AU_TO(3BSM) Security and Auditing Library Functions AU_TO(3BSM)


NAME


au_to, au_to_arg, au_to_arg32, au_to_arg64, au_to_attr, au_to_cmd,
au_to_data, au_to_groups, au_to_in_addr, au_to_ipc, au_to_iport,
au_to_me, au_to_newgroups, au_to_opaque, au_to_path, au_to_process,
au_to_process_ex, au_to_return, au_to_return32, au_to_return64,
au_to_socket, au_to_subject, au_to_subject_ex, au_to_text - create audit
record tokens

SYNOPSIS


cc [ flag... ] file... -lbsm -lsocket -lnsl [ library... ]
#include <sys/types.h>
#include <sys/vnode.h>
#include <netinet/in.h>
#include <bsm/libbsm.h>

token_t *au_to_arg(char n, char *text, uint32_t v);


token_t *au_to_arg32(char n, char *text, uint32_t v);


token_t *au_to_arg64(char n, char *text, uint64_t v);


token_t *au_to_attr(struct vattr *attr);


token_t *au_to_cmd(uint_t argc, char **argv, char **envp);


token_t *au_to_data(char unit_print, char unit_type, char unit_count,
char *p);


token_t *au_to_groups(int *groups);


token_t *au_to_in_addr(struct in_addr *internet_addr);


token_t *au_to_ipc(char type, int id);


token_t *au_to_iport(u_short_t iport);


token_t *au_to_me(void);


token_t *au_to_newgroups(int n, gid_t *groups);


token_t *au_to_opaque(char *data, short bytes);


token_t *au_to_path(char *path);


token_t *au_to_process(au_id_t auid, uid_t euid, gid_t egid,
uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);


token_t *au_to_process_ex(au_id_t auid, uid_t euid, gid_t egid,
uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);


token_t *au_to_return(char number, uin32t_t value);


token_t *au_to_return32(char number, uin32t_t value);


token_t *au_to_return64(char number, uin64t_t value);


token_t *au_to_socket(struct oldsocket *so);


token_t *au_to_subject(au_id_t auid, uid_t euid, gid_t egid,
uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_t *tid);


token_t *au_to_subject_ex(au_id_t auid, uid_t euid, gid_t egid,
uid_t ruid, gid_t rgid, pid_t pid, au_asid_t sid, au_tid_addr_t *tid);


token_t *au_to_text(char *text);


DESCRIPTION


The au_to_arg(), au_to_arg32(), and au_to_arg64() functions format the
data in v into an "argument token". The n argument indicates the argument
number. The text argument is a null-terminated string describing the
argument.


The au_to_attr() function formats the data pointed to by attr into a
"vnode attribute token".


The au_to_cmd() function formats the data pointed to by argv into a
"command token". A command token reflects a command and its parameters as
entered. For example, the pfexec(1) utility uses au_to_cmd() to record
the command and arguments it reads from the command line.


The au_to_data() function formats the data pointed to by p into an
"arbitrary data token". The unit_print parameter determines the preferred
display base of the data and is one of AUP_BINARY, AUP_OCTAL,
AUP_DECIMAL, AUP_HEX, or AUP_STRING. The unit_type parameter defines
the basic unit of data and is one of AUR_BYTE, AUR_CHAR, AUR_SHORT,
AUR_INT, or AUR_LONG. The unit_count parameter specifies the number of
basic data units to be used and must be positive.


The au_to_groups() function formats the array of 16 integers pointed to
by groups into a "groups token". The au_to_newgroups() function (see
below) should be used in place of this function.


The au_to_in_addr() function formats the data pointed to by internet_addr
into an "internet address token".


The au_to_ipc() function formats the data in the id parameter into an
"interprocess communications ID token".


The au_to_iport() function formats the data pointed to by iport into an
"ip port address token".


The au_to_me() function collects audit information from the current
process and creates a "subject token" by calling au_to_subject().


The au_to_newgroups() function formats the array of n integers pointed
to by groups into a "newgroups token". This function should be used in
place of au_to_groups().


The au_to_opaque() function formats the bytes bytes pointed to by data
into an "opaque token". The value of size must be positive.


The au_to_path() function formats the path name pointed to by path into a
``path token.''


The au_to_process() function formats an auid (audit user ID), an euid
(effective user ID), an egid (effective group ID), a ruid (real user ID),
a rgid (real group ID), a pid (process ID), an sid (audit session ID),
and a tid (audit terminal ID containing an IPv4 IP address), into a
"process token". A process token should be used when the process is the
object of an action (ie. when the process is the receiver of a signal).
The au_to_process_ex() function (see below) should be used in place of
this function.


The au_to_process_ex() function formats an auid (audit user ID), an euid
(effective user ID), an egid (effective group ID), a ruid (real user ID),
a rgid (real group ID), a pid (process ID), an sid (audit session ID),
and a tid (audit terminal ID containing an IPv4 or IPv6 IP address), into
a "process token". A process token should be used when the process is
the object of an action (that is, when the process is the receiver of a
signal). This function should be used in place of au_to_process().


The au_to_return(), au_to_return32(), and au_to_return64() functions
format an error number number and a return value value into a "return
value token".


The au_to_socket() function format the data pointed to by so into a
``socket token.''


The au_to_subject() function formats an auid (audit user ID), an euid
(effective user ID), an egid (effective group ID), a ruid (real user ID),
an rgid (real group ID), a pid (process ID), an sid (audit session ID),
an tid (audit terminal ID containing an IPv4 IP address), into a "subject
token". The au_to_subject_ex() function (see below) should be used in
place of this function.


The au_to_subject_ex() function formats an auid (audit user ID), an euid
(effective user ID), an egid (effective group ID), a ruid (real user ID),
an rgid (real group ID), a pid (process ID), an sid (audit session ID),
an tid (audit terminal ID containing an IPv4 or IPv6 IP address), into a
"subject token". This function should be used in place of
au_to_subject().


The au_to_text() function formats the null-terminated string pointed to
by text into a "text token".

RETURN VALUES


These functions return NULL if memory cannot be allocated to put the
resultant token into, or if an error in the input is detected.

ATTRIBUTES


See attributes(5) for a description of the following attributes:


+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Stable |
+--------------------+-----------------+
|MT-Level | MT-Safe |
+--------------------+-----------------+

SEE ALSO


au_open(3BSM), attributes(5)


March 6, 2017 AU_TO(3BSM)