|
Packit Service |
87a54e |
/* SPDX-License-Identifier: GPL-2.0-or-later */
|
|
Packit |
5756e2 |
/*
|
|
Packit |
5756e2 |
* Copyright (C) 2015 Red Hat, Inc.
|
|
Packit |
5756e2 |
*/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#include "nm-default.h"
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#include "nm-audit-manager.h"
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#if HAVE_LIBAUDIT
|
|
Packit Service |
a1bd4f |
#include <libaudit.h>
|
|
Packit |
5756e2 |
#endif
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#include "nm-libnm-core-intern/nm-auth-subject.h"
|
|
Packit |
5756e2 |
#include "nm-config.h"
|
|
Packit |
5756e2 |
#include "nm-dbus-manager.h"
|
|
Packit |
5756e2 |
#include "settings/nm-settings-connection.h"
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
typedef enum {
|
|
Packit Service |
a1bd4f |
BACKEND_LOG = (1 << 0),
|
|
Packit Service |
a1bd4f |
BACKEND_AUDITD = (1 << 1),
|
|
Packit Service |
a1bd4f |
_BACKEND_LAST,
|
|
Packit Service |
a1bd4f |
BACKEND_ALL = ((_BACKEND_LAST - 1) << 1) - 1,
|
|
Packit |
5756e2 |
} AuditBackend;
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
typedef struct {
|
|
Packit Service |
a1bd4f |
const char * name;
|
|
Packit Service |
a1bd4f |
GValue value;
|
|
Packit Service |
a1bd4f |
gboolean need_encoding;
|
|
Packit Service |
a1bd4f |
AuditBackend backends;
|
|
Packit |
5756e2 |
} AuditField;
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
typedef struct {
|
|
Packit Service |
a1bd4f |
NMConfig *config;
|
|
Packit Service |
a1bd4f |
int auditd_fd;
|
|
Packit |
5756e2 |
} NMAuditManagerPrivate;
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
struct _NMAuditManager {
|
|
Packit Service |
a1bd4f |
GObject parent;
|
|
Packit |
5756e2 |
#if HAVE_LIBAUDIT
|
|
Packit Service |
a1bd4f |
NMAuditManagerPrivate _priv;
|
|
Packit |
5756e2 |
#endif
|
|
Packit |
5756e2 |
};
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
struct _NMAuditManagerClass {
|
|
Packit Service |
a1bd4f |
GObjectClass parent;
|
|
Packit |
5756e2 |
};
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
G_DEFINE_TYPE(NMAuditManager, nm_audit_manager, G_TYPE_OBJECT)
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
#define NM_AUDIT_MANAGER_GET_PRIVATE(self) \
|
|
Packit Service |
a1bd4f |
_NM_GET_PRIVATE(self, NMAuditManager, NM_IS_AUDIT_MANAGER)
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#define AUDIT_LOG_LEVEL LOGL_INFO
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
#define _NMLOG_PREFIX_NAME "audit"
|
|
Packit Service |
a1bd4f |
#define _NMLOG(level, domain, ...) \
|
|
Packit Service |
a1bd4f |
G_STMT_START \
|
|
Packit Service |
a1bd4f |
{ \
|
|
Packit Service |
a1bd4f |
nm_log((level), \
|
|
Packit Service |
a1bd4f |
(domain), \
|
|
Packit Service |
a1bd4f |
NULL, \
|
|
Packit Service |
a1bd4f |
NULL, \
|
|
Packit Service |
a1bd4f |
"%s" _NM_UTILS_MACRO_FIRST(__VA_ARGS__), \
|
|
Packit Service |
a1bd4f |
_NMLOG_PREFIX_NAME ": " _NM_UTILS_MACRO_REST(__VA_ARGS__)); \
|
|
Packit Service |
a1bd4f |
} \
|
|
Packit Service |
a1bd4f |
G_STMT_END
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
NM_DEFINE_SINGLETON_GETTER(NMAuditManager, nm_audit_manager_get, NM_TYPE_AUDIT_MANAGER);
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
_audit_field_init_string(AuditField * field,
|
|
Packit Service |
a1bd4f |
const char * name,
|
|
Packit Service |
a1bd4f |
const char * str,
|
|
Packit Service |
a1bd4f |
gboolean need_encoding,
|
|
Packit Service |
a1bd4f |
