summaryrefslogtreecommitdiff
path: root/usr/src/man/man3bsm
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/man/man3bsm')
-rw-r--r--usr/src/man/man3bsm/Makefile155
-rw-r--r--usr/src/man/man3bsm/au_open.3bsm126
-rw-r--r--usr/src/man/man3bsm/au_preselect.3bsm166
-rw-r--r--usr/src/man/man3bsm/au_to.3bsm285
-rw-r--r--usr/src/man/man3bsm/au_user_mask.3bsm103
-rw-r--r--usr/src/man/man3bsm/getacinfo.3bsm212
-rw-r--r--usr/src/man/man3bsm/getauclassent.3bsm155
-rw-r--r--usr/src/man/man3bsm/getauditflags.3bsm82
-rw-r--r--usr/src/man/man3bsm/getauevent.3bsm196
-rw-r--r--usr/src/man/man3bsm/getauusernam.3bsm163
-rw-r--r--usr/src/man/man3bsm/getddent.3bsm132
-rw-r--r--usr/src/man/man3bsm/getfauditflags.3bsm88
12 files changed, 1863 insertions, 0 deletions
diff --git a/usr/src/man/man3bsm/Makefile b/usr/src/man/man3bsm/Makefile
new file mode 100644
index 0000000000..43f496c1be
--- /dev/null
+++ b/usr/src/man/man3bsm/Makefile
@@ -0,0 +1,155 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source. A copy of the CDDL is also available via the Internet
+# at http://www.illumos.org/license/CDDL.
+#
+
+# Copyright 2011, Richard Lowe
+
+include ../../Makefile.master
+
+MANSECT = 3bsm
+
+MANFILES = au_open.3bsm \
+ au_preselect.3bsm \
+ au_to.3bsm \
+ au_user_mask.3bsm \
+ getacinfo.3bsm \
+ getauclassent.3bsm \
+ getauditflags.3bsm \
+ getauevent.3bsm \
+ getauusernam.3bsm \
+ getddent.3bsm \
+ getfauditflags.3bsm
+
+MANSOFILES = au_close.3bsm \
+ au_to_arg.3bsm \
+ au_to_arg32.3bsm \
+ au_to_arg64.3bsm \
+ au_to_attr.3bsm \
+ au_to_cmd.3bsm \
+ au_to_data.3bsm \
+ au_to_groups.3bsm \
+ au_to_in_addr.3bsm \
+ au_to_ipc.3bsm \
+ au_to_iport.3bsm \
+ au_to_me.3bsm \
+ au_to_newgroups.3bsm \
+ au_to_opaque.3bsm \
+ au_to_path.3bsm \
+ au_to_process.3bsm \
+ au_to_process_ex.3bsm \
+ au_to_return.3bsm \
+ au_to_return32.3bsm \
+ au_to_return64.3bsm \
+ au_to_socket.3bsm \
+ au_to_subject.3bsm \
+ au_to_subject_ex.3bsm \
+ au_to_text.3bsm \
+ au_write.3bsm \
+ endac.3bsm \
+ endauclass.3bsm \
+ endauevent.3bsm \
+ endauuser.3bsm \
+ endddent.3bsm \
+ getacdir.3bsm \
+ getacflg.3bsm \
+ getacmin.3bsm \
+ getacna.3bsm \
+ getauclassent_r.3bsm \
+ getauclassnam.3bsm \
+ getauclassnam_r.3bsm \
+ getauditflagsbin.3bsm \
+ getauditflagschar.3bsm \
+ getauevent_r.3bsm \
+ getauevnam.3bsm \
+ getauevnam_r.3bsm \
+ getauevnonam.3bsm \
+ getauevnum.3bsm \
+ getauevnum_r.3bsm \
+ getauuserent.3bsm \
+ getauuserent_r.3bsm \
+ getauusernam_r.3bsm \
+ getddnam.3bsm \
+ setac.3bsm \
+ setauclass.3bsm \
+ setauevent.3bsm \
+ setauuser.3bsm \
+ setddent.3bsm \
+ setddfile.3bsm
+
+MANFILES += $(MANSOFILES)
+
+au_close.3bsm := SOSRC = man3bsm/au_open.3bsm
+au_write.3bsm := SOSRC = man3bsm/au_open.3bsm
+
+au_to_arg.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_arg32.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_arg64.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_attr.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_cmd.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_data.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_groups.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_in_addr.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_ipc.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_iport.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_me.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_newgroups.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_opaque.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_path.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_process.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_process_ex.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_return.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_return32.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_return64.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_socket.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_subject.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_subject_ex.3bsm := SOSRC = man3bsm/au_to.3bsm
+au_to_text.3bsm := SOSRC = man3bsm/au_to.3bsm
+
+endac.3bsm := SOSRC = man3bsm/getacinfo.3bsm
+getacdir.3bsm := SOSRC = man3bsm/getacinfo.3bsm
+getacflg.3bsm := SOSRC = man3bsm/getacinfo.3bsm
+getacmin.3bsm := SOSRC = man3bsm/getacinfo.3bsm
+getacna.3bsm := SOSRC = man3bsm/getacinfo.3bsm
+setac.3bsm := SOSRC = man3bsm/getacinfo.3bsm
+
+endauclass.3bsm := SOSRC = man3bsm/getauclassent.3bsm
+getauclassent_r.3bsm := SOSRC = man3bsm/getauclassent.3bsm
+getauclassnam.3bsm := SOSRC = man3bsm/getauclassent.3bsm
+getauclassnam_r.3bsm := SOSRC = man3bsm/getauclassent.3bsm
+setauclass.3bsm := SOSRC = man3bsm/getauclassent.3bsm
+
+getauditflagsbin.3bsm := SOSRC = man3bsm/getauditflags.3bsm
+getauditflagschar.3bsm := SOSRC = man3bsm/getauditflags.3bsm
+
+endauevent.3bsm := SOSRC = man3bsm/getauevent.3bsm
+getauevent_r.3bsm := SOSRC = man3bsm/getauevent.3bsm
+getauevnam.3bsm := SOSRC = man3bsm/getauevent.3bsm
+getauevnam_r.3bsm := SOSRC = man3bsm/getauevent.3bsm
+getauevnonam.3bsm := SOSRC = man3bsm/getauevent.3bsm
+getauevnum.3bsm := SOSRC = man3bsm/getauevent.3bsm
+getauevnum_r.3bsm := SOSRC = man3bsm/getauevent.3bsm
+setauevent.3bsm := SOSRC = man3bsm/getauevent.3bsm
+
+endauuser.3bsm := SOSRC = man3bsm/getauusernam.3bsm
+getauuserent.3bsm := SOSRC = man3bsm/getauusernam.3bsm
+getauuserent_r.3bsm := SOSRC = man3bsm/getauusernam.3bsm
+getauusernam_r.3bsm := SOSRC = man3bsm/getauusernam.3bsm
+setauuser.3bsm := SOSRC = man3bsm/getauusernam.3bsm
+
+endddent.3bsm := SOSRC = man3bsm/getddent.3bsm
+getddnam.3bsm := SOSRC = man3bsm/getddent.3bsm
+setddent.3bsm := SOSRC = man3bsm/getddent.3bsm
+setddfile.3bsm := SOSRC = man3bsm/getddent.3bsm
+
+.KEEP_STATE:
+
+include ../Makefile.man
+
+install: $(ROOTMANFILES)
diff --git a/usr/src/man/man3bsm/au_open.3bsm b/usr/src/man/man3bsm/au_open.3bsm
new file mode 100644
index 0000000000..5f34916519
--- /dev/null
+++ b/usr/src/man/man3bsm/au_open.3bsm
@@ -0,0 +1,126 @@
+'\" te
+.\" Copyright (c) 2005, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH au_open 3BSM "31 Mar 2005" "SunOS 5.11" "Security and Auditing Library Functions"
+.SH NAME
+au_open, au_close, au_write \- construct and write audit records
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR... ] \fIfile\fR... \fB-lbsm\fR \fB -lsocket \fR \fB -lnsl \fR [ \fIlibrary\fR... ]
+#include <bsm/libbsm.h>
+
+\fBint\fR \fBau_close\fR(\fBint\fR \fId\fR, \fBint\fR \fIkeep\fR, \fBshort\fR \fIevent\fR);
+.fi
+
+.LP
+.nf
+\fBint\fR \fBau_open\fR(\fB\fR\fIvoid\fR);
+.fi
+
+.LP
+.nf
+\fBint\fR \fBau_write\fR(\fBint\fR \fId\fR, \fBtoken_t *\fR\fIm\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBau_open()\fR function returns an audit record descriptor to which audit
+tokens can be written using \fBau_write()\fR. The audit record descriptor is an
+integer value that identifies a storage area where audit records are
+accumulated.
+.sp
+.LP
+The \fBau_close()\fR function terminates the life of an audit record \fId\fR
+of type \fIevent\fR started by \fBau_open()\fR. If the \fIkeep\fR parameter is
+\fBAU_TO_NO_WRITE\fR, the data contained therein is discarded. If the
+\fIkeep\fR parameter is \fBAU_TO_WRITE\fR, the additional parameters are used
+to create a header token. Depending on the audit policy information obtained
+by \fBauditon\fR(2), additional tokens such as \fIsequence\fR and
+\fItrailer\fR tokens can be added to the record. The \fBau_close()\fR function
+then writes the record to the audit trail by calling \fBaudit\fR(2). Any
+memory used is freed by calling \fBfree\fR(3C).
+.sp
+.LP
+The \fBau_write()\fR function adds the audit token pointed to by \fIm\fR to the
+audit record identified by the descriptor \fId\fR. After this call is made the
+audit token is no longer available to the caller.
+.SH RETURN VALUES
+.sp
+.LP
+Upon successful completion, \fBau_open()\fR returns an audit record descriptor.
+If a descriptor could not be allocated, \fBau_open()\fR returns \fB\(mi1\fR and
+sets \fBerrno\fR to indicate the error.
+.sp
+.LP
+Upon successful completion, \fBau_close()\fR returns \fB0\fR. If \fId\fR is an
+invalid or corrupted descriptor or if \fBaudit()\fR fails, \fBau_close()\fR
+returns \(mi1 without setting \fBerrno\fR. If \fBaudit()\fR fails, \fBerrno\fR
+is set to one of the error values described on the \fBaudit\fR(2) manual page.
+.sp
+.LP
+Upon successful completion, \fBau_write()\fR returns \fB0\fR. If \fId\fR is an
+invalid descriptor or \fIm\fR is an invalid token, or if \fBaudit()\fR fails,
+\fBau_write()\fR returns \(mi1 without setting \fBerrno\fR. If \fBaudit()\fR
+fails, \fBerrno\fR is set to one of the error values described on the
+\fBaudit\fR(2) manual page.
+.SH ERRORS
+.sp
+.LP
+The \fBau_open()\fR function will fail if:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBENOMEM\fR\fR
+.ad
+.RS 10n
+.rt
+The physical limits of the system have been exceeded such that sufficient
+memory cannot be allocated.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBEAGAIN\fR\fR
+.ad
+.RS 10n
+.rt
+There is currently insufficient memory available. The application can try again
+later.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i)
+lw(2.75i) |lw(2.75i)
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityStable
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBbsmconv\fR(1M), \fBaudit\fR(2), \fBauditon\fR(2), \fBau_preselect\fR(3BSM),
+\fBau_to\fR(3BSM), \fBfree\fR(3C), \fBattributes\fR(5)
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the
+Solaris Auditing has been enabled. See \fBbsmconv\fR(1M) for more information.
diff --git a/usr/src/man/man3bsm/au_preselect.3bsm b/usr/src/man/man3bsm/au_preselect.3bsm
new file mode 100644
index 0000000000..d601a705d5
--- /dev/null
+++ b/usr/src/man/man3bsm/au_preselect.3bsm
@@ -0,0 +1,166 @@
+'\" te
+.\" Copyright (c) 2005, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH au_preselect 3BSM "31 Mar 2005" "SunOS 5.11" "Security and Auditing Library Functions"
+.SH NAME
+au_preselect \- preselect an audit event
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR... ] \fIfile\fR... \fB-lbsm\fR \fB -lsocket \fR \fB -lnsl \fR [ \fIlibrary\fR... ]
+#include <bsm/libbsm.h>
+
+\fBint\fR \fBau_preselect\fR(\fBau_event_t\fR \fIevent\fR, \fBau_mask_t *\fR\fImask_p\fR, \fBint\fR \fIsorf\fR, \fBint\fR \fIflag\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBau_preselect()\fR function determines whether the audit event
+\fIevent\fR is preselected against the binary preselection mask pointed to by
+\fImask_p\fR (usually obtained by a call to \fBgetaudit\fR(2)). The
+\fBau_preselect()\fR function looks up the classes associated with \fIevent\fR
+in \fBaudit_event\fR(4) and compares them with the classes in \fImask_p\fR. If
+the classes associated with \fIevent\fR match the classes in the specified
+portions of the binary preselection mask pointed to by \fImask_p\fR, the event
+is said to be preselected.
+.sp
+.LP
+The \fIsorf\fR argument indicates whether the comparison is made with the
+success portion, the failure portion, or both portions of the mask pointed to
+by \fImask_p\fR.
+.sp
+.LP
+The following are the valid values of \fIsorf\fR:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBAU_PRS_SUCCESS\fR\fR
+.ad
+.RS 18n
+.rt
+Compare the event class with the success portion of the preselection mask.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBAU_PRS_FAILURE\fR\fR
+.ad
+.RS 18n
+.rt
+Compare the event class with the failure portion of the preselection mask.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBAU_PRS_BOTH\fR\fR
+.ad
+.RS 18n
+.rt
+Compare the event class with both the success and failure portions of the
+preselection mask.
+.RE
+
+.sp
+.LP
+The \fIflag\fR argument tells \fBau_preselect()\fR how to read the
+\fBaudit_event\fR(4) database. Upon initial invocation, \fBau_preselect()\fR
+reads the \fBaudit_event\fR(4) database and allocates space in an internal
+cache for each entry with \fBmalloc\fR(3C). In subsequent invocations, the
+value of \fIflag\fR determines where \fBau_preselect()\fR obtains audit event
+information. The following are the valid values of \fIflag\fR:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBAU_PRS_REREAD\fR\fR
+.ad
+.RS 19n
+.rt
+Get audit event information by searching the \fBaudit_event\fR(4) database.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBAU_PRS_USECACHE\fR\fR
+.ad
+.RS 19n
+.rt
+Get audit event information from internal cache created upon the initial
+invocation. This option is much faster.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+Upon successful completion,\fBau_preselect()\fR returns 0 if \fIevent\fR is not
+preselected or 1 if \fIevent\fR is preselected. If \fBau_preselect()\fR could
+not allocate memory or could not find \fIevent\fR in the \fBaudit_event\fR(4)
+database, \(mi1 is returned.
+.SH FILES
+.sp
+.ne 2
+.mk
+.na
+\fB\fB/etc/security/audit_class\fR\fR
+.ad
+.RS 29n
+.rt
+file mapping audit class number to audit class names and descriptions
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB/etc/security/audit_event\fR\fR
+.ad
+.RS 29n
+.rt
+file mappint audit even number to audit event names and associates
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for a description of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i)
+lw(2.75i) |lw(2.75i)
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityStable
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBbsmconv\fR(1M), \fBgetaudit\fR(2), \fBau_open\fR(3BSM),
+\fBgetauclassent\fR(3BSM), \fBgetauevent\fR(3BSM), \fBmalloc\fR(3C),
+\fBaudit_class\fR(4), \fBaudit_event\fR(4), \fBattributes\fR(5)
+.SH NOTES
+.sp
+.LP
+The \fBau_preselect()\fR function is normally called prior to constructing and
+writing an audit record. If the event is not preselected, the overhead of
+constructing and writing the record can be saved.
+.sp
+.LP
+The functionality described on this manual page is available only if the
+Solaris Auditing has been enabled. See \fBbsmconv\fR(1M) for more information.
diff --git a/usr/src/man/man3bsm/au_to.3bsm b/usr/src/man/man3bsm/au_to.3bsm
new file mode 100644
index 0000000000..2b58e33d4c
--- /dev/null
+++ b/usr/src/man/man3bsm/au_to.3bsm
@@ -0,0 +1,285 @@
+'\" te
+.\" Copyright (c) 2005, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH au_to 3BSM "31 Mar 2005" "SunOS 5.11" "Security and Auditing Library Functions"
+.SH NAME
+au_to, au_to_arg, au_to_arg32, au_to_arg64, au_to_attr, au_to_cmd, au_to_data,
+au_to_groups, au_to_in_addr, au_to_ipc, au_to_iport, au_to_me, au_to_newgroups,
+au_to_opaque, au_to_path, au_to_process, au_to_process_ex, au_to_return,
+au_to_return32, au_to_return64, au_to_socket, au_to_subject, au_to_subject_ex,
+au_to_text \- create audit record tokens
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR... ] \fIfile\fR... \fB-lbsm\fR \fB -lsocket \fR \fB -lnsl \fR [ \fIlibrary\fR... ]
+#include <sys/types.h>
+#include <sys/vnode.h>
+#include <netinet/in.h>
+#include <bsm/libbsm.h>
+
+\fBtoken_t *\fR\fBau_to_arg\fR(\fBchar\fR \fIn\fR, \fBchar *\fR\fItext\fR, \fBuint32_t\fR \fIv\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t *\fR\fBau_to_arg32\fR(\fBchar\fR \fIn\fR, \fBchar *\fR\fItext\fR, \fBuint32_t\fR \fIv\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t *\fR\fBau_to_arg64\fR(\fBchar\fR \fIn\fR, \fBchar *\fR\fItext\fR, \fBuint64_t\fR \fIv\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t *\fR\fBau_to_attr\fR(\fBstruct vattr *\fR\fIattr\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t *\fR\fBau_to_cmd\fR(\fBuint_t\fR \fIargc\fR, \fBchar **\fR\fIargv\fR, \fBchar **\fR\fIenvp\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t *\fR\fBau_to_data\fR(\fBchar\fR \fIunit_print\fR, \fBchar\fR \fIunit_type\fR, \fBchar\fR \fIunit_count\fR,
+ \fBchar *\fR\fIp\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t *\fR\fBau_to_groups\fR(\fBint *\fR\fIgroups\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t *\fR\fBau_to_in_addr\fR(\fBstruct in_addr *\fR\fIinternet_addr\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t *\fR\fBau_to_ipc\fR(\fBchar\fR \fItype\fR, \fBint\fR \fIid\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t *\fR\fBau_to_iport\fR(\fBu_short_t\fR \fIiport\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t *\fR\fBau_to_me\fR(\fBvoid\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t *\fR\fBau_to_newgroups\fR(\fBint\fR \fIn\fR, \fBgid_t *\fR\fIgroups\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t\fR \fB*au_to_opaque\fR(\fBchar *\fR\fIdata\fR, \fBshort\fR \fIbytes\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t *\fR\fBau_to_path\fR(\fBchar *\fR\fIpath\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t *\fR\fBau_to_process\fR(\fBau_id_t\fR \fIauid\fR, \fBuid_t\fR \fIeuid\fR, \fBgid_t\fR \fIegid\fR,
+ \fBuid_t\fR \fIruid\fR, \fBgid_t\fR \fIrgid\fR, \fBpid_t\fR \fIpid\fR, \fBau_asid_t\fR \fIsid\fR, \fBau_tid_t *\fR\fItid\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t *\fR\fBau_to_process_ex\fR(\fBau_id_t\fR \fIauid\fR, \fBuid_t\fR \fIeuid\fR, \fBgid_t\fR \fIegid\fR,
+ \fBuid_t\fR \fIruid\fR, \fBgid_t\fR \fIrgid\fR, \fBpid_t\fR \fIpid\fR, \fBau_asid_t\fR \fIsid\fR, \fBau_tid_addr_t *\fR\fItid\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t *\fR\fBau_to_return\fR(\fBchar\fR \fInumber\fR, \fBuin32t_t\fR \fIvalue\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t *\fR\fBau_to_return32\fR(\fBchar\fR \fInumber\fR, \fBuin32t_t\fR \fIvalue\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t *\fR\fBau_to_return64\fR(\fBchar\fR \fInumber\fR, \fBuin64t_t\fR \fIvalue\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t *\fR\fBau_to_socket\fR(\fBstruct oldsocket *\fR\fIso\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t *\fR\fBau_to_subject\fR(\fBau_id_t\fR \fIauid\fR, \fBuid_t\fR \fIeuid\fR, \fBgid_t\fR \fIegid\fR,
+ \fBuid_t\fR \fIruid\fR, \fBgid_t\fR \fIrgid\fR, \fBpid_t\fR \fIpid\fR, \fBau_asid_t\fR \fIsid\fR, \fBau_tid_t *\fR\fItid\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t *\fR\fBau_to_subject_ex\fR(\fBau_id_t\fR \fIauid\fR, \fBuid_t\fR \fIeuid\fR, \fBgid_t\fR \fIegid\fR,
+ \fBuid_t\fR \fIruid\fR, \fBgid_t\fR \fIrgid\fR, \fBpid_t\fR \fIpid\fR, \fBau_asid_t\fR \fIsid\fR, \fBau_tid_addr_t *\fR\fItid\fR);
+.fi
+
+.LP
+.nf
+\fBtoken_t *\fR\fBau_to_text\fR(\fBchar *\fR\fItext\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBau_to_arg()\fR, \fBau_to_arg32()\fR, and \fBau_to_arg64()\fR functions
+format the data in \fIv\fR into an "argument token". The \fIn\fR argument
+indicates the argument number. The \fItext\fR argument is a null-terminated
+string describing the argument.
+.sp
+.LP
+The \fBau_to_attr()\fR function formats the data pointed to by \fIattr\fR into
+a "vnode attribute token".
+.sp
+.LP
+The \fBau_to_cmd()\fR function formats the data pointed to by \fIargv\fR into a
+"command token". A command token reflects a command and its parameters as
+entered. For example, the \fBpfexec\fR(1) utility uses \fBau_to_cmd()\fR to
+record the command and arguments it reads from the command line.
+.sp
+.LP
+The \fBau_to_data()\fR function formats the data pointed to by \fIp\fR into an
+"arbitrary data token". The \fIunit_print\fR parameter determines the preferred
+display base of the data and is one of \fBAUP_BINARY\fR, \fBAUP_OCTAL\fR,
+\fBAUP_DECIMAL\fR, \fBAUP_HEX\fR, or \fBAUP_STRING\fR. The \fIunit_type\fR
+parameter defines the basic unit of data and is one of \fBAUR_BYTE\fR,
+\fBAUR_CHAR\fR, \fBAUR_SHORT\fR, \fBAUR_INT\fR, or \fBAUR_LONG\fR. The
+\fIunit_count\fR parameter specifies the number of basic data units to be used
+and must be positive.
+.sp
+.LP
+The \fBau_to_groups()\fR function formats the array of 16 integers pointed to
+by \fIgroups\fR into a "groups token". The \fBau_to_newgroups()\fR function
+(see below) should be used in place of this function.
+.sp
+.LP
+The \fBau_to_in_addr()\fR function formats the data pointed to by
+\fIinternet_addr\fR into an "internet address token".
+.sp
+.LP
+The \fBau_to_ipc()\fR function formats the data in the \fIid\fR parameter into
+an "interprocess communications \fBID\fR token".
+.sp
+.LP
+The \fBau_to_iport()\fR function formats the data pointed to by \fIiport\fR
+into an "ip port address token".
+.sp
+.LP
+The \fBau_to_me()\fR function collects audit information from the current
+process and creates a "subject token" by calling \fBau_to_subject()\fR.
+.sp
+.LP
+The \fBau_to_newgroups()\fR function formats the array of \fIn\fR integers
+pointed to by \fIgroups\fR into a "newgroups token". This function should be
+used in place of \fBau_to_groups()\fR.
+.sp
+.LP
+The \fBau_to_opaque()\fR function formats the \fIbytes\fR bytes pointed to by
+\fIdata\fR into an "opaque token". The value of \fIsize\fR must be positive.
+.sp
+.LP
+The \fBau_to_path()\fR function formats the path name pointed to by \fIpath\fR
+into a ``path token.''
