diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/csadmin')
3 files changed, 210 insertions, 13 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java index 2bc5f94fc..e7a1286c0 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java @@ -65,6 +65,9 @@ public class RegisterUser extends CMSServlet { private final static String FAILED = "1"; private final static String AUTH_FAILURE = "2"; private String mGroupName = null; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; + public RegisterUser() { super(); @@ -143,6 +146,14 @@ public class RegisterUser extends CMSServlet { CMS.debug("RegisterUser got name=" + name); CMS.debug("RegisterUser got certsString=" + certsString); + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;"+ uid + + "+fullname;;"+ name + + "+state;;1" + + "+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>"; + IUGSubsystem ugsys = (IUGSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_UG); IUser user = null; @@ -187,29 +198,95 @@ public class RegisterUser extends CMSServlet { user.setEmail(""); user.setPhone(""); user.setPassword(""); + ugsys.addUser(user); CMS.debug("RegisterUser created user " + uid); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + audit(auditMessage); } + // extract all line separators + StringBuffer sb = new StringBuffer(); + for (int i = 0; i < certsString.length(); i++) { + if (!Character.isWhitespace(certsString.charAt(i))) { + sb.append(certsString.charAt(i)); + } + } + certsString = sb.toString(); + + auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" + + "+Resource;;"+ uid + + "+cert;;"+certsString; + user.setX509Certificates(certs); if (!foundByCert) { ugsys.addUserCert(user); CMS.debug("RegisterUser added user certificate"); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + audit(auditMessage); } else CMS.debug("RegisterUser no need to add user certificate"); - } catch (Exception eee) { + } catch (Exception eee) { CMS.debug("RegisterUser error " + eee.toString()); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams); + + audit(auditMessage); outputError(httpResp, "Error: Certificate malformed"); return; } // add user to the group - Enumeration groups = ugsys.findGroups(mGroupName); - IGroup group = (IGroup)groups.nextElement(); - group.addMemberName(user.getUserID()); - ugsys.modifyGroup(group); - CMS.debug("RegisterUser modified group"); + auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" + + "+Resource;;"+ mGroupName; + try { + Enumeration groups = ugsys.findGroups(mGroupName); + IGroup group = (IGroup)groups.nextElement(); + + auditParams += "+user;;"; + Enumeration members = group.getMemberNames(); + while (members.hasMoreElements()) { + auditParams += (String) members.nextElement(); + if (members.hasMoreElements()) { + auditParams +=","; + } + } + + if (!group.isMember(user.getUserID())) { + auditParams += "," + user.getUserID(); + group.addMemberName(user.getUserID()); + ugsys.modifyGroup(group); + CMS.debug("RegisterUser modified group"); + + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + + audit(auditMessage); + } + } catch (Exception e) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + auditParams); + + audit(auditMessage); + } // send success status back to the requestor try { diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java index 6de314284..78763dfb2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java @@ -54,6 +54,10 @@ public class UpdateDomainXML extends CMSServlet { private final static String SUCCESS = "0"; private final static String FAILED = "1"; + private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = + "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = + "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3"; public UpdateDomainXML() { super(); @@ -194,6 +198,7 @@ public class UpdateDomainXML extends CMSServlet { protected void process(CMSRequest cmsReq) throws EBaseException { CMS.debug("UpdateDomainXML: processing..."); String status = SUCCESS; + String status2 = SUCCESS; HttpServletRequest httpReq = cmsReq.getHttpReq(); HttpServletResponse httpResp = cmsReq.getHttpResp(); @@ -264,16 +269,31 @@ public class UpdateDomainXML extends CMSServlet { if ((sport == null) || sport.equals("")) { missing += " sport "; } + if ((type == null) || type.equals("")) { + missing += " type "; + } if ((clone == null) || clone.equals("")) { clone = "false"; } if (! missing.equals("")) { - CMS.debug("UpdateDomainXML process: required parameters:" + missing + "not provided in request"); - outputError(httpResp, "Error: required parameters: " + missing + "not provided in request"); + CMS.debug("UpdateDomainXML process: required parameters:" + missing + + "not provided in request"); + outputError(httpResp, "Error: required parameters: " + missing + + "not provided in request"); return; } + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + String auditParams = "host;;"+host+"+name;;"+name+"+sport;;"+sport+ + "+clone;;"+clone+"+type;;"+type; + if (operation != null) { + auditParams += "+operation;;"+operation; + } else { + auditParams += "+operation;;add"; + } + String basedn = null; String secstore = null; @@ -340,21 +360,53 @@ public class UpdateDomainXML extends CMSServlet { } else { adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn; } + String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" + + "+resource;;"+adminUserDN; if (status.equals(SUCCESS)) { - // remove the client cert for this subsystem's admin - status = remove_from_ldap(adminUserDN); - if (status.equals(SUCCESS)) { + // remove the user for this subsystem's admin + status2 = remove_from_ldap(adminUserDN); + if (status2.equals(SUCCESS)) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + userAuditParams); + audit(auditMessage); + // remove this user from the subsystem group + userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" + + "+source;;UpdateDomainXML" + + "+resource;;Subsystem Group+user;;"+adminUserDN; dn = "cn=Subsystem Group, ou=groups," + basedn; LDAPModification mod = new LDAPModification(LDAPModification.DELETE, new LDAPAttribute("uniqueMember", adminUserDN)); - status = modify_ldap(dn, mod); + status2 = modify_ldap(dn, mod); + if (status2.equals(SUCCESS)) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.SUCCESS, + userAuditParams); + } else { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + userAuditParams); + } + audit(auditMessage); + } else { // error deleting user + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_ROLE, + auditSubjectID, + ILogger.FAILURE, + userAuditParams); + audit(auditMessage); } } } else { status = add_to_ldap(entry, dn); } - } else { // update the domain.xml file @@ -439,8 +491,31 @@ public class UpdateDomainXML extends CMSServlet { CMS.debug("Failed to update domain.xml file" + e.toString()); status = FAILED; } + } + if (status.equals(SUCCESS)) { + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + } else { + // what if already exists or already deleted + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, + auditSubjectID, + ILogger.FAILURE, + auditParams); + } + audit(auditMessage); + + if (status.equals(SUCCESS) && status2.equals(SUCCESS)) { + status = SUCCESS; + } else { + status = FAILED; + } + try { // send success status back to the requestor CMS.debug("UpdateDomainXML: Sending response"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java index 890d6dfb1..77650dbfd 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java @@ -58,6 +58,8 @@ public class UpdateNumberRange extends CMSServlet { private final static String SUCCESS = "0"; private final static String FAILED = "1"; private final static String AUTH_FAILURE = "2"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER = + "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1"; public UpdateNumberRange() { super(); @@ -116,11 +118,17 @@ public class UpdateNumberRange extends CMSServlet { return; } + String auditMessage = null; + String auditSubjectID = auditSubjectID(); + String auditParams = "source;;updateNumberRange"; + try { String type = httpReq.getParameter("type"); IConfigStore cs = CMS.getConfigStore(); String cstype = cs.getString("cs.type", ""); + auditParams += "+type;;" + type; + BigInteger beginNum = null; BigInteger endNum = null; BigInteger oneNum = new BigInteger("1"); @@ -201,6 +209,12 @@ public class UpdateNumberRange extends CMSServlet { if (endNum2 == null) { CMS.debug("UpdateNumberRange::process() - " + "Unused requests less than cloneTransferNumber!" ); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, + auditSubjectID, + ILogger.FAILURE, + auditParams); + audit(auditMessage); return; } else { CMS.debug("Transferring from the end of on-deck range"); @@ -221,12 +235,24 @@ public class UpdateNumberRange extends CMSServlet { if( beginNum == null ) { CMS.debug( "UpdateNumberRange::process() - " + "beginNum is null!" ); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, + auditSubjectID, + ILogger.FAILURE, + auditParams); + audit(auditMessage); return; } if( endNum == null ) { CMS.debug( "UpdateNumberRange::process() - " + "endNum is null!" ); + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, + auditSubjectID, + ILogger.FAILURE, + auditParams); + audit(auditMessage); return; } @@ -249,8 +275,27 @@ public class UpdateNumberRange extends CMSServlet { outputResult(httpResp, "application/xml", cb); cs.commit(false); + + auditParams += "+beginNumber;;" + beginNum.toString(radix) + + "+endNumber;;" + endNum.toString(radix); + + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, + auditSubjectID, + ILogger.SUCCESS, + auditParams); + audit(auditMessage); + } catch (Exception e) { CMS.debug("UpdateNumberRange: Failed to update number range. Exception: "+e.toString()); + + auditMessage = CMS.getLogMessage( + LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, + auditSubjectID, + ILogger.FAILURE, + auditParams); + audit(auditMessage); + outputError(httpResp, "Error: Failed to update number range."); } } |