2 * Creating audit events from TTY input.
4 * Copyright (C) 2007 Red Hat, Inc. All rights reserved. This copyrighted
5 * material is made available to anyone wishing to use, modify, copy, or
6 * redistribute it subject to the terms and conditions of the GNU General
9 * Authors: Miloslav Trmac <mitr@redhat.com>
12 #include <linux/audit.h>
13 #include <linux/slab.h>
14 #include <linux/tty.h>
16 struct tty_audit_buf
{
18 struct mutex mutex
; /* Protects all data below */
19 int major
, minor
; /* The TTY which the data is from */
22 unsigned char *data
; /* Allocated size N_TTY_BUF_SIZE */
25 static struct tty_audit_buf
*tty_audit_buf_alloc(int major
, int minor
,
28 struct tty_audit_buf
*buf
;
30 buf
= kmalloc(sizeof(*buf
), GFP_KERNEL
);
33 buf
->data
= kmalloc(N_TTY_BUF_SIZE
, GFP_KERNEL
);
36 atomic_set(&buf
->count
, 1);
37 mutex_init(&buf
->mutex
);
50 static void tty_audit_buf_free(struct tty_audit_buf
*buf
)
52 WARN_ON(buf
->valid
!= 0);
57 static void tty_audit_buf_put(struct tty_audit_buf
*buf
)
59 if (atomic_dec_and_test(&buf
->count
))
60 tty_audit_buf_free(buf
);
63 static void tty_audit_log(const char *description
, struct task_struct
*tsk
,
64 uid_t loginuid
, unsigned sessionid
, int major
,
65 int minor
, unsigned char *data
, size_t size
)
67 struct audit_buffer
*ab
;
69 ab
= audit_log_start(NULL
, GFP_KERNEL
, AUDIT_TTY
);
71 char name
[sizeof(tsk
->comm
)];
72 uid_t uid
= task_uid(tsk
);
74 audit_log_format(ab
, "%s pid=%u uid=%u auid=%u ses=%u "
75 "major=%d minor=%d comm=", description
,
76 tsk
->pid
, uid
, loginuid
, sessionid
,
78 get_task_comm(name
, tsk
);
79 audit_log_untrustedstring(ab
, name
);
80 audit_log_format(ab
, " data=");
81 audit_log_n_hex(ab
, data
, size
);
87 * tty_audit_buf_push - Push buffered data out
89 * Generate an audit message from the contents of @buf, which is owned by
90 * @tsk with @loginuid. @buf->mutex must be locked.
92 static void tty_audit_buf_push(struct task_struct
*tsk
, uid_t loginuid
,
93 unsigned int sessionid
,
94 struct tty_audit_buf
*buf
)
98 if (audit_enabled
== 0)
100 tty_audit_log("tty", tsk
, loginuid
, sessionid
, buf
->major
, buf
->minor
,
101 buf
->data
, buf
->valid
);
106 * tty_audit_buf_push_current - Push buffered data out
108 * Generate an audit message from the contents of @buf, which is owned by
109 * the current task. @buf->mutex must be locked.
111 static void tty_audit_buf_push_current(struct tty_audit_buf
*buf
)
113 uid_t auid
= audit_get_loginuid(current
);
114 unsigned int sessionid
= audit_get_sessionid(current
);
115 tty_audit_buf_push(current
, auid
, sessionid
, buf
);
119 * tty_audit_exit - Handle a task exit
121 * Make sure all buffered data is written out and deallocate the buffer.
122 * Only needs to be called if current->signal->tty_audit_buf != %NULL.
124 void tty_audit_exit(void)
126 struct tty_audit_buf
*buf
;
128 spin_lock_irq(¤t
->sighand
->siglock
);
129 buf
= current
->signal
->tty_audit_buf
;
130 current
->signal
->tty_audit_buf
= NULL
;
131 spin_unlock_irq(¤t
->sighand
->siglock
);
135 mutex_lock(&buf
->mutex
);
136 tty_audit_buf_push_current(buf
);
137 mutex_unlock(&buf
->mutex
);
139 tty_audit_buf_put(buf
);
143 * tty_audit_fork - Copy TTY audit state for a new task
145 * Set up TTY audit state in @sig from current. @sig needs no locking.
147 void tty_audit_fork(struct signal_struct
*sig
)
149 spin_lock_irq(¤t
->sighand
->siglock
);
150 sig
->audit_tty
= current
->signal
->audit_tty
;
151 spin_unlock_irq(¤t
->sighand
->siglock
);
155 * tty_audit_tiocsti - Log TIOCSTI
157 void tty_audit_tiocsti(struct tty_struct
*tty
, char ch
)
159 struct tty_audit_buf
*buf
;
160 int major
, minor
, should_audit
;
162 spin_lock_irq(¤t
->sighand
->siglock
);
163 should_audit
= current
->signal
->audit_tty
;
164 buf
= current
->signal
->tty_audit_buf
;
166 atomic_inc(&buf
->count
);
167 spin_unlock_irq(¤t
->sighand
->siglock
);
169 major
= tty
->driver
->major
;
170 minor
= tty
->driver
->minor_start
+ tty
->index
;
172 mutex_lock(&buf
->mutex
);
173 if (buf
->major
== major
&& buf
->minor
== minor
)
174 tty_audit_buf_push_current(buf
);
175 mutex_unlock(&buf
->mutex
);
176 tty_audit_buf_put(buf
);
179 if (should_audit
&& audit_enabled
) {
181 unsigned int sessionid
;
183 auid
= audit_get_loginuid(current
);
184 sessionid
= audit_get_sessionid(current
);
185 tty_audit_log("ioctl=TIOCSTI", current
, auid
, sessionid
, major
,
191 * tty_audit_push_task - Flush task's pending audit data
193 * @loginuid: sender login uid
194 * @sessionid: sender session id
196 * Called with a ref on @tsk held. Try to lock sighand and get a
197 * reference to the tty audit buffer if available.
