NAME

au_user_mask − get user’s binary preselection mask

SYNOPSIS

cc [ flag ... ] file ... −lbsm −lsocket −lnsl −lintl [ library ... ]

#include <bsm/libbsm.h>

int au_user_mask( char ∗username, au_mask_t ∗mask_p);

MT-LEVEL

MT-Safe. 

AVAILABILITY

The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled.  See bsmconv(1M) for more information. 

DESCRIPTION

au_user_mask() reads the default, system wide audit classes from audit_control(4), combines them with the per-user audit classes from the audit_user(4) database, and updates the binary preselection mask pointed to by mask_p with the combined value. 

The audit flags in the flags field of the audit_control(4) database and the always-audit-flags and never-audit-flags from the audit_user(4) database represent binary audit classes.  These fields are combined by au_preselect(3) as follows:

mask = ( flags + always-audit-flags) − never-audit-flags

au_user_mask() only fails if both the both the audit_control(4) and the audit_user(4) database entries could not be retrieved.  This allows for flexible configurations. 

RETURN VALUES

au_user_mask() returns:

0 Success. 

-1 Failure. Both the audit_control(4) and the audit_user(4) database entries could not be retrieved. 

FILES

/etc/security/audit_control
contains default parameters read by the audit daemon, auditd(1M)

/etc/security/audit_user
stores per-user audit event mask

SEE ALSO

login(1), bsmconv(1M), getaudit(2), setaudit(2), au_preselect(3), getacinfo(3), getauusernam(3), audit_control(4), audit_user(4)

NOTES

au_user_mask() should be called by programs like login(1) which set a process’s preselection mask with setaudit(2).  getaudit(2) should be used to obtain audit characteristics for the current process. 

SunOS 5.5/x86  —  Last change: 18 Feb 1994