RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1465103 - Missing getter methods in JDAPFilter classes
Summary: Missing getter methods in JDAPFilter classes
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ldapjdk
Version: 7.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Endi Sukma Dewata
QA Contact: Asha Akkiangady
URL:
Whiteboard:
Depends On: 1465102
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-06-26 16:24 UTC by Matthew Harmsen
Modified: 2018-04-10 16:25 UTC (History)
7 users (show)

Fixed In Version: ldapjdk-4.19-5.el7
Doc Type: No Doc Update
Doc Text:
undefined
Clone Of: 1465102
Environment:
Last Closed: 2018-04-10 16:25:17 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Mozilla Foundation 1376300 0 -- RESOLVED Missing getter methods in JDAPFilter classes 2020-11-06 06:57:35 UTC
Red Hat Product Errata RHBA-2018:0899 0 None None None 2018-04-10 16:25:20 UTC

Description Matthew Harmsen 2017-06-26 16:24:34 UTC 
+++ This bug was initially created as a clone of Bug #1465102 +++

User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0
Build ID: 20170608105825

Steps to reproduce:

The LDAP Java SDK provides a mechanism to parse a string LDAP filter into a JDAPFilter object tree:

  JDAPFilter filter = JDAPFilter.getFilter(strFilter);

However, some of the JDAPFilter classes do not provide methods to access the fields in the objects, limiting its usability. For example:

 * JDAPFilterSet does not provide getSet() method to access the filter set joined by the AND/OR operators.
* JDAPFilterNot does not provide getFilter() to access the filter negated by NOT operator.
 * JDAPFilterSubString does not provide getInitial(), getAny(), getFinal() to access parts of the substring filter.
Comment 3 Matthew Harmsen 2017-08-09 16:25:26 UTC 
Per CS/DS meeting of 8/7/2017, it was determined that this bug would not be back-ported to RHEL 7.4.z.
Comment 4 Matthew Harmsen 2017-10-13 23:28:49 UTC 
commit 3258e4276bd13f3c9cd45ddf416e77b9732f079a
Author: Endi S. Dewata <edewata>
Date:   Mon Oct 2 17:44:02 2017 +0200

    Added getter methods for JDAPFilter classes.
    
    Some JDAPFilter classes have been modified to provide getter
    methods to access the elements of parsed LDAP filters.
    
    Eclipse project files have been added to simplify development
    using Eclipse.
    
    The LDAPUrl has been modified to fix complie error in Eclipse.
    
    Some unused import statements have been removed as well.
    
    https://bugzilla.mozilla.org/show_bug.cgi?id=1376300
Comment 6 Sumedh Sidhaye 2017-11-20 11:44:58 UTC 
How do I verify this? Please provide steps to verify / validate these changes.
Comment 7 Endi Sukma Dewata 2017-11-20 15:35:05 UTC 
This is an API enhancement in LDAPJDK. For LDAPJDK it should be sanity test only. The new API can be verified by running audit event filter tests for PKI (i.e. if event filter works, the new API must be working too).
Comment 8 Sumedh Sidhaye 2018-01-04 07:02:00 UTC 
Build used for verification:

root@csqa4-guest01 ~ # rpm -qi ldapjdk
Name        : ldapjdk
Epoch       : 0
Version     : 4.19
Release     : 5.el7
Architecture: noarch
Install Date: Friday 08 December 2017 06:32:41 AM EST
Group       : Development/Java
Size        : 347833
License     : MPLv1.1 or GPLv2+ or LGPLv2+
Signature   : RSA/SHA256, Tuesday 17 October 2017 01:20:00 PM EDT, Key ID 199e2f91fd431d51
Source RPM  : ldapjdk-4.19-5.el7.src.rpm
Build Date  : Tuesday 17 October 2017 12:57:56 PM EDT
Build Host  : x86-037.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://www-archive.mozilla.org/directory/javasdk.html
Summary     : The Mozilla LDAP Java SDK
Description :
The Mozilla LDAP SDKs enable you to write applications which access,
manage, and update the information stored in an LDAP directory.


