PERFORCE change 103252 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=103252

Change 103252 by rwatson at rwatson_zoo on 2006/08/05 15:09:50

	Merge OpenBSM 1.0a8 changes from user space to kernel in audit3
	branch.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#30 integrate
.. //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#25 integrate
.. //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#18 integrate
.. //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#22 integrate

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#30 (text+ko) ====

@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#29 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit.h#30 $
  * $FreeBSD: src/sys/bsm/audit.h,v 1.4 2006/06/05 12:55:45 rwatson Exp $
  */
 
@@ -164,6 +164,7 @@
 /*
  * Audit policy controls.
  */
+#ifdef OLD_WORLD_ORDER
 #define	AUDIT_CNT	0x0001
 #define	AUDIT_AHLT	0x0002
 #define	AUDIT_ARGV	0x0004
@@ -175,6 +176,22 @@
 #define	AUDIT_GROUP	0x0100
 #define	AUDIT_TRAIL	0x0200
 #define	AUDIT_PATH	0x0400
+#else	/* !OLD_WORLD_ORDER */
+#define	AUDIT_CNT	0x0001
+#define	AUDIT_AHLT	0x0002
+#define	AUDIT_ARGV	0x0004
+#define	AUDIT_ARGE	0x0008
+#define	AUDIT_SEQ	0x0010
+#define	AUDIT_WINDATA	0x0020
+#define	AUDIT_USER	0x0040
+#define	AUDIT_GROUP	0x0080
+#define	AUDIT_TRAIL	0x0100
+#define	AUDIT_PATH	0x0200
+#define	AUDIT_SCNT	0x0400
+#define	AUDIT_PUBLIC	0x0800
+#define	AUDIT_ZONENAME	0x1000
+#define	AUDIT_PERZONE	0x2000
+#endif	/* !OLD_WORLD_ORDER */
 
 /*
  * Audit queue control parameters

==== //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#25 (text+ko) ====

@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#24 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_kevents.h#25 $
  * $FreeBSD: src/sys/bsm/audit_kevents.h,v 1.6 2006/07/03 14:45:43 rwatson Exp $
  */
 