AuditBackend backends)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
field->name = name;
|
|
Packit Service |
a1bd4f |
field->need_encoding = need_encoding;
|
|
Packit Service |
a1bd4f |
field->backends = backends;
|
|
Packit Service |
a1bd4f |
g_value_init(&field->value, G_TYPE_STRING);
|
|
Packit Service |
a1bd4f |
g_value_set_static_string(&field->value, str);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
_audit_field_init_uint(AuditField *field, const char *name, uint val, AuditBackend backends)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
field->name = name;
|
|
Packit Service |
a1bd4f |
field->backends = backends;
|
|
Packit Service |
a1bd4f |
g_value_init(&field->value, G_TYPE_UINT);
|
|
Packit Service |
a1bd4f |
g_value_set_uint(&field->value, val);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static char *
|
|
Packit Service |
a1bd4f |
build_message(GPtrArray *fields, AuditBackend backend)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
GString * string;
|
|
Packit Service |
a1bd4f |
AuditField *field;
|
|
Packit Service |
a1bd4f |
gboolean first = TRUE;
|
|
Packit Service |
a1bd4f |
guint i;
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
string = g_string_new(NULL);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
for (i = 0; i < fields->len; i++) {
|
|
Packit Service |
a1bd4f |
field = fields->pdata[i];
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
if (!NM_FLAGS_ANY(field->backends, backend))
|
|
Packit Service |
a1bd4f |
continue;
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
if (first)
|
|
Packit Service |
a1bd4f |
first = FALSE;
|
|
Packit Service |
a1bd4f |
else
|
|
Packit Service |
a1bd4f |
g_string_append_c(string, ' ');
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
if (G_VALUE_HOLDS_STRING(&field->value)) {
|
|
Packit Service |
a1bd4f |
const char *str = g_value_get_string(&field->value);
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#if HAVE_LIBAUDIT
|
|
Packit Service |
a1bd4f |
if (backend == BACKEND_AUDITD) {
|
|
Packit Service |
a1bd4f |
if (field->need_encoding) {
|
|
Packit Service |
a1bd4f |
char *value;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
value = audit_encode_nv_string(field->name, str, 0);
|
|
Packit Service |
a1bd4f |
g_string_append(string, value);
|
|
Packit Service |
a1bd4f |
g_free(value);
|
|
Packit Service |
a1bd4f |
} else
|
|
Packit Service |
a1bd4f |
g_string_append_printf(string, "%s=%s", field->name, str);
|
|
Packit Service |
a1bd4f |
continue;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit |
5756e2 |
#endif /* HAVE_LIBAUDIT */
|
|
Packit Service |
a1bd4f |
g_string_append_printf(string, "%s=\"%s\"", field->name, str);
|
|
Packit Service |
a1bd4f |
} else if (G_VALUE_HOLDS_UINT(&field->value)) {
|
|
Packit Service |
a1bd4f |
g_string_append_printf(string, "%s=%u", field->name, g_value_get_uint(&field->value));
|
|
Packit Service |
a1bd4f |
} else
|
|
Packit Service |
a1bd4f |
g_assert_not_reached();
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
return g_string_free(string, FALSE);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
nm_audit_log(NMAuditManager *self,
|
|
Packit Service |
a1bd4f |
GPtrArray * fields,
|
|
Packit Service |
a1bd4f |
const char * file,
|
|
Packit Service |
a1bd4f |
guint line,
|
|
Packit Service |
a1bd4f |
const char * func,
|
|
Packit Service |
a1bd4f |
gboolean success)
|
|
Packit |
5756e2 |
{
|
|
Packit |
5756e2 |
#if HAVE_LIBAUDIT
|
|
Packit Service |
a1bd4f |
NMAuditManagerPrivate *priv;
|
|
Packit |
5756e2 |
#endif
|
