[apple/security.git] / OSX / libsecurity_utilities / lib / ccaudit.h

/*
 * Copyright (c) 2004,2011,2014 Apple Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */


#ifndef _H_CCAUDIT
#define _H_CCAUDIT

#include <security_utilities/utilities.h>
#include <mach/message.h>       // audit_token_t
#include <bsm/audit.h>          // au_tid_t, etc.
#include <bsm/audit_kevents.h>	// AUE_NULL

namespace Security {
namespace CommonCriteria {

class AuditToken;

    
/* 
 * For the most part, we won't have a machine ID to initialize the 
 * au_tid_t's machine field.  There's no machine ID in the audit token,
 * for example, since MIG is localhost-only.  
 */
class TerminalId: public PodWrapper<TerminalId, au_tid_t>
{
  public:
    TerminalId();
    TerminalId(const TerminalId &t)     { set(t); }
    TerminalId(const au_tid_t &tid)     { set(tid); }
    ~TerminalId()                       { }
    
    void set(const au_tid_t &tid)       { port = tid.port; machine = tid.machine; }
};

/* 
 * audit_token_t provides all the info required for Common Criteria-mandated
 * auditing.  It's defined in <mach/mach_types.defs>.  Its values are filled 
 * in by the kernel during a Mach RPC and it should be treated as read-only
 * thereafter.  
 */
class AuditToken {
  public:
    AuditToken(const audit_token_t &token);
    ~AuditToken()					{ }
    
    audit_token_t auditToken() const { return mAuditToken;		}
    uid_t auditId() const           { return mAuditId;          }
    uid_t euid() const              { return mEuid;             }
    gid_t egid() const              { return mEgid;             }
    uid_t ruid() const              { return mRuid;             }
    gid_t rgid() const              { return mRgid;             }
    pid_t pid() const               { return mPid;              }
    au_asid_t sessionId() const		{ return mSessionId;		}
    const au_tid_t &terminalId() const { return mTerminalId;	}
    
  private:
    audit_token_t	mAuditToken;
    uid_t mAuditId;
    uid_t mEuid;
    gid_t mEgid;
    uid_t mRuid;
    gid_t mRgid;
    pid_t mPid;						// of client
    au_asid_t mSessionId;
    TerminalId mTerminalId;
};


/*
 * The (new) audit information structure
 */
class AuditInfo : public PodWrapper<AuditInfo, auditinfo_addr_t> {
public:
	void get();
	void get(au_asid_t session);
	void getPid(pid_t pid);
	void set();
	void create(uint64_t flags, uid_t auid = AU_DEFAUDITID);
	
	uid_t uid() const { return this->ai_auid; }
	uint64_t flags() const { return this->ai_flags; }
	au_asid_t sessionId() const { return this->ai_asid; }
	
	static AuditInfo current() { AuditInfo info; info.get(); return info; }
};


// XXX/gh  3926739
//
// NB: Qualify all uses of these names with the namespace (CommonCriteria).  
// Existing source code already follows this convention.  
enum ExternalErrors
{
	errNone = 0,
	errInvalidCredential = 1111,	// try to make easier to find in log
	errUserCanceled,
	errTooManyTries,
    errAuthDenied,                  // "Auth" --> authorization; named to
                                    // avoid conflict with the C symbol
                                    // errAuthorizationDenied already in
                                    // use
	errEndOfExternalErrors			// sentry/placeholder
};


class AuditMask
{
  public:
    AuditMask(unsigned int s = AUE_NULL, unsigned int f = AUE_NULL)
    {
        mMask.am_success = s; mMask.am_failure = f;
    }
    ~AuditMask()                        { }
    const au_mask_t &get(void) const    { return mMask; }

  private:
    au_mask_t mMask;
};


// audit session state for the current process; only used by Server
class AuditSession
{
  public:
    AuditSession(au_id_t auid, au_asid_t sid) 
	: mAuditId(auid), mSessionId(sid)	{ }
    ~AuditSession()						{ }

