1 //%2006////////////////////////////////////////////////////////////////////////
3 // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
4 // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
5 // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
6 // IBM Corp.; EMC Corporation, The Open Group.
7 // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
8 // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
9 // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10 // EMC Corporation; VERITAS Software Corporation; The Open Group.
11 // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12 // EMC Corporation; Symantec Corporation; The Open Group.
14 // Permission is hereby granted, free of charge, to any person obtaining a copy
15 // of this software and associated documentation files (the "Software"), to
16 // deal in the Software without restriction, including without limitation the
17 // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
18 // sell copies of the Software, and to permit persons to whom the Software is
19 // furnished to do so, subject to the following conditions:
21 // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
22 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23 // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
24 // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25 // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26 // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
27 // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
30 //==============================================================================
32 //%/////////////////////////////////////////////////////////////////////////////
34 #ifndef Pegasus_AuditLogger_h
35 #define Pegasus_AuditLogger_h
37 #include <Pegasus/Common/Config.h>
38 #include <Pegasus/Common/System.h>
39 #include <Pegasus/Common/CIMInstance.h>
40 #include <Pegasus/Common/CIMName.h>
42 PEGASUS_NAMESPACE_BEGIN
45 #ifdef PEGASUS_ENABLE_AUDIT_LOGGER
48 This class provides the interfaces to construct a human readable audit
49 text message and write the message to log files.
51 class PEGASUS_COMMON_LINKAGE AuditLogger
65 SUBTYPE_LOCAL_AUTHENTICATION,
66 SUBTYPE_BASIC_AUTHENTICATION,
67 SUBTYPE_CERTIFICATE_BASED_AUTHENTICATION,
68 SUBTYPE_CERTIFICATE_BASED_USER_VALIDATION,
69 SUBTYPE_USER_GROUP_AUTHORIZATION,
70 SUBTYPE_NAMESPACE_AUTHORIZATION,
71 SUBTYPE_PRIVILEGED_USER_CHECK,
72 SUBTYPE_TRUSTSTORE_CHANGE,
73 SUBTYPE_CURRENT_CONFIGURATION,
74 SUBTYPE_CURRENT_PROVIDER_REGISTRATION,
75 SUBTYPE_CURRENT_ENVIRONMENT_VARIABLES,
76 SUBTYPE_CONFIGURATION_CHANGE,
77 SUBTYPE_PROVIDER_REGISTRATION_CHANGE,
78 SUBTYPE_PROVIDER_MODULE_STATUS_CHANGE,
79 SUBTYPE_SCHEMA_OPERATION,
80 SUBTYPE_INSTANCE_OPERATION,
81 SUBTYPE_INDICATION_OPERATION
95 /** Constructs and logs audit message of the current configurations
96 @param propertyNames - All the current property names while the CIM
98 @param propertyValues - All the current property values while the CIM
101 static void logCurrentConfig(
102 const Array<String>& propertyNames,
103 const Array<String>& propertyValues);
105 /** Constructs and logs audit message of the currently registered
106 providers while the CIM Server is running
107 @param instances - all currently registered provider module
108 instances while the CIM Server is running
110 static void logCurrentRegProvider(
111 const Array < CIMInstance > & instances);
113 /** Constructs and logs audit message of the current environment
114 variables while the CIM Server is running
116 static void logCurrentEnvironmentVar();
118 /** Constructs and logs audit message of setting the specified
119 configuration property to the specified value
120 or unset the specified configuration property to the default value
121 @param userName - The user name for this operation
122 @param propertyName - The specified configuration property name
123 @param prePropertyValue - The previous value of the changed config
125 @param newPropertyValue - The new value of the changed config
126 property or default value if it is unset
127 @param isPlanned - True, sets planned value of the
128 specified configuration property;
129 Otherwise, sets current value of the
130 specified configuration property
132 static void logSetConfigProperty(
133 const String & userName,
134 const String & propertyName,
135 const String & prePropertyValue,
136 const String & newPropertyValue,
140 Constructs and logs audit message of a CIM class update operation
141 @param cimMethodName - The name of the CIM operation performed
142 @param eventType - The AuditEvent associated with the CIM operation
143 @param userName - User name for this operation
144 @param ipAddr - Client IP address for this operation
145 @param nameSpace - The namespace for the operation
146 @param className - The name of the class
147 @param statusCode - The CIM status code for the operation
149 static void logUpdateClassOperation(
150 const char* cimMethodName,
151 AuditEvent eventType,
152 const String& userName,
153 const String& ipAddr,
154 const CIMNamespaceName& nameSpace,
155 const CIMName& className,
156 CIMStatusCode statusCode);
159 Constructs and logs audit message of a CIM qualifier update operation
160 @param cimMethodName - The name of the CIM operation performed
161 @param eventType - The AuditEvent associated with the CIM operation
162 @param userName - User name for this operation
163 @param ipAddr - Client IP address for this operation
164 @param nameSpace - The namespace for the operation
165 @param name - The name of the qualifier
166 @param statusCode - The CIM status code for the operation
168 static void logUpdateQualifierOperation(
169 const char* cimMethodName,
170 AuditEvent eventType,
171 const String& userName,
172 const String& ipAddr,
173 const CIMNamespaceName& nameSpace,
175 CIMStatusCode statusCode);
178 Constructs and logs audit message of a CIM instance update operation
179 @param cimMethodName - The name of the CIM operation performed
180 @param eventType - The AuditEvent associated with the CIM operation
181 @param userName - The user name for this operation
