This commit was generated by cvs2svn to compensate for changes in r159248,

which included commits to RCS files with non-trunk default branches.

10 files changed, 533 insertions, 106 deletions

diff --git a/contrib/openbsm/libbsm/Makefile.am b/contrib/openbsm/libbsm/Makefile.am
index 09f4ae47874b..5e4a317d4e97 100644
--- a/contrib/openbsm/libbsm/Makefile.am
+++ b/contrib/openbsm/libbsm/Makefile.am
@@ -1,5 +1,5 @@
 #
-# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.am#2 $
+# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.am#3 $
 #
 
 INCLUDES = -I$(top_srcdir)
@@ -30,6 +30,7 @@ man3_MANS =		\
 	au_free_token.3	\
 	au_io.3		\
 	au_mask.3	\
+	au_open.3	\
 	au_token.3	\
 	au_user.3	\
 	libbsm.3
diff --git a/contrib/openbsm/libbsm/Makefile.in b/contrib/openbsm/libbsm/Makefile.in
index de9530c5a8e5..fb9ef39598d7 100644
--- a/contrib/openbsm/libbsm/Makefile.in
+++ b/contrib/openbsm/libbsm/Makefile.in
@@ -15,7 +15,7 @@
 @SET_MAKE@
 
 #
-# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.in#3 $
+# $P4: //depot/projects/trustedbsd/openbsm/libbsm/Makefile.in#4 $
 #
 
