[PATCHv2 2/2] audit: Audit smartcard devices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



---
 docs/auditlog.html.in   | 20 ++++++++++++++++++++
 src/conf/domain_audit.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 68 insertions(+)

diff --git a/docs/auditlog.html.in b/docs/auditlog.html.in
index 8528b52..8a007ca 100644
--- a/docs/auditlog.html.in
+++ b/docs/auditlog.html.in
@@ -301,6 +301,26 @@
       <dd>Updated path of the backing character device for given emulated device</dd>
     </dl>

+    <h4><a name="typeresourcesmartcard">smartcard</a></h4>
+    <p>
+      The <code>msg</code> field will include the following sub-fields
+    </p>
+
+    <dl>
+      <dt>reason</dt>
+      <dd>The reason which caused the resource to be assigned to happen</dd>
+      <dt>resrc</dt>
+      <dd>The type of resource assigned. Set to <code>smartcard</code></dd>
+      <dt>old-smartcard</dt>
+      <dd>Original path of the backing character device, certificate store or
+          "nss-smartcard-device" for host smartcard passthrough.
+      </dd>
+      <dt>new-smartcard</dt>
+      <dd>Updated path of the backing character device, certificate store or
+          "nss-smartcard-device" for host smartcard passthrough.
+      </dd>
+    </dl>
+
     <h4><a name="typeresourceredir">Redirected device</a></h4>
     <p>
       The <code>msg</code> field will include the following sub-fields
diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index 23bb4a7..a3d6c67 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -177,6 +177,51 @@ virDomainAuditChardev(virDomainObjPtr vm,
 }


+static void
+virDomainAuditSmartcard(virDomainObjPtr vm,
+                        virDomainSmartcardDefPtr def,
+                        const char *reason,
+                        bool success)
+{
+    const char *database = VIR_DOMAIN_SMARTCARD_DEFAULT_DATABASE;
+    size_t i;
+
+    if (def) {
+        switch ((virDomainSmartcardType) def->type) {
+        case VIR_DOMAIN_SMARTCARD_TYPE_HOST:
+            virDomainAuditGenericDev(vm, "smartcard",
+                                     NULL, "nss-smartcard-device",
+                                     reason, success);
+            break;
+
+        case VIR_DOMAIN_SMARTCARD_TYPE_HOST_CERTIFICATES:
+            for (i = 0; i < VIR_DOMAIN_SMARTCARD_NUM_CERTIFICATES; i++) {
+                virDomainAuditGenericDev(vm, "smartcard", NULL,
+                                         def->data.cert.file[i],
+                                         reason, success);
+            }
+
+            if (def->data.cert.database)
+                database = def->data.cert.database;
+
+            virDomainAuditGenericDev(vm, "smartcard",
+                                     NULL, database,
+                                     reason, success);
+            break;
+
+        case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
+            virDomainAuditGenericDev(vm, "smartcard", NULL,
+                                     virDomainAuditChardevPath(&def->data.passthru),
+                                     reason, success);
+            break;
+
+        case VIR_DOMAIN_SMARTCARD_TYPE_LAST:
+            break;
+        }
+    }
+}
+
+
 void
 virDomainAuditDisk(virDomainObjPtr vm,
                    virStorageSourcePtr oldDef,
@@ -814,6 +859,9 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
         virDomainAuditChardev(vm, NULL, vm->def->consoles[i], "start", true);
     }

+    for (i = 0; i < vm->def->nsmartcards; i++)
+        virDomainAuditSmartcard(vm, vm->def->smartcards[i], "start", true);
+
     if (vm->def->rng)
         virDomainAuditRNG(vm, NULL, vm->def->rng, "start", true);

-- 
1.9.3

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]