From owner-p4-projects@FreeBSD.ORG Thu Oct 5 19:26:03 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id C954616A4A0; Thu, 5 Oct 2006 19:26:03 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A48F916A494 for ; Thu, 5 Oct 2006 19:26:03 +0000 (UTC) (envelope-from ru@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7257943D70 for ; Thu, 5 Oct 2006 19:26:02 +0000 (GMT) (envelope-from ru@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k95JQ2XV043634 for ; Thu, 5 Oct 2006 19:26:02 GMT (envelope-from ru@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k95JQ2T3043631 for perforce@freebsd.org; Thu, 5 Oct 2006 19:26:02 GMT (envelope-from ru@freebsd.org) Date: Thu, 5 Oct 2006 19:26:02 GMT Message-Id: <200610051926.k95JQ2T3043631@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to ru@freebsd.org using -f From: Ruslan Ermilov To: Perforce Change Reviews Cc: Subject: PERFORCE change 107327 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Oct 2006 19:26:04 -0000 http://perforce.freebsd.org/chv.cgi?CH=107327 Change 107327 by ru@ru_edoofus on 2006/10/05 19:25:18 Fix markup. Affected files ... .. //depot/projects/trustedbsd/openbsm/libbsm/au_class.3#5 edit .. //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#7 edit .. //depot/projects/trustedbsd/openbsm/libbsm/au_event.3#6 edit .. //depot/projects/trustedbsd/openbsm/libbsm/au_free_token.3#5 edit .. //depot/projects/trustedbsd/openbsm/libbsm/au_io.3#4 edit .. //depot/projects/trustedbsd/openbsm/libbsm/au_mask.3#5 edit .. //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#7 edit .. //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#10 edit .. //depot/projects/trustedbsd/openbsm/libbsm/au_user.3#6 edit .. //depot/projects/trustedbsd/openbsm/libbsm/audit_submit.3#10 edit .. //depot/projects/trustedbsd/openbsm/libbsm/libbsm.3#10 edit Differences ... ==== //depot/projects/trustedbsd/openbsm/libbsm/au_class.3#5 (text+ko) ==== @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_class.3#4 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_class.3#5 $ .\" .Dd April 19, 2005 .Dt AU_CLASS 3 @@ -35,51 +35,58 @@ .Nm getauclassnam_r , .Nm setauclass , .Nm endauclass -.Nd "Look up information from the audit_class database" +.Nd "look up information from the audit_class database" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS .In libbsm.h -.Ft struct au_class_ent * -.Fn getauclassent "void" -.Ft struct au_class_ent * +.Ft "struct au_class_ent *" +.Fn getauclassent void +.Ft "struct au_class_ent *" .Fn getauclassent_r "struct au_class_ent *e" -.Ft struct au_class_ent * +.Ft "struct au_class_ent *" .Fn getauclassnam "const char *name" -.Ft struct au_class_ent * +.Ft "struct au_class_ent *" .Fn getauclassnam_r "struct au_class_ent *e" "const char *name" .Ft void -.Fn setauclass "void" +.Fn setauclass void .Ft void -.Fn endauclass "void" +.Fn endauclass void .Sh DESCRIPTION These interfaces may be used to look up information from the .Xr audit_class 5 database, which describes audit event classes. Audit event classes are described by -.Vt struct au_class_ent . +.Vt "struct au_class_ent" . .Pp -.Pp +The .Fn getauclassent +function will return the next class found in the .Xr audit_class 5 database, or the first if the function has not yet been called. .Dv NULL will be returned if no further records are available. .Pp +The .Fn getauclassnam +function looks up a class by name. .Dv NULL will be returned if no matching class can be found. .Pp +The .Fn setauclass +function resets the iterator through the .Xr audit_class 5 database, causing the next call to .Fn getauclassent to start again from the beginning of the file. .Pp +The .Fn endauclass +function closes the .Xr audit_class 5 database, if open. @@ -92,8 +99,13 @@ It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS -This software was created by Robert Watson, Wayne Salamon, and Suresh -Krishnaswamy for McAfee Research, the security research division of McAfee, +.An -nosplit +This software was created by +.An Robert Watson , +.An Wayne Salamon , +and +.An Suresh Krishnaswamy +for McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer, Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event ==== //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#7 (text+ko) ==== @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#6 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_control.3#7 $ .