A number of error message descriptions have drifted from the conditions that
caused them in audit_rule_fieldpair_data() including expansion of fields to be
used by the user filter list, restriction to the exit list only and changing an
operator to "equals" only. Correct these, using the new errormsg macros.
See:
https://github.com/linux-audit/audit-userspace/issues/12
Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com>
---
lib/errormsg.h | 4 ++--
lib/libaudit.c | 10 +++++-----
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/lib/errormsg.h b/lib/errormsg.h
index 17ff767..35b7f95 100644
--- a/lib/errormsg.h
+++ b/lib/errormsg.h
@@ -44,7 +44,7 @@ static const struct msg_tab err_msgtab[] = {
{ -6, 1, "requested bit level not supported by machine" },
{ -7, 1, "can only be used with exit filter list" },
{ -8, 2, "-F unknown message type -" },
- { -9, 0, "msgtype field can only be used with exclude filter list"
},
+ { -9, 0, "msgtype field can only be used with exclude or user filter
list" },
{ -10, 0, "Failed upgrading rule" },
{ -11, 0, "String value too long" },
{ -12, 0, "Only msgtype, *uid, *gid, pid, and subj* fields can be used
with exclude filter" },
@@ -76,7 +76,7 @@ static const struct msg_tab err_msgtab[] = {
#define EAU_ARCHNOBIT 6
#define EAU_EXITONLY 7
#define EAU_MSGTYPEUNKNOWN 8
-#define EAU_MSGTYPEEXCLUDE 9
+#define EAU_MSGTYPEEXCLUDEUSER 9
#define EAU_UPGRADEFAIL 10
#define EAU_STRTOOLONG 11
#define EAU_MSGTYPECREDEXCLUDE 12
diff --git a/lib/libaudit.c b/lib/libaudit.c
index a3b4261..b481f52 100644
--- a/lib/libaudit.c
+++ b/lib/libaudit.c
@@ -1516,7 +1516,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const
char *pair,
break;
case AUDIT_EXIT:
if (flags != AUDIT_FILTER_EXIT)
- return -7;
+ return -EAU_EXITONLY;
vlen = strlen(v);
if (isdigit((char)*(v)))
rule->values[rule->field_count] =
@@ -1535,7 +1535,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const
char *pair,
case AUDIT_MSGTYPE:
if (flags != AUDIT_FILTER_EXCLUDE &&
flags != AUDIT_FILTER_USER)
- return -EAU_MSGTYPEEXCLUDE;
+ return -EAU_MSGTYPEEXCLUDEUSER;
if (isdigit((char)*(v)))
rule->values[rule->field_count] =
@@ -1639,7 +1639,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const
char *pair,
if (flags != AUDIT_FILTER_EXIT)
return -EAU_EXITONLY;
else if (op != AUDIT_EQUAL)
- return -EAU_OPEQNOTEQ;
+ return -EAU_OPEQ;
else {
unsigned int i, len, val = 0;
@@ -1670,7 +1670,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const
char *pair,
break;
case AUDIT_FILETYPE:
if (!(flags == AUDIT_FILTER_EXIT))
- return -EAU_EXITENTRYONLY;
+ return -EAU_EXITONLY;
rule->values[rule->field_count] =
audit_name_to_ftype(v);
if ((int)rule->values[rule->field_count] < 0) {
@@ -1722,7 +1722,7 @@ int audit_rule_fieldpair_data(struct audit_rule_data **rulep, const
char *pair,
}
if (field == AUDIT_PPID && !(flags==AUDIT_FILTER_EXIT))
- return -EAU_EXITENTRYONLY;
+ return -EAU_EXITONLY;
if (!isdigit((char)*(v)))
return -EAU_FIELDVALNUM;
--
1.7.1