Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 154348 Details for
Bug 239475
adminutil: Several admin server related bugs
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
diffs
cvsdiffs (text/plain), 37.93 KB, created by
Rich Megginson
on 2007-05-08 17:53:38 UTC
(
hide
)
Description:
diffs
Filename:
MIME Type:
Creator:
Rich Megginson
Created:
2007-05-08 17:53:38 UTC
Size:
37.93 KB
patch
obsolete
>Index: adminutil/include/libadminutil/srvutil.h >=================================================================== >RCS file: /cvs/dirsec/adminutil/include/libadminutil/srvutil.h,v >retrieving revision 1.3 >diff -u -8 -r1.3 srvutil.h >--- adminutil/include/libadminutil/srvutil.h 6 Dec 2005 18:38:31 -0000 1.3 >+++ adminutil/include/libadminutil/srvutil.h 8 May 2007 17:27:19 -0000 >@@ -39,13 +39,17 @@ > getServerDNList(AdmldapInfo info); > > PR_IMPLEMENT(AttributeList) > retrieveISIEs(PsetHndl domainPset, char* domainDN); > > PR_IMPLEMENT(AttributeList) > getInstalledServerDNList(AdmldapInfo info); > >+/* return the SIE DN for the given server */ >+PR_IMPLEMENT(char *) >+findSIEDNByID(AdmldapInfo info, const char *serverID); >+ > #ifdef __cplusplus > } > #endif > > #endif /* __SRVUTIL_H__ */ >Index: adminutil/include/libadmsslutil/admsslutil.h >=================================================================== >RCS file: /cvs/dirsec/adminutil/include/libadmsslutil/admsslutil.h,v >retrieving revision 1.3 >diff -u -8 -r1.3 admsslutil.h >--- adminutil/include/libadmsslutil/admsslutil.h 4 Apr 2007 19:37:46 -0000 1.3 >+++ adminutil/include/libadmsslutil/admsslutil.h 8 May 2007 17:27:19 -0000 >@@ -50,32 +50,31 @@ > admldapSetDomainUserDirectoryCGI(AdmldapInfo info, > char* directoryURL, > char* bindDN, > char* bindPassword, > char* directoryInfoRef, > int* error_code); > > >-void MC_sslSecmodInit(char *path); >- >+/* force means init NSS even if SSL is not being used - for hashing, etc. */ > PR_IMPLEMENT(int) >-ADMSSL_Init(AdmldapInfo info, char *securitydir); >+ADMSSL_Init(AdmldapInfo info, char *securitydir, int force); > >+/* force means init NSS even if SSL is not being used - for hashing, etc. */ > PR_IMPLEMENT(int) >-ADMSSL_InitSimple(char *configdir, char *securitydir); >+ADMSSL_InitSimple(char *configdir, char *securitydir, int force); > > char *ADM_GetPassword(char *prompt); > > #ifdef XP_WIN32 > char *ADM_GetPassword_wHelp(char *prompt, const char *helpURL); > #endif > > void set_security(PsetHndl pset, >- char *securitydir, /* where security files (key/cert db) may be found */ > char *configdir, /* where config files may be found */ > char *security); /* on or off */ > > void _conf_setdefaults(void); > char *_conf_setciphers(char *ciphers); > > PRStatus SSLPLCY_Install(void); > >Index: adminutil/include/libadmsslutil/srvutilssl.h >=================================================================== >RCS file: /cvs/dirsec/adminutil/include/libadmsslutil/srvutilssl.h,v >retrieving revision 1.2 >diff -u -8 -r1.2 srvutilssl.h >--- adminutil/include/libadmsslutil/srvutilssl.h 6 Dec 2005 18:38:37 -0000 1.2 >+++ adminutil/include/libadmsslutil/srvutilssl.h 8 May 2007 17:27:19 -0000 >@@ -33,13 +33,17 @@ > #endif > > PR_IMPLEMENT(AttrNameList) > getServerDNListSSL(AdmldapInfo info); > > PR_IMPLEMENT(AttributeList) > getInstalledServerDNListSSL(AdmldapInfo info); > >+/* return the SIE DN for the given server */ >+PR_IMPLEMENT(char *) >+findSIEDNByIDSSL(AdmldapInfo info, const char *serverID); >+ > #ifdef __cplusplus > } > #endif > > #endif /* __SRVUTILSSL_H__ */ >Index: adminutil/lib/libadminutil/admutil.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadminutil/admutil.c,v >retrieving revision 1.7 >diff -u -8 -r1.7 admutil.c >--- adminutil/lib/libadminutil/admutil.c 4 Apr 2007 19:37:36 -0000 1.7 >+++ adminutil/lib/libadminutil/admutil.c 8 May 2007 17:27:19 -0000 >@@ -72,31 +72,33 @@ > > /* returns full path and file name if the file was found somewhere, false otherwise */ > static char * > find_file_in_paths( > const char *filename, /* the base filename to look for */ > const char *path /* path given by caller */ > ) > { >- char *retval = NULL; >+ char *retval = NULL; > char *adminutilConfDir = getenv(ADMINUTIL_CONFDIR_ENV_VAR); > >- /* try given path */ >- retval = PR_smprintf("%s/%s", path, filename); >+ /* try given path */ >+ if (path) { >+ retval = PR_smprintf("%s/%s", path, filename); >+ } > if (!is_file_ok(retval) && adminutilConfDir) { > PR_smprintf_free(retval); > retval = PR_smprintf("%s/%s", adminutilConfDir, filename); > if (!is_file_ok(retval)) { > PR_smprintf_free(retval); > retval = NULL; > } > } > >- return retval; >+ return retval; > } > > /* Copy from libadmin..... */ > static unsigned char uuset[] = { > 'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T', > 'U','V','W','X','Y','Z','a','b','c','d','e','f','g','h','i','j','k','l','m','n', > 'o','p','q','r','s','t','u','v','w','x','y','z','0','1','2','3','4','5','6','7', > '8','9','+','/' }; >@@ -843,26 +845,30 @@ > PR_Free(tmpNodeRight); > } > else *removeFlag = 1; /* Both left and right are NULL */ > flag = ADMUTIL_OP_OK; /* Should be success */ > } > else if (result > 0) { > if (node->left) { > flag = treeRemoveNode(node->left, name, &remove); >- if (remove) PR_Free(node->left); >- node->left = NULL; >+ if (remove) { >+ PR_Free(node->left); >+ node->left = NULL; >+ } > } > else flag = ADMUTIL_OP_FAIL; /* Can't find the node */ > } > else { > if (node->right) { > flag = treeRemoveNode(node->right, name, &remove); >- if (remove) PR_Free(node->right); >- node->right = NULL; >+ if (remove) { >+ PR_Free(node->right); >+ node->right = NULL; >+ } > } > else flag = ADMUTIL_OP_FAIL; /* Can't find the node */ > } > return flag; > } > > void > treeRemoveTree(TreeNodePtr tree) >Index: adminutil/lib/libadminutil/form_post.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadminutil/form_post.c,v >retrieving revision 1.4 >diff -u -8 -r1.4 form_post.c >--- adminutil/lib/libadminutil/form_post.c 4 Apr 2007 19:37:36 -0000 1.4 >+++ adminutil/lib/libadminutil/form_post.c 8 May 2007 17:27:19 -0000 >@@ -147,16 +147,17 @@ > "The POST variables could not be read from stdin.", > NULL); > } > } > > vars[cl] = '\0'; > > input = string_to_vec(vars); >+ PL_strfree(vars); /* string_to_vec dups it */ > } > > PR_IMPLEMENT(void) > get_begin(char *qs) > { > input = string_to_vec(qs); > } > >Index: adminutil/lib/libadminutil/psetc.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadminutil/psetc.c,v >retrieving revision 1.4 >diff -u -8 -r1.4 psetc.c >--- adminutil/lib/libadminutil/psetc.c 4 Apr 2007 19:37:36 -0000 1.4 >+++ adminutil/lib/libadminutil/psetc.c 8 May 2007 17:27:20 -0000 >@@ -26,16 +26,17 @@ > #include <fcntl.h> > #include <string.h> > #include <stdlib.h> > #include <ctype.h> > #include <prio.h> > #include "psetc_pvt.h" > #include "libadminutil/admutil.h" > #include "libadminutil/distadm.h" >+#include "libadminutil/srvutil.h" > #include "dbtadmutil.h" > #include <ldap_ssl.h> > > #ifdef XP_WIN32 > #define strcasecmp stricmp > #define strncasecmp _strnicmp > #endif > >@@ -1311,38 +1312,51 @@ > config information stored in the directory. If the local.conf file is > not found there, look for it under NETSITE_ROOT/serverID/config. > */ > > PR_IMPLEMENT(PsetHndl) > psetCreate(char* serverID, char* configRoot, char* user, char* passwd, > int* errorcode) > { >- PsetHndl pset; >+ PsetHndl pset = NULL; > AdmldapInfo ldapInfo= NULL; >- char *path, *ldapHost=NULL, *sieDN = NULL; >+ char *path = NULL, *ldapHost=NULL, *sieDN = NULL; > char *userDN = NULL; > char *bindPasswd = NULL; > int ldapPort = -1; >+ int useLocalConf = 1; > > ldapInfo = admldapBuildInfo(configRoot, errorcode); > > if (!ldapInfo) return NULL; > > /* get LDAP info, default is localhost:389 */ > ldapHost = admldapGetHost(ldapInfo); > ldapPort = admldapGetPort(ldapInfo); > > *errorcode = PSET_OP_OK; > > if (!ldapHost) ldapHost = PL_strdup("localhost"); > if (ldapPort < 0) ldapPort = 389; > >- /* Get SIE and password */ >- sieDN = admldapGetSIEDN(ldapInfo); >+ /* if server is admin-serv, then the ldapInfo sieDN is the correct sieDN */ >+ if (!serverID || !PL_strncasecmp(serverID, "admin-serv", strlen("admin-serv"))) { >+ sieDN = admldapGetSIEDN(ldapInfo); >+ } else { /* given other serverID */ >+ sieDN = findSIEDNByID(ldapInfo, serverID); >+ if (!sieDN) { >+ *errorcode = PSET_ENTRY_NOT_EXIST; >+ goto done; >+ } >+ useLocalConf = 0; /* disallow local.conf creation - will overwrite admin server one */ >+ /* use psetRealCreate to pass in a conf file */ >+ } >+ >+ /* Get user dn and password */ > if (!user) { > ADM_GetUserDNString(errorcode, &user); > } > if (!user) { > ADM_GetCurrentUsername(errorcode, &user); > } > /* if user is just attr val, get dn */ > userDN = admldapGetUserDN(ldapInfo, user); >@@ -1352,23 +1366,25 @@ > bindPasswd = admldapGetSIEPWD(ldapInfo); > if (!bindPasswd) { > passwd = bindPasswd; /* setting this not to free bindPasswd */ > ADM_GetCurrentPassword(errorcode, &bindPasswd); > } > } > > /* find local.conf file */ >- if (!