1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Creating audit events from TTY input. 4 * 5 * Copyright (C) 2007 Red Hat, Inc. All rights reserved. 6 * 7 * Authors: Miloslav Trmac <mitr@redhat.com> 8 */ 9 10 #include <linux/audit.h> 11 #include <linux/slab.h> 12 #include <linux/tty.h> 13 14 struct tty_audit_buf { 15 struct mutex mutex; /* Protects all data below */ 16 dev_t dev; /* The TTY which the data is from */ 17 unsigned icanon:1; 18 size_t valid; 19 unsigned char *data; /* Allocated size N_TTY_BUF_SIZE */ 20 }; 21 22 static struct tty_audit_buf *tty_audit_buf_ref(void) 23 { 24 struct tty_audit_buf *buf; 25 26 buf = current->signal->tty_audit_buf; 27 WARN_ON(buf == ERR_PTR(-ESRCH)); 28 return buf; 29 } 30 31 static struct tty_audit_buf *tty_audit_buf_alloc(void) 32 { 33 struct tty_audit_buf *buf; 34 35 buf = kmalloc(sizeof(*buf), GFP_KERNEL); 36 if (!buf) 37 goto err; 38 buf->data = kmalloc(N_TTY_BUF_SIZE, GFP_KERNEL); 39 if (!buf->data) 40 goto err_buf; 41 mutex_init(&buf->mutex); 42 buf->dev = MKDEV(0, 0); 43 buf->icanon = 0; 44 buf->valid = 0; 45 return buf; 46 47 err_buf: 48 kfree(buf); 49 err: 50 return NULL; 51 } 52 53 static void tty_audit_buf_free(struct tty_audit_buf *buf) 54 { 55 WARN_ON(buf->valid != 0); 56 kfree(buf->data); 57 kfree(buf); 58 } 59 60 static void tty_audit_log(const char *description, dev_t dev, 61 unsigned char *data, size_t size) 62 { 63 struct audit_buffer *ab; 64 struct task_struct *tsk = current; 65 pid_t pid = task_pid_nr(tsk); 66 uid_t uid = from_kuid(&init_user_ns, task_uid(tsk)); 67 uid_t loginuid = from_kuid(&init_user_ns, audit_get_loginuid(tsk)); 68 unsigned int sessionid = audit_get_sessionid(tsk); 69 70 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY); 71 if (ab) { 72 char name[sizeof(tsk->comm)]; 73 74 audit_log_format(ab, "%s pid=%u uid=%u auid=%u ses=%u major=%d" 75 " minor=%d comm=", description, pid, uid, 76 loginuid, sessionid, MAJOR(dev), MINOR(dev)); 77 get_task_comm(name, tsk); 78 audit_log_untrustedstring(ab, name); 79 audit_log_format(ab, " data="); 80 audit_log_n_hex(ab, data, size); 81 audit_log_end(ab); 82 } 83 } 84 85 /** 86 * tty_audit_buf_push - Push buffered data out 87 * 88 * Generate an audit message from the contents of @buf, which is owned by 89 * the current task. @buf->mutex must be locked. 90 */ 91 static void tty_audit_buf_push(struct tty_audit_buf *buf) 92 { 93 if (buf->valid == 0) 94 return; 95 if (audit_enabled == AUDIT_OFF) { 96 buf->valid = 0; 97 return; 98 } 99 tty_audit_log("tty", buf->dev, buf->data, buf->valid); 100 buf->valid = 0; 101 } 102 103 /** 104 * tty_audit_exit - Handle a task exit 105 * 106 * Make sure all buffered data is written out and deallocate the buffer. 107 * Only needs to be called if current->signal->tty_audit_buf != %NULL. 108 * 109 * The process is single-threaded at this point; no other threads share 110 * current->signal. 111 */ 112 void tty_audit_exit(void) 113 { 114 struct tty_audit_buf *buf; 115 116 buf = xchg(¤t->signal->tty_audit_buf, ERR_PTR(-ESRCH)); 117 if (!buf) 118 return; 119 120 tty_audit_buf_push(buf); 121 tty_audit_buf_free(buf); 122 } 123 124 /** 125 * tty_audit_fork - Copy TTY audit state for a new task 126 * 127 * Set up TTY audit state in @sig from current. @sig needs no locking. 