Commit 2532386f480eefbdd67b48be55fb4fb3e5a6081c
Committed by
Al Viro
1 parent
436c405c7d
Exists in
master
and in
4 other branches
Audit: collect sessionid in netlink messages
Previously I added sessionid output to all audit messages where it was available but we still didn't know the sessionid of the sender of netlink messages. This patch adds that information to netlink messages so we can audit who sent netlink messages. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Showing 17 changed files with 132 additions and 87 deletions Side-by-side Diff
- drivers/char/tty_audit.c
- include/linux/audit.h
- include/linux/netlink.h
- include/linux/tty.h
- include/net/netlabel.h
- include/net/xfrm.h
- kernel/audit.c
- kernel/auditfilter.c
- net/key/af_key.c
- net/netlabel/netlabel_unlabeled.c
- net/netlabel/netlabel_user.c
- net/netlabel/netlabel_user.h
- net/netlink/af_netlink.c
- net/xfrm/xfrm_policy.c
- net/xfrm/xfrm_state.c
- net/xfrm/xfrm_user.c
- security/smack/smackfs.c
drivers/char/tty_audit.c
... | ... | @@ -151,14 +151,9 @@ |
151 | 151 | /** |
152 | 152 | * tty_audit_push_task - Flush task's pending audit data |
153 | 153 | */ |
154 | -void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid) | |
154 | +void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid) | |
155 | 155 | { |
156 | 156 | struct tty_audit_buf *buf; |
157 | - /* FIXME I think this is correct. Check against netlink once that is | |
158 | - * I really need to read this code more closely. But that's for | |
159 | - * another patch. | |
160 | - */ | |
161 | - unsigned int sessionid = audit_get_sessionid(tsk); | |
162 | 157 | |
163 | 158 | spin_lock_irq(&tsk->sighand->siglock); |
164 | 159 | buf = tsk->signal->tty_audit_buf; |
include/linux/audit.h
... | ... | @@ -569,7 +569,8 @@ |
569 | 569 | extern int audit_filter_user(struct netlink_skb_parms *cb, int type); |
570 | 570 | extern int audit_filter_type(int type); |
571 | 571 | extern int audit_receive_filter(int type, int pid, int uid, int seq, |
572 | - void *data, size_t datasz, uid_t loginuid, u32 sid); | |
572 | + void *data, size_t datasz, uid_t loginuid, | |
573 | + u32 sessionid, u32 sid); | |
573 | 574 | extern int audit_enabled; |
574 | 575 | #else |
575 | 576 | #define audit_log(c,g,t,f,...) do { ; } while (0) |
include/linux/netlink.h
include/linux/tty.h
... | ... | @@ -351,7 +351,7 @@ |
351 | 351 | extern void tty_audit_exit(void); |
352 | 352 | extern void tty_audit_fork(struct signal_struct *sig); |
353 | 353 | extern void tty_audit_push(struct tty_struct *tty); |
354 | -extern void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid); | |
354 | +extern void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid); | |
355 | 355 | extern void tty_audit_opening(void); |
356 | 356 | #else |
357 | 357 | static inline void tty_audit_add_data(struct tty_struct *tty, |
... | ... | @@ -367,7 +367,7 @@ |
367 | 367 | static inline void tty_audit_push(struct tty_struct *tty) |
368 | 368 | { |
369 | 369 | } |
370 | -static inline void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid) | |
370 | +static inline void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid) | |
371 | 371 | { |
372 | 372 | } |
373 | 373 | static inline void tty_audit_opening(void) |
include/net/netlabel.h
include/net/xfrm.h
... | ... | @@ -597,8 +597,9 @@ |
597 | 597 | /* Audit Information */ |
598 | 598 | struct xfrm_audit |
599 | 599 | { |
600 | - u32 loginuid; | |
601 | 600 | u32 secid; |
601 | + uid_t loginuid; | |
602 | + u32 sessionid; | |
602 | 603 | }; |
603 | 604 | |
604 | 605 | #ifdef CONFIG_AUDITSYSCALL |
605 | 606 | |
... | ... | @@ -616,13 +617,13 @@ |
616 | 617 | return audit_buf; |
617 | 618 | } |
618 | 619 | |
619 | -static inline void xfrm_audit_helper_usrinfo(u32 auid, u32 secid, | |
620 | +static inline void xfrm_audit_helper_usrinfo(uid_t auid, u32 ses, u32 secid, | |
620 | 621 | struct audit_buffer *audit_buf) |
621 | 622 | { |
622 | 623 | char *secctx; |
623 | 624 | u32 secctx_len; |
624 | 625 | |
625 | - audit_log_format(audit_buf, " auid=%u", auid); | |
626 | + audit_log_format(audit_buf, " auid=%u ses=%u", auid, ses); | |
