2 * Creating audit events from TTY input.
4 * Copyright (C) 2007 Red Hat, Inc. All rights reserved. This copyrighted
5 * material is made available to anyone wishing to use, modify, copy, or
6 * redistribute it subject to the terms and conditions of the GNU General
9 * Authors: Miloslav Trmac <mitr@redhat.com>
12 #include <linux/audit.h>
13 #include <linux/slab.h>
14 #include <linux/tty.h>
16 struct tty_audit_buf
{
18 struct mutex mutex
; /* Protects all data below */
19 int major
, minor
; /* The TTY which the data is from */
22 unsigned char *data
; /* Allocated size N_TTY_BUF_SIZE */
25 static struct tty_audit_buf
*tty_audit_buf_alloc(int major
, int minor
,
28 struct tty_audit_buf
*buf
;
30 buf
= kmalloc(sizeof(*buf
), GFP_KERNEL
);
33 buf
->data
= kmalloc(N_TTY_BUF_SIZE
, GFP_KERNEL
);
36 atomic_set(&buf
->count
, 1);
37 mutex_init(&buf
->mutex
);
50 static void tty_audit_buf_free(struct tty_audit_buf
*buf
)
52 WARN_ON(buf
->valid
!= 0);
57 static void tty_audit_buf_put(struct tty_audit_buf
*buf
)
59 if (atomic_dec_and_test(&buf
->count
))
60 tty_audit_buf_free(buf
);
63 static void tty_audit_log(const char *description
, int major
, int minor
,
64 unsigned char *data
, size_t size
)
66 struct audit_buffer
*ab
;
67 struct task_struct
*tsk
= current
;
68 pid_t pid
= task_pid_nr(tsk
);
69 uid_t uid
= from_kuid(&init_user_ns
, task_uid(tsk
));
70 uid_t loginuid
= from_kuid(&init_user_ns
, audit_get_loginuid(tsk
));
71 unsigned int sessionid
= audit_get_sessionid(tsk
);
73 ab
= audit_log_start(NULL
, GFP_KERNEL
, AUDIT_TTY
);
75 char name
[sizeof(tsk
->comm
)];
77 audit_log_format(ab
, "%s pid=%u uid=%u auid=%u ses=%u major=%d"
78 " minor=%d comm=", description
, pid
, uid
,
79 loginuid
, sessionid
, major
, minor
);
80 get_task_comm(name
, tsk
);
81 audit_log_untrustedstring(ab
, name
);
82 audit_log_format(ab
, " data=");
83 audit_log_n_hex(ab
, data
, size
);
89 * tty_audit_buf_push - Push buffered data out
91 * Generate an audit message from the contents of @buf, which is owned by
92 * the current task. @buf->mutex must be locked.
94 static void tty_audit_buf_push(struct tty_audit_buf
*buf
)
98 if (audit_enabled
== 0) {
102 tty_audit_log("tty", buf
->major
, buf
->minor
, buf
->data
, buf
->valid
);
107 * tty_audit_exit - Handle a task exit
109 * Make sure all buffered data is written out and deallocate the buffer.
110 * Only needs to be called if current->signal->tty_audit_buf != %NULL.
112 void tty_audit_exit(void)
114 struct tty_audit_buf
*buf
;
116 buf
= current
->signal
->tty_audit_buf
;
117 current
->signal
->tty_audit_buf
= NULL
;
121 mutex_lock(&buf
->mutex
);
122 tty_audit_buf_push(buf
);
123 mutex_unlock(&buf
->mutex
);
125 tty_audit_buf_put(buf
);
129 * tty_audit_fork - Copy TTY audit state for a new task
131 * Set up TTY audit state in @sig from current. @sig needs no locking.
133 void tty_audit_fork(struct signal_struct
*sig
)
135 sig
->audit_tty
= current
->signal
->audit_tty
;
136 sig
->audit_tty_log_passwd
= current
->signal
->audit_tty_log_passwd
;
140 * tty_audit_tiocsti - Log TIOCSTI
142 void tty_audit_tiocsti(struct tty_struct
*tty
, char ch
)
144 struct tty_audit_buf
*buf
;
145 int major
, minor
, should_audit
;
148 spin_lock_irqsave(¤t
->sighand
->siglock
, flags
);
149 should_audit
= current
->signal
->audit_tty
;
150 buf
= current
->signal
->tty_audit_buf
;
152 atomic_inc(&buf
->count
);
153 spin_unlock_irqrestore(¤t
->sighand
->siglock
, flags
);
155 major
= tty
->driver
->major
;
156 minor
= tty
->driver
->minor_start
+ tty
->index
;
158 mutex_lock(&buf
->mutex
);
159 if (buf
->major
== major
&& buf
->minor
== minor
)
160 tty_audit_buf_push(buf
);
161 mutex_unlock(&buf
->mutex
);
162 tty_audit_buf_put(buf
);
165 if (should_audit
&& audit_enabled
) {
167 unsigned int sessionid
;
169 auid
= audit_get_loginuid(current
);
170 sessionid
= audit_get_sessionid(current
);
171 tty_audit_log("ioctl=TIOCSTI", major
, minor
, &ch
, 1);
176 * tty_audit_push_current - Flush current's pending audit data
178 * Try to lock sighand and get a reference to the tty audit buffer if available.
