From fedora-directory-commits at redhat.com Mon Dec 3 18:16:35 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Mon, 3 Dec 2007 13:16:35 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd log.c, 1.20, 1.21 Message-ID: <200712031816.lB3IGZGp026486@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26331 Modified Files: log.c Log Message: Resolves: #403351 Summary: LongDuration: Error log Rotation test suite causes slapd hang Problem description: LDAPDebug eventually calls slapd_log_error_proc_internal, which obtains the lock. If any functions called in the lock tries to log into the errors log, it tries to get the same lock and it hangs there since the underlying PR_Lock is not reentrant. Fix description: log__enough_freespace and log__delete_error_logfile could be called indirectly from slapd_log_error_proc_internal. Instead of LDAPDebug, changed these functions to call log__error_emergency when necessary. Index: log.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/log.c,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- log.c 23 Oct 2007 16:13:58 -0000 1.20 +++ log.c 3 Dec 2007 18:16:32 -0000 1.21 @@ -116,7 +116,7 @@ static int log__open_auditlogfile(int logfile_type, int locked); static int log__needrotation(LOGFD fp, int logtype); static int log__delete_access_logfile(); -static int log__delete_error_logfile(); +static int log__delete_error_logfile(int locked); static int log__delete_audit_logfile(); static int log__access_rotationinfof(char *pathname); static int log__error_rotationinfof(char *pathname); @@ -2926,10 +2926,14 @@ if (statvfs(path, &buf) == -1) #endif { - int oserr = errno; - LDAPDebug(LDAP_DEBUG_ANY, - "log__enough_freespace: Unable to get the free space (errno:%d)\n", - oserr,0,0); + char buffer[BUFSIZ]; + PR_snprintf(buffer, sizeof(buffer), + "log__enough_freespace: Unable to get the free space (errno:%d)\n", + errno); + /* This function could be called in the ERROR WRITE LOCK, + * which causes the self deadlock if you call LDAPDebug for logging. + * Thus, instead of LDAPDebug, call log__error_emergency with locked == 1. */ + log__error_emergency(buffer, 0, 1); return 1; } else { LL_UI2L(freeBytes, buf.f_bavail); @@ -3024,7 +3028,7 @@ ******************************************************************************/ static int -log__delete_error_logfile() +log__delete_error_logfile(int locked) { struct logfileinfo *logp = NULL; @@ -3044,18 +3048,27 @@ /* If we have only one log, then will delete this one */ if (loginfo.log_error_maxnumlogs == 1) { LOG_CLOSE(loginfo.log_error_fdes); - loginfo.log_error_fdes = NULL; + loginfo.log_error_fdes = NULL; PR_snprintf (buffer, sizeof(buffer), "%s", loginfo.log_error_file); if (PR_Delete(buffer) != PR_SUCCESS) { - LDAPDebug(LDAP_DEBUG_TRACE, - "LOGINFO:Unable to remove file:%s\n", loginfo.log_error_file,0,0); + if (!locked) { + /* if locked, we should not call LDAPDebug, + which tries to get a lock internally. */ + LDAPDebug(LDAP_DEBUG_TRACE, + "LOGINFO:Unable to remove file:%s\n", loginfo.log_error_file,0,0); + } } /* Delete the rotation file also. */ PR_snprintf (buffer, sizeof(buffer), "%s.rotationinfo", loginfo.log_error_file); if (PR_Delete(buffer) != PR_SUCCESS) { - LDAPDebug(LDAP_DEBUG_TRACE, - "LOGINFO:Unable to remove file:%s.rotationinfo\n", loginfo.log_error_file,0,0); + if (!locked) { + /* if locked, we should not call LDAPDebug, + which tries to get a lock internally. */ + LDAPDebug(LDAP_DEBUG_TRACE, + "LOGINFO:Unable to remove file:%s.rotationinfo\n", + loginfo.log_error_file,0,0); + } } return 