xref: /freebsd/contrib/openbsm/man/audit.log.5 (revision 742561f0d7f17fb93b895617da2bc1770f43d101)
1ca0716f5SRobert Watson.\"-
2ca0716f5SRobert Watson.\" Copyright (c) 2005 Robert N. M. Watson
3ca0716f5SRobert Watson.\" All rights reserved.
4ca0716f5SRobert Watson.\"
5ca0716f5SRobert Watson.\" Redistribution and use in source and binary forms, with or without
6ca0716f5SRobert Watson.\" modification, are permitted provided that the following conditions
7ca0716f5SRobert Watson.\" are met:
8ca0716f5SRobert Watson.\" 1. Redistributions of source code must retain the above copyright
9ca0716f5SRobert Watson.\"    notice, this list of conditions and the following disclaimer.
10ca0716f5SRobert Watson.\" 2. Redistributions in binary form must reproduce the above copyright
11ca0716f5SRobert Watson.\"    notice, this list of conditions and the following disclaimer in the
12ca0716f5SRobert Watson.\"    documentation and/or other materials provided with the distribution.
13ca0716f5SRobert Watson.\"
14ca0716f5SRobert Watson.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15ca0716f5SRobert Watson.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16ca0716f5SRobert Watson.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17ca0716f5SRobert Watson.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18ca0716f5SRobert Watson.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19ca0716f5SRobert Watson.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20ca0716f5SRobert Watson.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21ca0716f5SRobert Watson.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22ca0716f5SRobert Watson.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23ca0716f5SRobert Watson.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24ca0716f5SRobert Watson.\" SUCH DAMAGE.
25ca0716f5SRobert Watson.\"
26742561f0SRobert Watson.\" $P4: //depot/projects/trustedbsd/openbsm/man/audit.log.5#7 $
27ca0716f5SRobert Watson.\"
28ca0716f5SRobert Watson.Dd May 1, 2005
29ca0716f5SRobert Watson.Dt AUDIT.LOG 5
30ca0716f5SRobert Watson.Os
31ca0716f5SRobert Watson.Sh NAME
32ca0716f5SRobert Watson.Nm audit
33ca0716f5SRobert Watson.Nd "Basic Security Module (BSM) File Format"
34ca0716f5SRobert Watson.Sh DESCRIPTION
35ca0716f5SRobert WatsonThe
36ca0716f5SRobert Watson.Nm
37ca0716f5SRobert Watsonfile format is based on Sun's Basic Security Module (BSM) file format, a
38ca0716f5SRobert Watsontoken-based record stream to represent system audit data.
39ca0716f5SRobert WatsonThis file format is both flexible and extensible, able to describe a broad
40ca0716f5SRobert Watsonrange of data types, and easily extended to describe new data types in a
41ca0716f5SRobert Watsonmoderately backward and forward compatible way.
42ca0716f5SRobert Watson.Pp
43ca0716f5SRobert WatsonBSM token streams typically begin and end with a
44ca0716f5SRobert Watson.Dv file
45ca0716f5SRobert Watsontoken, which provides time stamp and file name information for the stream;
46ca0716f5SRobert Watsonwhen processing a BSM token stream from a stream as opposed to a single file
47ca0716f5SRobert Watsonsource, file tokens may be seen at any point between ordinary records
48ca0716f5SRobert Watsonidentifying when particular parts of the stream begin and end.
49ca0716f5SRobert WatsonAll other tokens will appear in the context of a complete BSM audit record,
50ca0716f5SRobert Watsonwhich begins with a
51ca0716f5SRobert Watson.Dv header
52ca0716f5SRobert Watsontoken, and ends with a
53ca0716f5SRobert Watson.Dv trailer
54ca0716f5SRobert Watsontoken, which describe the audit record.
55ca0716f5SRobert WatsonBetween these two tokens will appear a variety of data tokens, such as
56ca0716f5SRobert Watsonprocess information, file path names, IPC object information, MAC labels,
57ca0716f5SRobert Watsonsocket information, and so on.
58ca0716f5SRobert Watson.Pp
59ca0716f5SRobert WatsonThe BSM file format defines specific token orders for each record event type;
60ca0716f5SRobert Watsonhowever, some variation may occur depending on the operating system in use,
61ca0716f5SRobert Watsonwhat system options, such as mandatory access control, are present.
62ca0716f5SRobert Watson.Pp
63ca0716f5SRobert WatsonThis manual page documents the common token types and their binary format, and
64ca0716f5SRobert Watsonis intended for reference purposes only.
65ca0716f5SRobert WatsonIt is recommended that application programmers use the
66ca0716f5SRobert Watson.Xr libbsm 3
67ca0716f5SRobert Watsoninterface to read and write tokens, rather than parsing or constructing
68ca0716f5SRobert Watsonrecords by hand.
