X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/libsecurity_utilities/lib/ccaudit.h diff --git a/libsecurity_utilities/lib/ccaudit.h b/libsecurity_utilities/lib/ccaudit.h deleted file mode 100644 index 9ffa0b34..00000000 --- a/libsecurity_utilities/lib/ccaudit.h +++ /dev/null @@ -1,189 +0,0 @@ -/* - * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved. - * - * The contents of this file constitute Original Code as defined in and are - * subject to the Apple Public Source License Version 1.2 (the 'License'). - * You may not use this file except in compliance with the License. Please obtain - * a copy of the License at http://www.apple.com/publicsource and read it before - * using this file. - * - * This Original Code and all software distributed under the License are - * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS - * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT - * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR - * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the - * specific language governing rights and limitations under the License. - */ - - -#ifndef _H_CCAUDIT -#define _H_CCAUDIT - -#include -#include // audit_token_t -#include // au_tid_t, etc. -#include // AUE_NULL - -namespace Security { -namespace CommonCriteria { - -class AuditToken; - - -/* - * For the most part, we won't have a machine ID to initialize the - * au_tid_t's machine field. There's no machine ID in the audit token, - * for example, since MIG is localhost-only. - */ -class TerminalId: public PodWrapper -{ - public: - TerminalId(); - TerminalId(const TerminalId &t) { set(t); } - TerminalId(const au_tid_t &tid) { set(tid); } - ~TerminalId() { } - - void set(const au_tid_t &tid) { port = tid.port; machine = tid.machine; } -}; - -/* - * audit_token_t provides all the info required for Common Criteria-mandated - * auditing. It's defined in . Its values are filled - * in by the kernel during a Mach RPC and it should be treated as read-only - * thereafter. - */ -class AuditToken { - public: - AuditToken(const audit_token_t &token); - ~AuditToken() { } - - audit_token_t auditToken() const { return mAuditToken; } - uid_t auditId() const { return mAuditId; } - uid_t euid() const { return mEuid; } - gid_t egid() const { return mEgid; } - uid_t ruid() const { return mRuid; } - gid_t rgid() const { return mRgid; } - pid_t pid() const { return mPid; } - au_asid_t sessionId() const { return mSessionId; } - const au_tid_t &terminalId() const { return mTerminalId; } - - private: - audit_token_t mAuditToken; - uid_t mAuditId; - uid_t mEuid; - gid_t mEgid; - uid_t mRuid; - gid_t mRgid; - pid_t mPid; // of client - au_asid_t mSessionId; - TerminalId mTerminalId; -}; - - -/* - * The (new) audit information structure - */ -class AuditInfo : public PodWrapper { -public: - void get(); - void get(au_asid_t session); - void getPid(pid_t pid); - void set(); - void create(uint64_t flags, uid_t auid = AU_DEFAUDITID); - - uid_t uid() const { return this->ai_auid; } - uint64_t flags() const { return this->ai_flags; } - au_asid_t sessionId() const { return this->ai_asid; } - - static AuditInfo current() { AuditInfo info; info.get(); return info; } -}; - - -// XXX/gh 3926739 -// -// NB: Qualify all uses of these names with the namespace (CommonCriteria). -// Existing source code already follows this convention. -enum ExternalErrors -{ - errNone = 0, - errInvalidCredential = 1111, // try to make easier to find in log - errUserCanceled, - errTooManyTries, - errAuthDenied, // "Auth" --> authorization; named to - // avoid conflict with the C symbol - // errAuthorizationDenied already in - // use - errEndOfExternalErrors // sentry/placeholder -}; - - - -class AuditMask -{ - public: - AuditMask(unsigned int s = AUE_NULL, unsigned int f = AUE_NULL) - { - mMask.am_success = s; mMask.am_failure = f; - } - ~AuditMask() { } - const au_mask_t &get(void) const { return mMask; } - - private: - au_mask_t mMask; -}; - - -// audit session state for the current process; only used by Server -class AuditSession -{ - public: - AuditSession(au_id_t auid, au_asid_t sid) - : mAuditId(auid), mSessionId(sid) { } - ~AuditSession() { } - - // set audit info for this process in kernel - void registerSession(void); - - void auditId(au_id_t auid) { mAuditId = auid; } - void eventMask(AuditMask &mask) { mEventMask = mask; } - void terminalId(TerminalId &tid) { mTerminalId = tid; } - void sessionId(au_asid_t sid) { mSessionId = sid; } - - au_id_t auditId(void) { return mAuditId; } - AuditMask &eventMask(void) { return mEventMask; } - TerminalId &terminalId(void) { return mTerminalId; } - au_asid_t sessionId(void) { return mSessionId; } - - private: - au_id_t mAuditId; - AuditMask mEventMask; - TerminalId mTerminalId; - au_asid_t mSessionId; -}; - -// -// For submitting audit records. Not general-purpose: no ability to -// submit arbitrary BSM tokens, for example. However, the SecurityServer -// has only limited auditing requirements under Common Criteria. -// -class AuditRecord -{ - public: - AuditRecord(const AuditToken &auditToken) - : mAuditToken(auditToken) { } - AuditRecord(const audit_token_t &auditToken) - : mAuditToken(auditToken) { } - ~AuditRecord() { } - - // returnCode == 0 --> success; nonzero returnCode --> failure - void submit(const short event_code, const int returnCode, - const char *msg = NULL); - - private: - AuditToken mAuditToken; -}; - -} // end namespace CommonCriteria -} // end namespace Security - -#endif // _H_CCAUDIT