626 | 627 | if (secid != 0 && |
627 | 628 | security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) { |
628 | 629 | audit_log_format(audit_buf, " subj=%s", secctx); |
629 | 630 | |
630 | 631 | |
631 | 632 | |
... | ... | @@ -632,13 +633,13 @@ |
632 | 633 | } |
633 | 634 | |
634 | 635 | extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, |
635 | - u32 auid, u32 secid); | |
636 | + u32 auid, u32 ses, u32 secid); | |
636 | 637 | extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, |
637 | - u32 auid, u32 secid); | |
638 | + u32 auid, u32 ses, u32 secid); | |
638 | 639 | extern void xfrm_audit_state_add(struct xfrm_state *x, int result, |
639 | - u32 auid, u32 secid); | |
640 | + u32 auid, u32 ses, u32 secid); | |
640 | 641 | extern void xfrm_audit_state_delete(struct xfrm_state *x, int result, |
641 | - u32 auid, u32 secid); | |
642 | + u32 auid, u32 ses, u32 secid); | |
642 | 643 | extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x, |
643 | 644 | struct sk_buff *skb); |
644 | 645 | extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family); |
... | ... | @@ -647,10 +648,10 @@ |
647 | 648 | extern void xfrm_audit_state_icvfail(struct xfrm_state *x, |
648 | 649 | struct sk_buff *skb, u8 proto); |
649 | 650 | #else |
650 | -#define xfrm_audit_policy_add(x, r, a, s) do { ; } while (0) | |
651 | -#define xfrm_audit_policy_delete(x, r, a, s) do { ; } while (0) | |
652 | -#define xfrm_audit_state_add(x, r, a, s) do { ; } while (0) | |
653 | -#define xfrm_audit_state_delete(x, r, a, s) do { ; } while (0) | |
651 | +#define xfrm_audit_policy_add(x, r, a, se, s) do { ; } while (0) | |
652 | +#define xfrm_audit_policy_delete(x, r, a, se, s) do { ; } while (0) | |
653 | +#define xfrm_audit_state_add(x, r, a, se, s) do { ; } while (0) | |
654 | +#define xfrm_audit_state_delete(x, r, a, se, s) do { ; } while (0) | |
654 | 655 | #define xfrm_audit_state_replay_overflow(x, s) do { ; } while (0) |
655 | 656 | #define xfrm_audit_state_notfound_simple(s, f) do { ; } while (0) |
656 | 657 | #define xfrm_audit_state_notfound(s, f, sp, sq) do { ; } while (0) |
kernel/audit.c
... | ... | @@ -252,14 +252,15 @@ |
252 | 252 | } |
253 | 253 | |
254 | 254 | static int audit_log_config_change(char *function_name, int new, int old, |
255 | - uid_t loginuid, u32 sid, int allow_changes) | |
255 | + uid_t loginuid, u32 sessionid, u32 sid, | |
256 | + int allow_changes) | |
256 | 257 | { |
257 | 258 | struct audit_buffer *ab; |
258 | 259 | int rc = 0; |
259 | 260 | |
260 | 261 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); |
261 | - audit_log_format(ab, "%s=%d old=%d by auid=%u", function_name, new, | |
262 | - old, loginuid); | |
262 | + audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new, | |
263 | + old, loginuid, sessionid); | |
263 | 264 | if (sid) { |
264 | 265 | char *ctx = NULL; |
265 | 266 | u32 len; |
... | ... | @@ -279,7 +280,8 @@ |
279 | 280 | } |
280 | 281 | |
281 | 282 | static int audit_do_config_change(char *function_name, int *to_change, |
282 | - int new, uid_t loginuid, u32 sid) | |
283 | + int new, uid_t loginuid, u32 sessionid, | |
284 | + u32 sid) | |
283 | 285 | { |
284 | 286 | int allow_changes, rc = 0, old = *to_change; |
285 | 287 | |
... | ... | @@ -290,8 +292,8 @@ |
290 | 292 | allow_changes = 1; |
291 | 293 | |
292 | 294 | if (audit_enabled != AUDIT_OFF) { |
293 | - rc = audit_log_config_change(function_name, new, old, | |
294 | - loginuid, sid, allow_changes); | |
295 | + rc = audit_log_config_change(function_name, new, old, loginuid, | |
296 | + sessionid, sid, allow_changes); | |
295 | 297 | if (rc) |
296 | 298 | allow_changes = 0; |
297 | 299 | } |
298 | 300 | |
299 | 301 | |
300 | 302 | |
301 | 303 | |
302 | 304 | |
... | ... | @@ -305,26 +307,28 @@ |
305 | 307 | return rc; |
306 | 308 | } |
307 | 309 | |
308 | -static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sid) | |
310 | +static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sessionid, | |
311 | + u32 sid) | |
309 | 312 | { |
310 | 313 | return audit_do_config_change("audit_rate_limit", &audit_rate_limit, |
311 | - limit, loginuid, sid); | |
314 | + limit, loginuid, sessionid, sid); | |
312 | 315 | } |
313 | 316 | |
314 | -static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid) | |
317 | +static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sessionid, | |
318 | + u32 sid) | |
315 | 319 | { |
316 | 320 | return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit, |
317 | - limit, loginuid, sid); | |
321 | + limit, loginuid, sessionid, sid); | |
318 | 322 | } |
319 | 323 | |
320 | -static int audit_set_enabled(int state, uid_t loginuid, u32 sid) | |
324 | +static int audit_set_enabled(int state, uid_t loginuid, u32 sessionid, u32 sid) | |
321 | 325 | { |
322 | 326 | int rc; |
323 | 327 | if (state < AUDIT_OFF || state > AUDIT_LOCKED) |
324 | 328 | return -EINVAL; |
325 | 329 | |
326 | 330 | rc = audit_do_config_change("audit_enabled", &audit_enabled, state, |
327 | - loginuid, sid); | |
331 | + loginuid, sessionid, sid); | |
328 | 332 | |
329 | 333 | if (!rc) |
330 | 334 | audit_ever_enabled |= !!state; |
... | ... | @@ -332,7 +336,7 @@ |
332 | 336 | return rc; |
333 | 337 | } |
334 | 338 | |
335 | -static int audit_set_failure(int state, uid_t loginuid, u32 sid) | |
339 | +static int audit_set_failure(int state, uid_t loginuid, u32 sessionid, u32 sid) | |
336 | 340 | { |
337 | 341 | if (state != AUDIT_FAIL_SILENT |
338 | 342 | && state != AUDIT_FAIL_PRINTK |
... | ... | @@ -340,7 +344,7 @@ |
340 | 344 | return -EINVAL; |
341 | 345 | |
342 | 346 | return audit_do_config_change("audit_failure", &audit_failure, state, |
343 | - loginuid, sid); | |
347 | + loginuid, sessionid, sid); | |
344 | 348 | } |
345 | 349 | |
346 | 350 | static int kauditd_thread(void *dummy) |
... | ... | @@ -385,7 +389,7 @@ |
385 | 389 | return 0; |
386 | 390 | } |
387 | 391 | |
388 | -static int audit_prepare_user_tty(pid_t pid, uid_t loginuid) | |
392 | +static int audit_prepare_user_tty(pid_t pid, uid_t loginuid, u32 sessionid) | |
389 | 393 | { |
390 | 394 | struct task_struct *tsk; |
391 | 395 | int err; |
... | ... | @@ -404,7 +408,7 @@ |
404 | 408 | if (err) |
405 | 409 | goto out; |
406 | 410 | |
407 | - tty_audit_push_task(tsk, loginuid); | |
411 | + tty_audit_push_task(tsk, loginuid, sessionid); | |
408 | 412 | out: |
409 | 413 | read_unlock(&tasklist_lock); |
410 | 414 | return err; |
... | ... | @@ -534,7 +538,8 @@ |
534 | 538 | } |
535 | 539 | |
536 | 540 | static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type, |
537 | - u32 pid, u32 uid, uid_t auid, u32 sid) | |
541 | + u32 pid, u32 uid, uid_t auid, u32 ses, | |
542 | + u32 sid) | |
538 | 543 | { |
539 | 544 | int rc = 0; |
540 | 545 | char *ctx = NULL; |
... | ... | @@ -546,8 +551,8 @@ |
546 | 551 | } |
547 | 552 | |
548 | 553 | *ab = audit_log_start(NULL, GFP_KERNEL, msg_type); |
549 | - audit_log_format(*ab, "user pid=%d uid=%u auid=%u", | |
550 | - pid, uid, auid); | |
554 | + audit_log_format(*ab, "user pid=%d uid=%u auid=%u ses=%u", | |
555 | + pid, uid, auid, ses); | |
551 | 556 | if (sid) { |
552 | 557 | rc = security_secid_to_secctx(sid, &ctx, &len); |
553 | 558 | if (rc) |
... | ... | @@ -570,6 +575,7 @@ |
570 | 575 | struct audit_buffer *ab; |
571 | 576 | u16 msg_type = nlh->nlmsg_type; |
572 | 577 | uid_t loginuid; /* loginuid of sender */ |
578 | + u32 sessionid; | |
573 | 579 | struct audit_sig_info *sig_data; |
574 | 580 | char *ctx = NULL; |
575 | 581 | u32 len; |
... | ... | @@ -591,6 +597,7 @@ |
591 | 597 | pid = NETLINK_CREDS(skb)->pid; |
592 | 598 | uid = NETLINK_CREDS(skb)->uid; |
593 | 599 | loginuid = NETLINK_CB(skb).loginuid; |
600 | + sessionid = NETLINK_CB(skb).sessionid; | |
594 | 601 | sid = NETLINK_CB(skb).sid; |
595 | 602 | seq = nlh->nlmsg_seq; |
596 | 603 | data = NLMSG_DATA(nlh); |
597 | 604 | |
... | ... | @@ -613,12 +620,12 @@ |
613 | 620 | status_get = (struct audit_status *)data; |
614 | 621 | if (status_get->mask & AUDIT_STATUS_ENABLED) { |
615 | 622 | err = audit_set_enabled(status_get->enabled, |
616 | - loginuid, sid); | |
623 | + loginuid, sessionid, sid); | |
617 | 624 | if (err < 0) return err; |
618 | 625 | } |
619 | 626 | if (status_get->mask & AUDIT_STATUS_FAILURE) { |
