diff options
author | rwatson <rwatson@FreeBSD.org> | 2007-04-16 15:37:10 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2007-04-16 15:37:10 +0000 |
commit | 9d9ec51b2c47983a8f8c8d48ed2fca487c2b272a (patch) | |
tree | 103f2ad3fab79dfe5e3b4ca02ebf1d9c1e2e4e82 /contrib/openbsm/libbsm/au_mask.3 | |
parent | 6b46b736cc84f6697b21608e304026e847ac155d (diff) | |
download | FreeBSD-src-9d9ec51b2c47983a8f8c8d48ed2fca487c2b272a.zip FreeBSD-src-9d9ec51b2c47983a8f8c8d48ed2fca487c2b272a.tar.gz |
Vendor import TrustedBSD OpenBSM 1.0 alpha 14, with the following change
history notes since the last import:
OpenBSM 1.0 alpha 14
- Fix endian issues when processing IPv6 addresses for extended subject
and process tokens.
- gcc41 warnings clean.
- Teach audit_submit(3) about getaudit_addr(2).
- Add support for zonename tokens.
OpenBSM 1.0 alpha 13
- compat/clock_gettime.h now provides a compatibility implementation of
clock_gettime(), which fixes building on Mac OS X.
- Countless man page improvements, markup fixes, content fixs, etc.
- XML printing support via "praudit -x".
- audit.log.5 expanded to include additional BSM token types.
- Added encoding and decoding routines for process64_ex, process32_ex,
subject32_ex, header64, and attr64 tokens.
- Additional audit event identifiers for listen, mlockall/munlockall,
getpath, POSIX message queues, and mandatory access control.
Approved by: re (bmah)
MFC after: 3 weeks
Obtained from: TrustedBSD Project
Diffstat (limited to 'contrib/openbsm/libbsm/au_mask.3')
-rw-r--r-- | contrib/openbsm/libbsm/au_mask.3 | 82 |
1 files changed, 49 insertions, 33 deletions
diff --git a/contrib/openbsm/libbsm/au_mask.3 b/contrib/openbsm/libbsm/au_mask.3 index 6698ae5..2845279 100644 --- a/contrib/openbsm/libbsm/au_mask.3 +++ b/contrib/openbsm/libbsm/au_mask.3 @@ -10,7 +10,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" +.\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_mask.3#3 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_mask.3#6 $ .\" .Dd April 19, 2005 .Dt AU_MASK 3 @@ -32,11 +32,11 @@ .Nm au_preselect , .Nm getauditflagsbin , .Nm getauditflagschar -.Nd "Convert between string and numeric values of audit masks" +.Nd "convert between string and numeric values of audit masks" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS -.In libbsm.h +.In bsm/libbsm.h .Ft int .Fn au_preselect "au_event_t event" "au_mask_t *mask_p" "int sorf" "int flag" .Ft int @@ -49,13 +49,15 @@ These interfaces support processing of an audit mask represented by type including conversion between numeric and text formats, and computing whether or not an event is matched by a mask. .Pp +The .Fn au_preselect +function calculates whether or not the audit event passed via -.Va event +.Fa event is matched by the audit mask passed via -.Va au_mask_t . +.Fa mask_p . The -.Va sorf +.Fa sorf argument indicates whether or not to consider the event as a success, if the .Dv AU_PRS_SUCCESS @@ -63,7 +65,7 @@ flag is set, or failure, if the .Dv AU_PRS_FAILURE flag is set. The -.Va flag +.Fa flag argument accepts additional arguments influencing the behavior of .Fn au_preselect , including @@ -73,64 +75,78 @@ or .Dv AU_PRS_USECACHE which forces use of the cache. .Pp +The .Fn getauditflagsbin +function converts a string representation of an audit mask passed via a character string pointed to by -.Va auditstr , +.Fa auditstr , returning the resulting mask, if valid, via -.Va *masks . +.Fa *masks . .Pp +The .Fn getauditflagschar +function converts the audit event mask passed via -.Va *masks +.Fa *masks and converts it to a character string in a buffer pointed to by -.Va auditstr . -See the BUGS section for more information on how to provide a buffer of +.Fa auditstr . +See the +.Sx BUGS +section for more information on how to provide a buffer of sufficient size. If the -.Va verbose +.Fa verbose flag is set, the class description string retrieved from .Xr audit_class 5 will be used; otherwise, the two-character class name. +.Sh IMPLEMENTATION NOTES +The +.Fn au_preselect +function +makes implicit use of various audit database routines, and may influence +the behavior of simultaneous or interleaved processing of those databases by +other code. .Sh RETURN VALUES +The .Fn au_preselect -returns 0 on success, or returns -1 if there is a failure looking up the +function +returns 0 on success, or returns \-1 if there is a failure looking up the event type or other database access, in which case .Va errno will be set to indicate the error. It returns 1 if the event is matched; 0 if not. .Pp -.Fn getauditflagsbin -and -.Fn getauditflagschar -returns 0 on success, or -1 if there is a failure, in which case -.Va errno -will be set to indicate the error. -.Sh IMPLEMENTATION NOTES -.Fn au_preselect -makes implicit use of various audit database routines, and may influence -the behavior of simultaneous or interleaved processing of those databases by -other code. +.Rv -std getauditflagsbin getauditflagschar .Sh SEE ALSO .Xr libbsm 3 , .Xr audit_class 5 -.Sh AUTHORS -This software was created by Robert Watson, Wayne Salamon, and Suresh -Krishnaswamy for McAfee Research, the security research division of McAfee, -Inc., under contract to Apple Computer, Inc. -.Pp -The Basic Security Module (BSM) interface to audit records and audit event -stream format were defined by Sun Microsystems. .Sh HISTORY The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer, Inc., in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. +.Sh AUTHORS +.An -nosplit +This software was created by +.An Robert Watson , +.An Wayne Salamon , +and +.An Suresh Krishnaswamy +for McAfee Research, the security research division of McAfee, +Inc., under contract to Apple Computer, Inc. +.Pp +The Basic Security Module (BSM) interface to audit records and audit event +stream format were defined by Sun Microsystems. .Sh BUGS +The .Va errno +variable may not always be properly set in the event of an error. .Pp +The .Fn getauditflagschar +function does not provide a way to indicate how long the character buffer is, in order to detect overflow. As a result, the caller must always provide a buffer of sufficient length for |