root@csqa4-guest01 ~ # rpm -qi pki-server
Name        : pki-server
Version     : 10.5.1
Release     : 5.el7
Architecture: noarch
Install Date: Wednesday 03 January 2018 10:54:41 PM EST
Group       : System Environment/Base
Size        : 4788005
License     : GPLv2
Signature   : RSA/SHA256, Monday 11 December 2017 07:32:34 PM EST, Key ID 199e2f91fd431d51
Source RPM  : pki-core-10.5.1-5.el7.src.rpm
Build Date  : Monday 11 December 2017 07:08:58 PM EST
Build Host  : ppc-034.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - PKI Server Framework

After adding the following filter in CS.cfg

log.instance.SignedAudit.filters.CERT_REQUEST_PROCESSED=(|(InfoName=rejectReason)(InfoName=cancelReason))


Only rejected and cancelled certificate requests are shown in the audit logs. 
Approved certificate requests are not shown.


Logs before adding filter
root@csqa4-guest01 ~ # grep -nr "\[AuditEvent\=CERT_REQUEST_PROCESSED\]" /var/log/pki/rhcs92-CA-ssidhaye/ca/signedAudit/ca_audit 
45:0.http-bio-8443-exec-16 - [03/Jan/2018:23:46:08 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=7][CertSerialNum=175797671] certificate request processed
52:0.http-bio-8443-exec-20 - [03/Jan/2018:23:46:11 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=8][CertSerialNum=25082264] certificate request processed
59:0.http-bio-8443-exec-24 - [03/Jan/2018:23:46:14 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=9][CertSerialNum=78183912] certificate request processed
69:0.http-bio-8443-exec-4 - [03/Jan/2018:23:46:17 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=10][CertSerialNum=261210011] certificate request processed
76:0.http-bio-8443-exec-10 - [03/Jan/2018:23:46:20 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=11][CertSerialNum=245038855] certificate request processed
83:0.http-bio-8443-exec-18 - [03/Jan/2018:23:46:21 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=12][CertSerialNum=195767496] certificate request processed
165:0.http-bio-8443-exec-5 - [03/Jan/2018:23:58:56 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=13][CertSerialNum=240995390] certificate request processed

Logs after adding filter, note that logs for request ID 14 are not shown which is an approved request.
root@csqa4-guest01 ~ # grep -nr "\[AuditEvent\=CERT_REQUEST_PROCESSED\]" /var/log/pki/rhcs92-CA-ssidhaye/ca/signedAudit/ca_audit 
45:0.http-bio-8443-exec-16 - [03/Jan/2018:23:46:08 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=7][CertSerialNum=175797671] certificate request processed
52:0.http-bio-8443-exec-20 - [03/Jan/2018:23:46:11 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=8][CertSerialNum=25082264] certificate request processed
59:0.http-bio-8443-exec-24 - [03/Jan/2018:23:46:14 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=9][CertSerialNum=78183912] certificate request processed
69:0.http-bio-8443-exec-4 - [03/Jan/2018:23:46:17 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=10][CertSerialNum=261210011] certificate request processed
76:0.http-bio-8443-exec-10 - [03/Jan/2018:23:46:20 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=11][CertSerialNum=245038855] certificate request processed
83:0.http-bio-8443-exec-18 - [03/Jan/2018:23:46:21 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=12][CertSerialNum=195767496] certificate request processed
165:0.http-bio-8443-exec-5 - [03/Jan/2018:23:58:56 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=13][CertSerialNum=240995390] certificate request processed
248:0.http-bio-8443-exec-13 - [04/Jan/2018:01:20:50 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Failure][ReqID=15][InfoName=cancelReason][InfoValue=<null>] certificate request processed

root@csqa4-guest01 ~ #


Since audit event filtering is working as expected marking this bug verified.
Comment 11 errata-xmlrpc 2018-04-10 16:25:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0899
Note You need to log in before you can comment on or make changes to this bug.