[PATCH 1/2] audit string fields interface + consumer
Dustin Kirkland
dustin.kirkland at gmail.com
Mon Jan 16 21:16:04 UTC 2006
On 1/11/06, Amy Griffis <amy.griffis at hp.com> wrote:
> +static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
> + size_t datasz)
> {
> + int err = 0;
> + struct audit_entry *entry;
> + void *bufp;
> + /* size_t remain = datasz - sizeof(struct audit_rule_data); */
> int i;
>
> - if (a->flags != b->flags)
> - return 1;
> + entry = audit_to_entry_common((struct audit_rule *)data);
> + if (IS_ERR(entry))
> + goto exit_nofree;
> +
> + bufp = data->buf;
> + entry->rule.vers_ops = 2;
> + for (i = 0; i < data->field_count; i++) {
> + struct audit_field *f = &entry->rule.fields[i];
> +
> + err = -EINVAL;
> + if (!(data->fieldflags[i] & AUDIT_OPERATORS) ||
> + data->fieldflags[i] & ~AUDIT_OPERATORS)
> + goto exit_free;
> +
> + f->op = data->fieldflags[i] & AUDIT_OPERATORS;
> + f->type = data->fields[i];
> + switch(f->type) {
> + /* call type-specific conversion routines here */
> + default:
> + f->val = data->values[i];
> + }
> + }
>
> - if (a->action != b->action)
> - return 1;
> +exit_nofree:
> + return entry;
> +
> +exit_free:
> + kfree(entry);
> + return ERR_PTR(err);
> +}
Amy-
I'm noticing that this code does not yet do anything with the the
strings potentially in data->buf... Is this still on your to-do, or
was this intentional?
:-Dustin
More information about the Linux-audit
mailing list