69ca0716f5SRobert Watson.Ss File Token
70ca0716f5SRobert WatsonThe
71ca0716f5SRobert Watson.Dv file
72ca0716f5SRobert Watsontoken is used at the beginning and end of an audit log file to indicate
73ca0716f5SRobert Watsonwhen the audit log begins and ends.
74ca0716f5SRobert WatsonIt includes a pathname so that, if concatenated together, original file
75ca0716f5SRobert Watsonboundaries are still observable, and gaps in the audit log can be identified.
76ca0716f5SRobert WatsonA
77ca0716f5SRobert Watson.Dv file
78ca0716f5SRobert Watsontoken can be created using
79ca0716f5SRobert Watson.Xr au_to_file 3 .
80ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
81ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
82ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
83ca0716f5SRobert Watson.It Li "Seconds" Ta "4 bytes" Ta "File time stamp"
84ca0716f5SRobert Watson.It Li "Microseconds" Ta "4 bytes" Ta "File time stamp"
85ca0716f5SRobert Watson.It Li "File name lengh" Ta "2 bytes" Ta "File name of audit trail"
86ca0716f5SRobert Watson.It Li "File pathname" Ta "N bytes + 1 nul" Ta "File name of audit trail"
87ca0716f5SRobert Watson.El
88ca0716f5SRobert Watson.Ss Header Token
89ca0716f5SRobert WatsonThe
90ca0716f5SRobert Watson.Dv header
91ca0716f5SRobert Watsontoken is used to mark the beginning of a complete audit record, and includes
92ca0716f5SRobert Watsonthe length of the total record in bytes, a version number for the record
93ca0716f5SRobert Watsonlayout, the event type and subtype, and the time at which the event occurred.
94ca0716f5SRobert WatsonA
95ca0716f5SRobert Watson.Dv header
96ca0716f5SRobert Watsontoken can be created using
97ca0716f5SRobert Watson.Xr au_to_header32 3 .
98ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
99ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
100ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
101ca0716f5SRobert Watson.It Li "Record Byte Count" Ta "4 bytes" Ta "Number of bytes in record"
102ca0716f5SRobert Watson.It Li "Version Number" Ta "2 bytes" Ta "Record version number"
103ca0716f5SRobert Watson.It Li "Event Type" Ta "2 bytes" Ta "Event type"
104ca0716f5SRobert Watson.It Li "Event Modifier" Ta "2 bytes" Ta "Event sub-type"
105ca0716f5SRobert Watson.It Li "Seconds" Ta "4/8 bytes" Ta "Record time stamp (32/64-bits)"
106ca0716f5SRobert Watson.It Li "Nanoseconds" Ta "4/8 byets" Ta "Record time stamp (32/64-bits)"
107ca0716f5SRobert Watson.El
108ca0716f5SRobert Watson.Ss Expanded Header Token
109ca0716f5SRobert WatsonThe
110ca0716f5SRobert Watson.Dv expanded header
111ca0716f5SRobert Watsontoken is an expanded version of the
112ca0716f5SRobert Watson.Dv header
113ca0716f5SRobert Watsontoken, with the addition of a machine IPv4 or IPv6 address.
114ca0716f5SRobert WatsonThe
115ca0716f5SRobert Watson.Xr libbsm 3
116ca0716f5SRobert WatsonAPI cannot currently create an
117ca0716f5SRobert Watson.Dv expanded header
118ca0716f5SRobert Watsontoken.
119ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
120ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
121ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
122ca0716f5SRobert Watson.It Li "Record Byte Count" Ta "4 bytes" Ta "Number of bytes in record"
123ca0716f5SRobert Watson.It Li "Version Number" Ta "2 bytes" Ta "Record version number"
124ca0716f5SRobert Watson.It Li "Event Type" Ta "2 bytes" Ta "Event type"
125ca0716f5SRobert Watson.It Li "Event Modifier" Ta "2 bytes" Ta "Event sub-type"
126ca0716f5SRobert Watson.It Li "Address Type/Length" Ta "1 byte" Ta "Host address type and length"
127ca0716f5SRobert Watson.It Li "Machine Address" Ta "4/16 bytes" Ta "IPv4 or IPv6 address"
128ca0716f5SRobert Watson.It Li "Seconds" Ta "4/8 bytes" Ta "Record time stamp (32/64-bits)"
129ca0716f5SRobert Watson.It Li "Nanoseconds" Ta "4/8 byets" Ta "Record time stamp (32/64-bits)"
130ca0716f5SRobert Watson.El
131ca0716f5SRobert Watson.Ss Trailer Token
132ca0716f5SRobert WatsonThe
133ca0716f5SRobert Watson.Dv trailer
134ca0716f5SRobert Watsonterminates a BSM audit record, and contains a magic number,
135ca0716f5SRobert Watson.Dv TRAILER_PAD_MAGIC
136ca0716f5SRobert Watsonand length that can be used to validate that the record was read properly.
