2 * Creating audit events from TTY input.
4 * Copyright (C) 2007 Red Hat, Inc. All rights reserved. This copyrighted
5 * material is made available to anyone wishing to use, modify, copy, or
6 * redistribute it subject to the terms and conditions of the GNU General
9 * Authors: Miloslav Trmac <mitr@redhat.com>
12 #include <linux/audit.h>
13 #include <linux/tty.h>
15 struct tty_audit_buf {
17 struct mutex mutex; /* Protects all data below */
18 int major, minor; /* The TTY which the data is from */
21 unsigned char *data; /* Allocated size N_TTY_BUF_SIZE */
24 static struct tty_audit_buf *tty_audit_buf_alloc(int major, int minor,
27 struct tty_audit_buf *buf;
29 buf = kmalloc(sizeof(*buf), GFP_KERNEL);
32 if (PAGE_SIZE != N_TTY_BUF_SIZE)
33 buf->data = kmalloc(N_TTY_BUF_SIZE, GFP_KERNEL);
35 buf->data = (unsigned char *)__get_free_page(GFP_KERNEL);
38 atomic_set(&buf->count, 1);
39 mutex_init(&buf->mutex);
52 static void tty_audit_buf_free(struct tty_audit_buf *buf)
54 WARN_ON(buf->valid != 0);
55 if (PAGE_SIZE != N_TTY_BUF_SIZE)
58 free_page((unsigned long)buf->data);
62 static void tty_audit_buf_put(struct tty_audit_buf *buf)
64 if (atomic_dec_and_test(&buf->count))
65 tty_audit_buf_free(buf);
68 static void tty_audit_log(const char *description, struct task_struct *tsk,
69 uid_t loginuid, unsigned sessionid, int major,
70 int minor, unsigned char *data, size_t size)
72 struct audit_buffer *ab;
74 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY);
76 char name[sizeof(tsk->comm)];
77 uid_t uid = task_uid(tsk);
79 audit_log_format(ab, "%s pid=%u uid=%u auid=%u ses=%u "
80 "major=%d minor=%d comm=", description,
81 tsk->pid, uid, loginuid, sessionid,
83 get_task_comm(name, tsk);
84 audit_log_untrustedstring(ab, name);
85 audit_log_format(ab, " data=");
86 audit_log_n_hex(ab, data, size);
92 * tty_audit_buf_push - Push buffered data out
94 * Generate an audit message from the contents of @buf, which is owned by
95 * @tsk with @loginuid. @buf->mutex must be locked.
97 static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
98 unsigned int sessionid,
99 struct tty_audit_buf *buf)
103 if (audit_enabled == 0)
105 tty_audit_log("tty", tsk, loginuid, sessionid, buf->major, buf->minor,
106 buf->data, buf->valid);
111 * tty_audit_buf_push_current - Push buffered data out
113 * Generate an audit message from the contents of @buf, which is owned by
114 * the current task. @buf->mutex must be locked.
116 static void tty_audit_buf_push_current(struct tty_audit_buf *buf)
118 uid_t auid = audit_get_loginuid(current);
119 unsigned int sessionid = audit_get_sessionid(current);
120 tty_audit_buf_push(current, auid, sessionid, buf);
124 * tty_audit_exit - Handle a task exit
126 * Make sure all buffered data is written out and deallocate the buffer.
127 * Only needs to be called if current->signal->tty_audit_buf != %NULL.
129 void tty_audit_exit(void)
131 struct tty_audit_buf *buf;
133 spin_lock_irq(¤t->sighand->siglock);
134 buf = current->signal->tty_audit_buf;
135 current->signal->tty_audit_buf = NULL;
136 spin_unlock_irq(¤t->sighand->siglock);
140 mutex_lock(&buf->mutex);
141 tty_audit_buf_push_current(buf);
142 mutex_unlock(&buf->mutex);
144 tty_audit_buf_put(buf);
148 * tty_audit_fork - Copy TTY audit state for a new task
150 * Set up TTY audit state in @sig from current. @sig needs no locking.
