home *** CD-ROM | disk | FTP | other *** search

---

/ IRIX Base Documentation 1998 November / IRIX 6.5.2 Base Documentation November 1998.img / usr / share / catman / p_man / cat3 / sat_read_header_info.z / sat_read_header_info

Wrap

Text File  |  1998-10-20  |  17KB  |  199 lines

---

1.  
2.  
3.  
4. SSSSAAAATTTT____RRRREEEEAAAADDDD____HHHHEEEEAAAADDDDEEEERRRR____IIIINNNNFFFFOOOO((((3333CCCC))))                              SSSSAAAATTTT____RRRREEEEAAAADDDD____HHHHEEEEAAAADDDDEEEERRRR____IIIINNNNFFFFOOOO((((3333CCCC))))
5.  
6.  
7.  
8. NNNNAAAAMMMMEEEE
9.      sat_read_header_info, sat_free_header_info - Portable interfaces to read
10.      audit record headers
11.  
12. SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS
13.      ####iiiinnnncccclllluuuuddddeeee <<<<ssssaaaatttt....hhhh>>>>
14.  
15.      iiiinnnntttt ssssaaaatttt____rrrreeeeaaaadddd____hhhheeeeaaaaddddeeeerrrr____iiiinnnnffffoooo ((((FFFFIIIILLLLEEEE ****iiiinnnn,,,, ssssttttrrrruuuucccctttt ssssaaaatttt____hhhhddddrrrr____iiiinnnnffffoooo iiiinnnntttt mmmmaaaasssskkkk,,,, iiiinnnntttt
16.           ffffiiiilllleeee____mmmmaaaajjjjoooorrrr,,,, iiiinnnntttt ffffiiiilllleeee____mmmmiiiinnnnoooorrrr))));;;;
17.  
18.      vvvvooooiiiidddd ssssaaaatttt____ffffrrrreeeeeeee____hhhheeeeaaaaddddeeeerrrr____iiiinnnnffffoooo ((((ssssttttrrrruuuucccctttt ssssaaaatttt____hhhhddddrrrr____iiiinnnnffffoooo ****hhhheeeeaaaaddddeeeerrrr))));;;;
19.  
20. DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
21.      ssssaaaatttt____rrrreeeeaaaadddd____hhhheeeeaaaaddddeeeerrrr____iiiinnnnffffoooo reads an audit record header into a convenient
22.      struct for examining its contents (the disk format is neither convenient
23.      nor obvious).  Translation from older versions of audit files is handled
24.      transparently by the library routines.  The record header is read from
25.      file descriptor _i_n and processed into the struct pointed to by _h_e_a_d_e_r.
26.      The _f_i_l_e__m_a_j_o_r, _f_i_l_e__m_i_n_o_r are the file version to translate from,
27.      obtained from the file header using the _s_a_t__r_e_a_d__f_i_l_e__i_n_f_o(3C) call.
28.  
29.      The ssssaaaatttt____hhhhddddrrrr____iiiinnnnffffoooo structure pointed to by _h_e_a_d_e_r includes the following
30.      fields:
31.  
