Bug 213788 - Admin Server cannot talk to SSL Config DS
Admin Server cannot talk to SSL Config DS
Status: CLOSED CURRENTRELEASE
Product: 389
Classification: Community
Component: Admin (Show other bugs)
1.0.2
All All
medium Severity medium
: ---
: ---
Assigned To: Rich Megginson
Viktor Ashirov
:
Depends On:
Blocks: 152373 fds104tracking 240316
  Show dependency treegraph
 
Reported: 2006-11-02 18:28 EST by Rich Megginson
Modified: 2015-12-07 11:41 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-07 11:41:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
diffs (3.59 KB, patch)
2006-11-03 10:55 EST, Rich Megginson
no flags Details | Diff
cvs commit log (339 bytes, application/octet-stream)
2006-11-03 12:42 EST, Rich Megginson
no flags Details
diffs for mem leaks (6.96 KB, patch)
2006-11-03 13:29 EST, Rich Megginson
no flags Details | Diff

  None (edit)
Description Rich Megginson 2006-11-02 18:28:08 EST
If you enable the use of TLS from the admin server to the config DS, the admin
server will error and exit.  Works fine if you use ldap instead of ldaps.  This
is controlled by the file shared/config/dbswitch.conf.
Comment 1 Rich Megginson 2006-11-03 10:55:22 EST
Created attachment 140263 [details]
diffs

The logic in mod_admserv.c expects admldapBuildInfoSSL to return success but
with a NULL ldap handle if no password was given or found.  This is essentially
what admldapBuildInfo does in the same situation.  I also found and fixed a few
memory leaks with both strings and LDAP handles.
Comment 2 Noriko Hosoi 2006-11-03 12:19:37 EST
Smart fixes!  Approved.
Comment 3 Rich Megginson 2006-11-03 12:42:46 EST
Created attachment 140293 [details]
cvs commit log

Reviewed by: nhosoi (Thanks!)
Files: see diff
Branch: HEAD
Fix Description: The logic in mod_admserv.c expects admldapBuildInfoSSL to
return success but
with a NULL ldap handle if no password was given or found.  This is essentially

what admldapBuildInfo does in the same situation.  I also found and fixed a few

memory leaks with both strings and LDAP handles.
Platforms tested: FC5
Flag Day: no
Doc impact: no
Comment 4 Nathan Kinder 2006-11-03 12:44:59 EST
The fixes look good.  It also looks like we may be leaking the host strings in
libadmsslutil/uginfossl.c and libadmsslutil/srvutilssl.c due to the way we are
using admldapGetHost().  We should probably just fix that at the same time.
Comment 5 Rich Megginson 2006-11-03 13:29:54 EST
Created attachment 140300 [details]
diffs for mem leaks

Fix more memory leaks in libadmsslutil
Comment 6 Nathan Kinder 2006-11-03 15:00:54 EST
Looks good!
Comment 7 Rich Megginson 2006-11-03 16:27:28 EST
Fixed additional memory leaks caused by not freeing the return value of the
admldapGet*() functions and not calling ldap_unbind().

Checking in adminutil/lib/libadmsslutil/srvutilssl.c;
/cvs/dirsec/adminutil/lib/libadmsslutil/srvutilssl.c,v  <--  srvutilssl.c
new revision: 1.3; previous revision: 1.2
done
Checking in adminutil/lib/libadmsslutil/uginfossl.c;
/cvs/dirsec/adminutil/lib/libadmsslutil/uginfossl.c,v  <--  uginfossl.c
new revision: 1.2; previous revision: 1.1
done
Comment 8 Yi Zhang 2007-12-03 18:19:34 EST
Verification test: PASS
Test machine: cypher. dsdev.sjc.redhat.com (RHEL 5 64bit)

Test steps:
1. install DS. Admin and console on cypher
2. enable SSL on DS
3. start slapd, admin
4. launch console. 
Verify: Admin console panle can launch DS Config Panel. 
Test result: PASS

Note You need to log in before you can comment on or make changes to this bug.