Univention Bugzilla – Attachment 8119 Details for
Bug 42665
univention-directory-logger issues
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
42665.diff
file_42665.txt (text/plain), 5.36 KB, created by
Philipp Hahn
on 2016-10-17 14:40 CEST
(
hide
)
Description:
42665.diff
Filename:
MIME Type:
Creator:
Philipp Hahn
Created:
2016-10-17 14:40 CEST
Size:
5.36 KB
patch
obsolete
>diff --git a/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/directory_logger.py b/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/directory_logger.py >index d4adbb6..8f5cae0 100755 >--- a/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/directory_logger.py >+++ b/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/directory_logger.py >@@ -42,7 +42,6 @@ import grp > import subprocess > import os > import fcntl >-import copy > > import univention.debug > import univention.misc >@@ -171,12 +170,7 @@ def process_dellog(dn): > return (timestamp, dellog_id, modifier, action) > > >-def handler(dn, new, old): >- # Copy dictonaries because they will be modified >- # see https://forge.univention.org/bugzilla/show_bug.cgi?id=22564 for details >- new_copy = copy.deepcopy(new) >- old_copy = copy.deepcopy(old) >- >- if listener.configRegistry['ldap/logging'] != 'yes': >+def handler(dn, new_copy, old_copy): >+ if not listener.configRegistry.is_true('ldap/logging'): > return > >@@ -142,17 +142,14 @@ def handler(dn, new_copy, old_copy): > if not listener.configRegistry.is_true('ldap/logging'): > return > >- # check for exclusion >- skip = 0 >- excludeKeys = [key for key in listener.configRegistry.keys() if excludeKeyPattern.search(key)] >- exclude = [listener.configRegistry[key] for key in excludeKeys] >- for base in exclude: >- if dn.rfind(base) != -1: >- skip = 1 >- > listener.setuid(0) > try: >- if skip == 1: >+ # check for exclusion >+ if any( >+ value in dn >+ for key, value in listener.configRegistry.iteritems() >+ if excludeKeyPattern.match(key) >+ ): > if not new_copy: # there should be a dellog entry to remove > process_dellog(dn) > # important: don't return a thing, otherwise this dn >@@ -168,14 +168,13 @@ def handler(dn, new_copy, old_copy): > previoushash = cachefile.read() > > # get ID >- f = open(notifier_id, 'r') >- id = int(f.read()) + 1 >+ with open(notifier_id, 'r') as f: >+ id = int(f.read()) + 1 > # matches notifier transaction id. Tested for UCS 1.3-2 and 2.0. > # Note about 1.3-2: > # For user removal this matches with ++last_id as seen by the dellog overlay, > # but for user create dellog sees id-1, i.e. last_id has already been incremented before > # we see it here >- f.close() > > # 2. generate log record > if new_copy: >@@ -209,11 +208,8 @@ def handler(dn, new_copy, old_copy): > record += endtag > > # 3. write log file record >- try: >- logfile = open(logname, 'a') # append >+ with open(logname, 'a') as logfile: # append > logfile.write(record) >- finally: >- logfile.close() > # 4. calculate nexthash, omitting the final line break to make validation of the > # record more intituive > nexthash = hashlib.new(digest, record[:-1]).hexdigest() >@@ -279,12 +275,8 @@ def initialize(): > record += endtag > > # 3. write log file record >- try: >- logfile = open(logname, 'a') # append >+ with open(logname, 'a') as logfile: # append > logfile.write(record) >- finally: >- logfile.close() >- > # 4. calculate initial hash > nexthash = hashlib.new(digest, record).hexdigest() > # 5. cache nexthash (the actual logfile might be logrotated away..) >@@ -222,10 +222,8 @@ def handler(dn, new_copy, old_copy): > listener.unsetuid() > > >-def createFile(filename, withdirs=False): >+def createFile(filename): >- global uidNumber > global gidNumber >- global preferedGroup > > if gidNumber == 0: > try: >diff --git a/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/debian/univention-directory-logger.univention-config-registry-variables b/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/debian/univention-directory-logger.univention-config-registry-variables >index d7d6e02..9d4ec09 100644 >--- a/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/debian/univention-directory-logger.univention-config-registry-variables >+++ b/branches/ucs-4.1/ucs-4.1-3/management/univention-directory-logger/debian/univention-directory-logger.univention-config-registry-variables >@@ -1,7 +1,7 @@ > [ldap/logging] > Description[de]=Ist das Paket univention-directory-logger installiert und diese Variable auf 'yes' gesetzt, werden alle Ãnderungen im LDAP-Verzeichnisdienst protokolliert. Eine integrierte Hash-Summe stellt zusätzlich sicher, dass keine Ãnderungen unbemerkt aus der Logdatei entfernt werden können. Die Protokollierung erfolgt in die Datei /var/log/univention/directory-logger.log. > Description[en]=If univention-directory-logger package is installed and this variable is set to 'yes', all changes in the LDAP directory service are logged. An integrated hash sum ensures that no changes can be deleted without traces from the log file. Changes are logged to the /var/log/univention/directory-logger.log file. >-Type=str >+Type=bool > Categories=service-ldap > > [ldap/logging/exclude.*] >@@ -15,3 +15,9 @@ Description[de]=Legt den Namen des Hash-Algorithmus fest. Standard ist 'md5'. > Description[en]=Defines the name of the hash algorithm. Default is 'md5'. > Type=str > Categories=service-ldap >+ >+[ldap/logging/dellogdir] >+Description[de]=Aktiviert und legt den Namen des Verzeichnis fest, in das OpenLDAP das sog. "delete log" schreibt. >+Description[en]=Activates and defines the name of the directory, into which OpenLDAP writes the so called "delete log". >+Type=str >+Categories=service-ldap
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
Actions:
View
|
Diff
Attachments on
bug 42665
: 8119