Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 151177 Details for
Bug 234420
adminutil: Use FHS paths and general code cleanup
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
diffs
cvsdiffs (text/plain), 182.26 KB, created by
Rich Megginson
on 2007-03-29 03:03:31 UTC
(
hide
)
Description:
diffs
Filename:
MIME Type:
Creator:
Rich Megginson
Created:
2007-03-29 03:03:31 UTC
Size:
182.26 KB
patch
obsolete
>Index: adminutil/Makefile.am >=================================================================== >RCS file: /cvs/dirsec/adminutil/Makefile.am,v >retrieving revision 1.1 >diff -u -8 -r1.1 Makefile.am >--- adminutil/Makefile.am 30 Oct 2006 19:25:16 -0000 1.1 >+++ adminutil/Makefile.am 29 Mar 2007 02:53:07 -0000 >@@ -2,72 +2,107 @@ > ACLOCAL_AMFLAGS = -I m4 > > #------------------------ > # Compiler Flags > #------------------------ > BUILDNUM := $(shell perl $(srcdir)/buildnum.pl) > PLATFORM_DEFINES = @platform_defs@ > DEBUG_DEFINES = @debug_defs@ >-ADMINUTIL_DEFINES = -DADMSDK_BUILDNUM=$(BUILDNUM) -DNET_SSL >+ADMINUTIL_DEFINES = -DADMSDK_BUILDNUM=$(BUILDNUM) -DPROPERTYDIR="\"$(pkgdatadir)\"" -DNET_SSL > ADMINUTIL_INCLUDES = -I$(srcdir)/include > AM_CPPFLAGS = $(PLATFORM_DEFINES) $(DEBUG_DEFINES) $(ADMINUTIL_DEFINES) $(ADMINUTIL_INCLUDES) > > #------------------------ > # Linker Flags > #------------------------ > NSPR_LINK = @nspr_lib@ -lplc4 -lplds4 -lnspr4 > NSS_LINK = @nss_lib@ -lssl3 -lnss3 -lsoftokn3 > LDAPSDK_LINK = @ldapsdk_lib@ -lssldap60 -lldap60 -lprldap60 -lldif60 > SASL_LINK = @sasl_lib@ -lsasl2 > ICU_LINK = @icu_lib@ -licui18n -licuuc -licudata > > #------------------------ > # Build Products > #------------------------ >-pkglib_LTLIBRARIES = libadminutil.la libadmsslutil.la >-pkgdata_DATA = libadminutil_root.res >+lib_LTLIBRARIES = libadminutil.la libadmsslutil.la >+pkgdata_DATA = root.res en.res en_US.res >+ >+check_PROGRAMS = retrieveSIE retrieveSIEssl psetread psetreadssl psetwrite >+TESTS = retrieveSIE retrieveSIEssl psetread psetreadssl psetwrite >+ >+TEST_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/include @nspr_inc@ @ldapsdk_inc@ @icu_inc@ >+TEST_LDADD = libadmsslutil.la libadminutil.la $(NSPR_LINK) $(NSS_LINK) $(LDAPSDK_LINK) $(SASL_LINK) $(ICU_LINK) >+ >+retrieveSIE_SOURCES = tests/retrieveSIE.c >+retrieveSIE_CPPFLAGS = $(TEST_CPPFLAGS) >+retrieveSIE_LDADD = $(TEST_LDADD) >+ >+retrieveSIEssl_SOURCES = tests/retrieveSIEssl.c >+retrieveSIEssl_CPPFLAGS = $(TEST_CPPFLAGS) >+retrieveSIEssl_LDADD = $(TEST_LDADD) >+ >+psetread_SOURCES = tests/psetread.c >+psetread_CPPFLAGS = $(TEST_CPPFLAGS) >+psetread_LDADD = $(TEST_LDADD) >+ >+psetreadssl_SOURCES = tests/psetreadssl.c >+psetreadssl_CPPFLAGS = $(TEST_CPPFLAGS) >+psetreadssl_LDADD = $(TEST_LDADD) >+ >+psetwrite_SOURCES = tests/psetwrite.c >+psetwrite_CPPFLAGS = $(TEST_CPPFLAGS) >+psetwrite_LDADD = $(TEST_LDADD) > > #------------------------ > # Installed Files > #------------------------ >-pkginclude_DATA = $(srcdir)/include/libadminutil/admutil.h \ >+adminincdir=$(includedir)/libadminutil >+admsslincdir=$(includedir)/libadmsslutil >+ >+admininc_DATA = $(srcdir)/include/libadminutil/admutil.h \ > $(srcdir)/include/libadminutil/distadm.h \ > $(srcdir)/include/libadminutil/prodinfo.h \ > $(srcdir)/include/libadminutil/psetc.h \ > $(srcdir)/include/libadminutil/resource.h \ >- $(srcdir)/include/libadminutil/srvutil.h \ >- $(srcdir)/include/libadmsslutil/admsslutil.h \ >+ $(srcdir)/include/libadminutil/srvutil.h >+ >+admsslinc_DATA = $(srcdir)/include/libadmsslutil/admsslutil.h \ > $(srcdir)/include/libadmsslutil/certmgt.h \ > $(srcdir)/include/libadmsslutil/psetcssl.h \ > $(srcdir)/include/libadmsslutil/SECerrs.h \ > $(srcdir)/include/libadmsslutil/srvutilssl.h \ > $(srcdir)/include/libadmsslutil/SSLerrs.h > >+pkgconfigdir= $(libdir)/pkgconfig >+pkgconfig_DATA= $(PACKAGE_NAME).pc > > #//////////////////////////////////////////////////////////////// > # > # Resource Strings > # > #//////////////////////////////////////////////////////////////// >-libadminutil_root.res: lib/libadminutil/genrb_wrapper >+root.res: lib/libadminutil/genrb_wrapper > sh lib/libadminutil/genrb_wrapper -s$(srcdir)/lib/libadminutil -d. \ >- --encoding ISO_8859-1 --package-name libadminutil libadminutil.properties >+ --encoding ISO_8859-1 lib$(PACKAGE_NAME).properties > >+en.res en_US.res: root.res >+ cp $< $@ > > #//////////////////////////////////////////////////////////////// > # > # Dynamic Libraries > # > #//////////////////////////////////////////////////////////////// > > #------------------------ > # libadminutil > #------------------------ >-libadminutil_la_SOURCES = lib/libadminutil/admutil.c \ >+libadminutil_la_SOURCES = lib/libadminutil/acclanglist.c \ >+ lib/libadminutil/admutil.c \ > lib/libadminutil/distadm.c \ > lib/libadminutil/errRpt.c \ > lib/libadminutil/form_post.c \ > lib/libadminutil/psetc.c \ > lib/libadminutil/resource.c \ > lib/libadminutil/srvutil.c \ > lib/libadminutil/strlist.c \ > lib/libadminutil/uginfo.c >Index: adminutil/configure.ac >=================================================================== >RCS file: /cvs/dirsec/adminutil/configure.ac,v >retrieving revision 1.1 >diff -u -8 -r1.1 configure.ac >--- adminutil/configure.ac 30 Oct 2006 19:25:16 -0000 1.1 >+++ adminutil/configure.ac 29 Mar 2007 02:53:07 -0000 >@@ -77,23 +77,37 @@ > debug_defs="-DLDAP_DEBUG" > ], > [ > AC_MSG_RESULT(no) > debug_defs="" > ]) > AC_SUBST([debug_defs]) > >-AC_PREFIX_DEFAULT([/opt/adminutil]) >+AC_PREFIX_DEFAULT([/opt/$PACKAGE_NAME]) > > m4_include(m4/nspr.m4) > m4_include(m4/nss.m4) > m4_include(m4/mozldap.m4) > m4_include(m4/sasl.m4) > m4_include(m4/icu.m4) >+m4_include(m4/fhs.m4) >+ >+# installation paths - by default, configure will just >+# use /usr as the prefix for everything, which means >+# /usr/etc and /usr/var. FHS sez to use /etc and /var. >+if test "$with_fhs" = "yes"; then >+ ac_default_prefix=/usr >+ prefix=$ac_default_prefix >+ exec_prefix=$prefix >+dnl as opposed to the default /usr/etc >+ sysconfdir='/etc' >+dnl as opposed to the default /usr/var >+ localstatedir='/var' >+fi > > # write out paths for binary components > AC_SUBST(nspr_inc) > AC_SUBST(nspr_lib) > AC_SUBST(nspr_libdir) > AC_SUBST(nss_inc) > AC_SUBST(nss_lib) > AC_SUBST(nss_libdir) >@@ -106,12 +120,12 @@ > AC_SUBST(icu_lib) > AC_SUBST(icu_libdir) > AC_SUBST(icu_bin) > > # WINNT should be true if building on Windows system not using > # cygnus, mingw, or the like and using cmd.exe as the shell > AM_CONDITIONAL([WINNT], false) > >-AC_CONFIG_FILES([Makefile]) >+AC_CONFIG_FILES([Makefile adminutil.pc]) > AC_CONFIG_FILES([lib/libadminutil/genrb_wrapper]) > > AC_OUTPUT >Index: adminutil/include/libadminutil/admutil.h >=================================================================== >RCS file: /cvs/dirsec/adminutil/include/libadminutil/admutil.h,v >retrieving revision 1.5 >diff -u -8 -r1.5 admutil.h >--- adminutil/include/libadminutil/admutil.h 11 May 2006 23:30:31 -0000 1.5 >+++ adminutil/include/libadminutil/admutil.h 29 Mar 2007 02:53:08 -0000 >@@ -50,16 +50,25 @@ > #ifndef TO_ADMIN > #define TO_ADMIN "admserv" > #endif > > #ifndef BIG_LINE > #define BIG_LINE 1024 > #endif > >+/* This environment variable holds the name of the directory >+ containing adm.conf, admpw, and other >+ adminutil config files - if this env var is set, >+ IT WILL OVERRIDE NETSITE_ROOT AND FUNCTION ARGUMENTS to >+ functions such as admGetLocalAdmin and admldapBuildInfo >+ This was done to minimize coding changes to other modules. >+*/ >+#define ADMINUTIL_CONFDIR_ENV_VAR "ADMINUTIL_CONF_DIR" >+ > /* safs/cgi.h */ > > #ifdef __cplusplus > extern "C" { > #endif > > typedef char* NameType; > typedef char** ValueType; >@@ -85,16 +94,18 @@ > typedef char** AttrNameList; > PR_IMPLEMENT(AttrNameList) > createAttrNameList(int entries); > PR_IMPLEMENT(int) > addName(AttrNameList nl, int index, NameType name); > PR_IMPLEMENT(void) > deleteAttrNameList(AttrNameList nl); > >+PR_IMPLEMENT(void) >+deleteValue(ValueType val); > > typedef AttributePtr* AttributeList; > PR_IMPLEMENT(AttributeList) > createAttributeList(int entries); > PR_IMPLEMENT(int) > addAttribute(AttributeList nvl, int index, NameType name, ValueType val); > PR_IMPLEMENT(int) > addSingleValueAttribute(AttributeList nvl, int index, NameType name, char* val); >@@ -111,39 +122,55 @@ > admutil_getline(FILE *fstream, int maxlen, int lineno, char* buf); > > /* Utility function to get ldap Information */ > PR_IMPLEMENT(int) > admutil_uuencode(unsigned char *src, unsigned char *dst, int srclen); > > typedef void* AdmldapInfo; > >+PR_IMPLEMENT(int) >+admldapWriteInfoFile(AdmldapInfo info); >+ >+/* >+ * Just read the ldap information from the file, without also opening a connection >+ */ >+PR_IMPLEMENT(AdmldapInfo) >+admldapBuildInfoOnly(char* configRoot, int *errorcode); >+ >+/* >+ * Read the ldap info, open a connection, and bind, and specify a callback function >+ * that returns the ldap password >+ */ > PR_IMPLEMENT(AdmldapInfo) > admldapBuildInfoCbk(char* configRoot, char* (*cbk)(), int *errorcode); > >+/* >+ * Read the ldap info, open a connection, and bind >+ */ > PR_IMPLEMENT(AdmldapInfo) > admldapBuildInfo(char* configRoot, int *errorcode); > > PR_IMPLEMENT(void) > destroyAdmldap(AdmldapInfo info); > > PR_IMPLEMENT(char*) > admldapGetHost(AdmldapInfo info); > > PR_IMPLEMENT(int) > admldapGetPort(AdmldapInfo info); > > PR_IMPLEMENT(int) > admldapGetSecurity(AdmldapInfo info); > > PR_IMPLEMENT(char*) >-admldapGetCertDBFile(AdmldapInfo info); >+admldapGetSecurityDir(AdmldapInfo info); > >-PR_IMPLEMENT(char*) >-admldapGetKeyDBFile(AdmldapInfo info); >+PR_IMPLEMENT(int) >+admldapSetSecurityDir(AdmldapInfo info, const char *securityDir); > > PR_IMPLEMENT(char*) > admldapGetBaseDN(AdmldapInfo info); > > PR_IMPLEMENT(char*) > admldapGetISIEDN(AdmldapInfo info); > > PR_IMPLEMENT(char*) >@@ -153,19 +180,55 @@ > admldapGetSIEPWD(AdmldapInfo info); > > PR_IMPLEMENT(LDAP *) > admldapGetLDAPHndl(AdmldapInfo info); > > PR_IMPLEMENT(char *) > admldapGetDirectoryURL(AdmldapInfo info); > >+PR_IMPLEMENT(int) >+admldapSetDirectoryUrl(AdmldapInfo info, const char *ldapurl); >+ >+PR_IMPLEMENT(int) >+admldapSetSIEDN(AdmldapInfo info, const char *sieDN); >+ >+PR_IMPLEMENT(int) >+admldapSetISIEDN(AdmldapInfo info, const char *isieDN); >+ > PR_IMPLEMENT(char *) > admldapGetUserDN(AdmldapInfo info, char *uid); > >+PR_IMPLEMENT(char *) >+admldapGetSysUser(AdmldapInfo info); >+ >+PR_IMPLEMENT(char *) >+admldapGetSysGroup(AdmldapInfo info); >+ >+PR_IMPLEMENT(char*) >+admldapGetAdminDomain(AdmldapInfo info); >+ >+PR_IMPLEMENT(char*) >+admldapGetExpressRefreshRate(AdmldapInfo info); >+ >+PR_IMPLEMENT(char*) >+admldapGetExpressCGITimeout(AdmldapInfo info); >+ >+PR_IMPLEMENT(char*) >+admldapGetLdapStart(AdmldapInfo info); >+ >+PR_IMPLEMENT(char*) >+admldapGetConfigFileName(AdmldapInfo info); >+ >+PR_IMPLEMENT(char*) >+admldapGetAdmpwFilePath(AdmldapInfo info); >+ >+PR_IMPLEMENT(char*) >+admldapGetLocalAdminName(AdmldapInfo info); >+ > #define UG_OP_OK 0 > #define UG_NO_SSL_SUPPORT 1 > #define UG_AUTH_FAIL 2 > #define UG_ACCESS_FAIL 3 > #define UG_EMPTY_LDAPINFO 4 > #define UG_NO_TARGETDN 5 > #define UG_NULL_LDAP 6 > #define UG_NULL_DN 7 >@@ -414,80 +477,13 @@ > /* Compresses spaces in place on a string */ > /* form_post.c */ > PR_IMPLEMENT(void) compress_spaces(char *source); > > /* Compresses spaces and replaces commas with an or list */ > /* form_post.c */ > PR_IMPLEMENT(char) * compress_and_replace(char *source); > >-/****************************************************************************/ >-/* */ >-/* Migrate cron_conf related stuff to libadminutil */ >-/* */ >-/****************************************************************************/ >- >-/* read and write to cron.conf, cron_conf.c */ >-/* Alex Feygin, 3/22/96 */ >-typedef struct cron_conf_obj >-{ >- char *name; >- char *command; >- char *dir; >- char *user; >- char *start_time; >- char *days; >-} >-cron_conf_obj; >- >-typedef struct cron_conf_list >-{ >- char *name; >- cron_conf_obj *obj; >- struct cron_conf_list *next; >-} >-cron_conf_list; >- >-/* Reads cron.conf to a null terminated list of cron_conf_objects; returns >- 0 if unable to do a read; 1 otherwise */ >-PR_IMPLEMENT(int) cron_conf_read(); >- >-/* gets a cron object, NULL if it doesnt exist */ >-PR_IMPLEMENT(cron_conf_obj) *cron_conf_get(char *name); >- >-/* returns a NULL-terminated cron_conf_list of all the cron conf objects */ >-PR_IMPLEMENT(cron_conf_list) *cron_conf_get_list(); >- >-/* Creates a cron conf object; all these args get STRDUP'd in the function >- so make sure to free up the space later if need be */ >-PR_IMPLEMENT(cron_conf_obj) *cron_conf_create_obj(char *name, char *command, >- char *dir, char *user, >- char *start_time, char *days); >- >-/* Puts a cron conf object into list or updates it if it already in there. >- Returns either the object passed or the object in there already; >- cco may be FREE'd during this operation so if you need the object >- back, call it like so: >- >- cco = cron_conf_set(cco->name, cco); >- >- calling cron_conf_set with a NULL cco will cause the 'name' object >- to be deleted. >-*/ >-PR_IMPLEMENT(cron_conf_obj) *cron_conf_set(char *name, cron_conf_obj *cco); >- >-/* write out current list of cron_conf_objects to cron.conf file */ >-PR_IMPLEMENT(void) cron_conf_write(); >- >-/* free all cron conf data structures */ >-PR_IMPLEMENT(void) cron_conf_free(); >- >-/****************************************************************************/ >-/* */ >-/* End of cron_conf related stuff */ >-/* */ >-/****************************************************************************/ >- > #ifdef __cplusplus > } > #endif > > #endif /* __ADMUTIL_H__ */ >Index: adminutil/include/libadminutil/distadm.h >=================================================================== >RCS file: /cvs/dirsec/adminutil/include/libadminutil/distadm.h,v >retrieving revision 1.3 >diff -u -8 -r1.3 distadm.h >--- adminutil/include/libadminutil/distadm.h 6 Dec 2005 18:38:31 -0000 1.3 >+++ adminutil/include/libadminutil/distadm.h 29 Mar 2007 02:53:08 -0000 >@@ -48,21 +48,16 @@ > #endif > #ifndef ADM_USERDN_STRING > #define ADM_USERDN_STRING "UserDN: " > #endif > #ifndef ADM_SIEPWD_STRING > #define ADM_SIEPWD_STRING "SIEPWD: " > #endif > >-/* Initialize libadminutil, for setting up libnls relsted stuff only >- Used by non-CGI situation */ >-PR_IMPLEMENT(int) >-ADMUTIL_InitSimple(char* sr, char* lang); >- > /* Initialize libadminutil. Should be called by EVERY CGI. */ > /* util.c */ > PR_IMPLEMENT(int) ADMUTIL_Init(void); > > /* Initialize distributed admin permissions. Returns zero on success, > * nonzero on error. */ > /* distadm.c */ > PR_IMPLEMENT(int) ADM_InitializePermissions(int *errcode); >Index: adminutil/include/libadminutil/psetc.h >=================================================================== >RCS file: /cvs/dirsec/adminutil/include/libadminutil/psetc.h,v >retrieving revision 1.2 >diff -u -8 -r1.2 psetc.h >--- adminutil/include/libadminutil/psetc.h 6 Dec 2005 18:38:31 -0000 1.2 >+++ adminutil/include/libadminutil/psetc.h 29 Mar 2007 02:53:08 -0000 >@@ -56,16 +56,17 @@ > #define PSET_NO_DN 17 > #define PSET_NO_DATA 18 > #define PSET_NO_VALUE 19 > #define PSET_NO_PARENT 20 > #define PSET_PARTIAL_GET 21 > #define PSET_PARTIAL_OP 22 > #define PSET_ILLEGAL_OP 23 > #define PSET_NOT_IMPLEMENT 24 >+#define PSET_ATTR_NOT_ALLOWED 25 > > > /* > Most the Pset operation are atomic!!! Only psetGetAttrList may return > partial result. > */ > > /* Init the connection to LDAP server, >@@ -148,17 +149,17 @@ > psetGetAllAttrsACI(PsetHndl pseth, NameType attrName, int* errorcode); > > /* Retrieve the name of the all children */ > PR_IMPLEMENT(AttrNameList) > psetGetChildren(PsetHndl pseth, NameType attrName, int* errorcode); > > /* Retrieve the object type of one LDAP entry */ > PR_IMPLEMENT(ValueType) >-psetGetObjectType(PsetHndl pseth, NameType name, int* errorcode); >+psetGetObjectClass(PsetHndl pseth, NameType name, int* errorcode); > > /* Set the value of given attribute */ > PR_IMPLEMENT(int) > psetSetAttr(PsetHndl pseth, NameType name, ValueType val); > > /* Set the value of given single-valued attribute */ > PR_IMPLEMENT(int) > psetSetSingleValueAttr(PsetHndl pseth, NameType name, char* val); >@@ -194,19 +195,42 @@ > PR_IMPLEMENT(int) > psetAddEntry(PsetHndl pseth, NameType parent, NameType name, > AttrNameList objectclasses, AttributeList initList); > > /* Delete a LDAP entry */ > PR_IMPLEMENT(int) > psetDeleteEntry(PsetHndl pseth, NameType name); > >-/* Generate pset error string by given pset error number */ >-PR_IMPLEMENT(const char*) >-psetErrorString(int errorNum, char* lang); >+/* Generate pset error string by given pset error number >+ If buffer is NULL, the return value will be allocated by malloc and >+ must be free'd by the caller. Even in an error condition, if >+ buffer is NULL, a malloc'd empty string will be returned. The >+ value will be returned in buffer, if given. buffer will be >+ properly NULL terminated, even if bufsize is not large enough to >+ accomodate the entire string (i.e. it's truncated). Buffer will >+ always be NULL terminated, so that even if an error occurred, >+ buffer will be initialized to an empty string, so you do not have >+ to worry about initializing it first. If buffer is given, the >+ return value will point to buffer, so that you can use the return >+ value directly: >+ char buf[BUFSIZE]; >+ int rc = 0; >+ ... >+ fprintf(stderr, "Error: %s\n", >+ psetErrorString(num, lang, buf, sizeof(buf), &rc)); >+ >+ The rc parameter may be used to determine if there was an overflow >+ condition or some other error. If rc == 0, the operation was >+ successful. If rc == 1, an overflow occurred - the given buffer >+ was too small to hold the contents. If rc == -1 or some other >+ value, some other error occurred, >+ */ >+PR_IMPLEMENT(char*) >+psetErrorString(int errorNum, char* lang, char *buffer, size_t bufsize, int *rc); > > /* Setting up LDAP referal */ > PR_IMPLEMENT(int) > psetSetLDAPReferalInfo(PsetHndl pseth, char* userDN, char* passwd); > > /* Replicate SIE tree from source to dest */ > PR_IMPLEMENT(int) > psetReplicateSIE(PsetHndl source, PsetHndl dest, char *source_groupDN, char *dest_groupDN); >Index: adminutil/include/libadminutil/resource.h >=================================================================== >RCS file: /cvs/dirsec/adminutil/include/libadminutil/resource.h,v >retrieving revision 1.2 >diff -u -8 -r1.2 resource.h >--- adminutil/include/libadminutil/resource.h 6 Dec 2005 18:38:31 -0000 1.2 >+++ adminutil/include/libadminutil/resource.h 29 Mar 2007 02:53:08 -0000 >@@ -39,24 +39,16 @@ > */ > typedef struct > { > char *path; > char *package; > void *propset; > } Resource; > >-/* Set the search root for NLS property file >- return: 1 - OK >- 0 - Failed >- */ >-PR_IMPLEMENT(int) >-res_init_path(const char* path); >- >- > /* Initialization routine. Checks for the existence of a resourcebundle > with the default encoding - > > path: relative directory path to the properties file (ex, "server/property") > which is set by res_init_path > package: name of the properties file. (ex, "myresource") > > return value: NULL if any memory allocation fails >@@ -70,28 +62,82 @@ > to source. It tries to locate a property file according to the > acceptlanguage. > > source: pointer to Resource returned from initialization > key: nueric key value. Note than enum is generated from dbt*.h files. > For example, if you have Resdef(my_key, 1, "this is a test") in dbt*.h > file for your source, your key will be my_key. > >- return value: NULL if the property file cannot be located >- NULL if any memory allocation fails. >- const char* containing the string if all goes well. >+ If buffer is NULL, the return value will be allocated by malloc and must be free'd by >+ the caller. Even in an error condition, a malloc'd empty string will be returned. >+ The value will be returned in buffer, if given. buffer will be properly NULL terminated, >+ even if bufsize is not large enough to accomodate the entire string (i.e. it's truncated). >+ Buffer will always be NULL terminated, so that even if an error occurred, buffer will be >+ initialized to an empty string, so you do not have to worry about initializing it first. >+ If buffer is given, the return value will point to buffer, so that you can use the return >+ value directly: >+ char buf[BUFSIZE]; >+ int rc = 0; >+ ... >+ fprintf(stderr, "Error: %s\n", >+ res_getstring(source, MY_ERROR_KEY, lang, buf, sizeof(buf), &rc)); >+ >+ The rc parameter may be used to determine if there was an overflow condition or some other error. >+ If rc == 0, the operation was successful. If rc == 1, an overflow occurred - the given buffer was >+ too small to hold the contents. If rc == -1 or some other value, some other error occurred, > */ >-PR_IMPLEMENT(const char*) >-res_getstring(Resource* source, char *key, char *accept_language); >+PR_IMPLEMENT(char*) >+res_getstring(Resource* source, char *key, char *accept_language, char *buffer, size_t bufsize, int *rc); > > /* frees Resource* from initialization routine. > */ > PR_IMPLEMENT(void) > res_destroy_resource(Resource* to_destroy); > >+/* >+ ---------------------------------------------------------------- >+ res_find_and_init_resource >+ >+ Initializes a property file path. Looks for the package directory >+ in a variety of well known locations, in order, and stops after >+ the first successful attempt to stat the directory. >+ 1) the given path, if any >+ 2) the current working directory + "/property" >+ 3) getenv("ADMINUTIL_CONF_DIR") + "/property" >+ It is expected that applications will have their default property >+ directory compiled in (via configure ; make) and that's what they >+ will pass in as their first argument. The other path lookup stuff >+ is really for legacy apps or apps in which the user wants to change >+ the property directory at runtime. The package argument may be >+ NULL, if path is already package specific e.g. /usr/share/adminutil, >+ in which case path should contain the .res files. >+ ----------------------------------------------------------------- >+ */ >+PR_IMPLEMENT(Resource*) >+res_find_and_init_resource(const char *path, const char *package); >+ >+/********************/ >+/* XP_AccLangList() */ >+/********************/ >+ >+#define MAX_ACCEPT_LANGUAGE 16 >+#define MAX_ACCEPT_LENGTH 18 >+ >+typedef char ACCEPT_LANGUAGE_LIST[MAX_ACCEPT_LANGUAGE][MAX_ACCEPT_LENGTH]; >+ >+/* Given an AcceptLanguage string in the HTTP_ACCEPT_LANGUAGE format, return >+ an array of languages, sorted by the quality values (if any). If the given >+ string is empty, the list will consist of one value, "en", the default language. >+*/ >+PR_EXTERN( int ) >+XP_AccLangList(char* AcceptLanguage, >+ ACCEPT_LANGUAGE_LIST AcceptLanguageList); >+ >+ > #ifdef __cplusplus > } > #endif > > > /*******************************************************************************/ > /* > * this table contains library name >@@ -136,17 +182,17 @@ > * 3,"The value of PI is about 3.1415926536." > * > * RESOURCE_STR is used by makstrdb.c only. It is not used by getstrdb.c or > * in library or application source code. > */ > > #ifdef RESOURCE_STR > #define BEGIN_STR(argLibraryName) \ >- RESOURCE_TABLE argLibraryName[] = { 0, #argLibraryName, >+ res_RESOURCE_TABLE argLibraryName[] = { 0, #argLibraryName, > #define ResDef(argToken,argID,argString) \ > argID, argString, > #define END_STR(argLibraryName) \ > 0, 0 }; > #else > #define BEGIN_STR(argLibraryName) \ > enum { > #define ResDef(argToken,argID,argString) \ >Index: adminutil/include/libadmsslutil/admsslutil.h >=================================================================== >RCS file: /cvs/dirsec/adminutil/include/libadmsslutil/admsslutil.h,v >retrieving revision 1.2 >diff -u -8 -r1.2 admsslutil.h >--- adminutil/include/libadmsslutil/admsslutil.h 6 Dec 2005 18:38:36 -0000 1.2 >+++ adminutil/include/libadmsslutil/admsslutil.h 29 Mar 2007 02:53:08 -0000 >@@ -34,64 +34,59 @@ > #ifdef __cplusplus > extern "C" { > #endif > > PR_IMPLEMENT(int) > admldapBuildInfoSSL(AdmldapInfo info, int *errorcode); > > PR_IMPLEMENT(int) >-admldapSetAdmGrpUserDirectoryCGI(char* directoryURL, >+admldapSetAdmGrpUserDirectoryCGI(AdmldapInfo info, >+ char* directoryURL, > char* bindDN, > char* bindPassword, > char* directoryInfoRef, > int* error_code); > > PR_IMPLEMENT(int) >-admldapSetDomainUserDirectoryCGI(char* directoryURL, >+admldapSetDomainUserDirectoryCGI(AdmldapInfo info, >+ char* directoryURL, > char* bindDN, > char* bindPassword, > char* directoryInfoRef, > int* error_code); > > > void MC_sslSecmodInit(char *path); > > PR_IMPLEMENT(int) >-ADMSSL_Init(AdmldapInfo info, char *admroot); >+ADMSSL_Init(AdmldapInfo info, char *securitydir); > > PR_IMPLEMENT(int) >-ADMSSL_InitSimple(); >- >-PR_IMPLEMENT(int) >-ADMSSL_InitSimple2(char* serverRoot); >- >-PR_IMPLEMENT(void) >-servssl_init(PsetHndl pset, PRFileDesc *fd, char *admroot); >+ADMSSL_InitSimple(char *configdir, char *securitydir); > > char *ADM_GetPassword(char *prompt); > > #ifdef XP_WIN32 > char *ADM_GetPassword_wHelp(char *prompt, const char *helpURL); > #endif > > void set_security(PsetHndl pset, >- char *sroot, >- char *security, >- char *cert_file, >- char *key_file); >- >+ char *securitydir, /* where security files (key/cert db) may be found */ >+ char *configdir, /* where config files may be found */ >+ char *security); /* on or off */ > > void _conf_setdefaults(void); > char *_conf_setciphers(char *ciphers); > > PRStatus SSLPLCY_Install(void); > > const char *SSL_Strerror(PRErrorCode errNum); > >-PR_IMPLEMENT(PRFileDesc*) SSLSocket_init(PRFileDesc *req_socket); >+PR_IMPLEMENT(PRFileDesc*) >+SSLSocket_init(PRFileDesc *req_socket, const char *configdir, const char *securitydir); > > #ifdef __cplusplus > } > #endif > > > #endif /* __ADMSSLUTIL_H__ */ >Index: adminutil/include/libadmsslutil/certmgt.h >=================================================================== >RCS file: /cvs/dirsec/adminutil/include/libadmsslutil/certmgt.h,v >retrieving revision 1.2 >diff -u -8 -r1.2 certmgt.h >--- adminutil/include/libadmsslutil/certmgt.h 6 Dec 2005 18:38:36 -0000 1.2 >+++ adminutil/include/libadmsslutil/certmgt.h 29 Mar 2007 02:53:08 -0000 >@@ -33,85 +33,19 @@ > * Description (certmgt.h) > * > * This file describes the interface to a set functions used by > * admin server CGI programs to manage client certificate to login > * name mappings. > */ > > #include "cert.h" >- >-/* >- * Description (CertMap_t) >- * >- * This is an alternative format to the CertObj_t structure. It >- * contains less information, but what is there is easier to use. >- */ >- >-/*typedef struct CertMap_s CertMap_t;*/ >-/*struct CertMap_s {*/ >-/* char * username;*/ /* login name associated with cert */ >-/* char * issuercn;*/ /* issuer common name */ >-/* char * subjectcn;*/ /* subject common name */ >-/* USI_t certid;*/ /* cert id in database */ >-/*};*/ >- >-/* common flags for all types of certificates */ >-/* [copied from libsec/certdb.h] */ >-#define CERTDB_VALID_PEER (1<<0) >-#define CERTDB_TRUSTED (1<<1) >-#define CERTDB_SEND_WARN (1<<2) >-#define CERTDB_VALID_CA (1<<3) >-#define CERTDB_TRUSTED_CA (1<<4) >-#define CERTDB_NS_TRUSTED_CA (1<<5) >-#define CERTDB_USER (1<<6) >-#define CERTDB_TRUSTED_CLIENT_CA (1<<7) >- >-/* >- * This is the data stored in the permanent certificate database. >- * It is actually stored in the database as a stream of bytes of the >- * following format: >- * >- * byte offset field >- * ----------- ----- >- * 0 sslFlags >- * 1 emailFlags >- * 2 paymentFlags >- * 3 derCert-len-msb >- * 4 derCert-len-lsb >- * 5 nickname-len-msb >- * 6 nickname-len-lsb >- * ... derCert >- * ... nickname >- * >- * NOTE: the nickname string as stored in the database is null terminated, >- * in other words, the last byte of the db entry is always 0 >- * if a nickname is present. >- * NOTE: if nickname is not present, then nickname-len-msb and >- * nickname-len-lsb will both be zero. >- */ >-struct _dbCert { >- PRArenaPool *arena; >- CERTCertTrust trust; >- SECItem derCert; >- char *nickname; >-}; >- >-/* Flag values for cmgFilterCerts() */ >-#define CMGF_REVERSE 0x1 /* reverse filter */ >+#include "certdb.h" > > /* Functions in certmgt.c */ >-PR_EXPORT(int) cmgOpenCertDB(char * alias, CERTCertDBHandle**dbhandle); >-PR_EXPORT(void) cmgCloseCertDB(CERTCertDBHandle * handle); >-PR_EXPORT(int) cmgShowCerts(void * handle, char * caption); >-PR_EXPORT(int) cmgShowCertsBySlot(PK11SlotInfo *slot); >-PR_EXPORT(int) cmgShowInternalCerts(CERTCertDBHandle *handle); >-PR_EXPORT(CERTCertificate *) cmgFindCertByNickname(void * handle, >- char *nickname); >-PR_EXPORT(char *) cmgFormatName(CERTName *name); > PR_EXPORT(char *) cmgHTMLCertInfo(CERTCertificate *cert); > PR_EXPORT(CERTSignedCrl *) cmgFindCrlByName(CERTCertDBHandle *handle, char *name, int list_type); > PR_EXPORT(char *) cmgHTMLCrlInfo(CERTSignedCrl *crl); > PR_EXPORT(int) cmgShowCrls(CERTCertDBHandle *handle, int list_type); > > #ifdef __cplusplus > } > #endif >Index: adminutil/lib/libadminutil/admutil.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadminutil/admutil.c,v >retrieving revision 1.6 >diff -u -8 -r1.6 admutil.c >--- adminutil/lib/libadminutil/admutil.c 3 Nov 2006 17:41:05 -0000 1.6 >+++ adminutil/lib/libadminutil/admutil.c 29 Mar 2007 02:53:09 -0000 >@@ -19,16 +19,17 @@ > * END COPYRIGHT BLOCK **/ > #include <stdio.h> > #include <time.h> > #include <string.h> > #include <stdlib.h> > #include <ctype.h> > #include "version.h" > #include "admutil_pvt.h" >+#include "libadminutil/distadm.h" > > #ifdef XP_WIN32 > #define strcasecmp stricmp > #define strncasecmp _strnicmp > #endif > > #ifdef XP_UNIX > /* >@@ -48,16 +49,56 @@ > #ifndef PATH_MAX > #define PATH_MAX 256 > #endif > > #ifndef FILE_PATHSEP > #define FILE_PATHSEP '/' > #endif > >+/* returns true if the given path is a valid file, false otherwise */ >+static int >+is_file_ok(const char *path) >+{ >+ PRFileInfo prinfo; >+ int ret = 0; >+ >+ if (path && *path && >+ (PR_SUCCESS == PR_GetFileInfo(path, &prinfo)) && >+ prinfo.type == PR_FILE_FILE) { >+ ret = 1; >+ } >+ >+ return ret; >+} >+ >+/* returns full path and file name if the file was found somewhere, false otherwise */ >+static char * >+find_file_in_paths( >+ const char *filename, /* the base filename to look for */ >+ const char *path /* path given by caller */ >+) >+{ >+ char *retval = NULL; >+ char *adminutilConfDir = getenv(ADMINUTIL_CONFDIR_ENV_VAR); >+ >+ /* try given path */ >+ retval = PR_smprintf("%s/%s", path, filename); >+ if (!is_file_ok(retval) && adminutilConfDir) { >+ PR_smprintf_free(retval); >+ retval = PR_smprintf("%s/%s", adminutilConfDir, filename); >+ if (!is_file_ok(retval)) { >+ PR_smprintf_free(retval); >+ retval = NULL; >+ } >+ } >+ >+ return retval; >+} >+ > /* Copy from libadmin..... */ > static unsigned char uuset[] = { > 'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T', > 'U','V','W','X','Y','Z','a','b','c','d','e','f','g','h','i','j','k','l','m','n', > 'o','p','q','r','s','t','u','v','w','x','y','z','0','1','2','3','4','5','6','7', > '8','9','+','/' }; > > static int LDAP_CALL LDAP_CALLBACK >@@ -182,21 +223,27 @@ > } > > PR_IMPLEMENT(void) > deleteAttrNameList(AttrNameList nl) > { > NameType name; > AttrNameList nlptr = nl; > if (nl) { >- while (name = *nlptr++) PR_Free(name); >+ while ((name = *nlptr++)) PR_Free(name); > PR_Free(nl); > } > } > >+PR_IMPLEMENT(void) >+deleteValue(ValueType val) >+{ >+ admutil_strsFree((char **)val); >+} >+ > PR_IMPLEMENT(AttributeList) > createAttributeList(int entries) > { > AttributeList nvl = (AttributeList)PR_Malloc((entries+1)*sizeof(AttributePtr)); > if (nvl) memset(nvl, '\0', (entries+1)*sizeof(AttributePtr)); > return nvl; > > } >@@ -233,17 +280,17 @@ > else return ADMUTIL_OP_FAIL; > } > > PR_IMPLEMENT(void) > deleteAttributeList(AttributeList nvl) { > AttributePtr attr; > AttributeList nvlptr = nvl; > if (nvl) { >- while (attr = *nvlptr++) { >+ while ((attr = *nvlptr++)) { > if (attr->attrName) PR_Free(attr->attrName); > if (attr->attrVal) admutil_strsFree(attr->attrVal); > PR_Free(attr); > } > PR_Free(nvl); > } > } > >@@ -395,17 +442,17 @@ > void > listDestroy(ListNodePtr list) { > /* Clean up */ > ListNodePtr node, nextptr; > node = list; > while (node) { > nextptr = node->next; > if (node->name) PR_Free (node->name); >- if (node->dflag) PR_Free (node->val); >+ if (node->dflag) deleteValue ((ValueType)node->val); > PR_Free (node); > node= nextptr; > } > } > > > > ListNodePtr >@@ -499,27 +546,27 @@ > /* Not implemented */ > ListNodePtr node, nextptr; > > if (!list) return NULL; > > if (!strcasecmp(list->name, name)) { > nextptr = list->next; > if (list->name) PR_Free(list->name); >- if (list->dflag) PR_Free (list->val); >+ if (list->dflag) deleteValue ((ValueType)list->val); > PR_Free(list); > return nextptr; > } > > node = list; > while (node->next) { > if (!strcasecmp(node->next->name, name)) { > nextptr = node->next->next; > if (node->next->name) PR_Free (node->next->name); >- if (node->next->dflag) PR_Free (node->next->val); >+ if (node->next->dflag) deleteValue ((ValueType)node->next->val); > PR_Free (node->next); > node->next = nextptr; > return list; > } > node = node->next; > } > return list; > } >@@ -549,17 +596,17 @@ > void > nvlistDestroy(ListNodePtr list) > { > ListNodePtr node = list; > > if (!list) return; > > while (node) { >- admutil_strsFree((ValueType)(node->val)); >+ deleteValue(node->val); > node = node->next; > } > > listDestroy(list); > } > > ValueType > valListConvert(ListNodePtr list) >@@ -586,17 +633,17 @@ > createUpdateList(AttributeList nvl) > { > AttributePtr nv; > AttributeList nvlptr = nvl; > char namebuf[256]; > char *attrName, *nodeName; > ListNodePtr resultList = NULL, nodePtr, attrPtr; > >- while (nv = *nvlptr++) { >+ while ((nv = *nvlptr++)) { > PR_snprintf(namebuf, sizeof(namebuf), "%s", nv->attrName); > attrName = strrchr(namebuf, '.'); > if (!attrName) { > attrName = namebuf; > nodeName = ""; > } > else { > *attrName = '\0'; >@@ -680,32 +727,32 @@ > else return NULL; > } > > ValueType > treeFindValue(TreeNodePtr root, char* name) > { > TreeNodePtr target; > >- if (target = treeFindNode(root, name) ) return valListConvert(target->val); >+ if ((target = treeFindNode(root, name))) return valListConvert(target->val); > else return NULL; > } > > char* > treeFindValueAt(TreeNodePtr root, char* name, int index) > { > > ValueType vals; > char* val; > > vals = treeFindValue(root, name); > > if (vals) { > val = PL_strdup(vals[0]); >- admutil_strsFree(vals); >+ deleteValue(vals); > return val; > } > else return NULL; > } > > TreeNodePtr > treeAddNode(TreeNodePtr node, TreeNodePtr newNode) { > >@@ -861,17 +908,17 @@ > if (!parentString || *parentString == '\0') > fprintf(fstream, "%s: ", node->name); > else fprintf(fstream, "%s.%s: ", parentString, node->name); > > listPtr = node->val; > while (listPtr) { > PR_snprintf(valBuf, sizeof(valBuf), "%s", listPtr->name); > sptr = valBuf; >- while (cptr = strchr(sptr, '\n')) { >+ while ((cptr = strchr(sptr, '\n'))) { > *cptr++ = '\0'; > fprintf(fstream, "%s\n ", sptr); > sptr=cptr; > } > fprintf(fstream, "%s\n", sptr); > listPtr = listPtr->next; > } > >@@ -881,25 +928,25 @@ > > TreeNodePtr > treeImport(FILE *fstream, int* errorcode) > { > int status, lineno=1, valLen=0; > char linebuf[MAX_LEN], *name=NULL, *val=NULL; > char valBuf[BUFSIZ], *valptr = valBuf; > int valBuf_len = sizeof(valBuf); >- TreeNodePtr rootNode = NULL, tmpNode = NULL; >+ TreeNodePtr rootNode = NULL; > > if (!fstream) return NULL; > if (!errorcode) return NULL; > > valBuf[0] = '\0'; > > while(1) { >- switch(status = admutil_getline(fstream, MAX_LEN, lineno++, linebuf)) { >+ switch(status = admutil_getline(fstream, sizeof(linebuf), lineno++, linebuf)) { > case -1: > /* Error on reading, SET ERRORCODE */ > *errorcode = ADMUTIL_SYSTEM_ERR; > if (rootNode) treeRemoveTree(rootNode); > return NULL; > break; > case 1: > /* EOF, out of here */ >@@ -1023,29 +1070,29 @@ > return newMod; > } > > void > deleteMod(LDAPMod* mod) > { > if (mod) { > if (mod->mod_type) PR_Free ( mod->mod_type ); >- if (mod->mod_values) PR_Free (mod->mod_values); >+ if (mod->mod_values) admutil_strsFree (mod->mod_values); > PR_Free( mod ); > } > } > > void > deleteMods(LDAPMod** mods) > { > LDAPMod* mod; > LDAPMod** modsptr = mods; > > if (mods) { >- while (mod = *modsptr++) deleteMod(mod); >+ while ((mod = *modsptr++)) deleteMod(mod); > PR_Free(mods); > } > > } > > /* DT 12/13/97 > * admldapBuildInfo calls this function to unescape the URI and also normalize > * the uri. Normalizing the uri converts all "\" characters in the URI >@@ -1068,136 +1115,189 @@ > } > else > if(u != t) > *u = *t; > } > *u = *t; > } > >+/* >+ * Write the info back to its config file >+ */ >+PR_IMPLEMENT(int) >+admldapWriteInfoFile(AdmldapInfo info) >+{ >+ AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; >+ int errorcode = ADMUTIL_OP_OK; >+ FILE *fileStream = NULL; >+ >+ if (admInfo && admInfo->configInfo && admInfo->configFilePath) { >+ if((fileStream = fopen(admInfo->configFilePath, "w")) == NULL) { >+ /* Error open file */ >+ errorcode = ADMUTIL_SYSTEM_ERR; >+ goto done; >+ } >+ treeExport(fileStream, NULL, admInfo->configInfo); >+ } >+ >+done: >+ if (fileStream) { >+ fclose(fileStream); >+ } >+ return errorcode; >+} >+ >+/* This function is useful if you just want to read the adm.conf info >+ without opening an ldap connection >+*/ > PR_IMPLEMENT(AdmldapInfo) >-admldapBuildInfoCbk(char* configRoot, char *(*cbk)(), int *errorcode) >+admldapBuildInfoOnly(char* configRoot, int *errorcode) > { > FILE *fileStream; >- char *serverRoot = getenv("NETSITE_ROOT"); >- char *sieDN = NULL, *siePasswd = NULL; > AdmldapHdnlPtr admInfo = NULL; > TreeNodePtr configInfo = NULL; >- char path[PATH_MAX], ldapInfoPath[PATH_MAX], buf[MAX_LEN], >+ char *path = NULL; >+ char buf[MAX_LEN], > *name= NULL, *password=NULL; >- char *p; >- int status, ldapError; >- char *ldapurl, *tmpptr; >+ int status; > LDAPURLDesc *ldapInfo; >- int secureLDAP = 0; > > *errorcode = ADMUTIL_OP_OK; > >- if (configRoot) { >- PR_snprintf(path, sizeof(path), "%s%cadm.conf", configRoot, FILE_PATHSEP); >- PR_snprintf(ldapInfoPath, sizeof(ldapInfoPath), >- "%s%c..%c..%cshared%cconfig%cdbswitch.conf", >- configRoot, FILE_PATHSEP, FILE_PATHSEP, FILE_PATHSEP, >- FILE_PATHSEP, FILE_PATHSEP); >- } >- else { >- if (serverRoot) { >- PR_snprintf(path, sizeof(path), >- "%s%cadmin-serv%cconfig%cadm.conf", >- serverRoot, FILE_PATHSEP, FILE_PATHSEP, FILE_PATHSEP); >- PR_snprintf(ldapInfoPath, sizeof(ldapInfoPath), >- "%s%cshared%cconfig%cdbswitch.conf", >- serverRoot, FILE_PATHSEP, FILE_PATHSEP, FILE_PATHSEP); >- } >- else { >- *errorcode = ADMUTIL_ENV_ERR; >- return NULL; >- } >+ path = find_file_in_paths("adm.conf", configRoot); >+ if (!path) { >+ *errorcode = ADMUTIL_ENV_ERR; >+ return NULL; > } > > if((fileStream = fopen(path, "r")) == NULL) { > /* Error open file */ > *errorcode = ADMUTIL_SYSTEM_ERR; >+ PR_smprintf_free(path); > return NULL; > } > > configInfo = treeImport(fileStream, errorcode); > fclose(fileStream); > > if (!configInfo) { *errorcode = ADMUTIL_SYSTEM_ERR; return NULL; } > > admInfo = (AdmldapHdnlPtr)PR_Malloc(sizeof(AdmldapHdnl)); > if (!admInfo) { *errorcode = ADMUTIL_SYSTEM_ERR; return NULL; } > memset(admInfo, '\0', sizeof(AdmldapHdnl)); > >- admInfo->configFilePath = PL_strdup(path); >+ admInfo->configFilePath = path; /* hand off memory */ >+ path = NULL; > if (!admInfo->configFilePath) { > PR_Free(admInfo); > *errorcode = ADMUTIL_SYSTEM_ERR; > return NULL; > } > > admInfo->configInfo = configInfo; > >- >- if((fileStream = fopen(ldapInfoPath, "r")) == NULL) { >+ if (!