diff options
author | Serge Hallyn <serue@us.ibm.com> | 2005-04-29 11:27:17 -0400 |
---|---|---|
committer | <dwmw2@shinybook.infradead.org> | 2005-04-29 11:27:17 -0400 |
commit | c94c257c88c517f251da273a15c654224c7b6e21 (patch) | |
tree | 992dd50f6bb13a70b04450cdfe0dbfb3c7b17ef5 | |
parent | 85c8721ff3bc96b702427a440616079e8daf8a2f (diff) |
Add audit uid to netlink credentials
Most audit control messages are sent over netlink.In order to properly
log the identity of the sender of audit control messages, we would like
to add the loginuid to the netlink_creds structure, as per the attached
patch.
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
-rw-r--r-- | include/linux/audit.h | 2 | ||||
-rw-r--r-- | include/linux/netlink.h | 1 | ||||
-rw-r--r-- | kernel/audit.c | 46 | ||||
-rw-r--r-- | kernel/auditsc.c | 5 | ||||
-rw-r--r-- | net/netlink/af_netlink.c | 1 |
5 files changed, 32 insertions, 23 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 5fabe8481011..19f214230fec 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -184,7 +184,7 @@ extern void audit_inode(const char *name, const struct inode *inode); | |||
184 | 184 | ||
185 | /* Private API (for audit.c only) */ | 185 | /* Private API (for audit.c only) */ |
186 | extern int audit_receive_filter(int type, int pid, int uid, int seq, | 186 | extern int audit_receive_filter(int type, int pid, int uid, int seq, |
187 | void *data); | 187 | void *data, uid_t loginuid); |
188 | extern void audit_get_stamp(struct audit_context *ctx, | 188 | extern void audit_get_stamp(struct audit_context *ctx, |
189 | struct timespec *t, unsigned int *serial); | 189 | struct timespec *t, unsigned int *serial); |
190 | extern int audit_set_loginuid(struct audit_context *ctx, uid_t loginuid); | 190 | extern int audit_set_loginuid(struct audit_context *ctx, uid_t loginuid); |
diff --git a/include/linux/netlink.h b/include/linux/netlink.h index f731abdc1a29..b2738ac8bc99 100644 --- a/include/linux/netlink.h +++ b/include/linux/netlink.h | |||
@@ -110,6 +110,7 @@ struct netlink_skb_parms | |||
110 | __u32 dst_pid; | 110 | __u32 dst_pid; |
111 | __u32 dst_groups; | 111 | __u32 dst_groups; |
112 | kernel_cap_t eff_cap; | 112 | kernel_cap_t eff_cap; |
113 | __u32 loginuid; /* Login (audit) uid */ | ||
113 | }; | 114 | }; |
114 | 115 | ||
115 | #define NETLINK_CB(skb) (*(struct netlink_skb_parms*)&((skb)->cb)) | 116 | #define NETLINK_CB(skb) (*(struct netlink_skb_parms*)&((skb)->cb)) |
diff --git a/kernel/audit.c b/kernel/audit.c index 58c7d7e47299..587d3b2eba7f 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
@@ -239,36 +239,36 @@ void audit_log_lost(const char *message) | |||
239 | 239 | ||
240 | } | 240 | } |
241 | 241 | ||
242 | static int audit_set_rate_limit(int limit) | 242 | static int audit_set_rate_limit(int limit, uid_t loginuid) |
243 | { | 243 | { |
244 | int old = audit_rate_limit; | 244 | int old = audit_rate_limit; |
245 | audit_rate_limit = limit; | 245 | audit_rate_limit = limit; |
246 | audit_log(current->audit_context, "audit_rate_limit=%d old=%d", | 246 | audit_log(NULL, "audit_rate_limit=%d old=%d by auid %u", |
247 | audit_rate_limit, old); | 247 | audit_rate_limit, old, loginuid); |
248 | return old; | 248 | return old; |
249 | } | 249 | } |
250 | 250 | ||
251 | static int audit_set_backlog_limit(int limit) | 251 | static int audit_set_backlog_limit(int limit, uid_t loginuid) |
252 | { | 252 | { |
253 | int old = audit_backlog_limit; | 253 | int old = audit_backlog_limit; |
254 | audit_backlog_limit = limit; | 254 | audit_backlog_limit = limit; |
255 | audit_log(current->audit_context, "audit_backlog_limit=%d old=%d", | 255 | audit_log(NULL, "audit_backlog_limit=%d old=%d by auid %u", |
256 | audit_backlog_limit, old); | 256 | audit_backlog_limit, old, loginuid); |
257 | return old; | 257 | return old; |
258 | } | 258 | } |
259 | 259 | ||
260 | static int audit_set_enabled(int state) | 260 | static int audit_set_enabled(int state, uid_t loginuid) |
261 | { | 261 | { |
262 | int old = audit_enabled; | 262 | int old = audit_enabled; |
263 | if (state != 0 && state != 1) | 263 | if (state != 0 && state != 1) |
264 | return -EINVAL; | 264 | return -EINVAL; |
265 | audit_enabled = state; | 265 | audit_enabled = state; |
266 | audit_log(current->audit_context, "audit_enabled=%d old=%d", | 266 | audit_log(NULL, "audit_enabled=%d old=%d by auid %u", |
267 | audit_enabled, old); | 267 | audit_enabled, old, loginuid); |
268 | return old; | 268 | return old; |
269 | } | 269 | } |
270 | 270 | ||
271 | static int audit_set_failure(int state) | 271 | static int audit_set_failure(int state, uid_t loginuid) |
272 | { | 272 | { |
273 | int old = audit_failure; | 273 | int old = audit_failure; |
274 | if (state != AUDIT_FAIL_SILENT | 274 | if (state != AUDIT_FAIL_SILENT |
@@ -276,8 +276,8 @@ static int audit_set_failure(int state) | |||
276 | && state != AUDIT_FAIL_PANIC) | 276 | && state != AUDIT_FAIL_PANIC) |
277 | return -EINVAL; | 277 | return -EINVAL; |
278 | audit_failure = state; | 278 | audit_failure = state; |
279 | audit_log(current->audit_context, "audit_failure=%d old=%d", | 279 | audit_log(NULL, "audit_failure=%d old=%d by auid %u", |
280 | audit_failure, old); | 280 | audit_failure, old, loginuid); |
281 | return old; | 281 | return old; |
282 | } | 282 | } |
283 | 283 | ||
@@ -344,6 +344,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
344 | int err; | 344 | int err; |
345 | struct audit_buffer *ab; | 345 | struct audit_buffer *ab; |
346 | u16 msg_type = nlh->nlmsg_type; | 346 | u16 msg_type = nlh->nlmsg_type; |
347 | uid_t loginuid; /* loginuid of sender */ | ||
347 | 348 | ||
348 | err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type); | 349 | err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type); |
349 | if (err) | 350 | if (err) |
@@ -351,6 +352,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
351 | 352 | ||
352 | pid = NETLINK_CREDS(skb)->pid; | 353 | pid = NETLINK_CREDS(skb)->pid; |
353 | uid = NETLINK_CREDS(skb)->uid; | 354 | uid = NETLINK_CREDS(skb)->uid; |
355 | loginuid = NETLINK_CB(skb).loginuid; | ||
354 | seq = nlh->nlmsg_seq; | 356 | seq = nlh->nlmsg_seq; |
355 | data = NLMSG_DATA(nlh); | 357 | data = NLMSG_DATA(nlh); |
356 | 358 | ||
@@ -371,34 +373,36 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
371 | return -EINVAL; | 373 | return -EINVAL; |
372 | status_get = (struct audit_status *)data; | 374 | status_get = (struct audit_status *)data; |
373 | if (status_get->mask & AUDIT_STATUS_ENABLED) { | 375 | if (status_get->mask & AUDIT_STATUS_ENABLED) { |
374 | err = audit_set_enabled(status_get->enabled); | 376 | err = audit_set_enabled(status_get->enabled, loginuid); |
375 | if (err < 0) return err; | 377 | if (err < 0) return err; |
376 | } | 378 | } |
377 | if (status_get->mask & AUDIT_STATUS_FAILURE) { | 379 | if (status_get->mask & AUDIT_STATUS_FAILURE) { |
378 | err = audit_set_failure(status_get->failure); | 380 | err = audit_set_failure(status_get->failure, loginuid); |
379 | if (err < 0) return err; | 381 | if (err < 0) return err; |
380 | } | 382 | } |
381 | if (status_get->mask & AUDIT_STATUS_PID) { | 383 | if (status_get->mask & AUDIT_STATUS_PID) { |
382 | int old = audit_pid; | 384 | int old = audit_pid; |
383 | audit_pid = status_get->pid; | 385 | audit_pid = status_get->pid; |
384 | audit_log(current->audit_context, | 386 | audit_log(NULL, "audit_pid=%d old=%d by auid %u", |
385 | "audit_pid=%d old=%d", audit_pid, old); | 387 | audit_pid, old, loginuid); |
386 | } | 388 | } |
387 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) | 389 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) |
388 | audit_set_rate_limit(status_get->rate_limit); | 390 | audit_set_rate_limit(status_get->rate_limit, loginuid); |
389 | if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) | 391 | if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) |
390 | audit_set_backlog_limit(status_get->backlog_limit); | 392 | audit_set_backlog_limit(status_get->backlog_limit, |
393 | loginuid); | ||
391 | break; | 394 | break; |
392 | case AUDIT_USER: | 395 | case AUDIT_USER: |
393 | ab = audit_log_start(NULL); | 396 | ab = audit_log_start(NULL); |
394 | if (!ab) | 397 | if (!ab) |
395 | break; /* audit_panic has been called */ | 398 | break; /* audit_panic has been called */ |
396 | audit_log_format(ab, | 399 | audit_log_format(ab, |
397 | "user pid=%d uid=%d length=%d msg='%.1024s'", | 400 | "user pid=%d uid=%d length=%d loginuid=%u" |
401 | " msg='%.1024s'", | ||
398 | pid, uid, | 402 | pid, uid, |
399 | (int)(nlh->nlmsg_len | 403 | (int)(nlh->nlmsg_len |
400 | - ((char *)data - (char *)nlh)), | 404 | - ((char *)data - (char *)nlh)), |
401 | (char *)data); | 405 | loginuid, (char *)data); |
402 | ab->type = AUDIT_USER; | 406 | ab->type = AUDIT_USER; |
403 | ab->pid = pid; | 407 | ab->pid = pid; |
404 | audit_log_end(ab); | 408 | audit_log_end(ab); |
@@ -411,7 +415,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
411 | case AUDIT_LIST: | 415 | case AUDIT_LIST: |
412 | #ifdef CONFIG_AUDITSYSCALL | 416 | #ifdef CONFIG_AUDITSYSCALL |
413 | err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, | 417 | err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, |
414 | uid, seq, data); | 418 | uid, seq, data, loginuid); |
415 | #else | 419 | #else |
416 | err = -EOPNOTSUPP; | 420 | err = -EOPNOTSUPP; |
417 | #endif | 421 | #endif |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 9ff2c1b1033e..66148f81d783 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -251,7 +251,8 @@ static int audit_copy_rule(struct audit_rule *d, struct audit_rule *s) | |||
251 | return 0; | 251 | return 0; |
252 | } | 252 | } |
253 | 253 | ||
254 | int audit_receive_filter(int type, int pid, int uid, int seq, void *data) | 254 | int audit_receive_filter(int type, int pid, int uid, int seq, void *data, |
255 | uid_t loginuid) | ||
255 | { | 256 | { |
256 | u32 flags; | 257 | u32 flags; |
257 | struct audit_entry *entry; | 258 | struct audit_entry *entry; |
@@ -286,6 +287,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data) | |||
286 | err = audit_add_rule(entry, &audit_entlist); | 287 | err = audit_add_rule(entry, &audit_entlist); |
287 | if (!err && (flags & AUDIT_AT_EXIT)) | 288 | if (!err && (flags & AUDIT_AT_EXIT)) |
288 | err = audit_add_rule(entry, &audit_extlist); | 289 | err = audit_add_rule(entry, &audit_extlist); |
290 | audit_log(NULL, "auid %u added an audit rule\n", loginuid); | ||
289 | break; | 291 | break; |
290 | case AUDIT_DEL: | 292 | case AUDIT_DEL: |
291 | flags =((struct audit_rule *)data)->flags; | 293 | flags =((struct audit_rule *)data)->flags; |
@@ -295,6 +297,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data) | |||
295 | err = audit_del_rule(data, &audit_entlist); | 297 | err = audit_del_rule(data, &audit_entlist); |
296 | if (!err && (flags & AUDIT_AT_EXIT)) | 298 | if (!err && (flags & AUDIT_AT_EXIT)) |
297 | err = audit_del_rule(data, &audit_extlist); | 299 | err = audit_del_rule(data, &audit_extlist); |
300 | audit_log(NULL, "auid %u removed an audit rule\n", loginuid); | ||
298 | break; | 301 | break; |
299 | default: | 302 | default: |
300 | return -EINVAL; | 303 | return -EINVAL; |
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 29a5fd231eac..cb64cff3e339 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c | |||
@@ -905,6 +905,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock, | |||
905 | NETLINK_CB(skb).groups = nlk->groups; | 905 | NETLINK_CB(skb).groups = nlk->groups; |
906 | NETLINK_CB(skb).dst_pid = dst_pid; | 906 | NETLINK_CB(skb).dst_pid = dst_pid; |
907 | NETLINK_CB(skb).dst_groups = dst_groups; | 907 | NETLINK_CB(skb).dst_groups = dst_groups; |
908 | NETLINK_CB(skb).loginuid = audit_get_loginuid(current->audit_context); | ||
908 | memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); | 909 | memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); |
909 | 910 | ||
910 | /* What can I do? Netlink is asynchronous, so that | 911 | /* What can I do? Netlink is asynchronous, so that |