61 files changed, 693 insertions, 191 deletions
diff --git a/contrib/openbsm/HISTORY b/contrib/openbsm/HISTORY
index 7b249ae..e909300 100644
--- a/contrib/openbsm/HISTORY
+++ b/contrib/openbsm/HISTORY
@@ -1,3 +1,37 @@
+OpenBSM 1.0 alpha 11
+
+- Reclassify certain read/write operations as having no class rather than the
+  fr/fw class; our default classes audit intent (open) not operations (read,
+  write).
+- Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads
+  and writes of sysctls as separate events.  Add additional kernel
+  environment and jail events for FreeBSD.
+- Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER
+  (issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued
+  by the kernel audit implementation) so that they can be distinguished.
+- Disable rate limiting of rotate requests; as the kernel doesn't retransmit
+  a dropped request, the log file will otherwise grow indefinitely if the
+  trigger is dropped.
+- Improve auditd debugging output.
+- Fix a number of threading related bugs in audit_control file reading
+  routines.
+- Add APIs au_poltostr() and au_strtopol() to convert between text
+  representations of audit_control policy flags and the flags passed to
+  auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY).
+- Add API getacpol() to return the 'policy:' entry from audit_control, an
+  extension to the Solaris file format to allow specification of policy
+  persistent flags.
+- Update audump to print the audit_control policy field.
+- Update auditd to read the audit_control policy field and set the kernel
+  policy to match it when configuring/reconfiguring.  Remove the -s and -h
+  arguments as these policies are now set via the configuration file.  If a
+  policy line is not found in the configuration file, continue with the
+  current default of setting AUDIT_CNT.
+- Fix bugs in the parsing of large execve(2) arguments and environmental
+  variable tokens; increase maximum parsed argument and variable count.
+- configure now detects strlcat(), used by policy-related functions.
+- Reference token and record sample files added to test tree.
+
 OpenBSM 1.0 alpha 10
 
 - auditd now generates complete audit records for its events, as required for
@@ -209,4 +243,4 @@ OpenBSM 1.0 alpha 1
   to support reloading of kernel event table.
 - Allow comments in /etc/security configuration files.
 
-$P4: //depot/projects/trustedbsd/openbsm/HISTORY#26 $
+$P4: //depot/projects/trustedbsd/openbsm/HISTORY#33 $
diff --git a/contrib/openbsm/TODO b/contrib/openbsm/TODO
index d30c841..5e0b9c3 100644
--- a/contrib/openbsm/TODO
+++ b/contrib/openbsm/TODO
@@ -17,5 +17,10 @@
   just at the beginning of a record.  This will make it easier to use
   praudit in test suites processing single-token files without header and
   trailer context.
+- Teach auditd how to notify a script when it is done with trail files so
+  that the script can archive them, compress them, delete them, whatever.
+  It should walk any trail files found at startup also, assuming it
+  successfully registers.
+- Put hostname in trail file name.
 
-$P4: //depot/projects/trustedbsd/openbsm/TODO#6 $
+$P4: //depot/projects/trustedbsd/openbsm/TODO#7 $
diff --git a/contrib/openbsm/VERSION b/contrib/openbsm/VERSION
index 8d3fe66..12b10e0 100644
--- a/contrib/openbsm/VERSION
+++ b/contrib/openbsm/VERSION
@@ -1 +1 @@
-OPENBSM_1_0_ALPHA_9
+OPENBSM_1_0_ALPHA_11
diff --git a/contrib/openbsm/bin/audit/audit.c b/contrib/openbsm/bin/audit/audit.c
index e5744f5..c35b167 100644
--- a/contrib/openbsm/bin/audit/audit.c
+++ b/contrib/openbsm/bin/audit/audit.c
@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#6 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#7 $
  */
 /*
  * Program to trigger the audit daemon with a message that is either:
@@ -75,7 +75,7 @@ main(int argc, char **argv)
 		switch(ch) {
 
 		case 'n':
-			trigger = AUDIT_TRIGGER_OPEN_NEW;
+			trigger = AUDIT_TRIGGER_ROTATE_USER;
 			break;
 
 		case 's':
diff --git a/contrib/openbsm/bin/auditd/auditd.8 b/contrib/openbsm/bin/auditd/auditd.8
index 8f054c6..11e45e1 100644
--- a/contrib/openbsm/bin/auditd/auditd.8
+++ b/contrib/openbsm/bin/auditd/auditd.8
@@ -29,7 +29,7 @@
 .\"
 .\" @APPLE_BSD_LICENSE_HEADER_END@
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#8 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#9 $
 .\"
 .Dd January 24, 2004
 .Dt AUDITD 8
@@ -51,14 +51,20 @@ The options are as follows:
 .Bl -tag -width Ds
 .It Fl d
 Starts the daemon in debug mode - it will not daemonize.
-.It Fl h
-Specifies that if auditing cannot be performed as specified, the system should
-halt (panic).  Normally, the system will attempt to proceed - although individual
-processes may be stopped (see the -s option).
-.It Fl s
-Specifies that individual processes should stop rather than perform operations
-that may cause audit records to be lost due to log file full conditions
 .El
+.Pp
+The historical
+.Fl h
+and
+.Fl s
+flags are now configured using
+.Xr audit_control 5
+policy flags
+.Dv ahlt
+and
+.Dv cnt ,
+and are no longer available as arguments to
+.Xr auditd 8 .
 .Sh NOTE
 .Pp
 To assure uninterrupted audit support, the
diff --git a/contrib/openbsm/bin/auditd/auditd.c b/contrib/openbsm/bin/auditd/auditd.c
index 838424e..86cf233 100644
--- a/contrib/openbsm/bin/auditd/auditd.c
+++ b/contrib/openbsm/bin/auditd/auditd.c
@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#18 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#21 $
  */
 
 #include <sys/types.h>
@@ -59,6 +59,7 @@
 #include "auditd.h"
 
 #define	NA_EVENT_STR_SIZE	25
+#define	POL_STR_SIZE		128
 
 static int	 ret, minval;
 static char	*lastfile = NULL;
@@ -67,7 +68,6 @@ static int	 triggerfd = 0;
 static int	 sigchlds, sigchlds_handled;
 static int	 sighups, sighups_handled;
 static int	 sigterms, sigterms_handled;
-static long	 global_flags;
 
 static TAILQ_HEAD(, dir_ent)	dir_q;
 
@@ -160,8 +160,9 @@ close_lastfile(char *TS)
 			*ptr = '.';
 			strcpy(ptr+1, TS);
 			if (rename(oldname, lastfile) != 0)
-				syslog(LOG_ERR, "Could not rename %s to %s",
-				    oldname, lastfile);
+				syslog(LOG_ERR,
+				    "Could not rename %s to %s: %m", oldname,
+				    lastfile);
 			else
 				syslog(LOG_INFO, "renamed %s to %s",
 				    oldname, lastfile);
@@ -286,7 +287,7 @@ swap_audit_file(void)
 		free(dirent->dirname);
 		free(dirent);
 	}
-	syslog(LOG_ERR, "Log directories exhausted\n");
+	syslog(LOG_ERR, "Log directories exhausted");
 	return (-1);
 }
 
@@ -343,7 +344,7 @@ read_control_file(void)
 	 * XXX is generated here?
 	 */
 	if (0 == (ret = getacmin(&minval))) {
-		syslog(LOG_DEBUG, "min free = %d\n", minval);
+		syslog(LOG_DEBUG, "min free = %d", minval);
 		if (auditon(A_GETQCTRL, &qctrl, sizeof(qctrl)) != 0) {
 			syslog(LOG_ERR,
 			    "could not get audit queue settings");
@@ -494,31 +495,65 @@ register_daemon(void)
 }
 
 /*
- * Suppress duplicate messages within a 30 second interval.   This should be
- * enough to time to rotate log files without thrashing from soft warnings
- * generated before the log is actually rotated.
+ * Handle the audit trigger event.
+ *
+ * We suppress (ignore) duplicated triggers in close succession in order to
+ * try to avoid thrashing-like behavior.  However, not all triggers can be
+ * ignored, as triggers generally represent edge triggers, not level
+ * triggers, and won't be retransmitted if the condition persists.  Of
+ * specific concern is the rotate trigger -- if one is dropped, then it will
+ * not be retransmitted, and the log file will grow in an unbounded fashion.
  */
 #define	DUPLICATE_INTERVAL	30
 static void
 handle_audit_trigger(int trigger)
 {
-	static int last_trigger;
+	static int last_trigger, last_warning;
 	static time_t last_time;
 	struct dir_ent *dirent;
-
-	/*
-	 * Suppres duplicate messages from the kernel within the specified
-	 * interval.
-	 */
 	struct timeval ts;
 	struct timezone tzp;
 	time_t tt;
 
