Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ sat_free_header_info(3C) — IRIX 6.5.3f

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

fopen(3S)

fclose(3S)

feof(3S)



SATREADHEADERINFO(3C)                              SATREADHEADERINFO(3C)



NAME
     sat_read_header_info, sat_free_header_info - Portable interfaces to read
     audit record headers

SYNOPSIS
     #include <sat.h>

     int satreadheaderinfo (FILE *in, struct sathdrinfo int mask, int
          filemajor, int fileminor);

     void satfreeheaderinfo (struct sathdrinfo *header);

DESCRIPTION
     satreadheaderinfo reads an audit record header into a convenient
     struct for examining its contents (the disk format is neither convenient
     nor obvious).  Translation from older versions of audit files is handled
     transparently by the library routines.  The record header is read from
     file descriptor in and processed into the struct pointed to by header.
     The file_major, file_minor are the file version to translate from,
     obtained from the file header using the sat_read_file_info(3C) call.

     The sathdrinfo structure pointed to by header includes the following
     fields:

          int     satmagic;       /* sat header "magic number" */
          int     satrectype;     /* what type of record follows */
          int     satoutcome;     /* fail/success, due to dac/mac check */
          capvaluet satcap;    /* what capability affected the result */
          int     satsequence;    /* sequence # for this rec (by type) */
          int     saterrno;       /* system call error number */
          timet  sattime;        /* seconds since 1970 */
          int     satticks;       /* sub-second clock ticks (0-99) */
          int     satsyscall;     /* system call number */
          int     satsubsyscall;  /* system call "command" number */
          long    sathostid;     /* host id */
          uidt   satid;          /* SAT user-id */
          devt   sattty;         /* controlling tty, if present */
          pidt   satppid;        /* parent process id */
          pidt   satpid;         /* process id of record's generator */
          char    *satpname;      /* process name */
          maclabel *satplabel;   /* process label */
          capt   satpcap;       /* capability set */
          uidt   sateuid;        /* Effective user id */
          uidt   satruid;        /* Real user id */
          gidt   sategid;        /* Effective group id */
          gidt   satrgid;        /* Real group id */
          int     satngroups;     /* number of multi-group entries */
          gidt   *satgroups;     /* group list */
          char    *satcwd;        /* current working directory */
          char    *satrootdir;    /* current root directory */
          int     satrecsize;     /* bytes in the following record */
          int     sathdrsize;     /* no. of bytes in disk image of header */



                                                                        Page 1





SATREADHEADERINFO(3C)                              SATREADHEADERINFO(3C)



          char    *satbuffer;     /* buffer holding disk image of header */

     Due to the format that the record header is stored in on disk, several
     fields in the file header require extra computation and memory.  To allow
     the user to select only the fields they are interested in, there is a
     mask which specifies which fields to include.  These are:

          SHI_NONE       Include none of the extra fields.

          SHI_GROUPS     Include the extended group list from the record
                         header.

          SHI_PLABEL     Include the process label from the record header.

          SHI_CWD        Include the current working directory from the record
                         header.

          SHI_ROOTDIR    Include the current root directory from the record
                         header.

          SHI_PNAME      Include the process name from the record header.

          SHI_BUFFER     Include the original disk image of the record header.

          SHI_ALL        Include everything.

     The process label is only available if sat_mac_enabled is set in the file
     header, otherwise this field will be NULL.  The current root directory
     (as changed by the chroot(2) command) may point to a null string.  If
     this is the case, '/' is intended.  If a field is not requested in the
     mask, the value in header will be NULL.  To specify combinations of the
     above masks, simply "or" them together, like so:

          (SHIGROUPS | SHICWD | SHIPNAME)

     Unlike the satreadfileinfo function, there is only one way to write
     out a record header.  That is to ask for the disk image using SHIBUFFER
     in the mask.  When output is desired, use fwrite(3C) to write the
     contents of satbuffer to disk.  The length of the data in satbuffer is
     in sathdrsize.  Be aware that there is also the record data following
     the record header, which must also be read and written to disk.  The size
     of the record body is found in the satrecsize field.  There are no
     library routines to read or interpret record bodies.

     satfreeheaderinfo is used to free any data that satreadheaderinfo
     allocated while constructing a sathdrinfo struct.  It does not free the
     struct itself, only certain fields within the struct.  To make sure the
     struct isn't used afterwards, it is zeroed after all the fields are
     freed.






                                                                        Page 2





SATREADHEADERINFO(3C)                              SATREADHEADERINFO(3C)



DIAGNOSTICS
     satreadheaderinfo returns SHIOKAY on success or SHIERROR if any
     errors were detected.

SEE ALSO
     fopen(3S), fclose(3S), feof(3S), satreadfileinfo(3C),
     satwritefileinfo(3C), satfreefileinfo(3C), satintrppathname(3C).
















































                                                                        Page 3



Typewritten Software • bear@typewritten.org • Edmonds, WA 98026