULL
 #define	AUE_SELECT		AUE_NULL
 #define	AUE_SEMDESTROY		AUE_NULL
@@ -702,7 +761,15 @@
 #define	AUE_SEMPOST		AUE_NULL
 #define	AUE_SEMTRYWAIT		AUE_NULL
 #define	AUE_SEMWAIT		AUE_NULL
+#define	AUE_SEMWAITSIGNAL	AUE_NULL
 #define	AUE_SETITIMER		AUE_NULL
+#define	AUE_SETSGROUPS		AUE_NULL
+#define	AUE_SETTID		AUE_NULL
+#define	AUE_SETTIDWITHPID	AUE_NULL
+#define	AUE_SETWGROUPS		AUE_NULL
+#define	AUE_SETXATTR		AUE_NULL
+#define	AUE_SHAREDREGIONCHECK	AUE_NULL
+#define	AUE_SHAREDREGIONMAP	AUE_NULL
 #define	AUE_SIGACTION		AUE_NULL
 #define	AUE_SIGALTSTACK		AUE_NULL
 #define	AUE_SIGPENDING		AUE_NULL
@@ -711,11 +778,21 @@
 #define	AUE_SIGSUSPEND		AUE_NULL
 #define	AUE_SIGWAIT		AUE_NULL
 #define	AUE_SSTK		AUE_NULL
+#define	AUE_STACKSNAPSHOT	AUE_NULL
+#define	AUE_STATEXTENDED	AUE_NULL
+#define	AUE_STATFS64		AUE_NULL
 #define	AUE_STATV		AUE_NULL
+#define	AUE_STAT64		AUE_NULL
+#define	AUE_STAT64EXTENDED	AUE_NULL
 #define	AUE_SYNC		AUE_NULL
 #define	AUE_SYSCALL		AUE_NULL
 #define	AUE_TABLE		AUE_NULL
+#define	AUE_UMASKEXTENDED	AUE_NULL
+#define	AUE_VMPRESSUREMONITOR	AUE_NULL
 #define	AUE_WAITEVENT		AUE_NULL
+#define	AUE_WAITID		AUE_NULL
 #define	AUE_WATCHEVENT		AUE_NULL
+#define	AUE_WORKQOPEN		AUE_NULL
+#define	AUE_WORKQOPS		AUE_NULL
 
 #endif /* !_BSM_AUDIT_KEVENTS_H_ */
diff --git a/sys/bsm/audit_record.h b/sys/bsm/audit_record.h
index 186b4f5..2bb78bc 100644
--- a/sys/bsm/audit_record.h
+++ b/sys/bsm/audit_record.h
@@ -165,14 +165,11 @@
 #define	AUDIT_HEADER_VERSION_SOLARIS	2
 #define	AUDIT_HEADER_VERSION_TSOL25	3
 #define	AUDIT_HEADER_VERSION_TSOL	4
-#define	AUDIT_HEADER_VERSION_OPENBSM	10
+#define	AUDIT_HEADER_VERSION_OPENBSM10	10
+#define	AUDIT_HEADER_VERSION_OPENBSM11	11
+#define	AUDIT_HEADER_VERSION_OPENBSM	AUDIT_HEADER_VERSION_OPENBSM11
 
-/*
- * BSM define is AUT_TRAILER_MAGIC; Apple BSM define is TRAILER_PAD_MAGIC; we
- * split the difference, will remove the Apple define for the next release.
- */
 #define	AUT_TRAILER_MAGIC	0xb105
-#define	TRAILER_PAD_MAGIC	AUT_TRAILER_MAGIC
 
 /* BSM library calls */
 
@@ -183,6 +180,7 @@ struct in6_addr;
 struct ip;
 struct ipc_perm;
 struct kevent;
+struct sockaddr;
 struct sockaddr_in;
 struct sockaddr_in6;
 struct sockaddr_un;
@@ -209,6 +207,7 @@ token_t	*au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod);
 token_t	*au_to_header_ex(int rec_size, au_event_t e_type, au_emod_t e_mod);
 token_t	*au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod);
 token_t	*au_to_header64(int rec_size, au_event_t e_type, au_emod_t e_mod);
+token_t	*au_to_header32_ex(int rec_size, au_event_t e_type, au_emod_t e_mod);
 #endif
 
