diff options
author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-04-28 20:56:23 +0000 |
---|---|---|
committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-04-28 20:56:23 +0000 |
commit | 24fa4f316c5964475414adf53d3ccf4b5066d182 (patch) | |
tree | 2ef9b351815ed559e9a9da6514b107fe8d3252ac /pki/base/tps | |
parent | 7f8d26983c1be173df2754fef6053e63414d0803 (diff) | |
download | pki-24fa4f316c5964475414adf53d3ccf4b5066d182.tar.gz pki-24fa4f316c5964475414adf53d3ccf4b5066d182.tar.xz pki-24fa4f316c5964475414adf53d3ccf4b5066d182.zip |
Bugzilla BZ#493183: tps-audit.log file is not getting updated
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@419 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/tps')
-rw-r--r-- | pki/base/tps/doc/CS.cfg | 4 | ||||
-rw-r--r-- | pki/base/tps/src/include/engine/audit.h | 7 | ||||
-rw-r--r-- | pki/base/tps/src/modules/tokendb/mod_tokendb.cpp | 2 | ||||
-rw-r--r-- | pki/base/tps/src/processor/RA_Enroll_Processor.cpp | 10 | ||||
-rw-r--r-- | pki/base/tps/src/processor/RA_Format_Processor.cpp | 8 | ||||
-rw-r--r-- | pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp | 16 |
6 files changed, 26 insertions, 21 deletions
diff --git a/pki/base/tps/doc/CS.cfg b/pki/base/tps/doc/CS.cfg index 06654875..20d83f70 100644 --- a/pki/base/tps/doc/CS.cfg +++ b/pki/base/tps/doc/CS.cfg @@ -83,8 +83,8 @@ logging.audit.signedAuditFilename=[SERVER_ROOT]/logs/signedAudit/tps_audit logging.audit.level=10 logging.audit.logSigning=false logging.audit.signedAuditCertNickname=auditSigningCert cert-[INSTANCE_ID] -logging.audit.selected.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,CONFIG_SIGNED_AUDIT -logging.audit.selectable.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,CONFIG_SIGNED_AUDIT +logging.audit.selected.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,CONFIG_SIGNED_AUDIT,ENROLLMENT,PIN_RESET,FORMAT,UPGRADE +logging.audit.selectable.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,CONFIG_SIGNED_AUDIT,ENROLLMENT,PIN_RESET,FORMAT,UPGRADE logging.audit.nonselectable.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,LOGGING_SIGNED_AUDIT_SIGNING logging.error.enable=true logging.error.filename=[SERVER_ROOT]/logs/tps-error.log diff --git a/pki/base/tps/src/include/engine/audit.h b/pki/base/tps/src/include/engine/audit.h index 9477ac03..20b5efcb 100644 --- a/pki/base/tps/src/include/engine/audit.h +++ b/pki/base/tps/src/include/engine/audit.h @@ -30,7 +30,12 @@ #define EV_AUDIT_LOG_STARTUP "AUDIT_LOG_STARTUP" #define EV_AUDIT_LOG_SHUTDOWN "AUDIT_LOG_SHUTDOWN" #define EV_ROLE_ASSUME "ROLE_ASSUME" - +#define EV_ENROLLMENT "ENROLLMENT" +#define EV_PIN_RESET "PIN_RESET" +#define EV_FORMAT "FORMAT" +#define EV_UPGRADE "UPGRADE" +#define EV_AUTHZ_FAIL "AUTHZ_FAIL" +#define EV_AUTHZ_SUCCESS "AUTHZ_SUCCESS" // ... to be continued ... #endif //AUDIT_H diff --git a/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp index aa548794..0f9a5033 100644 --- a/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp +++ b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp @@ -2716,7 +2716,7 @@ mod_tokendb_handler( request_rec *rq ) } else if (is_admin) { itemplate = indexAdminTemplate; } else { - RA::Audit("AUTHZ", AUDIT_MSG_FORMAT, userid, "Failure", "Tokendb user authorization"); + RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_FORMAT, userid, "Failure", "Tokendb user authorization"); error_out("Authorization Failure", "Failed to authorize request"); do_free(buf); do_free(uri); diff --git a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp index 9a0d95fc..36138889 100644 --- a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp +++ b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp @@ -1116,7 +1116,7 @@ bool RA_Enroll_Processor::CheckAndUpgradeApplet( } // Upgrade Applet reported success - RA::Audit("Enrollment", "op='applet_upgrade' app_ver='%s' new_app_ver='%s'", + RA::Audit(EV_ENROLLMENT, "op='applet_upgrade' app_ver='%s' new_app_ver='%s'", o_current_applet_on_token, g_applet_target_version); o_current_applet_on_token = strdup(g_applet_target_version); @@ -1486,7 +1486,7 @@ bool RA_Enroll_Processor::CheckAndUpgradeSymKeys( defKeyIndex /* default key index */, tksid); if (o_channel == NULL) { - RA::Audit("Enrollment", "status='error' key_ver=00 cuid='%s' msn='%s' note='failed to create secure channel'", a_cuid, a_msn ); + RA::Audit(EV_ENROLLMENT, "status='error' key_ver=00 cuid='%s' msn='%s' note='failed to create secure channel'", a_cuid, a_msn ); RA::Error(FN, "failed to establish secure channel"); o_status = STATUS_ERROR_SECURE_CHANNEL; RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "secure channel error", "", a_tokenType); @@ -1545,7 +1545,7 @@ bool RA_Enroll_Processor::CheckAndUpgradeSymKeys( curVersion, curIndex, &key_data_set); - RA::Audit("Enrollment", "op='key_change_over' cuid='%s' msn='%s' old_key_ver='%02x' new_key_ver='%02x'", a_cuid, a_msn, curVersion, ((BYTE*)newVersion)[0]); + RA::Audit(EV_ENROLLMENT, "op='key_change_over' cuid='%s' msn='%s' old_key_ver='%02x' new_key_ver='%02x'", a_cuid, a_msn, curVersion, ((BYTE*)newVersion)[0]); /** * Re-select the Applet. @@ -2311,11 +2311,11 @@ op.enroll.certificates.caCert.label=caCert Label /* audit log for successful enrollment */ if (authid == NULL) { RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "authid == NULL"); - RA::Audit("Enrollment", "status='success' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' time='%d msec'", + RA::Audit(EV_ENROLLMENT, "status='success' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' time='%d msec'", final_applet_version, keyVersion, cuid, msn, userid, ((PR_IntervalToMilliseconds(end) - PR_IntervalToMilliseconds(start)))); } else { RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "has authid"); - RA::Audit("Enrollment", "status='success' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' auth='%s' time='%d msec'", + RA::Audit(EV_ENROLLMENT, "status='success' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' auth='%s' time='%d msec'", final_applet_version, keyVersion, cuid, msn, userid, authid, ((PR_IntervalToMilliseconds(end) - PR_IntervalToMilliseconds(start)))); } diff --git a/pki/base/tps/src/processor/RA_Format_Processor.cpp b/pki/base/tps/src/processor/RA_Format_Processor.cpp index 525e12cf..b9ded0c8 100644 --- a/pki/base/tps/src/processor/RA_Format_Processor.cpp +++ b/pki/base/tps/src/processor/RA_Format_Processor.cpp @@ -484,7 +484,7 @@ locale), RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "applet upgrade error", "", tokenType); goto loser; } - RA::Audit("Upgrade", + RA::Audit(EV_UPGRADE, "op='applet_upgrade' app_ver='%s' new_app_ver='%s'", appletVersion, expected_version); final_applet_version = expected_version; @@ -607,7 +607,7 @@ locale), curVersion, curIndex, &key_data_set); - RA::Audit("Format", "op='key_change_over' app_ver='%s' cuid='%s' old_key_ver='%02x01' new_key_ver='%02x01'", + RA::Audit(EV_FORMAT, "op='key_change_over' app_ver='%s' cuid='%s' old_key_ver='%02x01' new_key_ver='%02x01'", final_applet_version, cuid, curVersion, ((BYTE*)newVersion)[0]); @@ -793,10 +793,10 @@ locale), /* audit log for successful enrollment */ if (authid == NULL) - RA::Audit("Format", "status='success' app_ver='%s' key_ver='%d' cuid='%s' msn='%s' uid='%s' time='%d msec'", + RA::Audit(EV_FORMAT, "status='success' app_ver='%s' key_ver='%d' cuid='%s' msn='%s' uid='%s' time='%d msec'", final_applet_version,(int) finalKeyVersion, cuid, msn, userid, ((PR_IntervalToMilliseconds(end) - PR_IntervalToMilliseconds(start)))); else - RA::Audit("Format", "status='success' app_ver='%s' key_ver='%d' cuid='%s' msn='%s' uid='%s' auth='%s' time='%d