Bug 1465103 - Missing getter methods in JDAPFilter classes
Missing getter methods in JDAPFilter classes
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ldapjdk (Show other bugs)
7.4
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Endi Sukma Dewata
Asha Akkiangady
:
Depends On: 1465102
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-26 12:24 EDT by Matthew Harmsen
Modified: 2018-04-10 12:25 EDT (History)
7 users (show)

See Also:
Fixed In Version: ldapjdk-4.19-5.el7
Doc Type: No Doc Update
Doc Text:
undefined
Story Points: ---
Clone Of: 1465102
Environment:
Last Closed: 2018-04-10 12:25:17 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 1376300 None None None 2017-06-26 12:24 EDT
Red Hat Product Errata RHBA-2018:0899 None None None 2018-04-10 12:25 EDT

  None (edit)
Description Matthew Harmsen 2017-06-26 12:24:34 EDT
+++ This bug was initially created as a clone of Bug #1465102 +++

User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0
Build ID: 20170608105825

Steps to reproduce:

The LDAP Java SDK provides a mechanism to parse a string LDAP filter into a JDAPFilter object tree:

  JDAPFilter filter = JDAPFilter.getFilter(strFilter);

However, some of the JDAPFilter classes do not provide methods to access the fields in the objects, limiting its usability. For example:

 * JDAPFilterSet does not provide getSet() method to access the filter set joined by the AND/OR operators.
* JDAPFilterNot does not provide getFilter() to access the filter negated by NOT operator.
 * JDAPFilterSubString does not provide getInitial(), getAny(), getFinal() to access parts of the substring filter.
Comment 3 Matthew Harmsen 2017-08-09 12:25:26 EDT
Per CS/DS meeting of 8/7/2017, it was determined that this bug would not be back-ported to RHEL 7.4.z.
Comment 4 Matthew Harmsen 2017-10-13 19:28:49 EDT
commit 3258e4276bd13f3c9cd45ddf416e77b9732f079a
Author: Endi S. Dewata <edewata@redhat.com>
Date:   Mon Oct 2 17:44:02 2017 +0200

    Added getter methods for JDAPFilter classes.
    
    Some JDAPFilter classes have been modified to provide getter
    methods to access the elements of parsed LDAP filters.
    
    Eclipse project files have been added to simplify development
    using Eclipse.
    
    The LDAPUrl has been modified to fix complie error in Eclipse.
    
    Some unused import statements have been removed as well.
    
    https://bugzilla.mozilla.org/show_bug.cgi?id=1376300
Comment 6 Sumedh Sidhaye 2017-11-20 06:44:58 EST
How do I verify this? Please provide steps to verify / validate these changes.
Comment 7 Endi Sukma Dewata 2017-11-20 10:35:05 EST
This is an API enhancement in LDAPJDK. For LDAPJDK it should be sanity test only. The new API can be verified by running audit event filter tests for PKI (i.e. if event filter works, the new API must be working too).
Comment 8 Sumedh Sidhaye 2018-01-04 02:02:00 EST
Build used for verification:

root@csqa4-guest01 ~ # rpm -qi ldapjdk
Name        : ldapjdk
Epoch       : 0
Version     : 4.19
Release     : 5.el7
Architecture: noarch
Install Date: Friday 08 December 2017 06:32:41 AM EST
Group       : Development/Java
Size        : 347833
License     : MPLv1.1 or GPLv2+ or LGPLv2+
Signature   : RSA/SHA256, Tuesday 17 October 2017 01:20:00 PM EDT, Key ID 199e2f91fd431d51
Source RPM  : ldapjdk-4.19-5.el7.src.rpm
Build Date  : Tuesday 17 October 2017 12:57:56 PM EDT
Build Host  : x86-037.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://www-archive.mozilla.org/directory/javasdk.html
Summary     : The Mozilla LDAP Java SDK
Description :
The Mozilla LDAP SDKs enable you to write applications which access,
manage, and update the information stored in an LDAP directory.


