* [PATCH] fix a bug that option '-i' cannot be used
@ 2008-07-19 3:42 Yu Zhiguo
2008-07-23 0:53 ` Yu Zhiguo
2008-07-25 18:22 ` Steve Grubb
0 siblings, 2 replies; 4+ messages in thread
From: Yu Zhiguo @ 2008-07-19 3:42 UTC (permalink / raw)
To: Steve Grubb; +Cc: audit-list
Hello Steve,
CC Miloslav,
Option '-i' cannot be used, because the check about option '-R'
in main() is wrong.
When check option '-R', we should consider whether option '-i'
is specified.
Using option '-i' with '-R' should ignore errors when reading
rules from file rather than reporting error message
"Error - nested rule files not supported".
This is a patch to fix the bug of audit-1.7.4.
Signed-off-by: Yu Zhiguo<yuzg@cn.fujitsu.com>
---
src/auditctl.c | 45 +++++++++++++++++++++++++--------------------
1 files changed, 25 insertions(+), 20 deletions(-)
diff --git a/src/auditctl.c b/src/auditctl.c
index 2c136ea..ac20fdc 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -1089,39 +1089,44 @@ int main(int argc, char *argv[])
set_aumessage_mode(MSG_STDERR, DBG_NO);
- /* Check where the rules are coming from: commandline or file */
- if ((argc == 3) && (strcmp(argv[1], "-R") == 0)) {
+ if (argc == 1) {
+ usage();
+ return 1;
+ }
#ifndef DEBUG
- /* Make sure we are root */
- if (getuid() != 0) {
- fprintf(stderr,
- "You must be root to run this program.\n");
- return 4;
- }
+ /* Make sure we are root */
+ if (getuid()) {
+ fprintf(stderr,
+ "You must be root to run this program.\n");
+ return 4;
+ }
#endif
+
+ /* Check where the rules are coming from: commandline or file */
+ if ((argc == 3) && (!strcmp(argv[1], "-R"))) {
if (fileopt(argv[2]))
return 1;
else
return 0;
- } else {
- if (argc == 1) {
- usage();
+ } else if ((argc == 4) &&
+ ((!strcmp(argv[1], "-R") && !strcmp(argv[3], "-i")) ||
+ (!strcmp(argv[2], "-R") && !strcmp(argv[1], "-i")))) {
+ ignore = 1;
+ if (!strcmp(argv[1], "-R"))
+ retval = fileopt(argv[2]);
+ else retval = fileopt(argv[3]);
+ if (retval)
return 1;
- }
-#ifndef DEBUG
- /* Make sure we are root */
- if (getuid() != 0) {
- fprintf(stderr,
- "You must be root to run this program.\n");
- return 4;
- }
-#endif
+ else
+ return 0;
+ } else {
if (reset_vars())
return 1;
retval = setopt(argc, argv);
if (retval == -3)
return 0;
}
+
return handle_request(retval);
}
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] fix a bug that option '-i' cannot be used
2008-07-19 3:42 [PATCH] fix a bug that option '-i' cannot be used Yu Zhiguo
@ 2008-07-23 0:53 ` Yu Zhiguo
2008-07-25 18:22 ` Steve Grubb
1 sibling, 0 replies; 4+ messages in thread
From: Yu Zhiguo @ 2008-07-23 0:53 UTC (permalink / raw)
To: Steve Grubb; +Cc: audit-list
Hello Mr. Steve,
What's you opinion about this patch.
I think option '-i' should can be used with option '-R file',
This is its function.
If I'm wrong, please correct me, thanks.
------------------
Yu Zhiguo wrote:
> Hello Steve,
> CC Miloslav,
>
> Option '-i' cannot be used, because the check about option '-R'
> in main() is wrong.
> When check option '-R', we should consider whether option '-i'
> is specified.
>
> Using option '-i' with '-R' should ignore errors when reading
> rules from file rather than reporting error message
> "Error - nested rule files not supported".
>
> This is a patch to fix the bug of audit-1.7.4.
