1 files changed, 345 insertions, 0 deletions
diff --git a/drivers/char/tty_audit.c b/drivers/char/tty_audit.c
new file mode 100644
index 000000000000..d222012c1b0c
--- /dev/null
+++ b/drivers/char/tty_audit.c
@@ -0,0 +1,345 @@
+/*
+ * Creating audit events from TTY input.
+ *
+ * Copyright (C) 2007 Red Hat, Inc.  All rights reserved.  This copyrighted
+ * material is made available to anyone wishing to use, modify, copy, or
+ * redistribute it subject to the terms and conditions of the GNU General
+ * Public License v.2.
+ *
+ * Authors: Miloslav Trmac <mitr@redhat.com>
+ */
+#include <linux/audit.h>
+#include <linux/file.h>
+#include <linux/tty.h>
+struct tty_audit_buf {
+        atomic_t count;
+        struct mutex mutex;     /* Protects all data below */
+        int major, minor;       /* The TTY which the data is from */
+        unsigned icanon:1;
+        size_t valid;
+        unsigned char *data;    /* Allocated size N_TTY_BUF_SIZE */
+};
+static struct tty_audit_buf *tty_audit_buf_alloc(int major, int minor,
+                                                 int icanon)
+{
+        struct tty_audit_buf *buf;
+        buf = kmalloc(sizeof (*buf), GFP_KERNEL);
+        if (!buf)
+                goto err;
+        if (PAGE_SIZE != N_TTY_BUF_SIZE)
+                buf->data = kmalloc(N_TTY_BUF_SIZE, GFP_KERNEL);
+        else
+                buf->data = (unsigned char *)__get_free_page(GFP_KERNEL);
+        if (!buf->data)
+                goto err_buf;
+        atomic_set(&buf->count, 1);
+        mutex_init(&buf->mutex);
+        buf->major = major;
+        buf->minor = minor;
+        buf->icanon = icanon;
+        buf->valid = 0;
+        return buf;
+err_buf:
+        kfree(buf);
+err:
+        return NULL;
+}
+static void tty_audit_buf_free(struct tty_audit_buf *buf)
+{
+        WARN_ON(buf->valid != 0);
+        if (PAGE_SIZE != N_TTY_BUF_SIZE)
+                kfree(buf->data);
+        else
+                free_page((unsigned long)buf->data);
+        kfree(buf);
+}
+static void tty_audit_buf_put(struct tty_audit_buf *buf)
+{
+        if (atomic_dec_and_test(&buf->count))
+                tty_audit_buf_free(buf);
+}
+/**
+ *      tty_audit_buf_push      -       Push buffered data out
+ *
+ *      Generate an audit message from the contents of @buf, which is owned by
+ *      @tsk with @loginuid.  @buf->mutex must be locked.
+ */
+static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
+                               struct tty_audit_buf *buf)
+{
+        struct audit_buffer *ab;
+        if (buf->valid == 0)
+                return;
+        if (audit_enabled == 0)
+                return;
+        ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY);
+        if (ab) {
+                char name[sizeof(tsk->comm)];
+                audit_log_format(ab, "tty pid=%u uid=%u auid=%u major=%d "
+                                 "minor=%d comm=", tsk->pid, tsk->uid,
+                                 loginuid, buf->major, buf->minor);
+                get_task_comm(name, tsk);
+                audit_log_untrustedstring(ab, name);
+                audit_log_format(ab, " data=");
+                audit_log_n_untrustedstring(ab, buf->valid, buf->data);
+                audit_log_end(ab);
+        }
+        buf->valid = 0;
+}
+/**
+ *      tty_audit_buf_push_current      -       Push buffered data out
+ *
+ *      Generate an audit message from the contents of @buf, which is owned by
+ *      the current task.  @buf->mutex must be locked.
+ */
+static void tty_audit_buf_push_current(struct tty_audit_buf *buf)
+{
+        tty_audit_buf_push(current, audit_get_loginuid(current->audit_context),
+                           buf);
+}
+/**
+ *      tty_audit_exit  -       Handle a task exit
+ *
+ *      Make sure all buffered data is written out and deallocate the buffer.
+ *      Only needs to be called if current->signal->tty_audit_buf != %NULL.
+ */
+void tty_audit_exit(void)
+{
+        struct tty_audit_buf *buf;
+        spin_lock_irq(&current->sighand->siglock);
+        buf = current->signal->tty_audit_buf;
+        current->signal->tty_audit_buf = NULL;
+        spin_unlock_irq(&current->sighand->siglock);
+        if (!buf)
+                return;
+        mutex_lock(&buf->mutex);
+        tty_audit_buf_push_current(buf);
+        mutex_unlock(&buf->mutex);
+        tty_audit_buf_put(buf);
+}
+/**
+ *      tty_audit_fork  -       Copy TTY audit state for a new task
+ *
+ *      Set up TTY audit state in @sig from current.  @sig needs no locking.
+ */
+void tty_audit_fork(struct signal_struct *sig)
+{
+        spin_lock_irq(&current->sighand->siglock);
+        sig->audit_tty = current->signal->audit_tty;
+        spin_unlock_irq(&current->sighand->siglock);
+        sig->tty_audit_buf = NULL;
+}
+/**
+ *      tty_audit_push_task     -       Flush task's pending audit data
+ */
+void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid)
+{
+        struct tty_audit_buf *buf;
+        spin_lock_irq(&tsk->sighand->siglock);
+        buf = tsk->signal->tty_audit_buf;
+        if (buf)
+                atomic_inc(&buf->count);
+        spin_unlock_irq(&tsk->sighand->siglock);
+        if (!buf)
+                return;
+        mutex_lock(&buf->mutex);
+        tty_audit_buf_push(tsk, loginuid, buf);
+        mutex_unlock(&buf->mutex);
+        tty_audit_buf_put(buf);
+}
+/**
+ *      tty_audit_buf_get       -       Get an audit buffer.
+ *
+ *      Get an audit buffer for @tty, allocate it if necessary.  Return %NULL
+ *      if TTY auditing is disabled or out of memory.  Otherwise, return a new
+ *      reference to the buffer.
+ */
+static struct tty_audit_buf *tty_audit_buf_get(struct tty_struct *tty)
+{
+        struct tty_audit_buf *buf, *buf2;
+        buf = NULL;
+        buf2 = NULL;
+        spin_lock_irq(&current->sighand->siglock);
+        if (likely(!current->signal->audit_tty))
+                goto out;
+        buf = current->signal->tty_audit_buf;
+        if (buf) {
+                atomic_inc(&buf->count);
+                goto out;
+        }
+        spin_unlock_irq(&current->sighand->siglock);
+        buf2 = tty_audit_buf_alloc(tty->driver->major,
+                                   tty->driver->minor_start + tty->index,
+                                   tty->icanon);
+        if (buf2 == NULL) {
+                audit_log_lost("out of memory in TTY auditing");
+                return NULL;
+        }
+        spin_lock_irq(&current->sighand->siglock);
+        if (!current->signal->audit_tty)
+                goto out;
+        buf = current->signal->tty_audit_buf;
+        if (!buf) {
+                current->signal->tty_audit_buf = buf2;
+                buf = buf2;
+                buf2 = NULL;
+        }
+        atomic_inc(&buf->count);
+        /* Fall through */
+ out:
+        spin_unlock_irq(&current->sighand->siglock);
+        if (buf2)
+                tty_audit_buf_free(buf2);
+        return buf;
+}
+/**
+ *      tty_audit_add_data      -       Add data for TTY auditing.
+ *
+ *      Audit @data of @size from @tty, if necessary.
+ */
+void tty_audit_add_data(struct tty_struct *tty, unsigned char *data,
+                        size_t size)
+{
+        struct tty_audit_buf *buf;
+        int major, minor;
+        if (unlikely(size == 0))
+                return;
+        buf = tty_audit_buf_get(tty);
+        if (!buf)
+                return;
+        mutex_lock(&buf->mutex);
+        major = tty->driver->major;
+        minor = tty->driver->minor_start + tty->index;
+        if (buf->major != major || buf->minor != minor
+            || buf->icanon != tty->icanon) {
+                tty_audit_buf_push_current(buf);
+                buf->major = major;
+                buf->minor = minor;
+                buf->icanon = tty->icanon;
+        }
+        do {
+                size_t run;
+                run = N_TTY_BUF_SIZE - buf->valid;
+                if (run > size)
+                        run = size;
+                memcpy(buf->data + buf->valid, data, run);
+                buf->valid += run;
+                data += run;
+                size -= run;
+                if (buf->valid == N_TTY_BUF_SIZE)
+                        tty_audit_buf_push_current(buf);
+        } while (size != 0);
+        mutex_unlock(&buf->mutex);
+        tty_audit_buf_put(buf);
+}
+/**
+ *      tty_audit_push  -       Push buffered data out
+ *
+ *      Make sure no audit data is pending for @tty on the current process.
+ */
+void tty_audit_push(struct tty_struct *tty)
+{
+        struct tty_audit_buf *buf;
+        spin_lock_irq(&current->sighand->siglock);
+        if (likely(!current->signal->audit_tty)) {
+                spin_unlock_irq(&current->sighand->siglock);
+                return;
+        }
+        buf = current->signal->tty_audit_buf;
+        if (buf)
+                atomic_inc(&buf->count);
+        spin_unlock_irq(&current->sighand->siglock);
+        if (buf) {
+                int major, minor;
+                major = tty->driver->major;
+                minor = tty->driver->minor_start + tty->index;
+                mutex_lock(&buf->mutex);
+                if (buf->major == major && buf->minor == minor)
+                        tty_audit_buf_push_current(buf);
+                mutex_unlock(&buf->mutex);
+                tty_audit_buf_put(buf);
+        }
+}
+/**
+ *      tty_audit_opening       -       A TTY is being opened.
+ *
+ *      As a special hack, tasks that close all their TTYs and open new ones
+ *      are assumed to be system daemons (e.g. getty) and auditing is
+ *      automatically disabled for them.
+ */
+void tty_audit_opening(void)
+{
+        int disable;
+        disable = 1;
+        spin_lock_irq(&current->sighand->siglock);
+        if (current->signal->audit_tty == 0)
+                disable = 0;
+        spin_unlock_irq(&current->sighand->siglock);
+        if (!disable)
+                return;
+        task_lock(current);
+        if (current->files) {
+                struct fdtable *fdt;
+                unsigned i;
+                /*
+                 * We don't take a ref to the file, so we must hold ->file_lock
+                 * instead.
+                 */
+                spin_lock(&current->files->file_lock);
+                fdt = files_fdtable(current->files);
+                for (i = 0; i < fdt->max_fds; i++) {
+                        struct file *filp;
+                        filp = fcheck_files(current->files, i);
+                        if (filp && is_tty(filp)) {
+                                disable = 0;
+                                break;
+                        }
+                }
+                spin_unlock(&current->files->file_lock);
+        }
+        task_unlock(current);
+        if (!disable)
+                return;
+        spin_lock_irq(&current->sighand->siglock);
+        current->signal->audit_tty = 0;
+        spin_unlock_irq(&current->sighand->siglock);
+}

diff --git a/drivers/char/tty_audit.c b/drivers/char/tty_audit.c new file mode 100644 index 000000000000..d222012c1b0c --- /dev/null +++ b/drivers/char/tty_audit.c
@@ -0,0 +1,345 @@
	1	/*
	2	* Creating audit events from TTY input.
	3	*
	4	* Copyright (C) 2007 Red Hat, Inc. All rights reserved. This copyrighted
	5	* material is made available to anyone wishing to use, modify, copy, or
	6	* redistribute it subject to the terms and conditions of the GNU General
	7	* Public License v.2.
