Проект OpenNet: MAN au_mask (3) Библиотечные вызовы (FreeBSD и Linux)

Интерактивная система просмотра системных руководств (man-ов)

au_mask (3)

>> au_mask (3) ( FreeBSD man: Библиотечные вызовы )

BSD mandoc

NAME



au_preselect

 
getauditflagsbin

 
getauditflagschar

 - convert between string and numeric values of audit masks

LIBRARY

Lb libbsm

SYNOPSIS

#include <bsm/libbsm.h>
int au_preselect (au_event_t event au_mask_t *mask_p int sorf int flag);
int getauditflagsbin (char *auditstr au_mask_t *masks);
int getauditflagschar (char *auditstr au_mask_t *masks int verbose);

DESCRIPTION

These interfaces support processing of an audit mask represented by type Vt au_mask_t , including conversion between numeric and text formats, and computing whether or not an event is matched by a mask.

The au_preselect ();
function calculates whether or not the audit event passed via Fa event is matched by the audit mask passed via Fa mask_p . The Fa sorf argument indicates whether or not to consider the event as a success, if the AU_PRS_SUCCESS flag is set, or failure, if the AU_PRS_FAILURE flag is set. The Fa flag argument accepts additional arguments influencing the behavior of au_preselect (,);
including AU_PRS_REREAD which causes the event to be re-looked up rather than read from the cache, or AU_PRS_USECACHE which forces use of the cache.

The getauditflagsbin ();
function converts a string representation of an audit mask passed via a character string pointed to by Fa auditstr , returning the resulting mask, if valid, via Fa *masks .

The getauditflagschar ();
function converts the audit event mask passed via Fa *masks and converts it to a character string in a buffer pointed to by Fa auditstr . See the Sx BUGS section for more information on how to provide a buffer of sufficient size. If the Fa verbose flag is set, the class description string retrieved from audit_class5 will be used; otherwise, the two-character class name.

IMPLEMENTATION NOTES

The au_preselect ();
function makes implicit use of various audit database routines, and may influence the behavior of simultaneous or interleaved processing of those databases by other code.

RETURN VALUES

The au_preselect ();
function returns 0 on success, or returns -1 if there is a failure looking up the event type or other database access, in which case errno will be set to indicate the error. It returns 1 if the event is matched; 0 if not.

Rv -std getauditflagsbin getauditflagschar

HISTORY

The OpenBSM implementation was created by McAfee Research, the security division of McAfee Inc., under contract to Apple Computer, Inc., in 2004. It was subsequently adopted by the TrustedBSD Project as the foundation for the OpenBSM distribution.

AUTHORS

An -nosplit This software was created by An Robert Watson , An Wayne Salamon , and An Suresh Krishnaswamy for McAfee Research, the security research division of McAfee, Inc., under contract to Apple Computer, Inc.

The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.

BUGS

The errno variable may not always be properly set in the event of an error.

The getauditflagschar ();
function does not provide a way to indicate how long the character buffer is, in order to detect overflow. As a result, the caller must always provide a buffer of sufficient length for any possible mask, which may be calculated as three times the number of non-zero bits in the mask argument in the event non-verbose class names are used, and is not trivially predictable for verbose class names. This API should be replaced with a more robust one.