620 | 627 | err = audit_set_failure(status_get->failure, |
621 | - loginuid, sid); | |
628 | + loginuid, sessionid, sid); | |
622 | 629 | if (err < 0) return err; |
623 | 630 | } |
624 | 631 | if (status_get->mask & AUDIT_STATUS_PID) { |
625 | 632 | |
626 | 633 | |
... | ... | @@ -627,17 +634,17 @@ |
627 | 634 | if (audit_enabled != AUDIT_OFF) |
628 | 635 | audit_log_config_change("audit_pid", new_pid, |
629 | 636 | audit_pid, loginuid, |
630 | - sid, 1); | |
637 | + sessionid, sid, 1); | |
631 | 638 | |
632 | 639 | audit_pid = new_pid; |
633 | 640 | audit_nlk_pid = NETLINK_CB(skb).pid; |
634 | 641 | } |
635 | 642 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) |
636 | 643 | err = audit_set_rate_limit(status_get->rate_limit, |
637 | - loginuid, sid); | |
644 | + loginuid, sessionid, sid); | |
638 | 645 | if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) |
639 | 646 | err = audit_set_backlog_limit(status_get->backlog_limit, |
640 | - loginuid, sid); | |
647 | + loginuid, sessionid, sid); | |
641 | 648 | break; |
642 | 649 | case AUDIT_USER: |
643 | 650 | case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG: |
644 | 651 | |
... | ... | @@ -649,12 +656,13 @@ |
649 | 656 | if (err == 1) { |
650 | 657 | err = 0; |
651 | 658 | if (msg_type == AUDIT_USER_TTY) { |
652 | - err = audit_prepare_user_tty(pid, loginuid); | |
659 | + err = audit_prepare_user_tty(pid, loginuid, | |
660 | + sessionid); | |
653 | 661 | if (err) |
654 | 662 | break; |
655 | 663 | } |
656 | 664 | audit_log_common_recv_msg(&ab, msg_type, pid, uid, |
657 | - loginuid, sid); | |
665 | + loginuid, sessionid, sid); | |
658 | 666 | |
659 | 667 | if (msg_type != AUDIT_USER_TTY) |
660 | 668 | audit_log_format(ab, " msg='%.1024s'", |
... | ... | @@ -677,7 +685,7 @@ |
677 | 685 | return -EINVAL; |
678 | 686 | if (audit_enabled == AUDIT_LOCKED) { |
679 | 687 | audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid, |
680 | - uid, loginuid, sid); | |
688 | + uid, loginuid, sessionid, sid); | |
681 | 689 | |
682 | 690 | audit_log_format(ab, " audit_enabled=%d res=0", |
683 | 691 | audit_enabled); |
... | ... | @@ -688,7 +696,7 @@ |
688 | 696 | case AUDIT_LIST: |
689 | 697 | err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, |
690 | 698 | uid, seq, data, nlmsg_len(nlh), |
691 | - loginuid, sid); | |
699 | + loginuid, sessionid, sid); | |
692 | 700 | break; |
693 | 701 | case AUDIT_ADD_RULE: |
694 | 702 | case AUDIT_DEL_RULE: |
... | ... | @@ -696,7 +704,7 @@ |
696 | 704 | return -EINVAL; |
697 | 705 | if (audit_enabled == AUDIT_LOCKED) { |
698 | 706 | audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid, |
699 | - uid, loginuid, sid); | |
707 | + uid, loginuid, sessionid, sid); | |
700 | 708 | |
701 | 709 | audit_log_format(ab, " audit_enabled=%d res=0", |
702 | 710 | audit_enabled); |
703 | 711 | |
... | ... | @@ -707,13 +715,13 @@ |
707 | 715 | case AUDIT_LIST_RULES: |
708 | 716 | err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, |
709 | 717 | uid, seq, data, nlmsg_len(nlh), |
710 | - loginuid, sid); | |
718 | + loginuid, sessionid, sid); | |
711 | 719 | break; |
712 | 720 | case AUDIT_TRIM: |
713 | 721 | audit_trim_trees(); |
714 | 722 | |
715 | 723 | audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid, |
716 | - uid, loginuid, sid); | |
724 | + uid, loginuid, sessionid, sid); | |
717 | 725 | |
718 | 726 | audit_log_format(ab, " op=trim res=1"); |
719 | 727 | audit_log_end(ab); |
... | ... | @@ -745,7 +753,7 @@ |
745 | 753 | err = audit_tag_tree(old, new); |
746 | 754 | |
747 | 755 | audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid, |
748 | - uid, loginuid, sid); | |
756 | + uid, loginuid, sessionid, sid); | |
749 | 757 | |
750 | 758 | audit_log_format(ab, " op=make_equiv old="); |
751 | 759 | audit_log_untrustedstring(ab, old); |
kernel/auditfilter.c
... | ... | @@ -1500,8 +1500,9 @@ |
1500 | 1500 | } |
1501 | 1501 | |
1502 | 1502 | /* Log rule additions and removals */ |
1503 | -static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action, | |
1504 | - struct audit_krule *rule, int res) | |
