Merge OpenBSM 1.1 changes to the FreeBSD 8.x kernel:

- Add and use mapping of fcntl(2) commands to new BSM constant space.
- Adopt (int) rather than (long) arguments to a number of auditon(2)
  commands, as has happened in Solaris, and add compatibility code to
  handle the old comments.

Note that BSM_PF_IEEE80211 is partially but not fully removed, as the
userspace OpenBSM 1.1alpha5 code still depends on it.  Once userspace
is updated, I'll GCC the kernel constant.

MFC after:		2 weeks
Sponsored by:		Apple, Inc.
Obtained from:		TrustedBSD Project
Portions submitted by:	sson

7 files changed, 225 insertions, 44 deletions

diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c
index b46c02c..da47d25 100644
--- a/sys/security/audit/audit.c
+++ b/sys/security/audit/audit.c
@@ -129,8 +129,8 @@ struct mtx		audit_mtx;
  * outstanding in the system.
  */
 struct kaudit_queue	audit_q;
-size_t			audit_q_len;
-size_t			audit_pre_q_len;
+int			audit_q_len;
+int			audit_pre_q_len;
 
 /*
  * Audit queue control settings (minimum free, low/high water marks, etc.)
diff --git a/sys/security/audit/audit_bsm.c b/sys/security/audit/audit_bsm.c
index 3326961..80fbd74 100644
--- a/sys/security/audit/audit_bsm.c
+++ b/sys/security/audit/audit_bsm.c
@@ -287,13 +287,20 @@ audit_sys_auditon(struct audit_record *ar, struct au_record *rec)
 	struct au_token *tok;
 
 	switch (ar->ar_arg_cmd) {
+	case A_OLDSETPOLICY:
+		if ((size_t)ar->ar_arg_len == sizeof(int64_t)) {
+			tok = au_to_arg32(3, "length", ar->ar_arg_len);
+			kau_write(rec, tok);
+			tok = au_to_arg64(2, "policy",
+			    ar->ar_arg_auditon.au_policy64);
+			kau_write(rec, tok);
+			break;
+		}
+		/* FALLTHROUGH */
 	case A_SETPOLICY:
-		if (sizeof(ar->ar_arg_auditon.au_flags) > 4)
-			tok = au_to_arg64(1, "policy",
-			    ar->ar_arg_auditon.au_flags);
-		else
-			tok = au_to_arg32(1, "policy",
-			    ar->ar_arg_auditon.au_flags);
+		tok = au_to_arg32(3, "length", ar->ar_arg_len);
+		kau_write(rec, tok);
+		tok = au_to_arg32(1, "policy", ar->ar_arg_auditon.au_policy);
 		kau_write(rec, tok);
 		break;
 
@@ -306,20 +313,42 @@ audit_sys_auditon(struct audit_record *ar, struct au_record *rec)
 		kau_write(rec, tok);
 		break;
 
+	case A_OLDSETQCTRL:
+		if ((size_t)ar->ar_arg_len == sizeof(au_qctrl64_t)) {
+			tok = au_to_arg32(3, "length", ar->ar_arg_len);
+			kau_write(rec, tok);
+			tok = au_to_arg64(2, "setqctrl:aq_hiwater",
+			    ar->ar_arg_auditon.au_qctrl64.aq64_hiwater);
+			kau_write(rec, tok);
+			tok = au_to_arg64(2, "setqctrl:aq_lowater",
+			    ar->ar_arg_auditon.au_qctrl64.aq64_lowater);
+			kau_write(rec, tok);
+			tok = au_to_arg64(2, "setqctrl:aq_bufsz",
+			    ar->ar_arg_auditon.au_qctrl64.aq64_bufsz);
+			kau_write(rec, tok);
+			tok = au_to_arg64(2, "setqctrl:aq_delay",
+			    ar->ar_arg_auditon.au_qctrl64.aq64_delay);
+			kau_write(rec, tok);
+			tok = au_to_arg64(2, "setqctrl:aq_minfree",
+			    ar->ar_arg_auditon.au_qctrl64.aq64_minfree);
+			kau_write(rec, tok);
+			break;
+		}
+		/* FALLTHROUGH */
 	case A_SETQCTRL:
 		tok = au_to_arg32(3, "setqctrl:aq_hiwater",
 		    ar->ar_arg_auditon.au_qctrl.aq_hiwater);
 		kau_write(rec, tok);
-		tok = au_to_arg32(3, "setqctrl:aq_lowater",
+		tok = au_to_arg32(2, "setqctrl:aq_lowater",
 		    ar->ar_arg_auditon.au_qctrl.aq_lowater);
 		kau_write(rec, tok);
-		tok = au_to_arg32(3, "setqctrl:aq_bufsz",
+		tok = au_to_arg32(2, "setqctrl:aq_bufsz",
 		    ar->ar_arg_auditon.au_qctrl.aq_bufsz);
 		kau_write(rec, tok);
-		tok = au_to_arg32(3, "setqctrl:aq_delay",
+		tok = au_to_arg32(2, "setqctrl:aq_delay",
 		    ar->ar_arg_auditon.au_qctrl.aq_delay);
 		kau_write(rec, tok);
-		tok = au_to_arg32(3, "setqctrl:aq_minfree",
+		tok = au_to_arg32(2, "setqctrl:aq_minfree",
 		    ar->ar_arg_auditon.au_qctrl.aq_minfree);
 		kau_write(rec, tok);
 		break;
@@ -334,34 +363,47 @@ audit_sys_auditon(struct audit_record *ar, struct au_record *rec)
 		break;
 
