mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-07-23 03:04:18 +00:00
core: add audit support
Introduce some primitives to deliver messages about relevant configuration changes to the Linux audit subsystem through libaudit (if enabled at build time) and to the logging system.
This commit is contained in:
parent
41e7051165
commit
be49a59fb6
17
configure.ac
17
configure.ac
|
@ -494,6 +494,22 @@ else
|
|||
AC_DEFINE(HAVE_SELINUX, 0, [Define if you have SELinux support])
|
||||
fi
|
||||
|
||||
# libaudit support
|
||||
AC_ARG_WITH(libaudit, AS_HELP_STRING([--with-libaudit=yes|no|auto], [Build with audit daemon support (default: auto)]),,[with_libaudit=auto])
|
||||
if test "$with_libaudit" = "yes" -o "$with_libaudit" = "auto"; then
|
||||
PKG_CHECK_MODULES(LIBAUDIT, audit, [have_libaudit=yes], [have_libaudit=no])
|
||||
else
|
||||
have_libaudit=no
|
||||
fi
|
||||
if test "$with_libaudit" = "yes" -a "$have_libaudit" = "no"; then
|
||||
AC_MSG_ERROR([You must have libaudit installed to build --with-libaudit=yes.])
|
||||
fi
|
||||
if test "$have_libaudit" = "yes"; then
|
||||
AC_DEFINE(HAVE_LIBAUDIT, 1, [Define if you have libaudit support])
|
||||
else
|
||||
AC_DEFINE(HAVE_LIBAUDIT, 0, [Define if you have libaudit support])
|
||||
fi
|
||||
|
||||
# libnl support for the linux platform
|
||||
PKG_CHECK_MODULES(LIBNL, libnl-3.0 >= 3.2.8 libnl-route-3.0 libnl-genl-3.0)
|
||||
|
||||
|
@ -1108,6 +1124,7 @@ echo " polkit agent: ${enable_polkit_agent}"
|
|||
echo " selinux: $have_selinux"
|
||||
echo " systemd-journald: $have_systemd_journal (logging.backend: ${nm_config_logging_backend_default})"
|
||||
echo " hostname persist: ${hostname_persist}"
|
||||
echo " libaudit: $have_libaudit"
|
||||
echo
|
||||
|
||||
echo "Features:"
|
||||
|
|
|
@ -23,3 +23,4 @@
|
|||
|
||||
[logging]
|
||||
#level=DEBUG
|
||||
#audit=yes
|
||||
|
|
|
@ -138,6 +138,7 @@ BuildRequires: ppp-devel >= 2.4.5
|
|||
BuildRequires: nss-devel >= 3.11.7
|
||||
BuildRequires: dhclient
|
||||
BuildRequires: readline-devel
|
||||
BuildRequires: audit-libs-devel
|
||||
%if %{regen_docs}
|
||||
BuildRequires: gtk-doc
|
||||
%endif
|
||||
|
@ -379,6 +380,7 @@ by nm-connection-editor and nm-applet in a non-graphical environment.
|
|||
--with-crypto=nss \
|
||||
--enable-more-warnings=error \
|
||||
--enable-ppp=yes \
|
||||
--with-libaudit=yes \
|
||||
%if 0%{?with_modem_manager_1}
|
||||
--with-modem-manager-1=yes \
|
||||
%else
|
||||
|
|
|
@ -485,6 +485,15 @@ unmanaged-devices=mac:00:22:68:1c:59:b1;mac:00:1E:65:30:D1:C4;interface-name:eth
|
|||
Otherwise, the default is "<literal>@NM_CONFIG_LOGGING_BACKEND_DEFAULT_TEXT@</literal>".
