aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSerge Hallyn <serue@us.ibm.com>2005-04-29 11:27:17 -0400
committer <dwmw2@shinybook.infradead.org>2005-04-29 11:27:17 -0400
commitc94c257c88c517f251da273a15c654224c7b6e21 (patch)
tree992dd50f6bb13a70b04450cdfe0dbfb3c7b17ef5
parent85c8721ff3bc96b702427a440616079e8daf8a2f (diff)
Add audit uid to netlink credentials
Most audit control messages are sent over netlink.In order to properly log the identity of the sender of audit control messages, we would like to add the loginuid to the netlink_creds structure, as per the attached patch. Signed-off-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
-rw-r--r--include/linux/audit.h2
-rw-r--r--include/linux/netlink.h1
-rw-r--r--kernel/audit.c46
-rw-r--r--kernel/auditsc.c5
-rw-r--r--net/netlink/af_netlink.c1
5 files changed, 32 insertions, 23 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 5fabe8481011..19f214230fec 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -184,7 +184,7 @@ extern void audit_inode(const char *name, const struct inode *inode);
184 184
185 /* Private API (for audit.c only) */ 185 /* Private API (for audit.c only) */
186extern int audit_receive_filter(int type, int pid, int uid, int seq, 186extern int audit_receive_filter(int type, int pid, int uid, int seq,
187 void *data); 187 void *data, uid_t loginuid);
188extern void audit_get_stamp(struct audit_context *ctx, 188extern void audit_get_stamp(struct audit_context *ctx,
189 struct timespec *t, unsigned int *serial); 189 struct timespec *t, unsigned int *serial);
190extern int audit_set_loginuid(struct audit_context *ctx, uid_t loginuid); 190extern int audit_set_loginuid(struct audit_context *ctx, uid_t loginuid);
diff --git a/include/linux/netlink.h b/include/linux/netlink.h
index f731abdc1a29..b2738ac8bc99 100644
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -110,6 +110,7 @@ struct netlink_skb_parms
110 __u32 dst_pid; 110 __u32 dst_pid;
111 __u32 dst_groups; 111 __u32 dst_groups;
112 kernel_cap_t eff_cap; 112 kernel_cap_t eff_cap;
113 __u32 loginuid; /* Login (audit) uid */
113}; 114};
114 115
115#define NETLINK_CB(skb) (*(struct netlink_skb_parms*)&((skb)->cb)) 116#define NETLINK_CB(skb) (*(struct netlink_skb_parms*)&((skb)->cb))
diff --git a/kernel/audit.c b/kernel/audit.c
index 58c7d7e47299..587d3b2eba7f 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -239,36 +239,36 @@ void audit_log_lost(const char *message)
239 239
240} 240}
241 241
242static int audit_set_rate_limit(int limit) 242static int audit_set_rate_limit(int limit, uid_t loginuid)
243{ 243{
244 int old = audit_rate_limit; 244 int old = audit_rate_limit;
245 audit_rate_limit = limit; 245 audit_rate_limit = limit;
246 audit_log(current->audit_context, "audit_rate_limit=%d old=%d", 246 audit_log(NULL, "audit_rate_limit=%d old=%d by auid %u",
247 audit_rate_limit, old); 247 audit_rate_limit, old, loginuid);
248 return old; 248 return old;
249} 249}
250 250
251static int audit_set_backlog_limit(int limit) 251static int audit_set_backlog_limit(int limit, uid_t loginuid)
252{ 252{
253 int old = audit_backlog_limit; 253 int old = audit_backlog_limit;
254 audit_backlog_limit = limit; 254 audit_backlog_limit = limit;
255 audit_log(current->audit_context, "audit_backlog_limit=%d old=%d", 255 audit_log(NULL, "audit_backlog_limit=%d old=%d by auid %u",
256 audit_backlog_limit, old); 256 audit_backlog_limit, old, loginuid);
257 return old; 257 return old;
258} 258}
259 259
260static int audit_set_enabled(int state) 260static int audit_set_enabled(int state, uid_t loginuid)