 	case A_SETSMASK:
-		tok = au_to_arg32(3, "setsmask:as_success",
+		tok = au_to_arg32(3, "length", ar->ar_arg_len);
+		kau_write(rec, tok);
+		tok = au_to_arg32(2, "setsmask:as_success",
 		    ar->ar_arg_auditon.au_auinfo.ai_mask.am_success);
 		kau_write(rec, tok);
-		tok = au_to_arg32(3, "setsmask:as_failure",
+		tok = au_to_arg32(2, "setsmask:as_failure",
 		    ar->ar_arg_auditon.au_auinfo.ai_mask.am_failure);
 		kau_write(rec, tok);
 		break;
 
+	case A_OLDSETCOND:
+		if ((size_t)ar->ar_arg_len == sizeof(int64_t)) {
+			tok = au_to_arg32(3, "length", ar->ar_arg_len);
+			kau_write(rec, tok);
+			tok = au_to_arg64(2, "setcond",
+			    ar->ar_arg_auditon.au_cond64);
+			kau_write(rec, tok);
+			break;
+		}
+		/* FALLTHROUGH */
 	case A_SETCOND:
-		if (sizeof(ar->ar_arg_auditon.au_cond) > 4)
-			tok = au_to_arg64(3, "setcond",
-			    ar->ar_arg_auditon.au_cond);
-		else
-			tok = au_to_arg32(3, "setcond",
-			    ar->ar_arg_auditon.au_cond);
+		tok = au_to_arg32(3, "length", ar->ar_arg_len);
+		kau_write(rec, tok);
+		tok = au_to_arg32(3, "setcond", ar->ar_arg_auditon.au_cond);
 		kau_write(rec, tok);
 		break;
 
 	case A_SETCLASS:
+		tok = au_to_arg32(3, "length", ar->ar_arg_len);
+		kau_write(rec, tok);
 		tok = au_to_arg32(2, "setclass:ec_event",
 		    ar->ar_arg_auditon.au_evclass.ec_number);
 		kau_write(rec, tok);
-		tok = au_to_arg32(3, "setclass:ec_class",
+		tok = au_to_arg32(2, "setclass:ec_class",
 		    ar->ar_arg_auditon.au_evclass.ec_class);
 		kau_write(rec, tok);
 		break;
 
 	case A_SETPMASK:
+		tok = au_to_arg32(3, "length", ar->ar_arg_len);
+		kau_write(rec, tok);
 		tok = au_to_arg32(2, "setpmask:as_success",
 		    ar->ar_arg_auditon.au_aupinfo.ap_mask.am_success);
 		kau_write(rec, tok);
@@ -371,6 +413,8 @@ audit_sys_auditon(struct audit_record *ar, struct au_record *rec)
 		break;
 
 	case A_SETFSIZE:
+		tok = au_to_arg32(3, "length", ar->ar_arg_len);
+		kau_write(rec, tok);
 		tok = au_to_arg32(2, "setfsize:filesize",
 		    ar->ar_arg_auditon.au_fstat.af_filesz);
 		kau_write(rec, tok);
@@ -847,12 +891,13 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
 		break;
 