(path = find_file_in_paths("local.conf", configRoot))) { >+ if (useLocalConf && >+ !(path = find_file_in_paths("local.conf", configRoot))) { > /* error - no valid file or dir could be found */ > *errorcode = PSET_ENV_ERR; > } > > pset = psetRealCreate(ldapHost, ldapPort, sieDN, userDN, bindPasswd, path, > errorcode); >+done: > PR_Free(ldapHost); > PR_Free(sieDN); > PR_smprintf_free(path); > PR_Free(userDN); > if (!passwd) { if (bindPasswd) PR_Free(bindPasswd); } > destroyAdmldap(ldapInfo); > return pset; > } >Index: adminutil/lib/libadminutil/resource.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadminutil/resource.c,v >retrieving revision 1.2 >diff -u -8 -r1.2 resource.c >--- adminutil/lib/libadminutil/resource.c 4 Apr 2007 19:37:36 -0000 1.2 >+++ adminutil/lib/libadminutil/resource.c 8 May 2007 17:27:20 -0000 >@@ -187,29 +187,32 @@ > > if (U_SUCCESS(status) && umsg) { > int32_t msglen=-1; > if (buffer) { > /* just convert the string into the given buffer - note that > there may be truncation/overflow - see below */ > msglen = (int32_t)bufsize; > u_strToUTF8(buffer, msglen, &msglen, umsg, umsglen, &status); >- buffer[bufsize] = '\0'; /* ensure null termination */ >+ buffer[bufsize-1] = '\0'; /* ensure null termination */ > } else { > /* Get first the required buffer size */ > u_strToUTF8(NULL, 0, &msglen, umsg, umsglen, &status); > if (msglen >0) { > result = PR_Malloc(msglen+1); > if (result) { > /* reset status, set to OVERFLOW by the last call to u_strToUTF8 */ > status = U_ZERO_ERROR; > /* now the real conversion with allocated buffer */ > u_strToUTF8((char*)result, msglen+1, &msglen, umsg, umsglen, &status); > if (!U_SUCCESS(status)) { >+ PR_Free(result); > result = NULL; >+ } else { >+ result[msglen] = '\0'; > } > } > } > } > if (status == U_BUFFER_OVERFLOW_ERROR || > status == U_STRING_NOT_TERMINATED_WARNING) { > resultcode = 1; > } else if (U_SUCCESS(status)) { >Index: adminutil/lib/libadminutil/srvutil.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadminutil/srvutil.c,v >retrieving revision 1.3 >diff -u -8 -r1.3 srvutil.c >--- adminutil/lib/libadminutil/srvutil.c 4 Apr 2007 19:37:36 -0000 1.3 >+++ adminutil/lib/libadminutil/srvutil.c 8 May 2007 17:27:20 -0000 >@@ -232,8 +232,41 @@ > node = node->next; > } > } > > listDestroy(dnList); > > return resultList; > } >+ >+#define IS_A_DELIMITER(x) ((x == ',') || (x == ' ') || (x == '+') || (x == '\0')) >+ >+PR_IMPLEMENT(char *) >+findSIEDNByID(AdmldapInfo info, const char *serverID) >+{ >+ char *retval = NULL; >+ AttrNameList nl = getServerDNList(info); >+ >+ if (nl) { >+ size_t len = strlen(serverID); >+ AttrNameList nlptr = nl; >+ while (retval = *nlptr++) { >+ /* nl is a list of DNs like this: >+ cn=slapd-foo, ... >+ cn=slapd-bar,... >+ cn=admin-serv-localhost, >+ ... >+ serverID is the value of the cn - we have to look for the trailing >+ delimiter to distinguish between slapd-foo slapd-foo2 >+ */ >+ if ((len <= strlen(retval+3)) && >+ !PL_strncasecmp(retval+3, serverID, len) && >+ (IS_A_DELIMITER(retval[3+len]))) { >+ retval = PL_strdup(retval); >+ break; >+ } >+ } >+ deleteAttrNameList(nl); >+ } >+ >+ return retval; >+} >Index: adminutil/lib/libadminutil/uginfo.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadminutil/uginfo.c,v >retrieving revision 1.4 >diff -u -8 -r1.4 uginfo.c >--- adminutil/lib/libadminutil/uginfo.c 4 Apr 2007 19:37:36 -0000 1.4 >+++ adminutil/lib/libadminutil/uginfo.c 8 May 2007 17:27:20 -0000 >@@ -80,16 +80,17 @@ > if ((ldaperror = ldap_search_s(ld, > targetDN, > LDAP_SCOPE_BASE, > "(objectclass=nsDirectoryInfo)", > NULL, > 0, > &result)) > != LDAP_SUCCESS ) { >+ ldap_msgfree(result); > #ifdef LDAP_DEBUG > ldap_perror(ld, "ldap_search_s"); > #endif > if (ldaperror == LDAP_INSUFFICIENT_ACCESS || > ldaperror == LDAP_INAPPROPRIATE_AUTH) { > *error_code = UG_ACCESS_FAIL; > return 0; > } >@@ -99,16 +100,17 @@ > } > *error_code = UG_LDAP_SYSTEM_ERR; > return 0; > } > > if (ldap_count_entries(ld, result) == 0) { > /* error return : entry does not exist */ > *error_code = UG_ENTRY_NOT_EXIST; >+ ldap_msgfree(result); > return 0; > } > > e = ldap_first_entry(ld, result); > directoryURLVals = ldap_get_values(ld, e, "nsDirectoryURL"); > bindDNVals = ldap_get_values(ld, e, "nsBindDN"); > bindPasswordVals = ldap_get_values(ld, e, "nsBindPassword"); > directoryInfoRefVals = ldap_get_values(ld, e, "nsDirectoryInfoRef"); >@@ -123,20 +125,20 @@ > /* append failover list to url */ > if (NULL != temp) { > *temp = '\0'; > PR_snprintf(buffer, sizeof(buffer), "%s %s/%s", > directoryURLVals[0], s[0], temp + 1); > } else { > PR_snprintf(buffer, sizeof(buffer), "%s %s", directoryURLVals[0], s[0]); > } >- ldap_value_free(s); > } else { > PR_snprintf(buffer, sizeof(buffer), "%s", directoryURLVals[0]); > } >+ ldap_value_free(s); > > *directoryURL = PL_strdup(buffer); > ldap_value_free(directoryURLVals); > } > if (bindDNVals) { > *bindDN = PL_strdup(bindDNVals[0]); > ldap_value_free(bindDNVals); > } >@@ -144,58 +146,60 @@ > *bindPassword = PL_strdup(bindPasswordVals[0]); > ldap_value_free(bindPasswordVals); > } > if (directoryInfoRefVals) { > *directoryInfoRef = PL_strdup(directoryInfoRefVals[0]); > ldap_value_free(directoryInfoRefVals); > } > >+ ldap_msgfree(result); > return 1; > > } > > static char* > admldapGetAdmGroupUGDN(char* sieDN) > { > char** dnList; > int dnLen = 0; >- char dnbuf[1024]; >+ char *dnbuf = NULL; > > dnList = ldap_explode_dn(sieDN, 0); >- while (dnList[dnLen]) dnLen++; >+ while (dnList && dnList[dnLen]) dnLen++; > >- if (dnLen <5) return NULL; >- PR_snprintf(dnbuf, sizeof(dnbuf), >- "%s,%s,%s,%s", >+ if (dnLen >= 5) { >+ dnbuf = PR_smprintf("%s,%s,%s,%s", > dnList[dnLen-4], > dnList[dnLen-3], > dnList[dnLen-2], > dnList[dnLen-1]); >- >- return PL_strdup(dnbuf); >+ } >+ ldap_value_free(dnList); >+ return dnbuf; > } > > static char* > admldapGetDomainUGDN(char* sieDN) > { > char** dnList; > int dnLen = 0; >- char dnbuf[1024]; >+ char *dnbuf = NULL; > > dnList = ldap_explode_dn(sieDN, 0); >- while (dnList[dnLen]) dnLen++; >+ while (dnList && dnList[dnLen]) dnLen++; > >- if (dnLen < 3) return NULL; >- PR_snprintf(dnbuf, sizeof(dnbuf), >- "cn=UserDirectory, ou=Global Preferences,%s,%s", >+ if (dnLen >= 3) { >+ dnbuf = PR_smprintf("cn=UserDirectory, ou=Global Preferences,%s,%s", > dnList[dnLen-2], > dnList[dnLen-1]); >+ } >+ ldap_value_free(dnList); > >- return PL_strdup(dnbuf); >+ return dnbuf; > } > > > PR_IMPLEMENT(int) > admldapGetUserDirectoryReal(LDAP *ld, char* targetDN, char** directoryURL, > char** bindDN, char** bindPassword, > char** directoryInfoRef, int* error_code) > { >Index: adminutil/lib/libadmsslutil/admsslutil.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/admsslutil.c,v >retrieving revision 1.7 >diff -u -8 -r1.7 admsslutil.c >--- adminutil/lib/libadmsslutil/admsslutil.c 4 Apr 2007 19:37:47 -0000 1.7 >+++ adminutil/lib/libadmsslutil/admsslutil.c 8 May 2007 17:27:21 -0000 >@@ -163,17 +163,17 @@ > if (!db_name) { > return -1; > } > > PK11_ConfigurePKCS11(NULL,NULL,NULL,db_name,NULL, NULL,NULL,NULL, > /*minPwdLen=*/8, /*pwdRequired=*/1); > > /* init NSS */ >- if (NSS_Initialize(securitydir, NULL, NULL, "secmod.db", flags)) { >+ if (NSS_Initialize(securitydir, NULL, NULL, SECMOD_DB, flags)) { > return -1; > } > > /* custom file should contain a line like this: > pinFile:/path/to/pinfile > The pin file should contain the pin for the token > We just use adm.conf as the custom file. > */ >@@ -193,58 +193,62 @@ > return -1; > } > > return 0; > } > > > PR_IMPLEMENT(int) >-ADMSSL_InitSimple(char* configdir, char *securitydir) >+ADMSSL_InitSimple(char* configdir, char *securitydir, int force) > { > AdmldapInfo admLdapInfo=NULL; > int error; > > admLdapInfo = admldapBuildInfo(configdir, &error); >- if (!admLdapInfo) return -1; >+ if (!admLdapInfo && !force) return -1; > >- if (admldapGetSecurity(admLdapInfo)) { >- error = ADMSSL_Init(admLdapInfo, securitydir); >+ if (force || admldapGetSecurity(admLdapInfo)) { >+ error = ADMSSL_Init(admLdapInfo, securitydir, force); > } else { > error = 0; > } > > destroyAdmldap(admLdapInfo); > return error; > } > > /* set minimum SSL stuff for LDAP/SSL to work */ > PR_IMPLEMENT(int) >-ADMSSL_Init(AdmldapInfo info, char *securitydir) >+ADMSSL_Init(AdmldapInfo info, char *securitydir, int force) > { >- int secure; >+ int secure = 0; > char *dirURL, *bindDN, *bindPwd, *dirInfoRef; > int errCode; > int needfree = 0; > >- secure = admldapGetSecurity(info); >+ if (force) { >+ secure = 1; >+ } else { >+ secure = admldapGetSecurity(info); >+ } > > if (!secure) { > admldapGetLocalUserDirectory(info, > &dirURL, > &bindDN, > &bindPwd, > &dirInfoRef, > &errCode); > if (errCode || !dirURL) return 0; > if (!strstr(dirURL, "ldaps://")) > return 0; > } > >- if (!securitydir) { >+ if (!securitydir && info) { > securitydir = admldapGetSecurityDir(info); > needfree = 1; > } > > if((!securitydir)) return -1; > > errCode = initNSS(securitydir, info); > >@@ -397,55 +401,37 @@ > > > #endif /* NET_SSL */ > > /* > * Modify "security" in adm.conf and DS > */ > void set_security(PsetHndl pset, >- char *securitydir, /* where security files can be found */ >- char *configdir, /* where config files can be found */ >+ char *configdir, /* where config files can be found */ > char *security /* security on/off */ > ) > { > int rv; >- AdmldapInfo admInfo = NULL; > > /* set security attribute in DS */ > if((pset) && (security) && (*security != '\0')) { > if(psetCheckAttribute(pset, SECURITY_ATTR) == PSET_OP_FAIL) { > /* create entry */ > rv = psetAddSingleValueAttribute(pset, SECURITY_ATTR, security); > if(rv != PSET_OP_OK) > servssl_error("PSET attribute creation failed!"); > } > else { > /* modify entry */ > rv = psetSetSingleValueAttr(pset, SECURITY_ATTR, security); > if(rv != PSET_OP_OK) > servssl_error("PSET attribute modification failed!"); > } > } >- >- /* add/edit security fields in adm.conf */ >- rv = 0; >- admInfo = admldapBuildInfoOnly(configdir, &rv); >- if (!admInfo || rv) { >- servssl_error("Can not open adm.conf for reading"); >- } >- >- if (is_dir_ok(securitydir)) { >- admldapSetSecurityDir(admInfo, securitydir); >- } >- >- if (admldapWriteInfoFile(admInfo)) { >- servssl_error("Can not open adm.conf for writing"); >- } >- destroyAdmldap(admInfo); > } > > > /* NT SSL STUFF HERE -------------------------------------------------------*/ > > #ifdef XP_WIN32 > static char password[512]; > static char pinprompt[512]; >@@ -582,17 +568,17 @@ > } > > > PR_IMPLEMENT(PRFileDesc*) > SSLSocket_init(PRFileDesc *req_socket, const char *configdir, const char *securitydir) > { > PRFileDesc *ssl_socket = NULL; > >- if (ADMSSL_InitSimple((char *)configdir, (char *)securitydir) != 0) { >+ if (ADMSSL_InitSimple((char *)configdir, (char *)securitydir, 0) != 0) { > PR_Close(ssl_socket); > return NULL; > } > > if (SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_FALSE)) { > return NULL; > } > >Index: adminutil/lib/libadmsslutil/psetcssl.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/psetcssl.c,v >retrieving revision 1.3 >diff -u -8 -r1.3 psetcssl.c >--- adminutil/lib/libadmsslutil/psetcssl.c 4 Apr 2007 19:37:47 -0000 1.3 >+++ adminutil/lib/libadmsslutil/psetcssl.c 8 May 2007 17:27:22 -0000 >@@ -22,16 +22,17 @@ > #include <time.h> > #include <string.h> > #include <stdlib.h> > #include <ctype.h> > #include "ldap.h" > #include "ldap_ssl.h" > #include "libadminutil/distadm.h" > #include "libadmsslutil/psetcssl.h" >+#include "libadmsslutil/srvutilssl.h" > > #ifdef XP_WIN32 > #define strcasecmp stricmp > #define strncasecmp _strnicmp > #endif > > #ifndef PATH_MAX > #define PATH_MAX 256 >@@ -148,21 +149,22 @@ > userDN, passwd, configFile, NULL, errorcode); > } > > > PR_IMPLEMENT(PsetHndl) > psetCreateSSL(char* serverID, char* configRoot, char* user, char* passwd, > int* errorcode) > { >- PsetHndl pset; >+ PsetHndl pset = NULL; > AdmldapInfo ldapInfo= NULL; >- char *path = NULL, *ldapHost=NULL, *sieDN, *bindPasswd = NULL; >+ char *path = NULL, *ldapHost=NULL, *sieDN = NULL, *bindPasswd = NULL; > char *userDN = NULL; > int ldapPort = -1, secure = 0; >+ int useLocalConf = 1; > > ldapInfo = admldapBuildInfo(configRoot, errorcode); > > if (!ldapInfo) return NULL; > > /* get LDAP info, default is localhost:389 */ > ldapHost = admldapGetHost(ldapInfo); > ldapPort = admldapGetPort(ldapInfo); >@@ -173,18 +175,31 @@ > secure = admldapGetSecurity(ldapInfo); > if (secure) { > if (ldapPort < 0) ldapPort = 636; > } > else { > if (ldapPort < 0) ldapPort = 389; > } > >- /* Get SIE and password */ >- sieDN = admldapGetSIEDN(ldapInfo); >+ /* Get SIE */ >+ /* if server is admin-serv, then the ldapInfo sieDN is the correct sieDN */ >+ if (!serverID || !PL_strncasecmp(serverID, "admin-serv", strlen("admin-serv"))) { >+ sieDN = admldapGetSIEDN(ldapInfo); >+ } else { /* given other serverID */ >+ sieDN = findSIEDNByIDSSL(ldapInfo, serverID); >+ if (!sieDN) { >+ *errorcode = PSET_ENTRY_NOT_EXIST; >+ goto done; >+ } >+ useLocalConf = 0; /* disallow local.conf creation - will overwrite admin server one */ >+ /* use psetRealCreateSSL to pass in a conf file */ >+ } >+ >+ /* get user dn and password */ > if (!user) { > ADM_GetUserDNString(errorcode, &user); > } > if (!user) { > ADM_GetCurrentUsername(errorcode, &user); > } > /* if user is just attr val, get dn */ > userDN = admldapGetUserDN(ldapInfo, user); >@@ -194,23 +209,25 @@ > bindPasswd = admldapGetSIEPWD(ldapInfo); > if (!bindPasswd) { > passwd = bindPasswd; /* not to free bindPasswd */ > ADM_GetCurrentPassword(errorcode, &bindPasswd); > } > } > > /* find local.conf file */ >- if (!