Vendor import of OpenBSM 1.0 alpha 11, with the following change history

notes since the last import:

OpenBSM 1.0 alpha 11

- Reclassify certain read/write operations as having no class rather than the
  fr/fw class; our default classes audit intent (open) not operations (read,
  write).
- Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads
  and writes of sysctls as separate events.  Add additional kernel
  environment and jail events for FreeBSD.
- Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER
  (issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued
  by the kernel audit implementation) so that they can be distinguished.
- Disable rate limiting of rotate requests; as the kernel doesn't retransmit
  a dropped request, the log file will otherwise grow indefinitely if the
  trigger is dropped.
- Improve auditd debugging output.
- Fix a number of threading related bugs in audit_control file reading
  routines.
- Add APIs au_poltostr() and au_strtopol() to convert between text
  representations of audit_control policy flags and the flags passed to
  auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY).
- Add API getacpol() to return the 'policy:' entry from audit_control, an
  extension to the Solaris file format to allow specification of policy
  persistent flags.
- Update audump to print the audit_control policy field.
- Update auditd to read the audit_control policy field and set the kernel
  policy to match it when configuring/reconfiguring.  Remove the -s and -h
  arguments as these policies are now set via the configuration file.  If a
  policy line is not found in the configuration file, continue with the
  current default of setting AUDIT_CNT.
- Fix bugs in the parsing of large execve(2) arguments and environmental
  variable tokens; increase maximum parsed argument and variable count.
- configure now detects strlcat(), used by policy-related functions.
- Reference token and record sample files added to test tree.

