2010-09-15 13:44:11 +00:00
|
|
|
/*
|
2011-07-11 19:42:15 +00:00
|
|
|
* viraudit.c: auditing support
|
2010-09-15 13:44:11 +00:00
|
|
|
*
|
2011-05-26 15:09:42 +00:00
|
|
|
* Copyright (C) 2010-2011 Red Hat, Inc.
|
2010-09-15 13:44:11 +00:00
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
2012-07-21 10:06:23 +00:00
|
|
|
* License along with this library; If not, see
|
|
|
|
* <http://www.gnu.org/licenses/>.
|
2010-09-15 13:44:11 +00:00
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
|
|
|
#ifdef HAVE_AUDIT
|
|
|
|
# include <libaudit.h>
|
|
|
|
#endif
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
|
|
|
|
#include "virterror_internal.h"
|
|
|
|
#include "logging.h"
|
2011-07-11 19:42:15 +00:00
|
|
|
#include "viraudit.h"
|
2010-10-28 10:24:32 +00:00
|
|
|
#include "util.h"
|
2011-07-19 18:32:58 +00:00
|
|
|
#include "virfile.h"
|
2010-11-24 11:49:40 +00:00
|
|
|
#include "memory.h"
|
2010-09-15 13:44:11 +00:00
|
|
|
|
|
|
|
/* Provide the macros in case the header file is old.
|
|
|
|
FIXME: should be removed. */
|
|
|
|
#ifndef AUDIT_VIRT_CONTROL
|
|
|
|
# define AUDIT_VIRT_CONTROL 2500 /* Start, Pause, Stop VM */
|
|
|
|
#endif
|
|
|
|
#ifndef AUDIT_VIRT_RESOURCE
|
|
|
|
# define AUDIT_VIRT_RESOURCE 2501 /* Resource assignment */
|
|
|
|
#endif
|
|
|
|
#ifndef AUDIT_VIRT_MACHINE_ID
|
|
|
|
# define AUDIT_VIRT_MACHINE_ID 2502 /* Binding of label to VM */
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#define VIR_FROM_THIS VIR_FROM_AUDIT
|
|
|
|
|
|
|
|
#if HAVE_AUDIT
|
|
|
|
static int auditfd = -1;
|
|
|
|
#endif
|
|
|
|
static int auditlog = 0;
|
|
|
|
|
|
|
|
int virAuditOpen(void)
|
|
|
|
{
|
|
|
|
#if HAVE_AUDIT
|
|
|
|
if ((auditfd = audit_open()) < 0) {
|
|
|
|
virReportSystemError(errno, "%s", _("Unable to initialize audit layer"));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
#else
|
|
|
|
return -1;
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void virAuditLog(int logging)
|
|
|
|
{
|
|
|
|
auditlog = logging;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2010-10-20 18:21:52 +00:00
|
|
|
void virAuditSend(const char *file ATTRIBUTE_UNUSED, const char *func,
|
|
|
|
size_t linenr,
|
2010-09-15 13:44:11 +00:00
|
|
|
const char *clienttty ATTRIBUTE_UNUSED,
|
|
|
|
const char *clientaddr ATTRIBUTE_UNUSED,
|
2010-10-19 17:01:26 +00:00
|
|
|
enum virAuditRecordType type ATTRIBUTE_UNUSED, bool success,
|
2010-09-15 13:44:11 +00:00
|
|
|
const char *fmt, ...)
|
|
|
|
{
|
|
|
|
char *str = NULL;
|
|
|
|
va_list args;
|
|
|
|
|
|
|
|
/* Duplicate later checks, to short circuit & avoid printf overhead
|
|
|
|
* when nothing is enabled */
|
|
|
|
#if HAVE_AUDIT
|
|
|
|
if (!auditlog && auditfd < 0)
|
|
|
|
return;
|
|
|
|
#else
|
|
|
|
if (!auditlog)
|
|
|
|
return;
|
|
|
|
#endif
|
|
|
|
|
|
|
|
va_start(args, fmt);
|
2010-11-22 23:39:47 +00:00
|
|
|
if (virVasprintf(&str, fmt, args) < 0) {
|
2011-05-09 09:24:09 +00:00
|
|
|
VIR_WARN("Out of memory while formatting audit message");
|
2010-09-15 13:44:11 +00:00
|
|
|
str = NULL;
|
|
|
|
}
|
|
|
|
va_end(args);
|
|
|
|
|
|
|
|
if (auditlog && str) {
|
|
|
|
if (success)
|
|
|
|
virLogMessage("audit", VIR_LOG_INFO, func, linenr, 0,
|
|
|
|
"success=yes %s", str);
|
|
|
|
else
|
|
|
|
virLogMessage("audit", VIR_LOG_WARN, func, linenr, 0,
|
|
|
|
"success=no %s", str);
|
|
|
|
}
|
|
|
|
|
|
|
|
#if HAVE_AUDIT
|
2010-11-24 11:49:40 +00:00
|
|
|
if (auditfd < 0) {
|
|
|
|
VIR_FREE(str);
|
2010-09-15 13:44:11 +00:00
|
|
|
return;
|
2010-11-24 11:49:40 +00:00
|
|
|
}
|
2010-09-15 13:44:11 +00:00
|
|
|
|
|
|
|
if (str) {
|
|
|
|
static const int record_types[] = {
|
|
|
|
[VIR_AUDIT_RECORD_MACHINE_CONTROL] = AUDIT_VIRT_CONTROL,
|
|
|
|
[VIR_AUDIT_RECORD_MACHINE_ID] = AUDIT_VIRT_MACHINE_ID,
|
|
|
|
[VIR_AUDIT_RECORD_RESOURCE] = AUDIT_VIRT_RESOURCE,
|
|
|
|
};
|
|
|
|
|
2011-05-26 15:09:42 +00:00
|
|
|
if (type >= ARRAY_CARDINALITY(record_types) || record_types[type] == 0)
|
2010-09-15 13:44:11 +00:00
|
|
|
VIR_WARN("Unknown audit record type %d", type);
|
|
|
|
else if (audit_log_user_message(auditfd, record_types[type], str, NULL,
|
|
|
|
clientaddr, clienttty, success) < 0) {
|
|
|
|
char ebuf[1024];
|
|
|
|
VIR_WARN("Failed to send audit message %s: %s",
|
2012-03-29 09:52:04 +00:00
|
|
|
NULLSTR(str), virStrerror(errno, ebuf, sizeof(ebuf)));
|
2010-09-15 13:44:11 +00:00
|
|
|
}
|
2010-11-24 11:49:40 +00:00
|
|
|
VIR_FREE(str);
|
2010-09-15 13:44:11 +00:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
|
|
|
void virAuditClose(void)
|
|
|
|
{
|
|
|
|
#if HAVE_AUDIT
|
2010-11-09 20:48:48 +00:00
|
|
|
VIR_FORCE_CLOSE(auditfd);
|
2010-09-15 13:44:11 +00:00
|
|
|
#endif
|
|
|
|
}
|
2010-10-27 10:53:48 +00:00
|
|
|
|
|
|
|
char *virAuditEncode(const char *key, const char *value)
|
|
|
|
{
|
|
|
|
#if HAVE_AUDIT
|
|
|
|
return audit_encode_nv_string(key, value, 0);
|
|
|
|
#else
|
|
|
|
char *str;
|
|
|
|
if (virAsprintf(&str, "%s=%s", key, value) < 0)
|
|
|
|
return NULL;
|
|
|
|
return str;
|
|
|
|
#endif
|
|
|
|
}
|