 srcdir = @srcdir@
@@ -204,6 +204,7 @@ man3_MANS = \
 	au_free_token.3	\
 	au_io.3		\
 	au_mask.3	\
+	au_open.3	\
 	au_token.3	\
 	au_user.3	\
 	libbsm.3
diff --git a/contrib/openbsm/libbsm/au_open.3 b/contrib/openbsm/libbsm/au_open.3
new file mode 100644
index 000000000000..569940e68061
--- /dev/null
+++ b/contrib/openbsm/libbsm/au_open.3
@@ -0,0 +1,149 @@
+.\"-
+.\" Copyright (c) 2006 Robert N. M. Watson
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#4 $
+.\"
+.Dd March 4, 2006
+.Dt AU_OPEN 3
+.Os
+.Sh NAME
+.Nm au_open ,
+.Nm au_write ,
+.Nm au_close ,
+.Nm au_close_buffer
+.Nd "Create and commit audit records"
+.Sh LIBRARY
+.Lb libbsm
+.Sh SYNOPSIS
+.In libbsm.h
+.Ft int
+.Fn au_open "void"
+.Ft int
+.Fn au_write "int d" "token_t *tok"
+.Ft int
+.Fn au_close "int d" "int keep" "short event"
+.Ft int
+.Fn au_close_buffer "int d" "short event" "u_char *buffer" "size_t *buflen"
+.Ft int
+.Fn au_close_token "token_t *tok" "u_char *buffer" "size_t *buflen"
+.Sh DESCRIPTION
+These interfaces allow applications to allocate audit records, construct a
+record using a series of tokens, and commit the audit record to the system
+event log.
+An extension API is also provided to commit the record to an in-memory
+buffer rather than the system audit log.
+.Pp
+The
+.Fn au_open
+interface allocates a new audit record descriptor.
+.Pp
+The
+.Fn au_write
+interface adds a token to an allocated audit descriptor.
+When a token has been successfully added to a record, the caller no longer
+owns the token memory, and does not need to free it directly via a call to
+.Xr au_free_token 3 .
+.Pp
+The
+.Fn au_close
+function is used to commit an audit record to the system audit log, or
+abandon the record.
+In either cases, all resources associated with the record will be released.
+The
+.Va keep
+argument determines the behavior: a value of
+.Dv AU_TO_WRITE
+causes the record to be committed; a value of
+.Dv AU_TO_NO_WRITE
+causes it to be abandoned.
+When the audit record is committed, a BSM header will be inserted before
+tokens added to the record, using the event identifier passed via
+.Va event ,
+and a trailer added to the end.
+Committing a record to the system audit log requires privilege.
+.Pp
+The
+.Fn au_close_buffer
+function writes the resulting record to an in-memory buffer of size
+.Va *buflen ;
+it will write back the filled buffer length into the same variable.
+The argument
+.Va short
+is the event identifier to use in the record header.
+.Pp
+The
+.Fn au_close_token
+function generates the BSM stream output for a single token,
+.Va tok ,
+in the passed buffer
+.Va buffer .
+The initial buffer size and resulting data size are passed via
+.Va *buflen .
+.Fn au_close_token
+will free the token before returning.
+.Sh RETURN VALUES
+The function
+.Fn au_open
+returns a non-negative audit record descriptor number on success, or a
+negative value on failure, along with error information in
+.Va errno .
+.Pp
+The functions
+.Fn au_write ,
+.Fn au_close ,
+.Fn au_close_buffer ,
+and
+.Fn au_close_token
+return 0 on success, or a negative value on failure, along with error
+information in
+.Va errno .
+.Sh SEE ALSO
+.Xr libbsm 3
+.Sh AUTHORS
+This software was created by Robert Watson, Wayne Salamon, and Suresh
+Krishnaswamy for McAfee Research, the security research division of McAfee,
+Inc., under contract to Apple Computer, Inc.
+.Pp
+The Basic Security Module (BSM) interface to audit records and audit event
+stream format were defined by Sun Microsystems.
+.Sh HISTORY
+The OpenBSM implementation was created by McAfee Research, the security
+division of McAfee Inc., under contract to Apple Computer, Inc., in 2004.
+It was subsequently adopted by the TrustedBSD Project as the foundation for
+the OpenBSM distribution.
+.Sh BUGS
+Currently,
+.Fn au_open
+does not reserve kernel resources necessary to commit the record to the
+trail; on systems supporting
+.Fn au_close ,
+the call will block until resources are available to commit the record.
+However, this leads to the possibility of an action being permitted without
+the record being guaranteed to go to disk.
+Ideally,
+.Fn au_open
+would reserve resources necessary to commit any submitted record, releasing
+them on
+.Fn au_close .
diff --git a/contrib/openbsm/libbsm/au_token.3 b/contrib/openbsm/libbsm/au_token.3
index cdf871b84901..5b2ad301fd2c 100644
--- a/contrib/openbsm/libbsm/au_token.3
+++ b/contrib/openbsm/libbsm/au_token.3
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#5 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#7 $
 .\"
 .Dd April 19, 2005
 .Dt AU_TOKEN 3
@@ -57,9 +57,6 @@
 .Nm au_to_return64 ,
 .Nm au_to_return ,
 .Nm au_to_seq ,
-.Nm au_to_socket ,
-.Nm au_to_socket_ex_32 ,
-.Nm au_to_socket_ex_128 ,
 .Nm au_to_sock_inet32 ,
 .Nm au_to_sock_inet128 ,
 .Nm au_to_sock_inet ,
@@ -116,9 +113,7 @@
 .Ft token_t *
 .Fn au_to_opaque "char *data" "u_int64_t bytes"
 .Ft token_t *
-.Fn au_to_file "char *file"
-.Ft token_t *
-.Fn au_to_file "char *file"
+.Fn au_to_file "char *file" "struct timeval tm"
 .Ft token_t *
 .Fn au_to_text "char *text"
 .Ft token_t *
@@ -140,12 +135,6 @@
 .Ft token_t *
 .Fn au_to_seq "long audit_count"
 .Ft token_t *
-.Fn au_to_socket "struct socket *so"
-.Ft token_t *
-.Fn au_to_socket_ex_32 "struct socket *so"
-.Ft token_t *
-.Fn au_to_socket_ex_128 "struct socket *so"
-.Ft token_t *
 .Fn au_to_sock_inet32 "struct sockaddr_in *so"
 .Ft token_t *
 .Fn au_to_sock_inet128 "struct sockaddr_in6 *so"
diff --git a/contrib/openbsm/libbsm/audit_submit.3 b/contrib/openbsm/libbsm/audit_submit.3
new file mode 100644
index 000000000000..9e4d23008dca
--- /dev/null
+++ b/contrib/openbsm/libbsm/audit_submit.3
@@ -0,0 +1,126 @@
+.\"
+.\" Copyright (c) 2006 Christian S.J. Peron
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1.  Redistributions of source code must retain the above copyright
+.\"     notice, this list of conditions and the following disclaimer.
+.\" 2.  Redistributions in binary form must reproduce the above copyright
+.\"     notice, this list of conditions and the following disclaimer in the
+.\"     documentation and/or other materials provided with the distribution.
+.\" 3.  Neither the name of Apple Computer, Inc. ("Apple") nor the names of
+.\"     its contributors may be used to endorse or promote products derived
+.\"     from this software without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR
+.\" ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/audit_submit.3#8 $
+.\"
+.Dd May 29, 2006
+.Dt audit_submit 3
+.Os
+.Sh NAME
+.Nm audit_submit
+.Nd general purpose audit record submission
+.Sh LIBRARY
+.Lb libbsm
+.Sh SYNOPSIS
+.In stdio.h
+.Ft int
+.Fn audit_submit "short au_event" "au_id_t auid" "char status" "int reterr" "const char * restrict format" ...
+.Sh DESCRIPTION
+The
+.Nm
+function provides a generic programming interface for audit record submission.
+This audit record will contain a header, subject token, an optional text token,
+return token, and a trailer.
+The header will contain the event class specified by
+.Fa au_event .
+The subject token will be generated based on
+.Fa au_ctx .
+The return token is dependant on the
+.Fa status
+and
+.Fa reterr
+arguments.
+Optionally, a text token will be created as a part of this record.
+.Pp
+Text token output is under the control of a
+.Fa format
+string that specifies how subsequent arguments (or arguments accessed via the
+variable-length argument facilities of
+.Xr stdarg 3 )
+are converted for output.
+If
+.Fa format
+is NULL, then no text token is created in the audit record.
+.Pp
+It should be noted that
+.Nm
+assumes that
+.Xr setaudit 2 ,
+or
+.Xr setaudit_addr 2 
+has already been called.
+As a direct result, the terminal ID for the
+subject will be retrieved from the kernel via
+.Xr getaudit 2 ,
+or
+.Xr getaudit_addr 2 .
+.Sh EXAMPLES
+.Bd -literal -offset indent
+#include <bsm/audit.h>
+#include <bsm/libbsm.h>
+#include <bsm/audit_uevents.h>
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <errno.h>
+
+int
+audit_bad_su(char *from_login, char *to_login)
+{
+	int error;
+
+	error = audit_submit(AUE_su, getuid(), 1, EPERM,
+	    "bad su from %s to %s", from_login, to_login);
+	return (error);
+}
+.Ed
+.Pp
+Will generate the following audit record:
+.Bd -literal -offset indent
+header,94,1,su(1),0,Mon Apr 17 23:23:59 2006, + 271 msec
+subject,root,root,wheel,root,wheel,652,652,0,0.0.0.0
+text,bad su from from csjp to root
+return,failure : Operation not permitted,1
+trailer,94
+.Ed
+.Sh SEE ALSO
+.Xr auditon 2 ,
+.Xr getaudit 2 ,
+.Xr libbsm 3 ,
+.Xr stdarg 3
+.Sh HISTORY
+The
+.Nm
+function first appeared in OpenBSM version 1.0.
+OpenBSM 1.0 was introduced in FreeBSD 7.0.
+.Sh AUTHORS
+The
+.Nm
+function was written by
+.An Christian S.J. Peron Aq csjp@FreeBSD.org .
diff --git a/contrib/openbsm/libbsm/bsm_audit.c b/contrib/openbsm/libbsm/bsm_audit.c
index 2e07fd888077..d959a30c4486 100644
--- a/contrib/openbsm/libbsm/bsm_audit.c
+++ b/contrib/openbsm/libbsm/bsm_audit.c
@@ -30,7 +30,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#22 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_audit.c#26 $
  */
 