137ca0716f5SRobert WatsonA
138ca0716f5SRobert Watson.Dv trailer
139ca0716f5SRobert Watsontoken can be created using
140ca0716f5SRobert Watson.Xr au_to_trailer 3 .
141ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
142ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
143ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
144ca0716f5SRobert Watson.It Li "Trailer Magic" Ta "2 bytes" Ta "Trailer magic number"
145ca0716f5SRobert Watson.It Li "Record Byte Count" Ta "4 bytes" Ta "Number of bytes in record"
146ca0716f5SRobert Watson.El
147ca0716f5SRobert Watson.Ss Arbitrary Data Token
148ca0716f5SRobert WatsonThe
149ca0716f5SRobert Watson.Dv arbitrary data
150ca0716f5SRobert Watsontoken contains a byte stream of opaque (untyped) data.
151ca0716f5SRobert WatsonThe size of the data is calculated as the size of each unit of data
152ca0716f5SRobert Watsonmultipled by the number of units of data.
153ca0716f5SRobert WatsonA
154ca0716f5SRobert Watson.Dv How to print
155ca0716f5SRobert Watsonfield is present to specify how to print the data, but interpretation of
156ca0716f5SRobert Watsonthat field is not currently defined.
157ca0716f5SRobert WatsonThe
158ca0716f5SRobert Watson.Xr libbsm 3
159ca0716f5SRobert WatsonAPI cannot currently create an
160ca0716f5SRobert Watson.Dv arbitrary data
161ca0716f5SRobert Watsontoken.
162ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
163ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
164ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
165ca0716f5SRobert Watson.It Li "How to Print" Ta "1 byte" Ta "User-defined printing information"
166ca0716f5SRobert Watson.It Li "Basic Unit" Ta "1 byte" Ta "Size of a unit in bytes"
167ca0716f5SRobert Watson.It Li "Unit Count" Ta "1 byte" Ta "Number of units of data present"
168ca0716f5SRobert Watson.It Li "Data Items" Ta "Variable" Ta "User data"
169ca0716f5SRobert Watson.El
170ca0716f5SRobert Watson.Ss in_addr Token
171ca0716f5SRobert WatsonThe
172ca0716f5SRobert Watson.Dv in_addr
173ca0716f5SRobert Watsontoken holds a network byte order IPv4 or IPv6 address.
174ca0716f5SRobert WatsonAn
175ca0716f5SRobert Watson.Dv in_addr
176ca0716f5SRobert Watsontoken can be created using
177ca0716f5SRobert Watson.Xr au_to_in_addr 3
178ca0716f5SRobert Watsonfor an IPv4 address, or
179ca0716f5SRobert Watson.Xr au_to_in_addr_ex 3
180ca0716f5SRobert Watsonfor an IPv6 address.
181ca0716f5SRobert Watson.Pp
182ca0716f5SRobert WatsonSee the BUGS section for information on the storage of this token.
183ca0716f5SRobert Watson.Pp
184ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
185ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
186ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
187ca0716f5SRobert Watson.It Li "IP Address Type" Ta "1 byte" Ta "Type of address"
188ca0716f5SRobert Watson.It Li "IP Address" Ta "4/16 bytes" Ta "IPv4 or IPv6 address"
189ca0716f5SRobert Watson.El
190ca0716f5SRobert Watson.Ss Expanded in_addr Token
191ca0716f5SRobert WatsonThe
192ca0716f5SRobert Watson.Dv expanded in_addr
193ca0716f5SRobert Watsontoken ...
194ca0716f5SRobert Watson.Pp
195ca0716f5SRobert WatsonSee the BUGS section for information on the storage of this token.
196ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
197ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
198ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
199ca0716f5SRobert Watson.It XXXX
200ca0716f5SRobert Watson.El
201ca0716f5SRobert Watson.Ss ip Token
202ca0716f5SRobert WatsonThe
203ca0716f5SRobert Watson.Dv ip
204ca0716f5SRobert Watsontoken contains an IP packet header in network byte order.
205ca0716f5SRobert WatsonAn
206ca0716f5SRobert Watson.Dv ip
207ca0716f5SRobert Watsontoken can be cread using
208ca0716f5SRobert Watson.Xr au_to_ip 3 .
209ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
210ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
211ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
212ca0716f5SRobert Watson.It Li "Version and IHL" Ta "1 byte" Ta "Version and IP header length"
213ca0716f5SRobert Watson.It Li "Type of Service" Ta "1 byte" Ta "IP TOS field"
214ca0716f5SRobert Watson.It Li "Length" Ta "2 bytes" Ta "IP packet length in network byte order"
215ca0716f5SRobert Watson.It Li "ID" Ta "2 bytes" Ta "IP header ID for reassembly"
216ca0716f5SRobert Watson.It Li "Offset" Ta "2 bytes" Ta "IP fragment offset and flags, network byte order"
217ca0716f5SRobert Watson.It Li "TTL" Ta "1 byte" Ta "IP Time-to-Live"
218ca0716f5SRobert Watson.It Li "Protocol" Ta "1 byte" Ta "IP protocol number"
219ca0716f5SRobert Watson.It Li "Checksum" Ta "2 bytes" Ta "IP header checksum, network byte order"
220ca0716f5SRobert Watson.It Li "Source Address" Ta "4 bytes" Ta "IPv4 source address"
221ca0716f5SRobert Watson.It Li "Desintation Address" Ta "4 bytes" Ta "IPv4 destination address"
222ca0716f5SRobert Watson.El
223ca0716f5SRobert Watson.Ss Expanded ip Token
224ca0716f5SRobert WatsonThe
225ca0716f5SRobert Watson.Dv expanded ip
226ca0716f5SRobert Watsontoken ...
227ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
228ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
229ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
230ca0716f5SRobert Watson.It XXXX
231ca0716f5SRobert Watson.El
232ca0716f5SRobert Watson.Ss iport Token
233ca0716f5SRobert WatsonThe
234ca0716f5SRobert Watson.Dv iport
235ca0716f5SRobert Watsontoken stores an IP port number in network byte order.
236ca0716f5SRobert WatsonAn
237ca0716f5SRobert Watson.Dv iport
238ca0716f5SRobert Watsontoken can be created using
239ca0716f5SRobert Watson.Xr au_to_iport 3 .
240ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
241ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
242ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
243ca0716f5SRobert Watson.It Li "Port Number" Ta "2 bytes" Ta "Port number in network byte order"
244ca0716f5SRobert Watson.El
245ca0716f5SRobert Watson.Ss Path Token
246ca0716f5SRobert WatsonThe
247ca0716f5SRobert Watson.Dv path
248ca0716f5SRobert Watsontoken contains a pathname.
249ca0716f5SRobert WatsonA
250ca0716f5SRobert Watson.Dv path
251ca0716f5SRobert Watsontoken can be created using
252ca0716f5SRobert Watson.Xr auto_path 3 .
253ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
254ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
255ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
256ca0716f5SRobert Watson.It Li "Path Length" Ta "2 bytes" Ta "Length of path in bytes"
257ca0716f5SRobert Watson.It Li "Path" Ta "N bytes + 1 nul" Ta "Path name"
258ca0716f5SRobert Watson.El
259ca0716f5SRobert Watson.Ss path_attr Token
260ca0716f5SRobert WatsonThe
261ca0716f5SRobert Watson.Dv path_attr
262ca0716f5SRobert Watsontoken contains a set of nul-terminated path names.
263ca0716f5SRobert WatsonThe
264ca0716f5SRobert Watson.Xr libbsm 3
265ca0716f5SRobert WatsonAPI cannot currently create an
266ca0716f5SRobert Watson.Dv path_attr
267ca0716f5SRobert Watsontoken.
268ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
269ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
270ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
271ca0716f5SRobert Watson.It Li "Count" Ta "2 bytes" Ta "Number of nul-terminated string(s) in token"
272ca0716f5SRobert Watson.It Li "Path" Ta "Variable" Ta "count nul-terminated string(s)"
273ca0716f5SRobert Watson.El
274ca0716f5SRobert Watson.Ss Process Token
275ca0716f5SRobert WatsonThe
276ca0716f5SRobert Watson.Dv process
277ca0716f5SRobert Watsontoken contains a description of the security properties of a process
278ca0716f5SRobert Watsoninvolved as the target of an auditable event, such as the destination for
279ca0716f5SRobert Watsonsignal delivery.
280ca0716f5SRobert WatsonIt should not be confused with the
281ca0716f5SRobert Watson.Dv subject
282ca0716f5SRobert Watsontoken, which describes the subject performing an auditable event.
283ca0716f5SRobert WatsonThis includes both the traditional
284ca0716f5SRobert Watson.Ux
285ca0716f5SRobert Watsonsecurity properties, such as user IDs and group IDs, but also audit
286ca0716f5SRobert Watsoninformation such as the audit user ID and sesion.
287ca0716f5SRobert WatsonA
288ca0716f5SRobert Watson.Dv process
289ca0716f5SRobert Watsontoken can be created using
290ca0716f5SRobert Watson.Xr au_to_process32 3
291ca0716f5SRobert Watsonor
292ca0716f5SRobert Watson.Xr au_to_process64 3 .
293ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
294ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
295ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
296ca0716f5SRobert Watson.It Li "Audit ID" Ta "4 bytes" Ta "Audit user ID"
297ca0716f5SRobert Watson.It Li "Effective User ID" Ta "4 bytes" Ta "Effective user ID"
298ca0716f5SRobert Watson.It Li "Effective Group ID "Ta "4 bytes" Ta "Effective group ID"
299ca0716f5SRobert Watson.It Li "Real User ID" Ta "4 bytes" Ta "Real user ID"
300ca0716f5SRobert Watson.It Li "Real Group ID" Ta "4 bytes" Ta "Real group ID"
301ca0716f5SRobert Watson.It Li "Process ID" Ta "4 bytes" Ta "Process ID"
302ca0716f5SRobert Watson.It Li "Session ID" Ta "4 bytes" Ta "Audit session ID"
303ca0716f5SRobert Watson.It Li "Terminal Port ID" Ta "4/8 bytes" Ta "Terminal port ID (32/64-bits)"
304ca0716f5SRobert Watson.It Li "Terminal Machine Address" Ta "4 bytes" Ta "IP address of machine"
305ca0716f5SRobert Watson.El
306ca0716f5SRobert Watson.Ss Expanded Process Token
307742561f0SRobert WatsonThe
308742561f0SRobert Watson.Dv expanded process
309ca0716f5SRobert Watsontoken contains the contents of the
310ca0716f5SRobert Watson.Dv process
311ca0716f5SRobert Watsontoken, with the addition of a machine address type and variable length
312ca0716f5SRobert Watsonaddress storage capable of containing IPv6 addresses.
313ca0716f5SRobert WatsonA
314ca0716f5SRobert Watson.Dv expanded process
315ca0716f5SRobert Watsontoken can be created using
316ca0716f5SRobert Watson.Xr au_to_process32_ex 3
317ca0716f5SRobert Watsonor
318ca0716f5SRobert Watson.Xr au_to_process64 3 .
319ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
320ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
321ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
322ca0716f5SRobert Watson.It Li "Audit ID" Ta "4 bytes" Ta "Audit user ID"
323ca0716f5SRobert Watson.It Li "Effective User ID" Ta "4 bytes" Ta "Effective user ID"
324ca0716f5SRobert Watson.It Li "Effective Group ID "Ta "4 bytes" Ta "Effective group ID"
325ca0716f5SRobert Watson.It Li "Real User ID" Ta "4 bytes" Ta "Real user ID"
326ca0716f5SRobert Watson.It Li "Real Group ID" Ta "4 bytes" Ta "Real group ID"
327ca0716f5SRobert Watson.It Li "Process ID" Ta "4 bytes" Ta "Process ID"
328ca0716f5SRobert Watson.It Li "Session ID" Ta "4 bytes" Ta "Audit session ID"
329ca0716f5SRobert Watson.It Li "Terminal Port ID" Ta "4/8 bytes" Ta "Terminal port ID (32/64-bits)"
330ca0716f5SRobert Watson.It Li "Terminal Address Type/Length" Ta "1 byte" "Length of machine address"
331ca0716f5SRobert Watson.It Li "Terminal Machine Address" Ta "4 bytes" Ta "IPv4 or IPv6 address of machine"
332ca0716f5SRobert Watson.El
333ca0716f5SRobert Watson.Ss Return Token
334ca0716f5SRobert WatsonThe
335ca0716f5SRobert Watson.Dv return
336ca0716f5SRobert Watsontoken contains a system call or library function return condition, including
337ca0716f5SRobert Watsonreturn value and error number associated with the global variable
338ca0716f5SRobert Watson.Er errno .
339ca0716f5SRobert WatsonA
340ca0716f5SRobert Watson.Dv return
341ca0716f5SRobert Watsontoken can be created using
342ca0716f5SRobert Watson.Xr au_to_return32 3
343ca0716f5SRobert Watsonor
344ca0716f5SRobert Watson.Xr au_to_return64 3 .
345ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
346ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
347ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
348ca0716f5SRobert Watson.It Li "Error Number" Ta "1 byte" Ta "Errno value, or 0 if undefined"
349ca0716f5SRobert Watson.It Li "Return Value" Ta "4/8 bytes" Ta "Return value (32/64-bits)"
350ca0716f5SRobert Watson.El
351ca0716f5SRobert Watson.Ss Subject Token
352ca0716f5SRobert WatsonThe
353ca0716f5SRobert Watson.Dv subject
354ca0716f5SRobert Watsontoken contains information on the subject performing the operation described
355ca0716f5SRobert Watsonby an audit record, and includes similar information to that found in the
356ca0716f5SRobert Watson.Dv process
357ca0716f5SRobert Watsonand
358ca0716f5SRobert Watson.Dv expanded process
359ca0716f5SRobert Watsontokens.
360ca0716f5SRobert WatsonHowever, those tokens are used where the process being described is the
361ca0716f5SRobert Watsontarget of the operation, not the authorizing party.
362ca0716f5SRobert WatsonA
363ca0716f5SRobert Watson.Dv subject
364ca0716f5SRobert Watsontoken can be created using
365ca0716f5SRobert Watson.Xr au_to_subject32 3
366ca0716f5SRobert Watsonand
367ca0716f5SRobert Watson.Xr au_to_subject64 3 .
368ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
369ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
370ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
371ca0716f5SRobert Watson.It Li "Audit ID" Ta "4 bytes" Ta "Audit user ID"
372ca0716f5SRobert Watson.It Li "Effective User ID" Ta "4 bytes" Ta "Effective user ID"
373ca0716f5SRobert Watson.It Li "Effective Group ID "Ta "4 bytes" Ta "Effective group ID"
374ca0716f5SRobert Watson.It Li "Real User ID" Ta "4 bytes" Ta "Real user ID"
375ca0716f5SRobert Watson.It Li "Real Group ID" Ta "4 bytes" Ta "Real group ID"
376ca0716f5SRobert Watson.It Li "Process ID" Ta "4 bytes" Ta "Process ID"
377ca0716f5SRobert Watson.It Li "Session ID" Ta "4 bytes" Ta "Audit session ID"
378ca0716f5SRobert Watson.It Li "Terminal Port ID" Ta "4/8 bytes" Ta "Terminal port ID (32/64-bits)"
379ca0716f5SRobert Watson.It Li "Terminal Machine Address" Ta "4 bytes" Ta "IP address of machine"
380ca0716f5SRobert Watson.El
381ca0716f5SRobert Watson.Ss Expanded Subject Token
382ca0716f5SRobert WatsonThe
383ca0716f5SRobert Watson.Dv expanded subject
384ca0716f5SRobert Watsontoken consists of the same elements as the
385ca0716f5SRobert Watson.Dv subject
386ca0716f5SRobert Watsontoken, with the addition of type/length and variable size machine address
387ca0716f5SRobert Watsoninformation in the terminal ID.
388ca0716f5SRobert WatsonA
389ca0716f5SRobert Watson.Dv expanded subject
390ca0716f5SRobert Watsontoken can be created using
391ca0716f5SRobert Watson.Xr au_to_subject32_ex 3
392ca0716f5SRobert Watsonor
393ca0716f5SRobert Watson.Xr au_to_subject64_ex 3 .
394ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
395ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
396ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
397ca0716f5SRobert Watson.It Li "Audit ID" Ta "4 bytes" Ta "Audit user ID"
398ca0716f5SRobert Watson.It Li "Effective User ID" Ta "4 bytes" Ta "Effective user ID"
399ca0716f5SRobert Watson.It Li "Effective Group ID "Ta "4 bytes" Ta "Effective group ID"
400ca0716f5SRobert Watson.It Li "Real User ID" Ta "4 bytes" Ta "Real user ID"
401ca0716f5SRobert Watson.It Li "Real Group ID" Ta "4 bytes" Ta "Real group ID"
402ca0716f5SRobert Watson.It Li "Process ID" Ta "4 bytes" Ta "Process ID"
403ca0716f5SRobert Watson.It Li "Session ID" Ta "4 bytes" Ta "Audit session ID"
404ca0716f5SRobert Watson.It Li "Terminal Port ID" Ta "4/8 bytes" Ta "Terminal port ID (32/64-bits)"
405ca0716f5SRobert Watson.It Li "Terminal Address Type/Length" Ta "1 byte" "Length of machine address"
406ca0716f5SRobert Watson.It Li "Terminal Machine Address" Ta "4 bytes" Ta "IPv4 or IPv6 address of machine"
407ca0716f5SRobert Watson.El
408ca0716f5SRobert Watson.Ss System V IPC Token
409ca0716f5SRobert WatsonThe
410ca0716f5SRobert Watson.Dv System V IPC
411ca0716f5SRobert Watsontoken ...
412ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
413ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
414ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
415742561f0SRobert Watson.It Li "object ID type" Ta "1 byte" Ta "Object ID"
416742561f0SRobert Watson.It Li "Object ID" Ta "4 bytes" Ta "Object ID"
417ca0716f5SRobert Watson.El
418ca0716f5SRobert Watson.Ss Text Token
419ca0716f5SRobert WatsonThe
420ca0716f5SRobert Watson.Dv text
421ca0716f5SRobert Watsontoken contains a single nul-terminated text string.
422ca0716f5SRobert WatsonA
423ca0716f5SRobert Watson.Dv text
424ca0716f5SRobert Watsontoken may be created using
425ca0716f5SRobert Watson.Xr au_to_text 3 .
426ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
427ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
428ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
429ca0716f5SRobert Watson.It Li "Text Length" Ta "2 bytes" Ta "Length of text string including nul"
430ca0716f5SRobert Watson.It Li "Text" Ta "N bytes + 1 nul" Ta "Text string including nul"
431ca0716f5SRobert Watson.El
432ca0716f5SRobert Watson.Ss Attribute Token
433ca0716f5SRobert WatsonThe
434ca0716f5SRobert Watson.Dv attribute
435ca0716f5SRobert Watsontoken describes the attributes of a file associated with the audit event.
