[PATCH] fix a bug that option '-i' cannot be used

Fri, 18 Jul 2008 20:42:36 -0700 

Hello Steve,
CC Miloslav,

 Option '-i' cannot be used, because the check about option '-R'
in main() is wrong.
 When check option '-R', we should consider whether option '-i'
is specified.

 Using option '-i' with '-R' should ignore errors when reading
rules from file rather than reporting error message
"Error - nested rule files not supported".

 This is a patch to fix the bug of audit-1.7.4.

Signed-off-by: Yu Zhiguo<[EMAIL PROTECTED]>
---
 src/auditctl.c |   45 +++++++++++++++++++++++++--------------------
 1 files changed, 25 insertions(+), 20 deletions(-)

diff --git a/src/auditctl.c b/src/auditctl.c
index 2c136ea..ac20fdc 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -1089,39 +1089,44 @@ int main(int argc, char *argv[])

        set_aumessage_mode(MSG_STDERR, DBG_NO);

-       /* Check where the rules are coming from: commandline or file */
-       if ((argc == 3) && (strcmp(argv[1], "-R") == 0)) {
+       if (argc == 1) {
+               usage();
+               return 1;
+       }
 #ifndef DEBUG
-               /* Make sure we are root */
-               if (getuid() != 0) {
-                       fprintf(stderr,
-                               "You must be root to run this program.\n");
-                       return 4;
-               }
+       /* Make sure we are root */
+       if (getuid()) {
+               fprintf(stderr,
+                       "You must be root to run this program.\n");
+               return 4;
+       }
 #endif
+
+       /* Check where the rules are coming from: commandline or file */
+       if ((argc == 3) && (!strcmp(argv[1], "-R"))) {
                if (fileopt(argv[2]))
                        return 1;
                else
                        return 0;
-       } else {
-               if (argc == 1) {
-                       usage();
+       } else if ((argc == 4) &&
+               ((!strcmp(argv[1], "-R") && !strcmp(argv[3], "-i")) ||
+               (!strcmp(argv[2], "-R") && !strcmp(argv[1], "-i")))) {
+               ignore = 1;
+               if (!strcmp(argv[1], "-R"))
+                       retval = fileopt(argv[2]);
+               else retval = fileopt(argv[3]);
+               if (retval)
                        return 1;
-               }
-#ifndef DEBUG
-               /* Make sure we are root */
-               if (getuid() != 0) {
-                       fprintf(stderr,
-                               "You must be root to run this program.\n");
-                       return 4;
-               }
-#endif
+               else
+                       return 0;
+       } else {
                if (reset_vars())
                        return 1;
                retval = setopt(argc, argv);
                if (retval == -3)
                        return 0;
        }
+
        return handle_request(retval);
 }



--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit

Reply via email to