Vendor branch import of OpenBSM 1.0 alpha 3:vendor/openbsm/1.0-ALPHA-3

- Man page formatting, cross reference, mlinks, and accuracy improvements.
- auditd and tools now compile and run on FreeBSD/arm.
- auditd will now fchown() the trail file to the audit review group, if
  defined at compile-time.
- Added AUE_SYSARCH for FreeBSD.
- Definition of AUE_SETFSGID fixed for Linux.

Many thanks to:	brueffer, cognet
Obtained from:	TrustedBSD Project

32 files changed, 256 insertions, 152 deletions

diff --git a/contrib/openbsm/CHANGELOG b/contrib/openbsm/CHANGELOG
index 1bb08f39e1c1..d9fe34bf41c1 100644
--- a/contrib/openbsm/CHANGELOG
+++ b/contrib/openbsm/CHANGELOG
@@ -1,3 +1,12 @@
+OpenBSM 1.0 alpha 3
+
+- Man page formatting, cross reference, mlinks, and accuracy improvements.
+- auditd and tools now compile and run on FreeBSD/arm.
+- auditd will now fchown() the trail file to the audit review group, if
+  defined at compile-time.
+- Added AUE_SYSARCH for FreeBSD.
+- Definition of AUE_SETFSGID fixed for Linux.
+
 OpenBSM 1.0 alpha 2
 
 - Man page formatting improvements.
@@ -71,5 +80,6 @@ OpenBSM 1.0 alpha 1
 - Annotate BSM events with origin OS and compatibility information.
 - auditd(8), audit(8) added to the OpenBSM distribution.  auditd extended
   to support reloading of kernel event table.
+- Allow comments in /etc/security configuration files.
 
-$P4: //depot/projects/trustedbsd/openbsm/CHANGELOG#7 $
+$P4: //depot/projects/trustedbsd/openbsm/CHANGELOG#10 $
diff --git a/contrib/openbsm/README b/contrib/openbsm/README
index 60877a6fc59d..8ea315dae272 100644
--- a/contrib/openbsm/README
+++ b/contrib/openbsm/README
@@ -62,6 +62,8 @@ to the development of OpenBSM:
     Wojciech Koszek
     Chunyang Yuan
     Poul-Henning Kamp
+    Christian Brueffer
+    Olivier Houchard
 
 In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
 Software's FlexeLint tool were used to identify a number of bugs in the
@@ -83,4 +85,4 @@ Information on TrustedBSD may be found on the TrustedBSD home page:
 
     http://www.TrustedBSD.org/
 
-$P4: //depot/projects/trustedbsd/openbsm/README#11 $
+$P4: //depot/projects/trustedbsd/openbsm/README#13 $
diff --git a/contrib/openbsm/VERSION b/contrib/openbsm/VERSION
index ca87319c3c32..ed079c08d60a 100644
--- a/contrib/openbsm/VERSION
+++ b/contrib/openbsm/VERSION
@@ -1 +1 @@
-OPENBSM_1_0_ALPHA_2
+OPENBSM_1_0_ALPHA_3
diff --git a/contrib/openbsm/bin/audit/audit.8 b/contrib/openbsm/bin/audit/audit.8
index 4883826ce094..1d490f54e680 100644
--- a/contrib/openbsm/bin/audit/audit.8
+++ b/contrib/openbsm/bin/audit/audit.8
@@ -29,9 +29,9 @@
 .\" 
 .\" @APPLE_BSD_LICENSE_HEADER_END@
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#4 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.8#6 $
 .\"
-.Dd Jan 24, 2004
+.Dd January 24, 2004
 .Dt AUDIT 8
 .Os
 .Sh NAME
@@ -48,7 +48,7 @@ utility controls the state of the audit system.
 The optional
 .Ar file
 operand specifies the location of the audit control input file (default
-.Pa /etc/security/audit_control ).
+.Pa /etc/security/audit_control ) .
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
@@ -65,15 +65,17 @@ Log files are closed
 and renamed to indicate the time of the shutdown.
 .El
 .Sh NOTES
-The auditd(8) daemon must already be running.
+The
+.Xr auditd 8
+daemon must already be running.
 .Sh FILES
 .Bl -tag -width "/etc/security/audit_control" -compact
 .It Pa /etc/security/audit_control
 Default audit policy file used to configure the auditing system.
 .El
 .Sh SEE ALSO
+.Xr audit_control 5 ,
 .Xr auditd 8
-.Xr audit_control 5
 .Sh AUTHORS
 This software was created by McAfee Research, the security research division
 of McAfee, Inc., under contract to Apple Computer Inc.
diff --git a/contrib/openbsm/bin/audit/audit.c b/contrib/openbsm/bin/audit/audit.c
index 7be9c8c4521b..faf0a7e70f68 100644
--- a/contrib/openbsm/bin/audit/audit.c
+++ b/contrib/openbsm/bin/audit/audit.c
@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#2 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/audit/audit.c#4 $
  */
 /*
  * Program to trigger the audit daemon with a message that is either:
@@ -65,7 +65,7 @@ usage(void)
 int
 main(int argc, char **argv)
 {
-	char ch;
+	int ch;
 	unsigned int trigger = 0;
 
