/* Audit Information */
struct xfrm_audit {
- u32 secid;
kuid_t loginuid;
unsigned int sessionid;
};
return audit_buf;
}
-static inline void xfrm_audit_helper_usrinfo(kuid_t auid, unsigned int ses, u32 secid,
+static inline void xfrm_audit_helper_usrinfo(kuid_t auid, unsigned int ses,
struct audit_buffer *audit_buf)
{
- char *secctx;
- u32 secctx_len;
-
audit_log_format(audit_buf, " auid=%u ses=%u",
from_kuid(&init_user_ns, auid), ses);
- if (secid != 0 &&
- security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) {
- audit_log_format(audit_buf, " subj=%s", secctx);
- security_release_secctx(secctx, secctx_len);
- } else
- audit_log_task_context(audit_buf);
+ audit_log_task_context(audit_buf);
}
void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, kuid_t auid,
- unsigned int ses, u32 secid);
+ unsigned int ses);
void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, kuid_t auid,
- unsigned int ses, u32 secid);
+ unsigned int ses);
void xfrm_audit_state_add(struct xfrm_state *x, int result, kuid_t auid,
- unsigned int ses, u32 secid);
+ unsigned int ses);
void xfrm_audit_state_delete(struct xfrm_state *x, int result, kuid_t auid,
- unsigned int ses, u32 secid);
+ unsigned int ses);
void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
struct sk_buff *skb);
void xfrm_audit_state_replay(struct xfrm_state *x, struct sk_buff *skb,
#else
static inline void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
- kuid_t auid, unsigned int ses, u32 secid)
+ kuid_t auid, unsigned int ses)
{
}
static inline void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
- kuid_t auid, unsigned int ses, u32 secid)
+ kuid_t auid, unsigned int ses)
{
}
static inline void xfrm_audit_state_add(struct xfrm_state *x, int result,
- kuid_t auid, unsigned int ses, u32 secid)
+ kuid_t auid, unsigned int ses)
{
}
static inline void xfrm_audit_state_delete(struct xfrm_state *x, int result,
- kuid_t auid, unsigned int ses, u32 secid)
+ kuid_t auid, unsigned int ses)
{
}
xfrm_audit_state_add(x, err ? 0 : 1,
audit_get_loginuid(current),
- audit_get_sessionid(current), 0);
+ audit_get_sessionid(current));
if (err < 0) {
x->km.state = XFRM_STATE_DEAD;
out:
xfrm_audit_state_delete(x, err ? 0 : 1,
audit_get_loginuid(current),
- audit_get_sessionid(current), 0);
+ audit_get_sessionid(current));
xfrm_state_put(x);
return err;
audit_info.loginuid = audit_get_loginuid(current);
audit_info.sessionid = audit_get_sessionid(current);
- audit_info.secid = 0;
err = xfrm_state_flush(net, proto, &audit_info);
err2 = unicast_flush_resp(sk, hdr);
if (err || err2) {
xfrm_audit_policy_add(xp, err ? 0 : 1,
audit_get_loginuid(current),
- audit_get_sessionid(current), 0);
+ audit_get_sessionid(current));
if (err)
goto out;
xfrm_audit_policy_delete(xp, err ? 0 : 1,
audit_get_loginuid(current),
- audit_get_sessionid(current), 0);
+ audit_get_sessionid(current));
if (err)
goto out;
if (delete) {
xfrm_audit_policy_delete(xp, err ? 0 : 1,
audit_get_loginuid(current),
- audit_get_sessionid(current), 0);
+ audit_get_sessionid(current));
if (err)
goto out;
audit_info.loginuid = audit_get_loginuid(current);
audit_info.sessionid = audit_get_sessionid(current);
- audit_info.secid = 0;
err = xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info);
err2 = unicast_flush_resp(sk, hdr);
if (err || err2) {
if (err) {
xfrm_audit_policy_delete(pol, 0,
audit_info->loginuid,
- audit_info->sessionid,
- audit_info->secid);
+ audit_info->sessionid);
return err;
}
}
if (err) {
xfrm_audit_policy_delete(pol, 0,
audit_info->loginuid,
- audit_info->sessionid,
- audit_info->secid);
+ audit_info->sessionid);
return err;
}
}
cnt++;
xfrm_audit_policy_delete(pol, 1, audit_info->loginuid,
- audit_info->sessionid,
- audit_info->secid);
+ audit_info->sessionid);
xfrm_policy_kill(pol);
xfrm_audit_policy_delete(pol, 1,
audit_info->loginuid,
- audit_info->sessionid,
- audit_info->secid);
+ audit_info->sessionid);
xfrm_policy_kill(pol);
write_lock_bh(&net->xfrm.xfrm_policy_lock);
#ifdef CONFIG_XFRM_SUB_POLICY
audit_info.loginuid = INVALID_UID;
audit_info.sessionid = (unsigned int)-1;
- audit_info.secid = 0;
xfrm_policy_flush(net, XFRM_POLICY_TYPE_SUB, &audit_info);
#endif
audit_info.loginuid = INVALID_UID;
audit_info.sessionid = (unsigned int)-1;
- audit_info.secid = 0;
xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info);
WARN_ON(!list_empty(&net->xfrm.policy_all));
}
void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
- kuid_t auid, unsigned int sessionid, u32 secid)
+ kuid_t auid, unsigned int sessionid)
{
struct audit_buffer *audit_buf;
audit_buf = xfrm_audit_start("SPD-add");
if (audit_buf == NULL)
return;
- xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
+ xfrm_audit_helper_usrinfo(auid, sessionid, audit_buf);
audit_log_format(audit_buf, " res=%u", result);
xfrm_audit_common_policyinfo(xp, audit_buf);
audit_log_end(audit_buf);
EXPORT_SYMBOL_GPL(xfrm_audit_policy_add);
void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
- kuid_t auid, unsigned int sessionid, u32 secid)
+ kuid_t auid, unsigned int sessionid)
{
struct audit_buffer *audit_buf;
audit_buf = xfrm_audit_start("SPD-delete");
if (audit_buf == NULL)
return;
- xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
+ xfrm_audit_helper_usrinfo(auid, sessionid, audit_buf);
audit_log_format(audit_buf, " res=%u", result);
xfrm_audit_common_policyinfo(xp, audit_buf);
audit_log_end(audit_buf);
xfrm_audit_state_delete(x, err ? 0 : 1,
audit_get_loginuid(current),
- audit_get_sessionid(current), 0);
+ audit_get_sessionid(current));
out:
spin_unlock(&x->lock);
(err = security_xfrm_state_delete(x)) != 0) {
xfrm_audit_state_delete(x, 0,
audit_info->loginuid,
- audit_info->sessionid,
- audit_info->secid);
+ audit_info->sessionid);
return err;
}
}
err = xfrm_state_delete(x);
xfrm_audit_state_delete(x, err ? 0 : 1,
audit_info->loginuid,
- audit_info->sessionid,
- audit_info->secid);
+ audit_info->sessionid);
xfrm_state_put(x);
if (!err)
cnt++;
flush_work(&net->xfrm.state_hash_work);
audit_info.loginuid = INVALID_UID;
audit_info.sessionid = (unsigned int)-1;
- audit_info.secid = 0;
xfrm_state_flush(net, IPSEC_PROTO_ANY, &audit_info);
flush_work(&net->xfrm.state_gc_work);
}
void xfrm_audit_state_add(struct xfrm_state *x, int result,
- kuid_t auid, unsigned int sessionid, u32 secid)
+ kuid_t auid, unsigned int sessionid)
{
struct audit_buffer *audit_buf;
audit_buf = xfrm_audit_start("SAD-add");
if (audit_buf == NULL)
return;
- xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
+ xfrm_audit_helper_usrinfo(auid, sessionid, audit_buf);
xfrm_audit_helper_sainfo(x, audit_buf);
audit_log_format(audit_buf, " res=%u", result);
audit_log_end(audit_buf);
EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
void xfrm_audit_state_delete(struct xfrm_state *x, int result,
- kuid_t auid, unsigned int sessionid, u32 secid)
+ kuid_t auid, unsigned int sessionid)
{
struct audit_buffer *audit_buf;
audit_buf = xfrm_audit_start("SAD-delete");
if (audit_buf == NULL)
return;
- xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
+ xfrm_audit_helper_usrinfo(auid, sessionid, audit_buf);
xfrm_audit_helper_sainfo(x, audit_buf);
audit_log_format(audit_buf, " res=%u", result);
audit_log_end(audit_buf);
struct km_event c;
kuid_t loginuid = audit_get_loginuid(current);
unsigned int sessionid = audit_get_sessionid(current);
- u32 sid;
err = verify_newsa_info(p, attrs);
if (err)
else
err = xfrm_state_update(x);
- security_task_getsecid(current, &sid);
- xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid, sid);
+ xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid);
if (err < 0) {
x->km.state = XFRM_STATE_DEAD;
struct xfrm_usersa_id *p = nlmsg_data(nlh);
kuid_t loginuid = audit_get_loginuid(current);
unsigned int sessionid = audit_get_sessionid(current);
- u32 sid;
x = xfrm_user_state_lookup(net, p, attrs, &err);
if (x == NULL)
km_state_notify(x, &c);
out:
- security_task_getsecid(current, &sid);
- xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid, sid);
+ xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid);
xfrm_state_put(x);
return err;
}
int excl;
kuid_t loginuid = audit_get_loginuid(current);
unsigned int sessionid = audit_get_sessionid(current);
- u32 sid;
err = verify_newpolicy_info(p);
if (err)
* a type XFRM_MSG_UPDPOLICY - JHS */
excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY;
err = xfrm_policy_insert(p->dir, xp, excl);
- security_task_getsecid(current, &sid);
- xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid, sid);
+ xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid);
if (err) {
security_xfrm_policy_free(xp->security);
} else {
kuid_t loginuid = audit_get_loginuid(current);
unsigned int sessionid = audit_get_sessionid(current);
- u32 sid;
- security_task_getsecid(current, &sid);
- xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid,
- sid);
+ xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid);
if (err != 0)
goto out;
audit_info.loginuid = audit_get_loginuid(current);
audit_info.sessionid = audit_get_sessionid(current);
- security_task_getsecid(current, &audit_info.secid);
err = xfrm_state_flush(net, p->proto, &audit_info);
if (err) {
if (err == -ESRCH) /* empty table */
audit_info.loginuid = audit_get_loginuid(current);
audit_info.sessionid = audit_get_sessionid(current);
- security_task_getsecid(current, &audit_info.secid);
err = xfrm_policy_flush(net, type, &audit_info);
if (err) {
if (err == -ESRCH) /* empty table */
if (up->hard) {
kuid_t loginuid = audit_get_loginuid(current);
unsigned int sessionid = audit_get_sessionid(current);
- u32 sid;
- security_task_getsecid(current, &sid);
xfrm_policy_delete(xp, p->dir);
- xfrm_audit_policy_delete(xp, 1, loginuid, sessionid, sid);
+ xfrm_audit_policy_delete(xp, 1, loginuid, sessionid);
} else {
// reset the timers here?
if (ue->hard) {
kuid_t loginuid = audit_get_loginuid(current);
unsigned int sessionid = audit_get_sessionid(current);
- u32 sid;
- security_task_getsecid(current, &sid);
__xfrm_state_delete(x);
- xfrm_audit_state_delete(x, 1, loginuid, sessionid, sid);
+ xfrm_audit_state_delete(x, 1, loginuid, sessionid);
}
err = 0;
out:
projects / cascardo / linux.git / commitdiff