179 * Flush the buffer or return an appropriate error code.
181 int tty_audit_push_current(void)
183 struct tty_audit_buf
*buf
= ERR_PTR(-EPERM
);
184 struct task_struct
*tsk
= current
;
187 if (!lock_task_sighand(tsk
, &flags
))
190 if (tsk
->signal
->audit_tty
) {
191 buf
= tsk
->signal
->tty_audit_buf
;
193 atomic_inc(&buf
->count
);
195 unlock_task_sighand(tsk
, &flags
);
198 * Return 0 when signal->audit_tty set
199 * but tsk->signal->tty_audit_buf == NULL.
201 if (!buf
|| IS_ERR(buf
))
204 mutex_lock(&buf
->mutex
);
205 tty_audit_buf_push(buf
);
206 mutex_unlock(&buf
->mutex
);
208 tty_audit_buf_put(buf
);
213 * tty_audit_buf_get - Get an audit buffer.
215 * Get an audit buffer for @tty, allocate it if necessary. Return %NULL
216 * if TTY auditing is disabled or out of memory. Otherwise, return a new
217 * reference to the buffer.
219 static struct tty_audit_buf
*tty_audit_buf_get(struct tty_struct
*tty
,
222 struct tty_audit_buf
*buf
, *buf2
;
227 spin_lock_irqsave(¤t
->sighand
->siglock
, flags
);
228 if (likely(!current
->signal
->audit_tty
))
230 buf
= current
->signal
->tty_audit_buf
;
232 atomic_inc(&buf
->count
);
235 spin_unlock_irqrestore(¤t
->sighand
->siglock
, flags
);
237 buf2
= tty_audit_buf_alloc(tty
->driver
->major
,
238 tty
->driver
->minor_start
+ tty
->index
,
241 audit_log_lost("out of memory in TTY auditing");
245 spin_lock_irqsave(¤t
->sighand
->siglock
, flags
);
246 if (!current
->signal
->audit_tty
)
248 buf
= current
->signal
->tty_audit_buf
;
250 current
->signal
->tty_audit_buf
= buf2
;
254 atomic_inc(&buf
->count
);
257 spin_unlock_irqrestore(¤t
->sighand
->siglock
, flags
);
259 tty_audit_buf_free(buf2
);
264 * tty_audit_add_data - Add data for TTY auditing.
266 * Audit @data of @size from @tty, if necessary.
268 void tty_audit_add_data(struct tty_struct
*tty
, const void *data
,
269 size_t size
, unsigned icanon
)
271 struct tty_audit_buf
*buf
;
273 int audit_log_tty_passwd
;
276 if (unlikely(size
== 0))
279 spin_lock_irqsave(¤t
->sighand
->siglock
, flags
);
280 audit_log_tty_passwd
= current
->signal
->audit_tty_log_passwd
;
281 spin_unlock_irqrestore(¤t
->sighand
->siglock
, flags
);
282 if (!audit_log_tty_passwd
&& icanon
&& !L_ECHO(tty
))
285 if (tty
->driver
->type
== TTY_DRIVER_TYPE_PTY
286 && tty
->driver
->subtype
== PTY_TYPE_MASTER
)
289 buf
= tty_audit_buf_get(tty
, icanon
);
293 mutex_lock(&buf
->mutex
);
294 major
= tty
->driver
->major
;
295 minor
= tty
->driver
->minor_start
+ tty
->index
;
296 if (buf
->major
!= major
|| buf
->minor
!= minor
297 || buf
->icanon
!= icanon
) {
298 tty_audit_buf_push(buf
);
301 buf
->icanon
= icanon
;
306 run
= N_TTY_BUF_SIZE
- buf
->valid
;
309 memcpy(buf
->data
+ buf
->valid
, data
, run
);
313 if (buf
->valid
== N_TTY_BUF_SIZE
)
314 tty_audit_buf_push(buf
);
316 mutex_unlock(&buf
->mutex
);
317 tty_audit_buf_put(buf
);
321 * tty_audit_push - Push buffered data out
323 * Make sure no audit data is pending for @tty on the current process.
325 void tty_audit_push(struct tty_struct
*tty
)
327 struct tty_audit_buf
*buf
;
330 spin_lock_irqsave(¤t
->sighand
->siglock
, flags
);
331 if (likely(!current
->signal
->audit_tty
)) {
332 spin_unlock_irqrestore(¤t
->sighand
->siglock
, flags
);
335 buf
= current
->signal
->tty_audit_buf
;
337 atomic_inc(&buf
->count
);
338 spin_unlock_irqrestore(¤t
->sighand
->siglock
, flags
);
343 major
= tty
->driver
->major
;
344 minor
= tty
->driver
->minor_start
+ tty
->index
;
345 mutex_lock(&buf
->mutex
);
346 if (buf
->major
== major
&& buf
->minor
== minor
)
347 tty_audit_buf_push(buf
);
348 mutex_unlock(&buf
->mutex
);
349 tty_audit_buf_put(buf
);