On 1/11/06, Amy Griffis <amy.griffis(a)hp.com> wrote:
+static struct audit_entry *audit_data_to_entry(struct
audit_rule_data *data,
+ size_t datasz)
{
+ int err = 0;
+ struct audit_entry *entry;
+ void *bufp;
+ /* size_t remain = datasz - sizeof(struct audit_rule_data); */
int i;
- if (a->flags != b->flags)
- return 1;
+ entry = audit_to_entry_common((struct audit_rule *)data);
+ if (IS_ERR(entry))
+ goto exit_nofree;
+
+ bufp = data->buf;
+ entry->rule.vers_ops = 2;
+ for (i = 0; i < data->field_count; i++) {
+ struct audit_field *f = &entry->rule.fields[i];
+
+ err = -EINVAL;
+ if (!(data->fieldflags[i] & AUDIT_OPERATORS) ||
+ data->fieldflags[i] & ~AUDIT_OPERATORS)
+ goto exit_free;
+
+ f->op = data->fieldflags[i] & AUDIT_OPERATORS;
+ f->type = data->fields[i];
+ switch(f->type) {
+ /* call type-specific conversion routines here */
+ default:
+ f->val = data->values[i];
+ }
+ }
- if (a->action != b->action)
- return 1;
+exit_nofree:
+ return entry;
+
+exit_free:
+ kfree(entry);
+ return ERR_PTR(err);
+}
Amy-
I'm noticing that this code does not yet do anything with the the
strings potentially in data->buf... Is this still on your to-do, or
was this intentional?
:-Dustin