diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-29 14:41:22 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-29 14:41:22 -0400 |
commit | 9781db7b345b5dfe93787aaaf310c861db7c1ede (patch) | |
tree | d9796e29fd914ca04835636be95bbd5082a034fd /kernel/auditsc.c | |
parent | 97094dcf5cefc8ccfdf93839f54dac2c4d316165 (diff) | |
parent | 8b67dca9420474623709e00d72a066068a502b20 (diff) |
Merge branch 'audit.b50' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b50' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:
[PATCH] new predicate - AUDIT_FILETYPE
[patch 2/2] Use find_task_by_vpid in audit code
[patch 1/2] audit: let userspace fully control TTY input auditing
[PATCH 2/2] audit: fix sparse shadowed variable warnings
[PATCH 1/2] audit: move extern declarations to audit.h
Audit: MAINTAINERS update
Audit: increase the maximum length of the key field
Audit: standardize string audit interfaces
Audit: stop deadlock from signals under load
Audit: save audit_backlog_limit audit messages in case auditd comes back
Audit: collect sessionid in netlink messages
Audit: end printk with newline
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r-- | kernel/auditsc.c | 40 |
1 files changed, 24 insertions, 16 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 56e56ed594a8..c10e7aae04d7 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -68,9 +68,6 @@ | |||
68 | 68 | ||
69 | #include "audit.h" | 69 | #include "audit.h" |
70 | 70 | ||
71 | extern struct list_head audit_filter_list[]; | ||
72 | extern int audit_ever_enabled; | ||
73 | |||
74 | /* AUDIT_NAMES is the number of slots we reserve in the audit_context | 71 | /* AUDIT_NAMES is the number of slots we reserve in the audit_context |
75 | * for saving names from getname(). */ | 72 | * for saving names from getname(). */ |
76 | #define AUDIT_NAMES 20 | 73 | #define AUDIT_NAMES 20 |
@@ -283,6 +280,19 @@ static int audit_match_perm(struct audit_context *ctx, int mask) | |||
283 | } | 280 | } |
284 | } | 281 | } |
285 | 282 | ||
283 | static int audit_match_filetype(struct audit_context *ctx, int which) | ||
284 | { | ||
285 | unsigned index = which & ~S_IFMT; | ||
286 | mode_t mode = which & S_IFMT; | ||
287 | if (index >= ctx->name_count) | ||
288 | return 0; | ||
289 | if (ctx->names[index].ino == -1) | ||
290 | return 0; | ||
291 | if ((ctx->names[index].mode ^ mode) & S_IFMT) | ||
292 | return 0; | ||
293 | return 1; | ||
294 | } | ||
295 | |||
286 | /* | 296 | /* |
287 | * We keep a linked list of fixed-sized (31 pointer) arrays of audit_chunk *; | 297 | * We keep a linked list of fixed-sized (31 pointer) arrays of audit_chunk *; |
288 | * ->first_trees points to its beginning, ->trees - to the current end of data. | 298 | * ->first_trees points to its beginning, ->trees - to the current end of data. |
@@ -592,6 +602,9 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
592 | case AUDIT_PERM: | 602 | case AUDIT_PERM: |
593 | result = audit_match_perm(ctx, f->val); | 603 | result = audit_match_perm(ctx, f->val); |
594 | break; | 604 | break; |
605 | case AUDIT_FILETYPE: | ||
606 | result = audit_match_filetype(ctx, f->val); | ||
607 | break; | ||
595 | } | 608 | } |
596 | 609 | ||
597 | if (!result) | 610 | if (!result) |
@@ -1095,7 +1108,7 @@ static int audit_log_single_execve_arg(struct audit_context *context, | |||
1095 | audit_log_format(*ab, "[%d]", i); | 1108 | audit_log_format(*ab, "[%d]", i); |
1096 | audit_log_format(*ab, "="); | 1109 | audit_log_format(*ab, "="); |
1097 | if (has_cntl) | 1110 | if (has_cntl) |
1098 | audit_log_hex(*ab, buf, to_send); | 1111 | audit_log_n_hex(*ab, buf, to_send); |
1099 | else | 1112 | else |
1100 | audit_log_format(*ab, "\"%s\"", buf); | 1113 | audit_log_format(*ab, "\"%s\"", buf); |
1101 | audit_log_format(*ab, "\n"); | 1114 | audit_log_format(*ab, "\n"); |
@@ -1296,7 +1309,6 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
1296 | break; } | 1309 | break; } |
1297 | 1310 | ||
1298 | case AUDIT_SOCKETCALL: { | 1311 | case AUDIT_SOCKETCALL: { |
1299 | int i; | ||
1300 | struct audit_aux_data_socketcall *axs = (void *)aux; | 1312 | struct audit_aux_data_socketcall *axs = (void *)aux; |
1301 | audit_log_format(ab, "nargs=%d", axs->nargs); | 1313 | audit_log_format(ab, "nargs=%d", axs->nargs); |
1302 | for (i=0; i<axs->nargs; i++) | 1314 | for (i=0; i<axs->nargs; i++) |
@@ -1307,7 +1319,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
1307 | struct audit_aux_data_sockaddr *axs = (void *)aux; | 1319 | struct audit_aux_data_sockaddr *axs = (void *)aux; |
1308 | 1320 | ||
1309 | audit_log_format(ab, "saddr="); | 1321 | audit_log_format(ab, "saddr="); |
1310 | audit_log_hex(ab, axs->a, axs->len); | 1322 | audit_log_n_hex(ab, axs->a, axs->len); |
1311 | break; } | 1323 | break; } |
1312 | 1324 | ||
1313 | case AUDIT_FD_PAIR: { | 1325 | case AUDIT_FD_PAIR: { |
@@ -1321,7 +1333,6 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
1321 | 1333 | ||
1322 | for (aux = context->aux_pids; aux; aux = aux->next) { | 1334 | for (aux = context->aux_pids; aux; aux = aux->next) { |
1323 | struct audit_aux_data_pids *axs = (void *)aux; | 1335 | struct audit_aux_data_pids *axs = (void *)aux; |
1324 | int i; | ||
1325 | 1336 | ||
1326 | for (i = 0; i < axs->pid_count; i++) | 1337 | for (i = 0; i < axs->pid_count; i++) |
1327 | if (audit_log_pid_context(context, axs->target_pid[i], | 1338 | if (audit_log_pid_context(context, axs->target_pid[i], |
@@ -1371,8 +1382,8 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
1371 | default: | 1382 | default: |
1372 | /* log the name's directory component */ | 1383 | /* log the name's directory component */ |
1373 | audit_log_format(ab, " name="); | 1384 | audit_log_format(ab, " name="); |
1374 | audit_log_n_untrustedstring(ab, n->name_len, | 1385 | audit_log_n_untrustedstring(ab, n->name, |
1375 | n->name); | 1386 | n->name_len); |
1376 | } | 1387 | } |
1377 | } else | 1388 | } else |
1378 | audit_log_format(ab, " name=(null)"); | 1389 | audit_log_format(ab, " name=(null)"); |
@@ -1596,7 +1607,7 @@ static inline void handle_one(const struct inode *inode) | |||
1596 | if (likely(put_tree_ref(context, chunk))) | 1607 | if (likely(put_tree_ref(context, chunk))) |
1597 | return; | 1608 | return; |
1598 | if (unlikely(!grow_tree_refs(context))) { | 1609 | if (unlikely(!grow_tree_refs(context))) { |
1599 | printk(KERN_WARNING "out of memory, audit has lost a tree reference"); | 1610 | printk(KERN_WARNING "out of memory, audit has lost a tree reference\n"); |
1600 | audit_set_auditable(context); | 1611 | audit_set_auditable(context); |
1601 | audit_put_chunk(chunk); | 1612 | audit_put_chunk(chunk); |
1602 | unroll_tree_refs(context, p, count); | 1613 | unroll_tree_refs(context, p, count); |
@@ -1656,7 +1667,7 @@ retry: | |||
1656 | } | 1667 | } |
1657 | /* too bad */ | 1668 | /* too bad */ |
1658 | printk(KERN_WARNING | 1669 | printk(KERN_WARNING |
1659 | "out of memory, audit has lost a tree reference"); | 1670 | "out of memory, audit has lost a tree reference\n"); |
1660 | unroll_tree_refs(context, p, count); | 1671 | unroll_tree_refs(context, p, count); |
1661 | audit_set_auditable(context); | 1672 | audit_set_auditable(context); |
1662 | return; | 1673 | return; |
@@ -1752,13 +1763,13 @@ static int audit_inc_name_count(struct audit_context *context, | |||
1752 | if (context->name_count >= AUDIT_NAMES) { | 1763 | if (context->name_count >= AUDIT_NAMES) { |
1753 | if (inode) | 1764 | if (inode) |
1754 | printk(KERN_DEBUG "name_count maxed, losing inode data: " | 1765 | printk(KERN_DEBUG "name_count maxed, losing inode data: " |
1755 | "dev=%02x:%02x, inode=%lu", | 1766 | "dev=%02x:%02x, inode=%lu\n", |
1756 | MAJOR(inode->i_sb->s_dev), | 1767 | MAJOR(inode->i_sb->s_dev), |
1757 | MINOR(inode->i_sb->s_dev), | 1768 | MINOR(inode->i_sb->s_dev), |
1758 | inode->i_ino); | 1769 | inode->i_ino); |
1759 | 1770 | ||
1760 | else | 1771 | else |
1761 | printk(KERN_DEBUG "name_count maxed, losing inode data"); | 1772 | printk(KERN_DEBUG "name_count maxed, losing inode data\n"); |
1762 | return 1; | 1773 | return 1; |
1763 | } | 1774 | } |
1764 | context->name_count++; | 1775 | context->name_count++; |
@@ -2361,9 +2372,6 @@ int __audit_signal_info(int sig, struct task_struct *t) | |||
2361 | struct audit_aux_data_pids *axp; | 2372 | struct audit_aux_data_pids *axp; |
2362 | struct task_struct *tsk = current; | 2373 | struct task_struct *tsk = current; |
2363 | struct audit_context *ctx = tsk->audit_context; | 2374 | struct audit_context *ctx = tsk->audit_context; |
2364 | extern pid_t audit_sig_pid; | ||
2365 | extern uid_t audit_sig_uid; | ||
2366 | extern u32 audit_sig_sid; | ||
2367 | 2375 | ||
2368 | if (audit_pid && t->tgid == audit_pid) { | 2376 | if (audit_pid && t->tgid == audit_pid) { |
2369 | if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1) { | 2377 | if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1) { |