X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/6d2010ae8f7a6078e10b361c6962983bab233e0f..bb59bff194111743b33cc36712410b5656329d3c:/bsd/man/man2/getaudit.2?ds=sidebyside diff --git a/bsd/man/man2/getaudit.2 b/bsd/man/man2/getaudit.2 index d2895cd33..8966090a6 100644 --- a/bsd/man/man2/getaudit.2 +++ b/bsd/man/man2/getaudit.2 @@ -1,193 +1 @@ -.\" -.\" Copyright (c) 2008-2009 Apple Inc. All rights reserved. -.\" -.\" @APPLE_OSREFERENCE_LICENSE_HEADER_START@ -.\" -.\" This file contains Original Code and/or Modifications of Original Code -.\" as defined in and that are subject to the Apple Public Source License -.\" Version 2.0 (the 'License'). You may not use this file except in -.\" compliance with the License. The rights granted to you under the License -.\" may not be used to create, or enable the creation or redistribution of, -.\" unlawful or unlicensed copies of an Apple operating system, or to -.\" circumvent, violate, or enable the circumvention or violation of, any -.\" terms of an Apple operating system software license agreement. -.\" -.\" Please obtain a copy of the License at -.\" http://www.opensource.apple.com/apsl/ and read it before using this file. -.\" -.\" The Original Code and all software distributed under the License are -.\" distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER -.\" EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, -.\" INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, -.\" FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. -.\" Please see the License for the specific language governing rights and -.\" limitations under the License. -.\" -.\" @APPLE_OSREFERENCE_LICENSE_HEADER_END@ -.\" -.Dd March 6, 2009 -.Dt GETAUDIT 2 -.Os -.Sh NAME -.Nm getaudit , -.Nm getaudit_addr -.Nd "retrieve audit session state" -.Sh SYNOPSIS -.In bsm/audit.h -.Ft int -.Fn getaudit "auditinfo_t *auditinfo" -.Ft int -.Fn getaudit_addr "auditinfo_addr_t *auditinfo_addr" "u_int length" -.Sh DESCRIPTION -The -.Fn getaudit -system call -retrieves the active audit session state for the current process via the -.Vt auditinfo_t -pointed to by -.Fa auditinfo . -The -.Fn getaudit_addr -system call -retrieves extended state via -.Fa auditinfo_addr -and -.Fa length . -.Pp -The -.Fa auditinfo_t -data structure is defined as follows: -.nf -.in +4n -struct auditinfo { - au_id_t ai_auid; /* Audit user ID */ - au_mask_t ai_mask; /* Audit masks */ - au_tid_t ai_termid; /* Terminal ID */ - au_asid_t ai_asid; /* Audit session ID */ -}; -typedef struct auditinfo auditinfo_t; -.in -.fi -.Pp -The -.Fa ai_auid -variable contains the audit identifier which is recorded in the audit log for -each event the process caused. -.Pp -The -.Fa au_mask_t -data structure defines the bit mask for auditing successful and failed events -out of the predefined list of event classes. It is defined as follows: -.nf -.in +4n -struct au_mask { - unsigned int am_success; /* success bits */ - unsigned int am_failure; /* failure bits */ -}; -typedef struct au_mask au_mask_t; -.in -.fi -.Pp -The -.Fa au_termid_t -data structure defines the Terminal ID recorded with every event caused by the -process. It is defined as follows: -.nf -.in +4n -struct au_tid { - dev_t port; - u_int32_t machine; -}; -typedef struct au_tid au_tid_t; -.in -.fi -.Pp -The -.Fa ai_asid -variable contains the audit session ID which is recorded with every event -caused by the process. -.Pp -The -.Fn getaudit_addr -system call -uses the expanded -.Fa auditinfo_addr_t -data structure supports Terminal IDs with larger addresses such as those used -in IP version 6. It is defined as follows: -.nf -.in +4n -struct auditinfo_addr { - au_id_t ai_auid; /* Audit user ID. */ - au_mask_t ai_mask; /* Audit masks. */ - au_tid_addr_t ai_termid; /* Terminal ID. */ - au_asid_t ai_asid; /* Audit session ID. */ - u_int64_t ai_flags; /* Audit session flags. */ -}; -typedef struct auditinfo_addr auditinfo_addr_t; -.in -.fi -.Pp -The -.Fa au_tid_addr_t -data structure which includes a larger address storage field and an additional -field with the type of address stored: -.nf -.in +4n -struct au_tid_addr { - dev_t at_port; - u_int32_t at_type; - u_int32_t at_addr[4]; -}; -typedef struct au_tid_addr au_tid_addr_t; -.in -.fi -.Pp -Without appropriate privilege the audit mask fields will be set to all -ones. -.Sh RETURN VALUES -.Rv -std getaudit getaudit_addr -.Sh ERRORS -The -.Fn getaudit -function will fail if: -.Bl -tag -width Er -.It Bq Er EFAULT -A failure occurred while data transferred to or from -the kernel failed. -.It Bq Er EINVAL -Illegal argument was passed by a system call. -.It Bq Er EOVERFLOW -The -.Fa length -argument indicates an overflow condition will occur. -.It Bq Er ERANGE -The address is too big and, therefore, -.Fn getaudit_addr -should be used instead. -.El -.Sh SEE ALSO -.Xr audit 2 , -.Xr auditon 2 , -.Xr getauid 2 , -.Xr setaudit 2 , -.Xr setauid 2 , -.Xr libbsm 3 -.Sh HISTORY -The OpenBSM implementation was created by McAfee Research, the security -division of McAfee Inc., under contract to Apple Computer Inc.\& in 2004. -It was subsequently adopted by the TrustedBSD Project as the foundation for -the OpenBSM distribution. -.Sh AUTHORS -.An -nosplit -This software was created by McAfee Research, the security research division -of McAfee, Inc., under contract to Apple Computer Inc. -Additional authors include -.An Wayne Salamon , -.An Robert Watson , -and SPARTA Inc. -.Pp -The Basic Security Module (BSM) interface to audit records and audit event -stream format were defined by Sun Microsystems. -.Pp -This manual page was written by -.An Robert Watson Aq rwatson@FreeBSD.org . +.so man2/getaudit_addr.2