Vendor branch import of TrustedBSD OpenBSM 1.0 alpha 6:

- Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close();
  previously we used hard-coded 0 and 1 values.
- Add man page for au_open(), au_write(), au_close(), and
  au_close_buffer().
- Support a more complete range of data types for the arbitrary data token:
  add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias
  to AUR_INT), add AUR_INT64.
- Add au_close_token(), which allows writing a single token_t to a memory
  buffer.  Not likely to be used much by applications, but useful for
  writing test tools.
- Modify au_to_file() so that it accepts a timeval in user space, not just
  kernel -- this is not a Solaris BSM API so can be modified without
  causing compatibility issues.
- Define a new API, au_to_header32_tm(), which adds a struct timeval
  argument to the ordinary au_to_header32(), which is now implemented by
  wrapping au_to_header32_tm() and calling gettimeofday().  #ifndef KERNEL
  the APIs that invoke gettimeofday(), rather than having a variable
  definition.  Don't try to retrieve time zone information using
  gettimeofday(), as it's not needed, and introduces possible failure
  modes.
- Don't perform byte order transformations on the addr/machine fields of
  the terminal ID that appears in the process32/subject32 tokens.  These
  are assumed to be IP addresses, and as such, to be in network byte
  order.
- Universally, APIs now assume that IP addresses and ports are provided
  in network byte order.  APIs now generally provide these types in
  network byte order when decoding.
- Beginnings of an OpenBSM test framework can now be found in openbsm/test.
  This code is not built or installed by default.
- auditd now assigns more appropriate syslog levels to its debugging and
  error information.
- Support for audit filters introduced: audit filters are dynamically
  loaded shared objects that run in the context of a new daemon,
  auditfilterd.  The daemon reads from an audit pipe and feeds both BSM and
  parsed versions of records to shared objects using a module API.  This
  will provide a framework for the writing of intrusion detection services.
- New utility API, audit_submit(), added to capture common elements of audit
  record submission for many applications.

Obtained from:	TrustedBSD Project

5 files changed, 1700 insertions, 0 deletions

diff --git a/contrib/openbsm/test/Makefile.am b/contrib/openbsm/test/Makefile.am
new file mode 100644
index 0000000..e52150c
--- /dev/null
+++ b/contrib/openbsm/test/Makefile.am
@@ -0,0 +1,6 @@
+#
+# $P4: //depot/projects/trustedbsd/openbsm/test/Makefile.am#1 $
+#
+
+SUBDIRS =		\
+	bsm
diff --git a/contrib/openbsm/test/Makefile.in b/contrib/openbsm/test/Makefile.in
new file mode 100644
index 0000000..3b98057
--- /dev/null
+++ b/contrib/openbsm/test/Makefile.in
@@ -0,0 +1,477 @@
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005  Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# $P4: //depot/projects/trustedbsd/openbsm/test/Makefile.in#1 $
+#
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = ..
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = test
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config/config.h
+CONFIG_CLEAN_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+	html-recursive info-recursive install-data-recursive \
+	install-exec-recursive install-info-recursive \
+	install-recursive installcheck-recursive installdirs-recursive \
+	pdf-recursive ps-recursive uninstall-info-recursive \
+	uninstall-recursive
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMDEP_FALSE = @AMDEP_FALSE@
+AMDEP_TRUE = @AMDEP_TRUE@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+HAVE_AUDIT_SYSCALLS_FALSE = @HAVE_AUDIT_SYSCALLS_FALSE@
+HAVE_AUDIT_SYSCALLS_TRUE = @HAVE_AUDIT_SYSCALLS_TRUE@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
+MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
+MAKEINFO = @MAKEINFO@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+ac_ct_RANLIB = @ac_ct_RANLIB@
+ac_ct_STRIP = @ac_ct_STRIP@
+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
+am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
+am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+datadir = @datadir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+SUBDIRS = \
+	bsm
+
+all: all-recursive