+	/*
+	 * Suppress duplicate messages from the kernel within the specified
+	 * interval.
+	 */
 	if (gettimeofday(&ts, &tzp) == 0) {
 		tt = (time_t)ts.tv_sec;
-		if ((trigger == last_trigger) &&
-		    (tt < (last_time + DUPLICATE_INTERVAL)))
-			return;
+		switch (trigger) {
+		case AUDIT_TRIGGER_LOW_SPACE:
+		case AUDIT_TRIGGER_NO_SPACE:
+			/*
+			 * Triggers we can suppress.  Of course, we also need
+			 * to rate limit the warnings, so apply the same
+			 * interval limit on syslog messages.
+			 */
+			if ((trigger == last_trigger) &&
+			    (tt < (last_time + DUPLICATE_INTERVAL))) {
+				if (tt >= (last_warning + DUPLICATE_INTERVAL))
+					syslog(LOG_INFO,
+					    "Suppressing duplicate trigger %d",
+					    trigger);
+				return;
+			}
+			last_warning = tt;
+			break;
+
+		case AUDIT_TRIGGER_ROTATE_KERNEL:
+		case AUDIT_TRIGGER_ROTATE_USER:
+		case AUDIT_TRIGGER_READ_FILE:
+			/*
+			 * Triggers that we cannot suppress.
+			 */
+			break;
+		}
+
+		/*
+		 * Only update last_trigger after aborting due to a duplicate
+		 * trigger, not before, or we will never allow that trigger
+		 * again.
+		 */
 		last_trigger = trigger;
 		last_time = tt;
 	}
@@ -528,7 +563,6 @@ handle_audit_trigger(int trigger)
  	 */
 	dirent = TAILQ_FIRST(&dir_q);
 	switch(trigger) {
-
 	case AUDIT_TRIGGER_LOW_SPACE:
 		syslog(LOG_INFO, "Got low space trigger");
 		if (dirent && (dirent->softlim != 1)) {
@@ -554,7 +588,8 @@ handle_audit_trigger(int trigger)
 		} else {
 			/*
 			 * Continue auditing to the current file.  Also
-			 * generate  an allsoft warning.
+			 * generate an allsoft warning.
+			 *
 			 * XXX do we want to do this ?
 			 */
 			audit_warn_allsoft();
@@ -577,12 +612,14 @@ handle_audit_trigger(int trigger)
 		audit_warn_allhard(++allhardcount);
 		break;
 
-	case AUDIT_TRIGGER_OPEN_NEW:
+	case AUDIT_TRIGGER_ROTATE_KERNEL:
+	case AUDIT_TRIGGER_ROTATE_USER:
 		/*
 		 * Create a new file and swap with the one being used in
 		 * kernel
 		 */
-		syslog(LOG_INFO, "Got open new trigger");
+		syslog(LOG_INFO, "Got open new trigger from %s", trigger ==
+		    AUDIT_TRIGGER_ROTATE_KERNEL ? "kernel" : "user");
 		if (swap_audit_file() == -1)
 			syslog(LOG_ERR, "Error swapping audit file");
 		break;
@@ -656,10 +693,8 @@ wait_for_events(void)
 			syslog(LOG_DEBUG, "%s: SIGTERM", __FUNCTION__);
 			break;
 		}
-		if (sigchlds != sigchlds_handled) {
-			syslog(LOG_DEBUG, "%s: SIGCHLD", __FUNCTION__);
+		if (sigchlds != sigchlds_handled)
 			handle_sigchld();
-		}
 		if (sighups != sighups_handled) {
 			syslog(LOG_DEBUG, "%s: SIGHUP", __FUNCTION__);
 			handle_sighup();
@@ -670,7 +705,6 @@ wait_for_events(void)
 			syslog(LOG_ERR, "%s: read EOF", __FUNCTION__);
 			return (-1);
 		}
-		syslog(LOG_DEBUG, "%s: read %d", __FUNCTION__, trigger);
 		if (trigger == AUDIT_TRIGGER_CLOSE_AND_DIE)
 			break;
 		else
@@ -691,10 +725,13 @@ config_audit_controls(void)
 	au_mask_t aumask;
 	int ctr = 0;
 	char naeventstr[NA_EVENT_STR_SIZE];
+	char polstr[POL_STR_SIZE];
+	long policy;
 
 	/*
 	 * Process the audit event file, obtaining a class mapping for each
 	 * event, and send that mapping into the kernel.
+	 *
 	 * XXX There's a risk here that the BSM library will return NULL
 	 * for an event when it can't properly map it to a class. In that
 	 * case, we will not process any events beyond the one that failed,
@@ -703,10 +740,17 @@ config_audit_controls(void)
 	ev.ae_name = (char *)malloc(AU_EVENT_NAME_MAX);
 	ev.ae_desc = (char *)malloc(AU_EVENT_DESC_MAX);
 	if ((ev.ae_name == NULL) || (ev.ae_desc == NULL)) {
+		if (ev.ae_name != NULL)
+			free(ev.ae_name);
 		syslog(LOG_ERR,
 		    "Memory allocation error when configuring audit controls.");
 		return (-1);
 	}
+
+	/*
+	 * XXXRW: Currently we have no way to remove mappings from the kernel
+	 * when they are removed from the file-based mappings.
+	 */
 	evp = &ev;
 	setauevent();
 	while ((evp = getauevent_r(evp)) != NULL) {
@@ -746,10 +790,21 @@ config_audit_controls(void)
 		    "Failed to obtain non-attributable event mask.");
 
 	/*
-	 * Set the audit policy flags based on passed in parameter values.
+	 * If a policy is configured in audit_control(5), implement the
+	 * policy.  However, if one isn't defined, set AUDIT_CNT to avoid
+	 * leaving the system in a fragile state.
 	 */
-	if (auditon(A_SETPOLICY, &global_flags, sizeof(global_flags)))
-		syslog(LOG_ERR, "Failed to set audit policy.");
+	if ((getacpol(polstr, POL_STR_SIZE) == 0) &&
+	    (au_strtopol(polstr, &policy) == 0)) {
+		if (auditon(A_SETPOLICY, &policy, sizeof(policy)))
+			syslog(LOG_ERR, "Failed to set audit policy: %m");
+	} else {
+		syslog(LOG_ERR, "Failed to obtain policy flags: %m");
+		policy = AUDIT_CNT;
+		if (auditon(A_SETPOLICY, &policy, sizeof(policy)))
+			syslog(LOG_ERR,
+			    "Failed to set default audit policy: %m");
+	}
 
 	return (0);
 }
@@ -826,7 +881,6 @@ main(int argc, char **argv)
 	int debug = 0;
 	int rc;
 
-	global_flags |= AUDIT_CNT;
 	while ((ch = getopt(argc, argv, "dhs")) != -1) {
 		switch(ch) {
 		case 'd':
@@ -834,20 +888,10 @@ main(int argc, char **argv)
 			debug = 1;
 			break;
 
-		case 's':
-			/* Fail-stop option. */
-			global_flags &= ~(AUDIT_CNT);
-			break;
-
-		case 'h':
-			/* Halt-stop option. */
-			global_flags |= AUDIT_AHLT;
-			break;
-
 		case '?':
 		default:
 			(void)fprintf(stderr,
-			    "usage: auditd [-h | -s] [-d] \n");
+			    "usage: auditd [-d] \n");
 			exit(1);
 		}
 	}
diff --git a/contrib/openbsm/bin/auditd/auditd.h b/contrib/openbsm/bin/auditd/auditd.h
index bca6370..11bf9d4 100644
--- a/contrib/openbsm/bin/auditd/auditd.h
+++ b/contrib/openbsm/bin/auditd/auditd.h
@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#5 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#6 $
  */
 
