aboutsummaryrefslogtreecommitdiffstats
path: root/net/xfrm
diff options
context:
space:
mode:
Diffstat (limited to 'net/xfrm')
-rw-r--r--net/xfrm/xfrm_user.c56
1 files changed, 32 insertions, 24 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 673698d380d7..468ab60d3dc0 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -497,9 +497,9 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
497 struct xfrm_state *x; 497 struct xfrm_state *x;
498 int err; 498 int err;
499 struct km_event c; 499 struct km_event c;
500 uid_t loginuid = NETLINK_CB(skb).loginuid; 500 uid_t loginuid = audit_get_loginuid(current);
501 u32 sessionid = NETLINK_CB(skb).sessionid; 501 u32 sessionid = audit_get_sessionid(current);
502 u32 sid = NETLINK_CB(skb).sid; 502 u32 sid;
503 503
504 err = verify_newsa_info(p, attrs); 504 err = verify_newsa_info(p, attrs);
505 if (err) 505 if (err)
@@ -515,6 +515,7 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
515 else 515 else
516 err = xfrm_state_update(x); 516 err = xfrm_state_update(x);
517 517
518 security_task_getsecid(current, &sid);
518 xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid, sid); 519 xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid, sid);
519 520
520 if (err < 0) { 521 if (err < 0) {
@@ -575,9 +576,9 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
575 int err = -ESRCH; 576 int err = -ESRCH;
576 struct km_event c; 577 struct km_event c;
577 struct xfrm_usersa_id *p = nlmsg_data(nlh); 578 struct xfrm_usersa_id *p = nlmsg_data(nlh);
578 uid_t loginuid = NETLINK_CB(skb).loginuid; 579 uid_t loginuid = audit_get_loginuid(current);
579 u32 sessionid = NETLINK_CB(skb).sessionid; 580 u32 sessionid = audit_get_sessionid(current);
580 u32 sid = NETLINK_CB(skb).sid; 581 u32 sid;
581 582
582 x = xfrm_user_state_lookup(net, p, attrs, &err); 583 x = xfrm_user_state_lookup(net, p, attrs, &err);
583 if (x == NULL) 584 if (x == NULL)
@@ -602,6 +603,7 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
602 km_state_notify(x, &c); 603 km_state_notify(x, &c);
603 604
604out: 605out:
606 security_task_getsecid(current, &sid);
605 xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid, sid); 607 xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid, sid);
606 xfrm_state_put(x); 608 xfrm_state_put(x);
607 return err; 609 return err;
@@ -1265,9 +1267,9 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1265 struct km_event c; 1267 struct km_event c;
1266 int err; 1268 int err;
1267 int excl; 1269 int excl;
1268 uid_t loginuid = NETLINK_CB(skb).loginuid; 1270 uid_t loginuid = audit_get_loginuid(current);
1269 u32 sessionid = NETLINK_CB(skb).sessionid; 1271 u32 sessionid = audit_get_sessionid(current);
1270 u32 sid = NETLINK_CB(skb).sid; 1272 u32 sid;
1271 1273
1272 err = verify_newpolicy_info(p); 1274 err = verify_newpolicy_info(p);
1273 if (err) 1275 if (err)
@@ -1286,6 +1288,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1286 * a type XFRM_MSG_UPDPOLICY - JHS */ 1288 * a type XFRM_MSG_UPDPOLICY - JHS */
1287 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; 1289 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY;
1288 err = xfrm_policy_insert(p->dir, xp, excl); 1290 err = xfrm_policy_insert(p->dir, xp, excl);
1291 security_task_getsecid(current, &sid);
1289 xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid, sid); 1292 xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid, sid);
1290 1293
1291 if (err) { 1294 if (err) {