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  test/Makefile'; \
+	cd $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign  test/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+distclean-libtool:
+	-rm -f libtool
+uninstall-info-am:
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+#     (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	target=`echo $@ | sed s/-recursive//`; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    dot_seen=yes; \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done; \
+	if test "$$dot_seen" = "no"; then \
+	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+	fi; test -z "$$fail"
+
+mostlyclean-recursive clean-recursive distclean-recursive \
+maintainer-clean-recursive:
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
+	done; \
+	rev="$$rev ."; \
+	target=`echo $@ | sed s/-recursive//`; \
+	for subdir in $$rev; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done && test -z "$$fail"
+tags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+	done
+ctags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+	  include_option=--etags-include; \
+	  empty_fix=.; \
+	else \
+	  include_option=--include; \
+	  empty_fix=; \
+	fi; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test ! -f $$subdir/TAGS || \
+	      tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
+	  fi; \
+	done; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	test -z "$(CTAGS_ARGS)$$tags$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$tags $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
+	list='$(DISTFILES)'; for file in $$list; do \
+	  case $$file in \
+	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
+	  esac; \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+	    dir="/$$dir"; \
+	    $(mkdir_p) "$(distdir)$$dir"; \
+	  else \
+	    dir=''; \
+	  fi; \
+	  if test -d $$d/$$file; then \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+	    fi; \
+	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test -d "$(distdir)/$$subdir" \
+	    || $(mkdir_p) "$(distdir)/$$subdir" \
+	    || exit 1; \
+	    distdir=`$(am__cd) $(distdir) && pwd`; \
+	    top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
+	    (cd $$subdir && \
+	      $(MAKE) $(AM_MAKEFLAGS) \
+	        top_distdir="$$top_distdir" \
+	        distdir="$$distdir/$$subdir" \
+	        distdir) \
+	      || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-recursive
+all-am: Makefile
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-libtool \
+	distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-exec-am:
+
+install-info: install-info-recursive
+
+install-man:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-info-am
+
+uninstall-info: uninstall-info-recursive
+
+.PHONY: $(RECURSIVE_TARGETS) CTAGS GTAGS all all-am check check-am \
+	clean clean-generic clean-libtool clean-recursive ctags \
+	ctags-recursive distclean distclean-generic distclean-libtool \
+	distclean-recursive distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-exec install-exec-am install-info \
+	install-info-am install-man install-strip installcheck \
+	installcheck-am installdirs installdirs-am maintainer-clean \
+	maintainer-clean-generic maintainer-clean-recursive \
+	mostlyclean mostlyclean-generic mostlyclean-libtool \
+	mostlyclean-recursive pdf pdf-am ps ps-am tags tags-recursive \
+	uninstall uninstall-am uninstall-info-am
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/contrib/openbsm/test/bsm/Makefile.am b/contrib/openbsm/test/bsm/Makefile.am
new file mode 100644
index 0000000..8aa7934
--- /dev/null
+++ b/contrib/openbsm/test/bsm/Makefile.am
@@ -0,0 +1,9 @@
+#
+# $P4: //depot/projects/trustedbsd/openbsm/test/bsm/Makefile.am#1 $
+#
+
+INCLUDES = -I$(top_srcdir)
+
+bin_PROGRAMS = generate
+generate_SOURCES = generate.c
+generate_LDADD = $(top_builddir)/libbsm/libbsm.la
diff --git a/contrib/openbsm/test/bsm/Makefile.in b/contrib/openbsm/test/bsm/Makefile.in
new file mode 100644
index 0000000..5cfa13d
--- /dev/null
+++ b/contrib/openbsm/test/bsm/Makefile.in
@@ -0,0 +1,453 @@
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005  Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# $P4: //depot/projects/trustedbsd/openbsm/test/bsm/Makefile.in#1 $
+#
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = ../..
