Vendor import of OpenBSM 1.0 alpha 11, with the following change history

notes since the last import:

OpenBSM 1.0 alpha 11

- Reclassify certain read/write operations as having no class rather than the
  fr/fw class; our default classes audit intent (open) not operations (read,
  write).
- Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads
  and writes of sysctls as separate events.  Add additional kernel
  environment and jail events for FreeBSD.
- Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER
  (issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued
  by the kernel audit implementation) so that they can be distinguished.
- Disable rate limiting of rotate requests; as the kernel doesn't retransmit
  a dropped request, the log file will otherwise grow indefinitely if the
  trigger is dropped.
- Improve auditd debugging output.
- Fix a number of threading related bugs in audit_control file reading
  routines.
- Add APIs au_poltostr() and au_strtopol() to convert between text
  representations of audit_control policy flags and the flags passed to
  auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY).
- Add API getacpol() to return the 'policy:' entry from audit_control, an
  extension to the Solaris file format to allow specification of policy
  persistent flags.
- Update audump to print the audit_control policy field.
- Update auditd to read the audit_control policy field and set the kernel
  policy to match it when configuring/reconfiguring.  Remove the -s and -h
  arguments as these policies are now set via the configuration file.  If a
  policy line is not found in the configuration file, continue with the
  current default of setting AUDIT_CNT.
- Fix bugs in the parsing of large execve(2) arguments and environmental
  variable tokens; increase maximum parsed argument and variable count.
- configure now detects strlcat(), used by policy-related functions.
- Reference token and record sample files added to test tree.

Obtained from:	TrustedBSD Project

1 files changed, 39 insertions, 3 deletions

diff --git a/contrib/openbsm/libbsm/au_control.3 b/contrib/openbsm/libbsm/au_control.3
index 0cd66f1..00a551e 100644
--- a/contrib/openbsm/libbsm/au_control.3
+++ b/contrib/openbsm/libbsm/au_control.3
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#3 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#4 $
 .\"
 .Dd April 19, 2005
 .Dt AU_CONTROL 3
@@ -34,7 +34,10 @@
 .Nm getacdir ,
 .Nm getacmin ,
 .Nm getacflg ,
-.Nm getacna
+.Nm getacna ,
+.Nm getacpol ,
+.Nm au_poltostr
+.Nm au_strtopol
 .Nd "Look up information from the audit_control database"
 .Sh LIBRARY
 .Lb libbsm
@@ -52,6 +55,12 @@
 .Fn getacflg "char *auditstr" "int len"
 .Ft int
 .Fn getacna "char *auditstr" "int len"
+.Ft int
+.Fn getacpol "char *auditstr" "size_t len"
+.Ft ssize_t
+.Fn au_poltostr "long policy" "size_t maxsize" "char *buf"
+.Ft int
+.Fn au_strtopol "const char *polstr" "long *policy"
 .Sh DESCRIPTION
 These interfaces may be used to look up information from the
 .Xr audit_control 5
@@ -90,15 +99,42 @@ returns the non-attributable flags via the passed character buffer
 .Va auditstr
 of length
 .Va len .
+.Pp
+.Fn getacpol
+returns the audit policy flags via the passed character buffer
+.Va auditstr
+of length
+.Va len .
+.Pp
+.Fn au_poltostr
+converts a numeric audit policy mask,
+.Va policy ,
+value to a string in the passed character buffer
+.Va buf
+of lenth
+.Va maxsize .
+.Pp
+.Fn au_strtopol
+converts an audit policy flags string,
+.Va polstr ,
+to a numeric audit policy mask returned via
+.Va policy .
 .Sh RETURN VALULES
 .Fn getacdir ,
 .Fn getacmin ,
 .Fn getacflg ,
+.Fn getacna ,
+.Fn getacpol ,
 and
-.Fn getacna
+.Fn au_strtopol
 return 0 on success, or a negative value on failure, along with error
 information in
 .Va errno .
+.Pp
+.Fn au_poltostr
+returns a string length of 0 or more on success, or a negative value on
+if there is a failure.
+.Pp
 Functions that return a string value will return a failure if there is
 insufficient room in the passed character buffer for the full string.
 .Sh SEE ALSO