Import OpenBSM 1.1p1 from vendor branch to 8-CURRENT, populating

contrib/openbsm and a subset also imported into sys/security/audit.
This patch release addresses several minor issues:

- Fixes to AUT_SOCKUNIX token parsing.
- IPv6 support for au_to_me(3).
- Improved robustness in the parsing of audit_control, especially long
  flags/naflags strings and whitespace in all fields.
- Add missing conversion of a number of FreeBSD/Mac OS X errnos to/from BSM
  error number space.

MFC after:	3 weeks
Obtained from:	TrustedBSD Project
Sponsored by:	Apple, Inc.
Approved by:	re (kib)

2 files changed, 121 insertions, 8 deletions

diff --git a/sys/security/audit/audit_bsm_errno.c b/sys/security/audit/audit_bsm_errno.c
index ccca41e..efbc866 100644
--- a/sys/security/audit/audit_bsm_errno.c
+++ b/sys/security/audit/audit_bsm_errno.c
@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE. 
  *
- * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#17
+ * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#18
  */
 
 #include <sys/cdefs.h>
@@ -455,6 +455,104 @@ static const struct bsm_errno bsm_errnos[] = {
 	{ BSM_ERRNO_EINPROGRESS, EINPROGRESS,
 	    ES("Operation now in progress") },
 	{ BSM_ERRNO_ESTALE, ESTALE, ES("Stale NFS file handle") },
+	{ BSM_ERRNO_EPROCLIM,
+#ifdef EPROCLIM
+	EPROCLIM,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	ES("Too many processes") },
+	{ BSM_ERRNO_EBADRPC,
+#ifdef EBADRPC
+	EBADRPC,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	ES("RPC struct is bad") },
+	{ BSM_ERRNO_ERPCMISMATCH,
+#ifdef ERPCMISMATCH
+	ERPCMISMATCH,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	ES("RPC version wrong") },
+	{ BSM_ERRNO_EPROGUNAVAIL,
+#ifdef EPROGUNAVAIL
+	EPROGUNAVAIL,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	ES("RPC prog. not avail") },
+	{ BSM_ERRNO_EPROGMISMATCH,
+#ifdef EPROGMISMATCH
+	EPROGMISMATCH,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	ES("RPC version wrong") },
+	{ BSM_ERRNO_EPROCUNAVAIL,
+#ifdef EPROCUNAVAIL
+	EPROCUNAVAIL,
+#else
+	ERRNO_NO_LOCAL_MAPPING
+#endif
+	ES("Bad procedure for program") },
+	{ BSM_ERRNO_EFTYPE,
+#ifdef EFTYPE
+	EFTYPE,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	ES("Inappropriate file type or format") },
+	{ BSM_ERRNO_EAUTH,
+#ifdef EAUTH
+	EAUTH,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	ES("Authenticateion error") },
+	{ BSM_ERRNO_ENEEDAUTH,
+#ifdef ENEEDAUTH
+	ENEEDAUTH,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	ES("Need authenticator") },
+	{ BSM_ERRNO_ENOATTR,
+#ifdef ENOATTR
+	ENOATTR,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	ES("Attribute not found") },
+	{ BSM_ERRNO_EDOOFUS,
+#ifdef EDOOFUS
+	EDOOFUS,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	ES("Programming error") },
+	{ BSM_ERRNO_EJUSTRETURN,
+#ifdef EJUSTRETURN
+	EJUSTRETURN,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	ES("Just return") },
+	{ BSM_ERRNO_ENOIOCTL,
+#ifdef ENOIOCTL
+	ENOIOCTL,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	ES("ioctl not handled by this layer") },
+	{ BSM_ERRNO_EDIRIOCTL,
+#ifdef EDIRIOCTL
+	EDIRIOCTL,
+#else
+	ERRNO_NO_LOCAL_MAPPING,
+#endif
+	ES("do direct ioctl in GEOM") },
 	{ BSM_ERRNO_EPWROFF,
 #ifdef EPWROFF
 	EPWROFF,
diff --git a/sys/security/audit/audit_bsm_token.c b/sys/security/audit/audit_bsm_token.c
index 131abf5..5523ea4 100644
--- a/sys/security/audit/audit_bsm_token.c
+++ b/sys/security/audit/audit_bsm_token.c
@@ -30,7 +30,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#91
+ * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#93
  */
 
 #include <sys/cdefs.h>
@@ -930,7 +930,7 @@ kau_to_socket(struct socket_au_info *soi)
 /*
  * token ID                1 byte
  * socket family           2 bytes
- * path                    104 bytes
+ * path                    (up to) 104 bytes + NULL  (NULL terminated string)
  */
 token_t *
 au_to_sock_unix(struct sockaddr_un *so)
@@ -1188,12 +1188,27 @@ token_t *
 au_to_me(void)
 {
 	auditinfo_t auinfo;
+	auditinfo_addr_t aia;
 
-	if (getaudit(&auinfo) != 0)
-		return (NULL);
-
-	return (au_to_subject32(auinfo.ai_auid, geteuid(), getegid(),
-	    getuid(), getgid(), getpid(), auinfo.ai_asid, &auinfo.ai_termid));
+	/*
+	 * Try to use getaudit_addr(2) first.  If this kernel does not support
+	 * it, then fall back on to getaudit(2).
+	 */
+	if (getaudit_addr(&aia, sizeof(aia)) != 0) {
+		if (errno == ENOSYS) {
+			if (getaudit(&auinfo) != 0)
+				return (NULL);
+			return (au_to_subject32(auinfo.ai_auid, geteuid(),
+				getegid(), getuid(), getgid(), getpid(),
+				auinfo.ai_asid, &auinfo.ai_termid));
+		} else {
+			/* getaudit_addr(2) failed for some other reason. */
+			return (NULL); 
+		}
+	} 
+
+	return (au_to_subject32_ex(aia.ai_auid, geteuid(), getegid(), getuid(),
+		getgid(), getpid(), aia.ai_asid, &aia.ai_termid));
 }
 #endif