 #include <sys/types.h>
@@ -280,12 +280,11 @@ au_close(int d, int keep, short event)
 		return (-1); /* Invalid descriptor */
 	}
 
-	if (!keep) {
+	if (keep == AU_TO_NO_WRITE) {
 		retval = 0;
 		goto cleanup;
 	}
 
-
 	tot_rec_size = rec->len + BSM_HEADER_SIZE + BSM_TRAILER_SIZE;
 
 	if (tot_rec_size > MAX_AUDIT_RECORD_SIZE) {
@@ -361,3 +360,24 @@ cleanup:
 	au_teardown(rec);
 	return (retval);
 }
+
+/*
+ * au_close_token() returns the byte format of a token_t.  This won't
+ * generally be used by applications, but is quite useful for writing test
+ * tools.  Will free the token on either success or failure.
+ */
+int
+au_close_token(token_t *tok, u_char *buffer, size_t *buflen)
+{
+
+	if (tok->len > *buflen) {
+		au_free_token(tok);
+		errno = ENOMEM;
+		return (EINVAL);
+	}
+
+	memcpy(buffer, tok->t_data, tok->len);
+	*buflen = tok->len;
+	au_free_token(tok);
+	return (0);
+}
diff --git a/contrib/openbsm/libbsm/bsm_io.c b/contrib/openbsm/libbsm/bsm_io.c
index 364532e57386..5f678fb0433f 100644
--- a/contrib/openbsm/libbsm/bsm_io.c
+++ b/contrib/openbsm/libbsm/bsm_io.c
@@ -31,7 +31,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#34 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_io.c#37 $
  */
 
 #include <sys/types.h>
@@ -893,6 +893,7 @@ fetch_arb_tok(tokenstr_t *tok, char *buf, int len)
 	 */
 	switch(tok->tt.arb.bu) {
 	case AUR_BYTE:
+	/* case AUR_CHAR: */
 		datasize = AUR_BYTE_SIZE;
 		break;
 
@@ -900,8 +901,13 @@ fetch_arb_tok(tokenstr_t *tok, char *buf, int len)
 		datasize = AUR_SHORT_SIZE;
 		break;
 
-	case AUR_LONG:
-		datasize = AUR_LONG_SIZE;
+	case AUR_INT32:
+	/* case AUR_INT: */
+		datasize = AUR_INT32_SIZE;
+		break;
+
+	case AUR_INT64:
+		datasize = AUR_INT64_SIZE;
 		break;
 
 	default:
@@ -962,6 +968,7 @@ print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
 	print_delim(fp, del);
 	switch(tok->tt.arb.bu) {
 	case AUR_BYTE:
+	/* case AUR_CHAR: */
 		str = "byte";
 		size = AUR_BYTE_SIZE;
 		print_string(fp, str, strlen(str));
@@ -979,23 +986,36 @@ print_arb_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
 		print_delim(fp, del);
 		print_1_byte(fp, tok->tt.arb.uc, "%u");
 		print_delim(fp, del);
-		for (i = 0; i<tok->tt.arb.uc; i++)
+		for (i = 0; i < tok->tt.arb.uc; i++)
 			fprintf(fp, format, *((u_int16_t *)(tok->tt.arb.data +
 			    (size * i))));
 		break;
 
-	case AUR_LONG:
+	case AUR_INT32:
+	/* case AUR_INT: */
 		str = "int";
-		size = AUR_LONG_SIZE;
+		size = AUR_INT32_SIZE;
 		print_string(fp, str, strlen(str));
 		print_delim(fp, del);
 		print_1_byte(fp, tok->tt.arb.uc, "%u");
 		print_delim(fp, del);
-		for (i = 0; i<tok->tt.arb.uc; i++)
+		for (i = 0; i < tok->tt.arb.uc; i++)
 			fprintf(fp, format, *((u_int32_t *)(tok->tt.arb.data +
 			    (size * i))));
 		break;
 
