diff options
Diffstat (limited to 'net/xfrm')
-rw-r--r-- | net/xfrm/xfrm_user.c | 56 |
1 files changed, 32 insertions, 24 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 673698d380d7..468ab60d3dc0 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
@@ -497,9 +497,9 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
497 | struct xfrm_state *x; | 497 | struct xfrm_state *x; |
498 | int err; | 498 | int err; |
499 | struct km_event c; | 499 | struct km_event c; |
500 | uid_t loginuid = NETLINK_CB(skb).loginuid; | 500 | uid_t loginuid = audit_get_loginuid(current); |
501 | u32 sessionid = NETLINK_CB(skb).sessionid; | 501 | u32 sessionid = audit_get_sessionid(current); |
502 | u32 sid = NETLINK_CB(skb).sid; | 502 | u32 sid; |
503 | 503 | ||
504 | err = verify_newsa_info(p, attrs); | 504 | err = verify_newsa_info(p, attrs); |
505 | if (err) | 505 | if (err) |
@@ -515,6 +515,7 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
515 | else | 515 | else |
516 | err = xfrm_state_update(x); | 516 | err = xfrm_state_update(x); |
517 | 517 | ||
518 | security_task_getsecid(current, &sid); | ||
518 | xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid, sid); | 519 | xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid, sid); |
519 | 520 | ||
520 | if (err < 0) { | 521 | if (err < 0) { |
@@ -575,9 +576,9 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
575 | int err = -ESRCH; | 576 | int err = -ESRCH; |
576 | struct km_event c; | 577 | struct km_event c; |
577 | struct xfrm_usersa_id *p = nlmsg_data(nlh); | 578 | struct xfrm_usersa_id *p = nlmsg_data(nlh); |
578 | uid_t loginuid = NETLINK_CB(skb).loginuid; | 579 | uid_t loginuid = audit_get_loginuid(current); |
579 | u32 sessionid = NETLINK_CB(skb).sessionid; | 580 | u32 sessionid = audit_get_sessionid(current); |
580 | u32 sid = NETLINK_CB(skb).sid; | 581 | u32 sid; |
581 | 582 | ||
582 | x = xfrm_user_state_lookup(net, p, attrs, &err); | 583 | x = xfrm_user_state_lookup(net, p, attrs, &err); |
583 | if (x == NULL) | 584 | if (x == NULL) |
@@ -602,6 +603,7 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
602 | km_state_notify(x, &c); | 603 | km_state_notify(x, &c); |
603 | 604 | ||
604 | out: | 605 | out: |
606 | security_task_getsecid(current, &sid); | ||
605 | xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid, sid); | 607 | xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid, sid); |
606 | xfrm_state_put(x); | 608 | xfrm_state_put(x); |
607 | return err; | 609 | return err; |
@@ -1265,9 +1267,9 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1265 | struct km_event c; | 1267 | struct km_event c; |
1266 | int err; | 1268 | int err; |
1267 | int excl; | 1269 | int excl; |
1268 | uid_t loginuid = NETLINK_CB(skb).loginuid; | 1270 | uid_t loginuid = audit_get_loginuid(current); |
1269 | u32 sessionid = NETLINK_CB(skb).sessionid; | 1271 | u32 sessionid = audit_get_sessionid(current); |
1270 | u32 sid = NETLINK_CB(skb).sid; | 1272 | u32 sid; |
1271 | 1273 | ||
1272 | err = verify_newpolicy_info(p); | 1274 | err = verify_newpolicy_info(p); |
1273 | if (err) | 1275 | if (err) |
@@ -1286,6 +1288,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1286 | * a type XFRM_MSG_UPDPOLICY - JHS */ | 1288 | * a type XFRM_MSG_UPDPOLICY - JHS */ |
1287 | excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; | 1289 | excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; |
1288 | err = xfrm_policy_insert(p->dir, xp, excl); | 1290 | err = xfrm_policy_insert(p->dir, xp, excl); |
1291 | security_task_getsecid(current, &sid); | ||
1289 | xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid, sid); | 1292 | xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid, sid); |
1290 | 1293 | ||
1291 | if (err) { | 1294 | if (err) { |
