1au_to(3BSM) Security and Auditing Library Functions au_to(3BSM)
2
6 au_to, au_to_arg, au_to_arg32, au_to_arg64, au_to_attr, au_to_cmd,
7 au_to_data, au_to_groups, au_to_in_addr, au_to_ipc, au_to_iport,
8 au_to_me, au_to_newgroups, au_to_opaque, au_to_path, au_to_process,
9 au_to_process_ex, au_to_return, au_to_return32, au_to_return64,
10 au_to_socket, au_to_subject, au_to_subject_ex, au_to_text - create
11 audit record tokens
12
14 cc [ flag... ] file... -lbsm -lsocket -lnsl [ library... ]
15 #include <sys/types.h>
16 #include <sys/vnode.h>
17 #include <netinet/in.h>
18 #include <bsm/libbsm.h>
19 token_t *au_to_arg(char n, char *text, uint32_t v);
21 token_t *au_to_arg32(char n, char *text, uint32_t v);
24 token_t *au_to_arg64(char n, char *text, uint64_t v);
27 token_t *au_to_attr(struct vattr *attr);
30 token_t *au_to_cmd(uint_t argc, char **argv, char **envp);
33 token_t *au_to_data(char unit_print, char unit_type, char unit_count,
36 char *p);
37 token_t *au_to_groups(int *groups);
40 token_t *au_to_in_addr(struct in_addr *internet_addr);
43 token_t *au_to_ipc(char type, int id);
46 token_t *au_to_iport(u_short_t iport);
49 token_t *au_to_me(void);
52 token_t *au_to_newgroups(int n, gid_t *groups);
55 token_t *au_to_opaque(char *data, short bytes);
58 token_t *au_to_path(char *path);
61 token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid,
64 uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
65 token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid,
68 uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
69 token_t *au_to_return(char number, uin32t_t value);
72 token_t *au_to_return32(char number, uin32t_t value);
75 token_t *au_to_return64(char number, uin64t_t value);
78 token_t *au_to_socket(struct oldsocket *so);
81 token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid,
84 uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
85 token_t *au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid,
88 uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
89 token_t *au_to_text(char *text);
92
95 The au_to_arg(), au_to_arg32(), and au_to_arg64() functions format the
96 data in v into an "argument token". The n argument indicates the argu‐
97 ment number. The text argument is a null-terminated string describing
98 the argument.
99 The au_to_attr() function formats the data pointed to by attr into a
102 "vnode attribute token".
103 The au_to_cmd() function formats the data pointed to by argv into a
106 "command token". A command token reflects a command and its parameters
107 as entered. For example, the pfexec(1) utility uses au_to_cmd() to
108 record the command and arguments it reads from the command line.
109 The au_to_data() function formats the data pointed to by p into an
112 "arbitrary data token". The unit_print parameter determines the pre‐
113 ferred display base of the data and is one of AUP_BINARY, AUP_OCTAL,
114 AUP_DECIMAL, AUP_HEX, or AUP_STRING. The unit_type parameter defines
115 the basic unit of data and is one of AUR_BYTE, AUR_CHAR, AUR_SHORT,
116 AUR_INT, or AUR_LONG. The unit_count parameter specifies the number
117 of basic data units to be used and must be positive.
118 The au_to_groups() function formats the array of 16 integers pointed to
121 by groups into a "groups token". The au_to_newgroups() function (see
122 below) should be used in place of this function.
123 The au_to_in_addr() function formats the data pointed to by inter‐
126 net_addr into an "internet address token".
127 The au_to_ipc() function formats the data in the id parameter into an
130 "interprocess communications ID token".
131 The au_to_iport() function formats the data pointed to by iport into an
134 "ip port address token".
135 The au_to_me() function collects audit information from the current
138 process and creates a "subject token" by calling au_to_subject().
139 The au_to_newgroups() function formats the array of n integers pointed
142 to by groups into a "newgroups token". This function should be used in
143 place of au_to_groups().
144 The au_to_opaque() function formats the bytes bytes pointed to by data
147 into an "opaque token". The value of size must be positive.
148 The au_to_path() function formats the path name pointed to by path into
151 a ``path token.''
152 The au_to_process() function formats an auid (audit user ID), an euid
155 (effective user ID), an egid (effective group ID), a ruid (real user
156 ID), a rgid (real group ID), a pid (process ID), an sid (audit session
157 ID), and a tid (audit terminal ID containing an IPv4 IP address), into
158 a "process token". A process token should be used when the process is
159 the object of an action (ie. when the process is the receiver of a sig‐
160 nal). The au_to_process_ex() function (see below) should be used in
161 place of this function.
162 The au_to_process_ex() function formats an auid (audit user ID), an
165 euid (effective user ID), an egid (effective group ID), a ruid (real
166 user ID), a rgid (real group ID), a pid (process ID), an sid (audit
167 session ID), and a tid (audit terminal ID containing an IPv4 or IPv6 IP
168 address), into a "process token". A process token should be used when
169 the process is the object of an action (that is, when the process is
170 the receiver of a signal). This function should be used in place of
171 au_to_process().
172 The au_to_return(), au_to_return32(), and au_to_return64() functions
175 format an error number number and a return value value into a "return
176 value token".
177 The au_to_socket() function format the data pointed to by so into a
180 ``socket token.''
181 The au_to_subject() function formats an auid (audit user ID), an euid
184 (effective user ID), an egid (effective group ID), a ruid (real user
185 ID), an rgid (real group ID), a pid (process ID), an sid (audit session
186 ID), an tid (audit terminal ID containing an IPv4 IP address), into a
187 "subject token". The au_to_subject_ex() function (see below) should be
188 used in place of this function.
189 The au_to_subject_ex() function formats an auid (audit user ID), an
192 euid (effective user ID), an egid (effective group ID), a ruid (real
193 user ID), an rgid (real group ID), a pid (process ID), an sid (audit
194 session ID), an tid (audit terminal ID containing an IPv4 or IPv6 IP
195 address), into a "subject token". This function should be used in place
196 of au_to_subject().
197 The au_to_text() function formats the null-terminated string pointed to
200 by text into a "text token".
201
203 These functions return NULL if memory cannot be allocated to put the
204 resultant token into, or if an error in the input is detected.
205
207 See attributes(5) for a description of the following attributes:
208 ┌─────────────────────────────┬─────────────────────────────┐
213 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
214 ├─────────────────────────────┼─────────────────────────────┤
215 │Interface Stability │Stable │
216 ├─────────────────────────────┼─────────────────────────────┤
217 │MT-Level │MT-Safe │
218 └─────────────────────────────┴─────────────────────────────┘
219
221 bsmconv(1M), au_open(3BSM), attributes(5)
222
224 The functionality described on this manual page is available only if
225 the Solaris Auditing has been enabled. See bsmconv(1M) for more infor‐
226 mation.
227SunOS 5.11 31 Mar 2005 au_to(3BSM)