audit: log AUDIT_TTY_SET config changes

Log transition of config changes when AUDIT_TTY_SET is called, including both enabled and log_passwd values now in the struct. Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
author: Richard Guy Briggs <rgb@redhat.com> 2013-11-15 11:29:02 -0500
committer: Eric Paris <eparis@redhat.com> 2014-01-13 22:31:15 -0500
commit: a06e56b2a11b5f7d5354b05988f97118c90580d2 (patch)
tree: 59b4f9bf0b0ea1764a97b39b0afcbb1a8ffd04b4 /kernel/audit.c
parent: 04ee1a3b8f0584099370f8501ac785fd5d2ed6ff (diff)
1 files changed, 26 insertions, 8 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 2dc757354693..fdb8528ceca3 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -989,20 +989,38 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                break;
        }
        case AUDIT_TTY_SET: {
-                struct audit_tty_status s;
+                struct audit_tty_status s, old;
                struct task_struct *tsk = current;
+                struct audit_buffer     *ab;
+                int res = 0;
+                spin_lock(&tsk->sighand->siglock);
+                old.enabled = tsk->signal->audit_tty;
+                old.log_passwd = tsk->signal->audit_tty_log_passwd;
+                spin_unlock(&tsk->sighand->siglock);
                memset(&s, 0, sizeof(s));
                /* guard against past and future API changes */
                memcpy(&s, data, min_t(size_t, sizeof(s), nlmsg_len(nlh)));
-                if ((s.enabled != 0 && s.enabled != 1) ||
+                if ((s.enabled == 0 || s.enabled == 1) &&
-                    (s.log_passwd != 0 && s.log_passwd != 1))
+                    (s.log_passwd == 0 || s.log_passwd == 1))
+                        res = 1;
+                audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE);
+                audit_log_format(ab, " op=tty_set"
+                                 " old-enabled=%d old-log_passwd=%d"
+                                 " new-enabled=%d new-log_passwd=%d"
+                                 " res=%d",
+                                 old.enabled, old.log_passwd,
+                                 s.enabled, s.log_passwd,
+                                 res);
+                audit_log_end(ab);
+                if (res) {
+                        spin_lock(&tsk->sighand->siglock);
+                        tsk->signal->audit_tty = s.enabled;
+                        tsk->signal->audit_tty_log_passwd = s.log_passwd;
+                        spin_unlock(&tsk->sighand->siglock);
+                } else
                        return -EINVAL;
-                spin_lock(&tsk->sighand->siglock);
-                tsk->signal->audit_tty = s.enabled;
-                tsk->signal->audit_tty_log_passwd = s.log_passwd;
-                spin_unlock(&tsk->sighand->siglock);
                break;
        }
        default:
author	Richard Guy Briggs <rgb@redhat.com>	2013-11-15 11:29:02 -0500
committer	Eric Paris <eparis@redhat.com>	2014-01-13 22:31:15 -0500
commit	a06e56b2a11b5f7d5354b05988f97118c90580d2 (patch)
tree	59b4f9bf0b0ea1764a97b39b0afcbb1a8ffd04b4 /kernel/audit.c
parent	04ee1a3b8f0584099370f8501ac785fd5d2ed6ff (diff)

diff --git a/kernel/audit.c b/kernel/audit.c index 2dc757354693..fdb8528ceca3 100644 --- a/kernel/audit.c +++ b/kernel/audit.c
@@ -989,20 +989,38 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
989	break;	989	break;
990	}	990	}
991	case AUDIT_TTY_SET: {	991	case AUDIT_TTY_SET: {
992	struct audit_tty_status s;	992	struct audit_tty_status s, old;
993	struct task_struct *tsk = current;	993	struct task_struct *tsk = current;
		994	struct audit_buffer *ab;
		995	int res = 0;
		996
		997	spin_lock(&tsk->sighand->siglock);
		998	old.enabled = tsk->signal->audit_tty;
		999	old.log_passwd = tsk->signal->audit_tty_log_passwd;
		1000	spin_unlock(&tsk->sighand->siglock);
994		1001
995	memset(&s, 0, sizeof(s));	1002	memset(&s, 0, sizeof(s));
996	/* guard against past and future API changes */	1003	/* guard against past and future API changes */
997	memcpy(&s, data, min_t(size_t, sizeof(s), nlmsg_len(nlh)));	1004	memcpy(&s, data, min_t(size_t, sizeof(s), nlmsg_len(nlh)));
998	if ((s.enabled != 0 && s.enabled != 1) \|\|	1005	if ((s.enabled == 0 \|\| s.enabled == 1) &&
999	(s.log_passwd != 0 && s.log_passwd != 1))	1006	(s.log_passwd == 0 \|\| s.log_passwd == 1))
		1007	res = 1;
		1008	audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE);
		1009	audit_log_format(ab, " op=tty_set"
		1010	" old-enabled=%d old-log_passwd=%d"
		1011	" new-enabled=%d new-log_passwd=%d"
		1012	" res=%d",
		1013	old.enabled, old.log_passwd,
		1014	s.enabled, s.log_passwd,
		1015	res);
		1016	audit_log_end(ab);
		1017	if (res) {
		1018	spin_lock(&tsk->sighand->siglock);
		1019	tsk->signal->audit_tty = s.enabled;
		1020	tsk->signal->audit_tty_log_passwd = s.log_passwd;
		1021	spin_unlock(&tsk->sighand->siglock);
		1022	} else
1000	return -EINVAL;	1023	return -EINVAL;
1001
1002	spin_lock(&tsk->sighand->siglock);
1003	tsk->signal->audit_tty = s.enabled;
1004	tsk->signal->audit_tty_log_passwd = s.log_passwd;
1005	spin_unlock(&tsk->sighand->siglock);
1006	break;	1024	break;
1007	}	1025	}
1008	default:	1026	default: