diff options
| author | Eric Paris <eparis@redhat.com> | 2013-04-19 13:56:11 -0400 |
|---|---|---|
| committer | Eric Paris <eparis@redhat.com> | 2013-04-30 15:31:28 -0400 |
| commit | 152f497b9b5940f81de3205465840a5eb316458e (patch) | |
| tree | fb226da0e460bb912350478cbbb87b24a6343d31 /drivers/tty | |
| parent | dc9eb698f441889f2d7926b1cc6f1e14f0787f00 (diff) | |
audit: push loginuid and sessionid processing down
Since we are always current, we can push a lot of this stuff to the
bottom and get rid of useless interfaces and arguments.
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'drivers/tty')
| -rw-r--r-- | drivers/tty/tty_audit.c | 72 |
1 files changed, 24 insertions, 48 deletions
diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c index 1e4e9f30ea09..ea2e5ad71731 100644 --- a/drivers/tty/tty_audit.c +++ b/drivers/tty/tty_audit.c | |||
| @@ -60,24 +60,22 @@ static void tty_audit_buf_put(struct tty_audit_buf *buf) | |||
| 60 | tty_audit_buf_free(buf); | 60 | tty_audit_buf_free(buf); |
| 61 | } | 61 | } |
| 62 | 62 | ||
| 63 | static void tty_audit_log(const char *description, struct task_struct *tsk, | 63 | static void tty_audit_log(const char *description, int major, int minor, |
| 64 | kuid_t loginuid, unsigned sessionid, int major, | 64 | unsigned char *data, size_t size) |
| 65 | int minor, unsigned char *data, size_t size) | ||
| 66 | { | 65 | { |
| 67 | struct audit_buffer *ab; | 66 | struct audit_buffer *ab; |
| 67 | struct task_struct *tsk = current; | ||
| 68 | uid_t uid = from_kuid(&init_user_ns, task_uid(tsk)); | ||
| 69 | uid_t loginuid = from_kuid(&init_user_ns, audit_get_loginuid(tsk)); | ||
| 70 | u32 sessionid = audit_get_sessionid(tsk); | ||
| 68 | 71 | ||
| 69 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY); | 72 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY); |
| 70 | if (ab) { | 73 | if (ab) { |
| 71 | char name[sizeof(tsk->comm)]; | 74 | char name[sizeof(tsk->comm)]; |
| 72 | kuid_t uid = task_uid(tsk); | 75 | |
| 73 | 76 | audit_log_format(ab, "%s pid=%u uid=%u auid=%u ses=%u major=%d" | |
| 74 | audit_log_format(ab, "%s pid=%u uid=%u auid=%u ses=%u " | 77 | " minor=%d comm=", description, tsk->pid, uid, |
| 75 | "major=%d minor=%d comm=", description, | 78 | loginuid, sessionid, major, minor); |
| 76 | tsk->pid, | ||
| 77 | from_kuid(&init_user_ns, uid), | ||
| 78 | from_kuid(&init_user_ns, loginuid), | ||
| 79 | sessionid, | ||
| 80 | major, minor); | ||
| 81 | get_task_comm(name, tsk); | 79 | get_task_comm(name, tsk); |
| 82 | audit_log_untrustedstring(ab, name); | 80 | audit_log_untrustedstring(ab, name); |
| 83 | audit_log_format(ab, " data="); | 81 | audit_log_format(ab, " data="); |
| @@ -90,11 +88,9 @@ static void tty_audit_log(const char *description, struct task_struct *tsk, | |||
| 90 | * tty_audit_buf_push - Push buffered data out | 88 | * tty_audit_buf_push - Push buffered data out |
| 91 | * | 89 | * |
| 92 | * Generate an audit message from the contents of @buf, which is owned by | 90 | * Generate an audit message from the contents of @buf, which is owned by |
| 93 | * @tsk with @loginuid. @buf->mutex must be locked. | 91 | * the current task. @buf->mutex must be locked. |
| 94 | */ | 92 | */ |
| 95 | static void tty_audit_buf_push(struct task_struct *tsk, kuid_t loginuid, | 93 | static void tty_audit_buf_push(struct tty_audit_buf *buf) |