(path = find_file_in_paths("local.conf", configRoot))) { >+ if (useLocalConf && >+ !(path = find_file_in_paths("local.conf", configRoot))) { > /* error - no valid file or dir could be found */ > *errorcode = PSET_ENV_ERR; > } > > pset = psetRealCreateSSL(ldapHost, ldapPort, secure, sieDN, userDN, > bindPasswd, path, errorcode); >+done: > destroyAdmldap(ldapInfo); > PR_Free(userDN); > PR_Free(ldapHost); > PR_Free(sieDN); > PR_smprintf_free(path); > if (!passwd) { if (bindPasswd) PR_Free(bindPasswd); } > return pset; > } >Index: adminutil/lib/libadmsslutil/srvutilssl.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/srvutilssl.c,v >retrieving revision 1.4 >diff -u -8 -r1.4 srvutilssl.c >--- adminutil/lib/libadmsslutil/srvutilssl.c 4 Apr 2007 19:37:47 -0000 1.4 >+++ adminutil/lib/libadmsslutil/srvutilssl.c 8 May 2007 17:27:22 -0000 >@@ -140,8 +140,40 @@ > PR_Free(isie); > return resultList; > err: > if (isie) PR_Free(isie); > return NULL; > > } > >+#define IS_A_DELIMITER(x) ((x == ',') || (x == ' ') || (x == '+') || (x == '\0')) >+ >+PR_IMPLEMENT(char *) >+findSIEDNByIDSSL(AdmldapInfo info, const char *serverID) >+{ >+ char *retval = NULL; >+ AttrNameList nl = getServerDNListSSL(info); >+ >+ if (nl) { >+ size_t len = strlen(serverID); >+ AttrNameList nlptr = nl; >+ while (retval = *nlptr++) { >+ /* nl is a list of DNs like this: >+ cn=slapd-foo, ... >+ cn=slapd-bar,... >+ cn=admin-serv-localhost, >+ ... >+ serverID is the value of the cn - we have to look for the trailing >+ delimiter to distinguish between slapd-foo slapd-foo2 >+ */ >+ if ((len <= strlen(retval+3)) && >+ !PL_strncasecmp(retval+3, serverID, len) && >+ (IS_A_DELIMITER(retval[3+len]))) { >+ retval = PL_strdup(retval); >+ break; >+ } >+ } >+ deleteAttrNameList(nl); >+ } >+ >+ return retval; >+} >Index: adminutil/tests/psetread.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/tests/psetread.c,v >retrieving revision 1.1 >diff -u -8 -r1.1 psetread.c >--- adminutil/tests/psetread.c 4 Apr 2007 19:37:47 -0000 1.1 >+++ adminutil/tests/psetread.c 8 May 2007 17:27:23 -0000 >@@ -24,84 +24,82 @@ > */ > > #include <stdio.h> > #include <stdlib.h> > #include <string.h> > #include "libadminutil/admutil.h" > #include "libadminutil/srvutil.h" > >+static void >+dump_pset_node(PsetHndl pset, char *nodeName) >+{ >+ char buf[BUFSIZ]; >+ int rval = 0; >+ AttributeList iter; >+ AttributePtr attrPtr = NULL; >+ AttributeList nodeAttrs = psetGetAllAttrsACI(pset, nodeName, &rval); >+ >+ fprintf(stderr, "pset operation returned [%d: %s]\n", rval, psetErrorString(rval, NULL, buf, sizeof(buf), NULL)); >+ if (!nodeAttrs) { >+ goto localdone; >+ } >+ >+ iter = nodeAttrs; >+ while (attrPtr = *iter++) { >+ char *p = NULL; >+ int ii = 0; >+ for (p = attrPtr->attrVal[0]; attrPtr->attrVal && attrPtr->attrVal[ii]; >+ p = attrPtr->attrVal[++ii]) { >+ fprintf(stderr, "%s: %s\n", attrPtr->attrName, attrPtr->attrVal[ii]); >+ } >+ } >+ >+localdone: >+ deleteAttributeList(nodeAttrs); >+ >+ return; >+} >+ > main(int ac, char **av) > { > int _ai=ADMUTIL_Init(); > PsetHndl pset = NULL; > char *configdir = NULL; > int rval = 0; >- AttributeList nodeAttrs = NULL; >- AttributeList iter = NULL; >- char *nodeName = NULL; >- AttributePtr attrPtr = NULL; > char buf[BUFSIZ]; > > if (ac > 1) { > configdir = strdup(*(av+1)); > } > > if (NULL == configdir || 0 == strlen(configdir)) { > fprintf(stderr, "ERROR: config dir was not specified.\n"); > rval = -1; > goto done; > } else { > fprintf(stdout, "%s: configdir: %s\n", *av, configdir); > } > > pset = psetCreate("slapd-localhost", configdir, NULL, NULL, &rval); > fprintf(stderr, "pset operation returned [%d: %s]\n", rval, psetErrorString(rval, NULL, buf, sizeof(buf), NULL)); >- if (!pset || rval) { >+ if (!pset || (rval && (rval != PSET_LOCAL_OPEN_FAIL))) { /* no local file for slapd - OK */ > goto done; > } > >- nodeName = PL_strdup(""); >+ dump_pset_node(pset, ""); >+ dump_pset_node(pset, "configuration"); > >- nodeAttrs = psetGetAllAttrsACI(pset, nodeName, &rval); >- fprintf(stderr, "pset operation returned [%d: %s]\n", rval, psetErrorString(rval, NULL, buf, sizeof(buf), NULL)); >- if (!nodeAttrs) { >- goto done; >- } >- >- iter = nodeAttrs; >- while (attrPtr = *iter++) { >- char *p = NULL; >- int ii = 0; >- for (p = attrPtr->attrVal[0]; attrPtr->attrVal && attrPtr->attrVal[ii]; >- p = attrPtr->attrVal[++ii]) { >- fprintf(stderr, "%s: %s\n", attrPtr->attrName, attrPtr->attrVal[ii]); >- } >- } >- deleteAttributeList(nodeAttrs); >- nodeAttrs = NULL; >- >- PL_strfree(nodeName); >- nodeName = PL_strdup("configuration"); >- >- nodeAttrs = psetGetAllAttrsACI(pset, nodeName, &rval); >+ psetDelete(pset); >+ pset = psetCreate(NULL, configdir, NULL, NULL, &rval); /* admin-serv */ > fprintf(stderr, "pset operation returned [%d: %s]\n", rval, psetErrorString(rval, NULL, buf, sizeof(buf), NULL)); >- if (!nodeAttrs) { >+ if (!pset || (rval && (rval != PSET_LOCAL_OPEN_FAIL))) { /* no local file for slapd - OK */ > goto done; > } > >- iter = nodeAttrs; >- while (attrPtr = *iter++) { >- char *p = NULL; >- int ii = 0; >- for (p = attrPtr->attrVal[0]; attrPtr->attrVal && attrPtr->attrVal[ii]; >- p = attrPtr->attrVal[++ii]) { >- fprintf(stderr, "%s: %s\n", attrPtr->attrName, attrPtr->attrVal[ii]); >- } >- } >+ dump_pset_node(pset, ""); >+ dump_pset_node(pset, "configuration"); > > done: >- deleteAttributeList(nodeAttrs); > psetDelete(pset); > free(configdir); >- PL_strfree(nodeName); > exit(rval); > } >Index: adminutil/tests/psetreadssl.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/tests/psetreadssl.c,v >retrieving revision 1.1 >diff -u -8 -r1.1 psetreadssl.c >--- adminutil/tests/psetreadssl.c 4 Apr 2007 19:37:47 -0000 1.1 >+++ adminutil/tests/psetreadssl.c 8 May 2007 17:27:23 -0000 >@@ -24,16 +24,17 @@ > */ > > #include <stdio.h> > #include <stdlib.h> > #include <string.h> > #include "libadminutil/admutil.h" > #include "libadminutil/srvutil.h" > #include "libadmsslutil/psetcssl.h" >+#include "libadmsslutil/admsslutil.h" > > main(int ac, char **av) > { > int _ai=ADMUTIL_Init(); > PsetHndl pset = NULL; > char *configdir = NULL; > char *securitydir = NULL; > int rval = 0; >@@ -62,17 +63,17 @@ > if (NULL == securitydir || 0 == strlen(securitydir)) { > fprintf(stderr, "ERROR: security dir was not specified.\n"); > rval = -2; > goto done; > } else { > fprintf(stdout, "%s: securitydir: %s\n", *av, securitydir); > } > >- rval = ADMSSL_InitSimple(configdir, securitydir); >+ rval = ADMSSL_InitSimple(configdir, securitydir, 0); > if (rval) { > fprintf(stderr, "ADMSSL_InitSimple(%s,%s) failed: %d\n", configdir, securitydir, rval); > goto done; > } > > pset = psetCreateSSL("slapd-localhost", configdir, NULL, NULL, &rval); > fprintf(stderr, "pset operation returned [%d: %s]\n", rval, psetErrorString(rval, NULL, buf, sizeof(buf), NULL)); > if (!pset || rval) { >Index: adminutil/tests/psetwrite.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/tests/psetwrite.c,v >retrieving revision 1.1 >diff -u -8 -r1.1 psetwrite.c >--- adminutil/tests/psetwrite.c 4 Apr 2007 19:37:47 -0000 1.1 >+++ adminutil/tests/psetwrite.c 8 May 2007 17:27:23 -0000 >@@ -25,26 +25,53 @@ > > #include <stdio.h> > #include <stdlib.h> > #include <string.h> > #include "libadminutil/psetc.h" > #include "libadminutil/admutil.h" > #include "libadminutil/srvutil.h" > >+static void >+dump_pset_node(PsetHndl pset, char *nodeName) >+{ >+ char buf[BUFSIZ]; >+ int rval = 0; >+ AttributeList iter; >+ AttributePtr attrPtr = NULL; >+ AttributeList nodeAttrs = psetGetAllAttrsACI(pset, nodeName, &rval); >+ >+ fprintf(stderr, "pset operation returned [%d: %s]\n", rval, psetErrorString(rval, NULL, buf, sizeof(buf), NULL)); >+ if (!nodeAttrs) { >+ goto localdone; >+ } >+ >+ iter = nodeAttrs; >+ while (attrPtr = *iter++) { >+ char *p = NULL; >+ int ii = 0; >+ for (p = attrPtr->attrVal[0]; attrPtr->attrVal && attrPtr->attrVal[ii]; >+ p = attrPtr->attrVal[++ii]) { >+ fprintf(stderr, "%s: %s\n", attrPtr->attrName, attrPtr->attrVal[ii]); >+ } >+ } >+ >+localdone: >+ deleteAttributeList(nodeAttrs); >+ >+ return; >+} >+ >+int > main(int ac, char **av) > { > int _ai=ADMUTIL_Init(); > PsetHndl pset = NULL; > char *configdir = NULL; > int rval = 0; >- AttributeList nodeAttrs = NULL; >- AttributeList iter = NULL; >- char *nodeName = NULL; >- AttributePtr attrPtr = NULL; > AttributeList updateList = NULL, addList = NULL; > char *attrs[] = { > "configuration.nsAdminCacheLifetime", > "configuration.nsAdminAccessHosts", > "configuration.nsAdminAccessAddresses", > "configuration.nsAdminEnableEnduser", > "configuration.nsAdminEnableDSGW" > }; >@@ -69,58 +96,40 @@ > if (NULL == configdir || 0 == strlen(configdir)) { > fprintf(stderr, "ERROR: config dir was not specified.