The AW_SERVER token turns on the trusted server option, which indicates the calling process is a server. When the trusted server is enabled, the auditwrite(3TSOL) routine automatically generates header and return tokens, but not the subject and slabel tokens automatically generated when the trusted server is not enabled (see "Creating a Minimum Audit Record"). When the trusted server is enabled, you must explicitly pass the AW_SUBJECT and AW_SLABEL tokens to include this information in the record.
This example turns on the trusted server option, writes a record, writes another record including the sensitivity label, then turns off the trusted server option and writes a final record so you can see the difference. The sys_trans_label privilege is needed to translate the Secret sensitivity label because the process running at Confidential does not dominate Secret.
bslabel_t senslabel; /* Create a sensitivity label of Secret */` stobsl("Secret", &senslabel, NEW_LABEL, &error); /* Turn on the trusted server option */ auditwrite(AW_SERVER, AW_END); /* Write a record to the audit trail */ auditwrite(AW_EVENT, "AUE_second_signature", AW_TEXT, "Some text", AW_WRITE, AW_END); /* Write a record to the audit trail with the sensitivity label */ auditwrite(AW_EVENT, "AUE_second_signature", AW_TEXT, "Sensitivity label added", AW_SLABEL, &senslabel, AW_WRITE, AW_END); /* Turn off the trusted server option */ auditwrite(AW_NOSERVER, AW_END); /* Write a final record to the audit trail */ auditwrite(AW_EVENT, "AUE_second_signature", AW_TEXT, "Some more text", AW_WRITE, AW_END);
The viewing terminal shows these records:
header,38,2,second signature requested,,Wed Sep 11 12:46:41 1996 + 710 msec text,Some text return,success,0 header,38,2,second signature requested,,Wed Sep 11 12:46:41 1996 + 780 msec text,Sensitivity label added slabel,S return,success,0 header,112,2,second signature requested,,Wed Sep 11 12:46:41 1996 + 799 msec text,Some more text return,success,0 subject,zelda,zelda,staff,zelda,staff,420,286,0 0 phoenix slabel,C return,success,0 |