summaryrefslogtreecommitdiffstats
path: root/pki/base/tps
diff options
context:
space:
mode:
authorvakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2010-12-08 01:58:26 +0000
committervakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2010-12-08 01:58:26 +0000
commit4424a5d25c860a3b6a1f63b717891f982a6029aa (patch)
tree73ed583d6ee062281e38f0c69b0b75fc007b3905 /pki/base/tps
parenteb16929f9f7ff46209d5d6e1b83f4f1650802866 (diff)
downloadpki-4424a5d25c860a3b6a1f63b717891f982a6029aa.tar.gz
pki-4424a5d25c860a3b6a1f63b717891f982a6029aa.tar.xz
pki-4424a5d25c860a3b6a1f63b717891f982a6029aa.zip
Bugzilla Bug 223314 - AOL: Better activities logs
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1610 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/tps')
-rw-r--r--pki/base/tps/src/include/processor/RA_Processor.h2
-rw-r--r--pki/base/tps/src/modules/tokendb/mod_tokendb.cpp103
-rw-r--r--pki/base/tps/src/processor/RA_Enroll_Processor.cpp93
-rw-r--r--pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp21
-rw-r--r--pki/base/tps/src/processor/RA_Processor.cpp41
-rw-r--r--pki/base/tps/src/tus/tus_db.c4
6 files changed, 178 insertions, 86 deletions
diff --git a/pki/base/tps/src/include/processor/RA_Processor.h b/pki/base/tps/src/include/processor/RA_Processor.h
index 66097ae08..74e869a52 100644
--- a/pki/base/tps/src/include/processor/RA_Processor.h
+++ b/pki/base/tps/src/include/processor/RA_Processor.h
@@ -201,7 +201,7 @@ class RA_Processor
protected:
RA_Status Format(RA_Session *session, NameValueSet *extensions, bool skipAuth);
- bool RevokeCertificates(char *cuid, char *audit_msg,
+ bool RevokeCertificates(RA_Session *session, char *cuid, char *audit_msg,
char *final_applet_version,
char *keyVersion,
char *tokenType, char *userid, RA_Status &status );
diff --git a/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp
index fd2c630c3..65d3c3297 100644
--- a/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp
+++ b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp
@@ -3765,13 +3765,13 @@ mod_tokendb_handler( request_rec *rq )
if (statusNum != 0) { // revocation errors
if( strcmp( revokeReason, "6" ) == 0 ) {
PR_snprintf((char *)msg, 256, "Errors in marking certificate on_hold '%s' : %s", attr_cn, statusString);
- RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType);
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType);
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
"Failure", "revoked_on_hold", serial, connid, statusString);
} else {
PR_snprintf((char *)msg, 256, "Errors in revoking certificate '%s' : %s", attr_cn, statusString);
- RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType);
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType);
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
"Failure", "revoke", serial, connid, statusString);
@@ -3780,14 +3780,14 @@ mod_tokendb_handler( request_rec *rq )
// update certificate status
if( strcmp( revokeReason, "6" ) == 0 ) {
PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked_on_hold", attr_cn);
- RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType);
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType);
update_cert_status( attr_cn, "revoked_on_hold" );
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
"Success", "revoked_on_hold", serial, connid, "");
} else {
PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked", attr_cn);
- RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType);
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType);
update_cert_status( attr_cn, "revoked" );
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
@@ -3844,6 +3844,10 @@ mod_tokendb_handler( request_rec *rq )
PR_snprintf(pString, 512, "tokenStatus;;lost+tokenReason;;destroyed");
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked physically damaged, rc=-1");
+ PR_snprintf((char *)msg, 256, "Failed to update token status as physically damaged");
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure",
+ msg, cuidUserId, tokenType);
+
PR_snprintf( injection, MAX_INJECTION_SIZE,
"%s%s%s%s", JS_START,
"var error = \"Failed to create LDAPMod: ",
@@ -3870,6 +3874,10 @@ mod_tokendb_handler( request_rec *rq )
PR_snprintf(pString, 512, "tokenStatus;;lost+tokenReason;;destroyed");
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked physically damaged, rc>0");
+ PR_snprintf((char *)msg, 256, "Failed to update token status as physically damaged");
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure",
+ msg, cuidUserId, tokenType);
+
PR_snprintf( injection, MAX_INJECTION_SIZE,
"%s%s%s%s%s", JS_START,
"var error = \"LDAP mod error: ",
@@ -3897,6 +3905,10 @@ mod_tokendb_handler( request_rec *rq )
PR_snprintf(pString, 512, "tokenStatus;;lost+tokenReason;;destroyed");
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Success", oString, pString, "token marked physically damaged");
+ PR_snprintf((char *)msg, 256, "Token marked as physically damaged");
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success",
+ msg, cuidUserId, tokenType);
+
/* Is this token permanently lost? */
} else if(((q == 2) && (transition_allowed(token_ui_state, 2))) ||
((q == 6) && (transition_allowed(token_ui_state, 6)))) {
@@ -3976,13 +3988,13 @@ mod_tokendb_handler( request_rec *rq )
if (statusNum != 0) { // revocation errors
if( strcmp( revokeReason, "6" ) == 0 ) {
PR_snprintf((char *)msg, 256, "Errors in marking certificate on_hold '%s' : %s", attr_cn, statusString);
- RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType);
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType);
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
"Failure", "revoked_on_hold", serial, connid, statusString);
} else {
PR_snprintf((char *)msg, 256, "Errors in revoking certificate '%s' : %s", attr_cn, statusString);
- RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType);
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType);
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
"Failure", "revoke", serial, connid, statusString);
@@ -3991,14 +4003,14 @@ mod_tokendb_handler( request_rec *rq )
// update certificate status
if( strcmp( revokeReason, "6" ) == 0 ) {
PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked_on_hold", attr_cn);
- RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType);
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType);
update_cert_status( attr_cn, "revoked_on_hold" );
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
"Success", "revoked_on_hold", serial, connid, "");
} else {
PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked", attr_cn);
- RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType);
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType);
update_cert_status( attr_cn, "revoked" );
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
@@ -4064,9 +4076,13 @@ mod_tokendb_handler( request_rec *rq )
if( rc == -1 ) {
if (q == 6) { /* terminated*/
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked terminated, rc=-1");
+ PR_snprintf((char *)msg, 256, "Failure in updating token status to terminated");
} else {
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked permanently lost, rc=-1");
+ PR_snprintf((char *)msg, 256, "Failure in updating token status to permanently lost");
}
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure",
+ msg, cuidUserId, tokenType);
PR_snprintf( injection, MAX_INJECTION_SIZE,
"%s%s%s%s", JS_START,
@@ -4090,9 +4106,14 @@ mod_tokendb_handler( request_rec *rq )
} else if( rc > 0 ) {
if (q == 6) { /* terminated*/
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked terminated, rc=>0");
+ PR_snprintf((char *)msg, 256, "Failure in updating token status to terminated");
} else {
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked permanently lost, rc>0");
+ PR_snprintf((char *)msg, 256, "Failure in updating token status to permanently lost");
}
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure",
+ msg, cuidUserId, tokenType);
+
PR_snprintf( injection, MAX_INJECTION_SIZE,
"%s%s%s%s%s", JS_START,
"var error = \"LDAP mod error: ",
@@ -4117,9 +4138,13 @@ mod_tokendb_handler( request_rec *rq )
}
if (q == 6) { /* terminated*/
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Success", oString, pString, "token marked terminated");
+ PR_snprintf((char *)msg, 256, "Token marked terminated");
} else {
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Success", oString, pString, "token marked permanently lost");
+ PR_snprintf((char *)msg, 256, "Token marked permanently lost");
}
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success",
+ msg, cuidUserId, tokenType);
/* Is this token temporarily lost? */
} else if(( q == 3 ) && (transition_allowed(token_ui_state, 3))) {
@@ -4200,13 +4225,13 @@ mod_tokendb_handler( request_rec *rq )
if (statusNum != 0) { // revocation errors
if( strcmp( revokeReason, "6" ) == 0 ) {
PR_snprintf((char *)msg, 256, "Errors in marking certificate on_hold '%s' : %s", attr_cn, statusString);
- RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType);
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType);
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
"Failure", "revoked_on_hold", serial, connid, statusString);
} else {
PR_snprintf((char *)msg, 256, "Errors in revoking certificate '%s' : %s", attr_cn, statusString);
- RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType);
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType);
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
"Failure", "revoke", serial, connid, statusString);
@@ -4216,14 +4241,14 @@ mod_tokendb_handler( request_rec *rq )
// update certificate status
if( strcmp( revokeReason, "6" ) == 0 ) {
PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked_on_hold", attr_cn);
- RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType);
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType);
update_cert_status( attr_cn, "revoked_on_hold" );
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
"Success", "revoked_on_hold", serial, connid, "");
} else {
PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked", attr_cn);
- RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType);
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType);
update_cert_status( attr_cn, "revoked" );
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
@@ -4270,6 +4295,11 @@ mod_tokendb_handler( request_rec *rq )
PR_snprintf(pString, 512, "tokenStatus;;lost+tokenReason;;onHold");
if (revocation_errors) {
