Hello Steve,
What your opinion about this patch?
Perhaps you think we'd better be compatible with the manpage now.
So I made another patch according to the introduction of manpage.
Whether there is a comma should be check because it is said in
the manpage:
Please note the comma separating the two values. Omitting it
will cause errors.
Then 'list' and 'action' will be obtained separately.
Do you agree with me? This is the new patch for latest code in
audit SVN project.
Signed-off-by: Yu Zhiguo<[EMAIL PROTECTED]>
---
src/auditctl.c | 28 +++++++++++++++++++---------
1 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/src/auditctl.c b/src/auditctl.c
index d740509..dbd086e 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -172,31 +172,41 @@ static void usage(void)
static int audit_rule_setup(const char *opt, int *flags, int *act)
{
static int multiple = 0;
+ char *p;
if (++multiple != 1)
return 3;
- if (strstr(opt, "task"))
+ /* comma separating */
+ p = strchr(opt, ',');
+ if (!p || strchr(p + 1, ','))
+ return 2;
+
+ /* obtain list */
+ if (!strncmp(opt, "task", p - opt))
*flags = AUDIT_FILTER_TASK;
- else if (strstr(opt, "entry"))
+ else if (!strncmp(opt, "entry", p - opt))
*flags = AUDIT_FILTER_ENTRY;
- else if (strstr(opt, "exit"))
+ else if (!strncmp(opt, "exit", p - opt))
*flags = AUDIT_FILTER_EXIT;
- else if (strstr(opt, "user"))
+ else if (!strncmp(opt, "user", p - opt))
*flags = AUDIT_FILTER_USER;
- else if (strstr(opt, "exclude")) {
+ else if (!strncmp(opt, "exclude", p - opt)) {
*flags = AUDIT_FILTER_EXCLUDE;
exclude = 1;
} else
return 2;
- if (strstr(opt, "never"))
+
+ /* obtain action */
+ if (!strcmp(p + 1, "always"))
+ *act = AUDIT_ALWAYS;
+ else if (!strcmp(p + 1, "never"))
*act = AUDIT_NEVER;
- else if (strstr(opt, "possible"))
+ else if (!strcmp(p + 1, "possible"))
return 1;
- else if (strstr(opt, "always"))
- *act = AUDIT_ALWAYS;
else
return 2;
+
return 0;
}
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