1503 | +static void audit_log_rule_change(uid_t loginuid, u32 sessionid, u32 sid, | |
1504 | + char *action, struct audit_krule *rule, | |
1505 | + int res) | |
1505 | 1506 | { |
1506 | 1507 | struct audit_buffer *ab; |
1507 | 1508 | |
... | ... | @@ -1511,7 +1512,7 @@ |
1511 | 1512 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); |
1512 | 1513 | if (!ab) |
1513 | 1514 | return; |
1514 | - audit_log_format(ab, "auid=%u", loginuid); | |
1515 | + audit_log_format(ab, "auid=%u ses=%u", loginuid, sessionid); | |
1515 | 1516 | if (sid) { |
1516 | 1517 | char *ctx = NULL; |
1517 | 1518 | u32 len; |
... | ... | @@ -1543,7 +1544,7 @@ |
1543 | 1544 | * @sid: SE Linux Security ID of sender |
1544 | 1545 | */ |
1545 | 1546 | int audit_receive_filter(int type, int pid, int uid, int seq, void *data, |
1546 | - size_t datasz, uid_t loginuid, u32 sid) | |
1547 | + size_t datasz, uid_t loginuid, u32 sessionid, u32 sid) | |
1547 | 1548 | { |
1548 | 1549 | struct task_struct *tsk; |
1549 | 1550 | struct audit_netlink_list *dest; |
... | ... | @@ -1590,7 +1591,8 @@ |
1590 | 1591 | |
1591 | 1592 | err = audit_add_rule(entry, |
1592 | 1593 | &audit_filter_list[entry->rule.listnr]); |
1593 | - audit_log_rule_change(loginuid, sid, "add", &entry->rule, !err); | |
1594 | + audit_log_rule_change(loginuid, sessionid, sid, "add", | |
1595 | + &entry->rule, !err); | |
1594 | 1596 | |
1595 | 1597 | if (err) |
1596 | 1598 | audit_free_rule(entry); |
... | ... | @@ -1606,8 +1608,8 @@ |
1606 | 1608 | |
1607 | 1609 | err = audit_del_rule(entry, |
1608 | 1610 | &audit_filter_list[entry->rule.listnr]); |
1609 | - audit_log_rule_change(loginuid, sid, "remove", &entry->rule, | |
1610 | - !err); | |
1611 | + audit_log_rule_change(loginuid, sessionid, sid, "remove", | |
1612 | + &entry->rule, !err); | |
1611 | 1613 | |
1612 | 1614 | audit_free_rule(entry); |
1613 | 1615 | break; |
net/key/af_key.c
... | ... | @@ -1498,7 +1498,8 @@ |
1498 | 1498 | err = xfrm_state_update(x); |
1499 | 1499 | |
1500 | 1500 | xfrm_audit_state_add(x, err ? 0 : 1, |
1501 | - audit_get_loginuid(current), 0); | |
1501 | + audit_get_loginuid(current), | |
1502 | + audit_get_sessionid(current), 0); | |
1502 | 1503 | |
1503 | 1504 | if (err < 0) { |
1504 | 1505 | x->km.state = XFRM_STATE_DEAD; |
... | ... | @@ -1552,7 +1553,8 @@ |
1552 | 1553 | km_state_notify(x, &c); |
1553 | 1554 | out: |
1554 | 1555 | xfrm_audit_state_delete(x, err ? 0 : 1, |
1555 | - audit_get_loginuid(current), 0); | |
1556 | + audit_get_loginuid(current), | |
1557 | + audit_get_sessionid(current), 0); | |
1556 | 1558 | xfrm_state_put(x); |
1557 | 1559 | |
1558 | 1560 | return err; |
... | ... | @@ -1728,6 +1730,7 @@ |
1728 | 1730 | return -EINVAL; |
1729 | 1731 | |
1730 | 1732 | audit_info.loginuid = audit_get_loginuid(current); |
1733 | + audit_info.sessionid = audit_get_sessionid(current); | |
1731 | 1734 | audit_info.secid = 0; |
1732 | 1735 | err = xfrm_state_flush(proto, &audit_info); |
1733 | 1736 | if (err) |
... | ... | @@ -2324,7 +2327,8 @@ |
2324 | 2327 | hdr->sadb_msg_type != SADB_X_SPDUPDATE); |
2325 | 2328 | |
2326 | 2329 | xfrm_audit_policy_add(xp, err ? 0 : 1, |
2327 | - audit_get_loginuid(current), 0); | |
2330 | + audit_get_loginuid(current), | |
2331 | + audit_get_sessionid(current), 0); | |
2328 | 2332 | |
2329 | 2333 | if (err) |
2330 | 2334 | goto out; |
... | ... | @@ -2406,7 +2410,8 @@ |
2406 | 2410 | return -ENOENT; |
2407 | 2411 | |
2408 | 2412 | xfrm_audit_policy_delete(xp, err ? 0 : 1, |
2409 | - audit_get_loginuid(current), 0); | |
2413 | + audit_get_loginuid(current), | |
2414 | + audit_get_sessionid(current), 0); | |
2410 | 2415 | |
2411 | 2416 | if (err) |
2412 | 2417 | goto out; |
... | ... | @@ -2667,7 +2672,8 @@ |
2667 | 2672 | |
2668 | 2673 | if (delete) { |
2669 | 2674 | xfrm_audit_policy_delete(xp, err ? 0 : 1, |
2670 | - audit_get_loginuid(current), 0); | |
2675 | + audit_get_loginuid(current), | |
2676 | + audit_get_sessionid(current), 0); | |
2671 | 2677 | |
2672 | 2678 | if (err) |
2673 | 2679 | goto out; |
... | ... | @@ -2767,6 +2773,7 @@ |
2767 | 2773 | int err; |
2768 | 2774 | |
2769 | 2775 | audit_info.loginuid = audit_get_loginuid(current); |
