From mboxrd@z Thu Jan  1 00:00:00 1970
From: Richard Guy Briggs <rgb@redhat.com>
Subject: Re: [PATCH 2/2] errormsg: add descriptive macros to replace
	overloaded error codes
Date: Thu, 4 May 2017 17:05:35 -0400
Message-ID: <20170504210535.GH21241@madcap2.tricolour.ca>
References: <1491302268-797-1-git-send-email-rgb@redhat.com>
	<1905532.6h1g383l91@x2>
	<20170504202945.GR25861@madcap2.tricolour.ca>
	<2313872.xMYfS2GaQK@x2>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
Content-Disposition: inline
In-Reply-To: <2313872.xMYfS2GaQK@x2>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: Steve Grubb <sgrubb@redhat.com>
Cc: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On 2017-05-04 16:49, Steve Grubb wrote:
> On Thursday, May 4, 2017 4:29:45 PM EDT Richard Guy Briggs wrote:
> > On 2017-05-04 16:11, Steve Grubb wrote:
> > > On Tuesday, April 4, 2017 6:37:48 AM EDT Richard Guy Briggs wrote:
> > > > Several return codes were overloaded and no longer giving helpful error
> > > > return messages from the field and comparison functions
> > > > audit_rule_fieldpair_data() and audit_rule_interfield_comp_data().
> > > > 
> > > > Introduce 3 new macros with more helpful error descriptions for data
> > > > missing, incompatible fields and incompatible values.
> > > > 
> > > > See: https://github.com/linux-audit/audit-userspace/issues/12
> > > > 
> > > > Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
> > > > ---
> > > > 
> > > >  lib/errormsg.h |    6 ++++++
> > > >  lib/libaudit.c |   28 ++++++++++++++--------------
> > > >  2 files changed, 20 insertions(+), 14 deletions(-)
> > > > 
> > > > diff --git a/lib/errormsg.h b/lib/errormsg.h
> > > > index 35b7f95..50c7d50 100644
> > > > --- a/lib/errormsg.h
> > > > +++ b/lib/errormsg.h
> > > > @@ -67,6 +67,9 @@ static const struct msg_tab err_msgtab[] = {
> > > > 
> > > >      { -29,    1,    "only takes = operator" },
> > > >      { -30,    2,    "Field option not supported by kernel:" },
> > > >      { -31,    1,    "must be used with exclude, user, or exit filter"
> > > >      },
> > > > 
> > > > +    { -32,    0,    "field data is missing" },
> > > 
> > > Actually, this means that the filter is missing in the rule. This is the
> > > kind of thing I would normally just fixup after patching the source.
> > > 
> > > > +    { -33,    2,    "-C field incompatible" },
> > > > +    { -34,    2,    "-C value incompatible" },
> > > > 
> > > >  };
> > > >  #define EAU_OPMISSING		1
> > > >  #define EAU_FIELDUNKNOWN	2
> > > > 
> > > > @@ -97,4 +100,7 @@ static const struct msg_tab err_msgtab[] = {
> > > > 
> > > >  #define EAU_OPEQ		29
> > > >  #define EAU_FIELDNOSUPPORT	30
> > > >  #define EAU_FIELDNOFILTER	31
> > > > 
> > > > +#define EAU_DATAMISSING		32
> > > > +#define EAU_COMPFIELDINCOMPAT	33
> > > > +#define EAU_COMPVALINCOMPAT	34
> > > > 
> > > >  #endif
> > > > 
> > > > diff --git a/lib/libaudit.c b/lib/libaudit.c
> > > > index b481f52..b1f8f9c 100644
> > > > --- a/lib/libaudit.c
> > > > +++ b/lib/libaudit.c
> > > > @@ -976,7 +976,7 @@ int audit_rule_interfield_comp_data(struct
> > > > audit_rule_data **rulep, struct audit_rule_data *rule = *rulep;
> > > > 
> > > >  	if (f == NULL)
> > > > 
> > > > -		return -1;
> > > > +		return -EAU_DATAMISSING;
> > > > 
> > > >  	if (rule->field_count >= (AUDIT_MAX_FIELDS - 1))
> > > >  	
> > > >  		return -EAU_FIELDTOOMANY;
> > > > 
> > > > @@ -1043,7 +1043,7 @@ int audit_rule_interfield_comp_data(struct
> > > > audit_rule_data **rulep, AUDIT_COMPARE_UID_TO_EUID;
> > > > 
> > > >  				break;
> > > >  			
> > > >  			default:
> > > > -				return -1;
> > > > +				return -EAU_COMPVALINCOMPAT;
> > > 
> > > This means that we are attempting an incompatible comparison between
> > > fields.> 
> > > >  			}
> > > >  			break;
> > > >  		
> > > >  		case AUDIT_FSUID:
> > > > @@ -1069,7 +1069,7 @@ int audit_rule_interfield_comp_data(struct
> > > > audit_rule_data **rulep, AUDIT_COMPARE_UID_TO_FSUID;
> > > > 
> > > >  				break;
> > > >  			
> > > >  			default:
> > > > -				return -1;
> > > > +				return -EAU_COMPVALINCOMPAT;
> > > > 
> > > >  			}
> > > >  			break;
> > > >  		
> > > >  		case AUDIT_LOGINUID:
> > > > @@ -1095,7 +1095,7 @@ int audit_rule_interfield_comp_data(struct
> > > > audit_rule_data **rulep, AUDIT_COMPARE_UID_TO_AUID;
> > > > 
> > > >  				break;
> > > >  			
> > > >  			default:
> > > > -				return -1;
> > > > +				return -EAU_COMPVALINCOMPAT;
> > > > 
> > > >  			}
