summaryrefslogtreecommitdiffstats
path: root/pki
diff options
context:
space:
mode:
Diffstat (limited to 'pki')
-rw-r--r--pki/base/tps/doc/CS.cfg4
-rw-r--r--pki/base/tps/src/include/engine/audit.h7
-rw-r--r--pki/base/tps/src/modules/tokendb/mod_tokendb.cpp2
-rw-r--r--pki/base/tps/src/processor/RA_Enroll_Processor.cpp10
-rw-r--r--pki/base/tps/src/processor/RA_Format_Processor.cpp8
-rw-r--r--pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp16
-rw-r--r--pki/dogtag/tps/pki-tps.spec4
7 files changed, 29 insertions, 22 deletions
diff --git a/pki/base/tps/doc/CS.cfg b/pki/base/tps/doc/CS.cfg
index 06654875..20d83f70 100644
--- a/pki/base/tps/doc/CS.cfg
+++ b/pki/base/tps/doc/CS.cfg
@@ -83,8 +83,8 @@ logging.audit.signedAuditFilename=[SERVER_ROOT]/logs/signedAudit/tps_audit
logging.audit.level=10
logging.audit.logSigning=false
logging.audit.signedAuditCertNickname=auditSigningCert cert-[INSTANCE_ID]
-logging.audit.selected.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,CONFIG_SIGNED_AUDIT
-logging.audit.selectable.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,CONFIG_SIGNED_AUDIT
+logging.audit.selected.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,CONFIG_SIGNED_AUDIT,ENROLLMENT,PIN_RESET,FORMAT,UPGRADE
+logging.audit.selectable.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,CONFIG_SIGNED_AUDIT,ENROLLMENT,PIN_RESET,FORMAT,UPGRADE
logging.audit.nonselectable.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,LOGGING_SIGNED_AUDIT_SIGNING
logging.error.enable=true
logging.error.filename=[SERVER_ROOT]/logs/tps-error.log
diff --git a/pki/base/tps/src/include/engine/audit.h b/pki/base/tps/src/include/engine/audit.h
index 9477ac03..20b5efcb 100644
--- a/pki/base/tps/src/include/engine/audit.h
+++ b/pki/base/tps/src/include/engine/audit.h
@@ -30,7 +30,12 @@
#define EV_AUDIT_LOG_STARTUP "AUDIT_LOG_STARTUP"
#define EV_AUDIT_LOG_SHUTDOWN "AUDIT_LOG_SHUTDOWN"
#define EV_ROLE_ASSUME "ROLE_ASSUME"
-
+#define EV_ENROLLMENT "ENROLLMENT"
+#define EV_PIN_RESET "PIN_RESET"
+#define EV_FORMAT "FORMAT"
+#define EV_UPGRADE "UPGRADE"
+#define EV_AUTHZ_FAIL "AUTHZ_FAIL"
+#define EV_AUTHZ_SUCCESS "AUTHZ_SUCCESS"
// ... to be continued ...
#endif //AUDIT_H
diff --git a/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp
index aa548794..0f9a5033 100644
--- a/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp
+++ b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp
@@ -2716,7 +2716,7 @@ mod_tokendb_handler( request_rec *rq )
} else if (is_admin) {
itemplate = indexAdminTemplate;
} else {
- RA::Audit("AUTHZ", AUDIT_MSG_FORMAT, userid, "Failure", "Tokendb user authorization");
+ RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_FORMAT, userid, "Failure", "Tokendb user authorization");
error_out("Authorization Failure", "Failed to authorize request");
do_free(buf);
do_free(uri);
diff --git a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp
index 9a0d95fc..36138889 100644
--- a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp
+++ b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp
@@ -1116,7 +1116,7 @@ bool RA_Enroll_Processor::CheckAndUpgradeApplet(
}
// Upgrade Applet reported success
- RA::Audit("Enrollment", "op='applet_upgrade' app_ver='%s' new_app_ver='%s'",
+ RA::Audit(EV_ENROLLMENT, "op='applet_upgrade' app_ver='%s' new_app_ver='%s'",
o_current_applet_on_token, g_applet_target_version);
o_current_applet_on_token = strdup(g_applet_target_version);
@@ -1486,7 +1486,7 @@ bool RA_Enroll_Processor::CheckAndUpgradeSymKeys(
defKeyIndex /* default key index */, tksid);
if (o_channel == NULL) {
- RA::Audit("Enrollment", "status='error' key_ver=00 cuid='%s' msn='%s' note='failed to create secure channel'", a_cuid, a_msn );
+ RA::Audit(EV_ENROLLMENT, "status='error' key_ver=00 cuid='%s' msn='%s' note='failed to create secure channel'", a_cuid, a_msn );
RA::Error(FN, "failed to establish secure channel");
o_status = STATUS_ERROR_SECURE_CHANNEL;
RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "secure channel error", "", a_tokenType);
@@ -1545,7 +1545,7 @@ bool RA_Enroll_Processor::CheckAndUpgradeSymKeys(
curVersion,
curIndex,
&key_data_set);
- RA::Audit("Enrollment", "op='key_change_over' cuid='%s' msn='%s' old_key_ver='%02x' new_key_ver='%02x'", a_cuid, a_msn, curVersion, ((BYTE*)newVersion)[0]);
+ RA::Audit(EV_ENROLLMENT, "op='key_change_over' cuid='%s' msn='%s' old_key_ver='%02x' new_key_ver='%02x'", a_cuid, a_msn, curVersion, ((BYTE*)newVersion)[0]);
/**
* Re-select the Applet.
@@ -2311,11 +2311,11 @@ op.enroll.certificates.caCert.label=caCert Label
/* audit log for successful enrollment */
if (authid == NULL) {
RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "authid == NULL");
- RA::Audit("Enrollment", "status='success' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' time='%d msec'",
+ RA::Audit(EV_ENROLLMENT, "status='success' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' time='%d msec'",
final_applet_version, keyVersion, cuid, msn, userid, ((PR_IntervalToMilliseconds(end) - PR_IntervalToMilliseconds(start))));
} else {
RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "has authid");
- RA::Audit("Enrollment", "status='success' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' auth='%s' time='%d msec'",
+ RA::Audit(EV_ENROLLMENT, "status='success' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' auth='%s' time='%d msec'",
final_applet_version, keyVersion, cuid, msn, userid, authid, ((PR_IntervalToMilliseconds(end) - PR_IntervalToMilliseconds(start))));
}
diff --git a/pki/base/tps/src/processor/RA_Format_Processor.cpp b/pki/base/tps/src/processor/RA_Format_Processor.cpp
index 525e12cf..b9ded0c8 100644
--- a/pki/base/tps/src/processor/RA_Format_Processor.cpp
+++ b/pki/base/tps/src/processor/RA_Format_Processor.cpp
@@ -484,7 +484,7 @@ locale),
RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "applet upgrade error", "", tokenType);
goto loser;
}
- RA::Audit("Upgrade",
+ RA::Audit(EV_UPGRADE,
"op='applet_upgrade' app_ver='%s' new_app_ver='%s'",
appletVersion, expected_version);
final_applet_version = expected_version;
@@ -607,7 +607,7 @@ locale),
curVersion,
curIndex,
&key_data_set);
- RA::Audit("Format", "op='key_change_over' app_ver='%s' cuid='%s' old_key_ver='%02x01' new_key_ver='%02x01'",
+ RA::Audit(EV_FORMAT, "op='key_change_over' app_ver='%s' cuid='%s' old_key_ver='%02x01' new_key_ver='%02x01'",
final_applet_version, cuid, curVersion,
((BYTE*)newVersion)[0]);
@@ -793,10 +793,10 @@ locale),
/* audit log for successful enrollment */
if (authid == NULL)
- RA::Audit("Format", "status='success' app_ver='%s' key_ver='%d' cuid='%s' msn='%s' uid='%s' time='%d msec'",
+ RA::Audit(EV_FORMAT, "status='success' app_ver='%s' key_ver='%d' cuid='%s' msn='%s' uid='%s' time='%d msec'",
final_applet_version,(int) finalKeyVersion, cuid, msn, userid, ((PR_IntervalToMilliseconds(end) - PR_IntervalToMilliseconds(start))));
else
- RA::Audit("Format", "status='success' app_ver='%s' key_ver='%d' cuid='%s' msn='%s' uid='%s' auth='%s' time='%d msec'",
+ RA::Audit(EV_FORMAT, "status='success' app_ver='%s' key_ver='%d' cuid='%s' msn='%s' uid='%s' auth='%s' time='%d msec'",
final_applet_version,(int) finalKeyVersion, cuid, msn, userid, authid, ((PR_IntervalToMilliseconds(end) - PR_IntervalToMilliseconds(start))));
loser:
diff --git a/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp b/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp
index 748a2521..f5c79fb7 100644
--- a/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp
+++ b/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp
@@ -280,7 +280,7 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa
SelectApplet(session, 0x04, 0x00, NetKeyAID);
goto loser;
}
- RA::Audit("Pin Reset", "op='applet_upgrade' app_ver='%s' new_app_ver='%s'",
+ RA::Audit(EV_PIN_RESET, "op='applet_upgrade' app_ver='%s' new_app_ver='%s'",
appletVersion, expected_version);
final_applet_version = expected_version;
}
@@ -354,7 +354,7 @@ TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameVa
curIndex,
&key_data_set);
- RA::Audit("Pin Reset", "op='key_change_over' app_ver='%s' cuid='%s' old_key_ver='%02x01' new_key_ver='%02x01'", final_applet_version, cuid, curVersion, ((BYTE*)newVersion)[0]);