@@ -274,134 +274,200 @@
 #define	AUE_NTP_ADJTIME		288
 
 /*
- * Events not present in OpenSolaris BSM, generally derived from Apple Darwin
- * BSM or added in OpenBSM.  This start a little too close to the top end of
- * the OpenSolaris event list for my comfort.
+ * Events added for Apple Darwin that potentially collide with future Solaris
+ * BSM events.  These are assigned AUE_DARWIN prefixes, and are deprecated in
+ * new trails.  Systems generating these events should switch to the new
+ * identifiers that avoid colliding with the Solaris identifier space.
  */
-#define	AUE_GETFSSTAT		301
-#define	AUE_PTRACE		302
-#define	AUE_CHFLAGS		303
-#define	AUE_FCHFLAGS		304
-#define	AUE_PROFILE		305
-#define	AUE_KTRACE		306
-#define	AUE_SETLOGIN		307
+#define	AUE_DARWIN_GETFSSTAT	301
+#define	AUE_DARWIN_PTRACE	302
+#define	AUE_DARWIN_CHFLAGS	303
+#define	AUE_DARWIN_FCHFLAGS	304
+#define	AUE_DARWIN_PROFILE	305
+#define	AUE_DARWIN_KTRACE	306
+#define	AUE_DARWIN_SETLOGIN	307
 #define	AUE_DARWIN_REBOOT	308	/* XXX: See AUE_REBOOT. */
-#define	AUE_REVOKE		309
-#define	AUE_UMASK		310
-#define	AUE_MPROTECT		311
+#define	AUE_DARWIN_REVOKE	309
+#define	AUE_DARWIN_UMASK	310
+#define	AUE_DARWIN_MPROTECT	311
 #define	AUE_DARWIN_SETPRIORITY	312	/* XXX: See AUE_SETPRIORITY. */
 #define	AUE_DARWIN_SETTIMEOFDAY	313	/* XXX: See AUE_SETTIMEOFDAY. */
 #define	AUE_DARWIN_FLOCK	314	/* XXX: See AUE_FLOCK. */
-#define	AUE_MKFIFO		315
-#define	AUE_POLL		316
+#define	AUE_DARWIN_MKFIFO	315
+#define	AUE_DARWIN_POLL		316
 #define	AUE_DARWIN_SOCKETPAIR	317	/* XXXRW: See AUE_SOCKETPAIR. */
-#define	AUE_FUTIMES		318
-#define	AUE_SETSID		319
-#define	AUE_SETPRIVEXEC		320	/* Darwin-specific. */
+#define	AUE_DARWIN_FUTIMES	318
+#define	AUE_DARWIN_SETSID	319
+#define	AUE_DARWIN_SETPRIVEXEC	320	/* Darwin-specific. */
 #define	AUE_DARWIN_NFSSVC	321	/* XXX: See AUE_NFS_SVC. */
 #define	AUE_DARWIN_GETFH	322	/* XXX: See AUE_NFS_GETFH. */
 #define	AUE_DARWIN_QUOTACTL	323	/* XXX: See AUE_QUOTACTL. */
-#define	AUE_ADDPROFILE		324	/* Darwin-specific. */
-#define	AUE_KDEBUGTRACE		325	/* Darwin-specific. */
-#define	AUE_KDBUGTRACE		AUE_KDEBUGTRACE
-#define	AUE_FSTAT		326
-#define	AUE_FPATHCONF		327
-#define	AUE_GETDIRENTRIES	328
+#define	AUE_DARWIN_ADDPROFILE	324	/* Darwin-specific. */
+#define	AUE_DARWIN_KDEBUGTRACE	325	/* Darwin-specific. */
+#define	AUE_DARWIN_KDBUGTRACE	AUE_KDEBUGTRACE
+#define	AUE_DARWIN_FSTAT	326
+#define	AUE_DARWIN_FPATHCONF	327
+#define	AUE_DARWIN_GETDIRENTRIES	328
 #define	AUE_DARWIN_TRUNCATE	329	/* XXX: See AUE_TRUNCATE. */
 #define	AUE_DARWIN_FTRUNCATE	330	/* XXX: See AUE_FTRUNCATE. */
-#define	AUE_SYSCTL		331
-#define	AUE_MLOCK		332
-#define	AUE_MUNLOCK		333
-#define	AUE_UNDELETE		334
-#define	AUE_GETATTRLIST		335	/* Darwin-specific. */
-#define	AUE_SETATTRLIST		336	/* Darwin-specific. */
-#define	AUE_GETDIRENTRIESATTR	337	/* Darwin-specific. */
-#define	AUE_EXCHANGEDATA	338	/* Darwin-specific. */
-#define	AUE_SEARCHFS		339	/* Darwin-specific. */
-#define	AUE_MINHERIT		340
-#define	AUE_SEMCONFIG		341
-#define	AUE_SEMOPEN		342
-#define	AUE_SEMCLOSE		343
-#define	AUE_SEMUNLINK		344
-#define	AUE_SHMOPEN		345
-#define	AUE_SHMUNLINK		346
-#define	AUE_LOADSHFILE		347	/* Darwin-specific. */
-#define	AUE_RESETSHFILE		348	/* Darwin-specific. */
-#define	AUE_NEWSYSTEMSHREG	349	/* Darwin-specific. */
-#define	AUE_PTHREADKILL		350	/* Darwin-specific. */
