ldap/servers/slapd/auditlog.c | 6 ++++--
2 files changed, 5 insertions(+), 2 deletions(-)
New commits:
commit ef2c3c4cc6f966935dbe367dd0d882ae81de3cc4
Author: Noriko Hosoi <nhosoi@redhat.com>
Date: Mon Aug 22 22:24:51 2016 -0700
Ticket #48969 - nsslapd-auditfaillog always has an explicit path
Bug Description:
In the current implementation, nsslapd-auditfaillog is not set,
by default. Internally, the value is NULL, which let audit fail
log share the same audit log file with nsslapd-auditlog.
Once, some path is set to nsslapd-auditfaillog, it is not allowed
to delete or set NULL or empty to it. That is, there is no way to
go back to the default behaviour.
There is another issue for the default value. Since search for
nsslapd-auditfaillog under cn=config does not return anything,
it is hard to find out where the failed logs are written.
Fix Description:
To solve the 2 issues, this patch changes the default value to an
explicit path /path/to/logdir/audit.
https://fedorahosted.org/389/ticket/48969
Reviewed by wibrown@redhat.com (Thank you, William!)
diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in
index 46b416b..8258b70 100644
--- a/ldap/ldif/template-dse.ldif.in
+++ b/ldap/ldif/template-dse.ldif.in
@@ -53,6 +53,7 @@ nsslapd-auditlog-maxlogsize: 100
nsslapd-auditlog-logrotationtime: 1
nsslapd-auditlog-logrotationtimeunit: day
nsslapd-auditlog-logging-enabled: off
+nsslapd-auditfaillog: %log_dir%/audit
nsslapd-auditfaillog-logging-enabled: off
nsslapd-rootdn: %rootdn%
nsslapd-rootpw: %ds_passwd%
diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c
index ec7111b..85d136c 100644
--- a/ldap/servers/slapd/auditlog.c
+++ b/ldap/servers/slapd/auditlog.c
@@ -112,6 +112,7 @@ write_auditfail_log_entry( Slapi_PBlock *pb )
Operation *op;
int pbrc = 0;
char *auditfail_config = NULL;
+ char *audit_config = NULL;
/* if the audit log is not enabled, just skip all of
this stuff */
@@ -167,8 +168,9 @@ write_auditfail_log_entry( Slapi_PBlock *pb )
/* log the raw, unnormalized DN */
dn = slapi_sdn_get_udn(sdn);
auditfail_config = config_get_auditfaillog();
- if (auditfail_config == NULL || strlen(auditfail_config) == 0) {
- /* If no auditfail log write to audit log */
+ audit_config = config_get_auditlog();
+ if (auditfail_config == NULL || strlen(auditfail_config) == 0 || PL_strcasecmp(auditfail_config, audit_config) == 0) {
+ /* If no auditfail log or "auditfaillog" == "auditlog", write to audit log */
write_audit_file(SLAPD_AUDIT_LOG, operation_get_type(op), dn, change, flag, curtime, pbrc, SLAPD_AUDITFAIL_LOG);
} else {
/* If we have our own auditfail log path */
--
389-commits mailing list
389-commits@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/389-commits@lists.fedoraproject.org
No comments:
Post a Comment