From mboxrd@z Thu Jan  1 00:00:00 1970
From: Joy Latten <latten@austin.ibm.com>
Subject: [PATCH 1/2] fix auditctl -D
Date: Fri, 28 Apr 2006 17:35:44 -0500
Message-ID: <200604282235.k3SMZi02002180@faith.austin.ibm.com>
Return-path: <linux-audit-bounces@redhat.com>
Received: from mx3.redhat.com (mx3.redhat.com [172.16.48.32])
	by int-mx1.corp.redhat.com (8.12.11.20060308/8.11.6) with ESMTP id
	k3SMhWgR011557
	for <linux-audit@redhat.com>; Fri, 28 Apr 2006 18:43:32 -0400
Received: from e35.co.us.ibm.com (e35.co.us.ibm.com [32.97.110.153])
	by mx3.redhat.com (8.13.1/8.13.1) with ESMTP id k3SMhQE1002014
	for <linux-audit@redhat.com>; Fri, 28 Apr 2006 18:43:26 -0400
Received: from westrelay02.boulder.ibm.com (westrelay02.boulder.ibm.com
	[9.17.195.11])
	by e35.co.us.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id
	k3SMhKD3000723
	for <linux-audit@redhat.com>; Fri, 28 Apr 2006 18:43:20 -0400
Received: from d03av03.boulder.ibm.com (d03av03.boulder.ibm.com [9.17.195.169])
	by westrelay02.boulder.ibm.com (8.12.10/NCO/VER6.8) with ESMTP id
	k3SMhKvY220868
	for <linux-audit@redhat.com>; Fri, 28 Apr 2006 16:43:20 -0600
Received: from d03av03.boulder.ibm.com (loopback [127.0.0.1])
	by d03av03.boulder.ibm.com (8.12.11/8.13.3) with ESMTP id
	k3SMhKjF007754
	for <linux-audit@redhat.com>; Fri, 28 Apr 2006 16:43:20 -0600
Received: from austin.ibm.com (netmail2.austin.ibm.com [9.41.248.176])
	by d03av03.boulder.ibm.com (8.12.11/8.12.11) with ESMTP id
	k3SMhKX6007750
	for <linux-audit@redhat.com>; Fri, 28 Apr 2006 16:43:20 -0600
Received: from faith.austin.ibm.com (faith.austin.ibm.com [9.53.40.35])
	by austin.ibm.com (8.12.10/8.12.10) with ESMTP id k3SMhKZM041450
	for <linux-audit@redhat.com>; Fri, 28 Apr 2006 17:43:20 -0500
Received: from faith.austin.ibm.com (localhost.localdomain [127.0.0.1])
	by faith.austin.ibm.com (8.13.4/8.12.8) with ESMTP id k3SMZi6L002181
	for <linux-audit@redhat.com>; Fri, 28 Apr 2006 17:35:44 -0500
Received: (from jml@localhost)
	by faith.austin.ibm.com (8.13.4/8.13.4/Submit) id k3SMZi02002180
	for linux-audit@redhat.com; Fri, 28 Apr 2006 17:35:44 -0500
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

The fix for the problem of auditctl -D not working
consists of two patches. One is the userspace patch
and the other is for the kernel.

Below is the userspace patch. I added AUDIT_DEL_ALL flag.

Regards,
Joy

diff -urpN audit-1.1.5.orig/lib/msg_typetab.h audit-1.1.5/lib/msg_typetab.h
--- audit-1.1.5.orig/lib/msg_typetab.h	2006-04-27 15:46:56.000000000 -0500
+++ audit-1.1.5/lib/msg_typetab.h	2006-04-28 09:53:13.000000000 -0500
@@ -31,6 +31,7 @@
 //_S(AUDIT_LIST,                     "LIST"                          )
 //_S(AUDIT_ADD,                      "ADD"                           )
 //_S(AUDIT_DEL,                      "DEL"                           )
+//_S(AUDIT_DEL_ALL,                  "DEL_ALL"                       )
 _S(AUDIT_USER,                       "USER"                          )
 _S(AUDIT_LOGIN,                      "LOGIN"                         )
 //_S(AUDIT_SIGNAL_INFO,              "SIGNAL_INFO"                   )
diff -urpN audit-1.1.5.orig/src/auditctl.c audit-1.1.5/src/auditctl.c
--- audit-1.1.5.orig/src/auditctl.c	2006-04-27 15:46:56.000000000 -0500
+++ audit-1.1.5/src/auditctl.c	2006-04-28 09:51:06.000000000 -0500
@@ -1104,62 +1104,12 @@ static int audit_print_reply(struct audi
 /* Returns 0 for success and -1 for failure */
 static int delete_all_rules(void)
 {
-	int seq, i;
-	int timeout = 40; /* tenths of seconds */
-	struct audit_reply rep;
-	fd_set read_mask;
+	int rc = 0;
 
-	/* list the rules */
-	seq = audit_request_rules_list(fd);
-	if (seq <= 0) 
+	rc = audit_send(fd, AUDIT_DEL_ALL, NULL, 0);
+	if (rc < 0) {
+		fprintf(stderr, "Error deleting rule (%s)\n", strerror(-rc));
 		return -1;
-
-	FD_ZERO(&read_mask);
-	FD_SET(fd, &read_mask);
-
-	for (i = 0; i < timeout; i++) {
-		struct timeval t;
-		int rc;
-
-		t.tv_sec  = 0;
-		t.tv_usec = 100000; /* .1 second */
-		do {
-			rc = select(fd+1, &read_mask, NULL, NULL, &t);
-		} while (rc < 0 && errno == EINTR);
-		// We'll try to read just in case
-		rc = audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING, 0);
-		if (rc > 0) {
-			/* Reset timeout */
-			i = 0;
-
-			/* Don't make decisions based on wrong packet */
-			if (rep.nlh->nlmsg_seq != seq)
-				continue;
-
-			/* If we get done or error, break out */
-			if (rep.type == NLMSG_DONE)
-				break;
-
-			if (rep.type == NLMSG_ERROR && rep.error->error) {
-				fprintf(stderr, 
-					"Error receiving rules list (%s)\n", 
-					strerror(-rep.error->error));
-				return -1;
-			}
-
-			/* If its not what we are expecting, keep looping */
-			if (rep.type != AUDIT_LIST)
-				continue;
-
-			/* Found it, bounce it right back with delete */
-			rc = audit_send(fd, AUDIT_DEL, rep.rule, 
-					sizeof(struct audit_rule));
-			if (rc < 0) {
-				fprintf(stderr, "Error deleting rule (%s)\n",
-					strerror(-rc)); 
-				return -1;
-			}
-		}
 	}
 
 	return 0;