audit: Audit smartcard devices

2024-12-22 17:34:18 +03:00 · 2014-07-03 12:03:41 +02:00 · 2014-07-03 12:03:41 +02:00 · 5bd3c73bdf
commit 5bd3c73bdf
parent 994cc31444
2 changed files with 68 additions and 0 deletions
--- a/docs/auditlog.html.in
+++ b/docs/auditlog.html.in
@ -301,6 +301,26 @@
      <dd>Updated path of the backing character device for given emulated device</dd>
    </dl>
    <h4><a name="typeresourcesmartcard">smartcard</a></h4>
    <p>
      The <code>msg</code> field will include the following sub-fields
    </p>
    <dl>
      <dt>reason</dt>
      <dd>The reason which caused the resource to be assigned to happen</dd>
      <dt>resrc</dt>
      <dd>The type of resource assigned. Set to <code>smartcard</code></dd>
      <dt>old-smartcard</dt>
      <dd>Original path of the backing character device, certificate store or
          "nss-smartcard-device" for host smartcard passthrough.
      </dd>
      <dt>new-smartcard</dt>
      <dd>Updated path of the backing character device, certificate store or
          "nss-smartcard-device" for host smartcard passthrough.
      </dd>
    </dl>
    <h4><a name="typeresourceredir">Redirected device</a></h4>
    <p>
      The <code>msg</code> field will include the following sub-fields
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@ -177,6 +177,51 @@ virDomainAuditChardev(virDomainObjPtr vm,
 }
 static void
 virDomainAuditSmartcard(virDomainObjPtr vm,
                        virDomainSmartcardDefPtr def,
                        const char *reason,
                        bool success)
 {
    const char *database = VIR_DOMAIN_SMARTCARD_DEFAULT_DATABASE;
    size_t i;
    if (def) {
        switch ((virDomainSmartcardType) def->type) {
        case VIR_DOMAIN_SMARTCARD_TYPE_HOST:
            virDomainAuditGenericDev(vm, "smartcard",
                                     NULL, "nss-smartcard-device",
                                     reason, success);
            break;
        case VIR_DOMAIN_SMARTCARD_TYPE_HOST_CERTIFICATES:
            for (i = 0; i < VIR_DOMAIN_SMARTCARD_NUM_CERTIFICATES; i++) {
                virDomainAuditGenericDev(vm, "smartcard", NULL,
                                         def->data.cert.file[i],
                                         reason, success);
            }
            if (def->data.cert.database)
                database = def->data.cert.database;
            virDomainAuditGenericDev(vm, "smartcard",
                                     NULL, database,
                                     reason, success);
            break;
        case VIR_DOMAIN_SMARTCARD_TYPE_PASSTHROUGH:
            virDomainAuditGenericDev(vm, "smartcard", NULL,
                                     virDomainAuditChardevPath(&def->data.passthru),
                                     reason, success);
            break;
        case VIR_DOMAIN_SMARTCARD_TYPE_LAST:
            break;
        }
    }
 }
 void
 virDomainAuditDisk(virDomainObjPtr vm,
                   virStorageSourcePtr oldDef,
@ -814,6 +859,9 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
        virDomainAuditChardev(vm, NULL, vm->def->consoles[i], "start", true);
    }
    for (i = 0; i < vm->def->nsmartcards; i++)
        virDomainAuditSmartcard(vm, vm->def->smartcards[i], "start", true);
    if (vm->def->rng)
        virDomainAuditRNG(vm, NULL, vm->def->rng, "start", true);