32.           iiiinnnntttt     ssssaaaatttt____mmmmaaaaggggiiiicccc;;;;       ////**** ssssaaaatttt hhhheeeeaaaaddddeeeerrrr """"mmmmaaaaggggiiiicccc nnnnuuuummmmbbbbeeeerrrr"""" ****////
33.           iiiinnnntttt     ssssaaaatttt____rrrreeeeccccttttyyyyppppeeee;;;;     ////**** wwwwhhhhaaaatttt ttttyyyyppppeeee ooooffff rrrreeeeccccoooorrrrdddd ffffoooolllllllloooowwwwssss ****////
34.           iiiinnnntttt     ssssaaaatttt____oooouuuuttttccccoooommmmeeee;;;;     ////**** ffffaaaaiiiillll////ssssuuuucccccccceeeessssssss,,,, dddduuuueeee ttttoooo ddddaaaacccc////mmmmaaaacccc cccchhhheeeecccckkkk ****////
35.           ccccaaaapppp____vvvvaaaalllluuuueeee____tttt ssssaaaatttt____ccccaaaapppp;;;;    ////**** wwwwhhhhaaaatttt ccccaaaappppaaaabbbbiiiilllliiiittttyyyy aaaaffffffffeeeecccctttteeeedddd tttthhhheeee rrrreeeessssuuuulllltttt ****////
36.           iiiinnnntttt     ssssaaaatttt____sssseeeeqqqquuuueeeennnncccceeee;;;;    ////**** sssseeeeqqqquuuueeeennnncccceeee #### ffffoooorrrr tttthhhhiiiissss rrrreeeecccc ((((bbbbyyyy ttttyyyyppppeeee)))) ****////
37.           iiiinnnntttt     ssssaaaatttt____eeeerrrrrrrrnnnnoooo;;;;       ////**** ssssyyyysssstttteeeemmmm ccccaaaallllllll eeeerrrrrrrroooorrrr nnnnuuuummmmbbbbeeeerrrr ****////
38.           ttttiiiimmmmeeee____tttt  ssssaaaatttt____ttttiiiimmmmeeee;;;;        ////**** sssseeeeccccoooonnnnddddssss ssssiiiinnnncccceeee 1111999977770000 ****////
39.           iiiinnnntttt     ssssaaaatttt____ttttiiiicccckkkkssss;;;;       ////**** ssssuuuubbbb----sssseeeeccccoooonnnndddd cccclllloooocccckkkk ttttiiiicccckkkkssss ((((0000----99999999)))) ****////
40.           iiiinnnntttt     ssssaaaatttt____ssssyyyyssssccccaaaallllllll;;;;     ////**** ssssyyyysssstttteeeemmmm ccccaaaallllllll nnnnuuuummmmbbbbeeeerrrr ****////
41.           iiiinnnntttt     ssssaaaatttt____ssssuuuubbbbssssyyyyssssccccaaaallllllll;;;;  ////**** ssssyyyysssstttteeeemmmm ccccaaaallllllll """"ccccoooommmmmmmmaaaannnndddd"""" nnnnuuuummmmbbbbeeeerrrr ****////
42.           lllloooonnnngggg    ssssaaaatttt____hhhhoooosssstttt____iiiidddd;;;;     ////**** hhhhoooosssstttt iiiidddd ****////
43.           uuuuiiiidddd____tttt   ssssaaaatttt____iiiidddd;;;;          ////**** SSSSAAAATTTT uuuusssseeeerrrr----iiiidddd ****////
44.           ddddeeeevvvv____tttt   ssssaaaatttt____ttttttttyyyy;;;;         ////**** ccccoooonnnnttttrrrroooolllllllliiiinnnngggg ttttttttyyyy,,,, iiiiffff pppprrrreeeesssseeeennnntttt ****////
45.           ppppiiiidddd____tttt   ssssaaaatttt____ppppppppiiiidddd;;;;        ////**** ppppaaaarrrreeeennnntttt pppprrrroooocccceeeessssssss iiiidddd ****////
46.           ppppiiiidddd____tttt   ssssaaaatttt____ppppiiiidddd;;;;         ////**** pppprrrroooocccceeeessssssss iiiidddd ooooffff rrrreeeeccccoooorrrrdddd''''ssss ggggeeeennnneeeerrrraaaattttoooorrrr ****////
47.           cccchhhhaaaarrrr    ****ssssaaaatttt____ppppnnnnaaaammmmeeee;;;;      ////**** pppprrrroooocccceeeessssssss nnnnaaaammmmeeee ****////
48.           mmmmaaaacccc____llllaaaabbbbeeeellll ****ssssaaaatttt____ppppllllaaaabbbbeeeellll;;;;   ////**** pppprrrroooocccceeeessssssss llllaaaabbbbeeeellll ****////
49.           ccccaaaapppp____tttt   ssssaaaatttt____ppppccccaaaapppp;;;;       ////**** ccccaaaappppaaaabbbbiiiilllliiiittttyyyy sssseeeetttt ****////
50.           uuuuiiiidddd____tttt   ssssaaaatttt____eeeeuuuuiiiidddd;;;;        ////**** EEEEffffffffeeeeccccttttiiiivvvveeee uuuusssseeeerrrr iiiidddd ****////
51.           uuuuiiiidddd____tttt   ssssaaaatttt____rrrruuuuiiiidddd;;;;        ////**** RRRReeeeaaaallll uuuusssseeeerrrr iiiidddd ****////
