Received: by 10.213.65.68 with SMTP id h4csp740814imn; Fri, 6 Apr 2018 08:08:10 -0700 (PDT) X-Google-Smtp-Source: AIpwx48IWTMMRPBgAgwx5UXP/PrKGfMkp7o/u3rdkH4XMOh/oBLqxhO2e7M4MpIESg6Cmq5NCd27 X-Received: by 10.167.128.194 with SMTP id a2mr2804372pfn.130.1523027290548; Fri, 06 Apr 2018 08:08:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523027290; cv=none; d=google.com; s=arc-20160816; b=QIbUtjMJoas9qOC9Rn7hlLal8roqxCzAmGxni0IpSE/pSPQd1vvVEth5kaskFSShjA Gb1br60kPi/dbyXOCUQyEwjgHncDoHT5jjGpA/GKb6qHEyS7cpacw6gSLgFChTnrWjkG 7mV0pYgCVGqUEz1eP/DqDM3hWmRUxQ//GbeQYeAK34Y+7hLKkzsty+juUq6vDmj1uxu1 Z+8Yo6IK8LJ5vxGAGamjDpkzw4eK/9Zq0zOTRcbJaBShscsIDtZs2r8HrEjzVD0wMJEp h/WwonK6duwls7EvUAbcsDmtGHuVIlabc1Yw6buB7lajrBBiDKhU3CqvcZjrMnNOq3w/ cTLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=PqiBAEN1O1mq2cJ9MoKlbesr9fQHjZxxl/lKR+YAQPM=; b=U6u3GmLxwf4cIJ5C32eugxyGpI8JADh7HZgqUdQsw9R3uioSnKPu5sOKItbjg+hlQ2 tnQEYTrwWm3TT66e++G9zaGymzyk7ZjsyO4Y46taG41Os31eCrJxSgKXePCvcEqGEWvj KIc3o8Ua5plVCYfAWcR8eBxUh3H3an0Oin+w10sE8AiEfLlFZdv3dgOgP7gA0idW6DfK OmUhf1gaNzUjSGnX6gUBZ9tGCC7cXZ+ZLZoLlzwq/noV/YqDtZmOrDrsEsvVGzFB03kC if9gOl0JD0yeqj39mxxjyjp+fDaQYen2wqGX94kJXBPGnw3VX62e6PzW/JlNEUrL8RI+ VN4A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h8-v6si8624148plt.131.2018.04.06.08.07.56; Fri, 06 Apr 2018 08:08:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754789AbeDFNaK (ORCPT + 99 others); Fri, 6 Apr 2018 09:30:10 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:56012 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754775AbeDFNaE (ORCPT ); Fri, 6 Apr 2018 09:30:04 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 435CAD55; Fri, 6 Apr 2018 13:30:03 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Richard Guy Briggs , Paul Moore Subject: [PATCH 4.4 24/72] audit: add tty field to LOGIN event Date: Fri, 6 Apr 2018 15:23:25 +0200 Message-Id: <20180406084307.173351538@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180406084305.210085169@linuxfoundation.org> References: <20180406084305.210085169@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Richard Guy Briggs commit db0a6fb5d97afe01fd9c47d37c6daa82d4d4001d upstream. The tty field was missing from AUDIT_LOGIN events. Refactor code to create a new function audit_get_tty(), using it to replace the call in audit_log_task_info() and to add it to audit_log_set_loginuid(). Lock and bump the kref to protect it, adding audit_put_tty() alias to decrement it. Signed-off-by: Richard Guy Briggs Signed-off-by: Paul Moore Signed-off-by: Greg Kroah-Hartman --- include/linux/audit.h | 24 ++++++++++++++++++++++++ kernel/audit.c | 18 +++++------------- kernel/auditsc.c | 8 ++++++-- 3 files changed, 35 insertions(+), 15 deletions(-) --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -26,6 +26,7 @@ #include #include #include +#include #define AUDIT_INO_UNSET ((unsigned long)-1) #define AUDIT_DEV_UNSET ((dev_t)-1) @@ -239,6 +240,23 @@ static inline unsigned int audit_get_ses return tsk->sessionid; } +static inline struct tty_struct *audit_get_tty(struct task_struct *tsk) +{ + struct tty_struct *tty = NULL; + unsigned long flags; + + spin_lock_irqsave(&tsk->sighand->siglock, flags); + if (tsk->signal) + tty = tty_kref_get(tsk->signal->tty); + spin_unlock_irqrestore(&tsk->sighand->siglock, flags); + return tty; +} + +static inline void audit_put_tty(struct tty_struct *tty) +{ + tty_kref_put(tty); +} + extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode); extern void __audit_bprm(struct linux_binprm *bprm); @@ -410,6 +428,12 @@ static inline unsigned int audit_get_ses { return -1; } +static inline struct tty_struct *audit_get_tty(struct task_struct *tsk) +{ + return NULL; +} +static inline void audit_put_tty(struct tty_struct *tty) +{ } static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) { } static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, --- a/kernel/audit.c +++ b/kernel/audit.c @@ -64,7 +64,6 @@ #include #endif #include -#include #include #include @@ -1876,21 +1875,14 @@ void audit_log_task_info(struct audit_bu { const struct cred *cred; char comm[sizeof(tsk->comm)]; - char *tty; + struct tty_struct *tty; if (!ab) return; /* tsk == current */ cred = current_cred(); - - spin_lock_irq(&tsk->sighand->siglock); - if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name) - tty = tsk->signal->tty->name; - else - tty = "(none)"; - spin_unlock_irq(&tsk->sighand->siglock); - + tty = audit_get_tty(tsk); audit_log_format(ab, " ppid=%d pid=%d auid=%u uid=%u gid=%u" " euid=%u suid=%u fsuid=%u" @@ -1906,11 +1898,11 @@ void audit_log_task_info(struct audit_bu from_kgid(&init_user_ns, cred->egid), from_kgid(&init_user_ns, cred->sgid), from_kgid(&init_user_ns, cred->fsgid), - tty, audit_get_sessionid(tsk)); - + tty ? tty_name(tty) : "(none)", + audit_get_sessionid(tsk)); + audit_put_tty(tty); audit_log_format(ab, " comm="); audit_log_untrustedstring(ab, get_task_comm(comm, tsk)); - audit_log_d_path_exe(ab, tsk->mm); audit_log_task_context(ab); } --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1976,6 +1976,7 @@ static void audit_log_set_loginuid(kuid_ { struct audit_buffer *ab; uid_t uid, oldloginuid, loginuid; + struct tty_struct *tty; if (!audit_enabled) return; @@ -1983,14 +1984,17 @@ static void audit_log_set_loginuid(kuid_ uid = from_kuid(&init_user_ns, task_uid(current)); oldloginuid = from_kuid(&init_user_ns, koldloginuid); loginuid = from_kuid(&init_user_ns, kloginuid), + tty = audit_get_tty(current); ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN); if (!ab) return; audit_log_format(ab, "pid=%d uid=%u", task_pid_nr(current), uid); audit_log_task_context(ab); - audit_log_format(ab, " old-auid=%u auid=%u old-ses=%u ses=%u res=%d", - oldloginuid, loginuid, oldsessionid, sessionid, !rc); + audit_log_format(ab, " old-auid=%u auid=%u tty=%s old-ses=%u ses=%u res=%d", + oldloginuid, loginuid, tty ? tty_name(tty) : "(none)", + oldsessionid, sessionid, !rc); + audit_put_tty(tty); audit_log_end(ab); }