diff options
| author | Richard Guy Briggs <rgb@redhat.com> | 2013-09-18 09:32:24 -0400 |
|---|---|---|
| committer | Eric Paris <eparis@redhat.com> | 2014-01-13 22:28:39 -0500 |
| commit | 09f883a9023e7a86f92c731e80f30a9447f4bdbe (patch) | |
| tree | a23e692d2816b1704aea60f3640e6f9fd2cdfad2 | |
| parent | f910fde7307be80a1a228bba969c492f61f13281 (diff) | |
audit: clean up AUDIT_GET/SET local variables and future-proof API
Re-named confusing local variable names (status_set and status_get didn't agree
with their command type name) and reduced their scope.
Future-proof API changes by not depending on the exact size of the audit_status
struct and by adding an API version field.
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
| -rw-r--r-- | include/uapi/linux/audit.h | 1 | ||||
| -rw-r--r-- | kernel/audit.c | 54 |
2 files changed, 30 insertions, 25 deletions
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index e2f0d9977131..4fdedd4c88a1 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h | |||
| @@ -376,6 +376,7 @@ struct audit_status { | |||
| 376 | __u32 backlog_limit; /* waiting messages limit */ | 376 | __u32 backlog_limit; /* waiting messages limit */ |
| 377 | __u32 lost; /* messages lost */ | 377 | __u32 lost; /* messages lost */ |
| 378 | __u32 backlog; /* messages waiting in queue */ | 378 | __u32 backlog; /* messages waiting in queue */ |
| 379 | __u32 version; /* audit api version number */ | ||
| 379 | }; | 380 | }; |
| 380 | 381 | ||
| 381 | struct audit_features { | 382 | struct audit_features { |
diff --git a/kernel/audit.c b/kernel/audit.c index 833f8e2003b7..80b7de02947b 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -743,7 +743,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 743 | { | 743 | { |
| 744 | u32 seq; | 744 | u32 seq; |
| 745 | void *data; | 745 | void *data; |
| 746 | struct audit_status *status_get, status_set; | ||
| 747 | int err; | 746 | int err; |
| 748 | struct audit_buffer *ab; | 747 | struct audit_buffer *ab; |
| 749 | u16 msg_type = nlh->nlmsg_type; | 748 | u16 msg_type = nlh->nlmsg_type; |
| @@ -769,34 +768,38 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 769 | data = nlmsg_data(nlh); | 768 | data = nlmsg_data(nlh); |
| 770 | 769 | ||
| 771 | switch (msg_type) { | 770 | switch (msg_type) { |
| 772 | case AUDIT_GET: | 771 | case AUDIT_GET: { |
| 773 | memset(&status_set, 0, sizeof(status_set)); | 772 | struct audit_status s; |
| 774 | status_set.enabled = audit_enabled; | 773 | memset(&s, 0, sizeof(s)); |
| 775 | status_set.failure = audit_failure; | 774 | s.enabled = audit_enabled; |
| 776 | status_set.pid = audit_pid; | 775 | s.failure = audit_failure; |
| 777 | status_set.rate_limit = audit_rate_limit; | 776 | s.pid = audit_pid; |
| 778 | status_set.backlog_limit = audit_backlog_limit; | 777 | s.rate_limit = audit_rate_limit; |
| 779 | status_set.lost = atomic_read(&audit_lost); | 778 | s.backlog_limit = audit_backlog_limit; |
| 780 | status_set.backlog = skb_queue_len(&audit_skb_queue); | 779 | s.lost = atomic_read(&audit_lost); |
| 780 | s.backlog = skb_queue_len(&audit_skb_queue); | ||
| 781 | s.version = 1; | ||
| 781 | audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0, | 782 | audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0, |
| 782 | &status_set, sizeof(status_set)); | 783 | &s, sizeof(s)); |
| 783 | break; | 784 | break; |
| 784 | case AUDIT_SET: | 785 | } |
| 785 | if (nlmsg_len(nlh) < sizeof(struct audit_status)) | 786 | case AUDIT_SET: { |
| 786 | return -EINVAL; | 787 | struct audit_status s; |
| 787 | status_get = (struct audit_status *)data; | 788 | memset(&s, 0, sizeof(s)); |
| 788 | if (status_get->mask & AUDIT_STATUS_ENABLED) { | 789 | /* guard against past and future API changes */ |
| 789 | err = audit_set_enabled(status_get->enabled); | 790 | memcpy(&s, data, min_t(size_t, sizeof(s), nlmsg_len(nlh))); |
| 791 | if (s.mask & AUDIT_STATUS_ENABLED) { | ||
| 792 | err = audit_set_enabled(s.enabled); | ||
| 790 | if (err < 0) | 793 | if (err < 0) |
| 791 | return err; | 794 | return err; |
| 792 | } | 795 | } |
| 793 | if (status_get->mask & AUDIT_STATUS_FAILURE) { | 796 | if (s.mask & AUDIT_STATUS_FAILURE) { |
| 794 | err = audit_set_failure(status_get->failure); | 797 | err = audit_set_failure(s.failure); |
| 795 | if (err < 0) | 798 | if (err < 0) |
| 796 | return err; | 799 | return err; |
| 797 | } | 800 | } |
| 798 | if (status_get->mask & AUDIT_STATUS_PID) { | 801 | if (s.mask & AUDIT_STATUS_PID) { |
| 799 | int new_pid = status_get->pid; | 802 | int new_pid = s.pid; |
| 800 | 803 | ||
| 801 | if (audit_enabled != AUDIT_OFF) | 804 | if (audit_enabled != AUDIT_OFF) |
| 802 | audit_log_config_change("audit_pid", new_pid, audit_pid, 1); | 805 | audit_log_config_change("audit_pid", new_pid, audit_pid, 1); |
| @@ -804,14 +807,15 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 804 | audit_nlk_portid = NETLINK_CB(skb).portid; | 807 | audit_nlk_portid = NETLINK_CB(skb).portid; |
| 805 | audit_sock = NETLINK_CB(skb).sk; | 808 | audit_sock = NETLINK_CB(skb).sk; |
| 806 | } | 809 | } |
| 807 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) { | 810 | if (s.mask & AUDIT_STATUS_RATE_LIMIT) { |
| 808 | err = audit_set_rate_limit(status_get->rate_limit); | 811 | err = audit_set_rate_limit(s.rate_limit); |
| 809 | if (err < 0) | 812 | if (err < 0) |
| 810 | return err; | 813 | return err; |
| 811 | } | 814 | } |
| 812 | if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) | 815 | if (s.mask & AUDIT_STATUS_BACKLOG_LIMIT) |
| 813 | err = audit_set_backlog_limit(status_get->backlog_limit); | 816 | err = audit_set_backlog_limit(s.backlog_limit); |
| 814 | break; | 817 | break; |
| 818 | } | ||
| 815 | case AUDIT_GET_FEATURE: | 819 | case AUDIT_GET_FEATURE: |
| 816 | err = audit_get_feature(skb); | 820 | err = audit_get_feature(skb); |
| 817 | if (err) | 821 | if (err) |