AUDIT: Report lookup flags with path/inode records.

When LOOKUP_PARENT is used, the inode which results is not the inode
found at the pathname. Report the flags so that this doesn't generate
misleading audit records.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
This commit is contained in:
David Woodhouse 2005-06-20 16:11:05 +01:00
parent f7056d64ae
commit ae7b961b1c
3 changed files with 14 additions and 10 deletions

View File

@ -1043,7 +1043,7 @@ int fastcall path_lookup(const char *name, unsigned int flags, struct nameidata
out: out:
if (unlikely(current->audit_context if (unlikely(current->audit_context
&& nd && nd->dentry && nd->dentry->d_inode)) && nd && nd->dentry && nd->dentry->d_inode))
audit_inode(name, nd->dentry->d_inode); audit_inode(name, nd->dentry->d_inode, flags);
return retval; return retval;
} }

View File

@ -220,7 +220,7 @@ extern void audit_syscall_entry(struct task_struct *task, int arch,
extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code); extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code);
extern void audit_getname(const char *name); extern void audit_getname(const char *name);
extern void audit_putname(const char *name); extern void audit_putname(const char *name);
extern void audit_inode(const char *name, const struct inode *inode); extern void audit_inode(const char *name, const struct inode *inode, unsigned flags);
/* Private API (for audit.c only) */ /* Private API (for audit.c only) */
extern int audit_receive_filter(int type, int pid, int uid, int seq, extern int audit_receive_filter(int type, int pid, int uid, int seq,
@ -243,7 +243,7 @@ extern int audit_filter_user(struct task_struct *tsk, int type);
#define audit_syscall_exit(t,f,r) do { ; } while (0) #define audit_syscall_exit(t,f,r) do { ; } while (0)
#define audit_getname(n) do { ; } while (0) #define audit_getname(n) do { ; } while (0)
#define audit_putname(n) do { ; } while (0) #define audit_putname(n) do { ; } while (0)
#define audit_inode(n,i) do { ; } while (0) #define audit_inode(n,i,f) do { ; } while (0)
#define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; }) #define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; })
#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
#define audit_get_loginuid(c) ({ -1; }) #define audit_get_loginuid(c) ({ -1; })

View File

@ -95,6 +95,7 @@ struct audit_names {
uid_t uid; uid_t uid;
gid_t gid; gid_t gid;
dev_t rdev; dev_t rdev;
unsigned flags;
}; };
struct audit_aux_data { struct audit_aux_data {
@ -792,6 +793,8 @@ static void audit_log_exit(struct audit_context *context)
audit_log_format(ab, " name="); audit_log_format(ab, " name=");
audit_log_untrustedstring(ab, context->names[i].name); audit_log_untrustedstring(ab, context->names[i].name);
} }
audit_log_format(ab, " flags=%x\n", context->names[i].flags);
if (context->names[i].ino != (unsigned long)-1) if (context->names[i].ino != (unsigned long)-1)
audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#o" audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#o"
" ouid=%u ogid=%u rdev=%02x:%02x", " ouid=%u ogid=%u rdev=%02x:%02x",
@ -1018,7 +1021,7 @@ void audit_putname(const char *name)
/* Store the inode and device from a lookup. Called from /* Store the inode and device from a lookup. Called from
* fs/namei.c:path_lookup(). */ * fs/namei.c:path_lookup(). */
void audit_inode(const char *name, const struct inode *inode) void audit_inode(const char *name, const struct inode *inode, unsigned flags)
{ {
int idx; int idx;
struct audit_context *context = current->audit_context; struct audit_context *context = current->audit_context;
@ -1044,12 +1047,13 @@ void audit_inode(const char *name, const struct inode *inode)
++context->ino_count; ++context->ino_count;
#endif #endif
} }
context->names[idx].ino = inode->i_ino; context->names[idx].flags = flags;
context->names[idx].dev = inode->i_sb->s_dev; context->names[idx].ino = inode->i_ino;
context->names[idx].mode = inode->i_mode; context->names[idx].dev = inode->i_sb->s_dev;
context->names[idx].uid = inode->i_uid; context->names[idx].mode = inode->i_mode;
context->names[idx].gid = inode->i_gid; context->names[idx].uid = inode->i_uid;
context->names[idx].rdev = inode->i_rdev; context->names[idx].gid = inode->i_gid;
context->names[idx].rdev = inode->i_rdev;
} }
void auditsc_get_stamp(struct audit_context *ctx, void auditsc_get_stamp(struct audit_context *ctx,