audit: allow passing GDBusMethodInvocation context to audit methods

src/nm-audit-manager.c

@@ -165,15 +165,27 @@ nm_audit_log (NMAuditManager *self, GPtrArray *fields, const char *file,
 static void
 _audit_log_helper (NMAuditManager *self, GPtrArray *fields, const char *file,
                    guint line, const char *func, const char *op, gboolean result,
-                   NMAuthSubject *subject, const char *reason)
+                   gpointer subject_context, const char *reason)
 {
 	AuditField op_field = { }, pid_field = { }, uid_field = { };
 	AuditField result_field = { }, reason_field = { };
 	gulong pid, uid;
+	NMAuthSubject *subject = NULL;
+	gs_unref_object NMAuthSubject *subject_free = NULL;
 
 	_audit_field_init_string (&op_field, "op", op, FALSE, BACKEND_ALL);
 	g_ptr_array_insert (fields, 0, &op_field);
 
+	if (subject_context) {
+		if (NM_IS_AUTH_SUBJECT (subject_context))
+			subject = subject_context;
+		else if (G_IS_DBUS_METHOD_INVOCATION (subject_context)) {
+			GDBusMethodInvocation *context = subject_context;
+
+			subject = subject_free = nm_auth_subject_new_unix_process_from_context (context);
+		} else
+			g_warn_if_reached ();
+	}
 	if (subject && nm_auth_subject_is_unix_process (subject)) {
 		pid = nm_auth_subject_get_unix_process_pid (subject);
 		uid = nm_auth_subject_get_unix_process_uid (subject);
@@ -215,7 +227,7 @@ nm_audit_manager_audit_enabled (NMAuditManager *self)
 void
 _nm_audit_manager_log_connection_op (NMAuditManager *self, const char *file, guint line,
                                      const char *func, const char *op, NMSettingsConnection *connection,
-                                     gboolean result, NMAuthSubject *subject, const char *reason)
+                                     gboolean result, gpointer subject_context, const char *reason)
 {
 	gs_unref_ptrarray GPtrArray *fields = NULL;
 	AuditField uuid_field = { }, name_field = { };
@@ -234,13 +246,13 @@ _nm_audit_manager_log_connection_op (NMAuditManager *self, const char *file, gui
 		g_ptr_array_add (fields, &name_field);
 	}
 
-	_audit_log_helper (self, fields, file, line, func, op, result, subject, reason);
+	_audit_log_helper (self, fields, file, line, func, op, result, subject_context, reason);
 }
 
 void
 _nm_audit_manager_log_control_op (NMAuditManager *self, const char *file, guint line,
                                   const char *func, const char *op, const char *arg,
-                                  gboolean result, NMAuthSubject *subject,
+                                  gboolean result, gpointer subject_context,
                                   const char *reason)
 {
 	gs_unref_ptrarray GPtrArray *fields = NULL;
@@ -254,13 +266,13 @@ _nm_audit_manager_log_control_op (NMAuditManager *self, const char *file, guint
 	_audit_field_init_string (&arg_field, "arg", arg, TRUE, BACKEND_ALL);
 	g_ptr_array_add (fields, &arg_field);
 
-	_audit_log_helper (self, fields, file, line, func, op, result, subject, reason);
+	_audit_log_helper (self, fields, file, line, func, op, result, subject_context, reason);
 }
 
 void
 _nm_audit_manager_log_device_op (NMAuditManager *self, const char *file, guint line,
                                  const char *func, const char *op, NMDevice *device,
-                                 gboolean result, NMAuthSubject *subject,
+                                 gboolean result, gpointer subject_context,
                                  const char *reason)
 {
 	gs_unref_ptrarray GPtrArray *fields = NULL;
@@ -282,7 +294,7 @@ _nm_audit_manager_log_device_op (NMAuditManager *self, const char *file, guint l
 		g_ptr_array_add (fields, &ifindex_field);
 	}
 
-	_audit_log_helper (self, fields, file, line, func, op, result, subject, reason);
+	_audit_log_helper (self, fields, file, line, func, op, result, subject_context, reason);
 }
 
 #if HAVE_LIBAUDIT

src/nm-audit-manager.h

@@ -66,48 +66,48 @@ GType nm_audit_manager_get_type (void);
 NMAuditManager *nm_audit_manager_get (void);
 gboolean nm_audit_manager_audit_enabled (NMAuditManager *self);
 
-#define nm_audit_log_connection_op(op, connection, result, subject, reason) \
+#define nm_audit_log_connection_op(op, connection, result, subject_context, reason) \
 	G_STMT_START { \
 		NMAuditManager *_audit = nm_audit_manager_get (); \
 		\
 		if (nm_audit_manager_audit_enabled (_audit)) { \
 			_nm_audit_manager_log_connection_op (_audit, __FILE__, __LINE__, G_STRFUNC, \
-			                                     (op), (connection), (result), (subject), \
+			                                     (op), (connection), (result), (subject_context), \
 			                                     (reason)); \
 		} \
 	} G_STMT_END
 
-#define nm_audit_log_control_op(op, arg, result, subject, reason) \
+#define nm_audit_log_control_op(op, arg, result, subject_context, reason) \
 	G_STMT_START { \
 		NMAuditManager *_audit = nm_audit_manager_get (); \
 		\
 		if (nm_audit_manager_audit_enabled (_audit)) { \
 			_nm_audit_manager_log_control_op (_audit, __FILE__, __LINE__, G_STRFUNC, \
-			                                  (op), (arg), (result), (subject), (reason)); \
+			                                  (op), (arg), (result), (subject_context), (reason)); \
 		} \
 	} G_STMT_END
 
-#define nm_audit_log_device_op(op, device, result, subject, reason) \
+#define nm_audit_log_device_op(op, device, result, subject_context, reason) \
 	G_STMT_START { \
 		NMAuditManager *_audit = nm_audit_manager_get (); \
 		\
 		if (nm_audit_manager_audit_enabled (_audit)) { \
 			_nm_audit_manager_log_device_op (_audit, __FILE__, __LINE__, G_STRFUNC, \
-			                                 (op), (device), (result), (subject), (reason)); \
+			                                 (op), (device), (result), (subject_context), (reason)); \
 		} \
 	} G_STMT_END
 
 void _nm_audit_manager_log_connection_op (NMAuditManager *self, const char *file, guint line,
                                           const char *func, const char *op, NMSettingsConnection *connection,
-                                          gboolean result, NMAuthSubject *subject, const char *reason);
+                                          gboolean result, gpointer subject_context, const char *reason);
 
 void _nm_audit_manager_log_control_op    (NMAuditManager *self, const char *file, guint line,
                                           const char *func, const char *op, const char *arg,
-                                          gboolean result, NMAuthSubject *subject, const char *reason);
+                                          gboolean result, gpointer subject_context, const char *reason);
 
 void _nm_audit_manager_log_device_op     (NMAuditManager *self, const char *file, guint line,
                                           const char *func, const char *op, NMDevice *device,
-                                          gboolean result, NMAuthSubject *subject, const char *reason);
+                                          gboolean result, gpointer subject_context, const char *reason);
 G_END_DECLS
 
 #endif /* __NM_AUDIT_MANAGER_H__ */