ccaudit_extensions.h [plain text]
#include <string>
#include <stdint.h>
#include <Security/Authorization.h>
#include <bsm/audit_kevents.h> // AUE_NULL
#include <bsm/libbsm.h>
namespace Security
{
namespace CommonCriteria
{
namespace Securityd
{
class AuditLogger
{
public:
AuditLogger() : mAuditFd(-1), mEvent(AUE_NULL), mClientInfoSet(false) { }
AuditLogger(const audit_token_t *srcToken, short auEvent = AUE_NULL);
AuditLogger(const AuditToken &srcToken, short auEvent = AUE_NULL);
virtual ~AuditLogger();
bool open(); void close(bool writeLog = true);
void setClientInfo(const audit_token_t *srcToken);
void setClientInfo(const AuditToken &srcToken);
void setEvent(short auEvent) { mEvent = auEvent; }
short event() const { return mEvent; }
void writeToken(token_t *token, const char *name);
void writeSubject();
void writeReturn(char status, int reterr);
virtual void writeCommon() = 0;
virtual void logSuccess();
virtual void logFailure(const char *errMsg = NULL, int errcode = errAuthorizationDenied);
virtual void logFailure(string &errMsg, int errcode = errAuthorizationDenied) { logFailure(errMsg.c_str(), errcode); }
protected:
void logInternalError(const char *fmt, ...);
private:
int mAuditFd;
short mEvent;
bool mClientInfoSet;
uid_t mAuditId;
uid_t mEuid;
gid_t mEgid;
uid_t mRuid;
gid_t mRgid;
pid_t mPid;
au_asid_t mAuditSessionId;
au_tid_t mOldTerminalId; au_tid_addr_t mTerminalId; };
class KeychainAuthLogger : public AuditLogger
{
static const char *sysKCAuthStr;
static const char *unknownKCStr;
static const char *unknownItemStr;
public:
KeychainAuthLogger() : AuditLogger(), mDatabase(unknownKCStr), mItem(unknownItemStr) { }
KeychainAuthLogger(const audit_token_t *srcToken, short auEvent);
KeychainAuthLogger(const audit_token_t *srcToken, short auEvent, const char *database, const char *item);
KeychainAuthLogger(const AuditToken &srcToken, short auEvent);
KeychainAuthLogger(const AuditToken &srcToken, short auEvent, const char *database, const char *item);
void setDbName(const char *database);
void setItemName(const char *item);
virtual void writeCommon();
private:
string mDatabase;
string mItem;
};
class RightLogger
{
protected:
static const char *unknownRightStr;
public:
RightLogger() : mRight(unknownRightStr) { }
virtual ~RightLogger() { }
void setRight(const string &rightName);
void setRight(const char *rightName);
protected:
string mRight;
};
class AuthMechLogger : public AuditLogger, public RightLogger
{
static const char *unknownMechStr;
static const char *mechStr;
public:
AuthMechLogger() : AuditLogger(), RightLogger(), mEvaluatingMechanism(false), mCurrentMechanism(unknownMechStr) { }
AuthMechLogger(const AuditToken &srcToken, short auEvent);
AuthMechLogger(const audit_token_t *srcToken, short auEvent);
void setCurrentMechanism(const char *mech); void setCurrentMechanism(const string &mech) { setCurrentMechanism(mech.c_str()); }
virtual void writeCommon();
void logInterrupt(const char *msg); void logInterrupt(string &msg) { logInterrupt(msg.c_str()); }
private:
bool mEvaluatingMechanism;
string mCurrentMechanism;
};
class RightAuthenticationLogger : public AuditLogger, public RightLogger
{
static const char *unknownUserStr;
static const char *unknownClientStr;
static const char *unknownAuthCreatorStr;
static const char *authenticatorStr;
static const char *clientStr;
static const char *authCreatorStr;
static const char *authenticatedAsStr;
static const char *leastPrivStr;
public:
RightAuthenticationLogger() : AuditLogger(), RightLogger() { }
RightAuthenticationLogger(const AuditToken &srcToken, short auEvent);
RightAuthenticationLogger(const audit_token_t *srcToken, short auEvent);
virtual ~RightAuthenticationLogger() { }
virtual void writeCommon();
virtual void logSuccess() { } void logSuccess(uid_t authenticator, uid_t target, const char *targetName);
void logAuthorizationResult(const char *client, const char *authCreator, int errcode);
void logLeastPrivilege(uid_t userId, bool isAuthorizingUser);
virtual void logFailure(const char *errMsg, int errcode) { AuditLogger::logFailure(errMsg, errcode); }
void logAuthenticatorFailure(uid_t authenticator, const char *targetName);
};
}
}
}