Merge OpenBSM 1.2-alpha2 changes from contrib/openbsm to

src/sys/{bsm,security/audit}.  There are a few tweaks to help with the
FreeBSD build environment that will be merged back to OpenBSM.  No
significant functional changes appear on the kernel side.

Obtained from:	TrustedBSD Project
Sponsored by:	The FreeBSD Foundation (auditdistd)

2 files changed, 59 insertions, 8 deletions

diff --git a/sys/security/audit/audit_bsm_errno.c b/sys/security/audit/audit_bsm_errno.c
index c7aa9af..e2e1961 100644
--- a/sys/security/audit/audit_bsm_errno.c
+++ b/sys/security/audit/audit_bsm_errno.c
@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE. 
  *
- * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#18
+ * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#22
  */
 
 #include <sys/cdefs.h>
@@ -494,7 +494,7 @@ static const struct bsm_errno bsm_errnos[] = {
 #ifdef EPROCUNAVAIL
 	EPROCUNAVAIL,
 #else
-	ERRNO_NO_LOCAL_MAPPING
+	ERRNO_NO_LOCAL_MAPPING,
 #endif
 	ES("Bad procedure for program") },
 	{ BSM_ERRNO_EFTYPE,
@@ -666,7 +666,7 @@ static const struct bsm_errno bsm_errnos[] = {
 #endif
 	ES("Required key not available") },
 	{ BSM_ERRNO_EKEYEXPIRED,
-#ifdef EKEEXPIRED
+#ifdef EKEYEXPIRED
 	EKEYEXPIRED,
 #else
 	ERRNO_NO_LOCAL_MAPPING,
@@ -680,7 +680,7 @@ static const struct bsm_errno bsm_errnos[] = {
 #endif
 	ES("Key has been revoked") },
 	{ BSM_ERRNO_EKEYREJECTED,
-#ifdef EKEREJECTED
+#ifdef EKEYREJECTED
 	EKEYREJECTED,
 #else
 	ERRNO_NO_LOCAL_MAPPING,
diff --git a/sys/security/audit/audit_bsm_token.c b/sys/security/audit/audit_bsm_token.c
index a050df1..6d0d67f 100644
--- a/sys/security/audit/audit_bsm_token.c
+++ b/sys/security/audit/audit_bsm_token.c
@@ -30,7 +30,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#93
+ * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#99
  */
 
 #include <sys/cdefs.h>
@@ -68,6 +68,57 @@ __FBSDID("$FreeBSD$");
 
 /*
  * token ID                1 byte
+ * success/failure         1 byte
+ * privstrlen              2 bytes
+ * privstr                 N bytes + 1 (\0 byte)
+ */
+token_t *
+au_to_upriv(char sorf, char *priv)
+{
+	u_int16_t textlen;
+	u_char *dptr;
+	token_t *t;
+
+	textlen = strlen(priv) + 1;
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_char) +
+	    sizeof(u_int16_t) + textlen);
+
+	ADD_U_CHAR(dptr, AUT_UPRIV);
+	ADD_U_CHAR(dptr, sorf);
+	ADD_U_INT16(dptr, textlen);
+	ADD_STRING(dptr, priv, textlen);
+	return (t);
+}
+
+/*
+ * token ID		1 byte
+ * privtstrlen		2 bytes
+ * privtstr		N bytes + 1
+ * privstrlen		2 bytes
+ * privstr		N bytes + 1
+ */
+token_t *
+au_to_privset(char *privtypestr, char *privstr)
+{
+	u_int16_t	 type_len, priv_len;
+	u_char		*dptr;
+	token_t		*t;
+
+	type_len = strlen(privtypestr) + 1;
+	priv_len = strlen(privstr) + 1;
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int16_t) +
+	    sizeof(u_int16_t) + type_len + priv_len);
+
+	ADD_U_CHAR(dptr, AUT_PRIV);
+	ADD_U_INT16(dptr, type_len);
+	ADD_STRING(dptr, privtypestr, type_len);
+	ADD_U_INT16(dptr, priv_len);
+	ADD_STRING(dptr, privstr, priv_len);
+	return (t);
+}
+
+/*
+ * token ID                1 byte
  * argument #              1 byte
  * argument value          4 bytes/8 bytes (32-bit/64-bit value)
  * text length             2 bytes
@@ -1204,9 +1255,9 @@ au_to_me(void)
 				auinfo.ai_asid, &auinfo.ai_termid));
 		} else {
 			/* getaudit_addr(2) failed for some other reason. */
-			return (NULL); 
+			return (NULL);
 		}
-	} 
+	}
 
 	return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(),
 		getgid(), getpid(), aia.ai_asid, &aia.ai_termid));
@@ -1438,7 +1489,7 @@ au_to_header32_ex_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
 	ADD_U_INT32(dptr, tm.tv_sec);
 	ADD_U_INT32(dptr, timems);      /* We need time in ms. */
 
-	return (t);   
+	return (t);
 }
 
 token_t *