1*b6a05070SChristian Brueffer.\"- 2*b6a05070SChristian Brueffer.\" Copyright (c) 2004-2009 Apple Inc. 3*b6a05070SChristian Brueffer.\" Copyright (c) 2015 Christian Brueffer 4*b6a05070SChristian Brueffer.\" All rights reserved. 5*b6a05070SChristian Brueffer.\" 6*b6a05070SChristian Brueffer.\" Redistribution and use in source and binary forms, with or without 7*b6a05070SChristian Brueffer.\" modification, are permitted provided that the following conditions 8*b6a05070SChristian Brueffer.\" are met: 9*b6a05070SChristian Brueffer.\" 1. Redistributions of source code must retain the above copyright 10*b6a05070SChristian Brueffer.\" notice, this list of conditions and the following disclaimer. 11*b6a05070SChristian Brueffer.\" 2. Redistributions in binary form must reproduce the above copyright 12*b6a05070SChristian Brueffer.\" notice, this list of conditions and the following disclaimer in the 13*b6a05070SChristian Brueffer.\" documentation and/or other materials provided with the distribution. 14*b6a05070SChristian Brueffer.\" 3. Neither the name of the author nor the names of 15*b6a05070SChristian Brueffer.\" its contributors may be used to endorse or promote products derived 16*b6a05070SChristian Brueffer.\" from this software without specific prior written permission. 17*b6a05070SChristian Brueffer.\" 18*b6a05070SChristian Brueffer.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19*b6a05070SChristian Brueffer.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20*b6a05070SChristian Brueffer.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21*b6a05070SChristian Brueffer.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22*b6a05070SChristian Brueffer.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23*b6a05070SChristian Brueffer.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24*b6a05070SChristian Brueffer.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25*b6a05070SChristian Brueffer.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26*b6a05070SChristian Brueffer.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27*b6a05070SChristian Brueffer.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28*b6a05070SChristian Brueffer.\" SUCH DAMAGE. 29*b6a05070SChristian Brueffer.\" 30*b6a05070SChristian Brueffer.Dd July 29, 2015 31*b6a05070SChristian Brueffer.Dt AU_NOTIFY 3 32*b6a05070SChristian Brueffer.Os 33*b6a05070SChristian Brueffer.Sh NAME 34*b6a05070SChristian Brueffer.Nm au_get_state , 35*b6a05070SChristian Brueffer.Nm au_notify_initialize , 36*b6a05070SChristian Brueffer.Nm au_notify_terminate 37*b6a05070SChristian Brueffer.Nd "audit event notification" 38*b6a05070SChristian Brueffer.Sh LIBRARY 39*b6a05070SChristian Brueffer.Lb libbsm 40*b6a05070SChristian Brueffer.Sh SYNOPSIS 41*b6a05070SChristian Brueffer.In bsm/libbsm.h 42*b6a05070SChristian Brueffer.Ft int 43*b6a05070SChristian Brueffer.Fn au_get_state "void" 44*b6a05070SChristian Brueffer.Ft uint32_t 45*b6a05070SChristian Brueffer.Fn au_notify_initialize "void" 46*b6a05070SChristian Brueffer.Ft int 47*b6a05070SChristian Brueffer.Fn au_notify_terminate "void" 48*b6a05070SChristian Brueffer.Sh DESCRIPTION 49*b6a05070SChristian BruefferThe 50*b6a05070SChristian Brueffer.Nm au_notify 51*b6a05070SChristian Bruefferaudit notification API tracks audit state in a form permitting efficient 52*b6a05070SChristian Bruefferupdate, avoiding frequent system calls to check the kernel audit state. 53*b6a05070SChristian BruefferIt is implemented only for Darwin/Mac OS X. 54*b6a05070SChristian Brueffer.Pp 55*b6a05070SChristian BruefferThe 56*b6a05070SChristian Brueffer.Fn au_get_state 57*b6a05070SChristian Bruefferfunction provides a lightweight way to check whether or not auditing is 58*b6a05070SChristian Bruefferenabled. 59*b6a05070SChristian BruefferIf a client wants to use this function to determine whether an entire 60*b6a05070SChristian Bruefferseries of audit calls should be made -- as in the common case of a caller 61*b6a05070SChristian Bruefferbuilding a set of tokens, then writing them -- it should cache the audit 62*b6a05070SChristian Bruefferstatus in a local variable. 63*b6a05070SChristian BruefferThis function always returns the current state of auditing. 64*b6a05070SChristian BruefferIf audit notification has not already been initialized by calling 65*b6a05070SChristian Brueffer.Fn au_notify_initialize 66*b6a05070SChristian Bruefferit will be automatically initialized on the first call of 67*b6a05070SChristian Bruefferthis function. 68*b6a05070SChristian Brueffer.Pp 69*b6a05070SChristian BruefferThe 70*b6a05070SChristian Brueffer.Fn au_notify_initialize 71*b6a05070SChristian Bruefferfunction initializes audit notification. 72*b6a05070SChristian Brueffer.Pp 73*b6a05070SChristian BruefferThe 74*b6a05070SChristian Brueffer.Fn au_notify_terminate 75*b6a05070SChristian Bruefferfunction cancels audit notification and frees the resources associated with it. 76*b6a05070SChristian BruefferResponsible code that no longer needs to use 77*b6a05070SChristian Brueffer.Fn au_get_state 78*b6a05070SChristian Brueffershould call this function. 79*b6a05070SChristian Brueffer.Sh RETURN VALUES 80*b6a05070SChristian BruefferIf no error occurred the 81*b6a05070SChristian Brueffer.Fn au_get_state 82*b6a05070SChristian Bruefferfunction returns 83*b6a05070SChristian Brueffer.Dv AUC_NOAUDIT 84*b6a05070SChristian Bruefferif auditing is disabled or suspended, and 85*b6a05070SChristian Brueffer.Dv AUC_AUDITING 86*b6a05070SChristian Bruefferif auditing is enabled and active. 87*b6a05070SChristian BruefferOtherwise, the function can return any of the errno values defined for 88*b6a05070SChristian Brueffer.Xr setaudit 2 , 89*b6a05070SChristian Bruefferor 90*b6a05070SChristian Brueffer.Dv AU_UNIMPL 91*b6a05070SChristian Bruefferif audit does not appear to be supported by the system. 92*b6a05070SChristian Brueffer.Pp 93*b6a05070SChristian BruefferThe 94*b6a05070SChristian Brueffer.Fn au_notify_initialize 95*b6a05070SChristian Bruefferfunction returns 0 on success, 96*b6a05070SChristian Brueffer.Dv AU_UNIMPL 97*b6a05070SChristian Bruefferif audit does not appear to be supported by the system, 98*b6a05070SChristian Bruefferor one of the status codes defined in 99*b6a05070SChristian Brueffer.In notify.h 100*b6a05070SChristian Bruefferon Mac OS X to indicate the error. 101*b6a05070SChristian Brueffer.Pp 102*b6a05070SChristian BruefferThe 103*b6a05070SChristian Brueffer.Fn au_notify_terminate 104*b6a05070SChristian Bruefferfunction returns 0 on success, or \-1 on failure. 105*b6a05070SChristian Brueffer.Sh SEE ALSO 106*b6a05070SChristian Brueffer.Xr libbsm 3 , 107*b6a05070SChristian Brueffer.Xr notify 3 (Mac OS X) 108*b6a05070SChristian Brueffer.Sh HISTORY 109*b6a05070SChristian BruefferThe OpenBSM implementation was created by McAfee Research, the security 110*b6a05070SChristian Bruefferdivision of McAfee Inc., under contract to Apple Computer, Inc., in 2004. 111*b6a05070SChristian BruefferIt was subsequently adopted by the TrustedBSD Project as the foundation for 112*b6a05070SChristian Bruefferthe OpenBSM distribution. 113*b6a05070SChristian Brueffer.Sh AUTHORS 114*b6a05070SChristian BruefferThis software was created by 115*b6a05070SChristian Brueffer.An Apple Computer, Inc . 116*b6a05070SChristian Brueffer.Pp 117*b6a05070SChristian BruefferThe Basic Security Module (BSM) interface to audit records and audit event 118*b6a05070SChristian Bruefferstream format were defined by Sun Microsystems. 119