diff options
| author | Miloslav Trmač <mitr@redhat.com> | 2010-08-02 11:25:24 +0200 |
|---|---|---|
| committer | Miloslav Trmač <mitr@redhat.com> | 2010-09-06 15:26:18 +0200 |
| commit | a73b8cf29e6f6bd4d32da5856f482790624b4724 (patch) | |
| tree | f13b4f20d005f5cf781e8005781d119083384428 | |
| parent | f462107c1f4df6f74f161afb5b4e8aa3726e39a7 (diff) | |
| download | kernel-crypto-a73b8cf29e6f6bd4d32da5856f482790624b4724.tar.gz kernel-crypto-a73b8cf29e6f6bd4d32da5856f482790624b4724.tar.xz kernel-crypto-a73b8cf29e6f6bd4d32da5856f482790624b4724.zip | |
Implement AUDIT_CRYPTO_STORAGE_KEY
| -rw-r--r-- | crypto/userspace/ncr.c | 28 | ||||
| -rw-r--r-- | include/linux/audit.h | 2 |
2 files changed, 26 insertions, 4 deletions
diff --git a/crypto/userspace/ncr.c b/crypto/userspace/ncr.c index 6cae7167c9d..57744396db8 100644 --- a/crypto/userspace/ncr.c +++ b/crypto/userspace/ncr.c @@ -22,6 +22,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ +#include <linux/audit.h> #include <linux/compat.h> #include <linux/crypto.h> #include <linux/ioctl.h> @@ -102,19 +103,30 @@ void ncr_master_key_reset(void) static int ncr_master_key_set(const struct ncr_master_key_set *st, struct nlattr *tb[]) { + struct audit_buffer *ab; + int ret; + if (!capable(CAP_SYS_ADMIN)) { err(); return -EPERM; } + /* This will also cause auditing of the syscall, including information + about the process, and success/failure indication. Note that on + error the AUDIT_CRYPTO_STORAGE_KEY record will be empty. */ + ab = audit_log_start(current->audit_context, GFP_KERNEL, + AUDIT_CRYPTO_STORAGE_KEY); + if (st->key_size > sizeof(master_key.key.secret.data)) { err(); - return -EINVAL; + ret = -EINVAL; + goto end; } if (st->key_size != 16 && st->key_size != 24 && st->key_size != 32) { dprintk(0, KERN_DEBUG, "Master key size must be 16,24 or 32.\n"); - return -EINVAL; + ret = -EINVAL; + goto end; } if (master_key.type != NCR_KEY_TYPE_INVALID) { @@ -124,15 +136,23 @@ static int ncr_master_key_set(const struct ncr_master_key_set *st, if (unlikely(copy_from_user(master_key.key.secret.data, st->key, st->key_size))) { err(); - return -EFAULT; + ret = -EFAULT; + goto end; } dprintk(0, KERN_INFO, "Initializing master key.\n"); + /* Not much we can reveal... */ + audit_log_format(ab, "key_size=%u", (unsigned)st->key_size); master_key.type = NCR_KEY_TYPE_SECRET; master_key.key.secret.size = st->key_size; - return 0; + ret = 0; + +end: + audit_log_end(ab); + + return ret; } long diff --git a/include/linux/audit.h b/include/linux/audit.h index 3c7a358241a..35fa4e9c34a 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -122,6 +122,8 @@ #define AUDIT_MAC_UNLBL_STCADD 1416 /* NetLabel: add a static label */ #define AUDIT_MAC_UNLBL_STCDEL 1417 /* NetLabel: del a static label */ +#define AUDIT_CRYPTO_STORAGE_KEY 1600 /* Key storage key configured */ + #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */ |