Bugzilla BZ 707416 - additional audit messages for GetCookie

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2019 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2011-06-09 01:16:00 +0000
committer: vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2011-06-09 01:16:00 +0000
commit: 42c84c55d8c9841cd7319c324f3bca26c7d3cd80 (patch)
tree: 5aba3e8a72a4109e6e01de809200b0e1861bbe1f /pki/base/common
parent: 4a7cd900f0f7cda8a44d11baf88fe15075e1d941 (diff)
download: pki-42c84c55d8c9841cd7319c324f3bca26c7d3cd80.tar.gz
pki-42c84c55d8c9841cd7319c324f3bca26c7d3cd80.tar.xz
pki-42c84c55d8c9841cd7319c324f3bca26c7d3cd80.zip
5 files changed, 81 insertions, 12 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java
index 64aad508f..a9cdbbf33 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java
@@ -27,8 +27,10 @@ import com.netscape.certsrv.base.BaseResources;
  * This interface defines the abstraction for the cookie table.
  **/
 public interface ISecurityDomainSessionTable {
-    public void addEntry(String cookieId, String ip, String uid, String group);
-    public void removeEntry(String sessionId);
+    public static final int SUCCESS =0;
+    public static final int FAILURE =1;
+    public int addEntry(String cookieId, String ip, String uid, String group);
+    public int removeEntry(String sessionId);
     public boolean isSessionIdExist(String sessionId);
     public String getIP(String sessionId);
     public String getUID(String sessionId);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
index b78b98b82..7b3e69dc5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
@@ -40,13 +40,16 @@ import org.w3c.dom.*;
 
 public class GetCookie extends CMSServlet {
 
-    private final static String SUCCESS = "0";
-    private final static String FAILED = "1";
     private static Random mRandom = null;
     private final static int SESSION_MAX_AGE = 3600;
     private String mErrorFormPath = null;
     private String mFormPath = null;
 
+    private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
+        "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
+    private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME =
+        "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
+
     public GetCookie() {
         super();
     }
@@ -163,11 +166,21 @@ public class GetCookie extends CMSServlet {
         } 
 
         String cookie = "";
+        String auditMessage = "";
+       
         if (authToken != null) {
             String uid = authToken.getInString("uid");
             String groupname = getGroupName(uid, subsystem);
 
             if (groupname != null) {
+
+                auditMessage = CMS.getLogMessage(
+                                   LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+                                   uid,
+                                   ILogger.SUCCESS,
+                                   groupname);
+                audit(auditMessage);
+
                 // assign cookie
                 long num = mRandom.nextLong();
                 cookie = num+"";
@@ -186,7 +199,26 @@ public class GetCookie extends CMSServlet {
                 } catch (Exception e) {
                 }
 
-                ctable.addEntry(cookie, ip, uid, groupname);
+                String auditParams = "operation;;issue_token+token;;"+ cookie + "+ip;;" + ip +
+                              "+uid;;" + uid + "+groupname;;" + groupname;
+
+                int status = ctable.addEntry(cookie, ip, uid, groupname);
+                if (status == ISecurityDomainSessionTable.SUCCESS) {
+                    auditMessage = CMS.getLogMessage(
+                                       LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
+                                       uid,
+                                       ILogger.SUCCESS,
+                                       auditParams);
+                    audit(auditMessage);
+                } else {
+                    auditMessage = CMS.getLogMessage(
+                                       LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
+                                       uid,
+                                       ILogger.FAILURE,
+                                       auditParams);
+                    audit(auditMessage);
+                }
+
                 try {
                     String sd_url = "https://"+CMS.getEESSLHost()+":"+CMS.getEESSLPort();
                     if (!url.startsWith("$")) {
@@ -226,6 +258,13 @@ public class GetCookie extends CMSServlet {
                     }
                 } catch (Exception e) {
                 }
+            } else {
+                auditMessage = CMS.getLogMessage(
+                                   LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+                                   uid,
+                                   ILogger.FAILURE,
+                                   "Enterprise " + subsystem + " Administrators");
+                audit(auditMessage);
             }
         }
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java
index 65b98a4ae..5c89e5888 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java
@@ -37,11 +37,12 @@ public class LDAPSecurityDomainSessionTable
         m_timeToLive = timeToLive;
     }
 
-    public void addEntry(String sessionId, String ip, 
+    public int addEntry(String sessionId, String ip, 
       String uid, String group) {
         IConfigStore cs = CMS.getConfigStore();
         LDAPConnection conn = null;
         boolean sessions_exists = true;
+        int status = FAILURE;
 
