audit: add tty field to LOGIN event

The tty field was missing from AUDIT_LOGIN events. Refactor code to create a new function audit_get_tty(), using it to replace the call in audit_log_task_info() and to add it to audit_log_set_loginuid(). Lock and bump the kref to protect it, adding audit_put_tty() alias to decrement it. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Richard Guy Briggs <rgb@redhat.com> 2016-04-21 14:14:01 -0400
committer: Paul Moore <paul@paul-moore.com> 2016-04-26 17:19:16 -0400
commit: db0a6fb5d97afe01fd9c47d37c6daa82d4d4001d (patch)
tree: 872477fc77baf62efbcd876014557bca67684b0e
parent: 7ffb8e317bae03b8ee5bdcec93dc3723be945e9b (diff)
3 files changed, 35 insertions, 15 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index b40ed5df5542..32cdafb312d8 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -26,6 +26,7 @@
 #include <linux/sched.h>
 #include <linux/ptrace.h>
 #include <uapi/linux/audit.h>
+#include <linux/tty.h>
 #define AUDIT_INO_UNSET ((unsigned long)-1)
 #define AUDIT_DEV_UNSET ((dev_t)-1)
@@ -343,6 +344,23 @@ static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
        return tsk->sessionid;
 }
+static inline struct tty_struct *audit_get_tty(struct task_struct *tsk)
+{
+        struct tty_struct *tty = NULL;
+        unsigned long flags;
+        spin_lock_irqsave(&tsk->sighand->siglock, flags);
+        if (tsk->signal)
+                tty = tty_kref_get(tsk->signal->tty);
+        spin_unlock_irqrestore(&tsk->sighand->siglock, flags);
+        return tty;
+}
+static inline void audit_put_tty(struct tty_struct *tty)
+{
+        tty_kref_put(tty);
+}
 extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
 extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
 extern void __audit_bprm(struct linux_binprm *bprm);
@@ -500,6 +518,12 @@ static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
 {
        return -1;
 }
+static inline struct tty_struct *audit_get_tty(struct task_struct *tsk)
+{
+        return NULL;
+}
+static inline void audit_put_tty(struct tty_struct *tty)
+{ }
 static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
 { }
 static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid,
diff --git a/kernel/audit.c b/kernel/audit.c
index f52fbefede09..384374a1d232 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -64,7 +64,6 @@
 #include <linux/security.h>
 #endif
 #include <linux/freezer.h>
-#include <linux/tty.h>
 #include <linux/pid_namespace.h>
 #include <net/netns/generic.h>
@@ -1871,21 +1870,14 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
 {
        const struct cred *cred;
        char comm[sizeof(tsk->comm)];
-        char *tty;
+        struct tty_struct *tty;
        if (!ab)
                return;
        /* tsk == current */
        cred = current_cred();
+        tty = audit_get_tty(tsk);
-        spin_lock_irq(&tsk->sighand->siglock);
-        if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
-                tty = tsk->signal->tty->name;
-        else
-                tty = "(none)";
-        spin_unlock_irq(&tsk->sighand->siglock);
        audit_log_format(ab,
                         " ppid=%d pid=%d auid=%u uid=%u gid=%u"
                         " euid=%u suid=%u fsuid=%u"
@@ -1901,11 +1893,11 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
                         from_kgid(&init_user_ns, cred->egid),
                         from_kgid(&init_user_ns, cred->sgid),
                         from_kgid(&init_user_ns, cred->fsgid),
-                         tty, audit_get_sessionid(tsk));
+                         tty ? tty_name(tty) : "(none)",
+                         audit_get_sessionid(tsk));
+        audit_put_tty(tty);
        audit_log_format(ab, " comm=");
        audit_log_untrustedstring(ab, get_task_comm(comm, tsk));
        audit_log_d_path_exe(ab, tsk->mm);
        audit_log_task_context(ab);