(admInfo->serverDirectoryURL = treeFindValueAt(admInfo->configInfo, "ldapurl", 0))) { /* admInfo owns malloced memory now */ > /* Error open file */ > *errorcode = ADMUTIL_SYSTEM_ERR; > destroyAdmldap((AdmldapInfo)admInfo); > return NULL; > } > >- /* There is one line in dbswitch.conf, of the form: >- * >- * directory default ldap://skydome.mcom.com:5555/baseDN >- */ >- p = fgets(ldapInfoPath, PATH_MAX, fileStream); >- fclose(fileStream); >- >- if (!p) { >+ if (ldap_url_parse(admInfo->serverDirectoryURL, &ldapInfo)) { > *errorcode = ADMUTIL_SYSTEM_ERR; >- destroyAdmldap((AdmldapInfo)admInfo); > return NULL; > } > >- if (tmpptr = strchr(p, '\n')) *tmpptr= '\0'; >+ admInfo->ldapInfo = ldapInfo; > >- if ((ldapurl = strstr(p, "ldap")) == NULL) { >- *errorcode = ADMUTIL_SYSTEM_ERR; >- return NULL; >+ /* sieDN owns malloced memory returned by treeFindValueAt */ >+ admInfo->sieDN = treeFindValueAt(admInfo->configInfo, "sie", 0); >+ >+ /* Try to get local admin's name and password */ >+ path = find_file_in_paths("admpw", configRoot); >+ if (!path) { >+ *errorcode = ADMUTIL_ENV_ERR; >+ destroyAdmldap((AdmldapInfo)admInfo); >+ return NULL; > } > >- admInfo->serverDirectoryURL = PL_strdup(ldapurl); >- if (!admInfo->serverDirectoryURL) { >+ if((fileStream = fopen(path, "r")) == NULL) { > /* Error open file */ > *errorcode = ADMUTIL_SYSTEM_ERR; >+ PR_smprintf_free(path); > destroyAdmldap((AdmldapInfo)admInfo); > return NULL; > } > >- if (ldap_url_parse(ldapurl, &ldapInfo)) { >+ switch(status = admutil_getline(fileStream, sizeof(buf), 1, buf)) { >+ case -1: >+ /* Error on reading, SET ERRORCODE */ > *errorcode = ADMUTIL_SYSTEM_ERR; >+ PR_smprintf_free(path); >+ destroyAdmldap((AdmldapInfo)admInfo); >+ fclose(fileStream); > return NULL; >+ break; >+ case 1: >+ /* EOF */ >+ default: >+ password = strchr(buf, ':'); >+ *password++ = '\0'; >+ while (*password) { >+ if (*password == ' ') password++; >+ else break; >+ } >+ >+ name = buf; >+ if (*password) { >+ *errorcode = ADMUTIL_OP_OK; >+ admInfo->admpwFilePath = path; /* hand off memory */ >+ path = NULL; >+ admInfo->localAdminName = PL_strdup(name); >+ admInfo->localAdminPassword = PL_strdup(password); >+ } >+ else { >+ *errorcode = ADMUTIL_OP_FAIL; >+ } >+ } >+ fclose(fileStream); >+ >+ PR_smprintf_free(path); >+ >+ return (AdmldapInfo)admInfo; >+} >+ >+PR_IMPLEMENT(AdmldapInfo) >+admldapBuildInfoCbk(char* configRoot, char *(*cbk)(), int *errorcode) >+{ >+ char *siePasswd = NULL; >+ AdmldapHdnlPtr admInfo = NULL; >+ int ldapError = LDAP_SUCCESS; >+ int secureLDAP = 0; >+ >+ *errorcode = ADMUTIL_OP_OK; >+ admInfo = (AdmldapHdnlPtr)admldapBuildInfoOnly(configRoot, errorcode); >+ if (*errorcode != ADMUTIL_OP_OK) { >+ return (AdmldapInfo)admInfo; > } > > /* returned value from ADM_Get... should NOT be freed */ > ADM_GetCurrentPassword(errorcode, &siePasswd); /* via PIPE */ > >- if (ldapInfo->lud_options & LDAP_URL_OPT_SECURE) { >+ if (admldapGetSecurity((AdmldapInfo)admInfo)) { > *errorcode = ADMUTIL_NO_SSL_SUPPORT; > secureLDAP = 1; > } > > if (!secureLDAP) { >- admInfo->ldapHndl = ldap_init(ldapInfo->lud_host, ldapInfo->lud_port); >+ admInfo->ldapHndl = ldap_init(admInfo->ldapInfo->lud_host, admInfo->ldapInfo->lud_port); > } > > /* authenticate to LDAP server*/ >- /* return value from treeFindValueAt should be freed */ >- sieDN = treeFindValueAt(admInfo->configInfo, "sie", 0); > > /* > * Attempt to authenticate to the directory. This code will retry > * attempts as long as there is a new password available to use. > */ > { > int configPassword; /* Indicates password is in config file */ > int retry; /* Indicates that a previous password failed */ >@@ -1217,17 +1317,17 @@ > siePasswd = cbk(retry); > if (siePasswd == NULL) { > ldapError = LDAP_INVALID_CREDENTIALS; > break; > } > } > > if (!secureLDAP) { >- ldapError = ldap_simple_bind_s(admInfo->ldapHndl, sieDN, siePasswd); >+ ldapError = ldap_simple_bind_s(admInfo->ldapHndl, admInfo->sieDN, siePasswd); > if (ldapError == LDAP_SUCCESS) break; > > /* Quit on errors other than password problems */ > if (ldapError != LDAP_INVALID_CREDENTIALS) break; > } > } > } > >@@ -1261,81 +1361,22 @@ > > /* setup the referral */ > if (admInfo->ldapHndl) > { > ldap_set_rebind_proc(admInfo->ldapHndl, admin_ldap_rebind_proc, > (void *)admInfo); > } > >- if (sieDN != NULL) { >- admInfo->sieDN=PL_strdup(sieDN); >- /* return value from treeFindValueAt should be freed */ >- PR_Free(sieDN); >- } > if (siePasswd != NULL) { > /* returned value from ADM_Get... should NOT be freed */ > admInfo->passwd=PL_strdup(siePasswd); > } > >- admInfo->ldapInfo = ldapInfo; >- >- /* Try to get local admin's name and password */ >- >- if (configRoot) { >- PR_snprintf(path, sizeof(path), "%s%cadmpw", configRoot, FILE_PATHSEP); >- } >- else { >- if (!serverRoot) { >- *errorcode = ADMUTIL_ENV_ERR; >- destroyAdmldap((AdmldapInfo)admInfo); >- return NULL; >- } >- PR_snprintf(path, sizeof(path), "%s%cadmin-serv%cconfig%cadmpw", >- serverRoot, FILE_PATHSEP, FILE_PATHSEP, FILE_PATHSEP); >- } >- >- if((fileStream = fopen(path, "r")) == NULL) { >- /* Error open file */ >- *errorcode = ADMUTIL_SYSTEM_ERR; >- destroyAdmldap((AdmldapInfo)admInfo); >- return NULL; >- } >- >- switch(status = admutil_getline(fileStream, MAX_LEN, 1, buf)) { >- case -1: >- /* Error on reading, SET ERRORCODE */ >- *errorcode = ADMUTIL_SYSTEM_ERR; >- destroyAdmldap((AdmldapInfo)admInfo); >- return NULL; >- break; >- case 1: >- /* EOF */ >- default: >- password = strchr(buf, ':'); >- *password++ = '\0'; >- while (*password) { >- if (*password == ' ') password++; >- else break; >- } >- >- name = buf; >- if (*password) { >- *errorcode = ADMUTIL_OP_OK; >- admInfo->admpwFilePath = PL_strdup(path); >- admInfo->localAdminName = PL_strdup(name); >- admInfo->localAdminPassword = PL_strdup(password); >- } >- else { >- *errorcode = ADMUTIL_OP_FAIL; >- } >- fclose(fileStream); >- >- return (AdmldapInfo)admInfo; >- } >+ return (AdmldapInfo)admInfo; > } > > static char * > cachedPwdCbk(int retry) > { > if (retry) return NULL; > > return admGetCachedSIEPWD(); >@@ -1353,20 +1394,16 @@ > AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; > if (admInfo) { > treeRemoveTree(admInfo->configInfo); > admInfo->configInfo = NULL; > if (admInfo->configFilePath) { > PR_Free(admInfo->configFilePath); > admInfo->configFilePath=NULL; > } >- if (admInfo->ldapFilePath) { >- PR_Free(admInfo->ldapFilePath); >- admInfo->ldapFilePath = NULL; >- } > if (admInfo->serverDirectoryURL) { > PR_Free(admInfo->serverDirectoryURL); > admInfo->serverDirectoryURL = NULL; > } > if (admInfo->admpwFilePath) { > PR_Free(admInfo->admpwFilePath); > admInfo->admpwFilePath = NULL; > } >@@ -1378,16 +1415,21 @@ > PR_Free(admInfo->localAdminPassword); > admInfo->localAdminPassword = NULL; > } > if (admInfo->sieDN) > { > PR_Free(admInfo->sieDN); > admInfo->sieDN = NULL; > } >+ if (admInfo->userDN) >+ { >+ PR_Free(admInfo->userDN); >+ admInfo->userDN = NULL; >+ } > if (admInfo->passwd) > { > PR_Free(admInfo->passwd); > admInfo->passwd = NULL; > } > if (admInfo->ldapHndl) { > ldap_unbind(admInfo->ldapHndl); > admInfo->ldapHndl = NULL; >@@ -1440,53 +1482,74 @@ > if (admInfo->ldapInfo->lud_dn) ldapBaseDN = PL_strdup(admInfo->ldapInfo->lud_dn); > else ldapBaseDN = NULL; > > return ldapBaseDN; > > } > > PR_IMPLEMENT(char*) >-admldapGetCertDBFile(AdmldapInfo info) >+admldapGetSecurityDir(AdmldapInfo info) > { > AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; >- char *certdb; >+ char *securitydir; > >- certdb = treeFindValueAt(admInfo->configInfo, "certDBFile", 0); >- if (!certdb) return NULL; >- else return certdb; >+ securitydir = treeFindValueAt(admInfo->configInfo, "securitydir", 0); >+ if (!securitydir) return NULL; >+ else return securitydir; > } > >-PR_IMPLEMENT(char*) >-admldapGetKeyDBFile(AdmldapInfo info) >+PR_IMPLEMENT(int) >+admldapSetSecurityDir(AdmldapInfo info, const char *securityDir) > { > AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; >- char *keydb; >+ int removeFlag = 0; > >- keydb = treeFindValueAt(admInfo->configInfo, "keyDBFile", 0); >- if (!keydb) return NULL; >- else return keydb; >+ if (securityDir) { >+ /* remove old one */ >+ treeRemoveNode(admInfo->configInfo, "securitydir", &removeFlag); >+ treeAddNameValue(admInfo->configInfo, "securitydir", (char *)securityDir); >+ } >+ >+ return ADMUTIL_OP_OK; > } > > PR_IMPLEMENT(char*) > admldapGetSIEDN(AdmldapInfo info) > { > AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; > char *ldapSIEDN = NULL; > > ldapSIEDN = treeFindValueAt(admInfo->configInfo, "sie", 0); > if (!ldapSIEDN) return NULL; > else return ldapSIEDN; > } > >+PR_IMPLEMENT(int) >+admldapSetSIEDN(AdmldapInfo info, const char *sieDN) >+{ >+ AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; >+ int removeFlag = 0; >+ >+ if (sieDN) { >+ /* remove old one */ >+ PL_strfree(admInfo->sieDN); >+ treeRemoveNode(admInfo->configInfo, "sie", &removeFlag); >+ /* add new one */ >+ admInfo->sieDN = PL_strdup(sieDN); >+ treeAddNameValue(admInfo->configInfo, "sie", (char *)sieDN); >+ } >+ >+ return ADMUTIL_OP_OK; >+} >+ > PR_IMPLEMENT(char*) > admldapGetSIEPWD(AdmldapInfo info) > { > AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; >- char *password = NULL; > if(admInfo->passwd) > return PL_strdup(admInfo->passwd); > else { > admInfo->passwd = admGetCachedSIEPWD(); > if(admInfo->passwd) > return PL_strdup(admInfo->passwd); > } > return NULL; >@@ -1499,16 +1562,74 @@ > char *ldapISIEDN = NULL; > > ldapISIEDN = treeFindValueAt(admInfo->configInfo, "isie", 0); > if (!ldapISIEDN) return NULL; > else return ldapISIEDN; > > } > >+PR_IMPLEMENT(int) >+admldapSetISIEDN(AdmldapInfo info, const char *isieDN) >+{ >+ AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; >+ int removeFlag = 0; >+ >+ if (isieDN) { >+ /* remove old one */ >+ treeRemoveNode(admInfo->configInfo, "isie", &removeFlag); >+ treeAddNameValue(admInfo->configInfo, "isie", (char *)isieDN); >+ } >+ >+ return ADMUTIL_OP_OK; >+} >+ >+PR_IMPLEMENT(char *) >+admldapGetDirectoryURL(AdmldapInfo info) >+{ >+ AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; >+ >+ return PL_strdup(admInfo->serverDirectoryURL); >+} >+ >+PR_IMPLEMENT(int) >+admldapSetDirectoryURL(AdmldapInfo info, const char *ldapurl) >+{ >+ AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; >+ LDAPURLDesc *ldapInfo; >+ int errorcode = ADMUTIL_OP_OK; >+ int removeFlag = 0; >+ >+ if (!ldapurl || ldap_url_parse(ldapurl, &ldapInfo)) { >+ /* if the given url is not valid, don't do anything, just return an error */ >+ errorcode = ADMUTIL_SYSTEM_ERR; >+ goto done; >+ } >+ >+ /* The url is stored in 3 places in 3 different formats: >+ 1 - the serverDirectoryURL string >+ 2 - parsed in the ldapInfo structure >+ 3 - the "ldapurl" key in the configinfo >+ */ >+ /* first, free the old values */ >+ if (admInfo->ldapInfo) { >+ ldap_free_urldesc(admInfo->ldapInfo); >+ } >+ PL_strfree(admInfo->serverDirectoryURL); >+ treeRemoveNode(admInfo->configInfo, "ldapurl", &removeFlag); >+ >+ /* set the new values */ >+ admInfo->serverDirectoryURL = PL_strdup(ldapurl); >+ admInfo->ldapInfo = ldapInfo; >+ treeAddNameValue(admInfo->configInfo, "ldapurl", (char *)ldapurl); >+ >+done: >+ return errorcode; >+} >+ > PR_IMPLEMENT(void) > admldapSetLDAPHndl(AdmldapInfo info, LDAP *ld) > { > AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; > > if (admInfo->ldapHndl) ldap_unbind(admInfo->ldapHndl); > admInfo->ldapHndl = ld; > } >@@ -1516,22 +1637,110 @@ > LDAP * > admldapGetLDAPHndl(AdmldapInfo info) > { > AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; > > return admInfo->ldapHndl; > } > >-PR_IMPLEMENT(char *) >-admldapGetDirectoryURL(AdmldapInfo info) >+PR_IMPLEMENT(char*) >+admldapGetSysUser(AdmldapInfo info) > { > AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; >+ char *sysuser = NULL; > >- return PL_strdup(admInfo->serverDirectoryURL); >+ sysuser = treeFindValueAt(admInfo->configInfo, "sysuser", 0); >+ if (!sysuser) return NULL; >+ else return sysuser; >+ >+} >+ >+PR_IMPLEMENT(char*) >+admldapGetSysGroup(AdmldapInfo info) >+{ >+ AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; >+ char *sysgroup = NULL; >+ >+ sysgroup = treeFindValueAt(admInfo->configInfo, "sysgroup", 0); >+ if (!sysgroup) return NULL; >+ else return sysgroup; >+ >+} >+ >+PR_IMPLEMENT(char*) >+admldapGetAdminDomain(AdmldapInfo info) >+{ >+ AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; >+ char *admindomain = NULL; >+ >+ admindomain = treeFindValueAt(admInfo->configInfo, "AdminDomain", 0); >+ if (!admindomain) return NULL; >+ else return admindomain; >+ >+} >+ >+PR_IMPLEMENT(char*) >+admldapGetExpressRefreshRate(AdmldapInfo info) >+{ >+ AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; >+ char *expressrefreshrate = NULL; >+ >+ expressrefreshrate = treeFindValueAt(admInfo->configInfo, "ExpressRefreshRate", 0); >+ if (!expressrefreshrate) return NULL; >+ else return expressrefreshrate; >+ >+} >+ >+PR_IMPLEMENT(char*) >+admldapGetExpressCGITimeout(AdmldapInfo info) >+{ >+ AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; >+ char *expresscgitimeout = NULL; >+ >+ expresscgitimeout = treeFindValueAt(admInfo->configInfo, "ExpressCGITimeout", 0); >+ if (!expresscgitimeout) return NULL; >+ else return expresscgitimeout; >+ >+} >+ >+PR_IMPLEMENT(char*) >+admldapGetLdapStart(AdmldapInfo info) >+{ >+ AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; >+ char *ldapstart = NULL; >+ >+ ldapstart = treeFindValueAt(admInfo->configInfo, "ldapStart", 0); >+ if (!ldapstart) return NULL; >+ else return ldapstart; >+ >+} >+ >+PR_IMPLEMENT(char*) >+admldapGetConfigFileName(AdmldapInfo info) >+{ >+ AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; >+ >+ return PL_strdup(admInfo->configFilePath); >+} >+ >+PR_IMPLEMENT(char*) >+admldapGetAdmpwFilePath(AdmldapInfo info) >+{ >+ AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; >+ >+ return PL_strdup(admInfo->admpwFilePath); >+} >+ >+PR_IMPLEMENT(char*) >+admldapGetLocalAdminName(AdmldapInfo info) >+{ >+ AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; >+ >+ return PL_strdup(admInfo->localAdminName); > } > > PR_IMPLEMENT(char *) > admldapGetUserDN(AdmldapInfo info, char *uid) > { > AdmldapHdnlPtr admInfo = (AdmldapHdnlPtr)info; > LDAP *ld = NULL; > char *userDN = NULL; >@@ -1565,72 +1774,71 @@ > } else { > LDAPMessage *entry = ldap_first_entry(ld, result); > userDN = ldap_get_dn(ld, entry); > ldap_msgfree(result); > } > done: > PR_smprintf_free(uidFilter); > if (baseDN) PR_Free(baseDN); >- if (userDN) { >+ if (userDN && (userDN != admInfo->userDN)) { >+ PL_strfree(admInfo->userDN); /* free old one, if any */ > admInfo->userDN = userDN; > } else { > userDN = treeFindValueAt(admInfo->configInfo, "userdn", 0); > if (userDN) { >- admInfo->userDN = PL_strdup(userDN); >+ admInfo->userDN = userDN; > } else { > admInfo->userDN = NULL; > } > } >- return admInfo->userDN; >+ return admInfo->userDN ? PL_strdup(admInfo->userDN) : NULL; > } > > PR_IMPLEMENT(char*) > admGetLocalAdmin(char* configRoot, int *errorcode) > { > FILE *fileStream; >- char *serverRoot = getenv("NETSITE_ROOT"); >- TreeNodePtr admInfo = NULL; >- char path[PATH_MAX], buf[MAX_LEN], *name; >+ char *path = NULL, buf[MAX_LEN], *name = NULL; > int status; > > *errorcode = ADMUTIL_OP_OK; > >- if (configRoot) { >- PR_snprintf(path, sizeof(path), "%s%cadmpw", configRoot, FILE_PATHSEP); >- } >- else { >- if (!serverRoot) { >+ /* Try to get local admin's name and password */ >+ path = find_file_in_paths("admpw", configRoot); >+ if (!path) { > *errorcode = ADMUTIL_ENV_ERR; > return NULL; >- } >- PR_snprintf(path, sizeof(path), "%s%cadmin-serv%cconfig%cadmpw", >- serverRoot, FILE_PATHSEP, FILE_PATHSEP, FILE_PATHSEP); > } > > if((fileStream = fopen(path, "r")) == NULL) { > /* Error open file */ > *errorcode = ADMUTIL_SYSTEM_ERR; >+ PR_smprintf_free(path); > return NULL; > } >+ PR_smprintf_free(path); >+ path = NULL; > >- switch(status = admutil_getline(fileStream, MAX_LEN, 1, buf)) { >+ switch(status = admutil_getline(fileStream, sizeof(buf), 1, buf)) { > case -1: > /* Error on reading, SET ERRORCODE */ > *errorcode = ADMUTIL_SYSTEM_ERR; >+ fclose(fileStream); > return NULL; > break; > case 1: > /* EOF */ > /* > *errorcode = ADMUTIL_OP_FAIL; > return NULL; > break; > */ > default: >+ fclose(fileStream); > name = strtok(buf, ":"); > if (!name) { > *errorcode = ADMUTIL_OP_FAIL; > return NULL; > } > else { > *errorcode = ADMUTIL_OP_OK; > return PL_strdup(name); >Index: adminutil/lib/libadminutil/admutil_pvt.h >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadminutil/admutil_pvt.h,v >retrieving revision 1.2 >diff -u -8 -r1.2 admutil_pvt.h >--- adminutil/lib/libadminutil/admutil_pvt.h 11 May 2006 23:30:31 -0000 1.2 >+++ adminutil/lib/libadminutil/admutil_pvt.h 29 Mar 2007 02:53:09 -0000 >@@ -153,17 +153,16 @@ > > > /* > * AdmldapInfo Data > */ > typedef struct _AdmldapHdnl { > char *configFilePath; > TreeNodePtr configInfo; >- char *ldapFilePath; > char *serverDirectoryURL; > LDAPURLDesc *ldapInfo; > LDAP *ldapHndl; > char *admpwFilePath; > char *localAdminName; > char *localAdminPassword; > char *sieDN; > char *userDN; >Index: adminutil/lib/libadminutil/dbtadmutil.h >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadminutil/dbtadmutil.h,v >retrieving revision 1.1.1.1 >diff -u -8 -r1.1.1.1 dbtadmutil.h >--- adminutil/lib/libadminutil/dbtadmutil.h 20 Jul 2005 22:51:32 -0000 1.1.1.1 >+++ adminutil/lib/libadminutil/dbtadmutil.h 29 Mar 2007 02:53:09 -0000 >@@ -15,17 +15,17 @@ > * > * You should have received a copy of the GNU Lesser General Public > * License along with this library; if not, write to the Free Software > * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA > * END COPYRIGHT BLOCK **/ > #include "libadminutil/resource.h" > #define resource_key(a,b) a b > >-#define RESOURCE_FILE "libadminutil" >+#define RESOURCE_FILE PACKAGE_NAME > > > /*extracted from errRpt.c*/ > #define DBT_errRpt_FILE_ERROR resource_key(RESOURCE_FILE, "1") > #define DBT_errRpt_MEMORY_ERROR resource_key(RESOURCE_FILE, "2") > #define DBT_errRpt_SYSTEM_ERROR resource_key(RESOURCE_FILE, "3") > #define DBT_errRpt_INCORRECT_USAGE resource_key(RESOURCE_FILE, "4") > #define DBT_errRpt_ELEM_MISSING resource_key(RESOURCE_FILE, "5") >@@ -57,16 +57,17 @@ > #define DBT_pset_NO_DATA resource_key(RESOURCE_FILE, "39") > #define DBT_pset_NO_VALUE resource_key(RESOURCE_FILE, "40") > #define DBT_pset_NO_PARENT resource_key(RESOURCE_FILE, "41") > #define DBT_pset_PARTIAL_GET resource_key(RESOURCE_FILE, "42") > #define DBT_pset_PARTIAL_OP resource_key(RESOURCE_FILE, "43") > #define DBT_pset_ILLEGAL_OP resource_key(RESOURCE_FILE, "44") > #define DBT_pset_NOT_IMPLEMENT resource_key(RESOURCE_FILE, "45") > #define DBT_pset_UNKNOWN_ERROR_NO resource_key(RESOURCE_FILE, "46") >+#define DBT_pset_ATTR_NOT_ALLOWED resource_key(RESOURCE_FILE, "47") > > /*extracted from form_post.c */ > #define DBT_formPost_Browser_err resource_key(RESOURCE_FILE, "61") > #define DBT_formPost_Browser_errDetail resource_key(RESOURCE_FILE, "62") > #define DBT_formPost_PostStdinErr resource_key(RESOURCE_FILE, "63") > #define DBT_formPost_BadWildcard resource_key(RESOURCE_FILE, "64") > #define DBT_formPost_BadWildcardDetail1 resource_key(RESOURCE_FILE, "65") > #define DBT_formPost_BadWildcardDetail2 resource_key(RESOURCE_FILE, "66") >Index: adminutil/lib/libadminutil/distadm.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadminutil/distadm.c,v >retrieving revision 1.2 >diff -u -8 -r1.2 distadm.c >--- adminutil/lib/libadminutil/distadm.c 29 Sep 2005 22:10:15 -0000 1.2 >+++ adminutil/lib/libadminutil/distadm.c 29 Mar 2007 02:53:10 -0000 >@@ -21,16 +21,19 @@ > * distadm.c: Functions for distributed admin > * > * All blame to Mike McCool > */ > #include <stdlib.h> > #ifdef XP_WIN32 > #include <windows.h> > #endif >+#if HAVE_UNISTD_H == 1 >+#include <unistd.h> >+#endif > > /* Form new nspr20 */ > #include <nspr.h> > #include <plstr.h> > #include <private/pprio.h> > > #include "libadminutil/distadm.h" > #include "libadminutil/resource.h" >@@ -64,66 +67,36 @@ > } > #endif > > > /* Initialize NSPR for all the base functions we use */ > PR_IMPLEMENT(int) > ADMUTIL_Init(void) > { >- char *server_root = getenv("NETSITE_ROOT"); > char *lang = getenv("HTTP_ACCEPT_LANGUAGE"); >- char nls_dir[256]; >- char prop_dir[256]; > int errcode; > > if(!admutil_initialized) { > PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 8); > admutil_initialized=1; > } > > if (!admutil_i18nResource) { >- if (server_root) { >- PR_snprintf(nls_dir, sizeof(nls_dir), "%s/lib/nls", server_root); >- PR_snprintf(prop_dir, sizeof(prop_dir), "%s/lib/property", server_root); >- >- admutil_i18nResource = res_init_resource(prop_dir, "libadminutil"); >- } >+ admutil_i18nResource = res_find_and_init_resource(PROPERTYDIR, NULL); > if (lang) admutil_acceptLang = PL_strdup(lang); > } > > /* TODO: what to do about errors. Should this always be done? > */ > ADM_InitializePermissions(&errcode); > > return 0; > } > >-PR_IMPLEMENT(int) >-ADMUTIL_InitSimple(char* server_root, char* lang) >-{ >- char nls_dir[256]; >- char prop_dir[256]; >- >- if (!server_root) return -1; >- >- >- if (!admutil_i18nResource) { >- if (server_root) { >- >- PR_snprintf(nls_dir, sizeof(nls_dir), "%s/lib/nls", server_root); >- PR_snprintf(prop_dir, sizeof(prop_dir), "%s/lib/property", server_root); >- >- admutil_i18nResource = res_init_resource(prop_dir, "libadminutil"); >- } >- if (lang) admutil_acceptLang = PL_strdup(lang); >- } >- return 0; >-} >- > #ifndef MALLOC > #define MALLOC PR_Malloc > #endif > > > /* for old nspr20 > #ifndef MALLOC > #define MALLOC PR_MALLOC >@@ -151,73 +124,77 @@ > > PR_IMPLEMENT(int) > ADM_InitializePermissions(int *errcode) > { > /* > int _ai=ADM_Init(); > */ > char *t = getenv("PASSWORD_PIPE"); >- PRInt32 osfd; >- PRFileDesc *fd; >+ PRInt32 osfd = 0; >+ PRFileDesc *fd = NULL; > char *buf; > PRInt32 bufsize; > PRInt32 numread = 0; > PRInt32 totalread = 0; > char *head, *tail; >+ int retval = 0; >+ int rpterrcode = 0; /* for rpt_err */ >+ char *errmsg = NULL, *errdetail = NULL; >+ int needfree = 0; > > > /* No error in this case, because it's expected to happen sometimes */ > if(!t) { > user = NULL; > pass = NULL; > auth = NULL; >- return 0; >+ return retval; > } > > osfd = atol(t); >- fd = PR_ImportFile(osfd); >+ if (osfd == STDIN_FILENO) { >+ fd = PR_STDIN; >+ } else { >+ fd = PR_ImportFile(osfd); >+ } > >- buf = (char *) MALLOC(BIG_LINE); >+ buf = (char *) PR_Malloc(BIG_LINE); > bufsize = BIG_LINE; > > while(1) { > #ifdef XP_WIN32 > numread = NTPriv_system_pread(fd, buf, bufsize); > #else > numread = PR_Read(fd, buf, bufsize); > #endif > totalread += numread; > if(numread < 0) { >- PR_Close(fd); > /* MLM XXX - ERROR CODE */ >+ rpterrcode = SYSTEM_ERROR; >+ retval = -1; > if (admutil_i18nResource) { >- rpt_err(SYSTEM_ERROR, >- (char*)res_getstring(admutil_i18nResource, >+ errmsg = (char*)res_getstring(admutil_i18nResource, > DBT_distadm_pipeErr, >- admutil_acceptLang), >- (char*)res_getstring(admutil_i18nResource, >+ admutil_acceptLang, NULL, 0, NULL); >+ errdetail = (char*)res_getstring(admutil_i18nResource, > DBT_distadm_pipeErrDetail, >- admutil_acceptLang), >- NULL); >+ admutil_acceptLang, NULL, 0, NULL); >+ needfree = 1; > } > else { >- rpt_err(SYSTEM_ERROR, >- "Could not read from pipe", >- "Could not read authentication information from pipe.", >- NULL); >+ errmsg = "Could not read from pipe"; >+ errdetail = "Could not read authentication information from pipe."; > } >- return -1; >+ goto cleanup; > } else > if(numread == 0) { >- PR_Close(fd); > break; > } > if(buf[numread - 1] == '\0') { >- PR_Close(fd); > break; > } > } > buf[totalread] = '\0'; > > /* Parse the buffer */ > head = buf; > tail = PL_strchr(head, '\n'); >@@ -266,17 +243,28 @@ > if (!PL_strncmp(head, ADM_SIEPWD_STRING, PL_strlen(ADM_SIEPWD_STRING))) { > char *siepwd = &head[PL_strlen(ADM_SIEPWD_STRING)]; > > if (PL_strcmp(siepwd, ADM_NO_VALUE_STRING) != 0) { > admSetCachedSIEPWD(siepwd); > } > } > } >- return 0; >+cleanup: >+ if (fd != PR_STDIN) { >+ PR_Close(fd); >+ } >+ if (errmsg) { >+ rpt_err(rpterrcode, errmsg, errdetail, NULL); >+ if (needfree) { >+ PL_strfree(errmsg); >+ PL_strfree(errdetail); >+ } >+ } >+ return retval; > } > > PR_IMPLEMENT(int) > ADM_GetCurrentUsername(int *errcode, char **username) > { > int err; > > if((user) && (!PL_strcmp(user, ADM_NOT_INITIALIZED))) { >Index: adminutil/lib/libadminutil/errRpt.