--- /dev/null
+/*
+ * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+#include <strings.h> // bcopy()
+#include <unistd.h> // gethostname()
+#include <netdb.h> // gethostbyname()
+#include <sys/types.h> // inet_addr()
+#include <sys/socket.h> // inet_addr()
+#include <netinet/in.h> // inet_addr()
+#include <arpa/inet.h> // inet_addr()
+#include <errno.h>
+#include "utilities.h"
+#include <Security/logging.h>
+#include <bsm/libbsm.h>
+#include "ccaudit.h"
+
+namespace Security
+{
+namespace CommonCriteria
+{
+
+void TerminalId::set(void)
+{
+ if (audit_set_terminal_id(&mTid) != kAUNoErr)
+ {
+ // If we start seeing the syslog too often, change to secdebug()
+ Syslog::warning("setting terminal ID info failed; using defaults");
+ mTid.port = 0;
+ mTid.machine = 0;
+ }
+}
+
+void AuditSession::registerSession(void)
+{
+ auditinfo_t auinfo;
+
+ auinfo.ai_auid = mAuditId;
+ auinfo.ai_asid = mSessionId;
+ bcopy(&mTerminalId.get(), &(auinfo.ai_termid), sizeof(auinfo.ai_termid));
+ bcopy(&mEventMask.get(), &(auinfo.ai_mask), sizeof(auinfo.ai_mask));
+
+ if (setaudit(&auinfo) != 0)
+ {
+ if (errno == ENOTSUP)
+ {
+ Syslog::notice("Attempted to initialize auditing, but this kernel that does not support auditing");
+ return;
+ }
+ Syslog::notice("Could not initialize auditing; continuing");
+ }
+}
+
+void AuditRecord::submit(const short event_code, const int returnCode,
+ const char *msg)
+{
+ // If we're not auditing, do nothing
+ if (au_get_state() == AUC_NOAUDIT)
+ return;
+
+ // XXX make this a secdebug, then enable it
+ // Syslog::notice("Submitting authorization audit record");
+
+ int ret = kAUNoErr;
+
+ // XXX/gh 3574731: Fix BSM SPI so the const_cast<>s aren't necessary
+ if (returnCode == 0)
+ {
+ token_t *tok = NULL;
+
+ if (msg)
+ tok = au_to_text(const_cast<char *>(msg));
+ ret = audit_write_success(event_code, const_cast<token_t *>(tok),
+ mAuditId, mEUid, mEGid, mRUid, mRGid,
+ mPid, mSessionId,
+ const_cast<au_tid_t *>(&(mTerminalId.get())));
+ }
+ else
+ {
+ ret = audit_write_failure(event_code, const_cast<char *>(msg),
+ returnCode, mAuditId, mEUid, mEGid,
+ mRUid, mRGid, mPid, mSessionId,
+ const_cast<au_tid_t *>(&(mTerminalId.get())));
+ }
+ if (ret != kAUNoErr)
+ MacOSError::throwMe(ret);
+}
+
+
+} // end namespace CommonCriteria
+} // end namespace Security
projects / apple / security.git / blobdiff