aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/char/tty_audit.c
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-01-08 10:06:53 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2008-02-01 14:06:51 -0500
commit4746ec5b01ed07205a91e4f7ed9de9d70f371407 (patch)
tree7a3a836b6178ccab24801e90b69c1159b2c23099 /drivers/char/tty_audit.c
parentc2a7780efe37d01bdb3facc85a94663e6d67d4a8 (diff)
[AUDIT] add session id to audit messages
In order to correlate audit records to an individual login add a session id. This is incremented every time a user logs in and is included in almost all messages which currently output the auid. The field is labeled ses= or oses= Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'drivers/char/tty_audit.c')
-rw-r--r--drivers/char/tty_audit.c18
1 files changed, 13 insertions, 5 deletions
diff --git a/drivers/char/tty_audit.c b/drivers/char/tty_audit.c
index c590fc45b2fd..bacded0eefab 100644
--- a/drivers/char/tty_audit.c
+++ b/drivers/char/tty_audit.c
@@ -73,6 +73,7 @@ static void tty_audit_buf_put(struct tty_audit_buf *buf)
73 * @tsk with @loginuid. @buf->mutex must be locked. 73 * @tsk with @loginuid. @buf->mutex must be locked.
74 */ 74 */
75static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid, 75static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
76 unsigned int sessionid,
76 struct tty_audit_buf *buf) 77 struct tty_audit_buf *buf)
77{ 78{
78 struct audit_buffer *ab; 79 struct audit_buffer *ab;
@@ -85,9 +86,9 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
85 if (ab) { 86 if (ab) {
86 char name[sizeof(tsk->comm)]; 87 char name[sizeof(tsk->comm)];
87 88
88 audit_log_format(ab, "tty pid=%u uid=%u auid=%u major=%d " 89 audit_log_format(ab, "tty pid=%u uid=%u auid=%u ses=%u "
89 "minor=%d comm=", tsk->pid, tsk->uid, 90 "major=%d minor=%d comm=", tsk->pid, tsk->uid,
90 loginuid, buf->major, buf->minor); 91 loginuid, sessionid, buf->major, buf->minor);
91 get_task_comm(name, tsk); 92 get_task_comm(name, tsk);
92 audit_log_untrustedstring(ab, name); 93 audit_log_untrustedstring(ab, name);
93 audit_log_format(ab, " data="); 94 audit_log_format(ab, " data=");
@@ -105,7 +106,9 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
105 */ 106 */
106static void tty_audit_buf_push_current(struct tty_audit_buf *buf) 107static void tty_audit_buf_push_current(struct tty_audit_buf *buf)
107{ 108{
108 tty_audit_buf_push(current, audit_get_loginuid(current), buf); 109 uid_t auid = audit_get_loginuid(current);
110 unsigned int sessionid = audit_get_sessionid(current);
111 tty_audit_buf_push(current, auid, sessionid, buf);
109} 112}
110 113
111/** 114/**
@@ -151,6 +154,11 @@ void tty_audit_fork(struct signal_struct *sig)
151void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid) 154void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid)
152{ 155{
153 struct tty_audit_buf *buf; 156 struct tty_audit_buf *buf;
157 /* FIXME I think this is correct. Check against netlink once that is
158 * I really need to read this code more closely. But that's for
159 * another patch.
160 */
161 unsigned int sessionid = audit_get_sessionid(tsk);
154 162
155 spin_lock_irq(&tsk->sighand->siglock); 163 spin_lock_irq(&tsk->sighand->siglock);
156 buf = tsk->signal->tty_audit_buf; 164 buf = tsk->signal->tty_audit_buf;
@@ -161,7 +169,7 @@ void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid)
161 return; 169 return;
162 170
163 mutex_lock(&buf->mutex); 171 mutex_lock(&buf->mutex);
164 tty_audit_buf_push(tsk, loginuid, buf); 172 tty_audit_buf_push(tsk, loginuid, sessionid, buf);
165 mutex_unlock(&buf->mutex); 173 mutex_unlock(&buf->mutex);
166 174
167 tty_audit_buf_put(buf); 175 tty_audit_buf_put(buf);