[PATCH] LOGIN message credentials
Chris Wright
chrisw at osdl.org
Mon Apr 25 17:55:51 UTC 2005
* Steve Grubb (sgrubb at redhat.com) wrote:
> Attached is a new patch that solves the issue of getting valid credentials
> into the LOGIN message. The current code was assuming that the audit context
> had already been copied. This is not always the case for LOGIN messages.
>
> To solve the problem, the patch passes the task struct to the function that
> emits the message where it can get valid credentials.
This doesn't look right (and it doesn't apply to a current tree).
Here's what I think should go upstream?
thanks,
-chris
> diff -urB linux-2.6.9.orig/kernel/auditsc.c linux-2.6.9/kernel/auditsc.c
> --- linux-2.6.9.orig/kernel/auditsc.c 2005-04-25 13:09:43.920801480 -0400
> +++ linux-2.6.9/kernel/auditsc.c 2005-04-25 13:18:02.023078424 -0400
> @@ -1039,20 +1039,22 @@
>
> extern int audit_set_type(struct audit_buffer *ab, int type);
>
> -int audit_set_loginuid(struct audit_context *ctx, uid_t loginuid)
> +int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
> {
Could just introduce a local here, eliminate some changes, keeps derefs
to a dull roar ;-)
> - if (ctx) {
> + if (task->audit_context) {
> struct audit_buffer *ab;
>
> ab = audit_log_start(NULL);
> if (ab) {
> audit_log_format(ab, "login pid=%d uid=%u "
> "old loginuid=%u new loginuid=%u",
> - ctx->pid, ctx->uid, ctx->loginuid, loginuid);
> + task->audit_context->pid,
> + task->audit_context->uid,
This just propagated the bug ;-)
-
Pass task struct to audit_set_loginuid() to allow audit message to
accurately record pid and uid for cases when audit_context has yet to
be setup while setting loginuid. Originally from Steve Grubb.
Signed-off-by: Steve Grubb <sgrubb at redhat.com>
Signed-off-by: Chris Wright <chrisw at osdl.org>
---
fs/proc/base.c: 39fd336cfdb9ca68c354a22f432e74c63a9bf732
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -820,7 +820,7 @@ static ssize_t proc_loginuid_write(struc
goto out_free_page;
}
- length = audit_set_loginuid(task->audit_context, loginuid);
+ length = audit_set_loginuid(task, loginuid);
if (likely(length == 0))
length = count;
include/linux/audit.h: 3628f7cfb1789c16ff9e5f6d20e76e9b6d69672e
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -147,7 +147,7 @@ extern int audit_receive_filter(int typ
void *data);
extern void audit_get_stamp(struct audit_context *ctx,
struct timespec *t, int *serial);
-extern int audit_set_loginuid(struct audit_context *ctx, uid_t loginuid);
+extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid);
extern uid_t audit_get_loginuid(struct audit_context *ctx);
extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode);
#else
kernel/auditsc.c: 6f1931381bc9eae1ff454c943036c5b077c4a8a6
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -996,8 +996,10 @@ void audit_get_stamp(struct audit_contex
extern int audit_set_type(struct audit_buffer *ab, int type);
-int audit_set_loginuid(struct audit_context *ctx, uid_t loginuid)
+int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
{
+ struct audit_context *ctx = task->audit_context;
+
if (ctx) {
struct audit_buffer *ab;
@@ -1005,7 +1007,7 @@ int audit_set_loginuid(struct audit_cont
if (ab) {
audit_log_format(ab, "login pid=%d uid=%u "
"old loginuid=%u new loginuid=%u",
- ctx->pid, ctx->uid, ctx->loginuid, loginuid);
+ task->pid, task->uid, ctx->loginuid, loginuid);
audit_set_type(ab, AUDIT_LOGIN);
audit_log_end(ab);
}
More information about the Linux-audit
mailing list