Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 156518 Details for
Bug 243205
allow instance creation with no .inf file; allow pre-hashed RootDNPwd
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
diffs
cvsdiffs (text/plain), 15.64 KB, created by
Rich Megginson
on 2007-06-07 21:42:40 UTC
(
hide
)
Description:
diffs
Filename:
MIME Type:
Creator:
Rich Megginson
Created:
2007-06-07 21:42:40 UTC
Size:
15.64 KB
patch
obsolete
>Index: ldapserver/ldap/admin/src/cfg_sspt.c >=================================================================== >RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/cfg_sspt.c,v >retrieving revision 1.11 >diff -u -8 -r1.11 cfg_sspt.c >--- ldapserver/ldap/admin/src/cfg_sspt.c 10 Nov 2006 23:44:33 -0000 1.11 >+++ ldapserver/ldap/admin/src/cfg_sspt.c 7 Jun 2007 21:38:52 -0000 >@@ -1357,49 +1357,16 @@ > PR_smprintf_free (explanation); > ldap_unbind (connection); > connection = NULL; > } > fflush (stdout); > return connection; > } > >-static int >-write_ldap_info(SLAPD_CONFIG* slapd, char* base, char* admnm) >-{ >- FILE* fp; >- int ret = 0; >- >- char* fmt = "%s/shared/config/ldap.conf"; >- char* infoFileName = PR_smprintf(fmt, slapd->slapd_server_root); >- >- if ((fp = fopen(infoFileName, "w")) == NULL) >- { >- ret = -1; >- } >- else >- { >- fprintf(fp, "url\tldap://%s:%d/", >- slapd->host, slapd->port); >- >- if (base) >- fprintf(fp, "%s", base); >- >- fprintf(fp, "\n"); >- >- fprintf(fp, "admnm\t%s\n", admnm); >- >- fclose(fp); >- } >- >- PR_smprintf_free(infoFileName); >- >- return ret; >-} >- > #ifdef TEST_CONFIG > int > config_configEntry(LDAP* connection, QUERY_VARS* query) > { > /* initial ACIs for o=NetscapeRoot */ > > int ret = add_aci_v (connection, value_config40DN, ACI_self_allow, NULLSTR); > return ret; >@@ -1625,22 +1592,16 @@ > 0, 0, 0); > } > if (!status) { > status = create_organizational_unit(connection, > admin_domainDN, > value_hostPreferencesOU, 0, > 0, 0, 0); > } >- >- /* >- ** Write the ldap.info file and the SuiteSpot.ldif file >- */ >- >- write_ldap_info(slapd, query->suffix, query->ssAdmID); > } > > #ifdef TEST_CONFIG > if (!status && query->testconfig) > status = create_configEntry(connection); > > if (!status && query->testconfig) > status = config_configEntry(connection, query); >Index: ldapserver/ldap/admin/src/create_instance.c >=================================================================== >RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/create_instance.c,v >retrieving revision 1.57 >diff -u -8 -r1.57 create_instance.c >--- ldapserver/ldap/admin/src/create_instance.c 7 Jun 2007 21:23:54 -0000 1.57 >+++ ldapserver/ldap/admin/src/create_instance.c 7 Jun 2007 21:38:55 -0000 >@@ -139,17 +139,16 @@ > LPCTSTR szServiceExe ); > #endif > > static void ds_gen_index(FILE* f, char* belowdn); > static char *ds_gen_orgchart_conf(char *sroot, char *cs_path, server_config_s *cf); > static char *ds_gen_gw_conf(char *sroot, char *cs_path, server_config_s *cf, int conf_type); > static char *install_ds(char *sroot, server_config_s *cf, char *param_name); > >-static int write_ldap_info(char *slapd_server_root, server_config_s *cf); > #if defined (BUILD_PRESENCE) > static char *gen_presence_init_script(char *sroot, server_config_s *cf, > char *cs_path); > static int init_presence(char *sroot, server_config_s *cf, char *cs_path); > #endif > > static char *make_error(char *fmt, ...) > #ifdef __GNUC__ >@@ -4118,19 +4117,16 @@ > } > } > else > { > ds_show_message("Your new directory server has been started."); > } > } > >- /* write ldap.conf */ >- write_ldap_info( sroot, cf ); >- > #ifdef XP_UNIX > ds_become_localuser_name (cf->servuser); > #endif > #ifdef XP_WIN32 > if( errno = WSAStartup(0x0101, &wsadata ) != 0 ) > { > char szTmp[512]; > /*replaced errno > -1 && errno < sys_nerr ? sys_errlist[errno] : >@@ -4138,16 +4134,27 @@ > PR_snprintf(szTmp, sizeof(szTmp), "Error: Windows Sockets initialization failed errno %d (%s)<br>\n", errno, > strerror(errno), 0 ); > > fprintf (stdout, szTmp); > return 0; > } > #endif /* XP_WIN32 */ > >+ /* if an already hashed password is given, we cannot do the configure_suitespot() >+ stuff below, because that requires the clear text password in order to >+ bind to the server. This also means that default entries and default >+ acis will not be added to the server. >+ */ >+ if (cf->rootpw == cf->roothashedpw) { >+ if (status) >+ return make_error ("Could not configure server (%d).", status); >+ return NULL; >+ } >+ > memset( &query_vars, 0, sizeof(query_vars) ); > if (!cf->use_existing_user_ds) > query_vars.suffix = create_instance_strdup( cf->suffix ); > query_vars.ssAdmID = create_instance_strdup( cf->cfg_sspt_uid ); > query_vars.ssAdmPW1 = create_instance_strdup( cf->cfg_sspt_uidpw ); > query_vars.ssAdmPW2 = create_instance_strdup( cf->cfg_sspt_uidpw ); > query_vars.rootDN = create_instance_strdup( cf->rootdn ); > query_vars.rootPW = create_instance_strdup( cf->rootpw ); >@@ -4194,58 +4201,16 @@ > #endif > > if (status) > return make_error ("Could not configure server (%d).", status); > > return(NULL); > } > >-/* write_ldap_info() : writes ldap.conf */ >- >-static int >-write_ldap_info( char *slapd_server_root, server_config_s *cf) >-{ >- FILE* fp; >- int ret = 0; >- >- char* fmt = "%s/shared/config/ldap.conf"; >- char* infoFileName; >- >- if (!slapd_server_root) { >- return -1; >- } >- >- infoFileName = PR_smprintf(fmt, slapd_server_root); >- >- if ((fp = fopen(infoFileName, "w")) == NULL) >- { >- ret = -1; >- } >- else >- { >- fprintf(fp, "url\tldap://%s:%d/", >- cf->servname, atoi(cf->servport)); >- >- if (cf->suffix) >- fprintf(fp, "%s", cf->suffix); >- >- fprintf(fp, "\n"); >- >- if (cf->cfg_sspt_uid) { >- fprintf(fp, "admnm\t%s\n", cf->cfg_sspt_uid); >- } >- >- fclose(fp); >- } >- PR_smprintf_free(infoFileName); >- >- return ret; >-} >- > /* ----------- Create a new server from configuration variables ----------- */ > > > int create_config(server_config_s *cf) > { > char *t = NULL; > char error_param[BIG_LINE] = {0}; > >@@ -4537,30 +4502,39 @@ > > if (!pw1 || !pw2 || check_passwords(pw1, pw2)) > { > return 1; > } > > cf->rootpw = pw1; > } >- /* Encode the password in SSHA by default */ >- cf->roothashedpw = (char *)ds_salted_sha1_pw_enc (cf->rootpw); >+ if (strchr(cf->rootpw, '}') && >+ (!PL_strncasecmp(cf->rootpw, "{SHA", 