From 20bce94704e0ebbe8a06db8b6df5fc462f8b28b3 Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Sat, 4 Mar 2006 17:00:55 +0000
Subject: [PATCH] Update src/sys/security/audit for OpenBSM 1.0 alpha 5:

- Include audit_internal.h to get definition of internal audit record
  structures, as it's no longer in audit.h.  Forward declare au_record
  in audit_private.h as not all audit_private.h consumers care about
  it.

- Remove __APPLE__ compatibility bits that are subsumed by configure
  for user space.

- Don't expose in6_addr internals (non-portable, but also cleaner
  looking).

- Avoid nested include of audit.h in audit_private.h.

Obtained from:	TrustedBSD Project
---
 sys/security/audit/audit.c           |  1 +
 sys/security/audit/audit_bsm_token.c | 18 ++++--------------
 sys/security/audit/audit_private.h   |  2 +-
 3 files changed, 6 insertions(+), 15 deletions(-)

diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c
index 457313e91747..5eaa0be1c2e8 100644
--- a/sys/security/audit/audit.c
+++ b/sys/security/audit/audit.c
@@ -58,6 +58,7 @@
 #include <sys/vnode.h>
 
 #include <bsm/audit.h>
+#include <bsm/audit_internal.h>
 #include <bsm/audit_kevents.h>
 
 #include <netinet/in.h>
diff --git a/sys/security/audit/audit_bsm_token.c b/sys/security/audit/audit_bsm_token.c
index ed7f10863656..31e7d0fa656c 100644
--- a/sys/security/audit/audit_bsm_token.c
+++ b/sys/security/audit/audit_bsm_token.c
@@ -30,16 +30,12 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#7 $
+ * $P4: //depot/projects/trustedbsd/audit3/sys/security/audit/audit_bsm_token.c#9 $
  * $FreeBSD$
  */
 
 #include <sys/types.h>
-#ifdef __APPLE__
-#include <compat/endian.h>
-#else /* !__APPLE__ */
 #include <sys/endian.h>
-#endif /* __APPLE__*/
 #include <sys/socket.h>
 #include <sys/time.h>
 
@@ -327,10 +323,7 @@ au_to_in_addr_ex(struct in6_addr *internet_addr)
 
 	ADD_U_CHAR(dptr, AUT_IN_ADDR_EX);
 	ADD_U_INT32(dptr, type);
-	ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[0]);
-	ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[1]);
-	ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[2]);
-	ADD_U_INT32(dptr, internet_addr->__u6_addr.__u6_addr32[3]);
+	ADD_MEM(dptr, internet_addr, sizeof(*internet_addr));
 
 	return (t);
 }
@@ -865,10 +858,7 @@ au_to_sock_inet128(struct sockaddr_in6 *so)
 	ADD_U_CHAR(dptr, so->sin6_family);
 
 	ADD_U_INT16(dptr, so->sin6_port);
-	ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[0]);
-	ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[1]);
-	ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[2]);
-	ADD_U_INT32(dptr, so->sin6_addr.__u6_addr.__u6_addr32[3]);
+	ADD_MEM(dptr, &so->sin6_addr, sizeof(so->sin6_addr));
 
 	return (t);
 
@@ -992,7 +982,7 @@ au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid,
 	    tid));
 }
 
-#if !defined(_KERNEL) && !defined(KERNEL)
+#if !defined(_KERNEL) && !defined(KERNEL) && defined(HAVE_AUDIT_SYSCALLS)
 /*
  * Collects audit information for the current process
  * and creates a subject token from it
diff --git a/sys/security/audit/audit_private.h b/sys/security/audit/audit_private.h
index c23289f49bfa..3ca0115d0af9 100644
--- a/sys/security/audit/audit_private.h
+++ b/sys/security/audit/audit_private.h
@@ -233,6 +233,7 @@ struct kaudit_record	*audit_new(int event, struct thread *td);
  * Functions relating to the conversion of internal kernel audit records to
  * the BSM file format.
  */
+struct au_record;
 int			 kaudit_to_bsm(struct kaudit_record *kar,
 			    struct au_record **pau);
 int			 bsm_rec_verify(void *rec);
@@ -259,7 +260,6 @@ void			 kau_init(void);
 #include <sys/fcntl.h>
 #include <sys/kernel.h>
 #include <sys/malloc.h>
-#include <security/audit/audit.h>
 
 /*
  * Some of the BSM tokenizer functions take different parameters in the