1 yi.zhou 1.1 //%2006////////////////////////////////////////////////////////////////////////
2 //
3 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
6 // IBM Corp.; EMC Corporation, The Open Group.
7 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
9 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
11 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
13 //
14 // Permission is hereby granted, free of charge, to any person obtaining a copy
15 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
18 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
20 //
21 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
22 yi.zhou 1.1 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
24 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
27 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 //
30 //==============================================================================
31 //
32 //%/////////////////////////////////////////////////////////////////////////////
33
34 #ifndef Pegasus_AuditLogger_h
35 #define Pegasus_AuditLogger_h
36
37 #include <Pegasus/Common/Config.h>
38 #include <Pegasus/Common/System.h>
39 #include <Pegasus/Common/CIMInstance.h>
40 #include <Pegasus/Common/CIMName.h>
41
42 PEGASUS_NAMESPACE_BEGIN
43 yi.zhou 1.1
44
45 #ifndef PEGASUS_DISABLE_AUDIT_LOGGER
46
47 /**
48 This class provides the interfaces to construct a human readable audit
49 text message and write the message to log files.
50 */
51 class PEGASUS_COMMON_LINKAGE AuditLogger
52 {
53 public:
54
55 enum AuditType
56 {
57 AUTHENTICATION,
58 AUTHORIZATION,
59 CONFIGURATION,
60 CIMOPERATION
61 };
62
63 enum AuditSubType
64 yi.zhou 1.1 {
65 LOCAL_AUTHENTICATION,
66 BASIC_AUTHENTICATION,
67 CERTIFICATE_BASED_AUTHENTICATION,
68 USER_GROUP_AUTHORIZATION,
69 NAMESPACE_AUTHORIZATION,
70 PRIVILEGED_USER_CHECK,
71 TRUSTSTORE_CHANGE,
72 CURRENT_CONFIGURATION,
73 CURRENT_PROVIDER_REGISTRATION,
74 CURRENT_ENVIRONMENT_VARIABLES,
75 CONFIGURATION_CHANGE,
76 PROVIDER_REGISTRATION_CHANGE,
77 SCHEMA_OPERATION,
78 INSTANCE_OPERATION,
79 INDICATION_OPERATION
80 };
81
82 enum AuditEvent
83 {
84 START_UP,
85 yi.zhou 1.1 AUTH_SUCCESS,
86 AUTH_FAILURE,
87 CREATE,
88 UPDATE,
89 DELETE
90 };
91
92 /** Constructs and logs audit message of the current configurations
93 @param propertyNames - All the current property names while the CIM
94 Server is running
95 @param propertyValues - All the current property values while the CIM
96 Server is running
97 */
98 static void logCurrentConfig(
99 const Array<String>& propertyNames,
100 const Array<String>& propertyValues);
101
102 /** Constructs and logs audit message of the currently registered
103 providers while the CIM Server is running
104 @param instances - all currently registered provider module
105 instances while the CIM Server is running
106 yi.zhou 1.1 */
107 static void logCurrentRegProvider(
108 const Array < CIMInstance > & instances);
109
110 /** Constructs and logs audit message of the current environment
111 variables while the CIM Server is running
112 */
113 static void logCurrentEnvironmentVar();
114
115 /** Constructs and logs audit message of setting the specified
116 configuration property to the specified value
117 or unset the specified configuration property to the default value
118 @param userName - The user name for this operation
119 @param propertyName - The specified configuration property name
120 @param prePropertyValue - The previous value of the changed config
121 property
122 @param newPropertyValue - The new value of the changed config
123 property or default value if it is unset
124 @param isPlanned - True, sets planned value of the
125 specified configuration property;
126 Otherwise, sets current value of the
127 yi.zhou 1.1 specified configuration property
128 */
129 static void logSetConfigProperty(
130 const String & userName,
131 const String & propertyName,
132 const String & prePropertyValue,
133 const String & newPropertyValue,
134 Boolean isPlanned);
135
136 typedef void (*PEGASUS_AUDITLOGINITIALIZE_CALLBACK_T)();
137
138 typedef void (*PEGASUS_AUDITLOG_CALLBACK_T) (AuditType,
139 AuditSubType, AuditEvent, const Uint32, MessageLoaderParms &);
140
141 /**
142 Registers an audit log initialize callback
143 If a non-null initialize callback function is registered,
144 it will be called when the audit log is enabled.
145 @param auditLogInitializeCallback - The audit log initialize
146 callback function
147 */
148 yi.zhou 1.1 static void setInitializeCallback(
149 PEGASUS_AUDITLOGINITIALIZE_CALLBACK_T auditLogInitializeCallback);
150
151 /** If the enabled is true, the audit log initialize callback function
152 is called to communicate that the audit log is enabled.
153 @param enabled - True on config property "enableAuditLog" is
154 enabled, false otherwise
155 */
156 static void setEnabled(Boolean enabled);
157
158 static Boolean isEnabled();
159
160 /**
161 Registers writing audit messages to a file callback
162 @param writeAuditMessageCallback - The callback function to write
163 audit message
164 */
165 static void writeAuditLogToFileCallback(
166 PEGASUS_AUDITLOG_CALLBACK_T writeAuditMessageCallback);
167
168
169 yi.zhou 1.1 private:
170
171 static Boolean _auditLogFlag;
172
173 /**
174 Callback function to be called when the audit log is enabled
175 */
176 static PEGASUS_AUDITLOGINITIALIZE_CALLBACK_T _auditLogInitializeCallback;
177
178 /**
179 The function to write audit messages
180 */
181 static PEGASUS_AUDITLOG_CALLBACK_T _writeAuditMessageToFile;
182
183 /** Default function to write a auditMessage to a file
184 @param AuditType - Type of audit record (Authentication etc)
185 @param AuditSubType - Sub type of audit record(Local_Authentication etc)
186 @param AuditEvent - Event of audit record (Start_Up etc)
187 @param logLevel - Pegasus Severity (WARNING etc)
188 All the audit messages are passed with pegasus severity
189 "INFORMATION", except authentication attempts failed messages or
190 yi.zhou 1.1 authorization failed messages are passed with pegasus severity
191 "WARNING"
192 @param msgParms - The message loader parameters
193 */
194 static void _writeAuditMessage(
195 AuditType auditType,
196 AuditSubType auditSubType,
197 AuditEvent auditEvent,
198 Uint32 logLevel,
199 MessageLoaderParms & msgParms);
200
201 /**
202 gets module status value
203 @param moduleStatus - The module status
204 */
205 static String _getModuleStatusValue(const Array<Uint16> moduleStatus);
206
207 };
208
209 inline Boolean AuditLogger::isEnabled()
210 {
211 yi.zhou 1.1 return (_auditLogFlag);
212 }
213
214 # define PEG_AUDIT_LOG(T) \
215 do \
216 { \
217 if (AuditLogger::isEnabled()) \
218 { \
219 AuditLogger::T; \
220 } \
221 } \
222 while (0)
223
224 #else
225
226 # define PEG_AUDIT_LOG(T)
227
228 #endif
229
230 PEGASUS_NAMESPACE_END
231
232 yi.zhou 1.1 #endif /* Pegasus_AuditLogger_h */
|