diff options
author | Eric Paris <eparis@redhat.com> | 2008-01-08 10:06:53 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2008-02-01 14:06:51 -0500 |
commit | 4746ec5b01ed07205a91e4f7ed9de9d70f371407 (patch) | |
tree | 7a3a836b6178ccab24801e90b69c1159b2c23099 /drivers/char | |
parent | c2a7780efe37d01bdb3facc85a94663e6d67d4a8 (diff) |
[AUDIT] add session id to audit messages
In order to correlate audit records to an individual login add a session
id. This is incremented every time a user logs in and is included in
almost all messages which currently output the auid. The field is
labeled ses= or oses=
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'drivers/char')
-rw-r--r-- | drivers/char/tty_audit.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/drivers/char/tty_audit.c b/drivers/char/tty_audit.c index c590fc45b2f..bacded0eefa 100644 --- a/drivers/char/tty_audit.c +++ b/drivers/char/tty_audit.c | |||
@@ -73,6 +73,7 @@ static void tty_audit_buf_put(struct tty_audit_buf *buf) | |||
73 | * @tsk with @loginuid. @buf->mutex must be locked. | 73 | * @tsk with @loginuid. @buf->mutex must be locked. |
74 | */ | 74 | */ |
75 | static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid, | 75 | static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid, |
76 | unsigned int sessionid, | ||
76 | struct tty_audit_buf *buf) | 77 | struct tty_audit_buf *buf) |
77 | { | 78 | { |
78 | struct audit_buffer *ab; | 79 | struct audit_buffer *ab; |
@@ -85,9 +86,9 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid, | |||
85 | if (ab) { | 86 | if (ab) { |
86 | char name[sizeof(tsk->comm)]; | 87 | char name[sizeof(tsk->comm)]; |
87 | 88 | ||
88 | audit_log_format(ab, "tty pid=%u uid=%u auid=%u major=%d " | 89 | audit_log_format(ab, "tty pid=%u uid=%u auid=%u ses=%u " |
89 | "minor=%d comm=", tsk->pid, tsk->uid, | 90 | "major=%d minor=%d comm=", tsk->pid, tsk->uid, |
90 | loginuid, buf->major, buf->minor); | 91 | loginuid, sessionid, buf->major, buf->minor); |
91 | get_task_comm(name, tsk); | 92 | get_task_comm(name, tsk); |
92 | audit_log_untrustedstring(ab, name); | 93 | audit_log_untrustedstring(ab, name); |
93 | audit_log_format(ab, " data="); | 94 | audit_log_format(ab, " data="); |
@@ -105,7 +106,9 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid, | |||
105 | */ | 106 | */ |
106 | static void tty_audit_buf_push_current(struct tty_audit_buf *buf) | 107 | static void tty_audit_buf_push_current(struct tty_audit_buf *buf) |
107 | { | 108 | { |
108 | tty_audit_buf_push(current, audit_get_loginuid(current), buf); | 109 | uid_t auid = audit_get_loginuid(current); |
110 | unsigned int sessionid = audit_get_sessionid(current); | ||
111 | tty_audit_buf_push(current, auid, sessionid, buf); | ||
109 | } | 112 | } |
110 | 113 | ||
111 | /** | 114 | /** |
@@ -151,6 +154,11 @@ void tty_audit_fork(struct signal_struct *sig) | |||
151 | void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid) | 154 | void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid) |
152 | { | 155 | { |
153 | struct tty_audit_buf *buf; | 156 | struct tty_audit_buf *buf; |
157 | /* FIXME I think this is correct. Check against netlink once that is | ||
158 | * I really need to read this code more closely. But that's for | ||
159 | * another patch. | ||
160 | */ | ||
161 | unsigned int sessionid = audit_get_sessionid(tsk); | ||
154 | 162 | ||
155 | spin_lock_irq(&tsk->sighand->siglock); | 163 | spin_lock_irq(&tsk->sighand->siglock); |
156 | buf = tsk->signal->tty_audit_buf; | 164 | buf = tsk->signal->tty_audit_buf; |
@@ -161,7 +169,7 @@ void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid) | |||
161 | return; | 169 | return; |
162 | 170 | ||
163 | mutex_lock(&buf->mutex); | 171 | mutex_lock(&buf->mutex); |
164 | tty_audit_buf_push(tsk, loginuid, buf); | 172 | tty_audit_buf_push(tsk, loginuid, sessionid, buf); |
165 | mutex_unlock(&buf->mutex); | 173 | mutex_unlock(&buf->mutex); |
166 | 174 | ||
167 | tty_audit_buf_put(buf); | 175 | tty_audit_buf_put(buf); |