3 files changed, 79 insertions, 8 deletions
diff --git a/contrib/openbsm/bsm/audit_kevents.h b/contrib/openbsm/bsm/audit_kevents.h
index 434452a..eb615d3 100644
--- a/contrib/openbsm/bsm/audit_kevents.h
+++ b/contrib/openbsm/bsm/audit_kevents.h
@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#43 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#47 $
  */
 
 #ifndef _BSM_AUDIT_KEVENTS_H_
@@ -474,6 +474,28 @@
 #define	AUE_READDIR		43118	/* Linux. */
 #define	AUE_IOPL		43119	/* Linux. */
 #define	AUE_VM86		43120	/* Linux. */
+#define	AUE_MAC_GET_PROC	43121	/* FreeBSD. */
+#define	AUE_MAC_SET_PROC	43122	/* FreeBSD. */
+#define	AUE_MAC_GET_FD		43123	/* FreeBSD. */
+#define	AUE_MAC_GET_FILE	43124	/* FreeBSD. */
+#define	AUE_MAC_SET_FD		43125	/* FreeBSD. */
+#define	AUE_MAC_SET_FILE	43126	/* FreeBSD. */
+#define	AUE_MAC_SYSCALL		43127	/* FreeBSD. */
+#define	AUE_MAC_GET_PID		43128	/* FreeBSD. */
+#define	AUE_MAC_GET_LINK	43129	/* FreeBSD. */
+#define	AUE_MAC_SET_LINK	43130	/* FreeBSD. */
+#define	AUE_MAC_EXECVE		43131	/* FreeBSD. */
+#define	AUE_GETPATH_FROMFD	43132	/* FreeBSD. */
+#define	AUE_GETPATH_FROMADDR	43133	/* FreeBSD. */
+#define	AUE_MQ_OPEN		43134	/* FreeBSD. */
+#define	AUE_MQ_SETATTR		43135	/* FreeBSD. */
+#define	AUE_MQ_TIMEDRECEIVE	43136	/* FreeBSD. */
+#define	AUE_MQ_TIMEDSEND	43137	/* FreeBSD. */
+#define	AUE_MQ_NOTIFY		43138	/* FreeBSD. */
+#define	AUE_MQ_UNLINK		43139	/* FreeBSD. */
+#define	AUE_LISTEN		43140	/* FreeBSD/Darwin/Linux. */
+#define	AUE_MLOCKALL		43141	/* FreeBSD. */
+#define	AUE_MUNLOCKALL		43142	/* FreeBSD. */
 
 /*
  * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
@@ -571,16 +593,13 @@
 #define	AUE_GETSOCKOPT		AUE_NULL
 #define	AUE_GTSOCKOPT		AUE_GETSOCKOPT	/* XXX: Typo in Darwin. */
 #define	AUE_ISSETUGID		AUE_NULL
-#define	AUE_LISTEN		AUE_NULL
 #define	AUE_LSTATV		AUE_NULL
 #define	AUE_MADVISE		AUE_NULL
 #define	AUE_MINCORE		AUE_NULL
 #define	AUE_MKCOMPLEX		AUE_NULL
-#define	AUE_MLOCKALL		AUE_NULL
 #define	AUE_MODWATCH		AUE_NULL
 #define	AUE_MSGCL		AUE_NULL
 #define	AUE_MSYNC		AUE_NULL
-#define	AUE_MUNLOCKALL		AUE_NULL
 #define	AUE_PREAD		AUE_NULL
 #define	AUE_PWRITE		AUE_NULL
 #define	AUE_PREADV		AUE_NULL
diff --git a/contrib/openbsm/bsm/audit_record.h b/contrib/openbsm/bsm/audit_record.h
index 79d13c3..c15d620 100644
--- a/contrib/openbsm/bsm/audit_record.h
+++ b/contrib/openbsm/bsm/audit_record.h
@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#23 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#25 $
  */
 
 #ifndef _BSM_AUDIT_RECORD_H_
@@ -85,6 +85,7 @@
 /* XXXRW: Additional X11 tokens not defined? */
 #define	AUT_CMD			0x51
 #define	AUT_EXIT		0x52
+#define	AUT_ZONENAME		0x60
 /* XXXRW: OpenBSM AUT_HOST 0x70? */
 #define	AUT_ARG64		0x71
 #define	AUT_RETURN64		0x72
@@ -246,6 +247,8 @@ token_t	*au_to_file(char *file, struct timeval tm);
 
 token_t	*au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
 	    struct timeval tm);
+token_t	*au_to_header64_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
+	    struct timeval tm);
 #if !defined(KERNEL) && !defined(_KERNEL)
 token_t	*au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod);
 token_t	*au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod);
@@ -328,6 +331,7 @@ token_t	*au_to_exec_env(char **envp);
 token_t	*au_to_text(char *text);
 token_t	*au_to_kevent(struct kevent *kev);
 token_t	*au_to_trailer(int rec_size);
+token_t	*au_to_zonename(char *zonename);
 