2776 | + audit_info.sessionid = audit_get_sessionid(current); | |
2770 | 2777 | audit_info.secid = 0; |
2771 | 2778 | err = xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info); |
2772 | 2779 | if (err) |
net/netlabel/netlabel_unlabeled.c
... | ... | @@ -1780,6 +1780,7 @@ |
1780 | 1780 | * messages so don't worry to much about these values. */ |
1781 | 1781 | security_task_getsecid(current, &audit_info.secid); |
1782 | 1782 | audit_info.loginuid = 0; |
1783 | + audit_info.sessionid = 0; | |
1783 | 1784 | |
1784 | 1785 | entry = kzalloc(sizeof(*entry), GFP_KERNEL); |
1785 | 1786 | if (entry == NULL) |
net/netlabel/netlabel_user.c
... | ... | @@ -107,7 +107,9 @@ |
107 | 107 | if (audit_buf == NULL) |
108 | 108 | return NULL; |
109 | 109 | |
110 | - audit_log_format(audit_buf, "netlabel: auid=%u", audit_info->loginuid); | |
110 | + audit_log_format(audit_buf, "netlabel: auid=%u ses=%u", | |
111 | + audit_info->loginuid, | |
112 | + audit_info->sessionid); | |
111 | 113 | |
112 | 114 | if (audit_info->secid != 0 && |
113 | 115 | security_secid_to_secctx(audit_info->secid, |
net/netlabel/netlabel_user.h
net/netlink/af_netlink.c
... | ... | @@ -1248,6 +1248,7 @@ |
1248 | 1248 | NETLINK_CB(skb).pid = nlk->pid; |
1249 | 1249 | NETLINK_CB(skb).dst_group = dst_group; |
1250 | 1250 | NETLINK_CB(skb).loginuid = audit_get_loginuid(current); |
1251 | + NETLINK_CB(skb).sessionid = audit_get_sessionid(current); | |
1251 | 1252 | security_task_getsecid(current, &(NETLINK_CB(skb).sid)); |
1252 | 1253 | memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); |
1253 | 1254 |
net/xfrm/xfrm_policy.c
... | ... | @@ -762,6 +762,7 @@ |
762 | 762 | if (err) { |
763 | 763 | xfrm_audit_policy_delete(pol, 0, |
764 | 764 | audit_info->loginuid, |
765 | + audit_info->sessionid, | |
765 | 766 | audit_info->secid); |
766 | 767 | return err; |
767 | 768 | } |
... | ... | @@ -777,6 +778,7 @@ |
777 | 778 | if (err) { |
778 | 779 | xfrm_audit_policy_delete(pol, 0, |
779 | 780 | audit_info->loginuid, |
781 | + audit_info->sessionid, | |
780 | 782 | audit_info->secid); |
781 | 783 | return err; |
782 | 784 | } |
... | ... | @@ -819,6 +821,7 @@ |
819 | 821 | write_unlock_bh(&xfrm_policy_lock); |
820 | 822 | |
821 | 823 | xfrm_audit_policy_delete(pol, 1, audit_info->loginuid, |
824 | + audit_info->sessionid, | |
822 | 825 | audit_info->secid); |
823 | 826 | |
824 | 827 | xfrm_policy_kill(pol); |
... | ... | @@ -841,6 +844,7 @@ |
841 | 844 | |
842 | 845 | xfrm_audit_policy_delete(pol, 1, |
843 | 846 | audit_info->loginuid, |
847 | + audit_info->sessionid, | |
844 | 848 | audit_info->secid); |
845 | 849 | xfrm_policy_kill(pol); |
846 | 850 | killed++; |
847 | 851 | |
... | ... | @@ -2472,14 +2476,14 @@ |
2472 | 2476 | } |
2473 | 2477 | |
2474 | 2478 | void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, |
2475 | - u32 auid, u32 secid) | |
2479 | + uid_t auid, u32 sessionid, u32 secid) | |
2476 | 2480 | { |
2477 | 2481 | struct audit_buffer *audit_buf; |
2478 | 2482 | |
2479 | 2483 | audit_buf = xfrm_audit_start("SPD-add"); |
2480 | 2484 | if (audit_buf == NULL) |
2481 | 2485 | return; |
2482 | - xfrm_audit_helper_usrinfo(auid, secid, audit_buf); | |
2486 | + xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf); | |
2483 | 2487 | audit_log_format(audit_buf, " res=%u", result); |
2484 | 2488 | xfrm_audit_common_policyinfo(xp, audit_buf); |
2485 | 2489 | audit_log_end(audit_buf); |
2486 | 2490 | |
... | ... | @@ -2487,14 +2491,14 @@ |
2487 | 2491 | EXPORT_SYMBOL_GPL(xfrm_audit_policy_add); |
2488 | 2492 | |
2489 | 2493 | void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, |
2490 | - u32 auid, u32 secid) | |
2494 | + uid_t auid, u32 sessionid, u32 secid) | |
2491 | 2495 | { |
2492 | 2496 | struct audit_buffer *audit_buf; |
2493 | 2497 | |
2494 | 2498 | audit_buf = xfrm_audit_start("SPD-delete"); |
2495 | 2499 | if (audit_buf == NULL) |
2496 | 2500 | return; |
2497 | - xfrm_audit_helper_usrinfo(auid, secid, audit_buf); | |
2501 | + xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf); | |
2498 | 2502 | audit_log_format(audit_buf, " res=%u", result); |
