From mboxrd@z Thu Jan  1 00:00:00 1970
From: Yu Zhiguo <yuzg@cn.fujitsu.com>
Subject: [PATCH] make it match explicitly when use option '-a', '-A' and '-d'
 to specify "list,action"
Date: Fri, 18 Jul 2008 14:54:52 +0800
Message-ID: <48803E3C.4060209@cn.fujitsu.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Steve Grubb <sgrubb@redhat.com>
Cc: audit-list <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

Hello Steve,

I know "list" and "action" can be changed, this is convenient.
But wildcard match maybe make user confused, for example "auditctl -a noentry,noalways"
will add a rule same with "auditctl -a entry,always".

furthermore, comma must be used to seperate list and action according to manpage:
   "Please note the comma separating the two values. Omitting it will cause errors."
but now, "auditctl -a entryalways" will add the same rule.

So we'd better make it match explicitly. This is a patch for latest audit-1.7.4.

Signed-off-by: Yu Zhiguo<yuzg@cn.fujitsu.com>
---
  src/auditctl.c |   25 ++++++++++++++++---------
  1 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/src/auditctl.c b/src/auditctl.c
index 2c136ea..1aba437 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -168,27 +168,34 @@ static void usage(void)
  /* Returns 0 ok, 1 deprecated action, 2 error */
  static int audit_rule_setup(const char *opt, int *flags, int *act)
  {
-	if (strstr(opt, "task"))
+	char *p;
+	if ((strchr(opt, ',') != strrchr(opt, ',')) || !strchr(opt, ','))
+		return 2;
+
+	p = strchr(opt, ',');
+	if (!strncmp(opt, "task,", p - opt + 1) || !strcmp(p, ",task"))
  		*flags = AUDIT_FILTER_TASK;
-	else if (strstr(opt, "entry"))
+	else if (!strncmp(opt, "entry,", p - opt + 1) || !strcmp(p, ",entry"))
  		*flags = AUDIT_FILTER_ENTRY;
-	else if (strstr(opt, "exit"))
+	else if (!strncmp(opt, "exit,", p - opt + 1) || !strcmp(p, ",exit"))
  		*flags = AUDIT_FILTER_EXIT;
-	else if (strstr(opt, "user"))
+	else if (!strncmp(opt, "user,", p - opt + 1) || !strcmp(p, ",user"))
  		*flags = AUDIT_FILTER_USER;
-	else if (strstr(opt, "exclude")) {
+	else if (!strncmp(opt, "exclude,", p - opt + 1) || !strcmp(p, ",exclude")) {
  		*flags = AUDIT_FILTER_EXCLUDE;
  		exclude = 1;
  	} else
  		return 2;
-	if (strstr(opt, "never"))
+
+	if (!strncmp(opt, "always,", p - opt + 1) || !strcmp(p, ",always"))
+		*act = AUDIT_ALWAYS;
+	else if (!strncmp(opt, "never,", p - opt + 1) || !strcmp(p, ",never"))
  		*act = AUDIT_NEVER;
-	else if (strstr(opt, "possible"))
+	else if (!strncmp(opt, "possible,", p - opt + 1) || !strcmp(p, ",possible"))
  		return 1;
-	else if (strstr(opt, "always"))
-		*act = AUDIT_ALWAYS;
  	else
  		return 2;
+
  	return 0;
  }