 __END_DECLS
 
diff --git a/contrib/openbsm/bsm/libbsm.h b/contrib/openbsm/bsm/libbsm.h
index 2d76c39..b1a9731 100644
--- a/contrib/openbsm/bsm/libbsm.h
+++ b/contrib/openbsm/bsm/libbsm.h
@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#30 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#33 $
  */
 
 #ifndef _LIBBSM_H_
@@ -164,6 +164,12 @@ typedef struct au_tidaddr32 {
 	u_int32_t	addr[4];
 } au_tidaddr32_t;
 
+typedef struct au_tidaddr64 {
+	u_int64_t	port;
+	u_int32_t	type;
+	u_int32_t	addr[4];
+} au_tidaddr64_t;
+
 /*
  * argument #              1 byte
  * argument value          4 bytes/8 bytes (32-bit/64-bit value)
@@ -483,6 +489,17 @@ typedef struct {
 	au_tidaddr32_t	tid;
 } au_proc32ex_t;
 
+typedef struct {
+	u_int32_t	auid;
+	u_int32_t	euid;
+	u_int32_t	egid;
+	u_int32_t	ruid;
+	u_int32_t	rgid;
+	u_int32_t	pid;
+	u_int32_t	sid;
+	au_tidaddr64_t	tid;
+} au_proc64ex_t;
+
 /*
  * error status            1 byte
  * return value            4 bytes/8 bytes (32-bit/64-bit value)
@@ -616,6 +633,17 @@ typedef struct {
 	au_tidaddr32_t	tid;
 } au_subject32ex_t;
 
+typedef struct {
+	u_int32_t	auid;
+	u_int32_t	euid;
+	u_int32_t	egid;
+	u_int32_t	ruid;
+	u_int32_t	rgid;
+	u_int32_t	pid;
+	u_int32_t	sid;
+	au_tidaddr64_t	tid;
+} au_subject64ex_t;
+
 /*
  * text length             2 bytes
  * text                    N bytes + 1 terminating NULL byte
@@ -625,6 +653,15 @@ typedef struct {
 	char		*text;
 } au_text_t;
 
+/*
+ * zonename length	2 bytes
+ * zonename text	N bytes + 1 NULL terminator
+ */
+typedef struct {
+	u_int16_t	 len;
+	char		*zonename;
+} au_zonename_t;
+
 typedef struct {
 	u_int32_t	ident;
 	u_int16_t	filter;
@@ -675,8 +712,9 @@ struct tokenstr {
 		au_opaque_t		opaque;
 		au_path_t		path;
 		au_proc32_t		proc32;
-		au_proc64_t		proc64;
 		au_proc32ex_t		proc32_ex;
+		au_proc64_t		proc64;
+		au_proc64ex_t		proc64_ex;
 		au_ret32_t		ret32;
 		au_ret64_t		ret64;
 		au_seq_t		seq;
@@ -685,12 +723,14 @@ struct tokenstr {
 		au_socketinet32_t	sockinet32;
 		au_socketunix_t		sockunix;
 		au_subject32_t		subj32;
-		au_subject64_t		subj64;
 		au_subject32ex_t	subj32_ex;
+		au_subject64_t		subj64;
+		au_subject64ex_t	subj64_ex;
 		au_text_t		text;
 		au_kevent_t		kevent;
 		au_invalid_t		invalid;
 		au_trailer_t		trail;
+		au_zonename_t		zonename;
 	} tt; /* The token is one of the above types */
 };
 
@@ -771,6 +811,14 @@ int			 au_fetch_tok(tokenstr_t *tok, u_char *buf, int len);
 //XXX The following interface has different prototype from BSM
 void			 au_print_tok(FILE *outfp, tokenstr_t *tok,
 			    char *del, char raw, char sfrm);
+void			 au_print_tok_xml(FILE *outfp, tokenstr_t *tok,
+			    char *del, char raw, char sfrm);
+
+/* 
+ * Functions relating to XML output.
+ */
+void			 au_print_xml_header(FILE *outfp);
+void			 au_print_xml_footer(FILE *outfp);
 __END_DECLS
 
 /*