	8	*
	9	* Authors: Miloslav Trmac <mitr@redhat.com>
	10	*/
	11
	12	#include <linux/audit.h>
	13	#include <linux/file.h>
	14	#include <linux/tty.h>
	15
	16	struct tty_audit_buf {
	17	atomic_t count;
	18	struct mutex mutex; /* Protects all data below */
	19	int major, minor; /* The TTY which the data is from */
	20	unsigned icanon:1;
	21	size_t valid;
	22	unsigned char data; / Allocated size N_TTY_BUF_SIZE */
	23	};
	24
	25	static struct tty_audit_buf *tty_audit_buf_alloc(int major, int minor,
	26	int icanon)
	27	{
	28	struct tty_audit_buf *buf;
	29
	30	buf = kmalloc(sizeof (*buf), GFP_KERNEL);
	31	if (!buf)
	32	goto err;
	33	if (PAGE_SIZE != N_TTY_BUF_SIZE)
	34	buf->data = kmalloc(N_TTY_BUF_SIZE, GFP_KERNEL);
	35	else
	36	buf->data = (unsigned char *)__get_free_page(GFP_KERNEL);
	37	if (!buf->data)
	38	goto err_buf;
	39	atomic_set(&buf->count, 1);
	40	mutex_init(&buf->mutex);
	41	buf->major = major;
	42	buf->minor = minor;
	43	buf->icanon = icanon;
	44	buf->valid = 0;
	45	return buf;
	46
	47	err_buf:
	48	kfree(buf);
	49	err:
	50	return NULL;
	51	}
	52
	53	static void tty_audit_buf_free(struct tty_audit_buf *buf)
	54	{
	55	WARN_ON(buf->valid != 0);
	56	if (PAGE_SIZE != N_TTY_BUF_SIZE)
	57	kfree(buf->data);
	58	else
	59	free_page((unsigned long)buf->data);
	60	kfree(buf);
	61	}
	62
	63	static void tty_audit_buf_put(struct tty_audit_buf *buf)
	64	{
	65	if (atomic_dec_and_test(&buf->count))
	66	tty_audit_buf_free(buf);
	67	}
	68
	69	/**
	70	* tty_audit_buf_push - Push buffered data out
	71	*
	72	* Generate an audit message from the contents of @buf, which is owned by
	73	* @tsk with @loginuid. @buf->mutex must be locked.
	74	*/
	75	static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
	76	struct tty_audit_buf *buf)
	77	{
	78	struct audit_buffer *ab;
	79
	80	if (buf->valid == 0)
	81	return;
	82	if (audit_enabled == 0)
	83	return;
	84	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY);
	85	if (ab) {
	86	char name[sizeof(tsk->comm)];
	87
	88	audit_log_format(ab, "tty pid=%u uid=%u auid=%u major=%d "
	89	"minor=%d comm=", tsk->pid, tsk->uid,
	90	loginuid, buf->major, buf->minor);
	91	get_task_comm(name, tsk);
	92	audit_log_untrustedstring(ab, name);
	93	audit_log_format(ab, " data=");
	94	audit_log_n_untrustedstring(ab, buf->valid, buf->data);
	95	audit_log_end(ab);
	96	}
	97	buf->valid = 0;
	98	}
	99
	100	/**
	101	* tty_audit_buf_push_current - Push buffered data out
	102	*
	103	* Generate an audit message from the contents of @buf, which is owned by
	104	* the current task. @buf->mutex must be locked.
	105	*/
	106	static void tty_audit_buf_push_current(struct tty_audit_buf *buf)
	107	{
	108	tty_audit_buf_push(current, audit_get_loginuid(current->audit_context),
	109	buf);
	110	}
	111
	112	/**
	113	* tty_audit_exit - Handle a task exit
	114	*
	115	* Make sure all buffered data is written out and deallocate the buffer.
	116	* Only needs to be called if current->signal->tty_audit_buf != %NULL.
	117	*/
	118	void tty_audit_exit(void)
	119	{
	120	struct tty_audit_buf *buf;
	121
	122	spin_lock_irq(&current->sighand->siglock);
	123	buf = current->signal->tty_audit_buf;
	124	current->signal->tty_audit_buf = NULL;
	125	spin_unlock_irq(&current->sighand->siglock);
	126	if (!buf)
	127	return;
	128
	129	mutex_lock(&buf->mutex);
	130	tty_audit_buf_push_current(buf);
	131	mutex_unlock(&buf->mutex);
	132
	133	tty_audit_buf_put(buf);
	134	}
	135
	136	/**
	137	* tty_audit_fork - Copy TTY audit state for a new task
	138	*
	139	* Set up TTY audit state in @sig from current. @sig needs no locking.
	140	*/
	141	void tty_audit_fork(struct signal_struct *sig)
	142	{
	143	spin_lock_irq(&current->sighand->siglock);
	144	sig->audit_tty = current->signal->audit_tty;
	145	spin_unlock_irq(&current->sighand->siglock);
	146	sig->tty_audit_buf = NULL;
	147	}
	148
	149	/**
	150	* tty_audit_push_task - Flush task's pending audit data
	151	*/
	152	void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid)
	153	{
	154	struct tty_audit_buf *buf;
	155
	156	spin_lock_irq(&tsk->sighand->siglock);
	157	buf = tsk->signal->tty_audit_buf;
	158	if (buf)
	159	atomic_inc(&buf->count);
	160	spin_unlock_irq(&tsk->sighand->siglock);
	161	if (!buf)
	162	return;
	163
	164	mutex_lock(&buf->mutex);
	165	tty_audit_buf_push(tsk, loginuid, buf);
	166	mutex_unlock(&buf->mutex);
	167
	168	tty_audit_buf_put(buf);
	169	}
	170
	171	/**
	172	* tty_audit_buf_get - Get an audit buffer.
	173	*
	174	* Get an audit buffer for @tty, allocate it if necessary. Return %NULL
	175	* if TTY auditing is disabled or out of memory. Otherwise, return a new
	176	* reference to the buffer.
	177	*/
	178	static struct tty_audit_buf tty_audit_buf_get(struct tty_struct tty)
	179	{
	180	struct tty_audit_buf buf, buf2;
	181
	182	buf = NULL;
	183	buf2 = NULL;
	184	spin_lock_irq(&current->sighand->siglock);
	185	if (likely(!current->signal->audit_tty))
	186	goto out;
	187	buf = current->signal->tty_audit_buf;
	188	if (buf) {
	189	atomic_inc(&buf->count);
	190	goto out;
	191	}
	192	spin_unlock_irq(&current->sighand->siglock);
	193
	194	buf2 = tty_audit_buf_alloc(tty->driver->major,
	195	tty->driver->minor_start + tty->index,
	196	tty->icanon);
	197	if (buf2 == NULL) {
	198	audit_log_lost("out of memory in TTY auditing");
	199	return NULL;
	200	}
	201
	202	spin_lock_irq(&current->sighand->siglock);
	203	if (!current->signal->audit_tty)
	204	goto out;
	205	buf = current->signal->tty_audit_buf;
	206	if (!buf) {
	207	current->signal->tty_audit_buf = buf2;
	208	buf = buf2;
	209	buf2 = NULL;
	210	}
	211	atomic_inc(&buf->count);
	212	/* Fall through */
	213	out:
	214	spin_unlock_irq(&current->sighand->siglock);
	215	if (buf2)
	216	tty_audit_buf_free(buf2);
	217	return buf;
	218	}
	219
	220	/**
	221	* tty_audit_add_data - Add data for TTY auditing.
	222	*
	223	* Audit @data of @size from @tty, if necessary.
	224	*/
	225	void tty_audit_add_data(struct tty_struct tty, unsigned char data,
	226	size_t size)
	227	{
	228	struct tty_audit_buf *buf;
	229	int major, minor;
	230
	231	if (unlikely(size == 0))
	232	return;
	233
	234	buf = tty_audit_buf_get(tty);
	235	if (!buf)
	236	return;
	237
	238	mutex_lock(&buf->mutex);
	239	major = tty->driver->major;
	240	minor = tty->driver->minor_start + tty->index;
	241	if (buf->major != major \|\| buf->minor != minor
	242	\|\| buf->icanon != tty->icanon) {
	243	tty_audit_buf_push_current(buf);
	244	buf->major = major;
	245	buf->minor = minor;
	246	buf->icanon = tty->icanon;
	247	}
	248	do {
	249	size_t run;
	250
	251	run = N_TTY_BUF_SIZE - buf->valid;
	252	if (run > size)
	253	run = size;
	254	memcpy(buf->data + buf->valid, data, run);
	255	buf->valid += run;
	256	data += run;
	257	size -= run;
	258	if (buf->valid == N_TTY_BUF_SIZE)
	259	tty_audit_buf_push_current(buf);
	260	} while (size != 0);
	261	mutex_unlock(&buf->mutex);
	262	tty_audit_buf_put(buf);
	263	}
	264
	265	/**
	266	* tty_audit_push - Push buffered data out
	267	*
	268	* Make sure no audit data is pending for @tty on the current process.
	269	*/
	270	void tty_audit_push(struct tty_struct *tty)
	271	{
	272	struct tty_audit_buf *buf;
	273
	274	spin_lock_irq(&current->sighand->siglock);
	275	if (likely(!current->signal->audit_tty)) {
	276	spin_unlock_irq(&current->sighand->siglock);
	277	return;
	278	}
	279	buf = current->signal->tty_audit_buf;
	280	if (buf)
	281	atomic_inc(&buf->count);
	282	spin_unlock_irq(&current->sighand->siglock);
	283
	284	if (buf) {
	285	int major, minor;
	286
	287	major = tty->driver->major;
	288	minor = tty->driver->minor_start + tty->index;
	289	mutex_lock(&buf->mutex);
	290	if (buf->major == major && buf->minor == minor)
	291	tty_audit_buf_push_current(buf);
	292	mutex_unlock(&buf->mutex);
	293	tty_audit_buf_put(buf);
	294	}
	295	}
	296
	297	/**
	298	* tty_audit_opening - A TTY is being opened.
	299	*
	300	* As a special hack, tasks that close all their TTYs and open new ones
	301	* are assumed to be system daemons (e.g. getty) and auditing is
	302	* automatically disabled for them.
	303	*/
	304	void tty_audit_opening(void)
	305	{
	306	int disable;
	307
	308	disable = 1;
	309	spin_lock_irq(&current->sighand->siglock);
	310	if (current->signal->audit_tty == 0)
	311	disable = 0;
	312	spin_unlock_irq(&current->sighand->siglock);
	313	if (!disable)
	314	return;
	315
	316	task_lock(current);
	317	if (current->files) {
	318	struct fdtable *fdt;
	319	unsigned i;
	320
	321	/*
	322	* We don't take a ref to the file, so we must hold ->file_lock
	323	* instead.
	324	*/
	325	spin_lock(&current->files->file_lock);
	326	fdt = files_fdtable(current->files);
	327	for (i = 0; i < fdt->max_fds; i++) {
	328	struct file *filp;
	329
	330	filp = fcheck_files(current->files, i);
	331	if (filp && is_tty(filp)) {
	332	disable = 0;
	333	break;
	334	}
	335	}
	336	spin_unlock(&current->files->file_lock);
	337	}
	338	task_unlock(current);
	339	if (!disable)
	340	return;
	341
	342	spin_lock_irq(&current->sighand->siglock);
	343	current->signal->audit_tty = 0;
	344	spin_unlock_irq(&current->sighand->siglock);
	345	}