 token_t	*au_to_me(void);
@@ -252,15 +251,8 @@ token_t	*au_to_return(char status, uint32_t ret);
 token_t	*au_to_return32(char status, uint32_t ret);
 token_t	*au_to_return64(char status, uint64_t ret);
 token_t	*au_to_seq(long audit_count);
-
-#if defined(_KERNEL) || defined(KERNEL)
-token_t	*au_to_socket(struct socket *so);
-token_t	*au_to_socket_ex_32(uint16_t lp, uint16_t rp, struct sockaddr *la,
-	    struct sockaddr *ta);
-token_t	*au_to_socket_ex_128(uint16_t lp, uint16_t rp, struct sockaddr *la,
-	    struct sockaddr *ta);
-#endif
-
+token_t	*au_to_socket_ex(u_short so_domain, u_short so_type,
+	    struct sockaddr *sa_local, struct sockaddr *sa_remote);
 token_t	*au_to_sock_inet(struct sockaddr_in *so);
 token_t	*au_to_sock_inet32(struct sockaddr_in *so);
 token_t	*au_to_sock_inet128(struct sockaddr_in6 *so);
@@ -289,6 +281,12 @@ token_t	*au_to_kevent(struct kevent *kev);
 token_t	*au_to_trailer(int rec_size);
 token_t	*au_to_zonename(const char *zonename);
 
+/*
+ * BSM library routines for manipulating errno values.
+ */
+int	 au_bsm_to_errno(u_char bsm_error, int *errorp);
+u_char	 au_errno_to_bsm(int error);
+
 __END_DECLS
 
