Blob Blame Raw
From e5f78f9f6a8cab7bfbd33e14912508183f9da283 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Thu, 20 Apr 2017 15:01:33 -0400
Subject: [PATCH] Issue 49227 - ldapsearch for nsslapd-errorlog-level returns 
 incorrect values

Bug Description:  ldapsearch for the error log level returns the internal
                  bitmask value and not the value set in cn=config.

Fix Description:  When setting the error log level store the initial/untouched
                  value in the config entry first, then set the bitmasked
                  global log level variable.

https://pagure.io/389-ds-base/issue/49227

Reviewed by: nhosoi(Thanks!)
---
 dirsrvtests/tests/tickets/ticket49227_test.py | 111 ++++++++++++++++++++++++++
 ldap/servers/slapd/configdse.c                |   4 +-
 ldap/servers/slapd/libglobs.c                 |  11 +--
 ldap/servers/slapd/slap.h                     |   3 +-
 4 files changed, 121 insertions(+), 8 deletions(-)
 create mode 100644 dirsrvtests/tests/tickets/ticket49227_test.py

diff --git a/dirsrvtests/tests/tickets/ticket49227_test.py b/dirsrvtests/tests/tickets/ticket49227_test.py
new file mode 100644
index 0000000..86e0b9a
--- /dev/null
+++ b/dirsrvtests/tests/tickets/ticket49227_test.py
@@ -0,0 +1,111 @@
+import os
+import time
+import ldap
+import logging
+import pytest
+from lib389._constants import *
+from lib389.properties import *
+from lib389.tasks import *
+from lib389.utils import *
+from lib389.topologies import topology_st as topo
+
+DEBUGGING = os.getenv("DEBUGGING", default=False)
+if DEBUGGING:
+    logging.getLogger(__name__).setLevel(logging.DEBUG)
+else:
+    logging.getLogger(__name__).setLevel(logging.INFO)
+log = logging.getLogger(__name__)
+DEFAULT_LEVEL = "16384"
+
+
+def set_level(topo, level):
+    ''' Set the error log level
+    '''
+    try:
+        topo.standalone.modify_s("cn=config", [(ldap.MOD_REPLACE, 'nsslapd-errorlog-level', level)])
+        time.sleep(1)
+    except ldap.LDAPError as e:
+        log.fatal('Failed to set loglevel to %s - error: %s' % (level, str(e)))
+        assert False
+
+
+def get_level(topo):
+    ''' Set the error log level
+    '''
+    try:
+        config = topo.standalone.search_s("cn=config", ldap.SCOPE_BASE, "objectclass=top")
+        time.sleep(1)
+        return config[0].getValue('nsslapd-errorlog-level')
+    except ldap.LDAPError as e:
+        log.fatal('Failed to get loglevel - error: %s' % (str(e)))
+        assert False
+
+
+def get_log_size(topo):
+    ''' Get the errors log size
+    '''
+    statinfo = os.stat(topo.standalone.errlog)
+    return statinfo.st_size
+
+
+def test_ticket49227(topo):
+    """Set the error log to varying levels, and make sure a search for that value
+    reflects the expected value (not the bitmasked value.
+    """
+    log_size = get_log_size(topo)
+
+    # Check the default level
+    level = get_level(topo)
+    if level != DEFAULT_LEVEL:
+        log.fatal('Incorrect default logging level: %s' % (level))
+        assert False
+
+    # Set connection logging
+    set_level(topo, '8')
+    level = get_level(topo)
+    if level != '8':
+        log.fatal('Incorrect connection logging level: %s' % (level))
+        assert False
+
+    # Check the actual log
+    new_size = get_log_size(topo)
+    if new_size == log_size:
+        # Size should be different
+        log.fatal('Connection logging is not working')
+        assert False
+
+    # Set default logging using zero
+    set_level(topo, '0')
+    log_size = get_log_size(topo)
+    level = get_level(topo)
+    if level != DEFAULT_LEVEL:
+        log.fatal('Incorrect default logging level: %s' % (level))
+        assert False
+
+    # Check the actual log
+    new_size = get_log_size(topo)
+    if new_size != log_size:
+        # Size should be the size
+        log.fatal('Connection logging is still on')
+        assert False
+
+    # Set default logging using the default value
+    set_level(topo, DEFAULT_LEVEL)
+    level = get_level(topo)
+    if level != DEFAULT_LEVEL:
+        log.fatal('Incorrect default logging level: %s' % (level))
+        assert False
+
+    # Check the actual log
+    new_size = get_log_size(topo)
+    if new_size != log_size:
+        # Size should be the size
+        log.fatal('Connection logging is still on')
+        assert False
+
+if __name__ == '__main__':
+    # Run isolated
+    # -s for DEBUG mode
+    CURRENT_FILE = os.path.realpath(__file__)
+    pytest.main("-s %s" % CURRENT_FILE)
+
diff --git a/ldap/servers/slapd/configdse.c b/ldap/servers/slapd/configdse.c
index 78162c9..08d1ace 100644
--- a/ldap/servers/slapd/configdse.c
+++ b/ldap/servers/slapd/configdse.c
@@ -404,12 +404,12 @@ modify_config_dse(Slapi_PBlock *pb, Slapi_Entry* entryBefore, Slapi_Entry* e, in
 						config_attr);
 					rc = LDAP_UNWILLING_TO_PERFORM;
 			} else if (ignore_attr_type(config_attr)) {
-					slapi_log_err(SLAPI_LOG_WARNING, "modify_config_dse",
+					slapi_log_err(SLAPI_LOG_CONFIG, "modify_config_dse",
 						"Modification of attribute \"%s\" is not allowed, ignoring!\n",
 						config_attr);
 			} else if (SLAPI_IS_MOD_ADD(mods[i]->mod_op)) {
 				if (apply_mods) { /* log warning once */
-					slapi_log_err(SLAPI_LOG_WARNING, "modify_config_dse", 
+					slapi_log_err(SLAPI_LOG_CONFIG, "modify_config_dse",
 						"Adding configuration attribute \"%s\"\n",
 						config_attr);
 				}
diff --git a/ldap/servers/slapd/libglobs.c b/ldap/servers/slapd/libglobs.c
index 2fc9fbf..bb51827 100644
--- a/ldap/servers/slapd/libglobs.c
+++ b/ldap/servers/slapd/libglobs.c
@@ -308,7 +308,7 @@ static struct config_get_and_set {
 	{CONFIG_LOGLEVEL_ATTRIBUTE, config_set_errorlog_level,
 		NULL, 0,
 		(void**)&global_slapdFrontendConfig.errorloglevel,
-		CONFIG_SPECIAL_ERRORLOGLEVEL, NULL, SLAPD_DEFAULT_ERRORLOG_LEVEL_STR},
+		CONFIG_SPECIAL_ERRORLOGLEVEL, NULL, SLAPD_DEFAULT_FE_ERRORLOG_LEVEL_STR},
 	{CONFIG_ERRORLOG_LOGGING_ENABLED_ATTRIBUTE, NULL,
 		log_set_logging, SLAPD_ERROR_LOG,
 		(void**)&global_slapdFrontendConfig.errorlog_logging_enabled,
@@ -1597,7 +1597,7 @@ FrontendConfig_init(void) {
     cfg->errorlog_minfreespace = SLAPD_DEFAULT_LOG_MINFREESPACE;
     cfg->errorlog_exptime = SLAPD_DEFAULT_LOG_EXPTIME;
     cfg->errorlog_exptimeunit = slapi_ch_strdup(SLAPD_INIT_LOG_EXPTIMEUNIT);
-    cfg->errorloglevel = SLAPD_DEFAULT_ERRORLOG_LEVEL;
+    cfg->errorloglevel = SLAPD_DEFAULT_FE_ERRORLOG_LEVEL;
 
