Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 315652 Details for
Bug 461028
Admin Server problem with mod_nss and NSS 3.12 on F9
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
diffs
cvsdiffs (text/plain), 12.55 KB, created by
Rich Megginson
on 2008-09-03 15:11:16 UTC
(
hide
)
Description:
diffs
Filename:
MIME Type:
Creator:
Rich Megginson
Created:
2008-09-03 15:11:16 UTC
Size:
12.55 KB
patch
obsolete
>Index: mod_admserv/mod_admserv.c >=================================================================== >RCS file: /cvs/dirsec/mod_admserv/mod_admserv.c,v >retrieving revision 1.33 >diff -u -8 -r1.33 mod_admserv.c >--- mod_admserv/mod_admserv.c 29 Nov 2007 23:22:18 -0000 1.33 >+++ mod_admserv/mod_admserv.c 3 Sep 2008 15:11:01 -0000 >@@ -81,16 +81,17 @@ > #define RQ_NOTES_EXECREF "execRef" > #define RQ_NOTES_EXECREFARGS "execRefArgs" > #define RQ_NOTES_LOGSUPPRESS "logSuppress" > #define RQ_NOTES_SIEPWD "siepwd" > #define RQ_NOTES_COMMAND_NAME "command-name" > #define RQ_NOTES_AUTHZ_REQUIRED "authz-required" > #define RUNTIME_COMMAND_BASE (char*)"commands/" > #define AUTH_URI "/admin-serv/authenticate" >+#define MOD_ADMSERV_CONFIG_KEY "mod_admserv" > > #define NETSCAPE_ROOT_BASEDN (char*)"o=NetscapeRoot" > > /* Globals...hack. */ > static char *configdir = NULL; /* set by ADMConfigDir in admserv.conf */ > static long cacheLifetime = 0; /* Defaults to 0 (entries immediately expire) */ > > /* This holds the ldap connection information for the configuration DS e.g. >@@ -115,28 +116,34 @@ > module AP_MODULE_DECLARE_DATA admserv_module; > > static int sync_task_sie_data(const char *name, char *query, void *arg, request_rec *r); > static int change_sie_password(const char *name, char *query, void* arg, request_rec *r); > static int create_auth_users_cache_entry(char *user, char *userDN, const char *userPW, char *ldapURL); > > static int admserv_check_user_id(request_rec *r); > >+/* per-process config structure */ >+typedef struct { >+ int nInitCount; >+} admserv_global_config; >+ > /* Per-directory configuration structure */ > typedef struct { > int nescompat; > int adminsdk; > char *cgibindir; /* ADMCgiBinDir - the cgi bin directory for this location */ > } admserv_config; > > /* Per-server config structure */ > typedef struct { > char *configdir; /* directory containing our config files such as adm.conf, local.conf, etc. */ > long cacheLifeTime; /* in seconds - how long to cache auth cred, task access */ > char *versionString; /* returned to client in the Admin-Server header */ >+ admserv_global_config *gconfig; /* pointer to per-process config */ > } admserv_serv_config; > > /* > * Locate our server configuration record for the specified server. > */ > static admserv_serv_config *our_sconfig(const server_rec *s) > { > return (admserv_serv_config *) ap_get_module_config(s->module_config, &admserv_module); >@@ -1552,17 +1559,19 @@ > &admserv_module); > > ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, > "admserv_check_authz: request for uri [%s]", r->uri); > > /* for some reason, we get sub requests for our tasks which we can ignore */ > if (r->main) { > ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, >- "admserv_check_authz: skipping sub request [%s]", r->uri); >+ "admserv_check_authz: skipping sub request [%s] - filename [%s] user [%s]", >+ r->uri, r->main->filename ? r->main->filename : "(null)", >+ r->main->user ? r->main->user : "(null)"); > return DECLINED; > } > > uri = apr_pstrdup(r->pool, r->uri); /* might need unparsed_uri here? */ > > if (!