2499 | 2503 | xfrm_audit_common_policyinfo(xp, audit_buf); |
2500 | 2504 | audit_log_end(audit_buf); |
net/xfrm/xfrm_state.c
... | ... | @@ -496,7 +496,8 @@ |
496 | 496 | km_state_expired(x, 1, 0); |
497 | 497 | |
498 | 498 | xfrm_audit_state_delete(x, err ? 0 : 1, |
499 | - audit_get_loginuid(current), 0); | |
499 | + audit_get_loginuid(current), | |
500 | + audit_get_sessionid(current), 0); | |
500 | 501 | |
501 | 502 | out: |
502 | 503 | spin_unlock(&x->lock); |
... | ... | @@ -603,6 +604,7 @@ |
603 | 604 | (err = security_xfrm_state_delete(x)) != 0) { |
604 | 605 | xfrm_audit_state_delete(x, 0, |
605 | 606 | audit_info->loginuid, |
607 | + audit_info->sessionid, | |
606 | 608 | audit_info->secid); |
607 | 609 | return err; |
608 | 610 | } |
... | ... | @@ -641,6 +643,7 @@ |
641 | 643 | err = xfrm_state_delete(x); |
642 | 644 | xfrm_audit_state_delete(x, err ? 0 : 1, |
643 | 645 | audit_info->loginuid, |
646 | + audit_info->sessionid, | |
644 | 647 | audit_info->secid); |
645 | 648 | xfrm_state_put(x); |
646 | 649 | |
647 | 650 | |
... | ... | @@ -2123,14 +2126,14 @@ |
2123 | 2126 | } |
2124 | 2127 | |
2125 | 2128 | void xfrm_audit_state_add(struct xfrm_state *x, int result, |
2126 | - u32 auid, u32 secid) | |
2129 | + uid_t auid, u32 sessionid, u32 secid) | |
2127 | 2130 | { |
2128 | 2131 | struct audit_buffer *audit_buf; |
2129 | 2132 | |
2130 | 2133 | audit_buf = xfrm_audit_start("SAD-add"); |
2131 | 2134 | if (audit_buf == NULL) |
2132 | 2135 | return; |
2133 | - xfrm_audit_helper_usrinfo(auid, secid, audit_buf); | |
2136 | + xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf); | |
2134 | 2137 | xfrm_audit_helper_sainfo(x, audit_buf); |
2135 | 2138 | audit_log_format(audit_buf, " res=%u", result); |
2136 | 2139 | audit_log_end(audit_buf); |
2137 | 2140 | |
... | ... | @@ -2138,14 +2141,14 @@ |
2138 | 2141 | EXPORT_SYMBOL_GPL(xfrm_audit_state_add); |
2139 | 2142 | |
2140 | 2143 | void xfrm_audit_state_delete(struct xfrm_state *x, int result, |
2141 | - u32 auid, u32 secid) | |
2144 | + uid_t auid, u32 sessionid, u32 secid) | |
2142 | 2145 | { |
2143 | 2146 | struct audit_buffer *audit_buf; |
2144 | 2147 | |
2145 | 2148 | audit_buf = xfrm_audit_start("SAD-delete"); |
2146 | 2149 | if (audit_buf == NULL) |
2147 | 2150 | return; |
2148 | - xfrm_audit_helper_usrinfo(auid, secid, audit_buf); | |
2151 | + xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf); | |
2149 | 2152 | xfrm_audit_helper_sainfo(x, audit_buf); |
2150 | 2153 | audit_log_format(audit_buf, " res=%u", result); |
2151 | 2154 | audit_log_end(audit_buf); |
net/xfrm/xfrm_user.c
... | ... | @@ -407,6 +407,9 @@ |
407 | 407 | struct xfrm_state *x; |
408 | 408 | int err; |
409 | 409 | struct km_event c; |
410 | + uid_t loginuid = NETLINK_CB(skb).loginuid; | |
411 | + u32 sessionid = NETLINK_CB(skb).sessionid; | |
412 | + u32 sid = NETLINK_CB(skb).sid; | |
410 | 413 | |
411 | 414 | err = verify_newsa_info(p, attrs); |
412 | 415 | if (err) |
... | ... | @@ -422,8 +425,7 @@ |
422 | 425 | else |
423 | 426 | err = xfrm_state_update(x); |
424 | 427 | |
425 | - xfrm_audit_state_add(x, err ? 0 : 1, NETLINK_CB(skb).loginuid, | |
426 | - NETLINK_CB(skb).sid); | |
428 | + xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid, sid); | |
427 | 429 | |
428 | 430 | if (err < 0) { |
429 | 431 | x->km.state = XFRM_STATE_DEAD; |
... | ... | @@ -478,6 +480,9 @@ |
478 | 480 | int err = -ESRCH; |
479 | 481 | struct km_event c; |
480 | 482 | struct xfrm_usersa_id *p = nlmsg_data(nlh); |
483 | + uid_t loginuid = NETLINK_CB(skb).loginuid; | |
484 | + u32 sessionid = NETLINK_CB(skb).sessionid; | |
485 | + u32 sid = NETLINK_CB(skb).sid; | |
481 | 486 | |
482 | 487 | x = xfrm_user_state_lookup(p, attrs, &err); |
483 | 488 | if (x == NULL) |
... | ... | @@ -502,8 +507,7 @@ |
502 | 507 | km_state_notify(x, &c); |
503 | 508 | |
504 | 509 | out: |
505 | - xfrm_audit_state_delete(x, err ? 0 : 1, NETLINK_CB(skb).loginuid, | |
506 | - NETLINK_CB(skb).sid); | |
510 | + xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid, sid); | |
507 | 511 | xfrm_state_put(x); |
508 | 512 | return err; |
509 | 513 | } |