 	if (argc != 2)
diff --git a/contrib/openbsm/bin/auditd/auditd.8 b/contrib/openbsm/bin/auditd/auditd.8
index 18515da7a07d..8f054c6fc0bb 100644
--- a/contrib/openbsm/bin/auditd/auditd.8
+++ b/contrib/openbsm/bin/auditd/auditd.8
@@ -29,9 +29,9 @@
 .\"
 .\" @APPLE_BSD_LICENSE_HEADER_END@
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#6 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.8#8 $
 .\"
-.Dd Jan 24, 2004
+.Dd January 24, 2004
 .Dt AUDITD 8
 .Os
 .Sh NAME
@@ -63,9 +63,14 @@ that may cause audit records to be lost due to log file full conditions
 .Pp
 To assure uninterrupted audit support, the
 .Nm auditd
-daemon should not be started and stopped manually.  Instead, the audit(1) command
+daemon should not be started and stopped manually.
+Instead, the
+.Xr audit 8
+command
 should be used to inform the daemon to change state/configuration after altering
-the audit_control file.
+the
+.Pa audit_control
+file.
 .Pp
 .\" Sending a SIGHUP to a running
 .\" .Nm auditd
diff --git a/contrib/openbsm/bin/auditd/auditd.c b/contrib/openbsm/bin/auditd/auditd.c
index b25c9ecc2a44..893e97215490 100644
--- a/contrib/openbsm/bin/auditd/auditd.c
+++ b/contrib/openbsm/bin/auditd/auditd.c
@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#8 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.c#11 $
  */
 
 #include <sys/dirent.h>
@@ -46,6 +46,7 @@
 
 #include <errno.h>
 #include <fcntl.h>
+#include <grp.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
@@ -171,6 +172,34 @@ close_lastfile(char *TS)
 }
 
 /*
+ * Create the new audit file with appropriate permissions and ownership.  Try
+ * to clean up if something goes wrong.
+ */
+static int
+#ifdef AUDIT_REVIEW_GROUP
+open_trail(const char *fname, uid_t uid, gid_t gid)
+#else
+open_trail(const char *fname)
+#endif
+{
+	int error, fd;
+
+	fd = open(fname, O_RDONLY | O_CREAT, S_IRUSR | S_IRGRP);
+	if (fd < 0)
+		return (-1);
+#ifdef AUDIT_REVIEW_GROUP
+	if (fchown(fd, uid, gid) < 0) {
+		error = errno;
+		close(fd);
+		(void)unlink(fname);
+		errno = error;
+		return (-1);
+	}
+#endif
+	return (fd);
+}
+
+/*
  * Create the new file name, swap with existing audit file.
  */
 static int
@@ -180,7 +209,12 @@ swap_audit_file(void)
 	char *fn;
 	char TS[POSTFIX_LEN];
 	struct dir_ent *dirent;
-	int fd;
+#ifdef AUDIT_REVIEW_GROUP
+	struct group *grp;
+	gid_t gid;
+	uid_t uid;
+#endif
+	int error, fd;
 
 	if (getTSstr(TS, POSTFIX_LEN) != 0)
 		return (-1);
@@ -188,6 +222,22 @@ swap_audit_file(void)
 	strcpy(timestr, TS);
 	strcat(timestr, NOT_TERMINATED);
 
+#ifdef AUDIT_REVIEW_GROUP
+	/*
+	 * XXXRW: Currently, this code falls back to the daemon gid, which is
+	 * likely the wheel group.  Is there a better way to deal with this?
+	 */
+	grp = getgrnam(AUDIT_REVIEW_GROUP);
+	if (grp == NULL) {
+		syslog(LOG_INFO,
+		    "Audit review group '%s' not available, using daemon gid",
+		    AUDIT_REVIEW_GROUP);
+		gid = -1;
+	} else
+		gid = grp->gr_gid;
+	uid = getuid();
+#endif
+
 	/* Try until we succeed. */
 	while ((dirent = TAILQ_FIRST(&dir_q))) {
 		if ((fn = affixdir(timestr, dirent)) == NULL) {
@@ -201,20 +251,27 @@ swap_audit_file(void)
 		 * kernel if all went well.
 		 */
 		syslog(LOG_INFO, "New audit file is %s\n", fn);
-		fd = open(fn, O_RDONLY | O_CREAT, S_IRUSR | S_IRGRP);
+#ifdef AUDIT_REVIEW_GROUP
+		fd = open_trail(fn, uid, gid);
+#else
+		fd = open_trail(fn);
+#endif
 		if (fd < 0)
-			perror("File open");
-		else if (auditctl(fn) != 0) {
-			syslog(LOG_ERR,
-			    "auditctl failed setting log file! : %s\n",
-			    strerror(errno));
-			close(fd);
-		} else {
-			/* Success. */
-			close_lastfile(TS);
-			lastfile = fn;
-			close(fd);
-			return (0);
+			warn("open(%s)", fn);
+		if (fd >= 0) {
+			error = auditctl(fn);
+			if (error) {
+				syslog(LOG_ERR,
+				    "auditctl failed setting log file! : %s\n",
+				    strerror(errno));
+				close(fd);
+			} else {
+				/* Success. */
+				close_lastfile(TS);
+				lastfile = fn;
+				close(fd);
+				return (0);
+			}
 		}
 
 		/*
@@ -708,7 +765,7 @@ setup(void)
 int
 main(int argc, char **argv)
 {
-	char ch;
+	int ch;
 	int debug = 0;
 	int rc;
 
diff --git a/contrib/openbsm/bin/auditd/auditd.h b/contrib/openbsm/bin/auditd/auditd.h
index e1731d96542a..bca637037ed8 100644
--- a/contrib/openbsm/bin/auditd/auditd.h
+++ b/contrib/openbsm/bin/auditd/auditd.h
@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#4 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditd/auditd.h#5 $
  */
 
 #ifndef _AUDITD_H_
@@ -43,6 +43,13 @@
 #define	MAX_DIR_SIZE	255
 #define	AUDITD_NAME	"auditd"
 
