-/*
- * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-#ifndef _H_CCAUDIT
-#define _H_CCAUDIT
-
-#include <security_utilities/utilities.h>
-#include <mach/message.h> // audit_token_t
-#include <bsm/audit.h> // au_tid_t, etc.
-#include <bsm/audit_kevents.h> // AUE_NULL
-
-namespace Security {
-namespace CommonCriteria {
-
-class AuditToken;
-
-
-/*
- * For the most part, we won't have a machine ID to initialize the
- * au_tid_t's machine field. There's no machine ID in the audit token,
- * for example, since MIG is localhost-only.
- */
-class TerminalId: public PodWrapper<TerminalId, au_tid_t>
-{
- public:
- TerminalId();
- TerminalId(const TerminalId &t) { set(t); }
- TerminalId(const au_tid_t &tid) { set(tid); }
- ~TerminalId() { }
-
- void set(const au_tid_t &tid) { port = tid.port; machine = tid.machine; }
-};
-
-/*
- * audit_token_t provides all the info required for Common Criteria-mandated
- * auditing. It's defined in <mach/mach_types.defs>. Its values are filled
- * in by the kernel during a Mach RPC and it should be treated as read-only
- * thereafter.
- */
-class AuditToken {
- public:
- AuditToken(const audit_token_t &token);
- ~AuditToken() { }
-
- audit_token_t auditToken() const { return mAuditToken; }
- uid_t auditId() const { return mAuditId; }
- uid_t euid() const { return mEuid; }
- gid_t egid() const { return mEgid; }
- uid_t ruid() const { return mRuid; }
- gid_t rgid() const { return mRgid; }
- pid_t pid() const { return mPid; }
- au_asid_t sessionId() const { return mSessionId; }
- const au_tid_t &terminalId() const { return mTerminalId; }
-
- private:
- audit_token_t mAuditToken;
- uid_t mAuditId;
- uid_t mEuid;
- gid_t mEgid;
- uid_t mRuid;
- gid_t mRgid;
- pid_t mPid; // of client
- au_asid_t mSessionId;
- TerminalId mTerminalId;
-};
-
-
-/*
- * The (new) audit information structure
- */
-class AuditInfo : public PodWrapper<AuditInfo, auditinfo_addr_t> {
-public:
- void get();
- void get(au_asid_t session);
- void getPid(pid_t pid);
- void set();
- void create(uint64_t flags, uid_t auid = AU_DEFAUDITID);
-
- uid_t uid() const { return this->ai_auid; }
- uint64_t flags() const { return this->ai_flags; }
- au_asid_t sessionId() const { return this->ai_asid; }
-
- static AuditInfo current() { AuditInfo info; info.get(); return info; }
-};
-
-
-// XXX/gh 3926739
-//
-// NB: Qualify all uses of these names with the namespace (CommonCriteria).
-// Existing source code already follows this convention.
-enum ExternalErrors
-{
- errNone = 0,
- errInvalidCredential = 1111, // try to make easier to find in log
- errUserCanceled,
- errTooManyTries,
- errAuthDenied, // "Auth" --> authorization; named to
- // avoid conflict with the C symbol
- // errAuthorizationDenied already in
- // use
- errEndOfExternalErrors // sentry/placeholder
-};
-
-
-
-class AuditMask
-{
- public:
- AuditMask(unsigned int s = AUE_NULL, unsigned int f = AUE_NULL)
- {
- mMask.am_success = s; mMask.am_failure = f;
- }
- ~AuditMask() { }
- const au_mask_t &get(void) const { return mMask; }
-
- private:
- au_mask_t mMask;
-};
-
-
-// audit session state for the current process; only used by Server
-class AuditSession
-{
- public:
- AuditSession(au_id_t auid, au_asid_t sid)
- : mAuditId(auid), mSessionId(sid) { }
- ~AuditSession() { }
-
- // set audit info for this process in kernel
- void registerSession(void);
-
- void auditId(au_id_t auid) { mAuditId = auid; }
- void eventMask(AuditMask &mask) { mEventMask = mask; }
- void terminalId(TerminalId &tid) { mTerminalId = tid; }
- void sessionId(au_asid_t sid) { mSessionId = sid; }
-
- au_id_t auditId(void) { return mAuditId; }
- AuditMask &eventMask(void) { return mEventMask; }
- TerminalId &terminalId(void) { return mTerminalId; }
- au_asid_t sessionId(void) { return mSessionId; }
-
- private:
- au_id_t mAuditId;
- AuditMask mEventMask;
- TerminalId mTerminalId;
- au_asid_t mSessionId;
-};
-
-//
-// For submitting audit records. Not general-purpose: no ability to
-// submit arbitrary BSM tokens, for example. However, the SecurityServer
-// has only limited auditing requirements under Common Criteria.
-//
-class AuditRecord
-{
- public:
- AuditRecord(const AuditToken &auditToken)
- : mAuditToken(auditToken) { }
- AuditRecord(const audit_token_t &auditToken)
- : mAuditToken(auditToken) { }
- ~AuditRecord() { }
-
- // returnCode == 0 --> success; nonzero returnCode --> failure
- void submit(const short event_code, const int returnCode,
- const char *msg = NULL);
-
- private:
- AuditToken mAuditToken;
-};
-
-} // end namespace CommonCriteria
-} // end namespace Security
-
-#endif // _H_CCAUDIT
projects / apple / security.git / blobdiff