[AUDIT] LOGIN message credentials

Attached is a new patch that solves the issue of getting valid credentials
into the LOGIN message. The current code was assuming that the audit context
had already been copied. This is not always the case for LOGIN messages.

To solve the problem, the patch passes the task struct to the function that
emits the message where it can get valid credentials.

Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/fs/proc/base.c b/fs/proc/base.c
index 39fd336cfdb9ca68c354a22f432e74c63a9bf732..57554bfbed79296f7f2a65b24b425745f87cfaad 100644 (file)
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -820,7 +820,7 @@ static ssize_t proc_loginuid_write(struct file * file, const char __user * buf,
                goto out_free_page;
 
        }
-       length = audit_set_loginuid(task->audit_context, loginuid);
+       length = audit_set_loginuid(task, loginuid);
        if (likely(length == 0))
                length = count;
 

diff --git a/include/linux/audit.h b/include/linux/audit.h
index 19f214230fec90b31c79d3c02c753582b6a0cc37..19f04b04979878ffcfa2706a9acb98421537226d 100644 (file)
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -187,7 +187,7 @@ extern int  audit_receive_filter(int type, int pid, int uid, int seq,
                                 void *data, uid_t loginuid);
 extern void audit_get_stamp(struct audit_context *ctx,
                            struct timespec *t, unsigned int *serial);
-extern int  audit_set_loginuid(struct audit_context *ctx, uid_t loginuid);
+extern int  audit_set_loginuid(struct task_struct *task, uid_t loginuid);
 extern uid_t audit_get_loginuid(struct audit_context *ctx);
 extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode);
 #else

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 66148f81d7836fb66f44bca5dd97173903d378be..37b3ac94bc47492d026ae697cc92b1d4ddd70bd5 100644 (file)
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1010,20 +1010,21 @@ void audit_get_stamp(struct audit_context *ctx,
 
 extern int audit_set_type(struct audit_buffer *ab, int type);
 
-int audit_set_loginuid(struct audit_context *ctx, uid_t loginuid)
+int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
 {
-       if (ctx) {
+       if (task->audit_context) {
                struct audit_buffer *ab;
 
                ab = audit_log_start(NULL);
                if (ab) {
                        audit_log_format(ab, "login pid=%d uid=%u "
                                "old loginuid=%u new loginuid=%u",
-                               ctx->pid, ctx->uid, ctx->loginuid, loginuid);
+                               task->pid, task->uid, 
+                               task->audit_context->loginuid, loginuid);
                        audit_set_type(ab, AUDIT_LOGIN);
                        audit_log_end(ab);
                }
-               ctx->loginuid = loginuid;
+               task->audit_context->loginuid = loginuid;
        }
        return 0;
 }