Vendor import of OpenBSM 1.0 alpha 7, with the following change history

notes: - Adopted Solaris-compatible format for subject32_ex and subject64_ex tokens, which previously did not correctly implement variable length address storage. - Prefer inttypes.h to stdint.h; enhance queue.h detection to test for TAILQ_FOREACH_SAFE(), which is present in recent BSD queue.h's, but not older ones. OpenBSM now builds on some FreeBSD 4.x version. - New event types for extended attributes, ACLs, and scheduling. Obtained from: TrustedBSD Project
2006-06-27 18:06:41 +00:00 · 2006-06-27 18:06:41 +00:00 · d9af45c4c8
commit d9af45c4c8
parent 506764c6f6
13 changed files with 710 additions and 176 deletions
--- a/contrib/openbsm/HISTORY
+++ b/contrib/openbsm/HISTORY
@ -1,3 +1,13 @@
+OpenBSM 1.0 alpha 7
+
+- Adopted Solaris-compatible format for subject32_ex and subject64_ex
+  tokens, which previously did not correctly implement variable length
+  address storage.
+- Prefer inttypes.h to stdint.h; enhance queue.h detection to test for
+  TAILQ_FOREACH_SAFE(), which is present in recent BSD queue.h's, but not
+  older ones.  OpenBSM now builds on some FreeBSD 4.x version.
+- New event types for extended attributes, ACLs, and scheduling.
+
 OpenBSM 1.0 alpha 6

 - Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close();
@ -165,4 +175,4 @@ OpenBSM 1.0 alpha 1
  to support reloading of kernel event table.
 - Allow comments in /etc/security configuration files.

-$P4: //depot/projects/trustedbsd/openbsm/HISTORY#12 $
+$P4: //depot/projects/trustedbsd/openbsm/HISTORY#15 $
--- a/contrib/openbsm/VERSION
+++ b/contrib/openbsm/VERSION
@ -1 +1 @@
-OPENBSM_1_0_ALPHA_6
+OPENBSM_1_0_ALPHA_7
--- a/contrib/openbsm/bsm/audit_kevents.h
+++ b/contrib/openbsm/bsm/audit_kevents.h
@ -30,7 +30,7 @@
 *
 * @APPLE_BSD_LICENSE_HEADER_END@
 *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#37 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#38 $
 */

 #ifndef _BSM_AUDIT_KEVENTS_H_
@ -383,7 +383,24 @@
 #define	AUE_ACL_DELETE_FD		403	/* FreeBSD. */
 #define	AUE_ACL_CHECK_FILE		404	/* FreeBSD. */
 #define	AUE_ACL_CHECK_FD		405	/* FreeBSD. */
-#define	AUE_SYSARCH			406	/* FreeBSD. */
+#define	AUE_ACL_GET_LINK		406	/* FreeBSD. */
+#define	AUE_ACL_SET_LINK		407	/* FreeBSD. */
+#define	AUE_ACL_DELETE_LINK		408	/* FreeBSD. */
+#define	AUE_ACL_CHECK_LINK		409	/* FreeBSD. */
+#define	AUE_SYSARCH			410	/* FreeBSD. */
+#define	AUE_EXTATTRCTL			411	/* FreeBSD. */
+#define	AUE_EXTATTR_GET_FILE		412	/* FreeBSD. */
+#define	AUE_EXTATTR_SET_FILE		413	/* FreeBSD. */
+#define	AUE_EXTATTR_LIST_FILE		414	/* FreeBSD. */
+#define	AUE_EXTATTR_DELETE_FILE		415	/* FreeBSD. */
+#define	AUE_EXTATTR_GET_FD		416	/* FreeBSD. */
+#define	AUE_EXTATTR_SET_FD		417	/* FreeBSD. */
+#define	AUE_EXTATTR_LIST_FD		418	/* FreeBSD. */
+#define	AUE_EXTATTR_DELETE_FD		419	/* FreeBSD. */
+#define	AUE_EXTATTR_GET_LINK		420	/* FreeBSD. */
+#define	AUE_EXTATTR_SET_LINK		421	/* FreeBSD. */
+#define	AUE_EXTATTR_LIST_LINK		422	/* FreeBSD. */
+#define	AUE_EXTATTR_DELETE_LINK		423	/* FreeBSD. */

