From 9568fd4404ad713327f6288bc2c21aadbbce1d5c Mon Sep 17 00:00:00 2001
From: csjp <csjp@FreeBSD.org>
Date: Tue, 28 Jul 2020 20:06:16 +0000
Subject: [PATCH] Fixup some incorrect information and some comments. These
 changes were cherry picked up the upstream OpenBSD repository. At some point
 we will look at doing another import, but the diffs are substantial and will
 require some careful testing.

Differential Revision:	https://reviews.freebsd.org/D25021
MFC after:	2 weeks
Submitted by:	gbe
Reviewed by:	myself, bcr
---
 contrib/openbsm/CREDITS                     | 3 +++
 contrib/openbsm/bin/auditd/auditd.c         | 2 +-
 contrib/openbsm/bin/auditdistd/auditdistd.c | 2 +-
 contrib/openbsm/bin/auditdistd/proto_tls.c  | 4 ++--
 contrib/openbsm/libauditd/auditd_lib.c      | 2 +-
 contrib/openbsm/libbsm/au_control.3         | 2 +-
 contrib/openbsm/libbsm/au_domain.3          | 2 +-
 contrib/openbsm/libbsm/au_errno.3           | 2 +-
 contrib/openbsm/libbsm/au_socket_type.3     | 2 +-
 contrib/openbsm/man/audit.log.5             | 6 +++---
 contrib/openbsm/man/getaudit.2              | 3 ++-
 contrib/openbsm/sys/bsm/audit.h             | 8 ++++----
 12 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/contrib/openbsm/CREDITS b/contrib/openbsm/CREDITS
index 18b3ad7dc03..2721de1e487 100644
--- a/contrib/openbsm/CREDITS
+++ b/contrib/openbsm/CREDITS
@@ -36,6 +36,9 @@ the development of OpenBSM:
     Ryan Steinmetz
     The FreeBSD Foundation
     Brooks Davis
+    Mateusz Piotrowski
+    Alan Somers
+    Aniket Pandey
 
 In addition, Coverity, Inc.'s Prevent(tm) static analysis tool and Gimpel
 Software's FlexeLint tool were used to identify a number of bugs in the
diff --git a/contrib/openbsm/bin/auditd/auditd.c b/contrib/openbsm/bin/auditd/auditd.c
index a165cf314e0..bd00a6b1619 100644
--- a/contrib/openbsm/bin/auditd/auditd.c
+++ b/contrib/openbsm/bin/auditd/auditd.c
@@ -712,7 +712,7 @@ auditd_config_controls(void)
 	 */
 	err = auditd_set_qsize();
 	if (err) {
-		auditd_log_err("audit_set_qsize() %s: %m",
+		auditd_log_err("auditd_set_qsize() %s: %m",
 		    auditd_strerror(err));
 		ret = -1;
 	} else
diff --git a/contrib/openbsm/bin/auditdistd/auditdistd.c b/contrib/openbsm/bin/auditdistd/auditdistd.c
index 696f0488b27..8468353f4cb 100644
--- a/contrib/openbsm/bin/auditdistd/auditdistd.c
+++ b/contrib/openbsm/bin/auditdistd/auditdistd.c
@@ -523,7 +523,7 @@ main_loop(void)
 		}
 		TAILQ_FOREACH(adhost, &adcfg->adc_hosts, adh_next) {
 			if (adhost->adh_role == ADIST_ROLE_SENDER) {
-				/* Only sender workers asks for connections. */
+				/* Only sender workers ask for connections. */
 				PJDLOG_ASSERT(adhost->adh_conn != NULL);
 				fd = proto_descriptor(adhost->adh_conn);
 				PJDLOG_ASSERT(fd >= 0);
diff --git a/contrib/openbsm/bin/auditdistd/proto_tls.c b/contrib/openbsm/bin/auditdistd/proto_tls.c
index ff251c5b0c8..31673084d5b 100644
--- a/contrib/openbsm/bin/auditdistd/proto_tls.c
+++ b/contrib/openbsm/bin/auditdistd/proto_tls.c
@@ -413,7 +413,7 @@ tls_exec_client(const char *user, int startfd, const char *srcaddr,
 	tls_certificate_verify(ssl, fingerprint);
 
 	/*
-	 * The following byte is send to make proto_connect_wait() to work.
+	 * The following byte is sent to make proto_connect_wait() work.
 	 */
 	connected = 1;
 	for (;;) {
@@ -460,7 +460,7 @@ tls_call_exec_client(struct proto_conn *sock, const char *srcaddr,
 		proto_close(sock);
 	} else {
 		/*
-		 * The FD_CLOEXEC is cleared by dup2(2), so when we not
+		 * The FD_CLOEXEC is cleared by dup2(2), so when we do not
 		 * call it, we have to clear it by hand in case it is set.
 		 */
 		if (fcntl(startfd, F_SETFD, 0) == -1)
diff --git a/contrib/openbsm/libauditd/auditd_lib.c b/contrib/openbsm/libauditd/auditd_lib.c
index 1e21adb39bb..e6c1312bf49 100644
--- a/contrib/openbsm/libauditd/auditd_lib.c
+++ b/contrib/openbsm/libauditd/auditd_lib.c
@@ -498,7 +498,7 @@ auditd_expire_trails(int (*warn_expired)(char *))
 			 * update the mtime of the trail file to the current
 			 * time. This is so we don't prematurely remove a trail
 			 * file that was created while the system clock reset
-			 * to the * "beginning of time" but later the system
+			 * to the "beginning of time" but later the system
 			 * clock is set to the correct current time.
 			 */
 			if (current_time >= JAN_01_2000 &&
diff --git a/contrib/openbsm/libbsm/au_control.3 b/contrib/openbsm/libbsm/au_control.3
index fbf37b50b21..c5a28f55722 100644
--- a/contrib/openbsm/libbsm/au_control.3
+++ b/contrib/openbsm/libbsm/au_control.3
@@ -201,7 +201,7 @@ converts an audit policy flags string,
 .Fa polstr ,
 to a numeric audit policy mask returned via
 .Fa policy .
-.Sh RETURN VALULES
+.Sh RETURN VALUES
 The
 .Fn getacfilesz ,
 .Fn getacdir ,
diff --git a/contrib/openbsm/libbsm/au_domain.3 b/contrib/openbsm/libbsm/au_domain.3
index 2f16b384815..9d3415fb3c3 100644
--- a/contrib/openbsm/libbsm/au_domain.3
+++ b/contrib/openbsm/libbsm/au_domain.3
@@ -62,7 +62,7 @@ The
 function accepts a local domain, and returns the BSM domain for it.
 This call cannot fail, and instead returns a BSM domain indicating to a later
 decoder that the domain could not be encoded.
-.Sh RETURN VALULES
+.Sh RETURN VALUES
 On success,
 .Fn au_bsm_to_domain
 returns 0 and a converted domain; on failure, it returns -1 but does not set
diff --git a/contrib/openbsm/libbsm/au_errno.3 b/contrib/openbsm/libbsm/au_errno.3
index 93873cec732..9a3d51db012 100644
--- a/contrib/openbsm/libbsm/au_errno.3
+++ b/contrib/openbsm/libbsm/au_errno.3
@@ -76,7 +76,7 @@ function converts a BSM error value to a string, generally by converting first t
 local error number and using the local
 .Xr strerror 3
 function, but will also work for errors that are not locally defined.
-.Sh RETURN VALULES
+.Sh RETURN VALUES
 On success,
 .Fn au_bsm_to_errno
 returns 0 and a converted error value; on failure, it returns -1 but does not
diff --git a/contrib/openbsm/libbsm/au_socket_type.3 b/contrib/openbsm/libbsm/au_socket_type.3
index 5668569f7b4..54534b3fe80 100644
--- a/contrib/openbsm/libbsm/au_socket_type.3
+++ b/contrib/openbsm/libbsm/au_socket_type.3
@@ -61,7 +61,7 @@ operating system.
 function accepts a local socket type, and returns the BSM socket type for it.
 This call cannot fail, and instead returns a BSM socket type indicating to a
 later decoder that the socket type could not be encoded.
-.Sh RETURN VALULES
+.Sh RETURN VALUES
 On success,
 .Fn au_bsm_to_socket_type
 returns 0 and a converted socket type; on failure, it returns -1 but does not
diff --git a/contrib/openbsm/man/audit.log.5 b/contrib/openbsm/man/audit.log.5
index d85fdccb2bf..a1db9981acd 100644
--- a/contrib/openbsm/man/audit.log.5
+++ b/contrib/openbsm/man/audit.log.5
@@ -102,7 +102,7 @@ token can be created using
 .It Sy "Field	Bytes	Description"
 .It "Token ID	1 byte	Token ID"
 .It "Record Byte Count	4 bytes	Number of bytes in record"
-.It "Version Number	2 bytes	Record version number"
+.It "Version Number	1 byte	Record version number"
 .It "Event Type	2 bytes	Event type"
 .It "Event Modifier	2 bytes	Event sub-type"
 .It "Seconds	4/8 bytes	Record time stamp (32/64-bits)"
@@ -126,7 +126,7 @@ token can be created using
 .It Sy "Field	Bytes	Description"
 .It "Token ID	1 byte	Token ID"
 .It "Record Byte Count	4 bytes	Number of bytes in record"
-.It "Version Number	2 bytes	Record version number"
+.It "Version Number	1 byte	Record version number"
 .It "Event Type	2 bytes	Event type"
 .It "Event Modifier	2 bytes	Event sub-type"
 .It "Address Type/Length	1 byte	Host address type and length"
@@ -325,7 +325,7 @@ or
 .It "Process ID	4 bytes	Process ID"
 .It "Session ID	4 bytes	Audit session ID"
 .It "Terminal Port ID	4/8 bytes	Terminal port ID (32/64-bits)"
-.It "Terminal Address Type/Length	1 byte	Length of machine address"
+.It "Terminal Address Type/Length	4 bytes	Length of machine address"
 .It "Terminal Machine Address	4 bytes	IPv4 or IPv6 address of machine"
 .El
 .Ss Return Token
diff --git a/contrib/openbsm/man/getaudit.2 b/contrib/openbsm/man/getaudit.2
index ae5843d45a2..8165c881900 100644
--- a/contrib/openbsm/man/getaudit.2
+++ b/contrib/openbsm/man/getaudit.2
@@ -24,7 +24,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd October 19, 2008
+.Dd March 14, 2018 
 .Dt GETAUDIT 2
 .Os
 .Sh NAME
@@ -62,6 +62,7 @@ struct auditinfo {
 	au_mask_t      ai_mask;         /* Audit masks */
 	au_tid_t       ai_termid;       /* Terminal ID */
 	au_asid_t      ai_asid;         /* Audit session ID */
+	au_asflgs_t    ai_flags;        /* Audit session flags. */
 };
 typedef struct auditinfo        auditinfo_t;
 .Ed
diff --git a/contrib/openbsm/sys/bsm/audit.h b/contrib/openbsm/sys/bsm/audit.h
index 73077b33bd5..26ac4cbf758 100644
--- a/contrib/openbsm/sys/bsm/audit.h
+++ b/contrib/openbsm/sys/bsm/audit.h
@@ -46,7 +46,7 @@
 #define	MIN_AUDIT_FILE_SIZE	(512 * 1024)
 
