Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > 27922b4260f65d317aabda37e42bbbff > files > 235

kernel-2.6.18-238.el5.src.rpm

From: Eric Paris <eparis@redhat.com>
Subject: [RHEL5 PATCH] BZ 229720 pfkey_spdget does not audit xrfm policy 	changes
Date: Sun, 03 Jun 2007 18:16:49 -0400
Bugzilla: 229720
Message-Id: <1180909009.31147.25.camel@localhost.localdomain>
Changelog: [audit] pfkey_spdget does not audit xrfm policy changes


pfkey_spdget neither had an LSM security hook nor auditing for the
removal of xfrm_policy structs.  The security hook was added when it was
moved into xfrm_policy_byid instead of the callers to that function by
my earlier patch and this patch adds the auditing hooks as well.

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=215a2dd3b43e0dc425e81d21de9d961416b1dad4

Been in LSPP for some time and functioning properly.

-Eric

--- /tmp/af_key.c	2007-02-22 18:50:25.000000000 -0500
+++ linux-2.6.18.i386/net/key/af_key.c	2007-02-22 18:46:42.000000000 -0500
@@ -2336,7 +2336,7 @@ out:
 static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, void **ext_hdrs)
 {
 	unsigned int dir;
-	int err;
+	int err, delete;
 	struct sadb_x_policy *pol;
 	struct xfrm_policy *xp;
 	struct km_event c;
@@ -2348,17 +2348,20 @@ static int pfkey_spdget(struct sock *sk,
 	if (dir >= XFRM_POLICY_MAX)
 		return -EINVAL;
 
-	xp = xfrm_policy_byid(dir, pol->sadb_x_policy_id,
-			      hdr->sadb_msg_type == SADB_X_SPDDELETE2, &err);
+	delete = (hdr->sadb_msg_type == SADB_X_SPDDELETE2);
+	xp = xfrm_policy_byid(dir, pol->sadb_x_policy_id, delete, &err);
+
 	if (xp == NULL)
 		return -ENOENT;
 
-	if (err)
-		goto out;
+	if (delete) {
+		xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
+			       AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);
+		if (err)
+			goto out;
 
-	c.seq = hdr->sadb_msg_seq;
-	c.pid = hdr->sadb_msg_pid;
-	if (hdr->sadb_msg_type == SADB_X_SPDDELETE2) {
+		c.seq = hdr->sadb_msg_seq;
+		c.pid = hdr->sadb_msg_pid;
 		c.data.byid = 1;
 		c.event = XFRM_MSG_DELPOLICY;
 		km_policy_notify(xp, dir, &c);