]> git.saurik.com Git - apple/security.git/blob - cdsa/cdsa_utilities/ccaudit.cpp
projects / apple / security.git / blob
? search:


24caac9a1a017d29b93f0ab67f17405c6a04a21e
[apple/security.git] / cdsa / cdsa_utilities / ccaudit.cpp
1 /*
2 * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 #include <strings.h> // bcopy()
20 #include <unistd.h> // gethostname()
21 #include <netdb.h> // gethostbyname()
22 #include <sys/types.h> // inet_addr()
23 #include <sys/socket.h> // inet_addr()
24 #include <netinet/in.h> // inet_addr()
25 #include <arpa/inet.h> // inet_addr()
26 #include <errno.h>
27 #include "utilities.h"
28 #include <Security/logging.h>
29 #include <bsm/libbsm.h>
30 #include "ccaudit.h"
31
32 namespace Security
33 {
34 namespace CommonCriteria
35 {
36
37 void TerminalId::set(void)
38 {
39 if (audit_set_terminal_id(&mTid) != kAUNoErr)
40 {
41 // If we start seeing the syslog too often, change to secdebug()
42 Syslog::warning("setting terminal ID info failed; using defaults");
43 mTid.port = 0;
44 mTid.machine = 0;
45 }
46 }
47
48 void AuditSession::registerSession(void)
49 {
50 auditinfo_t auinfo;
51
52 auinfo.ai_auid = mAuditId;
53 auinfo.ai_asid = mSessionId;
54 bcopy(&mTerminalId.get(), &(auinfo.ai_termid), sizeof(auinfo.ai_termid));
55 bcopy(&mEventMask.get(), &(auinfo.ai_mask), sizeof(auinfo.ai_mask));
56
57 if (setaudit(&auinfo) != 0)
58 {
59 if (errno == ENOTSUP)
60 {
61 Syslog::notice("Attempted to initialize auditing, but this kernel that does not support auditing");
62 return;
63 }
64 Syslog::notice("Could not initialize auditing; continuing");
65 }
66 }
67
68 void AuditRecord::submit(const short event_code, const int returnCode,
69 const char *msg)
70 {
71 // If we're not auditing, do nothing
72 if (au_get_state() == AUC_NOAUDIT)
73 return;
74
75 // XXX make this a secdebug, then enable it
76 // Syslog::notice("Submitting authorization audit record");
77
78 int ret = kAUNoErr;
79
80 // XXX/gh 3574731: Fix BSM SPI so the const_cast<>s aren't necessary
81 if (returnCode == 0)
82 {
83 token_t *tok = NULL;
84
85 if (msg)
86 tok = au_to_text(const_cast<char *>(msg));
87 ret = audit_write_success(event_code, const_cast<token_t *>(tok),
88 mAuditId, mEUid, mEGid, mRUid, mRGid,
89 mPid, mSessionId,
90 const_cast<au_tid_t *>(&(mTerminalId.get())));
91 }
92 else
93 {
94 ret = audit_write_failure(event_code, const_cast<char *>(msg),
95 returnCode, mAuditId, mEUid, mEGid,
96 mRUid, mRGid, mPid, mSessionId,
97 const_cast<au_tid_t *>(&(mTerminalId.get())));
98 }
99 if (ret != kAUNoErr)
100 MacOSError::throwMe(ret);
101 }
102
103
104 } // end namespace CommonCriteria
105 } // end namespace Security
mirror of Security