diff options
5 files changed, 81 insertions, 12 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java index 64aad508f..a9cdbbf33 100644 --- a/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java +++ b/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java @@ -27,8 +27,10 @@ import com.netscape.certsrv.base.BaseResources; * This interface defines the abstraction for the cookie table. **/ public interface ISecurityDomainSessionTable { - public void addEntry(String cookieId, String ip, String uid, String group); - public void removeEntry(String sessionId); + public static final int SUCCESS =0; + public static final int FAILURE =1; + public int addEntry(String cookieId, String ip, String uid, String group); + public int removeEntry(String sessionId); public boolean isSessionIdExist(String sessionId); public String getIP(String sessionId); public String getUID(String sessionId); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java index b78b98b82..7b3e69dc5 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java @@ -40,13 +40,16 @@ import org.w3c.dom.*; public class GetCookie extends CMSServlet { - private final static String SUCCESS = "0"; - private final static String FAILED = "1"; private static Random mRandom = null; private final static int SESSION_MAX_AGE = 3600; private String mErrorFormPath = null; private String mFormPath = null; + private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = + "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = + "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3"; + public GetCookie() { super(); } @@ -163,11 +166,21 @@ public class GetCookie extends CMSServlet { } String cookie = ""; + String auditMessage = ""; + if (authToken != null) { String uid = authToken.getInString("uid"); String groupname = getGroupName(uid, subsystem); if (groupname != null) { + + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + uid, + ILogger.SUCCESS, + groupname); + audit(auditMessage); + // assign cookie long num = mRandom.nextLong(); cookie = num+""; @@ -186,7 +199,26 @@ public class GetCookie extends CMSServlet { } catch (Exception e) { } - ctable.addEntry(cookie, ip, uid, groupname); + String auditParams = "operation;;issue_token+token;;"+ cookie + "+ip;;" + ip + + "+uid;;" + uid + "+groupname;;" + groupname; + + int status = ctable.addEntry(cookie, ip, uid, groupname); + if (status == ISecurityDomainSessionTable.SUCCESS) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + uid, + ILogger.SUCCESS, + auditParams); + audit(auditMessage); + } else { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + uid, + ILogger.FAILURE, + auditParams); + audit(auditMessage); + } + try { String sd_url = "https://"+CMS.getEESSLHost()+":"+CMS.getEESSLPort(); if (!url.startsWith("$")) { @@ -226,6 +258,13 @@ public class GetCookie extends CMSServlet { } } catch (Exception e) { } + } else { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_ROLE_ASSUME, + uid, + ILogger.FAILURE, + "Enterprise " + subsystem + " Administrators"); + audit(auditMessage); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java index 65b98a4ae..5c89e5888 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java @@ -37,11 +37,12 @@ public class LDAPSecurityDomainSessionTable m_timeToLive = timeToLive; } - public void addEntry(String sessionId, String ip, + public int addEntry(String sessionId, String ip, String uid, String group) { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; boolean sessions_exists = true; + int status = FAILURE; String basedn = null; String sessionsdn = null; @@ -50,7 +51,7 @@ public class LDAPSecurityDomainSessionTable sessionsdn = "ou=sessions,ou=Security Domain," + basedn; } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: addEntry: failed to read basedn" + e); - return; + return status; } try { @@ -91,27 +92,31 @@ public class LDAPSecurityDomainSessionTable entry = new LDAPEntry(entrydn, attrs); if (sessions_exists) { conn.add(entry); + CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId); + status = SUCCESS; } - CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId); } catch(Exception e) { CMS.debug("SecurityDomainSessionTable: unable to create session entry" + sessionId + ": " + e); - } + } try { conn.disconnect(); } catch (Exception e) { CMS.debug("SecurityDomainSessionTable:addEntry: Error in disconnecting from database: " + e); } + return status; } - public void removeEntry(String sessionId) { + public int removeEntry(String sessionId) { IConfigStore cs = CMS.getConfigStore(); LDAPConnection conn = null; + int status = FAILURE; try { String basedn = cs.getString("internaldb.basedn"); String dn = "cn=" + sessionId + ",ou=sessions,ou=Security Domain," + basedn; conn = getLDAPConn(); conn.delete(dn); + status = SUCCESS; } catch (Exception e) { if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)) { // continue @@ -124,6 +129,7 @@ public class LDAPSecurityDomainSessionTable } catch (Exception e) { CMS.debug("SecurityDomainSessionTable: removeEntry: Error in disconnecting from database: " + e); } + return status; } public boolean isSessionIdExist(String sessionId) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java index dabaee410..b4ee2721c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java @@ -35,7 +35,7 @@ public class SecurityDomainSessionTable m_timeToLive = timeToLive; } - public void addEntry(String sessionId, String ip, + public int addEntry(String sessionId, String ip, String uid, String group) { Vector v = new Vector(); v.addElement(ip); @@ -45,10 +45,12 @@ public class SecurityDomainSessionTable long t = d.getTime(); v.addElement(Long.valueOf(t)); m_sessions.put(sessionId, v); + return SUCCESS; } - public void removeEntry(String sessionId) { + public int removeEntry(String sessionId) { m_sessions.remove(sessionId); + return SUCCESS; } public boolean isSessionIdExist(String sessionId) { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java index 91564d15e..92f2e2568 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java @@ -20,9 +20,13 @@ package com.netscape.cms.servlet.csadmin; import java.util.*; import com.netscape.certsrv.apps.*; import com.netscape.certsrv.base.*; +import com.netscape.certsrv.logging.ILogger; public class SessionTimer extends TimerTask { private ISecurityDomainSessionTable m_sessiontable = null; + private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); + private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = + "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; public SessionTimer(ISecurityDomainSessionTable table) { super(); @@ -40,6 +44,22 @@ public class SessionTimer extends TimerTask { if ((nowTime-beginTime) > timeToLive) { m_sessiontable.removeEntry(sessionId); CMS.debug("SessionTimer run: successfully remove the session id entry from the table."); + + // audit message + String auditParams = "operation;;expire_token+token;;" + sessionId; + String auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + "system", + ILogger.SUCCESS, + auditParams); + + mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, + null, + ILogger.S_SIGNED_AUDIT, + ILogger.LL_SECURITY, + auditMessage); + + } } } |