Title and Copyright Information
 
About This Manual
Audience
Organization
Related Documentation
Reader's Comments
Conventions
 
1    Introduction for Programmers
1.1    Security Programming Overview
1.1.1    Protecting TCB Files
1.1.2    Secure Applications
1.2    Libraries and Header Files
1.3    Standard Trusted System Directories
1.4    Security-Relevant System Calls and Library Routines
1.4.1    System Calls
1.4.2    Library Routines
 
2    Trusted Programming Techniques
2.1    Writing SUID and SGID Programs
2.2    Handling Errors
2.3    Protecting Files
2.4    Specifying a Secure Search Path
2.5    Responding to Signals
2.6    Using Open File Descriptors with Child Processes
2.7    Security Concerns in the X Environment
2.7.1    Protect Keyboard Input
2.7.2    Block Keyboard and Mouse Events
2.7.3    Protect Device-Related Events
2.8    Protecting Shell Scripts
 
3    Authentication Database
3.1    Authentication Database Overview
3.1.1    Device Assignment Database (devassign)
3.1.2    File Control Database
3.1.3    System Default Database
3.1.4    Enhanced (Protected) Password Database
3.1.5    Terminal Control Database
3.2    Authentication Database Components
3.2.1    Database Form
3.2.2    Reading and Writing a Database
3.2.2.1    Buffer Management
3.2.2.2    Reading an Entry by Name or ID
3.2.2.3    Reading Entries Sequentially
3.2.2.4    Using System Defaults
3.2.2.5    Writing an Entry
3.3    Accessing the Authentication Databases
 
4    Identification and Authentication
4.1    The Audit ID
4.2    Identity Support Libraries
4.3    Using Daemons
4.4    Using the Enhanced (Protected) Password Database
4.4.1    Example: Password Expiration Program
 
5    Audit Record Generation
5.1    Audit Record Overview
5.2    Audit Events
5.3    Audit Records and Tokens
5.3.1    Public Tokens
5.3.2    Private Tokens
5.4    Audit Flag and Masks
5.5    Disabling System-Call Auditing for the Current Process
5.6    Modifying System-Call Auditing for the Current Process
5.7    Application-Specific Audit Records
5.8    Site-Defined Events
5.8.1    Sample site_events File
5.8.2    Example: Generating an Audit Record for a Site-Defined Audit Event
5.9    Creating Your Own Audit Logs
5.10    Parsing an Audit Log
5.10.1    Overview of Audit Log Format and List of Common Tuples
5.10.2    Token/Tuple Byte Descriptions
5.10.3    Parsing Tuples
 
6    Using the SIA Interface
6.1    SIA Overview
6.2    SIA Architecture
6.2.1    Libraries
6.2.2    Header Files
6.3    SIA System Initialization
6.4    SIAENTITY Structure
6.5    SIA Parameter Collection
6.6    Maintaining State
6.7    SIA Return Values
6.8    SIA Debugging and Logging
6.9    SIA Integrating Security Mechanisms
6.10    SIA Session Processing
6.10.1    Session Initialization
6.10.2    Session Authentication
6.10.3    Session Establishment
6.10.4    Session Launch
6.10.5    Session Release
6.10.6    Specific Session Processing
6.10.6.1    The login Process
6.10.6.2    The rshd Process
6.10.6.3    The rlogind Process
6.11    Changing Secure Information
6.11.1    Changing a User's Password
6.11.2    Changing a User's Finger Information
6.11.3    Changing a User's Shell
6.12    Accessing Security Information
6.12.1    Accessing /etc/passwd Information
6.12.2    Accessing /etc/group Information
6.13    Session Parameter Collection
6.14    Packaging Products for the SIA
6.15    Security Mechanism-Dependent Interface
6.16    Single-User Mode
6.17    Symbol Preemption for SIA Routines
6.17.1    Overview of the Symbol Preemption Problem
6.17.2    The Tru64 UNIX Solution
6.17.3    Replacing the Single-User Environment
 
7    Programming with ACLs
7.1    ACL Overview
7.2    ACL Data Representations
7.2.1    Internal Data Representation
7.2.1.1    typedef struct acl *acl_t;
7.2.1.2    typedef struct acl_entry *acl_entry_t;
7.2.1.3    typedef uint_t acl_type_t;
7.2.1.4    typedef uint acl_tag_t;
7.2.1.5    typedef uint_t acl_perm_t;
7.2.1.6    typedef acl_perm_t *acl_permset_t;
7.2.1.7    Contiguous Internal Representation ACL
7.2.2    External Representation
7.3    ACL Library Routines
7.4    ACL Rules
7.4.1    Object Creation
7.4.2    ACL Replication
7.4.3    ACL Validity
7.5    ACL Creation Example
7.6    ACL Inheritance Example
 