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked temporarily lost failed, failed to revoke certificates");
+
+ PR_snprintf((char *)msg, 256, "Failed to revoke certificates");
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure",
+ msg, cuidUserId, tokenType);
+
error_out("Errors in revoking certificates.", "Errors in revoking certificates.");
do_free(buf);
do_strfree(uri);
@@ -4282,6 +4312,10 @@ mod_tokendb_handler( request_rec *rq )
if( rc == -1 ) {
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked temporarily lost, rc=-1");
+ PR_snprintf((char *)msg, 256, "Failed to update token status as temporarily lost");
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure",
+ msg, cuidUserId, tokenType);
+
PR_snprintf( injection, MAX_INJECTION_SIZE,
"%s%s%s%s", JS_START,
"var error = \"Failed to create LDAPMod: ",
@@ -4303,6 +4337,10 @@ mod_tokendb_handler( request_rec *rq )
} else if( rc > 0 ) {
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked temporarily lost, rc>0");
+ PR_snprintf((char *)msg, 256, "Failed to update token status as temporarily lost");
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure",
+ msg, cuidUserId, tokenType);
+
PR_snprintf( injection, MAX_INJECTION_SIZE,
"%s%s%s%s%s", JS_START,
"var error = \"LDAP mod error: ",
@@ -4326,6 +4364,9 @@ mod_tokendb_handler( request_rec *rq )
return DONE;
}
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Success", oString, pString, "token marked temporarily lost");
+ PR_snprintf((char *)msg, 256, "Token marked temporarily lost");
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success",
+ msg, cuidUserId, tokenType);
/* Is this temporarily lost token found? */
} else if(( q == 4 ) && ( transition_allowed(token_ui_state, 4) )) {
@@ -4397,14 +4438,14 @@ mod_tokendb_handler( request_rec *rq )
if (statusNum == 0) {
PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as active", attr_cn);
- RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType);
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType);
update_cert_status( attr_cn, "active" );
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
"Success", "unrevoke", serial, connid, "");
} else {
PR_snprintf((char *)msg, 256, "Errors in unrevoking Certificate '%s': %s", attr_cn, statusString);
- RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType);
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType);
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
"Failure", "unrevoke", serial, connid, statusString);
@@ -4450,8 +4491,11 @@ mod_tokendb_handler( request_rec *rq )
if( rc == -1 ) {
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "lost token marked found, rc=-1");
- error_out("Failed to create LDAPMod: ", "Failed to create LDAPMod");
+ PR_snprintf((char *)msg, 256, "Failed to update lost token status as found");
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure",
+ msg, cuidUserId, tokenType);
+ error_out("Failed to create LDAPMod: ", "Failed to create LDAPMod");
do_free(buf);
do_strfree(uri);
do_strfree(query);
@@ -4459,8 +4503,11 @@ mod_tokendb_handler( request_rec *rq )
return DONE;
} else if( rc > 0 ) {
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "lost token marked found, rc>0");
- ldap_error_out("LDAP mod error: ", "LDAP error: %s");
+ PR_snprintf((char *)msg, 256, "Failed to update lost token status as found");
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure",
+ msg, cuidUserId, tokenType);
+ ldap_error_out("LDAP mod error: ", "LDAP error: %s");
do_free(buf);
do_strfree(uri);
do_strfree(query);
@@ -4468,6 +4515,9 @@ mod_tokendb_handler( request_rec *rq )
return DONE;
}
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Success", oString, pString, "lost token marked found");
+ PR_snprintf((char *)msg, 256, "Lost token marked found");
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success",
+ msg, cuidUserId, tokenType);
/* Does this temporarily lost token become permanently lost? */
} else if ( (q == 5) && (transition_allowed(token_ui_state, 5)) ) {
@@ -4567,21 +4617,21 @@ mod_tokendb_handler( request_rec *rq )
statusString );
if (statusNum == 0) {
PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked", attr_cn);
- RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType);
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType);
update_cert_status( attr_cn, "revoked" );
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
"Success", "revoke", serial, connid, "");
} else {
PR_snprintf((char *)msg, 256, "Errors in revoking Certificate '%s' : %s", attr_cn, statusString);
- RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType);
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType);
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
"Failure", "revoke", serial, connid, statusString);
}
} else {
PR_snprintf((char *)msg, 256, "Errors in unrevoking Certificate '%s' : %s", attr_cn, statusString);
- RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType);
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType);
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
"Failure", "unrevoke", serial, connid, statusString);
@@ -4628,6 +4678,10 @@ mod_tokendb_handler( request_rec *rq )
PR_snprintf(oString, 512, "token_id;;%s", cuid);