128 */ 129 void tty_audit_fork(struct signal_struct *sig) 130 { 131 sig->audit_tty = current->signal->audit_tty; 132 } 133 134 /** 135 * tty_audit_tiocsti - Log TIOCSTI 136 */ 137 void tty_audit_tiocsti(struct tty_struct *tty, char ch) 138 { 139 dev_t dev; 140 141 dev = MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index; 142 if (tty_audit_push()) 143 return; 144 145 if (audit_enabled) 146 tty_audit_log("ioctl=TIOCSTI", dev, &ch, 1); 147 } 148 149 /** 150 * tty_audit_push - Flush current's pending audit data 151 * 152 * Returns 0 if success, -EPERM if tty audit is disabled 153 */ 154 int tty_audit_push(void) 155 { 156 struct tty_audit_buf *buf; 157 158 if (~current->signal->audit_tty & AUDIT_TTY_ENABLE) 159 return -EPERM; 160 161 buf = tty_audit_buf_ref(); 162 if (!IS_ERR_OR_NULL(buf)) { 163 mutex_lock(&buf->mutex); 164 tty_audit_buf_push(buf); 165 mutex_unlock(&buf->mutex); 166 } 167 return 0; 168 } 169 170 /** 171 * tty_audit_buf_get - Get an audit buffer. 172 * 173 * Get an audit buffer, allocate it if necessary. Return %NULL 174 * if out of memory or ERR_PTR(-ESRCH) if tty_audit_exit() has already 175 * occurred. Otherwise, return a new reference to the buffer. 176 */ 177 static struct tty_audit_buf *tty_audit_buf_get(void) 178 { 179 struct tty_audit_buf *buf; 180 181 buf = tty_audit_buf_ref(); 182 if (buf) 183 return buf; 184 185 buf = tty_audit_buf_alloc(); 186 if (buf == NULL) { 187 audit_log_lost("out of memory in TTY auditing"); 188 return NULL; 189 } 190 191 /* Race to use this buffer, free it if another wins */ 192 if (cmpxchg(¤t->signal->tty_audit_buf, NULL, buf) != NULL) 193 tty_audit_buf_free(buf); 194 return tty_audit_buf_ref(); 195 } 196 197 /** 198 * tty_audit_add_data - Add data for TTY auditing. 199 * 200 * Audit @data of @size from @tty, if necessary. 201 */ 202 void tty_audit_add_data(struct tty_struct *tty, const void *data, size_t size) 203 { 204 struct tty_audit_buf *buf; 205 unsigned int icanon = !!L_ICANON(tty); 206 unsigned int audit_tty; 207 dev_t dev; 208 209 audit_tty = READ_ONCE(current->signal->audit_tty); 210 if (~audit_tty & AUDIT_TTY_ENABLE) 211 return; 212 213 if (unlikely(size == 0)) 214 return; 215 216 if (tty->driver->type == TTY_DRIVER_TYPE_PTY 217 && tty->driver->subtype == PTY_TYPE_MASTER) 218 return; 219 220 if ((~audit_tty & AUDIT_TTY_LOG_PASSWD) && icanon && !L_ECHO(tty)) 221 return; 222 223 buf = tty_audit_buf_get(); 224 if (IS_ERR_OR_NULL(buf)) 225 return; 226 227 mutex_lock(&buf->mutex); 228 dev = MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index; 229 if (buf->dev != dev || buf->icanon != icanon) { 230 tty_audit_buf_push(buf); 231 buf->dev = dev; 232 buf->icanon = icanon; 233 } 234 do { 235 size_t run; 236 237 run = N_TTY_BUF_SIZE - buf->valid; 238 if (run > size) 239 run = size; 240 memcpy(buf->data + buf->valid, data, run); 241 buf->valid += run; 242 data += run; 243 size -= run; 244 if (buf->valid == N_TTY_BUF_SIZE) 245 tty_audit_buf_push(buf); 246 } while (size != 0); 247 mutex_unlock(&buf->mutex); 248 } 249