NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

conf: audit: Split out common steps to audit domain devices

Browse Source 
Extract common operations done when creating an audit message to a
separate generic function that can be reused and convert RNG, disk, FS
and net audit to use it.
This commit is contained in:
Peter Krempa 2014-07-02 11:24:24 +02:00
parent 43ca0c542e
commit 45c81cbb45
1 changed files with 72 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

205
src/conf/domain_audit.c
View File

@ -93,46 +93,73 @@ virDomainAuditChardevPath(virDomainChrSourceDefPtr chr)
} }
static void
virDomainAuditGenericDev(virDomainObjPtr vm,
const char *type,
const char *oldsrcpath,
const char *newsrcpath,
const char *reason,
bool success)
{
char *newdev = NULL;
char *olddev = NULL;
char uuidstr[VIR_UUID_STRING_BUFLEN];
char *vmname = NULL;
char *oldsrc = NULL;
char *newsrc = NULL;
const char *virt;
/* if both new and old source aren't provided don't log anything */
if (!newsrcpath && !oldsrcpath)
return;
if (virAsprintfQuiet(&newdev, "new-%s", type) < 0)
goto no_memory;
if (virAsprintfQuiet(&olddev, "old-%s", type) < 0)
goto no_memory;
virUUIDFormat(vm->def->uuid, uuidstr);
if (!(vmname = virAuditEncode("vm", vm->def->name)))
goto no_memory;
if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) {
VIR_WARN("Unexpected virt type %d while encoding audit message",
vm->def->virtType);
virt = "?";
}
if (!(newsrc = virAuditEncode(newdev, VIR_AUDIT_STR(newsrcpath))))
goto no_memory;
if (!(oldsrc = virAuditEncode(olddev, VIR_AUDIT_STR(oldsrcpath))))
goto no_memory;
VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
"virt=%s resrc=%s reason=%s %s uuid=%s %s %s",
virt, type, reason, vmname, uuidstr, oldsrc, newsrc);
cleanup:
VIR_FREE(newdev);
VIR_FREE(olddev);
VIR_FREE(vmname);
VIR_FREE(oldsrc);
VIR_FREE(newsrc);
return;
no_memory:
VIR_WARN("OOM while encoding audit message");
goto cleanup;
}
void void
virDomainAuditDisk(virDomainObjPtr vm, virDomainAuditDisk(virDomainObjPtr vm,
const char *oldDef, const char *newDef, const char *oldDef, const char *newDef,
const char *reason, bool success) const char *reason, bool success)
{ {
char uuidstr[VIR_UUID_STRING_BUFLEN]; virDomainAuditGenericDev(vm, "disk", oldDef, newDef, reason, success);
char *vmname;
char *oldsrc = NULL;
char *newsrc = NULL;
const char *virt;
virUUIDFormat(vm->def->uuid, uuidstr);
if (!(vmname = virAuditEncode("vm", vm->def->name))) {
VIR_WARN("OOM while encoding audit message");
return;
}
if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) {
VIR_WARN("Unexpected virt type %d while encoding audit message", vm->def->virtType);
virt = "?";
}
if (!(oldsrc = virAuditEncode("old-disk", VIR_AUDIT_STR(oldDef)))) {
VIR_WARN("OOM while encoding audit message");
goto cleanup;
}
if (!(newsrc = virAuditEncode("new-disk", VIR_AUDIT_STR(newDef)))) {
VIR_WARN("OOM while encoding audit message");
goto cleanup;
}
VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
"virt=%s resrc=disk reason=%s %s uuid=%s %s %s",
virt, reason, vmname, uuidstr,
oldsrc, newsrc);
cleanup:
VIR_FREE(vmname);
VIR_FREE(oldsrc);
VIR_FREE(newsrc);
} }
@ -141,13 +168,8 @@ virDomainAuditRNG(virDomainObjPtr vm,
virDomainRNGDefPtr oldDef, virDomainRNGDefPtr newDef, virDomainRNGDefPtr oldDef, virDomainRNGDefPtr newDef,
const char *reason, bool success) const char *reason, bool success)
{ {
char uuidstr[VIR_UUID_STRING_BUFLEN];
char *vmname;
const char *newsrcpath = NULL; const char *newsrcpath = NULL;
const char *oldsrcpath = NULL; const char *oldsrcpath = NULL;
char *oldsrc = NULL;
char *newsrc = NULL;
const char *virt;
if (newDef) { if (newDef) {
switch ((virDomainRNGBackend) newDef->backend) { switch ((virDomainRNGBackend) newDef->backend) {
@ -185,40 +207,7 @@ virDomainAuditRNG(virDomainObjPtr vm,
} }
} }
/* don't audit the RNG device if it doesn't use local resources */ virDomainAuditGenericDev(vm, "rng", oldsrcpath, newsrcpath, reason, success);
if (!oldsrcpath && !newsrcpath)
return;
virUUIDFormat(vm->def->uuid, uuidstr);
if (!(vmname = virAuditEncode("vm", vm->def->name)))
goto no_memory;
if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) {
VIR_WARN("Unexpected virt type %d while encoding audit message",
vm->def->virtType);
virt = "?";
}
if (!(newsrc = virAuditEncode("new-rng", VIR_AUDIT_STR(newsrcpath))))
goto no_memory;
if (!(oldsrc = virAuditEncode("old-rng", VIR_AUDIT_STR(oldsrcpath))))
goto no_memory;
VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
"virt=%s resrc=rng reason=%s %s uuid=%s %s %s",
virt, reason, vmname, uuidstr,
oldsrc, newsrc);
cleanup:
VIR_FREE(vmname);
VIR_FREE(oldsrc);
VIR_FREE(newsrc);
return;
no_memory:
VIR_WARN("OOM while encoding audit message");
goto cleanup;
} }
@ -227,45 +216,10 @@ virDomainAuditFS(virDomainObjPtr vm,
virDomainFSDefPtr oldDef, virDomainFSDefPtr newDef, virDomainFSDefPtr oldDef, virDomainFSDefPtr newDef,
const char *reason, bool success) const char *reason, bool success)
{ {
char uuidstr[VIR_UUID_STRING_BUFLEN]; virDomainAuditGenericDev(vm, "fs",
char *vmname; oldDef ? oldDef->src : NULL,
char *oldsrc = NULL; newDef ? newDef->src : NULL,
char *newsrc = NULL; reason, success);
const char *virt;
virUUIDFormat(vm->def->uuid, uuidstr);
if (!(vmname = virAuditEncode("vm", vm->def->name))) {
VIR_WARN("OOM while encoding audit message");
return;
}
if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) {
VIR_WARN("Unexpected virt type %d while encoding audit message", vm->def->virtType);
virt = "?";
}
if (!(oldsrc = virAuditEncode("old-fs",
oldDef && oldDef->src ?
oldDef->src : "?"))) {
VIR_WARN("OOM while encoding audit message");
goto cleanup;
}
if (!(newsrc = virAuditEncode("new-fs",
newDef && newDef->src ?
newDef->src : "?"))) {
VIR_WARN("OOM while encoding audit message");
goto cleanup;
}
VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
"virt=%s resrc=fs reason=%s %s uuid=%s %s %s",
virt, reason, vmname, uuidstr,
oldsrc, newsrc);
cleanup:
VIR_FREE(vmname);
VIR_FREE(oldsrc);
VIR_FREE(newsrc);
} }
@ -274,34 +228,19 @@ virDomainAuditNet(virDomainObjPtr vm,
virDomainNetDefPtr oldDef, virDomainNetDefPtr newDef, virDomainNetDefPtr oldDef, virDomainNetDefPtr newDef,
const char *reason, bool success) const char *reason, bool success)
{ {
char uuidstr[VIR_UUID_STRING_BUFLEN];
char newMacstr[VIR_MAC_STRING_BUFLEN]; char newMacstr[VIR_MAC_STRING_BUFLEN];
char oldMacstr[VIR_MAC_STRING_BUFLEN]; char oldMacstr[VIR_MAC_STRING_BUFLEN];
char *vmname;
const char *virt;
virUUIDFormat(vm->def->uuid, uuidstr);
if (oldDef) if (oldDef)
virMacAddrFormat(&oldDef->mac, oldMacstr); virMacAddrFormat(&oldDef->mac, oldMacstr);
if (newDef) if (newDef)
virMacAddrFormat(&newDef->mac, newMacstr); virMacAddrFormat(&newDef->mac, newMacstr);
if (!(vmname = virAuditEncode("vm", vm->def->name))) {
VIR_WARN("OOM while encoding audit message");
return;
}
if (!(virt = virDomainVirtTypeToString(vm->def->virtType))) { virDomainAuditGenericDev(vm, "net",
VIR_WARN("Unexpected virt type %d while encoding audit message", vm->def->virtType); oldDef ? oldMacstr : NULL,
virt = "?"; newDef ? newMacstr : NULL,
} reason, success);
VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success,
"virt=%s resrc=net reason=%s %s uuid=%s old-net=%s new-net=%s",
virt, reason, vmname, uuidstr,
oldDef ? oldMacstr : "?",
newDef ? newMacstr : "?");
VIR_FREE(vmname);
} }
/** /**