Vendor branch import of OpenBSM 1.0 alpha 3:

- Man page formatting, cross reference, mlinks, and accuracy improvements.
- auditd and tools now compile and run on FreeBSD/arm.
- auditd will now fchown() the trail file to the audit review group, if
  defined at compile-time.
- Added AUE_SYSARCH for FreeBSD.
- Definition of AUE_SETFSGID fixed for Linux.

Many thanks to:	brueffer, cognet
Obtained from:	TrustedBSD Project

11 files changed, 75 insertions, 62 deletions

diff --git a/contrib/openbsm/man/audit.log.5 b/contrib/openbsm/man/audit.log.5
index 8877e1d..87e1ab3 100644
--- a/contrib/openbsm/man/audit.log.5
+++ b/contrib/openbsm/man/audit.log.5
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#7 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#8 $
 .\"
 .Dd May 1, 2005
 .Dt AUDIT.LOG 5
@@ -204,7 +204,7 @@ The
 token contains an IP packet header in network byte order.
 An
 .Dv ip
-token can be cread using
+token can be created using
 .Xr au_to_ip 3 .
 .Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
 .It Sy "Field" Ta Sy Bytes Ta Sy Description
@@ -249,7 +249,7 @@ token contains a pathname.
 A
 .Dv path
 token can be created using
-.Xr auto_path 3 .
+.Xr au_to_path 3 .
 .Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
 .It Sy "Field" Ta Sy Bytes Ta Sy Description
 .It Li "Token ID" Ta "1 byte" Ta "Token ID"
@@ -262,7 +262,7 @@ The
 token contains a set of nul-terminated path names.
 The
 .Xr libbsm 3
-API cannot currently create an
+API cannot currently create a
 .Dv path_attr
 token.
 .Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
@@ -283,7 +283,7 @@ token, which describes the subject performing an auditable event.
 This includes both the traditional
 .Ux
 security properties, such as user IDs and group IDs, but also audit
-information such as the audit user ID and sesion.
+information such as the audit user ID and session.
 A
 .Dv process
 token can be created using
@@ -310,12 +310,12 @@ token contains the contents of the
 .Dv process
 token, with the addition of a machine address type and variable length
 address storage capable of containing IPv6 addresses.
-A
+An
 .Dv expanded process
 token can be created using
 .Xr au_to_process32_ex 3
 or
-.Xr au_to_process64 3 .
+.Xr au_to_process64_ex 3 .
 .Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
 .It Sy "Field" Ta Sy Bytes Ta Sy Description
 .It Li "Token ID" Ta "1 byte" Ta "Token ID"
@@ -385,7 +385,7 @@ token consists of the same elements as the
 .Dv subject
 token, with the addition of type/length and variable size machine address
 information in the terminal ID.
-A
+An
 .Dv expanded subject
 token can be created using
 .Xr au_to_subject32_ex 3
@@ -412,7 +412,7 @@ token ...
 .Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
 .It Sy "Field" Ta Sy Bytes Ta Sy Description
 .It Li "Token ID" Ta "1 byte" Ta "Token ID"
-.It Li "object ID type" Ta "1 byte" Ta "Object ID"
+.It Li "Object ID type" Ta "1 byte" Ta "Object ID"
 .It Li "Object ID" Ta "4 bytes" Ta "Object ID"
 .El
 .Ss Text Token
@@ -438,7 +438,7 @@ included with the attribute block for a file; optional
 .Dv path
 tokens may also be present in an audit record indicating which path, if any,
 was used to reach the object.
-A
+An
 .Dv attribute
 token can be created using
 .Xr au_to_attr32 3
@@ -593,8 +593,8 @@ token ...
 .It Li XXXXX
 .El
 .Sh SEE ALSO
-.Xr audit 8,
-.Xr libbsm 3
+.Xr libbsm 3 ,
+.Xr audit 8
 .Sh AUTHORS
 The Basic Security Module (BSM) interface to audit records and audit event
 stream format were defined by Sun Microsystems.
diff --git a/contrib/openbsm/man/audit_class.5 b/contrib/openbsm/man/audit_class.5
index 81b60cb..dfd44a9 100644
--- a/contrib/openbsm/man/audit_class.5
+++ b/contrib/openbsm/man/audit_class.5
@@ -25,9 +25,9 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_class.5#5 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_class.5#7 $
 .\"
-.Dd Jan 24, 2004
+.Dd January 24, 2004
 .Dt AUDIT_CLASS 5
 .Os
 .Sh NAME
@@ -40,8 +40,9 @@ file contains descriptions of the auditable event classes on the system.
