NAME | SYNOPSIS | DESCRIPTION | RETURN VALUES | FILES | ATTRIBUTES | SUMMARY OF TRUSTED SOLARIS CHANGES | SEE ALSO | NOTES
#include <bsm/libbsm.h>int au_user_mask(char *username, au_mask_t *mask_p);
au_user_mask() reads the default, system wide audit classes from audit_control(4), combines them with the per-user audit classes from the audit_user(4) database, and updates the binary preselection mask pointed to by mask_p with the combined value.
The audit flags in the flags field of the audit_control(4) database and the always-audit-flags and never-audit-flags from the audit_user(4) database represent binary audit classes. These fields are combined by au_preselect(3) as follows:
mask = (flags + always-audit-flags) - never-audit-flags
au_user_mask() only fails if both the both the audit_control(4) and the audit_user(4) database entries could not be retrieved. This allows for flexible configurations.
au_user_mask() returns:
Success.
Failure. Both the audit_control(4) and the audit_user(4) database entries could not be retrieved.
Contains default parameters read by the audit daemon, auditd(1M).
Stores per-user audit event mask.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
MT-Level | MT-Safe |
By default, auditing is enabled in the Trusted Solaris environment. Trusted Solaris 2.5.1 and 7 extend the number of audit classes and audit events, and introduce new but similar structures and programming interfaces.
login(4), getaudit(4), au_preselect(3), getacinfo(3), getauusernam(3), audit_control(4), audit_user(4)
This functionality is active only if auditing has been enabled. au_user_mask() should be called by programs like login(1) that set the preselection mask of a process with setaudit(2) in the Trusted Solaris 7 Reference Manual. getaudit(2) should be used to obtain audit characteristics for the current process.
NAME | SYNOPSIS | DESCRIPTION | RETURN VALUES | FILES | ATTRIBUTES | SUMMARY OF TRUSTED SOLARIS CHANGES | SEE ALSO | NOTES