Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ dce_aud_start_with_uuid(3sec) — DCE 3.1

Media Vault

Software Library

Restoration Projects

Artifacts Sought

dce_aud_start_with_uuid(3sec)  —  Subroutines

NAME

dce_aud_start_with_uuid —  Determines whether a specified event should be audited given the client/server UUID and the event outcome.  Used by client/server applications which already know the UUIDs of their clients and wish to avoid the overhead of the audit library acquiring them

Synopsis

void dce_aud_start_with_uuid(
unsigned32 event,
uuid_t server_uuid,
uuid_t client_uuid,
uuid_ trealm_uuid,
unsigned_char_t ∗address,
unsigned3 2options,
unsigned32 outcome,
dce_aud_rec_t ∗ ard,
unsigned32 ∗status);

Parameters

Input

eventSpecifies the event to be audited.  This is a 32-bit event number.  The event field in the audit record header will be set to this number. 

server_uuid
Specifies the calling application’s principal uuid.

client_uuid
Specifies the remote client/server’s principal uuid.

realm_uuid
Specifies the remote client/server’s cell uuid.

addressSpecifies the remote client/server’s address.  The address could be in any format of the underlying transport protocol. 

optionsSpecifies the optional header information desired (aud_c_evt_all_info, aud_c_evt_group_info, aud_c_evt_address_info). 

It can also be used to specify any of two options: to always log an audit record (aud_c_evt_always_log) or to always send an alarm message to the standard output (aud_c_evt_always_alarm).  If any of these two options is selected, the filter is bypassed.  The value of the options parameter is the bitwise OR of any selected combination of the following option values:

aud_c_evt_all_info
Includes all optional information (groups and address) in the audit record header.

aud_c_evt_groups_info
Includes the groups information in the audit record header.

aud_c_evt_address_info
Includes the client address information in the audit record header.

aud_c_evt_always_log
Bypasses the filter mechanism and indicates that the event must be logged.

aud_c_evt_always_alarm
Bypasses the filter mechanism and indicates that an alarm message must be sent to the system console for the event.

outcomeThe event outcome to be stored in the header.  The following event outcome values are defined:

aud_c_esl_cond_unknown
The event outcome (denial, failure, or success) is still unknown.

aud_c_esl_cond_success
The event completed successfully.

aud_c_esl_cond_denial
The event failed due to access denial.

aud_c_esl_cond_failure
The event failed due to reasons other than access denial.

aud_c_esl_cond_pending
The event outcome is pending, being one in a series of connected events, where the application desires to record the real outcome only after the last event.

Output

ardReturns a pointer to an audit record buffer.  If the event does not need to be audited because it is not selected by the filters, or if the environment variable DCEAUDITOFF has been set, a NULL pointer is returned.  If the function is called with outcome set to aud_c_esl_cond_unknown, it is possible that the function cannot determine whether the event should be audited.  In this case, the audit record descriptor is still allocated and its address is returned to the caller.  An outcome, different from unknown, must be provided prior to logging the record with the dce_aud_commit() function. 

statusThe status code returned by this routine.  This status code indicates whether the routine completed successfully or not.  If the routine did not complete successfully, the reason for the failure is given. 

Description

The dce_aud_start_with_uuid() function determines if an audit record must be generated for the specified event.  The decision is based on the event filters, an environment variable (DCEAUDITOFF), the client’s identity provided in the input parameters, and the event outcome (if it is provided in the outcome parameter).  If this event needs to be audited, the function allocates an audit record descriptor and returns a pointer to it, (that is, ard).  If the event does not need to be audited, NULL is returned in the ard parameter.  If either the aud_c_evt_always_log or aud_c_evt_always_alarm option is selected, an audit record descriptor will always be created and returned. 

The dce_aud_start_with_uuid() function is designed to be used by RPC applications that know their client’s identity in UUID form.  Otherwise, RPC applications should use dce_aud_start().  Non-RPC applications that use the DCE authorization model should use dce_aud_start_with_pac().  The dce_aud_start_with_name() function should be used by non-RPC applications that do not use the DCE authorization model. 

This function records the input identity parameters in the newly-created audit record descriptor. 

Event-specific information can be added to the record by using the dce_aud_put_ev_info() function, which can be called multiple times after calling any of the dce_aud_start_∗ and before calling dce_aud_commit().  A completed audit record can either be appended to an audit trail file or sent to the audit daemon by calling dce_aud_commit(). 

This function searches for all relevant filters (for the specified subject and outcome, if these are specified), summarizes the actions for each possible event outcome, and records an outcome-action table with ard.  If the outcome is specified when calling this function and the outcome does not require any action according to filters, then this function returns a NULL ard. 

If the outcome is not specified in the dce_aud_start_with_uuid() call, dce_aud_start_with_uuid() returns a NULL ard if no action is required for all possible outcomes. 

The caller should not change the outcome between the dce_aud_start_with_uuid() and dce_aud_commit() calls arbitrarily.  In this case, the outcome can be made more specific, for example, from aud_c_esl_cond_unknown to aud_c_esl_cond_success or from aud_c_esl_cond_pending to aud_c_esl_cond_success. 

An outcome change from aud_c_esl_cond_success to aud_c_esl_cond_denial is not logically correct because the outcome aud_c_esl_cond_success may have caused a NULL ard to be returned in this function.  If the final outcome can be aud_c_esl_cond_success, then it should be specified in this function, or use aud_c_esl_cond_unknown. 

This function can be called with the outcome parameter taking a value of zero or the union (logical OR) of selected values from the set of constants aud_c_esl_cond_success, aud_c_esl_cond_failure, aud_c_esl_cond_denial, and aud_c_esl_cond_pending.  The outcome parameter used in the dce_aud_commit() function should take one value from the same set of constants. 

If dce_aud_start_with_uuid() used a nonzero value for outcome, then the constant used for outcome in the dce_aud_commit() call should have been selected in the dce_aud_start_with_uuid() call. 

Return Values

No value is returned. 

Errors

The following describes a partial list of errors that might be returned.  Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages. 

aud_s_ok
The call was successful.

Status codes passed from dce_aud_start_with_pac()

Related Information

Functions: dce_aud_commit(3sec), dce_aud_open(3sec), dce_aud_put_ev_info(3sec), dce_aud_start(3sec), dce_aud_start_with_name(3sec), dce_aud_start_with_pac(3sec), dce_aud_start_with_server_binding(3sec). 

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026