diff options
author | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-12-08 01:58:26 +0000 |
---|---|---|
committer | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-12-08 01:58:26 +0000 |
commit | 4424a5d25c860a3b6a1f63b717891f982a6029aa (patch) | |
tree | 73ed583d6ee062281e38f0c69b0b75fc007b3905 /pki/base/tps | |
parent | eb16929f9f7ff46209d5d6e1b83f4f1650802866 (diff) | |
download | pki-4424a5d25c860a3b6a1f63b717891f982a6029aa.tar.gz pki-4424a5d25c860a3b6a1f63b717891f982a6029aa.tar.xz pki-4424a5d25c860a3b6a1f63b717891f982a6029aa.zip |
Bugzilla Bug 223314 - AOL: Better activities logs
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1610 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/tps')
-rw-r--r-- | pki/base/tps/src/include/processor/RA_Processor.h | 2 | ||||
-rw-r--r-- | pki/base/tps/src/modules/tokendb/mod_tokendb.cpp | 103 | ||||
-rw-r--r-- | pki/base/tps/src/processor/RA_Enroll_Processor.cpp | 93 | ||||
-rw-r--r-- | pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp | 21 | ||||
-rw-r--r-- | pki/base/tps/src/processor/RA_Processor.cpp | 41 | ||||
-rw-r--r-- | pki/base/tps/src/tus/tus_db.c | 4 |
6 files changed, 178 insertions, 86 deletions
diff --git a/pki/base/tps/src/include/processor/RA_Processor.h b/pki/base/tps/src/include/processor/RA_Processor.h index 66097ae08..74e869a52 100644 --- a/pki/base/tps/src/include/processor/RA_Processor.h +++ b/pki/base/tps/src/include/processor/RA_Processor.h @@ -201,7 +201,7 @@ class RA_Processor protected: RA_Status Format(RA_Session *session, NameValueSet *extensions, bool skipAuth); - bool RevokeCertificates(char *cuid, char *audit_msg, + bool RevokeCertificates(RA_Session *session, char *cuid, char *audit_msg, char *final_applet_version, char *keyVersion, char *tokenType, char *userid, RA_Status &status ); diff --git a/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp index fd2c630c3..65d3c3297 100644 --- a/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp +++ b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp @@ -3765,13 +3765,13 @@ mod_tokendb_handler( request_rec *rq ) if (statusNum != 0) { // revocation errors if( strcmp( revokeReason, "6" ) == 0 ) { PR_snprintf((char *)msg, 256, "Errors in marking certificate on_hold '%s' : %s", attr_cn, statusString); - RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType); RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid, "Failure", "revoked_on_hold", serial, connid, statusString); } else { PR_snprintf((char *)msg, 256, "Errors in revoking certificate '%s' : %s", attr_cn, statusString); - RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType); RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid, "Failure", "revoke", serial, connid, statusString); @@ -3780,14 +3780,14 @@ mod_tokendb_handler( request_rec *rq ) // update certificate status if( strcmp( revokeReason, "6" ) == 0 ) { PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked_on_hold", attr_cn); - RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType); update_cert_status( attr_cn, "revoked_on_hold" ); RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid, "Success", "revoked_on_hold", serial, connid, ""); } else { PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked", attr_cn); - RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType); update_cert_status( attr_cn, "revoked" ); RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid, @@ -3844,6 +3844,10 @@ mod_tokendb_handler( request_rec *rq ) PR_snprintf(pString, 512, "tokenStatus;;lost+tokenReason;;destroyed"); RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked physically damaged, rc=-1"); + PR_snprintf((char *)msg, 256, "Failed to update token status as physically damaged"); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", + msg, cuidUserId, tokenType); + PR_snprintf( injection, MAX_INJECTION_SIZE, "%s%s%s%s", JS_START, "var error = \"Failed to create LDAPMod: ", @@ -3870,6 +3874,10 @@ mod_tokendb_handler( request_rec *rq ) PR_snprintf(pString, 512, "tokenStatus;;lost+tokenReason;;destroyed"); RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked physically damaged, rc>0"); + PR_snprintf((char *)msg, 256, "Failed to update token status as physically damaged"); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", + msg, cuidUserId, tokenType); + PR_snprintf( injection, MAX_INJECTION_SIZE, "%s%s%s%s%s", JS_START, "var error = \"LDAP mod error: ", @@ -3897,6 +3905,10 @@ mod_tokendb_handler( request_rec *rq ) PR_snprintf(pString, 512, "tokenStatus;;lost+tokenReason;;destroyed"); RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Success", oString, pString, "token marked physically damaged"); + PR_snprintf((char *)msg, 256, "Token marked as physically damaged"); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", + msg, cuidUserId, tokenType); + /* Is this token permanently lost? */ } else if(((q == 2) && (transition_allowed(token_ui_state, 2))) || ((q == 6) && (transition_allowed(token_ui_state, 6)))) { @@ -3976,13 +3988,13 @@ mod_tokendb_handler( request_rec *rq ) if (statusNum != 0) { // revocation errors if( strcmp( revokeReason, "6" ) == 0 ) { PR_snprintf((char *)msg, 256, "Errors in marking certificate on_hold '%s' : %s", attr_cn, statusString); - RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType); RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid, "Failure", "revoked_on_hold", serial, connid, statusString); } else { PR_snprintf((char *)msg, 256, "Errors in revoking certificate '%s' : %s", attr_cn, statusString); - RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType); RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid, "Failure", "revoke", serial, connid, statusString); @@ -3991,14 +4003,14 @@ mod_tokendb_handler( request_rec *rq ) // update certificate status if( strcmp( revokeReason, "6" ) == 0 ) { PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked_on_hold", attr_cn); - RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType); update_cert_status( attr_cn, "revoked_on_hold" ); RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid, "Success", "revoked_on_hold", serial, connid, ""); } else { PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked", attr_cn); - RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType); update_cert_status( attr_cn, "revoked" ); RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid, @@ -4064,9 +4076,13 @@ mod_tokendb_handler( request_rec *rq ) if( rc == -1 ) { if (q == 6) { /* terminated*/ RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked terminated, rc=-1"); + PR_snprintf((char *)msg, 256, "Failure in updating token status to terminated"); } else { RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked permanently lost, rc=-1"); + PR_snprintf((char *)msg, 256, "Failure in updating token status to permanently lost"); } + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", + msg, cuidUserId, tokenType); PR_snprintf( injection, MAX_INJECTION_SIZE, "%s%s%s%s", JS_START, @@ -4090,9 +4106,14 @@ mod_tokendb_handler( request_rec *rq ) } else if( rc > 0 ) { if (q == 6) { /* terminated*/ RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked terminated, rc=>0"); + PR_snprintf((char *)msg, 256, "Failure in updating token status to terminated"); } else { RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked permanently lost, rc>0"); + PR_snprintf((char *)msg, 256, "Failure in updating token status to permanently lost"); } + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", + msg, cuidUserId, tokenType); + PR_snprintf( injection, MAX_INJECTION_SIZE, "%s%s%s%s%s", JS_START, "var error = \"LDAP mod error: ", @@ -4117,9 +4138,13 @@ mod_tokendb_handler( request_rec *rq ) } if (q == 6) { /* terminated*/ RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Success", oString, pString, "token marked terminated"); + PR_snprintf((char *)msg, 256, "Token marked terminated"); } else { RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Success", oString, pString, "token marked permanently lost"); + PR_snprintf((char *)msg, 256, "Token marked permanently lost"); } + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", + msg, cuidUserId, tokenType); /* Is this token temporarily lost? */ } else if(( q == 3 ) && (transition_allowed(token_ui_state, 3))) { @@ -4200,13 +4225,13 @@ mod_tokendb_handler( request_rec *rq ) if (statusNum != 0) { // revocation errors if( strcmp( revokeReason, "6" ) == 0 ) { PR_snprintf((char *)msg, 256, "Errors in marking certificate on_hold '%s' : %s", attr_cn, statusString); - RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType); RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid, "Failure", "revoked_on_hold", serial, connid, statusString); } else { PR_snprintf((char *)msg, 256, "Errors in revoking certificate '%s' : %s", attr_cn, statusString); - RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType); RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid, "Failure", "revoke", serial, connid, statusString); @@ -4216,14 +4241,14 @@ mod_tokendb_handler( request_rec *rq ) // update certificate status if( strcmp( revokeReason, "6" ) == 0 ) { PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked_on_hold", attr_cn); - RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType); update_cert_status( attr_cn, "revoked_on_hold" ); RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid, "Success", "revoked_on_hold", serial, connid, ""); } else { PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked", attr_cn); - RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType); update_cert_status( attr_cn, "revoked" ); RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid, @@ -4270,6 +4295,11 @@ mod_tokendb_handler( request_rec *rq ) PR_snprintf(pString, 512, "tokenStatus;;lost+tokenReason;;onHold"); if (revocation_errors) { RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked temporarily lost failed, failed to revoke certificates"); + + PR_snprintf((char *)msg, 256, "Failed to revoke certificates"); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", + msg, cuidUserId, tokenType); + error_out("Errors in revoking certificates.", "Errors in revoking certificates."); do_free(buf); do_strfree(uri); @@ -4282,6 +4312,10 @@ mod_tokendb_handler( request_rec *rq ) if( rc == -1 ) { RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked temporarily lost, rc=-1"); + PR_snprintf((char *)msg, 256, "Failed to update token status as temporarily lost"); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", + msg, cuidUserId, tokenType); + PR_snprintf( injection, MAX_INJECTION_SIZE, "%s%s%s%s", JS_START, "var error = \"Failed to create LDAPMod: ", @@ -4303,6 +4337,10 @@ mod_tokendb_handler( request_rec *rq ) } else if( rc > 0 ) { RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked temporarily lost, rc>0"); + PR_snprintf((char *)msg, 256, "Failed to update token status as temporarily lost"); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", + msg, cuidUserId, tokenType); + PR_snprintf( injection, MAX_INJECTION_SIZE, "%s%s%s%s%s", JS_START, "var error = \"LDAP mod error: ", @@ -4326,6 +4364,9 @@ mod_tokendb_handler( request_rec *rq ) return DONE; } RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Success", oString, pString, "token marked temporarily lost"); + PR_snprintf((char *)msg, 256, "Token marked temporarily lost"); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", + msg, cuidUserId, tokenType); /* Is this temporarily lost token found? */ } else if(( q == 4 ) && ( transition_allowed(token_ui_state, 4) )) { @@ -4397,14 +4438,14 @@ mod_tokendb_handler( request_rec *rq ) if (statusNum == 0) { PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as active", attr_cn); - RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType); update_cert_status( attr_cn, "active" ); RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid, "Success", "unrevoke", serial, connid, ""); } else { PR_snprintf((char *)msg, 256, "Errors in unrevoking Certificate '%s': %s", attr_cn, statusString); - RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType); RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid, "Failure", "unrevoke", serial, connid, statusString); @@ -4450,8 +4491,11 @@ mod_tokendb_handler( request_rec *rq ) if( rc == -1 ) { RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "lost token marked found, rc=-1"); - error_out("Failed to create LDAPMod: ", "Failed to create LDAPMod"); + PR_snprintf((char *)msg, 256, "Failed to update lost token status as found"); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", + msg, cuidUserId, tokenType); + error_out("Failed to create LDAPMod: ", "Failed to create LDAPMod"); do_free(buf); do_strfree(uri); do_strfree(query); @@ -4459,8 +4503,11 @@ mod_tokendb_handler( request_rec *rq ) return DONE; } else if( rc > 0 ) { RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "lost token marked found, rc>0"); - ldap_error_out("LDAP mod error: ", "LDAP error: %s"); + PR_snprintf((char *)msg, 256, "Failed to update lost token status as found"); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", + msg, cuidUserId, tokenType); + ldap_error_out("LDAP mod error: ", "LDAP error: %s"); do_free(buf); do_strfree(uri); do_strfree(query); @@ -4468,6 +4515,9 @@ mod_tokendb_handler( request_rec *rq ) return DONE; } RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Success", oString, pString, "lost token marked found"); + PR_snprintf((char *)msg, 256, "Lost token marked found"); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", + msg, cuidUserId, tokenType); /* Does this temporarily lost token become permanently lost? */ } else if ( (q == 5) && (transition_allowed(token_ui_state, 5)) ) { @@ -4567,21 +4617,21 @@ mod_tokendb_handler( request_rec *rq ) statusString ); if (statusNum == 0) { PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked", attr_cn); - RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType); update_cert_status( attr_cn, "revoked" ); RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid, "Success", "revoke", serial, connid, ""); } else { PR_snprintf((char *)msg, 256, "Errors in revoking Certificate '%s' : %s", attr_cn, statusString); - RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType); RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid, "Failure", "revoke", serial, connid, statusString); } } else { PR_snprintf((char *)msg, 256, "Errors in unrevoking Certificate '%s' : %s", attr_cn, statusString); - RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType); RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid, "Failure", "unrevoke", serial, connid, statusString); @@ -4628,6 +4678,10 @@ mod_tokendb_handler( request_rec *rq ) PR_snprintf(oString, 512, "token_id;;%s", cuid); PR_snprintf(pString, 512, "tokenStatus;;lost+tokenReason;;keyCompromise"); RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Success", oString, pString, "lost token marked permanently lost"); + + PR_snprintf((char *)msg, 256, "Lost token marked permanently lost"); + RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", + msg, cuidUserId, tokenType); } else { // invalid operation or transition error_out("Transition or operation not allowed", "Transition or operation not allowed"); @@ -6744,6 +6798,9 @@ mod_tokendb_handler( request_rec *rq ) } RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Success", oString, pLongString, "token record modified"); + PR_snprintf((char *)msg, 256, "Token