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+bin_PROGRAMS = generate$(EXEEXT)
+subdir = test/bsm
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config/config.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(bindir)"
+binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(bin_PROGRAMS)
+am_generate_OBJECTS = generate.$(OBJEXT)
+generate_OBJECTS = $(am_generate_OBJECTS)
+generate_DEPENDENCIES = $(top_builddir)/libbsm/libbsm.la
+DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/config
+depcomp = $(SHELL) $(top_srcdir)/config/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \
+	$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+	$(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(generate_SOURCES)
+DIST_SOURCES = $(generate_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMDEP_FALSE = @AMDEP_FALSE@
+AMDEP_TRUE = @AMDEP_TRUE@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+HAVE_AUDIT_SYSCALLS_FALSE = @HAVE_AUDIT_SYSCALLS_FALSE@
+HAVE_AUDIT_SYSCALLS_TRUE = @HAVE_AUDIT_SYSCALLS_TRUE@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
+MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
+MAKEINFO = @MAKEINFO@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+RANLIB = @RANLIB@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+ac_ct_RANLIB = @ac_ct_RANLIB@
+ac_ct_STRIP = @ac_ct_STRIP@
+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
+am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
+am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+datadir = @datadir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+INCLUDES = -I$(top_srcdir)
+generate_SOURCES = generate.c
+generate_LDADD = $(top_builddir)/libbsm/libbsm.la
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  test/bsm/Makefile'; \
+	cd $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign  test/bsm/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-binPROGRAMS: $(bin_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	test -z "$(bindir)" || $(mkdir_p) "$(DESTDIR)$(bindir)"
+	@list='$(bin_PROGRAMS)'; for p in $$list; do \
+	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+	  if test -f $$p \
+	     || test -f $$p1 \
+	  ; then \
+	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+	   echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(bindir)/$$f'"; \
+	   $(INSTALL_PROGRAM_ENV) $(LIBTOOL) --mode=install $(binPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(bindir)/$$f" || exit 1; \
+	  else :; fi; \
+	done
+
+uninstall-binPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(bin_PROGRAMS)'; for p in $$list; do \
+	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+	  echo " rm -f '$(DESTDIR)$(bindir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(bindir)/$$f"; \
+	done
+
+clean-binPROGRAMS:
+	@list='$(bin_PROGRAMS)'; for p in $$list; do \
+	  f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+	  echo " rm -f $$p $$f"; \
+	  rm -f $$p $$f ; \
+	done
+generate$(EXEEXT): $(generate_OBJECTS) $(generate_DEPENDENCIES) 
+	@rm -f generate$(EXEEXT)
+	$(LINK) $(generate_LDFLAGS) $(generate_OBJECTS) $(generate_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/generate.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
+@am__fastdepCC_TRUE@	then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \
+@am__fastdepCC_TRUE@	then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
+@am__fastdepCC_TRUE@	then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+distclean-libtool:
+	-rm -f libtool
+uninstall-info-am:
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	test -z "$(CTAGS_ARGS)$$tags$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$tags $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
+	list='$(DISTFILES)'; for file in $$list; do \
+	  case $$file in \
+	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
+	  esac; \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+	    dir="/$$dir"; \
+	    $(mkdir_p) "$(distdir)$$dir"; \
+	  else \
+	    dir=''; \
+	  fi; \
+	  if test -d $$d/$$file; then \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+	    fi; \
+	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+	for dir in "$(DESTDIR)$(bindir)"; do \
+	  test -z "$$dir" || $(mkdir_p) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-libtool distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-exec-am: install-binPROGRAMS
+
+install-info: install-info-am
+
+install-man:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS uninstall-info-am
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \
+	clean-generic clean-libtool ctags distclean distclean-compile \
+	distclean-generic distclean-libtool distclean-tags distdir dvi \
+	dvi-am html html-am info info-am install install-am \
+	install-binPROGRAMS install-data install-data-am install-exec \
+	install-exec-am install-info install-info-am install-man \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am \
+	uninstall-binPROGRAMS uninstall-info-am
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/contrib/openbsm/test/bsm/generate.c b/contrib/openbsm/test/bsm/generate.c
new file mode 100644
index 0000000..8944931
--- /dev/null
+++ b/contrib/openbsm/test/bsm/generate.c
@@ -0,0 +1,755 @@
+/*-
+ * Copyright (c) 2006 Robert N. M. Watson
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $P4: //depot/projects/trustedbsd/openbsm/test/bsm/generate.c#3 $
+ */
+
+/*
+ * Generate a series of BSM token samples in the requested directory.
