diff options
| author | Chris Wright <chrisw@osdl.org> | 2005-03-02 19:57:09 -0800 |
|---|---|---|
| committer | Chris Wright <chrisw@osdl.org> | 2005-03-02 19:57:09 -0800 |
| commit | 8fc24098c3df847dff12bb9eccb5a097dbf017eb (patch) | |
| tree | 2f59684b5734fe85a1316815b7e02f817cfcab46 | |
| parent | 2ddc2a53299af6b493e1b19c23b6d8aa654737dc (diff) | |
Inode audit records are currently showing only name, inode, and dev.
The device is calculated incorrectly, and similarly dev based filtering
is broken. Fix device node problems and add some more useful data to
inode audit record -- mode, uid, gid of inode.
Signed-off-by: Chris Wright <chrisw@osdl.org>
| -rw-r--r-- | fs/namei.c | 4 | ||||
| -rw-r--r-- | include/linux/audit.h | 7 | ||||
| -rw-r--r-- | kernel/auditsc.c | 33 |
3 files changed, 27 insertions, 17 deletions
diff --git a/fs/namei.c b/fs/namei.c index 2a6eb450c4db..11f6d3f5a4ac 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -992,9 +992,7 @@ int fastcall path_lookup(const char *name, unsigned int flags, struct nameidata retval = link_path_walk(name, nd); if (unlikely(current->audit_context && nd && nd->dentry && nd->dentry->d_inode)) - audit_inode(name, - nd->dentry->d_inode->i_ino, - nd->dentry->d_inode->i_rdev); + audit_inode(name, nd->dentry->d_inode); return retval; } diff --git a/include/linux/audit.h b/include/linux/audit.h index 2a3c2d39dd8b..cf60cc5b866e 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -131,6 +131,9 @@ struct audit_context; #endif #ifdef CONFIG_AUDITSYSCALL +/* forward decl for audit_inode */ +struct inode; + /* These are defined in auditsc.c */ /* Public API */ extern int audit_alloc(struct task_struct *task); @@ -141,7 +144,7 @@ extern void audit_syscall_entry(struct task_struct *task, extern void audit_syscall_exit(struct task_struct *task, int return_code); extern void audit_getname(const char *name); extern void audit_putname(const char *name); -extern void audit_inode(const char *name, unsigned long ino, dev_t rdev); +extern void audit_inode(const char *name, const struct inode *inode); /* Private API (for audit.c only) */ extern int audit_receive_filter(int type, int pid, int uid, int seq, @@ -158,7 +161,7 @@ extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mo #define audit_syscall_exit(t,r) do { ; } while (0) #define audit_getname(n) do { ; } while (0) #define audit_putname(n) do { ; } while (0) -#define audit_inode(n,i,d) do { ; } while (0) +#define audit_inode(n,i) do { ; } while (0) #define audit_get_loginuid(c) ({ -1; }) #define audit_ipc_perms(q,u,g,m) ({ 0; }) #endif diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 2697461a994b..cb41fb4555b6 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -89,6 +89,10 @@ enum audit_state { struct audit_names { const char *name; unsigned long ino; + dev_t dev; + umode_t mode; + uid_t uid; + gid_t gid; dev_t rdev; }; @@ -356,7 +360,7 @@ static int audit_filter_rules(struct task_struct *tsk, case AUDIT_DEVMAJOR: if (ctx) { for (j = 0; j < ctx->name_count; j++) { - if (MAJOR(ctx->names[j].rdev)==value) { + if (MAJOR(ctx->names[j].dev)==value) { ++result; break; } @@ -366,7 +370,7 @@ static int audit_filter_rules(struct task_struct *tsk, case AUDIT_DEVMINOR: if (ctx) { for (j = 0; j < ctx->name_count; j++) { - if (MINOR(ctx->names[j].rdev)==value) { + if (MINOR(ctx->names[j].dev)==value) { ++result; break; } @@ -668,12 +672,14 @@ static void audit_log_exit(struct audit_context *context) audit_log_format(ab, " name=%s", context->names[i].name); if (context->names[i].ino != (unsigned long)-1) - audit_log_format(ab, " inode=%lu", - context->names[i].ino); - /* FIXME: should use format_dev_t, but ab structure is - * opaque. */ - if (context->names[i].rdev != -1) - audit_log_format(ab, " dev=%02x:%02x", + audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#o" + " uid=%d gid=%d rdev=%02x:%02x", + context->names[i].ino, + MAJOR(context->names[i].dev), + MINOR(context->names[i].dev), + context->names[i].mode, + context->names[i].uid, + context->names[i].gid, MAJOR(context->names[i].rdev), MINOR(context->names[i].rdev)); audit_log_end(ab); @@ -867,7 +873,6 @@ void audit_getname(const char *name) BUG_ON(context->name_count >= AUDIT_NAMES); context->names[context->name_count].name = name; context->names[context->name_count].ino = (unsigned long)-1; - context->names[context->name_count].rdev = -1; ++context->name_count; } @@ -913,7 +918,7 @@ void audit_putname(const char *name) /* Store the inode and device from a lookup. Called from * fs/namei.c:path_lookup(). */ -void audit_inode(const char *name, unsigned long ino, dev_t rdev) +void audit_inode(const char *name, const struct inode *inode) { int idx; struct audit_context *context = current->audit_context; @@ -939,8 +944,12 @@ void audit_inode(const char *name, unsigned long ino, dev_t rdev) ++context->ino_count; #endif } - context->names[idx].ino = ino; - context->names[idx].rdev = rdev; + context->names[idx].ino = inode->i_ino; + context->names[idx].dev = inode->i_sb->s_dev; + context->names[idx].mode = inode->i_mode; + context->names[idx].uid = inode->i_uid; + context->names[idx].gid = inode->i_gid; + context->names[idx].rdev = inode->i_rdev; } void audit_get_stamp(struct audit_context *ctx, |