Bug 1708215

Summary: maxlogsperdir accepting negative values
Product: Red Hat Enterprise Linux 7 Reporter: Akshay Adhikari <aadhikar>
Component: 389-ds-baseAssignee: mreynolds
Status: CLOSED ERRATA QA Contact: RHDS QE <ds-qe-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.7CC: ebock, lkrispen, nkinder, pasik, rmeggins, spichugi, tbordaz, vashirov
Target Milestone: rc   
Target Release: 7.7   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.9.1-8.el7 Doc Type: Bug Fix
Doc Text:
Cause: Setting the configuration setting maxlogsperdir for any of the logs (access, error, and audit) to invalid value like "-1" Consequence: The update is allowed, and it is then not properly handled by the server. Fix: Properly validate all the logging configuration settings to prevent invalid values from being applied. Result: The server only accepts valid values for the logging settings
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-06 12:59:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Akshay Adhikari 2019-05-09 11:30:13 UTC 
Description of problem:

nsslapd-accesslog-maxlogsperdir | nsslapd-errorlog-maxlogsperdir | nsslapd-auditlog-maxlogsperdir

All the attributes are accepting the negative value, which is not in the correct range.

Version-Release number of selected component (if applicable):

389-ds-base-1.3.9.1-5.el7.x86_64

How reproducible:

Every time

Steps to Reproduce:
1.
ldapmodify -x -p 389 -h `hostname` -D "cn=Directory Manager" -w password << EOF
dn: cn=config
changetype: modify
replace: nsslapd-auditlog-maxlogsperdir
nsslapd-auditlog-maxlogsperdir: -5
EOF

2.
ldapmodify -x -p 389 -h `hostname` -D "cn=Directory Manager" -w password << EOF
dn: cn=config
changetype: modify
replace: nsslapd-accesslog-maxlogsperdir
nsslapd-accesslog-maxlogsperdir: -5
EOF

3.
ldapmodify -x -p 389 -h `hostname` -D "cn=Directory Manager" -w password << EOF
dn: cn=config
changetype: modify
replace: nsslapd-errorlog-maxlogsperdir
nsslapd-errorlog-maxlogsperdir: -5
EOF

Actual results:

Accepting all negative value.

Expected results:

Should not accept -5 or any other negative value other than -1.

Additional info:

https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/configuration_command_and_file_reference/Core_Server_Configuration_Reference#cnconfig-nsslapd_errorlog_logrotationtime_Error_Log_Rotation_Time
Comment 2 mreynolds 2019-05-21 16:31:37 UTC 
https://pagure.io/389-ds-base/issue/50393
Comment 6 Akshay Adhikari 2019-06-17 10:41:02 UTC 
[root@rhel7-aadhikar-new1 ds]# py.test -v dirsrvtests/tests/suites/logging/logging_config_test.py 
============================================================================ test session starts ============================================================================
platform linux -- Python 3.6.3, pytest-4.6.3, py-1.8.0, pluggy-0.12.0 -- /opt/rh/rh-python36/root/usr/bin/python3
cachedir: .pytest_cache
metadata: {'Python': '3.6.3', 'Platform': 'Linux-3.10.0-1053.el7.x86_64-x86_64-with-redhat-7.7-Maipo', 'Packages': {'pytest': '4.6.3', 'py': '1.8.0', 'pluggy': '0.12.0'}, 'Plugins': {'metadata': '1.8.0', 'html': '1.20.0'}}
389-ds-base: 1.3.9.1-10.el7
nss: 3.44.0-4.el7
nspr: 4.21.0-1.el7
openldap: 2.4.44-21.el7_6
cyrus-sasl: 2.1.26-23.el7
FIPS: disabled
rootdir: /workspace/ds/dirsrvtests, inifile: pytest.ini
plugins: metadata-1.8.0, html-1.20.0
collected 9 items                                                                                                                                                           

dirsrvtests/tests/suites/logging/logging_config_test.py::test_logging_digit_config[logexpirationtime-invalid_vals0-valid_vals0] PASSED                                [ 11%]
dirsrvtests/tests/suites/logging/logging_config_test.py::test_logging_digit_config[maxlogsize-invalid_vals1-valid_vals1] PASSED                                       [ 22%]
dirsrvtests/tests/suites/logging/logging_config_test.py::test_logging_digit_config[logmaxdiskspace-invalid_vals2-valid_vals2] PASSED                                  [ 33%]
dirsrvtests/tests/suites/logging/logging_config_test.py::test_logging_digit_config[logminfreediskspace-invalid_vals3-valid_vals3] PASSED                              [ 44%]
dirsrvtests/tests/suites/logging/logging_config_test.py::test_logging_digit_config[mode-invalid_vals4-valid_vals4] PASSED                                             [ 55%]
dirsrvtests/tests/suites/logging/logging_config_test.py::test_logging_digit_config[maxlogsperdir-invalid_vals5-valid_vals5] PASSED                                    [ 66%]
dirsrvtests/tests/suites/logging/logging_config_test.py::test_logging_digit_config[logrotationsynchour-invalid_vals6-valid_vals6] PASSED                              [ 77%]
dirsrvtests/tests/suites/logging/logging_config_test.py::test_logging_digit_config[logrotationsyncmin-invalid_vals7-valid_vals7] PASSED                               [ 88%]
dirsrvtests/tests/suites/logging/logging_config_test.py::test_logging_digit_config[logrotationtime-invalid_vals8-valid_vals8] PASSED                                  [100%]

========================================================================= 9 passed in 18.53 seconds =========================================================================

Marking it as VERIFIED.
Comment 8 errata-xmlrpc 2019-08-06 12:59:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2152