 /*
 * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
--- a/contrib/openbsm/bsm/audit_record.h
+++ b/contrib/openbsm/bsm/audit_record.h
@ -30,12 +30,14 @@
 *
 * @APPLE_BSD_LICENSE_HEADER_END@
 *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#17 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_record.h#19 $
 */

 #ifndef _BSM_AUDIT_RECORD_H_
 #define _BSM_AUDIT_RECORD_H_

+#include <sys/time.h>			/* struct timeval */
+
 /*
 * Token type identifiers.
 */
--- a/contrib/openbsm/bsm/libbsm.h
+++ b/contrib/openbsm/bsm/libbsm.h
@ -26,7 +26,7 @@
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#20 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#21 $
 */

 #ifndef _LIBBSM_H_
@ -43,7 +43,7 @@
 #include <sys/types.h>
 #include <sys/cdefs.h>

-#include <stdint.h>		/* Required for audit.h. */
+#include <inttypes.h>		/* Required for audit.h. */
 #include <time.h>		/* Required for clock_t on Linux. */

 #include <bsm/audit.h>
--- a/contrib/openbsm/config/ltmain.sh
+++ b/contrib/openbsm/config/ltmain.sh
--- a/contrib/openbsm/configure
+++ b/contrib/openbsm/configure
@ -1,7 +1,7 @@
 #! /bin/sh
-# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#22 .
+# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#23 .
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a6.
+# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a7.
 #
 # Report bugs to <trustedbsd-audit@TrustesdBSD.org>.
 #
@ -424,8 +424,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
 # Identity of this package.
 PACKAGE_NAME='OpenBSM'
 PACKAGE_TARNAME='openbsm'
-PACKAGE_VERSION='1.0a6'
-PACKAGE_STRING='OpenBSM 1.0a6'
+PACKAGE_VERSION='1.0a7'
+PACKAGE_STRING='OpenBSM 1.0a7'
 PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org'

 ac_unique_file="bin/auditreduce/auditreduce.c"
@ -955,7 +955,7 @@ if test "$ac_init_help" = "long"; then
  # Omit some internal or obsolete options to make the list less imposing.
  # This message is too long to be a string in the A/UX 3.1 sh.
  cat <<_ACEOF
-\`configure' configures OpenBSM 1.0a6 to adapt to many kinds of systems.
+\`configure' configures OpenBSM 1.0a7 to adapt to many kinds of systems.

 Usage: $0 [OPTION]... [VAR=VALUE]...

@ -1021,7 +1021,7 @@ fi

 if test -n "$ac_init_help"; then
  case $ac_init_help in
-     short | recursive ) echo "Configuration of OpenBSM 1.0a6:";;
+     short | recursive ) echo "Configuration of OpenBSM 1.0a7:";;
   esac
  cat <<\_ACEOF

@ -1162,7 +1162,7 @@ fi
 test -n "$ac_init_help" && exit 0
 if $ac_init_version; then
  cat <<\_ACEOF
-OpenBSM configure 1.0a6
+OpenBSM configure 1.0a7
 generated by GNU Autoconf 2.59

 Copyright (C) 2003 Free Software Foundation, Inc.
@ -1176,7 +1176,7 @@ cat >&5 <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.

-It was created by OpenBSM $as_me 1.0a6, which was
+It was created by OpenBSM $as_me 1.0a7, which was
 generated by GNU Autoconf 2.59.  Invocation command line was

  $ $0 $@
@ -19278,7 +19278,7 @@ fi

 # Define the identity of the package.
 PACKAGE=OpenBSM
- VERSION=1.0a6
+ VERSION=1.0a7


 cat >>confdefs.h <<_ACEOF
@ -22936,8 +22936,8 @@ done


 # sys/queue.h exists on most systems, but its capabilities vary a great deal.
-# test for LIST_FIRST, which appears to not exist in all of them, and is
-# necessary for OpenBSM.
+# test for LIST_FIRST and TAILQ_FOREACH_SAFE, which appears to not exist in
+# all of them, and are necessary for OpenBSM.
 cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@ -22951,13 +22951,13 @@ int
 main ()
 {

