This commit was generated by cvs2svn to compensate for changes in r155518,

which included commits to RCS files with non-trunk default branches.

contrib/openbsm/CHANGELOG

@@ -1,3 +1,15 @@
+OpenBSM 1.0 alpha 4
+
+- Remove "audit" user example from audit_user, as it's not present on most
+  systems.
+- Add cannot_audit() function non-Darwin systems that wraps auditon();
+  required by OpenSSH BSM support.  Convert Darwin cannot_audit() into a
+  function rather than a macro.
+- Library build fixed on Darwin following include file tweaks.  The native
+  Darwin sys/audit.h conflicts with bsm/audit.h due to duplicate types, so
+  for now we force bsm_wrappers.c to not perform a nested include of
+  sys/audit.h.
+
 OpenBSM 1.0 alpha 3
 
 - Man page formatting, cross reference, mlinks, and accuracy improvements.
@@ -82,4 +94,4 @@ OpenBSM 1.0 alpha 1
   to support reloading of kernel event table.
 - Allow comments in /etc/security configuration files.
 
-$P4: //depot/projects/trustedbsd/openbsm/CHANGELOG#10 $
+$P4: //depot/projects/trustedbsd/openbsm/CHANGELOG#12 $

contrib/openbsm/README

@@ -64,6 +64,7 @@ to the development of OpenBSM:
     Poul-Henning Kamp
     Christian Brueffer
     Olivier Houchard
+    Christian Peron
 
 In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
 Software's FlexeLint tool were used to identify a number of bugs in the
@@ -85,4 +86,4 @@ Information on TrustedBSD may be found on the TrustedBSD home page:
 
     http://www.TrustedBSD.org/
 
-$P4: //depot/projects/trustedbsd/openbsm/README#13 $
+$P4: //depot/projects/trustedbsd/openbsm/README#14 $

contrib/openbsm/bin/audit/audit.c

@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#4 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#5 $
  */
 /*
  * Program to trigger the audit daemon with a message that is either:
@@ -40,8 +40,8 @@
  *
  */
 
-#include <sys/queue.h>
 #include <sys/types.h>
+#include <sys/queue.h>
 #include <sys/uio.h>
 
 #include <bsm/audit.h>

contrib/openbsm/bin/auditd/auditd.c

@@ -30,14 +30,14 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#11 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#12 $
  */
 
+#include <sys/types.h>
 #include <sys/dirent.h>
 #include <sys/mman.h>
 #include <sys/queue.h>
 #include <sys/stat.h>
-#include <sys/types.h>
 #include <sys/wait.h>
 
 #include <bsm/audit.h>

contrib/openbsm/bsm/libbsm.h

@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#14 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#16 $
  */
 
 #ifndef _LIBBSM_H_
@@ -44,11 +44,12 @@
 #include <sys/cdefs.h>
 #include <sys/queue.h>
 
+#include <stdint.h>		/* Required for audit.h. */
+
 #include <bsm/audit.h>
 #include <bsm/audit_record.h>
 
 #include <stdio.h>
-#include <stdint.h>
 
 #ifdef __APPLE__
 #include <mach/mach.h>		/* audit_token_t */
@@ -871,7 +872,7 @@ int	au_get_state(void);
 __END_DECLS
 
 /* OpenSSH compatibility */
-#define	cannot_audit(x)	(!(au_get_state() == AUC_AUDITING))
+int	cannot_audit(int);
 
 __BEGIN_DECLS
 /*

contrib/openbsm/etc/audit_user

@@ -1,5 +1,4 @@
 #
-# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_user#2 $
+# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_user#3 $
 #
 root:lo:no
-audit:fc:no

contrib/openbsm/libbsm/bsm_notify.c

@@ -26,15 +26,12 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#8 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_notify.c#9 $
  */
 
-#ifdef __APPLE__
-
 /*
  * Based on sample code from Marc Majka.
  */
-#include <notify.h>
 #include <string.h>	/* strerror() */
 #include <sys/errno.h>	/* errno */
 #include <bsm/libbsm.h>
@@ -42,6 +39,8 @@
 #include <syslog.h>	/* syslog() */
 #include <stdarg.h>	/* syslog() */
 
+#ifdef __APPLE__
+#include <notify.h>
 /* If 1, assumes a kernel that sends the right notification. */
 #define	AUDIT_NOTIFICATION_ENABLED	1
 
@@ -145,5 +144,25 @@ au_get_state(void)
 		return (AUC_AUDITING);
 	}
 }
+#endif	/* !__APPLE__ */
 
-#endif /* !__APPLE__ */
+int
+cannot_audit(int val __unused)
+{
+#ifdef __APPLE__
+	return (!(au_get_state() == AUC_AUDITING));
+#else
+	unsigned long au_cond;
+
+	if (auditon(A_GETCOND, &au_cond, sizeof(long)) < 0) {
+		if (errno != ENOSYS) {
+			syslog(LOG_ERR, "Audit status check failed (%s)",
+			    strerror(errno));
+		}
+		return (1);
+	}
+	if (au_cond == AUC_NOAUDIT || au_cond == AUC_DISABLED)
+		return (1);
+	return (0);
+#endif	/* !__APPLE__ */
+}

contrib/openbsm/libbsm/bsm_wrappers.c

@@ -26,9 +26,13 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#14 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#16 $
  */
 
+#ifdef __APPLE__
+#define	_SYS_AUDIT_H		/* Prevent include of sys/audit.h. */
+#endif
+
 #include <sys/param.h>
 #include <sys/stat.h>
 #include <sys/sysctl.h>

contrib/openbsm/man/Makefile

@@ -1,5 +1,5 @@
 #
-# $P4: //depot/projects/trustedbsd/openbsm/man/Makefile#5 $
+# $P4: //depot/projects/trustedbsd/openbsm/man/Makefile#7 $
 #
 
 MAN=	audit.2								\
@@ -16,4 +16,7 @@ MAN=	audit.2								\
 	audit_user.5							\
 	audit_warn.5
 
+MLINKS= getaudit.2 getaudit_addr.2					\
+	setaudit.2 setaudit_addr.2
+
 .include <bsd.prog.mk>

contrib/openbsm/tools/audump.c

@@ -23,7 +23,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/tools/audump.c#4 $
+ * $P4: //depot/projects/trustedbsd/openbsm/tools/audump.c#5 $
  */
 
 #include <bsm/libbsm.h>
@@ -41,7 +41,7 @@ static void
 usage(void)
 {
 
-	fprintf(stderr, "usage: dump [class|class_r|control|event|event_r|"
+	fprintf(stderr, "usage: audump [class|class_r|control|event|event_r|"
 	    "user|user_r]\n");
 	exit(-1);
 }