 #endif /* ! _BSM_AUDIT_RECORD_H_ */
diff --git a/sys/security/audit/audit_bsm_errno.c b/sys/security/audit/audit_bsm_errno.c
new file mode 100644
index 0000000..7586213
--- /dev/null
+++ b/sys/security/audit/audit_bsm_errno.c
@@ -0,0 +1,642 @@
+/*-
+ * Copyright (c) 2008 Apple Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1.  Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ * 2.  Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ * 3.  Neither the name of Apple Inc. ("Apple") nor the names of
+ *     its contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE. 
+ *
+ * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#12
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/types.h>
+
+#include <bsm/audit_errno.h>
+#include <bsm/libbsm.h>
+
+#include <sys/errno.h>
+
+/*
+ * Different operating systems use different numeric constants for different
+ * error numbers, and sometimes error numbers don't exist in more than one
+ * operating system.  These routines convert between BSM and local error
+ * number spaces, subject to the above realities.  BSM error numbers are
+ * stored in a single 8-bit character, so don't have a byte order.
+ */
+
+struct bsm_errors {
+	int		 be_bsm_error;
+	int		 be_os_error;
+	const char	*be_strerror;
+};
+
+#define	ERRNO_NO_LOCAL_MAPPING	-600
+
+/*
+ * Mapping table -- please maintain in numeric sorted order with respect to
+ * the BSM constant.  Today we do a linear lookup, but could switch to a
+ * binary search if it makes sense.  We only ifdef errors that aren't
+ * generally available, but it does make the table a lot more ugly.
+ *
+ * XXXRW: It would be nice to have a similar ordered table mapping to BSM
+ * constant from local constant, but the order of local constants varies by
+ * OS.  Really we need to build that table at compile-time but don't do that
+ * yet.
+ *
+ * XXXRW: We currently embed English-language error strings here, but should
+ * support catalogues; these are only used if the OS doesn't have an error
+ * string using strerror(3).
+ */
+static const struct bsm_errors bsm_errors[] = {
+	{ BSM_ESUCCESS, 0, "Success" },
+	{ BSM_EPERM, EPERM, "Operation not permitted" },
+	{ BSM_ENOENT, ENOENT, "No such file or directory" },
+	{ BSM_ESRCH, ESRCH, "No such process" },
+	{ BSM_EINTR, EINTR, "Interrupted system call" },
+	{ BSM_EIO, EIO, "Input/output error" },
+	{ BSM_ENXIO, ENXIO, "Device not configured" },
+	{ BSM_E2BIG, E2BIG, "Argument list too long" },
+	{ BSM_ENOEXEC, ENOEXEC, "Exec format error" },
+	{ BSM_EBADF, EBADF, "BAd file descriptor" },
+	{ BSM_ECHILD, ECHILD, "No child processes" },
+	{ BSM_EAGAIN, EAGAIN, "Resource temporarily unavailable" },
+	{ BSM_ENOMEM, ENOMEM, "Cannot allocate memory" },
+	{ BSM_EACCES, EACCES, "Permission denied" },
+	{ BSM_EFAULT, EFAULT, "Bad address" },
+	{ BSM_ENOTBLK, ENOTBLK, "Block device required" },
+	{ BSM_EBUSY, EBUSY, "Device busy" },
+	{ BSM_EEXIST, EEXIST, "File exists" },
+	{ BSM_EXDEV, EXDEV, "Cross-device link" },
+	{ BSM_ENODEV, ENODEV, "Operation not supported by device" },
+	{ BSM_ENOTDIR, ENOTDIR, "Not a directory" },
+	{ BSM_EISDIR, EISDIR, "Is a directory" },
+	{ BSM_EINVAL, EINVAL, "Invalid argument" },
+	{ BSM_ENFILE, ENFILE, "Too many open files in system" },
+	{ BSM_EMFILE, EMFILE, "Too many open files" },
+	{ BSM_ENOTTY, ENOTTY, "Inappropriate ioctl for device" },
+	{ BSM_ETXTBSY, ETXTBSY, "Text file busy" },
+	{ BSM_EFBIG, EFBIG, "File too large" },
+	{ BSM_ENOSPC, ENOSPC, "No space left on device" },
+	{ BSM_ESPIPE, ESPIPE, "Illegal seek" },
+	{ BSM_EROFS, EROFS, "Read-only file system" },
+	{ BSM_EMLINK, EMLINK, "Too many links" },
+	{ BSM_EPIPE, EPIPE, "Broken pipe" },
+	{ BSM_EDOM, EDOM, "Numerical argument out of domain" },
+	{ BSM_ERANGE, ERANGE, "Result too large" },
+	{ BSM_ENOMSG, ENOMSG, "No message of desired type" },
+	{ BSM_EIDRM, EIDRM, "Identifier removed" },
+	{ BSM_ECHRNG,
+#ifdef ECHRNG
+	ECHRNG,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Channel number out of range" },
+	{ BSM_EL2NSYNC,
+#ifdef EL2NSYNC
+	EL2NSYNC,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Level 2 not synchronized" },
+	{ BSM_EL3HLT,
+#ifdef EL3HLT
+	EL3HLT,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Level 3 halted" },
+	{ BSM_EL3RST,
+#ifdef EL3RST
+	EL3RST,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Level 3 reset" },
+	{ BSM_ELNRNG,
+#ifdef ELNRNG
+	ELNRNG,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Link number out of range" },
+	{ BSM_EUNATCH,
+#ifdef EUNATCH
+	EUNATCH,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Protocol driver not attached" },
+	{ BSM_ENOCSI,
+#ifdef ENOCSI
+	ENOCSI,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"No CSI structure available" },
+	{ BSM_EL2HLT,
+#ifdef EL2HLT
+	EL2HLT,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Level 2 halted" },
+	{ BSM_EDEADLK, EDEADLK, "Resource deadlock avoided" },
+	{ BSM_ENOLCK, ENOLCK, "No locks available" },
+	{ BSM_ECANCELED, ECANCELED, "Operation canceled" },
+	{ BSM_ENOTSUP, ENOTSUP, "Operation not supported" },
+	{ BSM_EDQUOT, EDQUOT, "Disc quota exceeded" },
+	{ BSM_EBADE,
+#ifdef EBADE
+	EBADE,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Invalid exchange" },
+	{ BSM_EBADR,
+#ifdef EBADR
+	EBADR,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Invalid request descriptor" },
+	{ BSM_EXFULL,
+#ifdef EXFULL
+	EXFULL,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Exchange full" },
+	{ BSM_ENOANO,
+#ifdef ENOANO
+	ENOANO,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"No anode" },
+	{ BSM_EBADRQC,
+#ifdef EBADRQC
+	EBADRQC,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Invalid request descriptor" },
+	{ BSM_EBADSLT,
+#ifdef EBADSLT
+	EBADSLT,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Invalid slot" },
+	{ BSM_EDEADLOCK,
+#ifdef EDEADLOCK
+	EDEADLOCK,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Resource deadlock avoided" },
+	{ BSM_EBFONT,
+#ifdef EBFONT
+	EBFONT,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Bad font file format" },
+	{ BSM_EOWNERDEAD,
+#ifdef EOWNERDEAD
+	EOWNERDEAD,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Process died with the lock" },
+	{ BSM_ENOTRECOVERABLE,
+#ifdef ENOTRECOVERABLE
+	ENOTRECOVERABLE,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Lock is not recoverable" },
+	{ BSM_ENOSTR,
+#ifdef ENOSTR
+	ENOSTR,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Device not a stream" },
+	{ BSM_ENONET,
+#ifdef ENONET
+	ENONET,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Machine is not on the network" },
+	{ BSM_ENOPKG,
+#ifdef ENOPKG
+	ENOPKG,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Package not installed" },
+	{ BSM_EREMOTE, EREMOTE, "Too many levels of remote in path" },
+	{ BSM_ENOLINK,
+#ifdef ENOLINK
+	ENOLINK,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Link has been severed" },
+	{ BSM_EADV,
+#ifdef EADV
+	EADV,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Advertise error" },
+	{ BSM_ESRMNT,
+#ifdef ESRMNT
+	ESRMNT,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"srmount error" },
+	{ BSM_ECOMM,
+#ifdef ECOMM
+	ECOMM,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Communication error on send" },
+	{ BSM_EPROTO,
+#ifdef EPROTO
+	EPROTO,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Protocol error" },
+	{ BSM_ELOCKUNMAPPED,
+#ifdef ELOCKUNMAPPED
+	ELOCKUNMAPPED,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Locked lock was unmapped" },
+	{ BSM_ENOTACTIVE,
+#ifdef ENOTACTIVE
+	ENOTACTIVE,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Facility is not active" },
+	{ BSM_EMULTIHOP,
+#ifdef EMULTIHOP
+	EMULTIHOP,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Multihop attempted" },
+	{ BSM_EBADMSG,
+#ifdef EBADMSG
+	EBADMSG,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Bad message" },
+	{ BSM_ENAMETOOLONG, ENAMETOOLONG, "File name too long" },
+	{ BSM_EOVERFLOW, EOVERFLOW, "Value too large to be stored in data type" },
