bool
TextWriter::visitValueMetric(const AbstractValueMetric& m, bool)
{
if (writeCommon(m)) {
m.print(_out, _verbose, " ", _period);
}
return true;
}
void
AuditLogger::logSuccess()
{
if (false == open())
return;
writeCommon();
writeReturn(0, 0);
close();
}
void
RightAuthenticationLogger::logLeastPrivilege(uid_t userId, bool isAuthorizingUser)
{
if (false == open())
return;
writeCommon();
writeToken(au_to_text(leastPrivStr), leastPrivStr);
writeReturn(0, 0);
close();
}
void
AuthMechLogger::logInterrupt(const char *msg)
{
if (false == open())
return;
writeCommon();
if (msg)
writeToken(au_to_text(msg), "interrupt");
writeReturn(0, 0);
close();
}
void
AuditLogger::logFailure(const char *errMsg, int errcode)
{
if (false == open())
return;
writeCommon();
if (errMsg)
writeToken(au_to_text(errMsg), "evaluation error");
writeReturn(EPERM, errcode);
close();
}
bool
TextWriter::visitCountMetric(const AbstractCountMetric& m, bool)
{
if (writeCommon(m)) {
if (_verbose || m.used()) {
MetricValueClass::UP values(m.getValues());
_out << m.getMangledName()
<< (m.sumOnAdd() ? " count=" : " value=");
values->output("count", _out);
}
}
return true;
}
void
RightAuthenticationLogger::logFailure(uid_t authenticator, const char *targetName)
{
if (false == open())
return;
writeCommon();
writeToken(au_to_arg32(1, authenticatorStr, authenticator), "authenticator");
if (NULL == targetName)
writeToken(au_to_text(unknownUserStr), "target username");
else
writeToken(au_to_text(targetName), "target username");
// @@@ EAUTH more appropriate, but !defined for _POSIX_C_SOURCE
writeReturn(EPERM, errAuthorizationDenied);
close();
}
void
RightAuthenticationLogger::logSuccess(uid_t authenticator, uid_t target, const char *targetName)
{
if (false == open())
return;
writeCommon();
// au_to_arg32() is really meant for auditing syscall arguments;
// we're slightly abusing it to get descriptive strings for free.
writeToken(au_to_arg32(1, authenticatorStr, authenticator), "authenticator");
string tmpStr(authenticatedAsStr);
// targetName shouldn't be NULL on a successful authentication, but allow
// for programmer screwups
tmpStr += targetName ? targetName : unknownUserStr;
writeToken(au_to_arg32(2, tmpStr.c_str(), target), "target");
writeReturn(0, 0);
close();
}
void
RightAuthenticationLogger::logAuthorizationResult(const char *client, const char *authCreator, int errcode)
{
if (false == open())
return;
writeCommon();
string tmpStr(clientStr);
tmpStr += client ? client : unknownClientStr;
writeToken(au_to_text(tmpStr.c_str()), "Authorization client");
tmpStr.clear();
tmpStr = authCreatorStr;
tmpStr += authCreator ? authCreator : unknownAuthCreatorStr;
writeToken(au_to_text(tmpStr.c_str()), "Authorization creator");
if (errAuthorizationSuccess == errcode)
writeReturn(0, 0);
else
writeReturn(EPERM, errcode);
close();
}
