Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

login(1)

audit(1M)

aualiasmgmt(1M)

auclassmgmt(1M)

aumaskmgmt(1M)

au_setpmask(3A)

getacent(3A)

auclass(4)

audit(4)

audit_alias(4)

audit_file(4)

a_create_mask(3)  —  LIBRARY FUNCTIONS

NAME

a_create_mask − creates audit mask from list of audit event names

SYNOPSIS

#include <sys/audit.h>
 int a_create_mask (list, mask)
char ∗list;
aumask_t ∗mask;

DESCRIPTION

a_create_mask converts a list of audit event class names into a binary mask representing the reason and the classes of events that were specified in the list.  list is in the following format:

identifier,identifier,...identifier

An identifier is either an alias name (see audit_alias(4)) or an audit event class name string in the following format:

r{class_1,class_2,class_3, ...}

The terms in this format are defined as follows:

r A reason for an audit (as described in audit_alias(4)) followed by a set of classes enclosed in braces { }. 

class_# A class name for a group of similar commands or system calls (see audit(4) and auclass(4)).  Multiple classes are separated by commas.  If there are no classes listed in the braces, it is treated as if all classes were specified. 

A valid list must be NULL-terminated and must consist of valid reasons and/or alias names separated by commas.  Alias naming may refer either forward or backward in the file, although forward referencing is faster.  For example, if the string passed to a_create_mask is:

d{open,creat},an_alias,s{chroot,fcntl},o{}

the string an_alias would be searched for in the /var/security/audit_aliases file, and expanded. 

Once the list is converted into a binary mask, the mask is typically used to set the audit mask of a user in the au_setpmask(3A) system call. 

a_create_mask allows nesting of aliases up to ten deep.  There is no limit to the length of list, or to the length of any given alias. 

For formats of alias names, see audit_alias(4). 

SEE ALSO

login(1), audit(1M), aualiasmgmt(1M), auclassmgmt(1M), aumaskmgmt(1M),
au_setpmask(3A), getacent(3A), auclass(4), audit(4), audit_alias(4),
audit_file(4)

DIAGNOSTICS

If the conversion is successful, a zero is returned.  If the list or mask is NULL, the return value will be -1.  If there is a problem with the /var/security/audit_aliases file, the return value will be -2.  If there is a problem with the classes or reasons, the return value will be -3.  In the case of any errors, the contents of mask are undefined. 

WARNINGS

a_create_mask calls getacent(3) and endacent(3), so any subsequent call to getacent will return the first class in the /var/security/auclass file. 

(Security Enhancement)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026