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>audit</varname></term>
|
||||
<listitem><para>Whether the audit records are delivered to
|
||||
auditd, the audit daemon. If <literal>false</literal>, audit
|
||||
records will be sent only to the NetworkManager logging
|
||||
system. If set to <literal>true</literal>, they will be also
|
||||
sent to auditd. The default value is <literal>false</literal>.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
|
|
@ -300,6 +300,8 @@ nm_sources = \
|
|||
nm-activation-request.h \
|
||||
nm-active-connection.c \
|
||||
nm-active-connection.h \
|
||||
nm-audit-manager.c \
|
||||
nm-audit-manager.h \
|
||||
nm-bus-manager.c \
|
||||
nm-bus-manager.h \
|
||||
nm-config.c \
|
||||
|
@ -418,6 +420,7 @@ AM_CPPFLAGS += \
|
|||
$(LIBNDP_CFLAGS) \
|
||||
$(LIBSOUP_CFLAGS) \
|
||||
$(SELINUX_CFLAGS) \
|
||||
$(LIBAUDIT_CFLAGS) \
|
||||
$(SYSTEMD_LOGIN_CFLAGS) \
|
||||
$(SYSTEMD_JOURNAL_CFLAGS) \
|
||||
$(SYSTEMD_NM_CFLAGS) \
|
||||
|
@ -460,7 +463,8 @@ libNetworkManager_la_LIBADD = \
|
|||
$(LIBNDP_LIBS) \
|
||||
$(LIBDL) \
|
||||
$(LIBM) \
|
||||
$(SELINUX_LIBS)
|
||||
$(SELINUX_LIBS) \
|
||||
$(LIBAUDIT_LIBS)
|
||||
|
||||
if WITH_LIBSOUP
|
||||
libNetworkManager_la_LIBADD += $(LIBSOUP_LIBS)
|
||||
|
|
371
src/nm-audit-manager.c
Normal file
371
src/nm-audit-manager.c
Normal file
|
@ -0,0 +1,371 @@
|
|||
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
|
||||
/* NetworkManager audit support
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Copyright 2015 Red Hat, Inc.
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#include <errno.h>
|
||||
#include <string.h>
|
||||
#if HAVE_LIBAUDIT
|
||||
#include <libaudit.h>
|
||||
#endif
|
||||
|
||||
#include "gsystem-local-alloc.h"
|
||||
#include "nm-audit-manager.h"
|
||||
#include "nm-glib.h"
|
||||
#include "nm-auth-subject.h"
|
||||
#include "nm-config.h"
|
||||
#include "nm-logging.h"
|
||||
#include "nm-macros-internal.h"
|
||||
|
||||
#define AUDIT_LOG_LEVEL LOGL_INFO
|
||||
|
||||
typedef enum {
|
||||
BACKEND_LOG = (1 << 0),
|
||||
BACKEND_AUDITD = (1 << 1),
|
||||
_BACKEND_LAST,
|
||||
BACKEND_ALL = ((_BACKEND_LAST - 1) << 1) - 1,
|
||||
} AuditBackend;
|
||||
|
||||
typedef struct {
|
||||
const char *name;
|
||||
GValue value;
|
||||
gboolean need_encoding;
|
||||
AuditBackend backends;
|
||||
} AuditField;
|
||||
|
||||
typedef struct {
|
||||
#if HAVE_LIBAUDIT
|
||||
NMConfig *config;
|
||||
int auditd_fd;
|
||||
#endif
|
||||
} NMAuditManagerPrivate;
|
||||
|
||||
#define NM_AUDIT_MANAGER_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), NM_TYPE_AUDIT_MANAGER, NMAuditManagerPrivate))
|
||||
|
||||
G_DEFINE_TYPE (NMAuditManager, nm_audit_manager, G_TYPE_OBJECT)
|
||||
|
||||
NM_DEFINE_SINGLETON_GETTER (NMAuditManager, nm_audit_manager_get, NM_TYPE_AUDIT_MANAGER);
|
||||
|
||||
static void
|
||||
_audit_field_init_string (AuditField *field, const char *name, const char *str,
|
||||
gboolean need_encoding, AuditBackend backends)
|
||||
{
|