\" .Dd April 19, 2005 .Dt AU_CONTROL 3 @@ -39,15 +39,15 @@ .Nm getacpol , .Nm au_poltostr , .Nm au_strtopol -.Nd "Look up information from the audit_control database" +.Nd "look up information from the audit_control database" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS .In libbsm.h .Ft void -.Fn setac "void" +.Fn setac void .Ft void -.Fn endac "void" +.Fn endac void .Ft int .Fn getacdir "char *name" "int len" .Ft int @@ -69,64 +69,88 @@ .Xr audit_control 5 database, which contains various audit-related administrative parameters. .Pp +The .Fn setac +function resets the database iterator to the beginning of the database; see the -BUGS section for more information. +.Sx BUGS +section for more information. .Pp +The .Fn sendac +function closes the .Xr audit_control 5 database. .Pp +The .Fn getacdir +function returns the name of the directory where log data is stored via the passed character buffer -.Va name +.Fa name of length -.Va len . +.Fa len . .Pp +The .Fn getacmin +function returns the minimum free disk space for the audit log target file system via the passed -.Va min_val +.Fa min_val variable. .Pp +The .Fn getacfilesz -returns the audit trail rotation size in the passed size_t buffer +function +returns the audit trail rotation size in the passed +.Vt size_t +buffer .Fa size_val . .Pp +The .Fn getacflg +function returns the audit system flags via the the passed character buffer -.Va auditstr +.Fa auditstr of length -.Va len . +.Fa len . .Pp +The .Fn getacna +function returns the non-attributable flags via the passed character buffer -.Va auditstr +.Fa auditstr of length -.Va len . +.Fa len . .Pp +The .Fn getacpol +function returns the audit policy flags via the passed character buffer -.Va auditstr +.Fa auditstr of length -.Va len . +.Fa len . .Pp +The .Fn au_poltostr +function converts a numeric audit policy mask, -.Va policy , -value to a string in the passed character buffer -.Va buf +.Fa policy , +to a string in the passed character buffer +.Fa buf of lenth -.Va maxsize . +.Fa maxsize . .Pp +The .Fn au_strtopol +function converts an audit policy flags string, -.Va polstr , +.Fa polstr , to a numeric audit policy mask returned via -.Va policy . +.Fa policy . .Sh RETURN VALULES +The .Fn getacdir , .Fn getacmin , .Fn getacflg , @@ -134,11 +158,14 @@ .Fn getacpol , and .Fn au_strtopol +functions return 0 on success, or a negative value on failure, along with error information in .Va errno . .Pp +The .Fn au_poltostr +function returns a string length of 0 or more on success, or a negative value on if there is a failure. .Pp @@ -153,8 +180,13 @@ It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS -This software was created by Robert Watson, Wayne Salamon, and Suresh -Krishnaswamy for McAfee Research, the security research division of McAfee, +.An -nosplit +This software was created by +.An Robert Watson , +.An Wayne Salamon , +and +.An Suresh Krishnaswamy +for McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer, Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event ==== //depot/projects/trustedbsd/openbsm/libbsm/au_event.3#6 (text+ko) ==== @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_event.3#5 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_event.3#6 $ .