From 192deb3b1bf9e5f359e0468809cdd81df51af4a0 Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: Mon, 22 Aug 2016 22:24:51 -0700 Subject: [PATCH 40/45] Ticket #48969 - nsslapd-auditfaillog always has an explicit path Bug Description: In the current implementation, nsslapd-auditfaillog is not set, by default. Internally, the value is NULL, which let audit fail log share the same audit log file with nsslapd-auditlog. Once, some path is set to nsslapd-auditfaillog, it is not allowed to delete or set NULL or empty to it. That is, there is no way to go back to the default behaviour. There is another issue for the default value. Since search for nsslapd-auditfaillog under cn=config does not return anything, it is hard to find out where the failed logs are written. Fix Description: To solve the 2 issues, this patch changes the default value to an explicit path /path/to/logdir/audit. https://fedorahosted.org/389/ticket/48969 Reviewed by wibrown@redhat.com (Thank you, William!) (cherry picked from commit ef2c3c4cc6f966935dbe367dd0d882ae81de3cc4) --- ldap/ldif/template-dse.ldif.in | 1 + ldap/servers/slapd/auditlog.c | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ldap/ldif/template-dse.ldif.in b/ldap/ldif/template-dse.ldif.in index 46b416b..8258b70 100644 --- a/ldap/ldif/template-dse.ldif.in +++ b/ldap/ldif/template-dse.ldif.in @@ -53,6 +53,7 @@ nsslapd-auditlog-maxlogsize: 100 nsslapd-auditlog-logrotationtime: 1 nsslapd-auditlog-logrotationtimeunit: day nsslapd-auditlog-logging-enabled: off +nsslapd-auditfaillog: %log_dir%/audit nsslapd-auditfaillog-logging-enabled: off nsslapd-rootdn: %rootdn% nsslapd-rootpw: %ds_passwd% diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c index ec7111b..85d136c 100644 --- a/ldap/servers/slapd/auditlog.c +++ b/ldap/servers/slapd/auditlog.c @@ -112,6 +112,7 @@ write_auditfail_log_entry( Slapi_PBlock *pb ) Operation *op; int pbrc = 0; char *auditfail_config = NULL; + char *audit_config = NULL; /* if the audit log is not enabled, just skip all of this stuff */ @@ -167,8 +168,9 @@ write_auditfail_log_entry( Slapi_PBlock *pb ) /* log the raw, unnormalized DN */ dn = slapi_sdn_get_udn(sdn); auditfail_config = config_get_auditfaillog(); - if (auditfail_config == NULL || strlen(auditfail_config) == 0) { - /* If no auditfail log write to audit log */ + audit_config = config_get_auditlog(); + if (auditfail_config == NULL || strlen(auditfail_config) == 0 || PL_strcasecmp(auditfail_config, audit_config) == 0) { + /* If no auditfail log or "auditfaillog" == "auditlog", write to audit log */ write_audit_file(SLAPD_AUDIT_LOG, operation_get_type(op), dn, change, flag, curtime, pbrc, SLAPD_AUDITFAIL_LOG); } else { /* If we have our own auditfail log path */ -- 2.4.11