FreeBSD 7.0 manual page repository

FreeBSD is a free computer operating system based on BSD UNIX originally. Many IT companies, like DeployIS is using it to provide an up-to-date, stable operating system.

au_preselect, getauditflagsbin, getauditflagschar - convert between



      au_preselect, getauditflagsbin, getauditflagschar - convert between
      string and numeric values of audit masks


      library “libbsm”


      #include <bsm/libbsm.h>
      au_preselect(au_event_t event, au_mask_t *mask_p, int sorf, int flag);
      getauditflagsbin(char *auditstr, au_mask_t *masks);
      getauditflagschar(char *auditstr, au_mask_t *masks, int verbose);


      These interfaces support processing of an audit mask represented by type
      au_mask_t, including conversion between numeric and text formats, and
      computing whether or not an event is matched by a mask.
      The au_preselect() function calculates whether or not the audit event
      passed via event is matched by the audit mask passed via mask_p.  The
      sorf argument indicates whether or not to consider the event as a suc‐
      cess, if the AU_PRS_SUCCESS flag is set, or failure, if the
      AU_PRS_FAILURE flag is set.  The flag argument accepts additional argu‐
      ments influencing the behavior of au_preselect(), including
      AU_PRS_REREAD, which causes the event to be re-looked up rather than read
      from the cache, or AU_PRS_USECACHE which forces use of the cache.
      The getauditflagsbin() function converts a string representation of an
      audit mask passed via a character string pointed to by auditstr, return‐
      ing the resulting mask, if valid, via *masks.
      The getauditflagschar() function converts the audit event mask passed via
      *masks and converts it to a character string in a buffer pointed to by
      auditstr.  See the BUGS section for more information on how to provide a
      buffer of sufficient size.  If the verbose flag is set, the class
      description string retrieved from audit_class(5) will be used; otherwise,
      the two-character class name.
      The au_preselect() function makes implicit use of various audit database
      routines, and may influence the behavior of simultaneous or interleaved
      processing of those databases by other code.
      The au_preselect() function returns 0 on success, or returns -1 if there
      is a failure looking up the event type or other database access, in which
      case errno will be set to indicate the error.  It returns 1 if the event
      is matched; 0 if not.
      The getauditflagsbin() and getauditflagschar() functions return the
      value 0 if successful; otherwise the value -1 is returned and the global
      variable errno is set to indicate the error.
      libbsm(3), audit_class(5)


      The OpenBSM implementation was created by McAfee Research, the security
      division of McAfee Inc., under contract to Apple Computer, Inc., in 2004.
      It was subsequently adopted by the TrustedBSD Project as the foundation
      for the OpenBSM distribution.


      This software was created by Robert Watson, Wayne Salamon, and Suresh
      Krishnaswamy for McAfee Research, the security research division of
      McAfee, Inc., under contract to Apple Computer, Inc.
      The Basic Security Module (BSM) interface to audit records and audit
      event stream format were defined by Sun Microsystems.


      The errno variable may not always be properly set in the event of an
      The getauditflagschar() function does not provide a way to indicate how
      long the character buffer is, in order to detect overflow.  As a result,
      the caller must always provide a buffer of sufficient length for any pos‐
      sible mask, which may be calculated as three times the number of non-zero
      bits in the mask argument in the event non-verbose class names are used,
      and is not trivially predictable for verbose class names.  This API
      should be replaced with a more robust one.


Based on BSD UNIX
FreeBSD is an advanced operating system for x86 compatible (including Pentium and Athlon), amd64 compatible (including Opteron, Athlon64, and EM64T), UltraSPARC, IA-64, PC-98 and ARM architectures. It is derived from BSD, the version of UNIX developed at the University of California, Berkeley. It is developed and maintained by a large team of individuals. Additional platforms are in various stages of development.