 /*
- * Minimum noumber of free blocks on the filesystem containing the audit
+ * Minimum number of free blocks on the filesystem containing the audit
  * log necessary to avoid a hard log rotation. DO NOT SET THIS VALUE TO 0
  * as the kernel does an unsigned compare, plus we want to leave a few blocks
  * free so userspace can terminate the log, etc.
@@ -249,14 +249,14 @@ typedef	struct au_token	token_t;
 /*
  * Kernel audit queue control parameters:
  * 			Default:		Maximum:
- * 	aq_hiwater:	AQ_HIWATER (100)	AQ_MAXHIGH (10000) 
+ * 	aq_hiwater:	AQ_HIWATER (100)	AQ_MAXHIGH (10000)
  * 	aq_lowater:	AQ_LOWATER (10)		<aq_hiwater
  * 	aq_bufsz:	AQ_BUFSZ (32767)	AQ_MAXBUFSZ (1048576)
- * 	aq_delay:	20			20000 (not used) 
+ * 	aq_delay:	20			20000 (not used)
  */
 struct au_qctrl {
 	int	aq_hiwater;	/* Max # of audit recs in queue when */
-				/* threads with new ARs get blocked. */ 
+				/* threads with new ARs get blocked. */
 
 	int	aq_lowater;	/* # of audit recs in queue when */
 				/* blocked threads get unblocked. */
-- 
2.45.0