152 void tty_audit_fork(struct signal_struct *sig)
154 spin_lock_irq(¤t->sighand->siglock);
155 sig->audit_tty = current->signal->audit_tty;
156 spin_unlock_irq(¤t->sighand->siglock);
157 sig->tty_audit_buf = NULL;
161 * tty_audit_tiocsti - Log TIOCSTI
163 void tty_audit_tiocsti(struct tty_struct *tty, char ch)
165 struct tty_audit_buf *buf;
166 int major, minor, should_audit;
168 spin_lock_irq(¤t->sighand->siglock);
169 should_audit = current->signal->audit_tty;
170 buf = current->signal->tty_audit_buf;
172 atomic_inc(&buf->count);
173 spin_unlock_irq(¤t->sighand->siglock);
175 major = tty->driver->major;
176 minor = tty->driver->minor_start + tty->index;
178 mutex_lock(&buf->mutex);
179 if (buf->major == major && buf->minor == minor)
180 tty_audit_buf_push_current(buf);
181 mutex_unlock(&buf->mutex);
182 tty_audit_buf_put(buf);
185 if (should_audit && audit_enabled) {
187 unsigned int sessionid;
189 auid = audit_get_loginuid(current);
190 sessionid = audit_get_sessionid(current);
191 tty_audit_log("ioctl=TIOCSTI", current, auid, sessionid, major,
197 * tty_audit_push_task - Flush task's pending audit data
199 void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)
201 struct tty_audit_buf *buf;
203 spin_lock_irq(&tsk->sighand->siglock);
204 buf = tsk->signal->tty_audit_buf;
206 atomic_inc(&buf->count);
207 spin_unlock_irq(&tsk->sighand->siglock);
211 mutex_lock(&buf->mutex);
212 tty_audit_buf_push(tsk, loginuid, sessionid, buf);
213 mutex_unlock(&buf->mutex);
215 tty_audit_buf_put(buf);
219 * tty_audit_buf_get - Get an audit buffer.
221 * Get an audit buffer for @tty, allocate it if necessary. Return %NULL
222 * if TTY auditing is disabled or out of memory. Otherwise, return a new
223 * reference to the buffer.
225 static struct tty_audit_buf *tty_audit_buf_get(struct tty_struct *tty)
227 struct tty_audit_buf *buf, *buf2;
231 spin_lock_irq(¤t->sighand->siglock);
232 if (likely(!current->signal->audit_tty))
234 buf = current->signal->tty_audit_buf;
236 atomic_inc(&buf->count);
239 spin_unlock_irq(¤t->sighand->siglock);
241 buf2 = tty_audit_buf_alloc(tty->driver->major,
242 tty->driver->minor_start + tty->index,
245 audit_log_lost("out of memory in TTY auditing");
249 spin_lock_irq(¤t->sighand->siglock);
250 if (!current->signal->audit_tty)
252 buf = current->signal->tty_audit_buf;
254 current->signal->tty_audit_buf = buf2;
258 atomic_inc(&buf->count);
261 spin_unlock_irq(¤t->sighand->siglock);
263 tty_audit_buf_free(buf2);
268 * tty_audit_add_data - Add data for TTY auditing.
270 * Audit @data of @size from @tty, if necessary.
272 void tty_audit_add_data(struct tty_struct *tty, unsigned char *data,
275 struct tty_audit_buf *buf;
278 if (unlikely(size == 0))
281 if (tty->driver->type == TTY_DRIVER_TYPE_PTY
282 && tty->driver->subtype == PTY_TYPE_MASTER)
285 buf = tty_audit_buf_get(tty);
289 mutex_lock(&buf->mutex);
290 major = tty->driver->major;
291 minor = tty->driver->minor_start + tty->index;
292 if (buf->major != major || buf->minor != minor
293 || buf->icanon != tty->icanon) {
294 tty_audit_buf_push_current(buf);
297 buf->icanon = tty->icanon;
302 run = N_TTY_BUF_SIZE - buf->valid;
305 memcpy(buf->data + buf->valid, data, run);
309 if (buf->valid == N_TTY_BUF_SIZE)
310 tty_audit_buf_push_current(buf);
312 mutex_unlock(&buf->mutex);
313 tty_audit_buf_put(buf);
317 * tty_audit_push - Push buffered data out
319 * Make sure no audit data is pending for @tty on the current process.
321 void tty_audit_push(struct tty_struct *tty)
323 struct tty_audit_buf *buf;
325 spin_lock_irq(¤t->sighand->siglock);
326 if (likely(!current->signal->audit_tty)) {
327 spin_unlock_irq(¤t->sighand->siglock);
330 buf = current->signal->tty_audit_buf;
332 atomic_inc(&buf->count);
333 spin_unlock_irq(¤t->sighand->siglock);
338 major = tty->driver->major;
339 minor = tty->driver->minor_start + tty->index;
340 mutex_lock(&buf->mutex);
341 if (buf->major == major && buf->minor == minor)
342 tty_audit_buf_push_current(buf);
343 mutex_unlock(&buf->mutex);
344 tty_audit_buf_put(buf);