diff options
Diffstat (limited to 'contrib/openbsm/libbsm/au_token.3')
-rw-r--r-- | contrib/openbsm/libbsm/au_token.3 | 209 |
1 files changed, 209 insertions, 0 deletions
diff --git a/contrib/openbsm/libbsm/au_token.3 b/contrib/openbsm/libbsm/au_token.3 new file mode 100644 index 0000000..dd0ce27 --- /dev/null +++ b/contrib/openbsm/libbsm/au_token.3 @@ -0,0 +1,209 @@ +.\"- +.\" Copyright (c) 2005 Robert N. M. Watson +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#4 $ +.\" +.Dd April 19, 2005 +.Dt AU_TOKEN 3 +.Os +.Sh NAME +.Nm au_to_arg32 , +.Nm au_to_arg64 , +.Nm au_to_arg , +.Nm au_to_attr64 , +.Nm au_to_data , +.Nm au_to_exit , +.Nm au_to_groups , +.Nm au_to_newgroups , +.Nm au_to_in_addr , +.Nm au_to_in_addr_ex , +.Nm au_to_ip , +.Nm au_to_ipc , +.Nm au_to_ipc_perm , +.Nm au_to_iport , +.Nm au_to_opaque , +.Nm au_to_file , +.Nm au_to_text , +.Nm au_to_path , +.Nm au_to_process32 , +.Nm au_to_process64 , +.Nm au_to_process , +.Nm au_to_process32_ex , +.Nm au_to_process64_ex , +.Nm au_to_process_ex , +.Nm au_to_return32 , +.Nm au_to_return64 , +.Nm au_to_return , +.Nm au_to_seq , +.Nm au_to_socket , +.Nm au_to_socket_ex_32 , +.Nm au_to_socket_ex_128 , +.Nm au_to_sock_inet32 , +.Nm au_to_sock_inet128 , +.Nm au_to_sock_inet , +.Nm au_to_subject32 , +.Nm au_to_subject64 , +.Nm au_to_subject , +.Nm au_to_subject32_ex , +.Nm au_to_subject64_ex , +.Nm au_to_subject_ex , +.Nm au_to_me , +.Nm au_to_exec_args , +.Nm au_to_exec_env , +.Nm au_to_header , +.Nm au_to_header32 , +.Nm au_to_header64 , +.Nm au_to_trailer . +.Nd "Routines for generating BSM audit tokens" +.Sh LIBRARY +.Lb libbsm +.Sh SYNOPSIS +.In libbsm.h +.Ft token_t * +.Fn au_to_arg32 "char n" "char *text" "u_int32_t v" +.Ft token_t * +.Fn au_to_arg64 "char n" "char *text" "u_int64_t v" +.Ft token_t * +.Fn au_to_arg "char n" "char *text" "u_int32_t v" +.Ft token_t * +.Fn au_to_attr32 "struct vattr *attr" +.Ft token_t * +.Fn au_to_attr64 "struct vattr *attr" +.Ft token_t * +.Fn au_to_attr "struct vattr *attr" +.Ft token_t * +.Fn au_to_data "char unit_print" "char unit_type" "char unit_count" "char *p" +.Ft token_t * +.Fn au_to_exit "int retval" "int err" +.Ft token_t * +.Fn au_to_groups "int *groups" +.Ft token_t * +.Fn au_to_newgroups "u_int16_t n" "gid_t *groups" +.Ft token_t * +.Fn au_to_in_addr "struct in_addr *internet_addr" +.Ft token_t * +.Fn au_to_in_addr_ex "struct in6_addr *internet_addr" +.Ft token_t * +.Fn au_to_ip "struct ip *ip" +.Ft token_t * +.Fn au_to_ipc "char type" "int id" +.Ft token_t * +.Fn au_to_ipc_perm "struct ipc_perm *perm" +.Ft token_t * +.Fn au_to_iport "u_int16_t iport" +.Ft token_t * +.Fn au_to_opaque "char *data" "u_int64_t bytes" +.Ft token_t * +.Fn au_to_file "char *file" +.Ft token_t * +.Fn au_to_file "char *file" +.Ft token_t * +.Fn au_to_text "char *text" +.Ft token_t * +.Fn au_to_path "char *text" +.Ft token_t * +.Fn au_to_process32 "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid" +.Ft token_t * +.Fn au_to_process64 "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid" +.Ft token_t * +.Fn au_to_process32_ex "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_addr_t *tid" +.Ft token_t * +.Fn au_to_process64_ex "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_addr_t *tid" +.Ft token_t * +.Fn au_to_return32 "char status" "u_int32_t ret" +.Ft token_t * +.Fn au_to_return64 "char status" "u_int64_t ret" +.Ft token_t * +.Fn au_to_return "char status" "u_int32_t ret" +.Ft token_t * +.Fn au_to_seq "long audit_count" +.Ft token_t * +.Fn au_to_socket "struct socket *so" +.Ft token_t * +.Fn au_to_socket_ex_32 "struct socket *so" +.Ft token_t * +.Fn au_to_socket_ex_128 "struct socket *so" +.Ft token_t * +.Fn au_to_sock_inet32 "struct sockaddr_in *so" +.Ft token_t * +.Fn au_to_sock_inet128 "struct sockaddr_in6 *so" +.Ft token_t * +.Fn au_to_sock_int "struct sockaddr_in *so" +.Ft token_t * +.Fn au_to_subject32 "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid" +.Ft token_t * +.Fn au_to_subject64 "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid" +.Ft token_t * +.Fn au_to_subject "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid" +.Ft token_t * +.Fn au_to_subject32_ex "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid" +.Ft token_t * +.Fn au_to_subject64_ex "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_addr_t *tid" +.Ft token_t * +.Fn au_to_subject_ex "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_addr_t *tid" +.Ft token_t * +.Fn au_to_me "void" +.Ft token_t * +.Fn au_to_exec_args "const char **args" +.Ft token_t * +.Fn au_to_exec_env "const char **env" +.Ft token_t * +.Fn au_to_header "int rec_size" "au_event_t e_type" "au_emod_t emod" +.Ft token_t * +.Fn au_to_header32 "int rec_size" "au_event_t e_type" "au_emod_t emod" +.Ft token_t * +.Fn au_to_header64 "int rec_size" "au_event_t e_type" "au_emod_t e_mod" +.Ft token_t * +.Fn au_to_trailer "int rec_size" +.Sh DESCRIPTION +These interfaces support the allocation of BSM audit tokens, represented by +.Dt token_t , +for various data types. +.Sh RETURN VALUES +On sucess, a pointer to a +.Vt token_t +will be returned; the allocated +.Vt token_t +can be freed via a call to +.Xr au_free_token 3 . +On failure, +.Dv NULL +will be returned, and an error condition returned via +.Va errno . +.Sh SEE ALSO +.Xr libbsm 3 +.Sh AUTHORS +This software was created by Robert Watson, Wayne Salamon, and Suresh +Krishnaswamy for McAfee Research, the security research division of McAfee, +Inc., under contract to Apple Computer, Inc. +.Pp +The Basic Security Module (BSM) interface to audit records and audit event +stream format were defined by Sun Microsystems. +.Sh HISTORY +The OpenBSM implementation was created by McAfee Research, the security +division of McAfee Inc., under contract to Apple Computer, Inc., in 2004. +It was subsequently adopted by the TrustedBSD Project as the foundation for +the OpenBSM distribution. +.Sh BUGS |