Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
AU_MASK(3)	       FreeBSD Library Functions Manual		    AU_MASK(3)

NAME
     au_preselect, getauditflagsbin, getauditflagschar -- convert between
     string and	numeric	values of audit	masks

LIBRARY
     Basic Security Module Library (libbsm, -lbsm)

SYNOPSIS
     #include <bsm/libbsm.h>

     int
     au_preselect(au_event_t event, au_mask_t *mask_p, int sorf, int flag);

     int
     getauditflagsbin(char *auditstr, au_mask_t	*masks);

     int
     getauditflagschar(char *auditstr, au_mask_t *masks, int verbose);

DESCRIPTION
     These interfaces support processing of an audit mask represented by type
     au_mask_t,	including conversion between numeric and text formats, and
     computing whether or not an event is matched by a mask.

     The au_preselect()	function calculates whether or not the audit event
     passed via	event is matched by the	audit mask passed via mask_p.  The
     sorf argument indicates whether or	not to consider	the event as a suc-
     cess, if the AU_PRS_SUCCESS flag is set, or failure, if the
     AU_PRS_FAILURE flag is set.  The flag argument accepts additional argu-
     ments influencing the behavior of au_preselect(), including
     AU_PRS_REREAD, which causes the event to be re-looked up rather than read
     from the cache, or	AU_PRS_USECACHE	which forces use of the	cache.

     The getauditflagsbin() function converts a	string representation of an
     audit mask	passed via a character string pointed to by auditstr, return-
     ing the resulting mask, if	valid, via *masks.

     The getauditflagschar() function converts the audit event mask passed via
     *masks and	converts it to a character string in a buffer pointed to by
     auditstr.	See the	BUGS section for more information on how to provide a
     buffer of sufficient size.	 If the	verbose	flag is	set, the class
     description string	retrieved from audit_class(5) will be used; otherwise,
     the two-character class name.

IMPLEMENTATION NOTES
     The au_preselect()	function makes implicit	use of various audit database
     routines, and may influence the behavior of simultaneous or interleaved
     processing	of those databases by other code.

RETURN VALUES
     The au_preselect()	function returns 0 on success, or returns -1 if	there
     is	a failure looking up the event type or other database access, in which
     case errno	will be	set to indicate	the error.  It returns 1 if the	event
     is	matched; 0 if not.

     The getauditflagsbin() and	getauditflagschar() functions return the
     value 0 if	successful; otherwise the value	-1 is returned and the global
     variable errno is set to indicate the error.

SEE ALSO
     libbsm(3),	audit_class(5)

HISTORY
     The OpenBSM implementation	was created by McAfee Research,	the security
     division of McAfee	Inc., under contract to	Apple Computer,	Inc., in 2004.
     It	was subsequently adopted by the	TrustedBSD Project as the foundation
     for the OpenBSM distribution.

AUTHORS
     This software was created by Robert Watson, Wayne Salamon,	and Suresh
     Krishnaswamy for McAfee Research, the security research division of
     McAfee, Inc., under contract to Apple Computer, Inc.

     The Basic Security	Module (BSM) interface to audit	records	and audit
     event stream format were defined by Sun Microsystems.

BUGS
     The errno variable	may not	always be properly set in the event of an
     error.

     The getauditflagschar() function does not provide a way to	indicate how
     long the character	buffer is, in order to detect overflow.	 As a result,
     the caller	must always provide a buffer of	sufficient length for any pos-
     sible mask, which may be calculated as three times	the number of non-zero
     bits in the mask argument in the event non-verbose	class names are	used,
     and is not	trivially predictable for verbose class	names.	This API
     should be replaced	with a more robust one.

FreeBSD	Ports 11.2		April 19, 2005		    FreeBSD Ports 11.2

NAME | LIBRARY | SYNOPSIS | DESCRIPTION | IMPLEMENTATION NOTES | RETURN VALUES | SEE ALSO | HISTORY | AUTHORS | BUGS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=getauditflagschar&sektion=3&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help