cdsa/cdsa_utilities/ccaudit.h

   1 /*
   2  * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 #ifndef _H_CCAUDIT
  20 #define _H_CCAUDIT
  21
  22 #include <Security/utility_config.h>
  23 #include <bsm/audit.h>
  24
  25 namespace Security
  26 {
  27
  28 namespace CommonCriteria
  29 {
  30
  31 // for Tiger, this should be incorporated into Security's OSStatus range
  32 enum ExternalErrors
  33 {
  34         errNone = 0,
  35         errInvalidCredential = 1111,    // try to make easier to find in log
  36         errUserCanceled,
  37         errTooManyTries,
  38         errEndOfExternalErrors                  // sentry/placeholder
  39 };
  40
  41 class AuditMask
  42 {
  43   public:
  44     AuditMask()                         { }
  45     AuditMask(const AuditMask &am)      { set(am.get()); }
  46     AuditMask(const au_mask_t &am)      { set(am); }
  47     ~AuditMask()                        { }
  48
  49     void set(const au_mask_t &am)       { set(am.am_success, am.am_failure); }
  50     void set(unsigned int s, unsigned int f)    { mMask.am_success = s; mMask.am_failure = f; }
  51     const au_mask_t &get(void) const    { return mMask; }
  52
  53   private:
  54     au_mask_t mMask;
  55 };
  56
  57 // For the most part, we won't have a machine ID to initialize the
  58 // au_tid_t's machine field.  There's no machine ID in the audit token,
  59 // for example, since MIG is localhost-only.
  60 class TerminalId
  61 {
  62   public:
  63     TerminalId()                        { }
  64     TerminalId(const TerminalId &t)     { set(t.get()); }
  65     TerminalId(const au_tid_t &tid)     { set(tid); }
  66     TerminalId(dev_t p, u_int32_t m)    { port(p); machine(m); }
  67     ~TerminalId()                       { }
  68
  69     void set(void);                     // set using localhost
  70     void set(const au_tid_t &tid)       { port(tid.port); machine(tid.machine); }
  71     void port(dev_t p)                  { mTid.port = p; }
  72     void machine(u_int32_t m)           { mTid.machine = m; }
  73     const au_tid_t &get(void) const     { return mTid; }
  74
  75   private:
  76     au_tid_t mTid;
  77 };
  78
  79 // audit session state for the current process; only used by Server
  80 class AuditSession
  81 {
  82   public:
  83     AuditSession()                      { }
  84     AuditSession(au_id_t auid, AuditMask &mask, au_asid_t sid,
  85                  TerminalId &tid)
  86         : mAuditId(auid), mEventMask(mask), mTerminalId(tid),
  87           mSessionId(sid)               { }
  88     ~AuditSession()                     { }
  89
  90     // set audit info for this process in kernel
  91     void registerSession(void);
  92
  93     void auditId(au_id_t auid)          { mAuditId = auid; }
  94     void eventMask(AuditMask &mask)     { mEventMask = mask; }
  95     void terminalId(TerminalId &tid)    { mTerminalId = tid; }
  96     void sessionId(au_asid_t sid)       { mSessionId = sid; }
  97
  98     au_id_t auditId(void)               { return mAuditId; }
  99     AuditMask &eventMask(void)          { return mEventMask; }
 100     TerminalId &terminalId(void)        { return mTerminalId; }
 101     au_asid_t sessionId(void)           { return mSessionId; }
 102
 103   private:
 104     au_id_t mAuditId;
 105     AuditMask mEventMask;
 106     TerminalId mTerminalId;
 107     au_asid_t mSessionId;
 108 };
 109
 110 //
 111 // For submitting audit records.  Not general-purpose: no ability to
 112 // submit arbitrary BSM tokens, for example.  However, the SecurityServer
 113 // has only limited auditing requirements under Common Criteria.
 114 //
 115 class AuditRecord
 116 {
 117   public:
 118     AuditRecord(const audit_token_t &auditToken)
 119         : mAuditId(auditToken.val[0]),
 120           mRUid(auditToken.val[3]),
 121           mRGid(auditToken.val[4]),
 122           mEUid(auditToken.val[1]),
 123           mEGid(auditToken.val[2]),
 124           mPid(auditToken.val[5]),
 125           mSessionId(auditToken.val[6]),
 126           mTerminalId(auditToken.val[7], 0)     { }
 127     ~AuditRecord()                              { }
 128
 129     // returnCode == 0 --> success; nonzero returnCode --> failure
 130     void submit(const short event_code, const int returnCode,
 131                 const char *msg = NULL);
 132
 133   private:
 134     au_id_t mAuditId;
 135     uid_t mRUid;
 136     gid_t mRGid;
 137     uid_t mEUid;
 138     gid_t mEGid;
 139     pid_t mPid;
 140     au_asid_t mSessionId;
 141     TerminalId mTerminalId;
 142 };
 143
 144 } // end namespace CommonCriteria
 145
 146 } // end namespace Security
 147
 148 #endif  // _H_CCAUDIT