-	struct foo {
-		LIST_ENTRY(foo) foo_entries;
-	};
-	LIST_HEAD(, foo) foo_list;
-	struct foo *foo;

-	foo = LIST_FIRST(&foo_list);
+	#ifndef LIST_FIRST
+	#error LIST_FIRST missing
+	#endif
+	#ifndef TAILQ_FOREACH_SAFE
+	#error TAILQ_FOREACH_SAFE
+	#endif

  ;
  return 0;
@ -23477,7 +23477,7 @@ _ASBOX
 } >&5
 cat >&5 <<_CSEOF

-This file was extended by OpenBSM $as_me 1.0a6, which was
+This file was extended by OpenBSM $as_me 1.0a7, which was
 generated by GNU Autoconf 2.59.  Invocation command line was

  CONFIG_FILES    = $CONFIG_FILES
@ -23540,7 +23540,7 @@ _ACEOF

 cat >>$CONFIG_STATUS <<_ACEOF
 ac_cs_version="\\
-OpenBSM config.status 1.0a6
+OpenBSM config.status 1.0a7
 configured by $0, generated by GNU Autoconf 2.59,
  with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"

--- a/contrib/openbsm/configure.ac
+++ b/contrib/openbsm/configure.ac
@ -2,8 +2,8 @@
 # Process this file with autoconf to produce a configure script.

 AC_PREREQ(2.59)
-AC_INIT([OpenBSM], [1.0a6], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
-AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#22 $])
+AC_INIT([OpenBSM], [1.0a7], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
+AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#24 $])
 AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c])
 AC_CONFIG_AUX_DIR(config)
 AC_CONFIG_HEADER([config/config.h])
@ -59,18 +59,18 @@ AC_FUNC_STRFTIME
 AC_CHECK_FUNCS([bzero ftruncate gettimeofday inet_ntoa memset strchr strerror strrchr strstr strtol strtoul])

 # sys/queue.h exists on most systems, but its capabilities vary a great deal.
-# test for LIST_FIRST, which appears to not exist in all of them, and is
-# necessary for OpenBSM.
+# test for LIST_FIRST and TAILQ_FOREACH_SAFE, which appears to not exist in
+# all of them, and are necessary for OpenBSM.
 AC_TRY_LINK([
 	#include <sys/queue.h>
 ], [
-	struct foo {
-		LIST_ENTRY(foo) foo_entries;
-	};
-	LIST_HEAD(, foo) foo_list;
-	struct foo *foo;

-	foo = LIST_FIRST(&foo_list);
+	#ifndef LIST_FIRST
+	#error LIST_FIRST missing
+	#endif
+	#ifndef TAILQ_FOREACH_SAFE
+	#error TAILQ_FOREACH_SAFE
+	#endif
 ], [
 AC_DEFINE(HAVE_FULL_QUEUE_H,, Define if queue.h includes LIST_FIRST)
 ])
--- a/contrib/openbsm/etc/audit_event
+++ b/contrib/openbsm/etc/audit_event
@ -1,5 +1,5 @@
 #
-# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#10 $
+# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#11 $
 #
 0:AUE_NULL:indir system call:no
 1:AUE_EXIT:exit(2):pc
@ -314,6 +314,49 @@
 378:AUE_KEVENT:kevent(2):no
 379:AUE_FSYNC:fsync(2):fm
 380:AUE_NMOUNT:nmount(2):ad
+381:AUE_BDFLUSH:bdflush(2):ad
+382:AUE_SETFSUID:setfsuid(2):ot
+383:AUE_SETFSGID:setfsgid(2):ot
+384:AUE_PERSONALITY:personality(2):pc
+385:AUE_SCHED_GETSCHEDULER:getscheduler(2):ad
+386:AUE_SCHED_SETSCHEDULER:setscheduler(2):ad
+387:AUE_PRCTL:prctl(2):pc
+388:AUE_GETCWD:getcwd(2):pc
+389:AUE_CAPGET:capget(2):pc
+390:AUE_CAPSET:capset(2):pc
+391:AUE_PIVOT_ROOT:pivot_root(2):pc
+392:AUE_RTPRIO::rtprio(2):pc
+393:AUE_SCHED_GETPARAM:sched_getparam(2):ad
+394:AUE_SCHED_SETPARAM:sched_setparam(2):ad
+395:AUE_SCHED_GET_PRIORITY_MAX:sched_get_priority_max(2):ad
+396:AUE_SCHED_GET_PRIORITY_MIN:sched_get_priority_min(2):ad
+397:AUE_SCHED_RR_GET_INTERVAL:sched_rr_get_interval(2):ad
+398:AUE_ACL_GET_FILE:acl_get_file(2):fa
+399:AUE_ACL_SET_FILE:acl_set_file(2):fm
+400:AUE_ACL_GET_FD:acl_get_fd(2):fa
+401:AUE_ACL_SET_FD:acl_set_fd(2):fm
+402:AUE_ACL_DELETE_FILE:acl_delete_file(2):fm
+403:AUE_ACL_DELETE_FD:acl_delete_fd(2):fm
+404:AUE_ACL_CHECK_FILE:acl_aclcheck_file(2):fa
+405:AUE_ACL_CHECK_FD:acl_aclcheck_fd(2):fa
+406:AUE_ACL_GET_LINK:acl_get_link(2):fa
+407:AUE_ACL_SET_LINK:acl_set_link(2):fm
+408:AUE_ACL_DELETE_LINK:acl_delete_link(2):fm
+409:AUE_ACL_CHECK_LINK:acl_aclcheck_link(2):fa
+410:AUE_SYSARCH:sysarch(2):na
+411:AUE_EXTATTRCTL:extattrctl(2):fm
+412:AUE_EXTATTR_GET_FILE:extattr_get_file(2):fa
+413:AUE_EXTATTR_SET_FILE:extattr_set_file(2):fm
+414:AUE_EXTATTR_LIST_FILE:extattr_list_file(2):fa
+415:AUE_EXTATTR_DELETE_FILE:extattr_delete_file(2):fm
+416:AUE_EXTATTR_GET_FD:extattr_get_fd(2):fa
+417:AUE_EXTATTR_SET_FD:extattr_set_fd(2):fm
+418:AUE_EXTATTR_LIST_FD:extattr_list_fd(2):fa
+419:AUE_EXTATTR_DELETE_FD:extattr_delete_fd(2):fm
+420:AUE_EXTATTR_GET_LINK:extattr_get_link(2):fa
+421:AUE_EXTATTR_SET_LINK:extattr_set_link(2):fm
+422:AUE_EXTATTR_LIST_LINK:extattr_list_link(2):fa
+423:AUE_EXTATTR_DELETE_LINK:extattr_delete_link(2):fm
 6152:AUE_login:login - local:lo
 6153:AUE_logout:logout - local:lo
 6159:AUE_su:su(1):lo
--- a/contrib/openbsm/libbsm/bsm_notify.c
+++ b/contrib/openbsm/libbsm/bsm_notify.c
@ -26,7 +26,7 @@
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#11 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#12 $
 */

 /*
@ -45,7 +45,7 @@
 #include <bsm/libbsm.h>

 #include <errno.h>
-#include <stdint.h>
+#include <inttypes.h>
 #include <stdarg.h>
 #include <string.h>
 #include <syslog.h>
--- a/contrib/openbsm/libbsm/bsm_token.c
+++ b/contrib/openbsm/libbsm/bsm_token.c
@ -30,7 +30,7 @@
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#47 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#48 $
 */

 #include <sys/types.h>
@ -691,7 +691,16 @@ au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
 	token_t *t;
 	u_char *dptr = NULL;

-	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * sizeof(u_int32_t));
+	if (tid->at_type == AU_IPv4)
+		GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
+		    10 * sizeof(u_int32_t));
+	else if (tid->at_type == AU_IPv6)
+		GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
+		    13 * sizeof(u_int32_t));
+	else {
+		errno = EINVAL;
+		return (NULL);
+	}
 	if (t == NULL)
 		return (NULL);

@ -706,9 +715,11 @@ au_to_process32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
 	ADD_U_INT32(dptr, tid->at_port);
 	ADD_U_INT32(dptr, tid->at_type);
 	ADD_U_INT32(dptr, tid->at_addr[0]);
-	ADD_U_INT32(dptr, tid->at_addr[1]);
-	ADD_U_INT32(dptr, tid->at_addr[2]);
-	ADD_U_INT32(dptr, tid->at_addr[3]);
+	if (tid->at_type == AU_IPv6) {
+		ADD_U_INT32(dptr, tid->at_addr[1]);
+		ADD_U_INT32(dptr, tid->at_addr[2]);
+		ADD_U_INT32(dptr, tid->at_addr[3]);
+	}

 	return (t);
 }
@ -969,7 +980,16 @@ au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
 	token_t *t;
 	u_char *dptr = NULL;

-	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 * sizeof(u_int32_t));
+	if (tid->at_type == AU_IPv4)
+		GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 10 *
+		    sizeof(u_int32_t));
+	else if (tid->at_type == AU_IPv6)
+		GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 13 *
+		    sizeof(u_int32_t));
+	else {
+		errno = EINVAL;
+		return (NULL);
+	}
 	if (t == NULL)
 		return (NULL);

@ -984,9 +1004,11 @@ au_to_subject32_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
 	ADD_U_INT32(dptr, tid->at_port);
 	ADD_U_INT32(dptr, tid->at_type);
 	ADD_U_INT32(dptr, tid->at_addr[0]);
-	ADD_U_INT32(dptr, tid->at_addr[1]);
-	ADD_U_INT32(dptr, tid->at_addr[2]);
-	ADD_U_INT32(dptr, tid->at_addr[3]);
+	if (tid->at_type == AU_IPv6) {
+		ADD_U_INT32(dptr, tid->at_addr[1]);
+		ADD_U_INT32(dptr, tid->at_addr[2]);
+		ADD_U_INT32(dptr, tid->at_addr[3]);
+	}

 	return (t);
 }
--- a/contrib/openbsm/man/audit.log.5
+++ b/contrib/openbsm/man/audit.log.5
@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#8 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#9 $
 .\"
 .Dd May 1, 2005
 .Dt AUDIT.LOG 5
@ -218,7 +218,7 @@ token can be created using
 .It Li "Protocol" Ta "1 byte" Ta "IP protocol number"
 .It Li "Checksum" Ta "2 bytes" Ta "IP header checksum, network byte order"
 .It Li "Source Address" Ta "4 bytes" Ta "IPv4 source address"
-.It Li "Desintation Address" Ta "4 bytes" Ta "IPv4 destination address"
+.It Li "Destination Address" Ta "4 bytes" Ta "IPv4 destination address"
 .El
 .Ss Expanded ip Token
 The
--- a/contrib/openbsm/test/bsm/generate.c
+++ b/contrib/openbsm/test/bsm/generate.c
@ -23,7 +23,7 @@
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
- * $P4: //depot/projects/trustedbsd/openbsm/test/bsm/generate.c#3 $
+ * $P4: //depot/projects/trustedbsd/openbsm/test/bsm/generate.c#4 $
 */

 /*
@ -31,6 +31,7 @@
 */

 #include <sys/types.h>
+#include <sys/socket.h>
 #include <sys/stat.h>

 #include <netinet/in.h>
@ -267,6 +268,7 @@ static gid_t		 subject32_rgid = 0x09876543;
 static pid_t		 subject32_pid = 0x13243546;
 static au_asid_t	 subject32_sid = 0x97867564;
 static au_tid_t		 subject32_tid = { 0x16593746 };
+static au_tid_addr_t	 subject32_tid_addr = { 0x16593746 };

 static void
 generate_subject32_token(const char *directory, const char *token_filename)
@ -298,6 +300,32 @@ generate_subject32_record(const char *directory, const char *record_filename)
 	write_record(directory, record_filename, subject32_token, AUE_NULL);
 }

