audit: log AUDIT_TTY_SET config changes
authorRichard Guy Briggs <rgb@redhat.com>
Fri, 15 Nov 2013 16:29:02 +0000 (11:29 -0500)
committerEric Paris <eparis@redhat.com>
Tue, 14 Jan 2014 03:31:15 +0000 (22:31 -0500)
Log transition of config changes when AUDIT_TTY_SET is called, including both
enabled and log_passwd values now in the struct.

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
kernel/audit.c

index 2dc75735469349bc91b6a11c7a1da89dc66e8e70..fdb8528ceca38fd184ce5f51457477620a9f2f16 100644 (file)
@@ -989,20 +989,38 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                break;
        }
        case AUDIT_TTY_SET: {
-               struct audit_tty_status s;
+               struct audit_tty_status s, old;
                struct task_struct *tsk = current;
+               struct audit_buffer     *ab;
+               int res = 0;
+
+               spin_lock(&tsk->sighand->siglock);
+               old.enabled = tsk->signal->audit_tty;
+               old.log_passwd = tsk->signal->audit_tty_log_passwd;
+               spin_unlock(&tsk->sighand->siglock);
 
                memset(&s, 0, sizeof(s));
                /* guard against past and future API changes */
                memcpy(&s, data, min_t(size_t, sizeof(s), nlmsg_len(nlh)));
-               if ((s.enabled != 0 && s.enabled != 1) ||
-                   (s.log_passwd != 0 && s.log_passwd != 1))
+               if ((s.enabled == 0 || s.enabled == 1) &&
+                   (s.log_passwd == 0 || s.log_passwd == 1))
+                       res = 1;
+               audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE);
+               audit_log_format(ab, " op=tty_set"
+                                " old-enabled=%d old-log_passwd=%d"
+                                " new-enabled=%d new-log_passwd=%d"
+                                " res=%d",
+                                old.enabled, old.log_passwd,
+                                s.enabled, s.log_passwd,
+                                res);
+               audit_log_end(ab);
+               if (res) {
+                       spin_lock(&tsk->sighand->siglock);
+                       tsk->signal->audit_tty = s.enabled;
+                       tsk->signal->audit_tty_log_passwd = s.log_passwd;
+                       spin_unlock(&tsk->sighand->siglock);
+               } else
                        return -EINVAL;
-
-               spin_lock(&tsk->sighand->siglock);
-               tsk->signal->audit_tty = s.enabled;
-               tsk->signal->audit_tty_log_passwd = s.log_passwd;
-               spin_unlock(&tsk->sighand->siglock);
                break;
        }
        default: