xref: /titanic_52/usr/src/man/man3bsm/getfauditflags.3bsm (revision 9455584c67f6bed7407417f74a9b5b0ab615384b)
te
Copyright (c) 2005, Sun Microsystems, Inc. All Rights Reserved.
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
GETFAUDITFLAGS 3BSM "Mar 31, 2005"
NAME
getfauditflags - generate process audit state
SYNOPSIS

cc [ flag... ] file... -lbsm  -lsocket   -lnsl  [ library... ]
#include <sys/param.h>
#include <bsm/libbsm.h>

int getfauditflags(au_mask_t *usremasks, au_mask_t *usrdmasks,
 au_mask_t *lastmasks);
DESCRIPTION

The getfauditflags() function generates a process audit state by combining the audit masks passed as parameters with the system audit masks specified in the audit_control(4) file. The getfauditflags() function obtains the system audit value by calling getacflg() (see getacinfo(3BSM)).

The usremasks argument points to au_mask_t fields that contains two values. The first value defines which events are always to be audited when they succeed. The second value defines which events are always to be audited when they fail.

The usrdmasks argument points to au_mask_t fields that contains two values. The first value defines which events are never to be audited when they succeed. The second value defines which events are never to be audited when they fail.

The structures pointed to by usremasks and usrdmasks can be obtained from the audit_user(4) file by calling getauusernam(3BSM), which returns a pointer to a strucure containing all audit_user(4) fields for a user.

The output of this function is stored in lastmasks, a pointer of type au_mask_t as well. The first value defines which events are to be audited when they succeed and the second defines which events are to be audited when they fail.

Both usremasks and usrdmasks override the values in the system audit values.

RETURN VALUES

Upon successful completion, getfauditflags() returns 0. Otherwise it returns -1.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE
MT-Level MT-Safe
SEE ALSO

bsmconv(1M), getacinfo(3BSM), getauditflags(3BSM), getauusernam(3BSM), audit.log(4), audit_control(4), audit_user(4), attributes(5)

NOTES

The functionality described on this manual page is available only if the Solaris Auditing has been enabled. See bsmconv(1M) for more information.