Re: [PATCH 2/2] errormsg: add descriptive macros to replace overloaded error codes

Linux-audit Archive on lore.kernel.org
 help / color / mirror / Atom feed

From: Steve Grubb <sgrubb@redhat.com>
To: Richard Guy Briggs <rgb@redhat.com>, Paul Moore <pmoore@redhat.com>
Cc: linux-audit@redhat.com
Subject: Re: [PATCH 2/2] errormsg: add descriptive macros to replace overloaded error codes
Date: Thu, 04 May 2017 16:11:17 -0400	[thread overview]
Message-ID: <1905532.6h1g383l91@x2> (raw)
In-Reply-To: <1491302268-797-2-git-send-email-rgb@redhat.com>

On Tuesday, April 4, 2017 6:37:48 AM EDT Richard Guy Briggs wrote:
> Several return codes were overloaded and no longer giving helpful error
> return messages from the field and comparison functions
> audit_rule_fieldpair_data() and audit_rule_interfield_comp_data().
> 
> Introduce 3 new macros with more helpful error descriptions for data
> missing, incompatible fields and incompatible values.
> 
> See: https://github.com/linux-audit/audit-userspace/issues/12
> 
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> ---
>  lib/errormsg.h |    6 ++++++
>  lib/libaudit.c |   28 ++++++++++++++--------------
>  2 files changed, 20 insertions(+), 14 deletions(-)
> 
> diff --git a/lib/errormsg.h b/lib/errormsg.h
> index 35b7f95..50c7d50 100644
> --- a/lib/errormsg.h
> +++ b/lib/errormsg.h
> @@ -67,6 +67,9 @@ static const struct msg_tab err_msgtab[] = {
>      { -29,    1,    "only takes = operator" },
>      { -30,    2,    "Field option not supported by kernel:" },
>      { -31,    1,    "must be used with exclude, user, or exit filter" },
> +    { -32,    0,    "field data is missing" },

Actually, this means that the filter is missing in the rule. This is the kind 
of thing I would normally just fixup after patching the source.

> +    { -33,    2,    "-C field incompatible" },
> +    { -34,    2,    "-C value incompatible" },
>  };
>  #define EAU_OPMISSING		1
>  #define EAU_FIELDUNKNOWN	2
> @@ -97,4 +100,7 @@ static const struct msg_tab err_msgtab[] = {
>  #define EAU_OPEQ		29
>  #define EAU_FIELDNOSUPPORT	30
>  #define EAU_FIELDNOFILTER	31
> +#define EAU_DATAMISSING		32
> +#define EAU_COMPFIELDINCOMPAT	33
> +#define EAU_COMPVALINCOMPAT	34
>  #endif
> diff --git a/lib/libaudit.c b/lib/libaudit.c
> index b481f52..b1f8f9c 100644
> --- a/lib/libaudit.c
> +++ b/lib/libaudit.c
> @@ -976,7 +976,7 @@ int audit_rule_interfield_comp_data(struct
> audit_rule_data **rulep, struct audit_rule_data *rule = *rulep;
> 
>  	if (f == NULL)
> -		return -1;
> +		return -EAU_DATAMISSING;
> 
>  	if (rule->field_count >= (AUDIT_MAX_FIELDS - 1))
>  		return -EAU_FIELDTOOMANY;
> @@ -1043,7 +1043,7 @@ int audit_rule_interfield_comp_data(struct
> audit_rule_data **rulep, AUDIT_COMPARE_UID_TO_EUID;
>  				break;
>  			default:
> -				return -1;
> +				return -EAU_COMPVALINCOMPAT;

This means that we are attempting an incompatible comparison between fields.

