]>
git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - drivers/tty/tty_audit.c
2 * Creating audit events from TTY input.
4 * Copyright (C) 2007 Red Hat, Inc. All rights reserved. This copyrighted
5 * material is made available to anyone wishing to use, modify, copy, or
6 * redistribute it subject to the terms and conditions of the GNU General
9 * Authors: Miloslav Trmac <mitr@redhat.com>
12 #include <linux/audit.h>
13 #include <linux/slab.h>
14 #include <linux/tty.h>
16 struct tty_audit_buf
{
18 struct mutex mutex
; /* Protects all data below */
19 int major
, minor
; /* The TTY which the data is from */
22 unsigned char *data
; /* Allocated size N_TTY_BUF_SIZE */
25 static struct tty_audit_buf
*tty_audit_buf_alloc(void)
27 struct tty_audit_buf
*buf
;
29 buf
= kmalloc(sizeof(*buf
), GFP_KERNEL
);
32 buf
->data
= kmalloc(N_TTY_BUF_SIZE
, GFP_KERNEL
);
35 atomic_set(&buf
->count
, 1);
36 mutex_init(&buf
->mutex
);
49 static void tty_audit_buf_free(struct tty_audit_buf
*buf
)
51 WARN_ON(buf
->valid
!= 0);
56 static void tty_audit_buf_put(struct tty_audit_buf
*buf
)
58 if (atomic_dec_and_test(&buf
->count
))
59 tty_audit_buf_free(buf
);
62 static void tty_audit_log(const char *description
, int major
, int minor
,
63 unsigned char *data
, size_t size
)
65 struct audit_buffer
*ab
;
66 struct task_struct
*tsk
= current
;
67 pid_t pid
= task_pid_nr(tsk
);
68 uid_t uid
= from_kuid(&init_user_ns
, task_uid(tsk
));
69 uid_t loginuid
= from_kuid(&init_user_ns
, audit_get_loginuid(tsk
));
70 unsigned int sessionid
= audit_get_sessionid(tsk
);
72 ab
= audit_log_start(NULL
, GFP_KERNEL
, AUDIT_TTY
);
74 char name
[sizeof(tsk
->comm
)];
76 audit_log_format(ab
, "%s pid=%u uid=%u auid=%u ses=%u major=%d"
77 " minor=%d comm=", description
, pid
, uid
,
78 loginuid
, sessionid
, major
, minor
);
79 get_task_comm(name
, tsk
);
80 audit_log_untrustedstring(ab
, name
);
81 audit_log_format(ab
, " data=");
82 audit_log_n_hex(ab
, data
, size
);
88 * tty_audit_buf_push - Push buffered data out
90 * Generate an audit message from the contents of @buf, which is owned by
91 * the current task. @buf->mutex must be locked.
93 static void tty_audit_buf_push(struct tty_audit_buf
*buf
)
97 if (audit_enabled
== 0) {
101 tty_audit_log("tty", buf
->major
, buf
->minor
, buf
->data
, buf
->valid
);
106 * tty_audit_exit - Handle a task exit
108 * Make sure all buffered data is written out and deallocate the buffer.
109 * Only needs to be called if current->signal->tty_audit_buf != %NULL.
111 void tty_audit_exit(void)
113 struct tty_audit_buf
*buf
;
115 buf
= current
->signal
->tty_audit_buf
;
116 current
->signal
->tty_audit_buf
= NULL
;
120 mutex_lock(&buf
->mutex
);
121 tty_audit_buf_push(buf
);
122 mutex_unlock(&buf
->mutex
);
124 tty_audit_buf_put(buf
);
128 * tty_audit_fork - Copy TTY audit state for a new task
130 * Set up TTY audit state in @sig from current. @sig needs no locking.
132 void tty_audit_fork(struct signal_struct
*sig
)
134 sig
->audit_tty
= current
->signal
->audit_tty
;
135 sig
->audit_tty_log_passwd
= current
->signal
->audit_tty_log_passwd
;
139 * tty_audit_tiocsti - Log TIOCSTI
141 void tty_audit_tiocsti(struct tty_struct
*tty
, char ch
)
143 struct tty_audit_buf
*buf
;
144 int major
, minor
, should_audit
;
147 spin_lock_irqsave(¤t
->sighand
->siglock
, flags
);
148 should_audit
= current
->signal
->audit_tty
;
149 buf
= current
->signal
->tty_audit_buf
;
151 atomic_inc(&buf
->count
);
152 spin_unlock_irqrestore(¤t
->sighand
->siglock
, flags
);
154 major
= tty
->driver
->major
;
155 minor
= tty
->driver
->minor_start
+ tty
->index
;
157 mutex_lock(&buf
->mutex
);
158 if (buf
->major
== major
&& buf
->minor
== minor
)
159 tty_audit_buf_push(buf
);
160 mutex_unlock(&buf
->mutex
);
161 tty_audit_buf_put(buf
);
164 if (should_audit
&& audit_enabled
) {
166 unsigned int sessionid
;
168 auid
= audit_get_loginuid(current
);
169 sessionid
= audit_get_sessionid(current
);
170 tty_audit_log("ioctl=TIOCSTI", major
, minor
, &ch
, 1);
175 * tty_audit_push_current - Flush current's pending audit data
177 * Try to lock sighand and get a reference to the tty audit buffer if available.