> > > >  			break;
> > > >  		
> > > >  		case AUDIT_SUID:
> > > > @@ -1121,7 +1121,7 @@ int audit_rule_interfield_comp_data(struct
> > > > audit_rule_data **rulep, AUDIT_COMPARE_UID_TO_SUID;
> > > > 
> > > >  				break;
> > > >  			
> > > >  			default:
> > > > -				return -1;
> > > > +				return -EAU_COMPVALINCOMPAT;
> > > > 
> > > >  			}
> > > >  			break;
> > > >  		
> > > >  		case AUDIT_OBJ_UID:
> > > > @@ -1147,7 +1147,7 @@ int audit_rule_interfield_comp_data(struct
> > > > audit_rule_data **rulep, AUDIT_COMPARE_SUID_TO_OBJ_UID;
> > > > 
> > > >  				break;
> > > >  			
> > > >  			default:
> > > > -				return -1;
> > > > +				return -EAU_COMPVALINCOMPAT;
> > > > 
> > > >  			}
> > > >  			break;
> > > >  		
> > > >  		case AUDIT_UID:
> > > > @@ -1173,7 +1173,7 @@ int audit_rule_interfield_comp_data(struct
> > > > audit_rule_data **rulep, AUDIT_COMPARE_UID_TO_SUID;
> > > > 
> > > >  				break;
> > > >  			
> > > >  			default:
> > > > -				return -1;
> > > > +				return -EAU_COMPVALINCOMPAT;
> > > > 
> > > >  			}
> > > >  			break;
> > > > 
> > > > @@ -1197,7 +1197,7 @@ int audit_rule_interfield_comp_data(struct
> > > > audit_rule_data **rulep, AUDIT_COMPARE_EGID_TO_SGID;
> > > > 
> > > >  				break;
> > > >  			
> > > >  			default:
> > > > -				return -1;
> > > > +				return -EAU_COMPVALINCOMPAT;
> > > > 
> > > >  			}
> > > >  			break;
> > > >  		
> > > >  		case AUDIT_FSGID:
> > > > @@ -1219,7 +1219,7 @@ int audit_rule_interfield_comp_data(struct
> > > > audit_rule_data **rulep, AUDIT_COMPARE_EGID_TO_FSGID;
> > > > 
> > > >  				break;
> > > >  			
> > > >  			default:
> > > > -				return -1;
> > > > +				return -EAU_COMPVALINCOMPAT;
> > > > 
> > > >  			}
> > > >  			break;
> > > >  		
> > > >  		case AUDIT_GID:
> > > > @@ -1241,7 +1241,7 @@ int audit_rule_interfield_comp_data(struct
> > > > audit_rule_data **rulep, AUDIT_COMPARE_GID_TO_SGID;
> > > > 
> > > >  				break;
> > > >  			
> > > >  			default:
> > > > -				return -1;
> > > > +				return -EAU_COMPVALINCOMPAT;
> > > > 
> > > >  			}
> > > >  			break;
> > > >  		
> > > >  		case AUDIT_OBJ_GID:
> > > > @@ -1263,7 +1263,7 @@ int audit_rule_interfield_comp_data(struct
> > > > audit_rule_data **rulep, AUDIT_COMPARE_SGID_TO_OBJ_GID;
> > > > 
> > > >  				break;
> > > >  			
> > > >  			default:
> > > > -				return -1;
> > > > +				return -EAU_COMPVALINCOMPAT;
> > > > 
> > > >  			}
> > > >  			break;
> > > >  		
> > > >  		case AUDIT_SGID:
> > > > @@ -1285,11 +1285,11 @@ int audit_rule_interfield_comp_data(struct
> > > > audit_rule_data **rulep, AUDIT_COMPARE_EGID_TO_SGID;
> > > > 
> > > >  				break;
> > > >  			
> > > >  			default:
> > > > -				return -1;
> > > > +				return -EAU_COMPVALINCOMPAT;
> > > > 
> > > >  			}
> > > >  			break;
> > > >  		
> > > >  		default:
> > > > -			return -1;
> > > > +			return -EAU_COMPFIELDINCOMPAT;
> > > 
> > > This means the same thing.
> > > 
> > > >  			break;
> > > >  	
> > > >  	}
> > > >  	rule->field_count++;
> > > > 
> > > > @@ -1389,7 +1389,7 @@ int audit_rule_fieldpair_data(struct
> > > > audit_rule_data
> > > > **rulep, const char *pair, struct audit_rule_data *rule = *rulep;
> > > > 
> > > >  	if (f == NULL)
> > > > 
> > > > -		return -1;
> > > > +		return -EAU_DATAMISSING;
> > > 
> > > This also means that the filter was not given. Patch not applied.

Ok, so coming back to patch acceptance, if I read correctly your
comments, reduce the four new error types to two?

> > > Was there a patch in this series that converted errormsg.h to use the
> > > macros?
> > I don't quite follow.  Can you give a fictional example off the top of
> > your head of what you are hoping for? 
> 
> This table:
> 
> static const struct msg_tab err_msgtab[] = {
>     { -1,    2,    "-F missing operation for" },
>     { -2,    2,    "-F unknown field:" },
>     { -3,    1,    "must be before -S" },
>     { -4,    1,    "machine type not found" },
>      ...
> 
> converted to using the defines. The libaudit return codes were fixed to 
> defines. But the table the return codes are looked up in is still using 
> numbers.

Ah, got it, yes, completely agree.

> > I'm hoping to eventually replace them with an enum list.
> 
> define, enum, does it really matter? I don't like lots of patches just 
> shuffling things around. Let's just keep it a define at this point.

Fair enough.

> -Steve

- RGB

--
Richard Guy Briggs <rgb@redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635