+	case AUR_INT64:
+		str = "int64";
+		size = AUR_INT64_SIZE;
+		print_string(fp, str, strlen(str));
+		print_delim(fp, del);
+		print_1_byte(fp, tok->tt.arb.uc, "%u");
+		print_delim(fp, del);
+		for (i = 0; i < tok->tt.arb.uc; i++)
+			fprintf(fp, format, *((u_int64_t *)(tok->tt.arb.data +
+			    (size * i))));
+		break;
+
 	default:
 		return;
 	}
@@ -1336,7 +1356,8 @@ fetch_inaddr_tok(tokenstr_t *tok, char *buf, int len)
 {
 	int err = 0;
 
-	READ_TOKEN_U_INT32(buf, len, tok->tt.inaddr.addr, tok->len, err);
+	READ_TOKEN_BYTES(buf, len, &tok->tt.inaddr.addr, sizeof(uint32_t),
+	    tok->len, err);
 	if (err)
 		return (-1);
 
@@ -1410,15 +1431,18 @@ fetch_ip_tok(tokenstr_t *tok, char *buf, int len)
 	if (err)
 		return (-1);
 
-	READ_TOKEN_U_INT16(buf, len, tok->tt.ip.len, tok->len, err);
+	READ_TOKEN_BYTES(buf, len, &tok->tt.ip.len, sizeof(uint16_t),
+	    tok->len, err);
 	if (err)
 		return (-1);
 
-	READ_TOKEN_U_INT16(buf, len, tok->tt.ip.id, tok->len, err);
+	READ_TOKEN_BYTES(buf, len, &tok->tt.ip.id, sizeof(uint16_t),
+	    tok->len, err);
 	if (err)
 		return (-1);
 
-	READ_TOKEN_U_INT16(buf, len, tok->tt.ip.offset, tok->len, err);
+	READ_TOKEN_BYTES(buf, len, &tok->tt.ip.offset, sizeof(uint16_t),
+	    tok->len, err);
 	if (err)
 		return (-1);
 
@@ -1430,7 +1454,8 @@ fetch_ip_tok(tokenstr_t *tok, char *buf, int len)
 	if (err)
 		return (-1);
 
-	READ_TOKEN_U_INT16(buf, len, tok->tt.ip.chksm, tok->len, err);
+	READ_TOKEN_BYTES(buf, len, &tok->tt.ip.chksm, sizeof(uint16_t),
+	    tok->len, err);
 	if (err)
 		return (-1);
 
@@ -1458,17 +1483,17 @@ print_ip_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
 	print_delim(fp, del);
 	print_mem(fp, (u_char *)(&tok->tt.ip.tos), sizeof(u_char));
 	print_delim(fp, del);
-	print_2_bytes(fp, tok->tt.ip.len, "%u");
+	print_2_bytes(fp, ntohs(tok->tt.ip.len), "%u");
 	print_delim(fp, del);
-	print_2_bytes(fp, tok->tt.ip.id, "%u");
+	print_2_bytes(fp, ntohs(tok->tt.ip.id), "%u");
 	print_delim(fp, del);
-	print_2_bytes(fp, tok->tt.ip.offset, "%u");
+	print_2_bytes(fp, ntohs(tok->tt.ip.offset), "%u");
 	print_delim(fp, del);
 	print_mem(fp, (u_char *)(&tok->tt.ip.ttl), sizeof(u_char));
 	print_delim(fp, del);
 	print_mem(fp, (u_char *)(&tok->tt.ip.prot), sizeof(u_char));
 	print_delim(fp, del);
-	print_2_bytes(fp, tok->tt.ip.chksm, "%u");
+	print_2_bytes(fp, ntohs(tok->tt.ip.chksm), "%u");
 	print_delim(fp, del);
 	print_ip_address(fp, tok->tt.ip.src);
 	print_delim(fp, del);
@@ -1582,7 +1607,8 @@ fetch_iport_tok(tokenstr_t *tok, char *buf, int len)
 {
 	int err = 0;
 
-	READ_TOKEN_U_INT16(buf, len, tok->tt.iport.port, tok->len, err);
+	READ_TOKEN_BYTES(buf, len, &tok->tt.iport.port, sizeof(uint16_t),
+	    tok->len, err);
 	if (err)
 		return (-1);
 
@@ -1596,7 +1622,7 @@ print_iport_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
 
 	print_tok_type(fp, tok->id, "ip port", raw);
 	print_delim(fp, del);
-	print_2_bytes(fp, tok->tt.iport.port, "%#x");
+	print_2_bytes(fp, ntohs(tok->tt.iport.port), "%#x");
 }
 
 /*
@@ -1712,7 +1738,8 @@ fetch_process32_tok(tokenstr_t *tok, char *buf, int len)
 	if (err)
 		return (-1);
 
-	READ_TOKEN_U_INT32(buf, len, tok->tt.proc32.tid.addr, tok->len, err);
+	READ_TOKEN_BYTES(buf, len, &tok->tt.proc32.tid.addr,
+	    sizeof(tok->tt.proc32.tid.addr), tok->len, err);
 	if (err)
 		return (-1);
 
@@ -1931,7 +1958,8 @@ fetch_sock_inet32_tok(tokenstr_t *tok, char *buf, int len)
 	if (err)
 		return (-1);
 
-	READ_TOKEN_U_INT16(buf, len, tok->tt.sockinet32.port, tok->len, err);
+	READ_TOKEN_BYTES(buf, len, &tok->tt.sockinet32.port,
+	    sizeof(uint16_t), tok->len, err);
 	if (err)
 		return (-1);
 
@@ -1952,7 +1980,7 @@ print_sock_inet32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
 	print_delim(fp, del);
 	print_2_bytes(fp, tok->tt.sockinet32.family, "%u");
 	print_delim(fp, del);
-	print_2_bytes(fp, tok->tt.sockinet32.port, "%u");
+	print_2_bytes(fp, ntohs(tok->tt.sockinet32.port), "%u");
 	print_delim(fp, del);
 	print_ip_address(fp, tok->tt.sockinet32.addr);
 }
@@ -1961,7 +1989,8 @@ print_sock_inet32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
  * socket family           2 bytes
  * path                    104 bytes
  */
-static int fetch_sock_unix_tok(tokenstr_t *tok, char *buf, int len)
+static int
+fetch_sock_unix_tok(tokenstr_t *tok, char *buf, int len)
 {
 	int err = 0;
 
@@ -1997,7 +2026,8 @@ print_sock_unix_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
  * remote port             2 bytes
  * remote address          4 bytes
  */
-static int fetch_socket_tok(tokenstr_t *tok, char *buf, int len)
+static int
+fetch_socket_tok(tokenstr_t *tok, char *buf, int len)
 {
 	int err = 0;
 
@@ -2005,7 +2035,8 @@ static int fetch_socket_tok(tokenstr_t *tok, char *buf, int len)
 	if (err)
 		return (-1);
 
-	READ_TOKEN_U_INT16(buf, len, tok->tt.socket.l_port, tok->len, err);
+	READ_TOKEN_BYTES(buf, len, &tok->tt.socket.l_port, sizeof(uint16_t),
+	    tok->len, err);
 	if (err)
 		return (-1);
 
@@ -2014,7 +2045,8 @@ static int fetch_socket_tok(tokenstr_t *tok, char *buf, int len)
 	if (err)
 		return (-1);
 
-	READ_TOKEN_U_INT16(buf, len, tok->tt.socket.r_port, tok->len, err);
+	READ_TOKEN_BYTES(buf, len, &tok->tt.socket.r_port, sizeof(uint16_t),
+	    tok->len, err);
 	if (err)
 		return (-1);
 
@@ -2035,11 +2067,11 @@ print_socket_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
 	print_delim(fp, del);
 	print_2_bytes(fp, tok->tt.socket.type, "%u");
 	print_delim(fp, del);
-	print_2_bytes(fp, tok->tt.socket.l_port, "%u");
+	print_2_bytes(fp, ntohs(tok->tt.socket.l_port), "%u");
 	print_delim(fp, del);
 	print_ip_address(fp, tok->tt.socket.l_addr);
 	print_delim(fp, del);
-	print_2_bytes(fp, tok->tt.socket.r_port, "%u");
+	print_2_bytes(fp, ntohs(tok->tt.socket.r_port), "%u");
 	print_delim(fp, del);
 	print_ip_address(fp, tok->tt.socket.r_addr);
 }
@@ -2359,8 +2391,8 @@ fetch_socketex32_tok(tokenstr_t *tok, char *buf, int len)
 	if (err)
 		return (-1);
 
-	READ_TOKEN_U_INT16(buf, len, tok->tt.socket_ex32.l_port, tok->len,
-	    err);
+	READ_TOKEN_BYTES(buf, len, &tok->tt.socket_ex32.l_port,
+	    sizeof(uint16_t), tok->len, err);
 	if (err)
 		return (-1);
 
@@ -2374,8 +2406,8 @@ fetch_socketex32_tok(tokenstr_t *tok, char *buf, int len)
 	if (err)
 		return (-1);
 
-	READ_TOKEN_U_INT32(buf, len, tok->tt.socket_ex32.r_port, tok->len,
-	    err);
+	READ_TOKEN_BYTES(buf, len, &tok->tt.socket_ex32.r_port,
+	    sizeof(uint16_t), tok->len, err);
 	if (err)
 		return (-1);
 
@@ -2401,11 +2433,11 @@ print_socketex32_tok(FILE *fp, tokenstr_t *tok, char *del, char raw,
 	print_delim(fp, del);
 	print_2_bytes(fp, tok->tt.socket_ex32.type, "%#x");
 	print_delim(fp, del);
-	print_2_bytes(fp, tok->tt.socket_ex32.l_port, "%#x");
+	print_2_bytes(fp, ntohs(tok->tt.socket_ex32.l_port), "%#x");
 	print_delim(fp, del);
 	print_ip_address(fp, tok->tt.socket_ex32.l_addr);
 	print_delim(fp, del);
-	print_4_bytes(fp, tok->tt.socket_ex32.r_port, "%#x");
+	print_4_bytes(fp, ntohs(tok->tt.socket_ex32.r_port), "%#x");
 	print_delim(fp, del);
 	print_ip_address(fp, tok->tt.socket_ex32.r_addr);
 }
diff --git a/contrib/openbsm/libbsm/bsm_token.c b/contrib/openbsm/libbsm/bsm_token.c
index 880c7009bc88..98991adfe2f3 100644
--- a/contrib/openbsm/libbsm/bsm_token.c
+++ b/contrib/openbsm/libbsm/bsm_token.c
@@ -30,7 +30,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#43 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_token.c#47 $
  */
 
 #include <sys/types.h>
@@ -243,6 +243,7 @@ au_to_data(char unit_print, char unit_type, char unit_count, char *p)
 	/* Determine the size of the basic unit. */
 	switch (unit_type) {
 	case AUR_BYTE:
+	/* case AUR_CHAR: */
 		datasize = AUR_BYTE_SIZE;
 		break;
 
@@ -250,8 +251,13 @@ au_to_data(char unit_print, char unit_type, char unit_count, char *p)
 		datasize = AUR_SHORT_SIZE;
 		break;
 
-	case AUR_LONG:
-		datasize = AUR_LONG_SIZE;
+	case AUR_INT32:
+	/* case AUR_INT: */
+		datasize = AUR_INT32_SIZE;
+		break;
+
+	case AUR_INT64:
+		datasize = AUR_INT64_SIZE;
 		break;
 
 	default:
@@ -261,7 +267,7 @@ au_to_data(char unit_print, char unit_type, char unit_count, char *p)
 
 	totdata = datasize * unit_count;
 
-	GET_TOKEN_AREA(t, dptr, totdata + 4 * sizeof(u_char));
+	GET_TOKEN_AREA(t, dptr, 4 * sizeof(u_char) + totdata);
 	if (t == NULL)
 		return (NULL);
 
@@ -341,12 +347,12 @@ au_to_in_addr(struct in_addr *internet_addr)
 	token_t *t;
 	u_char *dptr = NULL;
 
-	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t));
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(uint32_t));
 	if (t == NULL)
 		return (NULL);
 
 	ADD_U_CHAR(dptr, AUT_IN_ADDR);
-	ADD_U_INT32(dptr, internet_addr->s_addr);
+	ADD_MEM(dptr, &internet_addr->s_addr, sizeof(uint32_t));
 
 	return (t);
 }
@@ -363,13 +369,13 @@ au_to_in_addr_ex(struct in6_addr *internet_addr)
 	u_char *dptr = NULL;
 	u_int32_t type = AF_INET6;
 
-	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(u_int32_t));
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 5 * sizeof(uint32_t));
 	if (t == NULL)
 		return (NULL);
 
 	ADD_U_CHAR(dptr, AUT_IN_ADDR_EX);
 	ADD_U_INT32(dptr, type);
-	ADD_MEM(dptr, internet_addr, sizeof(*internet_addr));
+	ADD_MEM(dptr, internet_addr, 5 * sizeof(uint32_t));
 
 	return (t);
 }
@@ -528,23 +534,12 @@ au_to_opaque(char *data, u_int16_t bytes)
  * file pathname           N bytes + 1 terminating NULL byte
  */
 token_t *
-#if defined(KERNEL) || defined(_KERNEL)
 au_to_file(char *file, struct timeval tm)
-#else
-au_to_file(char *file)
-#endif
 {
 	token_t *t;
 	u_char *dptr = NULL;
 	u_int16_t filelen;
 	u_int32_t timems;
-#if !defined(KERNEL) && !defined(_KERNEL)
-	struct timeval tm;
-	struct timezone tzp;
-
-	if (gettimeofday(&tm, &tzp) == -1)
-		return (NULL);
-#endif
 
 	filelen = strlen(file);
 	filelen += 1;
@@ -650,7 +645,7 @@ au_to_process32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
 	ADD_U_INT32(dptr, pid);
 	ADD_U_INT32(dptr, sid);
 	ADD_U_INT32(dptr, tid->port);
-	ADD_U_INT32(dptr, tid->machine);
+	ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));
 
 	return (t);
 }
@@ -837,21 +832,28 @@ au_to_sock_inet32(struct sockaddr_in *so)
 {
 	token_t *t;
 	u_char *dptr = NULL;
+	uint16_t family;
 
-	GET_TOKEN_AREA(t, dptr, 3 * sizeof(u_char) + sizeof(u_int16_t) +
-	    sizeof(u_int32_t));
+	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + 2 * sizeof(uint16_t) +
+	    sizeof(uint32_t));
 	if (t == NULL)
 		return (NULL);
 
 	ADD_U_CHAR(dptr, AUT_SOCKINET32);
 	/*
-	 * In Darwin, sin_family is one octet, but BSM defines the token
- 	 * to store two. So we copy in a 0 first.
+	 * BSM defines the family field as 16 bits, but many operating
+	 * systems have an 8-bit sin_family field.  Extend to 16 bits before
+	 * writing into the token.  Assume that both the port and the address
+	 * in the sockaddr_in are already in network byte order, but family
+	 * is in local byte order.
+	 *
+	 * XXXRW: Should a name space conversion be taking place on the value
+	 * of sin_family?
  	 */
-	ADD_U_CHAR(dptr, 0);
-	ADD_U_CHAR(dptr, so->sin_family);
-	ADD_U_INT16(dptr, so->sin_port);
-	ADD_U_INT32(dptr, so->sin_addr.s_addr);
+	family = so->sin_family;
+	ADD_U_INT16(dptr, family);
+	ADD_MEM(dptr, &so->sin_port, sizeof(uint16_t));
+	ADD_MEM(dptr, &so->sin_addr.s_addr, sizeof(uint32_t));
 
 	return (t);
 
@@ -877,7 +879,7 @@ au_to_sock_inet128(struct sockaddr_in6 *so)
 	ADD_U_CHAR(dptr, so->sin6_family);
 
 	ADD_U_INT16(dptr, so->sin6_port);
-	ADD_MEM(dptr, &so->sin6_addr, sizeof(so->sin6_addr));
+	ADD_MEM(dptr, &so->sin6_addr, 4 * sizeof(uint32_t));
 
 	return (t);
 
