The findSIEDNByIDSSL() function in adminutil needs to use the credentials used to authenticate to the webserver instead of the siedn when calling getServerDNListSSL(). The attached diffs save the siedn off before calling getServerDNListSSL() and set the userdn and password in the AdmLDAPInfo to the credentials supplied by the password pipe. There's also an unrelated change in the code that parses admpw. On my machine (FC6 i386), the parsing of admpw was giving incorrect results as viewed in gdb. For some reason, the pointer was being incremented before assignment. Noriko did not observe this on her RHEL4 machine, but we agreed that the changes I made are more safe as we will always get the intended results.
Created attachment 158146 [details] CVS Diffs
Looks good.
Rich pointed out an error in the increment of the pointer when parsing admpw. Here's the diff that addresses the issue he pointed out. retrieving revision 1.8 diff -u -5 -t -r1.8 admutil.c --- lib/libadminutil/admutil.c 8 May 2007 19:13:25 -0000 1.8 +++ lib/libadminutil/admutil.c 28 Jun 2007 18:11:25 -0000 @@ -1245,11 +1245,12 @@ break; case 1: /* EOF */ default: password = strchr(buf, ':'); - *password++ = '\0'; + *password = '\0'; + password++; while (*password) { if (*password == ' ') password++; else break; }
admldapGetSIEDN() returns malloc'ed memory - you should call PL_strfree() when done with the value.
Created attachment 158149 [details] Revised Diffs This new set of diffs addresses Rich's comment about the need to free the siedn. I also did some more tests around the parsing of the admpw contents since the orignal code is correct and should work as intended. I found that the original code does in fact work on the same machine where I saw it fail before. I'm thinking that this was due to memory corruption from another bug (bug 245396) that I was running up against in adminutil at that time. I've backed my changes to this area of code out.
Checked into adminutil (HEAD). Thanks to Rich and Noriko for their reviews! Checking in lib/libadmsslutil/srvutilssl.c; /cvs/dirsec/adminutil/lib/libadmsslutil/srvutilssl.c,v <-- srvutilssl.c new revision: 1.6; previous revision: 1.5 done
adminutil-1.1.3-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.