record modified by %s", userid); + RA::tdb_activity(rq->connection->remote_ip, cuid, "save", "success", + msg, cuidUserId, tokenType); PR_snprintf( injection, MAX_INJECTION_SIZE, "%s%s%s%s%s%s%s%s%s%s", JS_START, @@ -6999,10 +7056,6 @@ mod_tokendb_handler( request_rec *rq ) PL_strcpy(tokenType, NO_TOKEN_TYPE); } - PR_snprintf((char *)msg, 256, - "'%s' has created new token", userid); - RA::tdb_activity(rq->connection->remote_ip, filter, "add", "token", msg, "", tokenType); - if( strcmp( filter, "" ) == 0 ) { error_out("No Token ID Found", "Failed to authorize request"); do_free(buf); @@ -7027,6 +7080,10 @@ mod_tokendb_handler( request_rec *rq ) RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Admin", "Success", oString, "", "token record added"); + PR_snprintf((char *)msg, 256, + "'%s' has created new token", userid); + RA::tdb_activity(rq->connection->remote_ip, filter, "add", "token", msg, "success", tokenType); + PR_snprintf( injection, MAX_INJECTION_SIZE, "%s%s%s%s%s%s%s%s%s%s%s", JS_START, "var uriBase = \"", uri, "\";\n", diff --git a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp index facdcfda9..183f4717e 100644 --- a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp +++ b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp @@ -224,6 +224,8 @@ RA_Status RA_Enroll_Processor::DoEnrollment(AuthParams *login, RA_Session *sessi char audit_msg[512] = ""; char *keyVersion = NULL; + char cert_serial[2048] = ""; + char activity_msg[4096] = ""; float progress_block_size = (float) (end_progress - start_progress) / keyTypeNum; RA::Debug(LL_PER_CONNECTION,FN, @@ -582,14 +584,13 @@ RA_Status RA_Enroll_Processor::DoEnrollment(AuthParams *login, RA_Session *sessi certificates[index] = CERT_DecodeCertFromPackage((char *) cert_string, (int) cert->size()); if (certificates[index] != NULL) { - char msg[2048]; - RA::ra_tus_print_integer(msg, &certificates[index]->serialNumber); + RA::ra_tus_print_integer(cert_serial, &certificates[index]->serialNumber); RA::Debug("DoEnrollment", "Received Certificate"); - RA::Debug("DoEnrollment", msg); + RA::Debug("DoEnrollment", cert_serial); RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC_CERT_REQ, userid, cuid, msn, "success", "enrollment", applet_version, - (keyVersion != NULL) ? keyVersion : "", msg, connid, "certificate received"); + (keyVersion != NULL) ? keyVersion : "", cert_serial, connid, "certificate received"); } free(cert_string); ktypes[index] = PL_strdup(keyType); @@ -886,6 +887,7 @@ RA_Status RA_Enroll_Processor::DoEnrollment(AuthParams *login, RA_Session *sessi } RA::Debug(LL_PER_CONNECTION,FN, "End of keygen/certificate enrollment"); + PR_snprintf(activity_msg, 4096, "certificate %s stored on token", cert_serial); RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC, userid != NULL ? userid : "", cuid != NULL ? cuid : "", @@ -894,7 +896,16 @@ RA_Status RA_Enroll_Processor::DoEnrollment(AuthParams *login, RA_Session *sessi "enrollment", applet_version != NULL ? applet_version : "", keyVersion != NULL? keyVersion : "", - "certificate stored on token"); + activity_msg); + + RA::tdb_activity(session->GetRemoteIP(), + (char *) cuid, + "enrollment", + "success", + activity_msg, + userid != NULL? userid : "", + tokenType); + loser: if (strlen(audit_msg) > 0) { // a failure occurred RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC, @@ -906,6 +917,16 @@ loser: applet_version != NULL ? applet_version : "", keyVersion != NULL? keyVersion : "", audit_msg); + + if ((cuid != NULL) && (tokenType != NULL)) { + RA::tdb_activity(session->GetRemoteIP(), + (char *) cuid, + "enrollment", + "failure", + audit_msg, + userid != NULL? userid : "", + tokenType); + } } if( keyVersion != NULL ) { @@ -1643,7 +1664,6 @@ bool RA_Enroll_Processor::CheckAndUpgradeSymKeys( RA::Error(FN, "failed to establish secure channel"); o_status = STATUS_ERROR_SECURE_CHANNEL; - RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "secure channel error", "", a_tokenType); goto loser; } @@ -1654,8 +1674,6 @@ bool RA_Enroll_Processor::CheckAndUpgradeSymKeys( RA::Error(FN, "External authentication in secure channel failed"); o_status = STATUS_ERROR_EXTERNAL_AUTH; /* XXX should print out error codes */ - RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "external authentication error", "", a_tokenType); - PR_snprintf(audit_msg, 512, "enrollment processing, external authentication error"); goto loser; } @@ -1687,8 +1705,6 @@ bool RA_Enroll_Processor::CheckAndUpgradeSymKeys( if (rc != 1) { RA::Error(FN, "failed to create new key set"); o_status = STATUS_ERROR_CREATE_CARDMGR; - RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "create card key error", "", a_tokenType); - PR_snprintf(audit_msg, 512, "enrollment processing, create card key error"); goto loser; } @@ -1709,6 +1725,16 @@ bool RA_Enroll_Processor::CheckAndUpgradeSymKeys( a_userid, a_cuid, a_msn, "Failure", "enrollment", a_applet_version, curVersion, ((BYTE*)newVersion)[0], "key changeover"); + + if ((a_cuid != NULL) && (a_tokenType != NULL)) { + RA::tdb_activity(a_session->GetRemoteIP(), + a_cuid, + "enrollment", + "failure", + "key changeover failed", + a_userid != NULL? a_userid : "", + a_tokenType); + } goto loser; } else { RA::Audit(EV_KEY_CHANGEOVER, AUDIT_MSG_KEY_CHANGEOVER, @@ -1732,8 +1758,6 @@ bool RA_Enroll_Processor::CheckAndUpgradeSymKeys( if (o_channel == NULL) { RA::Error(FN, "failed to establish secure channel after reselect"); o_status = STATUS_ERROR_CREATE_CARDMGR; - RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "secure channel setup error", "", a_tokenType); - PR_snprintf(audit_msg, 512, "enrollment processing, secure channel setup error after reselect"); goto loser; } else { @@ -1778,6 +1802,16 @@ loser: a_applet_version != NULL ? a_applet_version : "", a_key_version != NULL? a_key_version : "", audit_msg); + + if ((a_cuid != NULL) && (a_tokenType != NULL)) { + RA::tdb_activity(a_session->GetRemoteIP(), + a_cuid, + "enrollment", + "failure", + audit_msg, + a_userid != NULL? a_userid : "", + a_tokenType); + } } return r; @@ -1898,7 +1932,6 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue if ((profile_state != NULL) && (PL_strcmp(profile_state, "Enabled") != 0)) { RA::Error(FN, "Profile %s Disabled for CUID %s", tokenType, cuid); status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND; - RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "profile disabled", "", tokenType); PR_snprintf(audit_msg, 512, "profile %s disabled", tokenType); goto loser; } @@ -1908,7 +1941,6 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue if (RA::ra_is_tus_db_entry_disabled(cuid)) { RA::Error(FN, "CUID %s Disabled", cuid); status = STATUS_ERROR_DISABLED_TOKEN; - RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "token disabled", "", tokenType); PR_snprintf(audit_msg, 512, "token disabled"); goto loser; } @@ -1925,7 +1957,6 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue !do_force_format) { RA::Error(FN, "CUID %s Re-Enrolled Disallowed", cuid); status = STATUS_ERROR_DISABLED_TOKEN; - RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "token re-enrollment or renewal disallowed", "", tokenType); PR_snprintf(audit_msg, 512, "token re-enrollment or renewal disallowed"); goto loser; } @@ -1938,7 +1969,6 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue if (!RA::GetConfigStore()->GetConfigAsBool(configname, 1)) { RA::Error(FN, "CUID %s Enroll Unknown Token", cuid); status = STATUS_ERROR_DISABLED_TOKEN; - RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "unknown token disallowed", "", tokenType); PR_snprintf(audit_msg, 512, "unknown token disallowed"); goto loser; } @@ -1969,7 +1999,6 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue if (tksid == NULL) { RA::Error(FN, "TKS Connection Parameter %s Not Found", configname); status = STATUS_ERROR_DEFAULT_TOKENTYPE_NOT_FOUND; - RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "token type TKS connection parameter not found", "", tokenType); PR_snprintf(audit_msg, 512, "token type TKS connection parameter not found"); goto loser; } @@ -2085,7 +2114,6 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue if (channel == NULL) { RA::Error(FN, "no good channel"); status = STATUS_ERROR_CREATE_CARDMGR; - RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "secure channel setup error", "",tokenType); PR_snprintf(audit_msg, 512, "secure channel setup error"); goto loser; } @@ -2104,7 +2132,6 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue if (rc == -1) { RA::Error(FN, "external authenticate failed"); status = STATUS_ERROR_CREATE_CARDMGR; - RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "external authentication error", "", tokenType); PR_snprintf(audit_msg, 512, "external authentication error"); goto loser; } @@ -2124,7 +2151,6 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue RA::Error(FN, "new pin request failed"); status = STATUS_ERROR_MAC_RESET_PIN_PDU; - RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "new pin request error", "", tokenType); PR_snprintf(audit_msg, 512, "new pin request error"); goto loser; } @@ -2156,7 +2182,6 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue "create pin failed"); status = STATUS_ERROR_MAC_RESET_PIN_PDU; - RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "create pin request error", "", tokenType); PR_snprintf(audit_msg, 512, "create pin request error"); goto loser; } @@ -2181,8 +2206,7 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue "reset pin failed"); status = STATUS_ERROR_MAC_RESET_PIN_PDU; - RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "reset pin request error", "", tokenType); - PR_snprintf(audit_msg, 512, "reset pin request error"); + PR_snprintf(audit_msg, 512, "reset pin request error"); goto loser; } @@ -2232,7 +2256,6 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue RA::Error("RA_Enroll_Processor::Process", "encryt data failed"); status = STATUS_ERROR_MAC_ENROLL_PDU; - RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "challenge encryption error", "", tokenType); PR_snprintf(audit_msg, 512, "challenge encryption error"); goto loser; } @@ -2620,7 +2643,6 @@ op.enroll.certificates.caCert.label=caCert Label RA::Error("RA_Enroll_Processor::Process", "Set life cycle state failed"); status = STATUS_ERROR_MAC_LIFESTYLE_PDU; - RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "set life cycle state error", "", tokenType); PR_snprintf(audit_msg, 512, "set life cycle state error"); goto loser; } @@ -2630,7 +2652,6 @@ op.enroll.certificates.caCert.label=caCert Label RA::Error("RA_Enroll_Processor::Process", "Failed to close channel"); status = STATUS_ERROR_CONNECTION; - RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "channel not closed", "", tokenType); PR_snprintf(audit_msg, 512, "channel not closed"); goto loser; } @@ -2692,6 +2713,16 @@ loser: final_applet_version != NULL ? final_applet_version : "", keyVersion != NULL ? keyVersion : "", audit_msg); + + if ((cuid != NULL) && (tokenType != NULL)) { + RA::tdb_activity(session->GetRemoteIP(), + cuid, + "renewal", + "failure", + audit_msg, + userid != NULL? userid : "", + tokenType); + } } else { RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC, userid != NULL ? userid : "", @@ -2702,6 +2733,16 @@ loser: final_applet_version != NULL ? final_applet_version : "", keyVersion != NULL ? keyVersion : "", audit_msg); + + if ((cuid != NULL) && (tokenType != NULL)) { + RA::tdb_activity(session->GetRemoteIP(), + cuid, + "enrollment", + "failure", + audit_msg, + userid != NULL? userid : "", + tokenType); + } } } diff --git a/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp b/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp index 46ca44b07..e8c702b9f 100644 --- a/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp +++ b/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp @@ -197,7 +197,6 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa if ((profile_state != NULL) && (PL_strcmp(profile_state, "Enabled") != 0)) { RA::Error("RA_Pin_Reset_Processor::Process", "Profile %s Disabled for CUID %s", tokenType, cuid); status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND; - RA::tdb_activity(session->GetRemoteIP(), cuid, "pin_reset", "failure", "profile disabled", "", tokenType); PR_snprintf(audit_msg, 512, "profile %s disabled", tokenType); goto loser; } @@ -206,7 +205,6 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa RA::Error("RA_Pin_Reset_Processor::Process", "CUID %s Disabled", cuid); status = STATUS_ERROR_DISABLED_TOKEN; - RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "token disabled", "", tokenType); PR_snprintf(audit_msg, 512, "Token disabled, status = STATUS_ERROR_DISABLED_TOKEN"); goto loser; } @@ -226,7 +224,6 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa RA::Error("RA_Pin_Reset_Processor::Process", "CUID %s Cannot Pin Reset", cuid); status = STATUS_ERROR_NOT_PIN_RESETABLE; - RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "pin not resetable", "", tokenType); PR_snprintf(audit_msg, 512, "token cannot pin reset, status = STATUS_ERROR_PIN_RESETABLE"); goto loser; } @@ -263,7 +260,6 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa RA::Error("RA_Pin_Reset_Processor::Process", "no applet found and applet upgrade not enabled"); status = STATUS_ERROR_SECURE_CHANNEL; - RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "secure channel not established", "", tokenType); PR_snprintf(audit_msg, 512, "no applet found and applet upgrade not enabled, status = STATUS_ERROR_SECURE_CHANNEL"); goto loser; } @@ -323,7 +319,6 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa RA::Error("RA_Pin_Reset_Processor::Process", "upgrade failure"); status = STATUS_ERROR_UPGRADE_APPLET; - RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "applet upgrade error", "", tokenType); /** * Bugscape #55709: Re-select Net Key Applet ONLY on failure. */ @@ -372,7 +367,6 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa RA::Error("RA_Pin_Reset_Processor::Process", "setup secure channel failure"); status = STATUS_ERROR_SECURE_CHANNEL; - RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "secure channel not established", "", tokenType); PR_snprintf(audit_msg, 512, "setup secure channel failure, status = STATUS_ERROR_SECURE_CHANNEL"); goto loser; } @@ -382,7 +376,6 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa RA::Error("RA_Pin_Reset_Processor::Process", "External authentication in secure channel failed"); status = STATUS_ERROR_EXTERNAL_AUTH; - RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "external authentication error", "", tokenType); PR_snprintf(audit_msg, 512, "External authentication in secure channel failed, status = STATUS_ERROR_EXTERNAL_AUTH"); goto loser; } @@ -403,7 +396,6 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa RA::Error("RA_Pin_Reset_Processor::Process", "failed to create new key set"); status = STATUS_ERROR_CREATE_CARDMGR; - RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "create key set error", "", tokenType); PR_snprintf(audit_msg, 512, "failed to create new key set, status = STATUS_ERROR_CREATE_CARDMGR"); goto loser; } @@ -439,7 +431,6 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa RA::Error("RA_Pin_Reset_Processor::Process", "setup secure channel failure"); status = STATUS_ERROR_CREATE_CARDMGR; - RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "secure channel not established", "", tokenType); PR_snprintf(audit_msg, 512, "setup secure channel