PR_snprintf(pString, 512, "tokenStatus;;lost+tokenReason;;keyCompromise");
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Success", oString, pString, "lost token marked permanently lost");
+
+ PR_snprintf((char *)msg, 256, "Lost token marked permanently lost");
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success",
+ msg, cuidUserId, tokenType);
} else {
// invalid operation or transition
error_out("Transition or operation not allowed", "Transition or operation not allowed");
@@ -6744,6 +6798,9 @@ mod_tokendb_handler( request_rec *rq )
}
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Success", oString, pLongString, "token record modified");
+ PR_snprintf((char *)msg, 256, "Token record modified by %s", userid);
+ RA::tdb_activity(rq->connection->remote_ip, cuid, "save", "success",
+ msg, cuidUserId, tokenType);
PR_snprintf( injection, MAX_INJECTION_SIZE,
"%s%s%s%s%s%s%s%s%s%s", JS_START,
@@ -6999,10 +7056,6 @@ mod_tokendb_handler( request_rec *rq )
PL_strcpy(tokenType, NO_TOKEN_TYPE);
}
- PR_snprintf((char *)msg, 256,
- "'%s' has created new token", userid);
- RA::tdb_activity(rq->connection->remote_ip, filter, "add", "token", msg, "", tokenType);
-
if( strcmp( filter, "" ) == 0 ) {
error_out("No Token ID Found", "Failed to authorize request");
do_free(buf);
@@ -7027,6 +7080,10 @@ mod_tokendb_handler( request_rec *rq )
RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Admin", "Success", oString, "", "token record added");
+ PR_snprintf((char *)msg, 256,
+ "'%s' has created new token", userid);
+ RA::tdb_activity(rq->connection->remote_ip, filter, "add", "token", msg, "success", tokenType);
+
PR_snprintf( injection, MAX_INJECTION_SIZE,
"%s%s%s%s%s%s%s%s%s%s%s", JS_START,
"var uriBase = \"", uri, "\";\n",
diff --git a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp
index facdcfda9..183f4717e 100644
--- a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp
+++ b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp
@@ -224,6 +224,8 @@ RA_Status RA_Enroll_Processor::DoEnrollment(AuthParams *login, RA_Session *sessi
char audit_msg[512] = "";
char *keyVersion = NULL;
+ char cert_serial[2048] = "";
+ char activity_msg[4096] = "";
float progress_block_size = (float) (end_progress - start_progress) / keyTypeNum;
RA::Debug(LL_PER_CONNECTION,FN,
@@ -582,14 +584,13 @@ RA_Status RA_Enroll_Processor::DoEnrollment(AuthParams *login, RA_Session *sessi
certificates[index] = CERT_DecodeCertFromPackage((char *) cert_string,
(int) cert->size());
if (certificates[index] != NULL) {
- char msg[2048];
- RA::ra_tus_print_integer(msg, &certificates[index]->serialNumber);
+ RA::ra_tus_print_integer(cert_serial, &certificates[index]->serialNumber);
RA::Debug("DoEnrollment", "Received Certificate");
- RA::Debug("DoEnrollment", msg);
+ RA::Debug("DoEnrollment", cert_serial);
RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC_CERT_REQ,
userid, cuid, msn, "success", "enrollment", applet_version,
- (keyVersion != NULL) ? keyVersion : "", msg, connid, "certificate received");
+ (keyVersion != NULL) ? keyVersion : "", cert_serial, connid, "certificate received");
}
free(cert_string);
ktypes[index] = PL_strdup(keyType);
@@ -886,6 +887,7 @@ RA_Status RA_Enroll_Processor::DoEnrollment(AuthParams *login, RA_Session *sessi
}
RA::Debug(LL_PER_CONNECTION,FN, "End of keygen/certificate enrollment");
+ PR_snprintf(activity_msg, 4096, "certificate %s stored on token", cert_serial);
RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC,
userid != NULL ? userid : "",
cuid != NULL ? cuid : "",
@@ -894,7 +896,16 @@ RA_Status RA_Enroll_Processor::DoEnrollment(AuthParams *login, RA_Session *sessi
"enrollment",
applet_version != NULL ? applet_version : "",
keyVersion != NULL? keyVersion : "",
- "certificate stored on token");
+ activity_msg);
+
+ RA::tdb_activity(session->GetRemoteIP(),
+ (char *) cuid,
+ "enrollment",
+ "success",
+ activity_msg,
+ userid != NULL? userid : "",
+ tokenType);
+
loser:
if (strlen(audit_msg) > 0) { // a failure occurred
RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC,
@@ -906,6 +917,16 @@ loser:
applet_version != NULL ? applet_version : "",
keyVersion != NULL? keyVersion : "",
audit_msg);
+
+ if ((cuid != NULL) && (tokenType != NULL)) {
+ RA::tdb_activity(session->GetRemoteIP(),
+ (char *) cuid,
+ "enrollment",
+ "failure",
+ audit_msg,
+ userid != NULL? userid : "",
+ tokenType);
+ }
}
if( keyVersion != NULL ) {
@@ -1643,7 +1664,6 @@ bool RA_Enroll_Processor::CheckAndUpgradeSymKeys(
RA::Error(FN, "failed to establish secure channel");
o_status = STATUS_ERROR_SECURE_CHANNEL;
- RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "secure channel error", "", a_tokenType);
goto loser;
}
@@ -1654,8 +1674,6 @@ bool RA_Enroll_Processor::CheckAndUpgradeSymKeys(
RA::Error(FN, "External authentication in secure channel failed");
o_status = STATUS_ERROR_EXTERNAL_AUTH;
/* XXX should print out error codes */
- RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "external authentication error", "", a_tokenType);
-
PR_snprintf(audit_msg, 512, "enrollment processing, external authentication error");
goto loser;
}
@@ -1687,8 +1705,6 @@ bool RA_Enroll_Processor::CheckAndUpgradeSymKeys(
if (rc != 1) {
RA::Error(FN, "failed to create new key set");
o_status = STATUS_ERROR_CREATE_CARDMGR;
- RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "create card key error", "", a_tokenType);
-
PR_snprintf(audit_msg, 512, "enrollment processing, create card key error");
goto loser;
}
@@ -1709,6 +1725,16 @@ bool RA_Enroll_Processor::CheckAndUpgradeSymKeys(
a_userid, a_cuid, a_msn, "Failure", "enrollment",
a_applet_version, curVersion, ((BYTE*)newVersion)[0],
"key changeover");
+
+ if ((a_cuid != NULL) && (a_tokenType != NULL)) {
+ RA::tdb_activity(a_session->GetRemoteIP(),
+ a_cuid,
+ "enrollment",
+ "failure",
+ "key changeover failed",
+ a_userid != NULL? a_userid : "",
+ a_tokenType);
+ }
goto loser;
} else {
RA::Audit(EV_KEY_CHANGEOVER, AUDIT_MSG_KEY_CHANGEOVER,
@@ -1732,8 +1758,6 @@ bool RA_Enroll_Processor::CheckAndUpgradeSymKeys(
if (o_channel == NULL) {
RA::Error(FN, "failed to establish secure channel after reselect");
o_status = STATUS_ERROR_CREATE_CARDMGR;
- RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "secure channel setup error", "", a_tokenType);
-
PR_snprintf(audit_msg, 512, "enrollment processing, secure channel setup error after reselect");
goto loser;
} else {
@@ -1778,6 +1802,16 @@ loser:
a_applet_version != NULL ? a_applet_version : "",
a_key_version != NULL? a_key_version : "",
audit_msg);
+
+ if ((a_cuid != NULL) && (a_tokenType != NULL)) {
+ RA::tdb_activity(a_session->GetRemoteIP(),
+ a_cuid,
+ "enrollment",
+ "failure",
+ audit_msg,
+ a_userid != NULL? a_userid : "",
+ a_tokenType);
+ }
}
return r;
@@ -1898,7 +1932,6 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue
if ((profile_state != NULL) && (PL_strcmp(profile_state, "Enabled") != 0)) {
RA::Error(FN, "Profile %s Disabled for CUID %s", tokenType, cuid);
status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "profile disabled", "", tokenType);
PR_snprintf(audit_msg, 512, "profile %s disabled", tokenType);
goto loser;
}
@@ -1908,7 +1941,6 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue
if (RA::ra_is_tus_db_entry_disabled(cuid)) {
RA::Error(FN, "CUID %s Disabled", cuid);
status = STATUS_ERROR_DISABLED_TOKEN;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "token disabled", "", tokenType);
PR_snprintf(audit_msg, 512, "token disabled");
goto loser;
}
@@ -1925,7 +1957,6 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue
!do_force_format) {
RA::Error(FN, "CUID %s Re-Enrolled Disallowed", cuid);
status = STATUS_ERROR_DISABLED_TOKEN;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "token re-enrollment or renewal disallowed", "", tokenType);
PR_snprintf(audit_msg, 512, "token re-enrollment or renewal disallowed");
goto loser;
}
@@ -1938,7 +1969,6 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue
if (!RA::GetConfigStore()->GetConfigAsBool(configname, 1)) {
RA::Error(FN, "CUID %s Enroll Unknown Token", cuid);
status = STATUS_ERROR_DISABLED_TOKEN;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "unknown token disallowed", "", tokenType);
PR_snprintf(audit_msg, 512, "unknown token disallowed");
goto loser;
}
@@ -1969,7 +1999,6 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue
if (tksid == NULL) {
RA::Error(FN, "TKS Connection Parameter %s Not Found", configname);
status = STATUS_ERROR_DEFAULT_TOKENTYPE_NOT_FOUND;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "token type TKS connection parameter not found", "", tokenType);
PR_snprintf(audit_msg, 512, "token type TKS connection parameter not found");
goto loser;
}
@@ -2085,7 +2114,6 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue
if (channel == NULL) {
RA::Error(FN, "no good channel");
status = STATUS_ERROR_CREATE_CARDMGR;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "secure channel setup error", "",tokenType);
PR_snprintf(audit_msg, 512, "secure channel setup error");
goto loser;
}
@@ -2104,7 +2132,6 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue
if (rc == -1) {
RA::Error(FN, "external authenticate failed");
status = STATUS_ERROR_CREATE_CARDMGR;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "external authentication error", "", tokenType);
PR_snprintf(audit_msg, 512, "external authentication error");
goto loser;
}
@@ -2124,7 +2151,6 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue
RA::Error(FN, "new pin request failed");
status = STATUS_ERROR_MAC_RESET_PIN_PDU;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "new pin request error", "", tokenType);
PR_snprintf(audit_msg, 512, "new pin request error");
goto loser;
}
@@ -2156,7 +2182,6 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue
"create pin failed");
status = STATUS_ERROR_MAC_RESET_PIN_PDU;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "create pin request error", "", tokenType);
PR_snprintf(audit_msg, 512, "create pin request error");
goto loser;
}
@@ -2181,8 +2206,7 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue
"reset pin failed");
status = STATUS_ERROR_MAC_RESET_PIN_PDU;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "reset pin request error", "", tokenType);
- PR_snprintf(audit_msg, 512, "reset pin request error");
+ PR_snprintf(audit_msg, 512, "reset pin request error");
goto loser;
}
@@ -2232,7 +2256,6 @@ TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValue
RA::Error("RA_Enroll_Processor::Process",
"encryt data failed");
