Bug 1465103
Summary: | Missing getter methods in JDAPFilter classes | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Matthew Harmsen <mharmsen> |
Component: | ldapjdk | Assignee: | Endi Sukma Dewata <edewata> |
Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.4 | CC: | edewata, extras-qa, kwright, mharmsen, nkinder, rmeggins, ssidhaye |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ldapjdk-4.19-5.el7 | Doc Type: | No Doc Update |
Doc Text: |
undefined
|
Story Points: | --- |
Clone Of: | 1465102 | Environment: | |
Last Closed: | 2018-04-10 16:25:17 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1465102 | ||
Bug Blocks: |
Description
Matthew Harmsen
2017-06-26 16:24:34 UTC
Per CS/DS meeting of 8/7/2017, it was determined that this bug would not be back-ported to RHEL 7.4.z. commit 3258e4276bd13f3c9cd45ddf416e77b9732f079a Author: Endi S. Dewata <edewata> Date: Mon Oct 2 17:44:02 2017 +0200 Added getter methods for JDAPFilter classes. Some JDAPFilter classes have been modified to provide getter methods to access the elements of parsed LDAP filters. Eclipse project files have been added to simplify development using Eclipse. The LDAPUrl has been modified to fix complie error in Eclipse. Some unused import statements have been removed as well. https://bugzilla.mozilla.org/show_bug.cgi?id=1376300 How do I verify this? Please provide steps to verify / validate these changes. This is an API enhancement in LDAPJDK. For LDAPJDK it should be sanity test only. The new API can be verified by running audit event filter tests for PKI (i.e. if event filter works, the new API must be working too). Build used for verification: root@csqa4-guest01 ~ # rpm -qi ldapjdk Name : ldapjdk Epoch : 0 Version : 4.19 Release : 5.el7 Architecture: noarch Install Date: Friday 08 December 2017 06:32:41 AM EST Group : Development/Java Size : 347833 License : MPLv1.1 or GPLv2+ or LGPLv2+ Signature : RSA/SHA256, Tuesday 17 October 2017 01:20:00 PM EDT, Key ID 199e2f91fd431d51 Source RPM : ldapjdk-4.19-5.el7.src.rpm Build Date : Tuesday 17 October 2017 12:57:56 PM EDT Build Host : x86-037.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://www-archive.mozilla.org/directory/javasdk.html Summary : The Mozilla LDAP Java SDK Description : The Mozilla LDAP SDKs enable you to write applications which access, manage, and update the information stored in an LDAP directory. root@csqa4-guest01 ~ # rpm -qi pki-server Name : pki-server Version : 10.5.1 Release : 5.el7 Architecture: noarch Install Date: Wednesday 03 January 2018 10:54:41 PM EST Group : System Environment/Base Size : 4788005 License : GPLv2 Signature : RSA/SHA256, Monday 11 December 2017 07:32:34 PM EST, Key ID 199e2f91fd431d51 Source RPM : pki-core-10.5.1-5.el7.src.rpm Build Date : Monday 11 December 2017 07:08:58 PM EST Build Host : ppc-034.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://pki.fedoraproject.org/ Summary : Certificate System - PKI Server Framework After adding the following filter in CS.cfg log.instance.SignedAudit.filters.CERT_REQUEST_PROCESSED=(|(InfoName=rejectReason)(InfoName=cancelReason)) Only rejected and cancelled certificate requests are shown in the audit logs. Approved certificate requests are not shown. Logs before adding filter root@csqa4-guest01 ~ # grep -nr "\[AuditEvent\=CERT_REQUEST_PROCESSED\]" /var/log/pki/rhcs92-CA-ssidhaye/ca/signedAudit/ca_audit 45:0.http-bio-8443-exec-16 - [03/Jan/2018:23:46:08 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=7][CertSerialNum=175797671] certificate request processed 52:0.http-bio-8443-exec-20 - [03/Jan/2018:23:46:11 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=8][CertSerialNum=25082264] certificate request processed 59:0.http-bio-8443-exec-24 - [03/Jan/2018:23:46:14 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=9][CertSerialNum=78183912] certificate request processed 69:0.http-bio-8443-exec-4 - [03/Jan/2018:23:46:17 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=10][CertSerialNum=261210011] certificate request processed 76:0.http-bio-8443-exec-10 - [03/Jan/2018:23:46:20 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=11][CertSerialNum=245038855] certificate request processed 83:0.http-bio-8443-exec-18 - [03/Jan/2018:23:46:21 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=12][CertSerialNum=195767496] certificate request processed 165:0.http-bio-8443-exec-5 - [03/Jan/2018:23:58:56 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=13][CertSerialNum=240995390] certificate request processed Logs after adding filter, note that logs for request ID 14 are not shown which is an approved request. root@csqa4-guest01 ~ # grep -nr "\[AuditEvent\=CERT_REQUEST_PROCESSED\]" /var/log/pki/rhcs92-CA-ssidhaye/ca/signedAudit/ca_audit 45:0.http-bio-8443-exec-16 - [03/Jan/2018:23:46:08 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=7][CertSerialNum=175797671] certificate request processed 52:0.http-bio-8443-exec-20 - [03/Jan/2018:23:46:11 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=8][CertSerialNum=25082264] certificate request processed 59:0.http-bio-8443-exec-24 - [03/Jan/2018:23:46:14 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=9][CertSerialNum=78183912] certificate request processed 69:0.http-bio-8443-exec-4 - [03/Jan/2018:23:46:17 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=10][CertSerialNum=261210011] certificate request processed 76:0.http-bio-8443-exec-10 - [03/Jan/2018:23:46:20 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=11][CertSerialNum=245038855] certificate request processed 83:0.http-bio-8443-exec-18 - [03/Jan/2018:23:46:21 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=12][CertSerialNum=195767496] certificate request processed 165:0.http-bio-8443-exec-5 - [03/Jan/2018:23:58:56 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=13][CertSerialNum=240995390] certificate request processed 248:0.http-bio-8443-exec-13 - [04/Jan/2018:01:20:50 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Failure][ReqID=15][InfoName=cancelReason][InfoValue=<null>] certificate request processed root@csqa4-guest01 ~ # Since audit event filtering is working as expected marking this bug verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0899 |