     init_auditlog_logging_enabled = cfg->auditlog_logging_enabled = LDAP_OFF;
     cfg->auditlog_mode = slapi_ch_strdup(SLAPD_INIT_LOG_MODE);
@@ -4474,9 +4474,10 @@ config_set_errorlog_level( const char *attrname, char *value, char *errorbuf, in
   
   if ( apply ) {
 	CFG_LOCK_WRITE(slapdFrontendConfig);
-	level |= SLAPD_DEFAULT_ERRORLOG_LEVEL; /* Always apply the new default error levels for now */
-	slapd_ldap_debug = level;
 	slapdFrontendConfig->errorloglevel = level;
+	/* Set the internal value - apply the default error level */
+	level |= SLAPD_DEFAULT_ERRORLOG_LEVEL;
+	slapd_ldap_debug = level;
 	CFG_UNLOCK_WRITE(slapdFrontendConfig);
   }
   return retVal;
@@ -5771,7 +5772,7 @@ config_get_errorlog_level(){
   retVal = slapdFrontendConfig->errorloglevel;
   CFG_UNLOCK_READ(slapdFrontendConfig);
   
-  return retVal; 
+  return retVal |= SLAPD_DEFAULT_ERRORLOG_LEVEL;
 }
 
 /*  return integer -- don't worry about locking similar to config_check_referral_mode 
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
index 5e44cc8..04c9b79 100644
--- a/ldap/servers/slapd/slap.h
+++ b/ldap/servers/slapd/slap.h
@@ -343,7 +343,8 @@ typedef void	(*VFPV)(); /* takes undefined arguments */
  *  LDAP_DEBUG_WARNING | LDAP_DEBUG_NOTICE | LDAP_DEBUG_INFO)
  */
 #define SLAPD_DEFAULT_ERRORLOG_LEVEL            266354688
-#define SLAPD_DEFAULT_ERRORLOG_LEVEL_STR        "266354688"
+#define SLAPD_DEFAULT_FE_ERRORLOG_LEVEL         16384  /* frontend log level */
+#define SLAPD_DEFAULT_FE_ERRORLOG_LEVEL_STR     "16384"
 #define SLAPD_DEFAULT_ACCESSLOG_LEVEL           256
 #define SLAPD_DEFAULT_ACCESSLOG_LEVEL_STR       "256"
 
-- 
2.9.3