 #ifndef _AUDITD_H_
@@ -61,7 +61,7 @@ struct dir_ent {
 
 #define	HARDLIM_ALL_WARN	"allhard"
 #define	SOFTLIM_ALL_WARN	"allsoft"
-#define	AUDITOFF_WARN		"aditoff"
+#define	AUDITOFF_WARN		"auditoff"
 #define	EBUSY_WARN		"ebusy"
 #define	GETACDIR_WARN		"getacdir"
 #define	HARDLIM_WARN		"hard"
diff --git a/contrib/openbsm/bsm/audit.h b/contrib/openbsm/bsm/audit.h
index d67b853..ad61748 100644
--- a/contrib/openbsm/bsm/audit.h
+++ b/contrib/openbsm/bsm/audit.h
@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#19 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit.h#21 $
  */
 
 #ifndef _BSM_AUDIT_H
@@ -46,18 +46,19 @@
  * Triggers for the audit daemon.
  */
 #define	AUDIT_TRIGGER_MIN		1
-#define	AUDIT_TRIGGER_LOW_SPACE		1
-#define	AUDIT_TRIGGER_OPEN_NEW		2
-#define	AUDIT_TRIGGER_READ_FILE		3
-#define	AUDIT_TRIGGER_CLOSE_AND_DIE	4
-#define	AUDIT_TRIGGER_NO_SPACE		5
-#define	AUDIT_TRIGGER_MAX		5
+#define	AUDIT_TRIGGER_LOW_SPACE		1	/* Below low watermark. */
+#define	AUDIT_TRIGGER_ROTATE_KERNEL	2	/* Kernel requests rotate. */
+#define	AUDIT_TRIGGER_READ_FILE		3	/* Re-read config file. */
+#define	AUDIT_TRIGGER_CLOSE_AND_DIE	4	/* Terminate audit. */
+#define	AUDIT_TRIGGER_NO_SPACE		5	/* Below min free space. */
+#define	AUDIT_TRIGGER_ROTATE_USER	6	/* User requests roate. */
+#define	AUDIT_TRIGGER_MAX		6
 
 /*
- * Special file that will be read for trigger events from the kernel
- * (FreeBSD).
+ * The special device filename (FreeBSD).
  */
-#define	AUDIT_TRIGGER_FILE	"/dev/audit"
+#define	AUDITDEV_FILENAME	"audit"
+#define	AUDIT_TRIGGER_FILE	("/dev/" AUDITDEV_FILENAME)
 
 /*
  * Pre-defined audit IDs
@@ -164,12 +165,12 @@
 #define	AUDIT_PERZONE	0x2000
 
 /*
- * Audit queue control parameters.
+ * Default audit queue control parameters.
  */
 #define	AQ_HIWATER	100
 #define	AQ_MAXHIGH	10000
 #define	AQ_LOWATER	10
-#define	AQ_BUFSZ	1024
+#define	AQ_BUFSZ	MAXAUDITDATA
 #define	AQ_MAXBUFSZ	1048576
 
 /*
diff --git a/contrib/openbsm/bsm/audit_kevents.h b/contrib/openbsm/bsm/audit_kevents.h
index cd55883..ef0f47b 100644
--- a/contrib/openbsm/bsm/audit_kevents.h
+++ b/contrib/openbsm/bsm/audit_kevents.h
@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#40 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#42 $
  */
 
 #ifndef _BSM_AUDIT_KEVENTS_H_
@@ -467,6 +467,9 @@
 #define	AUE_EXTATTR_SET_LINK	43111	/* FreeBSD. */
 #define	AUE_EXTATTR_LIST_LINK	43112	/* FreeBSD. */
 #define	AUE_EXTATTR_DELETE_LINK	43113	/* FreeBSD. */
+#define	AUE_KENV		43114	/* FreeBSD. */
+#define	AUE_JAIL_ATTACH		43115	/* FreeBSD. */
+#define	AUE_SYSCTL_WRITE	43116	/* FreeBSD. */
 
 /*
  * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
diff --git a/contrib/openbsm/bsm/libbsm.h b/contrib/openbsm/bsm/libbsm.h
index 5fea48c..34d9dbc 100644
--- a/contrib/openbsm/bsm/libbsm.h
+++ b/contrib/openbsm/bsm/libbsm.h
@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#27 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/libbsm.h#29 $
  */
 
 #ifndef _LIBBSM_H_
@@ -37,9 +37,6 @@
  * solely to allow OpenSSH to compile; Darwin/Apple code should not use them.
  */
 
-#define	AUDIT_MAX_ARGS	10
-#define	AUDIT_MAX_ENV	10
-
 #include <sys/types.h>
 #include <sys/cdefs.h>
 
@@ -55,13 +52,25 @@
 #include <mach/mach.h>		/* audit_token_t */
 #endif
 
-#define	AU_PRS_SUCCESS	1
-#define	AU_PRS_FAILURE	2
-#define	AU_PRS_BOTH	(AU_PRS_SUCCESS|AU_PRS_FAILURE)
+/*
+ * Size parsed token vectors for execve(2) arguments and environmental
+ * variables.  Note: changing these sizes affects the ABI of the token
+ * structure, and as the token structure is often placed in the caller stack,
+ * this is undesirable.
+ */
+#define	AUDIT_MAX_ARGS	128
+#define	AUDIT_MAX_ENV	128
 
+/*
+ * Arguments to au_preselect(3).
+ */
 #define	AU_PRS_USECACHE	0
 #define	AU_PRS_REREAD	1
 
+#define	AU_PRS_SUCCESS	1
+#define	AU_PRS_FAILURE	2
+#define	AU_PRS_BOTH	(AU_PRS_SUCCESS|AU_PRS_FAILURE)
+
 #define	AUDIT_EVENT_FILE	"/etc/security/audit_event"
 #define	AUDIT_CLASS_FILE	"/etc/security/audit_class"
 #define	AUDIT_CONTROL_FILE	"/etc/security/audit_control"
@@ -71,6 +80,7 @@
 #define	MINFREE_CONTROL_ENTRY	"minfree"
 #define	FLAGS_CONTROL_ENTRY	"flags"
 #define	NA_CONTROL_ENTRY	"naflags"
+#define	POLICY_CONTROL_ENTRY	"policy"
 
 #define	AU_CLASS_NAME_MAX	8
 #define	AU_CLASS_DESC_MAX	72
@@ -711,11 +721,14 @@ int			 getacdir(char *name, int len);
 int			 getacmin(int *min_val);
 int			 getacflg(char *auditstr, int len);
 int			 getacna(char *auditstr, int len);
+int			 getacpol(char *auditstr, size_t len);
 int			 getauditflagsbin(char *auditstr, au_mask_t *masks);
 int			 getauditflagschar(char *auditstr, au_mask_t *masks,
 			    int verbose);
 int			 au_preselect(au_event_t event, au_mask_t *mask_p,
 			    int sorf, int flag);
+ssize_t			 au_poltostr(long policy, size_t maxsize, char *buf);
+int			 au_strtopol(const char *polstr, long *policy);
 
 /*
  * Functions relating to querying audit event information.
diff --git a/contrib/openbsm/compat/strlcat.h b/contrib/openbsm/compat/strlcat.h
new file mode 100644
index 0000000..ba836f8
--- /dev/null
+++ b/contrib/openbsm/compat/strlcat.h
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * dollar OpenBSD: strlcat.c,v 1.2 1999/06/17 16:28:58 millert Exp dollar
+ */
+
+/*
+ * Appends src to string dst of size siz (unlike strncat, siz is the
+ * full size of dst, not space left).  At most siz-1 characters
+ * will be copied.  Always NUL terminates (unless siz <= strlen(dst)).
+ * Returns strlen(src) + MIN(siz, strlen(initial dst)).
+ * If retval >= siz, truncation occurred.
+ */
+static size_t
+strlcat(dst, src, siz)
+	char *dst;
+	const char *src;
+	size_t siz;
+{
+	char *d = dst;
+	const char *s = src;
+	size_t n = siz;
+	size_t dlen;
+
+	/* Find the end of dst and adjust bytes left but don't go past end */
+	while (n-- != 0 && *d != '\0')
+		d++;
+	dlen = d - dst;
+	n = siz - dlen;
+
+	if (n == 0)
+		return(dlen + strlen(s));
+	while (*s != '\0') {
+		if (n != 1) {
+			*d++ = *s;
+			n--;
+		}
+		s++;
+	}
+	*d = '\0';
+
+	return(dlen + (s - src));	/* count does not include NUL */
+}
diff --git a/contrib/openbsm/config/config.h.in b/contrib/openbsm/config/config.h.in
index bc53efc..6daddb4 100644
--- a/contrib/openbsm/config/config.h.in
+++ b/contrib/openbsm/config/config.h.in
@@ -86,6 +86,9 @@
 /* Define to 1 if you have the <string.h> header file. */
 #undef HAVE_STRING_H
 
