Merge OpenBSM 1.1 from OpenBSM vendor branch to head.

OpenBSM history for imported revision below for reference.

MFC after:      2 weeks
Sponsored by:   Apple, Inc.
Obtained from:  TrustedBSD Project

OpenBSM 1.1

- Change auditon(2) parameters and data structures to be 32/64-bit architecture
  independent.  Add more information to man page about auditon(2) parameters.
- Add wrapper functions for auditon(2) to use legacy commands when the new
  commands are not supported.
- Add default for 'expire-after' in audit_control to expire trail files when
  the audit directory is more than 10 megabytes ('10M').
- Interface to convert between local and BSM fcntl(2) command values has been
  added:  au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with
  definitions of constants in audit_fcntl.h.
- A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens
  generated by audit_submit(3) were improperly encoded has been fixed.
- Fix example in audit_submit(3) man page.  Also, make it clear that we want
  the audit ID as the argument.
- A new audit event class 'aa', for post-login authentication and
  authorization events, has been added.

1 files changed, 24 insertions, 5 deletions

diff --git a/contrib/openbsm/libbsm/bsm_control.c b/contrib/openbsm/libbsm/bsm_control.c
index 4b8a1d1..a58db0e 100644
--- a/contrib/openbsm/libbsm/bsm_control.c
+++ b/contrib/openbsm/libbsm/bsm_control.c
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2004,2009 Apple Inc.
+ * Copyright (c) 2004, 2009 Apple Inc.
  * Copyright (c) 2006 Robert N. M. Watson
  * All rights reserved.
  *
@@ -27,7 +27,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#28 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#33 $
  */
 
 #include <config/config.h>
@@ -50,6 +50,8 @@
 #include <compat/strlcpy.h>
 #endif
 
+#include <sys/stat.h>
+
 /*
  * Parse the contents of the audit_control file to return the audit control
  * parameters.  These static fields are protected by 'mutex'.
@@ -220,7 +222,7 @@ au_spacetobytes(size_t *bytes, u_long value, char mult)
  * nul).
  */
 ssize_t
-au_poltostr(long policy, size_t maxsize, char *buf)
+au_poltostr(int policy, size_t maxsize, char *buf)
 {
 	int first = 1;
 	int i = 0;
@@ -248,7 +250,7 @@ au_poltostr(long policy, size_t maxsize, char *buf)
  * ENOMEM) or 0 on success.
  */
 int
-au_strtopol(const char *polstr, long *policy)
+au_strtopol(const char *polstr, int *policy)
 {
 	char *bufp, *string;
 	char *buffer;
@@ -287,10 +289,27 @@ au_strtopol(const char *polstr, long *policy)
 static void
 setac_locked(void)
 {
+	static time_t lastctime = 0;
+	struct stat sbuf;
 
 	ptrmoved = 1;
-	if (fp != NULL)
+	if (fp != NULL) {
+		/*
+		 * Check to see if the file on disk has changed.  If so,
+		 * force a re-read of the file by closing it.
+		 */
+		if (fstat(fileno(fp), &sbuf) < 0)
+			goto closefp;
+		if (lastctime != sbuf.st_ctime) {
+			lastctime = sbuf.st_ctime;
+closefp:
+			fclose(fp);
+			fp = NULL;
+			return;
+		}
+
 		fseek(fp, 0, SEEK_SET);
+	}
 }
 
 void