1au_to(3BSM)         Security and Auditing Library Functions        au_to(3BSM)
2
3
4

NAME

6       au_to,  au_to_arg,  au_to_arg32,  au_to_arg64,  au_to_attr,  au_to_cmd,
7       au_to_data,  au_to_groups,   au_to_in_addr,   au_to_ipc,   au_to_iport,
8       au_to_me,  au_to_newgroups,  au_to_opaque,  au_to_path,  au_to_process,
9       au_to_process_ex,   au_to_return,    au_to_return32,    au_to_return64,
10       au_to_socket,  au_to_subject,  au_to_subject_ex,  au_to_text  -  create
11       audit record tokens
12

SYNOPSIS

14       cc [ flag... ] file... -lbsm  -lsocket   -lnsl   [ library... ]
15       #include <sys/types.h>
16       #include <sys/vnode.h>
17       #include <netinet/in.h>
18       #include <bsm/libbsm.h>
19
20       token_t *au_to_arg(char n, char *text, uint32_t v);
21
22
23       token_t *au_to_arg32(char n, char *text, uint32_t v);
24
25
26       token_t *au_to_arg64(char n, char *text, uint64_t v);
27
28
29       token_t *au_to_attr(struct vattr *attr);
30
31
32       token_t *au_to_cmd(uint_t argc, char **argv, char **envp);
33
34
35       token_t *au_to_data(char unit_print, char unit_type, char unit_count,
36            char *p);
37
38
39       token_t *au_to_groups(int *groups);
40
41
42       token_t *au_to_in_addr(struct in_addr *internet_addr);
43
44
45       token_t *au_to_ipc(char type, int id);
46
47
48       token_t *au_to_iport(u_short_t iport);
49
50
51       token_t *au_to_me(void);
52
53
54       token_t *au_to_newgroups(int n, gid_t *groups);
55
56
57       token_t *au_to_opaque(char *data, short bytes);
58
59
60       token_t *au_to_path(char *path);
61
62
63       token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid,
64            uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
65
66
67       token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid,
68            uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
69
70
71       token_t *au_to_return(char number, uin32t_t value);
72
73
74       token_t *au_to_return32(char number, uin32t_t value);
75
76
77       token_t *au_to_return64(char number, uin64t_t value);
78
79
80       token_t *au_to_socket(struct oldsocket *so);
81
82
83       token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid,
84            uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
85
86
87       token_t *au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid,
88            uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
89
90
91       token_t *au_to_text(char *text);
92
93