Obtained from:	TrustedBSD Project

36 files changed, 5 insertions, 0 deletions

diff --git a/contrib/openbsm/test/reference/arg32_record b/contrib/openbsm/test/reference/arg32_record
new file mode 100644
index 0000000..744dbcf
--- /dev/null
+++ b/contrib/openbsm/test/reference/arg32_record
diff --git a/contrib/openbsm/test/reference/arg32_token b/contrib/openbsm/test/reference/arg32_token
new file mode 100644
index 0000000..3401aa1
--- /dev/null
+++ b/contrib/openbsm/test/reference/arg32_token
diff --git a/contrib/openbsm/test/reference/data_record b/contrib/openbsm/test/reference/data_record
new file mode 100644
index 0000000..ffb3ff6
--- /dev/null
+++ b/contrib/openbsm/test/reference/data_record
diff --git a/contrib/openbsm/test/reference/data_token b/contrib/openbsm/test/reference/data_token
new file mode 100644
index 0000000..e000b8a
--- /dev/null
+++ b/contrib/openbsm/test/reference/data_token
diff --git a/contrib/openbsm/test/reference/file_record b/contrib/openbsm/test/reference/file_record
new file mode 100644
index 0000000..4be1f40
--- /dev/null
+++ b/contrib/openbsm/test/reference/file_record
diff --git a/contrib/openbsm/test/reference/file_token b/contrib/openbsm/test/reference/file_token
new file mode 100644
index 0000000..8b6daa6
--- /dev/null
+++ b/contrib/openbsm/test/reference/file_token
diff --git a/contrib/openbsm/test/reference/header32_token b/contrib/openbsm/test/reference/header32_token
new file mode 100644
index 0000000..dd72c1c
--- /dev/null
+++ b/contrib/openbsm/test/reference/header32_token
diff --git a/contrib/openbsm/test/reference/in_addr_record b/contrib/openbsm/test/reference/in_addr_record
new file mode 100644
index 0000000..0421f88
--- /dev/null
+++ b/contrib/openbsm/test/reference/in_addr_record
diff --git a/contrib/openbsm/test/reference/in_addr_token b/contrib/openbsm/test/reference/in_addr_token
new file mode 100644
index 0000000..56b32a7
--- /dev/null
+++ b/contrib/openbsm/test/reference/in_addr_token
@@ -0,0 +1 @@
+*ˬd
\ No newline at end of file
diff --git a/contrib/openbsm/test/reference/ip_record b/contrib/openbsm/test/reference/ip_record
new file mode 100644
index 0000000..2249844
--- /dev/null
+++ b/contrib/openbsm/test/reference/ip_record
diff --git a/contrib/openbsm/test/reference/ip_token b/contrib/openbsm/test/reference/ip_token
new file mode 100644
index 0000000..96572a4
--- /dev/null
+++ b/contrib/openbsm/test/reference/ip_token
diff --git a/contrib/openbsm/test/reference/ipc_record b/contrib/openbsm/test/reference/ipc_record
new file mode 100644
index 0000000..43eabb4
--- /dev/null
+++ b/contrib/openbsm/test/reference/ipc_record
diff --git a/contrib/openbsm/test/reference/ipc_token b/contrib/openbsm/test/reference/ipc_token
new file mode 100644
index 0000000..7d7690b
--- /dev/null
+++ b/contrib/openbsm/test/reference/ipc_token
@@ -0,0 +1 @@
+"
4Vx
\ No newline at end of file
diff --git a/contrib/openbsm/test/reference/iport_record b/contrib/openbsm/test/reference/iport_record
new file mode 100644
index 0000000..228e8fe
--- /dev/null
+++ b/contrib/openbsm/test/reference/iport_record
diff --git a/contrib/openbsm/test/reference/iport_token b/contrib/openbsm/test/reference/iport_token
new file mode 100644
index 0000000..0225a76
--- /dev/null
+++ b/contrib/openbsm/test/reference/iport_token
diff --git a/contrib/openbsm/test/reference/opaque_record b/contrib/openbsm/test/reference/opaque_record
new file mode 100644
index 0000000..7763817
--- /dev/null
+++ b/contrib/openbsm/test/reference/opaque_record
diff --git a/contrib/openbsm/test/reference/opaque_token b/contrib/openbsm/test/reference/opaque_token
new file mode 100644
index 0000000..02460d3
--- /dev/null
+++ b/contrib/openbsm/test/reference/opaque_token
diff --git a/contrib/openbsm/test/reference/path_record b/contrib/openbsm/test/reference/path_record
new file mode 100644
index 0000000..e85e384
--- /dev/null
+++ b/contrib/openbsm/test/reference/path_record
diff --git a/contrib/openbsm/test/reference/path_token b/contrib/openbsm/test/reference/path_token
new file mode 100644
index 0000000..18d8eef
--- /dev/null
+++ b/contrib/openbsm/test/reference/path_token
diff --git a/contrib/openbsm/test/reference/process32_record b/contrib/openbsm/test/reference/process32_record
new file mode 100644
index 0000000..b6a0a77
--- /dev/null
+++ b/contrib/openbsm/test/reference/process32_record
diff --git a/contrib/openbsm/test/reference/process32_token b/contrib/openbsm/test/reference/process32_token
new file mode 100644
index 0000000..a58adad
--- /dev/null
+++ b/contrib/openbsm/test/reference/process32_token
diff --git a/contrib/openbsm/test/reference/process32ex_record b/contrib/openbsm/test/reference/process32ex_record
new file mode 100644
index 0000000..aa2cb56
--- /dev/null
+++ b/contrib/openbsm/test/reference/process32ex_record
diff --git a/contrib/openbsm/test/reference/process32ex_token b/contrib/openbsm/test/reference/process32ex_token
new file mode 100644
index 0000000..ba84a2a
--- /dev/null
+++ b/contrib/openbsm/test/reference/process32ex_token
diff --git a/contrib/openbsm/test/reference/return32_record b/contrib/openbsm/test/reference/return32_record
new file mode 100644
index 0000000..f4a6a5b
--- /dev/null
+++ b/contrib/openbsm/test/reference/return32_record
diff --git a/contrib/openbsm/test/reference/return32_token b/contrib/openbsm/test/reference/return32_token
new file mode 100644
index 0000000..e7a2098
--- /dev/null
+++ b/contrib/openbsm/test/reference/return32_token
@@ -0,0 +1 @@
+'×4Vx
\ No newline at end of file
diff --git a/contrib/openbsm/test/reference/seq_record b/contrib/openbsm/test/reference/seq_record
new file mode 100644
index 0000000..576c112
--- /dev/null
+++ b/contrib/openbsm/test/reference/seq_record
diff --git a/contrib/openbsm/test/reference/seq_token b/contrib/openbsm/test/reference/seq_token
new file mode 100644
index 0000000..99b51cf
--- /dev/null
+++ b/contrib/openbsm/test/reference/seq_token
@@ -0,0 +1 @@
+/4Vx
\ No newline at end of file
diff --git a/contrib/openbsm/test/reference/subject32_record b/contrib/openbsm/test/reference/subject32_record
new file mode 100644
index 0000000..9978e5d
--- /dev/null
+++ b/contrib/openbsm/test/reference/subject32_record
diff --git a/contrib/openbsm/test/reference/subject32_token b/contrib/openbsm/test/reference/subject32_token
new file mode 100644
index 0000000..2263fe5
--- /dev/null
+++ b/contrib/openbsm/test/reference/subject32_token
diff --git a/contrib/openbsm/test/reference/subject32ex_record b/contrib/openbsm/test/reference/subject32ex_record
new file mode 100644
index 0000000..ca28be4
--- /dev/null
+++ b/contrib/openbsm/test/reference/subject32ex_record
diff --git a/contrib/openbsm/test/reference/subject32ex_token-IPv4 b/contrib/openbsm/test/reference/subject32ex_token-IPv4
new file mode 100644
index 0000000..0eaa71b
--- /dev/null
+++ b/contrib/openbsm/test/reference/subject32ex_token-IPv4
diff --git a/contrib/openbsm/test/reference/subject32ex_token-IPv6 b/contrib/openbsm/test/reference/subject32ex_token-IPv6
new file mode 100644
index 0000000..99202b1
--- /dev/null
+++ b/contrib/openbsm/test/reference/subject32ex_token-IPv6
diff --git a/contrib/openbsm/test/reference/text_record b/contrib/openbsm/test/reference/text_record
new file mode 100644
index 0000000..3bc9db7
--- /dev/null
+++ b/contrib/openbsm/test/reference/text_record
diff --git a/contrib/openbsm/test/reference/text_token b/contrib/openbsm/test/reference/text_token
new file mode 100644
index 0000000..12d5819
--- /dev/null
+++ b/contrib/openbsm/test/reference/text_token
diff --git a/contrib/openbsm/test/reference/trailer_token b/contrib/openbsm/test/reference/trailer_token
new file mode 100644
index 0000000..138e0b3
--- /dev/null
+++ b/contrib/openbsm/test/reference/trailer_token
@@ -0,0 +1 @@
+±4Vx
\ No newline at end of file
diff --git a/contrib/openbsm/test/samples/execve-long-args.trail b/contrib/openbsm/test/samples/execve-long-args.trail
new file mode 100644
index 0000000..0ad3af0
--- /dev/null
+++ b/contrib/openbsm/test/samples/execve-long-args.trail