||||
field->name = name;
|
||||
field->need_encoding = need_encoding;
|
||||
field->backends = backends;
|
||||
g_value_init (&field->value, G_TYPE_STRING);
|
||||
g_value_set_static_string (&field->value, str);
|
||||
}
|
||||
|
||||
static void
|
||||
_audit_field_init_uint (AuditField *field, const char *name, uint val,
|
||||
AuditBackend backends)
|
||||
{
|
||||
field->name = name;
|
||||
field->backends = backends;
|
||||
g_value_init (&field->value, G_TYPE_UINT);
|
||||
g_value_set_uint (&field->value, val);
|
||||
}
|
||||
|
||||
static char *
|
||||
build_message (GPtrArray *fields, AuditBackend backend)
|
||||
{
|
||||
GString *string;
|
||||
AuditField *field;
|
||||
gboolean first = TRUE;
|
||||
guint i;
|
||||
|
||||
string = g_string_new (NULL);
|
||||
|
||||
for (i = 0; i < fields->len; i++) {
|
||||
field = fields->pdata[i];
|
||||
|
||||
if (!NM_FLAGS_HAS (field->backends, backend))
|
||||
continue;
|
||||
|
||||
if (first)
|
||||
first = FALSE;
|
||||
else
|
||||
g_string_append_c (string, ' ');
|
||||
|
||||
if (G_VALUE_HOLDS_STRING (&field->value)) {
|
||||
const char *str = g_value_get_string (&field->value);
|
||||
|
||||
#if HAVE_LIBAUDIT
|
||||
if (backend == BACKEND_AUDITD) {
|
||||
if (field->need_encoding) {
|
||||
char *value;
|
||||
|
||||
value = audit_encode_nv_string (field->name, str, 0);
|
||||
g_string_append (string, value);
|
||||
g_free (value);
|
||||
} else
|
||||
g_string_append_printf (string, "%s=%s", field->name, str);
|
||||
continue;
|
||||
}
|
||||
#endif /* HAVE_LIBAUDIT */
|
||||
g_string_append_printf (string, "%s=\"%s\"", field->name, str);
|
||||
} else if (G_VALUE_HOLDS_UINT (&field->value)) {
|
||||
g_string_append_printf (string, "%s=%u", field->name,
|
||||
g_value_get_uint (&field->value));
|
||||
} else
|
||||
g_assert_not_reached ();
|
||||
}
|
||||
return g_string_free (string, FALSE);
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
nm_audit_log (NMAuditManager *self, GPtrArray *fields, const char *file,
|
||||
guint line, const char *func, gboolean success)
|
||||
{
|
||||
NMAuditManagerPrivate *priv;
|
||||
char *msg;
|
||||
|
||||
g_return_if_fail (NM_IS_AUDIT_MANAGER (self));
|
||||
priv = NM_AUDIT_MANAGER_GET_PRIVATE (self);
|
||||
|
||||
#if HAVE_LIBAUDIT
|
||||
if (priv->auditd_fd >= 0) {
|
||||
msg = build_message (fields, BACKEND_AUDITD);
|
||||
audit_log_user_message (priv->auditd_fd, AUDIT_USYS_CONFIG, msg,
|
||||
NULL, NULL, NULL, success);
|
||||
g_free (msg);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (nm_logging_enabled (AUDIT_LOG_LEVEL, LOGD_AUDIT)) {
|
||||
msg = build_message (fields, BACKEND_LOG);
|
||||
_nm_log_impl (file, line, func, AUDIT_LOG_LEVEL, LOGD_AUDIT, 0, "%s", msg);
|
||||
g_free (msg);
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
_audit_log_helper (NMAuditManager *self, GPtrArray *fields, const char *file,
|
||||
guint line, const char *func, const char *op, gboolean result,
|
||||
NMAuthSubject *subject, const char *reason)
|
||||
{
|
||||
AuditField op_field = { }, pid_field = { }, uid_field = { };
|
||||
AuditField result_field = { }, reason_field = { };
|
||||
gulong pid, uid;
|
||||
|
||||
_audit_field_init_string (&op_field, "op", op, FALSE, BACKEND_ALL);
|
||||
g_ptr_array_insert (fields, 0, &op_field);
|
||||
|
||||
if (subject && nm_auth_subject_is_unix_process (subject)) {
|
||||
pid = nm_auth_subject_get_unix_process_pid (subject);
|
||||
uid = nm_auth_subject_get_unix_process_uid (subject);
|
||||
if (pid != G_MAXULONG) {
|
||||
_audit_field_init_uint (&pid_field, "pid", pid, BACKEND_ALL);
|
||||
g_ptr_array_add (fields, &pid_field);
|
||||
}
|
||||
if (uid != G_MAXULONG) {
|
||||
_audit_field_init_uint (&uid_field, "uid", uid, BACKEND_ALL);
|
||||
g_ptr_array_add (fields, &uid_field);
|
||||
}
|
||||
}
|
||||
|
||||
_audit_field_init_string (&result_field, "result", result ? "success" : "fail",
|
||||
FALSE, BACKEND_ALL);
|
||||
g_ptr_array_add (fields, &result_field);
|
||||
|
||||
if (reason) {
|
||||
_audit_field_init_string (&reason_field, "reason", reason, FALSE, BACKEND_LOG);
|
||||
g_ptr_array_add (fields, &reason_field);
|
||||
}
|
||||
|
||||
nm_audit_log (self, fields, file, line, func, result);
|
||||
}
|
||||
|
||||
gboolean
|
||||
nm_audit_manager_audit_enabled (NMAuditManager *self)
|
||||
{
|
||||
#if HAVE_LIBAUDIT
|
||||
NMAuditManagerPrivate *priv = NM_AUDIT_MANAGER_GET_PRIVATE (self);
|
||||
|
||||
if (priv->auditd_fd >= 0)
|
||||
return TRUE;
|
||||
#endif
|
||||
|
||||
return nm_logging_enabled (AUDIT_LOG_LEVEL, LOGD_AUDIT);
|
||||
}
|
||||
|
||||
void
|
||||
_nm_audit_manager_log_connection_op (NMAuditManager *self, const char *file, guint line,
|
||||
const char *func, const char *op, NMConnection *connection,
|
||||
gboolean result, NMAuthSubject *subject, const char *reason)
|
||||
{
|
||||
gs_unref_ptrarray GPtrArray *fields = NULL;
|
||||
AuditField uuid_field = { }, name_field = { };
|
||||
|
||||
g_return_if_fail (op);
|
||||
g_return_if_fail (connection || !strcmp (op, NM_AUDIT_OP_CONN_ADD));
|
||||
|
||||
fields = g_ptr_array_new ();
|
||||
|
||||
if (connection) {
|
||||
_audit_field_init_string (&uuid_field, "uuid", nm_connection_get_uuid (connection),
|
||||
FALSE, BACKEND_ALL);
|
||||
g_ptr_array_add (fields, &uuid_field);
|
||||
|
||||
_audit_field_init_string (&name_field, "name", nm_connection_get_id (connection),
|
||||
TRUE, BACKEND_ALL);
|
||||
g_ptr_array_add (fields, &name_field);
|
||||
}
|
||||
|
||||
_audit_log_helper (self, fields, file, line, func, op, result, subject, reason);
|
||||
}
|
||||
|
||||
void
|
||||
_nm_audit_manager_log_control_op (NMAuditManager *self, const char *file, guint line,
|
||||
const char *func, const char *op, const char *arg,
|
||||
gboolean result, NMAuthSubject *subject,
|
||||
const char *reason)
|
||||
{
|
||||
gs_unref_ptrarray GPtrArray *fields = NULL;
|
||||
AuditField arg_field = { };
|
||||
|
||||
g_return_if_fail (op);
|
||||
g_return_if_fail (arg);
|
||||
|
||||
fields = g_ptr_array_new ();
|
||||
|
||||
_audit_field_init_string (&arg_field, "arg", arg, TRUE, BACKEND_ALL);
|
||||
g_ptr_array_add (fields, &arg_field);
|
||||
|
||||
_audit_log_helper (self, fields, file, line, func, op, result, subject, reason);
|
||||
}
|
||||
|
||||
void
|
||||
_nm_audit_manager_log_device_op (NMAuditManager *self, const char *file, guint line,
|
||||
const char *func, const char *op, NMDevice *device,
|
||||
gboolean result, NMAuthSubject *subject,
|
||||
const char *reason)
|
||||
{
|
||||
gs_unref_ptrarray GPtrArray *fields = NULL;
|
||||
AuditField interface_field = { }, ifindex_field = { };
|
||||
int ifindex;
|
||||
|
||||
g_return_if_fail (op);
|
||||
g_return_if_fail (device);
|
||||
|
||||
fields = g_ptr_array_new ();
|
||||
|
||||
_audit_field_init_string (&interface_field, "interface", nm_device_get_ip_iface (device),
|
||||
TRUE, BACKEND_ALL);
|
||||
g_ptr_array_add (fields, &interface_field);
|
||||
|
||||
ifindex = nm_device_get_ip_ifindex (device);
|
||||
if (ifindex > 0) {
|
||||
_audit_field_init_uint (&ifindex_field, "ifindex", ifindex, BACKEND_ALL);
|
||||
g_ptr_array_add (fields, &ifindex_field);
|
||||
}
|
||||
|
||||
_audit_log_helper (self, fields, file, line, func, op, result, subject, reason);
|
||||
}
|
||||
|
||||
#if HAVE_LIBAUDIT
|
||||
static void
|
||||
init_auditd (NMAuditManager *self)
|
||||
{
|
||||
NMAuditManagerPrivate *priv = NM_AUDIT_MANAGER_GET_PRIVATE (self);
|
||||
NMConfigData *data = nm_config_get_data (priv->config);
|
||||
|
||||
if (nm_config_data_get_value_boolean (data, NM_CONFIG_KEYFILE_GROUP_LOGGING,
|
||||
NM_CONFIG_KEYFILE_KEY_AUDIT, FALSE)) {
|
||||
if (priv->auditd_fd < 0) {
|
||||
priv->auditd_fd = audit_open ();
|
||||
if (priv->auditd_fd < 0) {
|
||||
nm_log_err (LOGD_CORE, "failed to open auditd socket: %s",
|
||||
strerror (errno));
|
||||
} else
|
||||
nm_log_dbg (LOGD_CORE, "audit socket created");
|
||||
}
|
||||
} else {
|
||||
if (priv->auditd_fd >= 0) {
|
||||
audit_close (priv->auditd_fd);
|
||||
priv->auditd_fd = -1;
|
||||
nm_log_dbg (LOGD_CORE, "audit socket closed");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
config_changed_cb (NMConfig *config,
|
||||
NMConfigData *config_data,
|
||||
NMConfigChangeFlags changes,
|
||||
NMConfigData *old_data,
|
||||
NMAuditManager *self)
|
||||
{
|
||||
if (NM_FLAGS_HAS (changes, NM_CONFIG_CHANGE_VALUES))
|
||||
init_auditd (self);
|
||||
}
|
||||
#endif
|
||||
|
||||
static void
|
||||
nm_audit_manager_init (NMAuditManager *self)
|
||||
{
|
||||
#if HAVE_LIBAUDIT
|
||||
NMAuditManagerPrivate *priv = NM_AUDIT_MANAGER_GET_PRIVATE (self);
|
||||
|
||||
priv->config = g_object_ref (nm_config_get ());
|
||||
g_signal_connect (G_OBJECT (priv->config),
|
||||
NM_CONFIG_SIGNAL_CONFIG_CHANGED,
|
||||
G_CALLBACK (config_changed_cb),
|
||||
self);
|
||||
priv->auditd_fd = -1;
|
||||
|
||||
init_auditd (self);
|
||||
#endif
|
||||
}
|
||||
|
||||
static void
|
||||
dispose (GObject *object)
|
||||
{
|
||||
#if HAVE_LIBAUDIT
|
||||
NMAuditManager *self = NM_AUDIT_MANAGER (object);
|
||||
NMAuditManagerPrivate *priv = NM_AUDIT_MANAGER_GET_PRIVATE (self);
|
||||
|
||||
if (priv->config) {
|
||||
g_signal_handlers_disconnect_by_func (priv->config, config_changed_cb, self);
|
||||
g_clear_object (&priv->config);
|
||||
}
|
||||
|
||||
if (priv->auditd_fd >= 0) {
|
||||
audit_close (priv->auditd_fd);
|
||||
priv->auditd_fd = -1;
|
||||
}
|
||||
#endif
|
||||
|
||||
G_OBJECT_CLASS (nm_audit_manager_parent_class)->dispose (object);
|
||||
}
|
||||
|
||||
static void
|
||||
nm_audit_manager_class_init (NMAuditManagerClass *klass)
|
||||
{
|
||||
GObjectClass *object_class = G_OBJECT_CLASS (klass);
|
||||
|
||||
g_type_class_add_private (klass, sizeof (NMAuditManagerPrivate));
|
||||
|
||||
/* virtual methods */
|
||||
object_class->dispose = dispose;
|
||||
}
|
||||
|
112
src/nm-audit-manager.h
Normal file
112
src/nm-audit-manager.h
Normal file
|
@ -0,0 +1,112 @@
|
|||
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
|
||||
/* NetworkManager audit support
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Copyright 2015 Red Hat, Inc.
|
||||
*/
|
||||
|
||||
#ifndef __NM_AUDIT_MANAGER_H__
|
||||
#define __NM_AUDIT_MANAGER_H__
|
||||
|
||||
#include <glib.h>
|
||||
#include <glib-object.h>
|
||||
|
||||
#include "nm-connection.h"
|
||||
#include "nm-device.h"
|
||||
#include "nm-types.h"
|
||||
|
||||
G_BEGIN_DECLS
|
||||
|
||||
#define NM_TYPE_AUDIT_MANAGER (nm_audit_manager_get_type ())
|
||||
#define NM_AUDIT_MANAGER(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), NM_TYPE_AUDIT_MANAGER, NMAuditManager))
|
||||
#define NM_AUDIT_MANAGER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), NM_TYPE_AUDIT_MANAGER, NMAuditManagerClass))
|
||||
#define NM_IS_AUDIT_MANAGER(obj) (G_TYPE_CHECK_INSTANCE_TYPE ((obj), NM_TYPE_AUDIT_MANAGER))
|
||||
#define NM_IS_AUDIT_MANAGER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), NM_TYPE_AUDIT_MANAGER))
|
||||
#define NM_AUDIT_MANAGER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), NM_TYPE_AUDIT_MANAGER, NMAuditManagerClass))
|
||||
|
||||
struct _NMAuditManager {
|
||||
GObject parent;
|
||||
};
|
||||
|
||||
typedef struct {
|
||||
GObjectClass parent;
|
||||
} NMAuditManagerClass;
|
||||
|
||||
#define NM_AUDIT_OP_CONN_ADD "connection-add"
|
||||
#define NM_AUDIT_OP_CONN_DELETE "connection-delete"
|
||||
#define NM_AUDIT_OP_CONN_UPDATE "connection-update"
|
||||
#define NM_AUDIT_OP_CONN_ACTIVATE "connection-activate"
|
||||
#define NM_AUDIT_OP_CONN_ADD_ACTIVATE "connection-add-activate"
|
||||
#define NM_AUDIT_OP_CONN_DEACTIVATE "connection-deactivate"
|
||||
#define NM_AUDIT_OP_CONN_CLEAR_SECRETS "connection-clear-secrets"
|
||||
|
||||
#define NM_AUDIT_OP_SLEEP_CONTROL "sleep-control"
|
||||
#define NM_AUDIT_OP_NET_CONTROL "networking-control"
|
||||
#define NM_AUDIT_OP_RADIO_CONTROL "radio-control"
|
||||
|
||||
#define NM_AUDIT_OP_DEVICE_AUTOCONNECT "device-autoconnect"
|
||||
#define NM_AUDIT_OP_DEVICE_DISCONNECT "device-disconnect"