... | ... | @@ -1123,6 +1127,9 @@ |
1123 | 1127 | struct km_event c; |
1124 | 1128 | int err; |
1125 | 1129 | int excl; |
1130 | + uid_t loginuid = NETLINK_CB(skb).loginuid; | |
1131 | + u32 sessionid = NETLINK_CB(skb).sessionid; | |
1132 | + u32 sid = NETLINK_CB(skb).sid; | |
1126 | 1133 | |
1127 | 1134 | err = verify_newpolicy_info(p); |
1128 | 1135 | if (err) |
... | ... | @@ -1141,8 +1148,7 @@ |
1141 | 1148 | * a type XFRM_MSG_UPDPOLICY - JHS */ |
1142 | 1149 | excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; |
1143 | 1150 | err = xfrm_policy_insert(p->dir, xp, excl); |
1144 | - xfrm_audit_policy_add(xp, err ? 0 : 1, NETLINK_CB(skb).loginuid, | |
1145 | - NETLINK_CB(skb).sid); | |
1151 | + xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid, sid); | |
1146 | 1152 | |
1147 | 1153 | if (err) { |
1148 | 1154 | security_xfrm_policy_free(xp->security); |
1149 | 1155 | |
... | ... | @@ -1371,10 +1377,13 @@ |
1371 | 1377 | NETLINK_CB(skb).pid); |
1372 | 1378 | } |
1373 | 1379 | } else { |
1374 | - xfrm_audit_policy_delete(xp, err ? 0 : 1, | |
1375 | - NETLINK_CB(skb).loginuid, | |
1376 | - NETLINK_CB(skb).sid); | |
1380 | + uid_t loginuid = NETLINK_CB(skb).loginuid; | |
1381 | + u32 sessionid = NETLINK_CB(skb).sessionid; | |
1382 | + u32 sid = NETLINK_CB(skb).sid; | |
1377 | 1383 | |
1384 | + xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid, | |
1385 | + sid); | |
1386 | + | |
1378 | 1387 | if (err != 0) |
1379 | 1388 | goto out; |
1380 | 1389 | |
... | ... | @@ -1399,6 +1408,7 @@ |
1399 | 1408 | int err; |
1400 | 1409 | |
1401 | 1410 | audit_info.loginuid = NETLINK_CB(skb).loginuid; |
1411 | + audit_info.sessionid = NETLINK_CB(skb).sessionid; | |
1402 | 1412 | audit_info.secid = NETLINK_CB(skb).sid; |
1403 | 1413 | err = xfrm_state_flush(p->proto, &audit_info); |
1404 | 1414 | if (err) |
... | ... | @@ -1546,6 +1556,7 @@ |
1546 | 1556 | return err; |
1547 | 1557 | |
1548 | 1558 | audit_info.loginuid = NETLINK_CB(skb).loginuid; |
1559 | + audit_info.sessionid = NETLINK_CB(skb).sessionid; | |
1549 | 1560 | audit_info.secid = NETLINK_CB(skb).sid; |
1550 | 1561 | err = xfrm_policy_flush(type, &audit_info); |
1551 | 1562 | if (err) |
1552 | 1563 | |
... | ... | @@ -1604,9 +1615,11 @@ |
1604 | 1615 | read_unlock(&xp->lock); |
1605 | 1616 | err = 0; |
1606 | 1617 | if (up->hard) { |
1618 | + uid_t loginuid = NETLINK_CB(skb).loginuid; | |
1619 | + uid_t sessionid = NETLINK_CB(skb).sessionid; | |
1620 | + u32 sid = NETLINK_CB(skb).sid; | |
1607 | 1621 | xfrm_policy_delete(xp, p->dir); |
1608 | - xfrm_audit_policy_delete(xp, 1, NETLINK_CB(skb).loginuid, | |
1609 | - NETLINK_CB(skb).sid); | |
1622 | + xfrm_audit_policy_delete(xp, 1, loginuid, sessionid, sid); | |
1610 | 1623 | |
1611 | 1624 | } else { |
1612 | 1625 | // reset the timers here? |
1613 | 1626 | |
... | ... | @@ -1640,9 +1653,11 @@ |
1640 | 1653 | km_state_expired(x, ue->hard, current->pid); |
1641 | 1654 | |
1642 | 1655 | if (ue->hard) { |
1656 | + uid_t loginuid = NETLINK_CB(skb).loginuid; | |
1657 | + uid_t sessionid = NETLINK_CB(skb).sessionid; | |
1658 | + u32 sid = NETLINK_CB(skb).sid; | |
1643 | 1659 | __xfrm_state_delete(x); |
1644 | - xfrm_audit_state_delete(x, 1, NETLINK_CB(skb).loginuid, | |
1645 | - NETLINK_CB(skb).sid); | |
1660 | + xfrm_audit_state_delete(x, 1, loginuid, sessionid, sid); | |
1646 | 1661 | } |
1647 | 1662 | err = 0; |
1648 | 1663 | out: |
security/smack/smackfs.c
... | ... | @@ -324,6 +324,7 @@ |
324 | 324 | struct netlbl_audit audit_info; |
325 | 325 | |
326 | 326 | audit_info.loginuid = audit_get_loginuid(current); |
327 | + audit_info.sessionid = audit_get_sessionid(current); | |
327 | 328 | audit_info.secid = smack_to_secid(current->security); |
328 | 329 | |
329 | 330 | rc = netlbl_cfg_map_del(NULL, &audit_info); |
... | ... | @@ -356,6 +357,7 @@ |
356 | 357 | struct netlbl_audit audit_info; |
357 | 358 | |
358 | 359 | audit_info.loginuid = audit_get_loginuid(current); |
360 | + audit_info.sessionid = audit_get_sessionid(current); | |
359 | 361 | audit_info.secid = smack_to_secid(current->security); |
360 | 362 | |
361 | 363 | if (oldambient != NULL) { |