0; } @@ -3084,7 +3097,7 @@ } /* If we have exceeded the max disk space or we have less than the - ** minimum, then we have to delete a file. + ** minimum, then we have to delete a file. */ if (total_size >= loginfo.log_error_maxdiskspace) { logstr = "exceeded maximum log disk space"; @@ -3145,10 +3158,14 @@ return 0; } } - LDAPDebug(LDAP_DEBUG_TRACE, + if (!locked) { + /* if locked, we should not call LDAPDebug, + which tries to get a lock internally. */ + LDAPDebug(LDAP_DEBUG_TRACE, "LOGINFO:Removing file:%s.%s because of (%s)\n", loginfo.log_error_file, tbuf, logstr); + } if (p_delete_logp == delete_logp) { /* then we are deleteing the first one */ @@ -3161,8 +3178,12 @@ log_convert_time (delete_logp->l_ctime, tbuf, 1 /*short */); PR_snprintf (buffer, sizeof(buffer), "%s.%s", loginfo.log_error_file, tbuf); if (PR_Delete(buffer) != PR_SUCCESS) { - LDAPDebug(LDAP_DEBUG_ANY, "LOGINFO:Unable to remove file:%s.%s\n", - loginfo.log_audit_file, tbuf,0); + /* This function could be called in the ERROR WRITE LOCK, + * which causes the self deadlock if you call LDAPDebug for logging. + * Thus, instead of LDAPDebug, call log__error_emergency with locked == 1. */ + PR_snprintf(buffer, sizeof(buffer), "LOGINFO:Unable to remove file:%s.%s\n", + loginfo.log_audit_file, tbuf); + log__error_emergency(buffer, 0, locked); } slapi_ch_free((void**)&delete_logp); loginfo.log_numof_error_logs--; @@ -3580,7 +3601,7 @@ /* Check if I have to delete any old file, delete it if it is required.*/ - while (log__delete_error_logfile()); + while (log__delete_error_logfile(1)); /* close the file */ if ( loginfo.log_error_fdes != NULL ) { From fedora-directory-commits at redhat.com Tue Dec 4 00:50:22 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Mon, 3 Dec 2007 19:50:22 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm ldbm_config.h, 1.6, 1.7 ldbm_instance_config.c, 1.9, 1.10 ldbm_config.c, 1.13, 1.14 dblayer.c, 1.25, 1.26 start.c, 1.7, 1.8 Message-ID: <200712040050.lB40oMUD029646@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29527 Modified Files: ldbm_config.h ldbm_instance_config.c ldbm_config.c dblayer.c start.c Log Message: Resolves: #231093 Summary: db2bak: crash bug (comment #8, 11) Description: Set the strong requirement: nsslapd-directory must have some value. to guarantee it: 1) checking errors from ldbm_config_directory_set. If the check fails, don't start the server. 2) if nsslapd-directory does not exist or the value is empty in dse.ldif, issuing an error message and returning the error code. 3) since it was difficult to distinguish the nsslapd-directory empty value from the initial default value, introduced CONFIG_FLAG_SKIP_DEFAULT_SETTING flag to tell the backend config code to skip setting the default value Index: ldbm_config.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ldbm_config.h,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- ldbm_config.h 10 Nov 2006 23:45:39 -0000 1.6 +++ ldbm_config.h 4 Dec 2007 00:50:19 -0000 1.7 @@ -72,6 +72,7 @@ #define CONFIG_FLAG_PREVIOUSLY_SET 1 #define CONFIG_FLAG_ALWAYS_SHOW 2 #define CONFIG_FLAG_ALLOW_RUNNING_CHANGE 4 +#define CONFIG_FLAG_SKIP_DEFAULT_SETTING 8 struct config_info { char *config_name; Index: ldbm_instance_config.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ldbm_instance_config.