2 * Creating audit events from TTY input.
4 * Copyright (C) 2007 Red Hat, Inc. All rights reserved. This copyrighted
5 * material is made available to anyone wishing to use, modify, copy, or
6 * redistribute it subject to the terms and conditions of the GNU General
9 * Authors: Miloslav Trmac <mitr@redhat.com>
12 #include <linux/audit.h>
13 #include <linux/slab.h>
14 #include <linux/tty.h>
16 struct tty_audit_buf
{
18 struct mutex mutex
; /* Protects all data below */
19 int major
, minor
; /* The TTY which the data is from */
22 unsigned char *data
; /* Allocated size N_TTY_BUF_SIZE */
25 static struct tty_audit_buf
*tty_audit_buf_alloc(int major
, int minor
,
28 struct tty_audit_buf
*buf
;
30 buf
= kmalloc(sizeof(*buf
), GFP_KERNEL
);
33 buf
->data
= kmalloc(N_TTY_BUF_SIZE
, GFP_KERNEL
);
36 atomic_set(&buf
->count
, 1);
37 mutex_init(&buf
->mutex
);
50 static void tty_audit_buf_free(struct tty_audit_buf
*buf
)
52 WARN_ON(buf
->valid
!= 0);
57 static void tty_audit_buf_put(struct tty_audit_buf
*buf
)
59 if (atomic_dec_and_test(&buf
->count
))
60 tty_audit_buf_free(buf
);
63 static void tty_audit_log(const char *description
, int major
, int minor
,
64 unsigned char *data
, size_t size
)
66 struct audit_buffer
*ab
;
67 struct task_struct
*tsk
= current
;
68 uid_t uid
= from_kuid(&init_user_ns
, task_uid(tsk
));
69 uid_t loginuid
= from_kuid(&init_user_ns
, audit_get_loginuid(tsk
));
70 unsigned int sessionid
= audit_get_sessionid(tsk
);
72 ab
= audit_log_start(NULL
, GFP_KERNEL
, AUDIT_TTY
);
74 char name
[sizeof(tsk
->comm
)];
76 audit_log_format(ab
, "%s pid=%u uid=%u auid=%u ses=%u major=%d"
77 " minor=%d comm=", description
, tsk
->pid
, uid
,
78 loginuid
, sessionid
, major
, minor
);
79 get_task_comm(name
, tsk
);
80 audit_log_untrustedstring(ab
, name
);
81 audit_log_format(ab
, " data=");
82 audit_log_n_hex(ab
, data
, size
);
88 * tty_audit_buf_push - Push buffered data out
90 * Generate an audit message from the contents of @buf, which is owned by
91 * the current task. @buf->mutex must be locked.
93 static void tty_audit_buf_push(struct tty_audit_buf
*buf
)
97 if (audit_enabled
== 0) {
101 tty_audit_log("tty", buf
->major
, buf
->minor
, buf
->data
, buf
->valid
);
106 * tty_audit_exit - Handle a task exit
108 * Make sure all buffered data is written out and deallocate the buffer.
109 * Only needs to be called if current->signal->tty_audit_buf != %NULL.
111 void tty_audit_exit(void)
113 struct tty_audit_buf
*buf
;
115 buf
= current
->signal
->tty_audit_buf
;
116 current
->signal
->tty_audit_buf
= NULL
;
120 mutex_lock(&buf
->mutex
);
121 tty_audit_buf_push(buf
);
122 mutex_unlock(&buf
->mutex
);
124 tty_audit_buf_put(buf
);
128 * tty_audit_fork - Copy TTY audit state for a new task
130 * Set up TTY audit state in @sig from current. @sig needs no locking.
132 void tty_audit_fork(struct signal_struct
*sig
)
134 sig
->audit_tty
= current
->signal
->audit_tty
;
135 sig
->audit_tty_log_passwd
= current
->signal
->audit_tty_log_passwd
;
139 * tty_audit_tiocsti - Log TIOCSTI
141 void tty_audit_tiocsti(struct tty_struct
*tty
, char ch
)
143 struct tty_audit_buf
*buf
;
144 int major
, minor
, should_audit
;
147 spin_lock_irqsave(¤t
->sighand
->siglock
, flags
);
148 should_audit
= current
->signal
->audit_tty
;
149 buf
= current
->signal
->tty_audit_buf
;
151 atomic_inc(&buf
->count
);
152 spin_unlock_irqrestore(¤t
->sighand
->siglock
, flags
);
154 major
= tty
->driver
->major
;
155 minor
= tty
->driver
->minor_start
+ tty
->index
;
157 mutex_lock(&buf
->mutex
);
158 if (buf
->major
== major
&& buf
->minor
== minor
)
159 tty_audit_buf_push(buf
);
160 mutex_unlock(&buf
->mutex
);
161 tty_audit_buf_put(buf
);
164 if (should_audit
&& audit_enabled
) {
166 unsigned int sessionid
;
168 auid
= audit_get_loginuid(current
);
169 sessionid
= audit_get_sessionid(current
);
170 tty_audit_log("ioctl=TIOCSTI", major
, minor
, &ch
, 1);
175 * tty_audit_push_current - Flush current's pending audit data
177 * Try to lock sighand and get a reference to the tty audit buffer if available.
