xref: /titanic_44/usr/src/man/man3bsm/au_to.3bsm (revision f05d7fc81533be643136e12ce92516d1d4292921)
te
Copyright (c) 2005, Sun Microsystems, Inc. All Rights Reserved.
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
AU_TO 3BSM "Mar 31, 2005"
NAME
au_to, au_to_arg, au_to_arg32, au_to_arg64, au_to_attr, au_to_cmd, au_to_data, au_to_groups, au_to_in_addr, au_to_ipc, au_to_iport, au_to_me, au_to_newgroups, au_to_opaque, au_to_path, au_to_process, au_to_process_ex, au_to_return, au_to_return32, au_to_return64, au_to_socket, au_to_subject, au_to_subject_ex, au_to_text - create audit record tokens
SYNOPSIS

cc [ flag... ] file... -lbsm  -lsocket   -lnsl  [ library... ]
#include <sys/types.h>
#include <sys/vnode.h>
#include <netinet/in.h>
#include <bsm/libbsm.h>

token_t *au_to_arg(char n, char *text, uint32_t v);

token_t *au_to_arg32(char n, char *text, uint32_t v);

token_t *au_to_arg64(char n, char *text, uint64_t v);

token_t *au_to_attr(struct vattr *attr);

token_t *au_to_cmd(uint_t argc, char **argv, char **envp);

token_t *au_to_data(char unit_print, char unit_type, char unit_count,
 char *p);

token_t *au_to_groups(int *groups);

token_t *au_to_in_addr(struct in_addr *internet_addr);

token_t *au_to_ipc(char type, int id);

token_t *au_to_iport(u_short_t iport);

token_t *au_to_me(void);

token_t *au_to_newgroups(int n, gid_t *groups);

token_t *au_to_opaque(char *data, short bytes);

token_t *au_to_path(char *path);

token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid,
 uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);

token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid,
 uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);

token_t *au_to_return(char number, uin32t_t value);

token_t *au_to_return32(char number, uin32t_t value);

token_t *au_to_return64(char number, uin64t_t value);

token_t *au_to_socket(struct oldsocket *so);

token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid,
 uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);

token_t *au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid,
 uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);

token_t *au_to_text(char *text);
DESCRIPTION

The au_to_arg(), au_to_arg32(), and au_to_arg64() functions format the data in v into an "argument token". The n argument indicates the argument number. The text argument is a null-terminated string describing the argument.

The au_to_attr() function formats the data pointed to by attr into a "vnode attribute token".

The au_to_cmd() function formats the data pointed to by argv into a "command token". A command token reflects a command and its parameters as entered. For example, the pfexec(1) utility uses au_to_cmd() to record the command and arguments it reads from the command line.

The au_to_data() function formats the data pointed to by p into an "arbitrary data token". The unit_print parameter determines the preferred display base of the data and is one of AUP_BINARY, AUP_OCTAL, AUP_DECIMAL, AUP_HEX, or AUP_STRING. The unit_type parameter defines the basic unit of data and is one of AUR_BYTE, AUR_CHAR, AUR_SHORT, AUR_INT, or AUR_LONG. The unit_count parameter specifies the number of basic data units to be used and must be positive.

The au_to_groups() function formats the array of 16 integers pointed to by groups into a "groups token". The au_to_newgroups() function (see below) should be used in place of this function.

The au_to_in_addr() function formats the data pointed to by internet_addr into an "internet address token".

The au_to_ipc() function formats the data in the id parameter into an "interprocess communications ID token".

The au_to_iport() function formats the data pointed to by iport into an "ip port address token".

The au_to_me() function collects audit information from the current process and creates a "subject token" by calling au_to_subject().

The au_to_newgroups() function formats the array of n integers pointed to by groups into a "newgroups token". This function should be used in place of au_to_groups().

The au_to_opaque() function formats the bytes bytes pointed to by data into an "opaque token". The value of size must be positive.

The au_to_path() function formats the path name pointed to by path into a ``path token.''

The au_to_process() function formats an auid (audit user ID), an euid (effective user ID), an egid (effective group ID), a ruid (real user ID), a rgid (real group ID), a pid (process ID), an sid (audit session ID), and a tid (audit terminal ID containing an IPv4 IP address), into a "process token". A process token should be used when the process is the object of an action (ie. when the process is the receiver of a signal). The au_to_process_ex() function (see below) should be used in place of this function.

The au_to_process_ex() function formats an auid (audit user ID), an euid (effective user ID), an egid (effective group ID), a ruid (real user ID), a rgid (real group ID), a pid (process ID), an sid (audit session ID), and a tid (audit terminal ID containing an IPv4 or IPv6 IP address), into a "process token". A process token should be used when the process is the object of an action (that is, when the process is the receiver of a signal). This function should be used in place of au_to_process().

The au_to_return(), au_to_return32(), and au_to_return64() functions format an error number number and a return value value into a "return value token".

The au_to_socket() function format the data pointed to by so into a ``socket token.''

The au_to_subject() function formats an auid (audit user ID), an euid (effective user ID), an egid (effective group ID), a ruid (real user ID), an rgid (real group ID), a pid (process ID), an sid (audit session ID), an tid (audit terminal ID containing an IPv4 IP address), into a "subject token". The au_to_subject_ex() function (see below) should be used in place of this function.

The au_to_subject_ex() function formats an auid (audit user ID), an euid (effective user ID), an egid (effective group ID), a ruid (real user ID), an rgid (real group ID), a pid (process ID), an sid (audit session ID), an tid (audit terminal ID containing an IPv4 or IPv6 IP address), into a "subject token". This function should be used in place of au_to_subject().

The au_to_text() function formats the null-terminated string pointed to by text into a "text token".

RETURN VALUES

These functions return NULL if memory cannot be allocated to put the resultant token into, or if an error in the input is detected.

ATTRIBUTES

See attributes(5) for a description of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Stable
MT-Level MT-Safe
SEE ALSO

bsmconv(1M), au_open(3BSM), attributes(5)

NOTES

The functionality described on this manual page is available only if the Solaris Auditing has been enabled. See bsmconv(1M) for more information.