\" .Dd April 19, 2005 .Dt AU_EVENT 3 @@ -40,17 +40,17 @@ .Nm getauevnum_r , .Nm getauevnonam , .Nm getauevnonam_r -.Nd "Look up information from the audit_event database" +.Nd "look up information from the audit_event database" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS .In libbsm.h .Ft void -.Fn setauevent "void" +.Fn setauevent void .Ft void -.Fn endauevent "void" +.Fn endauevent void .Ft "struct au_event_ent *" -.Fn getauevent "void" +.Fn getauevent void .Ft "struct au_event_ent *" .Fn getauevent_r "struct au_event_ent *e" .Ft "struct au_event_ent *" @@ -70,45 +70,55 @@ .Xr audit_event 5 database, which describes audit events. Entries in the database are described by -.Vt struct au_event_ent +.Vt "struct au_event_ent" entries, which are returned by calls to .Fn getauevent , .Fn getauevnam , or .Fn getauevnum . -It is also possible look up an event number via a call to -.Nm getauevnonam . +It is also possible to look up an event number via a call to +.Fn getauevnonam . .Pp +The .Fn setauevent +function resets the database access session for .Xr audit_event 5 , so that the next call to .Fn getauevent will start with the first entry in the database. .Pp +The .Fn endauevent +function closes the .Xr audit_event 5 database session. .Pp +The .Fn getauevent +function returns a reference to the next entry in the .Xr audit_event 5 database. .Pp +The .Fn getauevnam +function returns a reference to the entry in the .Xr audit_event 5 database with a name of -.Va name . +.Fa name . .Pp .Fn getauevnum returns a reference to the entry in the .Xr audit_event 5 database with an event number of -.Va event_number . +.Fa event_number . .Pp +The .Fn getauevnonam +function returns a reference to an audit event number using the .Xr audit_event 5 database. @@ -123,11 +133,12 @@ and .Fn getauevnuam will return a reference to a -.Ft struct au_event_ent +.Vt "struct au_event_ent" or -.Ft au_event_t +.Vt au_event_t on success, or -.Dv NULL on failure, with +.Dv NULL +on failure, with .Va errno set to provide further error information. .Sh SEE ALSO @@ -139,14 +150,21 @@ It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS -This software was created by Robert Watson, Wayne Salamon, and Suresh -Krishnaswamy for McAfee Research, the security research division of McAfee, +.An -nosplit +This software was created by +.An Robert Watson , +.An Wayne Salamon , +and +.An Suresh Krishnaswamy +for McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer, Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. .Sh BUGS +The .Va errno +variable is not always properly set following a failure. .Pp These routines are thread-safe, but not re-entrant, so simultaneous or ==== //depot/projects/trustedbsd/openbsm/libbsm/au_free_token.3#5 (text+ko) ==== @@ -27,14 +27,14 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_free_token.3#4 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_free_token.3#5 $ .\" .Dd April 19, 2005 .Dt AU_FREE_TOKEN 3 .Os .Sh NAME .Nm au_free_token -.Nd "Deallocate a token_t created by any of the au_to_*() BSM API functions" +.Nd "deallocate a token_t created by any of the au_to_*() BSM API functions" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS @@ -48,25 +48,27 @@ However, if .Xr au_write 3 is passed a bad audit descriptor, the -.Vt token_t * +.Vt "token_t *" parameter will be left untouched. In that case, the caller can deallocate the .Vt token_t using -.Nm +.Fn au_free_token if desired. .Pp The -.Va tok +.Fa tok argument is a -.Vt token_t * -generated by one of the au_to_*() BSM API calls. +.Vt "token_t *" +generated by one of the +.Fn au_to_* +BSM API calls. For convenience, -.Va tok +.Fa tok may be .Dv NULL , in which case -.Nm +.Fn au_free_token returns immediately. .Sh IMPLEMENTATION NOTES This is, in fact, what @@ -82,8 +84,13 @@ It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS -This software was created by Robert Watson, Wayne Salamon, and Suresh -Krishnaswamy for McAfee Research, the security research division of McAfee, +.An -nosplit +This software was created by +.An Robert Watson , +.An Wayne Salamon , +and +.An Suresh Krishnaswamy +for McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer, Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event ==== //depot/projects/trustedbsd/openbsm/libbsm/au_io.3#4 (text+ko) ==== @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_io.3#3 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_io.3#4 $ .