+	{ BSM_ENOTUNIQ,
+#ifdef ENOTUNIQ
+	ENOTUNIQ,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Given log name not unique" },
+	{ BSM_EBADFD,
+#ifdef EBADFD
+	EBADFD,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Given f.d. invalid for this operation" },
+	{ BSM_EREMCHG,
+#ifdef EREMCHG
+	EREMCHG,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Remote address changed" },
+	{ BSM_ELIBACC,
+#ifdef ELIBACC
+	ELIBACC,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Can't access a needed shared lib" },
+	{ BSM_ELIBBAD,
+#ifdef ELIBBAD
+	ELIBBAD,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Accessing a corrupted shared lib" },
+	{ BSM_ELIBSCN,
+#ifdef ELIBSCN
+	ELIBSCN,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	".lib section in a.out corrupted" },
+	{ BSM_ELIBMAX,
+#ifdef ELIBMAX
+	ELIBMAX,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Attempting to link in too many libs" },
+	{ BSM_ELIBEXEC,
+#ifdef ELIBEXEC
+	ELIBEXEC,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Attempting to exec a shared library" },
+	{ BSM_EILSEQ, EILSEQ, "Illegal byte sequence" },
+	{ BSM_ENOSYS, ENOSYS, "Function not implemented" },
+	{ BSM_ELOOP, ELOOP, "Too many levels of symbolic links" },
+	{ BSM_ERESTART,
+#ifdef ERESTART
+	ERESTART,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Restart syscall" },
+	{ BSM_ESTRPIPE,
+#ifdef ESTRPIPE
+	ESTRPIPE,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"If pipe/FIFO, don't sleep in stream head" },
+	{ BSM_ENOTEMPTY, ENOTEMPTY, "Directory not empty" },
+	{ BSM_EUSERS, EUSERS, "Too many users" },
+	{ BSM_ENOTSOCK, ENOTSOCK, "Socket operation on non-socket" },
+	{ BSM_EDESTADDRREQ, EDESTADDRREQ, "Destination address required" },
+	{ BSM_EMSGSIZE, EMSGSIZE, "Message too long" },
+	{ BSM_EPROTOTYPE, EPROTOTYPE, "Protocol wrong type for socket" },
+	{ BSM_ENOPROTOOPT, ENOPROTOOPT, "Protocol not available" },
+	{ BSM_EPROTONOSUPPORT, EPROTONOSUPPORT, "Protocol not supported" },
+	{ BSM_ESOCKTNOSUPPORT, ESOCKTNOSUPPORT, "Socket type not supported" },
+	{ BSM_EOPNOTSUPP, EOPNOTSUPP, "Operation not supported" },
+	{ BSM_EPFNOSUPPORT, EPFNOSUPPORT, "Protocol family not supported" },
+	{ BSM_EAFNOSUPPORT, EAFNOSUPPORT, "Address family not supported by protocol family" },
+	{ BSM_EADDRINUSE, EADDRINUSE, "Address already in use" },
+	{ BSM_EADDRNOTAVAIL, EADDRNOTAVAIL, "Can't assign requested address" },
+	{ BSM_ENETDOWN, ENETDOWN, "Network is down" },
+	{ BSM_ENETRESET, ENETRESET, "Network dropped connection on reset" },
+	{ BSM_ECONNABORTED, ECONNABORTED, "Software caused connection abort" },
+	{ BSM_ECONNRESET, ECONNRESET, "Connection reset by peer" },
+	{ BSM_ENOBUFS, ENOBUFS, "No buffer space available" },
+	{ BSM_EISCONN, EISCONN, "Socket is already connected" },
+	{ BSM_ENOTCONN, ENOTCONN, "Socket is not connected" },
+	{ BSM_ESHUTDOWN, ESHUTDOWN, "Can't send after socket shutdown" },
+	{ BSM_ETOOMANYREFS, ETOOMANYREFS, "Too many references: can't splice" },
+	{ BSM_ETIMEDOUT, ETIMEDOUT, "Operation timed out" },
+	{ BSM_ECONNREFUSED, ECONNREFUSED, "Connection refused" },
+	{ BSM_EHOSTDOWN, EHOSTDOWN, "Host is down" },
+	{ BSM_EHOSTUNREACH, EHOSTUNREACH, "No route to host" },
+	{ BSM_EALREADY, EALREADY, "Operation already in progress" },
+	{ BSM_EINPROGRESS, EINPROGRESS, "Operation now in progress" },
+	{ BSM_ESTALE, ESTALE, "Stale NFS file handle" },
+	{ BSM_EPWROFF,
+#ifdef EPWROFF
+	EPWROFF,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Device power is off" },
+	{ BSM_EDEVERR,
+#ifdef EDEVERR
+	EDEVERR,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Device error" },
+	{ BSM_EBADEXEC,
+#ifdef EBADEXEC
+	EBADEXEC,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Bad executable" },
+	{ BSM_EBADARCH,
+#ifdef EBADARCH
+	EBADARCH,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Bad CPU type in executable" },
+	{ BSM_ESHLIBVERS,
+#ifdef ESHLIBVERS
+	ESHLIBVERS,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Shared library version mismatch" },
+	{ BSM_EBADMACHO,
+#ifdef EBADMACHO
+	EBADMACHO,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Malfored Macho file" },
+	{ BSM_EPOLICY,
+#ifdef EPOLICY
+	EPOLICY,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Operation failed by policy" },
+	{ BSM_EDOTDOT,
+#ifdef EDOTDOT
+	EDOTDOT,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"RFS specific error" },
+	{ BSM_EUCLEAN,
+#ifdef EUCLEAN
+	EUCLEAN,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Structure needs cleaning" },
+	{ BSM_ENOTNAM,
+#ifdef ENOTNAM
+	ENOTNAM,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Not a XENIX named type file" },
+	{ BSM_ENAVAIL,
+#ifdef ENAVAIL
+	ENAVAIL,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"No XENIX semaphores available" },
+	{ BSM_EISNAM,
+#ifdef EISNAM
+	EISNAM,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Is a named type file" },
+	{ BSM_EREMOTEIO,
+#ifdef EREMOTEIO
+	EREMOTEIO,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Remote I/O error" },
+	{ BSM_ENOMEDIUM,
+#ifdef ENOMEDIUM
+	ENOMEDIUM,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"No medium found" },
+	{ BSM_EMEDIUMTYPE,
+#ifdef EMEDIUMTYPE
+	EMEDIUMTYPE,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Wrong medium type" },
+	{ BSM_ENOKEY,
+#ifdef ENOKEY
+	ENOKEY,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Required key not available" },
+	{ BSM_EKEYEXPIRED,
+#ifdef EKEEXPIRED
+	EKEYEXPIRED,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Key has expired" },
+	{ BSM_EKEYREVOKED,
+#ifdef EKEYREVOKED
+	EKEYREVOKED,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Key has been revoked" },
+	{ BSM_EKEYREJECTED,
+#ifdef EKEREJECTED
+	EKEYREJECTED,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	"Key was rejected by service" },
+};
+static const int bsm_errors_count = sizeof(bsm_errors) / sizeof(bsm_errors[0]);
+
+static const struct bsm_errors *
+au_bsm_error_lookup_errno(int error)
+{
+	int i;
+
+	if (error == ERRNO_NO_LOCAL_MAPPING)
+		return (NULL);
+	for (i = 0; i < bsm_errors_count; i++) {
+		if (bsm_errors[i].be_os_error == error)
+			return (&bsm_errors[i]);
+	}
+	return (NULL);
+}
+
+static const struct bsm_errors *
+au_bsm_error_lookup_bsm(u_char bsm_error)
+{
+	int i;
+
+	for (i = 0; i < bsm_errors_count; i++) {
+		if (bsm_errors[i].be_bsm_error == bsm_error)
+			return (&bsm_errors[i]);
+	}
+	return (NULL);
+}
+
+/*
+ * Converstion from a BSM error to a local error number may fail if either
+ * OpenBSM doesn't recognize the error on the wire, or because there is no
+ * appropriate local mapping.  However, we don't allow conversion to BSM to
+ * fail, we just convert to BSM_UKNOWNERR.
+ */
+int
+au_bsm_to_errno(u_char bsm_error, int *errorp)
+{
+	const struct bsm_errors *bsme;
+
+	bsme = au_bsm_error_lookup_bsm(bsm_error);
+	if (bsme == NULL || bsme->be_os_error == ERRNO_NO_LOCAL_MAPPING)
+		return (-1);
+	*errorp = bsme->be_os_error;
+	return (0);
+}
+
+u_char
+au_errno_to_bsm(int error)
+{
+	const struct bsm_errors *bsme;
+
+	/*
+	 * We should never be passed this libbsm-internal constant, and
+	 * because it is ambiguous we just return an error.
+	 */
+	if (error == ERRNO_NO_LOCAL_MAPPING)
+		return (BSM_UNKNOWNERR);
+	bsme = au_bsm_error_lookup_errno(error);
+	if (bsme == NULL)
+		return (BSM_UNKNOWNERR);
+	return (bsme->be_bsm_error);
+}
+
+#if !defined(KERNEL) && !defined(_KERNEL)
+const char *
+au_strerror(u_char bsm_error)
+{
+	const struct bsm_errors *bsme;
+
+	bsme = au_bsm_error_lookup_bsm(bsm_error);
+	if (bsme == NULL)
+		return ("Unrecognized BSM error");
+	if (bsme->be_os_error != ERRNO_NO_LOCAL_MAPPING)
+		return (strerror(bsme->be_os_error));
+	return (bsme->be_strerror);
+}
+#endif
diff --git a/sys/security/audit/audit_bsm_token.c b/sys/security/audit/audit_bsm_token.c
index b1d977d..6733030 100644
--- a/sys/security/audit/audit_bsm_token.c
+++ b/sys/security/audit/audit_bsm_token.c
@@ -147,8 +147,12 @@ au_to_attr32(struct vnode_au_info *vni)
 	ADD_U_CHAR(dptr, AUT_ATTR32);
 