+/* Define to 1 if you have the `strlcat' function. */
+#undef HAVE_STRLCAT
+
 /* Define to 1 if you have the `strrchr' function. */
 #undef HAVE_STRRCHR
 
diff --git a/contrib/openbsm/configure b/contrib/openbsm/configure
index c6394ad..26af770 100755
--- a/contrib/openbsm/configure
+++ b/contrib/openbsm/configure
@@ -1,7 +1,7 @@
 #! /bin/sh
-# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#28 .
+# From configure.ac P4: //depot/projects/trustedbsd/openbsm/configure.ac#31 .
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a10.
+# Generated by GNU Autoconf 2.59 for OpenBSM 1.0a11.
 #
 # Report bugs to <trustedbsd-audit@TrustesdBSD.org>.
 #
@@ -424,8 +424,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
 # Identity of this package.
 PACKAGE_NAME='OpenBSM'
 PACKAGE_TARNAME='openbsm'
-PACKAGE_VERSION='1.0a10'
-PACKAGE_STRING='OpenBSM 1.0a10'
+PACKAGE_VERSION='1.0a11'
+PACKAGE_STRING='OpenBSM 1.0a11'
 PACKAGE_BUGREPORT='trustedbsd-audit@TrustesdBSD.org'
 
 ac_unique_file="bin/auditreduce/auditreduce.c"
@@ -955,7 +955,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures OpenBSM 1.0a10 to adapt to many kinds of systems.
+\`configure' configures OpenBSM 1.0a11 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1021,7 +1021,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of OpenBSM 1.0a10:";;
+     short | recursive ) echo "Configuration of OpenBSM 1.0a11:";;
    esac
   cat <<\_ACEOF
 
@@ -1162,7 +1162,7 @@ fi
 test -n "$ac_init_help" && exit 0
 if $ac_init_version; then
   cat <<\_ACEOF
-OpenBSM configure 1.0a10
+OpenBSM configure 1.0a11
 generated by GNU Autoconf 2.59
 
 Copyright (C) 2003 Free Software Foundation, Inc.
@@ -1176,7 +1176,7 @@ cat >&5 <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by OpenBSM $as_me 1.0a10, which was
+It was created by OpenBSM $as_me 1.0a11, which was
 generated by GNU Autoconf 2.59.  Invocation command line was
 
   $ $0 $@
@@ -19278,7 +19278,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE=OpenBSM
- VERSION=1.0a10
+ VERSION=1.0a11
 
 
 cat >>confdefs.h <<_ACEOF
@@ -22834,7 +22834,8 @@ done
 
 
 
-for ac_func in bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strrchr strstr strtol strtoul
+
+for ac_func in bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strlcat strrchr strstr strtol strtoul
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
 echo "$as_me:$LINENO: checking for $ac_func" >&5
@@ -23478,7 +23479,7 @@ _ASBOX
 } >&5
 cat >&5 <<_CSEOF
 
-This file was extended by OpenBSM $as_me 1.0a10, which was
+This file was extended by OpenBSM $as_me 1.0a11, which was
 generated by GNU Autoconf 2.59.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -23541,7 +23542,7 @@ _ACEOF
 
 cat >>$CONFIG_STATUS <<_ACEOF
 ac_cs_version="\\
-OpenBSM config.status 1.0a10
+OpenBSM config.status 1.0a11
 configured by $0, generated by GNU Autoconf 2.59,
   with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
 
diff --git a/contrib/openbsm/configure.ac b/contrib/openbsm/configure.ac
index cd708be..8547245 100644
--- a/contrib/openbsm/configure.ac
+++ b/contrib/openbsm/configure.ac
@@ -2,8 +2,8 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.59)
-AC_INIT([OpenBSM], [1.0a10], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
-AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#29 $])
+AC_INIT([OpenBSM], [1.0a11], [trustedbsd-audit@TrustesdBSD.org],[openbsm])
+AC_REVISION([$P4: //depot/projects/trustedbsd/openbsm/configure.ac#31 $])
 AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c])
 AC_CONFIG_AUX_DIR(config)
 AC_CONFIG_HEADER([config/config.h])
@@ -56,7 +56,7 @@ AC_FUNC_MKTIME
 AC_TYPE_SIGNAL
 AC_FUNC_STAT
 AC_FUNC_STRFTIME
-AC_CHECK_FUNCS([bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strrchr strstr strtol strtoul])
+AC_CHECK_FUNCS([bzero clock_gettime ftruncate gettimeofday inet_ntoa memset strchr strerror strlcat strrchr strstr strtol strtoul])
 
