diff options
author | Beniamino Galvani <bgalvani@redhat.com> | 2015-07-14 10:19:19 +0200 |
---|---|---|
committer | Beniamino Galvani <bgalvani@redhat.com> | 2015-08-04 09:32:12 +0200 |
commit | 9ce005da342113077c680c20309ea33953247124 (patch) | |
tree | 7109c70bd08089fc29890f97cb2d7cc354261c94 | |
parent | e49cc5dfcdbfadc6fc873eac163fb457ff08e0ab (diff) | |
download | NetworkManager-9ce005da342113077c680c20309ea33953247124.tar.gz |
device: add audit support
-rw-r--r-- | src/devices/nm-device.c | 8 | ||||
-rw-r--r-- | src/devices/nm-device.h | 1 | ||||
-rw-r--r-- | src/devices/wifi/nm-device-wifi.c | 1 | ||||
-rw-r--r-- | src/nm-manager.c | 8 |
4 files changed, 16 insertions, 2 deletions
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c index 2f21d6f409..d983d7a5ed 100644 --- a/src/devices/nm-device.c +++ b/src/devices/nm-device.c @@ -66,6 +66,7 @@ #include "nm-default-route-manager.h" #include "nm-route-manager.h" #include "sd-ipv4ll.h" +#include "nm-audit-manager.h" #include "nm-device-logging.h" _LOG_DECLARE_SELF (NMDevice); @@ -6177,6 +6178,7 @@ delete_on_deactivate_check_and_schedule (NMDevice *self, int ifindex) static void disconnect_cb (NMDevice *self, DBusGMethodInvocation *context, + NMAuthSubject *subject, GError *error, gpointer user_data) { @@ -6185,6 +6187,7 @@ disconnect_cb (NMDevice *self, if (error) { dbus_g_method_return_error (context, error); + nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DISCONNECT, self, FALSE, subject, error->message); return; } @@ -6194,6 +6197,7 @@ disconnect_cb (NMDevice *self, NM_DEVICE_ERROR_NOT_ACTIVE, "Device is not active"); dbus_g_method_return_error (context, local); + nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DISCONNECT, self, FALSE, subject, local->message); g_error_free (local); } else { nm_device_set_autoconnect (self, FALSE); @@ -6202,6 +6206,7 @@ disconnect_cb (NMDevice *self, NM_DEVICE_STATE_DEACTIVATING, NM_DEVICE_STATE_REASON_USER_REQUESTED); dbus_g_method_return (context); + nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DISCONNECT, self, TRUE, subject, NULL); } } @@ -6245,17 +6250,20 @@ impl_device_disconnect (NMDevice *self, DBusGMethodInvocation *context) static void delete_cb (NMDevice *self, DBusGMethodInvocation *context, + NMAuthSubject *subject, GError *error, gpointer user_data) { if (error) { dbus_g_method_return_error (context, error); + nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DELETE, self, FALSE, subject, error->message); return; } /* Authorized */ nm_platform_link_delete (NM_PLATFORM_GET, nm_device_get_ifindex (self)); dbus_g_method_return (context); + nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DELETE, self, TRUE, subject, NULL); } static void diff --git a/src/devices/nm-device.h b/src/devices/nm-device.h index d849f6682f..9e0dcac717 100644 --- a/src/devices/nm-device.h +++ b/src/devices/nm-device.h @@ -311,6 +311,7 @@ typedef struct { typedef void (*NMDeviceAuthRequestFunc) (NMDevice *device, DBusGMethodInvocation *context, + NMAuthSubject *subject, GError *error, gpointer user_data); diff --git a/src/devices/wifi/nm-device-wifi.c b/src/devices/wifi/nm-device-wifi.c index 58da7cc065..ed7a402463 100644 --- a/src/devices/wifi/nm-device-wifi.c +++ b/src/devices/wifi/nm-device-wifi.c @@ -1057,6 +1057,7 @@ impl_device_get_all_access_points (NMDeviceWifi *self, static void request_scan_cb (NMDevice *device, DBusGMethodInvocation *context, + NMAuthSubject *subject, GError *error, gpointer user_data) { diff --git a/src/nm-manager.c b/src/nm-manager.c index c2188b9ce0..c31418aa02 100644 --- a/src/nm-manager.c +++ b/src/nm-manager.c @@ -1357,6 +1357,7 @@ device_auth_done_cb (NMAuthChain *chain, NMDevice *device; const char *permission; NMDeviceAuthRequestFunc callback; + NMAuthSubject *subject; g_assert (context); @@ -1370,6 +1371,7 @@ device_auth_done_cb (NMAuthChain *chain, g_assert (device); result = nm_auth_chain_get_result (chain, permission); + subject = nm_auth_chain_get_subject (chain); if (auth_error) { /* translate the auth error into a manager permission denied error */ @@ -1390,6 +1392,7 @@ device_auth_done_cb (NMAuthChain *chain, callback (device, context, + subject, error, nm_auth_chain_get_data (chain, "user-data")); @@ -1450,9 +1453,10 @@ device_auth_request_cb (NMDevice *device, nm_auth_chain_add_call (chain, permission, allow_interaction); done: - g_clear_object (&subject); if (error) - callback (device, context, error, user_data); + callback (device, context, subject, error, user_data); + + g_clear_object (&subject); g_clear_error (&error); } |