Title and Copyright Information
About This Manual
Related Documentation
Reader's Comments
1    Introduction for Programmers
1.1    Security Programming Overview
1.1.1    Protecting TCB Files
1.1.2    Secure Applications
1.2    Libraries and Header Files
1.3    Standard Trusted System Directories
1.4    Security-Relevant System Calls and Library Routines
1.4.1    System Calls
1.4.2    Library Routines
2    Trusted Programming Techniques
2.1    Writing SUID and SGID Programs
2.2    Handling Errors
2.3    Protecting Files
2.4    Specifying a Secure Search Path
2.5    Responding to Signals
2.6    Using Open File Descriptors with Child Processes
2.7    Security Concerns in the X Environment
2.7.1    Protect Keyboard Input
2.7.2    Block Keyboard and Mouse Events
2.7.3    Protect Device-Related Events
2.8    Protecting Shell Scripts
3    Authentication Database
3.1    Authentication Database Overview
3.1.1    Device Assignment Database (devassign)
3.1.2    File Control Database
3.1.3    System Default Database
3.1.4    Enhanced (Protected) Password Database
3.1.5    Terminal Control Database
3.2    Authentication Database Components
3.2.1    Database Form
3.2.2    Reading and Writing a Database    Buffer Management    Reading an Entry by Name or ID    Reading Entries Sequentially    Using System Defaults    Writing an Entry
3.3    Accessing the Authentication Databases
4    Identification and Authentication
4.1    The Audit ID
4.2    Identity Support Libraries
4.3    Using Daemons
4.4    Using the Enhanced (Protected) Password Database
4.4.1    Example: Password Expiration Program
5    Audit Record Generation
5.1    Audit Record Overview
5.2    Audit Events
5.3    Audit Records and Tokens
5.3.1    Public Tokens
5.3.2    Private Tokens
5.4    Audit Flag and Masks
5.5    Disabling System-Call Auditing for the Current Process
5.6    Modifying System-Call Auditing for the Current Process
5.7    Application-Specific Audit Records
5.8    Site-Defined Events
5.8.1    Sample site_events File
5.8.2    Example: Generating an Audit Record for a Site-Defined Audit Event
5.9    Creating Your Own Audit Logs
5.10    Parsing an Audit Log
5.10.1    Overview of Audit Log Format and List of Common Tuples
5.10.2    Token/Tuple Byte Descriptions
5.10.3    Parsing Tuples
6    Using the SIA Interface
6.1    SIA Overview
6.2    SIA Architecture
6.2.1    Libraries
6.2.2    Header Files
6.3    SIA System Initialization
6.4    SIAENTITY Structure
6.5    SIA Parameter Collection
6.6    Maintaining State
6.7    SIA Return Values
6.8    SIA Debugging and Logging
6.9    SIA Integrating Security Mechanisms
6.10    SIA Session Processing
6.10.1    Session Initialization
6.10.2    Session Authentication
6.10.3    Session Establishment
6.10.4    Session Launch
6.10.5    Session Release
6.10.6    Specific Session Processing    The login Process    The rshd Process    The rlogind Process
6.11    Changing Secure Information
6.11.1    Changing a User's Password
6.11.2    Changing a User's Finger Information
6.11.3    Changing a User's Shell
6.12    Accessing Security Information
6.12.1    Accessing /etc/passwd Information
6.12.2    Accessing /etc/group Information
6.13    Session Parameter Collection
6.14    Packaging Products for the SIA
6.15    Security Mechanism-Dependent Interface
6.16    Single-User Mode
6.17    Symbol Preemption for SIA Routines
6.17.1    Overview of the Symbol Preemption Problem
6.17.2    The Tru64 UNIX Solution
6.17.3    Replacing the Single-User Environment
7    Programming with ACLs
7.1    ACL Overview
7.2    ACL Data Representations
7.2.1    Internal Data Representation    typedef struct acl *acl_t;    typedef struct acl_entry *acl_entry_t;    typedef uint_t acl_type_t;    typedef uint acl_tag_t;    typedef uint_t acl_perm_t;    typedef acl_perm_t *acl_permset_t;    Contiguous Internal Representation ACL
7.2.2    External Representation
7.3    ACL Library Routines
7.4    ACL Rules
7.4.1    Object Creation
7.4.2    ACL Replication
7.4.3    ACL Validity
7.5    ACL Creation Example
7.6    ACL Inheritance Example
8    GSS-API
8.1    GSS-API Overview
8.1.1    GSS-API Assumptions
8.1.2    Further Information
8.2    Application Security SDK
8.3    Application Security SDK Functions
8.3.1    Name Management Functions    Default Names and Syntax
8.3.2    Credential Management Functions    Acquiring Initial Credentials    Initiator Applications    Acceptor Applications    DES3    Credential Attributes    Credentials Storage Location    Managing Credential Resources
8.3.3    Security Context Management Functions    Identifying a Mechanism    Token Exchange    Optional Security Measures    Channel Bindings    Confidentiality and Integrity    Replay Detection    Out-of-Sequence Message Detection    Mutual Authentication    Encryption Type: DES vs. DES3    Credentials Delegation    Identifying the Targeted Security Measures
8.3.4    Message Functions    Quality of Protection
8.3.5    Miscellaneous Support Functions    OID and OID sets    OSI    ASN.1    Object Identifiers    OID Sets
8.3.6    V1 Compliance Functions
8.4    Best Practices
8.4.1    Multi-threading
8.4.2    Cache Management
8.4.3    Encryption Types
8.4.4    Exported Security Contexts
8.4.5    Key Management with GSS and Kerberos 5
8.4.6    Multi-threaded Functions
8.4.7    Mutual Authentication
8.4.8    Protecting Passwords
8.4.9    Replay Protection
8.4.10    Refreshing Credentials
8.4.11    Resource Management
8.4.12    Service Key Table Files
8.4.13    Ticket Attributes    Forwardable Tickets    Preauthentication    Ticket Lifetime    Ticket Renew Time    General Rules for Lifetime and Renew Settings
8.5    Building a Portable Application
8.5.1    Using Printable Names and Comparing Names
8.5.2    Specifying Mechanisms
8.5.3    Specifying a Quality of Protection (QOP)
8.5.4    Default Names
8.6    Quick Reference
8.6.1    Reference Page Conventions
8.7    Constants
8.8    Data Structures
8.8.1    gss_channel_bindings_t
8.8.2    gss_buffer_t
8.8.3    csf_gss_opts_t
8.9    Return Values
8.9.1    Status Codes Defined
8.9.2    Error Processing Macros    GSS_ERROR( )    GSS_CALLING_ERROR( )    GSS_ROUTINE_ERROR( )    GSS_SUPPLEMENTARY_INFO( )
8.9.3    Major Status
8.9.4    Minor Status
8.9.5    Kerberos-specific Codes
A    Coding Examples
A.1    Source Code for a Reauthentication Program (sia-reauth.c)
A.2    Source Code for a Superuser Authentication Program (sia-suauth.c)
B    Auditable Events and Aliases
B.1    Default Auditable Events File
B.2    Sample Event Aliases File
C    GSS-API Tutorial
C.1    Security Primer
C.1.1    Fundamental Concepts
C.1.2    Kerberos Security Model
C.1.2.1    Definitions
C.1.2.2    Concepts and Processes
C.    A Shared Secret
C.    Trusted Third Party Arbitration
C.    The Kerberos Network
C.    Three Phases to Authentication
C.    Authentication Service Message Exchange
C.    Ticket-Granting Service Message Exchange
C.    Application Message Exchange
C.1.2.3    Credential Attributes
C.2    Getting Started
C.3    Using Basic GSS-API Functions
C.4    Step 1: Getting Names
C.5    Step 2: Acquiring Credentials
C.6    Step 3: Establishing a Security Context
C.7    Step 4: Exchanging Messages
C.7.1    Using gss_get_mic( ) and gss_verify_mic( )
C.7.2    Using gss_wrap( ) and gss_unwrap( )
C.8    Step 5: Terminating the Security Context
C.9    Advanced Concepts
C.9.1    Obtaining Initial Credentials
C.9.2    Required time synchronization
C.9.3    Using DES3 Encryption
C.10    Status Codes for GSS-API Functions
C.10.1    Minor Error Codes
C.11    Sample Programs
C.11.1    Building the Sample Programs
C.11.2    Running the Sample Programs
C.11.2.1    Prerequisites
C.11.2.2    Starting the Sample Programs
C.11.2.3    Server Command Line Switches (Optional)
C.11.2.4    Client Command Line Switches (Optional)
C.11.3    Sample Program Output
C.11.4    Troubleshooting Guidelines
4-1    Password Expiration Program
6-1    The SIAENTITY Structure
6-2    The sia.h Definition for Parameter Collection
6-3    Typical /var/adm/sialog File
6-4    Session Processing Code for the login Command
6-5    Preempting Symbols in Single-User Mode
8-1    Constant Pointing to a Structure Containing a String
8-2    Constant Pointing to a String
A-1    Reauthentication Program
A-2    Superuser Authentication Program
6-1    SIA Layering
6-2    SIA Login Session Processing
1-1    Standard Trusted System Directories
1-2    Security-Relevant System Calls
1-3    Security-Relevant Library Routines
5-1    Default Tuples Common to Most Audit Records
5-2    Token/Tuple Byte Descriptions
6-1    Security-Sensitive Operating System Commands
6-2    SIA Mechanism-Independent Routines
6-3    SIA Mechanism-Dependent Routines
7-1    ACL Entry External Representation