 	/*
-	 * Darwin defines the size for the file mode as 2 bytes; BSM defines
-	 * 4 so pad with 0.
+	 * BSD defines the size for the file mode as 2 bytes; BSM defines 4
+	 * so pad with 0.
+	 *
+	 * XXXRW: Possibly should be conditionally compiled.
+	 *
+	 * XXXRW: Should any conversions take place on the mode?
 	 */
 	ADD_U_INT16(dptr, pad0_16);
 	ADD_U_INT16(dptr, vni->vn_mode);
@@ -190,8 +194,12 @@ au_to_attr64(struct vnode_au_info *vni)
 	ADD_U_CHAR(dptr, AUT_ATTR64);
 
 	/*
-	 * Darwin defines the size for the file mode as 2 bytes; BSM defines
-	 * 4 so pad with 0.
+	 * BSD defines the size for the file mode as 2 bytes; BSM defines 4
+	 * so pad with 0.
+	 *
+	 * XXXRW: Possibly should be conditionally compiled.
+	 *
+	 * XXXRW: Should any conversions take place on the mode?
 	 */
 	ADD_U_INT16(dptr, pad0_16);
 	ADD_U_INT16(dptr, vni->vn_mode);
@@ -269,6 +277,10 @@ au_to_data(char unit_print, char unit_type, char unit_count, const char *p)
 
