1 /* 2 * Creating audit events from TTY input. 3 * 4 * Copyright (C) 2007 Red Hat, Inc. All rights reserved. This copyrighted 5 * material is made available to anyone wishing to use, modify, copy, or 6 * redistribute it subject to the terms and conditions of the GNU General 7 * Public License v.2. 8 * 9 * Authors: Miloslav Trmac <mitr@redhat.com> 10 */ 11 12 #include <linux/audit.h> 13 #include <linux/slab.h> 14 #include <linux/tty.h> 15 16 struct tty_audit_buf { 17 atomic_t count; 18 struct mutex mutex; /* Protects all data below */ 19 int major, minor; /* The TTY which the data is from */ 20 unsigned icanon:1; 21 size_t valid; 22 unsigned char *data; /* Allocated size N_TTY_BUF_SIZE */ 23 }; 24 25 static struct tty_audit_buf *tty_audit_buf_alloc(int major, int minor, 26 int icanon) 27 { 28 struct tty_audit_buf *buf; 29 30 buf = kmalloc(sizeof(*buf), GFP_KERNEL); 31 if (!buf) 32 goto err; 33 buf->data = kmalloc(N_TTY_BUF_SIZE, GFP_KERNEL); 34 if (!buf->data) 35 goto err_buf; 36 atomic_set(&buf->count, 1); 37 mutex_init(&buf->mutex); 38 buf->major = major; 39 buf->minor = minor; 40 buf->icanon = icanon; 41 buf->valid = 0; 42 return buf; 43 44 err_buf: 45 kfree(buf); 46 err: 47 return NULL; 48 } 49 50 static void tty_audit_buf_free(struct tty_audit_buf *buf) 51 { 52 WARN_ON(buf->valid != 0); 53 kfree(buf->data); 54 kfree(buf); 55 } 56 57 static void tty_audit_buf_put(struct tty_audit_buf *buf) 58 { 59 if (atomic_dec_and_test(&buf->count)) 60 tty_audit_buf_free(buf); 61 } 62 63 static void tty_audit_log(const char *description, struct task_struct *tsk, 64 uid_t loginuid, unsigned sessionid, int major, 65 int minor, unsigned char *data, size_t size) 66 { 67 struct audit_buffer *ab; 68 69 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY); 70 if (ab) { 71 char name[sizeof(tsk->comm)]; 72 uid_t uid = task_uid(tsk); 73 74 audit_log_format(ab, "%s pid=%u uid=%u auid=%u ses=%u " 75 "major=%d minor=%d comm=", description, 76 tsk->pid, uid, loginuid, sessionid, 77 major, minor); 78 get_task_comm(name, tsk); 79 audit_log_untrustedstring(ab, name); 80 audit_log_format(ab, " data="); 81 audit_log_n_hex(ab, data, size); 82 audit_log_end(ab); 83 } 84 } 85 86 /** 87 * tty_audit_buf_push - Push buffered data out 88 * 89 * Generate an audit message from the contents of @buf, which is owned by 90 * @tsk with @loginuid. @buf->mutex must be locked. 91 */ 92 static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid, 93 unsigned int sessionid, 94 struct tty_audit_buf *buf) 95 { 96 if (buf->valid == 0) 97 return; 98 if (audit_enabled == 0) { 99 buf->valid = 0; 100 return; 101 } 102 tty_audit_log("tty", tsk, loginuid, sessionid, buf->major, buf->minor, 103 buf->data, buf->valid); 104 buf->valid = 0; 105 } 106 107 /** 108 * tty_audit_buf_push_current - Push buffered data out 109 * 110 * Generate an audit message from the contents of @buf, which is owned by 111 * the current task. @buf->mutex must be locked. 112 */ 113 static void tty_audit_buf_push_current(struct tty_audit_buf *buf) 114 { 115 uid_t auid = audit_get_loginuid(current); 116 unsigned int sessionid = audit_get_sessionid(current); 117 tty_audit_buf_push(current, auid, sessionid, buf); 118 } 119 120 /** 121 * tty_audit_exit - Handle a task exit 122 * 123 * Make sure all buffered data is written out and deallocate the buffer. 124 * Only needs to be called if current->signal->tty_audit_buf != %NULL. 125 */ 126 void tty_audit_exit(void) 127 { 128 struct tty_audit_buf *buf; 129 130 spin_lock_irq(¤t->sighand->siglock); 131 buf = current->signal->tty_audit_buf; 132 current->signal->tty_audit_buf = NULL; 133 spin_unlock_irq(¤t->sighand->siglock); 134 if (!buf) 135 return; 136 137 mutex_lock(&buf->mutex); 138 tty_audit_buf_push_current(buf); 139 mutex_unlock(&buf->mutex); 140 141 tty_audit_buf_put(buf); 142 } 143 144 /** 145 * tty_audit_fork - Copy TTY audit state for a new task 146 * 147 * Set up TTY audit state in @sig from current. @sig needs no locking. 148 */ 149 void tty_audit_fork(struct signal_struct *sig) 150 { 151 spin_lock_irq(¤t->sighand->siglock); 152 sig->audit_tty = current->signal->audit_tty; 153 spin_unlock_irq(¤t->sighand->siglock); 154 } 155 156 /** 157 * tty_audit_tiocsti - Log TIOCSTI 158 */ 159 void tty_audit_tiocsti(struct tty_struct *tty, char ch) 160 { 161 struct tty_audit_buf *buf; 162 int major, minor, should_audit; 163 164 spin_lock_irq(¤t->sighand->siglock); 165 should_audit = current->signal->audit_tty; 166 buf = current->signal->tty_audit_buf; 167 if (buf) 168 atomic_inc(&buf->count); 169 spin_unlock_irq(¤t->sighand->siglock); 170 171 major = tty->driver->major; 172 minor = tty->driver->minor_start + tty->index; 173 if (buf) { 174 mutex_lock(&buf->mutex); 175 if (buf->major == major && buf->minor == minor) 176 tty_audit_buf_push_current(buf); 177 mutex_unlock(&buf->mutex); 178 tty_audit_buf_put(buf); 179 } 180 181 if (should_audit && audit_enabled) { 182 uid_t auid; 183 unsigned int sessionid; 184 185 auid = audit_get_loginuid(current); 186 sessionid = audit_get_sessionid(current); 187 tty_audit_log("ioctl=TIOCSTI", current, auid, sessionid, major, 188 minor, &ch, 1); 189 } 190 } 191 192 /** 193 * tty_audit_push_task - Flush task's pending audit data 194 * @tsk: task pointer 195 * @loginuid: sender login uid 196 * @sessionid: sender session id 197 * 198 * Called with a ref on @tsk held. Try to lock sighand and get a 199 * reference to the tty audit buffer if available. 200 * Flush the buffer or return an appropriate error code. 201 */ 202 int tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid) 203 { 204 struct tty_audit_buf *buf = ERR_PTR(-EPERM); 205 unsigned long flags; 206 207 if (!lock_task_sighand(tsk, &flags)) 208 return -ESRCH; 209 210 if (tsk->signal->audit_tty) { 211 buf = tsk->signal->tty_audit_buf; 212 if (buf) 213 atomic_inc(&buf->count); 214 } 215 unlock_task_sighand(tsk, &flags); 216 217 /* 218 * Return 0 when signal->audit_tty set 219 * but tsk->signal->tty_audit_buf == NULL. 220 */ 221 if (!buf || IS_ERR(buf)) 222 return PTR_ERR(buf); 223 224 mutex_lock(&buf->mutex); 225 tty_audit_buf_push(tsk, loginuid, sessionid, buf); 226 mutex_unlock(&buf->mutex); 227 228 tty_audit_buf_put(buf); 229 return 0; 230 } 231 232 /** 233 * tty_audit_buf_get - Get an audit buffer. 