Vendor import TrustedBSD OpenBSM 1.0 alpha 12, with the following change

history notes since the last import:

OpenBSM 1.0 alpha 12

- Correct bug in auditreduce which prevented the -c option from working
  correctly when the user specifies to process successful or failed events.
  The problem stemmed from not having access to the return token at the time
  the initial preselection occurred, but now a second preselection process
  occurs while processing the return token.
- getacfilesz(3) API added to read new audit_control(5) filesz setting,
  which auditd(8) now sets the kernel audit trail rotation size to.
- auditreduce(1) now uses stdin if no file names are specified on the command
  line; this was the documented behavior previously, but it was not
  implemented.  Be more specific in auditreduce(1)'s examples section about
  what might be done with the output of auditreduce.
- Add audit_warn(5) closefile event so that administrators can hook
  termination of an audit trail file.  For example, this might be used to
  compress the trail file after it is closed.
- auditreduce(1) now uses regular expressions for pathname matching. Users can
  now supply one or more (comma delimited) regular expressions for searching
  the pathnames. If one of the regular expressions is prefixed with a tilde
  (~), and a path matches, it will be excluded from the search results.

MFC after:	3 days
Obtained from:	TrustedBSD Project

3 files changed, 52 insertions, 4 deletions

diff --git a/contrib/openbsm/libbsm/au_control.3 b/contrib/openbsm/libbsm/au_control.3
index 00a551e..0985825 100644
--- a/contrib/openbsm/libbsm/au_control.3
+++ b/contrib/openbsm/libbsm/au_control.3
@@ -1,5 +1,5 @@
 .\"-
-.\" Copyright (c) 2005 Robert N. M. Watson
+.\" Copyright (c) 2005-2006 Robert N. M. Watson
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#4 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#5 $
 .\"
 .Dd April 19, 2005
 .Dt AU_CONTROL 3
@@ -33,6 +33,7 @@
 .Nm endac ,
 .Nm getacdir ,
 .Nm getacmin ,
+.Nm getacfilesz ,
 .Nm getacflg ,
 .Nm getacna ,
 .Nm getacpol ,
@@ -52,6 +53,8 @@
 .Ft int
 .Fn getacmin "int *min_val"
 .Ft int
+.Fn getacfilesz "size_t *size_val"
+.Ft int
 .Fn getacflg "char *auditstr" "int len"
 .Ft int
 .Fn getacna "char *auditstr" "int len"
@@ -88,6 +91,10 @@ the passed
 .Va min_val
 variable.
 .Pp
+.Fn getacfilesz
+returns the audit trail rotation size in the passed size_t buffer
+.Fa size_val .
+.Pp
 .Fn getacflg
 returns the audit system flags via the the passed character buffer
 .Va auditstr
diff --git a/contrib/openbsm/libbsm/bsm_control.c b/contrib/openbsm/libbsm/bsm_control.c
index ba643b2..dd901b7 100644
--- a/contrib/openbsm/libbsm/bsm_control.c
+++ b/contrib/openbsm/libbsm/bsm_control.c
@@ -27,7 +27,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#15 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#16 $
  */
 
 #include <bsm/libbsm.h>
@@ -396,6 +396,46 @@ getacmin(int *min_val)
 }
 
 /*
+ * Return the desired trail rotation size from the audit control file.
+ */
+int
+getacfilesz(size_t *filesz_val)
+{
+	char *filesz, *dummy;
+	long long ll;
+
+	pthread_mutex_lock(&mutex);
+	setac_locked();
+	if (getstrfromtype_locked(FILESZ_CONTROL_ENTRY, &filesz) < 0) {
+		pthread_mutex_unlock(&mutex);
+		return (-2);
+	}
+	if (filesz == NULL) {
+		pthread_mutex_unlock(&mutex);
+		errno = EINVAL;
+		return (1);
+	}
+	ll = strtoll(filesz, &dummy, 10);
+	if (*dummy != '\0') {
+		pthread_mutex_unlock(&mutex);
+		errno = EINVAL;
+		return (-1);
+	}
+	/*
+	 * The file size must either be 0 or >= MIN_AUDIT_FILE_SIZE.  0
+	 * indicates no rotation size.
+	 */
+	if (ll < 0 || (ll > 0 && ll < MIN_AUDIT_FILE_SIZE)) {
+		pthread_mutex_unlock(&mutex);
+		errno = EINVAL;
+		return (-1);
+	}
+	*filesz_val = ll;
+	pthread_mutex_unlock(&mutex);
+	return (0);
+}
+
+/*
  * Return the system audit value from the audit contol file.
  */
 int
diff --git a/contrib/openbsm/libbsm/libbsm.3 b/contrib/openbsm/libbsm/libbsm.3
index 3d9aadd..f87cf55 100644
--- a/contrib/openbsm/libbsm/libbsm.3
+++ b/contrib/openbsm/libbsm/libbsm.3
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#7 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#8 $
 .\"
 .Dd April 19, 2005
 .Dt LIBBSM 3
@@ -84,6 +84,7 @@ database:
 .Xr endac 3 ,
 .Xr setac 3 ,
 .Xr getacdir 3 ,
+.Xr getacfilesz 3 ,
 .Xr getacflg 3 ,
 .Xr getacmin 3 ,
 .Xr getacna 3 ,