From mboxrd@z Thu Jan  1 00:00:00 1970
From: Yu Zhiguo <yuzg@cn.fujitsu.com>
Subject: Re: [PATCH] make it match explicitly when use option '-a', '-A'	and
 '-d' to specify "list,action"
Date: Thu, 31 Jul 2008 08:57:23 +0800
Message-ID: <48910DF3.70809@cn.fujitsu.com>
References: <48803E3C.4060209@cn.fujitsu.com>
	<1216370953.2664.23.camel@amilo>	<488083FA.5080504@cn.fujitsu.com>
	<48900AF3.1050204@cn.fujitsu.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <48900AF3.1050204@cn.fujitsu.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Steve Grubb <sgrubb@redhat.com>
Cc: audit-list <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

Hello, Steve,


Yu Zhiguo wrote:
>  Perhaps you think we'd better be compatible with the manpage now.
> So I made another patch according to the introduction of manpage.

  I'm sorry I had made a mistake in this patch. Now I make a new patch
for the for latest code in audit SVN project.
  I know the method to correct this bug is not very beautiful, but I
think this is the most efficient and simplest method.
  Hope your indication.


Signed-off-by: Yu Zhiguo<yuzg@cn.fujitsu.com>
---
  src/auditctl.c |   28 +++++++++++++++++++---------
  1 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/src/auditctl.c b/src/auditctl.c
index d740509..26028b9 100644
--- a/src/auditctl.c
+++ b/src/auditctl.c
@@ -172,31 +172,41 @@ static void usage(void)
  static int audit_rule_setup(const char *opt, int *flags, int *act)
  {
  	static int multiple = 0;
+	char *p;

  	if (++multiple != 1)
  		return 3;

-	if (strstr(opt, "task"))
+	/* comma separating */
+	p = strchr(opt, ',');
+	if (!p || strchr(p + 1, ','))
+		return 2;
+
+	/* obtain list */
+	if (!strncmp(opt, "task,", p - opt + 1))
  		*flags = AUDIT_FILTER_TASK;
-	else if (strstr(opt, "entry"))
+	else if (!strncmp(opt, "entry,", p - opt + 1))
  		*flags = AUDIT_FILTER_ENTRY;
-	else if (strstr(opt, "exit"))
+	else if (!strncmp(opt, "exit,", p - opt + 1))
  		*flags = AUDIT_FILTER_EXIT;
-	else if (strstr(opt, "user"))
+	else if (!strncmp(opt, "user,", p - opt + 1))
  		*flags = AUDIT_FILTER_USER;
-	else if (strstr(opt, "exclude")) {
+	else if (!strncmp(opt, "exclude,", p - opt + 1)) {
  		*flags = AUDIT_FILTER_EXCLUDE;
  		exclude = 1;
  	} else
  		return 2;
-	if (strstr(opt, "never"))
+
+	/* obtain action */
+	if (!strcmp(p + 1, "always"))
+		*act = AUDIT_ALWAYS;
+	else if (!strcmp(p + 1, "never"))
  		*act = AUDIT_NEVER;
-	else if (strstr(opt, "possible"))
+	else if (!strcmp(p + 1, "possible"))
  		return 1;
-	else if (strstr(opt, "always"))
-		*act = AUDIT_ALWAYS;
  	else
  		return 2;
+
  	return 0;
  }