182 @param ipAddr - Client IP address for this operation
183 @param nameSpace - The namespace for the operation
184 @param instanceName - The name of the affected instance
185 @param moduleName - The provider module name that serves the request
186 @param providerName - The provider name that serves the request
187 @param statusCode - The CIM status code for the operation
189 static void logUpdateInstanceOperation(
190 const char* cimMethodName,
191 AuditEvent eventType,
192 const String& userName,
193 const String& ipAddr,
194 const CIMNamespaceName& nameSpace,
195 const CIMObjectPath& instanceName,
196 const String& moduleName,
197 const String& providerName,
198 CIMStatusCode statusCode);
201 Constructs and logs audit message of a CIM InvokeMethod operation
202 @param userName - The user name for this operation
203 @param ipAddr - Client IP address for this operation
204 @param nameSpace - The namespace for the operation
205 @param objectName - The name of the object on which the method is
207 @param methodName - The name of the method to be executed
208 @param moduleName - The provider module name that serves the request
209 @param providerName - The provider name that serves the request
210 @param statusCode - The CIM status code for the operation
212 static void logInvokeMethodOperation(
213 const String& userName,
214 const String& ipAddr,
215 const CIMNamespaceName& nameSpace,
216 const CIMObjectPath& objectName,
217 const CIMName& methodName,
218 const String& moduleName,
219 const String& providerName,
220 CIMStatusCode statusCode);
222 /** Constructs and logs audit message of a provider module status change
223 @param moduleName - The name of the provider module
224 @param currentModuleStatus - The current status of the provider module
225 @param newModuleStatus - The new status of the provider module
227 static void logUpdateProvModuleStatus(
228 const String & moduleName,
229 const Array<Uint16> currentModuleStatus,
230 const Array<Uint16> newModuleStatus);
232 /** Constructs and logs audit message of local authentication
233 @param userName - The user name for this operation
234 @param successful - True on successful basic authentication,
237 static void logLocalAuthentication(
238 const String& userName,
241 /** Constructs and logs audit message of basic authentication
242 @param userName - The user name for this operation
243 @param ipAddr - Client IP address for this operation
244 @param successful - True on successful basic authentication,
247 static void logBasicAuthentication(
248 const String& userName,
249 const String& ipAddr,
252 /** Constructs and logs audit message of certificate based authentication
253 @param issuerName - The issuer name of this certificate
254 @param sertialNumber - The serial number of this certificate
255 @param ipAddr - Client IP address for this operation
256 @param successful - True on successful basic authentication,
259 static void logCertificateBasedAuthentication(
260 const String& issuerName,
261 const String& subjectName,
262 const String& serialNumber,
263 const String& ipAddr,
266 /** Constructs and logs audit message of certificate based user validation
267 @param userName - The username associated with this certificate
268 @param issuerName - The issuer name of this certificate
269 @param sertialNumber - The serial number of this certificate
270 @param userName - The user name associated with the certificate
271 @param ipAddr - Client IP address for this operation
272 @param successful - True on successful user validation,
275 static void logCertificateBasedUserValidation(
276 const String& userName,
277 const String& issuerName,
278 const String& subjectName,
279 const String& serialNumber,
280 const String& ipAddr,
283 typedef void (*PEGASUS_AUDITLOGINITIALIZE_CALLBACK_T)();
285 typedef void (*PEGASUS_AUDITLOG_CALLBACK_T) (AuditType,
286 AuditSubType, AuditEvent, Uint32, MessageLoaderParms &);
289 Registers an audit log initialize callback
290 If a non-null initialize callback function is registered,
291 it will be called when the audit log is enabled.
292 @param auditLogInitializeCallback - The audit log initialize
295 static void setInitializeCallback(
296 PEGASUS_AUDITLOGINITIALIZE_CALLBACK_T auditLogInitializeCallback);
298 /** If the enabled is true, the audit log initialize callback function
299 is called to communicate that the audit log is enabled.
300 @param enabled - True on config property "enableAuditLog" is
301 enabled, false otherwise
303 static void setEnabled(Boolean enabled);
305 static Boolean isEnabled();
308 Registers writing audit messages to a file callback
309 @param writeAuditMessageCallback - The callback function to write
312 static void writeAuditLogToFileCallback(
313 PEGASUS_AUDITLOG_CALLBACK_T writeAuditMessageCallback);
317 static Boolean _auditLogFlag;
320 Callback function to be called when the audit log is enabled
322 static PEGASUS_AUDITLOGINITIALIZE_CALLBACK_T _auditLogInitializeCallback;
325 The function to write audit messages
327 static PEGASUS_AUDITLOG_CALLBACK_T _writeAuditMessageToFile;
329 /** Default function to write a auditMessage to a file
330 @param AuditType - Type of audit record (Authentication etc)
331 @param AuditSubType - Sub type of audit record(Local_Authentication etc)
332 @param AuditEvent - Event of audit record (Start_Up etc)
333 @param logLevel - Pegasus Severity (WARNING etc)
334 All the audit messages are passed with pegasus severity
335 "INFORMATION", except authentication attempts failed messages or
336 authorization failed messages are passed with pegasus severity
338 @param msgParms - The message loader parameters
340 static void _writeAuditMessage(
342 AuditSubType auditSubType,
343 AuditEvent auditEvent,
345 MessageLoaderParms & msgParms);
348 gets module status value
349 @param moduleStatus - The module status
351 static String _getModuleStatusValue(const Array<Uint16> moduleStatus);
355 inline Boolean AuditLogger::isEnabled()
357 return _auditLogFlag;
360 # define PEG_AUDIT_LOG(T) \
363 if (AuditLogger::isEnabled()) \
372 # define PEG_AUDIT_LOG(T)
376 PEGASUS_NAMESPACE_END
378 #endif /* Pegasus_AuditLogger_h */