From 1aecb6348cc1bb83c4300d029919d7d41213ac9a Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Thu, 16 Dec 2010 16:10:54 +0000 Subject: [PATCH] Move QEMU audit helper code out of the QEMU driver The QEMU driver file is far too large. Move all the audit helper code out into a separate file. No functional change. * src/qemu/qemu_audit.c, src/qemu/qemu_audit.h, src/Makefile.am: Add audit helper file * src/qemu/qemu_driver.c: Delete audit code --- src/Makefile.am | 1 + src/qemu/qemu_audit.c | 169 +++++++++++++++++++++++++++++++++++++++++ src/qemu/qemu_audit.h | 43 +++++++++++ src/qemu/qemu_driver.c | 141 +--------------------------------- 4 files changed, 214 insertions(+), 140 deletions(-) create mode 100644 src/qemu/qemu_audit.c create mode 100644 src/qemu/qemu_audit.h diff --git a/src/Makefile.am b/src/Makefile.am index d2fcd5fbed..381ca3dd3f 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -270,6 +270,7 @@ QEMU_DRIVER_SOURCES = \ qemu/qemu_capabilities.c qemu/qemu_capabilities.h\ qemu/qemu_command.c qemu/qemu_command.h \ qemu/qemu_domain.c qemu/qemu_domain.h \ + qemu/qemu_audit.c qemu/qemu_audit.h \ qemu/qemu_conf.c qemu/qemu_conf.h \ qemu/qemu_monitor.c qemu/qemu_monitor.h \ qemu/qemu_monitor_text.c \ diff --git a/src/qemu/qemu_audit.c b/src/qemu/qemu_audit.c new file mode 100644 index 0000000000..f03f984b17 --- /dev/null +++ b/src/qemu/qemu_audit.c @@ -0,0 +1,169 @@ +/* + * qemu_audit.c: QEMU audit management + * + * Copyright (C) 2006-2007, 2009-2010 Red Hat, Inc. + * Copyright (C) 2006 Daniel P. Berrange + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Author: Daniel P. Berrange + */ + +#include + +#include "qemu_audit.h" +#include "virtaudit.h" +#include "uuid.h" +#include "logging.h" +#include "memory.h" + +void qemuDomainDiskAudit(virDomainObjPtr vm, + virDomainDiskDefPtr oldDef, + virDomainDiskDefPtr newDef, + const char *reason, + bool success) +{ + char uuidstr[VIR_UUID_STRING_BUFLEN]; + char *vmname; + char *oldsrc = NULL; + char *newsrc = NULL; + + virUUIDFormat(vm->def->uuid, uuidstr); + if (!(vmname = virAuditEncode("vm", vm->def->name))) { + VIR_WARN0("OOM while encoding audit message"); + return; + } + + if (!(oldsrc = virAuditEncode("old-disk", + oldDef && oldDef->src ? + oldDef->src : "?"))) { + VIR_WARN0("OOM while encoding audit message"); + goto cleanup; + } + if (!(newsrc = virAuditEncode("new-disk", + newDef && newDef->src ? + newDef->src : "?"))) { + VIR_WARN0("OOM while encoding audit message"); + goto cleanup; + } + + VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success, + "resrc=disk reason=%s %s uuid=%s %s %s", + reason, vmname, uuidstr, + oldsrc, newsrc); + +cleanup: + VIR_FREE(vmname); + VIR_FREE(oldsrc); + VIR_FREE(newsrc); +} + + +void qemuDomainNetAudit(virDomainObjPtr vm, + virDomainNetDefPtr oldDef, + virDomainNetDefPtr newDef, + const char *reason, + bool success) +{ + char uuidstr[VIR_UUID_STRING_BUFLEN]; + char newMacstr[VIR_MAC_STRING_BUFLEN]; + char oldMacstr[VIR_MAC_STRING_BUFLEN]; + char *vmname; + + virUUIDFormat(vm->def->uuid, uuidstr); + if (oldDef) + virFormatMacAddr(oldDef->mac, oldMacstr); + if (newDef) + virFormatMacAddr(newDef->mac, newMacstr); + if (!(vmname = virAuditEncode("vm", vm->def->name))) { + VIR_WARN0("OOM while encoding audit message"); + return; + } + + VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success, + "resrc=net reason=%s %s uuid=%s old-net='%s' new-net='%s'", + reason, vmname, uuidstr, + oldDef ? oldMacstr : "?", + newDef ? newMacstr : "?"); + + VIR_FREE(vmname); +} + + +static void qemuDomainLifecycleAudit(virDomainObjPtr vm, + const char *op, + const char *reason, + bool success) +{ + char uuidstr[VIR_UUID_STRING_BUFLEN]; + char *vmname; + + virUUIDFormat(vm->def->uuid, uuidstr); + + if (!