test

Trusted Solaris Developer's Guide

Making Invalid and Valid Calls

These examples show the different audit records logged to the audit trail when a call to the auditwrite(3TSOL) routine is invalid and valid. The structure of audit records and tokens is described in "Token Structure".

Invalid Call

If you use more than one control command, or omit the control command, or do not include the AW_END terminator command, your code compiles and runs and a record is logged to the audit trail to record the invalid call to the auditwrite(3TSOL) routine. Note that the event is logged to the trail only if the process preselection mask audits the AUE_auditwrite event for failure.

This example shows an invalid auditwrite(3TSOL) routine call that omits the AW_END terminator command and the resulting audit record. The header files for the examples in the rest of this chapter are shown in this first program. 

#include <bsm/auditwrite.h>
#include <tsol/label.h>
#include <sys/param.h>
#include <bsm/libbsm.h>
#include <tsol/priv.h>

main()
{
/* Invalid call missing AW_END. Do not do it this way. */
	auditwrite(AW_EVENT, "AUE_second_signature", AW_WRITE);
}

An invalid call is logged to syslog, and if the invalid record has enough information, it is also logged to the audit trail. In the example, the invalid call is logged to syslog only with the following information: 


header, 194,2,auditwrite routine fail,,Fri Sep 06 10:11:33 1996, 
+ 179 msec text,
auditwrite routine aborted: aw_errno = 6 = Command invalid, errno = 0 
= no such device or address 
subject,zelda,zelda,staff,zelda,staff,1774,348,0 0 phoenix
slabel,C
return,failure,-1

Valid Call

This call to the auditwrite(3TSOL) routine includes the AW_END command and logs the AUE_second_signature event to the audit trail. 

/* Valid call that includes AW_END */
auditwrite(AW_EVENT, "AUE_second_signature", AW_WRITE, AW_END);

The viewing terminal shows this record:


header, 4022,2,second signature requested,,Fri Sep 06 
  10:16:49 1996 + 969 msec
subject,zelda,zelda,staff,zelda,staff,1774,348,0 0 phoenix
slabel,C
return,success,0