[AUDIT] LOGIN message credentials

Attached is a new patch that solves the issue of getting valid credentials 
into the LOGIN message. The current code was assuming that the audit context 
had already been copied. This is not always the case for LOGIN messages.

To solve the problem, the patch passes the task struct to the function that 
emits the message where it can get valid credentials.

Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
This commit is contained in:
Steve Grubb 2005-04-29 17:30:07 +01:00 committed by
parent 37509e749d
commit 456be6cd90
3 changed files with 7 additions and 6 deletions

View file

@ -820,7 +820,7 @@ static ssize_t proc_loginuid_write(struct file * file, const char __user * buf,
goto out_free_page; goto out_free_page;
} }
length = audit_set_loginuid(task->audit_context, loginuid); length = audit_set_loginuid(task, loginuid);
if (likely(length == 0)) if (likely(length == 0))
length = count; length = count;

View file

@ -187,7 +187,7 @@ extern int audit_receive_filter(int type, int pid, int uid, int seq,
void *data, uid_t loginuid); void *data, uid_t loginuid);
extern void audit_get_stamp(struct audit_context *ctx, extern void audit_get_stamp(struct audit_context *ctx,
struct timespec *t, unsigned int *serial); struct timespec *t, unsigned int *serial);
extern int audit_set_loginuid(struct audit_context *ctx, uid_t loginuid); extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid);
extern uid_t audit_get_loginuid(struct audit_context *ctx); extern uid_t audit_get_loginuid(struct audit_context *ctx);
extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode);
#else #else

View file

@ -1010,20 +1010,21 @@ void audit_get_stamp(struct audit_context *ctx,
extern int audit_set_type(struct audit_buffer *ab, int type); extern int audit_set_type(struct audit_buffer *ab, int type);
int audit_set_loginuid(struct audit_context *ctx, uid_t loginuid) int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
{ {
if (ctx) { if (task->audit_context) {
struct audit_buffer *ab; struct audit_buffer *ab;
ab = audit_log_start(NULL); ab = audit_log_start(NULL);
if (ab) { if (ab) {
audit_log_format(ab, "login pid=%d uid=%u " audit_log_format(ab, "login pid=%d uid=%u "
"old loginuid=%u new loginuid=%u", "old loginuid=%u new loginuid=%u",
ctx->pid, ctx->uid, ctx->loginuid, loginuid); task->pid, task->uid,
task->audit_context->loginuid, loginuid);
audit_set_type(ab, AUDIT_LOGIN); audit_set_type(ab, AUDIT_LOGIN);
audit_log_end(ab); audit_log_end(ab);
} }
ctx->loginuid = loginuid; task->audit_context->loginuid = loginuid;
} }
return 0; return 0;
} }