 	case AUE_FCNTL:
+		if (ARG_IS_VALID(kar, ARG_CMD)) {
+			tok = au_to_arg32(2, "cmd",
+			    au_fcntl_cmd_to_bsm(ar->ar_arg_cmd));
+			kau_write(rec, tok);
+		}
 		if (ar->ar_arg_cmd == F_GETLK || ar->ar_arg_cmd == F_SETLK ||
 		    ar->ar_arg_cmd == F_SETLKW) {
-			if (ARG_IS_VALID(kar, ARG_CMD)) {
-				tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd);
-				kau_write(rec, tok);
-			}
 			FD_VNODE1_TOKENS;
 		}
 		break;
diff --git a/sys/security/audit/audit_bsm_domain.c b/sys/security/audit/audit_bsm_domain.c
index 6f43a77..cb5939f 100644
--- a/sys/security/audit/audit_bsm_domain.c
+++ b/sys/security/audit/audit_bsm_domain.c
@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE. 
  *
- * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_domain.c#2
+ * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_domain.c#3
  */
 
 #include <sys/cdefs.h>
@@ -324,13 +324,6 @@ static const struct bsm_domain bsm_domains[] = {
 	PF_NO_LOCAL_MAPPING
 #endif
 	},
-	{ BSM_PF_IEEE80211,
-#ifdef PF_IEEE80211
-	PF_IEEE80211
-#else
-	PF_NO_LOCAL_MAPPING
-#endif
-	},
 	{ BSM_PF_AX25,
 #ifdef PF_AX25
 	PF_AX25
diff --git a/sys/security/audit/audit_bsm_fcntl.c b/sys/security/audit/audit_bsm_fcntl.c
index 899e631..1e7e68f 100644
--- a/sys/security/audit/audit_bsm_fcntl.c
+++ b/sys/security/audit/audit_bsm_fcntl.c
@@ -27,16 +27,18 @@
  * POSSIBILITY OF SUCH DAMAGE.
  *
  * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_fcntl.c#2
- * $FreeBSD$
  */
 
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
 #include <sys/param.h>
 #include <sys/fcntl.h>
 
-#include <config/config.h>
+#include <security/audit/audit.h>
 
 #include <bsm/audit_fcntl.h>
-#include <bsm/libbsm.h>
+#include <bsm/audit_record.h>
 
 struct bsm_fcntl_cmd {
 	u_short	bfc_bsm_fcntl_cmd;
diff --git a/sys/security/audit/audit_bsm_token.c b/sys/security/audit/audit_bsm_token.c
index 56f0ceb..131abf5 100644
--- a/sys/security/audit/audit_bsm_token.c
+++ b/sys/security/audit/audit_bsm_token.c
@@ -30,7 +30,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#90
+ * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#91
  */
 
 #include <sys/cdefs.h>
@@ -1460,7 +1460,7 @@ au_to_header32_ex(int rec_size, au_event_t e_type, au_emod_t e_mod)
 
 	if (gettimeofday(&tm, NULL) == -1)
 		return (NULL);
-	if (auditon(A_GETKAUDIT, &aia, sizeof(aia)) < 0) {
+	if (audit_get_kaudit(&aia, sizeof(aia)) != 0) {
 		if (errno != ENOSYS)
 			return (NULL);
 		return (au_to_header32_tm(rec_size, e_type, e_mod, tm));
diff --git a/sys/security/audit/audit_private.h b/sys/security/audit/audit_private.h
index ec5beb5..0116f4d 100644
--- a/sys/security/audit/audit_private.h
+++ b/sys/security/audit/audit_private.h
@@ -118,18 +118,34 @@ struct socket_au_info {
 	u_short		so_lport;	/* Local port. */
 };
 
