Hello, Steve,
Yu Zhiguo wrote:
Perhaps you think we'd better be compatible with the manpage now.
So I made another patch according to the introduction of manpage.
I'm sorry I had made a mistake in this patch. Now I make a new patch
for the for latest code in audit SVN project.
I know the method to correct this bug is not very beautiful, but I
think this is the most efficient and simplest method.
Hope your indication.
Signed-off-by: Yu Zhiguo<[EMAIL PROTECTED]>
---
src/auditctl.c | 28 +++++++++++++++++++---------
1 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/src/auditctl.c b/src/auditctl.c
index d740509..26028b9 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -172,31 +172,41 @@ static void usage(void)
static int audit_rule_setup(const char *opt, int *flags, int *act)
{
static int multiple = 0;
+ char *p;
if (++multiple != 1)
return 3;
- if (strstr(opt, "task"))
+ /* comma separating */
+ p = strchr(opt, ',');
+ if (!p || strchr(p + 1, ','))
+ return 2;
+
+ /* obtain list */
+ if (!strncmp(opt, "task,", p - opt + 1))
*flags = AUDIT_FILTER_TASK;
- else if (strstr(opt, "entry"))
+ else if (!strncmp(opt, "entry,", p - opt + 1))
*flags = AUDIT_FILTER_ENTRY;
- else if (strstr(opt, "exit"))
+ else if (!strncmp(opt, "exit,", p - opt + 1))
*flags = AUDIT_FILTER_EXIT;
- else if (strstr(opt, "user"))
+ else if (!strncmp(opt, "user,", p - opt + 1))
*flags = AUDIT_FILTER_USER;
- else if (strstr(opt, "exclude")) {
+ else if (!strncmp(opt, "exclude,", p - opt + 1)) {
*flags = AUDIT_FILTER_EXCLUDE;
exclude = 1;
} else
return 2;
- if (strstr(opt, "never"))
+
+ /* obtain action */
+ if (!strcmp(p + 1, "always"))
+ *act = AUDIT_ALWAYS;
+ else if (!strcmp(p + 1, "never"))
*act = AUDIT_NEVER;
- else if (strstr(opt, "possible"))
+ else if (!strcmp(p + 1, "possible"))
return 1;
- else if (strstr(opt, "always"))
- *act = AUDIT_ALWAYS;
else
return 2;
+
return 0;
}
--
Linux-audit mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/linux-audit
