Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a06e56b2 authored by Richard Guy Briggs's avatar Richard Guy Briggs Committed by Eric Paris
Browse files

audit: log AUDIT_TTY_SET config changes 



Log transition of config changes when AUDIT_TTY_SET is called, including both
enabled and log_passwd values now in the struct.

Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent 04ee1a3b

kernel/audit.c

+26 −8
Original line number Diff line number Diff line
@@ -989,20 +989,38 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 
		break;

	}

	case AUDIT_TTY_SET: {

		struct audit_tty_status s;

		struct audit_tty_status s, old;

		struct task_struct *tsk = current;

		struct audit_buffer	*ab;

		int res = 0;



		spin_lock(&tsk->sighand->siglock);

		old.enabled = tsk->signal->audit_tty;

		old.log_passwd = tsk->signal->audit_tty_log_passwd;

		spin_unlock(&tsk->sighand->siglock);



		memset(&s, 0, sizeof(s));

		/* guard against past and future API changes */

		memcpy(&s, data, min_t(size_t, sizeof(s), nlmsg_len(nlh)));

		if ((s.enabled != 0 && s.enabled != 1) ||

		    (s.log_passwd != 0 && s.log_passwd != 1))

			return -EINVAL;



		if ((s.enabled == 0 || s.enabled == 1) &&

		    (s.log_passwd == 0 || s.log_passwd == 1))

			res = 1;

		audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE);

		audit_log_format(ab, " op=tty_set"

				 " old-enabled=%d old-log_passwd=%d"

				 " new-enabled=%d new-log_passwd=%d"

				 " res=%d",

				 old.enabled, old.log_passwd,

				 s.enabled, s.log_passwd,

				 res);

		audit_log_end(ab);

		if (res) {

			spin_lock(&tsk->sighand->siglock);

			tsk->signal->audit_tty = s.enabled;

			tsk->signal->audit_tty_log_passwd = s.log_passwd;

			spin_unlock(&tsk->sighand->siglock);

		} else

			return -EINVAL;

		break;

	}

	default: