Bug 1572432
Summary: | AuditVerify failure due to line breaks | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Asha Akkiangady <aakkiang> | |
Component: | pki-core | Assignee: | Christina Fu <cfu> | |
Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> | |
Severity: | high | Docs Contact: | ||
Priority: | high | |||
Version: | 7.5 | CC: | cfu, mharmsen, msauton, rpattath | |
Target Milestone: | rc | Keywords: | ZStream | |
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | pki-core-10.5.9-2.el7 | Doc Type: | No Doc Update | |
Doc Text: |
undefined
|
Story Points: | --- | |
Clone Of: | ||||
: | 1595606 (view as bug list) | Environment: | ||
Last Closed: | 2018-10-30 11:07:04 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1595606 |
Description
Asha Akkiangady
2018-04-27 01:45:28 UTC
Audit log entry right before the failed one is AuditEvent=CONFIG_ROLE, which contains a b64 cert that's got line breaks and confused the AuditVerify tool. Per RHEL 7.5.z/7.6/8.0 Triage: 7.5.z cfu: required for CC Notes: Investigation shows that issue reported was caused by running the following cli: pki -d /root/.dogtag/rhqa_pki/certs_db -n "PKI CA Administrator for Non-TMS-CA" -c <password> -h `hostname` -p 8080 ca-user-cert-add CAadminV --input /root/.dogtag/rhqa_pki/certs_db/CAadminV.pem For comparison, I performed the same operation through the java console and did not have the same issue: [AuditEvent=CONFIG_ROLE][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=Scope;;certs+Operation;;OP_ADD+Resource;;caaudit+cert;;-----BEGIN CERTIFICATE-----MIIB/TCCAaOgAwIBAgIBFjAKBggqhkjOPQQDAjBZMRowGAYDVQQKDBFwa2ktY2EtMDUzMGVjLWNmdTEaMBgGA1UECwwRcGtpLWNhLTA1MzBlYy1jZnUxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwHhcNMTgwNjA3MDA1NTIzWhcNMTgxMjA0MDE1NTIzWjAUMRIwEAYDVQQDDAljYWF1ZGl0b3IwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATU3WhvDYIE8vHNuG7zoFRHoAZCsg1e4592bf2B1zI0JGzmO/3iADL4m3+oisg2g1/xXYpqMBk3b66TcmbK6rFoo4GgMIGdMB8GA1UdIwQYMBaAFAxZCqNzcGTmNBBE0NZrzHKIh3+aMEsGCCsGAQUFBwEBBD8wPTA7BggrBgEFBQcwAYYvaHR0cDovL2RoY3AtMTYtMTE5LnNqYy5yZWRoYXQuY29tOjE4MDgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgPYMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAKBggqhkjOPQQDAgNIADBFAiEAr8EaOsJ7Js3G8vcmOqDGWeg0oFP1rGJiYgvn3dragQwCIEEKkYN61qFEaCk2KuaLOpsNnCFlpFeFu6aWoZoYJU8v-----END CERTIFICATE-----] role configuration parameter(s) change https://review.gerrithub.io/c/dogtagpki/pki/+/416765 commit e3c0a58596d969d0fe4a25b8ad087bc3f1cf1462 (HEAD -> master, origin/master, origin/HEAD) Author: Christina Fu <cfu.redhat.com> Date: Mon Jun 25 18:38:20 2018 -0700 Ticket 3003 AuditVerify failure due to line breaks This patch normalizes the CONFIG_ROLE audit event params to eliminate line breaks in audit entry from running pki ca-user-cert-add which would cause AuditVerify to fail. (note: adding user cert via the java console does not have such issue) fixes https://pagure.io/dogtagpki/issue/3003 Change-Id: Iac60089349e78755ff94ce3231ee294ce8668f72 [root@nocp1 ~]# rpm -qi pki-ca Name : pki-ca Version : 10.5.9 Release : 3.el7 Architecture: noarch Install Date: Thu 26 Jul 2018 10:45:40 AM EDT Group : System Environment/Daemons Size : 2451202 License : GPLv2 Signature : RSA/SHA256, Mon 23 Jul 2018 07:23:55 PM EDT, Key ID 199e2f91fd431d51 Source RPM : pki-core-10.5.9-3.el7.src.rpm Build Date : Mon 23 Jul 2018 07:10:18 PM EDT Build Host : ppc-042.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://pki.fedoraproject.org/ Summary : Certificate System - Certificate Authority Verification steps in https://bugzilla.redhat.com/show_bug.cgi?id=1595606#c5 and https://bugzilla.redhat.com/show_bug.cgi?id=1595606#c7 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3195 |