 Each auditable event is a member of an event class.
 Each line maps an audit event 
 mask (bitmap) to a class and a description.
-Entries are of the form 
-.Dl classmask:eventclass:description.
+Entries are of the form:
+.Pp
+.Dl classmask:eventclass:description
 .Pp
 Example entries in this file are:
 .Bd -literal -offset indent
diff --git a/contrib/openbsm/man/audit_control.5 b/contrib/openbsm/man/audit_control.5
index d39b681..dd39afc 100644
--- a/contrib/openbsm/man/audit_control.5
+++ b/contrib/openbsm/man/audit_control.5
@@ -25,9 +25,9 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#5 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#9 $
 .\"
-.Dd Jan 24, 2004
+.Dd January 4, 2006
 .Dt AUDIT_CONTROL 5
 .Os
 .Sh NAME
@@ -38,7 +38,9 @@ The
 .Nm
 file contains several audit system parameters.
 Each line of this file is of the form:
-.Dl parameter:value.
+.Pp
+.Dl parameter:value
+.Pp
 The parameters are:
 .Bl -tag -width Ds
 .It Pa dir
@@ -63,13 +65,15 @@ When the free space falls below this limit a warning will be issued.
 Not currently used as the value of 20 percent is chosen by the kernel.
 .El
 .Sh AUDIT FLAGS
-Audit flags are a comma delimited list of audit classes as defined in the
-audit_class file.
+Audit flags are a comma-delimited list of audit classes as defined in the
+.Pa audit_class
+file.
 See
 .Xr audit_class 5
 for details.
 Event classes may be preceded by a prefix which changes their interpretation.
 The following prefixes may be used for each class:
+.Pp
 .Bl -tag -width Ds -compact -offset indent
 .It +
 Record successful events
@@ -78,9 +82,9 @@ Record failed events
 .It ^
 Record both successful and failed events
 .It ^+
-Don't record successful events
+Do not record successful events
 .It ^-
-Don't record failed events
+Do not record failed events
 .El
 .Sh DEFAULT
 The following settings appear in the default
@@ -88,7 +92,7 @@ The following settings appear in the default
 file:
 .Bd -literal -offset indent
 dir:/var/audit
-flags:lo,ad,-all,^-fc,^-cl
+flags:lo
 minfree:20
 naflags:lo
 .Ed
@@ -96,17 +100,16 @@ naflags:lo
 The
 .Va flags
 parameter above specifies the system-wide mask corresponding to login/logout
-events, administrative events, and all failures except for failures in creating
-or closing files.
+events.
 .Sh FILES
 .Bl -tag -width "/etc/security/audit_control" -compact
 .It Pa /etc/security/audit_control
 .El
 .Sh SEE ALSO
-.Xr audit 1 ,
-.Xr auditd 8 ,
 .Xr audit_class 5 ,
-.Xr audit_user 5
+.Xr audit_user 5 ,
+.Xr audit 8 ,
+.Xr auditd 8
 .Sh AUTHORS
 This software was created by McAfee Research, the security research division
 of McAfee, Inc., under contract to Apple Computer Inc.
diff --git a/contrib/openbsm/man/audit_event.5 b/contrib/openbsm/man/audit_event.5
index 36029ef..cfa81f6 100644
--- a/contrib/openbsm/man/audit_event.5
+++ b/contrib/openbsm/man/audit_event.5
@@ -25,9 +25,9 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_event.5#5 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_event.5#8 $
 .\"
-.Dd Jan 24, 2004
+.Dd January 24, 2004
 .Dt AUDIT_EVENT 5
 .Os
 .Sh NAME
@@ -38,11 +38,15 @@ The
 .Nm 
 file contains descriptions of the auditable events on the system.
