1 files changed, 45 insertions, 25 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 95293abb877a..72684679e8bd 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1966,6 +1966,39 @@ int auditsc_get_stamp(struct audit_context *ctx,
 /* global counter which is incremented every time something logs in */
 static atomic_t session_id = ATOMIC_INIT(0);
+static int audit_set_loginuid_perm(kuid_t loginuid)
+{
+#ifdef CONFIG_AUDIT_LOGINUID_IMMUTABLE
+        /* if we are unset, we don't need privs */
+        if (!audit_loginuid_set(current))
+                return 0;
+#else   /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */
+        if (capable(CAP_AUDIT_CONTROL))
+                return 0;
+#endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */
+        return -EPERM;
+}
+static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,
+                                   unsigned int oldsessionid, unsigned int sessionid,
+                                   int rc)
+{
+        struct audit_buffer *ab;
+        uid_t uid, ologinuid, nloginuid;
+        uid = from_kuid(&init_user_ns, task_uid(current));
+        ologinuid = from_kuid(&init_user_ns, koldloginuid);
+        nloginuid = from_kuid(&init_user_ns, kloginuid),
+        ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN);
+        if (!ab)
+                return;
+        audit_log_format(ab, "pid=%d uid=%u old auid=%u new auid=%u old "
+                         "ses=%u new ses=%u res=%d", current->pid, uid, ologinuid,
+                         nloginuid, oldsessionid, sessionid, !rc);
+        audit_log_end(ab);
+}
 /**
 * audit_set_loginuid - set current task's audit_context loginuid
 * @loginuid: loginuid value
@@ -1977,37 +2010,24 @@ static atomic_t session_id = ATOMIC_INIT(0);
 int audit_set_loginuid(kuid_t loginuid)
 {
        struct task_struct *task = current;
-        struct audit_context *context = task->audit_context;
+        unsigned int sessionid = -1;
-        unsigned int sessionid;
+        kuid_t oldloginuid, oldsessionid;
+        int rc;
-#ifdef CONFIG_AUDIT_LOGINUID_IMMUTABLE
+        oldloginuid = audit_get_loginuid(current);
-        if (audit_loginuid_set(task))
+        oldsessionid = audit_get_sessionid(current);
-                return -EPERM;
-#else /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */
+        rc = audit_set_loginuid_perm(loginuid);
-        if (!capable(CAP_AUDIT_CONTROL))
+        if (rc)
-                return -EPERM;
+                goto out;
-#endif  /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */
        sessionid = atomic_inc_return(&session_id);
-        if (context && context->in_syscall) {
-                struct audit_buffer *ab;
-                ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN);
-                if (ab) {
-                        audit_log_format(ab, "login pid=%d uid=%u "
-                                "old auid=%u new auid=%u"
-                                " old ses=%u new ses=%u",
-                                task->pid,
-                                from_kuid(&init_user_ns, task_uid(task)),
-                                from_kuid(&init_user_ns, task->loginuid),
-                                from_kuid(&init_user_ns, loginuid),
-                                task->sessionid, sessionid);
-                        audit_log_end(ab);
-                }
-        }
        task->sessionid = sessionid;
        task->loginuid = loginuid;
-        return 0;
+out:
+        audit_log_set_loginuid(oldloginuid, loginuid, oldsessionid, sessionid, rc);
+        return rc;
 }
 /**

diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 95293abb877a..72684679e8bd 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c
@@ -1966,6 +1966,39 @@ int auditsc_get_stamp(struct audit_context *ctx,
1966	/* global counter which is incremented every time something logs in */	1966	/* global counter which is incremented every time something logs in */
1967	static atomic_t session_id = ATOMIC_INIT(0);	1967	static atomic_t session_id = ATOMIC_INIT(0);
1968		1968
		1969	static int audit_set_loginuid_perm(kuid_t loginuid)
		1970	{
		1971	#ifdef CONFIG_AUDIT_LOGINUID_IMMUTABLE
		1972	/* if we are unset, we don't need privs */
		1973	if (!audit_loginuid_set(current))
		1974	return 0;
		1975	#else /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */
		1976	if (capable(CAP_AUDIT_CONTROL))
		1977	return 0;
		1978	#endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */
		1979	return -EPERM;
		1980	}
		1981
		1982	static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,
		1983	unsigned int oldsessionid, unsigned int sessionid,
		1984	int rc)
		1985	{
		1986	struct audit_buffer *ab;
		1987	uid_t uid, ologinuid, nloginuid;
		1988
		1989	uid = from_kuid(&init_user_ns, task_uid(current));
		1990	ologinuid = from_kuid(&init_user_ns, koldloginuid);
		1991	nloginuid = from_kuid(&init_user_ns, kloginuid),
		1992
		1993	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN);
		1994	if (!ab)
		1995	return;
		1996	audit_log_format(ab, "pid=%d uid=%u old auid=%u new auid=%u old "
		1997	"ses=%u new ses=%u res=%d", current->pid, uid, ologinuid,
		1998	nloginuid, oldsessionid, sessionid, !rc);
		1999	audit_log_end(ab);
		2000	}
		2001
1969	/**	2002	/**
1970	* audit_set_loginuid - set current task's audit_context loginuid	2003	* audit_set_loginuid - set current task's audit_context loginuid
1971	* @loginuid: loginuid value	2004	* @loginuid: loginuid value
@@ -1977,37 +2010,24 @@ static atomic_t session_id = ATOMIC_INIT(0);
1977	int audit_set_loginuid(kuid_t loginuid)	2010	int audit_set_loginuid(kuid_t loginuid)
1978	{	2011	{
1979	struct task_struct *task = current;	2012	struct task_struct *task = current;
1980	struct audit_context *context = task->audit_context;	2013	unsigned int sessionid = -1;
1981	unsigned int sessionid;	2014	kuid_t oldloginuid, oldsessionid;
		2015	int rc;
1982		2016
1983	#ifdef CONFIG_AUDIT_LOGINUID_IMMUTABLE	2017	oldloginuid = audit_get_loginuid(current);
1984	if (audit_loginuid_set(task))	2018	oldsessionid = audit_get_sessionid(current);
1985	return -EPERM;	2019
1986	#else /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */	2020	rc = audit_set_loginuid_perm(loginuid);
1987	if (!capable(CAP_AUDIT_CONTROL))	2021	if (rc)
1988	return -EPERM;	2022	goto out;
1989	#endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */
1990		2023
1991	sessionid = atomic_inc_return(&session_id);	2024	sessionid = atomic_inc_return(&session_id);
1992	if (context && context->in_syscall) {
1993	struct audit_buffer *ab;
1994		2025
1995	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN);
1996	if (ab) {
1997	audit_log_format(ab, "login pid=%d uid=%u "
1998	"old auid=%u new auid=%u"
1999	" old ses=%u new ses=%u",
2000	task->pid,
2001	from_kuid(&init_user_ns, task_uid(task)),
2002	from_kuid(&init_user_ns, task->loginuid),
2003	from_kuid(&init_user_ns, loginuid),
2004	task->sessionid, sessionid);
2005	audit_log_end(ab);
2006	}
2007	}
2008	task->sessionid = sessionid;	2026	task->sessionid = sessionid;
2009	task->loginuid = loginuid;	2027	task->loginuid = loginuid;
2010	return 0;	2028	out:
		2029	audit_log_set_loginuid(oldloginuid, loginuid, oldsessionid, sessionid, rc);
		2030	return rc;
2011	}	2031	}
2012		2032
2013	/**	2033	/**