|
|
abcaba |
From b5655c1f309893919435766e0e17f8d811680abb Mon Sep 17 00:00:00 2001
|
|
|
abcaba |
From: Christina Fu <cfu@cfu-rhel7.usersys.redhat.com>
|
|
|
abcaba |
Date: Fri, 6 Sep 2019 16:49:00 -0400
|
|
|
abcaba |
Subject: [PATCH] Bug 1523330 - CC: missing audit event for CS acting as TLS
|
|
|
abcaba |
client
|
|
|
abcaba |
|
|
|
abcaba |
This patch adds failed CLIENT_ACCESS_SESSION_ESTABLISH audit event for the case
|
|
|
abcaba |
when internal ldap server goes down
|
|
|
abcaba |
|
|
|
abcaba |
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1523330
|
|
|
abcaba |
|
|
|
abcaba |
(cherry picked from commit 10d52dd0d6b562edc9e32c543017c67c1c0212a8)
|
|
|
abcaba |
---
|
|
|
abcaba |
.../netscape/cmscore/ldapconn/PKISocketFactory.java | 21 +++++++++++++++++++++
|
|
|
abcaba |
1 file changed, 21 insertions(+)
|
|
|
abcaba |
|
|
|
abcaba |
diff --git a/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java b/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java
|
|
|
abcaba |
index e9f28c9..e992016 100644
|
|
|
abcaba |
--- a/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java
|
|
|
abcaba |
+++ b/base/server/cmscore/src/com/netscape/cmscore/ldapconn/PKISocketFactory.java
|
|
|
abcaba |
@@ -31,6 +31,9 @@ import org.mozilla.jss.ssl.SSLSocket;
|
|
|
abcaba |
|
|
|
abcaba |
import com.netscape.certsrv.apps.CMS;
|
|
|
abcaba |
import com.netscape.certsrv.base.IConfigStore;
|
|
|
abcaba |
+import com.netscape.certsrv.logging.event.ClientAccessSessionEstablishEvent;
|
|
|
abcaba |
+import com.netscape.certsrv.logging.SignedAuditEvent;
|
|
|
abcaba |
+import com.netscape.cms.logging.SignedAuditLogger;
|
|
|
abcaba |
|
|
|
abcaba |
import netscape.ldap.LDAPException;
|
|
|
abcaba |
import netscape.ldap.LDAPSSLSocketFactoryExt;
|
|
|
abcaba |
@@ -44,6 +47,8 @@ import org.dogtagpki.server.PKIClientSocketListener;
|
|
|
abcaba |
*/
|
|
|
abcaba |
public class PKISocketFactory implements LDAPSSLSocketFactoryExt {
|
|
|
abcaba |
|
|
|
abcaba |
+ private static SignedAuditLogger signedAuditLogger = SignedAuditLogger.getLogger();
|
|
|
abcaba |
+
|
|
|
abcaba |
private boolean secure;
|
|
|
abcaba |
private String mClientAuthCertNickname;
|
|
|
abcaba |
private boolean mClientAuth;
|
|
|
abcaba |
@@ -140,6 +145,22 @@ public class PKISocketFactory implements LDAPSSLSocketFactoryExt {
|
|
|
abcaba |
s.setKeepAlive(keepAlive);
|
|
|
abcaba |
|
|
|
abcaba |
} catch (Exception e) {
|
|
|
abcaba |
+ // for auditing
|
|
|
abcaba |
+ String localIP = "localhost";
|
|
|
abcaba |
+ try {
|
|
|
abcaba |
+ localIP = InetAddress.getLocalHost().getHostAddress();
|
|
|
abcaba |
+ } catch (UnknownHostException e2) {
|
|
|
abcaba |
+ // default to "localhost";
|
|
|
abcaba |
+ }
|
|
|
abcaba |
+ SignedAuditEvent auditEvent;
|
|
|
abcaba |
+ auditEvent = ClientAccessSessionEstablishEvent.createFailureEvent(
|
|
|
abcaba |
+ localIP,
|
|
|
abcaba |
+ host,
|
|
|
abcaba |
+ Integer.toString(port),
|
|
|
abcaba |
+ "SYSTEM",
|
|
|
abcaba |
+ "connect:" +e.toString());
|
|
|
abcaba |
+ signedAuditLogger.log(auditEvent);
|
|
|
abcaba |
+
|
|
|
abcaba |
CMS.debug(e);
|
|
|
abcaba |
if (s != null) {
|
|
|
abcaba |
try {
|
|
|
abcaba |
--
|
|
|
abcaba |
1.8.3.1
|
|
|
abcaba |
|