+/*
+ * If defined, then the audit daemon will attempt to chown newly created logs
+ * to this group.  Otherwise, they will be the default for the user running
+ * auditd, likely the audit group.
+ */
+#define	AUDIT_REVIEW_GROUP	"audit"
+
 #define	POSTFIX_LEN		16
 #define	NOT_TERMINATED	".not_terminated"
 
diff --git a/contrib/openbsm/bin/auditreduce/auditreduce.1 b/contrib/openbsm/bin/auditreduce/auditreduce.1
index 1ac2acdfebfb..9ae97263aa64 100644
--- a/contrib/openbsm/bin/auditreduce/auditreduce.1
+++ b/contrib/openbsm/bin/auditreduce/auditreduce.1
@@ -25,9 +25,9 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#8 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.1#10 $
 .\"
-.Dd Jan 24, 2004
+.Dd January 24, 2004
 .Dt AUDITREDUCE 1
 .Os
 .Sh NAME
@@ -124,7 +124,8 @@ Select records containing the given shared memory id.
 .Sh Examples
 .Pp
 To select all records associated with effective user ID root from the audit
-log /var/audit/20031016184719.20031017122634:
+log
+.Pa /var/audit/20031016184719.20031017122634 :
 .Pp
 .Nm
 -e root /var/audit/20031016184719.20031017122634
@@ -136,9 +137,9 @@ events from that log:
 .Nm
 -m AUE_SETLOGIN /var/audit/20031016184719.20031017122634
 .Sh SEE ALSO
+.Xr praudit 1 ,
 .Xr audit_control 5 ,
-.Xr audit_event 5 ,
-.Xr praudit 1
+.Xr audit_event 5
 .Sh AUTHORS
 This software was created by McAfee Research, the security research division
 of McAfee, Inc., under contract to Apple Computer Inc.
diff --git a/contrib/openbsm/bin/auditreduce/auditreduce.c b/contrib/openbsm/bin/auditreduce/auditreduce.c
index 8e6f2452bc50..63619b7b1216 100644
--- a/contrib/openbsm/bin/auditreduce/auditreduce.c
+++ b/contrib/openbsm/bin/auditreduce/auditreduce.c
@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#11 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/auditreduce/auditreduce.c#13 $
  */
 
 /* 
@@ -529,7 +529,7 @@ main(int argc, char **argv)
 	FILE *fp;
 	int i;
 	char *objval, *converr;
-	char ch;
+	int ch;
 	char timestr[128];
 	char *fname;
 
diff --git a/contrib/openbsm/bin/praudit/praudit.1 b/contrib/openbsm/bin/praudit/praudit.1
index e99463860407..00cbfcd925ad 100644
--- a/contrib/openbsm/bin/praudit/praudit.1
+++ b/contrib/openbsm/bin/praudit/praudit.1
@@ -25,9 +25,9 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.1#7 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.1#8 $
 .\"
-.Dd Jan 24, 2004
+.Dd January 24, 2004
 .Dt PRAUDIT 1
 .Os
 .Sh NAME
diff --git a/contrib/openbsm/bin/praudit/praudit.c b/contrib/openbsm/bin/praudit/praudit.c
index 920f6d46b589..e812f983aa0a 100644
--- a/contrib/openbsm/bin/praudit/praudit.c
+++ b/contrib/openbsm/bin/praudit/praudit.c
@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.c#7 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bin/praudit/praudit.c#9 $
  */
 
 /*
@@ -105,7 +105,7 @@ print_tokens(FILE *fp)
 int
 main(int argc, char **argv)
 {
-	char ch;
+	int ch;
 	int i;
 	FILE *fp;
 
diff --git a/contrib/openbsm/bsm/audit_kevents.h b/contrib/openbsm/bsm/audit_kevents.h
index 48d2b0e96725..335dc7dfa402 100644
--- a/contrib/openbsm/bsm/audit_kevents.h
+++ b/contrib/openbsm/bsm/audit_kevents.h
@@ -30,7 +30,7 @@
  *
  * @APPLE_BSD_LICENSE_HEADER_END@
  *
- * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#34 $
+ * $P4: //depot/projects/trustedbsd/openbsm/bsm/audit_kevents.h#37 $
  */
 
 #ifndef _BSM_AUDIT_KEVENTS_H_
@@ -360,7 +360,7 @@
 #define	AUE_NMOUNT		380	/* FreeBSD-specific. */
 #define	AUE_BDFLUSH		381	/* Linux-specific. */
 #define	AUE_SETFSUID		382	/* Linux-specific. */
-#define	AUE_GETFSUID		383	/* Linux-specific. */
+#define	AUE_SETFSGID		383	/* Linux-specific. */
 #define	AUE_PERSONALITY		384	/* Linux-specific. */
 #define	AUE_SCHED_GETSCHEDULER	385	/* POSIX.1b. */
 #define	AUE_SCHED_SETSCHEDULER	386	/* POSIX.1b. */
@@ -383,6 +383,7 @@
 #define	AUE_ACL_DELETE_FD		403	/* FreeBSD. */
 #define	AUE_ACL_CHECK_FILE		404	/* FreeBSD. */
 #define	AUE_ACL_CHECK_FD		405	/* FreeBSD. */
+#define	AUE_SYSARCH			406	/* FreeBSD. */
 
 /*
  * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
@@ -428,6 +429,7 @@
 #define	AUE_O_RECVFROM		AUE_RECVFROM	/* Darwin */
 #define	AUE_O_SETREUID		AUE_SETREUID	/* Darwin */
 #define	AUE_O_SETREGID		AUE_SETREGID	/* Darwin */
+#define	AUE_O_GETDIRENTRIES	AUE_GETDIRENTRIES	/* Darwin */
 #define	AUE_O_TRUNCATE		AUE_TRUNCATE	/* Darwin */
 #define	AUE_O_FTRUNCATE		AUE_FTRUNCATE	/* Darwin */
 #define	AUE_O_GETPEERNAME	AUE_NULL	/* Darwin */
diff --git a/contrib/openbsm/libbsm/Makefile b/contrib/openbsm/libbsm/Makefile
index 4137f4a3da6b..00534aa9c8a4 100644
--- a/contrib/openbsm/libbsm/Makefile
+++ b/contrib/openbsm/libbsm/Makefile
@@ -1,7 +1,7 @@
 #
 # OpenBSM libbsm
 #
-# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile#11 $
+# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile#13 $
 #
 
 LIB=		bsm
@@ -35,7 +35,9 @@ MAN=	libbsm.3							\
 
 MLINKS=	libbsm.3 bsm.3							\
 	au_class.3 getauclassent.3					\
+	au_class.3 getauclassent_r.3					\
 	au_class.3 getauclassnam.3					\
+	au_class.3 getauclassnam_r.3					\
 	au_class.3 setauclass.3						\
 	au_class.3 endauclass.3						\
 	au_control.3 setac.3						\
@@ -47,9 +49,13 @@ MLINKS=	libbsm.3 bsm.3							\
 	au_event.3 setauevent.3						\
 	au_event.3 endauevent.3						\
 	au_event.3 getauevent.3						\
+	au_event.3 getauevent_r.3					\
 	au_event.3 getauevnam.3						\
+	au_event.3 getauevnam_r.3					\
 	au_event.3 getauevnum.3						\
+	au_event.3 getauevnum_r.3					\
 	au_event.3 getauevnonam.3					\
+	au_event.3 getauevnonam_r.3					\
 	au_io.3	au_fetch_tok.3						\
 	au_io.3	au_print_tok.3						\
 	au_io.3	au_read_rec.3						\
diff --git a/contrib/openbsm/libbsm/au_control.3 b/contrib/openbsm/libbsm/au_control.3
index 915c5211f2d1..0cd66f162fd4 100644
--- a/contrib/openbsm/libbsm/au_control.3
+++ b/contrib/openbsm/libbsm/au_control.3
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#2 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#3 $
 .\"
 .Dd April 19, 2005
 .Dt AU_CONTROL 3
@@ -67,7 +67,7 @@ closes the
 database.
 .Pp
 .Fn getacdir
-Return the name of the directory where log data is stored via the passed
+returns the name of the directory where log data is stored via the passed
 character buffer
 .Va name
 of length
diff --git a/contrib/openbsm/libbsm/au_event.3 b/contrib/openbsm/libbsm/au_event.3
index bd021decc2eb..dfaea022a03e 100644
--- a/contrib/openbsm/libbsm/au_event.3
+++ b/contrib/openbsm/libbsm/au_event.3
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_event.3#3 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_event.3#4 $
 .\"
 .Dd April 19, 2005
 .Dt AU_EVENT 3
@@ -123,9 +123,9 @@ Functions
 and
 .Fn getauevnuam
 will return a reference to a
-.Dt struct au_event_ent
+.Ft struct au_event_ent
 or
-.Dt au_event_t
+.Ft au_event_t
 on success, or
 .Dv NULL on failure, with
 .Va errno
diff --git a/contrib/openbsm/libbsm/au_free_token.3 b/contrib/openbsm/libbsm/au_free_token.3
index fc4ab0bde6c4..84fa4435948f 100644
--- a/contrib/openbsm/libbsm/au_free_token.3
+++ b/contrib/openbsm/libbsm/au_free_token.3
@@ -27,7 +27,7 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_free_token.3#2 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_free_token.3#3 $
 .\"
 .Dd April 19, 2005
 .Dt AU_FREE_TOKEN 3
@@ -40,7 +40,7 @@
 .Sh SYNOPSIS
 .In libbsm.h
 .Ft void
-.Fn au_free_tokenen "token_t *tok"
+.Fn au_free_token "token_t *tok"
 .Sh DESCRIPTION
 The BSM API generally manages deallocation of
 .Vt token_t
diff --git a/contrib/openbsm/libbsm/au_mask.3 b/contrib/openbsm/libbsm/au_mask.3
index 67bb187a8fae..6698ae5a60b8 100644
--- a/contrib/openbsm/libbsm/au_mask.3
+++ b/contrib/openbsm/libbsm/au_mask.3
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_mask.3#2 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_mask.3#3 $
 .\"
 .Dd April 19, 2005
 .Dt AU_MASK 3
@@ -109,7 +109,7 @@ will be set to indicate the error.
 .Sh IMPLEMENTATION NOTES
 .Fn au_preselect
 makes implicit use of various audit database routines, and may influence
-the behavior of simultaenous or interleaved processing of those databases by
+the behavior of simultaneous or interleaved processing of those databases by
 other code.
 .Sh SEE ALSO
 .Xr libbsm 3 ,
diff --git a/contrib/openbsm/libbsm/au_token.3 b/contrib/openbsm/libbsm/au_token.3
index dd0ce2762238..cdf871b84901 100644
--- a/contrib/openbsm/libbsm/au_token.3
+++ b/contrib/openbsm/libbsm/au_token.3
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#4 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#5 $
 .\"
 .Dd April 19, 2005
 .Dt AU_TOKEN 3
@@ -179,10 +179,10 @@
 .Fn au_to_trailer "int rec_size"
 .Sh DESCRIPTION
 These interfaces support the allocation of BSM audit tokens, represented by
-.Dt token_t ,
+.Ft token_t ,
 for various data types.
 .Sh RETURN VALUES
-On sucess, a pointer to a
+On success, a pointer to a
 .Vt token_t
 will be returned; the allocated
 .Vt token_t
diff --git a/contrib/openbsm/libbsm/au_user.3 b/contrib/openbsm/libbsm/au_user.3
index e71deae6c7e2..c0fab6f9febb 100644
--- a/contrib/openbsm/libbsm/au_user.3
+++ b/contrib/openbsm/libbsm/au_user.3
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_user.3#3 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_user.3#4 $
 .\"
 .Dd April 19, 2005
 .Dt AU_USER 3
@@ -72,7 +72,7 @@ and events never to audit
 .Dv au_never .
 .Pp
 .Fn getauuserent
-return the next user found in the
+returns the next user found in the
 .Xr audit_user 5
 database, or the first if the function has not yet been called.
 .Dv NULL
@@ -96,7 +96,7 @@ closes the
 database, if open.
 .Pp
 .Nm au_user_mask
-calculate a new session audit mask to be returned via
+calculates a new session audit mask to be returned via
 .Dv mask_p
 for the user identified by
 .Dv username .
diff --git a/contrib/openbsm/libbsm/libbsm.3 b/contrib/openbsm/libbsm/libbsm.3
index 3ec8168435a2..c2ea877b3be3 100644
--- a/contrib/openbsm/libbsm/libbsm.3
+++ b/contrib/openbsm/libbsm/libbsm.3
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#3 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#4 $
 .\"
 .Dd April 19, 2005
 .Dt LIBBSM 3
@@ -48,57 +48,56 @@ event stream interfaces, class interfaces, control interfaces, event
 interfaces, I/O interfaces, mask interfaces, notification interfaces, token
 interfaces, and user interfaces.
 These are described respectively in the
-.Xr au_stream 3 ,
 .Xr au_class 3 ,
 .Xr au_control 3 ,
 .Xr au_event 3 ,
 .Xr au_mask 3 ,
 .Xr au_notify 3 ,
+.Xr au_stream 3 ,
 .Xr au_token 3 ,
 .Xr au_user 3
 man pages.
 .Ss Audit Event Stream Interfaces
 Audit event stream interfaces support interaction with file-backed audit
 event streams:
-.Xr au_free_token 3 ,
+.Xr au_close 3 .
 .Xr au_free_token 3 ,
 .Xr au_open 3 ,
 .Xr au_write 3 ,
-.Xr au_close 3 .
 .Ss Audit Class Interfaces
 Audit class interfaces support the look up of information from the
 .Xr audit_class 5
 database:
+.Xr endauclass 3 ,
 .Xr getauclassent 3 ,
 .Xr getauclassent_r 3 ,
 .Xr getauclassnam 3 ,
 .Xr getauclassnam_r 3 ,
-.Xr setauclass 3 ,
-.Xr endauclass 3 .
+.Xr setauclass 3 .
 .Ss Audit Control Interfaces
 Audit control interfaces support the look up of information from the
 .Xr audit_control 5
 database:
-.Xr setac 3 ,
 .Xr endac 3 ,
+.Xr setac 3 ,
 .Xr getacdir 3 ,
-.Xr getacmin 3 ,
 .Xr getacflg 3 ,
+.Xr getacmin 3 ,
 .Xr getacna 3 .
 .Ss Audit Event Interfaces
 Audit event interfaces support the look up of information from the
 .Xr audit_event 5
 database:
-.Xr setauevent 3 ,
 .Xr endauevent 3 ,
+.Xr setauevent 3 ,
 .Xr getauevent 3 ,
 .Xr getauevent_r 3 ,
 .Xr getauevnam 3 ,
 .Xr getauevnam_r 3 ,
-.Xr getauevnum 3 ,
-.Xr getauevnum_r 3 ,
 .Xr getauevnonam 3 ,
 .Xr getauevnonam_r 3 ,
+.Xr getauevnum 3 ,
+.Xr getauevnum_r 3 .
 .Ss Audit I/O Interfaces
 Audit I/O interfaces support the processing and printing of tokens, as well
 as the reading of audit records:
@@ -117,9 +116,9 @@ by a mask:
 .Ss Audit Notification Interfaces
 Audit notification routines track audit state in a form permitting efficient
 update, avoiding frequent system calls to check the kernel audit state:
+.Xr au_get_state 3 ,
 .Xr au_notify_initialize 3 ,
-.Xr au_notify_terminate 3 ,
-.Xr au_get_state 3 .
+.Xr au_notify_terminate 3 .
 These interfaces are implemented only for Darwin/Mac OS X.
 .Ss Audit Token Interface
 Audit token interfaces permit the creation of tokens for use in creating
@@ -127,63 +126,63 @@ audit records for submission to event streams.
 Each interface converts a C type to its
 .Vt token_t
 representation.
+.Xr au_to_arg 3 ,
 .Xr au_to_arg32 3 ,
 .Xr au_to_arg64 3 ,
-.Xr au_to_arg 3 ,
 .Xr au_to_attr64 3 ,
 .Xr au_to_data 3 ,
+.Xr au_to_exec_args 3 ,
+.Xr au_to_exec_env 3 ,
 .Xr au_to_exit 3 ,
+.Xr au_to_file 3 ,
 .Xr au_to_groups 3 ,
-.Xr au_to_newgroups 3 ,
+.Xr au_to_header32 3 ,
+.Xr au_to_header64 3 ,
 .Xr au_to_in_addr 3 ,
 .Xr au_to_in_addr_ex 3 ,
 .Xr au_to_ip 3 ,
 .Xr au_to_ipc 3 ,
 .Xr au_to_ipc_perm 3 ,
 .Xr au_to_iport 3 ,
+.Xr au_to_me 3 ,
+.Xr au_to_newgroups 3 ,
 .Xr au_to_opaque 3 ,
-.Xr au_to_file 3 ,
-.Xr au_to_text 3 ,
 .Xr au_to_path 3 ,
+.Xr au_to_process 3 ,
 .Xr au_to_process32 3 ,
 .Xr au_to_process64 3 ,
-.Xr au_to_process 3 ,
+.Xr au_to_process_ex 3 ,
 .Xr au_to_process32_ex 3 ,
 .Xr au_to_process64_ex 3 ,
-.Xr au_to_process_ex 3 ,
+.Xr au_to_return 3 ,
 .Xr au_to_return32 3 ,
 .Xr au_to_return64 3 ,
-.Xr au_to_return 3 ,
 .Xr au_to_seq 3 ,
 .Xr au_to_socket 3 ,
 .Xr au_to_socket_ex_32 3 ,
 .Xr au_to_socket_ex_128 3 ,
+.Xr au_to_sock_inet 3 ,
 .Xr au_to_sock_inet32 3 ,
 .Xr au_to_sock_inet128 3 ,
-.Xr au_to_sock_inet 3 ,
+.Xr au_to_subject 3 ,
 .Xr au_to_subject32 3 ,
 .Xr au_to_subject64 3 ,
-.Xr au_to_subject 3 ,
+.Xr au_to_subject_ex 3 ,
 .Xr au_to_subject32_ex 3 ,
 .Xr au_to_subject64_ex 3 ,
-.Xr au_to_subject_ex 3 ,
-.Xr au_to_me 3 ,
-.Xr au_to_exec_args 3 ,
-.Xr au_to_exec_env 3 ,
-.Xr au_to_header32 3 ,
-.Xr au_to_header64 3 ,
+.Xr au_to_text 3 ,
 .Xr au_to_trailer 3 .
 .Ss Audit User Interfaces
 Audit user interfaces support the look up of information from the
 .Xr audit_user 5
 database:
-.Xr setauuser 3 ,
+.Xr au_user_mask 3 ,
 .Xr endauuser 3 ,
+.Xr setauuser 3 ,
 .Xr getauuserent 3 ,
 .Xr getauuserent_r 3 ,
 .Xr getauusernam 3 ,
 .Xr getauusernam_r 3 ,
-.Xr au_user_mask 3 ,
 .Xr getfauditflags 3 .
 .Sh SEE ALSO
 .Xr au_class 3 ,
diff --git a/contrib/openbsm/man/audit.log.5 b/contrib/openbsm/man/audit.log.5
index 8877e1d9125b..87e1ab354c41 100644
--- a/contrib/openbsm/man/audit.log.5
+++ b/contrib/openbsm/man/audit.log.5
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#7 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#8 $
 .\"
 .Dd May 1, 2005
 .Dt AUDIT.LOG 5
@@ -204,7 +204,7 @@ The
 token contains an IP packet header in network byte order.
 An
 .Dv ip
-token can be cread using
+token can be created using
 .Xr au_to_ip 3 .
 .Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
 .It Sy "Field" Ta Sy Bytes Ta Sy Description
@@ -249,7 +249,7 @@ token contains a pathname.
 A
 .Dv path
 token can be created using
-.Xr auto_path 3 .
+.Xr au_to_path 3 .
 .Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
 .It Sy "Field" Ta Sy Bytes Ta Sy Description
 .It Li "Token ID" Ta "1 byte" Ta "Token ID"
@@ -262,7 +262,7 @@ The
 token contains a set of nul-terminated path names.
 The
 .Xr libbsm 3
-API cannot currently create an
+API cannot currently create a
 .Dv path_attr
 token.
 .Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
@@ -283,7 +283,7 @@ token, which describes the subject performing an auditable event.
 This includes both the traditional
 .Ux
 security properties, such as user IDs and group IDs, but also audit
-information such as the audit user ID and sesion.
+information such as the audit user ID and session.
 A
 .Dv process
 token can be created using
@@ -310,12 +310,12 @@ token contains the contents of the
 .Dv process
 token, with the addition of a machine address type and variable length
 address storage capable of containing IPv6 addresses.
-A
+An
 .Dv expanded process
 token can be created using
 .Xr au_to_process32_ex 3
 or
-.Xr au_to_process64 3 .
+.Xr au_to_process64_ex 3 .
 .Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
 .It Sy "Field" Ta Sy Bytes Ta Sy Description
 .It Li "Token ID" Ta "1 byte" Ta "Token ID"
@@ -385,7 +385,7 @@ token consists of the same elements as the
 .Dv subject
 token, with the addition of type/length and variable size machine address
 information in the terminal ID.
-A
+An
 .Dv expanded subject
 token can be created using
 .Xr au_to_subject32_ex 3
@@ -412,7 +412,7 @@ token ...
 .Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
 .It Sy "Field" Ta Sy Bytes Ta Sy Description
 .It Li "Token ID" Ta "1 byte" Ta "Token ID"
-.It Li "object ID type" Ta "1 byte" Ta "Object ID"
+.It Li "Object ID type" Ta "1 byte" Ta "Object ID"
 .It Li "Object ID" Ta "4 bytes" Ta "Object ID"
 .El
 .Ss Text Token
@@ -438,7 +438,7 @@ included with the attribute block for a file; optional
 .Dv path
 tokens may also be present in an audit record indicating which path, if any,
 was used to reach the object.
-A
+An
 .Dv attribute
 token can be created using
 .Xr au_to_attr32 3
@@ -593,8 +593,8 @@ token ...
 .It Li XXXXX
 .El
 .Sh SEE ALSO
-.Xr audit 8,
-.Xr libbsm 3
+.Xr libbsm 3 ,
+.Xr audit 8
 .Sh AUTHORS
 The Basic Security Module (BSM) interface to audit records and audit event
 stream format were defined by Sun Microsystems.
diff --git a/contrib/openbsm/man/audit_class.5 b/contrib/openbsm/man/audit_class.5
index 81b60cb5c7ea..dfd44a9238d1 100644
--- a/contrib/openbsm/man/audit_class.5
+++ b/contrib/openbsm/man/audit_class.5
@@ -25,9 +25,9 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_class.5#5 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_class.5#7 $
 .\"
-.Dd Jan 24, 2004
+.Dd January 24, 2004
 .Dt AUDIT_CLASS 5
 .Os
 .Sh NAME
@@ -40,8 +40,9 @@ file contains descriptions of the auditable event classes on the system.
 Each auditable event is a member of an event class.
 Each line maps an audit event 
 mask (bitmap) to a class and a description.
-Entries are of the form 
-.Dl classmask:eventclass:description.
+Entries are of the form:
+.Pp
+.Dl classmask:eventclass:description
 .Pp
 Example entries in this file are:
 .Bd -literal -offset indent
diff --git a/contrib/openbsm/man/audit_control.5 b/contrib/openbsm/man/audit_control.5
index d39b68129cff..dd39afc76069 100644
--- a/contrib/openbsm/man/audit_control.5
+++ b/contrib/openbsm/man/audit_control.5
@@ -25,9 +25,9 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#5 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_control.5#9 $
 .\"
-.Dd Jan 24, 2004
+.Dd January 4, 2006
 .Dt AUDIT_CONTROL 5
 .Os
 .Sh NAME
@@ -38,7 +38,9 @@ The
 .Nm
 file contains several audit system parameters.
 Each line of this file is of the form:
-.Dl parameter:value.
+.Pp
+.Dl parameter:value
+.Pp
 The parameters are:
 .Bl -tag -width Ds
 .It Pa dir
@@ -63,13 +65,15 @@ When the free space falls below this limit a warning will be issued.
 Not currently used as the value of 20 percent is chosen by the kernel.
 .El
