settings: add audit-logging for connection load and reload

2026-01-01 17:40:14 +01:00 · 2019-07-15 09:56:44 +02:00 · 2019-07-15 09:56:44 +02:00 · 779555bc64
commit 779555bc64
parent b52b51e3db
3 changed files with 32 additions and 6 deletions
--- a/src/nm-audit-manager.c
+++ b/src/nm-audit-manager.c
@ -184,9 +184,15 @@ nm_audit_log (NMAuditManager *self, GPtrArray *fields, const char *file,
 }

 static void
-_audit_log_helper (NMAuditManager *self, GPtrArray *fields, const char *file,
-                   guint line, const char *func, const char *op, gboolean result,
-                   gpointer subject_context, const char *reason)
+_audit_log_helper (NMAuditManager *self,
+                   GPtrArray *fields,
+                   const char *file,
+                   guint line,
+                   const char *func,
+                   const char *op,
+                   gboolean result,
+                   gpointer subject_context,
+                   const char *reason)
 {
 	AuditField op_field = { }, pid_field = { }, uid_field = { };
 	AuditField result_field = { }, reason_field = { };
@ -246,9 +252,16 @@ nm_audit_manager_audit_enabled (NMAuditManager *self)
 }

 void
-_nm_audit_manager_log_connection_op (NMAuditManager *self, const char *file, guint line,
-                                     const char *func, const char *op, NMSettingsConnection *connection,
-                                     gboolean result, const char *args, gpointer subject_context, const char *reason)
+_nm_audit_manager_log_connection_op (NMAuditManager *self,
+                                     const char *file,
+                                     guint line,
+                                     const char *func,
+                                     const char *op,
+                                     NMSettingsConnection *connection,
+                                     gboolean result,
+                                     const char *args,
+                                     gpointer subject_context,
+                                     const char *reason)
 {
 	gs_unref_ptrarray GPtrArray *fields = NULL;
 	AuditField uuid_field = { }, name_field = { }, args_field = { };
--- a/src/nm-audit-manager.h
+++ b/src/nm-audit-manager.h
@ -41,6 +41,9 @@ typedef struct _NMAuditManagerClass NMAuditManagerClass;
 #define NM_AUDIT_OP_CONN_DEACTIVATE         "connection-deactivate"
 #define NM_AUDIT_OP_CONN_CLEAR_SECRETS      "connection-clear-secrets"

+#define NM_AUDIT_OP_CONNS_RELOAD            "connections-reload"
+#define NM_AUDIT_OP_CONNS_LOAD              "connections-load"
+
 #define NM_AUDIT_OP_RELOAD                  "reload"
 #define NM_AUDIT_OP_SLEEP_CONTROL           "sleep-control"
 #define NM_AUDIT_OP_NET_CONTROL             "networking-control"
--- a/src/settings/nm-settings.c
+++ b/src/settings/nm-settings.c
@ -888,6 +888,7 @@ impl_settings_load_connections (NMDBusObject *obj,
 	NMSettingsPrivate *priv = NM_SETTINGS_GET_PRIVATE (self);
 	gs_unref_ptrarray GPtrArray *failures = NULL;
 	gs_free const char **filenames = NULL;
+	gs_free char *op_result_str = NULL;

 	g_variant_get (parameters, "(^a&s)", &filenames);

@ -931,6 +932,13 @@ next_filename:
 	if (failures)
 		g_ptr_array_add (failures, NULL);

+	nm_audit_log_connection_op (NM_AUDIT_OP_CONNS_LOAD,
+	                            NULL,
+	                            !failures,
+	                            (op_result_str = g_strjoinv (",", (char **) filenames)),
+	                            invocation,
+	                            NULL);
+
 	g_dbus_method_invocation_return_value (invocation,
 	                                       g_variant_new ("(b^as)",
 	                                                      (gboolean) (!failures),
@ -969,6 +977,8 @@ impl_settings_reload_connections (NMDBusObject *obj,
 		nm_settings_plugin_reload_connections (plugin);
 	}

+	nm_audit_log_connection_op (NM_AUDIT_OP_CONNS_RELOAD, NULL, TRUE, NULL, invocation, NULL);
+
 	g_dbus_method_invocation_return_value (invocation, g_variant_new ("(b)", TRUE));
 }