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <netinet/in.h>
+#include <netinet/in_systm.h>
+#include <netinet/ip.h>
+
+#include <arpa/inet.h>
+
+#include <bsm/audit_kevents.h>
+#include <bsm/libbsm.h>
+
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sysexits.h>
+#include <unistd.h>
+
+static int	do_records, do_tokens;
+
+static void
+usage(void)
+{
+
+	fprintf(stderr, "generate [-rt] path\n");
+	exit(EX_USAGE);
+}
+
+static int
+open_file(const char *directory, const char *name)
+{
+	char pathname[PATH_MAX];
+	int fd;
+
+	snprintf(pathname, PATH_MAX, "%s/%s", directory, name);
+	(void)unlink(pathname);
+	fd = open(pathname, O_WRONLY | O_CREAT | O_EXCL, 0600);
+	if (fd < 0)
+		err(EX_CANTCREAT, "open: %s", name);
+	return (fd);
+}
+
+static void
+write_file(int fd, void *buffer, size_t buflen, const char *filename)
+{
+	ssize_t len;
+
+	len = write(fd, buffer, buflen);
+	if (len < 0)
+		err(EX_OSERR, "write_file: %s", filename);
+	if (len < buflen)
+		err(EX_OSERR, "write_file: short write: %s", filename);
+}
+
+/*
+ * Write a single token to a file.
+ */
+static void
+write_token(const char *directory, const char *filename, token_t *tok)
+{
+	u_char buffer[MAX_AUDIT_RECORD_SIZE];
+	size_t buflen;
+	int fd;
+
+	buflen = MAX_AUDIT_RECORD_SIZE;
+	if (au_close_token(tok, buffer, &buflen) < 0)
+		err(EX_UNAVAILABLE, "au_close_token");
+	fd = open_file(directory, filename);
+	write_file(fd, buffer, buflen, filename);
+	close(fd);
+}
+
+/*
+ * Write a token to a file, wrapped in audit record header and trailer.
+ */
+static void
+write_record(const char *directory, const char *filename, token_t *tok,
+    short event)
+{
+	u_char buffer[MAX_AUDIT_RECORD_SIZE];
+	size_t buflen;
+	int au, fd;
+
+	au = au_open();
+	if (au < 0)
+		err(EX_UNAVAILABLE, "au_open");
+	if (au_write(au, tok) < 0)
+		err(EX_UNAVAILABLE, "au_write");
+	buflen = MAX_AUDIT_RECORD_SIZE;
+	if (au_close_buffer(au, event, buffer, &buflen) < 0)
+		err(EX_UNAVAILABLE, "au_close_buffer");
+	fd = open_file(directory, filename);
+	write_file(fd, buffer, buflen, filename);
+	close(fd);
+}
+
+static struct timeval	 file_token_timeval = { 0x12345, 0x67890} ;
+
+static void
+generate_file_token(const char *directory, const char *token_filename)
+{
+	token_t *file_token;
+
+	file_token = au_to_file("test", file_token_timeval);
+	if (file_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_file");
+	write_token(directory, token_filename, file_token);
+}
+
+/*
+ * AUT_OHEADER
+ */
+
+static int		 trailer_token_len = 0x12345678;
+
+static void
+generate_trailer_token(const char *directory, const char *token_filename)
+{
+	token_t *trailer_token;
+
+	trailer_token = au_to_trailer(trailer_token_len);
+	if (trailer_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_trailer");
+	write_token(directory, token_filename, trailer_token);
+}
+
+static int		 header32_token_len = 0x12345678;
+static au_event_t	 header32_e_type = AUE_OPEN;
+static au_emod_t	 header32_e_mod = 0x4567;
+static struct timeval	 header32_tm = { 0x12345, 0x67890 };
+
+static void
+generate_header32_token(const char *directory, const char *token_filename)
+{
+	token_t *header32_token;
+
+	header32_token = au_to_header32_tm(header32_token_len,
+	    header32_e_type, header32_e_mod, header32_tm);
+	if (header32_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_header32");
+	write_token(directory, token_filename, header32_token);
+}
+
+/*
+ * AUT_HEADER32_EX
+ */
+
+static char		 data_token_unit_print = AUP_STRING;
+static char		 data_token_unit_type = AUR_CHAR;
+static char		*data_token_data = "SomeData";
+static char		 data_token_unit_count = sizeof("SomeData") + 1;
+
+static void
+generate_data_token(const char *directory, const char *token_filename)
+{
+	token_t *data_token;
+
+	data_token = au_to_data(data_token_unit_print, data_token_unit_type,
