Gets or sets the auditing mode of a system data object.
Standard C Library (libc.a)
#include <sys/audit.h>int auditobj ( Command, Obj_Events, ObjSize)
int Command;
struct o_event *Obj_Events;
int ObjSize;
The auditobj subroutine queries or sets the audit events to be generated by accessing selected objects. For each object in the file system name space, it is possible to specify the event generated for each access mode. Using the auditobj subroutine, an administrator can define new audit events in the system that correspond to accesses to specified objects. These events are treated the same as system-defined events.
System auditing need not be enabled to set or query the object audit events. The audit subroutine can be directed with the AUDIT_RESET command to clear the definitions of object audit events.
| Item | Description |
|---|---|
| Command | Specifies whether the object audit event lists are to be
read or written. The valid values, defined in the sys/audit.h file,
for the Command parameter are:
|
| Obj_Events | Specifies the array of o_event structures for the AUDIT_SET operation
or for after the AUDIT_GET or AUDIT_LOCK operation.
The o_event structure is defined in the sys/audit.h file
and contains the following members:
Note: The C++ compiler will generate a warning indicating
that o_event is defined both as a structure and a field within
that structure. Although the o_event field can be used within
C++, the warning can by bypassed by defining O_EVENT_RENAME.
This will replace the o_event field with o_event_array. o_event is
the default field.
|
| ObjSize | For an AUDIT_SET operation, the ObjSize parameter specifies the number of object audit event definitions in the array pointed to by the Obj_Events parameter. For an AUDIT_GET or AUDIT_LOCK operation, the ObjSize parameter specifies the size of the buffer pointed to by the Obj_Events parameter. |
If the auditobj subroutine completes successfully, the number of object audit event definitions is returned if the Command parameter is AUDIT_GET or AUDIT_LOCK. A value of 0 is returned if the Command parameter is AUDIT_SET. If this call fails, a value of -1 is returned and the errno global variable is set to indicate the error.
The auditobj subroutine fails if any of the following are true:
| Item | Description |
|---|---|
| EFAULT | The Obj_Events parameter points outside the address space of the process. |
| EFAULT | The Command parameter is AUDIT_SET, and one or more of the o_name members points outside the address space of the process. |
| EFAULT | The Command parameter is AUDIT_GET or AUDIT_LOCK, and the buffer size of the Obj_Events parameter is not large enough to hold the integer. |
| EINVAL | The value of the Command parameter is not AUDIT_SET, AUDIT_GET or AUDIT_LOCK. |
| EINVAL | The Command parameter is AUDIT_SET, and the value of one or more of the o_type members is not AUDIT_FILE. |
| EINVAL | An event name was longer than 15 significant characters. |
| ENOENT | The Command parameter is AUDIT_SET, and the parent directory of one of the file-system objects does not exist. |
| ENOSPC | The value of the Command parameter is AUDIT_GET or AUDIT_LOCK, and the size of the buffer as specified by the ObjSize parameter is not large enough to hold the list of event structures and names. If this occurs, the first word of the buffer is set to the required buffer size. |
| ENOMEM | Memory allocation failed. |
| EBUSY | Another process has called the auditobj subroutine with AUDIT_LOCK. |
| EPERM | The caller does not have root user authority. |