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- ldbm_instance_config.c 14 Nov 2007 15:04:51 -0000 1.9 +++ ldbm_instance_config.c 4 Dec 2007 00:50:19 -0000 1.10 @@ -480,8 +480,12 @@ 0, 0, 0); return 1; } - parse_ldbm_instance_config_entry(inst, entries[0], - ldbm_instance_config); + if (0 != parse_ldbm_instance_config_entry(inst, entries[0], + ldbm_instance_config)) { + LDAPDebug(LDAP_DEBUG_ANY, "Error parsing the config DSE\n", + 0, 0, 0); + return 1; + } } if (search_pb) Index: ldbm_config.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ldbm_config.c,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- ldbm_config.c 28 Nov 2007 19:03:42 -0000 1.13 +++ ldbm_config.c 4 Dec 2007 00:50:19 -0000 1.14 @@ -243,75 +243,86 @@ strdup'ed in rel2abspath */ LDAPDebug(LDAP_DEBUG_ANY, "New db directory location will not take affect until the server is restarted\n", 0, 0, 0); } else { - if (!strcmp(val, "get default")) { - /* We use this funky "get default" string for the caller to - * tell us that it has no idea what the db directory should - * be. This code figures it out be reading "cn=config,cn=ldbm - * database,cn=plugins,cn=config" entry. */ - Slapi_PBlock *search_pb; - Slapi_Entry **entries = NULL; - Slapi_Attr *attr = NULL; - Slapi_Value *v = NULL; - const char *s = NULL; - int res; - - search_pb = slapi_pblock_new(); - slapi_search_internal_set_pb(search_pb, CONFIG_LDBM_DN, - LDAP_SCOPE_BASE, "objectclass=*", NULL, 0, NULL, NULL, - li->li_identity, 0); - slapi_search_internal_pb(search_pb); - slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_RESULT, &res); - - if (res != LDAP_SUCCESS) { - LDAPDebug(LDAP_DEBUG_ANY, - "ERROR: ldbm plugin unable to read %s\n", - CONFIG_LDBM_DN, 0, 0); - goto done; - } - - slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries); - if (NULL == entries) { - LDAPDebug(LDAP_DEBUG_ANY, - "ERROR: ldbm plugin unable to read %s\n", - CONFIG_LDBM_DN, 0, 0); - res = LDAP_OPERATIONS_ERROR; - goto done; - } - - res = slapi_entry_attr_find(entries[0], "nsslapd-directory", &attr); - if (res != 0 || attr == NULL) { - LDAPDebug(LDAP_DEBUG_ANY, - "ERROR: ldbm plugin unable to read attribute nsslapd-directory from %s\n", - CONFIG_LDBM_DN, 0, 0); - res = LDAP_OPERATIONS_ERROR; - goto done; - } - - if ( slapi_attr_first_value(attr,&v) != 0 - || ( NULL == v ) - || ( NULL == ( s = slapi_value_get_string( v )))) { - LDAPDebug(LDAP_DEBUG_ANY, - "ERROR: ldbm plugin unable to read attribute nsslapd-directory from %s\n", - CONFIG_LDBM_DN, 0, 0); - res = LDAP_OPERATIONS_ERROR; - goto done; - } - -done: - slapi_pblock_destroy(search_pb); - if (res != LDAP_SUCCESS) { - return res; - } - PR_snprintf(tmpbuf, BUFSIZ, "%s", s); - val = tmpbuf; - } slapi_ch_free((void **) &(li->li_new_directory)); slapi_ch_free((void **) &(li->li_directory)); - li->li_new_directory = rel2abspath(val); /* normalize the path; - strdup'ed in rel2abspath */ - li->li_directory = rel2abspath(val); /* ditto */ + if (NULL == val || '\0' == *val) { + LDAPDebug(LDAP_DEBUG_ANY, + "ERROR: db directory is not set; check %s in the db config: %s\n", + CONFIG_DIRECTORY, CONFIG_LDBM_DN, 0); + retval = LDAP_PARAM_ERROR; + } else { + if (0 == strcmp(val, "get default")) { + /* We use this funky "get default" string for the caller to + * tell us that it has no idea what the db directory should + * be. This code figures it out be reading "cn=config,cn=ldbm + * database,cn=plugins,cn=config" entry. */ + Slapi_PBlock *search_pb; + Slapi_Entry **entries = NULL; + Slapi_Attr *attr = NULL; + Slapi_Value *v = NULL; + const char *s = NULL; + int res; + + search_pb = slapi_pblock_new(); + slapi_search_internal_set_pb(search_pb, CONFIG_LDBM_DN, + LDAP_SCOPE_BASE, "objectclass=*", NULL, 0, NULL, NULL, + li->li_identity, 