+ RA::Audit(EV_PIN_RESET, "op='key_change_over' app_ver='%s' cuid='%s' old_key_ver='%02x01' new_key_ver='%02x01'", final_applet_version, cuid, curVersion, ((BYTE*)newVersion)[0]);
SelectApplet(session, 0x04, 0x00, NetKeyAID);
@@ -689,25 +689,25 @@ locale),
/* audit log for successful pin reset */
if (authid == NULL)
- RA::Audit("Pin Reset", "status='success' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' time='%d msec'",
+ RA::Audit(EV_PIN_RESET, "status='success' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' time='%d msec'",
final_applet_version, keyVersion, cuid, msn, userid, ((PR_IntervalToMilliseconds(end) - PR_IntervalToMilliseconds(start))));
else
- RA::Audit("Pin Reset", "status='success' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' auth='%s' time='%d msec'",
+ RA::Audit(EV_PIN_RESET, "status='success' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' auth='%s' time='%d msec'",
final_applet_version, keyVersion, cuid, msn, userid, authid, ((PR_IntervalToMilliseconds(end) - PR_IntervalToMilliseconds(start))));
loser:
if (channel == NULL) {
RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor: Failed to create secure channel.", "");
if (login == NULL) {
- RA::Audit("Pin Reset", "status='error' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' note='failed to login'", final_applet_version, keyVersion, cuid, msn);
+ RA::Audit(EV_PIN_RESET, "status='error' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' note='failed to login'", final_applet_version, keyVersion, cuid, msn);
} else {
- RA::Audit("Pin Reset", "status='error' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' note='failed to create secure channel'", final_applet_version, keyVersion, cuid, msn, userid);
+ RA::Audit(EV_PIN_RESET, "status='error' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' note='failed to create secure channel'", final_applet_version, keyVersion, cuid, msn, userid);
}
} else if (rc != 1 && status == STATUS_ERROR_LOGIN) {
if (login == NULL) {
- RA::Audit("Pin Reset", "status='error' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' note='login failure'", final_applet_version, keyVersion, cuid, msn);
+ RA::Audit(EV_PIN_RESET, "status='error' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' note='login failure'", final_applet_version, keyVersion, cuid, msn);
} else {
- RA::Audit("Pin Reset", "status='error' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' note='authentication failure'",
+ RA::Audit(EV_PIN_RESET, "status='error' app_ver='%s' key_ver='%s' cuid='%s' msn='%s' uid='%s' note='authentication failure'",
final_applet_version, keyVersion, cuid, msn, userid);
}
}
diff --git a/pki/dogtag/tps/pki-tps.spec b/pki/dogtag/tps/pki-tps.spec
index fb2ab07c..4648314e 100644
--- a/pki/dogtag/tps/pki-tps.spec
+++ b/pki/dogtag/tps/pki-tps.spec
@@ -34,7 +34,7 @@
## Package Header Definitions
%define base_name %{base_prefix}-%{base_component}
%define base_version 1.1.0
-%define base_release 9
+%define base_release 10
%define base_group System Environment/Daemons
%define base_vendor Red Hat, Inc.
%define base_license LGPLv2 with exceptions
@@ -313,6 +313,8 @@ fi
###############################################################################
%changelog
+* Tue Apr 28 2009 Ade Lee <alee@redhat.com> 1.1.0-10
+- Bugzilla Bug #493183 - tps-audit.log file is not getting updated
* Mon Apr 27 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-9
- Bugzilla Bug #497585 - rhcs80beta tps init script - restarting
shows incorrect output
generated by cgit (git 2.34.1) at 2024-10-07 16:33:13 +0000