failure, status = STATUS_ERROR_CREATE_CARDMGR"); goto loser; } @@ -466,7 +457,6 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa RA::Error("RA_Pin_Reset_Processor::Process", "no channel creation failure"); status = STATUS_ERROR_CREATE_CARDMGR; - RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "secure channel not established", "", tokenType); PR_snprintf(audit_msg, 512, "no channel creation failure, status = STATUS_ERROR_CREATE_CARDMGR"); goto loser; } @@ -556,7 +546,6 @@ locale), RA::Error("RA_Pin_Reset_Processor::Process", "login not provided"); status = STATUS_ERROR_LOGIN; - RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "login not found", "", tokenType); PR_snprintf(audit_msg, 512, "login not provided, status = STATUS_ERROR_LOGIN"); goto loser; @@ -872,6 +861,16 @@ loser: final_applet_version != NULL ? final_applet_version : "", keyVersion != NULL? keyVersion : "", audit_msg); + + if ((cuid != NULL) && (tokenType != NULL)) { + RA::tdb_activity(session->GetRemoteIP(), + cuid, + "pin_reset", + "failure", + audit_msg, + userid != NULL ? userid : "", + tokenType); + } } if( token_status != NULL ) { diff --git a/pki/base/tps/src/processor/RA_Processor.cpp b/pki/base/tps/src/processor/RA_Processor.cpp index 3daa252ee..59ec9ea1d 100644 --- a/pki/base/tps/src/processor/RA_Processor.cpp +++ b/pki/base/tps/src/processor/RA_Processor.cpp @@ -2441,7 +2441,7 @@ loser: return status; } -bool RA_Processor::RevokeCertificates(char *cuid,char *audit_msg, +bool RA_Processor::RevokeCertificates(RA_Session *session, char *cuid,char *audit_msg, char *final_applet_version, char *keyVersion, char *tokenType, @@ -2452,6 +2452,7 @@ bool RA_Processor::RevokeCertificates(char *cuid,char *audit_msg, char *statusString = NULL; char configname[256]; char filter[512]; + char activity_msg[512]; char serial[100]; int rc = 0; int statusNum; @@ -2536,10 +2537,14 @@ bool RA_Processor::RevokeCertificates(char *cuid,char *audit_msg, if (statusNum == 0) { RA::Audit(EV_FORMAT, AUDIT_MSG_CERT_STATUS_CHANGE, userid, "Success", "revoke", serial, connid, ""); + PR_snprintf(activity_msg, 512, "certificate %s revoked", serial); + RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "success", activity_msg, "", tokenType); RA::ra_update_cert_status(attr_cn, "revoked"); } else { RA::Audit(EV_FORMAT, AUDIT_MSG_CERT_STATUS_CHANGE, userid, "Failure", "revoke", serial, connid, statusString); + PR_snprintf(activity_msg, 512, "error in revoking certificate %s: %s", serial, statusString); + RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", activity_msg, "", tokenType); revocation_failed = true; } @@ -2579,18 +2584,12 @@ bool RA_Processor::RevokeCertificates(char *cuid,char *audit_msg, RA::Debug(LL_PER_PDU, "RA_Processor::RevokeCertificates", "Failed to update the token database"); status = STATUS_ERROR_UPDATE_TOKENDB_FAILED; - PR_snprintf(audit_msg, 512, "Failed to update the token database, status = STATUS_ERROR_UPDATE_TOKENDB_FAILED"); + PR_snprintf(audit_msg, 512, "Revoked certificates but failed to update the token database, status = STATUS_ERROR_UPDATE_TOKENDB_FAILED"); goto loser; } loser: - if (revocation_failed) { - RA::Debug(LL_PER_PDU, "RA_Format_Processor::Process", "Failed to revoke certificates on this token."); - status = STATUS_ERROR_REVOKE_CERTIFICATES_FAILED; - PR_snprintf(audit_msg, 512, "Failed to revoke certificates on this token. status = STATUS_ERROR_REVOKE_CERTIFICATES_FAILED"); - } - return !revocation_failed; } @@ -2738,7 +2737,6 @@ RA_Status RA_Processor::Format(RA_Session *session, NameValueSet *extensions, bo if ((profile_state != NULL) && (PL_strcmp(profile_state, "Enabled") != 0)) { RA::Error("RA_Format_Processor::Process", "Profile %s Disabled for CUID %s", tokenType, cuid); status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND; - RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "profile disabled", "", tokenType); PR_snprintf(audit_msg, 512, "profile %s disabled", tokenType); goto loser; } @@ -2751,7 +2749,6 @@ RA_Status RA_Processor::Format(RA_Session *session, NameValueSet *extensions, bo RA::Error("RA_Format_Processor::Process", "CUID %s Disabled", cuid); status = STATUS_ERROR_DISABLED_TOKEN; - RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "token disabled", "", tokenType); PR_snprintf(audit_msg, 512, "CUID %s Disabled, status=STATUS_ERROR_DISABLED_TOKEN", cuid); goto loser; } @@ -2765,7 +2762,6 @@ RA_Status RA_Processor::Format(RA_Session *session, NameValueSet *extensions, bo if (!RA::GetConfigStore()->GetConfigAsBool(configname, 1)) { RA::Error("Process", "CUID %s Format Unknown Token", cuid); status = STATUS_ERROR_DISABLED_TOKEN; - RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "unknown token disallowed", "", tokenType); PR_snprintf(audit_msg, 512, "Unknown token disallowed, status=STATUS_ERROR_DISABLED_TOKEN"); goto loser; } @@ -2803,7 +2799,6 @@ RA_Status RA_Processor::Format(RA_Session *session, NameValueSet *extensions, bo RA::Error("RA_Format_Processor::Process", "no applet found and applet upgrade not enabled"); status = STATUS_ERROR_SECURE_CHANNEL; - RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "secure channel not