root@csqa4-guest01 ~ # rpm -qi pki-server
Name        : pki-server
Version     : 10.5.1
Release     : 5.el7
Architecture: noarch
Install Date: Wednesday 03 January 2018 10:54:41 PM EST
Group       : System Environment/Base
Size        : 4788005
License     : GPLv2
Signature   : RSA/SHA256, Monday 11 December 2017 07:32:34 PM EST, Key ID 199e2f91fd431d51
Source RPM  : pki-core-10.5.1-5.el7.src.rpm
Build Date  : Monday 11 December 2017 07:08:58 PM EST
Build Host  : ppc-034.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - PKI Server Framework

After adding the following filter in CS.cfg

log.instance.SignedAudit.filters.CERT_REQUEST_PROCESSED=(|(InfoName=rejectReason)(InfoName=cancelReason))


Only rejected and cancelled certificate requests are shown in the audit logs. 
Approved certificate requests are not shown.


Logs before adding filter
root@csqa4-guest01 ~ # grep -nr "\[AuditEvent\=CERT_REQUEST_PROCESSED\]" /var/log/pki/rhcs92-CA-ssidhaye/ca/signedAudit/ca_audit 
45:0.http-bio-8443-exec-16 - [03/Jan/2018:23:46:08 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=7][CertSerialNum=175797671] certificate request processed
52:0.http-bio-8443-exec-20 - [03/Jan/2018:23:46:11 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=8][CertSerialNum=25082264] certificate request processed
59:0.http-bio-8443-exec-24 - [03/Jan/2018:23:46:14 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=9][CertSerialNum=78183912] certificate request processed
69:0.http-bio-8443-exec-4 - [03/Jan/2018:23:46:17 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=10][CertSerialNum=261210011] certificate request processed
76:0.http-bio-8443-exec-10 - [03/Jan/2018:23:46:20 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=11][CertSerialNum=245038855] certificate request processed
83:0.http-bio-8443-exec-18 - [03/Jan/2018:23:46:21 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=12][CertSerialNum=195767496] certificate request processed
165:0.http-bio-8443-exec-5 - [03/Jan/2018:23:58:56 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=13][CertSerialNum=240995390] certificate request processed

Logs after adding filter, note that logs for request ID 14 are not shown which is an approved request.
root@csqa4-guest01 ~ # grep -nr "\[AuditEvent\=CERT_REQUEST_PROCESSED\]" /var/log/pki/rhcs92-CA-ssidhaye/ca/signedAudit/ca_audit 
45:0.http-bio-8443-exec-16 - [03/Jan/2018:23:46:08 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=7][CertSerialNum=175797671] certificate request processed
52:0.http-bio-8443-exec-20 - [03/Jan/2018:23:46:11 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=8][CertSerialNum=25082264] certificate request processed
59:0.http-bio-8443-exec-24 - [03/Jan/2018:23:46:14 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=9][CertSerialNum=78183912] certificate request processed
69:0.http-bio-8443-exec-4 - [03/Jan/2018:23:46:17 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=10][CertSerialNum=261210011] certificate request processed
76:0.http-bio-8443-exec-10 - [03/Jan/2018:23:46:20 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=11][CertSerialNum=245038855] certificate request processed
83:0.http-bio-8443-exec-18 - [03/Jan/2018:23:46:21 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=12][CertSerialNum=195767496] certificate request processed
165:0.http-bio-8443-exec-5 - [03/Jan/2018:23:58:56 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=13][CertSerialNum=240995390] certificate request processed
248:0.http-bio-8443-exec-13 - [04/Jan/2018:01:20:50 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Failure][ReqID=15][InfoName=cancelReason][InfoValue=<null>] certificate request processed

root@csqa4-guest01 ~ #


Since audit event filtering is working as expected marking this bug verified.
Comment 11 errata-xmlrpc 2018-04-10 12:25:17 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0899

Note You need to log in before you can comment on or make changes to this bug.