bc168a6cdd
history notes since the last import: OpenBSM 1.0 alpha 14 - Fix endian issues when processing IPv6 addresses for extended subject and process tokens. - gcc41 warnings clean. - Teach audit_submit(3) about getaudit_addr(2). - Add support for zonename tokens. OpenBSM 1.0 alpha 13 - compat/clock_gettime.h now provides a compatibility implementation of clock_gettime(), which fixes building on Mac OS X. - Countless man page improvements, markup fixes, content fixs, etc. - XML printing support via "praudit -x". - audit.log.5 expanded to include additional BSM token types. - Added encoding and decoding routines for process64_ex, process32_ex, subject32_ex, header64, and attr64 tokens. - Additional audit event identifiers for listen, mlockall/munlockall, getpath, POSIX message queues, and mandatory access control. Approved by: re (bmah) MFC after: 3 weeks Obtained from: TrustedBSD Project
137 lines
4.1 KiB
Groff
137 lines
4.1 KiB
Groff
.\"-
|
|
.\" Copyright (c) 2005 Robert N. M. Watson
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" $P4: //depot/projects/trustedbsd/openbsm/libbsm/au_io.3#5 $
|
|
.\"
|
|
.Dd April 19, 2005
|
|
.Dt AU_IO 3
|
|
.Os
|
|
.Sh NAME
|
|
.Nm au_fetch_tok ,
|
|
.Nm au_print_tok ,
|
|
.Nm au_read_rec
|
|
.Nd "perform I/O involving an audit record"
|
|
.Sh LIBRARY
|
|
.Lb libbsm
|
|
.Sh SYNOPSIS
|
|
.In bsm/libbsm.h
|
|
.Ft int
|
|
.Fn au_fetch_tok "tokenstr_t *tok" "u_char *buf" "int len"
|
|
.Ft void
|
|
.Fo au_print_tok
|
|
.Fa "FILE *outfp" "tokenstr_t *tok" "char *del" "char raw" "char sfrm"
|
|
.Fc
|
|
.Ft int
|
|
.Fn au_read_rec "FILE *fp" "u_char **buf"
|
|
.Sh DESCRIPTION
|
|
These interfaces support input and output (I/O) involving audit records,
|
|
internalizing an audit record from a byte stream, converting a token to
|
|
either a raw or default string, and reading a single record from a file.
|
|
.Pp
|
|
The
|
|
.Fn au_fetch_tok
|
|
function
|
|
reads a token from the passed buffer
|
|
.Fa buf
|
|
of length
|
|
.Fa len
|
|
bytes, and returns a pointer to the token via
|
|
.Fa tok .
|
|
.Pp
|
|
The
|
|
.Fn au_print_tok
|
|
function
|
|
prints a string form of the token
|
|
.Fa tok
|
|
to the file output stream
|
|
.Fa outfp ,
|
|
either in default mode, or raw mode if
|
|
.Fa raw
|
|
is set non-zero.
|
|
The delimiter
|
|
.Fa del
|
|
is used when printing.
|
|
.Pp
|
|
The
|
|
.Fn au_read_rec
|
|
function
|
|
reads an audit record from the file stream
|
|
.Fa fp ,
|
|
and returns an allocated memory buffer containing the record via
|
|
.Fa *buf ,
|
|
which must be freed by the caller using
|
|
.Xr free 3 .
|
|
.Pp
|
|
A typical use of these routines might open a file with
|
|
.Xr fopen 3 ,
|
|
then read records from the file sequentially by calling
|
|
.Fn au_read_rec .
|
|
Each record would be broken down into components tokens through sequential
|
|
calls to
|
|
.Fn au_fetch_tok
|
|
on the buffer, and then invoking
|
|
.Fn au_print_tok
|
|
to print each token to an output stream such as
|
|
.Dv stdout .
|
|
On completion of the processing of each record, a call to
|
|
.Xr free 3
|
|
would be used to free the record buffer.
|
|
Finally, the source stream would be closed by a call to
|
|
.Xr fclose 3 .
|
|
.Sh RETURN VALUES
|
|
The
|
|
.Fn au_fetch_tok
|
|
and
|
|
.Fn au_read_rec
|
|
functions
|
|
return 0 on success, or \-1 on failure along with additional error information
|
|
returned via
|
|
.Va errno .
|
|
.Sh SEE ALSO
|
|
.Xr free 3 ,
|
|
.Xr libbsm 3
|
|
.Sh HISTORY
|
|
The OpenBSM implementation was created by McAfee Research, the security
|
|
division of McAfee Inc., under contract to Apple Computer, Inc., in 2004.
|
|
It was subsequently adopted by the TrustedBSD Project as the foundation for
|
|
the OpenBSM distribution.
|
|
.Sh AUTHORS
|
|
.An -nosplit
|
|
This software was created by
|
|
.An Robert Watson ,
|
|
.An Wayne Salamon ,
|
|
and
|
|
.An Suresh Krishnaswamy
|
|
for McAfee Research, the security research division of McAfee,
|
|
Inc., under contract to Apple Computer, Inc.
|
|
.Pp
|
|
The Basic Security Module (BSM) interface to audit records and audit event
|
|
stream format were defined by Sun Microsystems.
|
|
.Sh BUGS
|
|
The
|
|
.Va errno
|
|
variable
|
|
may not always be properly set in the event of an error.
|