Source code for linotp.lib.audit.base

# -*- coding: utf-8 -*-
#
#    LinOTP - the open source solution for two factor authentication
#    Copyright (C) 2010 - 2017 KeyIdentity GmbH
#
#    This file is part of LinOTP server.
#
#    This program is free software: you can redistribute it and/or
#    modify it under the terms of the GNU Affero General Public
#    License, version 3, as published by the Free Software Foundation.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU Affero General Public License for more details.
#
#    You should have received a copy of the
#               GNU Affero General Public License
#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
#
#    E-mail: linotp@keyidentity.com
#    Contact: www.linotp.org
#    Support: www.keyidentity.com
#
"""This is the BaseClass for logging Audit Trails"""

import logging
log = logging.getLogger(__name__)
import socket

from linotp.lib.token import getTokenNumResolver
from linotp.lib.context import request_context as context


[docs]def getAuditClass(packageName, className): """ helper method to load the Audit class from a given package in literal: example: getAuditClass("SQLAudit", "Audit") check: checks, if the log method exists if not an error is thrown """ if packageName is None: log.error("No suitable Audit Class found. Working with dummy AuditBase class. " "Probably you didn't configure 'linotpAudit' in the linotp.ini file.") packageName = "linotp.lib.audit.base" className = "AuditBase" elif packageName == "linotpee.lib.Audit.SQLAudit": log.error("The linotpee package has been removed. Please modify your linotp.ini " "file: linotpAudit.type = linotp.lib.audit.SQLAudit") packageName = "linotp.lib.audit.SQLAudit" mod = __import__(packageName, globals(), locals(), [className]) klass = getattr(mod, className) if not hasattr(klass, "log"): raise NameError("Audit AttributeError: " + packageName + "." + \ className + " instance has no attribute 'log'") return "" else: return klass
[docs]def getAudit(config): audit_type = config.get("linotpAudit.type") audit = getAuditClass(audit_type, "Audit")(config) return audit
[docs]def logTokenNum(audit): """ add the current token count to the audit dict :param audit: audit dict """ # log the number of the tokens audit['action_detail'] = "tokennum = %s" % str(getTokenNumResolver())
[docs]class AuditBase(object): def __init__(self, config): self.name = "AuditBase" self.config = config
[docs] def initialize(self, request, client=None): # defaults audit = {'action_detail': '', 'info': '', 'log_level': 'INFO', 'administrator': '', 'value': '', 'key': '', 'serial': '', 'token_type': '', 'clearance_level': 0, 'linotp_server': socket.gethostname(), 'realm': '', 'user': '', 'client': '', 'success': False, } path = ("%s/%s" % (request.environ['pylons.routes_dict']['controller'], request.environ['pylons.routes_dict']['action']) ) audit['action'] = path if client: audit['client'] = client return audit
[docs] def readKeys(self): priv = self.config.get("linotpAudit.key.private") pub = self.config.get("linotpAudit.key.public") try: f = open(priv, "r") self.private = f.read() f.close() except Exception as e: log.exception("[readKeys] Error reading private key %s: (%r)" % (priv, e)) try: f = open(pub, "r") self.public = f.read() f.close() except Exception as e: log.exception("[readKeys] Error reading public key %s: (%r)" % (pub, e)) return
[docs] def getAuditId(self): return self.name
[docs] def getTotal(self, param, AND=True, display_error=True): ''' This method returns the total number of audit entries in the audit store ''' return 0
[docs] def log(self, param): ''' This method is used to log the data. It should hash the data and do a hash chain and sign the data ''' pass
[docs] def initialize_log(self, param): ''' This method initialized the log state. The fact, that the log state was initialized, also needs to be logged. Therefor the same params are passed as i the log method. ''' pass
[docs] def set(self): ''' This function could be used to set certain things like the signing key. But maybe it should only be read from linotp.ini? ''' pass
[docs] def search(self, param, AND=True, display_error=True, rp_dict=None): ''' This function is used to search audit events. param: Search parameters can be passed. return: A list of dictionaries is return. Each list element denotes an audit event. ''' result = [ {} ] return result
[docs] def searchQuery(self, param, AND=True, display_error=True, rp_dict=None): ''' This function is used to search audit events. param: Search parameters can be passed. return: An iterator is returned. ''' return iter([])

Table Of Contents