diff options
author | Joy Latten <latten@austin.ibm.com> | 2007-09-17 14:51:22 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-10 19:49:02 -0400 |
commit | ab5f5e8b144e4c804ef3aa1ce08a9ca9f01187ce (patch) | |
tree | bf3915a618b29f507d882e9c665ed9d07e7c0765 /net/key | |
parent | d2e9117c7aa9544d910634e17e3519fd67155229 (diff) |
[XFRM]: xfrm audit calls
This patch modifies the current ipsec audit layer
by breaking it up into purpose driven audit calls.
So far, the only audit calls made are when add/delete
an SA/policy. It had been discussed to give each
key manager it's own calls to do this, but I found
there to be much redundnacy since they did the exact
same things, except for how they got auid and sid, so I
combined them. The below audit calls can be made by any
key manager. Hopefully, this is ok.
Signed-off-by: Joy Latten <latten@austin.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/key')
-rw-r--r-- | net/key/af_key.c | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c index 17b2a6927f01..0241fff95137 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c | |||
@@ -27,7 +27,6 @@ | |||
27 | #include <linux/proc_fs.h> | 27 | #include <linux/proc_fs.h> |
28 | #include <linux/init.h> | 28 | #include <linux/init.h> |
29 | #include <net/xfrm.h> | 29 | #include <net/xfrm.h> |
30 | #include <linux/audit.h> | ||
31 | 30 | ||
32 | #include <net/sock.h> | 31 | #include <net/sock.h> |
33 | 32 | ||
@@ -1454,8 +1453,8 @@ static int pfkey_add(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, | |||
1454 | else | 1453 | else |
1455 | err = xfrm_state_update(x); | 1454 | err = xfrm_state_update(x); |
1456 | 1455 | ||
1457 | xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, | 1456 | xfrm_audit_state_add(x, err ? 0 : 1, |
1458 | AUDIT_MAC_IPSEC_ADDSA, err ? 0 : 1, NULL, x); | 1457 | audit_get_loginuid(current->audit_context), 0); |
1459 | 1458 | ||
1460 | if (err < 0) { | 1459 | if (err < 0) { |
1461 | x->km.state = XFRM_STATE_DEAD; | 1460 | x->km.state = XFRM_STATE_DEAD; |
@@ -1508,8 +1507,8 @@ static int pfkey_delete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h | |||
1508 | c.event = XFRM_MSG_DELSA; | 1507 | c.event = XFRM_MSG_DELSA; |
1509 | km_state_notify(x, &c); | 1508 | km_state_notify(x, &c); |
1510 | out: | 1509 | out: |
1511 | xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, | 1510 | xfrm_audit_state_delete(x, err ? 0 : 1, |
1512 | AUDIT_MAC_IPSEC_DELSA, err ? 0 : 1, NULL, x); | 1511 | audit_get_loginuid(current->audit_context), 0); |
1513 | xfrm_state_put(x); | 1512 | xfrm_state_put(x); |
1514 | 1513 | ||
1515 | return err; | 1514 | return err; |
@@ -2261,8 +2260,8 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h | |||
2261 | err = xfrm_policy_insert(pol->sadb_x_policy_dir-1, xp, | 2260 | err = xfrm_policy_insert(pol->sadb_x_policy_dir-1, xp, |
2262 | hdr->sadb_msg_type != SADB_X_SPDUPDATE); | 2261 | hdr->sadb_msg_type != SADB_X_SPDUPDATE); |
2263 | 2262 | ||
2264 | xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, | 2263 | xfrm_audit_policy_add(xp, err ? 0 : 1, |
2265 | AUDIT_MAC_IPSEC_ADDSPD, err ? 0 : 1, xp, NULL); | 2264 | audit_get_loginuid(current->audit_context), 0); |
2266 | 2265 | ||
2267 | if (err) | 2266 | if (err) |
2268 | goto out; | 2267 | goto out; |
@@ -2345,8 +2344,8 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg | |||
2345 | if (xp == NULL) | 2344 | if (xp == NULL) |
2346 | return -ENOENT; | 2345 | return -ENOENT; |
2347 | 2346 | ||
2348 | xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, | 2347 | xfrm_audit_policy_delete(xp, err ? 0 : 1, |
2349 | AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); | 2348 | audit_get_loginuid(current->audit_context), 0); |
2350 | 2349 | ||
2351 | if (err) | 2350 | if (err) |
2352 | goto out; | 2351 | goto out; |
@@ -2606,8 +2605,8 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h | |||
2606 | return -ENOENT; | 2605 | return -ENOENT; |
2607 | 2606 | ||
2608 | if (delete) { | 2607 | if (delete) { |
2609 | xfrm_audit_log(audit_get_loginuid(current->audit_context), 0, | 2608 | xfrm_audit_policy_delete(xp, err ? 0 : 1, |
2610 | AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL); | 2609 | audit_get_loginuid(current->audit_context), 0); |
2611 | 2610 | ||
2612 | if (err) | 2611 | if (err) |
2613 | goto out; | 2612 | goto out; |