status = STATUS_ERROR_MAC_ENROLL_PDU;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "challenge encryption error", "", tokenType);
PR_snprintf(audit_msg, 512, "challenge encryption error");
goto loser;
}
@@ -2620,7 +2643,6 @@ op.enroll.certificates.caCert.label=caCert Label
RA::Error("RA_Enroll_Processor::Process",
"Set life cycle state failed");
status = STATUS_ERROR_MAC_LIFESTYLE_PDU;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "set life cycle state error", "", tokenType);
PR_snprintf(audit_msg, 512, "set life cycle state error");
goto loser;
}
@@ -2630,7 +2652,6 @@ op.enroll.certificates.caCert.label=caCert Label
RA::Error("RA_Enroll_Processor::Process",
"Failed to close channel");
status = STATUS_ERROR_CONNECTION;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "channel not closed", "", tokenType);
PR_snprintf(audit_msg, 512, "channel not closed");
goto loser;
}
@@ -2692,6 +2713,16 @@ loser:
final_applet_version != NULL ? final_applet_version : "",
keyVersion != NULL ? keyVersion : "",
audit_msg);
+
+ if ((cuid != NULL) && (tokenType != NULL)) {
+ RA::tdb_activity(session->GetRemoteIP(),
+ cuid,
+ "renewal",
+ "failure",
+ audit_msg,
+ userid != NULL? userid : "",
+ tokenType);
+ }
} else {
RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC,
userid != NULL ? userid : "",
@@ -2702,6 +2733,16 @@ loser:
final_applet_version != NULL ? final_applet_version : "",
keyVersion != NULL ? keyVersion : "",
audit_msg);
+
+ if ((cuid != NULL) && (tokenType != NULL)) {
+ RA::tdb_activity(session->GetRemoteIP(),
+ cuid,
+ "enrollment",
+ "failure",
+ audit_msg,
+ userid != NULL? userid : "",
+ tokenType);
+ }
}
}
diff --git a/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp b/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp
index 46ca44b07..e8c702b9f 100644
--- a/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp
+++ b/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp
@@ -197,7 +197,6 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa
if ((profile_state != NULL) && (PL_strcmp(profile_state, "Enabled") != 0)) {
RA::Error("RA_Pin_Reset_Processor::Process", "Profile %s Disabled for CUID %s", tokenType, cuid);
status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "pin_reset", "failure", "profile disabled", "", tokenType);
PR_snprintf(audit_msg, 512, "profile %s disabled", tokenType);
goto loser;
}
@@ -206,7 +205,6 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa
RA::Error("RA_Pin_Reset_Processor::Process",
"CUID %s Disabled", cuid);
status = STATUS_ERROR_DISABLED_TOKEN;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "token disabled", "", tokenType);
PR_snprintf(audit_msg, 512, "Token disabled, status = STATUS_ERROR_DISABLED_TOKEN");
goto loser;
}
@@ -226,7 +224,6 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa
RA::Error("RA_Pin_Reset_Processor::Process",
"CUID %s Cannot Pin Reset", cuid);
status = STATUS_ERROR_NOT_PIN_RESETABLE;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "pin not resetable", "", tokenType);
PR_snprintf(audit_msg, 512, "token cannot pin reset, status = STATUS_ERROR_PIN_RESETABLE");
goto loser;
}
@@ -263,7 +260,6 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa
RA::Error("RA_Pin_Reset_Processor::Process",
"no applet found and applet upgrade not enabled");
status = STATUS_ERROR_SECURE_CHANNEL;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "secure channel not established", "", tokenType);
PR_snprintf(audit_msg, 512, "no applet found and applet upgrade not enabled, status = STATUS_ERROR_SECURE_CHANNEL");
goto loser;
}
@@ -323,7 +319,6 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa
RA::Error("RA_Pin_Reset_Processor::Process",
"upgrade failure");
status = STATUS_ERROR_UPGRADE_APPLET;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "applet upgrade error", "", tokenType);
/**
* Bugscape #55709: Re-select Net Key Applet ONLY on failure.
*/
@@ -372,7 +367,6 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa
RA::Error("RA_Pin_Reset_Processor::Process",
"setup secure channel failure");
status = STATUS_ERROR_SECURE_CHANNEL;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "secure channel not established", "", tokenType);
PR_snprintf(audit_msg, 512, "setup secure channel failure, status = STATUS_ERROR_SECURE_CHANNEL");
goto loser;
}
@@ -382,7 +376,6 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa
RA::Error("RA_Pin_Reset_Processor::Process",
"External authentication in secure channel failed");
status = STATUS_ERROR_EXTERNAL_AUTH;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "external authentication error", "", tokenType);
PR_snprintf(audit_msg, 512, "External authentication in secure channel failed, status = STATUS_ERROR_EXTERNAL_AUTH");
goto loser;
}
@@ -403,7 +396,6 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa
RA::Error("RA_Pin_Reset_Processor::Process",
"failed to create new key set");
status = STATUS_ERROR_CREATE_CARDMGR;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "create key set error", "", tokenType);
PR_snprintf(audit_msg, 512, "failed to create new key set, status = STATUS_ERROR_CREATE_CARDMGR");
goto loser;
}
@@ -439,7 +431,6 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa
RA::Error("RA_Pin_Reset_Processor::Process",
