Commit Graph

591 Commits

Author SHA1 Message Date
Steve Grubb
456be6cd90 [AUDIT] LOGIN message credentials
Attached is a new patch that solves the issue of getting valid credentials 
into the LOGIN message. The current code was assuming that the audit context 
had already been copied. This is not always the case for LOGIN messages.

To solve the problem, the patch passes the task struct to the function that 
emits the message where it can get valid credentials.

Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2005-04-29 17:30:07 +01:00
Chris Wright
37509e749d [AUDIT] Requeue messages at head of queue, up to audit_backlog
If netlink_unicast() fails, requeue the skb back at the head of the queue
it just came from, instead of the tail. And do so unless we've exceeded
the audit_backlog limit; not according to some other arbitrary limit.

From: Chris Wright <chrisw@osdl.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2005-04-29 17:19:14 +01:00
Serge Hallyn
c94c257c88 Add audit uid to netlink credentials
Most audit control messages are sent over netlink.In order to properly
log the identity of the sender of audit control messages, we would like
to add the loginuid to the netlink_creds structure, as per the attached
patch.

Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2005-04-29 16:27:17 +01:00
85c8721ff3 audit: update pointer to userspace tools, remove emacs mode tags 2005-04-29 16:23:29 +01:00
Yoichi Yuasa
67eb81e168 mips: warning fix audit_arch()
arch/mips/kernel/ptrace.c:305: warning: function declaration isn't a prototype
Signed-off-by: Yoichi Yuasa <yuasa@hh.iij4u.or.jp>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2005-04-29 16:13:35 +01:00
Amy Griffis
3ac3ed555b [PATCH] fix ia64 syscall auditing
Attached is a patch against David's audit.17 kernel that adds checks
for the TIF_SYSCALL_AUDIT thread flag to the ia64 system call and
signal handling code paths.The patch enables auditing of system
calls set up via fsys_bubble_down, as well as ensuring that
audit_syscall_exit() is called on return from sigreturn.

Neglecting to check for TIF_SYSCALL_AUDIT at these points results in
incorrect information in audit_context, causing frequent system panics
when system call auditing is enabled on an ia64 system.

Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2005-04-29 16:12:55 +01:00
Peter Martuccelli
c7fcb0ee74 [AUDIT] Avoid using %*.*s format strings.
They don't seem to work correctly (investigation ongoing), but we don't
actually need to do it anyway.

Patch from Peter Martuccelli <peterm@redhat.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2005-04-29 16:10:24 +01:00
Steve Grubb
d812ddbb89 [AUDIT] Fix signedness of 'serial' in various routines.
Attached is a patch that corrects a signed/unsigned warning. I also noticed
that we needlessly init serial to 0. That only needs to occur if the kernel
was compiled without the audit system.

-Steve Grubb

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2005-04-29 16:09:52 +01:00
2fd6f58ba6 [AUDIT] Don't allow ptrace to fool auditing, log arch of audited syscalls.
We were calling ptrace_notify() after auditing the syscall and arguments,
but the debugger could have _changed_ them before the syscall was actually
invoked. Reorder the calls to fix that.

While we're touching ever call to audit_syscall_entry(), we also make it
take an extra argument: the architecture of the syscall which was made,
because some architectures allow more than one type of syscall.

Also add an explicit success/failure flag to audit_syscall_exit(), for
the benefit of architectures which return that in a condition register
rather than only returning a single register.

Change type of syscall return value to 'long' not 'int'.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2005-04-29 16:08:28 +01:00
Prasanna Meda
ea3834d9fb namei: add audit_inode to all branches in path_lookup
Main change is in path_lookup: added a goto to do audit_inode
instead of return statement, when emul_lookup_dentry for root
is successful.The existing code does audit_inode only when
lookup is done in normal root or cwd.

Other changes: Some lookup routines are returning zero on success,
and some are returning zero on failure. I documented the related
function signatures in this code path, so that one can glance over
abstract functions without understanding the entire code.

Signed-off-by: Prasanna Meda <pmeda@akamai.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2005-04-29 16:00:17 +01:00
Andrew Morton
81b7854d52 audit_log_untrustedstring() warning fix
kernel/audit.c: In function `audit_log_untrustedstring':
kernel/audit.c:736: warning: comparison is always false due to limited range of data type

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2005-04-29 15:59:11 +01:00
83c7d09173 AUDIT: Avoid log pollution by untrusted strings.
We log strings from userspace, such as arguments to open(). These could
be formatted to contain \n followed by fake audit log entries. Provide
a function for logging such strings, which gives a hex dump when the
string contains anything but basic printable ASCII characters. Use it
for logging filenames.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2005-04-29 15:54:44 +01:00
Roland McGrath
c60c390620 [PATCH] x86_64: fix PT_NOTE addition to IA32 vDSO
The addition of the PT_NOTE didn't take in the x86_64 version of the i386
vDSO, because I forgot the linker script bit in that copy.

Signed-off-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:47:29 -07:00
Steve French
0cb766ae62 [PATCH] cifs: Do not sleep interruptible after socket connect failure
.. since it can be due to pending kill.

Update readme information to better describe cifs umount

Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:11 -07:00
Steve French
31ca3bc3c5 [PATCH] cifs: Do not init smb requests or block when sending requests
if cifsd thread is no longer running to demultixplex responses.

Do not send FindClose request when FindFirst failed without reaching end
of search. 

Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:11 -07:00
Steve French
57337e42f1 [PATCH] cifs: handle termination of cifs oplockd kernel thread
Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:10 -07:00
Steve French
11aa0149d0 [PATCH] cifs: Fix mapping of EMLINK case
Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:10 -07:00
Steve French
cd63499cbe [PATCH] cifs: Handle case of multiple trans2 responses for one SMB request (part 2 of 2)
Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:10 -07:00
Steve French
275cde1a1f [PATCH] cifs: cleanup various long lines
Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:10 -07:00
Steve French
e4eb295d38 [PATCH] cifs: Handle multiple response transact2 part 1 of 2
Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:09 -07:00
Steve French
46810cbf3d [PATCH] cifs: Ease memory pressure, do not use large buffers in byte range lock requests.
Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:09 -07:00
Steve French
79944bf713 [PATCH] cifs: missing semicolon from previous fix
Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:09 -07:00
Steve French
67010fbc6f [PATCH] cifs: Better handle errors on second socket recv message call
Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:09 -07:00
Steve French
09d1db5c61 [PATCH] cifs: improve check for search entry going beyond end of SMB transact
Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:08 -07:00
Steve French
966ca92347 [PATCH] cifs: Fix caching problem
pointed out by Dave Stahl and Vince Negri in which cifs can update the
last modify time on a server modified file without invalidating the
local cached data due to an intervening readdir. 

Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:08 -07:00
Steve French
433dc24f24 [PATCH] cifs: remove cifs_kcalloc and check for NULL return on kcalloc in session initialization
Suggested by: Adrian Bunk and Dave Miller

Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:08 -07:00
Steve French
099a58f681 [PATCH] cifs: Missing initialization for largeBuf flag left out of previous changeset
Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:07 -07:00
Steve French
b8643e1b52 [PATCH] cifs: Do not use large smb buffers in response path
unless response is larger than 256 bytes.  This cuts more than 1/3 of
the large memory allocations that cifs does and should be a huge help to
memory pressure under stress. 

Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:07 -07:00
Steve French
c81156dd21 [PATCH] cifs: cleanup of ifdefs usage so it is more consistent
And fix to not needlessly send new POSIX QFSInfo when server does not
explicitly claim support for the new protocol extensions. 

Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:07 -07:00
Steve French
f28ac91b05 [PATCH] cifs: CIFS ioctl needed by umount.cifs utility
Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:07 -07:00
Steve French
848f3fce45 [PATCH] cifs: Do not interpret oplock break responses as responses to an unrelated command
.. even if the multiplex ids match.

Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:07 -07:00
Steve French
d0724714fd [PATCH] cifs: Fix PPC64 compile error
.. and do not double endian convert the special characters whem mounted
with mapchars mount parm. 

Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:06 -07:00
Steve French
737b758c96 [PATCH] cifs: character mapping of special characters (part 3 of 3)
Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:06 -07:00
Steve French
6c91d362f1 [PATCH] cifs: finish up of special character mapping capable unicode conversion routine part 2 of 3
Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:06 -07:00
Steve French
d14537f103 [PATCH] cifs: remove a few redundant null pointer checks, and cleanup misc source formatting
Mostly suggested by Jesper Juhl

Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:05 -07:00
Steve French
6a0b48245a [PATCH] cifs: Add new mount parm mapchars
For handling seven special characters that shells use for filenames.

This first parts implements conversions from Unicode. 

Signed-off-by: Steve French
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:05 -07:00
Steve French
cbe0476fa6 [PATCH] cifs: fix rare oops in cifs_close
Protect access to cifs file list in cifs_close path

Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:05 -07:00
Steve French
ad009ac965 [PATCH] cifs: Fix multiuser packet signing to use the right sequence number and mac session key
Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:05 -07:00
Steve French
c67593a031 [PATCH] cifs: Enable ioctl support in POSIX extensions to handle lsattr
remove sparse warnings, unnecessary pad in QueryFileInfo and redundant
function define.

Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:04 -07:00
Steve French
75cf6bdc52 [PATCH] cifs: Gracefully turn off serverino (when serverino is enabled on mount)
Old servers such as NT4 do not support this level of FindFirst (and
retry with a lower infolevel)

Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:04 -07:00
Steve French
f654bac222 [PATCH] cifs: add support for chattr/lsattr in new CIFS POSIX extensions
Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:04 -07:00
Steve French
1da0c78b32 [PATCH] cifs: Only send POSIX ACL calls to server if server claims to support that capability bit
Signed-off-by: Steve French (sfrench@us.ibm.com)
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 22:41:04 -07:00
Linus Torvalds
2604f6da1a Automatic merge of master.kernel.org:/home/rmk/linux-2.6-rmk.git 2005-04-28 16:09:57 -07:00
Roland McGrath
18c8baff8f [PATCH] Fix error recovery path for arch_setup_additional_pages
If arch_setup_additional_pages fails, the error path will do some double-frees.
This fixes it.

Signed-off-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-04-28 15:17:19 -07:00
Olaf Rempel
5bec0039f4 [NET]: /proc/net/stat/* header cleanup
Signed-off-by: Olaf Rempel <razzor@kopf-tisch.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-04-28 12:16:08 -07:00
Nicolas Dichtel
7b3c63ac7c [PKT_SCHED]: Fix range in psched_tod_diff() to 0..bound
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-04-28 12:14:37 -07:00
Dave Jones
89c8b3a110 [IPV6]: Incorrect permissions on route flush sysctl
On Mon, Apr 25, 2005 at 12:01:13PM -0400, Dave Jones wrote:
 > This has been brought up before.. http://lkml.org/lkml/2000/1/21/116
 > but didnt seem to get resolved.  This morning I got someone
 > file a bugzilla about it breaking sysctl(8).

And here's its ipv6 counterpart.

Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-04-28 12:11:49 -07:00
Dave Jones
7e3e0360b7 [IPV4]: Incorrect permissions on route flush sysctl
This has been brought up before.. http://lkml.org/lkml/2000/1/21/116
but didnt seem to get resolved.  This morning I got someone
file a bugzilla about it breaking sysctl(8).

Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-04-28 12:11:03 -07:00
Neil Horman
4eb701dfc6 [SCTP] Fix SCTP sendbuffer accouting.
- Include chunk and skb sizes in sendbuffer accounting.
- 2 policies are supported. 0: per socket accouting, 1: per association
  accounting

DaveM: I've made the default per-socket.

Signed-off-by: Neil Horman <nhorman@redhat.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-04-28 12:02:04 -07:00
Sridhar Samudrala
594ccc14df [SCTP] Replace incorrect use of dev_alloc_skb with alloc_skb in sctp_packet_transmit().
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-04-28 12:00:23 -07:00