@@ -923,7 +925,7 @@ au_to_subject32(au_id_t auid, uid_t euid, gid_t egid, uid_t ruid, gid_t rgid,
 	ADD_U_INT32(dptr, pid);
 	ADD_U_INT32(dptr, sid);
 	ADD_U_INT32(dptr, tid->port);
-	ADD_U_INT32(dptr, tid->machine);
+	ADD_MEM(dptr, &tid->machine, sizeof(u_int32_t));
 
 	return (t);
 }
@@ -1117,23 +1119,12 @@ au_to_exec_env(const char **env)
  * milliseconds of time    4 bytes/8 bytes (32-bit/64-bit value)
  */
 token_t *
-#if defined(KERNEL) || defined(_KERNEL)
-au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod,
+au_to_header32_tm(int rec_size, au_event_t e_type, au_emod_t e_mod,
     struct timeval tm)
-#else
-au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod)
-#endif
 {
 	token_t *t;
 	u_char *dptr = NULL;
 	u_int32_t timems;
-#if !defined(KERNEL) && !defined(_KERNEL)
-	struct timeval tm;
-	struct timezone tzp;
-
-	if (gettimeofday(&tm, &tzp) == -1)
-		return (NULL);
-#endif
 
 	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(u_int32_t) +
 	    sizeof(u_char) + 2 * sizeof(u_int16_t) + 2 * sizeof(u_int32_t));
@@ -1154,6 +1145,17 @@ au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod)
 	return (t);
 }
 
+#if !defined(KERNEL) && !defined(_KERNEL)
+token_t *
+au_to_header32(int rec_size, au_event_t e_type, au_emod_t e_mod)
+{
+	struct timeval tm;
+
+	if (gettimeofday(&tm, NULL) == -1)
+		return (NULL);
+	return (au_to_header32_tm(rec_size, e_type, e_mod, tm));
+}
+
 token_t *
 au_to_header64(__unused int rec_size, __unused au_event_t e_type,
     __unused au_emod_t e_mod)
@@ -1169,6 +1171,7 @@ au_to_header(int rec_size, au_event_t e_type, au_emod_t e_mod)
 
 	return (au_to_header32(rec_size, e_type, e_mod));
 }
+#endif
 
 /*
  * token ID                1 byte
diff --git a/contrib/openbsm/libbsm/bsm_wrappers.c b/contrib/openbsm/libbsm/bsm_wrappers.c
index 72020ce073c0..98f286c66b86 100644
--- a/contrib/openbsm/libbsm/bsm_wrappers.c
+++ b/contrib/openbsm/libbsm/bsm_wrappers.c
@@ -26,7 +26,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  *
- * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#18 $
+ * $P4: //depot/projects/trustedbsd/openbsm/libbsm/bsm_wrappers.c#23 $
  */
 
 #ifdef __APPLE__
@@ -46,6 +46,7 @@
 
 #include <unistd.h>
 #include <syslog.h>
+#include <stdarg.h>
 #include <string.h>
 #include <errno.h>
 
@@ -53,6 +54,115 @@
 int audit_set_terminal_port(dev_t *p);
 int audit_set_terminal_host(uint32_t *m);
 