+	    data_token_unit_count, data_token_data);
+	if (data_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_data");
+	write_token(directory, token_filename, data_token);
+}
+
+static void
+generate_data_record(const char *directory, const char *record_filename)
+{
+	token_t *data_token;
+
+	data_token = au_to_data(data_token_unit_print, data_token_unit_type,
+	    data_token_unit_count, data_token_data);
+	if (data_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_data");
+	write_record(directory, record_filename, data_token, AUE_NULL);
+}
+
+static char		 ipc_type = AT_IPC_MSG;
+static int		 ipc_id = 0x12345678;
+
+static void
+generate_ipc_token(const char *directory, const char *token_filename)
+{
+	token_t *ipc_token;
+
+	ipc_token = au_to_ipc(ipc_type, ipc_id);
+	if (ipc_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_ipc");
+	write_token(directory, token_filename, ipc_token);
+}
+
+static void
+generate_ipc_record(const char *directory, const char *record_filename)
+{
+	token_t *ipc_token;
+
+	ipc_token = au_to_ipc(ipc_type, ipc_id);
+	if (ipc_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_ipc");
+	write_record(directory, record_filename, ipc_token, AUE_NULL);
+}
+
+static char		*path_token_path = "/test/this/is/a/test";
+
+static void
+generate_path_token(const char *directory, const char *token_filename)
+{
+	token_t *path_token;
+
+	path_token = au_to_path(path_token_path);
+	if (path_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_path");
+	write_token(directory, token_filename, path_token);
+}
+
+static void
+generate_path_record(const char *directory, const char *record_filename)
+{
+	token_t *path_token;
+
+	path_token = au_to_path(path_token_path);
+	if (path_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_path");
+	write_record(directory, record_filename, path_token, AUE_NULL);
+}
+
+static au_id_t		 subject32_auid = 0x12345678;
+static uid_t		 subject32_euid = 0x01234567;
+static gid_t		 subject32_egid = 0x23456789;
+static uid_t		 subject32_ruid = 0x98765432;
+static gid_t		 subject32_rgid = 0x09876543;
+static pid_t		 subject32_pid = 0x13243546;
+static au_asid_t	 subject32_sid = 0x97867564;
+static au_tid_t		 subject32_tid = { 0x16593746 };
+
+static void
+generate_subject32_token(const char *directory, const char *token_filename)
+{
+	token_t *subject32_token;
+
+	subject32_tid.machine = inet_addr("127.0.0.1");
+
+	subject32_token = au_to_subject32(subject32_auid, subject32_euid,
+	    subject32_egid, subject32_ruid, subject32_rgid, subject32_pid,
+	    subject32_sid, &subject32_tid);
+	if (subject32_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_subject32");
+	write_token(directory, token_filename, subject32_token);
+}
+
+static void
+generate_subject32_record(const char *directory, const char *record_filename)
+{
+	token_t *subject32_token;
+
+	subject32_tid.machine = inet_addr("127.0.0.1");
+
+	subject32_token = au_to_subject32(subject32_auid, subject32_euid,
+	    subject32_egid, subject32_ruid, subject32_rgid, subject32_pid,
+	    subject32_sid, &subject32_tid);
+	if (subject32_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_subject32");
+	write_record(directory, record_filename, subject32_token, AUE_NULL);
+}
+
+static au_id_t		 process32_auid = 0x12345678;
+static uid_t		 process32_euid = 0x01234567;
+static gid_t		 process32_egid = 0x23456789;
+static uid_t		 process32_ruid = 0x98765432;
+static gid_t		 process32_rgid = 0x09876543;
+static pid_t		 process32_pid = 0x13243546;
+static au_asid_t	 process32_sid = 0x97867564;
+static au_tid_t		 process32_tid = { 0x16593746 };
+
+static void
+generate_process32_token(const char *directory, const char *token_filename)
+{
+	token_t *process32_token;
+
+	process32_tid.machine = inet_addr("127.0.0.1");
+
+	process32_token = au_to_process32(process32_auid, process32_euid,
