diff options
| author | Beniamino Galvani <bgalvani@redhat.com> | 2015-07-14 10:25:36 +0200 |
|---|---|---|
| committer | Beniamino Galvani <bgalvani@redhat.com> | 2015-07-20 21:58:58 +0200 |
| commit | fa1b34ca23e14a1b045985c2b350ccbd47cf7522 (patch) | |
| tree | 804dc4997f595dc9cafb6b64e1978f6a5698b835 | |
| parent | fb0624cd66fe554599a3bd96a43c5672efb741a8 (diff) | |
| download | NetworkManager-fa1b34ca23e14a1b045985c2b350ccbd47cf7522.tar.gz | |
settings-connection: add audit support
| -rw-r--r-- | src/settings/nm-settings-connection.c | 78 |
1 files changed, 58 insertions, 20 deletions
diff --git a/src/settings/nm-settings-connection.c b/src/settings/nm-settings-connection.c index cc0a5b6b53..9d5b6c9f2f 100644 --- a/src/settings/nm-settings-connection.c +++ b/src/settings/nm-settings-connection.c @@ -38,6 +38,7 @@ #include "nm-properties-changed-signal.h" #include "nm-core-internal.h" #include "nm-glib-compat.h" +#include "nm-audit-manager.h" #include "gsystem-local-alloc.h" #define SETTINGS_TIMESTAMPS_FILE NMSTATEDIR "/timestamps" @@ -1279,6 +1280,11 @@ typedef struct { gboolean save_to_disk; } UpdateInfo; +typedef struct { + DBusGMethodInvocation *context; + NMAuthSubject *subject; +} CallbackInfo; + static void has_some_secrets_cb (NMSetting *setting, const char *key, @@ -1343,6 +1349,9 @@ update_complete (NMSettingsConnection *self, else dbus_g_method_return (info->context); + nm_audit_log_connection_op (NM_AUDIT_OP_CONN_UPDATE, NM_CONNECTION (self), !error, + info->subject, error ? error->message : NULL); + g_clear_object (&info->subject); g_clear_object (&info->agent_mgr); g_clear_object (&info->new_settings); @@ -1508,6 +1517,9 @@ impl_settings_connection_update_helper (NMSettingsConnection *self, return; error: + nm_audit_log_connection_op (NM_AUDIT_OP_CONN_UPDATE, NM_CONNECTION (self), FALSE, subject, + error->message); + g_clear_object (&tmp); g_clear_object (&subject); @@ -1549,12 +1561,16 @@ con_delete_cb (NMSettingsConnection *self, GError *error, gpointer user_data) { - DBusGMethodInvocation *context = user_data; + CallbackInfo *info = user_data; if (error) - dbus_g_method_return_error (context, error); + dbus_g_method_return_error (info->context, error); else - dbus_g_method_return (context); + dbus_g_method_return (info->context); + + nm_audit_log_connection_op (NM_AUDIT_OP_CONN_DELETE, NM_CONNECTION (self), + !error, info->subject, error ? error->message : NULL); + g_free (info); } static void @@ -1564,12 +1580,20 @@ delete_auth_cb (NMSettingsConnection *self, GError *error, gpointer data) { + CallbackInfo *info; + if (error) { + nm_audit_log_connection_op (NM_AUDIT_OP_CONN_DELETE, NM_CONNECTION (self), FALSE, subject, + error->message); dbus_g_method_return_error (context, error); return; } - nm_settings_connection_delete (self, con_delete_cb, context); + info = g_malloc0 (sizeof (*info)); + info->context = context; + info->subject = subject; + + nm_settings_connection_delete (self, con_delete_cb, info); } static const char * @@ -1593,23 +1617,24 @@ static void impl_settings_connection_delete (NMSettingsConnection *self, DBusGMethodInvocation *context) { - NMAuthSubject *subject; + NMAuthSubject *subject = NULL; GError *error = NULL; - if (!check_writable (NM_CONNECTION (self), &error)) { - dbus_g_method_return_error (context, error); - g_error_free (error); - return; - } + if (!check_writable (NM_CONNECTION (self), &error)) + goto out_err; subject = _new_auth_subject (context, &error); if (subject) { auth_start (self, context, subject, get_modify_permission_basic (self), delete_auth_cb, NULL); g_object_unref (subject); - } else { - dbus_g_method_return_error (context, error); - g_error_free (error); - } + } else + goto out_err; + + return; +out_err: + dbus_g_method_return_error (context, error); + nm_audit_log_connection_op (NM_AUDIT_OP_CONN_DELETE, NM_CONNECTION (self), FALSE, subject, error->message); + g_error_free (error); } /**************************************************************/ @@ -1713,12 +1738,16 @@ clear_secrets_cb (NMSettingsConnection *self, GError *error, gpointer user_data) { - DBusGMethodInvocation *context = (DBusGMethodInvocation *) user_data; + CallbackInfo *info = user_data; if (error) - dbus_g_method_return_error (context, error); + dbus_g_method_return_error (info->context, error); else - dbus_g_method_return (context); + dbus_g_method_return (info->context); + + nm_audit_log_connection_op (NM_AUDIT_OP_CONN_CLEAR_SECRETS, NM_CONNECTION (self), + !error, info->subject, error ? error->message : NULL); + g_free (info); } static void @@ -1729,10 +1758,13 @@ dbus_clear_secrets_auth_cb (NMSettingsConnection *self, gpointer user_data) { NMSettingsConnectionPrivate *priv = NM_SETTINGS_CONNECTION_GET_PRIVATE (self); + CallbackInfo *info; - if (error) + if (error) { dbus_g_method_return_error (context, error); - else { + nm_audit_log_connection_op (NM_AUDIT_OP_CONN_CLEAR_SECRETS, NM_CONNECTION (self), + FALSE, subject, error->message); + } else { /* Clear secrets in connection and caches */ nm_connection_clear_secrets (NM_CONNECTION (self)); if (priv->system_secrets) @@ -1743,7 +1775,11 @@ dbus_clear_secrets_auth_cb (NMSettingsConnection *self, /* Tell agents to remove secrets for this connection */ nm_agent_manager_delete_secrets (priv->agent_mgr, NM_CONNECTION (self)); - nm_settings_connection_commit_changes (self, clear_secrets_cb, context); + info = g_malloc0 (sizeof (*info)); + info->context = context; + info->subject = subject; + + nm_settings_connection_commit_changes (self, clear_secrets_cb, info); } } @@ -1765,6 +1801,8 @@ impl_settings_connection_clear_secrets (NMSettingsConnection *self, g_object_unref (subject); } else { dbus_g_method_return_error (context, error); + nm_audit_log_connection_op (NM_AUDIT_OP_CONN_CLEAR_SECRETS, NM_CONNECTION (self), + FALSE, NULL, error->message); g_error_free (error); } } |