DESCRIPTION

95       The au_to_arg(), au_to_arg32(), and au_to_arg64() functions format  the
96       data  in v into an "argument token". The n argument indicates the argu‐
97       ment number. The text argument is a null-terminated  string  describing
98       the argument.
99
100
101       The  au_to_attr()  function  formats the data pointed to by attr into a
102       "vnode attribute token".
103
104
105       The au_to_cmd() function formats the data pointed to  by  argv  into  a
106       "command  token". A command token reflects a command and its parameters
107       as entered. For example, the  pfexec(1)  utility  uses  au_to_cmd()  to
108       record the command and arguments it reads from the command line.
109
110
111       The  au_to_data()  function  formats  the  data pointed to by p into an
112       "arbitrary data token". The unit_print parameter  determines  the  pre‐
113       ferred  display  base  of the data and is one of AUP_BINARY, AUP_OCTAL,
114       AUP_DECIMAL, AUP_HEX,  or AUP_STRING.  The unit_type parameter  defines
115       the  basic  unit  of  data and is one of AUR_BYTE, AUR_CHAR, AUR_SHORT,
116       AUR_INT,  or AUR_LONG.  The unit_count parameter specifies  the  number
117       of basic data units to be used and must be positive.
118
119
120       The au_to_groups() function formats the array of 16 integers pointed to
121       by groups into a "groups token". The  au_to_newgroups()  function  (see
122       below) should be used in place of this function.
123
124
125       The  au_to_in_addr()  function  formats  the data pointed to by  inter‐
126       net_addr into an "internet address token".
127
128
129       The au_to_ipc() function formats the data in the id parameter  into  an
130       "interprocess communications ID token".
131
132
133       The au_to_iport() function formats the data pointed to by iport into an
134       "ip port address token".
135
136
137       The au_to_me() function collects audit  information  from  the  current
138       process and creates  a "subject token" by calling  au_to_subject().
139
140
141       The au_to_newgroups() function formats the array of  n integers pointed
142       to by groups into a "newgroups token". This function should be used  in
143       place of au_to_groups().
144
145
146       The  au_to_opaque() function formats the bytes bytes pointed to by data
147       into an "opaque token". The value of size must be positive.
148
149
150       The au_to_path() function formats the path name pointed to by path into
151       a ``path token.''
152
153
154       The  au_to_process()  function formats an auid (audit user ID), an euid
155       (effective user ID), an egid (effective group ID), a  ruid  (real  user
156       ID),  a rgid (real group ID), a pid (process ID), an sid (audit session
157       ID), and a tid (audit terminal ID containing an IPv4 IP address),  into
158       a  "process token".  A process token should be used when the process is
159       the object of an action (ie. when the process is the receiver of a sig‐
160       nal).  The  au_to_process_ex()  function  (see below) should be used in
161       place of this function.
162
163
164       The au_to_process_ex() function formats an auid  (audit  user  ID),  an
165       euid  (effective  user  ID), an egid (effective group ID), a ruid (real
166       user ID), a rgid (real group ID), a pid (process  ID),  an  sid  (audit
167       session ID), and a tid (audit terminal ID containing an IPv4 or IPv6 IP
168       address), into a "process token".  A process token should be used  when
169       the  process  is  the object of an action (that is, when the process is
170       the receiver of a signal). This function should be  used  in  place  of
171       au_to_process().
172
173
174       The  au_to_return(),  au_to_return32(),  and au_to_return64() functions
175       format an error number number and a return value value into  a  "return
176       value token".
177
178
179       The  au_to_socket()  function  format  the data pointed to by so into a
180       ``socket token.''
181
182
183       The au_to_subject() function formats an auid (audit user ID),  an  euid
184       (effective  user  ID),  an egid (effective group ID), a ruid (real user
185       ID), an rgid (real group ID), a pid (process ID), an sid (audit session
186       ID),  an  tid (audit terminal ID containing an IPv4 IP address), into a
187       "subject token". The au_to_subject_ex() function (see below) should  be
188       used in place of this function.
189
190
191       The  au_to_subject_ex()  function  formats  an auid (audit user ID), an
192       euid (effective user ID), an egid (effective group ID),  a  ruid  (real
193       user  ID),  an  rgid (real group ID), a pid (process ID), an sid (audit
194       session ID), an tid (audit terminal ID containing an IPv4  or  IPv6  IP
195       address), into a "subject token". This function should be used in place
196       of au_to_subject().
197
198
199       The au_to_text() function formats the null-terminated string pointed to
200       by text into a "text token".
201

RETURN VALUES

203       These  functions  return  NULL if memory cannot be allocated to put the
204       resultant token into, or if an error in the input is detected.
205

ATTRIBUTES

207       See attributes(5) for a description of the following attributes:
208
209
210
211
212       ┌─────────────────────────────┬─────────────────────────────┐
213       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
214       ├─────────────────────────────┼─────────────────────────────┤
215       │Interface Stability          │Stable                       │
216       ├─────────────────────────────┼─────────────────────────────┤
217       │MT-Level                     │MT-Safe                      │
218       └─────────────────────────────┴─────────────────────────────┘
219

SEE ALSO

221       bsmconv(1M), au_open(3BSM), attributes(5)
222

NOTES

224       The functionality described on this manual page is  available  only  if
225       the Solaris Auditing has been enabled.  See bsmconv(1M) for more infor‐
226       mation.
227
228
229
230SunOS 5.11                        31 Mar 2005                      au_to(3BSM)
Impressum