Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ a_fill_aubu(3) — Motorola System V 88k Release 4 Version 4.2

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

au_entry(3A)

auevent(4)

a_fill_aubuff(3)  —  LIBRARY FUNCTIONS

NAME

a_fill_aubuff − fills an audit buffer for use with au_entry

SYNOPSIS

#include <sys/audit.h>
 int a_fill_aubuff (ab, reas, mtype, event, object, data, datalen)
struct auditbuf ∗ab;
uchar reas, mtype;
ushort event;
long object;
char ∗data;
int datalen;

DESCRIPTION

a_fill_aubuff builds an audit buffer that can then be written into the audit log using au_entry(3A).  The parameters are:

reas The reason code, as defined in <sys/audit.h>.  Valid reason codes are AU_SUCCESS, AU_DACFAIL, AU_COVERT, AU_OTHER, and AU_PRIVFAIL. 

mtype The message type, as defined in <sys/audit.h>.  Valid message types are AU_USTR, AU_UDATA, and AU_INT.  (Note that types AU_KSTR, AU_KDATA, AU_FSEC, AU_PROC, AU_SOCK, AU_USER, AU_AU, and AU_IPC are not valid, because they are for use within the kernel only.) 

event The event code, as defined in <sys/auetypes.h> and listed in /var/security/auevent. 

object A long value, stored as part of the data record. 

data A pointer to data of the appropriate type, as defined by mtype:

AU_USTR A pointer to a null-terminated character string. 

AU_UDATA A pointer to a byte stream. 

AU_INT A pointer to a single integer. 

datalen
The length of the data parameter (used only if mtype is AU_UDATA ). 

EXAMPLE

The common usage is to construct one or more buffers using a_fill_aubuff and then write them into the log using au_entry(3A).  For example:

struct auditbuf a[2];
int b;
if ((a_fill_aubuff(&a[0], AU_OTHER, AU_USTR, MYEVENT, 0,
"hello world",11) == 0) &&
(a_fill_aubuff(&a[1], AU_OTHER, AU_INT, MYEVENT, 0,
(char ∗)&b,sizeof(int)) == 0))
{
if (au_entry(AULOGIN, a, 2) < 0)
(etc.)
}

SEE ALSO

au_entry(3A), auevent(4)

DIAGNOSTICS

If the buffer was filled successfully, the return value will be zero.  If there was a problem (e.g., invalid reason or message type), then the return code will be -1. 

WARNING

The audit buffer contains only a pointer to the data provided, not the actual data.  Thus, the data areas provided to a_fill_aubuff should not be modified or freed until after the audit buffers have been written using au_entry. 

(Security Enhancement)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026