0); + slapi_search_internal_pb(search_pb); + slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_RESULT, &res); + + if (res != LDAP_SUCCESS) { + LDAPDebug(LDAP_DEBUG_ANY, + "ERROR: ldbm plugin unable to read %s\n", + CONFIG_LDBM_DN, 0, 0); + retval = res; + goto done; + } + + slapi_pblock_get(search_pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries); + if (NULL == entries) { + LDAPDebug(LDAP_DEBUG_ANY, + "ERROR: ldbm plugin unable to read %s\n", + CONFIG_LDBM_DN, 0, 0); + retval = LDAP_OPERATIONS_ERROR; + goto done; + } + + res = slapi_entry_attr_find(entries[0], "nsslapd-directory", &attr); + if (res != 0 || attr == NULL) { + LDAPDebug(LDAP_DEBUG_ANY, + "ERROR: ldbm plugin unable to read attribute nsslapd-directory from %s\n", + CONFIG_LDBM_DN, 0, 0); + retval = LDAP_OPERATIONS_ERROR; + goto done; + } + + if ( slapi_attr_first_value(attr,&v) != 0 + || ( NULL == v ) + || ( NULL == ( s = slapi_value_get_string( v )))) { + LDAPDebug(LDAP_DEBUG_ANY, + "ERROR: ldbm plugin unable to read attribute nsslapd-directory from %s\n", + CONFIG_LDBM_DN, 0, 0); + retval = LDAP_OPERATIONS_ERROR; + goto done; + } + slapi_pblock_destroy(search_pb); + if (NULL == s || '\0' == s || 0 == PL_strcmp(s, "(null)")) { + LDAPDebug(LDAP_DEBUG_ANY, + "ERROR: db directory is not set; check %s in the db config: %s\n", + CONFIG_DIRECTORY, CONFIG_LDBM_DN, 0); + retval = LDAP_PARAM_ERROR; + goto done; + } + PR_snprintf(tmpbuf, BUFSIZ, "%s", s); + val = tmpbuf; + } + li->li_new_directory = rel2abspath(val); /* normalize the path; + strdup'ed in + rel2abspath */ + li->li_directory = rel2abspath(val); /* ditto */ + } } - +done: return retval; } @@ -1193,7 +1204,7 @@ {CONFIG_LOOKTHROUGHLIMIT, CONFIG_TYPE_INT, "5000", &ldbm_config_lookthroughlimit_get, &ldbm_config_lookthroughlimit_set, CONFIG_FLAG_ALWAYS_SHOW|CONFIG_FLAG_ALLOW_RUNNING_CHANGE}, {CONFIG_MODE, CONFIG_TYPE_INT_OCTAL, "0600", &ldbm_config_mode_get, &ldbm_config_mode_set, CONFIG_FLAG_ALWAYS_SHOW|CONFIG_FLAG_ALLOW_RUNNING_CHANGE}, {CONFIG_IDLISTSCANLIMIT, CONFIG_TYPE_INT, "4000", &ldbm_config_allidsthreshold_get, &ldbm_config_allidsthreshold_set, CONFIG_FLAG_ALWAYS_SHOW}, - {CONFIG_DIRECTORY, CONFIG_TYPE_STRING, "", &ldbm_config_directory_get, &ldbm_config_directory_set, CONFIG_FLAG_ALWAYS_SHOW|CONFIG_FLAG_ALLOW_RUNNING_CHANGE}, + {CONFIG_DIRECTORY, CONFIG_TYPE_STRING, "", &ldbm_config_directory_get, &ldbm_config_directory_set, CONFIG_FLAG_ALWAYS_SHOW|CONFIG_FLAG_ALLOW_RUNNING_CHANGE|CONFIG_FLAG_SKIP_DEFAULT_SETTING}, {CONFIG_DBCACHESIZE, CONFIG_TYPE_SIZE_T, "10000000", &ldbm_config_dbcachesize_get, &ldbm_config_dbcachesize_set, CONFIG_FLAG_ALWAYS_SHOW|CONFIG_FLAG_ALLOW_RUNNING_CHANGE}, {CONFIG_DBNCACHE, CONFIG_TYPE_INT, "0", &ldbm_config_dbncache_get, &ldbm_config_dbncache_set, CONFIG_FLAG_ALLOW_RUNNING_CHANGE}, {CONFIG_MAXPASSBEFOREMERGE, CONFIG_TYPE_INT, "100", &ldbm_config_maxpassbeforemerge_get, &ldbm_config_maxpassbeforemerge_set, 0}, @@ -1319,7 +1330,11 @@ 0, 0, 0); return 1; } - parse_ldbm_config_entry(li, entries[0], ldbm_config); + if (0 != parse_ldbm_config_entry(li, entries[0], ldbm_config)) { + LDAPDebug(LDAP_DEBUG_ANY, "Error parsing the ldbm config DSE\n", + 0, 0, 0); + return 1; + } } if (search_pb) { @@ -1520,6 +1535,9 @@ /* If the config phase is initialization or if bval is NULL, we will use * the default value for the attribute. */ if (CONFIG_PHASE_INITIALIZATION == phase || NULL == bval) { + if (CONFIG_FLAG_SKIP_DEFAULT_SETTING & config->config_flags) { + return LDAP_SUCCESS; /* Skipping the default config setting */ + } use_default = 1; } else { use_default = 0; Index: dblayer.