 }
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 195ffaee50b9..71e14d836e69 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1980,6 +1980,7 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,
 {
        struct audit_buffer *ab;
        uid_t uid, oldloginuid, loginuid;
+        struct tty_struct *tty;
        if (!audit_enabled)
                return;
@@ -1987,14 +1988,17 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,
        uid = from_kuid(&init_user_ns, task_uid(current));
        oldloginuid = from_kuid(&init_user_ns, koldloginuid);
        loginuid = from_kuid(&init_user_ns, kloginuid),
+        tty = audit_get_tty(current);
        ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN);
        if (!ab)
                return;
        audit_log_format(ab, "pid=%d uid=%u", task_pid_nr(current), uid);
        audit_log_task_context(ab);
-        audit_log_format(ab, " old-auid=%u auid=%u old-ses=%u ses=%u res=%d",
+        audit_log_format(ab, " old-auid=%u auid=%u tty=%s old-ses=%u ses=%u res=%d",
-                         oldloginuid, loginuid, oldsessionid, sessionid, !rc);
+                         oldloginuid, loginuid, tty ? tty_name(tty) : "(none)",
+                         oldsessionid, sessionid, !rc);
+        audit_put_tty(tty);
        audit_log_end(ab);
 }
author	Richard Guy Briggs <rgb@redhat.com>	2016-04-21 14:14:01 -0400
committer	Paul Moore <paul@paul-moore.com>	2016-04-26 17:19:16 -0400
commit	db0a6fb5d97afe01fd9c47d37c6daa82d4d4001d (patch)
tree	872477fc77baf62efbcd876014557bca67684b0e
parent	7ffb8e317bae03b8ee5bdcec93dc3723be945e9b (diff)

diff --git a/include/linux/audit.h b/include/linux/audit.h index b40ed5df5542..32cdafb312d8 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h
@@ -26,6 +26,7 @@
26	#include <linux/sched.h>	26	#include <linux/sched.h>
27	#include <linux/ptrace.h>	27	#include <linux/ptrace.h>
28	#include <uapi/linux/audit.h>	28	#include <uapi/linux/audit.h>
		29	#include <linux/tty.h>
29		30
30	#define AUDIT_INO_UNSET ((unsigned long)-1)	31	#define AUDIT_INO_UNSET ((unsigned long)-1)
31	#define AUDIT_DEV_UNSET ((dev_t)-1)	32	#define AUDIT_DEV_UNSET ((dev_t)-1)
@@ -343,6 +344,23 @@ static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
343	return tsk->sessionid;	344	return tsk->sessionid;
344	}	345	}
345		346
		347	static inline struct tty_struct audit_get_tty(struct task_struct tsk)
		348	{
		349	struct tty_struct *tty = NULL;
		350	unsigned long flags;
		351
		352	spin_lock_irqsave(&tsk->sighand->siglock, flags);
		353	if (tsk->signal)
		354	tty = tty_kref_get(tsk->signal->tty);
		355	spin_unlock_irqrestore(&tsk->sighand->siglock, flags);
		356	return tty;
		357	}
		358
		359	static inline void audit_put_tty(struct tty_struct *tty)
		360	{
		361	tty_kref_put(tty);
		362	}
		363
346	extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);	364	extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
347	extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);	365	extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
348	extern void __audit_bprm(struct linux_binprm *bprm);	366	extern void __audit_bprm(struct linux_binprm *bprm);
@@ -500,6 +518,12 @@ static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
500	{	518	{
501	return -1;	519	return -1;
502	}	520	}
		521	static inline struct tty_struct audit_get_tty(struct task_struct tsk)
		522	{
		523	return NULL;
		524	}
		525	static inline void audit_put_tty(struct tty_struct *tty)
		526	{ }
503	static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)	527	static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
504	{ }	528	{ }
505	static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid,	529	static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid,


diff --git a/kernel/audit.c b/kernel/audit.c index f52fbefede09..384374a1d232 100644 --- a/kernel/audit.c +++ b/kernel/audit.c
