au_to(3BSM) Security and Auditing Library Functions au_to(3BSM)
NAME
au_to, au_to_arg, au_to_arg32, au_to_arg64, au_to_attr, au_to_cmd, au_to_data, au_to_groups, au_to_in_addr, au_to_ipc, au_to_iport,
au_to_me, au_to_newgroups, au_to_opaque, au_to_path, au_to_process, au_to_process_ex, au_to_return, au_to_return32, au_to_return64,
au_to_socket, au_to_subject, au_to_subject_ex, au_to_text - create audit record tokens
SYNOPSIS
cc [ flag... ] file... -lbsm -lsocket -lnsl [ library... ]
#include <sys/types.h>
#include <sys/vnode.h>
#include <netinet/in.h>
#include <bsm/libbsm.h>
token_t *au_to_arg(char n, char *text, uint32_t v);
token_t *au_to_arg32(char n, char *text, uint32_t v);
token_t *au_to_arg64(char n, char *text, uint64_t v);
token_t *au_to_attr(struct vattr *attr);
token_t *au_to_cmd(uint_t argc, char **argv, char **envp);
token_t *au_to_data(char unit_print, char unit_type, char unit_count,
char *p);
token_t *au_to_groups(int *groups);
token_t *au_to_in_addr(struct in_addr *internet_addr);
token_t *au_to_ipc(char type, int id);
token_t *au_to_iport(u_short_t iport);
token_t *au_to_me(void);
token_t *au_to_newgroups(int n, gid_t *groups);
token_t *au_to_opaque(char *data, short bytes);
token_t *au_to_path(char *path);
token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid,
uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid,
uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
token_t *au_to_return(char number, uin32t_t value);
token_t *au_to_return32(char number, uin32t_t value);
token_t *au_to_return64(char number, uin64t_t value);
token_t *au_to_socket(struct oldsocket *so);
token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid,
uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);
token_t *au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid,
uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);
token_t *au_to_text(char *text);
DESCRIPTION
The au_to_arg(), au_to_arg32(), and au_to_arg64() functions format the data in v into an "argument token". The n argument indicates the
argument number. The text argument is a null-terminated string describing the argument.
The au_to_attr() function formats the data pointed to by attr into a "vnode attribute token".
The au_to_cmd() function formats the data pointed to by argv into a "command token". A command token reflects a command and its parameters
as entered. For example, the pfexec(1) utility uses au_to_cmd() to record the command and arguments it reads from the command line.
The au_to_data() function formats the data pointed to by p into an "arbitrary data token". The unit_print parameter determines the pre-
ferred display base of the data and is one of AUP_BINARY, AUP_OCTAL, AUP_DECIMAL, AUP_HEX, or AUP_STRING. The unit_type parameter defines
the basic unit of data and is one of AUR_BYTE, AUR_CHAR, AUR_SHORT, AUR_INT, or AUR_LONG. The unit_count parameter specifies the number
of basic data units to be used and must be positive.
The au_to_groups() function formats the array of 16 integers pointed to by groups into a "groups token". The au_to_newgroups() function
(see below) should be used in place of this function.
The au_to_in_addr() function formats the data pointed to by internet_addr into an "internet address token".
The au_to_ipc() function formats the data in the id parameter into an "interprocess communications ID token".
The au_to_iport() function formats the data pointed to by iport into an "ip port address token".
The au_to_me() function collects audit information from the current process and creates a "subject token" by calling au_to_subject().
The au_to_newgroups() function formats the array of n integers pointed to by groups into a "newgroups token". This function should be used
in place of au_to_groups().
The au_to_opaque() function formats the bytes bytes pointed to by data into an "opaque token". The value of size must be positive.
The au_to_path() function formats the path name pointed to by path into a ``path token.''
The au_to_process() function formats an auid (audit user ID), an euid (effective user ID), an egid (effective group ID), a ruid (real user
ID), a rgid (real group ID), a pid (process ID), an sid (audit session ID), and a tid (audit terminal ID containing an IPv4 IP address),
into a "process token". A process token should be used when the process is the object of an action (ie. when the process is the receiver
of a signal). The au_to_process_ex() function (see below) should be used in place of this function.
The au_to_process_ex() function formats an auid (audit user ID), an euid (effective user ID), an egid (effective group ID), a ruid (real
user ID), a rgid (real group ID), a pid (process ID), an sid (audit session ID), and a tid (audit terminal ID containing an IPv4 or IPv6 IP
address), into a "process token". A process token should be used when the process is the object of an action (that is, when the process is
the receiver of a signal). This function should be used in place of au_to_process().
The au_to_return(), au_to_return32(), and au_to_return64() functions format an error number number and a return value value into a "return
value token".
The au_to_socket() function format the data pointed to by so into a ``socket token.''
The au_to_subject() function formats an auid (audit user ID), an euid (effective user ID), an egid (effective group ID), a ruid (real user
ID), an rgid (real group ID), a pid (process ID), an sid (audit session ID), an tid (audit terminal ID containing an IPv4 IP address), into
a "subject token". The au_to_subject_ex() function (see below) should be used in place of this function.
The au_to_subject_ex() function formats an auid (audit user ID), an euid (effective user ID), an egid (effective group ID), a ruid (real
user ID), an rgid (real group ID), a pid (process ID), an sid (audit session ID), an tid (audit terminal ID containing an IPv4 or IPv6 IP
address), into a "subject token". This function should be used in place of au_to_subject().
The au_to_text() function formats the null-terminated string pointed to by text into a "text token".
RETURN VALUES
These functions return NULL if memory cannot be allocated to put the resultant token into, or if an error in the input is detected.
ATTRIBUTES
See attributes(5) for a description of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Stable |
+-----------------------------+-----------------------------+
|MT-Level |MT-Safe |
+-----------------------------+-----------------------------+
SEE ALSO
bsmconv(1M), au_open(3BSM), attributes(5)
NOTES
The functionality described on this manual page is available only if the Solaris Auditing has been enabled. See bsmconv(1M) for more
information.
SunOS 5.11 31 Mar 2005 au_to(3BSM)