+/*
+ * General purpose audit submission mechanism for userspace.
+ */
+int
+audit_submit(short au_event, au_id_t auid, char status,
+    int reterr, const char *fmt, ...)
+{
+	char text[MAX_AUDITSTRING_LEN];
+	token_t *token;
+	long acond;
+	va_list ap;
+	pid_t pid;
+	int error, afd;
+	struct auditinfo ai;
+
+	if (auditon(A_GETCOND, &acond, sizeof(acond)) < 0) {
+		/*
+		 * If auditon(2) returns ENOSYS, then audit has not been
+		 * compiled into the kernel, so just return.
+		 */
+		if (errno == ENOSYS)
+			return (0);
+		error = errno;
+		syslog(LOG_AUTH | LOG_ERR, "audit: auditon failed: %s",
+		    strerror(errno));
+		errno = error;
+		return (-1);
+	}
+	if (acond == AUC_NOAUDIT)
+		return (0);
+	afd = au_open();
+	if (afd < 0) {
+		error = errno;
+		syslog(LOG_AUTH | LOG_ERR, "audit: au_open failed: %s",
+		    strerror(errno));
+		errno = error;
+		return (-1);
+	}
+	if (getaudit(&ai) < 0) {
+		error = errno;
+		syslog(LOG_AUTH | LOG_ERR, "audit: getaudit failed: %s",
+		    strerror(errno));
+		errno = error;
+		return (-1);
+	}
+	pid = getpid();
+	token = au_to_subject32(auid, geteuid(), getegid(),
+	    getuid(), getgid(), pid, pid, &ai.ai_termid);
+	if (token == NULL) {
+		syslog(LOG_AUTH | LOG_ERR,
+		    "audit: unable to build subject token");
+		(void) au_close(afd, AU_TO_NO_WRITE, au_event);
+		errno = EPERM;
+		return (-1);
+	}
+	if (au_write(afd, token) < 0) {
+		error = errno;
+		syslog(LOG_AUTH | LOG_ERR,
+		    "audit: au_write failed: %s", strerror(errno));
+		(void) au_close(afd, AU_TO_NO_WRITE, au_event);
+		errno = error;
+		return (-1);
+	}
+	if (fmt != NULL) {
+		va_start(ap, fmt);
+		(void) vsnprintf(text, MAX_AUDITSTRING_LEN, fmt, ap);
+		va_end(ap);
+		token = au_to_text(text);
+		if (token == NULL) {
+			syslog(LOG_AUTH | LOG_ERR,
+			    "audit: failed to generate text token");
+			(void) au_close(afd, AU_TO_NO_WRITE, au_event);
+			errno = EPERM;
+			return (-1);
+		}
+		if (au_write(afd, token) < 0) {
+			error = errno;
+			syslog(LOG_AUTH | LOG_ERR,
+			    "audit: au_write failed: %s", strerror(errno));
+			(void) au_close(afd, AU_TO_NO_WRITE, au_event);
+			errno = error;
+			return (-1);
+		}
+	}
+	token = au_to_return32(status, reterr);
+	if (token == NULL) {
+		syslog(LOG_AUTH | LOG_ERR,
+		    "audit: enable to build return token");
+		(void) au_close(afd, AU_TO_NO_WRITE, au_event);
+		errno = EPERM;
+		return (-1);
+	}
+	if (au_write(afd, token) < 0) {
+		error = errno;
+		syslog(LOG_AUTH | LOG_ERR,
+		    "audit: au_write failed: %s", strerror(errno));
+		(void) au_close(afd, AU_TO_NO_WRITE, au_event);
+		errno = error;
+		return (-1);
+	}
+	if (au_close(afd, AU_TO_WRITE, au_event) < 0) {
+		error = errno;
+		syslog(LOG_AUTH | LOG_ERR, "audit: record not committed");
+		errno = error;
+		return (-1);
+	}
+	return (0);
+}
+
 int
 audit_set_terminal_port(dev_t *p)
 {
@@ -130,7 +240,7 @@ audit_set_terminal_id(au_tid_t *tid)
  * tok = au_to_random_token_2(...);
  * au_write(aufd, tok);
  * ...
- * au_close(aufd, 1, AUE_your_event_type);
+ * au_close(aufd, AU_TO_WRITE, AUE_your_event_type);
  *
  * Assumes, like all wrapper calls, that the caller has previously checked
  * that auditing is enabled via the audit_get_state() call.
@@ -156,7 +266,7 @@ audit_write(short event_code, token_t *subject, token_t *misctok, char retval,
 	if (subject && au_write(aufd, subject) == -1) {
 		au_free_token(subject);
 		au_free_token(misctok);
-		(void)au_close(aufd, 0, event_code);
+		(void)au_close(aufd, AU_TO_WRITE, event_code);
 		syslog(LOG_ERR, "%s: write of subject failed", func);
 		return (kAUWriteSubjectTokErr);
 	}
@@ -164,31 +274,30 @@ audit_write(short event_code, token_t *subject, token_t *misctok, char retval,
 	/* Save the event-specific token. */
 	if (misctok && au_write(aufd, misctok) == -1) {
 		au_free_token(misctok);
-		(void)au_close(aufd, 0, event_code);
+		(void)au_close(aufd, AU_TO_NO_WRITE, event_code);
 		syslog(LOG_ERR, "%s: write of caller token failed", func);
 		return (kAUWriteCallerTokErr);
 	}
 
 	/* Tokenize and save the return value. */
 	if ((rettok = au_to_return32(retval, errcode)) == NULL) {
-		(void)au_close(aufd, 0, event_code);
+		(void)au_close(aufd, AU_TO_NO_WRITE, event_code);
 		syslog(LOG_ERR, "%s: au_to_return32() failed", func);
 		return (kAUMakeReturnTokErr);
 	}
 
 	if (au_write(aufd, rettok) == -1) {
 		au_free_token(rettok);
-		(void)au_close(aufd, 0, event_code);
+		(void)au_close(aufd, AU_TO_NO_WRITE, event_code);
 		syslog(LOG_ERR, "%s: write of return code failed", func);
 		return (kAUWriteReturnTokErr);
 	}
 
 	/*
-	 * au_close()'s second argument is "keep": if keep == 0, the record is
-	 * discarded.  We assume the caller wouldn't have bothered with this
+	 * We assume the caller wouldn't have bothered with this
 	 * function if it hadn't already decided to keep the record.
 	 */
-	if (au_close(aufd, 1, event_code) < 0) {
+	if (au_close(aufd, AU_TO_WRITE, event_code) < 0) {
 		syslog(LOG_ERR, "%s: au_close() failed", func);
 		return (kAUCloseErr);
 	}
diff --git a/contrib/openbsm/libbsm/libbsm.3 b/contrib/openbsm/libbsm/libbsm.3
index c2ea877b3be3..df0c3c16e084 100644
--- a/contrib/openbsm/libbsm/libbsm.3
+++ b/contrib/openbsm/libbsm/libbsm.3
@@ -23,7 +23,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#4 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#5 $
 .\"
 .Dd April 19, 2005
 .Dt LIBBSM 3
@@ -158,9 +158,6 @@ representation.
 .Xr au_to_return32 3 ,
 .Xr au_to_return64 3 ,
 .Xr au_to_seq 3 ,
-.Xr au_to_socket 3 ,
-.Xr au_to_socket_ex_32 3 ,
-.Xr au_to_socket_ex_128 3 ,
 .Xr au_to_sock_inet 3 ,
 .Xr au_to_sock_inet32 3 ,
 .Xr au_to_sock_inet128 3 ,