234 * 235 * Get an audit buffer for @tty, allocate it if necessary. Return %NULL 236 * if TTY auditing is disabled or out of memory. Otherwise, return a new 237 * reference to the buffer. 238 */ 239 static struct tty_audit_buf *tty_audit_buf_get(struct tty_struct *tty) 240 { 241 struct tty_audit_buf *buf, *buf2; 242 243 buf = NULL; 244 buf2 = NULL; 245 spin_lock_irq(¤t->sighand->siglock); 246 if (likely(!current->signal->audit_tty)) 247 goto out; 248 buf = current->signal->tty_audit_buf; 249 if (buf) { 250 atomic_inc(&buf->count); 251 goto out; 252 } 253 spin_unlock_irq(¤t->sighand->siglock); 254 255 buf2 = tty_audit_buf_alloc(tty->driver->major, 256 tty->driver->minor_start + tty->index, 257 tty->icanon); 258 if (buf2 == NULL) { 259 audit_log_lost("out of memory in TTY auditing"); 260 return NULL; 261 } 262 263 spin_lock_irq(¤t->sighand->siglock); 264 if (!current->signal->audit_tty) 265 goto out; 266 buf = current->signal->tty_audit_buf; 267 if (!buf) { 268 current->signal->tty_audit_buf = buf2; 269 buf = buf2; 270 buf2 = NULL; 271 } 272 atomic_inc(&buf->count); 273 /* Fall through */ 274 out: 275 spin_unlock_irq(¤t->sighand->siglock); 276 if (buf2) 277 tty_audit_buf_free(buf2); 278 return buf; 279 } 280 281 /** 282 * tty_audit_add_data - Add data for TTY auditing. 283 * 284 * Audit @data of @size from @tty, if necessary. 285 */ 286 void tty_audit_add_data(struct tty_struct *tty, unsigned char *data, 287 size_t size) 288 { 289 struct tty_audit_buf *buf; 290 int major, minor; 291 292 if (unlikely(size == 0)) 293 return; 294 295 if (tty->driver->type == TTY_DRIVER_TYPE_PTY 296 && tty->driver->subtype == PTY_TYPE_MASTER) 297 return; 298 299 buf = tty_audit_buf_get(tty); 300 if (!buf) 301 return; 302 303 mutex_lock(&buf->mutex); 304 major = tty->driver->major; 305 minor = tty->driver->minor_start + tty->index; 306 if (buf->major != major || buf->minor != minor 307 || buf->icanon != tty->icanon) { 308 tty_audit_buf_push_current(buf); 309 buf->major = major; 310 buf->minor = minor; 311 buf->icanon = tty->icanon; 312 } 313 do { 314 size_t run; 315 316 run = N_TTY_BUF_SIZE - buf->valid; 317 if (run > size) 318 run = size; 319 memcpy(buf->data + buf->valid, data, run); 320 buf->valid += run; 321 data += run; 322 size -= run; 323 if (buf->valid == N_TTY_BUF_SIZE) 324 tty_audit_buf_push_current(buf); 325 } while (size != 0); 326 mutex_unlock(&buf->mutex); 327 tty_audit_buf_put(buf); 328 } 329 330 /** 331 * tty_audit_push - Push buffered data out 332 * 333 * Make sure no audit data is pending for @tty on the current process. 334 */ 335 void tty_audit_push(struct tty_struct *tty) 336 { 337 struct tty_audit_buf *buf; 338 339 spin_lock_irq(¤t->sighand->siglock); 340 if (likely(!current->signal->audit_tty)) { 341 spin_unlock_irq(¤t->sighand->siglock); 342 return; 343 } 344 buf = current->signal->tty_audit_buf; 345 if (buf) 346 atomic_inc(&buf->count); 347 spin_unlock_irq(¤t->sighand->siglock); 348 349 if (buf) { 350 int major, minor; 351 352 major = tty->driver->major; 353 minor = tty->driver->minor_start + tty->index; 354 mutex_lock(&buf->mutex); 355 if (buf->major == major && buf->minor == minor) 356 tty_audit_buf_push_current(buf); 357 mutex_unlock(&buf->mutex); 358 tty_audit_buf_put(buf); 359 } 360 } 361