diff options
Diffstat (limited to 'kernel/audit.c')
| -rw-r--r-- | kernel/audit.c | 46 |
1 files changed, 25 insertions, 21 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index 58c7d7e47299..587d3b2eba7f 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -239,36 +239,36 @@ void audit_log_lost(const char *message) | |||
| 239 | 239 | ||
| 240 | } | 240 | } |
| 241 | 241 | ||
| 242 | static int audit_set_rate_limit(int limit) | 242 | static int audit_set_rate_limit(int limit, uid_t loginuid) |
| 243 | { | 243 | { |
| 244 | int old = audit_rate_limit; | 244 | int old = audit_rate_limit; |
| 245 | audit_rate_limit = limit; | 245 | audit_rate_limit = limit; |
| 246 | audit_log(current->audit_context, "audit_rate_limit=%d old=%d", | 246 | audit_log(NULL, "audit_rate_limit=%d old=%d by auid %u", |
| 247 | audit_rate_limit, old); | 247 | audit_rate_limit, old, loginuid); |
| 248 | return old; | 248 | return old; |
| 249 | } | 249 | } |
| 250 | 250 | ||
| 251 | static int audit_set_backlog_limit(int limit) | 251 | static int audit_set_backlog_limit(int limit, uid_t loginuid) |
| 252 | { | 252 | { |
| 253 | int old = audit_backlog_limit; | 253 | int old = audit_backlog_limit; |
| 254 | audit_backlog_limit = limit; | 254 | audit_backlog_limit = limit; |
| 255 | audit_log(current->audit_context, "audit_backlog_limit=%d old=%d", | 255 | audit_log(NULL, "audit_backlog_limit=%d old=%d by auid %u", |
| 256 | audit_backlog_limit, old); | 256 | audit_backlog_limit, old, loginuid); |
| 257 | return old; | 257 | return old; |
| 258 | } | 258 | } |
| 259 | 259 | ||
| 260 | static int audit_set_enabled(int state) | 260 | static int audit_set_enabled(int state, uid_t loginuid) |
| 261 | { | 261 | { |
| 262 | int old = audit_enabled; | 262 | int old = audit_enabled; |
| 263 | if (state != 0 && state != 1) | 263 | if (state != 0 && state != 1) |
| 264 | return -EINVAL; | 264 | return -EINVAL; |
| 265 | audit_enabled = state; | 265 | audit_enabled = state; |
| 266 | audit_log(current->audit_context, "audit_enabled=%d old=%d", | 266 | audit_log(NULL, "audit_enabled=%d old=%d by auid %u", |
| 267 | audit_enabled, old); | 267 | audit_enabled, old, loginuid); |
| 268 | return old; | 268 | return old; |
| 269 | } | 269 | } |
| 270 | 270 | ||
| 271 | static int audit_set_failure(int state) | 271 | static int audit_set_failure(int state, uid_t loginuid) |
| 272 | { | 272 | { |
| 273 | int old = audit_failure; | 273 | int old = audit_failure; |
| 274 | if (state != AUDIT_FAIL_SILENT | 274 | if (state != AUDIT_FAIL_SILENT |
| @@ -276,8 +276,8 @@ static int audit_set_failure(int state) | |||
| 276 | && state != AUDIT_FAIL_PANIC) | 276 | && state != AUDIT_FAIL_PANIC) |
| 277 | return -EINVAL; | 277 | return -EINVAL; |
| 278 | audit_failure = state; | 278 | audit_failure = state; |
| 279 | audit_log(current->audit_context, "audit_failure=%d old=%d", | 279 | audit_log(NULL, "audit_failure=%d old=%d by auid %u", |
| 280 | audit_failure, old); | 280 | audit_failure, old, loginuid); |
| 281 | return old; | 281 | return old; |
| 282 | } | 282 | } |
| 283 | 283 | ||
| @@ -344,6 +344,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 344 | int err; | 344 | int err; |
| 345 | struct audit_buffer *ab; | 345 | struct audit_buffer *ab; |
| 346 | u16 msg_type = nlh->nlmsg_type; | 346 | u16 msg_type = nlh->nlmsg_type; |
| 347 | uid_t loginuid; /* loginuid of sender */ | ||
| 347 | 348 | ||
| 348 | err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type); | 349 | err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type); |
| 349 | if (err) | 350 | if (err) |
| @@ -351,6 +352,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 351 | 352 | ||
