diff options
| author | Eric Paris <eparis@redhat.com> | 2008-04-18 10:09:25 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2008-04-28 06:18:03 -0400 |
| commit | 2532386f480eefbdd67b48be55fb4fb3e5a6081c (patch) | |
| tree | dd6a5a3c4116a67380a1336319c16632f04f80f9 /net/key | |
| parent | 436c405c7d19455a71f42c9bec5fd5e028f1eb4e (diff) | |
Audit: collect sessionid in netlink messages
Previously I added sessionid output to all audit messages where it was
available but we still didn't know the sessionid of the sender of
netlink messages. This patch adds that information to netlink messages
so we can audit who sent netlink messages.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'net/key')
| -rw-r--r-- | net/key/af_key.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/net/key/af_key.c b/net/key/af_key.c index 2403a31fe0f6..9e7236ff6bcc 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c | |||
| @@ -1498,7 +1498,8 @@ static int pfkey_add(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, | |||
| 1498 | err = xfrm_state_update(x); | 1498 | err = xfrm_state_update(x); |
| 1499 | 1499 | ||
| 1500 | xfrm_audit_state_add(x, err ? 0 : 1, | 1500 | xfrm_audit_state_add(x, err ? 0 : 1, |
| 1501 | audit_get_loginuid(current), 0); | 1501 | audit_get_loginuid(current), |
| 1502 | audit_get_sessionid(current), 0); | ||
| 1502 | 1503 | ||
| 1503 | if (err < 0) { | 1504 | if (err < 0) { |
| 1504 | x->km.state = XFRM_STATE_DEAD; | 1505 | x->km.state = XFRM_STATE_DEAD; |
| @@ -1552,7 +1553,8 @@ static int pfkey_delete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h | |||
| 1552 | km_state_notify(x, &c); | 1553 | km_state_notify(x, &c); |
| 1553 | out: | 1554 | out: |
| 1554 | xfrm_audit_state_delete(x, err ? 0 : 1, | 1555 | xfrm_audit_state_delete(x, err ? 0 : 1, |
| 1555 | audit_get_loginuid(current), 0); | 1556 | audit_get_loginuid(current), |
| 1557 | audit_get_sessionid(current), 0); | ||
| 1556 | xfrm_state_put(x); | 1558 | xfrm_state_put(x); |
| 1557 | 1559 | ||
| 1558 | return err; | 1560 | return err; |
| @@ -1728,6 +1730,7 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hd | |||
| 1728 | return -EINVAL; | 1730 | return -EINVAL; |
| 1729 | 1731 | ||
| 1730 | audit_info.loginuid = audit_get_loginuid(current); | 1732 | audit_info.loginuid = audit_get_loginuid(current); |
| 1733 | audit_info.sessionid = audit_get_sessionid(current); | ||
| 1731 | audit_info.secid = 0; | 1734 | audit_info.secid = 0; |
| 1732 | err = xfrm_state_flush(proto, &audit_info); | 1735 | err = xfrm_state_flush(proto, &audit_info); |
| 1733 | if (err) | 1736 | if (err) |
| @@ -2324,7 +2327,8 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h | |||
| 2324 | hdr->sadb_msg_type != SADB_X_SPDUPDATE); | 2327 | hdr->sadb_msg_type != SADB_X_SPDUPDATE); |
| 2325 | 2328 | ||
| 2326 | xfrm_audit_policy_add(xp, err ? 0 : 1, | 2329 | xfrm_audit_policy_add(xp, err ? 0 : 1, |
| 2327 | audit_get_loginuid(current), 0); | 2330 | audit_get_loginuid(current), |
| 2331 | audit_get_sessionid(current), 0); | ||
| 2328 | 2332 | ||
| 2329 | if (err) | 2333 | if (err) |
| 2330 | goto out; | 2334 | goto out; |
| @@ -2406,7 +2410,8 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg | |||
| 2406 | return -ENOENT; | 2410 | return -ENOENT; |
| 2407 | 2411 | ||
| 2408 | xfrm_audit_policy_delete(xp, err ? 0 : 1, | 2412 | xfrm_audit_policy_delete(xp, err ? 0 : 1, |
| 2409 | audit_get_loginuid(current), 0); | 2413 | audit_get_loginuid(current), |
| 2414 | audit_get_sessionid(current), 0); | ||
| 2410 | 2415 | ||
| 2411 | if (err) | 2416 | if (err) |
| 2412 | goto out; | 2417 | goto out; |
| @@ -2667,7 +2672,8 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h | |||
| 2667 | 2672 | ||
| 2668 | if (delete) { | 2673 | if (delete) { |
| 2669 | xfrm_audit_policy_delete(xp, err ? 0 : 1, | 2674 | xfrm_audit_policy_delete(xp, err ? 0 : 1, |
| 2670 | audit_get_loginuid(current), 0); | 2675 | audit_get_loginuid(current), |
| 2676 | audit_get_sessionid(current), 0); | ||
| 2671 | 2677 | ||
| 2672 | if (err) | 2678 | if (err) |
| 2673 | goto out; | 2679 | goto out; |
| @@ -2767,6 +2773,7 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg | |||
| 2767 | int err; | 2773 | int err; |
| 2768 | 2774 | ||
| 2769 | audit_info.loginuid = audit_get_loginuid(current); | 2775 | audit_info.loginuid = audit_get_loginuid(current); |
| 2776 | audit_info.sessionid = audit_get_sessionid(current); | ||
| 2770 | audit_info.secid = 0; | 2777 | audit_info.secid = 0; |
| 2771 | err = xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info); | 2778 | err = xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info); |
| 2772 | if (err) | 2779 | if (err) |