xref: /illumos-gate/usr/src/man/man3bsm/au_to.3bsm (revision 5d9d9091f564c198a760790b0bfa72c44e17912b) 
 te
 Copyright (c) 2005, Sun Microsystems, Inc. All Rights Reserved.
 The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
 When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
 AU_TO 3BSM "Mar 6, 2017"
 NAME
au_to, au_to_arg, au_to_arg32, au_to_arg64, au_to_attr, au_to_cmd, au_to_data,
au_to_groups, au_to_in_addr, au_to_ipc, au_to_iport, au_to_me, au_to_newgroups,
au_to_opaque, au_to_path, au_to_process, au_to_process_ex, au_to_return,
au_to_return32, au_to_return64, au_to_socket, au_to_subject, au_to_subject_ex,
au_to_text - create audit record tokens

 SYNOPSIS


cc [ flag... ] file... -lbsm  -lsocket   -lnsl  [ library... ]
#include <sys/types.h>
#include <sys/vnode.h>
#include <netinet/in.h>
#include <bsm/libbsm.h>

token_t *au_to_arg(char n, char *text, uint32_t v);






token_t *au_to_arg32(char n, char *text, uint32_t v);






token_t *au_to_arg64(char n, char *text, uint64_t v);






token_t *au_to_attr(struct vattr *attr);






token_t *au_to_cmd(uint_t argc, char **argv, char **envp);






token_t *au_to_data(char unit_print, char unit_type, char unit_count,
 char *p);






token_t *au_to_groups(int *groups);






token_t *au_to_in_addr(struct in_addr *internet_addr);






token_t *au_to_ipc(char type, int id);






token_t *au_to_iport(u_short_t iport);






token_t *au_to_me(void);






token_t *au_to_newgroups(int n, gid_t *groups);






token_t *au_to_opaque(char *data, short bytes);






token_t *au_to_path(char *path);






token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid,
 uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);






token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid,
 uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);






token_t *au_to_return(char number, uin32t_t value);






token_t *au_to_return32(char number, uin32t_t value);






token_t *au_to_return64(char number, uin64t_t value);






token_t *au_to_socket(struct oldsocket *so);






token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid,
 uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);






token_t *au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid,
 uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);






token_t *au_to_text(char *text);




 DESCRIPTION

The au_to_arg(), au_to_arg32(), and au_to_arg64() functions
format the data in v into an "argument token". The n argument
indicates the argument number. The text argument is a null-terminated
string describing the argument.


The au_to_attr() function formats the data pointed to by attr into
a "vnode attribute token".


The au_to_cmd() function formats the data pointed to by argv into a
"command token". A command token reflects a command and its parameters as
entered. For example, the pfexec(1) utility uses au_to_cmd() to
record the command and arguments it reads from the command line.


The au_to_data() function formats the data pointed to by p into an
"arbitrary data token". The unit_print parameter determines the preferred
display base of the data and is one of AUP_BINARY, AUP_OCTAL,
AUP_DECIMAL, AUP_HEX, or AUP_STRING. The unit_type
parameter defines the basic unit of data and is one of AUR_BYTE,
AUR_CHAR, AUR_SHORT, AUR_INT, or AUR_LONG. The
unit_count parameter specifies the number of basic data units to be used
and must be positive.


The au_to_groups() function formats the array of 16 integers pointed to
by groups into a "groups token". The au_to_newgroups() function
(see below) should be used in place of this function.


The au_to_in_addr() function formats the data pointed to by
internet_addr into an "internet address token".


The au_to_ipc() function formats the data in the id parameter into
an "interprocess communications ID token".


The au_to_iport() function formats the data pointed to by iport
into an "ip port address token".


The au_to_me() function collects audit information from the current
process and creates a "subject token" by calling au_to_subject().


The au_to_newgroups() function formats the array of n integers
pointed to by groups into a "newgroups token". This function should be
used in place of au_to_groups().


The au_to_opaque() function formats the bytes bytes pointed to by
data into an "opaque token". The value of size must be positive.


The au_to_path() function formats the path name pointed to by path
into a ``path token.''


The au_to_process() function formats an auid (audit user ID),
an euid (effective user ID), an egid (effective group
ID), a ruid (real user ID), a rgid (real group
ID), a pid (process ID), an sid (audit session
ID), and a tid (audit terminal ID containing an IPv4 IP
address), into a "process token". A process token should be used when the
process is the object of an action (ie. when the process is the receiver of a
signal). The au_to_process_ex() function (see below) should be used in
place of this function.


The au_to_process_ex() function formats an auid (audit user
ID), an euid (effective user ID), an egid (effective
group ID), a ruid (real user ID), a rgid (real group
ID), a pid (process ID), an sid (audit session
ID), and a tid (audit terminal ID containing an IPv4 or IPv6 IP
address), into a "process token". A process token should be used when the
process is the object of an action (that is, when the process is the receiver
of a signal). This function should be used in place of au_to_process().


The au_to_return(), au_to_return32(), and au_to_return64()
functions format an error number number and a return value value
into a "return value token".


The au_to_socket() function format the data pointed to by so into a
``socket token.''


The au_to_subject() function formats an auid (audit user ID),
an euid (effective user ID), an egid (effective group
ID), a ruid (real user ID), an rgid (real group
ID), a pid (process ID), an sid (audit session
ID), an tid (audit terminal ID containing an IPv4 IP
address), into a "subject token". The au_to_subject_ex() function (see
below) should be used in place of this function.


The au_to_subject_ex() function formats an auid (audit user
ID), an euid (effective user ID), an egid (effective
group ID), a ruid (real user ID), an rgid (real group
ID), a pid (process ID), an sid (audit session
ID), an tid (audit terminal ID containing an IPv4 or IPv6 IP
address), into a "subject token". This function should be used in place of
au_to_subject().


The au_to_text() function formats the null-terminated string pointed to
by text into a "text token".

 RETURN VALUES

These functions return NULL if memory cannot be allocated to put the
resultant token into, or if an error in the input is detected.

 ATTRIBUTES

See attributes(7) for a description of the following attributes:






ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Stable
MT-Level MT-Safe



 SEE ALSO

 au_open (3BSM),  attributes (7)