[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[RFC][PATCH] Move loginuid into task_struct



The attached patch moves the loginuid into the task_struct.  Is there
any reason not to do this?  Keeping it in the audit_context is
incompatible with the idea of only creating audit_contexts during an
auditable action.

The next patch I send out will again introduce /proc/$$/loginuid, and
initialize the loginuid to -1 at boot.

thanks,
-serge
-- 
Serge Hallyn <serue us ibm com>
Index: linux-2.6.11-rc1-bk5/include/linux/audit.h
===================================================================
--- linux-2.6.11-rc1-bk5.orig/include/linux/audit.h	2005-01-17 10:40:07.000000000 -0600
+++ linux-2.6.11-rc1-bk5/include/linux/audit.h	2005-01-17 10:46:10.000000000 -0600
@@ -154,7 +154,7 @@ extern int  audit_receive_filter(int typ
 				 void *data);
 extern void audit_get_stamp(struct audit_context *ctx,
 			    struct timespec *t, int *serial);
-extern int  audit_set_loginuid(struct audit_context *ctx, uid_t loginuid);
+extern int  audit_set_loginuid(struct task_struct *tsk, uid_t loginuid);
 #else
 #define audit_alloc(t) ({ 0; })
 #define audit_free(t) do { ; } while (0)
Index: linux-2.6.11-rc1-bk5/include/linux/sched.h
===================================================================
--- linux-2.6.11-rc1-bk5.orig/include/linux/sched.h	2005-01-17 10:40:07.000000000 -0600
+++ linux-2.6.11-rc1-bk5/include/linux/sched.h	2005-01-17 10:40:22.000000000 -0600
@@ -643,6 +643,7 @@ struct task_struct {
 	
 	void *security;
 	struct audit_context *audit_context;
+	uid_t loginuid;   /* login uid (for audit) */
 
 /* Thread group tracking */
    	u32 parent_exec_id;
Index: linux-2.6.11-rc1-bk5/kernel/audit.c
===================================================================
--- linux-2.6.11-rc1-bk5.orig/kernel/audit.c	2005-01-17 10:40:07.000000000 -0600
+++ linux-2.6.11-rc1-bk5/kernel/audit.c	2005-01-17 10:45:58.000000000 -0600
@@ -403,21 +403,8 @@ static int audit_receive_msg(struct sk_b
 		if (nlh->nlmsg_len < sizeof(struct audit_login))
 			return -EINVAL;
 		login = (struct audit_login *)data;
-		ab = audit_log_start(NULL);
-		if (ab) {
-			audit_log_format(ab, "login pid=%d uid=%d loginuid=%d"
-					 " length=%d msg='%.1024s'",
-					 pid, uid,
-					 login->loginuid,
-					 login->msglen,
-					 login->msg);
-			ab->type = AUDIT_LOGIN;
-			ab->pid  = pid;
-			audit_log_end(ab);
-		}
 #ifdef CONFIG_AUDITSYSCALL
-		err = audit_set_loginuid(current->audit_context,
-					 login->loginuid);
+		err = audit_set_loginuid(current, login->loginuid);
 #endif
 		break;
 	case AUDIT_ADD:
Index: linux-2.6.11-rc1-bk5/kernel/auditsc.c
===================================================================
--- linux-2.6.11-rc1-bk5.orig/kernel/auditsc.c	2005-01-17 10:40:14.000000000 -0600
+++ linux-2.6.11-rc1-bk5/kernel/auditsc.c	2005-01-17 10:54:01.000000000 -0600
@@ -98,7 +98,6 @@ struct audit_context {
 	enum audit_state    state;
 	unsigned int	    serial;     /* serial number for record */
 	struct timespec	    ctime;      /* time of syscall entry */
-	uid_t		    loginuid;   /* login uid (identity) */
 	int		    major;      /* syscall number */
 	unsigned long	    argv[4];    /* syscall arguments */
 	int		    return_valid; /* return code is valid */
@@ -366,9 +365,7 @@ static int audit_filter_rules(struct tas
 			}
 			break;
 		case AUDIT_LOGINUID:
-			result = 0;
-			if (ctx)
-				result = (ctx->loginuid == value);
+			result = (tsk->loginuid == value);
 			break;
 		case AUDIT_ARG0:
 		case AUDIT_ARG1:
@@ -507,11 +504,8 @@ static inline void audit_free_names(stru
 static inline void audit_zero_context(struct audit_context *context,
 				      enum audit_state state)
 {
-	uid_t loginuid = context->loginuid;
-
 	memset(context, 0, sizeof(*context));
 	context->state      = state;
-	context->loginuid   = loginuid;
 }
 
 static inline struct audit_context *audit_alloc_context(enum audit_state state)
@@ -533,6 +527,9 @@ int audit_alloc(struct task_struct *tsk)
 	struct audit_context *context;
 	enum audit_state     state;
 