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadminutil/errRpt.c,v >retrieving revision 1.2 >diff -u -8 -r1.2 errRpt.c >--- adminutil/lib/libadminutil/errRpt.c 22 Mar 2006 23:47:14 -0000 1.2 >+++ adminutil/lib/libadminutil/errRpt.c 29 Mar 2007 02:53:10 -0000 >@@ -142,68 +142,75 @@ > } > } > return retval; > } > #endif /* XP_WIN32 */ > > void _rpt_err(int type, const char *info, const char *details, const char* extra, int shouldexit) > { >- const char *errorString; >+ const char *errorString = NULL; > char* acceptLang = admutil_acceptLang; >+ int needfree = 0; > > if (admutil_i18nResource) { >+ needfree = 1; > switch (type) { > case FILE_ERROR: >- errorString = res_getstring(admutil_i18nResource, DBT_errRpt_FILE_ERROR, acceptLang); >+ errorString = res_getstring(admutil_i18nResource, DBT_errRpt_FILE_ERROR, acceptLang, NULL, 0, NULL); > break; > case MEMORY_ERROR: >- errorString = res_getstring(admutil_i18nResource, DBT_errRpt_MEMORY_ERROR, acceptLang); >+ errorString = res_getstring(admutil_i18nResource, DBT_errRpt_MEMORY_ERROR, acceptLang, NULL, 0, NULL); > break; > case SYSTEM_ERROR: >- errorString = res_getstring(admutil_i18nResource, DBT_errRpt_SYSTEM_ERROR, acceptLang); >+ errorString = res_getstring(admutil_i18nResource, DBT_errRpt_SYSTEM_ERROR, acceptLang, NULL, 0, NULL); > break; > case INCORRECT_USAGE: >- errorString = res_getstring(admutil_i18nResource, DBT_errRpt_INCORRECT_USAGE, acceptLang); >+ errorString = res_getstring(admutil_i18nResource, DBT_errRpt_INCORRECT_USAGE, acceptLang, NULL, 0, NULL); > break; > case ELEM_MISSING: >- errorString = res_getstring(admutil_i18nResource, DBT_errRpt_ELEM_MISSING, acceptLang); >+ errorString = res_getstring(admutil_i18nResource, DBT_errRpt_ELEM_MISSING, acceptLang, NULL, 0, NULL); > break; > case REGISTRY_DATABASE_ERROR: >- errorString = res_getstring(admutil_i18nResource, DBT_errRpt_REGISTRY_DATABASE_ERROR, acceptLang); >+ errorString = res_getstring(admutil_i18nResource, DBT_errRpt_REGISTRY_DATABASE_ERROR, acceptLang, NULL, 0, NULL); > break; > case NETWORK_ERROR: >- errorString = res_getstring(admutil_i18nResource, DBT_errRpt_NETWORK_ERROR, acceptLang); >+ errorString = res_getstring(admutil_i18nResource, DBT_errRpt_NETWORK_ERROR, acceptLang, NULL, 0, NULL); > break; > case GENERAL_FAILURE: >- errorString = res_getstring(admutil_i18nResource, DBT_errRpt_GENERAL_FAILURE, acceptLang); >+ errorString = res_getstring(admutil_i18nResource, DBT_errRpt_GENERAL_FAILURE, acceptLang, NULL, 0, NULL); > break; > case WARNING: >- errorString = res_getstring(admutil_i18nResource, DBT_errRpt_WARNING, acceptLang); >+ errorString = res_getstring(admutil_i18nResource, DBT_errRpt_WARNING, acceptLang, NULL, 0, NULL); > break; > case APP_ERROR: >- errorString = res_getstring(admutil_i18nResource, DBT_errRpt_APP_ERROR, acceptLang); >+ errorString = res_getstring(admutil_i18nResource, DBT_errRpt_APP_ERROR, acceptLang, NULL, 0, NULL); > break; > default: >- errorString = ""; >+ errorString = NULL; >+ needfree = 0; > } > } > else errorString = err_headers[type]; > > /* Be sure headers are terminated. */ > fprintf(stdout, "Content-type: text/html\n\n"); > if (shouldexit) fprintf(stdout, "NMC_Status: 1\n"); > else fprintf(stdout, "NMC_Status: 2\n"); > if (type >= 0 && type < NMC_MAX_ERROR) > fprintf(stdout, "NMC_ErrType: %s\n", errorString); > else fprintf(stdout, "NMC_ErrType: Unknown Error Type (%d)\n", type); > if (info) fprintf(stdout, "NMC_ErrInfo: %s\n", info); > if (details) fprintf(stdout, "NMC_ErrDetail: %s\n", details); > if (extra) fprintf(stdout, "%s\n", extra); > >+ if (needfree) { >+ PL_strfree((char *)errorString); >+ } >+ > if(shouldexit) { > #ifdef XP_WIN32 > WSACleanup(); > #endif > exit(0); > } > } > >Index: adminutil/lib/libadminutil/form_post.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadminutil/form_post.c,v >retrieving revision 1.3 >diff -u -8 -r1.3 form_post.c >--- adminutil/lib/libadminutil/form_post.c 11 May 2006 14:23:21 -0000 1.3 >+++ adminutil/lib/libadminutil/form_post.c 29 Mar 2007 02:53:10 -0000 >@@ -86,26 +86,28 @@ > str[y] = '\0'; > } > > PR_IMPLEMENT(void) > post_begin(FILE *in) > { > char *vars = NULL, *tmp = NULL; > int cl; >+ char buf1[BUFSIZ]; >+ char buf2[BUFSIZ]; > > if(!(tmp = getenv("CONTENT_LENGTH"))) { > if (admutil_i18nResource) { > rpt_err(INCORRECT_USAGE, > (char*)res_getstring(admutil_i18nResource, > DBT_formPost_Browser_err, >- admutil_acceptLang), >+ admutil_acceptLang, buf1, sizeof(buf1), NULL), > (char*)res_getstring(admutil_i18nResource, > DBT_formPost_Browser_errDetail, >- admutil_acceptLang), >+ admutil_acceptLang, buf2, sizeof(buf2), NULL), > NULL); > } > else { > rpt_err(INCORRECT_USAGE, > "Browser Error", > "Your browser sent no content length with a POST command. Please be sure to use a fully compliant browser.", > NULL); > } >@@ -114,34 +116,34 @@ > cl = atoi(tmp); > > if (!(vars = (char *)PR_Malloc(cl+1))) { > if (admutil_i18nResource) { > rpt_err(MEMORY_ERROR, > NULL, > (char*)res_getstring(admutil_i18nResource, > DBT_formPost_PostStdinErr, >- admutil_acceptLang), >+ admutil_acceptLang, buf1, sizeof(buf1), NULL), > NULL); > } > else { > rpt_err(MEMORY_ERROR, > NULL, > "Could not allocate enough memory to read in the POST parameters.", > NULL); > } > } > > if( !(fread(vars, 1, cl, in)) ) { > if (admutil_i18nResource) { > rpt_err(SYSTEM_ERROR, > NULL, > (char*)res_getstring(admutil_i18nResource, > DBT_formPost_PostStdinErr, >- admutil_acceptLang), >+ admutil_acceptLang, buf1, sizeof(buf1), NULL), > NULL); > } > else { > rpt_err(SYSTEM_ERROR, > NULL, > "The POST variables could not be read from stdin.", > NULL); > } >@@ -160,24 +162,25 @@ > > PR_IMPLEMENT(char **) > string_to_vec(char *in) > { > char **ans = NULL; > int vars = 0; > register int x = 0; > char *tmp; >+ char buf[BUFSIZ]; > > if (!(in = PL_strdup(in))) { > if (admutil_i18nResource) { > rpt_err(MEMORY_ERROR, > NULL, > (char*)res_getstring(admutil_i18nResource, > DBT_formPost_PostStdinErr, >- admutil_acceptLang), >+ admutil_acceptLang, buf, sizeof(buf), NULL), > NULL); > } > else { > rpt_err(MEMORY_ERROR, > NULL, > "Could not allocate enough memory to read in the POST parameters.", > NULL); > } >@@ -198,17 +201,17 @@ > } > > if (!(ans[x]=PL_strdup(tmp))) { > if (admutil_i18nResource) { > rpt_err(MEMORY_ERROR, > NULL, > (char*)res_getstring(admutil_i18nResource, > DBT_formPost_PostStdinErr, >- admutil_acceptLang), >+ admutil_acceptLang, buf, sizeof(buf), NULL), > NULL); > } > else { > rpt_err(MEMORY_ERROR, > NULL, > "Could not allocate enough memory to read in the POST parameters.", > NULL); > } >@@ -223,17 +226,17 @@ > return ans; > } > if (!(ans[x] = PL_strdup(tmp))) { > if (admutil_i18nResource) { > rpt_err(MEMORY_ERROR, > NULL, > (char*)res_getstring(admutil_i18nResource, > DBT_formPost_PostStdinErr, >- admutil_acceptLang), >+ admutil_acceptLang, buf, sizeof(buf), NULL), > NULL); > } > else { > rpt_err(MEMORY_ERROR, > NULL, > "Could not allocate enough memory to read in the POST parameters.", > NULL); > } >@@ -248,27 +251,28 @@ > } > > PR_IMPLEMENT(char *) > get_cgi_var(char *varname, char *elem_id, char *bongmsg) > { > register int x = 0; > int len = PL_strlen(varname); > char *ans = NULL; >+ char buf[BUFSIZ]; > > while(input[x]) { > /* We want to get rid of the =, so len, len+1 */ > if((!strncmp(input[x], varname, len)) && (*(input[x]+len) == '=')) { > if (!(ans = PL_strdup(input[x] + len + 1))) { > if (admutil_i18nResource) { > rpt_err(MEMORY_ERROR, > NULL, > (char*)res_getstring(admutil_i18nResource, > DBT_formPost_PostStdinErr, >- admutil_acceptLang), >+ admutil_acceptLang, buf, sizeof(buf), NULL), > NULL); > } > else { > rpt_err(MEMORY_ERROR, > NULL, > "Could not allocate enough memory to get the parameter.", > NULL); > } >@@ -316,31 +320,32 @@ > } > > PR_IMPLEMENT(char **) > get_cgi_multiple(char *varname, char *elem_id, char *bongmsg) > { > register int n, x; > int len = PL_strlen(varname); > char **ans = NULL; >+ char buf[BUFSIZ]; > > for(n=0; input[n]; n++); > ans = new_strlist(n + 1); > > for(x=n=0; input[x]; x++) { > if ((!strncmp(input[x], varname, len)) && > (*(input[x]+len) == '=') && > (*(input[x]+len+1))) { > if (!(ans[n] = PL_strdup(input[x] + len + 1))) { > if (admutil_i18nResource) { > rpt_err(MEMORY_ERROR, > NULL, > (char*)res_getstring(admutil_i18nResource, > DBT_formPost_PostStdinErr, >- admutil_acceptLang), >+ admutil_acceptLang, buf, sizeof(buf), NULL), > NULL); > } > else { > rpt_err(MEMORY_ERROR, > NULL, > "Could not allocate enough memory to get the parameter.", > NULL); > } >Index: adminutil/lib/libadminutil/libadminutil.properties >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadminutil/libadminutil.properties,v >retrieving revision 1.1.1.1 >diff -u -8 -r1.1.1.1 libadminutil.properties >--- adminutil/lib/libadminutil/libadminutil.properties 20 Jul 2005 22:51:32 -0000 1.1.1.1 >+++ adminutil/lib/libadminutil/libadminutil.properties 29 Mar 2007 02:53:10 -0000 >@@ -15,65 +15,71 @@ > * > * You should have received a copy of the GNU Lesser General Public > * License along with this library; if not, write to the Free Software > * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA > * END COPYRIGHT BLOCK **/ > > // ICU resource file > >+// the format is <name><number> where <name> is the PACKAGE_NAME >+// as defined in configure.ac - this must correspond to the >+// #define RESOURCE_FILE PACKAGE_NAME >+// in dbtadminutil.h >+ > root { > > //*extracted from errRpt.c*/ >-libadminutil1 {"File System Error"} >-libadminutil2 {"Memory Error"} >-libadminutil3 {"System Error"} >-libadminutil4 {"Incorrect Usage"} >-libadminutil5 {"Form Element Missing"} >-libadminutil6 {"Registry Database Error"} >-libadminutil7 {"Network Error"} >-libadminutil8 {"Unexpected Failure"} >-libadminutil9 {"Warning"} >-libadminutil10 {"Application Error"} >+adminutil1 {"File System Error"} >+adminutil2 {"Memory Error"} >+adminutil3 {"System Error"} >+adminutil4 {"Incorrect Usage"} >+adminutil5 {"Form Element Missing"} >+adminutil6 {"Registry Database Error"} >+adminutil7 {"Network Error"} >+adminutil8 {"Unexpected Failure"} >+adminutil9 {"Warning"} >+adminutil10 {"Application Error"} > > //*extracted from pset.c */ >-libadminutil21 {"Operation OK"} >-libadminutil22 {"Operation failed"} >-libadminutil23 {"System (OS/LDAP) related error"} >-libadminutil24 {"Environment variable error"} >-libadminutil25 {"Arguments error"} >-libadminutil26 {"Null handle"} >-libadminutil27 {"Operated in local cache mode"} >-libadminutil28 {"Failed to open local cache"} >-libadminutil29 {"Authentication failed"} >-libadminutil30 {"Access failed - improper permission"} >-libadminutil31 {"Entry does not exist"} >-libadminutil32 {"Attribute does not exist"} >-libadminutil33 {"Entry exist"} >-libadminutil34 {"Attribute exist"} >-libadminutil35 {"Not an entry"} >-libadminutil36 {"Not an attribute"} >-libadminutil37 {"NULL LDAP Handler"} >-libadminutil38 {"No Distinguished Name"} >-libadminutil39 {"No data"} >-libadminutil40 {"No value"} >-libadminutil41 {"No parent node"} >-libadminutil42 {"Only get partial data"} >-libadminutil43 {"Operation only success partially, some failed"} >-libadminutil44 {"Illegal operation"} >-libadminutil45 {"Not implemented yet"} >-libadminutil46 {"Unknown Error Number"} >+adminutil21 {"Operation OK"} >+adminutil22 {"Operation failed"} >+adminutil23 {"System (OS/LDAP) related error"} >+adminutil24 {"Environment variable error"} >+adminutil25 {"Arguments error"} >+adminutil26 {"Null handle"} >+adminutil27 {"Operated in local cache mode"} >+adminutil28 {"Failed to open local cache"} >+adminutil29 {"Authentication failed"} >+adminutil30 {"Access failed - improper permission"} >+adminutil31 {"Entry does not exist"} >+adminutil32 {"Attribute does not exist"} >+adminutil33 {"Entry exist"} >+adminutil34 {"Attribute exist"} >+adminutil35 {"Not an entry"} >+adminutil36 {"Not an attribute"} >+adminutil37 {"NULL LDAP Handler"} >+adminutil38 {"No Distinguished Name"} >+adminutil39 {"No data"} >+adminutil40 {"No value"} >+adminutil41 {"No parent node"} >+adminutil42 {"Only get partial data"} >+adminutil43 {"Operation only success partially, some failed"} >+adminutil44 {"Illegal operation"} >+adminutil45 {"Not implemented yet"} >+adminutil46 {"Unknown Error Number"} >+adminutil47 {"Attribute disallowed by entry objectclasses"} > > //*extracted from form_post.c */ >-libadminutil61 {"Browser Error"} >-libadminutil62 {"Your browser sent no content length with a POST command. Please be sure to use a fully compliant browser."} >-libadminutil63 {"The POST variables could not be read from stdin."} >-libadminutil64 {"Bad wildcard pattern"} >-libadminutil65 {"Illegal pattern <%s>"} >-libadminutil66 {"You should use commas to separate hosts, not spaces."} >-libadminutil67 {"Bad regular expression"} >-libadminutil68 {"The pattern <%s> is not a valid regular expression.\n"} >+adminutil61 {"Browser Error"} >+adminutil62 {"Your browser sent no content length with a POST command. Please be sure to use a fully compliant browser."} >+adminutil63 {"The POST variables could not be read from stdin."} >+adminutil64 {"Bad wildcard pattern"} >+adminutil65 {"Illegal pattern <%s>"} >+adminutil66 {"You should use commas to separate hosts, not spaces."} >+adminutil67 {"Bad regular expression"} >+adminutil68 {"The pattern <%s> is not a valid regular expression.\n"} > > //*extracted from distadm.c */ >-libadminutil81 {"Could not read from pipe"} >-libadminutil82 {"Could not read authentication information from pipe."} >+adminutil81 {"Could not read from pipe"} >+adminutil82 {"Could not read authentication information from pipe."} > > } >Index: adminutil/lib/libadminutil/psetc.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadminutil/psetc.c,v >retrieving revision 1.3 >diff -u -8 -r1.3 psetc.c >--- adminutil/lib/libadminutil/psetc.c 11 May 2006 23:30:31 -0000 1.3 >+++ adminutil/lib/libadminutil/psetc.c 29 Mar 2007 02:53:12 -0000 >@@ -25,16 +25,17 @@ > #endif > #include <fcntl.h> > #include <string.h> > #include <stdlib.h> > #include <ctype.h> > #include <prio.h> > #include "psetc_pvt.h" > #include "libadminutil/admutil.h" >+#include "libadminutil/distadm.h" > #include "dbtadmutil.h" > #include <ldap_ssl.h> > > #ifdef XP_WIN32 > #define strcasecmp stricmp > #define strncasecmp _strnicmp > #endif > >@@ -45,16 +46,56 @@ > > #ifndef FILE_PATHSEP > #define FILE_PATHSEP '/' > #endif > > extern Resource *admutil_i18nResource; > extern char *admutil_acceptLang; > >+/* returns true if the given path is a valid directory, false otherwise */ >+static int >+is_dir_ok(const char *path) >+{ >+ PRFileInfo prinfo; >+ int ret = 0; >+ >+ if (path && *path && >+ (PR_SUCCESS == PR_GetFileInfo(path, &prinfo)) && >+ prinfo.type == PR_FILE_DIRECTORY) { >+ ret = 1; >+ } >+ >+ return ret; >+} >+ >+/* returns full path and file name if the file was found somewhere, false otherwise >+ file may not yet exist, but we will create it if the dir exists */ >+static char * >+find_file_in_paths( >+ const char *filename, /* the base filename to look for */ >+ const char *path /* path given by caller */ >+) >+{ >+ char *retval = NULL; >+ char *adminutilConfDir = getenv(ADMINUTIL_CONFDIR_ENV_VAR); >+ >+ /* try given path */ >+ if (!is_dir_ok(path)) { >+ if (is_dir_ok(adminutilConfDir)) { >+ path = adminutilConfDir; >+ } else { >+ return retval; >+ } >+ } >+ retval = PR_smprintf("%s/%s", path, filename); >+ >+ return retval; >+} >+ > static int LDAP_CALL LDAP_CALLBACK > pset_ldap_rebind_proc (LDAP *ld, char **whop, char **passwdp, > int *authmethodp, int freeit, void *arg) > { > PsetPtr pset = (PsetPtr)arg; > > if (freeit == 0) { > *whop = pset->binddn; >@@ -112,16 +153,33 @@ > p = p->next; > } > listDestroy(target->ldapDumpYard); > } > > PR_Free(target); > } > >+static void >+psetDeletePtr(PsetPtr psetp) >+{ >+ if (psetp) { >+ if (psetp->info) psetNodeDestroy(psetp->info); >+ if (psetp->ldapFilter) PR_Free(psetp->ldapFilter); >+ if (psetp->ldunbindf) { >+ if (psetp->ld) ldap_unbind(psetp->ld); >+ } >+ if (psetp->configFile) PR_Free(psetp->configFile); >+ if (psetp->sieDN) PR_Free(psetp->sieDN); >+ if (psetp->binddn) PR_Free(psetp->binddn); >+ if (psetp->bindpw) PR_Free(psetp->bindpw); >+ >+ PR_Free(psetp); >+ } >+} > > void > psetNodeLDAPDestroy(PsetNodePtr target, LDAP *ld) > { > ListNodePtr p; > char *nodeDN; > int ldaperror; > >@@ -193,28 +251,28 @@ > if (!targetNode) return PSET_OP_FAIL; > else return PSET_OP_OK; > } > else { > target->attrFile = createTreeNode(name, val); > targetNode = target->attrFile; > } > >- while (val = *vals++) treeAddValue(targetNode, val); >+ while ((val = *vals++)) treeAddValue(targetNode, val); > > return PSET_OP_OK; > } > > int > psetNodeModNameValue(PsetNodePtr target, char* name, char* val) > { > TreeNodePtr targetNode, resultNode; > > if (target->attrFile) { >- if (targetNode = treeFindNode(target->attrFile, name)) { >+ if ((targetNode = treeFindNode(target->attrFile, name))) { > listDestroy(targetNode->val); > targetNode->val = NULL; > resultNode = treeAddValue(targetNode, val); > if (!resultNode) return PSET_OP_FAIL; > else return PSET_OP_OK; > } > else { > return psetNodeAddNameValue(target, >@@ -234,23 +292,23 @@ > { > TreeNodePtr targetNode, resultNode; > char* val; > > if ((target->attrFile) && > (targetNode = treeFindNode(target->attrFile, name))) { > listDestroy(targetNode->val); > targetNode->val = NULL; >- while (val = *vals++) treeAddValue(targetNode, val); >+ while ((val = *vals++)) treeAddValue(targetNode, val); > } > else { > val = *vals++; > resultNode = createTreeNode(name, val); > if (resultNode) { >- while (val = *vals++) treeAddValue(resultNode, val); >+ while ((val = *vals++)) treeAddValue(resultNode, val); > if (target->attrFile) { > treeAddNode(target->attrFile, resultNode); > } > else target->attrFile = resultNode; > } > else return PSET_OP_FAIL; > } > return PSET_OP_OK; >@@ -363,18 +421,18 @@ > > /* It's me!!! */ > if (!strcasecmp(nodePtr->attrName, name)) return nodePtr; > > > if (!strncasecmp(nodePtr->attrName, name, nodeNameLen)) { > node = nodePtr->children; > while (node) { >- if (result = psetNodeFindNode((PsetNodePtr)(node->val), ld, name, >- nodeFlag, &dummy)) { >+ if ((result = psetNodeFindNode((PsetNodePtr)(node->val), ld, name, >+ nodeFlag, &dummy))) { > *errorcode = PSET_OP_OK; > return result; > } > node = node->next; > } > > /* It is not children! Is it attribute of my entry? */ > attrName = name+nodeNameLen; >@@ -455,17 +513,17 @@ > } > else { > /* I am root, everyone is my descendent */ > attrNameLen = 0; > newName = namebuf; > } > > /* figure out the possible name for child */ >- if (tmpPtr = strchr(newName, '.')) *tmpPtr = '\0'; >+ if ((tmpPtr = strchr(newName, '.'))) *tmpPtr = '\0'; > > node = nodePtr->children; > while (node) { > if (!strcasecmp(node->name, namebuf)) { > tmpNode = (PsetNodePtr)(node->val); > break; > } > node = node->next; >@@ -508,17 +566,16 @@ > > ListNodePtr > psetNodeGetAll(PsetNodePtr psetNode, LDAP *ld, int deep, int* errorcode) > { > BerElement *ber; > NameType attrName; > char **vals; > ListNodePtr resultList=NULL, tmpList, node; >- int i=0, j=0; > char wholeName[PATH_MAX]; > > *errorcode = PSET_OP_OK; > > if (psetNode->attrLDAP) { > for (attrName = ldap_first_attribute(ld, psetNode->attrLDAP, &ber); > attrName != NULL; > attrName = ldap_next_attribute(ld, psetNode->attrLDAP, ber)) { >@@ -575,17 +632,16 @@ > /* just like psetNodeGetAll, but includes the "aci" attribute */ > ListNodePtr > psetNodeGetAllACI(PsetNodePtr psetNode, LDAP *ld, int deep, int* errorcode) > { > BerElement *ber; > NameType attrName; > char **vals; > ListNodePtr resultList=NULL, tmpList, node; >- int i=0, j=0; > char wholeName[PATH_MAX]; > > *errorcode = PSET_OP_OK; > > if (psetNode->attrLDAP) { > for (attrName = ldap_first_attribute(ld, psetNode->attrLDAP, &ber); > attrName != NULL; > attrName = ldap_next_attribute(ld, psetNode->attrLDAP, ber)) { >@@ -652,16 +708,18 @@ > > > if ( (ldaperror = ldap_modify_s(ld, nodeDN, mods)) != LDAP_SUCCESS ) { > #ifdef LDAP_DEBUG > ldap_perror( ld, "ldap_modify_s" ); > #endif > ldap_memfree(nodeDN); > if (ldaperror == LDAP_INSUFFICIENT_ACCESS) return PSET_ACCESS_FAIL; >+ /* attempt to add an attribute not part of the entry's objectclasses/schema */ >+ else if (ldaperror == LDAP_OBJECT_CLASS_VIOLATION) return PSET_ATTR_NOT_ALLOWED; > else return PSET_SYSTEM_ERR; /* error code return here */ > } > > if (ldFilter) filter = ldFilter; > else filter = "(objectclass=*)"; > if ((ldaperror = ldap_search_s(ld, nodeDN, LDAP_SCOPE_BASE, > filter, NULL, 0, &result)) > != LDAP_SUCCESS ) { >@@ -706,17 +764,17 @@ > fprintf(fstream, "%s: ", listPtr->name); > valLen = PL_strlen(valList[i]); > if (valLen > prevValLen) { > valBuf = (char *)PR_Realloc(valBuf, valLen + 1); /*+1 for ending '\0'*/ > prevValLen = valLen; > } > PR_snprintf(valBuf, valLen + 1, "%s", valList[i]); > sptr = valBuf; >- while (cptr = strchr(sptr, '\n')) { >+ while ((cptr = strchr(sptr, '\n'))) { > *cptr++ = '\0'; > fprintf(fstream, "%s\n ", sptr); > sptr=cptr; > } > fprintf(fstream, "%s\n", sptr); > i++; > } > } >@@ -751,22 +809,24 @@ > else filter = "(objectclass=*)"; > > if ((ldaperror = ldap_search_s(pset->ld, pset->sieDN, LDAP_SCOPE_SUBTREE, > filter, NULL, 0, &result)) > != LDAP_SUCCESS ) { > #ifdef LDAP_DEBUG > ldap_perror( pset->ld, "ldap_search_s" ); > #endif >+ ldap_msgfree(result); > if (ldaperror == LDAP_INSUFFICIENT_ACCESS) return PSET_ACCESS_FAIL; > return PSET_SYSTEM_ERR; > } > > if (ldap_count_entries(pset->ld, result) == 0) { > /* error return : entry does not exist */ >+ ldap_msgfree(result); > return PSET_ENTRY_NOT_EXIST; > } > > for (e = ldap_first_entry(pset->ld, result); e != NULL; > e = ldap_next_entry(pset->ld, e)) { > dn = ldap_get_dn(pset->ld, e); > nodeName = dn2AttrName(dn, pset->sieDN); > ldap_memfree(dn); >@@ -801,18 +861,18 @@ > FILE *fstream; > int errorCode = PSET_OP_OK, status; > int lineno = 0, nameLen = 0, valLen = 0; > #ifdef XP_UNIX > int fd; > struct flock flock_data; > #endif > char linebuf[1024]; >- char *name, *val, namebuf[128], *valBuf; >- char *nodeName, *attrName, *valptr = NULL; >+ char *name, *val, namebuf[128], *valBuf = NULL; >+ char *nodeName = NULL, *attrName = NULL, *valptr = NULL; > int valBuf_len = 0; > PsetNodePtr lastPsetNode = NULL, target; > PRStatus prst = 0; > PRFileInfo prinfo; > > if (!pset->configFile) return PSET_LOCAL_OPEN_FAIL; > if (!