+/*
+ * The following is used for A_OLDSETQCTRL and AU_OLDGETQCTRL and a 64-bit
+ * userland.
+ */
+struct au_qctrl64 {
+	u_int64_t	aq64_hiwater;
+	u_int64_t	aq64_lowater;
+	u_int64_t	aq64_bufsz;
+	u_int64_t	aq64_delay;
+	u_int64_t	aq64_minfree;
+};
+typedef	struct au_qctrl64	au_qctrl64_t;
+
 union auditon_udata {
 	char			*au_path;
-	long			au_cond;
-	long			au_flags;
-	long			au_policy;
+	int			au_cond;
+	int			au_flags;
+	int			au_policy;
 	int			au_trigger;
+	int64_t			au_cond64;
+	int64_t			au_policy64;
 	au_evclass_map_t	au_evclass;
 	au_mask_t		au_mask;
 	auditinfo_t		au_auinfo;
 	auditpinfo_t		au_aupinfo;
 	auditpinfo_addr_t	au_aupinfo_addr;
 	au_qctrl_t		au_qctrl;
+	au_qctrl64_t		au_qctrl64;
 	au_stat_t		au_stat;
 	au_fstat_t		au_fstat;
 	auditinfo_addr_t	au_kau_info;
@@ -275,8 +291,8 @@ extern struct mtx		audit_mtx;
 extern struct cv		audit_watermark_cv;
 extern struct cv		audit_worker_cv;
 extern struct kaudit_queue	audit_q;
-extern size_t			audit_q_len;
-extern size_t			audit_pre_q_len;
+extern int			audit_q_len;
+extern int			audit_pre_q_len;
 extern int			audit_in_failure;
 
 /*
diff --git a/sys/security/audit/audit_syscalls.c b/sys/security/audit/audit_syscalls.c
index 7ca797d..7465dc8 100644
--- a/sys/security/audit/audit_syscalls.c
+++ b/sys/security/audit/audit_syscalls.c
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 1999-2005 Apple Inc.
+ * Copyright (c) 1999-2009 Apple Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -187,12 +187,15 @@ auditon(struct thread *td, struct auditon_args *uap)
 	 */
 	switch (uap->cmd) {
 	case A_SETPOLICY:
+	case A_OLDSETPOLICY:
 	case A_SETKMASK:
 	case A_SETQCTRL:
+	case A_OLDSETQCTRL:
 	case A_SETSTAT:
 	case A_SETUMASK:
 	case A_SETSMASK:
 	case A_SETCOND:
+	case A_OLDSETCOND:
 	case A_SETCLASS:
 	case A_SETPMASK:
 	case A_SETFSIZE:
@@ -212,7 +215,22 @@ auditon(struct thread *td, struct auditon_args *uap)
 	 * XXXAUDIT: Locking?
 	 */
 	switch (uap->cmd) {
+	case A_OLDGETPOLICY:
+		if (uap->length == sizeof(udata.au_policy64)) {
+			if (!audit_fail_stop)
+				udata.au_policy64 |= AUDIT_CNT;
+			if (audit_panic_on_write_fail)
+				udata.au_policy64 |= AUDIT_AHLT;
+			if (audit_argv)
+				udata.au_policy64 |= AUDIT_ARGV;
+			if (audit_arge)
+				udata.au_policy64 |= AUDIT_ARGE;
+			break;
+		}
+		/* FALLTHROUGH */
 	case A_GETPOLICY:
+		if (uap->length != sizeof(udata.au_policy))
+			return (EINVAL);
 		if (!audit_fail_stop)
 			udata.au_policy |= AUDIT_CNT;
 		if (audit_panic_on_write_fail)
@@ -223,7 +241,23 @@ auditon(struct thread *td, struct auditon_args *uap)
 			udata.au_policy |= AUDIT_ARGE;
 		break;
 
+	case A_OLDSETPOLICY:
+		if (uap->length == sizeof(udata.au_policy64)) {
+			if (udata.au_policy & (~AUDIT_CNT|AUDIT_AHLT|
+			    AUDIT_ARGV|AUDIT_ARGE))
+				return (EINVAL);
+			audit_fail_stop = ((udata.au_policy64 & AUDIT_CNT) ==
+			    0);
+			audit_panic_on_write_fail = (udata.au_policy64 &
+			    AUDIT_AHLT);
+			audit_argv = (udata.au_policy64 & AUDIT_ARGV);
+			audit_arge = (udata.au_policy64 & AUDIT_ARGE);
+			break;
+		}
+		/* FALLTHROUGH */
 	case A_SETPOLICY:
+		if (uap->length != sizeof(udata.au_policy))
+			return (EINVAL);
 		if (udata.au_policy & ~(AUDIT_CNT|AUDIT_AHLT|AUDIT_ARGV|
 		    AUDIT_ARGE))
 			return (EINVAL);
@@ -237,18 +271,60 @@ auditon(struct thread *td, struct auditon_args *uap)
 		break;
 
 	case A_GETKMASK:
+		if (uap->length != sizeof(udata.au_mask))
+			return (EINVAL);
 		udata.au_mask = audit_nae_mask;
 		break;
 
 	case A_SETKMASK:
+		if (uap->length != sizeof(udata.au_mask))
+			return (EINVAL);
 		audit_nae_mask = udata.au_mask;
 		break;
 
+	case A_OLDGETQCTRL:
+		if (uap->length == sizeof(udata.au_qctrl64)) {
+			udata.au_qctrl64.aq64_hiwater =
+			    (u_int64_t)audit_qctrl.aq_hiwater;
+			udata.au_qctrl64.aq64_lowater =
+			    (u_int64_t)audit_qctrl.aq_lowater;
+			udata.au_qctrl64.aq64_bufsz =
+			    (u_int64_t)audit_qctrl.aq_bufsz;
+			udata.au_qctrl64.aq64_minfree =
+			    (u_int64_t)audit_qctrl.aq_minfree;
+			break;
+		}
+		/* FALLTHROUGH */
 	case A_GETQCTRL:
+		if (uap->length != sizeof(udata.au_qctrl))
+			return (EINVAL);
 		udata.au_qctrl = audit_qctrl;
 		break;
 
+	case A_OLDSETQCTRL:
+		if (uap->length == sizeof(udata.au_qctrl64)) {
+			if ((udata.au_qctrl64.aq64_hiwater > AQ_MAXHIGH) ||
+			    (udata.au_qctrl64.aq64_lowater >=
+			    udata.au_qctrl.aq_hiwater) ||
+			    (udata.au_qctrl64.aq64_bufsz > AQ_MAXBUFSZ) ||
+			    (udata.au_qctrl64.aq64_minfree < 0) ||
+			    (udata.au_qctrl64.aq64_minfree > 100))
+				return (EINVAL);
+			audit_qctrl.aq_hiwater =
+			    (int)udata.au_qctrl64.aq64_hiwater;
+			audit_qctrl.aq_lowater =
+			    (int)udata.au_qctrl64.aq64_lowater;
+			audit_qctrl.aq_bufsz =
+			    (int)udata.au_qctrl64.aq64_bufsz;
+			audit_qctrl.aq_minfree =
+			    (int)udata.au_qctrl64.aq64_minfree;
+			audit_qctrl.aq_delay = -1;	/* Not used. */
+			break;
+		}
+		/* FALLTHROUGH */
 	case A_SETQCTRL:
+		if (uap->length != sizeof(udata.au_qctrl))
+			return (EINVAL);
 		if ((udata.au_qctrl.aq_hiwater > AQ_MAXHIGH) ||
 		    (udata.au_qctrl.aq_lowater >= udata.au_qctrl.aq_hiwater) ||
 		    (udata.au_qctrl.aq_bufsz > AQ_MAXBUFSZ) ||
@@ -285,14 +361,40 @@ auditon(struct thread *td, struct auditon_args *uap)
 		return (ENOSYS);
 		break;
 
+	case A_OLDGETCOND:
+		if (uap->length == sizeof(udata.au_cond64)) {
+			if (audit_enabled && !audit_suspended)
+				udata.au_cond64 = AUC_AUDITING;
+			else
+				udata.au_cond64 = AUC_NOAUDIT;
+			break;
+		}
+		/* FALLTHROUGH */
 	case A_GETCOND:
+		if (uap->length != sizeof(udata.au_cond))
+			return (EINVAL);
 		if (audit_enabled && !audit_suspended)
 			udata.au_cond = AUC_AUDITING;
 		else
 			udata.au_cond = AUC_NOAUDIT;
 		break;
 
+	case A_OLDSETCOND:
+		if (uap->length == sizeof(udata.au_cond64)) {
+			if (udata.au_cond64 == AUC_NOAUDIT)
+				audit_suspended = 1;
+			if (udata.au_cond64 == AUC_AUDITING)
+				audit_suspended = 0;
+			if (udata.au_cond64 == AUC_DISABLED) {
+				audit_suspended = 1;
+				audit_shutdown(NULL, 0);
+			}
+			break;
+		}
+		/* FALLTHROUGH */
 	case A_SETCOND:
+		if (uap->length != sizeof(udata.au_cond))
+			return (EINVAL);
 		if (udata.au_cond == AUC_NOAUDIT)
 			audit_suspended = 1;
 		if (udata.au_cond == AUC_AUDITING)
@@ -304,16 +406,22 @@ auditon(struct thread *td, struct auditon_args *uap)
 		break;
 
 	case A_GETCLASS:
+		if (uap->length != sizeof(udata.au_evclass))
+			return (EINVAL);
 		udata.au_evclass.ec_class = au_event_class(
 		    udata.au_evclass.ec_number);
 		break;
 
 	case A_SETCLASS:
+		if (uap->length != sizeof(udata.au_evclass))
+			return (EINVAL);
 		au_evclassmap_insert(udata.au_evclass.ec_number,
 		    udata.au_evclass.ec_class);
 		break;
 
 	case A_GETPINFO:
+		if (uap->length != sizeof(udata.au_aupinfo))
+			return (EINVAL);
 		if (udata.au_aupinfo.ap_pid < 1)
 			return (ESRCH);
 		if ((tp = pfind(udata.au_aupinfo.ap_pid)) == NULL)
@@ -341,6 +449,8 @@ auditon(struct thread *td, struct auditon_args *uap)
 		break;
 
 	case A_SETPMASK:
+		if (uap->length != sizeof(udata.au_aupinfo))
+			return (EINVAL);
 		if (udata.au_aupinfo.ap_pid < 1)
 			return (ESRCH);
 		newcred = crget();
@@ -365,6 +475,8 @@ auditon(struct thread *td, struct auditon_args *uap)
 		break;
 
 	case A_SETFSIZE:
+		if (uap->length != sizeof(udata.au_fstat))
+			return (EINVAL);
 		if ((udata.au_fstat.af_filesz != 0) &&
 		   (udata.au_fstat.af_filesz < MIN_AUDIT_FILE_SIZE))
 			return (EINVAL);
@@ -372,11 +484,15 @@ auditon(struct thread *td, struct auditon_args *uap)
 		break;
 
 	case A_GETFSIZE:
+		if (uap->length != sizeof(udata.au_fstat))
+			return (EINVAL);
 		udata.au_fstat.af_filesz = audit_fstat.af_filesz;
 		udata.au_fstat.af_currsz = audit_fstat.af_currsz;
 		break;
 
 	case A_GETPINFO_ADDR:
+		if (uap->length != sizeof(udata.au_aupinfo_addr))
+			return (EINVAL);
 		if (udata.au_aupinfo_addr.ap_pid < 1)
 			return (ESRCH);
 		if ((tp = pfind(udata.au_aupinfo_addr.ap_pid)) == NULL)
@@ -393,10 +509,14 @@ auditon(struct thread *td, struct auditon_args *uap)
 		break;
 
 	case A_GETKAUDIT:
+		if (uap->length != sizeof(udata.au_kau_info))
+			return (EINVAL);
 		audit_get_kinfo(&udata.au_kau_info);
 		break;
 
 	case A_SETKAUDIT:
+		if (uap->length != sizeof(udata.au_kau_info))
+			return (EINVAL);
 		if (udata.au_kau_info.ai_termid.at_type != AU_IPv4 &&
 		    udata.au_kau_info.ai_termid.at_type != AU_IPv6)
 			return (EINVAL);
@@ -404,6 +524,8 @@ auditon(struct thread *td, struct auditon_args *uap)
 		break;
 
 	case A_SENDTRIGGER:
+		if (uap->length != sizeof(udata.au_trigger))
+			return (EINVAL);
 		if ((udata.au_trigger < AUDIT_TRIGGER_MIN) ||
 		    (udata.au_trigger > AUDIT_TRIGGER_MAX))
 			return (EINVAL);
@@ -418,12 +540,15 @@ auditon(struct thread *td, struct auditon_args *uap)
 	 */
 	switch (uap->cmd) {
 	case A_GETPOLICY:
+	case A_OLDGETPOLICY:
 	case A_GETKMASK:
 	case A_GETQCTRL:
+	case A_OLDGETQCTRL:
 	case A_GETCWD:
 	case A_GETCAR:
 	case A_GETSTAT:
 	case A_GETCOND:
+	case A_OLDGETCOND:
 	case A_GETCLASS:
 	case A_GETPINFO:
 	case A_GETFSIZE: