auditdmp(2) auditdmp(2)
NAME
auditdmp - write audit record to audit buffer
SYNOPSIS
#include <sys/types.h>
#include <audit.h>
int auditdmp(struct arec *arecp, int size);
DESCRIPTION
The auditdmp system call is used to write an audit record to
the audit buffer. Trusted user-level commands with the
appropriate privilege(P_AUDIT) append user-level event records
to the audit buffer. Privileged applications append only
records of type misc to the audit buffer if they have the
appropriate privilege(P_AUDITWR).
The arecp argument points to a structure of type arec that
contains the following elements:
typedef struct arec {
int rtype; /* audit record event type */
int rstatus; /* audit record event status */
int rsize; /* audit records size of argp */
char *argp; /* audit record data */
} arec_t
The rtype element of the arec structure specifies the event
type of the audit record. If the rtype argument is valid (one
of the user-level events, [see audit(5)]) and if its
corresponding bit is set in the process emask [see
auditevt(2)] for the invoking process, the system generates an
audit record. The rstatus element of the arec structure is
the status of the user-level event, zero for success, non-zero
for failure. The rsize element of the arec structure
specifies the size of memory required to record the data to be
written. The argp element of the arec structure is a
character pointer to the audit data.
The size argument is used to verify the size of the arec
structure being passed to determine the version of auditing.
Return Values
On success, auditdmp returns 0. On failure, auditdmp returns
-1 and sets errno to identify the error.
Copyright 1994 Novell, Inc. Page 1
auditdmp(2) auditdmp(2)
Errors
In the following conditions, auditdmp fails and sets errno to:
EAGAIN It is not possible to allocate memory for the size
of rsize.
EAGAIN It is not possible to allocate memory for the arecp.
EFAULT The arecp is invalid.
EFAULT The argp is invalid.
EFAULT The rtype is ADT_BAD_AUTH, ADT_BAD_LVL, ADT_DEF_LVL,
or ADT_LOGIN and an invalid bamsg[] or tty[] is
passed.
EFAULT The rtype is ADT_CRON and an invalid cronjob[] is
passed.
EINVAL The system call is invoked while auditing is
disabled.
EINVAL The size of arec is not equal to size.
EINVAL The rtype is invalid.
EPERM The invoking subject does not have the appropriate
privilege (P_AUDIT or P_AUDITWR).
ENOPKG The audit package is not installed.
REFERENCES
auditbuf(2), auditctl(2), auditevt(2), auditlog(2)
Copyright 1994 Novell, Inc. Page 2