\" .Dd April 19, 2005 .Dt AU_IO 3 @@ -32,7 +32,7 @@ .Nm au_fetch_tok , .Nm au_print_tok , .Nm au_read_rec -.Nd "Perform I/O involving an audit record" +.Nd "perform I/O involving an audit record" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS @@ -48,31 +48,37 @@ internalizing an audit record from a byte stream, converting a token to either a raw or default string, and reading a single record from a file. .Pp +The .Fn au_fetch_tok +function reads a token from the passed buffer -.Va buf +.Fa buf of length -.Va len +.Fa len bytes, and returns a pointer to the token via -.Va tok . +.Fa tok . .Pp +The .Fn au_print_tok +function prints a string form of the token -.Va tok +.Fa tok to the file output stream -.Va outfp, +.Fa outfp , either in default mode, or raw mode if -.Va raw +.Fa raw is set non-zero. The delimiter -.Va del +.Fa del is used when printing. .Pp +The .Fn au_read_rec +function reads an audit record from the file stream -.Va fp , +.Fa fp , and returns an allocated memory buffer containing the record via -.Va *buf , +.Fa *buf , which must be freed by the caller using .Xr free 3 . .Pp @@ -93,10 +99,12 @@ Finally, the source stream would be closed by a call to .Xr fclose 3 . .Sh RETURN VALUES +The .Fn au_fetch_tok and .Fn au_read_rec -return 0 on success, or -1 on failure along with additional error information +functions +return 0 on success, or \-1 on failure along with additional error information returned via .Va errno . .Sh SEE ALSO @@ -108,12 +116,19 @@ It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS -This software was created by Robert Watson, Wayne Salamon, and Suresh -Krishnaswamy for McAfee Research, the security research division of McAfee, +.An -nosplit +This software was created by +.An Robert Watson , +.An Wayne Salamon , +and +.An Suresh Krishnaswamy +for McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer, Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. .Sh BUGS +The .Va errno +variable may not always be properly set in the event of an error. ==== //depot/projects/trustedbsd/openbsm/libbsm/au_mask.3#5 (text+ko) ==== @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_mask.3#4 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_mask.3#5 $ .\" .Dd April 19, 2005 .Dt AU_MASK 3 @@ -32,7 +32,7 @@ .Nm au_preselect , .Nm getauditflagsbin , .Nm getauditflagschar -.Nd "Convert between string and numeric values of audit masks" +.Nd "convert between string and numeric values of audit masks" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS @@ -49,13 +49,15 @@ including conversion between numeric and text formats, and computing whether or not an event is matched by a mask. .Pp +The .Fn au_preselect +function calculates whether or not the audit event passed via -.Va event +.Fa event is matched by the audit mask passed via -.Va au_mask_t . +.Fa mask_p . The -.Va sorf +.Fa sorf argument indicates whether or not to consider the event as a success, if the .Dv AU_PRS_SUCCESS @@ -63,7 +65,7 @@ .Dv AU_PRS_FAILURE flag is set. The -.Va flag +.Fa flag argument accepts additional arguments influencing the behavior of .Fn au_preselect , including @@ -73,44 +75,49 @@ .Dv AU_PRS_USECACHE which forces use of the cache. .Pp +The .Fn getauditflagsbin +function converts a string representation of an audit mask passed via a character string pointed to by -.Va auditstr , +.Fa auditstr , returning the resulting mask, if valid, via -.Va *masks . +.Fa *masks . .Pp +The .Fn getauditflagschar +function converts the audit event mask passed via -.Va *masks +.Fa *masks and converts it to a character string in a buffer pointed to by -.Va auditstr . -See the BUGS section for more information on how to provide a buffer of +.Fa auditstr . +See the +.Sx BUGS +section for more information on how to provide a buffer of sufficient size. If the -.Va verbose +.Fa verbose flag is set, the class description string retrieved from .Xr audit_class 5 will be used; otherwise, the two-character class name. .Sh IMPLEMENTATION NOTES +The .Fn au_preselect +function makes implicit use of various audit database routines, and may influence the behavior of simultaneous or interleaved processing of those databases by other code. .Sh RETURN VALUES +The .Fn au_preselect -returns 0 on success, or returns -1 if there is a failure looking up the +function +returns 0 on success, or returns \-1 if there is a failure looking up the event type or other database