Bug 1708215 - maxlogsperdir accepting negative values
Summary: maxlogsperdir accepting negative values
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.7
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 7.7
Assignee: mreynolds
QA Contact: RHDS QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-05-09 11:30 UTC by Akshay Adhikari
Modified: 2019-08-06 12:59 UTC (History)
8 users (show)

Fixed In Version: 389-ds-base-1.3.9.1-8.el7
Doc Type: Bug Fix
Doc Text:
Cause: Setting the configuration setting maxlogsperdir for any of the logs (access, error, and audit) to invalid value like "-1" Consequence: The update is allowed, and it is then not properly handled by the server. Fix: Properly validate all the logging configuration settings to prevent invalid values from being applied. Result: The server only accepts valid values for the logging settings
Clone Of:
Environment:
Last Closed: 2019-08-06 12:59:17 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:2152 None None None 2019-08-06 12:59:29 UTC

Description Akshay Adhikari 2019-05-09 11:30:13 UTC
Description of problem:

nsslapd-accesslog-maxlogsperdir | nsslapd-errorlog-maxlogsperdir | nsslapd-auditlog-maxlogsperdir

All the attributes are accepting the negative value, which is not in the correct range.

Version-Release number of selected component (if applicable):

389-ds-base-1.3.9.1-5.el7.x86_64

How reproducible:

Every time

Steps to Reproduce:
1.
ldapmodify -x -p 389 -h `hostname` -D "cn=Directory Manager" -w password << EOF
dn: cn=config
changetype: modify
replace: nsslapd-auditlog-maxlogsperdir
nsslapd-auditlog-maxlogsperdir: -5
EOF

2.
ldapmodify -x -p 389 -h `hostname` -D "cn=Directory Manager" -w password << EOF
dn: cn=config
changetype: modify
replace: nsslapd-accesslog-maxlogsperdir
nsslapd-accesslog-maxlogsperdir: -5
EOF

3.
ldapmodify -x -p 389 -h `hostname` -D "cn=Directory Manager" -w password << EOF
dn: cn=config
changetype: modify
replace: nsslapd-errorlog-maxlogsperdir
nsslapd-errorlog-maxlogsperdir: -5
EOF

Actual results:

Accepting all negative value.

Expected results:

Should not accept -5 or any other negative value other than -1.

Additional info:

https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/configuration_command_and_file_reference/Core_Server_Configuration_Reference#cnconfig-nsslapd_errorlog_logrotationtime_Error_Log_Rotation_Time

Comment 2 mreynolds 2019-05-21 16:31:37 UTC
https://pagure.io/389-ds-base/issue/50393

Comment 6 Akshay Adhikari 2019-06-17 10:41:02 UTC
[root@rhel7-aadhikar-new1 ds]# py.test -v dirsrvtests/tests/suites/logging/logging_config_test.py 
============================================================================ test session starts ============================================================================
platform linux -- Python 3.6.3, pytest-4.6.3, py-1.8.0, pluggy-0.12.0 -- /opt/rh/rh-python36/root/usr/bin/python3
cachedir: .pytest_cache
metadata: {'Python': '3.6.3', 'Platform': 'Linux-3.10.0-1053.el7.x86_64-x86_64-with-redhat-7.7-Maipo', 'Packages': {'pytest': '4.6.3', 'py': '1.8.0', 'pluggy': '0.12.0'}, 'Plugins': {'metadata': '1.8.0', 'html': '1.20.0'}}
389-ds-base: 1.3.9.1-10.el7
nss: 3.44.0-4.el7
nspr: 4.21.0-1.el7
openldap: 2.4.44-21.el7_6
cyrus-sasl: 2.1.26-23.el7
FIPS: disabled
rootdir: /workspace/ds/dirsrvtests, inifile: pytest.ini
plugins: metadata-1.8.0, html-1.20.0
collected 9 items                                                                                                                                                           

dirsrvtests/tests/suites/logging/logging_config_test.py::test_logging_digit_config[logexpirationtime-invalid_vals0-valid_vals0] PASSED                                [ 11%]
dirsrvtests/tests/suites/logging/logging_config_test.py::test_logging_digit_config[maxlogsize-invalid_vals1-valid_vals1] PASSED                                       [ 22%]
dirsrvtests/tests/suites/logging/logging_config_test.py::test_logging_digit_config[logmaxdiskspace-invalid_vals2-valid_vals2] PASSED                                  [ 33%]
dirsrvtests/tests/suites/logging/logging_config_test.py::test_logging_digit_config[logminfreediskspace-invalid_vals3-valid_vals3] PASSED                              [ 44%]
dirsrvtests/tests/suites/logging/logging_config_test.py::test_logging_digit_config[mode-invalid_vals4-valid_vals4] PASSED                                             [ 55%]
dirsrvtests/tests/suites/logging/logging_config_test.py::test_logging_digit_config[maxlogsperdir-invalid_vals5-valid_vals5] PASSED                                    [ 66%]
dirsrvtests/tests/suites/logging/logging_config_test.py::test_logging_digit_config[logrotationsynchour-invalid_vals6-valid_vals6] PASSED                              [ 77%]
dirsrvtests/tests/suites/logging/logging_config_test.py::test_logging_digit_config[logrotationsyncmin-invalid_vals7-valid_vals7] PASSED                               [ 88%]
dirsrvtests/tests/suites/logging/logging_config_test.py::test_logging_digit_config[logrotationtime-invalid_vals8-valid_vals8] PASSED                                  [100%]

========================================================================= 9 passed in 18.53 seconds =========================================================================

Marking it as VERIFIED.

Comment 8 errata-xmlrpc 2019-08-06 12:59:17 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2152


Note You need to log in before you can comment on or make changes to this bug.