 .Sh AUDIT FLAGS
-Audit flags are a comma delimited list of audit classes as defined in the
-audit_class file.
+Audit flags are a comma-delimited list of audit classes as defined in the
+.Pa audit_class
+file.
 See
 .Xr audit_class 5
 for details.
 Event classes may be preceded by a prefix which changes their interpretation.
 The following prefixes may be used for each class:
+.Pp
 .Bl -tag -width Ds -compact -offset indent
 .It +
 Record successful events
@@ -78,9 +82,9 @@ Record failed events
 .It ^
 Record both successful and failed events
 .It ^+
-Don't record successful events
+Do not record successful events
 .It ^-
-Don't record failed events
+Do not record failed events
 .El
 .Sh DEFAULT
 The following settings appear in the default
@@ -88,7 +92,7 @@ The following settings appear in the default
 file:
 .Bd -literal -offset indent
 dir:/var/audit
-flags:lo,ad,-all,^-fc,^-cl
+flags:lo
 minfree:20
 naflags:lo
 .Ed
@@ -96,17 +100,16 @@ naflags:lo
 The
 .Va flags
 parameter above specifies the system-wide mask corresponding to login/logout
-events, administrative events, and all failures except for failures in creating
-or closing files.
+events.
 .Sh FILES
 .Bl -tag -width "/etc/security/audit_control" -compact
 .It Pa /etc/security/audit_control
 .El
 .Sh SEE ALSO
-.Xr audit 1 ,
-.Xr auditd 8 ,
 .Xr audit_class 5 ,
-.Xr audit_user 5
+.Xr audit_user 5 ,
+.Xr audit 8 ,
+.Xr auditd 8
 .Sh AUTHORS
 This software was created by McAfee Research, the security research division
 of McAfee, Inc., under contract to Apple Computer Inc.
diff --git a/contrib/openbsm/man/audit_event.5 b/contrib/openbsm/man/audit_event.5
index 36029ef3b90f..cfa81f6272a9 100644
--- a/contrib/openbsm/man/audit_event.5
+++ b/contrib/openbsm/man/audit_event.5
@@ -25,9 +25,9 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_event.5#5 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_event.5#8 $
 .\"
-.Dd Jan 24, 2004
+.Dd January 24, 2004
 .Dt AUDIT_EVENT 5
 .Os
 .Sh NAME
@@ -38,11 +38,15 @@ The
 .Nm 
 file contains descriptions of the auditable events on the system.
 Each line maps an audit event number to a name, a description, and a class.
-Entries are of the form
-.Dl eventnum:eventname:description:eventclass .
+Entries are of the form:
+.Pp
+.Dl eventnum:eventname:description:eventclass
+.Pp
 Each
 .Vt eventclass
-should have a corresponding entry in the audit_class file.
+should have a corresponding entry in the
+.Pa audit_class
+file.
 See 
 .Xr audit_class 5
 for details.
diff --git a/contrib/openbsm/man/audit_user.5 b/contrib/openbsm/man/audit_user.5
index abb74a322123..05877d555ce5 100644
--- a/contrib/openbsm/man/audit_user.5
+++ b/contrib/openbsm/man/audit_user.5
@@ -25,9 +25,9 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_user.5#5 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_user.5#7 $
 .\"
-.Dd Jan 24, 2004
+.Dd February 5, 2006
 .Dt AUDIT_USER 5
 .Os
 .Sh NAME
@@ -44,9 +44,11 @@ These settings take effect when the user logs in.
 .Pp
 Each line maps a user name to a list of classes that should be audited and a
 list of classes that should not be audited. 
-Entries are of the form of
-.Dl username:alwaysaudit:neveraudit ,
-where
+Entries are of the form:
+.Pp
+.Dl username:alwaysaudit:neveraudit
+.Pp
+In the format above,
 .Vt alwaysaudit
 is a set of event classes that are always audited, and
 .Vt neveraudit
@@ -64,8 +66,8 @@ root:lo,ad:no
 jdoe:-fc,ad:+fw
 .Ed
 .Pp
-These settings would cause login and administrative events that succeed on
-behalf of user root to be audited.
+These settings would cause login/logout and administrative events that
+succeed on behalf of user root to be audited.
 No failure events are audited.
 For the user
 .Em jdoe ,
diff --git a/contrib/openbsm/man/audit_warn.5 b/contrib/openbsm/man/audit_warn.5
index 4581d8c87bf6..18cb74e0996e 100644
--- a/contrib/openbsm/man/audit_warn.5
+++ b/contrib/openbsm/man/audit_warn.5
@@ -25,9 +25,9 @@
 .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_warn.5#5 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit_warn.5#6 $
 .\"
-.Dd Mar 17, 2004
+.Dd March 17, 2004
 .Dt AUDIT_WARN 5
 .Os
 .Sh NAME
diff --git a/contrib/openbsm/man/auditon.2 b/contrib/openbsm/man/auditon.2
index 4e38dc4f68fc..9dedbba53b07 100644
--- a/contrib/openbsm/man/auditon.2
+++ b/contrib/openbsm/man/auditon.2
@@ -25,7 +25,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#6 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/auditon.2#7 $
 .\"
 .Dd April 19, 2005
 .Dt AUDITON 2
@@ -53,8 +53,9 @@ may be any of the following:
 .It Dv A_SETPOLICY
 Set audit policy flags.
 .Ft *data
-must point to an long value set to one of the audit 
-policy control values defined in audit.h.
+must point to a long value set to one of the audit 