178 * Flush the buffer or return an appropriate error code.
180 int tty_audit_push_current(void)
182 struct tty_audit_buf
*buf
= ERR_PTR(-EPERM
);
183 struct task_struct
*tsk
= current
;
186 if (!lock_task_sighand(tsk
, &flags
))
189 if (tsk
->signal
->audit_tty
) {
190 buf
= tsk
->signal
->tty_audit_buf
;
192 atomic_inc(&buf
->count
);
194 unlock_task_sighand(tsk
, &flags
);
197 * Return 0 when signal->audit_tty set
198 * but tsk->signal->tty_audit_buf == NULL.
200 if (!buf
|| IS_ERR(buf
))
203 mutex_lock(&buf
->mutex
);
204 tty_audit_buf_push(buf
);
205 mutex_unlock(&buf
->mutex
);
207 tty_audit_buf_put(buf
);
212 * tty_audit_buf_get - Get an audit buffer.
214 * Get an audit buffer, allocate it if necessary. Return %NULL
215 * if TTY auditing is disabled or out of memory. Otherwise, return a new
216 * reference to the buffer.
218 static struct tty_audit_buf
*tty_audit_buf_get(void)
220 struct tty_audit_buf
*buf
, *buf2
;
225 spin_lock_irqsave(¤t
->sighand
->siglock
, flags
);
226 if (likely(!current
->signal
->audit_tty
))
228 buf
= current
->signal
->tty_audit_buf
;
230 atomic_inc(&buf
->count
);
233 spin_unlock_irqrestore(¤t
->sighand
->siglock
, flags
);
235 buf2
= tty_audit_buf_alloc();
237 audit_log_lost("out of memory in TTY auditing");
241 spin_lock_irqsave(¤t
->sighand
->siglock
, flags
);
242 if (!current
->signal
->audit_tty
)
244 buf
= current
->signal
->tty_audit_buf
;
246 current
->signal
->tty_audit_buf
= buf2
;
250 atomic_inc(&buf
->count
);
253 spin_unlock_irqrestore(¤t
->sighand
->siglock
, flags
);
255 tty_audit_buf_free(buf2
);
260 * tty_audit_add_data - Add data for TTY auditing.
262 * Audit @data of @size from @tty, if necessary.
264 void tty_audit_add_data(struct tty_struct
*tty
, const void *data
, size_t size
)
266 struct tty_audit_buf
*buf
;
268 int audit_log_tty_passwd
;
270 unsigned int icanon
= !!L_ICANON(tty
);
272 if (unlikely(size
== 0))
275 if (tty
->driver
->type
== TTY_DRIVER_TYPE_PTY
276 && tty
->driver
->subtype
== PTY_TYPE_MASTER
)
279 spin_lock_irqsave(¤t
->sighand
->siglock
, flags
);
280 audit_log_tty_passwd
= current
->signal
->audit_tty_log_passwd
;
281 spin_unlock_irqrestore(¤t
->sighand
->siglock
, flags
);
282 if (!audit_log_tty_passwd
&& icanon
&& !L_ECHO(tty
))
285 buf
= tty_audit_buf_get();
289 mutex_lock(&buf
->mutex
);
290 major
= tty
->driver
->major
;
291 minor
= tty
->driver
->minor_start
+ tty
->index
;
292 if (buf
->major
!= major
|| buf
->minor
!= minor
293 || buf
->icanon
!= icanon
) {
294 tty_audit_buf_push(buf
);
297 buf
->icanon
= icanon
;
302 run
= N_TTY_BUF_SIZE
- buf
->valid
;
305 memcpy(buf
->data
+ buf
->valid
, data
, run
);
309 if (buf
->valid
== N_TTY_BUF_SIZE
)
310 tty_audit_buf_push(buf
);
312 mutex_unlock(&buf
->mutex
);
313 tty_audit_buf_put(buf
);
317 * tty_audit_push - Push buffered data out
319 * Make sure no audit data is pending for @tty on the current process.
321 void tty_audit_push(struct tty_struct
*tty
)
323 struct tty_audit_buf
*buf
;
326 spin_lock_irqsave(¤t
->sighand
->siglock
, flags
);
327 if (likely(!current
->signal
->audit_tty
)) {
328 spin_unlock_irqrestore(¤t
->sighand
->siglock
, flags
);
331 buf
= current
->signal
->tty_audit_buf
;
333 atomic_inc(&buf
->count
);
334 spin_unlock_irqrestore(¤t
->sighand
->siglock
, flags
);
339 major
= tty
->driver
->major
;
340 minor
= tty
->driver
->minor_start
+ tty
->index
;
341 mutex_lock(&buf
->mutex
);
342 if (buf
->major
== major
&& buf
->minor
== minor
)
343 tty_audit_buf_push(buf
);
344 mutex_unlock(&buf
->mutex
);
345 tty_audit_buf_put(buf
);