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/dblayer.c,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- dblayer.c 18 Oct 2007 00:08:34 -0000 1.25 +++ dblayer.c 4 Dec 2007 00:50:19 -0000 1.26 @@ -1409,6 +1409,11 @@ /* DBDB we should pick these up in our config routine, and do away with * the li_ one */ + if (NULL == li->li_directory || '\0' == *li->li_directory) { + LDAPDebug(LDAP_DEBUG_ANY, + "Error: DB directory is not specified.\n", 0, 0, 0); + return -1; + } PR_Lock(li->li_config_mutex); priv->dblayer_home_directory = li->li_directory; /* nsslapd-directory */ priv->dblayer_cachesize = li->li_dbcachesize; Index: start.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/start.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- start.c 15 Mar 2007 21:34:32 -0000 1.7 +++ start.c 4 Dec 2007 00:50:19 -0000 1.8 @@ -63,7 +63,11 @@ slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &li ); /* parse the config file here */ - ldbm_config_load_dse_info(li); + if (0 != ldbm_config_load_dse_info(li)) { + LDAPDebug( LDAP_DEBUG_ANY, "start: Loading database configuration failed\n", + 0, 0, 0 ); + return SLAPI_FAIL_GENERAL; + } /* register with the binder-based resource limit subsystem so that */ /* lookthroughlimit can be supported on a per-connection basis. */ @@ -77,7 +81,7 @@ /* If the db directory hasn't been set yet, we need to set it to * the default. */ - if ('\0' == li->li_directory[0]) { + if (NULL == li->li_directory || '\0' == li->li_directory[0]) { /* "get default" is a special string that tells the config * routines to figure out the default db directory by * reading cn=config. */ From fedora-directory-commits at redhat.com Tue Dec 4 17:53:05 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Tue, 4 Dec 2007 12:53:05 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm archive.c, 1.14, 1.15 Message-ID: <200712041753.lB4Hr51g023209@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22611 Modified Files: archive.c Log Message: Resolves: #174776 Summary: Multiple restores from a non-existant directory could wipe out database Description: The given archive path was not normalized. Due to the trailing slash '/', comparing with the db dir failed and wiped out the db dirs. Applying the path normalization to the archive path. Index: archive.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/archive.c,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- archive.c 8 Oct 2007 18:45:00 -0000 1.14 +++ archive.c 4 Dec 2007 17:52:56 -0000 1.15 @@ -47,7 +47,8 @@ int ldbm_back_archive2ldbm( Slapi_PBlock *pb ) { struct ldbminfo *li; - char *directory = NULL; /* -a */ + char *rawdirectory = NULL; /* -a */ + char *directory = NULL; /* normalized */ char *backendname = NULL; int return_value = -1; int task_flags = 0; @@ -56,18 +57,20 @@ int is_old_to_new = 0; slapi_pblock_get( pb, SLAPI_PLUGIN_PRIVATE, &li ); - slapi_pblock_get( pb, SLAPI_SEQ_VAL, &directory ); + slapi_pblock_get( pb, SLAPI_SEQ_VAL, &rawdirectory ); slapi_pblock_get( pb, SLAPI_BACKEND_INSTANCE_NAME, &backendname); slapi_pblock_get( pb, SLAPI_BACKEND_TASK, &task ); slapi_pblock_get( pb, SLAPI_TASK_FLAGS, &task_flags ); li->li_flags = run_from_cmdline = (task_flags & TASK_RUNNING_FROM_COMMANDLINE); - if ( !directory || !*directory ) { + if ( !rawdirectory || !