access, in which case .Va errno will be set to indicate the error. It returns 1 if the event is matched; 0 if not. .Pp -.Fn getauditflagsbin -and -.Fn getauditflagschar -returns 0 on success, or -1 if there is a failure, in which case -.Va errno -will be set to indicate the error. +.Rv -std getauditflagsbin getauditflagschar .Sh SEE ALSO .Xr libbsm 3 , .Xr audit_class 5 @@ -120,17 +127,26 @@ It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS -This software was created by Robert Watson, Wayne Salamon, and Suresh -Krishnaswamy for McAfee Research, the security research division of McAfee, +.An -nosplit +This software was created by +.An Robert Watson , +.An Wayne Salamon , +and +.An Suresh Krishnaswamy +for McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer, Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems. .Sh BUGS +The .Va errno +variable may not always be properly set in the event of an error. .Pp +The .Fn getauditflagschar +function does not provide a way to indicate how long the character buffer is, in order to detect overflow. As a result, the caller must always provide a buffer of sufficient length for ==== //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#7 (text+ko) ==== @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#6 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_open.3#7 $ .\" .Dd March 4, 2006 .Dt AU_OPEN 3 @@ -34,13 +34,13 @@ .Nm au_close_token , .Nm au_open , .Nm au_write -.Nd "Create and commit audit records" +.Nd "create and commit audit records" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS .In libbsm.h .Ft int -.Fn au_open "void" +.Fn au_open void .Ft int .Fn au_write "int d" "token_t *tok" .Ft int @@ -73,7 +73,7 @@ abandon the record. In either cases, all resources associated with the record will be released. The -.Va keep +.Fa keep argument determines the behavior: a value of .Dv AU_TO_WRITE causes the record to be committed; a value of @@ -81,28 +81,30 @@ causes it to be abandoned. When the audit record is committed, a BSM header will be inserted before tokens added to the record, using the event identifier passed via -.Va event , +.Fa event , and a trailer added to the end. Committing a record to the system audit log requires privilege. .Pp The .Fn au_close_buffer function writes the resulting record to an in-memory buffer of size -.Va *buflen ; +.Fa *buflen ; it will write back the filled buffer length into the same variable. The argument -.Va short +.Fa event is the event identifier to use in the record header. .Pp The .Fn au_close_token function generates the BSM stream output for a single token, -.Va tok , +.Fa tok , in the passed buffer -.Va buffer . +.Fa buffer . The initial buffer size and resulting data size are passed via -.Va *buflen . +.Fa *buflen . +The .Fn au_close_token +function will free the token before returning. .Sh RETURN VALUES The function @@ -129,8 +131,13 @@ It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS -This software was created by Robert Watson, Wayne Salamon, and Suresh -Krishnaswamy for McAfee Research, the security research division of McAfee, +.An -nosplit +This software was created by +.An Robert Watson , +.An Wayne Salamon , +and +.An Suresh Krishnaswamy +for McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer, Inc. .Pp The Basic Security Module (BSM) interface to audit records and audit event ==== //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#10 (text+ko) ==== @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#9 $ +.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_token.3#10 $ .