+.sp
+.LP
+The \fBau_to_process()\fR function formats an \fIauid\fR (audit user \fBID\fR),
+an \fIeuid\fR (effective user \fBID\fR), an \fIegid\fR (effective group
+\fBID\fR), a \fIruid\fR (real user \fBID\fR), a \fIrgid\fR (real group
+\fBID\fR), a \fIpid\fR (process \fBID\fR), an \fIsid\fR (audit session
+\fBID\fR), and a \fItid\fR (audit terminal \fBID\fR containing an IPv4 IP
+address), into a "process token". A process token should be used when the
+process is the object of an action (ie. when the process is the receiver of a
+signal). The \fBau_to_process_ex()\fR function (see below) should be used in
+place of this function.
+.sp
+.LP
+The \fBau_to_process_ex()\fR function formats an \fIauid\fR (audit user
+\fBID),\fR an \fIeuid\fR (effective user \fBID),\fR an \fIegid\fR (effective
+group \fBID),\fR a \fIruid\fR (real user \fBID),\fR a \fIrgid\fR (real group
+\fBID),\fR a \fIpid\fR (process \fBID),\fR an \fIsid\fR (audit session
+\fBID),\fR and a \fItid\fR (audit terminal \fBID containing an IPv4 or IPv6 IP
+address),\fR into a "process token". A process token should be used when the
+process is the object of an action (that is, when the process is the receiver
+of a signal). This function should be used in place of \fBau_to_process()\fR.
+.sp
+.LP
+The \fBau_to_return()\fR, \fBau_to_return32()\fR, and \fBau_to_return64()\fR
+functions format an error number \fInumber\fR and a return value \fIvalue\fR
+into a "return value token".
+.sp
+.LP
+The \fBau_to_socket()\fR function format the data pointed to by \fIso\fR into a
+``socket token.''
+.sp
+.LP
+The \fBau_to_subject()\fR function formats an \fIauid\fR (audit user \fBID\fR),
+an \fIeuid\fR (effective user \fBID\fR), an \fIegid\fR (effective group
+\fBID\fR), a \fIruid\fR (real user \fBID\fR), an \fIrgid\fR (real group
+\fBID\fR), a \fIpid\fR (process \fBID\fR), an \fIsid\fR (audit session
+\fBID\fR), an \fItid\fR (audit terminal \fBID\fR containing an IPv4 IP
+address), into a "subject token". The \fBau_to_subject_ex()\fR function (see
+below) should be used in place of this function.
+.sp
+.LP
+The \fBau_to_subject_ex()\fR function formats an \fIauid\fR (audit user
+\fBID),\fR an \fIeuid\fR (effective user \fBID),\fR an \fIegid\fR (effective
+group \fBID),\fR a \fIruid\fR (real user \fBID),\fR an \fIrgid\fR (real group
+\fBID),\fR a \fIpid\fR (process \fBID),\fR an \fIsid\fR (audit session
+\fBID),\fR an \fItid\fR (audit terminal \fBID containing an IPv4 or IPv6 IP
+address),\fR into a "subject token". This function should be used in place of
+\fBau_to_subject()\fR.
+.sp
+.LP
+The \fBau_to_text()\fR function formats the null-terminated string pointed to
+by \fItext\fR into a "text token".
+.SH RETURN VALUES
+.sp
+.LP
+These functions return \fINULL\fR if memory cannot be allocated to put the
+resultant token into, or if an error in the input is detected.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for a description of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i)
+lw(2.75i) |lw(2.75i)
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityStable
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBbsmconv\fR(1M), \fBau_open\fR(3BSM), \fBattributes\fR(5)
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the
+Solaris Auditing has been enabled. See \fBbsmconv\fR(1M) for more information.
diff --git a/usr/src/man/man3bsm/au_user_mask.3bsm b/usr/src/man/man3bsm/au_user_mask.3bsm
new file mode 100644
index 0000000000..d445efd6cc
--- /dev/null
+++ b/usr/src/man/man3bsm/au_user_mask.3bsm
@@ -0,0 +1,103 @@
+'\" te
+.\" Copyright (c) 2005, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH au_user_mask 3BSM "31 Mar 2005" "SunOS 5.11" "Security and Auditing Library Functions"
+.SH NAME
+au_user_mask \- get user's binary preselection mask
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR... ] \fIfile\fR... \fB-lbsm\fR \fB -lsocket \fR \fB -lnsl \fR [ \fIlibrary\fR... ]
+#include <bsm/libbsm.h>
+
+\fBint\fR \fBau_user_mask\fR(\fBchar *\fR\fIusername\fR, \fBau_mask_t *\fR\fImask_p\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBau_user_mask()\fR function reads the default, system wide audit classes
+from \fBaudit_control\fR(4), combines them with the per-user audit classes
+from the \fBaudit_user\fR(4) database, and updates the binary preselection mask
+pointed to by \fImask_p\fR with the combined value.
+.sp
+.LP
+The audit flags in the \fIflags\fR field of the \fBaudit_control\fR(4) database
+and the \fIalways-audit-flags\fR and \fInever-audit-flags\fR from the
+\fBaudit_user\fR(4) database represent binary audit classes. These fields are
+combined by \fBau_preselect\fR(3BSM) as follows:
+.sp
+.LP
+mask = ( \fIflags\fR + \fIalways-audit-flags\fR) \(mi \fInever-audit-flags\fR
+.sp
+.LP
+The \fBau_user_mask()\fR function fails only if both the both the
+\fBaudit_control\fR(4) and the \fBaudit_user\fR(4) database entries could not
+be retrieved. This allows for flexible configurations.
+.SH RETURN VALUES
+.sp
+.LP
+Upon successful completion, \fBau_user_mask()\fR returns 0. It fails and
+returns \(mi1 if both the \fBaudit_control\fR(4) and the \fBaudit_user\fR(4)
+database entries could not be retrieved.
+.SH FILES
+.sp
+.ne 2
+.mk
+.na
+\fB\fB/etc/security/audit_control\fR\fR
+.ad
+.sp .6
+.RS 4n
+file containing default parameters read by the audit daemon, \fBauditd\fR(1M)
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB/etc/security/audit_user\fR\fR
+.ad
+.sp .6
+.RS 4n
+file that stores per-user audit event mask
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i)
+lw(2.75i) |lw(2.75i)
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityStable
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBlogin\fR(1), \fBbsmconv\fR(1M), \fBgetaudit\fR(2), \fBsetaudit\fR(2),
+\fBau_preselect\fR(3BSM), \fBgetacinfo\fR(3BSM), \fBgetauusernam\fR(3BSM),
+\fBaudit_control\fR(4), \fBaudit_user\fR(4), \fBattributes\fR(5)
+.SH NOTES
+.sp
+.LP
+The \fBau_user_mask()\fR function should be called by programs like
+\fBlogin\fR(1) which set a process's preselection mask with \fBsetaudit\fR(2).
+\fBgetaudit\fR(2) should be used to obtain audit characteristics for the
+current process.
+.sp
+.LP
+The functionality described on this manual page is available only if the
+Solaris Auditing has been enabled. See \fBbsmconv\fR(1M) for more information.
diff --git a/usr/src/man/man3bsm/getacinfo.3bsm b/usr/src/man/man3bsm/getacinfo.3bsm
new file mode 100644
index 0000000000..2cc31b6c79
--- /dev/null
+++ b/usr/src/man/man3bsm/getacinfo.3bsm
@@ -0,0 +1,212 @@
+'\" te
+.\" Copyright (c) 2005, Sun Microsystems, Inc.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH getacinfo 3BSM "31 Mar 2005" "SunOS 5.11" "Security and Auditing Library Functions"
+.SH NAME
+getacinfo, getacdir, getacflg, getacmin, getacna, setac, endac \- get audit
+control file information
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR... ] \fIfile\fR... \fB-lbsm\fR \fB -lsocket \fR \fB -lnsl \fR [ \fIlibrary\fR... ]
+#include <bsm/libbsm.h>
+
+\fBint\fR \fBgetacdir\fR(\fB char *\fR\fIdir\fR, \fBint\fR \fIlen\fR);
+.fi
+
+.LP
+.nf
+\fBint\fR \fBgetacmin\fR(\fB int *\fR\fImin_val\fR);
+.fi
+
+.LP
+.nf
+\fBint\fR \fBgetacflg\fR(\fB char *\fR\fIauditstring\fR, \fBint\fR \fIlen\fR);
+.fi
+
+.LP
+.nf
+\fBint\fR \fBgetacna\fR(\fB char *\fR\fIauditstring\fR, \fBint\fR \fIlen\fR);
+.fi
+
+.LP
+.nf
+\fBvoid\fR \fBsetac\fR(\fBvoid\fR);
+.fi
+
+.LP
+.nf
+\fBvoid\fR \fBendac\fR(\fBvoid\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+When first called, \fBgetacdir()\fR provides information about the first audit
+directory in the \fBaudit_control\fR file. Thereafter, it returns the next
+directory in the file. Successive calls list all the directories listed in
+\fBaudit_control\fR(4) The \fIlen\fR argument specifies the length of the
+buffer \fIdir\fR. On return, \fIdir\fR points to the directory entry.
+.sp
+.LP
+The \fBgetacmin()\fR function reads the minimum value from the
+\fBaudit_control\fR file and returns the value in \fImin_val\fR. The minimum
+value specifies how full the file system to which the audit files are being
+written can get before the script \fBaudit_warn\fR(1M) is invoked.
+.sp
+.LP
+The \fBgetacflg()\fR function reads the system audit value from the
+\fBaudit_control\fR file and returns the value in \fIauditstring\fR. The
+\fIlen\fR argument specifies the length of the buffer \fIauditstring\fR.
+.sp
+.LP
+The \fBgetacna()\fR function reads the system audit value for non-attributable
+audit events from the \fBaudit_control\fR file and returns the value in
+\fIauditstring\fR. The \fIlen\fR argument specifies the length of the buffer
+\fIauditstring\fR. Non-attributable events are events that cannot be attributed
+to an individual user. The \fBinetd\fR(1M) utility and several other daemons
+record non-attributable events.
+.sp
+.LP
+The \fBsetac()\fR function rewinds the \fBaudit_control\fR file to allow
+repeated searches.
+.sp
+.LP
+The \fBendac()\fR function closes the \fBaudit_control\fR file when processing
+is complete.
+.SH FILES
+.sp
+.ne 2
+.mk
+.na
+\fB\fB/etc/security/audit_control\fR\fR
+.ad
+.sp .6
+.RS 4n
+file containing default parameters read by the audit daemon, \fBauditd\fR(1M)
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+The \fBgetacdir()\fR, \fBgetacflg()\fR, \fBgetacna()\fR, and \fBgetacmin()\fR
+functions return:
+.sp
+.ne 2
+.mk
+.na
+\fB\fB0\fR\fR
+.ad
+.RS 9n
+.rt
+on success.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB\(mi2\fR\fR
+.ad
+.RS 9n
+.rt
+on failure and set \fBerrno\fR to indicate the error.
+.RE
+
+.sp
+.LP
+The \fBgetacmin()\fR and \fBgetacflg()\fR functions return:
+.sp
+.ne 2
+.mk
+.na
+\fB\fB1\fR\fR
+.ad
+.RS 5n
+.rt
+on \fBEOF.\fR
+.RE
+
+.sp
+.LP
+The \fBgetacdir()\fR function returns:
+.sp
+.ne 2
+.mk
+.na
+\fB\fB\(mi1\fR\fR
+.ad
+.RS 9n
+.rt
+on \fBEOF.\fR
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB2\fR\fR
+.ad
+.RS 9n
+.rt
+if the directory search had to start from the beginning because one of the
+other functions was called between calls to \fBgetacdir()\fR.
+.RE
+
+.sp
+.LP
+These functions return:
+.sp
+.ne 2
+.mk
+.na
+\fB\fB\(mi3\fR\fR
+.ad
+.RS 9n
+.rt
+if the directory entry format in the \fBaudit_control\fR file is incorrect.
+.RE
+
+.sp
+.LP
+The \fBgetacdir()\fR, \fBgetacflg()\fR, and \fBgetacna()\fR functions return:
+.sp
+.ne 2
+.mk
+.na
+\fB\fB\(mi3\fR\fR
+.ad
+.RS 9n
+.rt
+if the input buffer is too short to accommodate the record.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i)
+lw(2.75i) |lw(2.75i)
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+MT-LevelSafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBaudit_warn\fR(1M), \fBbsmconv\fR(1M), \fBinetd\fR(1M),
+\fBaudit_control\fR(4), \fBattributes\fR(5)
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the
+Solaris Auditing has been enabled. See \fBbsmconv\fR(1M) for more information.
diff --git a/usr/src/man/man3bsm/getauclassent.3bsm b/usr/src/man/man3bsm/getauclassent.3bsm
new file mode 100644
index 0000000000..5235799612
--- /dev/null
+++ b/usr/src/man/man3bsm/getauclassent.3bsm
@@ -0,0 +1,155 @@
+'\" te
+.\" Copyright (c) 2005, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH getauclassent 3BSM "31 Mar 2005" "SunOS 5.11" "Security and Auditing Library Functions"
+.SH NAME
+getauclassent, getauclassnam, setauclass, endauclass, getauclassnam_r,
+getauclassent_r \- get audit_class entry
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR... ] \fIfile\fR... \fB-lbsm\fR \fB -lsocket \fR \fB -lnsl \fR [ \fIlibrary\fR... ]
+#include <sys/param.h>
+#include <bsm/libbsm.h>
+
+\fBstruct au_class_ent *\fR\fBgetauclassnam\fR(\fB const char *\fR\fIname\fR);
+.fi
+
+.LP
+.nf
+\fBstruct au_class_ent *\fR\fBgetauclassnam_r\fR(\fB au_class_ent_t *\fR\fIclass_int\fR,
+ \fBconst char *\fR\fIname\fR);
+.fi
+
+.LP
+.nf
+\fBstruct au_class_ent *\fR\fBgetauclassent\fR(\fBvoid\fR);
+.fi
+
+.LP
+.nf
+\fBstruct au_class_ent *\fR\fBgetauclassent_r\fR(\fB au_class_ent_t *\fR\fIclass_int\fR);
+.fi
+
+.LP
+.nf
+\fBvoid\fR \fBsetauclass\fR(\fBvoid\fR);
+.fi
+
+.LP
+.nf
+\fBvoid\fR \fBendauclass\fR(\fBvoid\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBgetauclassent()\fR function and \fBgetauclassnam()\fR each return an
+\fBaudit_class\fR entry.
+.sp
+.LP
+The \fBgetauclassnam()\fR function searches for an \fBaudit_class\fR entry with
+a given class name \fIname.\fR
+.sp
+.LP
+The \fBgetauclassent()\fR function enumerates audit_class entries. Successive
+calls to \fBgetauclassent()\fR return either successive audit_class entries or
+\fINULL\fR.
+.sp
+.LP
+The \fBsetauclass()\fR function ``rewinds'' to the beginning of the enumeration
+of audit_class entries. Calls to \fBgetauclassnam()\fR may leave the
+enumeration in an indeterminate state, so \fBsetauclass()\fR should be called
+before the first \fBgetauclassent()\fR.
+.sp
+.LP
+The \fBendauclass()\fR may be called to indicate that audit_class processing is
+complete; the system may then close any open audit_class file, deallocate
+storage, and so forth.
+.sp
+.LP
+The \fBgetauclassent_r()\fR and \fBgetauclassnam_r()\fR functions both return a
+pointer to an audit_class entry as do their similarly named counterparts. They
+each take an additional argument, a pointer to pre-allocated space for an
+\fBau_class_ent_t\fR, which is returned if the call is successful. To assure
+there is enough space for the information returned, the applications programmer
+should be sure to allocate \fBAU_CLASS_NAME_MAX\fR and \fBAU_CLASS_DESC_MAX\fR
+bytes for the \fBac_name\fR and \fBac_desc\fR members of the
+\fBau_class_ent_t\fR data structure.
+.sp
+.LP
+The internal representation of an \fBaudit_user\fR entry is an
+\fBau_class_ent\fR structure defined in <\fBbsm/libbsm.h\fR> with the
+following members:
+.sp
+.in +2
+.nf
+char *ac_name;
+au_class_t ac_class;
+char *ac_desc;
+.fi
+.in -2
+
+.SH RETURN VALUES
+.sp
+.LP
+The \fBgetauclassnam()\fR and \fBgetauclassnam_r()\fR functions return a
+pointer to a \fBau_class_ent\fR structure if they successfully locate the
+requested entry. Otherwise they return \fINULL\fR.
+.sp
+.LP
+The \fBgetauclassent()\fR and \fBgetauclassent_r()\fR functions return a
+pointer to a \fBau_class_ent\fR structure if they successfully enumerate an
+entry. Otherwise they return \fINULL\fR, indicating the end of the enumeration.
+.SH FILES
+.sp
+.ne 2
+.mk
+.na
+\fB\fB/etc/security/audit_class\fR\fR
+.ad
+.RS 29n
+.rt
+file that aps audit class numbers to audit class names
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i)
+lw(2.75i) |lw(2.75i)
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+MT-LevelMT-Safe with exceptions.
+.TE
+
+.sp
+.LP
+All of the functions described on this man-page are MT-Safe except
+\fBgetauclassent()\fR and \fBgetauclassnam\fR, which are Unsafe. The
+\fBgetauclassent_r()\fR and \fBgetauclassnam_r()\fR functions have the same
+functionality as the Unsafe functions, but have a slightly different function
+call interface to make them MT-Safe.
+.SH SEE ALSO
+.sp
+.LP
+\fBbsmconv\fR(1M), \fBaudit_class\fR(4), \fBaudit_event\fR(4),
+\fBattributes\fR(5)
+.SH NOTES
+.sp
+.LP
+All information is contained in a static area, so it must be copied if it is to
+be saved.
+.sp
+.LP
+The functionality described on this manual page is available only if the
+Solaris Auditing has been enabled. See \fBbsmconv\fR(1M) for more information.
diff --git a/usr/src/man/man3bsm/getauditflags.3bsm b/usr/src/man/man3bsm/getauditflags.3bsm
new file mode 100644
index 0000000000..f6f475c292
--- /dev/null
+++ b/usr/src/man/man3bsm/getauditflags.3bsm
@@ -0,0 +1,82 @@
+'\" te
+.\" Copyright (c) 2005, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH getauditflags 3BSM "31 Mar 2005" "SunOS 5.11" "Security and Auditing Library Functions"
+.SH NAME
+getauditflags, getauditflagsbin, getauditflagschar \- convert audit flag
+specifications
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR... ] \fIfile\fR... \fB-lbsm\fR \fB -lsocket \fR \fB -lnsl \fR [ \fIlibrary\fR... ]
+#include <sys/param.h>
+#include <bsm/libbsm.h>
+
+\fBint\fR \fBgetauditflagsbin\fR(\fBchar *\fR\fIauditstring\fR, \fBau_mask_t *\fR\fImasks\fR);
+.fi
+
+.LP
+.nf
+\fBint\fR \fBgetauditflagschar\fR(\fBchar *\fR\fIauditstring\fR, \fBau_mask_t *\fR\fImasks\fR, \fBint\fR \fIverbose\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBgetauditflagsbin()\fR function converts the character representation of
+audit values pointed to by \fIauditstring\fR into \fBau_mask_t\fR fields
+pointed to by \fImasks\fR. These fields indicate which events are to be audited
+when they succeed and which are to be audited when they fail. The character
+string syntax is described in \fBaudit_control\fR(4).
+.sp
+.LP
+The \fBgetauditflagschar()\fR function converts the \fBau_mask_t\fR fields
+pointed to by \fImasks\fR into a string pointed to by \fIauditstring\fR. If
+\fIverbose\fR is 0, the short (2-character) flag names are used. If
+\fIverbose\fR is non-zero, the long flag names are used. The \fIauditstring\fR
+argument should be large enough to contain the \fBASCII\fR representation of
+the events.
+.sp
+.LP
+The \fIauditstring\fR argument contains a series of event names, each one
+identifying a single audit class, separated by commas. The \fBau_mask_t\fR
+fields pointed to by \fImasks\fR correspond to binary values defined in
+<\fBbsm/audit.h\fR>, which is read by <\fBbsm/libbsm.h\fR>.
+.SH RETURN VALUES
+.sp
+.LP
+Upon successful completion, \fBgetauditflagsbin()\fR and
+\fBgetauditflagschar()\fR return 0. Otherwise they return \(mi1.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i)
+lw(2.75i) |lw(2.75i)
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBbsmconv\fR(1M), \fBaudit.log\fR(4), \fBaudit_control\fR(4),
+\fBattributes\fR(5)
+.SH BUGS
+.sp
+.LP
+This is not a very extensible interface.
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the
+Solaris Auditing has been enabled. See \fBbsmconv\fR(1M) for more information.
diff --git a/usr/src/man/man3bsm/getauevent.3bsm b/usr/src/man/man3bsm/getauevent.3bsm
new file mode 100644
index 0000000000..d89708ce88
--- /dev/null
+++ b/usr/src/man/man3bsm/getauevent.3bsm
@@ -0,0 +1,196 @@
+'\" te
+.\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH getauevent 3BSM "25 Jun 2008" "SunOS 5.11" "Security and Auditing Library Functions"
+.SH NAME
+getauevent, getauevnam, getauevnum, getauevnonam, setauevent, endauevent,
+getauevent_r, getauevnam_r, getauevnum_r \- get audit_event entry
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR... ] \fIfile\fR... \fB-lbsm\fR \fB -lsocket \fR \fB -lnsl \fR [ \fIlibrary\fR... ]
+#include <sys/param.h>
+#include <bsm/libbsm.h>
+
+\fBstruct au_event_ent *\fR\fBgetauevent\fR(\fBvoid\fR);
+.fi
+
+.LP
+.nf
+\fBstruct au_event_ent *\fR\fBgetauevnam\fR(\fBchar *\fR\fIname\fR);
+.fi
+
+.LP
+.nf
+\fBstruct au_event_ent *\fR\fBgetauevnum\fR(\fBau_event_t\fR \fIevent_number\fR);
+.fi
+
+.LP
+.nf
+\fBau_event_t\fR \fBgetauevnonam\fR(\fBchar *\fR\fIevent_name\fR);
+.fi
+
+.LP
+.nf
+\fBvoid\fR \fBsetauevent\fR(\fBvoid\fR);
+.fi
+
+.LP
+.nf
+\fBvoid\fR \fBendauevent\fR(\fBvoid\fR);
+.fi
+
+.LP
+.nf
+\fBstruct au_event_ent *\fR\fBgetauevent_r\fR(\fBau_event_ent_t *\fR\fIe\fR);
+.fi
+
+.LP
+.nf
+\fBstruct au_event_ent *\fR\fBgetauevnam_r\fR(\fBau_event_ent_t *\fR\fIe\fR, \fBchar *\fR\fIname\fR);
+.fi
+
+.LP
+.nf
+\fBstruct au_event_ent *\fR\fBgetauevnum_r\fR(\fBau_event_ent_t *\fR\fIe\fR,
+ \fBau_event_t\fR \fIevent_number\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+These functions document the programming interface for obtaining entries from
+the \fBaudit_event\fR(4) file. The \fBgetauevent()\fR, \fBgetauevnam()\fR,
+\fBgetauevnum()\fR, \fBgetauevent()\fR, \fBgetauevnam()\fR, and
+\fBgetauevnum()\fR functions each return a pointer to an \fBaudit_event\fR
+structure.
+.sp
+.LP
+The \fBgetauevent()\fR and \fBgetauevent_r()\fR functions enumerate
+\fBaudit_event\fR entries. Successive calls to these functions return either
+successive \fBaudit_event\fR entries or \fINULL\fR.
+.sp
+.LP
+The \fBgetauevnam()\fR and \fBgetauevnam_r()\fR functions search for an
+\fBaudit_event\fR entry with \fIevent_name\fR.
+.sp
+.LP
+The \fBgetauevnum()\fR and \fBgetauevnum_r()\fR functions search for an
+\fBaudit_event\fR entry with \fIevent_number\fR.
+.sp
+.LP
+The \fBgetauevnonam()\fR function searches for an \fBaudit_event\fR entry with
+\fIevent_name\fR and returns the corresponding event number.
+.sp
+.LP
+The \fBsetauevent()\fR function ``rewinds'' to the beginning of the enumeration
+of \fBaudit_event\fR entries. Calls to \fBgetauevnam()\fR,
+\fBgetauevnum()\fR, \fBgetauevnonum()\fR, \fBgetauevnam_r()\fR, or
+\fBgetauevnum_r()\fR can leave the enumeration in an indeterminate state. The
+\fBsetauevent()\fR function should be called before the first call to
+\fBgetauevent()\fR or \fBgetauevent_r()\fR.
+.sp
+.LP
+The \fBendauevent()\fR function can be called to indicate that
+\fBaudit_event\fR processing is complete. The system can then close any open
+\fBaudit_event\fR file, deallocate storage, and so forth.
+.sp
+.LP
+The \fBgetauevent_r()\fR, \fBgetauevnam_r()\fR, and \fBgetauevnum_r()\fR
+functions each take an argument \fIe\fR, which is a pointer to an
+\fBau_event_ent_t\fR. This pointer is returned on a successful function call.
+To assure there is enough space for the information returned, the applications
+programmer should be sure to allocate \fBAU_EVENT_NAME_MAX\fR and
+\fBAU_EVENT_DESC_MAX\fR bytes for the \fBae_name\fR and \fBac_desc\fR elements
+of the \fBau_event_ent_t\fR data structure.
+.sp
+.LP
+The internal representation of an \fBaudit_event\fR entry is an
+\fBau_event_ent\fR structure defined in <\fBbsm/libbsm.h\fR> with the following
+members:
+.sp
+.in +2
+.nf
+au_event_t ae_number
+char *ae_name;
+char *ae_desc*;
+au_class_t ae_class;
+.fi
+.in -2
+
+.SH RETURN VALUES
+.sp
+.LP
+The \fBgetauevent()\fR, \fBgetauevnam()\fR, \fBgetauevnum()\fR,
+\fBgetauevent_r()\fR, \fBgetauevnam_r()\fR, and \fBgetauevnum_r()\fR functions
+return a pointer to a \fBau_event_ent\fR structure if the requested entry is
+successfully located. Otherwise they return \fINULL\fR.
+.sp
+.LP
+The \fBgetauevnonam()\fR function returns an event number of type
+\fBau_event_t\fR if it successfully enumerates an entry. Otherwise it returns
+\fINULL\fR, indicating it could not find the requested event name.
+.SH FILES
+.sp
+.ne 2
+.mk
+.na
+\fB\fB/etc/security/audit_event\fR\fR
+.ad
+.RS 29n
+.rt
+file that maps audit event numbers to audit event names
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB/etc/passwd\fR\fR
+.ad
+.RS 29n
+.rt
+file that stores user-ID to username mappings
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i)
+lw(2.75i) |lw(2.75i)
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+MT-LevelMT-Safe with exceptions
+.TE
+
+.sp
+.LP
+The \fBgetauevent()\fR, \fBgetauevnam()\fR, and \fBgetauevnum()\fR functions
+are Unsafe. The equivalent functions \fBgetauevent_r()\fR,
+\fBgetauevnam_r()\fR, and \fBgetauevnum_r()\fR provide the same functionality
+and an MT-Safe function call interface.
+.SH SEE ALSO
+.sp
+.LP
+\fBbsmconv\fR(1M), \fBgetauclassent\fR(3BSM), \fBgetpwnam\fR(3C),
+\fBaudit_class\fR(4), \fBaudit_event\fR(4), \fBpasswd\fR(4),
+\fBattributes\fR(5)
+.SH NOTES
+.sp
+.LP
+All information for the \fBgetauevent()\fR, \fBgetauevnam()\fR, and
+\fBgetauevnum()\fR functions is contained in a static area, so it must be
+copied if it is to be saved.
+.sp
+.LP
+The functionality described on this manual page is available only if the
+Solaris Auditing has been enabled. See \fBbsmconv\fR(1M) for more information.
diff --git a/usr/src/man/man3bsm/getauusernam.3bsm b/usr/src/man/man3bsm/getauusernam.3bsm
new file mode 100644
index 0000000000..4911c214bc
--- /dev/null
+++ b/usr/src/man/man3bsm/getauusernam.3bsm
@@ -0,0 +1,163 @@
+'\" te
+.\" Copyright (c) 2005, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH getauusernam 3BSM "31 Mar 2005" "SunOS 5.11" "Security and Auditing Library Functions"
+.SH NAME
+getauusernam, getauuserent, setauuser, endauuser, getauusernam_r,
+getauuserent_r \- get audit_user entry
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR... ] \fIfile\fR... \fB-lbsm\fR \fB -lsocket \fR \fB -lnsl \fR [ \fIlibrary\fR... ]
+#include <sys/param.h>
+#include <bsm/libbsm.h>
+
+\fBstruct au_user_ent *\fR\fBgetauusernam\fR(\fBconst char *\fR\fIname\fR);
+.fi
+
+.LP
+.nf
+\fBstruct au_user_ent *\fR\fBgetauuserent\fR(\fBvoid\fR);
+.fi
+
+.LP
+.nf
+\fBvoid\fR \fBsetauuser\fR(\fBvoid\fR);
+.fi
+
+.LP
+.nf
+\fBvoid\fR \fBendauuser\fR(\fBvoid\fR);
+.fi
+
+.LP
+.nf
+\fBstruct au_user_ent *\fR\fBgetauusernam_r\fR(\fBau_user_ent_t *\fR\fIu\fR, \fBconst char *\fR\fIname\fR);
+.fi
+
+.LP
+.nf
+\fBstruct au_user_ent *\fR\fBgetauuserent_r\fR(\fBau_user_ent_t *\fR\fIu\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBgetauuserent()\fR, \fBgetauusernam()\fR, \fBgetauuserent_r()\fR, and
+\fBgetauusernam_r()\fR functions each return an \fBaudit_user\fR entry. Entries
+can come from any of the sources specified in the \fB/etc/nsswitch.conf\fR file
+(see \fBnsswitch.conf\fR(4)).
+.sp
+.LP
+The \fBgetauusernam()\fR and \fBgetauusernam_r()\fR functions search for an
+\fBaudit_user\fR entry with a given login name \fIname\fR.
+.sp
+.LP
+The \fBgetauuserent()\fR and \fBgetauuserent_r()\fR functions enumerate
+\fBaudit_user\fR entries; successive calls to these functions will return
+either successive \fBaudit_user\fR entries or \fINULL\fR.
+.sp
+.LP
+The \fBsetauuser()\fR function "rewinds" to the beginning of the enumeration of
+\fBaudit_user\fR entries. Calls to \fBgetauusernam()\fR and
+\fBgetauusernam_r()\fR may leave the enumeration in an indeterminate state, so
+\fBsetauuser()\fR should be called before the first call to
+\fBgetauuserent()\fR or \fBgetauuserent_r()\fR.
+.sp
+.LP
+The \fBendauuser()\fR function may be called to indicate that \fBaudit_user\fR
+processing is complete; the system may then close any open \fBaudit_user\fR
+file, deallocate storage, and so forth.
+.sp
+.LP
+The \fBgetauuserent_r()\fR and \fBgetauusernam_r()\fR functions both take as an
+argument a pointer to an \fBau_user_ent\fR that is returned on successful
+function calls.
+.sp
+.LP
+The internal representation of an \fBaudit_user\fR entry is an
+\fBau_user_ent\fR structure defined in <\fBbsm/libbsm.h\fR> with the following
+members:
+.sp
+.in +2
+.nf
+char *au_name;
+au_mask_t au_always;
+au_mask_t au_never;
+.fi
+.in -2
+
+.SH RETURN VALUES
+.sp
+.LP
+The \fBgetauusernam()\fR function returns a pointer to a \fBau_user_ent\fR
+structure if it successfully locates the requested entry. Otherwise it returns
+\fINULL\fR.
+.sp
+.LP
+The \fBgetauuserent()\fR function returns a pointer to a \fBau_user_ent\fR
+structure if it successfully enumerates an entry. Otherwise it returns
+\fINULL\fR, indicating the end of the enumeration.
+.SH USAGE
+.sp
+.LP
+The functionality described on this manual page is available only if the
+Solaris Auditing has been enabled. See \fBbsmconv\fR(1M) for more information.