(vmname = virAuditEncode("vm", vm->def->name))) { + VIR_WARN0("OOM while encoding audit message"); + return; + } + + VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, success, + "op=%s reason=%s %s uuid=%s", op, reason, vmname, uuidstr); + + VIR_FREE(vmname); +} + + +void qemuDomainStartAudit(virDomainObjPtr vm, const char *reason, bool success) +{ + int i; + + for (i = 0 ; i < vm->def->ndisks ; i++) { + virDomainDiskDefPtr disk = vm->def->disks[i]; + if (disk->src) /* Skips CDROM without media initially inserted */ + qemuDomainDiskAudit(vm, NULL, disk, "start", true); + } + + for (i = 0 ; i < vm->def->nnets ; i++) { + virDomainNetDefPtr net = vm->def->nets[i]; + qemuDomainNetAudit(vm, NULL, net, "start", true); + } + + qemuDomainLifecycleAudit(vm, "start", reason, success); +} + + +void qemuDomainStopAudit(virDomainObjPtr vm, const char *reason) +{ + qemuDomainLifecycleAudit(vm, "stop", reason, true); +} + +void qemuDomainSecurityLabelAudit(virDomainObjPtr vm, bool success) +{ + char uuidstr[VIR_UUID_STRING_BUFLEN]; + char *vmname; + + virUUIDFormat(vm->def->uuid, uuidstr); + if (!(vmname = virAuditEncode("vm", vm->def->name))) { + VIR_WARN0("OOM while encoding audit message"); + return; + } + + VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_ID, success, + "%s uuid=%s vm-ctx=%s img-ctx=%s", + vmname, uuidstr, + VIR_AUDIT_STR(vm->def->seclabel.label), + VIR_AUDIT_STR(vm->def->seclabel.imagelabel)); + + VIR_FREE(vmname); +} diff --git a/src/qemu/qemu_audit.h b/src/qemu/qemu_audit.h new file mode 100644 index 0000000000..5b5a5d3ab4 --- /dev/null +++ b/src/qemu/qemu_audit.h @@ -0,0 +1,43 @@ +/* + * qemu_audit.h: QEMU audit management + * + * Copyright (C) 2006-2007, 2009-2010 Red Hat, Inc. + * Copyright (C) 2006 Daniel P. Berrange + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Author: Daniel P. Berrange + */ + +#ifndef __QEMU_AUDIT_H__ +# define __QEMU_AUDIT_H__ + +# include "domain_conf.h" + +void qemuDomainStartAudit(virDomainObjPtr vm, const char *reason, bool success); +void qemuDomainStopAudit(virDomainObjPtr vm, const char *reason); +void qemuDomainDiskAudit(virDomainObjPtr vm, + virDomainDiskDefPtr oldDef, + virDomainDiskDefPtr newDef, + const char *reason, + bool success); +void qemuDomainNetAudit(virDomainObjPtr vm, + virDomainNetDefPtr oldDef, + virDomainNetDefPtr newDef, + const char *reason, + bool success); +void qemuDomainSecurityLabelAudit(virDomainObjPtr vm, bool success); + +#endif /* __QEMU_AUDIT_H__ */ diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 9ce8fbe8fb..c4afe2001e 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -57,6 +57,7 @@ #include "qemu_command.h" #include "qemu_monitor.h" #include "qemu_bridge_filter.h" +#include "qemu_audit.h" #include "c-ctype.h" #include "event.h" #include "buf.h" @@ -82,7 +83,6 @@ #include "domain_nwfilter.h" #include "hooks.h" #include "storage_file.h" -#include "virtaudit.h" #include "files.h" #include "fdstream.h" #include "configmake.h" @@ -139,9 +139,6 @@ static void qemudShutdownVMDaemon(struct qemud_driver *driver, virDomainObjPtr vm, int migrated); -static void qemuDomainStartAudit(virDomainObjPtr vm, const char *reason, bool success); -static void qemuDomainStopAudit(virDomainObjPtr vm, const char *reason); - static int qemudDomainGetMaxVcpus(virDomainPtr dom); static int qemuDetectVcpuPIDs(struct qemud_driver *driver, @@ -3441,142 +3438,6 @@ static int qemuDomainSnapshotSetActive(virDomainObjPtr vm, static int qemuDomainSnapshotSetInactive(virDomainObjPtr vm, char *snapshotDir); -static void qemuDomainDiskAudit(virDomainObjPtr vm, - virDomainDiskDefPtr oldDef, - virDomainDiskDefPtr newDef, - const char *reason, - bool success) -{ - char uuidstr[VIR_UUID_STRING_BUFLEN]; - char *vmname; - char *oldsrc = NULL; - char *newsrc = NULL; - - virUUIDFormat(vm->def->uuid, uuidstr); - if (!