+static void
+generate_subject32ex_token(const char *directory, const char *token_filename,
+    u_int32_t type)
+{
+	token_t *subject32ex_token;
+	char *buf;
+
+	buf = (char *)malloc(strlen(token_filename) + 6);
+	if (type == AU_IPv6) {
+		inet_pton(AF_INET6, "fe80::1", subject32_tid_addr.at_addr);
+		subject32_tid_addr.at_type = AU_IPv6;
+		sprintf(buf, "%s%s", token_filename, "-IPv6");
+	} else {
+		subject32_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
+		subject32_tid_addr.at_type = AU_IPv4;
+		sprintf(buf, "%s%s", token_filename, "-IPv4");
+	}
+
+	subject32ex_token = au_to_subject32_ex(subject32_auid, subject32_euid,
+	    subject32_egid, subject32_ruid, subject32_rgid, subject32_pid,
+	    subject32_sid, &subject32_tid_addr);
+	if (subject32ex_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_subject32_ex");
+	write_token(directory, buf, subject32ex_token);
+}
+
 static au_id_t		 process32_auid = 0x12345678;
 static uid_t		 process32_euid = 0x01234567;
 static gid_t		 process32_egid = 0x23456789;
@ -306,6 +334,7 @@ static gid_t		 process32_rgid = 0x09876543;
 static pid_t		 process32_pid = 0x13243546;
 static au_asid_t	 process32_sid = 0x97867564;
 static au_tid_t		 process32_tid = { 0x16593746 };
+static au_tid_addr_t	 process32_tid_addr = { 0x16593746 };

 static void
 generate_process32_token(const char *directory, const char *token_filename)
@ -337,6 +366,22 @@ generate_process32_record(const char *directory, const char *record_filename)
 	write_record(directory, record_filename, process32_token, AUE_NULL);
 }

+static void
+generate_process32ex_token(const char *directory, const char *token_filename)
+{
+	token_t *process32ex_token;
+
+	process32_tid_addr.at_addr[0] = inet_addr("127.0.0.1");
+	process32_tid_addr.at_type = AU_IPv4;
+
+	process32ex_token = au_to_process32_ex(process32_auid, process32_euid,
+	    process32_egid, process32_ruid, process32_rgid, process32_pid,
+	    process32_sid, &process32_tid_addr);
+	if (process32ex_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_process32_ex");
+	write_token(directory, token_filename, process32ex_token);
+}
+
 static char		 return32_status = 0xd7;
 static uint32_t		 return32_ret = 0x12345678;

@ -713,7 +758,10 @@ main(int argc, char *argv[])
 		generate_ipc_token(directory, "ipc_token");
 		generate_path_token(directory, "path_token");
 		generate_subject32_token(directory, "subject32_token");
+		generate_subject32ex_token(directory, "subject32ex_token", AU_IPv4);
+		generate_subject32ex_token(directory, "subject32ex_token", AU_IPv6);
 		generate_process32_token(directory, "process32_token");
+		generate_process32ex_token(directory, "process32ex_token");
 		generate_return32_token(directory, "return32_token");
 		generate_text_token(directory, "text_token");
 		generate_opaque_token(directory, "opaque_token");
@ -736,7 +784,10 @@ main(int argc, char *argv[])
 		generate_ipc_token(directory, "ipc_record");
 		generate_path_token(directory, "path_record");
 		generate_subject32_token(directory, "subject32_record");
+		generate_subject32ex_token(directory, "subject32ex_record", AU_IPv4);
+		generate_subject32ex_token(directory, "subject32ex_record", AU_IPv6);
 		generate_process32_token(directory, "process32_record");
+		generate_process32ex_token(directory, "process32ex_token");
 		generate_return32_token(directory, "return32_record");
 		generate_text_token(directory, "text_record");
 		generate_opaque_token(directory, "opaque_record");