 # sys/queue.h exists on most systems, but its capabilities vary a great deal.
 # test for LIST_FIRST and TAILQ_FOREACH_SAFE, which appears to not exist in
diff --git a/contrib/openbsm/etc/audit_control b/contrib/openbsm/etc/audit_control
index fb1ce1a..2db3e1f 100644
--- a/contrib/openbsm/etc/audit_control
+++ b/contrib/openbsm/etc/audit_control
@@ -1,7 +1,8 @@
 #
-# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#3 $
+# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_control#4 $
 #
 dir:/var/audit
 flags:lo
 minfree:20
 naflags:lo
+policy:cnt
diff --git a/contrib/openbsm/etc/audit_event b/contrib/openbsm/etc/audit_event
index ebab4ed..346dff7 100644
--- a/contrib/openbsm/etc/audit_event
+++ b/contrib/openbsm/etc/audit_event
@@ -1,5 +1,5 @@
 #
-# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#12 $
+# $P4: //depot/projects/trustedbsd/openbsm/etc/audit_event#15 $
 #
 0:AUE_NULL:indir system call:no
 1:AUE_EXIT:exit(2):pc
@@ -117,8 +117,8 @@
 113:AUE_SYSTEMBOOT:system booted:na
 114:AUE_ASYNC_DAEMON_EXIT:async_daemon(2) exited:ad
 115:AUE_NFSSVC_EXIT:nfssvc(2) exited:ad
-128:AUE_WRITEL:writel(2):fw
-129:AUE_WRITEVL:writevl(2):fw
+128:AUE_WRITEL:writel(2):no
+129:AUE_WRITEVL:writevl(2):no
 130:AUE_GETAUID:getauid(2):ad
 131:AUE_SETAUID:setauid(2):ad
 132:AUE_GETAUDIT:getaudit(2):ad
@@ -265,7 +265,7 @@
 325:AUE_DARWIN_KDEBUGTRACE:system call:pc
 326:AUE_DARWIN_FSTAT:fstat(2):fa
 327:AUE_DARWIN_FPATHCONF:fpathconf(2):fa
-328:AUE_DARWIN_GETDIRENTRIES:getdirentries(2):fr
+328:AUE_DARWIN_GETDIRENTRIES:getdirentries(2):no
 329:AUE_DARWIN_TRUNCATE:truncate(2):fw
 330:AUE_DARWIN_FTRUNCATE:ftruncate(2):fw
 331:AUE_DARWIN_SYSCTL:sysctl(3):ad
@@ -321,8 +321,8 @@
 43017:AUE_KDEBUGTRACE:system call:pc
 43018:AUE_FSTAT:fstat(2):fa
 43019:AUE_FPATHCONF:fpathconf(2):fa
-43020:AUE_GETDIRENTRIES:getdirentries(2):fr
-43021:AUE_SYSCTL:sysctl(3):ad
+43020:AUE_GETDIRENTRIES:getdirentries(2):no
+43021:AUE_SYSCTL:sysctl(3):ot
 43022:AUE_MLOCK:mlock(2):pc
 43023:AUE_MUNLOCK:munlock(2):pc
 43024:AUE_UNDELETE:undelete(2):fm
@@ -415,6 +415,9 @@
 43111:AUE_EXTATTR_SET_LINK:extattr_set_link(2):fm
 43112:AUE_EXTATTR_LIST_LINK:extattr_list_link(2):fa
 43113:AUE_EXTATTR_DELETE_LINK:extattr_delete_link(2):fm
+43114:AUE_KENV:kenv(8):ad
+43115:AUE_JAIL_ATTACH:jail_attach(2):ad
+43116:AUE_SYSCTL_WRITE:sysctl(3):ad
 #
 # User space system events.
 #
diff --git a/contrib/openbsm/libbsm/au_control.3 b/contrib/openbsm/libbsm/au_control.3
index 0cd66f1..00a551e 100644
--- a/contrib/openbsm/libbsm/au_control.3
+++ b/contrib/openbsm/libbsm/au_control.3
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#3 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#4 $
 .\"
 .Dd April 19, 2005
 .Dt AU_CONTROL 3
@@ -34,7 +34,10 @@
 .Nm getacdir ,
 .Nm getacmin ,
 .Nm getacflg ,
-.Nm getacna
+.Nm getacna ,
+.Nm getacpol ,
+.Nm au_poltostr
+.Nm au_strtopol
 .Nd "Look up information from the audit_control database"
 .Sh LIBRARY
 .Lb libbsm
@@ -52,6 +55,12 @@
 .Fn getacflg "char *auditstr" "int len"
 .Ft int
 .Fn getacna "char *auditstr" "int len"
+.Ft int
+.Fn getacpol "char *auditstr" "size_t len"
+.Ft ssize_t
+.Fn au_poltostr "long policy" "size_t maxsize" "char *buf"
+.Ft int
+.Fn au_strtopol "const char *polstr" "long *policy"
 .Sh DESCRIPTION
 These interfaces may be used to look up information from the
 .Xr audit_control 5
@@ -90,15 +99,42 @@ returns the non-attributable flags via the passed character buffer
 .Va auditstr
 of length
 .Va len .
+.Pp
+.Fn getacpol
+returns the audit policy flags via the passed character buffer
+.Va auditstr
+of length
+.Va len .
+.Pp
+.Fn au_poltostr
+converts a numeric audit policy mask,
+.Va policy ,
+value to a string in the passed character buffer
+.Va buf
+of lenth
+.Va maxsize .
+.Pp
+.Fn au_strtopol
+converts an audit policy flags string,
+.Va polstr ,
+to a numeric audit policy mask returned via
+.Va policy .
 .Sh RETURN VALULES
 .Fn getacdir ,
 .Fn getacmin ,
 .Fn getacflg ,
+.Fn getacna ,
+.Fn getacpol ,
 and
-.Fn getacna
+.Fn au_strtopol
 return 0 on success, or a negative value on failure, along with error
 information in
 .Va errno .
+.Pp
+.Fn au_poltostr
+returns a string length of 0 or more on success, or a negative value on
+if there is a failure.
+.Pp
 Functions that return a string value will return a failure if there is
 insufficient room in the passed character buffer for the full string.
 .Sh SEE ALSO
diff --git a/contrib/openbsm/libbsm/au_open.3 b/contrib/openbsm/libbsm/au_open.3
index 569940e..db9e9b3 100644
--- a/contrib/openbsm/libbsm/au_open.3
+++ b/contrib/openbsm/libbsm/au_open.3
@@ -23,16 +23,17 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#4 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#5 $
 .\"
 .Dd March 4, 2006
 .Dt AU_OPEN 3
 .Os
 .Sh NAME
-.Nm au_open ,
-.Nm au_write ,
 .Nm au_close ,
-.Nm au_close_buffer
+.Nm au_close_buffer ,
+.Nm au_close_token ,
+.Nm au_open ,
+.Nm au_write
 .Nd "Create and commit audit records"
 .Sh LIBRARY
 .Lb libbsm
@@ -120,6 +121,7 @@ return 0 on success, or a negative value on failure, along with error
 information in
 .Va errno .
 .Sh SEE ALSO
+.Xr audit_submit 3 ,
 .Xr libbsm 3
 .Sh AUTHORS
 This software was created by Robert Watson, Wayne Salamon, and Suresh
diff --git a/contrib/openbsm/libbsm/bsm_control.c b/contrib/openbsm/libbsm/bsm_control.c
index 438082b..ba643b2 100644
--- a/contrib/openbsm/libbsm/bsm_control.c
+++ b/contrib/openbsm/libbsm/bsm_control.c
@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2004 Apple Computer, Inc.
+ * Copyright (c) 2006 Robert N. M. Watson
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26,7 +27,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#13 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_control.c#15 $
  */
 
 #include <bsm/libbsm.h>
@@ -37,9 +38,14 @@
 #include <stdio.h>
 #include <stdlib.h>
 
+#include <config/config.h>
+#ifndef HAVE_STRLCAT
+#include <compat/strlcat.h>
+#endif
+
 /*
  * Parse the contents of the audit_control file to return the audit control
- * parameters.
+ * parameters.  These static fields are protected by 'mutex'.
  */
 static FILE	*fp = NULL;
 static char	linestr[AU_LINE_MAX];
@@ -98,21 +104,223 @@ getstrfromtype_locked(char *name, char **str)
 }
 
 /*
+ * Convert a policy to a string.  Return -1 on failure, or >= 0 representing
+ * the actual size of the string placed in the buffer (excluding terminating
+ * nul).
+ */
+ssize_t
+au_poltostr(long policy, size_t maxsize, char *buf)
+{
+	int first;
+
+	if (maxsize < 1)
+		return (-1);
+	first = 1;
+	buf[0] = '\0';
+
+	if (policy & AUDIT_CNT) {
+		if (strlcat(buf, "cnt", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_AHLT) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "ahlt", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_ARGV) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "argv", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_ARGE) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "arge", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_SEQ) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "seq", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_WINDATA) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "windata", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_USER) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "user", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_GROUP) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "group", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_TRAIL) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "trail", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_PATH) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "path", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_SCNT) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "scnt", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_PUBLIC) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "public", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_ZONENAME) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "zonename", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	if (policy & AUDIT_PERZONE) {
+		if (!first) {
+			if (strlcat(buf, ",", maxsize) >= maxsize)
+				return (-1);
+		}
+		if (strlcat(buf, "perzone", maxsize) >= maxsize)
+			return (-1);
+		first = 0;
+	}
+	return (strlen(buf));
+}
+
+/*
+ * Convert a string to a policy.  Return -1 on failure (with errno EINVAL,
+ * ENOMEM) or 0 on success.
+ */
+int
+au_strtopol(const char *polstr, long *policy)
+{
+	char *bufp, *string;
+	char *buffer;
+
+	*policy = 0;
+	buffer = strdup(polstr);
+	if (buffer == NULL)
+		return (-1);
+
+	bufp = buffer;
+	while ((string = strsep(&bufp, ",")) != NULL) {
+		if (strcmp(string, "cnt") == 0)
+			*policy |= AUDIT_CNT;
+		else if (strcmp(string, "ahlt") == 0)
+			*policy |= AUDIT_AHLT;
+		else if (strcmp(string, "argv") == 0)
+			*policy |= AUDIT_ARGV;
+		else if (strcmp(string, "arge") == 0)
+			*policy |= AUDIT_ARGE;
+		else if (strcmp(string, "seq") == 0)
+			*policy |= AUDIT_SEQ;
+		else if (strcmp(string, "winau_fstat") == 0)
+			*policy |= AUDIT_WINDATA;
+		else if (strcmp(string, "user") == 0)
+			*policy |= AUDIT_USER;
+		else if (strcmp(string, "group") == 0)
+			*policy |= AUDIT_GROUP;
+		else if (strcmp(string, "trail") == 0)
+			*policy |= AUDIT_TRAIL;
+		else if (strcmp(string, "path") == 0)
+			*policy |= AUDIT_PATH;
+		else if (strcmp(string, "scnt") == 0)
+			*policy |= AUDIT_SCNT;
+		else if (strcmp(string, "public") == 0)
+			*policy |= AUDIT_PUBLIC;
+		else if (strcmp(string, "zonename") == 0)
+			*policy |= AUDIT_ZONENAME;
+		else if (strcmp(string, "perzone") == 0)
+			*policy |= AUDIT_PERZONE;
+		else {
+			free(buffer);
+			errno = EINVAL;
+			return (-1);
+		}
+	}
+	free(buffer);
+	return (0);
+}
+
+/*
  * Rewind the file pointer to beginning.
  */
-void
-setac(void)
+static void
+setac_locked(void)
 {
 