(vmname = virAuditEncode("vm", vm->def->name))) { - VIR_WARN0("OOM while encoding audit message"); - return; - } - - if (!(oldsrc = virAuditEncode("old-disk", - oldDef && oldDef->src ? - oldDef->src : "?"))) { - VIR_WARN0("OOM while encoding audit message"); - goto cleanup; - } - if (!(newsrc = virAuditEncode("new-disk", - newDef && newDef->src ? - newDef->src : "?"))) { - VIR_WARN0("OOM while encoding audit message"); - goto cleanup; - } - - VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success, - "resrc=disk reason=%s %s uuid=%s %s %s", - reason, vmname, uuidstr, - oldsrc, newsrc); - -cleanup: - VIR_FREE(vmname); - VIR_FREE(oldsrc); - VIR_FREE(newsrc); -} - - -static void qemuDomainNetAudit(virDomainObjPtr vm, - virDomainNetDefPtr oldDef, - virDomainNetDefPtr newDef, - const char *reason, - bool success) -{ - char uuidstr[VIR_UUID_STRING_BUFLEN]; - char newMacstr[VIR_MAC_STRING_BUFLEN]; - char oldMacstr[VIR_MAC_STRING_BUFLEN]; - char *vmname; - - virUUIDFormat(vm->def->uuid, uuidstr); - if (oldDef) - virFormatMacAddr(oldDef->mac, oldMacstr); - if (newDef) - virFormatMacAddr(newDef->mac, newMacstr); - if (!(vmname = virAuditEncode("vm", vm->def->name))) { - VIR_WARN0("OOM while encoding audit message"); - return; - } - - VIR_AUDIT(VIR_AUDIT_RECORD_RESOURCE, success, - "resrc=net reason=%s %s uuid=%s old-net='%s' new-net='%s'", - reason, vmname, uuidstr, - oldDef ? oldMacstr : "?", - newDef ? newMacstr : "?"); - - VIR_FREE(vmname); -} - - -static void qemuDomainLifecycleAudit(virDomainObjPtr vm, - const char *op, - const char *reason, - bool success) -{ - char uuidstr[VIR_UUID_STRING_BUFLEN]; - char *vmname; - - virUUIDFormat(vm->def->uuid, uuidstr); - - if (!(vmname = virAuditEncode("vm", vm->def->name))) { - VIR_WARN0("OOM while encoding audit message"); - return; - } - - VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_CONTROL, success, - "op=%s reason=%s %s uuid=%s", op, reason, vmname, uuidstr); - - VIR_FREE(vmname); -} - -static void qemuDomainStartAudit(virDomainObjPtr vm, const char *reason, bool success) -{ - int i; - - for (i = 0 ; i < vm->def->ndisks ; i++) { - virDomainDiskDefPtr disk = vm->def->disks[i]; - if (disk->src) /* Skips CDROM without media initially inserted */ - qemuDomainDiskAudit(vm, NULL, disk, "start", true); - } - - for (i = 0 ; i < vm->def->nnets ; i++) { - virDomainNetDefPtr net = vm->def->nets[i]; - qemuDomainNetAudit(vm, NULL, net, "start", true); - } - - qemuDomainLifecycleAudit(vm, "start", reason, success); -} - -static void qemuDomainStopAudit(virDomainObjPtr vm, const char *reason) -{ - qemuDomainLifecycleAudit(vm, "stop", reason, true); -} - -static void qemuDomainSecurityLabelAudit(virDomainObjPtr vm, bool success) -{ - char uuidstr[VIR_UUID_STRING_BUFLEN]; - char *vmname; - - virUUIDFormat(vm->def->uuid, uuidstr); - if (!(vmname = virAuditEncode("vm", vm->def->name))) { - VIR_WARN0("OOM while encoding audit message"); - return; - } - - VIR_AUDIT(VIR_AUDIT_RECORD_MACHINE_ID, success, - "%s uuid=%s vm-ctx=%s img-ctx=%s", - vmname, uuidstr, - VIR_AUDIT_STR(vm->def->seclabel.label), - VIR_AUDIT_STR(vm->def->seclabel.imagelabel)); - - VIR_FREE(vmname); -} #define START_POSTFIX ": starting up\n" #define SHUTDOWN_POSTFIX ": shutting down\n" -- GitLab