summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-04-18 10:09:25 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2008-04-28 06:18:03 -0400
commit2532386f480eefbdd67b48be55fb4fb3e5a6081c (patch)
treedd6a5a3c4116a67380a1336319c16632f04f80f9 /include
parent436c405c7d19455a71f42c9bec5fd5e028f1eb4e (diff)
downloadop-kernel-dev-2532386f480eefbdd67b48be55fb4fb3e5a6081c.zip
op-kernel-dev-2532386f480eefbdd67b48be55fb4fb3e5a6081c.tar.gz
Audit: collect sessionid in netlink messages
Previously I added sessionid output to all audit messages where it was available but we still didn't know the sessionid of the sender of netlink messages. This patch adds that information to netlink messages so we can audit who sent netlink messages. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'include')
-rw-r--r--include/linux/audit.h3
-rw-r--r--include/linux/netlink.h1
-rw-r--r--include/linux/tty.h4
-rw-r--r--include/net/netlabel.h1
-rw-r--r--include/net/xfrm.h23
5 files changed, 18 insertions, 14 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 4ccb048..25f6ae3 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -569,7 +569,8 @@ extern int audit_update_lsm_rules(void);
extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
extern int audit_filter_type(int type);
extern int audit_receive_filter(int type, int pid, int uid, int seq,
- void *data, size_t datasz, uid_t loginuid, u32 sid);
+ void *data, size_t datasz, uid_t loginuid,
+ u32 sessionid, u32 sid);
extern int audit_enabled;
#else
#define audit_log(c,g,t,f,...) do { ; } while (0)
diff --git a/include/linux/netlink.h b/include/linux/netlink.h
index fb0713b..bec1062 100644
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -166,6 +166,7 @@ struct netlink_skb_parms
__u32 dst_group;
kernel_cap_t eff_cap;
__u32 loginuid; /* Login (audit) uid */
+ __u32 sessionid; /* Session id (audit) */
__u32 sid; /* SELinux security id */
};
diff --git a/include/linux/tty.h b/include/linux/tty.h
index dd8e08f..4306245 100644
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -351,7 +351,7 @@ extern void tty_audit_add_data(struct tty_struct *tty, unsigned char *data,
extern void tty_audit_exit(void);
extern void tty_audit_fork(struct signal_struct *sig);
extern void tty_audit_push(struct tty_struct *tty);
-extern void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid);
+extern void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid);
extern void tty_audit_opening(void);
#else
static inline void tty_audit_add_data(struct tty_struct *tty,
@@ -367,7 +367,7 @@ static inline void tty_audit_fork(struct signal_struct *sig)
static inline void tty_audit_push(struct tty_struct *tty)
{
}
-static inline void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid)
+static inline void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)
{
}
static inline void tty_audit_opening(void)
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 5e53a85..e4d2d6b 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -103,6 +103,7 @@ struct cipso_v4_doi;
struct netlbl_audit {
u32 secid;
uid_t loginuid;
+ u32 sessionid;
};
/*
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index baa9f37..d1350bc 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -597,8 +597,9 @@ struct xfrm_spi_skb_cb {
/* Audit Information */
struct xfrm_audit
{
- u32 loginuid;
u32 secid;
+ uid_t loginuid;
+ u32 sessionid;
};
#ifdef CONFIG_AUDITSYSCALL
@@ -616,13 +617,13 @@ static inline struct audit_buffer *xfrm_audit_start(const char *op)
return audit_buf;
}
-static inline void xfrm_audit_helper_usrinfo(u32 auid, u32 secid,
+static inline void xfrm_audit_helper_usrinfo(uid_t auid, u32 ses, u32 secid,
struct audit_buffer *audit_buf)
{
char *secctx;
u32 secctx_len;
- audit_log_format(audit_buf, " auid=%u", auid);
+ audit_log_format(audit_buf, " auid=%u ses=%u", auid, ses);
if (secid != 0 &&
security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) {
audit_log_format(audit_buf, " subj=%s", secctx);
@@ -632,13 +633,13 @@ static inline void xfrm_audit_helper_usrinfo(u32 auid, u32 secid,
}
extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
- u32 auid, u32 secid);
+ u32 auid, u32 ses, u32 secid);
extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
- u32 auid, u32 secid);
+ u32 auid, u32 ses, u32 secid);
extern void xfrm_audit_state_add(struct xfrm_state *x, int result,
- u32 auid, u32 secid);
+ u32 auid, u32 ses, u32 secid);
extern void xfrm_audit_state_delete(struct xfrm_state *x, int result,
- u32 auid, u32 secid);
+ u32 auid, u32 ses, u32 secid);
extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
struct sk_buff *skb);
extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family);
@@ -647,10 +648,10 @@ extern void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
extern void xfrm_audit_state_icvfail(struct xfrm_state *x,
struct sk_buff *skb, u8 proto);
#else
-#define xfrm_audit_policy_add(x, r, a, s) do { ; } while (0)
-#define xfrm_audit_policy_delete(x, r, a, s) do { ; } while (0)
-#define xfrm_audit_state_add(x, r, a, s) do { ; } while (0)
-#define xfrm_audit_state_delete(x, r, a, s) do { ; } while (0)
+#define xfrm_audit_policy_add(x, r, a, se, s) do { ; } while (0)
+#define xfrm_audit_policy_delete(x, r, a, se, s) do { ; } while (0)
+#define xfrm_audit_state_add(x, r, a, se, s) do { ; } while (0)
+#define xfrm_audit_state_delete(x, r, a, se, s) do { ; } while (0)
#define xfrm_audit_state_replay_overflow(x, s) do { ; } while (0)
#define xfrm_audit_state_notfound_simple(s, f) do { ; } while (0)
#define xfrm_audit_state_notfound(s, f, sp, sq) do { ; } while (0)
OpenPOWER on IntegriCloud