|
||||
#define NM_AUDIT_OP_DEVICE_DELETE "device-delete"
|
||||
|
||||
GType nm_audit_manager_get_type (void);
|
||||
NMAuditManager *nm_audit_manager_get (void);
|
||||
gboolean nm_audit_manager_audit_enabled (NMAuditManager *self);
|
||||
|
||||
#define nm_audit_log_connection_op(op, connection, result, subject, reason) \
|
||||
G_STMT_START { \
|
||||
NMAuditManager *_audit = nm_audit_manager_get (); \
|
||||
\
|
||||
if (nm_audit_manager_audit_enabled (_audit)) { \
|
||||
_nm_audit_manager_log_connection_op (_audit, __FILE__, __LINE__, G_STRFUNC, \
|
||||
(op), (connection), (result), (subject), \
|
||||
(reason)); \
|
||||
} \
|
||||
} G_STMT_END
|
||||
|
||||
#define nm_audit_log_control_op(op, arg, result, subject, reason) \
|
||||
G_STMT_START { \
|
||||
NMAuditManager *_audit = nm_audit_manager_get (); \
|
||||
\
|
||||
if (nm_audit_manager_audit_enabled (_audit)) { \
|
||||
_nm_audit_manager_log_control_op (_audit, __FILE__, __LINE__, G_STRFUNC, \
|
||||
(op), (arg), (result), (subject), (reason)); \
|
||||
} \
|
||||
} G_STMT_END
|
||||
|
||||
#define nm_audit_log_device_op(op, device, result, subject, reason) \
|
||||
G_STMT_START { \
|
||||
NMAuditManager *_audit = nm_audit_manager_get (); \
|
||||
\
|
||||
if (nm_audit_manager_audit_enabled (_audit)) { \
|
||||
_nm_audit_manager_log_device_op (_audit, __FILE__, __LINE__, G_STRFUNC, \
|
||||
(op), (device), (result), (subject), (reason)); \
|
||||
} \
|
||||
} G_STMT_END
|
||||
|
||||
void _nm_audit_manager_log_connection_op (NMAuditManager *self, const char *file, guint line,
|
||||
const char *func, const char *op, NMConnection *connection,
|
||||
gboolean result, NMAuthSubject *subject, const char *reason);
|
||||
|
||||
void _nm_audit_manager_log_control_op (NMAuditManager *self, const char *file, guint line,
|
||||
const char *func, const char *op, const char *arg,
|
||||
gboolean result, NMAuthSubject *subject, const char *reason);
|
||||
|
||||
void _nm_audit_manager_log_device_op (NMAuditManager *self, const char *file, guint line,
|
||||
const char *func, const char *op, NMDevice *device,
|
||||
gboolean result, NMAuthSubject *subject, const char *reason);
|
||||
G_END_DECLS
|
||||
|
||||
#endif /* __NM_AUDIT_MANAGER_H__ */
|
|
@ -65,6 +65,7 @@ G_BEGIN_DECLS
|
|||
#define NM_CONFIG_KEYFILE_KEY_IFNET_AUTO_REFRESH "auto_refresh"
|
||||
#define NM_CONFIG_KEYFILE_KEY_IFNET_MANAGED "managed"
|
||||
#define NM_CONFIG_KEYFILE_KEY_IFUPDOWN_MANAGED "managed"
|
||||
#define NM_CONFIG_KEYFILE_KEY_AUDIT "audit"
|
||||
|
||||
#define NM_CONFIG_KEYFILE_KEYPREFIX_WAS ".was."
|
||||
#define NM_CONFIG_KEYFILE_KEYPREFIX_SET ".set."
|
||||
|
|
|
@ -27,6 +27,7 @@
|
|||
|
||||
/* core */
|
||||
typedef struct _NMActiveConnection NMActiveConnection;
|
||||
typedef struct _NMAuditManager NMAuditManager;
|
||||
typedef struct _NMVpnConnection NMVpnConnection;
|
||||
typedef struct _NMActRequest NMActRequest;
|
||||
typedef struct _NMAuthSubject NMAuthSubject;
|
||||
|
|
Loading…
Reference in a new issue