#include <strings.h> // bcopy()
#include <unistd.h> // gethostname()
#include <netdb.h> // gethostbyname()
#include <sys/types.h> // inet_addr()
#include <sys/socket.h> // inet_addr()
#include <netinet/in.h> // inet_addr()
#include <arpa/inet.h> // inet_addr()
#include <errno.h>
#include "utilities.h"
#include <Security/logging.h>
#include <bsm/libbsm.h>
#include "ccaudit.h"
namespace Security
{
namespace CommonCriteria
{
void TerminalId::set(void)
{
if (audit_set_terminal_id(&mTid) != kAUNoErr)
{
Syslog::warning("setting terminal ID info failed; using defaults");
mTid.port = 0;
mTid.machine = 0;
}
}
void AuditSession::registerSession(void)
{
auditinfo_t auinfo;
auinfo.ai_auid = mAuditId;
auinfo.ai_asid = mSessionId;
bcopy(&mTerminalId.get(), &(auinfo.ai_termid), sizeof(auinfo.ai_termid));
bcopy(&mEventMask.get(), &(auinfo.ai_mask), sizeof(auinfo.ai_mask));
if (setaudit(&auinfo) != 0)
{
if (errno == ENOTSUP)
{
Syslog::notice("Attempted to initialize auditing, but this kernel that does not support auditing");
return;
}
Syslog::notice("Could not initialize auditing; continuing");
}
}
void AuditRecord::submit(const short event_code, const int returnCode,
const char *msg)
{
if (au_get_state() == AUC_NOAUDIT)
return;
int ret = kAUNoErr;
if (returnCode == 0)
{
token_t *tok = NULL;
if (msg)
tok = au_to_text(const_cast<char *>(msg));
ret = audit_write_success(event_code, const_cast<token_t *>(tok),
mAuditId, mEUid, mEGid, mRUid, mRGid,
mPid, mSessionId,
const_cast<au_tid_t *>(&(mTerminalId.get())));
}
else
{
ret = audit_write_failure(event_code, const_cast<char *>(msg),
returnCode, mAuditId, mEUid, mEGid,
mRUid, mRGid, mPid, mSessionId,
const_cast<au_tid_t *>(&(mTerminalId.get())));
}
if (ret != kAUNoErr)
MacOSError::throwMe(ret);
}
} }