"setup secure channel failure");
status = STATUS_ERROR_CREATE_CARDMGR;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "secure channel not established", "", tokenType);
PR_snprintf(audit_msg, 512, "setup secure channel failure, status = STATUS_ERROR_CREATE_CARDMGR");
goto loser;
}
@@ -466,7 +457,6 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa
RA::Error("RA_Pin_Reset_Processor::Process",
"no channel creation failure");
status = STATUS_ERROR_CREATE_CARDMGR;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "secure channel not established", "", tokenType);
PR_snprintf(audit_msg, 512, "no channel creation failure, status = STATUS_ERROR_CREATE_CARDMGR");
goto loser;
}
@@ -556,7 +546,6 @@ locale),
RA::Error("RA_Pin_Reset_Processor::Process",
"login not provided");
status = STATUS_ERROR_LOGIN;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "login not found", "", tokenType);
PR_snprintf(audit_msg, 512, "login not provided, status = STATUS_ERROR_LOGIN");
goto loser;
@@ -872,6 +861,16 @@ loser:
final_applet_version != NULL ? final_applet_version : "",
keyVersion != NULL? keyVersion : "",
audit_msg);
+
+ if ((cuid != NULL) && (tokenType != NULL)) {
+ RA::tdb_activity(session->GetRemoteIP(),
+ cuid,
+ "pin_reset",
+ "failure",
+ audit_msg,
+ userid != NULL ? userid : "",
+ tokenType);
+ }
}
if( token_status != NULL ) {
diff --git a/pki/base/tps/src/processor/RA_Processor.cpp b/pki/base/tps/src/processor/RA_Processor.cpp
index 3daa252ee..59ec9ea1d 100644
--- a/pki/base/tps/src/processor/RA_Processor.cpp
+++ b/pki/base/tps/src/processor/RA_Processor.cpp
@@ -2441,7 +2441,7 @@ loser:
return status;
}
-bool RA_Processor::RevokeCertificates(char *cuid,char *audit_msg,
+bool RA_Processor::RevokeCertificates(RA_Session *session, char *cuid,char *audit_msg,
char *final_applet_version,
char *keyVersion,
char *tokenType,
@@ -2452,6 +2452,7 @@ bool RA_Processor::RevokeCertificates(char *cuid,char *audit_msg,
char *statusString = NULL;
char configname[256];
char filter[512];
+ char activity_msg[512];
char serial[100];
int rc = 0;
int statusNum;
@@ -2536,10 +2537,14 @@ bool RA_Processor::RevokeCertificates(char *cuid,char *audit_msg,
if (statusNum == 0) {
RA::Audit(EV_FORMAT, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
"Success", "revoke", serial, connid, "");
+ PR_snprintf(activity_msg, 512, "certificate %s revoked", serial);
+ RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "success", activity_msg, "", tokenType);
RA::ra_update_cert_status(attr_cn, "revoked");
} else {
RA::Audit(EV_FORMAT, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
"Failure", "revoke", serial, connid, statusString);
+ PR_snprintf(activity_msg, 512, "error in revoking certificate %s: %s", serial, statusString);
+ RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", activity_msg, "", tokenType);
revocation_failed = true;
}
@@ -2579,18 +2584,12 @@ bool RA_Processor::RevokeCertificates(char *cuid,char *audit_msg,
RA::Debug(LL_PER_PDU, "RA_Processor::RevokeCertificates",
"Failed to update the token database");
status = STATUS_ERROR_UPDATE_TOKENDB_FAILED;
- PR_snprintf(audit_msg, 512, "Failed to update the token database, status = STATUS_ERROR_UPDATE_TOKENDB_FAILED");
+ PR_snprintf(audit_msg, 512, "Revoked certificates but failed to update the token database, status = STATUS_ERROR_UPDATE_TOKENDB_FAILED");
goto loser;
}
loser:
- if (revocation_failed) {
- RA::Debug(LL_PER_PDU, "RA_Format_Processor::Process", "Failed to revoke certificates on this token.");
- status = STATUS_ERROR_REVOKE_CERTIFICATES_FAILED;
- PR_snprintf(audit_msg, 512, "Failed to revoke certificates on this token. status = STATUS_ERROR_REVOKE_CERTIFICATES_FAILED");
- }
-
return !revocation_failed;
}
@@ -2738,7 +2737,6 @@ RA_Status RA_Processor::Format(RA_Session *session, NameValueSet *extensions, bo
if ((profile_state != NULL) && (PL_strcmp(profile_state, "Enabled") != 0)) {
RA::Error("RA_Format_Processor::Process", "Profile %s Disabled for CUID %s", tokenType, cuid);
status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "profile disabled", "", tokenType);
PR_snprintf(audit_msg, 512, "profile %s disabled", tokenType);
goto loser;
}
@@ -2751,7 +2749,6 @@ RA_Status RA_Processor::Format(RA_Session *session, NameValueSet *extensions, bo
RA::Error("RA_Format_Processor::Process",
"CUID %s Disabled", cuid);
status = STATUS_ERROR_DISABLED_TOKEN;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "token disabled", "", tokenType);
PR_snprintf(audit_msg, 512, "CUID %s Disabled, status=STATUS_ERROR_DISABLED_TOKEN", cuid);
goto loser;
}
@@ -2765,7 +2762,6 @@ RA_Status RA_Processor::Format(RA_Session *session, NameValueSet *extensions, bo
if (!RA::GetConfigStore()->GetConfigAsBool(configname, 1)) {
RA::Error("Process", "CUID %s Format Unknown Token", cuid);
status = STATUS_ERROR_DISABLED_TOKEN;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "unknown token disallowed", "", tokenType);
PR_snprintf(audit_msg, 512, "Unknown token disallowed, status=STATUS_ERROR_DISABLED_TOKEN");
goto loser;
}
@@ -2803,7 +2799,6 @@ RA_Status RA_Processor::Format(RA_Session *session, NameValueSet *extensions, bo
RA::Error("RA_Format_Processor::Process",
"no applet found and applet upgrade not enabled");