>
> Signed-off-by: Yu Zhiguo<yuzg@cn.fujitsu.com>
> ---
> src/auditctl.c | 45 +++++++++++++++++++++++++--------------------
> 1 files changed, 25 insertions(+), 20 deletions(-)
>
> diff --git a/src/auditctl.c b/src/auditctl.c
> index 2c136ea..ac20fdc 100644
> --- a/src/auditctl.c
> +++ b/src/auditctl.c
> @@ -1089,39 +1089,44 @@ int main(int argc, char *argv[])
>
> set_aumessage_mode(MSG_STDERR, DBG_NO);
>
> - /* Check where the rules are coming from: commandline or file */
> - if ((argc == 3) && (strcmp(argv[1], "-R") == 0)) {
> + if (argc == 1) {
> + usage();
> + return 1;
> + }
> #ifndef DEBUG
> - /* Make sure we are root */
> - if (getuid() != 0) {
> - fprintf(stderr,
> - "You must be root to run this program.\n");
> - return 4;
> - }
> + /* Make sure we are root */
> + if (getuid()) {
> + fprintf(stderr,
> + "You must be root to run this program.\n");
> + return 4;
> + }
> #endif
> +
> + /* Check where the rules are coming from: commandline or file */
> + if ((argc == 3) && (!strcmp(argv[1], "-R"))) {
> if (fileopt(argv[2]))
> return 1;
> else
> return 0;
> - } else {
> - if (argc == 1) {
> - usage();
> + } else if ((argc == 4) &&
> + ((!strcmp(argv[1], "-R") && !strcmp(argv[3], "-i")) ||
> + (!strcmp(argv[2], "-R") && !strcmp(argv[1], "-i")))) {
> + ignore = 1;
> + if (!strcmp(argv[1], "-R"))
> + retval = fileopt(argv[2]);
> + else retval = fileopt(argv[3]);
> + if (retval)
> return 1;
> - }
> -#ifndef DEBUG
> - /* Make sure we are root */
> - if (getuid() != 0) {
> - fprintf(stderr,
> - "You must be root to run this program.\n");
> - return 4;
> - }
> -#endif
> + else
> + return 0;
> + } else {
> if (reset_vars())
> return 1;
> retval = setopt(argc, argv);
> if (retval == -3)
> return 0;
> }
> +
> return handle_request(retval);
> }
>
>
>
> --
> Linux-audit mailing list
> Linux-audit@redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] fix a bug that option '-i' cannot be used
2008-07-19 3:42 [PATCH] fix a bug that option '-i' cannot be used Yu Zhiguo
2008-07-23 0:53 ` Yu Zhiguo
@ 2008-07-25 18:22 ` Steve Grubb
2008-07-26 2:48 ` Yu Zhiguo
1 sibling, 1 reply; 4+ messages in thread
From: Steve Grubb @ 2008-07-25 18:22 UTC (permalink / raw)
To: Yu Zhiguo; +Cc: audit-list
Hello Yu,
On Friday 18 July 2008 23:42:01 Yu Zhiguo wrote:
> Option '-i' cannot be used, because the check about option '-R'
> in main() is wrong.
> When check option '-R', we should consider whether option '-i'
> is specified.
I was just looking at this patch. The intention with the -R option is for it
to be given saying that all options will be read from the file. You should be
able to place "-i" on a line by itself within the file and it should ignore
errors. This would be similar to the way the -D option is given by itself
near the top of a typical rule file.
I agree with some of the cleanup that this patch suggests and will apply that
part. But I think the intent was for "-i" to be in the file and not the
command line.
Thanks,
-Steve
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] fix a bug that option '-i' cannot be used
2008-07-25 18:22 ` Steve Grubb
@ 2008-07-26 2:48 ` Yu Zhiguo
0 siblings, 0 replies; 4+ messages in thread
From: Yu Zhiguo @ 2008-07-26 2:48 UTC (permalink / raw)
To: Steve Grubb; +Cc: audit-list
Hello Steve,
Steve Grubb worte:
> I was just looking at this patch. The intention with the -R option is for it
> to be given saying that all options will be read from the file. You should be
> able to place "-i" on a line by itself within the file and it should ignore
> errors. This would be similar to the way the -D option is given by itself
> near the top of a typical rule file.
>
Thanks for your detailed explanation. I think I understand the usage about
option '-i' now.
> I agree with some of the cleanup that this patch suggests and will apply that
> part. But I think the intent was for "-i" to be in the file and not the
> command line.
ok, thanks..
--
Regards
Yu Zhiguo
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-07-26 2:48 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-07-19 3:42 [PATCH] fix a bug that option '-i' cannot be used Yu Zhiguo
2008-07-23 0:53 ` Yu Zhiguo
2008-07-25 18:22 ` Steve Grubb
2008-07-26 2:48 ` Yu Zhiguo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox