diff options
| author | Beniamino Galvani <bgalvani@redhat.com> | 2019-09-04 08:54:37 +0200 |
|---|---|---|
| committer | Beniamino Galvani <bgalvani@redhat.com> | 2019-09-05 11:07:55 +0200 |
| commit | 0ba362e4972a881e8b52eacada4234d4c008675c (patch) | |
| tree | 983ca10a4e83ade88f09a34b33e396c2bd4f8a53 | |
| parent | 3b72858ed904e664ce45231317466abf4fc40230 (diff) | |
| download | NetworkManager-bg/audit-hostname.tar.gz | |
core: add audit log for the SaveHostname callbg/audit-hostname
| -rw-r--r-- | src/nm-audit-manager.h | 1 | ||||
| -rw-r--r-- | src/settings/nm-settings.c | 38 |
2 files changed, 27 insertions, 12 deletions
diff --git a/src/nm-audit-manager.h b/src/nm-audit-manager.h index b867822794..b4ad5db995 100644 --- a/src/nm-audit-manager.h +++ b/src/nm-audit-manager.h @@ -49,6 +49,7 @@ typedef struct _NMAuditManagerClass NMAuditManagerClass; #define NM_AUDIT_OP_NET_CONTROL "networking-control" #define NM_AUDIT_OP_RADIO_CONTROL "radio-control" #define NM_AUDIT_OP_STATISTICS "statistics" +#define NM_AUDIT_OP_HOSTNAME_SAVE "hostname-save" #define NM_AUDIT_OP_DEVICE_AUTOCONNECT "device-autoconnect" #define NM_AUDIT_OP_DEVICE_DISCONNECT "device-disconnect" diff --git a/src/settings/nm-settings.c b/src/settings/nm-settings.c index ce294f54e7..5b8bd84bc5 100644 --- a/src/settings/nm-settings.c +++ b/src/settings/nm-settings.c @@ -3277,6 +3277,7 @@ pk_hostname_cb (NMAuthChain *chain, c_list_unlink (nm_auth_chain_parent_lst_list (chain)); result = nm_auth_chain_get_result (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_HOSTNAME); + hostname = nm_auth_chain_get_data (chain, "hostname"); /* If our NMSettingsConnection is already gone, do nothing */ if (result != NM_AUTH_CALL_RESULT_YES) { @@ -3284,8 +3285,6 @@ pk_hostname_cb (NMAuthChain *chain, NM_SETTINGS_ERROR_PERMISSION_DENIED, NM_UTILS_ERROR_MSG_INSUFF_PRIV); } else { - hostname = nm_auth_chain_get_data (chain, "hostname"); - if (!nm_hostname_manager_write_hostname (priv->hostname_manager, hostname)) { error = g_error_new_literal (NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_FAILED, @@ -3293,6 +3292,12 @@ pk_hostname_cb (NMAuthChain *chain, } } + nm_audit_log_control_op (NM_AUDIT_OP_HOSTNAME_SAVE, + hostname, + !error, + nm_auth_chain_get_subject (chain), + error ? error->message : NULL); + if (error) g_dbus_method_invocation_take_error (context, error); else @@ -3312,30 +3317,39 @@ impl_settings_save_hostname (NMDBusObject *obj, NMSettingsPrivate *priv = NM_SETTINGS_GET_PRIVATE (self); NMAuthChain *chain; const char *hostname; + const char *error_reason; + int error_code; g_variant_get (parameters, "(&s)", &hostname); /* Minimal validation of the hostname */ if (!nm_hostname_manager_validate_hostname (hostname)) { - g_dbus_method_invocation_return_error_literal (invocation, - NM_SETTINGS_ERROR, - NM_SETTINGS_ERROR_INVALID_HOSTNAME, - "The hostname was too long or contained invalid characters."); - return; + error_code = NM_SETTINGS_ERROR_INVALID_HOSTNAME; + error_reason = "The hostname was too long or contained invalid characters"; + goto err; } chain = nm_auth_chain_new_context (invocation, pk_hostname_cb, self); if (!chain) { - g_dbus_method_invocation_return_error_literal (invocation, - NM_SETTINGS_ERROR, - NM_SETTINGS_ERROR_PERMISSION_DENIED, - "Unable to authenticate the request."); - return; + error_code = NM_SETTINGS_ERROR_PERMISSION_DENIED; + error_reason = NM_UTILS_ERROR_MSG_REQ_AUTH_FAILED; + goto err; } c_list_link_tail (&priv->auth_lst_head, nm_auth_chain_parent_lst_list (chain)); nm_auth_chain_add_call (chain, NM_AUTH_PERMISSION_SETTINGS_MODIFY_HOSTNAME, TRUE); nm_auth_chain_set_data (chain, "hostname", g_strdup (hostname), g_free); + return; +err: + nm_audit_log_control_op (NM_AUDIT_OP_HOSTNAME_SAVE, + hostname, + FALSE, + invocation, + error_reason); + g_dbus_method_invocation_return_error_literal (invocation, + NM_SETTINGS_ERROR, + error_code, + error_reason); } /*****************************************************************************/ |