         String basedn = null;
         String sessionsdn = null;
@@ -50,7 +51,7 @@ public class LDAPSecurityDomainSessionTable
             sessionsdn = "ou=sessions,ou=Security Domain," + basedn;
         } catch (Exception e) {
             CMS.debug("SecurityDomainSessionTable: addEntry: failed to read basedn" + e);
-            return;
+            return status;
         }
 
         try {
@@ -91,27 +92,31 @@ public class LDAPSecurityDomainSessionTable
             entry = new LDAPEntry(entrydn, attrs);
             if (sessions_exists) {
                 conn.add(entry);
+                CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId);
+                status = SUCCESS;
             }
-            CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId);
         } catch(Exception e) {
             CMS.debug("SecurityDomainSessionTable: unable to create session entry" + sessionId + ": " + e);
-        }
+        } 
 
         try {
             conn.disconnect();
         } catch (Exception e) {
             CMS.debug("SecurityDomainSessionTable:addEntry: Error in disconnecting from database: " + e);
         }
+        return status;
     }
 
-    public void removeEntry(String sessionId) {
+    public int removeEntry(String sessionId) {
         IConfigStore cs = CMS.getConfigStore();
         LDAPConnection conn = null;
+        int status = FAILURE;
         try {
             String basedn = cs.getString("internaldb.basedn");
             String dn = "cn=" + sessionId + ",ou=sessions,ou=Security Domain," + basedn;
             conn = getLDAPConn();
             conn.delete(dn);
+            status = SUCCESS;
         } catch (Exception e) {
             if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)) {
                 // continue
@@ -124,6 +129,7 @@ public class LDAPSecurityDomainSessionTable
         } catch (Exception e) {
             CMS.debug("SecurityDomainSessionTable: removeEntry: Error in disconnecting from database: " + e);
         }
+        return status;
     }
 
     public boolean isSessionIdExist(String sessionId) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java
index dabaee410..b4ee2721c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java
@@ -35,7 +35,7 @@ public class SecurityDomainSessionTable
         m_timeToLive = timeToLive;
     }
 
-    public void addEntry(String sessionId, String ip, 
+    public int addEntry(String sessionId, String ip, 
       String uid, String group) {
         Vector v = new Vector();
         v.addElement(ip);
@@ -45,10 +45,12 @@ public class SecurityDomainSessionTable
         long t = d.getTime();
         v.addElement(Long.valueOf(t));
         m_sessions.put(sessionId, v);
+        return SUCCESS;
     }
 
-    public void removeEntry(String sessionId) {
+    public int removeEntry(String sessionId) {
         m_sessions.remove(sessionId);
+        return SUCCESS;
     }
 
     public boolean isSessionIdExist(String sessionId) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java
index 91564d15e..92f2e2568 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java
@@ -20,9 +20,13 @@ package com.netscape.cms.servlet.csadmin;
 import java.util.*;
 import com.netscape.certsrv.apps.*;
 import com.netscape.certsrv.base.*;
+import com.netscape.certsrv.logging.ILogger;
 
 public class SessionTimer extends TimerTask {
     private ISecurityDomainSessionTable m_sessiontable = null;
+    private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
+    private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
+        "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
 
     public SessionTimer(ISecurityDomainSessionTable table) {
         super();
@@ -40,6 +44,22 @@ public class SessionTimer extends TimerTask {
             if ((nowTime-beginTime) > timeToLive) {
                 m_sessiontable.removeEntry(sessionId);
                 CMS.debug("SessionTimer run: successfully remove the session id entry from the table.");
+                
+                // audit message
+                String auditParams = "operation;;expire_token+token;;" + sessionId;
+                String auditMessage = CMS.getLogMessage(
+                                         LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
+                                         "system",
+                                         ILogger.SUCCESS,
+                                         auditParams);
+
+                mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
+                                       null,
+                                       ILogger.S_SIGNED_AUDIT,
+                                       ILogger.LL_SECURITY,
+                                       auditMessage);
+
+                
             }
         }
     }
author	vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2011-06-09 01:16:00 +0000
committer	vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2011-06-09 01:16:00 +0000
commit	42c84c55d8c9841cd7319c324f3bca26c7d3cd80 (patch)
tree	5aba3e8a72a4109e6e01de809200b0e1861bbe1f /pki/base/common
parent	4a7cd900f0f7cda8a44d11baf88fe15075e1d941 (diff)
download	pki-42c84c55d8c9841cd7319c324f3bca26c7d3cd80.tar.gz pki-42c84c55d8c9841cd7319c324f3bca26c7d3cd80.tar.xz pki-42c84c55d8c9841cd7319c324f3bca26c7d3cd80.zip