Audit: collect sessionid in netlink messages
Previously I added sessionid output to all audit messages where it was
available but we still didn't know the sessionid of the sender of
netlink messages. This patch adds that information to netlink messages
so we can audit who sent netlink messages.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 22a30ae..a1b0fbe 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -407,6 +407,9 @@
struct xfrm_state *x;
int err;
struct km_event c;
+ uid_t loginuid = NETLINK_CB(skb).loginuid;
+ u32 sessionid = NETLINK_CB(skb).sessionid;
+ u32 sid = NETLINK_CB(skb).sid;
err = verify_newsa_info(p, attrs);
if (err)
@@ -422,8 +425,7 @@
else
err = xfrm_state_update(x);
- xfrm_audit_state_add(x, err ? 0 : 1, NETLINK_CB(skb).loginuid,
- NETLINK_CB(skb).sid);
+ xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid, sid);
if (err < 0) {
x->km.state = XFRM_STATE_DEAD;
@@ -478,6 +480,9 @@
int err = -ESRCH;
struct km_event c;
struct xfrm_usersa_id *p = nlmsg_data(nlh);
+ uid_t loginuid = NETLINK_CB(skb).loginuid;
+ u32 sessionid = NETLINK_CB(skb).sessionid;
+ u32 sid = NETLINK_CB(skb).sid;
x = xfrm_user_state_lookup(p, attrs, &err);
if (x == NULL)
@@ -502,8 +507,7 @@
km_state_notify(x, &c);
out:
- xfrm_audit_state_delete(x, err ? 0 : 1, NETLINK_CB(skb).loginuid,
- NETLINK_CB(skb).sid);
+ xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid, sid);
xfrm_state_put(x);
return err;
}
@@ -1123,6 +1127,9 @@
struct km_event c;
int err;
int excl;
+ uid_t loginuid = NETLINK_CB(skb).loginuid;
+ u32 sessionid = NETLINK_CB(skb).sessionid;
+ u32 sid = NETLINK_CB(skb).sid;
err = verify_newpolicy_info(p);
if (err)
@@ -1141,8 +1148,7 @@
* a type XFRM_MSG_UPDPOLICY - JHS */
excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY;
err = xfrm_policy_insert(p->dir, xp, excl);
- xfrm_audit_policy_add(xp, err ? 0 : 1, NETLINK_CB(skb).loginuid,
- NETLINK_CB(skb).sid);
+ xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid, sid);
if (err) {
security_xfrm_policy_free(xp->security);
@@ -1371,9 +1377,12 @@
NETLINK_CB(skb).pid);
}
} else {
- xfrm_audit_policy_delete(xp, err ? 0 : 1,
- NETLINK_CB(skb).loginuid,
- NETLINK_CB(skb).sid);
+ uid_t loginuid = NETLINK_CB(skb).loginuid;
+ u32 sessionid = NETLINK_CB(skb).sessionid;
+ u32 sid = NETLINK_CB(skb).sid;
+
+ xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid,
+ sid);
if (err != 0)
goto out;
@@ -1399,6 +1408,7 @@
int err;
audit_info.loginuid = NETLINK_CB(skb).loginuid;
+ audit_info.sessionid = NETLINK_CB(skb).sessionid;
audit_info.secid = NETLINK_CB(skb).sid;
err = xfrm_state_flush(p->proto, &audit_info);
if (err)
@@ -1546,6 +1556,7 @@
return err;
audit_info.loginuid = NETLINK_CB(skb).loginuid;
+ audit_info.sessionid = NETLINK_CB(skb).sessionid;
audit_info.secid = NETLINK_CB(skb).sid;
err = xfrm_policy_flush(type, &audit_info);
if (err)
@@ -1604,9 +1615,11 @@
read_unlock(&xp->lock);
err = 0;
if (up->hard) {
+ uid_t loginuid = NETLINK_CB(skb).loginuid;
+ uid_t sessionid = NETLINK_CB(skb).sessionid;
+ u32 sid = NETLINK_CB(skb).sid;
xfrm_policy_delete(xp, p->dir);
- xfrm_audit_policy_delete(xp, 1, NETLINK_CB(skb).loginuid,
- NETLINK_CB(skb).sid);
+ xfrm_audit_policy_delete(xp, 1, loginuid, sessionid, sid);
} else {
// reset the timers here?
@@ -1640,9 +1653,11 @@
km_state_expired(x, ue->hard, current->pid);
if (ue->hard) {
+ uid_t loginuid = NETLINK_CB(skb).loginuid;
+ uid_t sessionid = NETLINK_CB(skb).sessionid;
+ u32 sid = NETLINK_CB(skb).sid;
__xfrm_state_delete(x);
- xfrm_audit_state_delete(x, 1, NETLINK_CB(skb).loginuid,
- NETLINK_CB(skb).sid);
+ xfrm_audit_state_delete(x, 1, loginuid, sessionid, sid);
}
err = 0;
out:
