search cancel

Policy management API in C

book

Article ID: 203194

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're running a SDK developped Policy API code and when the code ends with the
function Sm_PolicyApi_Release(), the processing takes between an hour
and an hour and half to complete.

We've implemented this function :

  Sm_PolicyApi_Release()

    Disconnects from the policy store and releases memory and
    resources held by the API.

    This function must be the last function called by the API client
    session. This function must be called once per client session.
    
    Failure to call this function will result in a memory leak.

  https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/programming/sdks/programming-in-c/policy-management-api-function-declarations/sm-policyapi-release.html

How can we fix this ?

 

Environment

 

Policy Server 12.8SP3 on RedHat 6

 

Cause

 

We see the Policy Server repeatedly reporting errors to insert Audit
data into the Audit Store and it fails when executing operation on
data :

smtracedefault.log

  [394476][140139103758080][11/06/2020][14:14:19.195][14:14:19][CServer.cpp:6186]
  [CServer::ProcessRequest][Enter function CServer::ProcessRequest][][][][][][][]
  [][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
  [][][][][][][][][][]

  [394476][140139103758080][11/06/2020][14:14:19.196][14:14:19][CServer.cpp:6557]
  [CServer::Tunnel][Resolved all the input parameters][][][][][][][][][][][][][][]
  [][][][][][][][][][][10.0.0.1][][][][][][][][][][][][][][][][][][][][][][][]
  [Lib='smtunnelrpc', Func='DoWork', Params='', Server='', Device=''][][][][][][][]

  [394476][140139103758080][11/06/2020][14:14:19.532][14:14:19][SmObjProvider.cpp:676]
  [CSmObjProvider::Search]
  [Searching for 'PropertyCollection' object with a search key in one domain][][]
  [][][Name : 'myaffiliate'][][][][][][][PropertyCollection]
  [][][][][][][][][][0a-00000000-0000-0000-0000-000000000000][][][][][][][][][][]
  [][][][][][][][][][][][][][][][][][][][][][][][]

  [394476][140139103758080][11/06/2020][14:14:19.540][14:14:19][SmReportsODBCLog.cpp:345]
  [][LogMessage:ERROR:[sm-Server-04560] Failed preparing audit log insert: 
  Unexpected error in database interface. Error code -1063. Code: -1063. DB Code: 0]
  [][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
  [][][][][][][][][][][][][][][][]

  [394476][140139103758080][11/06/2020][14:14:19.540][14:14:19][SmReportsODBCLog.cpp:1360]
  [SmReportsLogObj][LogAccessObject is not initialized. Failure on Construction in attempt]
  [][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
  [][][][][][][][][][][][][][][][]

  [394476][140139103758080][11/06/2020][14:14:19.540][14:14:19][SmReportsODBCLog.cpp:1395]
  [SmReportsLogObj][Failed to flush audit records to the database, because of connection errors.  
  We are not going to retry, since the retry mechanism has been disabled.  
  It would remain disabled until at least one write is successful.][][][][][][][]
  [][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
  [][][][][][][][][]

  [394476][140139103758080][11/06/2020][14:14:19.544][14:14:19][SmReportsODBCLog.cpp:345]
  [][LogMessage:ERROR:[sm-Server-04560] Failed preparing audit log insert: 
  Unexpected error in database interface. Error code -1063. Code: -1063. DB Code: 0]
  [][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
  [][][][][][][][][][][][][][][][]

  [394476][140139103758080][11/06/2020][14:14:19.769][14:14:19][SmReportsODBCLog.cpp:345]
  [][LogMessage:ERROR:[sm-Server-04560] Failed preparing audit log insert: 
  Unexpected error in database interface. Error code -1063. Code: -1063. DB Code: 0]
  [][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
  [][][][][][][][][][][][][][][][]

