Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 158674 Details for
Bug 247283
Multiple problems with CGIs used by Admin Server Console
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
CVS Diffs
diffs.txt (text/plain), 11.70 KB, created by
Nathan Kinder
on 2007-07-06 17:09:01 UTC
(
hide
)
Description:
CVS Diffs
Filename:
MIME Type:
Creator:
Nathan Kinder
Created:
2007-07-06 17:09:01 UTC
Size:
11.70 KB
patch
obsolete
>Index: admserv/cgi-src40/ReadLog.c >=================================================================== >RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/ReadLog.c,v >retrieving revision 1.7 >diff -u -5 -t -r1.7 ReadLog.c >--- admserv/cgi-src40/ReadLog.c 11 May 2007 19:44:05 -0000 1.7 >+++ admserv/cgi-src40/ReadLog.c 6 Jul 2007 15:54:35 -0000 >@@ -85,19 +85,14 @@ > } > > > int getLogNames() > { >- char line[BIG_LINE]; >- const char *logdir = util_get_log_dir(); >+ char line[BIG_LINE]; > const char *configdir = util_get_conf_dir(); >- char filename[BIG_LINE]; >- FILE *f; >- >- if (!logdir) { >- return 0; >- } >+ char filename[BIG_LINE]; >+ FILE *f; > > if (!util_find_file_in_paths(filename, sizeof(filename), "local.conf", > configdir, "", "admin-serv/config")) { > return 0; > } >@@ -110,16 +105,16 @@ > { > fgets(line, sizeof(line), f); > > if(PL_strcasestr(line, "nserrorlog")) > { >- PR_snprintf(errorlog, sizeof(errorlog), "%s/%s", logdir, getLogName(line)); >+ PR_snprintf(errorlog, sizeof(errorlog), "%s", getLogName(line)); > } > else > if(PL_strcasestr(line, "nsaccesslog")) > { >- PR_snprintf(accesslog, sizeof(accesslog), "%s/%s", logdir, getLogName(line)); >+ PR_snprintf(accesslog, sizeof(accesslog), "%s", getLogName(line)); > } > } > fclose(f); > } > return 0; >Index: admserv/cgi-src40/config.c >=================================================================== >RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/config.c,v >retrieving revision 1.11 >diff -u -5 -t -r1.11 config.c >--- admserv/cgi-src40/config.c 22 Jun 2007 01:34:19 -0000 1.11 >+++ admserv/cgi-src40/config.c 6 Jul 2007 15:54:35 -0000 >@@ -223,14 +223,10 @@ > } > > if (binddn) rv = ADM_GetCurrentPassword(&err, &bindpw); > > adminfo = admldapBuildInfo(configdir, &rv); >- if (adminfo) { >- binddn = admldapGetSIEDN(adminfo); >- bindpw = admldapGetSIEPWD(adminfo); >- } > > errorCode = ADMSSL_InitSimple(configdir, secdir, 0); > if (errorCode) { > if (i18nResource) > rpt_err(APP_ERROR, >Index: admserv/cgi-src40/sec-activate.c >=================================================================== >RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/sec-activate.c,v >retrieving revision 1.9 >diff -u -5 -t -r1.9 sec-activate.c >--- admserv/cgi-src40/sec-activate.c 11 May 2007 19:44:05 -0000 1.9 >+++ admserv/cgi-src40/sec-activate.c 6 Jul 2007 15:54:36 -0000 >@@ -605,20 +605,10 @@ > ssl3 = get_cgi_var("ssl3", "", ""); > ssl2_act = get_cgi_var("ssl2-activated", "", ""); > ssl3_act = get_cgi_var("ssl3-activated", "", ""); > clientauth = get_cgi_var("clientauth", "", ""); > >- /* Parse out complete family list */ >- get_family_input(&family_head); >- >- /* SET SSL VARIABLES via pset */ >- >- /* first, cipher family info */ >- SetSSLFamilyAttributes(pset, family_head, ssl2, ssl3, ssl2_act, ssl3_act); >- >- set_attribute(pset, "configuration.encryption.nsSSLClientAuth", clientauth); >- > /* change "security" in LDAP and adm.conf to "on"/"off" */ > set_security(pset, configdir, security); > > /* change security parameters in console.conf */ > if (strcmp(security, "off")==0) { >@@ -630,10 +620,18 @@ > else if (strcmp(security, "on")==0) { > char certnickname[BIG_LINE]; > char protocols[BIG_LINE]; > char ciphers[BIG_LINE]; > >+ /* Parse out complete family list */ >+ get_family_input(&family_head); >+ >+ /* set cipher family info */ >+ SetSSLFamilyAttributes(pset, family_head, ssl2, ssl3, ssl2_act, ssl3_act); >+ >+ set_attribute(pset, "configuration.encryption.nsSSLClientAuth", clientauth); >+ > if (get_cert_nickname(certnickname, sizeof(certnickname)) < 0) { > char * scratch = PR_smprintf(getResourceString(DBT_CGI_MISSING_ARGS), certnickname); > rpt_err(ELEM_MISSING, NULL, scratch, NULL); > PR_smprintf_free(scratch); /* never executed */ > } >Index: admserv/newinst/src/adminserver.map.in >=================================================================== >RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/adminserver.map.in,v >retrieving revision 1.4 >diff -u -5 -t -r1.4 adminserver.map.in >--- admserv/newinst/src/adminserver.map.in 25 Jun 2007 18:23:53 -0000 1.4 >+++ admserv/newinst/src/adminserver.map.in 6 Jul 2007 15:54:36 -0000 >@@ -62,11 +62,11 @@ > timestamp = `use Time::gmtime; my $gm = gmtime; $returnvalue = sprintf ("%04d%02d%02d%02d%02d%02dZ", 1900+$gm->year, 1+$gm->mon, $gm->mday, $gm->hour, $gm->min, $gm->sec);` > > asid = `use Net::Domain qw(hostname); $returnvalue = hostname();` > as_port = Port > admpw = "@configdir@/admpw" >-as_error = "@logdir@/errors" >+as_error = "@logdir@/error" > as_access = "@logdir@/access" > as_pid = "@pidfile@" > as_console_jar = "%normbrand%-admserv-%as_baseversion%.jar" > as_help_path = "@helpdir@" > as_user = SysUser >Index: admserv/newinst/src/register_param.map.in >=================================================================== >RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/register_param.map.in,v >retrieving revision 1.5 >diff -u -5 -t -r1.5 register_param.map.in >--- admserv/newinst/src/register_param.map.in 28 Jun 2007 16:24:41 -0000 1.5 >+++ admserv/newinst/src/register_param.map.in 6 Jul 2007 15:54:36 -0000 >@@ -66,11 +66,11 @@ > as_uid = ServerAdminID > as_passwd = ServerAdminPwd > asid = `use Net::Domain qw(hostname); $returnvalue = hostname();` > as_port = Port > admpw = "@configdir@/admpw" >-as_error = "@logdir@/errors" >+as_error = "@logdir@/error" > as_access = "@logdir@/access" > as_pid = "@pidfile@" > as_console_jar = "%normbrand%-admserv-%as_baseversion%.jar" > as_help_path = "@helpdir@" > as_user = SysUser >Index: mod_admserv/mod_admserv.c >=================================================================== >RCS file: /cvs/dirsec/mod_admserv/mod_admserv.c,v >retrieving revision 1.31 >diff -u -5 -t -r1.31 mod_admserv.c >--- mod_admserv/mod_admserv.c 22 Jun 2007 22:37:46 -0000 1.31 >+++ mod_admserv/mod_admserv.c 6 Jul 2007 15:54:36 -0000 >@@ -770,19 +770,21 @@ > > return 1; > } > > static int >-buildUGInfo(char** errorInfo, const server_rec *s) { >+buildUGInfo(char** errorInfo, const request_rec *r) { > AdmldapInfo info = NULL; >+ server_rec *s = r->server; > int error = 0; > char path[PATH_MAX]; > char *userGroupLdapURL = NULL; > char *userGroupBindDN = NULL; > char *userGroupBindPW = NULL; > char *dirInfoRef = NULL; >- int retval = FALSE; >+ int retval = FALSE; >+ char *siedn = NULL; > > *errorInfo = (char*)""; > > /* Check whether data is available already */ > if (userGroupServer.host) return TRUE; >@@ -790,30 +792,44 @@ > if (!configdir) { > *errorInfo = (char*)"NULL config dir"; > goto done; > } > >- if (!(info = admldapBuildInfo(configdir, &error))) { >+ if (!