diff options
Diffstat (limited to 'net/xfrm/xfrm_user.c')
| -rw-r--r-- | net/xfrm/xfrm_user.c | 41 |
1 files changed, 28 insertions, 13 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 22a30ae582a2..a1b0fbe3ea35 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
| @@ -407,6 +407,9 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 407 | struct xfrm_state *x; | 407 | struct xfrm_state *x; |
| 408 | int err; | 408 | int err; |
| 409 | struct km_event c; | 409 | struct km_event c; |
| 410 | uid_t loginuid = NETLINK_CB(skb).loginuid; | ||
| 411 | u32 sessionid = NETLINK_CB(skb).sessionid; | ||
| 412 | u32 sid = NETLINK_CB(skb).sid; | ||
| 410 | 413 | ||
| 411 | err = verify_newsa_info(p, attrs); | 414 | err = verify_newsa_info(p, attrs); |
| 412 | if (err) | 415 | if (err) |
| @@ -422,8 +425,7 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 422 | else | 425 | else |
| 423 | err = xfrm_state_update(x); | 426 | err = xfrm_state_update(x); |
| 424 | 427 | ||
| 425 | xfrm_audit_state_add(x, err ? 0 : 1, NETLINK_CB(skb).loginuid, | 428 | xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid, sid); |
| 426 | NETLINK_CB(skb).sid); | ||
| 427 | 429 | ||
| 428 | if (err < 0) { | 430 | if (err < 0) { |
| 429 | x->km.state = XFRM_STATE_DEAD; | 431 | x->km.state = XFRM_STATE_DEAD; |
| @@ -478,6 +480,9 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 478 | int err = -ESRCH; | 480 | int err = -ESRCH; |
| 479 | struct km_event c; | 481 | struct km_event c; |
| 480 | struct xfrm_usersa_id *p = nlmsg_data(nlh); | 482 | struct xfrm_usersa_id *p = nlmsg_data(nlh); |
| 483 | uid_t loginuid = NETLINK_CB(skb).loginuid; | ||
| 484 | u32 sessionid = NETLINK_CB(skb).sessionid; | ||
| 485 | u32 sid = NETLINK_CB(skb).sid; | ||
| 481 | 486 | ||
| 482 | x = xfrm_user_state_lookup(p, attrs, &err); | 487 | x = xfrm_user_state_lookup(p, attrs, &err); |
| 483 | if (x == NULL) | 488 | if (x == NULL) |
| @@ -502,8 +507,7 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 502 | km_state_notify(x, &c); | 507 | km_state_notify(x, &c); |
| 503 | 508 | ||
| 504 | out: | 509 | out: |
| 505 | xfrm_audit_state_delete(x, err ? 0 : 1, NETLINK_CB(skb).loginuid, | 510 | xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid, sid); |
| 506 | NETLINK_CB(skb).sid); | ||
| 507 | xfrm_state_put(x); | 511 | xfrm_state_put(x); |
| 508 | return err; | 512 | return err; |
| 509 | } | 513 | } |
| @@ -1123,6 +1127,9 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1123 | struct km_event c; | 1127 | struct km_event c; |
| 1124 | int err; | 1128 | int err; |
| 1125 | int excl; | 1129 | int excl; |
| 1130 | uid_t loginuid = NETLINK_CB(skb).loginuid; | ||
| 1131 | u32 sessionid = NETLINK_CB(skb).sessionid; | ||
| 1132 | u32 sid = NETLINK_CB(skb).sid; | ||
| 1126 | 1133 | ||
| 1127 | err = verify_newpolicy_info(p); | 1134 | err = verify_newpolicy_info(p); |
| 1128 | if (err) | 1135 | if (err) |
| @@ -1141,8 +1148,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1141 | * a type XFRM_MSG_UPDPOLICY - JHS */ | 1148 | * a type XFRM_MSG_UPDPOLICY - JHS */ |
| 1142 | excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; | 1149 | excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; |
| 1143 | err = xfrm_policy_insert(p->dir, xp, excl); | 1150 | err = xfrm_policy_insert(p->dir, xp, excl); |
| 1144 | xfrm_audit_policy_add(xp, err ? 0 : 1, NETLINK_CB(skb).loginuid, | 1151 | xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid, sid); |
| 1145 | NETLINK_CB(skb).sid); | ||
