Bug 213788

Summary: Admin Server cannot talk to SSL Config DS
Product: [Retired] 389 Reporter: Rich Megginson <rmeggins>
Component: AdminAssignee: Rich Megginson <rmeggins>
Status: CLOSED CURRENTRELEASE QA Contact: Viktor Ashirov <vashirov>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.0.2CC: nhosoi, nkinder
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-07 16:41:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 152373, 213957, 240316    
Attachments:
Description Flags
diffs
none
cvs commit log
none
diffs for mem leaks none

Description Rich Megginson 2006-11-02 23:28:08 UTC 
If you enable the use of TLS from the admin server to the config DS, the admin
server will error and exit.  Works fine if you use ldap instead of ldaps.  This
is controlled by the file shared/config/dbswitch.conf.
Comment 1 Rich Megginson 2006-11-03 15:55:22 UTC 
Created attachment 140263 [details]
diffs

The logic in mod_admserv.c expects admldapBuildInfoSSL to return success but
with a NULL ldap handle if no password was given or found.  This is essentially
what admldapBuildInfo does in the same situation.  I also found and fixed a few
memory leaks with both strings and LDAP handles.
Comment 2 Noriko Hosoi 2006-11-03 17:19:37 UTC 
Smart fixes!  Approved.
Comment 3 Rich Megginson 2006-11-03 17:42:46 UTC 
Created attachment 140293 [details]
cvs commit log

Reviewed by: nhosoi (Thanks!)
Files: see diff
Branch: HEAD
Fix Description: The logic in mod_admserv.c expects admldapBuildInfoSSL to
return success but
with a NULL ldap handle if no password was given or found.  This is essentially

what admldapBuildInfo does in the same situation.  I also found and fixed a few

memory leaks with both strings and LDAP handles.
Platforms tested: FC5
Flag Day: no
Doc impact: no
Comment 4 Nathan Kinder 2006-11-03 17:44:59 UTC 
The fixes look good.  It also looks like we may be leaking the host strings in
libadmsslutil/uginfossl.c and libadmsslutil/srvutilssl.c due to the way we are
using admldapGetHost().  We should probably just fix that at the same time.
Comment 5 Rich Megginson 2006-11-03 18:29:54 UTC 
Created attachment 140300 [details]
diffs for mem leaks

Fix more memory leaks in libadmsslutil
Comment 6 Nathan Kinder 2006-11-03 20:00:54 UTC 
Looks good!
Comment 7 Rich Megginson 2006-11-03 21:27:28 UTC 
Fixed additional memory leaks caused by not freeing the return value of the
admldapGet*() functions and not calling ldap_unbind().

Checking in adminutil/lib/libadmsslutil/srvutilssl.c;
/cvs/dirsec/adminutil/lib/libadmsslutil/srvutilssl.c,v  <--  srvutilssl.c
new revision: 1.3; previous revision: 1.2
done
Checking in adminutil/lib/libadmsslutil/uginfossl.c;
/cvs/dirsec/adminutil/lib/libadmsslutil/uginfossl.c,v  <--  uginfossl.c
new revision: 1.2; previous revision: 1.1
done
Comment 8 Yi Zhang 2007-12-03 23:19:34 UTC 
Verification test: PASS
Test machine: cypher. dsdev.sjc.redhat.com (RHEL 5 64bit)

Test steps:
1. install DS. Admin and console on cypher
2. enable SSL on DS
3. start slapd, admin
4. launch console. 
Verify: Admin console panle can launch DS Config Panel. 
Test result: PASS