msec'", + RA::Audit(EV_FORMAT, "status='success' app_ver='%s' key_ver='%d' cuid='%s' msn='%s' uid='%s' auth='%s' time='%d msec'", final_applet_version,(int) finalKeyVersion, cuid, msn, userid, authid, ((PR_IntervalToMilliseconds(end) - PR_IntervalToMilliseconds(start)))); loser: diff --git a/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp b/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp index 748a2521..f5c79fb7 100644 --- a/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp +++ b/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp @@ -280,7 +280,7 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa SelectApplet(session, 0x04, 0x00, NetKeyAID); goto loser; } - RA::Audit("Pin Reset", "op='applet_upgrade' app_ver='%s' new_app_ver='%s'", + RA::Audit(EV_PIN_RESET, "op='applet_upgrade' app_ver='%s' new_app_ver='%s'", appletVersion, expected_version); final_applet_version = expected_version; } @@ -354,7 +354,7 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa curIndex, &key_data_set); - RA::Audit("Pin Reset", "op='key_change_over' app_ver='%s' cuid='%s' old_key_ver='%02x01' new_key_ver='%02x01'", final_applet_version, cuid, curVersion, ((BYTE*)newVersion)[0]); + RA::Audit(EV_PIN_RESET, "op='key_change_over' app_ver='%s' cuid='%s' old_key_ver='%02x01' new_key_ver='%02x01'", final_applet_version, cuid, curVersion, ((BYTE*)newVersion)[0]); SelectApplet(session, 0x04, 0x00, NetKeyAID); @@ -689,25 +689,25 @@ locale), /* audit log for successful pin reset */ if (authid == NULL) - RA::Audit("Pin Reset", "status='success' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' time='%d msec'", + RA::Audit(EV_PIN_RESET, "status='success' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' time='%d msec'", final_applet_version, keyVersion, cuid, msn, userid, ((PR_IntervalToMilliseconds(end) - PR_IntervalToMilliseconds(start)))); else - RA::Audit("Pin Reset", "status='success' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' auth='%s' time='%d msec'", + RA::Audit(EV_PIN_RESET, "status='success' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' auth='%s' time='%d msec'", final_applet_version, keyVersion, cuid, msn, userid, authid, ((PR_IntervalToMilliseconds(end) - PR_IntervalToMilliseconds(start)))); loser: if (channel == NULL) { RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor: Failed to create secure channel.", ""); if (login == NULL) { - RA::Audit("Pin Reset", "status='error' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' note='failed to login'", final_applet_version, keyVersion, cuid, msn); + RA::Audit(EV_PIN_RESET, "status='error' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' note='failed to login'", final_applet_version, keyVersion, cuid, msn); } else { - RA::Audit("Pin Reset", "status='error' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' note='failed to create secure channel'", final_applet_version, keyVersion, cuid, msn, userid); + RA::Audit(EV_PIN_RESET, "status='error' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' note='failed to create secure channel'", final_applet_version, keyVersion, cuid, msn, userid); } } else if (rc != 1 && status == STATUS_ERROR_LOGIN) { if (login == NULL) { - RA::Audit("Pin Reset", "status='error' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' note='login failure'", final_applet_version, keyVersion, cuid, msn); + RA::Audit(EV_PIN_RESET, "status='error' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' note='login failure'", final_applet_version, keyVersion, cuid, msn); } else { - RA::Audit("Pin Reset", "status='error' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' note='authentication failure'", + RA::Audit(EV_PIN_RESET, "status='error' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' note='authentication failure'", final_applet_version, keyVersion, cuid, msn, userid); } } |