Re: [PATCH 2/2] errormsg: add descriptive macros to replace overloaded error codes

On 2017-05-04 16:49, Steve Grubb wrote: > On Thursday, May 4, 2017 4:29:45 PM EDT Richard Guy Briggs wrote: > > On 2017-05-04 16:11, Steve Grubb wrote: > > > On Tuesday, April 4, 2017 6:37:48 AM EDT Richard Guy Briggs wrote: > > > > Several return codes were overloaded and no longer giving helpful > > > > error > > > > return messages from the field and comparison functions > > > > audit_rule_fieldpair_data() and audit_rule_interfield_comp_data(). > > > > > > > > Introduce 3 new macros with more helpful error descriptions for data > > > > missing, incompatible fields and incompatible values. > > > > > > > > See: https://github.com/linux-audit/audit-userspace/issues/12 > > > > > > > > Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com&gt; > > > > --- > > > > > > > > lib/errormsg.h | 6 ++++++ > > > > lib/libaudit.c | 28 ++++++++++++++-------------- > > > > 2 files changed, 20 insertions(+), 14 deletions(-) > > > > > > > > diff --git a/lib/errormsg.h b/lib/errormsg.h > > > > index 35b7f95..50c7d50 100644 > > > > --- a/lib/errormsg.h > > > > +++ b/lib/errormsg.h > > > > @@ -67,6 +67,9 @@ static const struct msg_tab err_msgtab[] = { > > > > > > > > { -29, 1, "only takes = operator" }, > > > > { -30, 2, "Field option not supported by kernel:" }, > > > > { -31, 1, "must be used with exclude, user, or exit > > > > filter" > > > > }, > > > > > > > > + { -32, 0, "field data is missing" }, > > > > > > Actually, this means that the filter is missing in the rule. This is > > > the > > > kind of thing I would normally just fixup after patching the source. > > > > > > > + { -33, 2, "-C field incompatible" }, > > > > + { -34, 2, "-C value incompatible" }, > > > > > > > > }; > > > > #define EAU_OPMISSING 1 > > > > #define EAU_FIELDUNKNOWN 2 > > > > > > > > @@ -97,4 +100,7 @@ static const struct msg_tab err_msgtab[] = { > > > > > > > > #define EAU_OPEQ 29 > > > > #define EAU_FIELDNOSUPPORT 30 > > > > #define EAU_FIELDNOFILTER 31 > > > > > > > > +#define EAU_DATAMISSING 32 > > > > +#define EAU_COMPFIELDINCOMPAT 33 > > > > +#define EAU_COMPVALINCOMPAT 34 > > > > > > > > #endif > > > > > > > > diff --git a/lib/libaudit.c b/lib/libaudit.c > > > > index b481f52..b1f8f9c 100644 > > > > --- a/lib/libaudit.c > > > > +++ b/lib/libaudit.c > > > > @@ -976,7 +976,7 @@ int audit_rule_interfield_comp_data(struct > > > > audit_rule_data **rulep, struct audit_rule_data *rule = *rulep; > > > > > > > > if (f == NULL) > > > > > > > > - return -1; > > > > + return -EAU_DATAMISSING; > > > > > > > > if (rule->field_count >= (AUDIT_MAX_FIELDS - 1)) > > > > > > > > return -EAU_FIELDTOOMANY; > > > > > > > > @@ -1043,7 +1043,7 @@ int audit_rule_interfield_comp_data(struct > > > > audit_rule_data **rulep, AUDIT_COMPARE_UID_TO_EUID; > > > > > > > > break; > > > > > > > > default: > > > > - return -1; > > > > + return -EAU_COMPVALINCOMPAT; > > > > > > This means that we are attempting an incompatible comparison between > > > fields.> > > > > > > > } > > > > break; > > > > > > > > case AUDIT_FSUID: > > > > @@ -1069,7 +1069,7 @@ int audit_rule_interfield_comp_data(struct > > > > audit_rule_data **rulep, AUDIT_COMPARE_UID_TO_FSUID; > > > > > > > > break; > > > > > > > > default: > > > > - return -1; > > > > + return -EAU_COMPVALINCOMPAT; > > > > > > > > } > > > > break; > > > > > > > > case AUDIT_LOGINUID: > > > > @@ -1095,7 +1095,7 @@ int audit_rule_interfield_comp_data(struct > > > > audit_rule_data **rulep, AUDIT_COMPARE_UID_TO_AUID; > > > > > > > > break; > > > > > > > > default: > > > > - return -1; > > > > + return -EAU_COMPVALINCOMPAT; > > > > > > > > } > > > > break; > > > > > > > > case AUDIT_SUID: > > > > @@ -1121,7 +1121,7 @@ int audit_rule_interfield_comp_data(struct > > > > audit_rule_data **rulep, AUDIT_COMPARE_UID_TO_SUID; > > > > > > > > break; > > > > > > > > default: > > > > - return -1; > > > > + return -EAU_COMPVALINCOMPAT; > > > > > > > > } > > > > break; > > > > > > > > case AUDIT_OBJ_UID: > > > > @@ -1147,7 +1147,7 @@ int audit_rule_interfield_comp_data(struct > > > > audit_rule_data **rulep, AUDIT_COMPARE_SUID_TO_OBJ_UID; > > > > > > > > break; > > > > > > > > default: > > > > - return -1; > > > > + return -EAU_COMPVALINCOMPAT; > > > > > > > > } > > > > break; > > > > > > > > case AUDIT_UID: > > > > @@ -1173,7 +1173,7 @@ int audit_rule_interfield_comp_data(struct > > > > audit_rule_data **rulep, AUDIT_COMPARE_UID_TO_SUID; > > > > > > > > break; > > > > > > > > default: > > > > - return -1; > > > > + return -EAU_COMPVALINCOMPAT; > > > > > > > > } > > > > break; > > > > > > > > @@ -1197,7 +1197,7 @@ int audit_rule_interfield_comp_data(struct > > > > audit_rule_data **rulep, AUDIT_COMPARE_EGID_TO_SGID; > > > > > > > > break; > > > > > > > > default: > > > > - return -1; > > > > + return -EAU_COMPVALINCOMPAT; > > > > > > > > } > > > > break; > > > > > > > > case AUDIT_FSGID: > > > > @@ -1219,7 +1219,7 @@ int audit_rule_interfield_comp_data(struct > > > > audit_rule_data **rulep, AUDIT_COMPARE_EGID_TO_FSGID; > > > > > > > > break; > > > > > > > > default: > > > > - return -1; > > > > + return -EAU_COMPVALINCOMPAT; > > > > > > > > } > > > > break; > > > > > > > > case AUDIT_GID: > > > > @@ -1241,7 +1241,7 @@ int audit_rule_interfield_comp_data(struct > > > > audit_rule_data **rulep, AUDIT_COMPARE_GID_TO_SGID; > > > > > > > > break; > > > > > > > > default: > > > > - return -1; > > > > + return -EAU_COMPVALINCOMPAT; > > > > > > > > } > > > > break; > > > > > > > > case AUDIT_OBJ_GID: > > > > @@ -1263,7 +1263,7 @@ int audit_rule_interfield_comp_data(struct > > > > audit_rule_data **rulep, AUDIT_COMPARE_SGID_TO_OBJ_GID; > > > > > > > > break; > > > > > > > > default: > > > > - return -1; > > > > + return -EAU_COMPVALINCOMPAT; > > > > > > > > } > > > > break; > > > > > > > > case AUDIT_SGID: > > > > @@ -1285,11 +1285,11 @@ int audit_rule_interfield_comp_data(struct > > > > audit_rule_data **rulep, AUDIT_COMPARE_EGID_TO_SGID; > > > > > > > > break; > > > > > > > > default: > > > > - return -1; > > > > + return -EAU_COMPVALINCOMPAT; > > > > > > > > } > > > > break; > > > > > > > > default: > > > > - return -1; > > > > + return -EAU_COMPFIELDINCOMPAT; > > > > > > This means the same thing. > > > > > > > break; > > > > > > > > } > > > > rule->field_count++; > > > > > > > > @@ -1389,7 +1389,7 @@ int audit_rule_fieldpair_data(struct > > > > audit_rule_data > > > > **rulep, const char *pair, struct audit_rule_data *rule = *rulep; > > > > > > > > if (f == NULL) > > > > > > > > - return -1; > > > > + return -EAU_DATAMISSING; > > > > > > This also means that the filter was not given. Patch not applied. Ok, so coming back to patch acceptance, if I read correctly your comments, reduce the four new error types to two?

> > > Was there a patch in this series that converted errormsg.h to use the > > > macros? > > > > I don't quite follow. Can you give a fictional example off the top of > > your head of what you are hoping for? > > This table: > > static const struct msg_tab err_msgtab[] = { > > { -1, 2, "-F missing operation for" }, > { -2, 2, "-F unknown field:" }, > { -3, 1, "must be before -S" }, > { -4, 1, "machine type not found" }, > > ... > > converted to using the defines. The libaudit return codes were fixed to > defines. But the table the return codes are looked up in is still using > numbers. Ah, got it, yes, completely agree. > > I'm hoping to eventually replace them with an enum list. > > define, enum, does it really matter? I don't like lots of patches just > shuffling things around. Let's just keep it a define at this point. Fair enough. > -Steve - RGB -- Richard Guy Briggs <rgb(a)redhat.com&gt; Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635