8    GSS-API
8.1    GSS-API Overview
8.1.1    GSS-API Assumptions
8.1.2    Further Information
8.2    Application Security SDK
8.3    Application Security SDK Functions
8.3.1    Name Management Functions
8.3.1.1    Default Names and Syntax
8.3.2    Credential Management Functions
8.3.2.1    Acquiring Initial Credentials
8.3.2.1.1    Initiator Applications
8.3.2.1.2    Acceptor Applications
8.3.2.1.3    DES3
8.3.2.2    Credential Attributes
8.3.2.3    Credentials Storage Location
8.3.2.4    Managing Credential Resources
8.3.3    Security Context Management Functions
8.3.3.1    Identifying a Mechanism
8.3.3.2    Token Exchange
8.3.3.3    Optional Security Measures
8.3.3.3.1    Channel Bindings
8.3.3.3.2    Confidentiality and Integrity
8.3.3.3.3    Replay Detection
8.3.3.3.4    Out-of-Sequence Message Detection
8.3.3.3.5    Mutual Authentication
8.3.3.3.6    Encryption Type: DES vs. DES3
8.3.3.3.7    Credentials Delegation
8.3.3.4    Identifying the Targeted Security Measures
8.3.4    Message Functions
8.3.4.1    Quality of Protection
8.3.5    Miscellaneous Support Functions
8.3.5.1    OID and OID sets
8.3.5.1.1    OSI
8.3.5.1.2    ASN.1
8.3.5.1.3    Object Identifiers
8.3.5.1.4    OID Sets
8.3.6    V1 Compliance Functions
8.4    Best Practices
8.4.1    Multi-threading
8.4.2    Cache Management
8.4.3    Encryption Types
8.4.4    Exported Security Contexts
8.4.5    Key Management with GSS and Kerberos 5
8.4.6    Multi-threaded Functions
8.4.7    Mutual Authentication
8.4.8    Protecting Passwords
8.4.9    Replay Protection
8.4.10    Refreshing Credentials
8.4.11    Resource Management
8.4.12    Service Key Table Files
8.4.13    Ticket Attributes
8.4.13.1    Forwardable Tickets
8.4.13.2    Preauthentication
8.4.13.3    Ticket Lifetime
8.4.13.4    Ticket Renew Time
8.4.13.4.1    General Rules for Lifetime and Renew Settings
8.5    Building a Portable Application
8.5.1    Using Printable Names and Comparing Names
8.5.2    Specifying Mechanisms
8.5.3    Specifying a Quality of Protection (QOP)
8.5.4    Default Names
8.6    Quick Reference
8.6.1    Reference Page Conventions
8.7    Constants
8.8    Data Structures
8.8.1    gss_channel_bindings_t
8.8.2    gss_buffer_t
8.8.3    csf_gss_opts_t
8.9    Return Values
8.9.1    Status Codes Defined
8.9.2    Error Processing Macros
8.9.2.1    GSS_ERROR( )
8.9.2.2    GSS_CALLING_ERROR( )
8.9.2.3    GSS_ROUTINE_ERROR( )
8.9.2.4    GSS_SUPPLEMENTARY_INFO( )
8.9.3    Major Status
8.9.4    Minor Status
8.9.5    Kerberos-specific Codes
 
A    Coding Examples
A.1    Source Code for a Reauthentication Program (sia-reauth.c)
A.2    Source Code for a Superuser Authentication Program (sia-suauth.c)
 
B    Auditable Events and Aliases
B.1    Default Auditable Events File
B.2    Sample Event Aliases File
 
C    GSS-API Tutorial
C.1    Security Primer
C.1.1    Fundamental Concepts
C.1.2    Kerberos Security Model
C.1.2.1    Definitions
C.1.2.2    Concepts and Processes
C.1.2.2.1    A Shared Secret
C.1.2.2.2    Trusted Third Party Arbitration
C.1.2.2.3    The Kerberos Network
C.1.2.2.4    Three Phases to Authentication
C.1.2.2.5    Authentication Service Message Exchange
C.1.2.2.6    Ticket-Granting Service Message Exchange
C.1.2.2.7    Application Message Exchange
C.1.2.3    Credential Attributes
C.2    Getting Started
C.3    Using Basic GSS-API Functions
C.4    Step 1: Getting Names
C.5    Step 2: Acquiring Credentials
C.6    Step 3: Establishing a Security Context
C.7    Step 4: Exchanging Messages
C.7.1    Using gss_get_mic( ) and gss_verify_mic( )
C.7.2    Using gss_wrap( ) and gss_unwrap( )
C.8    Step 5: Terminating the Security Context
C.9    Advanced Concepts
C.9.1    Obtaining Initial Credentials
C.9.2    Required time synchronization
C.9.3    Using DES3 Encryption
C.10    Status Codes for GSS-API Functions
C.10.1    Minor Error Codes
C.11    Sample Programs
C.11.1    Building the Sample Programs
C.11.2    Running the Sample Programs
C.11.2.1    Prerequisites
C.11.2.2    Starting the Sample Programs
C.11.2.3    Server Command Line Switches (Optional)
C.11.2.4    Client Command Line Switches (Optional)
C.11.3    Sample Program Output
C.11.4    Troubleshooting Guidelines
 
Examples
4-1    Password Expiration Program
6-1    The SIAENTITY Structure
6-2    The sia.h Definition for Parameter Collection
6-3    Typical /var/adm/sialog File
6-4    Session Processing Code for the login Command
6-5    Preempting Symbols in Single-User Mode
8-1    Constant Pointing to a Structure Containing a String
8-2    Constant Pointing to a String
A-1    Reauthentication Program
A-2    Superuser Authentication Program
 
Figures
6-1    SIA Layering
6-2    SIA Login Session Processing
 
Tables
1-1    Standard Trusted System Directories
1-2    Security-Relevant System Calls
1-3    Security-Relevant Library Routines
5-1    Default Tuples Common to Most Audit Records
5-2    Token/Tuple Byte Descriptions
6-1    Security-Sensitive Operating System Commands
6-2    SIA Mechanism-Independent Routines
6-3    SIA Mechanism-Dependent Routines
7-1    ACL Entry External Representation
 
Index