-#define	AUE_PTHREADSIGMASK	351	/* Darwin-specific. */
-#define	AUE_AUDITCTL		352
-#define	AUE_RFORK		353
-#define	AUE_LCHMOD		354
-#define	AUE_SWAPOFF		355
-#define	AUE_INITPROCESS		356	/* Darwin-specific. */
-#define	AUE_MAPFD		357	/* Darwin-specific. */
-#define	AUE_TASKFORPID		358	/* Darwin-specific. */
-#define	AUE_PIDFORTASK		359	/* Darwin-specific. */
-#define	AUE_SYSCTL_NONADMIN	360
-#define	AUE_COPYFILE		361	/* Darwin-specific. */
-#define	AUE_LUTIMES		362
-#define	AUE_LCHFLAGS		363	/* FreeBSD-specific. */
-#define	AUE_SENDFILE		364	/* BSD/Linux-specific. */
-#define	AUE_USELIB		365	/* Linux-specific. */
-#define	AUE_GETRESUID		366
-#define	AUE_SETRESUID		367
-#define	AUE_GETRESGID		368
-#define	AUE_SETRESGID		369
-#define	AUE_WAIT4		370	/* FreeBSD-specific. */
-#define	AUE_LGETFH		371	/* FreeBSD-specific. */
-#define	AUE_FHSTATFS		372	/* FreeBSD-specific. */
-#define	AUE_FHOPEN		373	/* FreeBSD-specific. */
-#define	AUE_FHSTAT		374	/* FreeBSD-specific. */
-#define	AUE_JAIL		375	/* FreeBSD-specific. */
-#define	AUE_EACCESS		376	/* FreeBSD-specific. */
-#define	AUE_KQUEUE		377	/* FreeBSD-specific. */
-#define	AUE_KEVENT		378	/* FreeBSD-specific. */
-#define	AUE_FSYNC		379
-#define	AUE_NMOUNT		380	/* FreeBSD-specific. */
-#define	AUE_BDFLUSH		381	/* Linux-specific. */
-#define	AUE_SETFSUID		382	/* Linux-specific. */
-#define	AUE_SETFSGID		383	/* Linux-specific. */
-#define	AUE_PERSONALITY		384	/* Linux-specific. */
-#define	AUE_SCHED_GETSCHEDULER	385	/* POSIX.1b. */
-#define	AUE_SCHED_SETSCHEDULER	386	/* POSIX.1b. */
-#define	AUE_PRCTL		387	/* Linux-specific. */
-#define	AUE_GETCWD		388	/* FreeBSD/Linux-specific. */
-#define	AUE_CAPGET		389	/* Linux-specific. */
-#define	AUE_CAPSET		390	/* Linux-specific. */
-#define	AUE_PIVOT_ROOT		391	/* Linux-specific. */
-#define	AUE_RTPRIO		392	/* FreeBSD-specific. */
-#define	AUE_SCHED_GETPARAM	393	/* POSIX.1b. */
-#define	AUE_SCHED_SETPARAM	394	/* POSIX.1b. */
-#define	AUE_SCHED_GET_PRIORITY_MAX	395	/* POSIX.1b. */
-#define	AUE_SCHED_GET_PRIORITY_MIN	396	/* POSIX.1b. */
-#define	AUE_SCHED_RR_GET_INTERVAL	397	/* POSIX.1b. */
-#define	AUE_ACL_GET_FILE		398	/* FreeBSD. */
-#define	AUE_ACL_SET_FILE		399	/* FreeBSD. */
-#define	AUE_ACL_GET_FD			400	/* FreeBSD. */
-#define	AUE_ACL_SET_FD			401	/* FreeBSD. */
-#define	AUE_ACL_DELETE_FILE		402	/* FreeBSD. */
-#define	AUE_ACL_DELETE_FD		403	/* FreeBSD. */
-#define	AUE_ACL_CHECK_FILE		404	/* FreeBSD. */
-#define	AUE_ACL_CHECK_FD		405	/* FreeBSD. */
-#define	AUE_ACL_GET_LINK		406	/* FreeBSD. */
-#define	AUE_ACL_SET_LINK		407	/* FreeBSD. */
-#define	AUE_ACL_DELETE_LINK		408	/* FreeBSD. */
-#define	AUE_ACL_CHECK_LINK		409	/* FreeBSD. */
-#define	AUE_SYSARCH			410	/* FreeBSD. */
-#define	AUE_EXTATTRCTL			411	/* FreeBSD. */
-#define	AUE_EXTATTR_GET_FILE		412	/* FreeBSD. */
-#define	AUE_EXTATTR_SET_FILE		413	/* FreeBSD. */
-#define	AUE_EXTATTR_LIST_FILE		414	/* FreeBSD. */
-#define	AUE_EXTATTR_DELETE_FILE		415	/* FreeBSD. */
-#define	AUE_EXTATTR_GET_FD		416	/* FreeBSD. */
-#define	AUE_EXTATTR_SET_FD		417	/* FreeBSD. */
-#define	AUE_EXTATTR_LIST_FD		418	/* FreeBSD. */
-#define	AUE_EXTATTR_DELETE_FD		419	/* FreeBSD. */
-#define	AUE_EXTATTR_GET_LINK		420	/* FreeBSD. */
-#define	AUE_EXTATTR_SET_LINK		421	/* FreeBSD. */
-#define	AUE_EXTATTR_LIST_LINK		422	/* FreeBSD. */
-#define	AUE_EXTATTR_DELETE_LINK		423	/* FreeBSD. */
+#define	AUE_DARWIN_SYSCTL	331
+#define	AUE_DARWIN_MLOCK	332
+#define	AUE_DARWIN_MUNLOCK	333
+#define	AUE_DARWIN_UNDELETE	334
+#define	AUE_DARWIN_GETATTRLIST	335	/* Darwin-specific. */
+#define	AUE_DARWIN_SETATTRLIST	336	/* Darwin-specific. */
+#define	AUE_DARWIN_GETDIRENTRIESATTR	337	/* Darwin-specific. */
+#define	AUE_DARWIN_EXCHANGEDATA	338	/* Darwin-specific. */
+#define	AUE_DARWIN_SEARCHFS	339	/* Darwin-specific. */
+#define	AUE_DARWIN_MINHERIT	340
+#define	AUE_DARWIN_SEMCONFIG	341
+#define	AUE_DARWIN_SEMOPEN	342
+#define	AUE_DARWIN_SEMCLOSE	343
+#define	AUE_DARWIN_SEMUNLINK	344
+#define	AUE_DARWIN_SHMOPEN	345
+#define	AUE_DARWIN_SHMUNLINK	346
+#define	AUE_DARWIN_LOADSHFILE	347	/* Darwin-specific. */
+#define	AUE_DARWIN_RESETSHFILE	348	/* Darwin-specific. */
+#define	AUE_DARWIN_NEWSYSTEMSHREG	349	/* Darwin-specific. */
+#define	AUE_DARWIN_PTHREADKILL	350	/* Darwin-specific. */
+#define	AUE_DARWIN_PTHREADSIGMASK	351	/* Darwin-specific. */
+#define	AUE_DARWIN_AUDITCTL	352
+#define	AUE_DARWIN_RFORK	353
+#define	AUE_DARWIN_LCHMOD	354
+#define	AUE_DARWIN_SWAPOFF	355
+#define	AUE_DARWIN_INITPROCESS	356	/* Darwin-specific. */
+#define	AUE_DARWIN_MAPFD	357	/* Darwin-specific. */
+#define	AUE_DARWIN_TASKFORPID	358	/* Darwin-specific. */
+#define	AUE_DARWIN_PIDFORTASK	359	/* Darwin-specific. */
+#define	AUE_DARWIN_SYSCTL_NONADMIN	360
+#define	AUE_DARWIN_COPYFILE	361	/* Darwin-specific. */
+
+/*
+ * Audit event identifiers added as part of OpenBSM, generally corresponding
+ * to events in FreeBSD, Darwin, and Linux that were not present in Solaris.
+ * These often duplicate events added to the Solaris set by Darwin, but use
+ * event identifiers in a higher range in order to avoid colliding with
+ * future Solaris additions.
+ */
+#define	AUE_GETFSSTAT		43001
+#define	AUE_PTRACE		43002
+#define	AUE_CHFLAGS		43003
+#define	AUE_FCHFLAGS		43004
+#define	AUE_PROFILE		43005
+#define	AUE_KTRACE		43006
+#define	AUE_SETLOGIN		43007
+#define	AUE_REVOKE		43008
+#define	AUE_UMASK		43009
+#define	AUE_MPROTECT		43010
+#define	AUE_MKFIFO		43011
+#define	AUE_POLL		43012
+#define	AUE_FUTIMES		43013
+#define	AUE_SETSID		43014
+#define	AUE_SETPRIVEXEC		43015	/* Darwin-specific. */
+#define	AUE_ADDPROFILE		43016	/* Darwin-specific. */
+#define	AUE_KDEBUGTRACE		43017	/* Darwin-specific. */
+#define	AUE_KDBUGTRACE		AUE_KDEBUGTRACE
+#define	AUE_FSTAT		43018
+#define	AUE_FPATHCONF		43019
+#define	AUE_GETDIRENTRIES	43020
+#define	AUE_SYSCTL		43021
+#define	AUE_MLOCK		43022
+#define	AUE_MUNLOCK		43023
+#define	AUE_UNDELETE		43024
+#define	AUE_GETATTRLIST		43025	/* Darwin-specific. */
+#define	AUE_SETATTRLIST		43026	/* Darwin-specific. */
+#define	AUE_GETDIRENTRIESATTR	43027	/* Darwin-specific. */
+#define	AUE_EXCHANGEDATA	43028	/* Darwin-specific. */
+#define	AUE_SEARCHFS		43029	/* Darwin-specific. */
+#define	AUE_MINHERIT		43030
+#define	AUE_SEMCONFIG		43031
+#define	AUE_SEMOPEN		43032
+#define	AUE_SEMCLOSE		43033
+#define	AUE_SEMUNLINK		43034
+#define	AUE_SHMOPEN		43035
+#define	AUE_SHMUNLINK		43036
+#define	AUE_LOADSHFILE		43037	/* Darwin-specific. */
+#define	AUE_RESETSHFILE		43038	/* Darwin-specific. */
+#define	AUE_NEWSYSTEMSHREG	43039	/* Darwin-specific. */
+#define	AUE_PTHREADKILL		43040	/* Darwin-specific. */
+#define	AUE_PTHREADSIGMASK	43041	/* Darwin-specific. */
+#define	AUE_AUDITCTL		43042
+#define	AUE_RFORK		43043
+#define	AUE_LCHMOD		43044
+#define	AUE_SWAPOFF		43045
+#define	AUE_INITPROCESS		43046	/* Darwin-specific. */
+#define	AUE_MAPFD		43047	/* Darwin-specific. */
+#define	AUE_TASKFORPID		43048	/* Darwin-specific. */
+#define	AUE_PIDFORTASK		43049	/* Darwin-specific. */
+#define	AUE_SYSCTL_NONADMIN	43050
+#define	AUE_COPYFILE		43051	/* Darwin-specific. */
+
+/*
+ * Events added to OpenBSM for FreeBSD and Linux; may also be used by Darwin
+ * in the future.
+ */
+#define	AUE_LUTIMES		43052
+#define	AUE_LCHFLAGS		43053	/* FreeBSD-specific. */
+#define	AUE_SENDFILE		43054	/* BSD/Linux-specific. */
+#define	AUE_USELIB		43055	/* Linux-specific. */
+#define	AUE_GETRESUID		43056
+#define	AUE_SETRESUID		43057
+#define	AUE_GETRESGID		43058
+#define	AUE_SETRESGID		43059
+#define	AUE_WAIT4		43060	/* FreeBSD-specific. */
+#define	AUE_LGETFH		43061	/* FreeBSD-specific. */
+#define	AUE_FHSTATFS		43062	/* FreeBSD-specific. */
+#define	AUE_FHOPEN		43063	/* FreeBSD-specific. */
+#define	AUE_FHSTAT		43064	/* FreeBSD-specific. */
+#define	AUE_JAIL		43065	/* FreeBSD-specific. */
+#define	AUE_EACCESS		43066	/* FreeBSD-specific. */
+#define	AUE_KQUEUE		43067	/* FreeBSD-specific. */
+#define	AUE_KEVENT		43068	/* FreeBSD-specific. */
+#define	AUE_FSYNC		43069
+#define	AUE_NMOUNT		43070	/* FreeBSD-specific. */
+#define	AUE_BDFLUSH		43071	/* Linux-specific. */
+#define	AUE_SETFSUID		43072	/* Linux-specific. */
+#define	AUE_SETFSGID		43073	/* Linux-specific. */
+#define	AUE_PERSONALITY		43074	/* Linux-specific. */
+#define	AUE_SCHED_GETSCHEDULER	43075	/* POSIX.1b. */
+#define	AUE_SCHED_SETSCHEDULER	43076	/* POSIX.1b. */
+#define	AUE_PRCTL		43077	/* Linux-specific. */
+#define	AUE_GETCWD		43078	/* FreeBSD/Linux-specific. */
+#define	AUE_CAPGET		43079	/* Linux-specific. */
+#define	AUE_CAPSET		43080	/* Linux-specific. */
+#define	AUE_PIVOT_ROOT		43081	/* Linux-specific. */
+#define	AUE_RTPRIO		43082	/* FreeBSD-specific. */
+#define	AUE_SCHED_GETPARAM	43083	/* POSIX.1b. */
+#define	AUE_SCHED_SETPARAM	43084	/* POSIX.1b. */
+#define	AUE_SCHED_GET_PRIORITY_MAX	43085	/* POSIX.1b. */
+#define	AUE_SCHED_GET_PRIORITY_MIN	43086	/* POSIX.1b. */
+#define	AUE_SCHED_RR_GET_INTERVAL	43087	/* POSIX.1b. */
+#define	AUE_ACL_GET_FILE	43088	/* FreeBSD. */
+#define	AUE_ACL_SET_FILE	43089	/* FreeBSD. */
+#define	AUE_ACL_GET_FD		43090	/* FreeBSD. */
+#define	AUE_ACL_SET_FD		43091	/* FreeBSD. */
+#define	AUE_ACL_DELETE_FILE	43092	/* FreeBSD. */
+#define	AUE_ACL_DELETE_FD	43093	/* FreeBSD. */
+#define	AUE_ACL_CHECK_FILE	43094	/* FreeBSD. */
+#define	AUE_ACL_CHECK_FD	43095	/* FreeBSD. */
+#define	AUE_ACL_GET_LINK	43096	/* FreeBSD. */
+#define	AUE_ACL_SET_LINK	43097	/* FreeBSD. */
+#define	AUE_ACL_DELETE_LINK	43098	/* FreeBSD. */
+#define	AUE_ACL_CHECK_LINK	43099	/* FreeBSD. */
+#define	AUE_SYSARCH		43100	/* FreeBSD. */
+#define	AUE_EXTATTRCTL		43101	/* FreeBSD. */
+#define	AUE_EXTATTR_GET_FILE	43102	/* FreeBSD. */
+#define	AUE_EXTATTR_SET_FILE	43103	/* FreeBSD. */
+#define	AUE_EXTATTR_LIST_FILE	43104	/* FreeBSD. */
+#define	AUE_EXTATTR_DELETE_FILE	43105	/* FreeBSD. */
+#define	AUE_EXTATTR_GET_FD	43106	/* FreeBSD. */
+#define	AUE_EXTATTR_SET_FD	43107	/* FreeBSD. */
+#define	AUE_EXTATTR_LIST_FD	43108	/* FreeBSD. */
+#define	AUE_EXTATTR_DELETE_FD	43109	/* FreeBSD. */
+#define	AUE_EXTATTR_GET_LINK	43110	/* FreeBSD. */
+#define	AUE_EXTATTR_SET_LINK	43111	/* FreeBSD. */
+#define	AUE_EXTATTR_LIST_LINK	43112	/* FreeBSD. */
+#define	AUE_EXTATTR_DELETE_LINK	43111	/* FreeBSD. */
 
