diff options
author | wtchang%redhat.com <devnull@localhost> | 2006-05-10 21:48:52 +0000 |
---|---|---|
committer | wtchang%redhat.com <devnull@localhost> | 2006-05-10 21:48:52 +0000 |
commit | 56ec616b33e40948655413b77d1a063406db11c6 (patch) | |
tree | bf811f1b503764609962293db95ca9b13a6bdd32 | |
parent | a7cfa8a9bbc51ad8798e7c8ad39d33102698798b (diff) | |
download | nss-hg-56ec616b33e40948655413b77d1a063406db11c6.tar.gz |
Bugzilla Bug 298506: Do not log the token name (so the declaration of
sftk_getDefTokName in pkcs11i.h and the previous change to sftk_SlotFromID
weren't necessary). Use Linux's audit subsystem if available. r=relyea.
Modified files: fipstokn.c pkcs11.c pkcs11i.h
Tag: NSS_3_11_BRANCH
-rw-r--r-- | security/nss/lib/softoken/fipstokn.c | 60 | ||||
-rw-r--r-- | security/nss/lib/softoken/pkcs11.c | 3 | ||||
-rw-r--r-- | security/nss/lib/softoken/pkcs11i.h | 1 |
3 files changed, 54 insertions, 10 deletions
diff --git a/security/nss/lib/softoken/fipstokn.c b/security/nss/lib/softoken/fipstokn.c index 73ec4b597..472b3cad0 100644 --- a/security/nss/lib/softoken/fipstokn.c +++ b/security/nss/lib/softoken/fipstokn.c @@ -66,6 +66,36 @@ #include <unistd.h> #endif +#ifdef LINUX +#include <pthread.h> +#include <dlfcn.h> +#define LIBAUDIT_NAME "libaudit.so.0" +#ifndef AUDIT_USER +#define AUDIT_USER 1005 /* message type: message from userspace */ +#endif +static void *libaudit_handle; +static int (*audit_open_func)(void); +static void (*audit_close_func)(int fd); +static int (*audit_log_user_message_func)(int audit_fd, int type, + const char *message, const char *hostname, const char *addr, + const char *tty, int result); + +static pthread_once_t libaudit_once_control = PTHREAD_ONCE_INIT; + +static void +libaudit_init(void) +{ + libaudit_handle = dlopen(LIBAUDIT_NAME, RTLD_LAZY); + if (!libaudit_handle) { + return; + } + audit_open_func = dlsym(libaudit_handle, "audit_open"); + audit_close_func = dlsym(libaudit_handle, "audit_close"); + audit_log_user_message_func = dlsym(libaudit_handle, + "audit_log_user_message"); +} +#endif /* LINUX */ + /* * ******************** Password Utilities ******************************* @@ -285,9 +315,6 @@ void sftk_LogAuditMessage(NSSAuditSeverity severity, const char *msg) { #ifdef NSS_AUDIT_WITH_SYSLOG - SFTKSlot *slot = sftk_SlotFromID(FIPS_SLOT_ID, PR_FALSE); - const char *tokenLabel = - slot ? slot->tokDescription : sftk_getDefTokName(FIPS_SLOT_ID); int level; switch (severity) { @@ -302,10 +329,31 @@ sftk_LogAuditMessage(NSSAuditSeverity severity, const char *msg) break; } /* timestamp is provided by syslog in the message header */ - /* tokenLabel points to a 32-byte label, which is not null-terminated */ syslog(level | LOG_USER /* facility */, - "%.32s[pid=%d uid=%d]: %s", - tokenLabel, (int)getpid(), (int)getuid(), msg); + "NSS " SOFTOKEN_LIB_NAME "[pid=%d uid=%d]: %s", + (int)getpid(), (int)getuid(), msg); +#ifdef LINUX + if (pthread_once(&libaudit_once_control, libaudit_init) != 0) { + return; + } + if (libaudit_handle) { + int audit_fd; + int result = (severity != NSS_AUDIT_ERROR); /* 1=success; 0=failed */ + char *message = PR_smprintf("NSS " SOFTOKEN_LIB_NAME ": %s", msg); + if (!message) { + return; + } + audit_fd = audit_open_func(); + if (audit_fd < 0) { + PR_smprintf_free(message); + return; + } + audit_log_user_message_func(audit_fd, AUDIT_USER, message, + NULL, NULL, NULL, result); + audit_close_func(audit_fd); + PR_smprintf_free(message); + } +#endif /* LINUX */ #else /* do nothing */ #endif diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 2439e55bb..39ef7de02 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -2410,9 +2410,6 @@ sftk_SlotFromID(CK_SLOT_ID slotID, PRBool all) { SFTKSlot *slot; int index = sftk_GetModuleIndex(slotID); - if (nscSlotHashTable[index] == NULL) { - return NULL; - } slot = (SFTKSlot *)PL_HashTableLookupConst(nscSlotHashTable[index], (void *)slotID); /* cleared slots shouldn't 'show up' */ diff --git a/security/nss/lib/softoken/pkcs11i.h b/security/nss/lib/softoken/pkcs11i.h index 1bd62b93c..fd5ff6423 100644 --- a/security/nss/lib/softoken/pkcs11i.h +++ b/security/nss/lib/softoken/pkcs11i.h @@ -635,7 +635,6 @@ extern SFTKSession *sftk_SessionFromHandle(CK_SESSION_HANDLE handle); extern void sftk_FreeSession(SFTKSession *session); extern SFTKSession *sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify, CK_VOID_PTR pApplication, CK_FLAGS flags); -extern const char *sftk_getDefTokName(CK_SLOT_ID slotID); extern void sftk_update_state(SFTKSlot *slot,SFTKSession *session); extern void sftk_update_all_states(SFTKSlot *slot); extern void sftk_FreeContext(SFTKSessionContext *context); |