1 /*
2 BAREOS® - Backup Archiving REcovery Open Sourced
3
4 Copyright (C) 2014-2016 Bareos GmbH & Co. KG
5
6 This program is Free Software; you can redistribute it and/or
7 modify it under the terms of version three of the GNU Affero General Public
8 License as published by the Free Software Foundation and included
9 in the file LICENSE.
10
11 This program is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Affero General Public License for more details.
15
16 You should have received a copy of the GNU Affero General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19 02110-1301, USA.
20 */
21 /*
22 * Written by Marco van Wieringen, April 2014
23 */
24 /**
25 * @file
26 * BAREOS Director -- User agent auditing.
27 */
28
29 #include "include/bareos.h"
30 #include "dird.h"
31 #include "dird/dird_globals.h"
32
33 namespace directordaemon {
34
35 /* Forward referenced functions */
36
37 /**
38 * See if we need to audit this event.
39 */
AuditEventWanted(bool audit_event_enabled)40 bool UaContext::AuditEventWanted(bool audit_event_enabled)
41 {
42 if (!me->audit_events) { return audit_event_enabled; }
43
44 if (audit_event_enabled) {
45 const char* event = nullptr;
46
47 foreach_alist (event, me->audit_events) {
48 if (Bstrcasecmp(event, argk[0])) { return true; }
49 }
50 }
51
52 return false;
53 }
54
55 /**
56 * Log an audit event for a console that accesses an resource or cmd that is not
57 * allowed.
58 */
LogAuditEventAclMsg(UaContext * ua,const char * audit_msg,int acl,const char * item)59 static inline void LogAuditEventAclMsg(UaContext* ua,
60 const char* audit_msg,
61 int acl,
62 const char* item)
63 {
64 const char* user_name;
65 const char* host;
66 const char* acl_type_name;
67
68 user_name = (ua->user_acl)
69 ? ua->user_acl->corresponding_resource->resource_name_
70 : "default";
71 host = (ua->UA_sock) ? ua->UA_sock->host() : "unknown";
72
73 switch (acl) {
74 case Job_ACL:
75 acl_type_name = _("for Job");
76 break;
77 case Client_ACL:
78 acl_type_name = _("for Client");
79 break;
80 case Storage_ACL:
81 acl_type_name = _("for Storage");
82 break;
83 case Schedule_ACL:
84 acl_type_name = _("for Schedule");
85 break;
86 case Pool_ACL:
87 acl_type_name = _("for Pool");
88 break;
89 case Command_ACL:
90 acl_type_name = _("for Command");
91 break;
92 case FileSet_ACL:
93 acl_type_name = _("for Fileset");
94 break;
95 case Catalog_ACL:
96 acl_type_name = _("for Catalog");
97 break;
98 case Where_ACL:
99 acl_type_name = _("for Where restore location");
100 break;
101 case PluginOptions_ACL:
102 acl_type_name = _("for Plugin Options");
103 break;
104 default:
105 acl_type_name = "";
106 break;
107 }
108
109 Emsg4(M_AUDIT, 0, audit_msg, user_name, host, acl_type_name, item);
110 }
111
LogAuditEventAclFailure(int acl,const char * item)112 void UaContext::LogAuditEventAclFailure(int acl, const char* item)
113 {
114 if (!me->auditing) { return; }
115
116 LogAuditEventAclMsg(
117 this, _("Console [%s] from [%s], Audit acl failure %s %s\n"), acl, item);
118 }
119
LogAuditEventAclSuccess(int acl,const char * item)120 void UaContext::LogAuditEventAclSuccess(int acl, const char* item)
121 {
122 if (!me->auditing) { return; }
123
124 LogAuditEventAclMsg(
125 this, _("Console [%s] from [%s], Audit acl success %s %s\n"), acl, item);
126 }
127
128 /**
129 * Log an audit event
130 */
LogAuditEventCmdline()131 void UaContext::LogAuditEventCmdline()
132 {
133 const char* user_name;
134 const char* host;
135
136 if (!me->auditing) { return; }
137
138 user_name =
139 user_acl ? user_acl->corresponding_resource->resource_name_ : "default";
140 host = UA_sock ? UA_sock->host() : "unknown";
141
142 Emsg3(M_AUDIT, 0, _("Console [%s] from [%s] cmdline %s\n"), user_name, host,
143 cmd);
144 }
145 } /* namespace directordaemon */
146