(fstream = fopen(pset->configFile, "r"))) > return PSET_LOCAL_OPEN_FAIL; >@@ -1023,17 +1083,17 @@ > errorcode); > if (target) { > *pset = psetRoot->ldapInfo; > return target; > } > } > > if (psets) { >- while (psetl = *psets++) { >+ while ((psetl = *psets++)) { > target = psetNodeFindNode(psetl->info, > NULL, > name, > nodeFlag, > errorcode); > if (target) { > *pset = psetl; > return target; >@@ -1078,25 +1138,26 @@ > return PSET_LOCAL_MODE; > > valsptr = psetNodeFindValue(nodePtr, pset->ld, attrName, &errorcode); > > switch (mode) { > case LDAP_MOD_REPLACE: > case LDAP_MOD_DELETE: > if (!valsptr) return PSET_ATTR_NOT_EXIST; >- PR_Free (valsptr); >+ deleteValue (valsptr); > break; > case LDAP_MOD_ADD: > if (valsptr) { >- PR_Free (valsptr); >+ deleteValue (valsptr); > return PSET_ATTR_EXIST; > } > break; > default: >+ deleteValue (valsptr); > return PSET_ILLEGAL_OP; > } > > if (pset->info->ldapHolder) { > /* Modify LDAP entry */ > /* construct the list of modifications to make */ > mods = (LDAPMod**)PR_Malloc(2*sizeof(LDAPMod*)); > >@@ -1127,31 +1188,31 @@ > > /* Add a list of attributes to the pset entry */ > int > psetRootModAttrList(PsetRootPtr psetRoot, int mode, AttributeList nvl) > { > PsetPtr pset = NULL; > int entries = 0, i = 0, errorcode = PSET_OP_OK; > LDAPMod **mods; >- AttributeList nvlptr = nvl; > PsetNodePtr target; > ListNodePtr updateList = NULL, attrList, nodePtr, attrPtr; > int nodeFlag; > int partial = 0; > ValueType val; > > updateList = createUpdateList(nvl); > nodePtr = updateList; > while (nodePtr) { > target = psetRootFindNode(psetRoot, nodePtr->name, &pset, > &nodeFlag, &errorcode); > if ((pset) && !(pset->info->ldapHolder) && > (pset->configFile) && > !(pset->fileRW)) { >+ destroyUpdateList(updateList); > if (partial) return PSET_PARTIAL_OP; > else return PSET_LOCAL_MODE; > } > > if (target && nodeFlag) { > attrList = (ListNodePtr)nodePtr->val; > > /* Check the existence of the attribute */ >@@ -1163,28 +1224,30 @@ > case LDAP_MOD_REPLACE: > case LDAP_MOD_DELETE: > if (!val) { > /* Arrtibute does not exist */ > destroyUpdateList(updateList); > if (partial) return PSET_PARTIAL_OP; > else return PSET_ATTR_NOT_EXIST; > } >- else PR_Free (val); >+ else deleteValue (val); > break; > case LDAP_MOD_ADD: > if (val) { > /* Attribute already exist */ >- PR_Free (val); >+ deleteValue (val); > destroyUpdateList(updateList); > if (partial) return PSET_PARTIAL_OP; > else return PSET_ATTR_EXIST; > } > break; > default: >+ deleteValue (val); >+ destroyUpdateList(updateList); > return PSET_ILLEGAL_OP; > } > attrPtr = attrPtr->next; > } > > if (pset->info->ldapHolder) { > /* OK, make real LDAP update */ > entries = listCount(attrList); >@@ -1227,93 +1290,89 @@ > if (errorcode) { > if (partial) return PSET_PARTIAL_OP; > else return errorcode; > } > } > nodePtr=nodePtr->next; > } > psetFileExportP(pset); >+ destroyUpdateList(updateList); > return errorcode; > } > > /* > PsetHndl >- psetCreate(LDAPServerPtr srv, char* sieDN, char* userDN, char* passwd, >- char* configFile, int* errorcode) >+ psetCreate(char *serverID, char* configRoot, char* userDN, char* passwd, >+ int* errorcode) > */ >-/* SIE is in <serverRoot>/<serverID>/config/adm.conf >- Local cache is <serverRoot>/<serverID>/config/local.conf >- LDAP is in <serverRoot>/admin-serv/config/ldap.conf >+/* >+ The configRoot directory is expected to contain the adm.conf file >+ which we use to bootstrap our connection to the ldap server, and >+ the local.conf file which holds the read-only cached copy of our real >+ config information stored in the directory. If the local.conf file is >+ not found there, look for it under NETSITE_ROOT/serverID/config. > */ > > PR_IMPLEMENT(PsetHndl) > psetCreate(char* serverID, char* configRoot, char* user, char* passwd, > int* errorcode) > { > PsetHndl pset; >- AdmldapInfo ldapInfo= NULL, admLdapInfo=NULL; >- char *serverRoot = getenv("NETSITE_ROOT"); >- char path[PATH_MAX], *ldapHost=NULL, *sieDN = NULL; >+ AdmldapInfo ldapInfo= NULL; >+ char *path, *ldapHost=NULL, *sieDN = NULL; > char *userDN = NULL; > char *bindPasswd = NULL; >- int ldapPort = -1, dummy; >+ int ldapPort = -1; > > ldapInfo = admldapBuildInfo(configRoot, errorcode); > > if (!ldapInfo) return NULL; > > /* get LDAP info, default is localhost:389 */ > ldapHost = admldapGetHost(ldapInfo); > ldapPort = admldapGetPort(ldapInfo); > >- /* For non-admin server, if no ldap information, get ldap host and port >- from admin server */ >- if (strcasecmp(serverID, "admin-serv")) { >- if (!ldapHost && serverRoot) { >- PR_snprintf(path, sizeof(path), "%s%cadmin-serv%cconfig", >- serverRoot, FILE_PATHSEP, FILE_PATHSEP); >- admLdapInfo = admldapBuildInfo(configRoot, &dummy); >- ldapHost = admldapGetHost(admLdapInfo); >- ldapPort = admldapGetPort(admLdapInfo); >- } >- } >- > *errorcode = PSET_OP_OK; > > if (!ldapHost) ldapHost = PL_strdup("localhost"); > if (ldapPort < 0) ldapPort = 389; > > /* Get SIE and password */ > sieDN = admldapGetSIEDN(ldapInfo); > if (!user) { >+ ADM_GetUserDNString(errorcode, &user); >+ } >+ if (!user) { > ADM_GetCurrentUsername(errorcode, &user); > } > /* if user is just attr val, get dn */ > userDN = admldapGetUserDN(ldapInfo, user); > if (passwd) { > bindPasswd = passwd; > } else { > bindPasswd = admldapGetSIEPWD(ldapInfo); > if (!bindPasswd) { > passwd = bindPasswd; /* setting this not to free bindPasswd */ > ADM_GetCurrentPassword(errorcode, &bindPasswd); > } > } > >- if (configRoot) >- PR_snprintf(path, sizeof(path), "%s%clocal.conf", configRoot, FILE_PATHSEP); >- else >- PR_snprintf(path, sizeof(path), "%s%c%s%cconfig%clocal.conf", >- serverRoot, FILE_PATHSEP, serverID, FILE_PATHSEP, FILE_PATHSEP); >+ /* find local.conf file */ >+ if (!(path = find_file_in_paths("local.conf", configRoot))) { >+ /* error - no valid file or dir could be found */ >+ *errorcode = PSET_ENV_ERR; >+ } > > pset = psetRealCreate(ldapHost, ldapPort, sieDN, userDN, bindPasswd, path, > errorcode); > PR_Free(ldapHost); > PR_Free(sieDN); >+ PR_smprintf_free(path); >+ PR_Free(userDN); > if (!passwd) { if (bindPasswd) PR_Free(bindPasswd); } > destroyAdmldap(ldapInfo); > return pset; > } > > > PR_IMPLEMENT(PsetHndl) > psetRealCreate(char* ldapHost, int ldapPort, char* sieDN, char* userDN, >@@ -1349,17 +1408,17 @@ > > PR_IMPLEMENT(PsetHndl) > psetRealLDAPImport(PsetHndl pseth, char* ldapHost, int ldapPort, char* sieDN, > char* userDN, char* passwd, char* cacheFile, char* filter, > int* errorcode) > { > LDAP *ld = NULL; > int ldapError, unbindF = 0; >- PsetHndl pset; >+ PsetHndl pset = NULL; > > if ((!ldapHost) || (ldapPort < 1) || (!sieDN)) { > /* set error code to SIEDN not available */ > *errorcode = PSET_ARGS_ERROR; > return pseth; > } > > if (NULL != passwd) { >@@ -1370,22 +1429,24 @@ > switch (ldapError) { > case LDAP_INAPPROPRIATE_AUTH: > case LDAP_INVALID_CREDENTIALS: > case LDAP_INSUFFICIENT_ACCESS: > /* authenticate failed: Should not continue */ > #ifdef LDAP_DEBUG > ldap_perror( ld, "ldap_simple_bind_s" ); > #endif >+ ldap_unbind(ld); > *errorcode = PSET_AUTH_FAIL; > return pset; > case LDAP_NO_SUCH_OBJECT: > case LDAP_ALIAS_PROBLEM: > case LDAP_INVALID_DN_SYNTAX: > /* Not a good DN */ >+ ldap_unbind(ld); > *errorcode = PSET_ENTRY_NOT_EXIST; > return pset; > default: > ldap_unbind(ld); > unbindF = 0; > ld = NULL; > } > } >@@ -1440,17 +1501,17 @@ > > if (userDN!=NULL) > { > psetSetLDAPReferalInfo(psetRoot, userDN, passwd); > } > > /* Retrieve data */ > pset->info = psetNodeCreate("", NULL); >- if (*errorcode = psetLDAPRefresh(pset)) { >+ if ((*errorcode = psetLDAPRefresh(pset))) { > /* error on retrieving data, can I use local config data? > Maybe not!! > */ > psetDelete((PsetHndl)psetRoot); > return NULL; > } > if (pset->info->ldapHolder) *errorcode = psetFileExportP(pset); > } >@@ -1460,17 +1521,17 @@ > /* Read the content of config file in case LDAP is not available */ > if (pset->configFile) { > pset->info = psetNodeCreate("", NULL); > *errorcode = psetFileImportP(pset); > } > else *errorcode = PSET_LOCAL_OPEN_FAIL; > > if (*errorcode && *errorcode != PSET_LOCAL_MODE) { >- PR_Free(psetRoot->ldapInfo); >+ psetDeletePtr(psetRoot->ldapInfo); > psetRoot->ldapInfo = NULL; > } > } > > return (PsetHndl)psetRoot; > > } > >@@ -1509,51 +1570,39 @@ > > if (*errorcode) { > psetDelete((PsetHndl)psetRoot); > psetRoot = NULL; > } > return (PsetHndl)psetRoot; > } > >- > PR_IMPLEMENT(int) > psetDelete(PsetHndl pseth) > { > PsetRootPtr psetRoot; > PsetPtr pset, *psets; > > if (!pseth) return PSET_NULL_HANDLE; > > psetRoot = (PsetRootPtr)pseth; > >- pset = psetRoot->ldapInfo; >- >- if (pset) { >- if (pset->info) psetNodeDestroy(pset->info); >- if (pset->ldapFilter) PR_Free(pset->ldapFilter); >- if (pset->ldunbindf) { >- if (pset->ld) ldap_unbind(pset->ld); >- } >- if (pset->configFile) PR_Free(pset->configFile); >- if (pset->sieDN) PR_Free(pset->sieDN); >- if (pset->binddn) PR_Free(pset->binddn); >- if (pset->bindpw) PR_Free(pset->bindpw); >- >- PR_Free(pset); >- } >+ psetDeletePtr(psetRoot->ldapInfo); >+ psetRoot->ldapInfo = NULL; > > psets = psetRoot->fileInfo; > > if (psets) { >- while (pset= *psets++) { >+ while ((pset= *psets++)) { > if (pset->info) psetNodeDestroy(pset->info); > if (pset->configFile) PR_Free(pset->configFile); > } > } >+ >+ PR_Free(psetRoot); > > return PSET_OP_OK; > } > > /* Check the existence of the attribute name, it can be LDAP entry or LDAP > attribute */ > PR_IMPLEMENT(int) > psetCheckAttribute(PsetHndl pseth, NameType name) >@@ -1613,23 +1662,32 @@ > } > > > /* Find out what type of object the node described by "name" is */ > PR_IMPLEMENT(ValueType) > psetGetObjectClass(PsetHndl pseth, NameType name, int* errorcode) > { > NameType objectclass; >+ ValueType value; >+ int needFree = 0; > > if(strstr(name, ".objectclass")) { > objectclass = name; > } else { > objectclass = (NameType)PR_smprintf("%s.objectclass", name); >+ needFree = 1; >+ } >+ value = psetGetAttrValue(pseth, objectclass, errorcode); >+ >+ if (needFree) { >+ PR_smprintf_free(objectclass); > } >- return psetGetAttrValue(pseth, objectclass, errorcode); >+ >+ return value; > } > > > /* Retrieve the value of the atrribute based on the given attribute name */ > PR_IMPLEMENT(char*) > psetGetAttrSingleValue(PsetHndl pseth, NameType name, int* errorcode) > { > char* attrVal = NULL; >@@ -1649,34 +1707,32 @@ > > /* Retrieve the values of the atrributes based on the given attribute name list */ > PR_IMPLEMENT(AttributeList) > psetGetAttrList(PsetHndl pseth, AttrNameList nl, int* errorcode) > { > PsetRootPtr psetRoot; > PsetPtr pset; > PsetNodePtr target; >- int entries = 0; >- int i = 0, j= 0; > NameType name; > ListNodePtr resultList = NULL, tmpList; > AttributeList resultAttrList = NULL; > int nodeFlag, dummyError; > char *attrName; > ValueType val; > > *errorcode = PSET_OP_OK; > > if (!pseth) { > *errorcode = PSET_NULL_HANDLE; > return NULL; > } > psetRoot = (PsetRootPtr)pseth; > >- while (name = *nl++) { >+ while ((name = *nl++)) { > target = psetRootFindNode(psetRoot, name, &pset, &nodeFlag, > &dummyError); > if (target) { > if (nodeFlag) { > tmpList = psetNodeGetAll(target, pset->ld, 1, errorcode); > if (resultList) listCat(resultList, tmpList); > else resultList = tmpList; > } >@@ -1703,17 +1759,16 @@ > PR_IMPLEMENT(AttributeList) > psetGetAllAttrs(PsetHndl pseth, NameType nodeName, int* errorcode) > { > PsetRootPtr psetRoot; > PsetPtr pset; > PsetNodePtr psetNode; > ListNodePtr tmpList; > AttributeList resultList; >- int i=0, j=0; > int nodeFlag; > > *errorcode = PSET_OP_OK; > > if (!pseth) { > *errorcode = PSET_NULL_HANDLE; > return NULL; > } >@@ -1742,17 +1797,16 @@ > PR_IMPLEMENT(AttributeList) > psetGetAllAttrsACI(PsetHndl pseth, NameType nodeName, int* errorcode) > { > PsetRootPtr psetRoot; > PsetPtr pset; > PsetNodePtr psetNode; > ListNodePtr tmpList; > AttributeList resultList; >- int i=0, j=0; > int nodeFlag; > > *errorcode = PSET_OP_OK; > > if (!pseth) { > *errorcode = PSET_NULL_HANDLE; > return NULL; > } >@@ -1780,17 +1834,16 @@ > > /* Retrieve the values of the all children */ > PR_IMPLEMENT(AttrNameList) > psetGetChildren(PsetHndl pseth, NameType nodeName, int* errorcode) > { > PsetRootPtr psetRoot; > PsetPtr pset; > PsetNodePtr psetNode; >- int i=0, j=0; > int nodeFlag; > > *errorcode = PSET_OP_OK; > > if (!pseth) { > *errorcode = PSET_NULL_HANDLE; > return NULL; > } >@@ -1923,33 +1976,32 @@ > psetRoot = (PsetRootPtr)pseth; > > nlPtr = nl; > while (*nlPtr++) cnt++; > > nvl = createAttributeList(cnt); > nlPtr = nl; > i = 0; >- while (name = *nlPtr++) addAttribute(nvl, i++, name, NULL); >+ while ((name = *nlPtr++)) addAttribute(nvl, i++, name, NULL); > return psetRootModAttrList(psetRoot, LDAP_MOD_DELETE, nvl); > } > > PR_IMPLEMENT(int) > psetAddEntry(PsetHndl pseth, NameType parent, NameType name, > AttrNameList objectclasses, AttributeList initList) > { > PsetRootPtr psetRoot; > PsetPtr pset; > PsetNodePtr parentPtr, nodePtr; > LDAPMessage *result, *e; > LDAPMod **mods, *obclsMod; > char *dn; > int ldaperror, i, cnt, nodeFlag, errorCode; > char absAttrName[PATH_MAX], **names, *filter; >- ListNodePtr attrList = NULL; > AttributePtr nv; > AttributeList nvlPtr; > > > if (!pseth) return PSET_NULL_HANDLE; > psetRoot = (PsetRootPtr)pseth; > if (!parent) return PSET_OP_FAIL; > if (*parent != '\0') >@@ -1964,18 +2016,18 @@ > > if (!nodeFlag) return PSET_NO_PARENT; > > if (errorCode) return PSET_NO_PARENT; > > if (!(pset->info->ldapHolder) && > !(pset->fileRW)) return PSET_LOCAL_MODE; > >- if (nodePtr = psetNodeFindNode(parentPtr, pset->ld, absAttrName, &nodeFlag, >- &errorCode)) { >+ if ((nodePtr = psetNodeFindNode(parentPtr, pset->ld, absAttrName, &nodeFlag, >+ &errorCode))) { > return PSET_ENTRY_EXIST; > } > > errorCode = PSET_OP_OK; > > if (pset->ld) { > dn = attrName2dn(absAttrName, pset->sieDN); > >@@ -1998,17 +2050,17 @@ > obclsMod->mod_op = 0; > obclsMod->mod_type = "objectClass"; > obclsMod->mod_values = objectclasses; > > mods[1] = obclsMod; > > nvlPtr = initList; > i = 2; >- while (nv = *nvlPtr++) >+ while ((nv = *nvlPtr++)) > mods[i++] = createMod(nv->attrName, nv->attrVal, 0); > mods[i] = NULL; > > if ( ldap_add_s (pset->ld, dn, mods) == LDAP_SUCCESS ) { > /* Refresh this node */ > if (pset->ldapFilter) filter = pset->ldapFilter; > else filter = "(objectclass=*)"; > if ((ldaperror = ldap_search_s(pset->ld, dn, LDAP_SCOPE_BASE, >@@ -2093,181 +2145,198 @@ > > errorCode = psetNodeRemoveChild(parentPtr, name); > > if (errorCode) return errorCode; > > return psetFileExportP(pset); > } > >-PR_IMPLEMENT(const char*) >-psetErrorString(int errorNum, char* lang) >+PR_IMPLEMENT(char*) >+psetErrorString(int errorNum, char* lang, char *buffer, size_t bufsize, int *rc) > { > char *acceptLang = lang; >- const char* errorStr = NULL; >+ char* errorStr = NULL; >+ >+ if (buffer) { >+ *buffer = '\0'; >+ } > > if (!acceptLang) acceptLang = admutil_acceptLang; > > switch (errorNum) { > case PSET_OP_OK: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_OP_OK, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_OP_OK, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "Operation OK"; >+ else errorStr = "Operation OK"; > break; > case PSET_OP_FAIL: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_OP_FAIL, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_OP_FAIL, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "Operation failed"; >+ else errorStr = "Operation failed"; > break; > case PSET_SYSTEM_ERR: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_SYSTEM_ERR, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_SYSTEM_ERR, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "System (OS/LDAP) related error"; >+ else errorStr = "System (OS/LDAP) related error"; > break; > case PSET_ENV_ERR: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_ENV_ERR, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_ENV_ERR, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "Environment variable error"; >+ else errorStr = "Environment variable error"; > break; > case PSET_ARGS_ERROR: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_ARGS_ERROR, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_ARGS_ERROR, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "Arguments error"; >+ else errorStr = "Arguments error"; > break; > case PSET_NULL_HANDLE: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_NULL_HANDLE, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_NULL_HANDLE, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "Null handle"; >+ else errorStr = "Null handle"; > break; > case PSET_LOCAL_MODE: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_LOCAL_MODE, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_LOCAL_MODE, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "Operated in local cache mode"; >+ else errorStr = "Operated in local cache mode"; > break; > case PSET_LOCAL_OPEN_FAIL: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_LOCAL_OPEN_FAIL, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_LOCAL_OPEN_FAIL, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "Failed to open local cache"; >+ else errorStr = "Failed to open local cache"; > break; > case PSET_AUTH_FAIL: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_AUTH_FAIL, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_AUTH_FAIL, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "Authentication failed"; >+ else errorStr = "Authentication failed"; > break; > case PSET_ACCESS_FAIL: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_ACCESS_FAIL, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_ACCESS_FAIL, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "Access failed - improper permission"; >+ else errorStr = "Access failed - improper permission"; > break; > case PSET_ENTRY_NOT_EXIST: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_ENTRY_NOT_EXIST, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_ENTRY_NOT_EXIST, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "Entry does not exist"; >+ else errorStr = "Entry does not exist"; > break; > case PSET_ATTR_NOT_EXIST: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_ATTR_NOT_EXIST, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_ATTR_NOT_EXIST, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "Attribute does not exist"; >+ else errorStr = "Attribute does not exist"; > break; > case PSET_ENTRY_EXIST: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_ENTRY_EXIST, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_ENTRY_EXIST, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "Entry exist"; >+ else errorStr = "Entry exist"; > break; > case PSET_ATTR_EXIST: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_ATTR_EXIST, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_ATTR_EXIST, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "Attribute exist"; >+ else errorStr = "Attribute exist"; > break; > case PSET_NOT_ENTRY: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_NOT_ENTRY, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_NOT_ENTRY, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "Not an entry"; >+ else errorStr = "Not an entry"; > break; > case PSET_NOT_ATTR: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_NOT_ATTR, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_NOT_ATTR, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "Not an attribute"; >+ else errorStr = "Not an attribute"; > break; > case PSET_NO_LDAP_HNDL: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_NO_LDAP_HNDL, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_NO_LDAP_HNDL, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "NULL LDAP Handler"; >+ else errorStr = "NULL LDAP Handler"; > break; > case PSET_NO_DN: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_NO_DN, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_NO_DN, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "No Distinguished Name"; >+ else errorStr = "No Distinguished Name"; > break; > case PSET_NO_DATA: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_NO_DATA, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_NO_DATA, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "No data"; >+ else errorStr = "No data"; > break; > case PSET_NO_VALUE: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_NO_VALUE, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_NO_VALUE, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "No value"; >+ else errorStr = "No value"; > break; > case PSET_NO_PARENT: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_NO_PARENT, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_NO_PARENT, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "No parent node"; >+ else errorStr = "No parent node"; > break; > case PSET_PARTIAL_GET: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_PARTIAL_GET, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_PARTIAL_GET, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "Only get partial data"; >+ else errorStr = "Only get partial data"; > break; > case PSET_PARTIAL_OP: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_PARTIAL_OP, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_PARTIAL_OP, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "Operation only success partially, some failed"; >+ else errorStr = "Operation only success partially, some failed"; > break; > case PSET_ILLEGAL_OP: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_ILLEGAL_OP, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_ILLEGAL_OP, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "Illegal operation"; >+ else errorStr = "Illegal operation"; > break; > case PSET_NOT_IMPLEMENT: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_NOT_IMPLEMENT, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_NOT_IMPLEMENT, acceptLang, buffer, bufsize, rc); >+ if (errorStr) return errorStr; >+ else errorStr = "Not implemented yet"; >+ break; >+ case PSET_ATTR_NOT_ALLOWED: >+ if (admutil_i18nResource) >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_ATTR_NOT_ALLOWED, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "Not implemented yet"; >+ else errorStr = "Attribute disallowed by entry objectclasses"; > break; > default: > if (admutil_i18nResource) >- errorStr = res_getstring(admutil_i18nResource, DBT_pset_UNKNOWN_ERROR_NO, acceptLang); >+ errorStr = res_getstring(admutil_i18nResource, DBT_pset_UNKNOWN_ERROR_NO, acceptLang, buffer, bufsize, rc); > if (errorStr) return errorStr; >- else return "Unknown Error Number"; >+ else errorStr = "Unknown Error Number"; > } >+ >+ if (buffer) { >+ PL_strncpyz(buffer, errorStr, bufsize); >+ return buffer; >+ } >+ >+ return PL_strdup(errorStr); > } > > /* Setting up LDAP referal */ > PR_IMPLEMENT(int) > psetSetLDAPReferalInfo(PsetHndl pseth, char* userDN, char* passwd) > { > PsetRootPtr psetRoot; > PsetPtr pset; >@@ -2375,39 +2444,41 @@ > /* create the duplicate - even if it exists */ > > count=0; > while(nodeObjectClass[count] != NULL) count++; > listName = createAttrNameList(count); > > for(count=0; nodeObjectClass[count] != NULL; count++) > addName(listName, count, nodeObjectClass[count]); >+ deleteValue(nodeObjectClass); >+ nodeObjectClass = NULL; > > count=0; > temp_list = nodeAttrs; > while(temp_list && (*temp_list++)) count++; > initList = createAttributeList(count); > > temp_list = nodeAttrs; > count=0; > while(temp_list && (attrPtr = *temp_list++)) { >- if(temp_attr_name = strrchr(attrPtr->attrName, '.')) >+ if ((temp_attr_name = strrchr(attrPtr->attrName, '.'))) > temp_attr_name++; > else > temp_attr_name = attrPtr->attrName; > /* replace source_groupDN with dest_groupDN */ > replace_dn(attrPtr->attrVal, source_groupDN, dest_groupDN); > addAttribute(initList, count, temp_attr_name, attrPtr->attrVal); > count++; > } > > /* install it in the dest tree */ > > parent = PL_strdup(name); >- if(temp_node_name = strrchr(parent, '.')) { >+ if ((temp_node_name = strrchr(parent, '.'))) { > temp_node_name[0] = '\0'; > temp_node_name++; > } > else { > temp_node_name = name; > PR_Free(parent); > parent = PL_strdup(""); > } >@@ -2427,17 +2498,17 @@ > rv != PSET_ENTRY_EXIST && > rv != PSET_LOCAL_OPEN_FAIL) { > return rv; > } > > /* process the children */ > > nodeChildren = psetGetChildren(source, name, &errorcode); >- while(temp_node_name = *nodeChildren++) { >+ while ((temp_node_name = *nodeChildren++)) { > rv = psetRecursiveReplicate(source, dest, temp_node_name, source_groupDN, dest_groupDN); > if (rv != PSET_OP_OK) { > return rv; > } > } > > return PSET_OP_OK; > >@@ -2482,16 +2553,18 @@ > /* create the duplicate - even if it exists */ > > count=0; > while(nodeObjectClass[count] != NULL) count++; > listName = createAttrNameList(count); > > for(count=0; nodeObjectClass[count] != NULL; count++) > addName(listName, count, nodeObjectClass[count]); >+ deleteValue(nodeObjectClass); >+ nodeObjectClass = NULL; > > count=0; > temp_list = nodeAttrs; > while(temp_list && (*temp_list++)) count++; > initList = createAttributeList(count); > > temp_list = nodeAttrs; > count=0; >Index: adminutil/lib/libadminutil/resource.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadminutil/resource.c,v >retrieving revision 1.1.1.1 >diff -u -8 -r1.1.1.1 resource.c >--- adminutil/lib/libadminutil/resource.c 20 Jul 2005 22:51:32 -0000 1.1.1.1 >+++ adminutil/lib/libadminutil/resource.c 29 Mar 2007 02:53:12 -0000 >@@ -17,48 +17,128 @@ > * License along with this library; if not, write to the Free Software > * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA > * END COPYRIGHT BLOCK **/ > > #include "libadminutil/resource.h" > #include <stdio.h> > #include <string.h> > #include <stdlib.h> >+#include <unistd.h> > > #include "unicode/ures.h" > #include "unicode/ustring.h" > >+/* returns true if the given path is a valid directory, false otherwise */ >+static int >+is_dir_ok(const char *path) >+{ >+ PRFileInfo prinfo; >+ int ret = 0; >+ >+ if (path && *path && >+ (PR_SUCCESS == PR_GetFileInfo(path, &prinfo)) && >+ prinfo.type == PR_FILE_DIRECTORY) { >+ ret = 1; >+ } >+ >+ return ret; >+} >+ >+/* >+ ---------------------------------------------------------------- >+ res_find_and_init_resource >+ >+ Initializes a property file path. Looks for the package directory >+ in a variety of well known locations, in order, and stops after >+ the first successful attempt to stat the directory. >+ 1) the given path, if any >+ 2) the current working directory + "/property" >+ 3) getenv(ADMINUTIL_CONFDIR_ENV_VAR) + "/property" >+ It is expected that applications will have their default property >+ directory compiled in (via configure ; make) and that's what they >+ will pass in as their first argument. The other path lookup stuff >+ is really for legacy apps or apps in which the user wants to change >+ the property directory at runtime. >+ If package is NULL, then path already is package specific e.g. >+ path will usually be something like >+ /usr/share/adminutil - the resource files will be in this directory e.g. >+ /usr/share/adminutil/root.res,en.res,en_US.res, etc. >+ ----------------------------------------------------------------- >+ */ >+PR_IMPLEMENT(Resource*) >+res_find_and_init_resource(const char *path, const char *package) >+{ >+ char resPath[PATH_MAX]; >+ char *adminutilConfDir = getenv(ADMINUTIL_CONFDIR_ENV_VAR); >+ char *execPath; >+ Resource *resource = NULL; >+ >+ /* case 1 */ >+ if (is_dir_ok(path)) { >+ return res_init_resource(path, package); >+ } >+ >+ /* case 2 */ >+ resPath[0] = '\0'; >+ execPath = getcwd(resPath, sizeof(resPath)); >+ if (execPath) { >+ PL_strcatn(resPath, sizeof(resPath), "/property"); >+ if (!is_dir_ok(resPath)) { >+ resPath[0] = '\0'; >+ } >+ } >+ >+ /* case 3 */ >+ if (!resPath[0] && adminutilConfDir && *adminutilConfDir) { >+ PR_snprintf(resPath, sizeof(resPath), "%s/property", adminutilConfDir); >+ if (!is_dir_ok(resPath)) { >+ resPath[0] = '\0'; >+ } >+ } >+ >+ if (resPath[0]) { >+ resource = res_init_resource(resPath, package); >+ } >+ >+ return resource; >+} > > /* > ---------------------------------------------------------------- > res_init_resource > > Initializes a property file path. >+ package may be NULL - this means that path is already package specific >+ e.g. /usr/share/adminutil > ----------------------------------------------------------------- > */ > PR_IMPLEMENT(Resource*) > res_init_resource(const char* path, const char* package) > { > Resource *resource; > char *resPath; > char path_last_char; > >- if (package == NULL || PL_strlen(package) == 0) { >- return NULL; >- } >- > if (path == NULL) { >+ /* both path and package cannot be NULL */ >+ if (package == NULL || PL_strlen(package) == 0) { >+ return NULL; >+ } > path = "./"; > } > > path_last_char = path[PL_strlen(path) - 1]; > if (path_last_char != '/' && path_last_char != '\\') { >- resPath = PR_smprintf("%s/%s", path, package); >+ resPath = PR_smprintf("%s%s%s", path, >+ package ? "/" : "", >+ package ? package : ""); > } else { >- resPath = PR_smprintf("%s%s", path, package); >+ resPath = PR_smprintf("%s%s", path, >+ package ? package : ""); > } > > resource = (Resource *)PR_Malloc(sizeof(Resource)); > if (NULL == resource) { > return NULL; > } > memset(resource, 0, sizeof(Resource)); > >@@ -78,60 +158,87 @@ > > /* > ----------------------------------------------------------------------------- > res_getstring > > Gets a string by key from a resource file > ----------------------------------------------------------------------------- > */ >-PR_IMPLEMENT(const char*) >-res_getstring(Resource* resource, char *key, char *locale) >+PR_IMPLEMENT(char*) >+res_getstring(Resource* resource, char *key, char *locale, char *buffer, size_t bufsize, int *rc) > { >- const char* result = NULL; >+ char* result = NULL; >+ int resultcode = -1; > UResourceBundle *bundle = NULL; > UErrorCode status = U_ZERO_ERROR; >- >+ >+ if (buffer) { >+ *buffer = '\0'; >+ } > > if (resource == NULL || resource->path == NULL || key == NULL) { >- return PL_strdup(""); >+ goto done; > } > > bundle = ures_open(resource->path, (const char*)locale, &status); > > if(U_SUCCESS(status) && bundle) { > int32_t umsglen=0; > const UChar *umsg = ures_getStringByKey(bundle, key, &umsglen, &status); > > if (U_SUCCESS(status) && umsg) { >- int32_t msglen=-1; >- >- /* Get first the required buffer size */ >- u_strToUTF8(NULL, 0, &msglen, umsg, umsglen, &status); >- if (msglen >0) { >- result = PR_Malloc(msglen+1); >- if (result) { >- /* reset status, set to OVERFLOW by the last call to u_strToUTF8 */ >- status = U_ZERO_ERROR; >- /* now the real conversion with allocated buffer */ >- u_strToUTF8((char*)result, msglen+1, &msglen, umsg, umsglen, &status); >- if (!U_SUCCESS(status)) { >- result = NULL; >- } >+ int32_t msglen=-1; >+ if (buffer) { >+ /* just convert the string into the given buffer - note that >+ there may be truncation/overflow - see below */ >+ msglen = (int32_t)bufsize; >+ u_strToUTF8(buffer, msglen, &msglen, umsg, umsglen, &status); >+ buffer[bufsize] = '\0'; /* ensure null termination */ >+ } else { >+ /* Get first the required buffer size */ >+ u_strToUTF8(NULL, 0, &msglen, umsg, umsglen, &status); >+ if (msglen >0) { >+ result = PR_Malloc(msglen+1); >+ if (result) { >+ /* reset status, set to OVERFLOW by the last call to u_strToUTF8 */ >+ status = U_ZERO_ERROR; >+ /* now the real conversion with allocated buffer */ >+ u_strToUTF8((char*)result, msglen+1, &msglen, umsg, umsglen, &status); >+ if (!U_SUCCESS(status)) { >+ result = NULL; >+ } >+ } > } > } >+ if (status == U_BUFFER_OVERFLOW_ERROR || >+ status == U_STRING_NOT_TERMINATED_WARNING) { >+ resultcode = 1; >+ } else if (U_SUCCESS(status)) { >+ resultcode = 0; >+ } else { >+ resultcode = -1; >+ } > } > > ures_close(bundle); > } > >- if (result == NULL) { >+done: >+ >+ if (buffer) { >+ result = buffer; >+ } else if (!result) { > result = PL_strdup(""); > } > >+ if (rc) { >+ *rc = resultcode; >+ } >+ > return result; > } > > > /* > ----------------------------------------------------- > res_destroy_resource > >Index: adminutil/lib/libadminutil/srvutil.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadminutil/srvutil.c,v >retrieving revision 1.2 >diff -u -8 -r1.2 srvutil.c >--- adminutil/lib/libadminutil/srvutil.c 16 Nov 2005 18:50:15 -0000 1.2 >+++ adminutil/lib/libadminutil/srvutil.c 29 Mar 2007 02:53:12 -0000 >@@ -27,19 +27,19 @@ > #define strncasecmp _strnicmp > #endif > > PR_IMPLEMENT(AttrNameList) > getServerDNList(AdmldapInfo info) > { > char *domainDN = NULL, *isie = NULL, *sie = NULL; > char *ptr = NULL, *adminName = NULL; >+ char *host = NULL, *siepwd = NULL; > PsetHndl domainPset; > int errorCode; >- ListNodePtr dnList=NULL, node=NULL; > AttrNameList nl; > > isie = admldapGetISIEDN(info); > /* > * ISIE sample: > * isie: cn=<NAME> Administration Server, cn=Server Group, cn=myhost.example.com, ou=example.com, o=NetscapeRoot > */ > ptr = strchr(isie, ','); >@@ -58,57 +58,65 @@ > domainDN = PL_strdup(ptr); > if (!domainDN) goto err; > > adminName = strchr(isie, '='); > if (!adminName) goto err; > adminName++; > > /* Use domainDN to create a pset */ >- domainPset = psetRealCreate(admldapGetHost(info), >+ host = admldapGetHost(info); >+ siepwd = admldapGetSIEPWD(info); >+ domainPset = psetRealCreate(host, > admldapGetPort(info), > domainDN, > sie, >- admldapGetSIEPWD(info), >+ siepwd, > NULL, > &errorCode); > > if (!domainPset) goto err; > > nl = retrieveSIEs(domainPset, domainDN, adminName); > >- psetDelete(domainPset); /* free sie, domainDN, internally */ >+ psetDelete(domainPset); > if (isie) PR_Free(isie); >+ if (sie) PR_Free(sie); >+ if (domainDN) PR_Free(domainDN); >+ if (host) PR_Free(host); >+ if (siepwd) PR_Free(siepwd); > return nl; > > err: > if (isie) PR_Free(isie); > if (sie) PR_Free(sie); > if (domainDN) PR_Free(domainDN); >+ if (host) PR_Free(host); >+ if (siepwd) PR_Free(siepwd); > return NULL; > } > > PR_IMPLEMENT(AttrNameList) > retrieveSIEs(PsetHndl domainPset, char* domainDN, char *adminName) > { > char *sieDN = NULL, *name, *sieName, *attrName; > int errorCode, i, isieLen; > ListNodePtr dnList=NULL, node=NULL; > AttrNameList nl, nl1, sieList, childrenList; > > childrenList = psetGetChildren(domainPset, "", &errorCode); > if (errorCode) return NULL; > > nl = childrenList; >- while (name = *nl++) { >+ while ((name = *nl++)) { > if (strcasecmp(name, adminName)) { > sieList = psetGetChildren(domainPset, name, &errorCode); > nl1 = sieList; > isieLen = PL_strlen(name); >- while (sieName = *nl1++) { >+ while ((sieName = *nl1++)) { > attrName = sieName+isieLen+1; > if (strcasecmp(attrName, "tasks")) { > sieDN = attrName2dn(sieName, domainDN); > node = createListNode(sieDN, NULL, 0); > if (dnList) listCat(dnList, node); > else dnList = node; > PR_Free(sieDN); > sieDN = NULL; >@@ -131,76 +139,88 @@ > listDestroy(dnList); > return nl; > } > > > PR_IMPLEMENT(AttributeList) > getInstalledServerDNList(AdmldapInfo info) > { >- char *domainDN, *isie; >- PsetHndl domainPset; >- AttributeList resultList; >- int errorCode; >+ char *domainDN = NULL, *isie = NULL, *sie = NULL; >+ char *host = NULL, *siepwd = NULL; >+ PsetHndl domainPset = NULL; >+ AttributeList resultList = NULL; >+ int errorCode = 0; > > isie = admldapGetISIEDN(info); > > domainDN=strchr(isie, ','); >- if (!domainDN) return NULL; >+ if (!domainDN) goto done; > > domainDN++; > > while (*domainDN == ' ' && *domainDN != '\0') domainDN++; > >- if (*domainDN == '\0') return NULL; >+ if (*domainDN == '\0') goto done; > > /* Use domainDN to create a pset */ > >- domainPset = psetRealCreate(admldapGetHost(info), >+ host = admldapGetHost(info); >+ sie = admldapGetSIEDN(info); >+ siepwd = admldapGetSIEPWD(info); >+ domainPset = psetRealCreate(host, > admldapGetPort(info), > domainDN, >- admldapGetSIEDN(info), >- admldapGetSIEPWD(info), >+ sie, >+ siepwd, > NULL, > &errorCode); > >- if (!domainPset) return NULL; >+ if (!domainPset) goto done; > > resultList = retrieveISIEs(domainPset, domainDN); >+ >+done: > psetDelete(domainPset); >+ PL_strfree(host); >+ PL_strfree(sie); >+ PL_strfree(siepwd); >+ PL_strfree(isie); > > return resultList; >- > } > > PR_IMPLEMENT(AttributeList) > retrieveISIEs(PsetHndl domainPset, char* domainDN) > { > char *name; > int errorCode, i, cnt = 0; > ListNodePtr dnList=NULL, node=NULL; >- char dn[1024], attrName[256]; > AttributeList resultList = NULL; > AttrNameList childrenList, nl; > char *nickName; > > childrenList = psetGetChildren(domainPset, "", &errorCode); > if (errorCode) return NULL; > > nl = childrenList; >- while (name = *nl++) { >- PR_snprintf (attrName, sizeof(attrName), "%s.nsNickName", name); >+ while ((name = *nl++)) { >+ char *attrName = PR_smprintf("%s.nsNickName", name); > nickName = psetGetAttrSingleValue(domainPset, attrName, &errorCode); > if (nickName) { >- PR_snprintf (dn, sizeof(dn), "cn=%s, %s", name, domainDN); >- node = createListNode(nickName, PL_strdup(dn), 1); >+ ValueType val; >+ char *dn = PR_smprintf("cn=%s, %s", name, domainDN); >+ val = (ValueType)PR_Calloc(2, sizeof(char *)); >+ val[0] = dn; >+ node = createListNode(nickName, val, 1); > if (dnList) listCat(dnList, node); > else dnList = node; > PR_Free(nickName); > } >+ PR_smprintf_free(attrName); > } > deleteAttrNameList(childrenList); > > cnt = listCount(dnList); > node = dnList; > i = 0; > if (cnt > 0) { > resultList = createAttributeList(cnt); >Index: adminutil/lib/libadminutil/uginfo.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadminutil/uginfo.c,v >retrieving revision 1.3 >diff -u -8 -r1.3 uginfo.c >--- adminutil/lib/libadminutil/uginfo.c 11 May 2006 23:30:31 -0000 1.3 >+++ adminutil/lib/libadminutil/uginfo.c 29 Mar 2007 02:53:13 -0000 >@@ -29,34 +29,29 @@ > #ifdef XP_WIN32 > #define strcasecmp stricmp > #define strncasecmp _strnicmp > #endif > > static char* > admldapCreateLDAPHndl(AdmldapInfo info, char *targetDN, int *error_code) > { >- char *ldapHost = NULL; >- int ldapPort = 0; > char *sieDN = NULL; >- char *siePassword = NULL; >- char targetDNBuf[1024], *resultDN = NULL; >+ char *resultDN = NULL; > AdmldapHdnlPtr hndl = (AdmldapHdnlPtr)info; > > if (!hndl) { *error_code = UG_EMPTY_LDAPINFO; return NULL; } > *error_code = UG_OP_OK; > > if (targetDN) resultDN = PL_strdup(targetDN); > else { > /* No target DN given, try to figure it out */ > if (!sieDN) sieDN = admldapGetSIEDN(info); > if (sieDN) { >- PR_snprintf(targetDNBuf, sizeof(targetDNBuf), "cn=configuration, %s", >- sieDN); >- resultDN = PL_strdup(targetDNBuf); >+ resultDN = PR_smprintf("cn=configuration, %s", sieDN); > } > else { > *error_code = UG_NO_TARGETDN; > } > } > > return resultDN; > } >@@ -200,17 +195,17 @@ > > > PR_IMPLEMENT(int) > admldapGetUserDirectoryReal(LDAP *ld, char* targetDN, char** directoryURL, > char** bindDN, char** bindPassword, > char** directoryInfoRef, int* error_code) > { > >- int errorCode = UG_OP_OK, status; >+ int status; > char *dummyDirectoryInfoRef = NULL; > > if (!admldapGetUserDirectoryInfo(ld, targetDN, directoryURL, bindDN, > bindPassword, directoryInfoRef, > error_code)) { > return 0; > } > >@@ -352,17 +347,17 @@ > */ > > PL_strncpy(url_buffer, directoryURL, url_buflen); > url_buflen -= PL_strlen(directoryURL); > temp = strchr(url_buffer, ' '); > if (NULL != temp) { > PL_strncpy(failover_buffer, &(temp[1]), sizeof(failover_buffer)); > *temp = '\0'; >- if(temp = strrchr(failover_buffer, '/')) { >+ if ((temp = strrchr(failover_buffer, '/'))) { > PL_strncat(url_buffer, temp, url_buflen); > *temp = '\0'; > } > } > } > else { > PL_strncpy(url_buffer, directoryURL, url_buflen); > failover_buffer[0] = '\0'; >Index: adminutil/lib/libadmsslutil/admsslutil.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/admsslutil.c,v >retrieving revision 1.6 >diff -u -8 -r1.6 admsslutil.c >--- adminutil/lib/libadmsslutil/admsslutil.c 3 Nov 2006 17:41:06 -0000 1.6 >+++ adminutil/lib/libadmsslutil/admsslutil.c 29 Mar 2007 02:53:13 -0000 >@@ -64,16 +64,32 @@ > " " ADMSDK_BUILDNUM; > #endif /* XP_UNIX */ > > void servssl_error(char *fmt, ...); > > char custom_file[BIG_LINE] = ""; > char retried_token[BIG_LINE] = ""; > >+/* returns true if the given path is a valid directory, false otherwise */ >+static int >+is_dir_ok(const char *path) >+{ >+ PRFileInfo prinfo; >+ int ret = 0; >+ >+ if (path && *path && >+ (PR_SUCCESS == PR_GetFileInfo(path, &prinfo)) && >+ prinfo.type == PR_FILE_DIRECTORY) { >+ ret = 1; >+ } >+ >+ return ret; >+} >+ > PR_IMPLEMENT(int) > admldapBuildInfoSSL(AdmldapInfo info, int *errorcode) > { > LDAP *ld; > int ldapError; > char *passwd = NULL; > char *host = NULL; > >@@ -130,167 +146,116 @@ > return 0; > } > } > > admldapSetLDAPHndl(info, ld); > return 1; > } > >-/* >- * Given filepath e.g. /opt/servers/alias/slapd-dilly-cert7.db >- * return slapd-dilly- as the prefix fo cert file; >- * or filepath is e.g. /opt/servers/alias/slapd-dilly-key3.db >- * return slapd-dilly- as the prefix for key file. >-*/ >-static void >-getPrefix(char *filepath, char *basename, char *prefix, int maxprefixlen) >-{ >- char *filename, *base; >- int prefixLen; >- >- if (NULL == prefix || 0 == maxprefixlen) { >- return; >- } >- prefix[0] = '\0'; >- >- if((filename = strrchr(filepath, FILE_PATHSEP)) == NULL) { >- filename=filepath; >- } >- else { >- filename++; /* Skip '/' */ >- } >- >- /* basename is either "-cert" or "-key" - look for last occurance */ >- base = PL_strrstr(filename, basename); >- if (base == NULL) { >- return; >- } >- >- /* Include '-' into prefix */ >- prefixLen = base-filename+1; >- if (prefixLen > maxprefixlen) { >- return; >- } >- memcpy(prefix, filename, prefixLen); >- prefix[prefixLen]=0; >-} >- >-static int initNSS(char *certdbFile, char *keydbFile) >+static int initNSS(const char *securitydir, AdmldapInfo info) > { > >- char certdbPrefix[256], keydbPrefix[256]; >- char secdbDir[PATH_MAX]; >- char admconfDir[PATH_MAX]; >+ char *custom_file_copy = NULL; > PRUint32 flags = 0; > char *db_name; > >- getPrefix(certdbFile, "-cert", certdbPrefix, 256); >- getPrefix(keydbFile, "-key", keydbPrefix, 256); >- >- if(('\0' == certdbPrefix) || ('\0' == keydbPrefix)) return -1; >- >- PR_snprintf(secdbDir, sizeof(secdbDir), "%s%calias", >- getenv("NETSITE_ROOT"), FILE_PATHSEP); >- PR_snprintf(admconfDir, sizeof(admconfDir), "%s%cadmin-serv%cconfig", >- getenv("NETSITE_ROOT"), FILE_PATHSEP,FILE_PATHSEP); >- > /* PKSC11 module must be configured before NSS is initialized */ > db_name = PL_strdup("internal (software) "); > if (!db_name) { > return -1; > } > > PK11_ConfigurePKCS11(NULL,NULL,NULL,db_name,NULL, NULL,NULL,NULL, > /*minPwdLen=*/8, /*pwdRequired=*/1); > > /* init NSS */ >- if (NSS_Initialize(secdbDir, certdbPrefix, keydbPrefix, "secmod.db", flags)) { >+ if (NSS_Initialize(securitydir, NULL, NULL, "secmod.db", flags)) { > return -1; > } > >+ /* custom file should contain a line like this: >+ pinFile:/path/to/pinfile >+ The pin file should contain the pin for the token >+ We just use adm.conf as the custom file. >+ */ >+ custom_file_copy = admldapGetConfigFileName(info); >+ PR_snprintf(custom_file, sizeof(custom_file), custom_file_copy); >+ PL_strfree(custom_file_copy); > /* set password function */ >- PR_snprintf(custom_file, sizeof(custom_file), "%s%ccustom.conf", >- admconfDir, FILE_PATHSEP); > PK11_SetPasswordFunc(getPassword_cb); > > /* enable all default ciphers */ >- if (SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_FALSE) >- || SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE)) { >+ if (SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_FALSE)) { > return -1; > } > > /* set export policy */ > if(SSLPLCY_Install() != PR_SUCCESS) { > return -1; > } > > return 0; > } > > > PR_IMPLEMENT(int) >-ADMSSL_InitSimple2(char* serverRoot) >+ADMSSL_InitSimple(char* configdir, char *securitydir) > { > AdmldapInfo admLdapInfo=NULL; >- char configDir[256]; > int error; > >- PR_snprintf(configDir, sizeof(configDir), "%s%cadmin-serv%cconfig", >- serverRoot, FILE_PATHSEP, FILE_PATHSEP); >- admLdapInfo = admldapBuildInfo(configDir, &error); >+ admLdapInfo = admldapBuildInfo(configdir, &error); > if (!admLdapInfo) return -1; > >- if (!admldapGetSecurity(admLdapInfo)) return 0; >+ if (admldapGetSecurity(admLdapInfo)) { >+ error = ADMSSL_Init(admLdapInfo, securitydir); >+ } else { >+ error = 0; >+ } > >- error = ADMSSL_Init(admLdapInfo, configDir); > destroyAdmldap(admLdapInfo); > return error; > } > >-PR_IMPLEMENT(int) >-ADMSSL_InitSimple() >-{ >- char *serverRoot = getenv("NETSITE_ROOT"); >- >- return ADMSSL_InitSimple2(serverRoot); >-} >- >- > /* set minimum SSL stuff for LDAP/SSL to work */ > PR_IMPLEMENT(int) >-ADMSSL_Init(AdmldapInfo info, char *admroot) >+ADMSSL_Init(AdmldapInfo info, char *securitydir) > { >- char *certdbFile, *keydbFile; > int secure; > char *dirURL, *bindDN, *bindPwd, *dirInfoRef; > int errCode; >+ int needfree = 0; > > secure = admldapGetSecurity(info); > > if (!secure) { > admldapGetLocalUserDirectory(info, > &dirURL, > &bindDN, > &bindPwd, > &dirInfoRef, > &errCode); > if (errCode || !dirURL) return 0; > if (!strstr(dirURL, "ldaps://")) > return 0; > } > >- certdbFile = admldapGetCertDBFile(info); >- keydbFile = admldapGetKeyDBFile(info); >+ if (!securitydir) { >+ securitydir = admldapGetSecurityDir(info); >+ needfree = 1; >+ } >+ >+ if((!securitydir)) return -1; > >- if((!certdbFile) || (!keydbFile) || (!admroot)) return -1; >+ errCode = initNSS(securitydir, info); > >- errCode = initNSS(certdbFile, keydbFile); >- PR_Free(certdbFile); >- PR_Free(keydbFile); >+ if (needfree) { >+ PL_strfree(securitydir); >+ } > > return errCode; > } > > void servssl_error(char *fmt, ...) > { > va_list args; > char errstr[ADMSSL_BUF_LEN]; >@@ -428,254 +393,27 @@ > /* There is no more export builds */ > s = NSS_SetDomesticPolicy(); > return (s==SECSuccess)?PR_SUCCESS:PR_FAILURE; > } > > > #endif /* NET_SSL */ > >- >-/* >- * In HCL 1.5 final this is called by each socket created. >- * Pass the socket in. - adam >- */ >-PR_IMPLEMENT(void) >-servssl_init(PsetHndl pset, PRFileDesc *fd, char *admroot) >-{ >- SECKEYPrivateKey *key = NULL; >- CERTCertificate *cert = NULL; >- int rv; >- >- int errorCode; >- AttrNameList family_list; >- >- char *keyfn = NULL; >- char *certfn = NULL; >- char *val = NULL; >- char *val2 = NULL; >- int stimeout; >- long ssl3timeout; >-#define CIPHER_STRLEN 1024 >- char cipher_string[CIPHER_STRLEN]; >- int cipher_len = CIPHER_STRLEN; >- >- if (!pset) { >- servssl_error("Security Initialization: Failed to retrieve SSL cipher family information\n"); >- return; >- } >- >- /* Get general pset information */ >- >- keyfn = psetGetAttrSingleValue(pset, >- "configuration.encryption.nsKeyfile", >- &errorCode); >- >- certfn = psetGetAttrSingleValue(pset, >- "configuration.encryption.nsCertfile", >- &errorCode); >- >- val = psetGetAttrSingleValue(pset, >- "configuration.encryption.nsSslSessionTimeout", >- &errorCode); >- >- val2 = psetGetAttrSingleValue(pset, >- "configuration.encryption.nsSsl3SessionTimeout", >- &errorCode); >- >- if((!keyfn) || (!certfn) || (!val) || (!val2)) { >- servssl_error("Security Initialization: Failed to retrieve SSL cipher family information (error code = %d)\n", errorCode); >- return; >- } >- >- stimeout = atoi(val); >- ssl3timeout = atol(val2); >- >- /* Initialize the cert data base */ >- if (initNSS(certfn, keyfn)) { >- servssl_error("Security Initialization: Failed to initialize NSS\n"); >- return; >- } >- >- /* Set SSL cipher preferences */ >- cipher_string[0] = '\0'; >- val = NULL; >- val = psetGetAttrSingleValue(pset, >- "configuration.encryption.nsSsl2Ciphers", >- &errorCode); >- if(val && strcmp(val, "blank")) { >- PL_strncat(cipher_string, val, cipher_len); >- cipher_len -= PL_strlen(val); >- } >- >- val = NULL; >- val = psetGetAttrSingleValue(pset, >- "configuration.encryption.nsSsl3Ciphers", >- &errorCode); >- if(val && strcmp(val, "blank")) { >- if(cipher_string[0] != '\0') { >- PL_strncat(cipher_string, ",", cipher_len); >- cipher_len -= 1; >- } >- PL_strncat(cipher_string, val, cipher_len); >- cipher_len -= PL_strlen(val); >- } >- >- if(!strcmp(cipher_string, "")) >- _conf_setciphers(NULL); >- else { >- if(_conf_setciphers(cipher_string)) >- servssl_warn("Security Initialization Warning: Failed to set SSL cipher preference information!"); >- } >- >- >- /* >- * Now, get the complete list of cipher families. Each family >- * has a token name and personality name which we'll use to find >- * appropriate keys and certs, and call SSL_ConfigSecureServer >- * with. >- */ >- >- if((family_list = psetGetChildren(pset, "configuration.Encryption", &errorCode))) { >- char **family; >- char cert_name[ADMSSL_BUF_LEN]; >- char family_attribute[ADMSSL_BUF_LEN]; >- char *token; >- char *personality; >- PK11SlotInfo *current_slot; >- >- for (family = family_list; *family; family++) { >- >- token = NULL; >- personality = NULL; >- val = NULL; >- >- PR_snprintf(family_attribute, sizeof(family_attribute), >- "%s.nsSslActivation", *family); >- val = psetGetAttrSingleValue(pset, >- family_attribute, >- &errorCode); >- >- if((!val) || (!strcmp(val, "off"))) >- /* this family was turned off, goto next */ >- continue; >- >- PR_snprintf(family_attribute, sizeof(family_attribute), >- "%s.nsSslToken", *family); >- token = psetGetAttrSingleValue(pset, >- family_attribute, >- &errorCode); >- PR_snprintf(family_attribute, sizeof(family_attribute), >- "%s.nsSslPersonalityssl", *family); >- personality = psetGetAttrSingleValue(pset, >- family_attribute, >- &errorCode); >- >- if((token) && (personality)) { >- if(strstr(token, "internal")) { >- PL_strncpyz(cert_name, personality, sizeof(cert_name)); >- current_slot = PK11_GetInternalKeySlot(); >- } >- else { >- /* external PKCS #11 token - attach token name */ >- PR_snprintf(cert_name, sizeof(cert_name), "%s:%s", >- token, personality); >- current_slot = PK11_FindSlotByName(token); >- } >- } >- else { >- servssl_error("Security Initialization: Failed to get cipher family information"); >- } >- >- /* Step Three.6 - If in FIPS mode, authenticate to the token before doing anything else */ >- if(PK11_IsFIPS()) { >- PK11_Authenticate(current_slot, PR_FALSE, NULL); >- } >- >- PK11_SetSlotPWValues(current_slot, 0, 0); >- >- /* Step Four -- Locate the server certificate */ >- cert = PK11_FindCertFromNickname(cert_name, NULL); >- >- if (cert == NULL) { >- servssl_error("Security Initialization: Can't find certificate (%s)", personality); >- } >- >- /* Step Four.5 -- check that the cert is valid */ >- if(CERT_VerifyCertNow(/*certdb=*/NULL, cert, PR_FALSE, certUsageSSLServer, NULL) != SECSuccess) { >- servssl_warn("Security Initialization Warning: For certificate (%s) - %s", >- personality, SSL_Strerror(PR_GetError())); >- } >- >- /* Step Five -- Get the private key from cert */ >- key = PK11_FindKeyByAnyCert(cert, NULL); >- >- if (key == NULL) { >- servssl_error("Security Initialization: Unable to retrieve private key (%d)", PR_GetError()); >- } >- >- /* Step Six -- Configure Secure Server Mode */ >- if(fd) { >- if(PK11_FortezzaHasKEA(cert) == PR_TRUE) >- rv = SSL_ConfigSecureServer(fd, cert, key, kt_fortezza); >- else >- rv = SSL_ConfigSecureServer(fd, cert, key, kt_rsa); >- } >- if (rv) { >- servssl_error("Security Initialization: Server key/certificate is bad (%d)", >- PR_GetError()); >- } >- } >- } >- >- /* Step Seven -- Configure Server Session ID Cache */ >- val = (char *)PR_Malloc(L_tmpnam * sizeof(char)); >-#ifdef XP_WIN32 >- if(GetTempPath(L_tmpnam, val) == 0) >- servssl_error("Security Initialization: Config of server nonce cache failed, " >- "cannot find a valid temporary directory! (%d)", GetLastError()); >- rv = SSL_ConfigServerSessionIDCache(0, stimeout, ssl3timeout, val); >-#else >- rv = SSL_ConfigServerSessionIDCache(0, stimeout, ssl3timeout, dirname(tmpnam(val))); >-#endif >- PR_Free(val); >- if (rv) { >- if (PR_GetError() == ENOSPC) { >- servssl_error("Security Initialization: Config of server nonce cache failed, " >- "out of disk space! Make more room in /tmp " >- "and try again."); >- } >- else { >- servssl_error("Security Initialization: Config of server nonce cache failed (%d)", >- PR_GetError()); >- } >- } >- >- /* Question- Any house cleaning here???? key, keydb, cert and certdb */ >-} >- >- > /* > * Modify "security" in adm.conf and DS > */ > void set_security(PsetHndl pset, >- char *sroot, >- char *security, >- char *cert_file, >- char *key_file) >-{ >- FILE *f; >- int i, modified_security=0, modified_cert=0, modified_key=0; >- static char filename[BIG_LINE]; >- static char inbuf[BIG_LINE]; >- static char buf[BIG_LINE]; >- int linecnt=0; >- char *col; >- char *lines[50]; >+ char *securitydir, /* where security files can be found */ >+ char *configdir, /* where config files can be found */ >+ char *security /* security on/off */ >+) >+{ > int rv; >+ AdmldapInfo admInfo = NULL; > > /* set security attribute in DS */ > if((pset) && (security) && (*security != '\0')) { > if(psetCheckAttribute(pset, SECURITY_ATTR) == PSET_OP_FAIL) { > /* create entry */ > rv = psetAddSingleValueAttribute(pset, SECURITY_ATTR, security); > if(rv != PSET_OP_OK) > servssl_error("PSET attribute creation failed!"); >@@ -683,106 +421,31 @@ > else { > /* modify entry */ > rv = psetSetSingleValueAttr(pset, SECURITY_ATTR, security); > if(rv != PSET_OP_OK) > servssl_error("PSET attribute modification failed!"); > } > } > >- /* add/edit security field in adm.conf */ >- for(i=0; i<50; i++) >- lines[i] = NULL; >- >- PR_snprintf(filename, sizeof(filename), >- "%s/admin-serv/config/adm.conf", sroot); >- >- f = fopen(filename, "r"); >- if (f==NULL) { >- fclose(f); >+ /* add/edit security fields in adm.conf */ >+ rv = 0; >+ admInfo = admldapBuildInfoOnly(configdir, &rv); >+ if (!admInfo || rv) { > servssl_error("Can not open adm.conf for reading"); > } >- >- while(fgets(inbuf, sizeof(inbuf), f) != NULL) { >- if ((strstr(inbuf,"security:") == inbuf) && >- (security && *security != '\0')) { >- /* Line starts with "security" */ >- col = strrchr(inbuf,':'); >- if (col == NULL) { >- servssl_error("Bad format for adminurl in adm.conf"); >- } >- *col=0; >- PR_snprintf(buf, sizeof(buf), "%s: %s\n", inbuf, security); >- lines[linecnt++] = PL_strdup(buf); >- modified_security=1; >- } >- else if ((strstr(inbuf,"certDBFile:") == inbuf) && >- (cert_file && *cert_file != '\0')) { >- /* Line starts with "certDBFile" */ >- col = strchr(inbuf,':'); >- if (col == NULL) { >- servssl_error("Bad format for adminurl in adm.conf"); >- } >- *col=0; >- PR_snprintf(buf, sizeof(buf), "%s: %s%c%s\n", >- inbuf, sroot, FILE_PATHSEP, cert_file); >- lines[linecnt++] = PL_strdup(buf); >- modified_cert=1; >- } >- else if ((strstr(inbuf,"keyDBFile:") == inbuf) && >- (key_file && *key_file != '\0')) { >- /* Line starts with "keyDBFile" */ >- col = strchr(inbuf,':'); >- if (col == NULL) { >- servssl_error("Bad format for adminurl in adm.conf"); >- } >- *col=0; >- PR_snprintf(buf, sizeof(buf), "%s: %s%c%s\n", >- inbuf, sroot, FILE_PATHSEP, key_file); >- lines[linecnt++] = PL_strdup(buf); >- modified_key=1; >- } >- else { >- lines[linecnt++] = PL_strdup(inbuf); >- } >- } >- fclose(f); >- >- if ((!modified_security) && >- (security && *security != '\0')) { >- /* security not found - put it in */ >- PR_snprintf(buf, sizeof(buf), "security: %s\n", security); >- lines[linecnt++] = PL_strdup(buf); >- } >- if ((!modified_cert) && >- (cert_file && *cert_file != '\0')) { >- /* certDBFile not found - put it in */ >- PR_snprintf(buf, sizeof(buf), "certDBFile: %s%c%s\n", >- sroot, FILE_PATHSEP, cert_file); >- lines[linecnt++] = PL_strdup(buf); >- } >- if ((!modified_key) && >- (key_file && *key_file != '\0')) { >- /* keyDBFile not found - put it in */ >- PR_snprintf(buf, sizeof(buf), "keyDBFile: %s%c%s\n", >- sroot, FILE_PATHSEP, key_file); >- lines[linecnt++] = PL_strdup(buf); >+ >+ if (is_dir_ok(securitydir)) { >+ admldapSetSecurityDir(admInfo, securitydir); > } >- >- f = fopen(filename, "w"); >- if (f==NULL) { >- fclose(f); >+ >+ if (admldapWriteInfoFile(admInfo)) { > servssl_error("Can not open adm.conf for writing"); > } >- >- for (i=0; i < linecnt; i++) { >- fprintf(f, "%s", lines[i]); >- } >- >- fclose(f); >+ destroyAdmldap(admInfo); > } > > > /* NT SSL STUFF HERE -------------------------------------------------------*/ > > #ifdef XP_WIN32 > static char password[512]; > static char pinprompt[512]; >@@ -915,22 +578,21 @@ > > SECStatus MyAuthCertificateHook(void *arg, PRFileDesc *fd, PRBool checksig, PRBool isserver) > { > return SECSuccess; > } > > > PR_IMPLEMENT(PRFileDesc*) >-SSLSocket_init(PRFileDesc *req_socket) >+SSLSocket_init(PRFileDesc *req_socket, const char *configdir, const char *securitydir) > { > PRFileDesc *ssl_socket = NULL; >- char *serverRoot = getenv("NETSITE_ROOT"); > >- if (ADMSSL_InitSimple() != 0) { >+ if (ADMSSL_InitSimple((char *)configdir, (char *)securitydir) != 0) { > PR_Close(ssl_socket); > return NULL; > } > > if (SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_FALSE)) { > return NULL; > } > >Index: adminutil/lib/libadmsslutil/certmgt.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/certmgt.c,v >retrieving revision 1.1.1.1 >diff -u -8 -r1.1.1.1 certmgt.c >--- adminutil/lib/libadmsslutil/certmgt.c 20 Jul 2005 22:51:33 -0000 1.1.1.1 >+++ adminutil/lib/libadmsslutil/certmgt.c 29 Mar 2007 02:53:13 -0000 >@@ -32,36 +32,16 @@ > #include "certdb.h" > #include "secder.h" > #include "pk11func.h" > > #include <stdio.h> > #include <stdlib.h> > #include <string.h> > >-/* >- * This function should not be used as of NSS 3.2. Open of CERTDB is >- * done with NSS initialize functions. >- */ >-PR_IMPLEMENT(int) >-cmgOpenCertDB(char * alias, CERTCertDBHandle **dbhandle) >-{ >- servssl_error("cmgOpenCertDB should not be used as of NSS 3.2\n"); >- return -1; >-} >- >-/* >- * This function should not be used as of NSS 3.2. Close of CERTDB is >- * done with NSS_Shutdown() call. >- */ >-PR_IMPLEMENT(void) >-cmgCloseCertDB(CERTCertDBHandle * handle) >-{ >- servssl_error("cmgCloseCertDB should not be used as of NSS 3.2\n"); >-} > > /* Get a representative string for a given SECName */ > PR_IMPLEMENT(char *) > cmgGetNameDesc(CERTName * name) > { > char * s; > > s = CERT_GetCommonName(name); >@@ -77,50 +57,16 @@ > } > } > } > } > > return PORT_Strdup(s); > } > >-PR_IMPLEMENT(int) >-cmgShowCerts(CERTCertDBHandle * handle, char * caption) >-{ >- servssl_error("cmgShowCerts() is not ported to NSS 3.2 as not used (HTML)\n"); >- return -1; >-} >- >- >-/* >- * cmgShowCertsBySlot >- * Output a list of server certificates belonging to an external slot. >- * (no HTML output) >- */ >- >-PR_IMPLEMENT(int) >-cmgShowCertsBySlot(PK11SlotInfo *slot) >-{ >- servssl_error("cmgShowCertsBySlot is not ported to NSS 3.2 as not used\n"); >- return -1; >-} >- >- >-/* >- * cmgShowInternalCerts >- * Output a list of server certificates belonging to an internal slot. >- * (Unlike cmgShowCerts, this has no HTML output) >- */ >- >-PR_IMPLEMENT(int) >-cmgShowInternalCerts(CERTCertDBHandle *handle) >-{ >- servssl_error("cmgShowInternalCerts is not ported to NSS 3.2 as not used\n"); >- return -1; >-} > > static SECStatus cmgShowCrlRow(CERTSignedCrl *crl) > { > char * datestr; > char * nn; > /* SECCertTimeValidity validity; */ > > nn = cmgGetNameDesc(&crl->crl.name); >@@ -151,175 +97,24 @@ > for(node = CrlListHead->first; node != NULL; node = node->next) { > cmgShowCrlRow(node->crl); > } > > return SECSuccess; > } > > >-#define BREAK "<br>" >-#define BREAKLEN 4 >-#define COMMA ", " >-#define COMMALEN 2 >- >-/******** >- XXX Out of date, use at your own risk! >- We now use CERT_FormatName instead. -Adam >-*********/ >- >-PR_IMPLEMENT(char *) >-cmgFormatName(CERTName *name) >-{ >- CERTRDN** rdns; >- CERTRDN *rdn; >- CERTAVA** avas; >- CERTAVA* ava; >- char *buf = 0; >- char *tmpbuf = 0; >- unsigned len = 0; >- int tag; >- SECItem *cn, *email, *org, *orgunit, *loc, *state, *country; >- PRBool first; >- >- cn = 0; >- email = 0; >- org = 0; >- orgunit = 0; >- loc = 0; >- state = 0; >- country = 0; >- >- /* Loop over name components and gather the interesting ones */ >- rdns = name->rdns; >- while ((rdn = *rdns++) != 0) { >- avas = rdn->avas; >- while ((ava = *avas++) != 0) { >- tag = CERT_GetAVATag(ava); >- switch(tag) { >- case SEC_OID_AVA_COMMON_NAME: >- cn = &ava->value; >- len += cn->len; >- break; >- case SEC_OID_AVA_COUNTRY_NAME: >- country = &ava->value; >- len += country->len; >- break; >- case SEC_OID_AVA_LOCALITY: >- loc = &ava->value; >- len += loc->len; >- break; >- case SEC_OID_AVA_STATE_OR_PROVINCE: >- state = &ava->value; >- len += state->len; >- break; >- case SEC_OID_AVA_ORGANIZATION_NAME: >- org = &ava->value; >- len += org->len; >- break; >- case SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME: >- orgunit = &ava->value; >- len += orgunit->len; >- break; >- case SEC_OID_PKCS9_EMAIL_ADDRESS: >- email = &ava->value; >- len += email->len; >- break; >- default: >- break; >- } >- } >- } >- >- /* XXX - add some for formatting */ >- len += 128; >- >- /* allocate buffer */ >- buf = (char *)PORT_Alloc(len); >- if ( !buf ) { >- return(0); >- } >- >- tmpbuf = buf; >- >- if ( cn ) { >- PORT_Memcpy(tmpbuf, cn->data + 2, cn->len - 2); >- tmpbuf += ( cn->len - 2 ); >- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN); >- tmpbuf += BREAKLEN; >- } >- if ( email ) { >- PORT_Memcpy(tmpbuf, email->data + 2, email->len - 2); >- tmpbuf += ( email->len - 2 ); >- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN); >- tmpbuf += BREAKLEN; >- } >- if ( orgunit ) { >- PORT_Memcpy(tmpbuf, orgunit->data + 2, orgunit->len - 2); >- tmpbuf += ( orgunit->len - 2 ); >- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN); >- tmpbuf += BREAKLEN; >- } >- if ( org ) { >- PORT_Memcpy(tmpbuf, org->data + 2, org->len - 2); >- tmpbuf += ( org->len - 2 ); >- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN); >- tmpbuf += BREAKLEN; >- } >- first = PR_TRUE; >- if ( loc ) { >- PORT_Memcpy(tmpbuf, loc->data + 2, loc->len - 2); >- tmpbuf += ( loc->len - 2 ); >- first = PR_FALSE; >- } >- if ( state ) { >- if ( !first ) { >- PORT_Memcpy(tmpbuf, COMMA, COMMALEN); >- tmpbuf += COMMALEN; >- } >- PORT_Memcpy(tmpbuf, state->data + 2, state->len - 2); >- tmpbuf += ( state->len - 2 ); >- first = PR_FALSE; >- } >- if ( country ) { >- if ( !first ) { >- PORT_Memcpy(tmpbuf, COMMA, COMMALEN); >- tmpbuf += COMMALEN; >- } >- PORT_Memcpy(tmpbuf, country->data + 2, country->len - 2); >- tmpbuf += ( country->len - 2 ); >- first = PR_FALSE; >- } >- if ( !first ) { >- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN); >- tmpbuf += BREAKLEN; >- } >- >- *tmpbuf = 0; >- >- return(buf); >-} >- >-PR_IMPLEMENT(char *) >-cmgHTMLCertInfo(CERTCertificate *cert) >-{ >- servssl_error("cmgHTMLCertInfo() is not ported to NSS 3.2 as not used (HTML)\n"); >- return NULL; >-} >- >- > PR_IMPLEMENT(char *) > cmgHTMLCrlInfo(CERTSignedCrl *crl) > { > char *issuer; > char *notBefore, *notAfter; > > #define NCHARPERLINE 50 > #define NLINES 20 >- const int output_buflen = NCHARPERLINE * NLINES; > char * outputBuffer; > > if (!crl) { > return(0); > } > > issuer = CERT_FormatName(&crl->crl.name); > notBefore = (char *)DER_UTCTimeToAscii(&crl->crl.lastUpdate); >@@ -397,26 +192,8 @@ > } > > if(node) > /* OK, node contains the "dummy" crl - get the real one now */ > return(SEC_FindCrlByName(handle, &node->crl->crl.derName, list_type)); > else > return NULL; > } >- >- >-void >-ByteRev(unsigned char *cpLENumber, int iSize) >-{ >- int iCursor = 0, iLimit; >- unsigned char cTemp; >- >- iLimit = iSize/2; /* Last byte to exchange */ >- for (; iCursor<iLimit; iCursor++) >- { >- cTemp = *(cpLENumber+iCursor); >- *(cpLENumber+iCursor) = *(cpLENumber+iSize-iCursor-1); >- *(cpLENumber+iSize-iCursor-1) = cTemp; >- } >- >- return; >-} >Index: adminutil/lib/libadmsslutil/psetcssl.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/psetcssl.c,v >retrieving revision 1.2 >diff -u -8 -r1.2 psetcssl.c >--- adminutil/lib/libadmsslutil/psetcssl.c 11 May 2006 23:30:32 -0000 1.2 >+++ adminutil/lib/libadmsslutil/psetcssl.c 29 Mar 2007 02:53:13 -0000 >@@ -20,34 +20,75 @@ > #include "libadminutil/admutil.h" > #include <stdio.h> > #include <time.h> > #include <string.h> > #include <stdlib.h> > #include <ctype.h> > #include "ldap.h" > #include "ldap_ssl.h" >+#include "libadminutil/distadm.h" > #include "libadmsslutil/psetcssl.h" > > #ifdef XP_WIN32 > #define strcasecmp stricmp > #define strncasecmp _strnicmp > #endif > > #ifndef PATH_MAX > #define PATH_MAX 256 > #endif > >+/* returns true if the given path is a valid directory, false otherwise */ >+static int >+is_dir_ok(const char *path) >+{ >+ PRFileInfo prinfo; >+ int ret = 0; >+ >+ if (path && *path && >+ (PR_SUCCESS == PR_GetFileInfo(path, &prinfo)) && >+ prinfo.type == PR_FILE_DIRECTORY) { >+ ret = 1; >+ } >+ >+ return ret; >+} >+ >+/* returns full path and file name if the file was found somewhere, false otherwise >+ file may not yet exist, but we will create it if the dir exists */ >+static char * >+find_file_in_paths( >+ const char *filename, /* the base filename to look for */ >+ const char *path /* path given by caller */ >+) >+{ >+ char *retval = NULL; >+ char *adminutilConfDir = getenv(ADMINUTIL_CONFDIR_ENV_VAR); >+ >+ /* try given path */ >+ if (!is_dir_ok(path)) { >+ if (is_dir_ok(adminutilConfDir)) { >+ path = adminutilConfDir; >+ } else { >+ return retval; >+ } >+ } >+ retval = PR_smprintf("%s/%s", path, filename); >+ >+ return retval; >+} >+ > PR_IMPLEMENT(PsetHndl) > psetRealLDAPImportSSL(PsetHndl pseth, char* ldapHost, int ldapPort, > int secure, char* sieDN, char* userDN, char* passwd, > char* configFile, char* filter, int* errorcode) > { > LDAP *ld = NULL; >- PsetHndl psethndl; >+ PsetHndl psethndl = NULL; > int ldapError, unbindF = 0; > > if ((!ldapHost) || (ldapPort < 1) || (!sieDN)) { > /* set error code to SIEDN not available */ > *errorcode = PSET_ARGS_ERROR; > return NULL; > } > >@@ -63,22 +104,24 @@ > if ((ldapError = ldap_simple_bind_s(ld, userDN, passwd)) > != LDAP_SUCCESS ) { > switch (ldapError) { > case LDAP_INAPPROPRIATE_AUTH: > case LDAP_INVALID_CREDENTIALS: > case LDAP_INSUFFICIENT_ACCESS: > /* authenticate failed: Should not continue */ > /* ldap_perror( pset->ld, "ldap_simple_bind_s" ); */ >+ ldap_unbind(ld); > *errorcode = PSET_AUTH_FAIL; > return NULL; > case LDAP_NO_SUCH_OBJECT: > case LDAP_ALIAS_PROBLEM: > case LDAP_INVALID_DN_SYNTAX: > /* Not a good DN */ >+ ldap_unbind(ld); > *errorcode = PSET_ENTRY_NOT_EXIST; > return NULL; > default: > ldap_unbind(ld); > unbindF = 0; > ld = NULL; > } > } >@@ -106,79 +149,70 @@ > } > > > PR_IMPLEMENT(PsetHndl) > psetCreateSSL(char* serverID, char* configRoot, char* user, char* passwd, > int* errorcode) > { > PsetHndl pset; >- AdmldapInfo ldapInfo= NULL, admLdapInfo=NULL; >- char *serverRoot = getenv("NETSITE_ROOT"); >- char path[PATH_MAX], *ldapHost=NULL, *sieDN, *bindPasswd = NULL; >- char *secureStr = NULL; >+ AdmldapInfo ldapInfo= NULL; >+ char *path = NULL, *ldapHost=NULL, *sieDN, *bindPasswd = NULL; > char *userDN = NULL; >- int ldapPort = 389, dummy, secure = 0; >+ int ldapPort = -1, secure = 0; > > ldapInfo = admldapBuildInfo(configRoot, errorcode); > > if (!ldapInfo) return NULL; > > /* get LDAP info, default is localhost:389 */ > ldapHost = admldapGetHost(ldapInfo); > ldapPort = admldapGetPort(ldapInfo); > >- /* For non-admin server, if no ldap information, get ldap host and port >- from admin server */ >- if (strcasecmp(serverID, "admin-serv")) { >- if (!ldapHost && serverRoot) { >- PR_snprintf(path, sizeof(path), "%s%cadmin-serv%cconfig", >- serverRoot, FILE_PATHSEP, FILE_PATHSEP); >- admLdapInfo = admldapBuildInfo(configRoot, &dummy); >- ldapHost = admldapGetHost(admLdapInfo); >- ldapPort = admldapGetPort(admLdapInfo); >- } >- } >- > *errorcode = PSET_OP_OK; > > if (!ldapHost) ldapHost = PL_strdup("localhost"); > secure = admldapGetSecurity(ldapInfo); > if (secure) { > if (ldapPort < 0) ldapPort = 636; > } > else { > if (ldapPort < 0) ldapPort = 389; > } > > /* Get SIE and password */ > sieDN = admldapGetSIEDN(ldapInfo); > if (!user) { >+ ADM_GetUserDNString(errorcode, &user); >+ } >+ if (!user) { > ADM_GetCurrentUsername(errorcode, &user); > } > /* if user is just attr val, get dn */ > userDN = admldapGetUserDN(ldapInfo, user); > if (passwd) { > bindPasswd = passwd; > } else { > bindPasswd = admldapGetSIEPWD(ldapInfo); > if (!bindPasswd) { > passwd = bindPasswd; /* not to free bindPasswd */ > ADM_GetCurrentPassword(errorcode, &bindPasswd); > } > } > >- if (configRoot) >- PR_snprintf(path, sizeof(path), "%s%clocal.conf", configRoot, FILE_PATHSEP); >- else >- PR_snprintf(path, sizeof(path), "%s%c%s%cconfig%clocal.conf", >- serverRoot, FILE_PATHSEP, serverID, FILE_PATHSEP, FILE_PATHSEP); >+ /* find local.conf file */ >+ if (!(path = find_file_in_paths("local.conf", configRoot))) { >+ /* error - no valid file or dir could be found */ >+ *errorcode = PSET_ENV_ERR; >+ } > > pset = psetRealCreateSSL(ldapHost, ldapPort, secure, sieDN, userDN, > bindPasswd, path, errorcode); > destroyAdmldap(ldapInfo); >+ PR_Free(userDN); > PR_Free(ldapHost); > PR_Free(sieDN); >+ PR_smprintf_free(path); > if (!passwd) { if (bindPasswd) PR_Free(bindPasswd); } > return pset; > } > > >Index: adminutil/lib/libadmsslutil/secpwd.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/secpwd.c,v >retrieving revision 1.1.1.1 >diff -u -8 -r1.1.1.1 secpwd.c >--- adminutil/lib/libadmsslutil/secpwd.c 20 Jul 2005 22:51:33 -0000 1.1.1.1 >+++ adminutil/lib/libadmsslutil/secpwd.c 29 Mar 2007 02:53:14 -0000 >@@ -34,16 +34,20 @@ > extern char custom_file[BIG_LINE]; > extern char retried_token[BIG_LINE]; > > #ifdef XP_UNIX > > #include <termios.h> > #include <stdio.h> > >+#if HAVE_UNISTD_H == 1 >+#include <unistd.h> >+#endif >+ > static void echoOff(int fd) > { > if (isatty(fd)) { > struct termios tio; > tcgetattr(fd, &tio); > tio.c_lflag &= ~ECHO; > tio.c_cc[VKILL] = '\0'; > tcsetattr(fd, TCSAFLUSH, &tio); >Index: adminutil/lib/libadmsslutil/srvutilssl.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/srvutilssl.c,v >retrieving revision 1.3 >diff -u -8 -r1.3 srvutilssl.c >--- adminutil/lib/libadmsslutil/srvutilssl.c 3 Nov 2006 21:26:35 -0000 1.3 >+++ adminutil/lib/libadmsslutil/srvutilssl.c 29 Mar 2007 02:53:14 -0000 >@@ -75,17 +75,18 @@ > PR_Free(host); > host = NULL; > PR_Free(siepwd); > siepwd = NULL; > if (!domainPset) goto err; > > nl = retrieveSIEs(domainPset, domainDN, adminName); > >- psetDelete(domainPset); /* free sie, domainDN, internally */ >+ psetDelete(domainPset); >+ if (domainDN) PR_Free(domainDN); > if (sie) PR_Free(sie); > if (isie) PR_Free(isie); > return nl; > > err: > if (isie) PR_Free(isie); > if (sie) PR_Free(sie); > if (domainDN) PR_Free(domainDN); >@@ -131,15 +132,16 @@ > PR_Free(siedn); > siedn = NULL; > PR_Free(siepwd); > siepwd = NULL; > if (!domainPset) goto err; > resultList = retrieveISIEs(domainPset, domainDN); > psetDelete(domainPset); > >+ PR_Free(isie); > return resultList; > err: > if (isie) PR_Free(isie); > return NULL; > > } > >Index: adminutil/lib/libadmsslutil/uginfossl.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/uginfossl.c,v >retrieving revision 1.2 >diff -u -8 -r1.2 uginfossl.c >--- adminutil/lib/libadmsslutil/uginfossl.c 3 Nov 2006 21:26:35 -0000 1.2 >+++ adminutil/lib/libadmsslutil/uginfossl.c 29 Mar 2007 02:53:14 -0000 >@@ -29,38 +29,31 @@ > > #ifdef XP_WIN32 > #define strcasecmp stricmp > #define strncasecmp _strnicmp > #endif > > > static AdmldapInfo >-admldapCGIbuild(int* error_code) >+admldapCGIbuild(AdmldapInfo ldapInfo, int* error_code) > { >- AdmldapInfo ldapInfo; > char *localAdmin = 0; > char *username = 0; > char *binddn = 0; > char *bindpw = 0; > char *host = 0; > LDAP *ld; > int rv, err; > int ldapError; >- char *admroot = getenv("ADMSERV_ROOT"); > >- /* Get UserDN and User Password */ >- if (admroot) { >- ldapInfo = admldapBuildInfo(admroot, &rv); >- } >- else { >+ if (!ldapInfo) { > *error_code = ADMUTIL_ENV_ERR; > return NULL; > } >- > > /* Get UserDN and User Password */ > rv = ADM_GetUserDNString(&err, &binddn); > if (rv < 0 || !binddn || !*binddn) { > rv = ADM_GetCurrentUsername(&err, &username); > if (rv < 0 || !username || !*username) { > *error_code = ADMUTIL_ENV_ERR; > destroyAdmldap(ldapInfo); >@@ -151,58 +144,56 @@ > } > } > > admldapSetLDAPHndl(ldapInfo, ld); > return ldapInfo; > } > > PR_IMPLEMENT(int) >-admldapSetAdmGrpUserDirectoryCGI(char* directoryURL, >+admldapSetAdmGrpUserDirectoryCGI(AdmldapInfo ldapInfo, >+ char* directoryURL, > char* bindDN, > char* bindPassword, > char* directoryInfoRef, > int* error_code) > { > int errorCode, status; >- AdmldapInfo ldapInfo; > >- if ((ldapInfo = admldapCGIbuild(&errorCode)) == NULL) { >+ if ((ldapInfo = admldapCGIbuild(ldapInfo, &errorCode)) == NULL) { > *error_code = UG_OP_FAIL; > return 0; > } > > status = admldapSetAdmGrpUserDirectory(ldapInfo, > directoryURL, > bindDN, > bindPassword, > directoryInfoRef, > error_code); > >- destroyAdmldap(ldapInfo); > return status; > } > > PR_IMPLEMENT(int) >-admldapSetDomainUserDirectoryCGI(char* directoryURL, >+admldapSetDomainUserDirectoryCGI(AdmldapInfo ldapInfo, >+ char* directoryURL, > char* bindDN, > char* bindPassword, > char* directoryInfoRef, > int* error_code) > { > int errorCode, status; >- AdmldapInfo ldapInfo; > >- if ((ldapInfo = admldapCGIbuild(&errorCode)) == NULL) { >+ if ((ldapInfo = admldapCGIbuild(ldapInfo, &errorCode)) == NULL) { > *error_code = UG_OP_FAIL; > return 0; > } > > status = admldapSetDomainUserDirectory(ldapInfo, > directoryURL, > bindDN, > bindPassword, > directoryInfoRef, > error_code); > >- destroyAdmldap(ldapInfo); > return status; > } >Index: adminutil/m4/icu.m4 >=================================================================== >RCS file: /cvs/dirsec/adminutil/m4/icu.m4,v >retrieving revision 1.1 >diff -u -8 -r1.1 icu.m4 >--- adminutil/m4/icu.m4 30 Oct 2006 19:25:23 -0000 1.1 >+++ adminutil/m4/icu.m4 29 Mar 2007 02:53:14 -0000 >@@ -87,16 +87,16 @@ > # if not found yet, try pkg-config > > # last resort > if test -z "$icu_lib"; then > AC_MSG_CHECKING(for icu with icu-config) > AC_PATH_PROG(ICU_CONFIG, icu-config) > if test -n "$ICU_CONFIG"; then > icu_lib=`$ICU_CONFIG --ldflags-searchpath` >- icu_libdir = `$ICU_CONFIG --libdir` >+ icu_libdir=`$ICU_CONFIG --libdir` > icu_inc=`$ICU_CONFIG --cppflags-searchpath` > icu_bin=`$ICU_CONFIG --bindir` > AC_MSG_RESULT([using system ICU]) > else > AC_MSG_ERROR([ICU not found, specify with --with-icu.]) > fi > fi >Index: adminutil/m4/mozldap.m4 >=================================================================== >RCS file: /cvs/dirsec/adminutil/m4/mozldap.m4,v >retrieving revision 1.1 >diff -u -8 -r1.1 mozldap.m4 >--- adminutil/m4/mozldap.m4 30 Oct 2006 19:25:23 -0000 1.1 >+++ adminutil/m4/mozldap.m4 29 Mar 2007 02:53:14 -0000 >@@ -71,31 +71,32 @@ > > # if LDAPSDK is not found yet, try pkg-config > > # last resort > if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib" -o -z "$ldapsdk_libdir"; then > AC_MSG_CHECKING(for mozldap with pkg-config) > AC_PATH_PROG(PKG_CONFIG, pkg-config) > if test -n "$PKG_CONFIG"; then >- if $PKG_CONFIG --exists mozldap6; then >- ldapsdk_inc=`$PKG_CONFIG --cflags-only-I mozldap6` >- ldapsdk_lib=`$PKG_CONFIG --libs-only-L mozldap6` >- ldapsdk_libdir=`$PKG_CONFIG --libs-only-L mozldap6 | sed -e s/-L// | sed -e s/\ *$//` >- AC_MSG_RESULT([using system mozldap6]) >+ if $PKG_CONFIG --exists mozldap; then >+ ldapsdk_name=mozldap >+ elif $PKG_CONFIG --exists mozldap6; then >+ ldapsdk_name=mozldap6 > else > AC_MSG_ERROR([LDAPSDK not found, specify with --with-ldapsdk[-inc|-lib].]) > fi >+ ldapsdk_inc=`$PKG_CONFIG --cflags-only-I $ldapsdk_name` >+ ldapsdk_lib=`$PKG_CONFIG --libs-only-L $ldapsdk_name` >+ ldapsdk_libdir=`$PKG_CONFIG --libs-only-L $ldapsdk_name | sed -e s/-L// | sed -e s/\ *$//` >+ AC_MSG_RESULT([using system $ldapsdk_name]) > fi > fi > if test -z "$ldapsdk_inc" -o -z "$ldapsdk_lib"; then > AC_MSG_ERROR([LDAPSDK not found, specify with --with-ldapsdk[-inc|-lib].]) > fi >-dnl default path for the ldap c sdk tools (see [210947] for more details) >-ldapsdk_bindir=/usr/lib/mozldap6 > > dnl make sure the ldap sdk version is 6 or greater - we do not support > dnl the old 5.x or prior versions - the ldap server code expects the new > dnl ber types and other code used with version 6 > save_cppflags="$CPPFLAGS" > CPPFLAGS="$ldapsdk_inc $nss_inc $nspr_inc" > AC_CHECK_HEADER([ldap.h], [isversion6=1], [isversion6=], > [#include <ldap-standard.h> >Index: adminutil/tests/readme.txt >=================================================================== >RCS file: /cvs/dirsec/adminutil/tests/readme.txt,v >retrieving revision 1.1 >diff -u -8 -r1.1 readme.txt >--- adminutil/tests/readme.txt 16 Nov 2005 18:50:21 -0000 1.1 >+++ adminutil/tests/readme.txt 29 Mar 2007 02:53:14 -0000 >@@ -14,21 +14,37 @@ > # Lesser General Public License for more details. > # > # You should have received a copy of the GNU Lesser General Public > # License along with this library; if not, write to the Free Software > # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA > # END COPYRIGHT BLOCK > # > >-Test Case 1: test an api retrieveSIEs >+In order to run the test cases, you must have a directory server installed. >+The test prefers Fedora DS 1.1 or later, but it could be made to use >+others with minor modifications. The test script will create an instance >+of the server to use for testing, and it will load the nsroot.ldif data >+set for use. > >-How to run: >-gmake [ INTERNAL_BUILD=1 ] run [ SERVER_ROOT=<your_directory_server_root> ] >-default SERVER_ROOT: /opt/redhat-ds >- >-Sample output: >-$ gmake run SERVER_ROOT=/export/servers/ds72 >-Server Root: /export/servers/ds72 >-cn=slapd-laputa, cn=Fedora Directory Server, cn=Server Group, cn=laputa.sfbay.redhat.com, ou=sfbay.redhat.com, o=NetscapeRoot >-SUCCESS: SIE is retrieved >+If you want to run the *ssl tests, you must have ssl enabled on the server. >+Edit the setup.sh script to uncomment usessl=1. You also have to edit >+secport to the correct port number. Finally, edit secdir to point to >+your key/cert database directory. One convenience would be for the test >+script to configure the server for ssl, or at least just allow you to pass >+in the CA cert used to issue the server cert, and just create the key/cert >+databases in the test directory. But for now, just point the secdir at >+the directory server key/cert db directory. > >+To run: >+First, make the tests. They do not get built by default. You can use make check-TESTS - this will build the tests and attempt to run them, which will fail because the setup.sh script must be used to run the tests. If you want to make the tests manually, do >+ make retrieveSIE retrieveSIEssl psetread psetreadssl psetwrite >+Next, setup expects to be able to run from the directory you built in, in order to use libtool to run the tests. >+Next, run setup like this: >+ /path/to/adminutil/tests/setup.sh /path/to/adminutil/tests >+You can also run the tests with gdb or valgrind by editing setup.sh > >+The tests (so far): >+retrieveSIE prints a list of the DNs of the server instances (slapd-localhost, slapd-localhost2, and admin server) >+retrieveSIEssl simulates the sync_task_sie_data() function in mod_admserv >+psetread uses the pset api to read an entry >+psetreadssl is the same as psetread but uses ssl >+psetwrite uses the pset api to modify an entry >Index: adminutil/tests/retrieveSIE.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/tests/retrieveSIE.c,v >retrieving revision 1.2 >diff -u -8 -r1.2 retrieveSIE.c >--- adminutil/tests/retrieveSIE.c 22 Mar 2006 23:47:25 -0000 1.2 >+++ adminutil/tests/retrieveSIE.c 29 Mar 2007 02:53:14 -0000 >@@ -15,85 +15,76 @@ > * > * You should have received a copy of the GNU Lesser General Public > * License along with this library; if not, write to the Free Software > * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA > * END COPYRIGHT BLOCK > */ > /* > * retireveSIE.c: test program to test an API getServerDNList >- * Usage: retireveSIE [ <server_root> ] >+ * Usage: retireveSIE configdir > */ > > #include <stdio.h> > #include <stdlib.h> > #include <string.h> > #include "libadminutil/admutil.h" > #include "libadminutil/srvutil.h" > > main(int ac, char **av) > { >+ int _ai=ADMUTIL_Init(); > AdmldapInfo ldapInfo = NULL; > AttrNameList nameList = NULL; >- char *svrroot = "/opt/redhat-ds"; >- char *admroot = NULL; >+ char *configdir = NULL; > int len = 0; > int rval = 0; > char **p; > int siecnt = 0; > > if (ac > 1) { >- svrroot = strdup(*(av+1)); >+ configdir = strdup(*(av+1)); > } > >- if (NULL == svrroot || 0 == strlen(svrroot)) { >- fprintf(stderr, "ERROR: server root was not specified.\n"); >+ if (NULL == configdir || 0 == strlen(configdir)) { >+ fprintf(stderr, "ERROR: config dir was not specified.\n"); > exit(1); > } else { >- fprintf(stdout, "%s: Server Root: %s\n", *av, svrroot); >+ fprintf(stdout, "%s: configdir: %s\n", *av, configdir); > } > >- len = strlen(svrroot) + 32; >- admroot = (char *)malloc(len); >- if (NULL == admroot) { >- fprintf(stderr, "ERROR: failed to allocate %d bytes\n", len); >- exit(1); >- } >- >- snprintf(admroot, len, "%s/admin-serv/config", svrroot); >- admroot[len] = '\0'; >- > /* > * get the LDAP information from admin server config info > */ >- ldapInfo = admldapBuildInfo(admroot, &rval); >+ ldapInfo = admldapBuildInfo(configdir, &rval); > if (NULL == ldapInfo) { > fprintf(stderr, "ERROR: empty ldapInfo\n"); > rval = 1; > goto done; > } > > /* > * get servers' DNs belonging to the Admin Server > */ > nameList = getServerDNList(ldapInfo); >+ destroyAdmldap(ldapInfo); > if (NULL == nameList) { > fprintf(stderr, "ERROR: empty nameList\n"); > rval = 1; > goto done; > } > > for (p = nameList; p && *p; p++) { > fprintf(stdout, "%s\n", *p); > if (0 == strncasecmp(*p, "cn=", 3)) { > siecnt++; > } > } >+ deleteAttrNameList(nameList); > if (siecnt > 0) { > fprintf(stdout, "SUCCESS: SIE%s retrieved\n", siecnt>1?"S are":" is"); > } else { > fprintf(stdout, "FAILURE: SIE is not retrieved\n"); > } > > done: >- free(admroot); > exit(rval); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=151177">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 234420
: 151177 |
151707