2 * Creating audit events from TTY input.
4 * Copyright (C) 2007 Red Hat, Inc. All rights reserved. This copyrighted
5 * material is made available to anyone wishing to use, modify, copy, or
6 * redistribute it subject to the terms and conditions of the GNU General
9 * Authors: Miloslav Trmac <mitr@redhat.com>
12 #include <linux/audit.h>
13 #include <linux/file.h>
14 #include <linux/fdtable.h>
15 #include <linux/tty.h>
17 struct tty_audit_buf {
19 struct mutex mutex; /* Protects all data below */
20 int major, minor; /* The TTY which the data is from */
23 unsigned char *data; /* Allocated size N_TTY_BUF_SIZE */
26 static struct tty_audit_buf *tty_audit_buf_alloc(int major, int minor,
29 struct tty_audit_buf *buf;
31 buf = kmalloc(sizeof(*buf), GFP_KERNEL);
34 if (PAGE_SIZE != N_TTY_BUF_SIZE)
35 buf->data = kmalloc(N_TTY_BUF_SIZE, GFP_KERNEL);
37 buf->data = (unsigned char *)__get_free_page(GFP_KERNEL);
40 atomic_set(&buf->count, 1);
41 mutex_init(&buf->mutex);
54 static void tty_audit_buf_free(struct tty_audit_buf *buf)
56 WARN_ON(buf->valid != 0);
57 if (PAGE_SIZE != N_TTY_BUF_SIZE)
60 free_page((unsigned long)buf->data);
64 static void tty_audit_buf_put(struct tty_audit_buf *buf)
66 if (atomic_dec_and_test(&buf->count))
67 tty_audit_buf_free(buf);
70 static void tty_audit_log(const char *description, struct task_struct *tsk,
71 uid_t loginuid, unsigned sessionid, int major,
72 int minor, unsigned char *data, size_t size)
74 struct audit_buffer *ab;
76 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY);
78 char name[sizeof(tsk->comm)];
79 uid_t uid = task_uid(tsk);
81 audit_log_format(ab, "%s pid=%u uid=%u auid=%u ses=%u "
82 "major=%d minor=%d comm=", description,
83 tsk->pid, uid, loginuid, sessionid,
85 get_task_comm(name, tsk);
86 audit_log_untrustedstring(ab, name);
87 audit_log_format(ab, " data=");
88 audit_log_n_hex(ab, data, size);
94 * tty_audit_buf_push - Push buffered data out
96 * Generate an audit message from the contents of @buf, which is owned by
97 * @tsk with @loginuid. @buf->mutex must be locked.
99 static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
100 unsigned int sessionid,
101 struct tty_audit_buf *buf)
105 if (audit_enabled == 0)
107 tty_audit_log("tty", tsk, loginuid, sessionid, buf->major, buf->minor,
108 buf->data, buf->valid);
113 * tty_audit_buf_push_current - Push buffered data out
115 * Generate an audit message from the contents of @buf, which is owned by
116 * the current task. @buf->mutex must be locked.
118 static void tty_audit_buf_push_current(struct tty_audit_buf *buf)
120 uid_t auid = audit_get_loginuid(current);
121 unsigned int sessionid = audit_get_sessionid(current);
122 tty_audit_buf_push(current, auid, sessionid, buf);
126 * tty_audit_exit - Handle a task exit
128 * Make sure all buffered data is written out and deallocate the buffer.
129 * Only needs to be called if current->signal->tty_audit_buf != %NULL.
131 void tty_audit_exit(void)
133 struct tty_audit_buf *buf;
135 spin_lock_irq(¤t->sighand->siglock);
136 buf = current->signal->tty_audit_buf;
137 current->signal->tty_audit_buf = NULL;
138 spin_unlock_irq(¤t->sighand->siglock);
142 mutex_lock(&buf->mutex);
143 tty_audit_buf_push_current(buf);
144 mutex_unlock(&buf->mutex);
146 tty_audit_buf_put(buf);
150 * tty_audit_fork - Copy TTY audit state for a new task
152 * Set up TTY audit state in @sig from current. @sig needs no locking.