 	GET_TOKEN_AREA(t, dptr, 4 * sizeof(u_char) + totdata);
 
+	/*
+	 * XXXRW: We should be byte-swapping each data item for multi-byte
+	 * types.
+	 */
 	ADD_U_CHAR(dptr, AUT_DATA);
 	ADD_U_CHAR(dptr, unit_print);
 	ADD_U_CHAR(dptr, unit_type);
@@ -432,25 +444,36 @@ au_to_ipc_perm(struct ipc_perm *perm)
 	ADD_U_CHAR(dptr, AUT_IPC_PERM);
 
 	/*
-	 * Darwin defines the sizes for ipc_perm members as 2 bytes; BSM
-	 * defines 4 so pad with 0.
+	 * Systems vary significantly in what types they use in struct
+	 * ipc_perm; at least a few still use 16-bit uid's and gid's, so
+	 * allow for that, as BSM define 32-bit values here.
+	 * Some systems define the sizes for ipc_perm members as 2 bytes;
+	 * BSM defines 4 so pad with 0.
+	 *
+	 * XXXRW: Possibly shoulid be conditionally compiled, and more cases
+	 * need to be handled.
 	 */
-	ADD_U_INT16(dptr, pad0);
-	ADD_U_INT16(dptr, perm->uid);
-
-	ADD_U_INT16(dptr, pad0);
-	ADD_U_INT16(dptr, perm->gid);
-
-	ADD_U_INT16(dptr, pad0);
-	ADD_U_INT16(dptr, perm->cuid);
-
-	ADD_U_INT16(dptr, pad0);
-	ADD_U_INT16(dptr, perm->cgid);
+	if (sizeof(perm->uid) != sizeof(u_int32_t)) {
+		ADD_U_INT16(dptr, pad0);
+		ADD_U_INT16(dptr, perm->uid);
+		ADD_U_INT16(dptr, pad0);
+		ADD_U_INT16(dptr, perm->gid);
+		ADD_U_INT16(dptr, pad0);
+		ADD_U_INT16(dptr, perm->cuid);
+		ADD_U_INT16(dptr, pad0);
+		ADD_U_INT16(dptr, perm->cgid);
+	} else {
+		ADD_U_INT32(dptr, perm->uid);
+		ADD_U_INT32(dptr, perm->gid);
+		ADD_U_INT32(dptr, perm->cuid);
+		ADD_U_INT32(dptr, perm->cgid);
+	}
 