  [394476][140139103758080][11/06/2020][14:14:19.775][14:14:19][SmObjCache.cpp:643]
  [CSmObjCache::RefreshObjectWithLinks][Remove an object and all its subordinates from the object cache.]
  [][][][][][][][][][][][][][][][][][][][][][21-0004bb58-c283-1fa3-8237-d541112a255111]
  [22-00055494-c283-1fa3-8237-d541112a255111][][][][][][][][][][][][][][][][][][][]
  [][][][][][][][][][][][][][]

  [394476][140139103758080][11/06/2020][14:14:19.778][14:14:19][SmReportsODBCLog.cpp:345]
  [][LogMessage:ERROR:[sm-Server-04560] Failed preparing audit log insert: 
  Unexpected error in database interface. Error code -1063. Code: -1063. DB Code: 0]
  [][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
  [][][][][][][][][][][][][][][][][]

  [394476][140139103758080][11/06/2020][14:14:19.782][14:14:19][SmObjProvider.cpp:1075]
  [CSmObjProvider::Delete][Deleting 'Realm' object][][][][][][][][][][][][Realm]
  [][][][][][][][][][][06-00052b50-c283-1fa3-8237-d541112a255111][][][][][][][][][]
  [][][][][][][][][][][][][][][][][][][][][][][][]

  [394476][140139103758080][11/06/2020][14:14:19.784][14:14:19][SmObjCache.cpp:643]
  [CSmObjCache::RefreshObjectWithLinks]
  [Remove an object and all its subordinates from the object cache.][][][][][][][]
[][][][][][][][][][][][][][][03-3d847783-5e48-1003-8375-6552sd111s22]
  [06-00052b50-c283-1fa3-8237-d541112a255111][][][][][][][][][][][][][][][][][][][]
  [][][][][][][][][][][][][][]

  [394476][140139103758080][11/06/2020][14:14:19.953][14:14:19][SmReportsODBCLog.cpp:345]
  [][LogMessage:ERROR:[sm-Server-04560] Failed preparing audit log insert: 
  Unexpected error in database interface. Error code -1063. Code: -1063. DB Code: 0]
  [][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
  [][][][][][][][][][][][][][][][]

  [394476][140139103758080][11/06/2020][14:14:19.972][14:14:19][CServer.cpp:6372]
  [CServer::ProcessRequest][Leave function CServer::ProcessRequest][1626][][][][]
  [][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]
  [][][][][][][][][][][]

The scripts ends printing line "Executing Sm_PolicyApi_Release in
SiteMinder Policy API" :

scriptoutput.txt :

[...]

  Sm_PolicyApi_Logout out of SiteMinder Policy API... Returns: 0

  Executing Sm_PolicyApi_Release in SiteMinder Policy API. Failure to
  execute this will lead to memory and resource leaks ..

And before executing the Sm_PolicyApi_Release (pSmApiInitHandle)
function, it should also print

  Release SiteMinder Policy API Returns.... 

This line we can't see.

sourcecode.cpp :

[...]

    cout << "\nExecuting Sm_PolicyApi_Release in SiteMinder Policy API. Failure to execute this will lead to memory and resource leaks ..";

    /*
    //////////////////////////////////////////////////////////////////////////
    // Release API
    // This should be the last call in the policy API. Before
    // you call this function make sure all the users are
    // logged out (Sm_PolicyApi_Logout) Failure to log out
    // users will lead to memory and resource leaks.
    //////////////////////////////////////////////////////////////////////////
    */
  if (RetCode == Sm_PolicyApi_Success)
    {
        cout << "\nRelease SiteMinder Policy API Returns.... ";
      RetCode = Sm_PolicyApi_Release (pSmApiInitHandle);
      cout << RetCode << endl;
    }

    /*
    // Good Bye..... end of the program
    */
  cout << "\n\nGood bye\n";
  return RetCode;
}

 

Resolution

 

Switch from ODBC to Text Mode for Audit Logging in the smconsole and
re-ran the command. The execution of the script should take only some
seconds to process.