[NetLabel]: audit fixups due to delayed feedback

Fix some issues Steve Grubb had with the way NetLabel was using the audit subsystem. This should make NetLabel more consistent with other kernel generated audit messages specifying configuration changes. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Paul Moore <paul.moore@hp.com> 2006-09-29 20:05:05 -0400
committer: David S. Miller <davem@davemloft.net> 2006-09-29 20:05:05 -0400
commit: 95d4e6be25a68cd9fbe8c0d356b585504d8db1c7 (patch)
tree: 2133c970e6786bdf82004ace225b6bca19b9ddba /net/netlabel/netlabel_cipso_v4.c
parent: d6c641026dec68acfb4b0baa98aad960e963ed97 (diff)
1 files changed, 29 insertions, 19 deletions
diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c
index 09986ca962a6..a6ce1d6d5c59 100644
--- a/net/netlabel/netlabel_cipso_v4.c
+++ b/net/netlabel/netlabel_cipso_v4.c
@@ -384,11 +384,15 @@ static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info)
        u32 doi;
        const char *type_str = "(unknown)";
        struct audit_buffer *audit_buf;
+        struct netlbl_audit audit_info;
        if (!info->attrs[NLBL_CIPSOV4_A_DOI] ||
            !info->attrs[NLBL_CIPSOV4_A_MTYPE])
                return -EINVAL;
+        doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
+        netlbl_netlink_auditinfo(skb, &audit_info);
        type = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_MTYPE]);
        switch (type) {
        case CIPSO_V4_MAP_STD:
@@ -401,13 +405,14 @@ static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info)
                break;
        }
-        if (ret_val == 0) {
+        audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD,
-                doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
+                                              &audit_info);
-                audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD,
+        audit_log_format(audit_buf,
-                                                      NETLINK_CB(skb).sid);
+                         " cipso_doi=%u cipso_type=%s res=%u",
-                audit_log_format(audit_buf, " doi=%u type=%s", doi, type_str);
+                         doi,
-                audit_log_end(audit_buf);
+                         type_str,
-        }
+                         ret_val == 0 ? 1 : 0);
+        audit_log_end(audit_buf);
        return ret_val;
 }
@@ -668,20 +673,25 @@ static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info)
        int ret_val = -EINVAL;
        u32 doi = 0;
        struct audit_buffer *audit_buf;
+        struct netlbl_audit audit_info;
-        if (info->attrs[NLBL_CIPSOV4_A_DOI]) {
+        if (!info->attrs[NLBL_CIPSOV4_A_DOI])
-                doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
+                return -EINVAL;
-                ret_val = cipso_v4_doi_remove(doi,
-                                              NETLINK_CB(skb).sid,
-                                              netlbl_cipsov4_doi_free);
-        }
-        if (ret_val == 0) {
+        doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
-                audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL,
+        netlbl_netlink_auditinfo(skb, &audit_info);
-                                                      NETLINK_CB(skb).sid);
-                audit_log_format(audit_buf, " doi=%u", doi);
+        ret_val = cipso_v4_doi_remove(doi,
-                audit_log_end(audit_buf);
+                                      &audit_info,
-        }
+                                      netlbl_cipsov4_doi_free);
+        audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL,
+                                              &audit_info);
+        audit_log_format(audit_buf,
+                         " cipso_doi=%u res=%u",
+                         doi,
+                         ret_val == 0 ? 1 : 0);
+        audit_log_end(audit_buf);
        return ret_val;
 }
author	Paul Moore <paul.moore@hp.com>	2006-09-29 20:05:05 -0400
committer	David S. Miller <davem@davemloft.net>	2006-09-29 20:05:05 -0400
commit	95d4e6be25a68cd9fbe8c0d356b585504d8db1c7 (patch)
tree	2133c970e6786bdf82004ace225b6bca19b9ddba /net/netlabel/netlabel_cipso_v4.c
parent	d6c641026dec68acfb4b0baa98aad960e963ed97 (diff)

diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c index 09986ca962a6..a6ce1d6d5c59 100644 --- a/net/netlabel/netlabel_cipso_v4.c +++ b/net/netlabel/netlabel_cipso_v4.c
@@ -384,11 +384,15 @@ static int netlbl_cipsov4_add(struct sk_buff skb, struct genl_info info)
384	u32 doi;	384	u32 doi;
385	const char *type_str = "(unknown)";	385	const char *type_str = "(unknown)";
386	struct audit_buffer *audit_buf;	386	struct audit_buffer *audit_buf;
		387	struct netlbl_audit audit_info;
387		388
388	if (!info->attrs[NLBL_CIPSOV4_A_DOI] \|\|	389	if (!info->attrs[NLBL_CIPSOV4_A_DOI] \|\|
389	!info->attrs[NLBL_CIPSOV4_A_MTYPE])	390	!info->attrs[NLBL_CIPSOV4_A_MTYPE])
390	return -EINVAL;	391	return -EINVAL;
391		392
		393	doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
		394	netlbl_netlink_auditinfo(skb, &audit_info);
		395
392	type = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_MTYPE]);	396	type = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_MTYPE]);
393	switch (type) {	397	switch (type) {
394	case CIPSO_V4_MAP_STD:	398	case CIPSO_V4_MAP_STD:
@@ -401,13 +405,14 @@ static int netlbl_cipsov4_add(struct sk_buff skb, struct genl_info info)
401	break;	405	break;
402	}	406	}
403		407
404	if (ret_val == 0) {	408	audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD,
405	doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);	409	&audit_info);
406	audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD,	410	audit_log_format(audit_buf,
407	NETLINK_CB(skb).sid);	411	" cipso_doi=%u cipso_type=%s res=%u",
408	audit_log_format(audit_buf, " doi=%u type=%s", doi, type_str);	412	doi,
409	audit_log_end(audit_buf);	413	type_str,
410	}	414	ret_val == 0 ? 1 : 0);
		415	audit_log_end(audit_buf);
411		416
412	return ret_val;	417	return ret_val;
413	}	418	}
@@ -668,20 +673,25 @@ static int netlbl_cipsov4_remove(struct sk_buff skb, struct genl_info info)
668	int ret_val = -EINVAL;	673	int ret_val = -EINVAL;
669	u32 doi = 0;	674	u32 doi = 0;
670	struct audit_buffer *audit_buf;	675	struct audit_buffer *audit_buf;
		676	struct netlbl_audit audit_info;
671		677
672	if (info->attrs[NLBL_CIPSOV4_A_DOI]) {	678	if (!info->attrs[NLBL_CIPSOV4_A_DOI])
673	doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);	679	return -EINVAL;
674	ret_val = cipso_v4_doi_remove(doi,
675	NETLINK_CB(skb).sid,
676	netlbl_cipsov4_doi_free);
677	}
678		680
679	if (ret_val == 0) {	681	doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);
680	audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL,	682	netlbl_netlink_auditinfo(skb, &audit_info);
681	NETLINK_CB(skb).sid);	683
682	audit_log_format(audit_buf, " doi=%u", doi);	684	ret_val = cipso_v4_doi_remove(doi,
683	audit_log_end(audit_buf);	685	&audit_info,
684	}	686	netlbl_cipsov4_doi_free);
		687
		688	audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL,
		689	&audit_info);
		690	audit_log_format(audit_buf,
		691	" cipso_doi=%u res=%u",
		692	doi,
		693	ret_val == 0 ? 1 : 0);
		694	audit_log_end(audit_buf);
685		695
686	return ret_val;	696	return ret_val;
687	}	697	}