established", "", tokenType); PR_snprintf(audit_msg, 512, "No applet found and applet upgrade not enabled, status = STATUS_ERROR_SECURE_CHANNEL"); goto loser; } @@ -2928,7 +2923,6 @@ locale), RA::Error("RA_Format_Processor::Process", "login not provided"); status = STATUS_ERROR_LOGIN; - RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "login not found", "", tokenType); PR_snprintf(audit_msg, 512, "login not provided, status = STATUS_ERROR_LOGIN"); goto loser; } @@ -2955,7 +2949,6 @@ locale), if (login == NULL) { RA::Error("RA_Format_Processor::Process", "Login Request Disabled. Authentication failed."); status = STATUS_ERROR_LOGIN; - RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "login not found", "", tokenType); PR_snprintf(audit_msg, 512, "login request disabled, status = STATUS_ERROR_LOGIN"); goto loser; } @@ -2964,7 +2957,6 @@ locale), authid = RA::GetConfigStore()->GetConfigAsString(configname); if (authid == NULL) { status = STATUS_ERROR_LOGIN; - RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "login not found", "", tokenType); PR_snprintf(audit_msg, 512, "login not found, status = STATUS_ERROR_LOGIN"); goto loser; } @@ -2981,7 +2973,6 @@ locale), char *type = auth->GetType(); if (type == NULL) { status = STATUS_ERROR_LOGIN; - RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "authentication is missing param type", "", tokenType); PR_snprintf(audit_msg, 512, "authentication is missing param type, status = STATUS_ERROR_LOGIN"); goto loser; } @@ -3004,7 +2995,6 @@ locale), if (login == NULL || login->GetUID() == NULL) { RA::Error("RA_Format_Processor::Process", "Authentication failed."); status = STATUS_ERROR_LOGIN; - RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "authentication error", "", tokenType); PR_snprintf(audit_msg, 512, "authentication failed, status = STATUS_ERROR_LOGIN"); goto loser; } @@ -3017,7 +3007,6 @@ locale), RA::Error("RA_Format_Processor::Process", "Authentication failed."); status = STATUS_ERROR_LDAP_CONN; RA::Debug(LL_PER_PDU, "RA_Processor::Format", "Authentication status = %d", status); - RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "authentication error", "", tokenType); PR_snprintf(audit_msg, 512, "Authentication failed, status = STATUS_ERROR_LDAP_CONN"); goto loser; } @@ -3026,7 +3015,6 @@ locale), RA::Error("RA_Format_Processor::Process", "Authentication failed."); status = STATUS_ERROR_LOGIN; RA::Debug(LL_PER_PDU, "RA_Processor::Format", "Authentication status = %d", status); - RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "authentication error", "", tokenType); PR_snprintf(audit_msg, 512, "Authentication failed, rc=-2 or -3, status = STATUS_ERROR_LOGIN"); goto loser; } @@ -3035,7 +3023,6 @@ locale), } else { RA::Error("RA_Format_Processor::Process", "No Authentication type was found."); status = STATUS_ERROR_LOGIN; - RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "authentication error", "", tokenType); PR_snprintf(audit_msg, 512, "No Authentication type found, status = STATUS_ERROR_LOGIN"); goto loser; } @@ -3217,7 +3204,6 @@ locale), RA::Error("RA_Format_Processor::Process", "failed to create new key set"); status = STATUS_ERROR_CREATE_CARDMGR; - RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "create key set error", "", tokenType); PR_snprintf(audit_msg, 512, "create key set error, status = STATUS_ERROR_CREATE_CARDMGR"); goto loser; } @@ -3277,7 +3263,6 @@ locale), RA::Error("RA_Format_Processor::Process", "failed to establish secure channel after reselect"); status = STATUS_ERROR_CREATE_CARDMGR; - RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "secure channel not established", "", tokenType); PR_snprintf(audit_msg, 512,"failed to establish secure channel after reselect, status = STATUS_ERROR_CREATE_CARDMGR"); goto loser; } @@ -3315,7 +3300,7 @@ locale), //Now we call a separate function, the audit_msg will get filled in there if needed. - bool success = RevokeCertificates(cuid,audit_msg,(char *)final_applet_version, + bool success = RevokeCertificates(session, cuid,audit_msg,(char *)final_applet_version, keyVersion,(char *)tokenType,(char *)userid,status ); @@ -3371,6 +3356,16 @@ loser: final_applet_version != NULL ? final_applet_version : "", keyVersion != NULL? keyVersion : "", audit_msg); + + if ((cuid != NULL) && (tokenType != NULL)) { + RA::tdb_activity(session->GetRemoteIP(), + cuid, + "format", + "failure", + audit_msg, + userid != NULL? userid : "", + tokenType); + } } if (keyVersion != NULL) { diff --git a/pki/base/tps/src/tus/tus_db.c b/pki/base/tps/src/tus/tus_db.c index 9ada4ffbf..f157d3768 100644 --- a/pki/base/tps/src/tus/tus_db.c +++ b/pki/base/tps/src/tus/tus_db.c @@ -1848,9 +1848,9 @@ int add_activity (char *ip, char *id, const char *op, const char *result, const time.tm_hour, time.tm_min, time.tm_sec); /* unique id per activity */ - PR_snprintf(zcdate, 256, "%04d%02d%02d%02d%02d%02d.%x", + PR_snprintf(zcdate, 256, "%04d%02d%02d%02d%02d%02d%06d.%x", time.tm_year, (time.tm_month + 1), time.tm_mday, - time.tm_hour, time.tm_min, time.tm_sec,ct); + time.tm_hour, time.tm_min, time.tm_sec, time.tm_usec, ct); cn_values[0] = zcdate; cn_values[1] = NULL; |