status = STATUS_ERROR_SECURE_CHANNEL;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "secure channel not established", "", tokenType);
PR_snprintf(audit_msg, 512, "No applet found and applet upgrade not enabled, status = STATUS_ERROR_SECURE_CHANNEL");
goto loser;
}
@@ -2928,7 +2923,6 @@ locale),
RA::Error("RA_Format_Processor::Process",
"login not provided");
status = STATUS_ERROR_LOGIN;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "login not found", "", tokenType);
PR_snprintf(audit_msg, 512, "login not provided, status = STATUS_ERROR_LOGIN");
goto loser;
}
@@ -2955,7 +2949,6 @@ locale),
if (login == NULL) {
RA::Error("RA_Format_Processor::Process", "Login Request Disabled. Authentication failed.");
status = STATUS_ERROR_LOGIN;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "login not found", "", tokenType);
PR_snprintf(audit_msg, 512, "login request disabled, status = STATUS_ERROR_LOGIN");
goto loser;
}
@@ -2964,7 +2957,6 @@ locale),
authid = RA::GetConfigStore()->GetConfigAsString(configname);
if (authid == NULL) {
status = STATUS_ERROR_LOGIN;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "login not found", "", tokenType);
PR_snprintf(audit_msg, 512, "login not found, status = STATUS_ERROR_LOGIN");
goto loser;
}
@@ -2981,7 +2973,6 @@ locale),
char *type = auth->GetType();
if (type == NULL) {
status = STATUS_ERROR_LOGIN;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "authentication is missing param type", "", tokenType);
PR_snprintf(audit_msg, 512, "authentication is missing param type, status = STATUS_ERROR_LOGIN");
goto loser;
}
@@ -3004,7 +2995,6 @@ locale),
if (login == NULL || login->GetUID() == NULL) {
RA::Error("RA_Format_Processor::Process", "Authentication failed.");
status = STATUS_ERROR_LOGIN;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "authentication error", "", tokenType);
PR_snprintf(audit_msg, 512, "authentication failed, status = STATUS_ERROR_LOGIN");
goto loser;
}
@@ -3017,7 +3007,6 @@ locale),
RA::Error("RA_Format_Processor::Process", "Authentication failed.");
status = STATUS_ERROR_LDAP_CONN;
RA::Debug(LL_PER_PDU, "RA_Processor::Format", "Authentication status = %d", status);
- RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "authentication error", "", tokenType);
PR_snprintf(audit_msg, 512, "Authentication failed, status = STATUS_ERROR_LDAP_CONN");
goto loser;
}
@@ -3026,7 +3015,6 @@ locale),
RA::Error("RA_Format_Processor::Process", "Authentication failed.");
status = STATUS_ERROR_LOGIN;
RA::Debug(LL_PER_PDU, "RA_Processor::Format", "Authentication status = %d", status);
- RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "authentication error", "", tokenType);
PR_snprintf(audit_msg, 512, "Authentication failed, rc=-2 or -3, status = STATUS_ERROR_LOGIN");
goto loser;
}
@@ -3035,7 +3023,6 @@ locale),
} else {
RA::Error("RA_Format_Processor::Process", "No Authentication type was found.");
status = STATUS_ERROR_LOGIN;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "authentication error", "", tokenType);
PR_snprintf(audit_msg, 512, "No Authentication type found, status = STATUS_ERROR_LOGIN");
goto loser;
}
@@ -3217,7 +3204,6 @@ locale),
RA::Error("RA_Format_Processor::Process",
"failed to create new key set");
status = STATUS_ERROR_CREATE_CARDMGR;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "create key set error", "", tokenType);
PR_snprintf(audit_msg, 512, "create key set error, status = STATUS_ERROR_CREATE_CARDMGR");
goto loser;
}
@@ -3277,7 +3263,6 @@ locale),
RA::Error("RA_Format_Processor::Process",
"failed to establish secure channel after reselect");
status = STATUS_ERROR_CREATE_CARDMGR;
- RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "secure channel not established", "", tokenType);
PR_snprintf(audit_msg, 512,"failed to establish secure channel after reselect, status = STATUS_ERROR_CREATE_CARDMGR");
goto loser;
}
@@ -3315,7 +3300,7 @@ locale),
//Now we call a separate function, the audit_msg will get filled in there if needed.
- bool success = RevokeCertificates(cuid,audit_msg,(char *)final_applet_version,
+ bool success = RevokeCertificates(session, cuid,audit_msg,(char *)final_applet_version,
keyVersion,(char *)tokenType,(char *)userid,status
);
@@ -3371,6 +3356,16 @@ loser:
final_applet_version != NULL ? final_applet_version : "",
keyVersion != NULL? keyVersion : "",
audit_msg);
+
+ if ((cuid != NULL) && (tokenType != NULL)) {
+ RA::tdb_activity(session->GetRemoteIP(),
+ cuid,
+ "format",
+ "failure",
+ audit_msg,
+ userid != NULL? userid : "",
+ tokenType);
+ }
}
if (keyVersion != NULL) {
diff --git a/pki/base/tps/src/tus/tus_db.c b/pki/base/tps/src/tus/tus_db.c
index 9ada4ffbf..f157d3768 100644
--- a/pki/base/tps/src/tus/tus_db.c
+++ b/pki/base/tps/src/tus/tus_db.c
@@ -1848,9 +1848,9 @@ int add_activity (char *ip, char *id, const char *op, const char *result, const
time.tm_hour, time.tm_min, time.tm_sec);
/* unique id per activity */
- PR_snprintf(zcdate, 256, "%04d%02d%02d%02d%02d%02d.%x",
+ PR_snprintf(zcdate, 256, "%04d%02d%02d%02d%02d%02d%06d.%x",
time.tm_year, (time.tm_month + 1), time.tm_mday,
- time.tm_hour, time.tm_min, time.tm_sec,ct);
+ time.tm_hour, time.tm_min, time.tm_sec, time.tm_usec, ct);
cn_values[0] = zcdate;
cn_values[1] = NULL;
generated by cgit (git 2.34.1) at 2024-09-22 13:25:33 +0000