4) || >+ !PL_strncasecmp(cf->rootpw, "{SSHA", 5) || >+ !PL_strncasecmp(cf->rootpw, "{CRYPT}", 7) || >+ !PL_strncasecmp(cf->rootpw, "{MD5}", 5))) { >+ /* assume the password is already hashed */ >+ cf->roothashedpw = cf->rootpw; >+ } else { /* assume cleartext password */ >+ /* Encode the password in SSHA by default */ >+ cf->roothashedpw = (char *)ds_salted_sha1_pw_enc (cf->rootpw); >+ } > } > > cf->admin_domain = ds_a_get_cgi_var("admin_domain", NULL, NULL); > > if ((temp = ds_a_get_cgi_var("use_existing_config_ds", NULL, NULL))) { > cf->use_existing_config_ds = atoi(temp); > } else { > cf->use_existing_config_ds = 1; /* there must already be one */ > } > > if ((temp = ds_a_get_cgi_var("use_existing_user_ds", NULL, NULL))) { >- cf->use_existing_config_ds = atoi(temp); >+ cf->use_existing_user_ds = atoi(temp); > } else { > cf->use_existing_user_ds = 0; /* we are creating it */ > } > > temp = ds_a_get_cgi_var("ldap_url", NULL, NULL); > if (temp && !ldap_url_parse(temp, &desc) && desc) > { > char *suffix; >Index: ldapserver/ldap/admin/src/ds_newinst.pl.in >=================================================================== >RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/ds_newinst.pl.in,v >retrieving revision 1.6 >diff -u -8 -r1.6 ds_newinst.pl.in >--- ldapserver/ldap/admin/src/ds_newinst.pl.in 7 Jun 2007 21:23:54 -0000 1.6 >+++ ldapserver/ldap/admin/src/ds_newinst.pl.in 7 Jun 2007 21:38:55 -0000 >@@ -30,27 +30,47 @@ > # provide this exception without modification, you must delete this exception > # statement from your version and license this file solely under the GPL without > # exception. > # > # > # Copyright (C) 2005 Red Hat, Inc. > # All rights reserved. > # END COPYRIGHT BLOCK >+use Net::Domain qw(hostfqdn); > use IPC::Open2; > use Symbol; > use CGI::Util qw(escape); > use Cwd; > use File::Basename; > > sub usage { > my $msg = shift; >- print "Error: $msg\n"; >- print "Usage: $0 [-|filename.inf]\n"; >- print "Use - to read from stdin\n"; >+ print <<EOF; >+Error: $msg >+Usage: $0 [-|filename.inf] [args] >+The filename, if any, should be specified first. After the filename, other args >+can be provided to override settings in the provided file in this format: >+ section.param=value >+e.g. >+ General.FullMachineName=foo.example.com >+or >+ "slapd.Suffix=dc=example, dc=com" >+ >+So, for example, if you use >+ $0 filename.inf General.FullMachineName=bar.example.com >+And your filename.inf file has >+ [General] >+ FullMachineName= foo.example.com >+$0 will use bar.example.com for FullMachineName since that was the one passed on the command line >+ >+$0 will attempt to generate reasonable default values for some of the parameters, but there are a couple that must be specified: >+ slapd.ServerPort slapd.RootDNPwd >+Also General.SuiteSpotUserID must be specified if running as root. If not running as root, the uid of the user will be used. >+EOF > exit 1 > } > > sub getCgiContentAndLength { > my $args = shift; > my $content = ""; > my $firsttime = 1; > while (my ($kk, $vv) = each %{$args}) { >@@ -64,17 +84,17 @@ > } > my $length = length($content); > > return ($content, $length); > } > > # fakes out the ds_newinst