From 2d26cce9c265fce210beeaffa024d1137917b65c Mon Sep 17 00:00:00 2001
From: Beniamino Galvani <bgalvani@redhat.com>
Date: Sat, 4 Mar 2017 00:06:59 +0100
Subject: [PATCH] audit: add @args to device logging functions

---
 src/devices/nm-device.c | 22 +++++++++++-----------
 src/nm-audit-manager.c  |  9 +++++++--
 src/nm-audit-manager.h  |  7 ++++---
 3 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
index 93609db39..c964f7eb0 100644
--- a/src/devices/nm-device.c
+++ b/src/devices/nm-device.c
@@ -8674,7 +8674,7 @@ reapply_cb (NMDevice *self,
 	}
 
 	if (error) {
-		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, FALSE, subject, error->message);
+		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, FALSE, NULL, subject, error->message);
 		g_dbus_method_invocation_return_gerror (context, error);
 		return;
 	}
@@ -8683,11 +8683,11 @@ reapply_cb (NMDevice *self,
 	                                   connection ? : (NMConnection *) nm_device_get_settings_connection (self),
 	                                   version_id,
 	                                   &local)) {
-		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, FALSE, subject, local->message);
+		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, FALSE, NULL, subject, local->message);
 		g_dbus_method_invocation_take_error (context, local);
 		local = NULL;
 	} else {
-		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, TRUE, subject, NULL);
+		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, TRUE, NULL, subject, NULL);
 		g_dbus_method_invocation_return_value (context, NULL);
 	}
 }
@@ -8710,7 +8710,7 @@ impl_device_reapply (NMDevice *self,
 		error = g_error_new_literal (NM_DEVICE_ERROR,
 		                             NM_DEVICE_ERROR_FAILED,
 		                             "Invalid flags specified");
-		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, FALSE, context, error->message);
+		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, FALSE, NULL, context, error->message);
 		g_dbus_method_invocation_take_error (context, error);
 		return;
 	}
@@ -8719,7 +8719,7 @@ impl_device_reapply (NMDevice *self,
 		error = g_error_new_literal (NM_DEVICE_ERROR,
 		                             NM_DEVICE_ERROR_NOT_ACTIVE,
 		                             "Device is not activated");
-		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, FALSE, context, error->message);
+		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, FALSE, NULL, context, error->message);
 		g_dbus_method_invocation_take_error (context, error);
 		return;
 	}
@@ -8735,7 +8735,7 @@ impl_device_reapply (NMDevice *self,
 		                                                  &error);
 		if (!connection) {
 			g_prefix_error (&error, "The settings specified are invalid: ");
-			nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, FALSE, context, error->message);
+			nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_REAPPLY, self, FALSE, NULL, context, error->message);
 			g_dbus_method_invocation_take_error (context, error);
 			return;
 		}
@@ -8865,7 +8865,7 @@ disconnect_cb (NMDevice *self,
 
 	if (error) {
 		g_dbus_method_invocation_return_gerror (context, error);
-		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DISCONNECT, self, FALSE, subject, error->message);
+		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DISCONNECT, self, FALSE, NULL, subject, error->message);
 		return;
 	}
 
@@ -8874,7 +8874,7 @@ disconnect_cb (NMDevice *self,
 		local = g_error_new_literal (NM_DEVICE_ERROR,
 		                             NM_DEVICE_ERROR_NOT_ACTIVE,
 		                             "Device is not active");
-		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DISCONNECT, self, FALSE, subject, local->message);
+		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DISCONNECT, self, FALSE, NULL, subject, local->message);
 		g_dbus_method_invocation_take_error (context, local);
 	} else {
 		nm_device_set_autoconnect_intern (self, FALSE);
@@ -8883,7 +8883,7 @@ disconnect_cb (NMDevice *self,
 		                         NM_DEVICE_STATE_DEACTIVATING,
 		                         NM_DEVICE_STATE_REASON_USER_REQUESTED);
 		g_dbus_method_invocation_return_value (context, NULL);
-		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DISCONNECT, self, TRUE, subject, NULL);
+		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DISCONNECT, self, TRUE, NULL, subject, NULL);
 	}
 }
 