+	    process32_egid, process32_ruid, process32_rgid, process32_pid,
+	    process32_sid, &process32_tid);
+	if (process32_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_process32");
+	write_token(directory, token_filename, process32_token);
+}
+
+static void
+generate_process32_record(const char *directory, const char *record_filename)
+{
+	token_t *process32_token;
+
+	process32_tid.machine = inet_addr("127.0.0.1");
+
+	process32_token = au_to_process32(process32_auid, process32_euid,
+	    process32_egid, process32_ruid, process32_rgid, process32_pid,
+	    process32_sid, &process32_tid);
+	if (process32_token == NULL)
+		err(EX_UNAVAILABLE, "au_ti_process32");
+	write_record(directory, record_filename, process32_token, AUE_NULL);
+}
+
+static char		 return32_status = 0xd7;
+static uint32_t		 return32_ret = 0x12345678;
+
+static void
+generate_return32_token(const char *directory, const char *token_filename)
+{
+	token_t *return32_token;
+
+	return32_token = au_to_return32(return32_status, return32_ret);
+	if (return32_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_return32");
+	write_token(directory, token_filename, return32_token);
+}
+
+static void
+generate_return32_record(const char *directory, const char *record_filename)
+{
+	token_t *return32_token;
+
+	return32_token = au_to_return32(return32_status, return32_ret);
+	if (return32_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_return32");
+	write_record(directory, record_filename, return32_token, AUE_NULL);
+}
+
+static char		*text_token_text = "This is a test.";
+
+static void
+generate_text_token(const char *directory, const char *token_filename)
+{
+	token_t *text_token;
+
+	text_token = au_to_text(text_token_text);
+	if (text_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_text");
+	write_token(directory, token_filename, text_token);
+}
+
+static void
+generate_text_record(const char *directory, const char *record_filename)
+{
+	token_t *text_token;
+
+	text_token = au_to_text(text_token_text);
+	if (text_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_text");
+	write_record(directory, record_filename, text_token, AUE_NULL);
+}
+
+static char		 opaque_token_data[] = {0xaa, 0xbb, 0xcc, 0xdd};
+static int		 opaque_token_bytes = sizeof(opaque_token_data);
+
+static void
+generate_opaque_token(const char *directory, const char *token_filename)
+{
+	token_t *opaque_token;
+
+	opaque_token = au_to_opaque(opaque_token_data, opaque_token_bytes);
+	if (opaque_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_opaque");
+	write_token(directory, token_filename, opaque_token);
+}
+
+static void
+generate_opaque_record(const char *directory, const char *record_filename)
+{
+	token_t *opaque_token;
+
+	opaque_token = au_to_opaque(opaque_token_data, opaque_token_bytes);
+	if (opaque_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_opaque");
+	write_record(directory, record_filename, opaque_token, AUE_NULL);
+}
+
+static struct in_addr	 in_addr_token_addr;
+
+static void
+generate_in_addr_token(const char *directory, const char *token_filename)
+{
+	token_t *in_addr_token;
+
+	in_addr_token_addr.s_addr = inet_addr("192.168.100.15");
+
+	in_addr_token = au_to_in_addr(&in_addr_token_addr);
+	if (in_addr_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_in_addr");
+	write_token(directory, token_filename, in_addr_token);
+}
+
+static void
+generate_in_addr_record(const char *directory, const char *record_filename)
+{
+	token_t *in_addr_token;
+
+	in_addr_token_addr.s_addr = inet_addr("192.168.100.15");
+
+	in_addr_token = au_to_in_addr(&in_addr_token_addr);
+	if (in_addr_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_in_addr");
+	write_record(directory, record_filename, in_addr_token, AUE_NULL);
+}
+
+static struct ip	 ip_token_ip;
+static u_char		 ip_token_ip_v = 4;
+static uint16_t		 ip_token_ip_id = 0x5478;
+static u_char		 ip_token_ip_ttl = 64;
+static u_char		 ip_token_ip_p = IPPROTO_ICMP;
+static struct in_addr	 ip_token_ip_src;
+static struct in_addr	 ip_token_ip_dst;
+
+static void
+generate_ip_token(const char *directory, const char *token_filename)
+{
+	token_t *ip_token;
+
+	ip_token_ip_src.s_addr = inet_addr("192.168.100.155");
+	ip_token_ip_dst.s_addr = inet_addr("192.168.110.48");
+
+	memset(&ip_token_ip, 0, sizeof(ip_token_ip));
+	ip_token_ip.ip_v = ip_token_ip_v;
+	ip_token_ip.ip_len = htons(sizeof(ip_token_ip));
+	ip_token_ip.ip_id = htons(ip_token_ip_id);
+	ip_token_ip.ip_ttl = ip_token_ip_ttl;
+	ip_token_ip.ip_p = ip_token_ip_p;
+	ip_token_ip.ip_src = ip_token_ip_src;
+	ip_token_ip.ip_dst = ip_token_ip_dst;
+
+	ip_token = au_to_ip(&ip_token_ip);
+	if (ip_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_ip");
+	write_token(directory, token_filename, ip_token);
+}
+
+static void
+generate_ip_record(const char *directory, const char *record_filename)
+{
+	token_t *ip_token;
+
+	ip_token_ip_src.s_addr = inet_addr("192.168.100.155");
+	ip_token_ip_dst.s_addr = inet_addr("192.168.110.48");
+
+	memset(&ip_token_ip, 0, sizeof(ip_token_ip));
+	ip_token_ip.ip_v = ip_token_ip_v;
+	ip_token_ip.ip_len = htons(sizeof(ip_token_ip));
+	ip_token_ip.ip_id = htons(ip_token_ip_id);
+	ip_token_ip.ip_ttl = ip_token_ip_ttl;
+	ip_token_ip.ip_p = ip_token_ip_p;
+	ip_token_ip.ip_src = ip_token_ip_src;
+	ip_token_ip.ip_dst = ip_token_ip_dst;
+
+	ip_token = au_to_ip(&ip_token_ip);
+	if (ip_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_ip");
+	write_record(directory, record_filename, ip_token, AUE_NULL);
+}
+
+static u_int16_t		 iport_token_iport;
+
+static void
+generate_iport_token(const char *directory, const char *token_filename)
+{
+	token_t *iport_token;
+
+	iport_token_iport = htons(80);
+
+	iport_token = au_to_iport(iport_token_iport);
+	if (iport_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_iport");
+	write_token(directory, token_filename, iport_token);
+}
+
+static void
+generate_iport_record(const char *directory, const char *record_filename)
+{
+	token_t *iport_token;
+
+	iport_token_iport = htons(80);
+
+	iport_token = au_to_iport(iport_token_iport);
+	if (iport_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_iport");
+	write_record(directory, record_filename, iport_token, AUE_NULL);
+}
+
+static char	 arg32_token_n = 3;
+static char	*arg32_token_text = "test_arg32_token";
+static uint32_t	 arg32_token_v = 0xabcdef00;
+
+static void
+generate_arg32_token(const char *directory, const char *token_filename)
+{
+	token_t *arg32_token;
+
+	arg32_token = au_to_arg32(arg32_token_n, arg32_token_text,
+	    arg32_token_v);
+	if (arg32_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_arg32");
+	write_token(directory, token_filename, arg32_token);
+}
+
+static void
+generate_arg32_record(const char *directory, const char *record_filename)
+{
+	token_t *arg32_token;
+
+	arg32_token = au_to_arg32(arg32_token_n, arg32_token_text,
+	    arg32_token_v);
+	if (arg32_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_arg32");
+	write_record(directory, record_filename, arg32_token, AUE_NULL);
+}
+
+static long	 seq_audit_count = 0x12345678;
+
+static void
+generate_seq_token(const char *directory, const char *token_filename)
+{
+	token_t *seq_token;
+
+	seq_token = au_to_seq(seq_audit_count);
+	if (seq_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_seq");
+	write_token(directory, token_filename, seq_token);
+}
+
+static void
+generate_seq_record(const char *directory, const char *record_filename)
+{
+	token_t *seq_token;
+
+	seq_token = au_to_seq(seq_audit_count);
+	if (seq_token == NULL)
+		err(EX_UNAVAILABLE, "au_to_seq");
+	write_record(directory, record_filename, seq_token, AUE_NULL);
+}
+
+/*
+ * AUT_ACL
+ */
+
+static void