-	pthread_mutex_lock(&mutex);
 	ptrmoved = 1;
 	if (fp != NULL)
 		fseek(fp, 0, SEEK_SET);
+}
+
+void
+setac(void)
+{
+
+	pthread_mutex_lock(&mutex);
+	setac_locked();
 	pthread_mutex_unlock(&mutex);
 }
 
 /*
- * Close the audit_control file
+ * Close the audit_control file.
  */
 void
 endac(void)
@@ -136,72 +344,54 @@ getacdir(char *name, int len)
 	char *dir;
 	int ret = 0;
 
-	if (name == NULL) {
-		errno = EINVAL;
-		return (-2);
-	}
-
-	pthread_mutex_lock(&mutex);
-
 	/*
-	 * Check if another function was called between
-	 * successive calls to getacdir
+	 * Check if another function was called between successive calls to
+	 * getacdir.
 	 */
+	pthread_mutex_lock(&mutex);
 	if (inacdir && ptrmoved) {
 		ptrmoved = 0;
 		if (fp != NULL)
 			fseek(fp, 0, SEEK_SET);
 		ret = 2;
 	}
-
-
 	if (getstrfromtype_locked(DIR_CONTROL_ENTRY, &dir) < 0) {
 		pthread_mutex_unlock(&mutex);
 		return (-2);
 	}
-
-	pthread_mutex_unlock(&mutex);
-
-	if (dir == NULL)
+	if (dir == NULL) {
+		pthread_mutex_unlock(&mutex);
 		return (-1);
-
-	if (strlen(dir) >= len)
+	}
+	if (strlen(dir) >= len) {
+		pthread_mutex_unlock(&mutex);
 		return (-3);
-
+	}
 	strcpy(name, dir);
-
+	pthread_mutex_unlock(&mutex);
 	return (ret);
 }
 
 /*
- * Return the minimum free diskspace value from the audit control file
+ * Return the minimum free diskspace value from the audit control file.
  */
 int
 getacmin(int *min_val)
 {
 	char *min;
 
-	setac();
-
-	if (min_val == NULL) {
-		errno = EINVAL;
-		return (-2);
-	}
-
 	pthread_mutex_lock(&mutex);
-
+	setac_locked();
 	if (getstrfromtype_locked(MINFREE_CONTROL_ENTRY, &min) < 0) {
 		pthread_mutex_unlock(&mutex);
 		return (-2);
 	}
-
-	pthread_mutex_unlock(&mutex);
-
-	if (min == NULL)
+	if (min == NULL) {
+		pthread_mutex_unlock(&mutex);
 		return (1);
-
+	}
 	*min_val = atoi(min);
-
+	pthread_mutex_unlock(&mutex);
 	return (0);
 }
 
@@ -213,30 +403,22 @@ getacflg(char *auditstr, int len)
 {
 	char *str;
 
-	setac();
-
-	if (auditstr == NULL) {
-		errno = EINVAL;
-		return (-2);
-	}
-
 	pthread_mutex_lock(&mutex);
-
+	setac_locked();
 	if (getstrfromtype_locked(FLAGS_CONTROL_ENTRY, &str) < 0) {
 		pthread_mutex_unlock(&mutex);
 		return (-2);
 	}
-
-	pthread_mutex_unlock(&mutex);
-
-	if (str == NULL)
+	if (str == NULL) {
+		pthread_mutex_unlock(&mutex);
 		return (1);
-
-	if (strlen(str) >= len)
+	}
+	if (strlen(str) >= len) {
+		pthread_mutex_unlock(&mutex);
 		return (-3);
-
+	}
 	strcpy(auditstr, str);
-
+	pthread_mutex_unlock(&mutex);
 	return (0);
 }
 
@@ -248,28 +430,47 @@ getacna(char *auditstr, int len)
 {
 	char *str;
 
-	setac();
-
-	if (auditstr == NULL) {
-		errno = EINVAL;
-		return (-2);
-	}
-
 	pthread_mutex_lock(&mutex);
-
+	setac_locked();
 	if (getstrfromtype_locked(NA_CONTROL_ENTRY, &str) < 0) {
 		pthread_mutex_unlock(&mutex);
 		return (-2);
 	}
-	pthread_mutex_unlock(&mutex);
-
-	if (str == NULL)
+	if (str == NULL) {
+		pthread_mutex_unlock(&mutex);
 		return (1);
-
-	if (strlen(str) >= len)
+	}
+	if (strlen(str) >= len) {
+		pthread_mutex_unlock(&mutex);
 		return (-3);
-
+	}
 	strcpy(auditstr, str);
+	return (0);
+}
+
+/*
+ * Return the policy field from the audit control file.
+ */
+int
+getacpol(char *auditstr, size_t len)
+{
+	char *str;
 
+	pthread_mutex_lock(&mutex);
+	setac_locked();
+	if (getstrfromtype_locked(POLICY_CONTROL_ENTRY, &str) < 0) {
+		pthread_mutex_unlock(&mutex);
+		return (-2);
+	}
+	if (str == NULL) {
+		pthread_mutex_unlock(&mutex);
+		return (-1);
+	}
+	if (strlen(str) >= len) {
+		pthread_mutex_unlock(&mutex);
+		return (-3);
+	}
+	strcpy(auditstr, str);
+	pthread_mutex_unlock(&mutex);
 	return (0);
 }
diff --git a/contrib/openbsm/libbsm/bsm_io.c b/contrib/openbsm/libbsm/bsm_io.c
index 30639e6..2587735 100644
--- a/contrib/openbsm/libbsm/bsm_io.c
+++ b/contrib/openbsm/libbsm/bsm_io.c
@@ -31,7 +31,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#40 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#41 $
  */
 
 #include <sys/types.h>
@@ -1190,7 +1190,8 @@ fetch_execarg_tok(tokenstr_t *tok, char *buf, int len)
 
 	for (i = 0; i < tok->tt.execarg.count; i++) {
 		bptr = buf + tok->len;
-		tok->tt.execarg.text[i] = bptr;
+		if (i < AUDIT_MAX_ARGS)
+			tok->tt.execarg.text[i] = bptr;
 
 		/* Look for a null terminated string. */
 		while (bptr && (*bptr != '\0')) {
@@ -1202,6 +1203,8 @@ fetch_execarg_tok(tokenstr_t *tok, char *buf, int len)
 			return (-1);
 		tok->len++; /* \0 character */
 	}
+	if (tok->tt.execarg.count > AUDIT_MAX_ARGS)
+		tok->tt.execarg.count = AUDIT_MAX_ARGS;
 
 	return (0);
 }
@@ -1235,9 +1238,10 @@ fetch_execenv_tok(tokenstr_t *tok, char *buf, int len)
 	if (err)
 		return (-1);
 
-	for (i = 0; i< tok->tt.execenv.count; i++) {
+	for (i = 0; i < tok->tt.execenv.count; i++) {
 		bptr = buf + tok->len;
-		tok->tt.execenv.text[i] = bptr;
+		if (i < AUDIT_MAX_ENV)
+			tok->tt.execenv.text[i] = bptr;
 
 		/* Look for a null terminated string. */
 		while (bptr && (*bptr != '\0')) {
@@ -1249,6 +1253,8 @@ fetch_execenv_tok(tokenstr_t *tok, char *buf, int len)
 			return (-1);
 		tok->len++; /* \0 character */
 	}
+	if (tok->tt.execenv.count > AUDIT_MAX_ENV)
+		tok->tt.execenv.count = AUDIT_MAX_ENV;
 
 	return (0);
 }
diff --git a/contrib/openbsm/libbsm/bsm_token.c b/contrib/openbsm/libbsm/bsm_token.c
index f90cbc9..fecbeb8 100644
--- a/contrib/openbsm/libbsm/bsm_token.c
+++ b/contrib/openbsm/libbsm/bsm_token.c
@@ -30,7 +30,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#51 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#52 $
  */
 
 #include <sys/types.h>
@@ -71,7 +71,6 @@
 #include <string.h>
 #include <stdlib.h>
 #include <unistd.h>
-#include <sys/socketvar.h>
 