program into thinking it is getting cgi input > sub cgiFake { >- my ($sroot, $verbose, $prog, $args) = @_; >+ my ($verbose, $prog, $args) = @_; > # construct content string > my ($content, $length) = &getCgiContentAndLength($args); > > # setup CGI environment > $ENV{REQUEST_METHOD} = "POST"; > $ENV{CONTENT_LENGTH} = $length; > $ENV{SERVER_NAMES} = 'slapd-' . $args->{servid}; > >@@ -82,19 +102,22 @@ > > # open the program > my $curdir = getcwd(); > my $dir = dirname($prog); > my $exe = basename($prog); > chdir $dir; > my $input = gensym(); > my $output = gensym(); >+ # make sure the child exit code is reset before starting the fake >+ # cgi program >+ $? = 0; > my $pid = open2($input, $output, "./$exe"); > sleep(1); # allow prog to init stdin read buffers >- print $output $content, "\n"; >+ print $output $content; > close $output; > > if ($?) { > print "Warning: $prog returned code $? and $!\n"; > } > > my $exitCode = 1; > my @lines; >@@ -131,81 +154,120 @@ > > if (! $source->{$ssec}->{$skey}) { > usage("Missing required parameter $ssec - $skey\n"); > } > > $dest->{$dkey} = $source->{$ssec}->{$skey}; > } > >-my $filename = $ARGV[0]; >-usage("$filename not found") if ($filename ne "-" && ! -f $filename); >+sub readInfFile { >+ my $filename = shift; >+ my $fh; >+ if ($filename eq "-") { >+ $fh = \*STDIN; >+ } else { >+ open(IN, $filename) or usage("could not open file $filename: $!"); >+ $fh = \*IN; >+ } >+ while (<$fh>) { >+ # e.g. [General] >+ if (/^\[(.*?)\]/) { >+ $curSection = $1; >+ } elsif (/^\s*$/) { >+ next; # skip blank lines >+ } elsif (/^\s*\#/) { >+ next; # skip comment lines >+ } elsif (/^\s*(.*?)\s*=\s*(.*?)\s*$/) { >+ $table{$curSection}->{$1} = $2; >+ } >+ } >+ if ($filename ne "-") { >+ close IN; >+ } >+} >+ >+usage("No arguments given") if (!@ARGV); >+ >+# process command line arguments >+for (@ARGV) { >+ if (/^(\w+).(\w+)=(.*)$/) { # e.g. section.param=value >+ $table{$1}->{$2} = $3; >+ } else { # file? >+ readInfFile($_); >+ } >+} > >-my $curSection; >-# each key in the table is a section name >-# the value is a hash ref of the items in that section >-# in that hash ref, each key is the config param name, >-# and the value is the config param value >-my %table = (); >- >-my $fh; >-if ($filename eq "-") { >- $fh = \*STDIN; >-} else { >- open(IN, $filename); >- $fh = \*IN; >+#printhash (\%table); >+ >+# set default values >+if (!$table{General}->{FullMachineName}) { >+ $table{General}->{FullMachineName} = hostfqdn; > } >-while (<$fh>) { >- # e.g. [General] >- if (/^\[(.*?)\]/) { >- $curSection = $1; >- } elsif (/^\s*$/) { >- next; # skip blank lines >- } elsif (/^\s*\#/) { >- next; # skip comment lines >- } elsif (/^\s*(.*?)\s*=\s*(.*?)\s*$/) { >- $table{$curSection}->{$1} = $2; >- } >+ >+if (!$table{General}->{SuiteSpotUserID}) { >+ if ($> != 0) { # if not root, use the user's uid >+ $table{General}->{SuiteSpotUserID} = getlogin; >+ } >+ # otherwise, the uid must be specified > } >-if ($filename ne "-") { >- close IN; >+ >+if (!$table{slapd}->{RootDN}) { >+ $table{slapd}->{RootDN} = "cn=Directory Manager"; > } > >-#printhash (\%table); >+if (!$table{slapd}->{Suffix}) { >+ my $suffix = $table{General}->{FullMachineName}; >+ # convert fqdn to dc= domain components >+ $suffix = "dc=$suffix"; >+ $suffix =~ s/\./, dc=/g; >+ $table{slapd}->{Suffix} = $suffix; >+} >+ >+if (!$table{slapd}->{ServerIdentifier}) { >+ my $servid = $table{General}->{FullMachineName}; >+ # strip out the leftmost domain component >+ $servid =~ s/\..*$//; >+ $table{slapd}->{ServerIdentifier} = $servid; >+} > > # next, construct a hash table with our arguments > > my %cgiargs = (); > my $package_name = "@package_name@"; >- > # the following items are always required >-addAndCheck(\%cgiargs, "sroot", \%table, "General", "ServerRoot"); > addAndCheck(\%cgiargs, "servname", \%table, "General", "FullMachineName"); > addAndCheck(\%cgiargs, "servuser", \%table, "General", "SuiteSpotUserID"); > addAndCheck(\%cgiargs, "rootdn", \%table, "slapd", "RootDN"); > addAndCheck(\%cgiargs, "rootpw", \%table, "slapd", "RootDNPwd"); > addAndCheck(\%cgiargs, "servid", \%table, "slapd", "ServerIdentifier"); > addAndCheck(\%cgiargs, "suffix", \%table, "slapd", "Suffix"); > >+if (defined($table{"General"}->{"ServerRoot"})) { >+ $cgiargs{"sroot"} = $table{"General"}->{"ServerRoot"}; >+} else { >+ $cgiargs{"sroot"} = '@serverdir@'; >+} >+ > # either servport or ldapifilepath must be specified - the server must > # listen to something . . . > my $canlisten = 0; > if (defined($table{"slapd"}->{"ServerPort"}) && > $table{"slapd"}->{"ServerPort"} > 0) { > $canlisten = 1; > $cgiargs{"servport"} = $table{"slapd"}->{"ServerPort"}; > } else { > $cgiargs{"servport"} = "0"; # 0 means do not listen > } > if (defined($table{"slapd"}->{"ldapifilepath"})) { > $canlisten = 1; > $cgiargs{"ldapifilepath"} = $table{"slapd"}->{"ldapifilepath"}; > } > if (! $canlisten) { >- usage("Either ServerPort or ldapifilepath must be specified in the slapd section of $filename"); >+ usage("Either ServerPort or ldapifilepath must be specified in the slapd section"); > } > > # the following items are optional > > $cgiargs{"lock_dir"} = $table{"slapd"}->{"lock_dir"}; > $cgiargs{"log_dir"} = $table{"slapd"}->{"log_dir"}; > $cgiargs{"run_dir"} = $table{"slapd"}->{"run_dir"}; > $cgiargs{"db_dir"} = $table{"slapd"}->{"db_dir"}; >@@ -295,32 +357,31 @@ > # install_full_schema = 0 > > if (defined($table{"slapd"}->{"install_full_schema"})) { > $cgiargs{install_full_schema} = $table{"slapd"}->{"install_full_schema"}; > } else { > # server-side default is on > } > >-my $sroot = $cgiargs{sroot}; >- > my $prog = "@bindir@/ds_newinst"; > if (! -x $prog) { > $prog = "@libdir@/$package_name/ds_newinst"; > } > >-my $rc = &cgiFake($sroot, $verbose, >- $prog, \%cgiargs); >+my $rc = &cgiFake($verbose, $prog, \%cgiargs); > > if (!$rc) { > print "Success! Your new directory server instance was created\n"; > } else { > print "Error: Could not create new directory server instance\n"; > } > >+exit $rc; >+ > sub printhash { > my $table = shift; > > while (my ($key,$val) = each %{$table}) { > print "[$key]\n"; > while (my ($k2,$v2) = each %{$val}) { > print "$k2 = $v2\n"; > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=156518">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 243205
: 156518 |
156523