>  			}
>  			break;
>  		case AUDIT_FSUID:
> @@ -1069,7 +1069,7 @@ int audit_rule_interfield_comp_data(struct
> audit_rule_data **rulep, AUDIT_COMPARE_UID_TO_FSUID;
>  				break;
>  			default:
> -				return -1;
> +				return -EAU_COMPVALINCOMPAT;
>  			}
>  			break;
>  		case AUDIT_LOGINUID:
> @@ -1095,7 +1095,7 @@ int audit_rule_interfield_comp_data(struct
> audit_rule_data **rulep, AUDIT_COMPARE_UID_TO_AUID;
>  				break;
>  			default:
> -				return -1;
> +				return -EAU_COMPVALINCOMPAT;
>  			}
>  			break;
>  		case AUDIT_SUID:
> @@ -1121,7 +1121,7 @@ int audit_rule_interfield_comp_data(struct
> audit_rule_data **rulep, AUDIT_COMPARE_UID_TO_SUID;
>  				break;
>  			default:
> -				return -1;
> +				return -EAU_COMPVALINCOMPAT;
>  			}
>  			break;
>  		case AUDIT_OBJ_UID:
> @@ -1147,7 +1147,7 @@ int audit_rule_interfield_comp_data(struct
> audit_rule_data **rulep, AUDIT_COMPARE_SUID_TO_OBJ_UID;
>  				break;
>  			default:
> -				return -1;
> +				return -EAU_COMPVALINCOMPAT;
>  			}
>  			break;
>  		case AUDIT_UID:
> @@ -1173,7 +1173,7 @@ int audit_rule_interfield_comp_data(struct
> audit_rule_data **rulep, AUDIT_COMPARE_UID_TO_SUID;
>  				break;
>  			default:
> -				return -1;
> +				return -EAU_COMPVALINCOMPAT;
>  			}
>  			break;
> 
> @@ -1197,7 +1197,7 @@ int audit_rule_interfield_comp_data(struct
> audit_rule_data **rulep, AUDIT_COMPARE_EGID_TO_SGID;
>  				break;
>  			default:
> -				return -1;
> +				return -EAU_COMPVALINCOMPAT;
>  			}
>  			break;
>  		case AUDIT_FSGID:
> @@ -1219,7 +1219,7 @@ int audit_rule_interfield_comp_data(struct
> audit_rule_data **rulep, AUDIT_COMPARE_EGID_TO_FSGID;
>  				break;
>  			default:
> -				return -1;
> +				return -EAU_COMPVALINCOMPAT;
>  			}
>  			break;
>  		case AUDIT_GID:
> @@ -1241,7 +1241,7 @@ int audit_rule_interfield_comp_data(struct
> audit_rule_data **rulep, AUDIT_COMPARE_GID_TO_SGID;
>  				break;
>  			default:
> -				return -1;
> +				return -EAU_COMPVALINCOMPAT;
>  			}
>  			break;
>  		case AUDIT_OBJ_GID:
> @@ -1263,7 +1263,7 @@ int audit_rule_interfield_comp_data(struct
> audit_rule_data **rulep, AUDIT_COMPARE_SGID_TO_OBJ_GID;
>  				break;
>  			default:
> -				return -1;
> +				return -EAU_COMPVALINCOMPAT;
>  			}
>  			break;
>  		case AUDIT_SGID:
> @@ -1285,11 +1285,11 @@ int audit_rule_interfield_comp_data(struct
> audit_rule_data **rulep, AUDIT_COMPARE_EGID_TO_SGID;
>  				break;
>  			default:
> -				return -1;
> +				return -EAU_COMPVALINCOMPAT;
>  			}
>  			break;
>  		default:
> -			return -1;
> +			return -EAU_COMPFIELDINCOMPAT;

This means the same thing.

>  			break;
>  	}
>  	rule->field_count++;
> @@ -1389,7 +1389,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data
> **rulep, const char *pair, struct audit_rule_data *rule = *rulep;
> 
>  	if (f == NULL)
> -		return -1;
> +		return -EAU_DATAMISSING;

This also means that the filter was not given. Patch not applied.

Was there a patch in this series that converted errormsg.h to use the macros?

-Steve

>  	if (rule->field_count >= (AUDIT_MAX_FIELDS - 1))
>  		return -EAU_FIELDTOOMANY;

next prev parent reply	other threads:[~2017-05-04 20:11 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-04-04 10:37 [PATCH 1/2] errormsg: correct a number of messages that have drifted Richard Guy Briggs
2017-04-04 10:37 ` [PATCH 2/2] errormsg: add descriptive macros to replace overloaded error codes Richard Guy Briggs
2017-05-04 20:11   ` Steve Grubb [this message]
2017-05-04 20:29     ` Richard Guy Briggs
2017-05-04 20:49       ` Steve Grubb
2017-05-04 21:05         ` Richard Guy Briggs
2017-05-04 21:09           ` Steve Grubb
2017-05-08 13:52             ` Richard Guy Briggs
2017-05-24 20:02               ` Steve Grubb
2017-05-24 21:46                 ` Richard Guy Briggs
2017-05-29 15:36                   ` Richard Guy Briggs
2017-05-08 13:48           ` errormsg table macros [was: Re: [PATCH 2/2] errormsg: add descriptive macros to replace overloaded error codes] Richard Guy Briggs
2017-05-04 19:50 ` [PATCH 1/2] errormsg: correct a number of messages that have drifted Steve Grubb
2017-05-04 20:25   ` Richard Guy Briggs

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1905532.6h1g383l91@x2 \
    --to=sgrubb@redhat.com \
    --cc=linux-audit@redhat.com \
    --cc=pmoore@redhat.com \
    --cc=rgb@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox