PERFORCE change 144903 for review
Stacey Son
sson at FreeBSD.org
Tue Jul 8 18:56:02 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=144903
Change 144903 by sson at sson_amd64 on 2008/07/08 18:55:23
Added additional detail concerning API.
Affected files ...
.. //depot/projects/trustedbsd/openbsm/man/setaudit.2#8 edit
Differences ...
==== //depot/projects/trustedbsd/openbsm/man/setaudit.2#8 (text+ko) ====
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $P4: //depot/projects/trustedbsd/openbsm/man/setaudit.2#7 $
+.\" $P4: //depot/projects/trustedbsd/openbsm/man/setaudit.2#8 $
.\"
.Dd April 19, 2005
.Dt SETAUDIT 2
@@ -54,9 +54,113 @@
and
.Fa length .
.Pp
+The
+.Fa auditinfo_t
+data structure is defined as follows:
+.nf
+.in +4n
+
+struct auditinfo {
+ au_id_t ai_auid; /* Audit user ID */
+ au_mask_t ai_mask; /* Audit masks */
+ au_tid_t ai_termid; /* Terminal ID */
+ au_asid_t ai_asid; /* Audit session ID */
+};
+typedef struct auditinfo auditinfo_t;
+.in
+.fi
+.Pp
+The
+.Fa ai_auid
+variable contains the audit identifier which is recorded in the audit log for
+each event the process caused.
+.PP
+
+The
+.Fa au_mask_t
+data structure defines the bit mask for auditing successful and failed events
+out of the predefined list of event classes. It is defined as follows:
+.nf
+.in +4n
+
+struct au_mask {
+ unsigned int am_success; /* success bits */
+ unsigned int am_failure; /* failure bits */
+};
+typedef struct au_mask au_mask_t;
+.in
+.fi
+.PP
+
+The
+.Fa au_termid_t
+data structure defines the Terminal ID recorded with every event caused by the
+process. It is defined as follows:
+.nf
+.in +4n
+
+struct au_tid {
+ dev_t port;
+ u_int32_t machine;
+};
+typedef struct au_tid au_tid_t;
+
+.in
+.fi
+.PP
+The
+.Fa ai_asid
+variable contains the audit session ID which is recorded with every event
+caused by the process.
+.Pp
+The
+.Fn setaudit_addr
+system call
+uses the expanded
+.Fa auditinfo_addr_t
+data structure supports Terminal IDs with larger addresses such as those used
+in IP version 6. It is defined as follows:
+.nf
+.in +4n
+
+struct auditinfo_addr {
+ au_id_t ai_auid; /* Audit user ID. */
+ au_mask_t ai_mask; /* Audit masks. */
+ au_tid_addr_t ai_termid; /* Terminal ID. */
+ au_asid_t ai_asid; /* Audit session ID. */
+};
+typedef struct auditinfo_addr auditinfo_addr_t;
+
+.in
+.fi
+.Pp
+The
+.Fa au_tid_addr_t
+data structure which includes a larger address storage field and an additional
+field with the type of address stored:
+.nf
+.in +4n
+
+struct au_tid_addr {
+ dev_t at_port;
+ u_int32_t at_type;
+ u_int32_t at_addr[4];
+};
+typedef struct au_tid_addr au_tid_addr_t;
+.in
+.fi
+.Pp
These system calls require an appropriate privilege to complete.
.Sh RETURN VALUES
.Rv -std setaudit setaudit_addr
+.Sh ERRORS
+.Bl -tag -width Er
+.It Bq Er EPERM
+The caller does not possess the appropriate privileges.
+.TP
+.It Bq Er EFAULT/EINVAL
+Invalid argument.
+.El
.Sh SEE ALSO
.Xr audit 2 ,
.Xr auditon 2 ,
More information about the p4-projects
mailing list