 	ADD_U_INT16(dptr, pad0);
 	ADD_U_INT16(dptr, perm->mode);
 
 	ADD_U_INT16(dptr, pad0);
+
 	ADD_U_INT16(dptr, perm->seq);
 
 	ADD_U_INT32(dptr, perm->key);
@@ -543,6 +566,8 @@ au_to_text(const char *text)
 	textlen = strlen(text);
 	textlen += 1;
 
+	/* XXXRW: Should validate length against token size limit. */
+
 	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen);
 
 	ADD_U_CHAR(dptr, AUT_TEXT);
@@ -607,6 +632,13 @@ au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
 	ADD_U_INT32(dptr, pid);
 	ADD_U_INT32(dptr, sid);
 	ADD_U_INT32(dptr, tid->port);
+
+	/*
+	 * Note: Solaris will write out IPv6 addresses here as a 32-bit
+	 * address type and 16 bytes of address, but for IPv4 addresses it
+	 * simply writes the 4-byte address directly.  We support only IPv4
+	 * addresses for process32 tokens.
+	 */
 	ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));
 
 	return (t);
@@ -631,6 +663,13 @@ au_to_process64(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
 	ADD_U_INT32(dptr, pid);
 	ADD_U_INT32(dptr, sid);
 	ADD_U_INT64(dptr, tid->port);
+
+	/*
+	 * Note: Solaris will write out IPv6 addresses here as a 32-bit
+	 * address type and 16 bytes of address, but for IPv4 addresses it
+	 * simply writes the 4-byte address directly.  We support only IPv4
+	 * addresses for process64 tokens.
+	 */
 	ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));
 
 	return (t);
@@ -805,22 +844,60 @@ au_to_seq(long audit_count)
 
 /*
  * token ID                1 byte
+ * socket domain           2 bytes
  * socket type             2 bytes
+ * address type            2 byte
  * local port              2 bytes
- * local Internet address  4 bytes
+ * local address           4 bytes/16 bytes (IPv4/IPv6 address)
  * remote port             2 bytes
- * remote Internet address 4 bytes
+ * remote address          4 bytes/16 bytes (IPv4/IPv6 address)
  */
 token_t *
-au_to_socket(struct socket *so)
+au_to_socket_ex(u_short so_domain, u_short so_type,
+    struct sockaddr *sa_local, struct sockaddr *sa_remote)
 {
+	token_t *t;
+	u_char *dptr = NULL;
+	struct sockaddr_in *sin;
+	struct sockaddr_in6 *sin6;
+
+	if (so_domain == AF_INET)
+		GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
+		    5 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t));
+	else if (so_domain == AF_INET6)
+		GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
+		    5 * sizeof(u_int16_t) + 16 * sizeof(u_int32_t));
+	else
+		return (NULL);
+
+	ADD_U_CHAR(dptr, AUT_SOCKET_EX);
+	ADD_U_INT16(dptr, so_domain);	/* XXXRW: explicitly convert? */
+	ADD_U_INT16(dptr, so_type);	/* XXXRW: explicitly convert? */
+	if (so_domain == AF_INET) {
+		ADD_U_INT16(dptr, AU_IPv4);
+		sin = (struct sockaddr_in *)sa_local;
+		ADD_MEM(dptr, &sin->sin_port, sizeof(uint16_t));
+		ADD_MEM(dptr, &sin->sin_addr.s_addr, sizeof(uint32_t));
+		sin = (struct sockaddr_in *)sa_remote;
+		ADD_MEM(dptr, &sin->sin_port, sizeof(uint16_t));
+		ADD_MEM(dptr, &sin->sin_addr.s_addr, sizeof(uint32_t));
+	} else {
+		ADD_U_INT16(dptr, AU_IPv6);
+		sin6 = (struct sockaddr_in6 *)sa_local;
+		ADD_MEM(dptr, &sin6->sin6_port, sizeof(uint16_t));
+		ADD_MEM(dptr, &sin6->sin6_addr, 4 * sizeof(uint32_t));
+		sin6 = (struct sockaddr_in6 *)sa_remote;
+		ADD_MEM(dptr, &sin6->sin6_port, sizeof(uint16_t));
+		ADD_MEM(dptr, &sin6->sin6_addr, 4 * sizeof(uint32_t));
+	}
 