261{ 261{
262 int old = audit_enabled; 262 int old = audit_enabled;
263 if (state != 0 && state != 1) 263 if (state != 0 && state != 1)
264 return -EINVAL; 264 return -EINVAL;
265 audit_enabled = state; 265 audit_enabled = state;
266 audit_log(current->audit_context, "audit_enabled=%d old=%d", 266 audit_log(NULL, "audit_enabled=%d old=%d by auid %u",
267 audit_enabled, old); 267 audit_enabled, old, loginuid);
268 return old; 268 return old;
269} 269}
270 270
271static int audit_set_failure(int state) 271static int audit_set_failure(int state, uid_t loginuid)
272{ 272{
273 int old = audit_failure; 273 int old = audit_failure;
274 if (state != AUDIT_FAIL_SILENT 274 if (state != AUDIT_FAIL_SILENT
@@ -276,8 +276,8 @@ static int audit_set_failure(int state)
276 && state != AUDIT_FAIL_PANIC) 276 && state != AUDIT_FAIL_PANIC)
277 return -EINVAL; 277 return -EINVAL;
278 audit_failure = state; 278 audit_failure = state;
279 audit_log(current->audit_context, "audit_failure=%d old=%d", 279 audit_log(NULL, "audit_failure=%d old=%d by auid %u",
280 audit_failure, old); 280 audit_failure, old, loginuid);
281 return old; 281 return old;
282} 282}
283 283
@@ -344,6 +344,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
344 int err; 344 int err;
345 struct audit_buffer *ab; 345 struct audit_buffer *ab;
346 u16 msg_type = nlh->nlmsg_type; 346 u16 msg_type = nlh->nlmsg_type;
347 uid_t loginuid; /* loginuid of sender */
347 348
348 err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type); 349 err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type);
349 if (err) 350 if (err)
@@ -351,6 +352,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
351 352
352 pid = NETLINK_CREDS(skb)->pid; 353 pid = NETLINK_CREDS(skb)->pid;
353 uid = NETLINK_CREDS(skb)->uid; 354 uid = NETLINK_CREDS(skb)->uid;
355 loginuid = NETLINK_CB(skb).loginuid;
354 seq = nlh->nlmsg_seq; 356 seq = nlh->nlmsg_seq;
355 data = NLMSG_DATA(nlh); 357 data = NLMSG_DATA(nlh);
356 358
@@ -371,34 +373,36 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
371 return -EINVAL; 373 return -EINVAL;
372 status_get = (struct audit_status *)data; 374 status_get = (struct audit_status *)data;
373 if (status_get->mask & AUDIT_STATUS_ENABLED) { 375 if (status_get->mask & AUDIT_STATUS_ENABLED) {
374 err = audit_set_enabled(status_get->enabled); 376 err = audit_set_enabled(status_get->enabled, loginuid);
375 if (err < 0) return err; 377 if (err < 0) return err;
376 } 378 }
377 if (status_get->mask & AUDIT_STATUS_FAILURE) { 379 if (status_get->mask & AUDIT_STATUS_FAILURE) {
378 err = audit_set_failure(status_get->failure); 380 err = audit_set_failure(status_get->failure, loginuid);
379 if (err < 0) return err; 381 if (err < 0) return err;
380 } 382 }
381 if (status_get->mask & AUDIT_STATUS_PID) { 383 if (status_get->mask & AUDIT_STATUS_PID) {
382 int old = audit_pid; 384 int old = audit_pid;
383 audit_pid = status_get->pid; 385 audit_pid = status_get->pid;
384 audit_log(current->audit_context, 386 audit_log(NULL, "audit_pid=%d old=%d by auid %u",
385 "audit_pid=%d old=%d", audit_pid, old); 387 audit_pid, old, loginuid);
386 } 388 }
387 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) 389 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT)
388 audit_set_rate_limit(status_get->rate_limit); 390 audit_set_rate_limit(status_get->rate_limit, loginuid);
389 if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) 391 if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT)
390 audit_set_backlog_limit(status_get->backlog_limit); 392 audit_set_backlog_limit(status_get->backlog_limit,