| 1146 | 1152 | ||
| 1147 | if (err) { | 1153 | if (err) { |
| 1148 | security_xfrm_policy_free(xp->security); | 1154 | security_xfrm_policy_free(xp->security); |
| @@ -1371,9 +1377,12 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1371 | NETLINK_CB(skb).pid); | 1377 | NETLINK_CB(skb).pid); |
| 1372 | } | 1378 | } |
| 1373 | } else { | 1379 | } else { |
| 1374 | xfrm_audit_policy_delete(xp, err ? 0 : 1, | 1380 | uid_t loginuid = NETLINK_CB(skb).loginuid; |
| 1375 | NETLINK_CB(skb).loginuid, | 1381 | u32 sessionid = NETLINK_CB(skb).sessionid; |
| 1376 | NETLINK_CB(skb).sid); | 1382 | u32 sid = NETLINK_CB(skb).sid; |
| 1383 | |||
| 1384 | xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid, | ||
| 1385 | sid); | ||
| 1377 | 1386 | ||
| 1378 | if (err != 0) | 1387 | if (err != 0) |
| 1379 | goto out; | 1388 | goto out; |
| @@ -1399,6 +1408,7 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1399 | int err; | 1408 | int err; |
| 1400 | 1409 | ||
| 1401 | audit_info.loginuid = NETLINK_CB(skb).loginuid; | 1410 | audit_info.loginuid = NETLINK_CB(skb).loginuid; |
| 1411 | audit_info.sessionid = NETLINK_CB(skb).sessionid; | ||
| 1402 | audit_info.secid = NETLINK_CB(skb).sid; | 1412 | audit_info.secid = NETLINK_CB(skb).sid; |
| 1403 | err = xfrm_state_flush(p->proto, &audit_info); | 1413 | err = xfrm_state_flush(p->proto, &audit_info); |
| 1404 | if (err) | 1414 | if (err) |
| @@ -1546,6 +1556,7 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1546 | return err; | 1556 | return err; |
| 1547 | 1557 | ||
| 1548 | audit_info.loginuid = NETLINK_CB(skb).loginuid; | 1558 | audit_info.loginuid = NETLINK_CB(skb).loginuid; |
| 1559 | audit_info.sessionid = NETLINK_CB(skb).sessionid; | ||
| 1549 | audit_info.secid = NETLINK_CB(skb).sid; | 1560 | audit_info.secid = NETLINK_CB(skb).sid; |
| 1550 | err = xfrm_policy_flush(type, &audit_info); | 1561 | err = xfrm_policy_flush(type, &audit_info); |
| 1551 | if (err) | 1562 | if (err) |
| @@ -1604,9 +1615,11 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1604 | read_unlock(&xp->lock); | 1615 | read_unlock(&xp->lock); |
| 1605 | err = 0; | 1616 | err = 0; |
| 1606 | if (up->hard) { | 1617 | if (up->hard) { |
| 1618 | uid_t loginuid = NETLINK_CB(skb).loginuid; | ||
| 1619 | uid_t sessionid = NETLINK_CB(skb).sessionid; | ||
| 1620 | u32 sid = NETLINK_CB(skb).sid; | ||
| 1607 | xfrm_policy_delete(xp, p->dir); | 1621 | xfrm_policy_delete(xp, p->dir); |
| 1608 | xfrm_audit_policy_delete(xp, 1, NETLINK_CB(skb).loginuid, | 1622 | xfrm_audit_policy_delete(xp, 1, loginuid, sessionid, sid); |
| 1609 | NETLINK_CB(skb).sid); | ||
| 1610 | 1623 | ||
| 1611 | } else { | 1624 | } else { |
| 1612 | // reset the timers here? | 1625 | // reset the timers here? |
| @@ -1640,9 +1653,11 @@ static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1640 | km_state_expired(x, ue->hard, current->pid); | 1653 | km_state_expired(x, ue->hard, current->pid); |
| 1641 | 1654 | ||
| 1642 | if (ue->hard) { | 1655 | if (ue->hard) { |
| 1656 | uid_t loginuid = NETLINK_CB(skb).loginuid; | ||
| 1657 | uid_t sessionid = NETLINK_CB(skb).sessionid; | ||
| 1658 | u32 sid = NETLINK_CB(skb).sid; | ||
| 1643 | __xfrm_state_delete(x); | 1659 | __xfrm_state_delete(x); |
| 1644 | xfrm_audit_state_delete(x, 1, NETLINK_CB(skb).loginuid, | 1660 | xfrm_audit_state_delete(x, 1, loginuid, sessionid, sid); |
| 1645 | NETLINK_CB(skb).sid); | ||
| 1646 | } | 1661 | } |
| 1647 | err = 0; | 1662 | err = 0; |
| 1648 | out: | 1663 | out: |