|
Packit Service |
a1bd4f |
char *msg;
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
g_return_if_fail(NM_IS_AUDIT_MANAGER(self));
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#if HAVE_LIBAUDIT
|
|
Packit Service |
a1bd4f |
priv = NM_AUDIT_MANAGER_GET_PRIVATE(self);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (priv->auditd_fd >= 0) {
|
|
Packit Service |
a1bd4f |
msg = build_message(fields, BACKEND_AUDITD);
|
|
Packit Service |
a1bd4f |
audit_log_user_message(priv->auditd_fd, AUDIT_USYS_CONFIG, msg, NULL, NULL, NULL, success);
|
|
Packit Service |
a1bd4f |
g_free(msg);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit |
5756e2 |
#endif
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
if (nm_logging_enabled(AUDIT_LOG_LEVEL, LOGD_AUDIT)) {
|
|
Packit Service |
a1bd4f |
msg = build_message(fields, BACKEND_LOG);
|
|
Packit Service |
a1bd4f |
_NMLOG(AUDIT_LOG_LEVEL, LOGD_AUDIT, "%s", msg);
|
|
Packit Service |
a1bd4f |
g_free(msg);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
_audit_log_helper(NMAuditManager *self,
|
|
Packit Service |
a1bd4f |
GPtrArray * fields,
|
|
Packit Service |
a1bd4f |
const char * file,
|
|
Packit Service |
a1bd4f |
guint line,
|
|
Packit Service |
a1bd4f |
const char * func,
|
|
Packit Service |
a1bd4f |
const char * op,
|
|
Packit Service |
a1bd4f |
gboolean result,
|
|
Packit Service |
a1bd4f |
gpointer subject_context,
|
|
Packit Service |
a1bd4f |
const char * reason)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
AuditField op_field = {}, pid_field = {}, uid_field = {};
|
|
Packit Service |
a1bd4f |
AuditField result_field = {}, reason_field = {};
|
|
Packit Service |
a1bd4f |
gulong pid, uid;
|
|
Packit Service |
a1bd4f |
NMAuthSubject * subject = NULL;
|
|
Packit Service |
a1bd4f |
gs_unref_object NMAuthSubject *subject_free = NULL;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
_audit_field_init_string(&op_field, "op", op, FALSE, BACKEND_ALL);
|
|
Packit Service |
a1bd4f |
g_ptr_array_insert(fields, 0, &op_field);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (subject_context) {
|
|
Packit Service |
a1bd4f |
if (NM_IS_AUTH_SUBJECT(subject_context))
|
|
Packit Service |
a1bd4f |
subject = subject_context;
|
|
Packit Service |
a1bd4f |
else if (G_IS_DBUS_METHOD_INVOCATION(subject_context)) {
|
|
Packit Service |
a1bd4f |
GDBusMethodInvocation *context = subject_context;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
subject = subject_free = nm_dbus_manager_new_auth_subject_from_context(context);
|
|
Packit Service |
a1bd4f |
} else
|
|
Packit Service |
a1bd4f |
g_warn_if_reached();
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
if (subject && nm_auth_subject_get_subject_type(subject) == NM_AUTH_SUBJECT_TYPE_UNIX_PROCESS) {
|
|
Packit Service |
a1bd4f |
pid = nm_auth_subject_get_unix_process_pid(subject);
|
|
Packit Service |
a1bd4f |
uid = nm_auth_subject_get_unix_process_uid(subject);
|
|
Packit Service |
a1bd4f |
if (pid != G_MAXULONG) {
|
|
Packit Service |
a1bd4f |
_audit_field_init_uint(&pid_field, "pid", pid, BACKEND_ALL);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(fields, &pid_field);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
if (uid != G_MAXULONG) {
|
|
Packit Service |
a1bd4f |
_audit_field_init_uint(&uid_field, "uid", uid, BACKEND_ALL);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(fields, &uid_field);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
_audit_field_init_string(&result_field,
|
|
Packit Service |
a1bd4f |
"result",
|
|
