Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ auditdmp(2) — UnixWare 2.01

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

auditbuf(2)

auditctl(2)

auditevt(2)

auditlog(2)






       auditdmp(2)                                              auditdmp(2)


       NAME
             auditdmp - write audit record to audit buffer

       SYNOPSIS
             #include <sys/types.h>
             #include <audit.h>
             int auditdmp(struct arec *arecp, int size);

       DESCRIPTION
             The auditdmp system call is used to write an audit record to
             the audit buffer.  Trusted user-level commands with the
             appropriate privilege(P_AUDIT) append user-level event records
             to the audit buffer.  Privileged applications append only
             records of type misc to the audit buffer if they have the
             appropriate privilege(P_AUDITWR).

             The arecp argument points to a structure of type arec that
             contains the following elements:

                   typedef struct arec {
                         int rtype;       /* audit record event type    */
                         int rstatus;     /* audit record event status  */
                         int rsize;       /* audit records size of argp */
                         char *argp;      /* audit record data          */
                   } arec_t

             The rtype element of the arec structure specifies the event
             type of the audit record.  If the rtype argument is valid (one
             of the user-level events, [see audit(5)]) and if its
             corresponding bit is set in the process emask [see
             auditevt(2)] for the invoking process, the system generates an
             audit record.  The rstatus element of the arec structure is
             the status of the user-level event, zero for success, non-zero
             for failure.  The rsize element of the arec structure
             specifies the size of memory required to record the data to be
             written.  The argp element of the arec structure is a
             character pointer to the audit data.

             The size argument is used to verify the size of the arec
             structure being passed to determine the version of auditing.

          Return Values
             On success, auditdmp returns 0.  On failure, auditdmp returns
             -1 and sets errno to identify the error.




                           Copyright 1994 Novell, Inc.               Page 1













      auditdmp(2)                                              auditdmp(2)


         Errors
            In the following conditions, auditdmp fails and sets errno to:

            EAGAIN    It is not possible to allocate memory for the size
                      of rsize.

            EAGAIN    It is not possible to allocate memory for the arecp.

            EFAULT    The arecp is invalid.

            EFAULT    The argp is invalid.

            EFAULT    The rtype is ADT_BAD_AUTH, ADT_BAD_LVL, ADT_DEF_LVL,
                      or ADT_LOGIN and an invalid bamsg[] or tty[] is
                      passed.

            EFAULT    The rtype is ADT_CRON and an invalid cronjob[] is
                      passed.

            EINVAL    The system call is invoked while auditing is
                      disabled.

            EINVAL    The size of arec is not equal to size.

            EINVAL    The rtype is invalid.

            EPERM     The invoking subject does not have the appropriate
                      privilege (P_AUDIT or P_AUDITWR).

            ENOPKG    The audit package is not installed.

      REFERENCES
            auditbuf(2), auditctl(2), auditevt(2), auditlog(2)















                          Copyright 1994 Novell, Inc.               Page 2








Typewritten Software • bear@typewritten.org • Edmonds, WA 98026