@@ -1522,10 +1525,11 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1522 NETLINK_CB(skb).pid); 1525 NETLINK_CB(skb).pid);
1523 } 1526 }
1524 } else { 1527 } else {
1525 uid_t loginuid = NETLINK_CB(skb).loginuid; 1528 uid_t loginuid = audit_get_loginuid(current);
1526 u32 sessionid = NETLINK_CB(skb).sessionid; 1529 u32 sessionid = audit_get_sessionid(current);
1527 u32 sid = NETLINK_CB(skb).sid; 1530 u32 sid;
1528 1531
1532 security_task_getsecid(current, &sid);
1529 xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid, 1533 xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid,
1530 sid); 1534 sid);
1531 1535
@@ -1553,9 +1557,9 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
1553 struct xfrm_audit audit_info; 1557 struct xfrm_audit audit_info;
1554 int err; 1558 int err;
1555 1559
1556 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1560 audit_info.loginuid = audit_get_loginuid(current);
1557 audit_info.sessionid = NETLINK_CB(skb).sessionid; 1561 audit_info.sessionid = audit_get_sessionid(current);
1558 audit_info.secid = NETLINK_CB(skb).sid; 1562 security_task_getsecid(current, &audit_info.secid);
1559 err = xfrm_state_flush(net, p->proto, &audit_info); 1563 err = xfrm_state_flush(net, p->proto, &audit_info);
1560 if (err) { 1564 if (err) {
1561 if (err == -ESRCH) /* empty table */ 1565 if (err == -ESRCH) /* empty table */
@@ -1720,9 +1724,9 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1720 if (err) 1724 if (err)
1721 return err; 1725 return err;
1722 1726
1723 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1727 audit_info.loginuid = audit_get_loginuid(current);
1724 audit_info.sessionid = NETLINK_CB(skb).sessionid; 1728 audit_info.sessionid = audit_get_sessionid(current);
1725 audit_info.secid = NETLINK_CB(skb).sid; 1729 security_task_getsecid(current, &audit_info.secid);
1726 err = xfrm_policy_flush(net, type, &audit_info); 1730 err = xfrm_policy_flush(net, type, &audit_info);
1727 if (err) { 1731 if (err) {
1728 if (err == -ESRCH) /* empty table */ 1732 if (err == -ESRCH) /* empty table */
@@ -1789,9 +1793,11 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
1789 1793
1790 err = 0; 1794 err = 0;
1791 if (up->hard) { 1795 if (up->hard) {
1792 uid_t loginuid = NETLINK_CB(skb).loginuid; 1796 uid_t loginuid = audit_get_loginuid(current);
1793 uid_t sessionid = NETLINK_CB(skb).sessionid; 1797 u32 sessionid = audit_get_sessionid(current);
1794 u32 sid = NETLINK_CB(skb).sid; 1798 u32 sid;
1799
1800 security_task_getsecid(current, &sid);
1795 xfrm_policy_delete(xp, p->dir); 1801 xfrm_policy_delete(xp, p->dir);
1796 xfrm_audit_policy_delete(xp, 1, loginuid, sessionid, sid); 1802 xfrm_audit_policy_delete(xp, 1, loginuid, sessionid, sid);
1797 1803
@@ -1830,9 +1836,11 @@ static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
1830 km_state_expired(x, ue->hard, current->pid); 1836 km_state_expired(x, ue->hard, current->pid);
1831 1837
1832 if (ue->hard) { 1838 if (ue->hard) {
1833 uid_t loginuid = NETLINK_CB(skb).loginuid; 1839 uid_t loginuid = audit_get_loginuid(current);
1834 uid_t sessionid = NETLINK_CB(skb).sessionid; 1840 u32 sessionid = audit_get_sessionid(current);
1835 u32 sid = NETLINK_CB(skb).sid; 1841 u32 sid;
1842
1843 security_task_getsecid(current, &sid);
1836 __xfrm_state_delete(x); 1844 __xfrm_state_delete(x);
1837 xfrm_audit_state_delete(x, 1, loginuid, sessionid, sid); 1845 xfrm_audit_state_delete(x, 1, loginuid, sessionid, sid);
1838 } 1846 }