| 96 | unsigned int sessionid, | ||
| 97 | struct tty_audit_buf *buf) | ||
| 98 | { | 94 | { |
| 99 | if (buf->valid == 0) | 95 | if (buf->valid == 0) |
| 100 | return; | 96 | return; |
| @@ -102,25 +98,11 @@ static void tty_audit_buf_push(struct task_struct *tsk, kuid_t loginuid, | |||
| 102 | buf->valid = 0; | 98 | buf->valid = 0; |
| 103 | return; | 99 | return; |
| 104 | } | 100 | } |
| 105 | tty_audit_log("tty", tsk, loginuid, sessionid, buf->major, buf->minor, | 101 | tty_audit_log("tty", buf->major, buf->minor, buf->data, buf->valid); |
| 106 | buf->data, buf->valid); | ||
| 107 | buf->valid = 0; | 102 | buf->valid = 0; |
| 108 | } | 103 | } |
| 109 | 104 | ||
| 110 | /** | 105 | /** |
| 111 | * tty_audit_buf_push_current - Push buffered data out | ||
| 112 | * | ||
| 113 | * Generate an audit message from the contents of @buf, which is owned by | ||
| 114 | * the current task. @buf->mutex must be locked. | ||
| 115 | */ | ||
| 116 | static void tty_audit_buf_push_current(struct tty_audit_buf *buf) | ||
| 117 | { | ||
| 118 | kuid_t auid = audit_get_loginuid(current); | ||
| 119 | unsigned int sessionid = audit_get_sessionid(current); | ||
| 120 | tty_audit_buf_push(current, auid, sessionid, buf); | ||
| 121 | } | ||
| 122 | |||
| 123 | /** | ||
| 124 | * tty_audit_exit - Handle a task exit | 106 | * tty_audit_exit - Handle a task exit |
| 125 | * | 107 | * |
| 126 | * Make sure all buffered data is written out and deallocate the buffer. | 108 | * Make sure all buffered data is written out and deallocate the buffer. |
| @@ -138,7 +120,7 @@ void tty_audit_exit(void) | |||
| 138 | return; | 120 | return; |
| 139 | 121 | ||
| 140 | mutex_lock(&buf->mutex); | 122 | mutex_lock(&buf->mutex); |
| 141 | tty_audit_buf_push_current(buf); | 123 | tty_audit_buf_push(buf); |
| 142 | mutex_unlock(&buf->mutex); | 124 | mutex_unlock(&buf->mutex); |
| 143 | 125 | ||
| 144 | tty_audit_buf_put(buf); | 126 | tty_audit_buf_put(buf); |
| @@ -176,7 +158,7 @@ void tty_audit_tiocsti(struct tty_struct *tty, char ch) | |||
| 176 | if (buf) { | 158 | if (buf) { |
| 177 | mutex_lock(&buf->mutex); | 159 | mutex_lock(&buf->mutex); |
| 178 | if (buf->major == major && buf->minor == minor) | 160 | if (buf->major == major && buf->minor == minor) |
| 179 | tty_audit_buf_push_current(buf); | 161 | tty_audit_buf_push(buf); |
| 180 | mutex_unlock(&buf->mutex); | 162 | mutex_unlock(&buf->mutex); |
| 181 | tty_audit_buf_put(buf); | 163 | tty_audit_buf_put(buf); |
| 182 | } | 164 | } |
| @@ -187,27 +169,21 @@ void tty_audit_tiocsti(struct tty_struct *tty, char ch) | |||
| 187 | 169 | ||
| 188 | auid = audit_get_loginuid(current); | 170 | auid = audit_get_loginuid(current); |
| 189 | sessionid = audit_get_sessionid(current); | 171 | sessionid = audit_get_sessionid(current); |
| 190 | tty_audit_log("ioctl=TIOCSTI", current, auid, sessionid, major, | 172 | tty_audit_log("ioctl=TIOCSTI", major, minor, &ch, 1); |
| 191 | minor, &ch, 1); | ||
| 192 | } | 173 | } |
| 193 | } | 174 | } |
| 194 | 175 | ||
| 195 | /** | 176 | /** |
| 196 | * tty_audit_push_task - Flush task's pending audit data | 177 | * tty_audit_push_current - Flush current's pending audit data |
| 197 | * @tsk: task pointer | ||
| 198 | * @loginuid: sender login uid | ||