(p = strchr(uri+1, '/'))) { > ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, > "admserv_check_authz(): Skipping invalid URI [%s]", uri); >@@ -2192,34 +2201,44 @@ > * NSS caches SSL client session information - this cache must be cleared, otherwise > * NSS_Shutdown will give an error. mod_nss also does this (along with the NSS_Shutdown) > * It is ok to call SSL_ClearSessionCache multiple times. > */ > static > apr_status_t mod_admserv_unload(void *data) > { > SSL_ClearSessionCache(); >+ return OK; > } > >-/* >- * This is where we do the rest of our initialization, that depends >- * on configuration settings >- */ > static int >-mod_admserv_post_config(apr_pool_t *p, apr_pool_t *plog, >- apr_pool_t *ptemp, >- server_rec *base_server) >+do_admserv_post_config(apr_pool_t *p, apr_pool_t *plog, >+ apr_pool_t *ptemp, >+ server_rec *base_server) > { > AdmldapInfo info; > char path[PATH_MAX]; > int error; > LDAP *server; > char *errorInfo = NULL; > int tries = 0; > admserv_serv_config *srv_cfg = NULL; >+ >+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, base_server, >+ "Entering do_admserv_post_config - pid is [%d]", >+ getpid()); >+ >+ /* if configdir was not set in the config, get from the environment */ >+ srv_cfg = our_sconfig(base_server); >+ srv_cfg->gconfig->nInitCount++; >+ >+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, base_server, >+ "Entering do_admserv_post_config - init count is [%d]", >+ srv_cfg->gconfig->nInitCount); >+ > servers = HashTableCreate(); > auth_users = HashTableCreate(); > auth_tasks = HashTableCreate(); > > /* > * Let us cleanup on restarts and exists > */ > apr_pool_cleanup_register(p, base_server, >@@ -2235,29 +2254,29 @@ > > /* cache entry expiration */ > cacheLifetime = srv_cfg->cacheLifeTime; > ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, base_server, > "[%d] Cache expiration set to %ld seconds", getpid(), cacheLifetime); > > if (configdir) { > } else { >- ap_log_error(APLOG_MARK, APLOG_CRIT, 0, base_server, "mod_admserv_post_config(): NULL ADMConfigDir"); >+ ap_log_error(APLOG_MARK, APLOG_CRIT, 0, base_server, "do_admserv_post_config(): NULL ADMConfigDir"); > return DONE; > } > > admserv_runtime_command_init(); > admserv_register_runtime_command(RUNTIME_RESYNC_COMMAND, sync_task_sie_data, NULL); > admserv_register_runtime_command(CHANGE_SIEPWD_COMMAND, change_sie_password, NULL); > > info = admldapBuildInfo(configdir, &error); > > if (info) { > } else { >- ap_log_error(APLOG_MARK, APLOG_CRIT, 0, base_server, "mod_admserv_post_config(): unable to create AdmldapInfo"); >+ ap_log_error(APLOG_MARK, APLOG_CRIT, 0, base_server, "do_admserv_post_config(): unable to create AdmldapInfo"); > return DONE; > } > > /* Registry DS setup */ > registryServer.host = admldapGetHost(info); > registryServer.port = (admldapGetPort(info) < 0) ? 389 : admldapGetPort(info); > registryServer.secure = (admldapGetSecurity(info)) ? 1 : 0; > registryServer.baseDN = admldapGetBaseDN(info); >@@ -2314,17 +2333,17 @@ > char normStartds[LINE_LENGTH]; > char *storage = startds; > char *uri = apr_pstrdup(module_pool, STARTDS_IDENTIFIER); > TaskCacheEntry *cache_entry; > > if (!build_full_DN(&storage, startds+LINE_LENGTH, uri, > registryServer.admservSieDN)) { > ap_log_error(APLOG_MARK, APLOG_ERR, 0, base_server, >- "mod_admserv_post_config: unable to build DN from URL - bad URL [%s]", >+ "do_admserv_post_config: unable to build DN from URL - bad URL [%s]", > uri?uri:"none"); > return OK; > } > convert_to_lower_case(startds); > adm_normalize_dn(startds, normStartds); > if (!(cache_entry = (TaskCacheEntry *)HashTableFind(auth_tasks, normStartds))) { > cache_entry = (TaskCacheEntry*)apr_pcalloc(module_pool, sizeof(TaskCacheEntry)); > cache_entry->auth_userDNs = HashTableCreate(); >@@ -2356,16 +2375,75 @@ > populate_task_cache_entries(LOCAL_SUPER_NAME, server); > > closeLDAPConnection(server); > > return host_ip_init(p, plog, ptemp, base_server); > } > > /* >+ * This is where we do the rest of our initialization, that depends >+ * on configuration settings >+ */ >+static int >+mod_admserv_post_config(apr_pool_t *p, apr_pool_t *plog, >+ apr_pool_t *ptemp, >+ server_rec *base_server) >+{ >+ int status = OK; >+ admserv_serv_config *srv_cfg = NULL; >+ >+ srv_cfg = our_sconfig(base_server); >+ >+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, base_server, >+ "Entering mod_admserv_post_config - pid is [%d] init count is [%d]", >+ getpid(), srv_cfg->gconfig->nInitCount); >+ >+ /* if configdir was not set in the config, get from the environment */ >+ if (srv_cfg->gconfig->nInitCount < 1) { >+ status = do_admserv_post_config(p, plog, ptemp, base_server); >+ } else { >+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, base_server, >+ "mod_admserv_post_config - pid is [%d] - post config already done once -" >+ " additional config will be done in init_child", >+ getpid()); >+ } >+ >+ return status; >+} >+ >+admserv_global_config *admserv_config_global_create(server_rec *s) >+{ >+ apr_pool_t *pool = s->process->pool; >+ admserv_global_config *globalc = NULL; >+ void *vglobalc = NULL; >+ >+ apr_pool_userdata_get(&vglobalc, MOD_ADMSERV_CONFIG_KEY, pool); >+ if (vglobalc) { >+ return vglobalc; /* reused for lifetime of the server */ >+ } >+ >+ /* >+ * allocate an own subpool which survives server restarts >+ */ >+ globalc = (admserv_global_config *)apr_palloc(pool, sizeof(*globalc)); >+ >+ /* >+ * initialize per-module configuration >+ */ >+ globalc->nInitCount = 0; >+ >+ apr_pool_userdata_set(globalc, MOD_ADMSERV_CONFIG_KEY, >+ apr_pool_cleanup_null, >+ pool); >+ >+ return globalc; >+} >+ >+/* > * Create the per-directory structure. > */ > static void * create_config(apr_pool_t *p, char *path) > { > admserv_config * cf = (admserv_config *) apr_palloc(p, sizeof(admserv_config)); > cf->nescompat = 0; > cf->adminsdk = 0; > cf->cgibindir = 0; >@@ -2378,16 +2456,17 @@ > /* > * Create the per-server structure. > */ > static void * create_server_config(apr_pool_t *p, server_rec *s) > { > admserv_serv_config * cf = (admserv_serv_config *) apr_pcalloc(p, sizeof(admserv_serv_config)); > ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL, "[%d] create_server_config [0x%x] for %s", > getpid(), cf, s->server_hostname ? s->server_hostname : "(null)"); >+ cf->gconfig = admserv_config_global_create(s); > > return (void *) cf; > } > > static const char * adminsdk(cmd_parms *cmd, void *dconf, int flag) > { > admserv_config *cf = (admserv_config *)dconf; > >@@ -2786,16 +2865,41 @@ > ap_log_error(APLOG_MARK, APLOG_ERR, 0 /* status */, NULL, > "This module only supports the threaded MPM"); > exit(1); > } > > return OK; > } > >+static void admserv_init_child(apr_pool_t *p, server_rec *base_server) >+{ >+ admserv_serv_config *srv_cfg = NULL; >+ >+ srv_cfg = our_sconfig(base_server); >+ >+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0 /* status */, NULL, >+ "Entering admserv_init_child pid [%d] init count is [%d]", >+ getpid(), srv_cfg->gconfig->nInitCount); >+ >+ /* if configdir was not set in the config, get from the environment */ >+ srv_cfg = our_sconfig(base_server); >+ if (srv_cfg->gconfig->nInitCount > 0) { >+ do_admserv_post_config(p, NULL, NULL, base_server); >+ } else { >+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, base_server, >+ "admserv_init_child - pid is [%d] - config should be done in regular post config", >+ getpid()); >+ } >+ >+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0 /* status */, NULL, >+ "Leaving admserv_init_child"); >+ return; >+} >+ > /* > The order in which hooks are called is: > pre_config > - command_rec commands, if any > post_config > pre_connection > post_connection > post_read_request >@@ -2829,16 +2933,18 @@ > ap_hook_post_config(mod_admserv_post_config, aszPre, NULL, APR_HOOK_MIDDLE); > /* called at read_request phase to block clients from disallowed hosts */ > ap_hook_post_read_request(admserv_host_ip_check, NULL, NULL, APR_HOOK_MIDDLE); > ap_hook_check_user_id(admserv_check_user_id, NULL, aszPost, APR_HOOK_MIDDLE); > ap_hook_auth_checker(admserv_check_authz, NULL, NULL, APR_HOOK_FIRST); > ap_hook_fixups(fixup_nescompat, NULL, NULL, APR_HOOK_MIDDLE); > ap_hook_fixups(fixup_adminsdk, NULL, NULL, APR_HOOK_MIDDLE); > ap_hook_fixups(fixup_admin_server_header, NULL, NULL, APR_HOOK_MIDDLE); >+ /* do per forked child init */ >+ ap_hook_child_init(admserv_init_child, NULL,NULL, APR_HOOK_MIDDLE); > } > > static const command_rec mod_adm_cmds[] = > { > AP_INIT_FLAG("NESCompatEnv", nescompat, NULL, OR_AUTHCFG, > "On or Off to enable or disable (default) NES-compatible environment variables."), > AP_INIT_FLAG("AdminSDK", adminsdk, NULL, OR_AUTHCFG, > "On to interoperate with the AdminSDK properly."),
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=315652">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 461028
: 315652