@@ -1522,10 +1525,11 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1522 | NETLINK_CB(skb).pid); | 1525 | NETLINK_CB(skb).pid); |
1523 | } | 1526 | } |
1524 | } else { | 1527 | } else { |
1525 | uid_t loginuid = NETLINK_CB(skb).loginuid; | 1528 | uid_t loginuid = audit_get_loginuid(current); |
1526 | u32 sessionid = NETLINK_CB(skb).sessionid; | 1529 | u32 sessionid = audit_get_sessionid(current); |
1527 | u32 sid = NETLINK_CB(skb).sid; | 1530 | u32 sid; |
1528 | 1531 | ||
1532 | security_task_getsecid(current, &sid); | ||
1529 | xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid, | 1533 | xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid, |
1530 | sid); | 1534 | sid); |
1531 | 1535 | ||
@@ -1553,9 +1557,9 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1553 | struct xfrm_audit audit_info; | 1557 | struct xfrm_audit audit_info; |
1554 | int err; | 1558 | int err; |
1555 | 1559 | ||
1556 | audit_info.loginuid = NETLINK_CB(skb).loginuid; | 1560 | audit_info.loginuid = audit_get_loginuid(current); |
1557 | audit_info.sessionid = NETLINK_CB(skb).sessionid; | 1561 | audit_info.sessionid = audit_get_sessionid(current); |
1558 | audit_info.secid = NETLINK_CB(skb).sid; | 1562 | security_task_getsecid(current, &audit_info.secid); |
1559 | err = xfrm_state_flush(net, p->proto, &audit_info); | 1563 | err = xfrm_state_flush(net, p->proto, &audit_info); |
1560 | if (err) { | 1564 | if (err) { |
1561 | if (err == -ESRCH) /* empty table */ | 1565 | if (err == -ESRCH) /* empty table */ |
@@ -1720,9 +1724,9 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1720 | if (err) | 1724 | if (err) |
1721 | return err; | 1725 | return err; |
1722 | 1726 | ||
1723 | audit_info.loginuid = NETLINK_CB(skb).loginuid; | 1727 | audit_info.loginuid = audit_get_loginuid(current); |
1724 | audit_info.sessionid = NETLINK_CB(skb).sessionid; | 1728 | audit_info.sessionid = audit_get_sessionid(current); |
1725 | audit_info.secid = NETLINK_CB(skb).sid; | 1729 | security_task_getsecid(current, &audit_info.secid); |
1726 | err = xfrm_policy_flush(net, type, &audit_info); | 1730 | err = xfrm_policy_flush(net, type, &audit_info); |
1727 | if (err) { | 1731 | if (err) { |
1728 | if (err == -ESRCH) /* empty table */ | 1732 | if (err == -ESRCH) /* empty table */ |
@@ -1789,9 +1793,11 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1789 | 1793 | ||
1790 | err = 0; | 1794 | err = 0; |
1791 | if (up->hard) { | 1795 | if (up->hard) { |
1792 | uid_t loginuid = NETLINK_CB(skb).loginuid; | 1796 | uid_t loginuid = audit_get_loginuid(current); |
1793 | uid_t sessionid = NETLINK_CB(skb).sessionid; | 1797 | u32 sessionid = audit_get_sessionid(current); |
1794 | u32 sid = NETLINK_CB(skb).sid; | 1798 | u32 sid; |
1799 | |||
1800 | security_task_getsecid(current, &sid); | ||
1795 | xfrm_policy_delete(xp, p->dir); | 1801 | xfrm_policy_delete(xp, p->dir); |
1796 | xfrm_audit_policy_delete(xp, 1, loginuid, sessionid, sid); | 1802 | xfrm_audit_policy_delete(xp, 1, loginuid, sessionid, sid); |
1797 | 1803 | ||
@@ -1830,9 +1836,11 @@ static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1830 | km_state_expired(x, ue->hard, current->pid); | 1836 | km_state_expired(x, ue->hard, current->pid); |
1831 | 1837 | ||
1832 | if (ue->hard) { | 1838 | if (ue->hard) { |
1833 | uid_t loginuid = NETLINK_CB(skb).loginuid; | 1839 | uid_t loginuid = audit_get_loginuid(current); |
1834 | uid_t sessionid = NETLINK_CB(skb).sessionid; | 1840 | u32 sessionid = audit_get_sessionid(current); |
1835 | u32 sid = NETLINK_CB(skb).sid; | 1841 | u32 sid; |
1842 | |||
1843 | security_task_getsecid(current, &sid); | ||
1836 | __xfrm_state_delete(x); | 1844 | __xfrm_state_delete(x); |
1837 | xfrm_audit_state_delete(x, 1, loginuid, sessionid, sid); | 1845 | xfrm_audit_state_delete(x, 1, loginuid, sessionid, sid); |
1838 | } | 1846 | } |