|
|
67803c |
From 624dc7f769c2a7744bd390eff3e3c6cd0dbd140f Mon Sep 17 00:00:00 2001
|
|
|
67803c |
From: Christina Fu <cfu@redhat.com>
|
|
|
67803c |
Date: Thu, 17 Oct 2019 16:36:05 -0700
|
|
|
67803c |
Subject: [PATCH] =?UTF-8?q?Bug=201523330=20-=20(addl=20fix)=20CC:=20missin?=
|
|
|
67803c |
=?UTF-8?q?g=20audit=20event=20for=20CS=20acting=20as=20TLS=20client=20Bug?=
|
|
|
67803c |
=?UTF-8?q?=201585722=20-=20TMS=20-=20PKISocketFactory=20=E2=80=93=20Modif?=
|
|
|
67803c |
=?UTF-8?q?y=20Logging=20to=20Allow=20External=20Use=20of=20class=20to=20w?=
|
|
|
67803c |
=?UTF-8?q?ork=20like=20CS8?=
|
|
|
67803c |
MIME-Version: 1.0
|
|
|
67803c |
Content-Type: text/plain; charset=UTF-8
|
|
|
67803c |
Content-Transfer-Encoding: 8bit
|
|
|
67803c |
|
|
|
67803c |
Fix in 1523330 might have broken 1585722; This patch is to put the audit
|
|
|
67803c |
call under if (!external) so that external apps calling this class would
|
|
|
67803c |
not reach the audit code.
|
|
|
67803c |
I only tested to be sure that the CA continues to work; QE will need to
|
|
|
67803c |
test both again.
|
|
|
67803c |
|
|
|
67803c |
https://bugzilla.redhat.com/show_bug.cgi?id=1523330
|
|
|
67803c |
https://bugzilla.redhat.com/show_bug.cgi?id=1585722
|
|
|
67803c |
(cherry picked from commit 4dfd4893b6598d79ad5d5542795c4792091905c7)
|
|
|
67803c |
---
|
|
|
67803c |
.../cmscore/ldapconn/PKISocketFactory.java | 27 ++++++++++++----------
|
|
|
67803c |
1 file changed, 15 insertions(+), 12 deletions(-)
|
|
|
67803c |
|
|
|
67803c |
diff --git a/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java b/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java
|
|
|
67803c |
index dc93f5d..6f5a876 100644
|
|
|
67803c |
--- a/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java
|
|
|
67803c |
+++ b/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java
|
|
|
67803c |
@@ -85,12 +85,12 @@ public class PKISocketFactory implements LDAPSSLSocketFactoryExt {
|
|
|
67803c |
if(!external){
|
|
|
67803c |
IConfigStore cs = CMS.getConfigStore();
|
|
|
67803c |
keepAlive = cs.getBoolean("tcp.keepAlive", true);
|
|
|
67803c |
+ sockListener = new PKIClientSocketListener();
|
|
|
67803c |
} else {
|
|
|
67803c |
keepAlive = true;
|
|
|
67803c |
}
|
|
|
67803c |
|
|
|
67803c |
log(Level.INFO, "TCP Keep-Alive: " + keepAlive, null);
|
|
|
67803c |
- sockListener = new PKIClientSocketListener();
|
|
|
67803c |
|
|
|
67803c |
} catch (Exception e) {
|
|
|
67803c |
log(Level.SEVERE, null, e);
|
|
|
67803c |
@@ -162,23 +162,26 @@ public class PKISocketFactory implements LDAPSSLSocketFactoryExt {
|
|
|
67803c |
s.setKeepAlive(keepAlive);
|
|
|
67803c |
|
|
|
67803c |
} catch (Exception e) {
|
|
|
67803c |
- // for auditing
|
|
|
67803c |
- String localIP = "localhost";
|
|
|
67803c |
- try {
|
|
|
67803c |
- localIP = InetAddress.getLocalHost().getHostAddress();
|
|
|
67803c |
- } catch (UnknownHostException e2) {
|
|
|
67803c |
- // default to "localhost";
|
|
|
67803c |
- }
|
|
|
67803c |
- SignedAuditEvent auditEvent;
|
|
|
67803c |
- auditEvent = ClientAccessSessionEstablishEvent.createFailureEvent(
|
|
|
67803c |
+ if (!external) {
|
|
|
67803c |
+ // for auditing
|
|
|
67803c |
+ String localIP = "localhost";
|
|
|
67803c |
+ try {
|
|
|
67803c |
+ localIP = InetAddress.getLocalHost().getHostAddress();
|
|
|
67803c |
+ } catch (UnknownHostException e2) {
|
|
|
67803c |
+ // default to "localhost";
|
|
|
67803c |
+ }
|
|
|
67803c |
+
|
|
|
67803c |
+ SignedAuditEvent auditEvent;
|
|
|
67803c |
+ auditEvent = ClientAccessSessionEstablishEvent.createFailureEvent(
|
|
|
67803c |
localIP,
|
|
|
67803c |
host,
|
|
|
67803c |
Integer.toString(port),
|
|
|
67803c |
"SYSTEM",
|
|
|
67803c |
"connect:" +e.toString());
|
|
|
67803c |
- signedAuditLogger.log(auditEvent);
|
|
|
67803c |
+ signedAuditLogger.log(auditEvent);
|
|
|
67803c |
+ }
|
|
|
67803c |
+ log(Level.SEVERE, null, e);
|
|
|
67803c |
|
|
|
67803c |
- CMS.debug(e);
|
|
|
67803c |
if (s != null) {
|
|
|
67803c |
try {
|
|
|
67803c |
s.close();
|
|
|
67803c |
--
|
|
|
67803c |
1.8.3.1
|
|
|
67803c |
|