Merge branch 'audit.b50' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current

S:	Maintained

AUDIT SUBSYSTEM

P:	David Woodhouse

M:	dwmw2@infradead.org

P:	Al Viro

M:	viro@zeniv.linux.org.uk

P:	Eric Paris

M:	eparis@redhat.com

L:	linux-audit@redhat.com (subscribers-only)

W:	http://people.redhat.com/sgrubb/audit/

T:	git kernel.org:/pub/scm/linux/kernel/git/dwmw2/audit-2.6.git

T:	git git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current.git

S:	Maintained

AUXILIARY DISPLAY DRIVERS

		get_task_comm(name, tsk);

		audit_log_untrustedstring(ab, name);

		audit_log_format(ab, " data=");

		audit_log_n_untrustedstring(ab, buf->valid, buf->data);

		audit_log_n_untrustedstring(ab, buf->data, buf->valid);

		audit_log_end(ab);

	}

	buf->valid = 0;

/**

 *	tty_audit_push_task	-	Flush task's pending audit data

 */

void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid)

void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)

{

	struct tty_audit_buf *buf;

	/* FIXME I think this is correct.  Check against netlink once that is

	 * I really need to read this code more closely.  But that's for

	 * another patch.

	 */

	unsigned int sessionid = audit_get_sessionid(tsk);

	spin_lock_irq(&tsk->sighand->siglock);

	buf = tsk->signal->tty_audit_buf;

	if (unlikely(size == 0))

		return;

	if (tty->driver->type == TTY_DRIVER_TYPE_PTY

	    && tty->driver->subtype == PTY_TYPE_MASTER)

		return;

	buf = tty_audit_buf_get(tty);

	if (!buf)

		return;

		tty_audit_buf_put(buf);

	}

}

/**

 *	tty_audit_opening	-	A TTY is being opened.

 *

 *	As a special hack, tasks that close all their TTYs and open new ones

 *	are assumed to be system daemons (e.g. getty) and auditing is

 *	automatically disabled for them.

 */

void tty_audit_opening(void)

{

	int disable;

	disable = 1;

	spin_lock_irq(&current->sighand->siglock);

	if (current->signal->audit_tty == 0)

		disable = 0;

	spin_unlock_irq(&current->sighand->siglock);

	if (!disable)

		return;

	task_lock(current);

	if (current->files) {

		struct fdtable *fdt;

		unsigned i;

		/*

		 * We don't take a ref to the file, so we must hold ->file_lock

		 * instead.

		 */

		spin_lock(&current->files->file_lock);

		fdt = files_fdtable(current->files);

		for (i = 0; i < fdt->max_fds; i++) {

			struct file *filp;

			filp = fcheck_files(current->files, i);

			if (filp && is_tty(filp)) {

				disable = 0;

				break;

			}

		}

		spin_unlock(&current->files->file_lock);

	}

	task_unlock(current);

	if (!disable)

		return;

	spin_lock_irq(&current->sighand->siglock);

	current->signal->audit_tty = 0;

	spin_unlock_irq(&current->sighand->siglock);

}

		__proc_set_tty(current, tty);

	spin_unlock_irq(&current->sighand->siglock);

	mutex_unlock(&tty_mutex);

	tty_audit_opening();

	return 0;

}

	check_tty_count(tty, "tty_open");

	retval = ptm_driver->open(tty, filp);

	if (!retval) {

		tty_audit_opening();

	if (!retval)

		return 0;

	}

out1:

	release_dev(filp);

	return retval;

/* Rule structure sizes -- if these change, different AUDIT_ADD and

 * AUDIT_LIST commands must be implemented. */

#define AUDIT_MAX_FIELDS   64

#define AUDIT_MAX_KEY_LEN  32

#define AUDIT_MAX_KEY_LEN  256

#define AUDIT_BITMASK_SIZE 64

#define AUDIT_WORD(nr) ((__u32)((nr)/32))

#define AUDIT_BIT(nr)  (1 << ((nr) - AUDIT_WORD(nr)*32))

#define AUDIT_WATCH	105

#define AUDIT_PERM	106

#define AUDIT_DIR	107

#define AUDIT_FILETYPE	108

#define AUDIT_ARG0      200

#define AUDIT_ARG1      (AUDIT_ARG0+1)

					     const char *fmt, ...)

			    __attribute__((format(printf,2,3)));

extern void		    audit_log_end(struct audit_buffer *ab);

extern void		    audit_log_hex(struct audit_buffer *ab,

					  const unsigned char *buf,

					  size_t len);

extern int		    audit_string_contains_control(const char *string,

							  size_t len);

extern void		    audit_log_untrustedstring(struct audit_buffer *ab,

						      const char *string);

extern void		    audit_log_n_hex(struct audit_buffer *ab,

					  const unsigned char *buf,

					  size_t len);

extern void		    audit_log_n_string(struct audit_buffer *ab,

					       const char *buf,

					       size_t n);

#define audit_log_string(a,b) audit_log_n_string(a, b, strlen(b));

extern void		    audit_log_n_untrustedstring(struct audit_buffer *ab,

							size_t n,

							const char *string,

							size_t n);

extern void		    audit_log_untrustedstring(struct audit_buffer *ab,

						      const char *string);

extern void		    audit_log_d_path(struct audit_buffer *ab,

					     const char *prefix,

extern int audit_filter_user(struct netlink_skb_parms *cb, int type);

extern int audit_filter_type(int type);

extern int  audit_receive_filter(int type, int pid, int uid, int seq,

			 void *data, size_t datasz, uid_t loginuid, u32 sid);

				void *data, size_t datasz, uid_t loginuid,

				u32 sessionid, u32 sid);

extern int audit_enabled;

#else

#define audit_log(c,g,t,f,...) do { ; } while (0)

#define audit_log_vformat(b,f,a) do { ; } while (0)

#define audit_log_format(b,f,...) do { ; } while (0)

#define audit_log_end(b) do { ; } while (0)

#define audit_log_hex(a,b,l) do { ; } while (0)

#define audit_log_untrustedstring(a,s) do { ; } while (0)

#define audit_log_n_hex(a,b,l) do { ; } while (0)

#define audit_log_n_string(a,c,l) do { ; } while (0)

#define audit_log_string(a,c) do { ; } while (0)

#define audit_log_n_untrustedstring(a,n,s) do { ; } while (0)

#define audit_log_untrustedstring(a,s) do { ; } while (0)

#define audit_log_d_path(b, p, d) do { ; } while (0)

#define audit_enabled 0

#endif

	__u32			dst_group;

	kernel_cap_t		eff_cap;

	__u32			loginuid;	/* Login (audit) uid */

	__u32			sessionid;	/* Session id (audit) */

	__u32			sid;		/* SELinux security id */

};