154 void tty_audit_fork(struct signal_struct *sig)
156 spin_lock_irq(¤t->sighand->siglock);
157 sig->audit_tty = current->signal->audit_tty;
158 spin_unlock_irq(¤t->sighand->siglock);
159 sig->tty_audit_buf = NULL;
163 * tty_audit_tiocsti - Log TIOCSTI
165 void tty_audit_tiocsti(struct tty_struct *tty, char ch)
167 struct tty_audit_buf *buf;
168 int major, minor, should_audit;
170 spin_lock_irq(¤t->sighand->siglock);
171 should_audit = current->signal->audit_tty;
172 buf = current->signal->tty_audit_buf;
174 atomic_inc(&buf->count);
175 spin_unlock_irq(¤t->sighand->siglock);
177 major = tty->driver->major;
178 minor = tty->driver->minor_start + tty->index;
180 mutex_lock(&buf->mutex);
181 if (buf->major == major && buf->minor == minor)
182 tty_audit_buf_push_current(buf);
183 mutex_unlock(&buf->mutex);
184 tty_audit_buf_put(buf);
187 if (should_audit && audit_enabled) {
189 unsigned int sessionid;
191 auid = audit_get_loginuid(current);
192 sessionid = audit_get_sessionid(current);
193 tty_audit_log("ioctl=TIOCSTI", current, auid, sessionid, major,
199 * tty_audit_push_task - Flush task's pending audit data
201 void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)
203 struct tty_audit_buf *buf;
205 spin_lock_irq(&tsk->sighand->siglock);
206 buf = tsk->signal->tty_audit_buf;
208 atomic_inc(&buf->count);
209 spin_unlock_irq(&tsk->sighand->siglock);
213 mutex_lock(&buf->mutex);
214 tty_audit_buf_push(tsk, loginuid, sessionid, buf);
215 mutex_unlock(&buf->mutex);
217 tty_audit_buf_put(buf);
221 * tty_audit_buf_get - Get an audit buffer.
223 * Get an audit buffer for @tty, allocate it if necessary. Return %NULL
224 * if TTY auditing is disabled or out of memory. Otherwise, return a new
225 * reference to the buffer.
227 static struct tty_audit_buf *tty_audit_buf_get(struct tty_struct *tty)
229 struct tty_audit_buf *buf, *buf2;
233 spin_lock_irq(¤t->sighand->siglock);
234 if (likely(!current->signal->audit_tty))
236 buf = current->signal->tty_audit_buf;
238 atomic_inc(&buf->count);
241 spin_unlock_irq(¤t->sighand->siglock);
243 buf2 = tty_audit_buf_alloc(tty->driver->major,
244 tty->driver->minor_start + tty->index,
247 audit_log_lost("out of memory in TTY auditing");
251 spin_lock_irq(¤t->sighand->siglock);
252 if (!current->signal->audit_tty)
254 buf = current->signal->tty_audit_buf;
256 current->signal->tty_audit_buf = buf2;
260 atomic_inc(&buf->count);
263 spin_unlock_irq(¤t->sighand->siglock);
265 tty_audit_buf_free(buf2);
270 * tty_audit_add_data - Add data for TTY auditing.
272 * Audit @data of @size from @tty, if necessary.
274 void tty_audit_add_data(struct tty_struct *tty, unsigned char *data,
277 struct tty_audit_buf *buf;
280 if (unlikely(size == 0))
283 if (tty->driver->type == TTY_DRIVER_TYPE_PTY
284 && tty->driver->subtype == PTY_TYPE_MASTER)
287 buf = tty_audit_buf_get(tty);
291 mutex_lock(&buf->mutex);
292 major = tty->driver->major;
293 minor = tty->driver->minor_start + tty->index;
294 if (buf->major != major || buf->minor != minor
295 || buf->icanon != tty->icanon) {
296 tty_audit_buf_push_current(buf);
299 buf->icanon = tty->icanon;
304 run = N_TTY_BUF_SIZE - buf->valid;
307 memcpy(buf->data + buf->valid, data, run);
311 if (buf->valid == N_TTY_BUF_SIZE)
312 tty_audit_buf_push_current(buf);
314 mutex_unlock(&buf->mutex);
315 tty_audit_buf_put(buf);
319 * tty_audit_push - Push buffered data out
321 * Make sure no audit data is pending for @tty on the current process.
323 void tty_audit_push(struct tty_struct *tty)
325 struct tty_audit_buf *buf;
327 spin_lock_irq(¤t->sighand->siglock);
328 if (likely(!current->signal->audit_tty)) {
329 spin_unlock_irq(¤t->sighand->siglock);
332 buf = current->signal->tty_audit_buf;
334 atomic_inc(&buf->count);
335 spin_unlock_irq(¤t->sighand->siglock);
340 major = tty->driver->major;
341 minor = tty->driver->minor_start + tty->index;
342 mutex_lock(&buf->mutex);
343 if (buf->major == major && buf->minor == minor)
344 tty_audit_buf_push_current(buf);
345 mutex_unlock(&buf->mutex);
346 tty_audit_buf_put(buf);
projects / mv-sheeva.git / blob