 #include <bsm/audit_internal.h>
 #include <bsm/libbsm.h>
diff --git a/contrib/openbsm/libbsm/libbsm.3 b/contrib/openbsm/libbsm/libbsm.3
index df0c3c1..3d9aadd 100644
--- a/contrib/openbsm/libbsm/libbsm.3
+++ b/contrib/openbsm/libbsm/libbsm.3
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#5 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#7 $
 .\"
 .Dd April 19, 2005
 .Dt LIBBSM 3
@@ -55,15 +55,18 @@ These are described respectively in the
 .Xr au_notify 3 ,
 .Xr au_stream 3 ,
 .Xr au_token 3 ,
+and
 .Xr au_user 3
-man pages.
+manual pages.
 .Ss Audit Event Stream Interfaces
 Audit event stream interfaces support interaction with file-backed audit
 event streams:
-.Xr au_close 3 .
+.Xr au_close 3 ,
+.Xr au_close_buffer 3 ,
 .Xr au_free_token 3 ,
 .Xr au_open 3 ,
 .Xr au_write 3 ,
+.Xr audit_submit 3 .
 .Ss Audit Class Interfaces
 Audit class interfaces support the look up of information from the
 .Xr audit_class 5
@@ -83,7 +86,10 @@ database:
 .Xr getacdir 3 ,
 .Xr getacflg 3 ,
 .Xr getacmin 3 ,
-.Xr getacna 3 .
+.Xr getacna 3 ,
+.Xr getacpol 3 ,
+.Xr au_poltostr 3 ,
+.Xr au_strtopol 3 .
 .Ss Audit Event Interfaces
 Audit event interfaces support the look up of information from the
 .Xr audit_event 5
@@ -188,6 +194,7 @@ database:
 .Xr au_stream 3 ,
 .Xr au_token 3 ,
 .Xr au_user 3 ,
+.Xr audit_submit 3 ,
 .Xr audit_class 5 ,
 .Xr audit_control 5
 .Sh AUTHORS
diff --git a/contrib/openbsm/man/audit_control.5 b/contrib/openbsm/man/audit_control.5
index dd39afc..edd38bb 100644
--- a/contrib/openbsm/man/audit_control.5
+++ b/contrib/openbsm/man/audit_control.5
@@ -25,7 +25,7 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#9 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#11 $
 .\"
 .Dd January 4, 2006
 .Dt AUDIT_CONTROL 5
@@ -63,6 +63,9 @@ an action cannot be attributed to a specific user.
 The minimum free space required on the file system audit logs are being written to.
 When the free space falls below this limit a warning will be issued.
 Not currently used as the value of 20 percent is chosen by the kernel.
+.It Va policy
+A list of global audit policy flags specifying various behaviors, such as
+fail stop, auditing of paths and arguments, etc.
 .El
 .Sh AUDIT FLAGS
 Audit flags are a comma-delimited list of audit classes as defined in the
@@ -86,6 +89,53 @@ Do not record successful events
 .It ^-
 Do not record failed events
 .El
+.Sh AUDIT POLICY FLAGS
+The policy flags field is a comma-delimited list of policy flags from the
+following list:
+.Pp
+.Bl -tag -width zonename -compact -offset indent
+.It cnt
+Allow processes to continue running even though events are not being audited.
+If not set, processes will be suspended when the audit store space is
+exhausted.
+Currently, this is not a recoverable state.
+.It ahlt
+Fail stop the system if unable to audit an event--this consists of first
+draining pending records to disk, and then halting the operating system.
+.It argv
+Audit command line arguments to
+.Xr execve 2 .
+.It arge
+Audit environmental variable arguments to
+.Xr execve 2 .
+.It seq
+Include a unique audit sequence number token in generated audit records (not
+implemented on FreeBSD or Darwin).
+.It group
+Include supplementary groups list in generated audit records (not implemented
+on FreeBSD or Darwin; supplementary groups are never included in records on
+these systems).
+.It trail
+Append a trailer token to each audit record (not implemented on FreeBSD or
+Darwin; trailers are always included in records on these systems).
+.It path
+Include secondary file paths in audit records (not implemented on FreeBSD or
+Darwin; secondary paths are never included in records on these systems).
+.It zonename
+Include a zone ID token with each audit record (not implemented on FreeBSD or
+Darwin; FreeBSD audit records do not currently include the jail ID or name.)
+.It perzone
+Enable auditing for each local zone (not implemented on FreeBSD or Darwin; on
+FreeBSD, audit records are collected from all jails and placed in a single
+global trail, and only limited audit controls are permitted within a jail.)
+.El
+.Pp
+It is recommended that installations set the
+.Dv cnt
+flag but not
+.Dv ahlt
+flag unless it is intended that audit logs exceeding available disk space
+halt the system.
 .Sh DEFAULT
 The following settings appear in the default
 .Nm
@@ -95,12 +145,18 @@ dir:/var/audit
 flags:lo
 minfree:20
 naflags:lo
+policy:cnt
 .Ed
 .Pp
 The
 .Va flags
 parameter above specifies the system-wide mask corresponding to login/logout
 events.
+The
+.Va policy
+parameter specifies that the system should neither fail stop nor suspend
+processes when the audit store fills.
+will be audited.
 .Sh FILES
 .Bl -tag -width "/etc/security/audit_control" -compact
 .It Pa /etc/security/audit_control
diff --git a/contrib/openbsm/man/auditon.2 b/contrib/openbsm/man/auditon.2
index 9dedbba..04eb775 100644
--- a/contrib/openbsm/man/auditon.2
+++ b/contrib/openbsm/man/auditon.2
@@ -25,7 +25,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#7 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#8 $
 .\"
 .Dd April 19, 2005
 .Dt AUDITON 2
@@ -192,7 +192,7 @@ structure. The
 field will be set to the maximum audit log file size.
 A value of 0 indicates no limit to the size.
 The
-.Ft af_filesz
+.Ft af_currsz
 will be set to the current audit log file size.
 .It Dv A_GETCWD
 .\" [COMMENTED OUT]: Valid description, not yet implemented.
diff --git a/contrib/openbsm/test/reference/arg32_record b/contrib/openbsm/test/reference/arg32_record
new file mode 100644
index 0000000..744dbcf
--- /dev/null
+++ b/contrib/openbsm/test/reference/arg32_record
diff --git a/contrib/openbsm/test/reference/arg32_token b/contrib/openbsm/test/reference/arg32_token
new file mode 100644
index 0000000..3401aa1
--- /dev/null
+++ b/contrib/openbsm/test/reference/arg32_token
diff --git a/contrib/openbsm/test/reference/data_record b/contrib/openbsm/test/reference/data_record
new file mode 100644
index 0000000..ffb3ff6
--- /dev/null
+++ b/contrib/openbsm/test/reference/data_record
diff --git a/contrib/openbsm/test/reference/data_token b/contrib/openbsm/test/reference/data_token
new file mode 100644
index 0000000..e000b8a
--- /dev/null
+++ b/contrib/openbsm/test/reference/data_token
diff --git a/contrib/openbsm/test/reference/file_record b/contrib/openbsm/test/reference/file_record
new file mode 100644
index 0000000..4be1f40
--- /dev/null
+++ b/contrib/openbsm/test/reference/file_record
diff --git a/contrib/openbsm/test/reference/file_token b/contrib/openbsm/test/reference/file_token
new file mode 100644
index 0000000..8b6daa6
--- /dev/null
+++ b/contrib/openbsm/test/reference/file_token
diff --git a/contrib/openbsm/test/reference/header32_token b/contrib/openbsm/test/reference/header32_token
new file mode 100644
index 0000000..dd72c1c
--- /dev/null
+++ b/contrib/openbsm/test/reference/header32_token
diff --git a/contrib/openbsm/test/reference/in_addr_record b/contrib/openbsm/test/reference/in_addr_record
new file mode 100644
index 0000000..0421f88
--- /dev/null
+++ b/contrib/openbsm/test/reference/in_addr_record
diff --git a/contrib/openbsm/test/reference/in_addr_token b/contrib/openbsm/test/reference/in_addr_token
new file mode 100644
index 0000000..56b32a7