393 loginuid);
391 break; 394 break;
392 case AUDIT_USER: 395 case AUDIT_USER:
393 ab = audit_log_start(NULL); 396 ab = audit_log_start(NULL);
394 if (!ab) 397 if (!ab)
395 break; /* audit_panic has been called */ 398 break; /* audit_panic has been called */
396 audit_log_format(ab, 399 audit_log_format(ab,
397 "user pid=%d uid=%d length=%d msg='%.1024s'", 400 "user pid=%d uid=%d length=%d loginuid=%u"
401 " msg='%.1024s'",
398 pid, uid, 402 pid, uid,
399 (int)(nlh->nlmsg_len 403 (int)(nlh->nlmsg_len
400 - ((char *)data - (char *)nlh)), 404 - ((char *)data - (char *)nlh)),
401 (char *)data); 405 loginuid, (char *)data);
402 ab->type = AUDIT_USER; 406 ab->type = AUDIT_USER;
403 ab->pid = pid; 407 ab->pid = pid;
404 audit_log_end(ab); 408 audit_log_end(ab);
@@ -411,7 +415,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
411 case AUDIT_LIST: 415 case AUDIT_LIST:
412#ifdef CONFIG_AUDITSYSCALL 416#ifdef CONFIG_AUDITSYSCALL
413 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, 417 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
414 uid, seq, data); 418 uid, seq, data, loginuid);
415#else 419#else
416 err = -EOPNOTSUPP; 420 err = -EOPNOTSUPP;
417#endif 421#endif
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 9ff2c1b1033e..66148f81d783 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -251,7 +251,8 @@ static int audit_copy_rule(struct audit_rule *d, struct audit_rule *s)
251 return 0; 251 return 0;
252} 252}
253 253
254int audit_receive_filter(int type, int pid, int uid, int seq, void *data) 254int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
255 uid_t loginuid)
255{ 256{
256 u32 flags; 257 u32 flags;
257 struct audit_entry *entry; 258 struct audit_entry *entry;
@@ -286,6 +287,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data)
286 err = audit_add_rule(entry, &audit_entlist); 287 err = audit_add_rule(entry, &audit_entlist);
287 if (!err && (flags & AUDIT_AT_EXIT)) 288 if (!err && (flags & AUDIT_AT_EXIT))
288 err = audit_add_rule(entry, &audit_extlist); 289 err = audit_add_rule(entry, &audit_extlist);
290 audit_log(NULL, "auid %u added an audit rule\n", loginuid);
289 break; 291 break;
290 case AUDIT_DEL: 292 case AUDIT_DEL:
291 flags =((struct audit_rule *)data)->flags; 293 flags =((struct audit_rule *)data)->flags;
@@ -295,6 +297,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data)
295 err = audit_del_rule(data, &audit_entlist); 297 err = audit_del_rule(data, &audit_entlist);
296 if (!err && (flags & AUDIT_AT_EXIT)) 298 if (!err && (flags & AUDIT_AT_EXIT))
297 err = audit_del_rule(data, &audit_extlist); 299 err = audit_del_rule(data, &audit_extlist);
300 audit_log(NULL, "auid %u removed an audit rule\n", loginuid);
298 break; 301 break;
299 default: 302 default:
300 return -EINVAL; 303 return -EINVAL;
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 29a5fd231eac..cb64cff3e339 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -905,6 +905,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
905 NETLINK_CB(skb).groups = nlk->groups; 905 NETLINK_CB(skb).groups = nlk->groups;
906 NETLINK_CB(skb).dst_pid = dst_pid; 906 NETLINK_CB(skb).dst_pid = dst_pid;
907 NETLINK_CB(skb).dst_groups = dst_groups; 907 NETLINK_CB(skb).dst_groups = dst_groups;
908 NETLINK_CB(skb).loginuid = audit_get_loginuid(current->audit_context);
908 memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); 909 memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
909 910
910 /* What can I do? Netlink is asynchronous, so that 911 /* What can I do? Netlink is asynchronous, so that