@@ -8934,12 +8934,12 @@ delete_cb (NMDevice *self,
 
 	if (error) {
 		g_dbus_method_invocation_return_gerror (context, error);
-		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DELETE, self, FALSE, subject, error->message);
+		nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DELETE, self, FALSE, NULL, subject, error->message);
 		return;
 	}
 
 	/* Authorized */
-	nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DELETE, self, TRUE, subject, NULL);
+	nm_audit_log_device_op (NM_AUDIT_OP_DEVICE_DELETE, self, TRUE, NULL, subject, NULL);
 	if (nm_device_unrealize (self, TRUE, &local))
 		g_dbus_method_invocation_return_value (context, NULL);
 	else
diff --git a/src/nm-audit-manager.c b/src/nm-audit-manager.c
index eeb9d2ba8..a78f06634 100644
--- a/src/nm-audit-manager.c
+++ b/src/nm-audit-manager.c
@@ -302,11 +302,11 @@ _nm_audit_manager_log_generic_op (NMAuditManager *self, const char *file, guint
 void
 _nm_audit_manager_log_device_op (NMAuditManager *self, const char *file, guint line,
                                  const char *func, const char *op, NMDevice *device,
-                                 gboolean result, gpointer subject_context,
+                                 gboolean result, const char *args, gpointer subject_context,
                                  const char *reason)
 {
 	gs_unref_ptrarray GPtrArray *fields = NULL;
-	AuditField interface_field = { }, ifindex_field = { };
+	AuditField interface_field = { }, ifindex_field = { }, args_field = { };
 	int ifindex;
 
 	g_return_if_fail (op);
@@ -324,6 +324,11 @@ _nm_audit_manager_log_device_op (NMAuditManager *self, const char *file, guint l
 		g_ptr_array_add (fields, &ifindex_field);
 	}
 
+	if (args) {
+		_audit_field_init_string (&args_field, "args", args, FALSE, BACKEND_ALL);
+		g_ptr_array_add (fields, &args_field);
+	}
+
 	_audit_log_helper (self, fields, file, line, func, op, result, subject_context, reason);
 }
 
diff --git a/src/nm-audit-manager.h b/src/nm-audit-manager.h
index 29bde1a50..56e26584e 100644
--- a/src/nm-audit-manager.h
+++ b/src/nm-audit-manager.h
@@ -83,13 +83,13 @@ gboolean nm_audit_manager_audit_enabled (NMAuditManager *self);
 		} \
 	} G_STMT_END
 
-#define nm_audit_log_device_op(op, device, result, subject_context, reason) \
+#define nm_audit_log_device_op(op, device, result, args, subject_context, reason) \
 	G_STMT_START { \
 		NMAuditManager *_audit = nm_audit_manager_get (); \
 		\
 		if (nm_audit_manager_audit_enabled (_audit)) { \
 			_nm_audit_manager_log_device_op (_audit, __FILE__, __LINE__, G_STRFUNC, \
-			                                 (op), (device), (result), (subject_context), (reason)); \
+			                                 (op), (device), (result), (args), (subject_context), (reason)); \
 		} \
 	} G_STMT_END
 
@@ -114,6 +114,7 @@ void _nm_audit_manager_log_generic_op    (NMAuditManager *self, const char *file
 
 void _nm_audit_manager_log_device_op     (NMAuditManager *self, const char *file, guint line,
                                           const char *func, const char *op, NMDevice *device,
-                                          gboolean result, gpointer subject_context, const char *reason);
+                                          gboolean result, const char *args, gpointer subject_context,
+                                          const char *reason);
 
 #endif /* __NM_AUDIT_MANAGER_H__ */