--- /dev/null
+++ b/contrib/openbsm/test/reference/in_addr_token
@@ -0,0 +1 @@
+*��d
+\ No newline at end of file
diff --git a/contrib/openbsm/test/reference/ip_record b/contrib/openbsm/test/reference/ip_record
new file mode 100644
index 0000000..2249844
--- /dev/null
+++ b/contrib/openbsm/test/reference/ip_record
diff --git a/contrib/openbsm/test/reference/ip_token b/contrib/openbsm/test/reference/ip_token
new file mode 100644
index 0000000..96572a4
--- /dev/null
+++ b/contrib/openbsm/test/reference/ip_token
diff --git a/contrib/openbsm/test/reference/ipc_record b/contrib/openbsm/test/reference/ipc_record
new file mode 100644
index 0000000..43eabb4
--- /dev/null
+++ b/contrib/openbsm/test/reference/ipc_record
diff --git a/contrib/openbsm/test/reference/ipc_token b/contrib/openbsm/test/reference/ipc_token
new file mode 100644
index 0000000..7d7690b
--- /dev/null
+++ b/contrib/openbsm/test/reference/ipc_token
@@ -0,0 +1 @@
+"4Vx
+\ No newline at end of file
diff --git a/contrib/openbsm/test/reference/iport_record b/contrib/openbsm/test/reference/iport_record
new file mode 100644
index 0000000..228e8fe
--- /dev/null
+++ b/contrib/openbsm/test/reference/iport_record
diff --git a/contrib/openbsm/test/reference/iport_token b/contrib/openbsm/test/reference/iport_token
new file mode 100644
index 0000000..0225a76
--- /dev/null
+++ b/contrib/openbsm/test/reference/iport_token
diff --git a/contrib/openbsm/test/reference/opaque_record b/contrib/openbsm/test/reference/opaque_record
new file mode 100644
index 0000000..7763817
--- /dev/null
+++ b/contrib/openbsm/test/reference/opaque_record
diff --git a/contrib/openbsm/test/reference/opaque_token b/contrib/openbsm/test/reference/opaque_token
new file mode 100644
index 0000000..02460d3
--- /dev/null
+++ b/contrib/openbsm/test/reference/opaque_token
diff --git a/contrib/openbsm/test/reference/path_record b/contrib/openbsm/test/reference/path_record
new file mode 100644
index 0000000..e85e384
--- /dev/null
+++ b/contrib/openbsm/test/reference/path_record
diff --git a/contrib/openbsm/test/reference/path_token b/contrib/openbsm/test/reference/path_token
new file mode 100644
index 0000000..18d8eef
--- /dev/null
+++ b/contrib/openbsm/test/reference/path_token
diff --git a/contrib/openbsm/test/reference/process32_record b/contrib/openbsm/test/reference/process32_record
new file mode 100644
index 0000000..b6a0a77
--- /dev/null
+++ b/contrib/openbsm/test/reference/process32_record
diff --git a/contrib/openbsm/test/reference/process32_token b/contrib/openbsm/test/reference/process32_token
new file mode 100644
index 0000000..a58adad
--- /dev/null
+++ b/contrib/openbsm/test/reference/process32_token
diff --git a/contrib/openbsm/test/reference/process32ex_record b/contrib/openbsm/test/reference/process32ex_record
new file mode 100644
index 0000000..aa2cb56
--- /dev/null
+++ b/contrib/openbsm/test/reference/process32ex_record
diff --git a/contrib/openbsm/test/reference/process32ex_token b/contrib/openbsm/test/reference/process32ex_token
new file mode 100644
index 0000000..ba84a2a
--- /dev/null
+++ b/contrib/openbsm/test/reference/process32ex_token
diff --git a/contrib/openbsm/test/reference/return32_record b/contrib/openbsm/test/reference/return32_record
new file mode 100644
index 0000000..f4a6a5b
--- /dev/null
+++ b/contrib/openbsm/test/reference/return32_record
diff --git a/contrib/openbsm/test/reference/return32_token b/contrib/openbsm/test/reference/return32_token
new file mode 100644
index 0000000..e7a2098
--- /dev/null
+++ b/contrib/openbsm/test/reference/return32_token
@@ -0,0 +1 @@
+'�4Vx
+\ No newline at end of file
diff --git a/contrib/openbsm/test/reference/seq_record b/contrib/openbsm/test/reference/seq_record
new file mode 100644
index 0000000..576c112
--- /dev/null
+++ b/contrib/openbsm/test/reference/seq_record
diff --git a/contrib/openbsm/test/reference/seq_token b/contrib/openbsm/test/reference/seq_token
new file mode 100644
index 0000000..99b51cf
--- /dev/null
+++ b/contrib/openbsm/test/reference/seq_token
@@ -0,0 +1 @@
+/4Vx
+\ No newline at end of file
diff --git a/contrib/openbsm/test/reference/subject32_record b/contrib/openbsm/test/reference/subject32_record
new file mode 100644
index 0000000..9978e5d
--- /dev/null
+++ b/contrib/openbsm/test/reference/subject32_record
diff --git a/contrib/openbsm/test/reference/subject32_token b/contrib/openbsm/test/reference/subject32_token
new file mode 100644
index 0000000..2263fe5
--- /dev/null
+++ b/contrib/openbsm/test/reference/subject32_token
diff --git a/contrib/openbsm/test/reference/subject32ex_record b/contrib/openbsm/test/reference/subject32ex_record
new file mode 100644
index 0000000..ca28be4
--- /dev/null
+++ b/contrib/openbsm/test/reference/subject32ex_record
diff --git a/contrib/openbsm/test/reference/subject32ex_token-IPv4 b/contrib/openbsm/test/reference/subject32ex_token-IPv4
new file mode 100644
index 0000000..0eaa71b
--- /dev/null
+++ b/contrib/openbsm/test/reference/subject32ex_token-IPv4
diff --git a/contrib/openbsm/test/reference/subject32ex_token-IPv6 b/contrib/openbsm/test/reference/subject32ex_token-IPv6
new file mode 100644
index 0000000..99202b1
--- /dev/null
+++ b/contrib/openbsm/test/reference/subject32ex_token-IPv6
diff --git a/contrib/openbsm/test/reference/text_record b/contrib/openbsm/test/reference/text_record
new file mode 100644
index 0000000..3bc9db7
--- /dev/null
+++ b/contrib/openbsm/test/reference/text_record
diff --git a/contrib/openbsm/test/reference/text_token b/contrib/openbsm/test/reference/text_token
new file mode 100644
index 0000000..12d5819
--- /dev/null
+++ b/contrib/openbsm/test/reference/text_token
diff --git a/contrib/openbsm/test/reference/trailer_token b/contrib/openbsm/test/reference/trailer_token
new file mode 100644
index 0000000..138e0b3
--- /dev/null
+++ b/contrib/openbsm/test/reference/trailer_token
@@ -0,0 +1 @@
+�4Vx
+\ No newline at end of file
diff --git a/contrib/openbsm/test/samples/execve-long-args.trail b/contrib/openbsm/test/samples/execve-long-args.trail
new file mode 100644
index 0000000..0ad3af0
--- /dev/null
+++ b/contrib/openbsm/test/samples/execve-long-args.trail
diff --git a/contrib/openbsm/tools/audump.c b/contrib/openbsm/tools/audump.c
index 82515a8..c591772 100644
--- a/contrib/openbsm/tools/audump.c
+++ b/contrib/openbsm/tools/audump.c
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2005 Robert N. M. Watson
+ * Copyright (c) 2005-2006 Robert N. M. Watson
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -23,7 +23,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/tools/audump.c#5 $
+ * $P4: //depot/projects/trustedbsd/openbsm/tools/audump.c#6 $
  */
 
 #include <bsm/libbsm.h>
@@ -77,8 +77,9 @@ audump_class_r(void)
 static void
 audump_control(void)
 {
-	char string[PATH_MAX];
+	char string[PATH_MAX], string2[PATH_MAX];
 	int ret, val;
+	long policy;
 
 	ret = getacflg(string, PATH_MAX);
 	if (ret == -2)
@@ -116,6 +117,15 @@ audump_control(void)
 		printf("dir:%s\n", string);
 
 	} while (ret == 0);
+
+	ret = getacpol(string, PATH_MAX);
+	if (ret != 0)
+		err(-1, "getacpol");
+	if (au_strtopol(string, &policy) < 0)
+		err(-1, "au_strtopol");
+	if (au_poltostr(policy, string2, PATH_MAX) < 0)
+		err(-1, "au_poltostr");
+	printf("policy:%s\n", string2);
 }
 
 static void