198 * Flush the buffer or return an appropriate error code.
200 int tty_audit_push_task(struct task_struct
*tsk
, uid_t loginuid
, u32 sessionid
)
202 struct tty_audit_buf
*buf
= ERR_PTR(-EPERM
);
205 if (!lock_task_sighand(tsk
, &flags
))
208 if (tsk
->signal
->audit_tty
) {
209 buf
= tsk
->signal
->tty_audit_buf
;
211 atomic_inc(&buf
->count
);
213 unlock_task_sighand(tsk
, &flags
);
216 * Return 0 when signal->audit_tty set
217 * but tsk->signal->tty_audit_buf == NULL.
219 if (!buf
|| IS_ERR(buf
))
222 mutex_lock(&buf
->mutex
);
223 tty_audit_buf_push(tsk
, loginuid
, sessionid
, buf
);
224 mutex_unlock(&buf
->mutex
);
226 tty_audit_buf_put(buf
);
231 * tty_audit_buf_get - Get an audit buffer.
233 * Get an audit buffer for @tty, allocate it if necessary. Return %NULL
234 * if TTY auditing is disabled or out of memory. Otherwise, return a new
235 * reference to the buffer.
237 static struct tty_audit_buf
*tty_audit_buf_get(struct tty_struct
*tty
)
239 struct tty_audit_buf
*buf
, *buf2
;
243 spin_lock_irq(¤t
->sighand
->siglock
);
244 if (likely(!current
->signal
->audit_tty
))
246 buf
= current
->signal
->tty_audit_buf
;
248 atomic_inc(&buf
->count
);
251 spin_unlock_irq(¤t
->sighand
->siglock
);
253 buf2
= tty_audit_buf_alloc(tty
->driver
->major
,
254 tty
->driver
->minor_start
+ tty
->index
,
257 audit_log_lost("out of memory in TTY auditing");
261 spin_lock_irq(¤t
->sighand
->siglock
);
262 if (!current
->signal
->audit_tty
)
264 buf
= current
->signal
->tty_audit_buf
;
266 current
->signal
->tty_audit_buf
= buf2
;
270 atomic_inc(&buf
->count
);
273 spin_unlock_irq(¤t
->sighand
->siglock
);
275 tty_audit_buf_free(buf2
);
280 * tty_audit_add_data - Add data for TTY auditing.
282 * Audit @data of @size from @tty, if necessary.
284 void tty_audit_add_data(struct tty_struct
*tty
, unsigned char *data
,
287 struct tty_audit_buf
*buf
;
290 if (unlikely(size
== 0))
293 if (tty
->driver
->type
== TTY_DRIVER_TYPE_PTY
294 && tty
->driver
->subtype
== PTY_TYPE_MASTER
)
297 buf
= tty_audit_buf_get(tty
);
301 mutex_lock(&buf
->mutex
);
302 major
= tty
->driver
->major
;
303 minor
= tty
->driver
->minor_start
+ tty
->index
;
304 if (buf
->major
!= major
|| buf
->minor
!= minor
305 || buf
->icanon
!= tty
->icanon
) {
306 tty_audit_buf_push_current(buf
);
309 buf
->icanon
= tty
->icanon
;
314 run
= N_TTY_BUF_SIZE
- buf
->valid
;
317 memcpy(buf
->data
+ buf
->valid
, data
, run
);
321 if (buf
->valid
== N_TTY_BUF_SIZE
)
322 tty_audit_buf_push_current(buf
);
324 mutex_unlock(&buf
->mutex
);
325 tty_audit_buf_put(buf
);
329 * tty_audit_push - Push buffered data out
331 * Make sure no audit data is pending for @tty on the current process.
333 void tty_audit_push(struct tty_struct
*tty
)
335 struct tty_audit_buf
*buf
;
337 spin_lock_irq(¤t
->sighand
->siglock
);
338 if (likely(!current
->signal
->audit_tty
)) {
339 spin_unlock_irq(¤t
->sighand
->siglock
);
342 buf
= current
->signal
->tty_audit_buf
;
344 atomic_inc(&buf
->count
);
345 spin_unlock_irq(¤t
->sighand
->siglock
);
350 major
= tty
->driver
->major
;
351 minor
= tty
->driver
->minor_start
+ tty
->index
;
352 mutex_lock(&buf
->mutex
);
353 if (buf
->major
== major
&& buf
->minor
== minor
)
354 tty_audit_buf_push_current(buf
);
355 mutex_unlock(&buf
->mutex
);
356 tty_audit_buf_put(buf
);