 Each line maps an audit event number to a name, a description, and a class.
-Entries are of the form
-.Dl eventnum:eventname:description:eventclass .
+Entries are of the form:
+.Pp
+.Dl eventnum:eventname:description:eventclass
+.Pp
 Each
 .Vt eventclass
-should have a corresponding entry in the audit_class file.
+should have a corresponding entry in the
+.Pa audit_class
+file.
 See 
 .Xr audit_class 5
 for details.
diff --git a/contrib/openbsm/man/audit_user.5 b/contrib/openbsm/man/audit_user.5
index abb74a3..05877d5 100644
--- a/contrib/openbsm/man/audit_user.5
+++ b/contrib/openbsm/man/audit_user.5
@@ -25,9 +25,9 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_user.5#5 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_user.5#7 $
 .\"
-.Dd Jan 24, 2004
+.Dd February 5, 2006
 .Dt AUDIT_USER 5
 .Os
 .Sh NAME
@@ -44,9 +44,11 @@ These settings take effect when the user logs in.
 .Pp
 Each line maps a user name to a list of classes that should be audited and a
 list of classes that should not be audited. 
-Entries are of the form of
-.Dl username:alwaysaudit:neveraudit ,
-where
+Entries are of the form:
+.Pp
+.Dl username:alwaysaudit:neveraudit
+.Pp
+In the format above,
 .Vt alwaysaudit
 is a set of event classes that are always audited, and
 .Vt neveraudit
@@ -64,8 +66,8 @@ root:lo,ad:no
 jdoe:-fc,ad:+fw
 .Ed
 .Pp
-These settings would cause login and administrative events that succeed on
-behalf of user root to be audited.
+These settings would cause login/logout and administrative events that
+succeed on behalf of user root to be audited.
 No failure events are audited.
 For the user
 .Em jdoe ,
diff --git a/contrib/openbsm/man/audit_warn.5 b/contrib/openbsm/man/audit_warn.5
index 4581d8c..18cb74e 100644
--- a/contrib/openbsm/man/audit_warn.5
+++ b/contrib/openbsm/man/audit_warn.5
@@ -25,9 +25,9 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_warn.5#5 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_warn.5#6 $
 .\"
-.Dd Mar 17, 2004
+.Dd March 17, 2004
 .Dt AUDIT_WARN 5
 .Os
 .Sh NAME
diff --git a/contrib/openbsm/man/auditon.2 b/contrib/openbsm/man/auditon.2
index 4e38dc4..9dedbba 100644
--- a/contrib/openbsm/man/auditon.2
+++ b/contrib/openbsm/man/auditon.2
@@ -25,7 +25,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#6 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#7 $
 .\"
 .Dd April 19, 2005
 .Dt AUDITON 2
@@ -53,8 +53,9 @@ may be any of the following:
 .It Dv A_SETPOLICY
 Set audit policy flags.
 .Ft *data
-must point to an long value set to one of the audit 
-policy control values defined in audit.h.
+must point to a long value set to one of the audit 
+policy control values defined in
+.Pa audit.h .
 Currently, only
 .Dv AUDIT_CNT
 and
@@ -83,7 +84,7 @@ These masks are used for non-attributable audit event preselection.
 .It Dv A_SETQCTRL
 Set kernel audit queue parameters.
 .Ft *data
-must point to a 
+must point to a
 .Ft au_qctrl_t
 structure containing the
 kernel audit queue control settings:
@@ -106,7 +107,7 @@ Return
 .It Dv A_SETCOND
 Set the current auditing condition.
 .Ft *data
-must point to an long value containing the new
+must point to a long value containing the new
 audit condition, one of
 .Dv AUC_AUDITING ,
 .Dv AUC_NOAUDIT ,
@@ -115,13 +116,13 @@ or
 .It Dv A_SETCLASS
 Set the event class preselection mask for an audit event.
 .Ft *data
-must point to a 
+must point to a
 .Ft au_evclass_map_t
 structure containing the audit event and mask.
 .It Dv A_SETPMASK
 Set the preselection masks for a process.