@@ -64,7 +64,6 @@
64	#include <linux/security.h>	64	#include <linux/security.h>
65	#endif	65	#endif
66	#include <linux/freezer.h>	66	#include <linux/freezer.h>
67	#include <linux/tty.h>
68	#include <linux/pid_namespace.h>	67	#include <linux/pid_namespace.h>
69	#include <net/netns/generic.h>	68	#include <net/netns/generic.h>
70		69
@@ -1871,21 +1870,14 @@ void audit_log_task_info(struct audit_buffer ab, struct task_struct tsk)
1871	{	1870	{
1872	const struct cred *cred;	1871	const struct cred *cred;
1873	char comm[sizeof(tsk->comm)];	1872	char comm[sizeof(tsk->comm)];
1874	char *tty;	1873	struct tty_struct *tty;
1875		1874
1876	if (!ab)	1875	if (!ab)
1877	return;	1876	return;
1878		1877
1879	/* tsk == current */	1878	/* tsk == current */
1880	cred = current_cred();	1879	cred = current_cred();
1881		1880	tty = audit_get_tty(tsk);
1882	spin_lock_irq(&tsk->sighand->siglock);
1883	if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
1884	tty = tsk->signal->tty->name;
1885	else
1886	tty = "(none)";
1887	spin_unlock_irq(&tsk->sighand->siglock);
1888
1889	audit_log_format(ab,	1881	audit_log_format(ab,
1890	" ppid=%d pid=%d auid=%u uid=%u gid=%u"	1882	" ppid=%d pid=%d auid=%u uid=%u gid=%u"
1891	" euid=%u suid=%u fsuid=%u"	1883	" euid=%u suid=%u fsuid=%u"
@@ -1901,11 +1893,11 @@ void audit_log_task_info(struct audit_buffer ab, struct task_struct tsk)
1901	from_kgid(&init_user_ns, cred->egid),	1893	from_kgid(&init_user_ns, cred->egid),
1902	from_kgid(&init_user_ns, cred->sgid),	1894	from_kgid(&init_user_ns, cred->sgid),
1903	from_kgid(&init_user_ns, cred->fsgid),	1895	from_kgid(&init_user_ns, cred->fsgid),
1904	tty, audit_get_sessionid(tsk));	1896	tty ? tty_name(tty) : "(none)",
1905		1897	audit_get_sessionid(tsk));
		1898	audit_put_tty(tty);
1906	audit_log_format(ab, " comm=");	1899	audit_log_format(ab, " comm=");
1907	audit_log_untrustedstring(ab, get_task_comm(comm, tsk));	1900	audit_log_untrustedstring(ab, get_task_comm(comm, tsk));
1908
1909	audit_log_d_path_exe(ab, tsk->mm);	1901	audit_log_d_path_exe(ab, tsk->mm);
1910	audit_log_task_context(ab);	1902	audit_log_task_context(ab);
1911	}	1903	}


diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 195ffaee50b9..71e14d836e69 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c
@@ -1980,6 +1980,7 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,
1980	{	1980	{
1981	struct audit_buffer *ab;	1981	struct audit_buffer *ab;
1982	uid_t uid, oldloginuid, loginuid;	1982	uid_t uid, oldloginuid, loginuid;
		1983	struct tty_struct *tty;
1983		1984
1984	if (!audit_enabled)	1985	if (!audit_enabled)
1985	return;	1986	return;
@@ -1987,14 +1988,17 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,
1987	uid = from_kuid(&init_user_ns, task_uid(current));	1988	uid = from_kuid(&init_user_ns, task_uid(current));
1988	oldloginuid = from_kuid(&init_user_ns, koldloginuid);	1989	oldloginuid = from_kuid(&init_user_ns, koldloginuid);
1989	loginuid = from_kuid(&init_user_ns, kloginuid),	1990	loginuid = from_kuid(&init_user_ns, kloginuid),
		1991	tty = audit_get_tty(current);
1990		1992
1991	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN);	1993	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN);
1992	if (!ab)	1994	if (!ab)
1993	return;	1995	return;
1994	audit_log_format(ab, "pid=%d uid=%u", task_pid_nr(current), uid);	1996	audit_log_format(ab, "pid=%d uid=%u", task_pid_nr(current), uid);
1995	audit_log_task_context(ab);	1997	audit_log_task_context(ab);
1996	audit_log_format(ab, " old-auid=%u auid=%u old-ses=%u ses=%u res=%d",	1998	audit_log_format(ab, " old-auid=%u auid=%u tty=%s old-ses=%u ses=%u res=%d",
1997	oldloginuid, loginuid, oldsessionid, sessionid, !rc);	1999	oldloginuid, loginuid, tty ? tty_name(tty) : "(none)",
		2000	oldsessionid, sessionid, !rc);
		2001	audit_put_tty(tty);
1998	audit_log_end(ab);	2002	audit_log_end(ab);
1999	}	2003	}
2000		2004