Merge OpenBSM 1.1 beta 1 from OpenBSM vendor branch to head, both

contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual
merge).

OpenBSM history for imported revision below for reference.

MFC after:      1 month
Sponsored by:   Apple, Inc.
Obtained from:  TrustedBSD Project

OpenBSM 1.1 beta 1

- The filesz parameter in audit_control(5) now accepts suffixes: 'B' for
  Bytes, 'K' for Kilobytes, 'M' for Megabytes, and 'G' for Gigabytes.
  For legacy support no suffix defaults to bytes.
- Audit trail log expiration support added.  It is configured in
  audit_control(5) with the expire-after parameter.  If there is no
  expire-after parameter in audit_control(5), the default, then the audit
  trail files are not expired and removed.  See audit_control(5) for
  more information.
- Change defaults in audit_control: warn at 5% rather than 20% free for audit
  partitions, rotate automatically at 2mb, and set the default policy to
  cnt,argv rather than cnt so that execve(2) arguments are captured if
  AUE_EXECVE events are audited.  These may provide more usable defaults for
  many users.
- Use au_domain_to_bsm(3) and au_socket_type_to_bsm(3) to convert
  au_to_socket_ex(3) arguments to BSM format.
- Fix error encoding AUT_IPC_PERM tokens.

2 files changed, 10 insertions, 9 deletions

diff --git a/sys/security/audit/audit_bsm_errno.c b/sys/security/audit/audit_bsm_errno.c
index 782ce62..ccca41e 100644
--- a/sys/security/audit/audit_bsm_errno.c
+++ b/sys/security/audit/audit_bsm_errno.c
@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE. 
  *
- * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#12
+ * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_errno.c#17
  */
 
 #include <sys/cdefs.h>
@@ -496,7 +496,7 @@ static const struct bsm_errno bsm_errnos[] = {
 #else
 	ERRNO_NO_LOCAL_MAPPING,
 #endif
-	ES("Malfored Macho file") },
+	ES("Malformed Macho file") },
 	{ BSM_ERRNO_EPOLICY,
 #ifdef EPOLICY
 	EPOLICY,
diff --git a/sys/security/audit/audit_bsm_token.c b/sys/security/audit/audit_bsm_token.c
index a30fa53..56f0ceb 100644
--- a/sys/security/audit/audit_bsm_token.c
+++ b/sys/security/audit/audit_bsm_token.c
@@ -30,7 +30,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#86
+ * P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#90
  */
 
 #include <sys/cdefs.h>
@@ -139,7 +139,7 @@ au_to_attr32(struct vnode_au_info *vni)
 	token_t *t;
 	u_char *dptr = NULL;
 	u_int16_t pad0_16 = 0;
-	u_int16_t pad0_32 = 0;
+	u_int32_t pad0_32 = 0;
 
 	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) +
 	    3 * sizeof(u_int32_t) + sizeof(u_int64_t) + sizeof(u_int32_t));
@@ -186,7 +186,7 @@ au_to_attr64(struct vnode_au_info *vni)
 	token_t *t;
 	u_char *dptr = NULL;
 	u_int16_t pad0_16 = 0;
-	u_int16_t pad0_32 = 0;
+	u_int32_t pad0_32 = 0;
 
 	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(u_int16_t) +
 	    3 * sizeof(u_int32_t) + sizeof(u_int64_t) * 2);
@@ -439,7 +439,8 @@ au_to_ipc_perm(struct ipc_perm *perm)
 	u_char *dptr = NULL;
 	u_int16_t pad0 = 0;
 
-	GET_TOKEN_AREA(t, dptr, 12 * sizeof(u_int16_t) + sizeof(u_int32_t));
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 12 * sizeof(u_int16_t) +
+	    sizeof(u_int32_t));
 
 	ADD_U_CHAR(dptr, AUT_IPC_PERM);
 
@@ -869,13 +870,13 @@ au_to_socket_ex(u_short so_domain, u_short so_type,
 		    5 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t));
 	else if (so_domain == AF_INET6)
 		GET_TOKEN_AREA(t, dptr, sizeof(u_char) +
-		    5 * sizeof(u_int16_t) + 16 * sizeof(u_int32_t));
+		    5 * sizeof(u_int16_t) + 8 * sizeof(u_int32_t));
 	else
 		return (NULL);
 
 	ADD_U_CHAR(dptr, AUT_SOCKET_EX);
-	ADD_U_INT16(dptr, so_domain);	/* XXXRW: explicitly convert? */
-	ADD_U_INT16(dptr, so_type);	/* XXXRW: explicitly convert? */
+	ADD_U_INT16(dptr, au_domain_to_bsm(so_domain));
+	ADD_U_INT16(dptr, au_socket_type_to_bsm(so_type));
 	if (so_domain == AF_INET) {
 		ADD_U_INT16(dptr, AU_IPv4);
 		sin = (struct sockaddr_in *)sa_local;