From e965c748db19f4dc3fa3e96be9ccefb75dc920b5 Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: May 19 2016 01:00:35 +0000 Subject: Ticket #48834 - Modifier's name is not recorded in the audit log with modrdn and moddn operations Description: Audit log had no support on modifier's name and newsuperior, which is now appended to the log: time: 20160518144610 dn: uid=tuser1,ou=People,dc=example,dc=com result: 0 changetype: modrdn newrdn: uid=tuser10 deleteoldrdn: 1 newsuperior: ou=OU0,ou=People,dc=example,dc=com modifiersname: cn=directory manager https://fedorahosted.org/389/ticket/48834 Reviewed by mreynolds@redhat.com (Thank you, Mark!!) --- diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c index 1461fee..9a1b502 100644 --- a/ldap/servers/slapd/auditlog.c +++ b/ldap/servers/slapd/auditlog.c @@ -21,10 +21,12 @@ #define ATTR_CHANGETYPE "changetype" #define ATTR_NEWRDN "newrdn" #define ATTR_DELETEOLDRDN "deleteoldrdn" +#define ATTR_NEWSUPERIOR "newsuperior" #define ATTR_MODIFIERSNAME "modifiersname" char *attr_changetype = ATTR_CHANGETYPE; char *attr_newrdn = ATTR_NEWRDN; char *attr_deleteoldrdn = ATTR_DELETEOLDRDN; +char *attr_newsuperior = ATTR_NEWSUPERIOR; char *attr_modifiersname = ATTR_MODIFIERSNAME; static int audit_hide_unhashed_pw = 1; @@ -33,6 +35,8 @@ static int auditfail_hide_unhashed_pw = 1; /* Forward Declarations */ static void write_audit_file(int logtype, int optype, const char *dn, void *change, int flag, time_t curtime, int rc ); +static char *modrdn_changes[4]; + void write_audit_log_entry( Slapi_PBlock *pb ) { @@ -68,10 +72,26 @@ write_audit_log_entry( Slapi_PBlock *pb ) break; case SLAPI_OPERATION_MODDN: + { + char *rdn = NULL; + Slapi_DN *snewsuperior = NULL; + char *requestor = NULL; /* newrdn: change is just for logging -- case does not matter. */ - slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &change ); + slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &rdn ); slapi_pblock_get( pb, SLAPI_MODRDN_DELOLDRDN, &flag ); + slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &snewsuperior ); + slapi_pblock_get( pb, SLAPI_REQUESTOR_DN, &requestor ); + modrdn_changes[0] = rdn; + modrdn_changes[1] = requestor; + if (snewsuperior && slapi_sdn_get_dn(snewsuperior)) { + modrdn_changes[2] = slapi_sdn_get_dn(snewsuperior); + modrdn_changes[3] = NULL; + } else { + modrdn_changes[2] = NULL; + } + change = (void *)modrdn_changes; break; + } default: return; /* Unsupported operation type. */ } @@ -120,10 +140,26 @@ write_auditfail_log_entry( Slapi_PBlock *pb ) } break; case SLAPI_OPERATION_MODDN: + { + char *rdn = NULL; + Slapi_DN *snewsuperior = NULL; + char *requestor = NULL; /* newrdn: change is just for logging -- case does not matter. */ - slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &change ); + slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &rdn ); slapi_pblock_get( pb, SLAPI_MODRDN_DELOLDRDN, &flag ); + slapi_pblock_get( pb, SLAPI_MODRDN_NEWSUPERIOR_SDN, &snewsuperior ); + slapi_pblock_get( pb, SLAPI_REQUESTOR_DN, &requestor ); + modrdn_changes[0] = rdn; + modrdn_changes[1] = requestor; + if (snewsuperior && slapi_sdn_get_dn(snewsuperior)) { + modrdn_changes[2] = slapi_sdn_get_dn(snewsuperior); + modrdn_changes[3] = NULL; + } else { + modrdn_changes[2] = NULL; + } + change = (void *)modrdn_changes; break; + } default: return; /* Unsupported operation type. */ } @@ -292,7 +328,7 @@ write_audit_file( break; case SLAPI_OPERATION_MODDN: - newrdn = change; + newrdn = ((char **)change)[0]; addlenstr( l, attr_changetype ); addlenstr( l, ": modrdn\n" ); addlenstr( l, attr_newrdn ); @@ -303,6 +339,20 @@ write_audit_file( addlenstr( l, ": " ); addlenstr( l, flag ? "1" : "0" ); addlenstr( l, "\n" ); + if (((char **)change)[2]) { + char *newsuperior = ((char **)change)[2]; + addlenstr( l, attr_newsuperior ); + addlenstr( l, ": " ); + addlenstr( l, newsuperior ); + addlenstr( l, "\n" ); + } + if (((char **)change)[1]) { + char *modifier = ((char **)change)[1]; + addlenstr( l, attr_modifiersname ); + addlenstr( l, ": " ); + addlenstr( l, modifier ); + addlenstr( l, "\n" ); + } } addlenstr( l, "\n" );