| 199 | * @sessionid: sender session id | ||
| 200 | * | 178 | * |
| 201 | * Called with a ref on @tsk held. Try to lock sighand and get a | 179 | * Try to lock sighand and get a reference to the tty audit buffer if available. |
| 202 | * reference to the tty audit buffer if available. | ||
| 203 | * Flush the buffer or return an appropriate error code. | 180 | * Flush the buffer or return an appropriate error code. |
| 204 | */ | 181 | */ |
| 205 | int tty_audit_push_task(struct task_struct *tsk) | 182 | int tty_audit_push_current(void) |
| 206 | { | 183 | { |
| 207 | struct tty_audit_buf *buf = ERR_PTR(-EPERM); | 184 | struct tty_audit_buf *buf = ERR_PTR(-EPERM); |
| 185 | struct task_struct *tsk = current; | ||
| 208 | unsigned long flags; | 186 | unsigned long flags; |
| 209 | kuid_t loginuid = audit_get_loginuid(tsk); | ||
| 210 | u32 sessionid = audit_get_sessionid(tsk); | ||
| 211 | 187 | ||
| 212 | if (!lock_task_sighand(tsk, &flags)) | 188 | if (!lock_task_sighand(tsk, &flags)) |
| 213 | return -ESRCH; | 189 | return -ESRCH; |
| @@ -227,7 +203,7 @@ int tty_audit_push_task(struct task_struct *tsk) | |||
| 227 | return PTR_ERR(buf); | 203 | return PTR_ERR(buf); |
| 228 | 204 | ||
| 229 | mutex_lock(&buf->mutex); | 205 | mutex_lock(&buf->mutex); |
| 230 | tty_audit_buf_push(tsk, loginuid, sessionid, buf); | 206 | tty_audit_buf_push(buf); |
| 231 | mutex_unlock(&buf->mutex); | 207 | mutex_unlock(&buf->mutex); |
| 232 | 208 | ||
| 233 | tty_audit_buf_put(buf); | 209 | tty_audit_buf_put(buf); |
| @@ -311,7 +287,7 @@ void tty_audit_add_data(struct tty_struct *tty, unsigned char *data, | |||
| 311 | minor = tty->driver->minor_start + tty->index; | 287 | minor = tty->driver->minor_start + tty->index; |
| 312 | if (buf->major != major || buf->minor != minor | 288 | if (buf->major != major || buf->minor != minor |
| 313 | || buf->icanon != icanon) { | 289 | || buf->icanon != icanon) { |
| 314 | tty_audit_buf_push_current(buf); | 290 | tty_audit_buf_push(buf); |
| 315 | buf->major = major; | 291 | buf->major = major; |
| 316 | buf->minor = minor; | 292 | buf->minor = minor; |
| 317 | buf->icanon = icanon; | 293 | buf->icanon = icanon; |
| @@ -327,7 +303,7 @@ void tty_audit_add_data(struct tty_struct *tty, unsigned char *data, | |||
| 327 | data += run; | 303 | data += run; |
| 328 | size -= run; | 304 | size -= run; |
| 329 | if (buf->valid == N_TTY_BUF_SIZE) | 305 | if (buf->valid == N_TTY_BUF_SIZE) |
| 330 | tty_audit_buf_push_current(buf); | 306 | tty_audit_buf_push(buf); |
| 331 | } while (size != 0); | 307 | } while (size != 0); |
| 332 | mutex_unlock(&buf->mutex); | 308 | mutex_unlock(&buf->mutex); |
| 333 | tty_audit_buf_put(buf); | 309 | tty_audit_buf_put(buf); |
| @@ -359,7 +335,7 @@ void tty_audit_push(struct tty_struct *tty) | |||
| 359 | minor = tty->driver->minor_start + tty->index; | 335 | minor = tty->driver->minor_start + tty->index; |
| 360 | mutex_lock(&buf->mutex); | 336 | mutex_lock(&buf->mutex); |
| 361 | if (buf->major == major && buf->minor == minor) | 337 | if (buf->major == major && buf->minor == minor) |
| 362 | tty_audit_buf_push_current(buf); | 338 | tty_audit_buf_push(buf); |
| 363 | mutex_unlock(&buf->mutex); | 339 | mutex_unlock(&buf->mutex); |
| 364 | tty_audit_buf_put(buf); | 340 | tty_audit_buf_put(buf); |
| 365 | } | 341 | } |