+generate_attr_token(const char *directory, const char *token_filename)
+{
+	token_t *attr_token;
+
+}
+
+static void
+generate_attr_record(const char *directory, const char *record_filename)
+{
+	token_t *attr_token;
+
+}
+
+static void
+generate_ipc_perm_token(const char *directory, const char *token_filename)
+{
+	token_t *ipc_perm_token;
+
+}
+
+static void
+generate_ipc_perm_record(const char *directory, const char *record_filename)
+{
+	token_t *ipc_perm_token;
+
+}
+
+/*
+ * AUT_LABEL
+ */
+
+static void
+generate_groups_token(const char *directory, const char *token_filename)
+{
+	token_t *groups_token;
+
+}
+
+static void
+generate_groups_record(const char *directory, const char *record_filename)
+{
+	token_t *groups_token;
+
+}
+
+/*
+ * AUT_ILABEL
+ */
+
+/*
+ * AUT_SLABEL
+ */
+
+/*
+ * AUT_CLEAR
+ */
+
+/*
+ * AUT_PRIV
+ */
+
+/*
+ * AUT_UPRIV
+ */
+
+/*
+ * AUT_LIAISON
+ */
+
+/*
+ * AUT_NEWGROUPS
+ */
+
+/*
+ * AUT_EXEC_ARGS
+ */
+
+/*
+ * AUT_EXEC_ENV
+ */
+
+static void
+generate_attr32_token(const char *directory, const char *token_filename)
+{
+	token_t *attr32_token;
+
+}
+
+static void
+generate_attr32_record(const char *directory, const char *record_filename)
+{
+	token_t *attr32_token;
+
+}
+
+int
+main(int argc, char *argv[])
+{
+	const char *directory;
+	int ch;
+
+	while ((ch = getopt(argc, argv, "rt")) != -1) {
+		switch (ch) {
+		case 'r':
+			do_records++;
+			break;
+
+		case 't':
+			do_tokens++;
+			break;
+
+		default:
+			usage();
+		}
+	}
+
+	argc -= optind;
+	argv += optind;
+
+	if (argc != 1)
+		usage();
+
+	directory = argv[0];
+
+	if (mkdir(directory, 0755) < 0 && errno != EEXIST)
+		err(EX_OSERR, "mkdir: %s", directory);
+
+	if (do_tokens) {
+		generate_file_token(directory, "file_token");
+		generate_trailer_token(directory, "trailer_token");
+		generate_header32_token(directory, "header32_token");
+		generate_data_token(directory, "data_token");
+		generate_ipc_token(directory, "ipc_token");
+		generate_path_token(directory, "path_token");
+		generate_subject32_token(directory, "subject32_token");
+		generate_process32_token(directory, "process32_token");
+		generate_return32_token(directory, "return32_token");
+		generate_text_token(directory, "text_token");
+		generate_opaque_token(directory, "opaque_token");
+		generate_in_addr_token(directory, "in_addr_token");
+		generate_ip_token(directory, "ip_token");
+		generate_iport_token(directory, "iport_token");
+		generate_arg32_token(directory, "arg32_token");
+		generate_seq_token(directory, "seq_token");
+		generate_attr_token(directory,  "attr_token");
+		generate_ipc_perm_token(directory, "ipc_perm_token");
+		generate_groups_token(directory, "groups_token");
+		generate_attr32_token(directory, "attr32_token");
+	}
+
+	if (do_records) {
+		generate_file_token(directory, "file_token");
+		generate_trailer_token(directory, "trailer_token");
+		generate_header32_token(directory, "header32_token");
+		generate_data_token(directory, "data_record");
+		generate_ipc_token(directory, "ipc_record");
+		generate_path_token(directory, "path_record");
+		generate_subject32_token(directory, "subject32_record");
+		generate_process32_token(directory, "process32_record");
+		generate_return32_token(directory, "return32_record");
+		generate_text_token(directory, "text_record");
+		generate_opaque_token(directory, "opaque_record");
+		generate_in_addr_token(directory, "in_addr_record");
+		generate_ip_token(directory, "ip_record");
+		generate_iport_token(directory, "iport_record");
+		generate_arg32_token(directory, "arg32_record");
+		generate_seq_token(directory, "seq_record");
+		generate_attr_token(directory,  "attr_record");
+		generate_ipc_perm_token(directory, "ipc_perm_record");
+		generate_groups_token(directory, "groups_record");
+		generate_attr32_token(directory, "attr32_record");
+	}
+
+	return (0);
+}