Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
AU_MASK(3)             FreeBSD Library Functions Manual             AU_MASK(3)

NAME
     au_preselect, getauditflagsbin, getauditflagschar -- Convert between
     string and numeric values of audit masks

LIBRARY
     Basic Security Module User Library (libbsm, -lbsm)

SYNOPSIS
     #include <libbsm.h>

     int
     au_preselect(au_event_t event, au_mask_t *mask_p, int sorf, int flag);

     int
     getauditflagsbin(char *auditstr, au_mask_t *masks);

     int
     getauditflagschar(char *auditstr, au_mask_t *masks, int verbose);

DESCRIPTION
     These interfaces support processing of an audit mask represented by type
     au_mask_t, including conversion between numeric and text formats, and
     computing whether or not an event is matched by a mask.

     au_preselect() calculates whether or not the audit event passed via event
     is matched by the audit mask passed via au_mask_t.  The sorf argument
     indicates whether or not to consider the event as a success, if the
     AU_PRS_SUCCESS flag is set, or failure, if the AU_PRS_FAILURE flag is
     set.  The flag argument accepts additional arguments influencing the
     behavior of au_preselect(), including AU_PRS_REREAD, which causes the
     event to be re-looked up rather than read from the cache, or
     AU_PRS_USECACHE which forces use of the cache.

     getauditflagsbin() converts a string representation of an audit mask
     passed via a character string pointed to by auditstr, returning the
     resulting mask, if valid, via *masks.

     getauditflagschar() converts the audit event mask passed via *masks and
     converts it to a character string in a buffer pointed to by auditstr.
     See the BUGS section for more information on how to provide a buffer of
     sufficient size.  If the verbose flag is set, the class description
     string retrieved from audit_class(5) will be used; otherwise, the two-
     character class name.

RETURN VALUES
     au_preselect() returns 0 on success, or returns -1 if there is a failure
     looking up the event type or other database access, in which case errno
     will be set to indicate the error.  It returns 1 if the event is matched;
     0 if not.

     getauditflagsbin() and getauditflagschar() returns 0 on success, or -1 if
     there is a failure, in which case errno will be set to indicate the
     error.

IMPLEMENTATION NOTES
     au_preselect() makes implicit use of various audit database routines, and
     may influence the behavior of simultaneous or interleaved processing of
     those databases by other code.

SEE ALSO
     libbsm(3), audit_class(5)

AUTHORS
     This software was created by Robert Watson, Wayne Salamon, and Suresh
     Krishnaswamy for McAfee Research, the security research division of
     McAfee, Inc., under contract to Apple Computer, Inc.

     The Basic Security Module (BSM) interface to audit records and audit
     event stream format were defined by Sun Microsystems.

HISTORY
     The OpenBSM implementation was created by McAfee Research, the security
     division of McAfee Inc., under contract to Apple Computer, Inc., in 2004.
     It was subsequently adopted by the TrustedBSD Project as the foundation
     for the OpenBSM distribution.

BUGS
     errno may not always be properly set in the event of an error.

     getauditflagschar() does not provide a way to indicate how long the char-
     acter buffer is, in order to detect overflow.  As a result, the caller
     must always provide a buffer of sufficient length for any possible mask,
     which may be calculated as three times the number of non-zero bits in the
     mask argument in the event non-verbose class names are used, and is not
     trivially predictable for verbose class names.  This API should be
     replaced with a more robust one.

FreeBSD 6.2                     April 19, 2005                     FreeBSD 6.2

NAME | LIBRARY | SYNOPSIS | DESCRIPTION | RETURN VALUES | IMPLEMENTATION NOTES | SEE ALSO | AUTHORS | HISTORY | BUGS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=getauditflagschar&sektion=3&manpath=FreeBSD+6.2-RELEASE>

home | help