\n"); > rval = -1; > goto done; > } else { > fprintf(stdout, "%s: configdir: %s\n", *av, configdir); > } > >- pset = psetCreate("slapd-localhost", configdir, NULL, NULL, &rval); >+ pset = psetCreate(NULL, configdir, NULL, NULL, &rval); > fprintf(stderr, "pset operation returned [%d: %s]\n", rval, psetErrorString(rval, NULL, buf, sizeof(buf), NULL)); > if (!pset || rval) { > goto done; > } > >- nodeName = PL_strdup("configuration"); >- >- nodeAttrs = psetGetAllAttrsACI(pset, nodeName, &rval); >- fprintf(stderr, "pset operation returned [%d: %s]\n", rval, psetErrorString(rval, NULL, buf, sizeof(buf), NULL)); >- if (!nodeAttrs) { >- goto done; >- } >- >- iter = nodeAttrs; >- while (attrPtr = *iter++) { >- char *p = NULL; >- int ii = 0; >- for (p = attrPtr->attrVal[0]; attrPtr->attrVal && attrPtr->attrVal[ii]; >- p = attrPtr->attrVal[++ii]) { >- fprintf(stderr, "%s: %s\n", attrPtr->attrName, attrPtr->attrVal[ii]); >- } >- } >- deleteAttributeList(nodeAttrs); >- nodeAttrs = NULL; >+ dump_pset_node(pset, "configuration"); > > updateList = createAttributeList(nattrs); > while (ii < nattrs) { > addSingleValueAttribute(updateList, ii, attrs[ii], "new value"); > ++ii; > } > rval = psetSetAttrList(pset, updateList); > if (rval) { > fprintf(stderr, "PSET_ERROR_NUMBER: %d\nPSET_ERROR_INFO: %s\n", > rval, > psetErrorString(rval, NULL, buf, sizeof(buf), NULL)); > goto done; > } > deleteAttributeList(updateList); > updateList = NULL; > >- nodeObjectClass = psetGetObjectClass(pset, nodeName, &rval); >+ nodeObjectClass = psetGetObjectClass(pset, "configuration", &rval); > if (rval) { > psetDelete(pset); > fprintf(stderr, "PSET_ERROR_NUMBER: %d\nPSET_ERROR_INFO: %s\n", > rval, > psetErrorString(rval, NULL, buf, sizeof(buf), NULL)); > exit(1); > } > >@@ -139,46 +148,35 @@ > ocList = NULL; > if (rval) { > fprintf(stderr, "PSET_ERROR_NUMBER: %d\nPSET_ERROR_INFO: %s\n", > rval, > psetErrorString(rval, NULL, buf, sizeof(buf), NULL)); > goto done; > } > >+ fprintf(stderr, "After adding objectclass extensibleObject: \n"); >+ dump_pset_node(pset, "configuration"); >+ > ii = 0; > while (ii < nnewattrs) { > rval = psetAddSingleValueAttribute(pset, newattrs[ii], "new value"); > if (rval) { >- fprintf(stderr, "PSET_ERROR_NUMBER: %d\nPSET_ERROR_INFO: %s\n", >+ fprintf(stderr, "Could not add attribute [%s]: PSET_ERROR_NUMBER: %d\nPSET_ERROR_INFO: %s\n", >+ newattrs[ii], > rval, > psetErrorString(rval, NULL, buf, sizeof(buf), NULL)); > goto done; > } > ++ii; > } > >- nodeAttrs = psetGetAllAttrsACI(pset, nodeName, &rval); >- fprintf(stderr, "pset operation returned [%d: %s]\n", rval, psetErrorString(rval, NULL, buf, sizeof(buf), NULL)); >- if (!nodeAttrs) { >- goto done; >- } >- >- iter = nodeAttrs; >- while (attrPtr = *iter++) { >- char *p = NULL; >- int ii = 0; >- for (p = attrPtr->attrVal[0]; attrPtr->attrVal && attrPtr->attrVal[ii]; >- p = attrPtr->attrVal[++ii]) { >- fprintf(stderr, "%s: %s\n", attrPtr->attrName, attrPtr->attrVal[ii]); >- } >- } >+ fprintf(stderr, "After adding bogus attributes\n"); >+ dump_pset_node(pset, "configuration"); > > done: > free(configdir); > psetDelete(pset); >- PL_strfree(nodeName); > deleteValue(nodeObjectClass); >- deleteAttributeList(nodeAttrs); > deleteAttributeList(updateList); > deleteAttrNameList(ocList); > exit(rval); > } >Index: adminutil/tests/retrieveSIEssl.c >=================================================================== >RCS file: /cvs/dirsec/adminutil/tests/retrieveSIEssl.c,v >retrieving revision 1.1 >diff -u -8 -r1.1 retrieveSIEssl.c >--- adminutil/tests/retrieveSIEssl.c 4 Apr 2007 19:37:47 -0000 1.1 >+++ adminutil/tests/retrieveSIEssl.c 8 May 2007 17:27:24 -0000 >@@ -66,17 +66,17 @@ > > if (NULL == securitydir || 0 == strlen(securitydir)) { > fprintf(stderr, "ERROR: security dir was not specified.\n"); > exit(1); > } else { > fprintf(stdout, "%s: securitydir: %s\n", *av, securitydir); > } > >- rval = ADMSSL_InitSimple(configdir, securitydir); >+ rval = ADMSSL_InitSimple(configdir, securitydir, 0); > if (rval) { > fprintf(stderr, "ADMSSL_InitSimple(%s,%s) failed: %d\n", configdir, securitydir, rval); > exit(1); > } > > /* > * get the LDAP information from admin server config info > */
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=154348">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 239475
:
154347
| 154348 |
154355