\" .Dd April 19, 2005 .Dt AU_TOKEN 3 @@ -72,103 +72,103 @@ .Nm au_to_header , .Nm au_to_header32 , .Nm au_to_header64 , -.Nm au_to_trailer . -.Nd "Routines for generating BSM audit tokens" +.Nm au_to_trailer +.Nd "routines for generating BSM audit tokens" .Sh LIBRARY .Lb libbsm .Sh SYNOPSIS .In libbsm.h -.Ft token_t * +.Ft "token_t *" .Fn au_to_arg32 "char n" "char *text" "u_int32_t v" -.Ft token_t * +.Ft "token_t *" .Fn au_to_arg64 "char n" "char *text" "u_int64_t v" -.Ft token_t * +.Ft "token_t *" .Fn au_to_arg "char n" "char *text" "u_int32_t v" -.Ft token_t * +.Ft "token_t *" .Fn au_to_attr32 "struct vattr *attr" -.Ft token_t * +.Ft "token_t *" .Fn au_to_attr64 "struct vattr *attr" -.Ft token_t * +.Ft "token_t *" .Fn au_to_attr "struct vattr *attr" -.Ft token_t * +.Ft "token_t *" .Fn au_to_data "char unit_print" "char unit_type" "char unit_count" "char *p" -.Ft token_t * +.Ft "token_t *" .Fn au_to_exit "int retval" "int err" -.Ft token_t * +.Ft "token_t *" .Fn au_to_groups "int *groups" -.Ft token_t * +.Ft "token_t *" .Fn au_to_newgroups "u_int16_t n" "gid_t *groups" -.Ft token_t * +.Ft "token_t *" .Fn au_to_in_addr "struct in_addr *internet_addr" -.Ft token_t * +.Ft "token_t *" .Fn au_to_in_addr_ex "struct in6_addr *internet_addr" -.Ft token_t * +.Ft "token_t *" .Fn au_to_ip "struct ip *ip" -.Ft token_t * +.Ft "token_t *" .Fn au_to_ipc "char type" "int id" -.Ft token_t * +.Ft "token_t *" .Fn au_to_ipc_perm "struct ipc_perm *perm" -.Ft token_t * +.Ft "token_t *" .Fn au_to_iport "u_int16_t iport" -.Ft token_t * +.Ft "token_t *" .Fn au_to_opaque "char *data" "u_int64_t bytes" -.Ft token_t * +.Ft "token_t *" .Fn au_to_file "char *file" "struct timeval tm" -.Ft token_t * +.Ft "token_t *" .Fn au_to_text "char *text" -.Ft token_t * +.Ft "token_t *" .Fn au_to_path "char *text" -.Ft token_t * +.Ft "token_t *" .Fn au_to_process32 "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid" -.Ft token_t * +.Ft "token_t *" .Fn au_to_process64 "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid" -.Ft token_t * +.Ft "token_t *" .Fn au_to_process32_ex "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_addr_t *tid" -.Ft token_t * +.Ft "token_t *" .Fn au_to_process64_ex "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_addr_t *tid" -.Ft token_t * +.Ft "token_t *" .Fn au_to_return32 "char status" "u_int32_t ret" -.Ft token_t * +.Ft "token_t *" .Fn au_to_return64 "char status" "u_int64_t ret" -.Ft token_t * +.Ft "token_t *" .Fn au_to_return "char status" "u_int32_t ret" -.Ft token_t * +.Ft "token_t *" .Fn au_to_seq "long audit_count" -.Ft token_t * +.Ft "token_t *" .Fn au_to_sock_inet32 "struct sockaddr_in *so" -.Ft token_t * +.Ft "token_t *" .Fn au_to_sock_inet128 "struct sockaddr_in6 *so" -.Ft token_t * +.Ft "token_t *" .Fn au_to_sock_int "struct sockaddr_in *so" -.Ft token_t * +.Ft "token_t *" .Fn au_to_subject32 "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid" -.Ft token_t * +.Ft "token_t *" .Fn au_to_subject64 "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid" -.Ft token_t * +.Ft "token_t *" .Fn au_to_subject "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid" -.Ft token_t * +.Ft "token_t *" .Fn au_to_subject32_ex "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_t *tid" -.Ft token_t * +.Ft "token_t *" .Fn au_to_subject64_ex "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_addr_t *tid" -.Ft token_t * +.Ft "token_t *" .Fn au_to_subject_ex "au_id_t auid" "uid_t euid" "gid_t egid" "uid_t ruid" "gid_t rgid" "pid_t pid" "au_asid_t sid" "au_tid_addr_t *tid" -.Ft token_t * -.Fn au_to_me "void" -.Ft token_t * +.Ft "token_t *" +.Fn au_to_me void +.Ft "token_t *" .Fn au_to_exec_args "char **argv" -.Ft token_t * +.Ft "token_t *" .Fn au_to_exec_env "char **envp" -.Ft token_t * +.Ft "token_t *" .Fn au_to_header "int rec_size" "au_event_t e_type" "au_emod_t emod" -.Ft token_t * +.Ft "token_t *" .Fn au_to_header32 "int rec_size" "au_event_t e_type" "au_emod_t emod" -.Ft token_t * +.Ft "token_t *" .Fn au_to_header64 "int rec_size" "au_event_t e_type" "au_emod_t e_mod" -.Ft token_t * +.Ft "token_t *" .Fn au_to_trailer "int rec_size" .Sh DESCRIPTION These interfaces support the allocation of BSM audit tokens, represented by -.Ft token_t , +.Vt token_t , for various data types. .Sh RETURN VALUES On success, a pointer to a @@ -189,10 +189,14 @@ It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution. .Sh AUTHORS -This software was created by Robert Watson, Wayne Salamon, and Suresh -Krishnaswamy for McAfee Research, the security research division of McAfee, +.An -nosplit +This software was created by +.An Robert Watson , +.An Wayne Salamon , +and >>> TRUNCATED FOR MAIL (1000 lines) <<<