Packit Service |
a1bd4f |
result ? "success" : "fail",
|
|
Packit Service |
a1bd4f |
FALSE,
|
|
Packit Service |
a1bd4f |
BACKEND_ALL);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(fields, &result_field);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (reason) {
|
|
Packit Service |
a1bd4f |
_audit_field_init_string(&reason_field, "reason", reason, FALSE, BACKEND_LOG);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(fields, &reason_field);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
nm_audit_log(self, fields, file, line, func, result);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
gboolean
|
|
Packit Service |
a1bd4f |
nm_audit_manager_audit_enabled(NMAuditManager *self)
|
|
Packit |
5756e2 |
{
|
|
Packit |
5756e2 |
#if HAVE_LIBAUDIT
|
|
Packit Service |
a1bd4f |
NMAuditManagerPrivate *priv = NM_AUDIT_MANAGER_GET_PRIVATE(self);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
if (priv->auditd_fd >= 0)
|
|
Packit Service |
a1bd4f |
return TRUE;
|
|
Packit |
5756e2 |
#endif
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
return nm_logging_enabled(AUDIT_LOG_LEVEL, LOGD_AUDIT);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
void
|
|
Packit Service |
a1bd4f |
_nm_audit_manager_log_connection_op(NMAuditManager * self,
|
|
Packit Service |
a1bd4f |
const char * file,
|
|
Packit Service |
a1bd4f |
guint line,
|
|
Packit Service |
a1bd4f |
const char * func,
|
|
Packit Service |
a1bd4f |
const char * op,
|
|
Packit Service |
a1bd4f |
NMSettingsConnection *connection,
|
|
Packit Service |
a1bd4f |
gboolean result,
|
|
Packit Service |
a1bd4f |
const char * args,
|
|
Packit Service |
a1bd4f |
gpointer subject_context,
|
|
Packit Service |
a1bd4f |
const char * reason)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
gs_unref_ptrarray GPtrArray *fields = NULL;
|
|
Packit Service |
a1bd4f |
AuditField uuid_field = {}, name_field = {}, args_field = {};
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
g_return_if_fail(op);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
fields = g_ptr_array_new();
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (connection) {
|
|
Packit Service |
a1bd4f |
_audit_field_init_string(&uuid_field,
|
|
Packit Service |
a1bd4f |
"uuid",
|
|
Packit Service |
a1bd4f |
nm_settings_connection_get_uuid(connection),
|
|
Packit Service |
a1bd4f |
FALSE,
|
|
Packit Service |
a1bd4f |
BACKEND_ALL);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(fields, &uuid_field);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
_audit_field_init_string(&name_field,
|
|
Packit Service |
a1bd4f |
"name",
|
|
Packit Service |
a1bd4f |
nm_settings_connection_get_id(connection),
|
|
Packit Service |
a1bd4f |
TRUE,
|
|
Packit Service |
a1bd4f |
BACKEND_ALL);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(fields, &name_field);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (args) {
|
|
Packit Service |
a1bd4f |
_audit_field_init_string(&args_field, "args", args, FALSE, BACKEND_ALL);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(fields, &args_field);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
_audit_log_helper(self, fields, file, line, func, op, result, subject_context, reason);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
void
|
|
Packit Service |
a1bd4f |
_nm_audit_manager_log_generic_op(NMAuditManager *self,
|
|
Packit Service |
a1bd4f |
const char * file,
|
|
Packit Service |
a1bd4f |
guint line,
|
|
Packit Service |
a1bd4f |
const char * func,
|
|
Packit Service |
a1bd4f |