| 352 | pid = NETLINK_CREDS(skb)->pid; | 353 | pid = NETLINK_CREDS(skb)->pid; |
| 353 | uid = NETLINK_CREDS(skb)->uid; | 354 | uid = NETLINK_CREDS(skb)->uid; |
| 355 | loginuid = NETLINK_CB(skb).loginuid; | ||
| 354 | seq = nlh->nlmsg_seq; | 356 | seq = nlh->nlmsg_seq; |
| 355 | data = NLMSG_DATA(nlh); | 357 | data = NLMSG_DATA(nlh); |
| 356 | 358 | ||
| @@ -371,34 +373,36 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 371 | return -EINVAL; | 373 | return -EINVAL; |
| 372 | status_get = (struct audit_status *)data; | 374 | status_get = (struct audit_status *)data; |
| 373 | if (status_get->mask & AUDIT_STATUS_ENABLED) { | 375 | if (status_get->mask & AUDIT_STATUS_ENABLED) { |
| 374 | err = audit_set_enabled(status_get->enabled); | 376 | err = audit_set_enabled(status_get->enabled, loginuid); |
| 375 | if (err < 0) return err; | 377 | if (err < 0) return err; |
| 376 | } | 378 | } |
| 377 | if (status_get->mask & AUDIT_STATUS_FAILURE) { | 379 | if (status_get->mask & AUDIT_STATUS_FAILURE) { |
| 378 | err = audit_set_failure(status_get->failure); | 380 | err = audit_set_failure(status_get->failure, loginuid); |
| 379 | if (err < 0) return err; | 381 | if (err < 0) return err; |
| 380 | } | 382 | } |
| 381 | if (status_get->mask & AUDIT_STATUS_PID) { | 383 | if (status_get->mask & AUDIT_STATUS_PID) { |
| 382 | int old = audit_pid; | 384 | int old = audit_pid; |
| 383 | audit_pid = status_get->pid; | 385 | audit_pid = status_get->pid; |
| 384 | audit_log(current->audit_context, | 386 | audit_log(NULL, "audit_pid=%d old=%d by auid %u", |
| 385 | "audit_pid=%d old=%d", audit_pid, old); | 387 | audit_pid, old, loginuid); |
| 386 | } | 388 | } |
| 387 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) | 389 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) |
| 388 | audit_set_rate_limit(status_get->rate_limit); | 390 | audit_set_rate_limit(status_get->rate_limit, loginuid); |
| 389 | if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) | 391 | if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) |
| 390 | audit_set_backlog_limit(status_get->backlog_limit); | 392 | audit_set_backlog_limit(status_get->backlog_limit, |
| 393 | loginuid); | ||
| 391 | break; | 394 | break; |
| 392 | case AUDIT_USER: | 395 | case AUDIT_USER: |
| 393 | ab = audit_log_start(NULL); | 396 | ab = audit_log_start(NULL); |
| 394 | if (!ab) | 397 | if (!ab) |
| 395 | break; /* audit_panic has been called */ | 398 | break; /* audit_panic has been called */ |
| 396 | audit_log_format(ab, | 399 | audit_log_format(ab, |
| 397 | "user pid=%d uid=%d length=%d msg='%.1024s'", | 400 | "user pid=%d uid=%d length=%d loginuid=%u" |
| 401 | " msg='%.1024s'", | ||
| 398 | pid, uid, | 402 | pid, uid, |
| 399 | (int)(nlh->nlmsg_len | 403 | (int)(nlh->nlmsg_len |
| 400 | - ((char *)data - (char *)nlh)), | 404 | - ((char *)data - (char *)nlh)), |
| 401 | (char *)data); | 405 | loginuid, (char *)data); |
| 402 | ab->type = AUDIT_USER; | 406 | ab->type = AUDIT_USER; |
| 403 | ab->pid = pid; | 407 | ab->pid = pid; |
| 404 | audit_log_end(ab); | 408 | audit_log_end(ab); |
| @@ -411,7 +415,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 411 | case AUDIT_LIST: | 415 | case AUDIT_LIST: |
| 412 | #ifdef CONFIG_AUDITSYSCALL | 416 | #ifdef CONFIG_AUDITSYSCALL |
| 413 | err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, | 417 | err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, |
| 414 | uid, seq, data); | 418 | uid, seq, data, loginuid); |
| 415 | #else | 419 | #else |
| 416 | err = -EOPNOTSUPP; | 420 | err = -EOPNOTSUPP; |
| 417 | #endif | 421 | #endif |