+	/* Preserve login uid */
+	tsk->loginuid = current->loginuid;
+
 	if (likely(!audit_enabled))
 		return 0; /* Return if not auditing. */
 
@@ -545,11 +542,6 @@ int audit_alloc(struct task_struct *tsk)
 		return -ENOMEM;
 	}
 
-				/* Preserve login uid */
-	context->loginuid = -1;
-	if (tsk->audit_context)
-		context->loginuid = tsk->audit_context->loginuid;
-
 	tsk->audit_context  = context;
 	set_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT);
 	return 0;
@@ -577,7 +569,7 @@ static inline void audit_free_context(st
 		printk(KERN_ERR "audit: freed %d contexts\n", count);
 }
 
-static void audit_log_exit(struct audit_context *context)
+static void audit_log_exit(struct audit_context *context, uid_t loginuid)
 {
 	int i;
 	struct audit_buffer *ab;
@@ -601,7 +593,7 @@ static void audit_log_exit(struct audit_
 		  context->argv[3],
 		  context->name_count,
 		  context->pid,
-		  context->loginuid,
+		  loginuid,
 		  context->uid,
 		  context->gid,
 		  context->euid, context->suid, context->fsuid,
@@ -633,9 +625,11 @@ static void audit_log_exit(struct audit_
 void audit_free(struct task_struct *tsk)
 {
 	struct audit_context *context;
+	uid_t loginuid;
 
 	task_lock(tsk);
 	context = audit_get_context(tsk, 0, 0);
+	loginuid = tsk->loginuid;
 	task_unlock(tsk);
 
 	if (likely(!context))
@@ -644,7 +638,7 @@ void audit_free(struct task_struct *tsk)
 	/* Check for system calls that do not go through the exit
 	 * function (e.g., exit_group), then free context block. */
 	if (context->in_syscall && context->auditable)
-		audit_log_exit(context);
+		audit_log_exit(context, loginuid);
 
 	audit_free_context(context);
 }
@@ -766,10 +760,12 @@ void audit_syscall_entry(struct task_str
 void audit_syscall_exit(struct task_struct *tsk, int return_code)
 {
 	struct audit_context *context;
+	uid_t loginuid;
 
 	get_task_struct(tsk);
 	task_lock(tsk);
 	context = audit_get_context(tsk, 1, return_code);
+	loginuid = tsk->loginuid;
 	task_unlock(tsk);
 
 	/* Not having a context here is ok, since the parent may have
@@ -778,7 +774,7 @@ void audit_syscall_exit(struct task_stru
 		return;
 
 	if (context->in_syscall && context->auditable)
-		audit_log_exit(context);
+		audit_log_exit(context, loginuid);
 
 	context->in_syscall = 0;
 	context->auditable  = 0;
@@ -903,12 +899,20 @@ void audit_get_stamp(struct audit_contex
 	}
 }
 
-int audit_set_loginuid(struct audit_context *ctx, uid_t loginuid)
+int audit_set_loginuid(struct task_struct *tsk, uid_t loginuid)
 {
-	if (ctx) {
-		if (loginuid < 0)
-			return -EINVAL;
-		ctx->loginuid = loginuid;
+	struct audit_buffer	*ab;
+
+	ab = audit_log_start(NULL);
+	if (ab) {
+		audit_log_format(ab, "login pid=%d uid=%u old loginuid=%u"
+					" new loginuid=%u",
+				 tsk->pid, tsk->uid, tsk->loginuid, loginuid)
+		ab->type = AUDIT_LOGIN;
+		ab->pid  = pid;
+		audit_log_end(ab);
 	}
+
+	tsk->loginuid = loginuid;
 	return 0;
 }

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]