 /*
  * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the

==== //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#18 (text+ko) ====

@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#17 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/bsm/audit_record.h#18 $
  * $FreeBSD: src/sys/bsm/audit_record.h,v 1.3 2006/07/03 14:44:13 rwatson Exp $
  */
 
@@ -200,9 +200,19 @@
 #define PAD_NOTATTR  0x4000   /* nonattributable event */
 #define PAD_FAILURE  0x8000   /* fail audit event */
 
+#define BSM_MAX_GROUPS      16
 
-#define BSM_MAX_GROUPS      16
-#define HEADER_VERSION      1
+/*
+ * A number of BSM versions are floating around and defined.  Here are
+ * constants for them.  OpenBSM uses the same token types, etc, used in the
+ * Solaris BSM version, but has a separate version number in order to
+ * identify a potentially different event identifier name space.
+ */
+#define	BSM_HEADER_VERSION_OLDDARWIN	1	/* In retrospect, a mistake. */
+#define	BSM_HEADER_VERSION_SOLARIS	2
+#define	BSM_HEADER_VERSION_TSOL25	3
+#define	BSM_HEADER_VERSION_TSOL		4
+#define	BSM_HEADER_VERSION_OPENBSM	10
 
 /*
  * BSM define is AUT_TRAILER_MAGIC; Apple BSM define is TRAILER_PAD_MAGIC; we

==== //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#22 (text+ko) ====

@@ -30,7 +30,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#21 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#22 $
  * $FreeBSD: src/sys/security/audit/audit_bsm_token.c,v 1.4 2006/06/17 13:53:04 wsalamon Exp $
  */
 
@@ -1166,7 +1166,7 @@
 
 	ADD_U_CHAR(dptr, AUT_HEADER32);
 	ADD_U_INT32(dptr, rec_size);
-	ADD_U_CHAR(dptr, HEADER_VERSION);
+	ADD_U_CHAR(dptr, BSM_HEADER_VERSION_OPENBSM);
 	ADD_U_INT16(dptr, e_type);
 	ADD_U_INT16(dptr, e_mod);