a_fill_aubuff(3) — LIBRARY FUNCTIONS
NAME
a_fill_aubuff − fills an audit buffer for use with au_entry
SYNOPSIS
#include <sys/audit.h>
int a_fill_aubuff (ab, reas, mtype, event, object, data, datalen)
struct auditbuf ∗ab;
uchar reas, mtype;
ushort event;
long object;
char ∗data;
int datalen;
DESCRIPTION
a_fill_aubuff builds an audit buffer that can then be written into the audit log using au_entry(3A). The parameters are:
reas The reason code, as defined in <sys/audit.h>. Valid reason codes are AU_SUCCESS, AU_DACFAIL, AU_COVERT, AU_OTHER, and AU_PRIVFAIL.
mtype The message type, as defined in <sys/audit.h>. Valid message types are AU_USTR, AU_UDATA, and AU_INT. (Note that types AU_KSTR, AU_KDATA, AU_FSEC, AU_PROC, AU_SOCK, AU_USER, AU_AU, and AU_IPC are not valid, because they are for use within the kernel only.)
event The event code, as defined in <sys/auetypes.h> and listed in /var/security/auevent.
object A long value, stored as part of the data record.
data A pointer to data of the appropriate type, as defined by mtype:
AU_USTR A pointer to a null-terminated character string.
AU_UDATA A pointer to a byte stream.
AU_INT A pointer to a single integer.
datalen
The length of the data parameter (used only if mtype is AU_UDATA ).
EXAMPLE
The common usage is to construct one or more buffers using a_fill_aubuff and then write them into the log using au_entry(3A). For example:
struct auditbuf a[2];
int b;
if ((a_fill_aubuff(&a[0], AU_OTHER, AU_USTR, MYEVENT, 0,
"hello world",11) == 0) &&
(a_fill_aubuff(&a[1], AU_OTHER, AU_INT, MYEVENT, 0,
(char ∗)&b,sizeof(int)) == 0))
{
if (au_entry(AULOGIN, a, 2) < 0)
(etc.)
}
SEE ALSO
DIAGNOSTICS
If the buffer was filled successfully, the return value will be zero. If there was a problem (e.g., invalid reason or message type), then the return code will be -1.
WARNING
The audit buffer contains only a pointer to the data provided, not the actual data. Thus, the data areas provided to a_fill_aubuff should not be modified or freed until after the audit buffers have been written using au_entry.
(Security Enhancement)