-	/* XXXRW ... */
-	return (NULL);
+	return (t);
 }
 
 /*
  * Kernel-specific version of the above function.
+ *
+ * XXXRW: Should now use au_to_socket_ex() here.
  */
 #ifdef _KERNEL
 token_t *
@@ -832,7 +909,7 @@ kau_to_socket(struct socket_au_info *soi)
 
 	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) +
 	    sizeof(u_int32_t) + sizeof(u_int16_t) + sizeof(u_int32_t));
-						 
+                                                 
 	ADD_U_CHAR(dptr, AUT_SOCKET);
 	/* Coerce the socket type into a short value */
 	so_type = soi->so_type;
@@ -848,32 +925,6 @@ kau_to_socket(struct socket_au_info *soi)
 
 /*
  * token ID                1 byte
- * socket type             2 bytes
- * local port              2 bytes
- * address type/length     4 bytes
- * local Internet address  4 bytes/16 bytes (IPv4/IPv6 address)
- * remote port             4 bytes
- * address type/length     4 bytes
- * remote Internet address 4 bytes/16 bytes (IPv4/IPv6 address)
- */
-token_t *
-au_to_socket_ex_32(u_int16_t lp, u_int16_t rp, struct sockaddr *la,
-    struct sockaddr *ra)
-{
-
-	return (NULL);
-}
-
-token_t *
-au_to_socket_ex_128(u_int16_t lp, u_int16_t rp, struct sockaddr *la,
-    struct sockaddr *ra)
-{
-
-	return (NULL);
-}
-
-/*
- * token ID                1 byte
  * socket family           2 bytes
  * path                    104 bytes
  */
@@ -940,8 +991,9 @@ au_to_sock_inet128(struct sockaddr_in6 *so)
 
 	ADD_U_CHAR(dptr, AUT_SOCKINET128);
 	/*
-	 * In Darwin, sin6_family is one octet, but BSM defines the token
-	 * to store two. So we copy in a 0 first.
+	 * In BSD, sin6_family is one octet, but BSM defines the token to
+	 * store two. So we copy in a 0 first.  XXXRW: Possibly should be
+	 * conditionally compiled.
 	 */
 	ADD_U_CHAR(dptr, 0);
 	ADD_U_CHAR(dptr, so->sin6_family);
@@ -1215,7 +1267,6 @@ au_to_exec_args(char **argv)
 		nextarg = *(argv + count);
 	}
 
-	totlen += count * sizeof(char);	/* nul terminations. */
 	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen);
 
 	ADD_U_CHAR(dptr, AUT_EXEC_ARGS);
@@ -1228,30 +1279,7 @@ au_to_exec_args(char **argv)
 
 	return (t);
 }
-#endif
-
-/*
- * token ID                1 byte
- * zonename length         2 bytes
- * zonename                N bytes + 1 terminating NULL byte
- */
-token_t *
-au_to_zonename(const char *zonename)
-{
-	u_char *dptr = NULL;
-	u_int16_t textlen;
-	token_t *t;
-
-	textlen = strlen(zonename);
-	textlen += 1;
-	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen);
-	ADD_U_CHAR(dptr, AUT_ZONENAME);
-	ADD_U_INT16(dptr, textlen);
-	ADD_STRING(dptr, zonename, textlen);
-	return (t);
-}
 
-#if !defined(_KERNEL) && !defined(KERNEL)
 /*
  * token ID				1 byte
  * count				4 bytes
@@ -1277,7 +1305,6 @@ au_to_exec_env(char **envp)
 		nextenv = *(envp + count);
 	}
 
-	totlen += sizeof(char) * count;
 	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) + totlen);
 
 	ADD_U_CHAR(dptr, AUT_EXEC_ENV);
@@ -1294,6 +1321,27 @@ au_to_exec_env(char **envp)
 
 /*
  * token ID                1 byte
+ * zonename length         2 bytes
+ * zonename                N bytes + 1 terminating NULL byte
+ */
+token_t *
+au_to_zonename(const char *zonename)
+{
+	u_char *dptr = NULL;
+	u_int16_t textlen;
+	token_t *t;
+
+	textlen = strlen(zonename) + 1;
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) + textlen);
+
+	ADD_U_CHAR(dptr, AUT_ZONENAME);
+	ADD_U_INT16(dptr, textlen);
+	ADD_STRING(dptr, zonename, textlen);
+	return (t);
+}
+
+/*
+ * token ID                1 byte
  * record byte count       4 bytes
  * version #               1 byte    [2]
  * event type              2 bytes
@@ -1465,7 +1513,7 @@ au_to_trailer(int rec_size)
 {
 	token_t *t;
 	u_char *dptr = NULL;
-	u_int16_t magic = TRAILER_PAD_MAGIC;
+	u_int16_t magic = AUT_TRAILER_MAGIC;
 
 	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) +
 	    sizeof(u_int32_t));