178 * Flush the buffer or return an appropriate error code.
180 int tty_audit_push_current(void)
182 struct tty_audit_buf
*buf
= ERR_PTR(-EPERM
);
183 struct task_struct
*tsk
= current
;
186 if (!lock_task_sighand(tsk
, &flags
))
189 if (tsk
->signal
->audit_tty
) {
190 buf
= tsk
->signal
->tty_audit_buf
;
192 atomic_inc(&buf
->count
);
194 unlock_task_sighand(tsk
, &flags
);
197 * Return 0 when signal->audit_tty set
198 * but tsk->signal->tty_audit_buf == NULL.
200 if (!buf
|| IS_ERR(buf
))
203 mutex_lock(&buf
->mutex
);
204 tty_audit_buf_push(buf
);
205 mutex_unlock(&buf
->mutex
);
207 tty_audit_buf_put(buf
);
212 * tty_audit_buf_get - Get an audit buffer.
214 * Get an audit buffer for @tty, allocate it if necessary. Return %NULL
215 * if TTY auditing is disabled or out of memory. Otherwise, return a new
216 * reference to the buffer.
218 static struct tty_audit_buf
*tty_audit_buf_get(struct tty_struct
*tty
,
221 struct tty_audit_buf
*buf
, *buf2
;
226 spin_lock_irqsave(¤t
->sighand
->siglock
, flags
);
227 if (likely(!current
->signal
->audit_tty
))
229 buf
= current
->signal
->tty_audit_buf
;
231 atomic_inc(&buf
->count
);
234 spin_unlock_irqrestore(¤t
->sighand
->siglock
, flags
);
236 buf2
= tty_audit_buf_alloc(tty
->driver
->major
,
237 tty
->driver
->minor_start
+ tty
->index
,
240 audit_log_lost("out of memory in TTY auditing");
244 spin_lock_irqsave(¤t
->sighand
->siglock
, flags
);
245 if (!current
->signal
->audit_tty
)
247 buf
= current
->signal
->tty_audit_buf
;
249 current
->signal
->tty_audit_buf
= buf2
;
253 atomic_inc(&buf
->count
);
256 spin_unlock_irqrestore(¤t
->sighand
->siglock
, flags
);
258 tty_audit_buf_free(buf2
);
263 * tty_audit_add_data - Add data for TTY auditing.
265 * Audit @data of @size from @tty, if necessary.
267 void tty_audit_add_data(struct tty_struct
*tty
, unsigned char *data
,
268 size_t size
, unsigned icanon
)
270 struct tty_audit_buf
*buf
;
272 int audit_log_tty_passwd
;
275 if (unlikely(size
== 0))
278 spin_lock_irqsave(¤t
->sighand
->siglock
, flags
);
279 audit_log_tty_passwd
= current
->signal
->audit_tty_log_passwd
;
280 spin_unlock_irqrestore(¤t
->sighand
->siglock
, flags
);
281 if (!audit_log_tty_passwd
&& icanon
&& !L_ECHO(tty
))
284 if (tty
->driver
->type
== TTY_DRIVER_TYPE_PTY
285 && tty
->driver
->subtype
== PTY_TYPE_MASTER
)
288 buf
= tty_audit_buf_get(tty
, icanon
);
292 mutex_lock(&buf
->mutex
);
293 major
= tty
->driver
->major
;
294 minor
= tty
->driver
->minor_start
+ tty
->index
;
295 if (buf
->major
!= major
|| buf
->minor
!= minor
296 || buf
->icanon
!= icanon
) {
297 tty_audit_buf_push(buf
);
300 buf
->icanon
= icanon
;
305 run
= N_TTY_BUF_SIZE
- buf
->valid
;
308 memcpy(buf
->data
+ buf
->valid
, data
, run
);
312 if (buf
->valid
== N_TTY_BUF_SIZE
)
313 tty_audit_buf_push(buf
);
315 mutex_unlock(&buf
->mutex
);
316 tty_audit_buf_put(buf
);
320 * tty_audit_push - Push buffered data out
322 * Make sure no audit data is pending for @tty on the current process.
324 void tty_audit_push(struct tty_struct
*tty
)
326 struct tty_audit_buf
*buf
;
329 spin_lock_irqsave(¤t
->sighand
->siglock
, flags
);
330 if (likely(!current
->signal
->audit_tty
)) {
331 spin_unlock_irqrestore(¤t
->sighand
->siglock
, flags
);
334 buf
= current
->signal
->tty_audit_buf
;
336 atomic_inc(&buf
->count
);
337 spin_unlock_irqrestore(¤t
->sighand
->siglock
, flags
);
342 major
= tty
->driver
->major
;
343 minor
= tty
->driver
->minor_start
+ tty
->index
;
344 mutex_lock(&buf
->mutex
);
345 if (buf
->major
== major
&& buf
->minor
== minor
)
346 tty_audit_buf_push(buf
);
347 mutex_unlock(&buf
->mutex
);
348 tty_audit_buf_put(buf
);