const char * op,
|
|
Packit Service |
a1bd4f |
const char * arg,
|
|
Packit Service |
a1bd4f |
gboolean result,
|
|
Packit Service |
a1bd4f |
gpointer subject_context,
|
|
Packit Service |
a1bd4f |
const char * reason)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
gs_unref_ptrarray GPtrArray *fields = NULL;
|
|
Packit Service |
a1bd4f |
AuditField arg_field = {};
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
g_return_if_fail(op);
|
|
Packit Service |
a1bd4f |
g_return_if_fail(arg);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
fields = g_ptr_array_new();
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
_audit_field_init_string(&arg_field, "arg", arg, TRUE, BACKEND_ALL);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(fields, &arg_field);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
_audit_log_helper(self, fields, file, line, func, op, result, subject_context, reason);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
void
|
|
Packit Service |
a1bd4f |
_nm_audit_manager_log_device_op(NMAuditManager *self,
|
|
Packit Service |
a1bd4f |
const char * file,
|
|
Packit Service |
a1bd4f |
guint line,
|
|
Packit Service |
a1bd4f |
const char * func,
|
|
Packit Service |
a1bd4f |
const char * op,
|
|
Packit Service |
a1bd4f |
NMDevice * device,
|
|
Packit Service |
a1bd4f |
gboolean result,
|
|
Packit Service |
a1bd4f |
const char * args,
|
|
Packit Service |
a1bd4f |
gpointer subject_context,
|
|
Packit Service |
a1bd4f |
const char * reason)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
gs_unref_ptrarray GPtrArray *fields = NULL;
|
|
Packit Service |
a1bd4f |
AuditField interface_field = {}, ifindex_field = {}, args_field = {};
|
|
Packit Service |
a1bd4f |
int ifindex;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
g_return_if_fail(op);
|
|
Packit Service |
a1bd4f |
g_return_if_fail(device);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
fields = g_ptr_array_new();
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
_audit_field_init_string(&interface_field,
|
|
Packit Service |
a1bd4f |
"interface",
|
|
Packit Service |
a1bd4f |
nm_device_get_ip_iface(device),
|
|
Packit Service |
a1bd4f |
TRUE,
|
|
Packit Service |
a1bd4f |
BACKEND_ALL);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(fields, &interface_field);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
ifindex = nm_device_get_ip_ifindex(device);
|
|
Packit Service |
a1bd4f |
if (ifindex > 0) {
|
|
Packit Service |
a1bd4f |
_audit_field_init_uint(&ifindex_field, "ifindex", ifindex, BACKEND_ALL);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(fields, &ifindex_field);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (args) {
|
|
Packit Service |
a1bd4f |
_audit_field_init_string(&args_field, "args", args, FALSE, BACKEND_ALL);
|
|
Packit Service |
a1bd4f |
g_ptr_array_add(fields, &args_field);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
_audit_log_helper(self, fields, file, line, func, op, result, subject_context, reason);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#if HAVE_LIBAUDIT
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
init_auditd(NMAuditManager *self)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMAuditManagerPrivate *priv = NM_AUDIT_MANAGER_GET_PRIVATE(self);
|
|
Packit Service |
a1bd4f |
NMConfigData * data = nm_config_get_data(priv->config);
|
|
Packit Service |
a1bd4f |
int errsv;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (nm_config_data_get_value_boolean(data,
|
|
Packit Service |
a1bd4f |
NM_CONFIG_KEYFILE_GROUP_LOGGING,
|
|
Packit Service |
a1bd4f |
NM_CONFIG_KEYFILE_KEY_LOGGING_AUDIT,
|
|
Packit Service |
a1bd4f |
NM_CONFIG_DEFAULT_LOGGING_AUDIT_BOOL)) {
|
|
Packit Service |
a1bd4f |
if (priv->auditd_fd < 0) {
|
|
Packit Service |
a1bd4f |
priv->auditd_fd = audit_open();
|
|
Packit Service |
a1bd4f |
if (priv->auditd_fd < 0) {
|
|
Packit Service |
a1bd4f |
errsv = errno;
|
|
Packit Service |
a1bd4f |
_LOGE(LOGD_CORE, "failed to open auditd socket: %s", nm_strerror_native(errsv));
|
|
Packit Service |
a1bd4f |
} else
|
|
Packit Service |
a1bd4f |
_LOGD(LOGD_CORE, "socket created");
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
} else {
|
|
Packit Service |
a1bd4f |
if (priv->auditd_fd >= 0) {
|
|
Packit Service |
a1bd4f |
audit_close(priv->auditd_fd);
|
|
Packit Service |
a1bd4f |
priv->auditd_fd = -1;
|
|
Packit Service |
a1bd4f |
_LOGD(LOGD_CORE, "socket closed");
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
}
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
config_changed_cb(NMConfig * config,
|
|
Packit Service |
a1bd4f |
NMConfigData * config_data,
|
|
Packit Service |
a1bd4f |
NMConfigChangeFlags changes,
|
|
Packit Service |
a1bd4f |
NMConfigData * old_data,
|
|
Packit Service |
a1bd4f |
NMAuditManager * self)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
if (NM_FLAGS_HAS(changes, NM_CONFIG_CHANGE_VALUES))
|
|
Packit Service |
a1bd4f |
init_auditd(self);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
#endif
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
nm_audit_manager_init(NMAuditManager *self)
|
|
Packit |
5756e2 |
{
|
|
Packit |
5756e2 |
#if HAVE_LIBAUDIT
|
|
Packit Service |
a1bd4f |
NMAuditManagerPrivate *priv = NM_AUDIT_MANAGER_GET_PRIVATE(self);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
priv->config = g_object_ref(nm_config_get());
|
|
Packit Service |
a1bd4f |
g_signal_connect(G_OBJECT(priv->config),
|
|
Packit Service |
a1bd4f |
NM_CONFIG_SIGNAL_CONFIG_CHANGED,
|
|
Packit Service |
a1bd4f |
G_CALLBACK(config_changed_cb),
|
|
Packit Service |
a1bd4f |
self);
|
|
Packit Service |
a1bd4f |
priv->auditd_fd = -1;
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
init_auditd(self);
|
|
Packit |
5756e2 |
#endif
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
dispose(GObject *object)
|
|
Packit |
5756e2 |
{
|
|
Packit |
5756e2 |
#if HAVE_LIBAUDIT
|
|
Packit Service |
a1bd4f |
NMAuditManager * self = NM_AUDIT_MANAGER(object);
|
|
Packit Service |
a1bd4f |
NMAuditManagerPrivate *priv = NM_AUDIT_MANAGER_GET_PRIVATE(self);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (priv->config) {
|
|
Packit Service |
a1bd4f |
g_signal_handlers_disconnect_by_func(priv->config, config_changed_cb, self);
|
|
Packit Service |
a1bd4f |
g_clear_object(&priv->config);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (priv->auditd_fd >= 0) {
|
|
Packit Service |
a1bd4f |
audit_close(priv->auditd_fd);
|
|
Packit Service |
a1bd4f |
priv->auditd_fd = -1;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit |
5756e2 |
#endif
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
G_OBJECT_CLASS(nm_audit_manager_parent_class)->dispose(object);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static void
|
|
Packit Service |
a1bd4f |
nm_audit_manager_class_init(NMAuditManagerClass *klass)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
GObjectClass *object_class = G_OBJECT_CLASS(klass);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
object_class->dispose = dispose;
|
|
Packit |
5756e2 |
}
|