summaryrefslogtreecommitdiffstats
path: root/pki/base/common
diff options
context:
space:
mode:
authorvakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2011-06-09 01:16:00 +0000
committervakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2011-06-09 01:16:00 +0000
commit42c84c55d8c9841cd7319c324f3bca26c7d3cd80 (patch)
tree5aba3e8a72a4109e6e01de809200b0e1861bbe1f /pki/base/common
parent4a7cd900f0f7cda8a44d11baf88fe15075e1d941 (diff)
downloadpki-42c84c55d8c9841cd7319c324f3bca26c7d3cd80.tar.gz
pki-42c84c55d8c9841cd7319c324f3bca26c7d3cd80.tar.xz
pki-42c84c55d8c9841cd7319c324f3bca26c7d3cd80.zip
Bugzilla BZ 707416 - additional audit messages for GetCookie
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2019 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common')
-rw-r--r--pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java6
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java45
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java16
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java6
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java20
5 files changed, 81 insertions, 12 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java
index 64aad508f..a9cdbbf33 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java
@@ -27,8 +27,10 @@ import com.netscape.certsrv.base.BaseResources;
* This interface defines the abstraction for the cookie table.
**/
public interface ISecurityDomainSessionTable {
- public void addEntry(String cookieId, String ip, String uid, String group);
- public void removeEntry(String sessionId);
+ public static final int SUCCESS =0;
+ public static final int FAILURE =1;
+ public int addEntry(String cookieId, String ip, String uid, String group);
+ public int removeEntry(String sessionId);
public boolean isSessionIdExist(String sessionId);
public String getIP(String sessionId);
public String getUID(String sessionId);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
index b78b98b82..7b3e69dc5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
@@ -40,13 +40,16 @@ import org.w3c.dom.*;
public class GetCookie extends CMSServlet {
- private final static String SUCCESS = "0";
- private final static String FAILED = "1";
private static Random mRandom = null;
private final static int SESSION_MAX_AGE = 3600;
private String mErrorFormPath = null;
private String mFormPath = null;
+ private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
+ "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
+ private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME =
+ "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
+
public GetCookie() {
super();
}
@@ -163,11 +166,21 @@ public class GetCookie extends CMSServlet {
}
String cookie = "";
+ String auditMessage = "";
+
if (authToken != null) {
String uid = authToken.getInString("uid");
String groupname = getGroupName(uid, subsystem);
if (groupname != null) {
+
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+ uid,
+ ILogger.SUCCESS,
+ groupname);
+ audit(auditMessage);
+
// assign cookie
long num = mRandom.nextLong();
cookie = num+"";
@@ -186,7 +199,26 @@ public class GetCookie extends CMSServlet {
} catch (Exception e) {
}
- ctable.addEntry(cookie, ip, uid, groupname);
+ String auditParams = "operation;;issue_token+token;;"+ cookie + "+ip;;" + ip +
+ "+uid;;" + uid + "+groupname;;" + groupname;
+
+ int status = ctable.addEntry(cookie, ip, uid, groupname);
+ if (status == ISecurityDomainSessionTable.SUCCESS) {
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
+ uid,
+ ILogger.SUCCESS,
+ auditParams);
+ audit(auditMessage);
+ } else {
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
+ uid,
+ ILogger.FAILURE,
+ auditParams);
+ audit(auditMessage);
+ }
+
try {
String sd_url = "https://"+CMS.getEESSLHost()+":"+CMS.getEESSLPort();
if (!url.startsWith("$")) {
@@ -226,6 +258,13 @@ public class GetCookie extends CMSServlet {
}
} catch (Exception e) {
}
+ } else {
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+ uid,
+ ILogger.FAILURE,
+ "Enterprise " + subsystem + " Administrators");
+ audit(auditMessage);
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java
index 65b98a4ae..5c89e5888 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java
@@ -37,11 +37,12 @@ public class LDAPSecurityDomainSessionTable
m_timeToLive = timeToLive;
}
- public void addEntry(String sessionId, String ip,
+ public int addEntry(String sessionId, String ip,
String uid, String group) {
IConfigStore cs = CMS.getConfigStore();
LDAPConnection conn = null;
boolean sessions_exists = true;
+ int status = FAILURE;
String basedn = null;
String sessionsdn = null;
@@ -50,7 +51,7 @@ public class LDAPSecurityDomainSessionTable
sessionsdn = "ou=sessions,ou=Security Domain," + basedn;
} catch (Exception e) {
CMS.debug("SecurityDomainSessionTable: addEntry: failed to read basedn" + e);
- return;
+ return status;
}
try {
@@ -91,27 +92,31 @@ public class LDAPSecurityDomainSessionTable
entry = new LDAPEntry(entrydn, attrs);
if (sessions_exists) {
conn.add(entry);
+ CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId);
+ status = SUCCESS;
}
- CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId);
} catch(Exception e) {
CMS.debug("SecurityDomainSessionTable: unable to create session entry" + sessionId + ": " + e);
- }
+ }
try {
conn.disconnect();
} catch (Exception e) {
CMS.debug("SecurityDomainSessionTable:addEntry: Error in disconnecting from database: " + e);
}
+ return status;
}
- public void removeEntry(String sessionId) {
+ public int removeEntry(String sessionId) {
IConfigStore cs = CMS.getConfigStore();
LDAPConnection conn = null;
+ int status = FAILURE;
try {
String basedn = cs.getString("internaldb.basedn");
String dn = "cn=" + sessionId + ",ou=sessions,ou=Security Domain," + basedn;
conn = getLDAPConn();
conn.delete(dn);
+ status = SUCCESS;
} catch (Exception e) {
if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)) {
// continue
@@ -124,6 +129,7 @@ public class LDAPSecurityDomainSessionTable
} catch (Exception e) {
CMS.debug("SecurityDomainSessionTable: removeEntry: Error in disconnecting from database: " + e);
}
+ return status;
}
public boolean isSessionIdExist(String sessionId) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java
index dabaee410..b4ee2721c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java
@@ -35,7 +35,7 @@ public class SecurityDomainSessionTable
m_timeToLive = timeToLive;
}
- public void addEntry(String sessionId, String ip,
+ public int addEntry(String sessionId, String ip,
String uid, String group) {
Vector v = new Vector();
v.addElement(ip);
@@ -45,10 +45,12 @@ public class SecurityDomainSessionTable
long t = d.getTime();
v.addElement(Long.valueOf(t));
m_sessions.put(sessionId, v);
+ return SUCCESS;
}
- public void removeEntry(String sessionId) {
+ public int removeEntry(String sessionId) {
m_sessions.remove(sessionId);
+ return SUCCESS;
}
public boolean isSessionIdExist(String sessionId) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java
index 91564d15e..92f2e2568 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java
@@ -20,9 +20,13 @@ package com.netscape.cms.servlet.csadmin;
import java.util.*;
import com.netscape.certsrv.apps.*;
import com.netscape.certsrv.base.*;
+import com.netscape.certsrv.logging.ILogger;
public class SessionTimer extends TimerTask {
private ISecurityDomainSessionTable m_sessiontable = null;
+ private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
+ private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
+ "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
public SessionTimer(ISecurityDomainSessionTable table) {
super();
@@ -40,6 +44,22 @@ public class SessionTimer extends TimerTask {
if ((nowTime-beginTime) > timeToLive) {
m_sessiontable.removeEntry(sessionId);
CMS.debug("SessionTimer run: successfully remove the session id entry from the table.");
+
+ // audit message
+ String auditParams = "operation;;expire_token+token;;" + sessionId;
+ String auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
+ "system",
+ ILogger.SUCCESS,
+ auditParams);
+
+ mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
+ null,
+ ILogger.S_SIGNED_AUDIT,
+ ILogger.LL_SECURITY,
+ auditMessage);
+
+
}
}
}