 .Ft *data
-must point to a 
+must point to a
 .Ft auditpinfo_t
 structure that contains the given process's audit 
 preselection masks for both success and failure.
@@ -167,7 +168,7 @@ the current kernel preselection masks for non-attributable events.
 .It Dv A_GETPOLICY
 Return the current audit policy setting.
 .Ft *data
-must point to an long value which will be set to
+must point to a long value which will be set to
 one of the current audit policy flags.
 Currently, only
 .Dv AUDIT_CNT
@@ -188,8 +189,8 @@ must point to a
 .Ft au_fstat_t
 structure. The
 .Ft af_filesz
-field will set to the maximum audit log file size. A value of 0
-indicates no limit to the size.
+field will be set to the maximum audit log file size.
+A value of 0 indicates no limit to the size.
 The
 .Ft af_filesz
 will be set to the current audit log file size.
@@ -227,7 +228,9 @@ trigger values:
 .Dv AUDIT_TRIGGER_OPEN_NEW
 (open a new audit log file),
 .Dv AUDIT_TRIGGER_READ_FILE
-(read the audit_control file),
+(read the
+.Pa audit_control
+file),
 .Dv AUDIT_TRIGGER_CLOSE_AND_DIE
 (close the current log file and exit),
 or
diff --git a/contrib/openbsm/man/getaudit.2 b/contrib/openbsm/man/getaudit.2
index c20aab0..05a938c 100644
--- a/contrib/openbsm/man/getaudit.2
+++ b/contrib/openbsm/man/getaudit.2
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/getaudit.2#4 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/getaudit.2#5 $
 .\"
 .Dd April 19, 2005
 .Dt GETAUDIT 2
@@ -50,7 +50,7 @@ retrieves extended state via
 and
 .Va length .
 .Pp
-This system call required appropriate privilege to complete.
+This system call requires appropriate privilege to complete.
 .Sh RETURN VALUES
 .Nm
 returns 0 on success, or returns -1 on failure, providing additional error
diff --git a/contrib/openbsm/man/getauid.2 b/contrib/openbsm/man/getauid.2
index de36f73..9751da9 100644
--- a/contrib/openbsm/man/getauid.2
+++ b/contrib/openbsm/man/getauid.2
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/getauid.2#4 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/getauid.2#5 $
 .\"
 .Dd April 19, 2005
 .Dt GETAUID 2
@@ -42,7 +42,7 @@ retrieves the active audit session ID for the current process via the
 pointed to by
 .Va auid .
 .Pp
-This system call required appropriate privilege to complete.
+This system call requires appropriate privilege to complete.
 .Sh RETURN VALUES
 .Nm
 returns 0 on success, or returns -1 on failure, providing additional error
diff --git a/contrib/openbsm/man/setaudit.2 b/contrib/openbsm/man/setaudit.2
index 2d994ec..46d9954 100644
--- a/contrib/openbsm/man/setaudit.2
+++ b/contrib/openbsm/man/setaudit.2
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/setaudit.2#4 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/setaudit.2#5 $
 .\"
 .Dd April 19, 2005
 .Dt SETAUDIT 2
@@ -50,7 +50,7 @@ sets extended state via
 and
 .Va length .
 .Pp
-This system call required appropriate privilege to complete.
+This system call requires appropriate privilege to complete.
 .Sh RETURN VALUES
 .Nm
 returns 0 on success, or returns -1 on failure, providing additional error
diff --git a/contrib/openbsm/man/setauid.2 b/contrib/openbsm/man/setauid.2
index d03b0d9..4c23ffc 100644
--- a/contrib/openbsm/man/setauid.2
+++ b/contrib/openbsm/man/setauid.2
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/setauid.2#4 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/setauid.2#5 $
 .\"
 .Dd April 19, 2005
 .Dt SETAUID 2
@@ -42,7 +42,7 @@ sets the active audit session ID for the current process from the
 pointed to by
 .Va auid .
 .Pp
-This system call required appropriate privilege to complete.
+This system call requires appropriate privilege to complete.
 .Sh RETURN VALUES
 .Nm
 returns 0 on success, or returns -1 on failure, providing additional error