AU_TO(3BSM) Security and Auditing Library Functions AU_TO(3BSM)
NAME
au_to, au_to_arg, au_to_arg32, au_to_arg64, au_to_attr, au_to_cmd,
au_to_data, au_to_groups, au_to_in_addr, au_to_ipc, au_to_iport,
au_to_me, au_to_newgroups, au_to_opaque, au_to_path, au_to_process,
au_to_process_ex, au_to_return, au_to_return32, au_to_return64,
au_to_socket, au_to_subject, au_to_subject_ex, au_to_text - create
audit record tokens
SYNOPSIS
cc [
flag... ]
file...
-lbsm -lsocket -lnsl [
library... ]
#include <sys/types.h>
#include <sys/vnode.h>
#include <netinet/in.h>
#include <bsm/libbsm.h>
token_t *au_to_arg(
char n,
char *text,
uint32_t v);
token_t *au_to_arg32(
char n,
char *text,
uint32_t v);
token_t *au_to_arg64(
char n,
char *text,
uint64_t v);
token_t *au_to_attr(
struct vattr *attr);
token_t *au_to_cmd(
uint_t argc,
char **argv,
char **envp);
token_t *au_to_data(
char unit_print,
char unit_type,
char unit_count,
char *p);
token_t *au_to_groups(
int *groups);
token_t *au_to_in_addr(
struct in_addr *internet_addr);
token_t *au_to_ipc(
char type,
int id);
token_t *au_to_iport(
u_short_t iport);
token_t *au_to_me(
void);
token_t *au_to_newgroups(
int n,
gid_t *groups);
token_t *au_to_opaque(
char *data,
short bytes);
token_t *au_to_path(
char *path);
token_t *au_to_process(
au_id_t auid,
uid_t euid,
gid_t egid,
uid_t ruid,
gid_t rgid,
pid_t pid,
au_asid_t sid,
au_tid_t *tid);
token_t *au_to_process_ex(
au_id_t auid,
uid_t euid,
gid_t egid,
uid_t ruid,
gid_t rgid,
pid_t pid,
au_asid_t sid,
au_tid_addr_t *tid);
token_t *au_to_return(
char number,
uin32t_t value);
token_t *au_to_return32(
char number,
uin32t_t value);
token_t *au_to_return64(
char number,
uin64t_t value);
token_t *au_to_socket(
struct oldsocket *so);
token_t *au_to_subject(
au_id_t auid,
uid_t euid,
gid_t egid,
uid_t ruid,
gid_t rgid,
pid_t pid,
au_asid_t sid,
au_tid_t *tid);
token_t *au_to_subject_ex(
au_id_t auid,
uid_t euid,
gid_t egid,
uid_t ruid,
gid_t rgid,
pid_t pid,
au_asid_t sid,
au_tid_addr_t *tid);
token_t *au_to_text(
char *text);
DESCRIPTION
The
au_to_arg(),
au_to_arg32(), and
au_to_arg64() functions format
the data in
v into an "argument token". The
n argument indicates the
argument number. The
text argument is a null-terminated string
describing the argument.
The
au_to_attr() function formats the data pointed to by
attr into a
"vnode attribute token".
The
au_to_cmd() function formats the data pointed to by
argv into a
"command token". A command token reflects a command and its
parameters as entered. For example, the
pfexec(1) utility uses
au_to_cmd() to record the command and arguments it reads from the
command line.
The
au_to_data() function formats the data pointed to by
p into an
"arbitrary data token". The
unit_print parameter determines the
preferred display base of the data and is one of
AUP_BINARY,
AUP_OCTAL,
AUP_DECIMAL,
AUP_HEX, or
AUP_STRING. The
unit_type parameter defines the basic unit of data and is one of
AUR_BYTE,
AUR_CHAR,
AUR_SHORT,
AUR_INT, or
AUR_LONG. The
unit_count parameter
specifies the number of basic data units to be used and must be
positive.
The
au_to_groups() function formats the array of 16 integers pointed
to by
groups into a "groups token". The
au_to_newgroups() function
(see below) should be used in place of this function.
The
au_to_in_addr() function formats the data pointed to by
internet_addr into an "internet address token".
The
au_to_ipc() function formats the data in the
id parameter into an
"interprocess communications
ID token".
The
au_to_iport() function formats the data pointed to by
iport into
an "ip port address token".
The
au_to_me() function collects audit information from the current
process and creates a "subject token" by calling
au_to_subject().
The
au_to_newgroups() function formats the array of
n integers
pointed to by
groups into a "newgroups token". This function should
be used in place of
au_to_groups().
The
au_to_opaque() function formats the
bytes bytes pointed to by
data into an "opaque token". The value of
size must be positive.
The
au_to_path() function formats the path name pointed to by
path into a ``path token.''
The
au_to_process() function formats an
auid (audit user
ID), an
euid (effective user
ID), an
egid (effective group
ID), a
ruid (real user
ID), a
rgid (real group
ID), a
pid (process
ID), an
sid (audit
session
ID), and a
tid (audit terminal
ID containing an IPv4 IP
address), into a "process token". A process token should be used
when the process is the object of an action (ie. when the process is
the receiver of a signal). The
au_to_process_ex() function (see
below) should be used in place of this function.
The
au_to_process_ex() function formats an
auid (audit user
ID), an
euid (effective user
ID), an
egid (effective group
ID), a
ruid (real
user
ID), a
rgid (real group
ID), a
pid (process
ID), an
sid (audit
session
ID), and a
tid (audit terminal
ID containing an IPv4 or IPv6 IP address), into a "process token". A process token should be used
when the process is the object of an action (that is, when the
process is the receiver of a signal). This function should be used in
place of
au_to_process().
The
au_to_return(),
au_to_return32(), and
au_to_return64() functions
format an error number
number and a return value
value into a "return
value token".
The
au_to_socket() function format the data pointed to by
so into a
``socket token.''
The
au_to_subject() function formats an
auid (audit user
ID), an
euid (effective user
ID), an
egid (effective group
ID), a
ruid (real user
ID), an
rgid (real group
ID), a
pid (process
ID), an
sid (audit
session
ID), an
tid (audit terminal
ID containing an IPv4 IP
address), into a "subject token". The
au_to_subject_ex() function
(see below) should be used in place of this function.
The
au_to_subject_ex() function formats an
auid (audit user
ID), an
euid (effective user
ID), an
egid (effective group
ID), a
ruid (real
user
ID), an
rgid (real group
ID), a
pid (process
ID), an
sid (audit
session
ID), an
tid (audit terminal
ID containing an IPv4 or IPv6 IP address), into a "subject token". This function should be used in
place of
au_to_subject().
The
au_to_text() function formats the null-terminated string pointed
to by
text into a "text token".
RETURN VALUES
These functions return
NULL if memory cannot be allocated to put the
resultant token into, or if an error in the input is detected.
ATTRIBUTES
See
attributes(7) for a description of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Stable |
+--------------------+-----------------+
|MT-Level | MT-Safe |
+--------------------+-----------------+
SEE ALSO
au_open(3BSM),
attributes(7) March 6, 2017 AU_TO(3BSM)