(info = admldapBuildInfoOnly(configdir, &error))) { > ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, s, > "buildUGInfo(): unable to create AdmldapInfo (error code = %d)", > error); > goto done; > } > >+ /* Temporarily override the siedn. This needs to be >+ * done to get a valid LDAP handle. >+ */ >+ siedn = admldapGetSIEDN(info); >+ >+ admldapSetSIEDN(info, apr_table_get(r->notes, RQ_NOTES_USERDN)); >+ admSetCachedSIEPWD(apr_table_get(r->notes, RQ_NOTES_USERPW)); >+ >+ > if (admldapGetSecurity(info)) { > sslinit(info, configdir); >- if (admldapBuildInfoSSL(info, &error)) { >- } else { >- char *host = admldapGetHost(info); >- ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, s, >- "buildUGInfo(): unable to initialize TLS connection to LDAP host %s port %d: %d", >- host, admldapGetPort(info), error); >- PL_strfree(host); >- goto done; >- } > } > >+ if (!admldapBuildInfoSSL(info, &error)) { >+ char *host = admldapGetHost(info); >+ ap_log_error(APLOG_MARK, APLOG_CRIT, 0 /* status */, s, >+ "buildUGInfo(): unable to initialize TLS connection to LDAP host %s port %d: %d", >+ host, admldapGetPort(info), error); >+ PL_strfree(host); >+ goto done; >+ } >+ >+ /* We need to reset the siedn before we call >+ * admldapGetLocalUserDirectory below. >+ */ >+ admldapSetSIEDN(info, siedn); >+ > userGroupServer.host = NULL; > userGroupServer.port = 0; > userGroupServer.secure = 0; > userGroupServer.baseDN = NULL; > userGroupServer.admservSieDN = NULL; >@@ -837,20 +853,21 @@ > if (error != UG_OP_OK) { > *errorInfo = (char*)"unable to set User/Group baseDN"; > goto done; > } > } >- >+ > if (!extractLdapServerData(&userGroupServer, userGroupLdapURL, s)) { > *errorInfo = (char*)"unable to extract User/Group LDAP info"; > goto done; > } > userGroupServer.bindDN = userGroupBindDN ? apr_pstrdup(module_pool, userGroupBindDN) : NULL; > userGroupServer.bindPW = userGroupBindPW ? apr_pstrdup(module_pool, userGroupBindPW) : NULL; > retval = TRUE; /* made it here, so success */ > > done: >+ PL_strfree(siedn); > PL_strfree(userGroupLdapURL); > PL_strfree(userGroupBindDN); > PL_strfree(userGroupBindPW); > PL_strfree(dirInfoRef); > destroyAdmldap(info); >@@ -2209,23 +2226,16 @@ > registryServer.bindPW = ""; /* deprecated - use user credentials */ > registryServer.admservSieDN = admldapGetSIEDN(info); > > destroyAdmldap(info); > info = NULL; >- /* DT 5/18/98 Change for new User/Group stuff */ >- >- /* Populate U/G Info */ > >+ /* Initialize the UG host to NULL. This will cause the >+ * UG info to be loaded the first time a user authenticates. >+ */ > userGroupServer.host = NULL; > >- if (buildUGInfo(&errorInfo, base_server) != TRUE) { >- ap_log_error(APLOG_MARK, APLOG_CRIT, 0, base_server, >- "mod_admserv_post_config(): unable to build user/group LDAP server info: %s", >- errorInfo); >- return DONE; >- } >- > /* Register the admin server tasks */ > task_register_server(ADMIN_SERVER_ID, registryServer.admservSieDN); > > /* Populate the auth_tasks cache for the Local Admin */ > >@@ -2416,17 +2426,24 @@ > return NULL; > } > > static int userauth(request_rec *r) > { >+ char *dummy = NULL; >+ > if (strcmp(r->handler, "user-auth")) > return DECLINED; > > r->allowed |= (AP_METHOD_BIT << M_GET); > if (r->method_number != M_GET) > return DECLINED; > >+ /* If U/G Info is not available, try to get it */ >+ if (!(userGroupServer.host)) { >+ buildUGInfo(&dummy, r); >+ } >+ > ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL, "userauth, bind %s", > apr_table_get(r->notes, RQ_NOTES_USERDN)); > > ap_set_content_type(r, "text/html"); > >@@ -2612,11 +2629,11 @@ > > /* Then, try the user/group server */ > > /* If U/G Info is not available, try to get it */ > if (!(userGroupServer.host)) { >- buildUGInfo(&dummy, r->server); >+ buildUGInfo(&dummy, r); > } > > if (userGroupServer.host) { > ret = authenticate_user(&userGroupServer, NULL, r->user, sent_pw, r); > if (ret != DECLINED) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=158674">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 247283
: 158674