| Summary: | CC: Remove unused TPS interface calls and add audit logging | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Retired] Dogtag Certificate System | Reporter: | Ade Lee <alee> | ||||
| Component: | TPS | Assignee: | Ade Lee <alee> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 9.0 | CC: | aakkiang, alee, benl, jmagne | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2012-06-04 20:27:12 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Bug Depends On: | |||||||
| Bug Blocks: | 445047 | ||||||
| Attachments: |
|
||||||
|
Description
Ade Lee
2011-02-09 19:43:06 UTC
Created attachment 477892 [details]
patch to fix
8.1: vakwetu@goofy-vm4 redhat]$ svn ci -m "Bugzilla Bug 676421 - CC: Remove unused TPS interface calls and add audit logging" tps-ui Authentication realm: <https://svn.devel.redhat.com:443> Red Hat only: Kerberos Login Password for 'alee': Sending tps-ui/shared/docroot/tokendb/doToken.template Transmitting file data . Committed revision 15838. [vakwetu@goofy-vm4 tps]$ svn ci -m "Bugzilla Bug 676421 - CC: Remove unused TPS interface calls and add audit logging" Sending tps/src/modules/tokendb/mod_tokendb.cpp Transmitting file data . Committed revision 1834. tip: [vakwetu@dhcp231-121 tps-ui]$ svn ci -m "Bugzilla Bug 676421 - CC: Remove unused TPS interface calls and add audit logging" Sending tps-ui/shared/docroot/tokendb/doToken.template Transmitting file data . Committed revision 1835. [vakwetu@dhcp231-121 tps]$ svn ci -m "Bugzilla Bug 676421 - CC: Remove unused TPS interface calls and add audit logging" Sending tps/src/modules/tokendb/mod_tokendb.cpp Transmitting file data . Committed revision 1836. Tested TPS TUS interfaces op=revoke, op=load, op=edit_admin: - op=revoke and op=load are removed. - op=edit_admin throws message "too many tokens to edit". Tested audit logging for the op=addUser by adding a user in the TPS UI: - Signed audit log contains first name and last name used [2011-05-10 12:41:35] a4879d0 [AuditEvent=CONFIG_ROLE][SubjectID=admin][Role=Admin][Outcome=success][Object=uid;;test_agent_user1][ParamNameValPairs=givenName;;test_agent+sn;;user1] tokendb user added - Signed audit log has audit messages indicating the roles added [2011-05-10 12:41:35] a4879d0 [AuditEvent=CONFIG_ROLE][SubjectID=admin][Role=Admin][Outcome=success][Object=uid;;test_agent_user1][ParamNameValPairs=role;;operator] user deleted from role [2011-05-10 12:41:36] a4879d0 [AuditEvent=CONFIG_ROLE][SubjectID=admin][Role=Admin][Outcome=success][Object=uid;;test_agent_user1][ParamNameValPairs=role;;agent] user added to role [2011-05-10 12:41:36] a4879d0 [AuditEvent=CONFIG_ROLE][SubjectID=admin][Role=Admin][Outcome=success][Object=uid;;test_agent_user1][ParamNameValPairs=role;;admin] user deleted from role Ade will be looking into the "op=edit_admin" issue later today. Whats happening is that the tps is looking for a string that starts op=edit ... You could try op=edit_foo and get the same result. This is sloppy programming but not a bug per se, because the operation op=edit has its own authorization code etc. We should fix it to be more specific, and will likely do that in future - but it works for now. Filed a separate bug https://bugzilla.redhat.com/show_bug.cgi?id=707695 for the string parsing issue when op=edit. Marking this bug verified. |