diff options
author | Eric Paris <eparis@redhat.com> | 2008-01-08 16:06:53 +0100 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2008-02-01 20:06:51 +0100 |
commit | 4746ec5b01ed07205a91e4f7ed9de9d70f371407 (patch) | |
tree | 7a3a836b6178ccab24801e90b69c1159b2c23099 /drivers/char | |
parent | [AUDIT] collect uid, loginuid, and comm in OBJ_PID records (diff) | |
download | linux-4746ec5b01ed07205a91e4f7ed9de9d70f371407.tar.xz linux-4746ec5b01ed07205a91e4f7ed9de9d70f371407.zip |
[AUDIT] add session id to audit messages
In order to correlate audit records to an individual login add a session
id. This is incremented every time a user logs in and is included in
almost all messages which currently output the auid. The field is
labeled ses= or oses=
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'drivers/char')
-rw-r--r-- | drivers/char/tty_audit.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/drivers/char/tty_audit.c b/drivers/char/tty_audit.c index c590fc45b2fd..bacded0eefab 100644 --- a/drivers/char/tty_audit.c +++ b/drivers/char/tty_audit.c @@ -73,6 +73,7 @@ static void tty_audit_buf_put(struct tty_audit_buf *buf) * @tsk with @loginuid. @buf->mutex must be locked. */ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid, + unsigned int sessionid, struct tty_audit_buf *buf) { struct audit_buffer *ab; @@ -85,9 +86,9 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid, if (ab) { char name[sizeof(tsk->comm)]; - audit_log_format(ab, "tty pid=%u uid=%u auid=%u major=%d " - "minor=%d comm=", tsk->pid, tsk->uid, - loginuid, buf->major, buf->minor); + audit_log_format(ab, "tty pid=%u uid=%u auid=%u ses=%u " + "major=%d minor=%d comm=", tsk->pid, tsk->uid, + loginuid, sessionid, buf->major, buf->minor); get_task_comm(name, tsk); audit_log_untrustedstring(ab, name); audit_log_format(ab, " data="); @@ -105,7 +106,9 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid, */ static void tty_audit_buf_push_current(struct tty_audit_buf *buf) { - tty_audit_buf_push(current, audit_get_loginuid(current), buf); + uid_t auid = audit_get_loginuid(current); + unsigned int sessionid = audit_get_sessionid(current); + tty_audit_buf_push(current, auid, sessionid, buf); } /** @@ -151,6 +154,11 @@ void tty_audit_fork(struct signal_struct *sig) void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid) { struct tty_audit_buf *buf; + /* FIXME I think this is correct. Check against netlink once that is + * I really need to read this code more closely. But that's for + * another patch. + */ + unsigned int sessionid = audit_get_sessionid(tsk); spin_lock_irq(&tsk->sighand->siglock); buf = tsk->signal->tty_audit_buf; @@ -161,7 +169,7 @@ void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid) return; mutex_lock(&buf->mutex); - tty_audit_buf_push(tsk, loginuid, buf); + tty_audit_buf_push(tsk, loginuid, sessionid, buf); mutex_unlock(&buf->mutex); tty_audit_buf_put(buf); |