    // set audit info for this process in kernel
    void registerSession(void);

    void auditId(au_id_t auid)			{ mAuditId = auid;		}
    void eventMask(AuditMask &mask)		{ mEventMask = mask;	}
    void terminalId(TerminalId &tid)	{ mTerminalId = tid;	}
    void sessionId(au_asid_t sid)		{ mSessionId = sid;		}

    au_id_t auditId(void)				{ return mAuditId;		}
    AuditMask &eventMask(void)			{ return mEventMask;	}
    TerminalId &terminalId(void)		{ return mTerminalId;	}
    au_asid_t sessionId(void)			{ return mSessionId;	}

  private:
    au_id_t mAuditId;
    AuditMask mEventMask;
    TerminalId mTerminalId;
    au_asid_t mSessionId;
};

//
// For submitting audit records.  Not general-purpose: no ability to 
// submit arbitrary BSM tokens, for example.  However, the SecurityServer 
// has only limited auditing requirements under Common Criteria.  
//
class AuditRecord
{
  public:
    AuditRecord(const AuditToken &auditToken)
		: mAuditToken(auditToken)	{ }
	AuditRecord(const audit_token_t &auditToken)
		: mAuditToken(auditToken)	{ }
    ~AuditRecord()					{ }

    // returnCode == 0 --> success; nonzero returnCode --> failure
    void submit(const short event_code, const int returnCode, 
		const char *msg = NULL);

  private:
    AuditToken mAuditToken;
};

} // end namespace CommonCriteria
} // end namespace Security

#endif	// _H_CCAUDIT
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2004,2011,2014 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
	4	* The contents of this file constitute Original Code as defined in and are
	5	* subject to the Apple Public Source License Version 1.2 (the 'License').
	6	* You may not use this file except in compliance with the License. Please obtain
	7	* a copy of the License at http://www.apple.com/publicsource and read it before
	8	* using this file.
	9	*
	10	* This Original Code and all software distributed under the License are
	11	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
	12	* OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
	13	* LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
	14	* PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
	15	* specific language governing rights and limitations under the License.
	16	*/
	17
	18
	19	#ifndef _H_CCAUDIT
	20	#define _H_CCAUDIT
	21
	22	#include <security_utilities/utilities.h>
	23	#include <mach/message.h> // audit_token_t
	24	#include <bsm/audit.h> // au_tid_t, etc.
	25	#include <bsm/audit_kevents.h> // AUE_NULL
	26
	27	namespace Security {
	28	namespace CommonCriteria {
	29
	30	class AuditToken;
	31
	32
	33	/*
	34	* For the most part, we won't have a machine ID to initialize the
	35	* au_tid_t's machine field. There's no machine ID in the audit token,
	36	* for example, since MIG is localhost-only.
	37	*/
	38	class TerminalId: public PodWrapper<TerminalId, au_tid_t>
	39	{
	40	public:
	41	TerminalId();
	42	TerminalId(const TerminalId &t) { set(t); }
	43	TerminalId(const au_tid_t &tid) { set(tid); }
	44	~TerminalId() { }
	45
	46	void set(const au_tid_t &tid) { port = tid.port; machine = tid.machine; }
	47	};
	48
	49	/*
	50	* audit_token_t provides all the info required for Common Criteria-mandated
	51	* auditing. It's defined in <mach/mach_types.defs>. Its values are filled
	52	* in by the kernel during a Mach RPC and it should be treated as read-only
	53	* thereafter.
	54	*/
	55	class AuditToken {
	56	public:
	57	AuditToken(const audit_token_t &token);
	58	~AuditToken() { }
	59
	60	audit_token_t auditToken() const { return mAuditToken; }
	61	uid_t auditId() const { return mAuditId; }
	62	uid_t euid() const { return mEuid; }
	63	gid_t egid() const { return mEgid; }
	64	uid_t ruid() const { return mRuid; }
	65	gid_t rgid() const { return mRgid; }
	66	pid_t pid() const { return mPid; }
67	au_asid_t sessionId() const { return mSessionId; }
68	const au_tid_t &terminalId() const { return mTerminalId; }
69
70	private:
71	audit_token_t mAuditToken;
72	uid_t mAuditId;
73	uid_t mEuid;
74	gid_t mEgid;
75	uid_t mRuid;
76	gid_t mRgid;
77	pid_t mPid; // of client
78	au_asid_t mSessionId;
79	TerminalId mTerminalId;
80	};
81
82
83	/*
84	* The (new) audit information structure
85	*/
86	class AuditInfo : public PodWrapper<AuditInfo, auditinfo_addr_t> {
87	public:
88	void get();
89	void get(au_asid_t session);
90	void getPid(pid_t pid);
91	void set();
92	void create(uint64_t flags, uid_t auid = AU_DEFAUDITID);
93
94	uid_t uid() const { return this->ai_auid; }
95	uint64_t flags() const { return this->ai_flags; }
96	au_asid_t sessionId() const { return this->ai_asid; }
97
98	static AuditInfo current() { AuditInfo info; info.get(); return info; }
99	};
100
101
102	// XXX/gh 3926739
103	//
104	// NB: Qualify all uses of these names with the namespace (CommonCriteria).
105	// Existing source code already follows this convention.
106	enum ExternalErrors
107	{
108	errNone = 0,
109	errInvalidCredential = 1111, // try to make easier to find in log
110	errUserCanceled,
111	errTooManyTries,
112	errAuthDenied, // "Auth" --> authorization; named to
113	// avoid conflict with the C symbol
114	// errAuthorizationDenied already in
115	// use
116	errEndOfExternalErrors // sentry/placeholder
117	};
118
119
120
121	class AuditMask
122	{
123	public:
124	AuditMask(unsigned int s = AUE_NULL, unsigned int f = AUE_NULL)
125	{
126	mMask.am_success = s; mMask.am_failure = f;
127	}
128	~AuditMask() { }
129	const au_mask_t &get(void) const { return mMask; }
130
131	private:
132	au_mask_t mMask;
133	};
134
135
136	// audit session state for the current process; only used by Server
137	class AuditSession
138	{
139	public:
140	AuditSession(au_id_t auid, au_asid_t sid)
141	: mAuditId(auid), mSessionId(sid) { }
142	~AuditSession() { }
143
144	// set audit info for this process in kernel
145	void registerSession(void);
146
147	void auditId(au_id_t auid) { mAuditId = auid; }
148	void eventMask(AuditMask &mask) { mEventMask = mask; }
149	void terminalId(TerminalId &tid) { mTerminalId = tid; }
150	void sessionId(au_asid_t sid) { mSessionId = sid; }
151
152	au_id_t auditId(void) { return mAuditId; }
153	AuditMask &eventMask(void) { return mEventMask; }
154	TerminalId &terminalId(void) { return mTerminalId; }
155	au_asid_t sessionId(void) { return mSessionId; }
156
157	private:
158	au_id_t mAuditId;
159	AuditMask mEventMask;
160	TerminalId mTerminalId;
161	au_asid_t mSessionId;
162	};
163
164	//
165	// For submitting audit records. Not general-purpose: no ability to
166	// submit arbitrary BSM tokens, for example. However, the SecurityServer
167	// has only limited auditing requirements under Common Criteria.
168	//
169	class AuditRecord
170	{
171	public:
172	AuditRecord(const AuditToken &auditToken)
173	: mAuditToken(auditToken) { }
174	AuditRecord(const audit_token_t &auditToken)
175	: mAuditToken(auditToken) { }
176	~AuditRecord() { }
177
178	// returnCode == 0 --> success; nonzero returnCode --> failure
179	void submit(const short event_code, const int returnCode,
180	const char *msg = NULL);
181
182	private:
183	AuditToken mAuditToken;
184	};
185
186	} // end namespace CommonCriteria
187	} // end namespace Security
188
189	#endif // _H_CCAUDIT