aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteve Grubb <sgrubb@redhat.com>2005-04-29 12:30:07 -0400
committer <dwmw2@shinybook.infradead.org>2005-04-29 12:30:07 -0400
commit456be6cd90dbbb9b0ea01d56932d56d110d51cf7 (patch)
tree27f0d001610f686d11ff460cb6c848a599c8ca4f
parent37509e749dc2072e667db806ef24b9e897f61b8a (diff)
[AUDIT] LOGIN message credentials
Attached is a new patch that solves the issue of getting valid credentials into the LOGIN message. The current code was assuming that the audit context had already been copied. This is not always the case for LOGIN messages. To solve the problem, the patch passes the task struct to the function that emits the message where it can get valid credentials. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat
-rw-r--r--fs/proc/base.c2
-rw-r--r--include/linux/audit.h2
-rw-r--r--kernel/auditsc.c9
3 files changed, 7 insertions, 6 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index 39fd336cfdb9..57554bfbed79 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -820,7 +820,7 @@ static ssize_t proc_loginuid_write(struct file * file, const char __user * buf,
820 goto out_free_page; 820 goto out_free_page;
821 821
822 } 822 }
823 length = audit_set_loginuid(task->audit_context, loginuid); 823 length = audit_set_loginuid(task, loginuid);
824 if (likely(length == 0)) 824 if (likely(length == 0))
825 length = count; 825 length = count;
826 826
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 19f214230fec..19f04b049798 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -187,7 +187,7 @@ extern int audit_receive_filter(int type, int pid, int uid, int seq,
187 void *data, uid_t loginuid); 187 void *data, uid_t loginuid);
188extern void audit_get_stamp(struct audit_context *ctx, 188extern void audit_get_stamp(struct audit_context *ctx,
189 struct timespec *t, unsigned int *serial); 189 struct timespec *t, unsigned int *serial);
190extern int audit_set_loginuid(struct audit_context *ctx, uid_t loginuid); 190extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid);
191extern uid_t audit_get_loginuid(struct audit_context *ctx); 191extern uid_t audit_get_loginuid(struct audit_context *ctx);
192extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); 192extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode);
193#else 193#else
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 66148f81d783..37b3ac94bc47 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1010,20 +1010,21 @@ void audit_get_stamp(struct audit_context *ctx,
1010 1010
1011extern int audit_set_type(struct audit_buffer *ab, int type); 1011extern int audit_set_type(struct audit_buffer *ab, int type);
1012 1012
1013int audit_set_loginuid(struct audit_context *ctx, uid_t loginuid) 1013int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
1014{ 1014{
1015 if (ctx) { 1015 if (task->audit_context) {
1016 struct audit_buffer *ab; 1016 struct audit_buffer *ab;
1017 1017
1018 ab = audit_log_start(NULL); 1018 ab = audit_log_start(NULL);
1019 if (ab) { 1019 if (ab) {
1020 audit_log_format(ab, "login pid=%d uid=%u " 1020 audit_log_format(ab, "login pid=%d uid=%u "
1021 "old loginuid=%u new loginuid=%u", 1021 "old loginuid=%u new loginuid=%u",
1022 ctx->pid, ctx->uid, ctx->loginuid, loginuid); 1022 task->pid, task->uid,
1023 task->audit_context->loginuid, loginuid);
1023 audit_set_type(ab, AUDIT_LOGIN); 1024 audit_set_type(ab, AUDIT_LOGIN);
1024 audit_log_end(ab); 1025 audit_log_end(ab);
1025 } 1026 }
1026 ctx->loginuid = loginuid; 1027 task->audit_context->loginuid = loginuid;
1027 } 1028 }
1028 return 0; 1029 return 0;
1029} 1030}
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-27 16:09:52 -0500