Audit: clean up all op= output to include string quoting
Eric Paris [Thu, 11 Jun 2009 18:31:37 +0000 (14:31 -0400)]
A number of places in the audit system we send an op= followed by a string
that includes spaces.  Somehow this works but it's just wrong.  This patch
moves all of those that I could find to be quoted.

Example:

Change From: type=CONFIG_CHANGE msg=audit(1244666690.117:31): auid=0 ses=1
subj=unconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op=remove rule
key="number2" list=4 res=0

Change To: type=CONFIG_CHANGE msg=audit(1244666690.117:31): auid=0 ses=1
subj=unconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op="remove rule"
key="number2" list=4 res=0

Signed-off-by: Eric Paris <eparis@redhat.com>

include/linux/audit.h
kernel/audit.c
kernel/audit_tree.c
kernel/audit_watch.c
kernel/auditfilter.c
kernel/auditsc.c

index 4fa2810..3c7a358 100644 (file)
@@ -599,6 +599,8 @@ extern void             audit_log_untrustedstring(struct audit_buffer *ab,
 extern void                audit_log_d_path(struct audit_buffer *ab,
                                             const char *prefix,
                                             struct path *path);
+extern void                audit_log_key(struct audit_buffer *ab,
+                                         char *key);
 extern void                audit_log_lost(const char *message);
 extern int                 audit_update_lsm_rules(void);
 
@@ -621,6 +623,7 @@ extern int audit_enabled;
 #define audit_log_n_untrustedstring(a,n,s) do { ; } while (0)
 #define audit_log_untrustedstring(a,s) do { ; } while (0)
 #define audit_log_d_path(b, p, d) do { ; } while (0)
+#define audit_log_key(b, k) do { ; } while (0)
 #define audit_enabled 0
 #endif
 #endif
index e07ad23..6194c50 100644 (file)
@@ -1450,6 +1450,15 @@ void audit_log_d_path(struct audit_buffer *ab, const char *prefix,
        kfree(pathname);
 }
 
+void audit_log_key(struct audit_buffer *ab, char *key)
+{
+       audit_log_format(ab, " key=");
+       if (key)
+               audit_log_untrustedstring(ab, key);
+       else
+               audit_log_format(ab, "(null)");
+}
+
 /**
  * audit_log_end - end one audit record
  * @ab: the audit_buffer
index 1f6396d..3ff0731 100644 (file)
@@ -441,13 +441,11 @@ static void kill_rules(struct audit_tree *tree)
                if (rule->tree) {
                        /* not a half-baked one */
                        ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
-                       audit_log_format(ab, "op=remove rule dir=");
+                       audit_log_format(ab, "op=");
+                       audit_log_string(ab, "remove rule");
+                       audit_log_format(ab, " dir=");
                        audit_log_untrustedstring(ab, rule->tree->pathname);
-                       if (rule->filterkey) {
-                               audit_log_format(ab, " key=");
-                               audit_log_untrustedstring(ab, rule->filterkey);
-                       } else
-                               audit_log_format(ab, " key=(null)");
+                       audit_log_key(ab, rule->filterkey);
                        audit_log_format(ab, " list=%d res=1", rule->listnr);
                        audit_log_end(ab);
                        rule->tree = NULL;
index b49ab01..0e96dbc 100644 (file)
@@ -234,11 +234,7 @@ static void audit_watch_log_rule_change(struct audit_krule *r, struct audit_watc
                audit_log_string(ab, op);
                audit_log_format(ab, " path=");
                audit_log_untrustedstring(ab, w->path);
-               if (r->filterkey) {
-                       audit_log_format(ab, " key=");
-                       audit_log_untrustedstring(ab, r->filterkey);
-               } else
-                       audit_log_format(ab, " key=(null)");
+               audit_log_key(ab, r->filterkey);
                audit_log_format(ab, " list=%d res=1", r->listnr);
                audit_log_end(ab);
        }
index 21b6235..a706040 100644 (file)
@@ -1079,11 +1079,9 @@ static void audit_log_rule_change(uid_t loginuid, u32 sessionid, u32 sid,
                        security_release_secctx(ctx, len);
                }
        }
-       audit_log_format(ab, " op=%s rule key=", action);
-       if (rule->filterkey)
-               audit_log_untrustedstring(ab, rule->filterkey);
-       else
-               audit_log_format(ab, "(null)");
+       audit_log_format(ab, " op=");
+       audit_log_string(ab, action);
+       audit_log_key(ab, rule->filterkey);
        audit_log_format(ab, " list=%d res=%d", rule->listnr, res);
        audit_log_end(ab);
 }
@@ -1147,7 +1145,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
                        return PTR_ERR(entry);
 
                err = audit_add_rule(entry);
-               audit_log_rule_change(loginuid, sessionid, sid, "add",
+               audit_log_rule_change(loginuid, sessionid, sid, "add rule",
                                      &entry->rule, !err);
 
                if (err)
@@ -1163,7 +1161,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
                        return PTR_ERR(entry);
 
                err = audit_del_rule(entry);
-               audit_log_rule_change(loginuid, sessionid, sid, "remove",
+               audit_log_rule_change(loginuid, sessionid, sid, "remove rule",
                                      &entry->rule, !err);
 
                audit_free_rule(entry);
index 0b862ca..2de95d1 100644 (file)
@@ -1137,7 +1137,7 @@ static int audit_log_single_execve_arg(struct audit_context *context,
                if (has_cntl)
                        audit_log_n_hex(*ab, buf, to_send);
                else
-                       audit_log_format(*ab, "\"%s\"", buf);
+                       audit_log_string(*ab, buf);
 
                p += to_send;
                len_left -= to_send;
@@ -1372,11 +1372,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
 
 
        audit_log_task_info(ab, tsk);
-       if (context->filterkey) {
-               audit_log_format(ab, " key=");
-               audit_log_untrustedstring(ab, context->filterkey);
-       } else
-               audit_log_format(ab, " key=(null)");
+       audit_log_key(ab, context->filterkey);
        audit_log_end(ab);
 
        for (aux = context->aux; aux; aux = aux->next) {