diff options
author | Paul Moore <paul.moore@hp.com> | 2006-09-29 17:05:05 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-09-29 17:05:05 -0700 |
commit | 95d4e6be25a68cd9fbe8c0d356b585504d8db1c7 (patch) | |
tree | 2133c970e6786bdf82004ace225b6bca19b9ddba /net/netlabel/netlabel_cipso_v4.c | |
parent | d6c641026dec68acfb4b0baa98aad960e963ed97 (diff) |
[NetLabel]: audit fixups due to delayed feedback
Fix some issues Steve Grubb had with the way NetLabel was using the audit
subsystem. This should make NetLabel more consistent with other kernel
generated audit messages specifying configuration changes.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netlabel/netlabel_cipso_v4.c')
-rw-r--r-- | net/netlabel/netlabel_cipso_v4.c | 48 |
1 files changed, 29 insertions, 19 deletions
diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c index 09986ca962a..a6ce1d6d5c5 100644 --- a/net/netlabel/netlabel_cipso_v4.c +++ b/net/netlabel/netlabel_cipso_v4.c @@ -384,11 +384,15 @@ static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info) u32 doi; const char *type_str = "(unknown)"; struct audit_buffer *audit_buf; + struct netlbl_audit audit_info; if (!info->attrs[NLBL_CIPSOV4_A_DOI] || !info->attrs[NLBL_CIPSOV4_A_MTYPE]) return -EINVAL; + doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]); + netlbl_netlink_auditinfo(skb, &audit_info); + type = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_MTYPE]); switch (type) { case CIPSO_V4_MAP_STD: @@ -401,13 +405,14 @@ static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info) break; } - if (ret_val == 0) { - doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]); - audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD, - NETLINK_CB(skb).sid); - audit_log_format(audit_buf, " doi=%u type=%s", doi, type_str); - audit_log_end(audit_buf); - } + audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD, + &audit_info); + audit_log_format(audit_buf, + " cipso_doi=%u cipso_type=%s res=%u", + doi, + type_str, + ret_val == 0 ? 1 : 0); + audit_log_end(audit_buf); return ret_val; } @@ -668,20 +673,25 @@ static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info) int ret_val = -EINVAL; u32 doi = 0; struct audit_buffer *audit_buf; + struct netlbl_audit audit_info; - if (info->attrs[NLBL_CIPSOV4_A_DOI]) { - doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]); - ret_val = cipso_v4_doi_remove(doi, - NETLINK_CB(skb).sid, - netlbl_cipsov4_doi_free); - } + if (!info->attrs[NLBL_CIPSOV4_A_DOI]) + return -EINVAL; - if (ret_val == 0) { - audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL, - NETLINK_CB(skb).sid); - audit_log_format(audit_buf, " doi=%u", doi); - audit_log_end(audit_buf); - } + doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]); + netlbl_netlink_auditinfo(skb, &audit_info); + + ret_val = cipso_v4_doi_remove(doi, + &audit_info, + netlbl_cipsov4_doi_free); + + audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL, + &audit_info); + audit_log_format(audit_buf, + " cipso_doi=%u res=%u", + doi, + ret_val == 0 ? 1 : 0); + audit_log_end(audit_buf); return ret_val; } |