+.SH FILES
+.sp
+.ne 2
+.mk
+.na
+\fB\fB/etc/security/audit_user\fR\fR
+.ad
+.RS 28n
+.rt
+file that stores per-user audit event mask
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB/etc/passwd\fR\fR
+.ad
+.RS 28n
+.rt
+file that stores user ID to username mappings
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i)
+lw(2.75i) |lw(2.75i)
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+MT-LevelMT-Safe with exceptions
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBbsmconv\fR(1M), \fBgetpwnam\fR(3C), \fBaudit_user\fR(4),
+\fBnsswitch.conf\fR(4), \fBpasswd\fR(4), \fBattributes\fR(5)
+.SH NOTES
+.sp
+.LP
+All information for the \fBgetauuserent()\fR and \fBgetauusernam()\fR functions
+is contained in a static area, so it must be copied if it is to be saved.
+.sp
+.LP
+The \fBgetauusernam()\fR and \fBgetauuserent()\fR functions are Unsafe in
+multithreaded applications. The \fBgetauusernam_r()\fR and
+\fBgetauuserent_r()\fR functions provide the same functionality with interfaces
+that are MT-Safe.
diff --git a/usr/src/man/man3bsm/getddent.3bsm b/usr/src/man/man3bsm/getddent.3bsm
new file mode 100644
index 0000000000..c460a6444c
--- /dev/null
+++ b/usr/src/man/man3bsm/getddent.3bsm
@@ -0,0 +1,132 @@
+'\" te
+.\" Copyright 2000 by Sun Microsystems, Inc. All rights reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH getddent 3BSM "11 Jan 2001" "SunOS 5.11" "Security and Auditing Library Functions"
+.SH NAME
+getddent, getddnam, setddent, endddent, setddfile \- get device_deallocate
+entry
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc \fR [\fIflag\fR]... \fIfile\fR... \fB-lbsm\fR [\fIlibrary\fR]...
+.fi
+
+.LP
+.nf
+#include <bsm/devices.h>
+
+\fBdevdealloc_t *\fR\fBgetddent\fR(\fBvoid\fR);
+.fi
+
+.LP
+.nf
+\fBdevdealloc_t *\fR\fBgetddnam\fR(\fBchar *\fR\fIname\fR);
+.fi
+
+.LP
+.nf
+\fBvoid\fR \fBsetddent\fR(\fBvoid\fR);
+.fi
+
+.LP
+.nf
+\fBvoid\fR \fBendddent\fR(\fBvoid\fR);
+.fi
+
+.LP
+.nf
+\fBvoid\fR \fBsetddfile\fR(\fBchar *\fR\fIfile\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBgetddent()\fR and \fBgetddnam()\fR functions each return a
+\fBdevice_deallocate\fR entry. The \fBgetddent()\fR function enumerates all
+\fBdevice_deallocate\fR entries. Successive calls to this function return
+either successive \fBdevice_deallocate\fR entries or \fINULL\fR. The
+\fBgetddnam()\fR function searches for a \fBdevice_deallocate\fR entry with a
+given device name.
+.sp
+.LP
+The internal representation of a \fBdevice_deallocate\fR entry is a
+\fBdevdealloc_t\fR structure defined in <\fBbsm/devices.h\fR> with the
+following members:
+.sp
+.in +2
+.nf
+char *dd_devname; /* device allocation name */
+char *dd_logout; /* deallocation action on user logout */
+char *dd_boot; /* deallocation action on system boot */
+.fi
+.in -2
+
+.sp
+.LP
+The \fBsetddent()\fR function "rewinds" to the beginning of the enumeration of
+\fBdevice_deallocate\fR entries. Calls to \fBgetddnam()\fR may leave the
+enumeration in an indeterminate state, so \fBsetddent()\fR should be called
+before the first call to \fBgetddent()\fR.
+.sp
+.LP
+The \fBendddent()\fR function can be called to indicate that
+\fBdevice_deallocate\fR processing is complete. The library can then close any
+open\fBdevice_deallocate\fR file, deallocate any internal storage, and so
+forth.
+.sp
+.LP
+The \fBsetddfile()\fR function changes the pathname used by the other functions
+for opening the \fBdevice_deallocate\fR file, allowing use of
+\fBdevice_deallocate\fR files other than the default file,
+\fB/etc/security/device_deallocate\fR.
+.SH RETURN VALUES
+.sp
+.LP
+The \fBgetddent()\fR function returns a pointer to a \fBdevdealloc_t\fR if it
+successfully enumerates an entry. Otherwise it returns \fINULL\fR, indicating
+the end of the enumeration.
+.sp
+.LP
+The \fBgetddnam()\fR function returns a pointer to a \fBdevdealloc_t\fR if it
+successfully locates the requested entry. Otherwise it returns \fINULL\fR.
+.SH FILES
+.sp
+.ne 2
+.mk
+.na
+\fB\fB/etc/security/device_deallocate\fR\fR
+.ad
+.sp .6
+.RS 4n
+Administrative file defining parameters for device deallocation.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i)
+lw(2.75i) |lw(2.75i)
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+MT-LevelUnsafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBfree\fR(3C), \fBattributes\fR(5)
+.SH NOTES
+.sp
+.LP
+The \fBgetddent()\fR and \fBgetddnam()\fR functions allocate memory for the
+pointers they return. This memory can be deallocated with the \fBfree\fR(3C)
+function.
diff --git a/usr/src/man/man3bsm/getfauditflags.3bsm b/usr/src/man/man3bsm/getfauditflags.3bsm
new file mode 100644
index 0000000000..e95b4cd004
--- /dev/null
+++ b/usr/src/man/man3bsm/getfauditflags.3bsm
@@ -0,0 +1,88 @@
+'\" te
+.\" Copyright (c) 2005, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH getfauditflags 3BSM "31 Mar 2005" "SunOS 5.11" "Security and Auditing Library Functions"
+.SH NAME
+getfauditflags \- generate process audit state
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [ \fIflag\fR... ] \fIfile\fR... \fB-lbsm\fR \fB -lsocket \fR \fB -lnsl \fR [ \fIlibrary\fR... ]
+#include <sys/param.h>
+#include <bsm/libbsm.h>
+
+\fBint\fR \fBgetfauditflags\fR(\fBau_mask_t *\fR\fIusremasks\fR, \fBau_mask_t *\fR\fIusrdmasks\fR,
+ \fBau_mask_t *\fR\fIlastmasks\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBgetfauditflags()\fR function generates a process audit state by
+combining the audit masks passed as parameters with the system audit masks
+specified in the \fBaudit_control\fR(4) file. The \fBgetfauditflags()\fR
+function obtains the system audit value by calling \fBgetacflg()\fR (see
+\fBgetacinfo\fR(3BSM)).
+.sp
+.LP
+The \fIusremasks\fR argument points to \fBau_mask_t\fR fields that contains two
+values. The first value defines which events are always to be audited when they
+succeed. The second value defines which events are always to be audited when
+they fail.
+.sp
+.LP
+The \fIusrdmasks\fR argument points to \fBau_mask_t\fR fields that contains two
+values. The first value defines which events are never to be audited when they
+succeed. The second value defines which events are never to be audited when
+they fail.
+.sp
+.LP
+The structures pointed to by \fIusremasks\fR and \fIusrdmasks\fR can be
+obtained from the \fBaudit_user\fR(4) file by calling \fBgetauusernam\fR(3BSM),
+which returns a pointer to a strucure containing all \fBaudit_user\fR(4) fields
+for a user.
+.sp
+.LP
+The output of this function is stored in \fIlastmasks\fR, a pointer of type
+\fBau_mask_t\fR as well. The first value defines which events are to be audited
+when they succeed and the second defines which events are to be audited when
+they fail.
+.sp
+.LP
+Both \fIusremasks\fR and \fIusrdmasks\fR override the values in the system
+audit values.
+.SH RETURN VALUES
+.sp
+.LP
+Upon successful completion, \fBgetfauditflags()\fR returns 0. Otherwise it
+returns \fB\(mi1\fR\&.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i)
+lw(2.75i) |lw(2.75i)
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBbsmconv\fR(1M), \fBgetacinfo\fR(3BSM), \fBgetauditflags\fR(3BSM),
+\fBgetauusernam\fR(3BSM), \fBaudit.log\fR(4), \fBaudit_control\fR(4),
+\fBaudit_user\fR(4), \fBattributes\fR(5)
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the
+Solaris Auditing has been enabled. See \fBbsmconv\fR(1M) for more information.
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-15 17:36:27 +0000