+policy control values defined in
+.Pa audit.h .
 Currently, only
 .Dv AUDIT_CNT
 and
@@ -83,7 +84,7 @@ These masks are used for non-attributable audit event preselection.
 .It Dv A_SETQCTRL
 Set kernel audit queue parameters.
 .Ft *data
-must point to a 
+must point to a
 .Ft au_qctrl_t
 structure containing the
 kernel audit queue control settings:
@@ -106,7 +107,7 @@ Return
 .It Dv A_SETCOND
 Set the current auditing condition.
 .Ft *data
-must point to an long value containing the new
+must point to a long value containing the new
 audit condition, one of
 .Dv AUC_AUDITING ,
 .Dv AUC_NOAUDIT ,
@@ -115,13 +116,13 @@ or
 .It Dv A_SETCLASS
 Set the event class preselection mask for an audit event.
 .Ft *data
-must point to a 
+must point to a
 .Ft au_evclass_map_t
 structure containing the audit event and mask.
 .It Dv A_SETPMASK
 Set the preselection masks for a process.
 .Ft *data
-must point to a 
+must point to a
 .Ft auditpinfo_t
 structure that contains the given process's audit 
 preselection masks for both success and failure.
@@ -167,7 +168,7 @@ the current kernel preselection masks for non-attributable events.
 .It Dv A_GETPOLICY
 Return the current audit policy setting.
 .Ft *data
-must point to an long value which will be set to
+must point to a long value which will be set to
 one of the current audit policy flags.
 Currently, only
 .Dv AUDIT_CNT
@@ -188,8 +189,8 @@ must point to a
 .Ft au_fstat_t
 structure. The
 .Ft af_filesz
-field will set to the maximum audit log file size. A value of 0
-indicates no limit to the size.
+field will be set to the maximum audit log file size.
+A value of 0 indicates no limit to the size.
 The
 .Ft af_filesz
 will be set to the current audit log file size.
@@ -227,7 +228,9 @@ trigger values:
 .Dv AUDIT_TRIGGER_OPEN_NEW
 (open a new audit log file),
 .Dv AUDIT_TRIGGER_READ_FILE
-(read the audit_control file),
+(read the
+.Pa audit_control
+file),
 .Dv AUDIT_TRIGGER_CLOSE_AND_DIE
 (close the current log file and exit),
 or
diff --git a/contrib/openbsm/man/getaudit.2 b/contrib/openbsm/man/getaudit.2
index c20aab00073d..05a938c8f9ef 100644
--- a/contrib/openbsm/man/getaudit.2
+++ b/contrib/openbsm/man/getaudit.2
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/getaudit.2#4 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/getaudit.2#5 $
 .\"
 .Dd April 19, 2005
 .Dt GETAUDIT 2
@@ -50,7 +50,7 @@ retrieves extended state via
 and
 .Va length .
 .Pp
-This system call required appropriate privilege to complete.
+This system call requires appropriate privilege to complete.
 .Sh RETURN VALUES
 .Nm
 returns 0 on success, or returns -1 on failure, providing additional error
diff --git a/contrib/openbsm/man/getauid.2 b/contrib/openbsm/man/getauid.2
index de36f731df3c..9751da959390 100644
--- a/contrib/openbsm/man/getauid.2
+++ b/contrib/openbsm/man/getauid.2
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/getauid.2#4 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/getauid.2#5 $
 .\"
 .Dd April 19, 2005
 .Dt GETAUID 2
@@ -42,7 +42,7 @@ retrieves the active audit session ID for the current process via the
 pointed to by
 .Va auid .
 .Pp
-This system call required appropriate privilege to complete.
+This system call requires appropriate privilege to complete.
 .Sh RETURN VALUES
 .Nm
 returns 0 on success, or returns -1 on failure, providing additional error
diff --git a/contrib/openbsm/man/setaudit.2 b/contrib/openbsm/man/setaudit.2
index 2d994ecfb0cf..46d99546a581 100644
--- a/contrib/openbsm/man/setaudit.2
+++ b/contrib/openbsm/man/setaudit.2
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/setaudit.2#4 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/setaudit.2#5 $
 .\"
 .Dd April 19, 2005
 .Dt SETAUDIT 2
@@ -50,7 +50,7 @@ sets extended state via
 and
 .Va length .
 .Pp
-This system call required appropriate privilege to complete.
+This system call requires appropriate privilege to complete.
 .Sh RETURN VALUES
 .Nm
 returns 0 on success, or returns -1 on failure, providing additional error
diff --git a/contrib/openbsm/man/setauid.2 b/contrib/openbsm/man/setauid.2
index d03b0d9474e9..4c23ffcebf7f 100644
--- a/contrib/openbsm/man/setauid.2
+++ b/contrib/openbsm/man/setauid.2
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/setauid.2#4 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/setauid.2#5 $
 .\"
 .Dd April 19, 2005
 .Dt SETAUID 2
@@ -42,7 +42,7 @@ sets the active audit session ID for the current process from the
 pointed to by
 .Va auid .
 .Pp
-This system call required appropriate privilege to complete.
+This system call requires appropriate privilege to complete.
 .Sh RETURN VALUES
 .Nm
 returns 0 on success, or returns -1 on failure, providing additional error