Main index | Section 3 | Options |
#include <bsm/libbsm.h>
The au_preselect() function calculates whether or not the audit event passed via event is matched by the audit mask passed via mask_p. The sorf argument indicates whether or not to consider the event as a success, if the AU_PRS_SUCCESS flag is set, or failure, if the AU_PRS_FAILURE flag is set. The flag argument accepts additional arguments influencing the behavior of au_preselect(), including AU_PRS_REREAD, which causes the event to be re-looked up rather than read from the cache, or AU_PRS_USECACHE which forces use of the cache.
The getauditflagsbin() function converts a string representation of an audit mask passed via a character string pointed to by auditstr, returning the resulting mask, if valid, via *masks.
The getauditflagschar() function converts the audit event mask passed via *masks and converts it to a character string in a buffer pointed to by auditstr. See the BUGS section for more information on how to provide a buffer of sufficient size. If the verbose flag is set, the class description string retrieved from audit_class(5) will be used; otherwise, the two-character class name.
The getauditflagsbinand getauditflagschar functions return the value 0 if successful; otherwise the value -1 is returned and the global variable errno is set to indicate the error.
The Basic Security Module (BSM) interface to audit records and audit event stream format were defined by Sun Microsystems.
The getauditflagschar() function does not provide a way to indicate how long the character buffer is, in order to detect overflow. As a result, the caller must always provide a buffer of sufficient length for any possible mask, which may be calculated as three times the number of non-zero bits in the mask argument in the event non-verbose class names are used, and is not trivially predictable for verbose class names. This API should be replaced with a more robust one.
AU_MASK (3) | April 19, 2005 |
Main index | Section 3 | Options |
Please direct any comments about this manual page service to Ben Bullock. Privacy policy.
“ | I think Unix and snowflakes are the only two classes of objects in the universe in which no two instances ever match exactly. | ” |
— Noel Chiappa |