52.           ggggiiiidddd____tttt   ssssaaaatttt____eeeeggggiiiidddd;;;;        ////**** EEEEffffffffeeeeccccttttiiiivvvveeee ggggrrrroooouuuupppp iiiidddd ****////
53.           ggggiiiidddd____tttt   ssssaaaatttt____rrrrggggiiiidddd;;;;        ////**** RRRReeeeaaaallll ggggrrrroooouuuupppp iiiidddd ****////
54.           iiiinnnntttt     ssssaaaatttt____nnnnggggrrrroooouuuuppppssss;;;;     ////**** nnnnuuuummmmbbbbeeeerrrr ooooffff mmmmuuuullllttttiiii----ggggrrrroooouuuupppp eeeennnnttttrrrriiiieeeessss ****////
55.           ggggiiiidddd____tttt   ****ssssaaaatttt____ggggrrrroooouuuuppppssss;;;;     ////**** ggggrrrroooouuuupppp lllliiiisssstttt ****////
56.           cccchhhhaaaarrrr    ****ssssaaaatttt____ccccwwwwdddd;;;;        ////**** ccccuuuurrrrrrrreeeennnntttt wwwwoooorrrrkkkkiiiinnnngggg ddddiiiirrrreeeeccccttttoooorrrryyyy ****////
57.           cccchhhhaaaarrrr    ****ssssaaaatttt____rrrroooooooottttddddiiiirrrr;;;;    ////**** ccccuuuurrrrrrrreeeennnntttt rrrrooooooootttt ddddiiiirrrreeeeccccttttoooorrrryyyy ****////
58.           iiiinnnntttt     ssssaaaatttt____rrrreeeeccccssssiiiizzzzeeee;;;;     ////**** bbbbyyyytttteeeessss iiiinnnn tttthhhheeee ffffoooolllllllloooowwwwiiiinnnngggg rrrreeeeccccoooorrrrdddd ****////
59.           iiiinnnntttt     ssssaaaatttt____hhhhddddrrrrssssiiiizzzzeeee;;;;     ////**** nnnnoooo.... ooooffff bbbbyyyytttteeeessss iiiinnnn ddddiiiisssskkkk iiiimmmmaaaaggggeeee ooooffff hhhheeeeaaaaddddeeeerrrr ****////
60.  
61.  
62.  
63.                                                                         PPPPaaaaggggeeee 1111
64.  
65.  
66.  
67.  
68.  
69.  
70. SSSSAAAATTTT____RRRREEEEAAAADDDD____HHHHEEEEAAAADDDDEEEERRRR____IIIINNNNFFFFOOOO((((3333CCCC))))                              SSSSAAAATTTT____RRRREEEEAAAADDDD____HHHHEEEEAAAADDDDEEEERRRR____IIIINNNNFFFFOOOO((((3333CCCC))))
71.  
72.  
73.  
74.           cccchhhhaaaarrrr    ****ssssaaaatttt____bbbbuuuuffffffffeeeerrrr;;;;     ////**** bbbbuuuuffffffffeeeerrrr hhhhoooollllddddiiiinnnngggg ddddiiiisssskkkk iiiimmmmaaaaggggeeee ooooffff hhhheeeeaaaaddddeeeerrrr ****////
75.  
76.      Due to the format that the record header is stored in on disk, several
77.      fields in the file header require extra computation and memory.  To allow
78.      the user to select only the fields they are interested in, there is a
79.      _m_a_s_k which specifies which fields to include.  These are:
80.  
81.           SHI_NONE       Include none of the extra fields.
82.  
83.           SHI_GROUPS     Include the extended group list from the record
84.                          header.
85.  
86.           SHI_PLABEL     Include the process label from the record header.
87.  
88.           SHI_CWD        Include the current working directory from the record
89.                          header.
90.  
91.           SHI_ROOTDIR    Include the current root directory from the record
92.                          header.
93.  
94.           SHI_PNAME      Include the process name from the record header.
95.  
96.           SHI_BUFFER     Include the original disk image of the record header.
97.  
98.           SHI_ALL        Include everything.
99.  
100.      The process label is only available if _s_a_t__m_a_c__e_n_a_b_l_e_d is set in the file
101.      header, otherwise this field will be NULL.  The current root directory
102.      (as changed by the cccchhhhrrrrooooooootttt(2) command) may point to a null string.  If
103.      this is the case, '/' is intended.  If a field is not requested in the
104.      mask, the value in header will be NULL.  To specify combinations of the
105.      above masks, simply "or" them together, like so:
106.  
107.           ((((SSSSHHHHIIII____GGGGRRRROOOOUUUUPPPPSSSS |||| SSSSHHHHIIII____CCCCWWWWDDDD |||| SSSSHHHHIIII____PPPPNNNNAAAAMMMMEEEE))))
108.  
109.      Unlike the ssssaaaatttt____rrrreeeeaaaadddd____ffffiiiilllleeee____iiiinnnnffffoooo function, there is only one way to write
110.      out a record header.  That is to ask for the disk image using SSSSHHHHIIII____BBBBUUUUFFFFFFFFEEEERRRR
111.      in the mask.  When output is desired, use ffffwwwwrrrriiiitttteeee(3C) to write the
112.      contents of ssssaaaatttt____bbbbuuuuffffffffeeeerrrr to disk.  The length of the data in ssssaaaatttt____bbbbuuuuffffffffeeeerrrr is
113.      in ssssaaaatttt____hhhhddddrrrrssssiiiizzzzeeee.  Be aware that there is also the record data following
114.      the record header, which must also be read and written to disk.  The size
115.      of the record body is found in the ssssaaaatttt____rrrreeeeccccssssiiiizzzzeeee field.  There are no
116.      library routines to read or interpret record bodies.
117.  
118.      ssssaaaatttt____ffffrrrreeeeeeee____hhhheeeeaaaaddddeeeerrrr____iiiinnnnffffoooo is used to free any data that ssssaaaatttt____rrrreeeeaaaadddd____hhhheeeeaaaaddddeeeerrrr____iiiinnnnffffoooo
119.      allocated while constructing a ssssaaaatttt____hhhhddddrrrr____iiiinnnnffffoooo struct.  It does not free the
120.      struct itself, only certain fields within the struct.  To make sure the
121.      struct isn't used afterwards, it is zeroed after all the fields are
122.      freed.
123.  
124.  
125.  
126.  
127.  
128.  
129.                                                                         PPPPaaaaggggeeee 2222
130.  
131.  
132.  
133.  
134.  
135.  
136. SSSSAAAATTTT____RRRREEEEAAAADDDD____HHHHEEEEAAAADDDDEEEERRRR____IIIINNNNFFFFOOOO((((3333CCCC))))                              SSSSAAAATTTT____RRRREEEEAAAADDDD____HHHHEEEEAAAADDDDEEEERRRR____IIIINNNNFFFFOOOO((((3333CCCC))))
137.  
138.  
139.  
140. DDDDIIIIAAAAGGGGNNNNOOOOSSSSTTTTIIIICCCCSSSS
141.      ssssaaaatttt____rrrreeeeaaaadddd____hhhheeeeaaaaddddeeeerrrr____iiiinnnnffffoooo returns SSSSHHHHIIII____OOOOKKKKAAAAYYYY on success or SSSSHHHHIIII____EEEERRRRRRRROOOORRRR if any
142.      errors were detected.
143.  
144. SSSSEEEEEEEE AAAALLLLSSSSOOOO
145.      ffffooooppppeeeennnn(3S), ffffcccclllloooosssseeee(3S), ffffeeeeooooffff(3S), ssssaaaatttt____rrrreeeeaaaadddd____ffffiiiilllleeee____iiiinnnnffffoooo(3C),
146.      ssssaaaatttt____wwwwrrrriiiitttteeee____ffffiiiilllleeee____iiiinnnnffffoooo(3C), ssssaaaatttt____ffffrrrreeeeeeee____ffffiiiilllleeee____iiiinnnnffffoooo(3C), ssssaaaatttt____iiiinnnnttttrrrrpppp____ppppaaaatttthhhhnnnnaaaammmmeeee(3C).
147.  
148.  
149.  
150.  
151.  
152.  
153.  
154.  
155.  
156.  
157.  
158.  
159.  
160.  
161.  
162.  
163.  
164.  
165.  
166.  
167.  
168.  
169.  
170.  
171.  
172.  
173.  
174.  
175.  
176.  
177.  
178.  
179.  
180.  
181.  
182.  
183.  
184.  
185.  
186.  
187.  
188.  
189.  
190.  
191.  
192.  
193.  
194.  
195.                                                                         PPPPaaaaggggeeee 3333
196.  
197.  
198.  
199.