436ca0716f5SRobert WatsonAs files may be identified by 0, 1, or many path names, a path name is not
437ca0716f5SRobert Watsonincluded with the attribute block for a file; optional
438ca0716f5SRobert Watson.Dv path
439ca0716f5SRobert Watsontokens may also be present in an audit record indicating which path, if any,
440ca0716f5SRobert Watsonwas used to reach the object.
441ca0716f5SRobert WatsonA
442ca0716f5SRobert Watson.Dv attribute
443ca0716f5SRobert Watsontoken can be created using
444ca0716f5SRobert Watson.Xr au_to_attr32 3
445ca0716f5SRobert Watsonor
446ca0716f5SRobert Watson.Xr au_to_attr64 3 .
447ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
448ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
449ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
450ca0716f5SRobert Watson.It Li "File Access Mode" Ta "1 byte" Ta "mode_t associated with file"
451ca0716f5SRobert Watson.It Li "Owner User ID" Ta "4 bytes" Ta "uid_t associated with file"
452ca0716f5SRobert Watson.It Li "Owner Group ID" Ta "4 bytes" Ta "gid_t associated with file"
453ca0716f5SRobert Watson.It Li "File System ID" Ta "4 bytes" Ta "fsid_t associated with file"
454ca0716f5SRobert Watson.It Li "File System Node ID" Ta "8 bytes" Ta "ino_t associated with file"
455ca0716f5SRobert Watson.It Li "Device" Ta "4/8 bytes" Ta "Device major/minor number (32/64-bit)"
456ca0716f5SRobert Watson.El
457ca0716f5SRobert Watson.Ss Groups Token
458ca0716f5SRobert WatsonThe
459ca0716f5SRobert Watson.Dv groups
460ca0716f5SRobert Watsontoken contains a list of group IDs associated with the audit event.
461ca0716f5SRobert WatsonA
462ca0716f5SRobert Watson.Dv groups
463ca0716f5SRobert Watsontoken can be created using
464ca0716f5SRobert Watson.Xr au_to_groups 3 .
465ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
466ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
467ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
468ca0716f5SRobert Watson.It Li "Number of Groups" Ta "2 bytes" Ta "Number of groups in token"
469ca0716f5SRobert Watson.It Li "Group List" Ta "N * 4 bytes" Ta "List of N group IDs"
470ca0716f5SRobert Watson.El
471ca0716f5SRobert Watson.Ss System V IPC Permission Token
472ca0716f5SRobert WatsonThe
473ca0716f5SRobert Watson.Dv System V IPC permission
474ca0716f5SRobert Watsontoken ...
475ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
476ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
477ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
478ca0716f5SRobert Watson.It Li XXXXX
479ca0716f5SRobert Watson.El
480ca0716f5SRobert Watson.Ss Arg Token
481ca0716f5SRobert WatsonThe
482ca0716f5SRobert Watson.Dv arg
483ca0716f5SRobert Watsontoken ...
484ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
485ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
486ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
487ca0716f5SRobert Watson.It Li XXXXX
488ca0716f5SRobert Watson.El
489ca0716f5SRobert Watson.Ss exec_args Token
490ca0716f5SRobert WatsonThe
491ca0716f5SRobert Watson.Dv exec_args
492ca0716f5SRobert Watsontoken ...
493ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
494ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
495ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
496ca0716f5SRobert Watson.It Li XXXXX
497ca0716f5SRobert Watson.El
498ca0716f5SRobert Watson.Ss exec_env Token
499ca0716f5SRobert WatsonThe
500ca0716f5SRobert Watson.Dv exec_env
501ca0716f5SRobert Watsontoken ...
502ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
503ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
504ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
505ca0716f5SRobert Watson.It Li XXXXX
506ca0716f5SRobert Watson.El
507ca0716f5SRobert Watson.Ss Exit Token
508ca0716f5SRobert WatsonThe
509ca0716f5SRobert Watson.Dv exit
510ca0716f5SRobert Watsontoken contains process exit/return code information.
511ca0716f5SRobert WatsonAn
512ca0716f5SRobert Watson.Dv exit
513ca0716f5SRobert Watsontoken can be created using
514ca0716f5SRobert Watson.Xr au_to_exit 3 .
515ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
516ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
517ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
518ca0716f5SRobert Watson.It Li "Status" Ta "4 bytes" Ta "Process status on exit"
519ca0716f5SRobert Watson.It Li "Return Value" ta "4 bytes" Ta "Process return value on exit"
520ca0716f5SRobert Watson.El
521ca0716f5SRobert Watson.Ss Socket Token
522ca0716f5SRobert WatsonThe
523ca0716f5SRobert Watson.Dv socket
524ca0716f5SRobert Watsontoken ...
525ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
526ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
527ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
528ca0716f5SRobert Watson.It Li XXXXX
529ca0716f5SRobert Watson.El
530ca0716f5SRobert Watson.Ss Expanded Socket Token
531ca0716f5SRobert WatsonThe
532ca0716f5SRobert Watson.Dv expanded socket
533ca0716f5SRobert Watsontoken ...
534ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
535ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
536ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
537ca0716f5SRobert Watson.It Li XXXXX
538ca0716f5SRobert Watson.El
539ca0716f5SRobert Watson.Ss Seq Token
540ca0716f5SRobert WatsonThe
541ca0716f5SRobert Watson.Dv seq
542ca0716f5SRobert Watsontoken contains a unique and monotonically increasing audit event sequence ID.
543ca0716f5SRobert WatsonDue to the limited range of 32 bits, serial number arithmetic and caution
544ca0716f5SRobert Watsonshould be used when comparing sequence numbers.
545ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
546ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
547ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
548ca0716f5SRobert Watson.It Li "Sequence Number" Ta "4 bytes" Ta "Audit event sequence number"
549ca0716f5SRobert Watson.El
550ca0716f5SRobert Watson.Ss privilege Token
551ca0716f5SRobert WatsonThe
552ca0716f5SRobert Watson.Dv privilege
553ca0716f5SRobert Watsontoken ...
554ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
555ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
556ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
557ca0716f5SRobert Watson.It Li XXXXX
558ca0716f5SRobert Watson.El
559ca0716f5SRobert Watson.Ss Use-of-auth Token
560ca0716f5SRobert WatsonThe
561ca0716f5SRobert Watson.Dv use-of-auth
562ca0716f5SRobert Watsontoken ...
563ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
564ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
565ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
566ca0716f5SRobert Watson.It Li XXXXX
567ca0716f5SRobert Watson.El
568ca0716f5SRobert Watson.Ss Command Token
569ca0716f5SRobert WatsonThe
570ca0716f5SRobert Watson.Dv command
571ca0716f5SRobert Watsontoken ...
572ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
573ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
574ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
575ca0716f5SRobert Watson.It Li XXXXX
576ca0716f5SRobert Watson.El
577ca0716f5SRobert Watson.Ss ACL Token
578ca0716f5SRobert WatsonThe
579ca0716f5SRobert Watson.Dv ACL
580ca0716f5SRobert Watsontoken ...
581ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
582ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
583ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
584ca0716f5SRobert Watson.It Li XXXXX
585ca0716f5SRobert Watson.El
586ca0716f5SRobert Watson.Ss Zonename Token
587ca0716f5SRobert WatsonThe
588ca0716f5SRobert Watson.Dv zonename
589ca0716f5SRobert Watsontoken ...
590ca0716f5SRobert Watson.Bl -column -offset ind ".Sy Field Name Width XX" ".Sy XX Bytes XXXX" ".Sy Description"
591ca0716f5SRobert Watson.It Sy "Field" Ta Sy Bytes Ta Sy Description
592ca0716f5SRobert Watson.It Li "Token ID" Ta "1 byte" Ta "Token ID"
593ca0716f5SRobert Watson.It Li XXXXX
594ca0716f5SRobert Watson.El
595ca0716f5SRobert Watson.Sh SEE ALSO
596742561f0SRobert Watson.Xr audit 8,
597ca0716f5SRobert Watson.Xr libbsm 3
598ca0716f5SRobert Watson.Sh AUTHORS
599ca0716f5SRobert WatsonThe Basic Security Module (BSM) interface to audit records and audit event
600ca0716f5SRobert Watsonstream format were defined by Sun Microsystems.
601ca0716f5SRobert Watson.Pp
602ca0716f5SRobert WatsonThis manual page was written by
603ca0716f5SRobert Watson.An Robert Watson Aq rwatson@FreeBSD.org .
604ca0716f5SRobert Watson.Sh HISTORY
605ca0716f5SRobert WatsonThe OpenBSM implementation was created by McAfee Research, the security
606ca0716f5SRobert Watsondivision of McAfee Inc., under contract to Apple Computer Inc. in 2004.
607ca0716f5SRobert WatsonIt was subsequently adopted by the TrustedBSD Project as the foundation for
608ca0716f5SRobert Watsonthe OpenBSM distribution.
609ca0716f5SRobert Watson.Sh BUGS
610ca0716f5SRobert WatsonThe
611ca0716f5SRobert Watson.Dv How to print
612ca0716f5SRobert Watsonfield in the
613ca0716f5SRobert Watson.Dv arbitrary data
614ca0716f5SRobert Watsontoken has undefined values.
615ca0716f5SRobert Watson.Pp
616ca0716f5SRobert WatsonThe
617ca0716f5SRobert Watson.Dv in_addr
618ca0716f5SRobert Watsonand
619ca0716f5SRobert Watson.Dv in_addr_ex
620ca0716f5SRobert Watsontoken layout documented here appears to be in conflict with the
621ca0716f5SRobert Watson.Xr libbsm 3
622ca0716f5SRobert Watsonimplementations of
623ca0716f5SRobert Watson.Xr au_to_in_addr 3
624ca0716f5SRobert Watsonand
625ca0716f5SRobert Watson.Xr au_to_in_addr_ex 3 .
626