*rawdirectory ) { LDAPDebug( LDAP_DEBUG_ANY, "archive2db: no archive name\n", 0, 0, 0 ); return( -1 ); } + directory = rel2abspath(rawdirectory); + /* check the current idl format vs backup DB version */ if (idl_get_idl_new()) { @@ -251,6 +254,7 @@ } } out: + slapi_ch_free_string(&directory); return return_value; } From fedora-directory-commits at redhat.com Wed Dec 5 19:54:25 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 5 Dec 2007 14:54:25 -0500 Subject: [Fedora-directory-commits] admservconsole/src/com/netscape/management/admserv AdminFrameworkInitializer.java, 1.1.1.1, 1.2 Message-ID: <200712051954.lB5JsPvZ004597@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/admservconsole/src/com/netscape/management/admserv In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4566/admservconsole/src/com/netscape/management/admserv Modified Files: AdminFrameworkInitializer.java Log Message: Resolves: bug 400361 Bug Description: Console: can't perform admin tasks after changing password Reviewed by: nhosoi (Thanks!) Fix Description: Each task uses a different ConsoleInfo object. There was already a hack/hook in AdminFrameworkInitializer to override the getAdminURL in each one of the task console info objects. We also need to override setAuthenticationPassword and getAuthenticationPassword so that if the task updates the password, the main console info uses that change, and vice versa. I also added a couple of debug items. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: AdminFrameworkInitializer.java =================================================================== RCS file: /cvs/dirsec/admservconsole/src/com/netscape/management/admserv/AdminFrameworkInitializer.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- AdminFrameworkInitializer.java 22 May 2006 18:14:32 -0000 1.1.1.1 +++ AdminFrameworkInitializer.java 5 Dec 2007 19:54:22 -0000 1.2 @@ -109,6 +109,19 @@ public String getAdminURL() { return serverNodeConsoleInfo.getAdminURL(); } + /* We have to make sure we use the same password throughout + * for the main console and for the tasks - if we do not do + * this and we change the password, the tasks will use the + * wrong password. This way, if we change the password from + * either the Configure task, or from the Configuration tab, + * we will use the same password throughout. + */ + public void setAuthenticationPassword(String password) { + serverNodeConsoleInfo.setAuthenticationPassword(password); + } + public String getAuthenticationPassword() { + return serverNodeConsoleInfo.getAuthenticationPassword(); + } }; private void removeTask(TaskObject root, String taskName) { From fedora-directory-commits at redhat.com Wed Dec 5 19:54:25 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 5 Dec 2007 14:54:25 -0500 Subject: [Fedora-directory-commits] admservconsole/src/com/netscape/management/admserv/panel CGIAccessSetup.java, 1.2, 1.3 CGIDataModel.java, 1.1.1.1, 1.2 Message-ID: <200712051954.lB5JsPV8004604@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/admservconsole/src/com/netscape/management/admserv/panel In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4566/admservconsole/src/com/netscape/management/admserv/panel Modified Files: CGIAccessSetup.java CGIDataModel.java Log Message: Resolves: bug 400361 Bug Description: Console: can't perform admin tasks after changing password Reviewed by: nhosoi (Thanks!) Fix Description: Each task uses a different ConsoleInfo object. There was already a hack/hook in AdminFrameworkInitializer to override the getAdminURL in each one of the task console info objects. We also need to override setAuthenticationPassword and getAuthenticationPassword so that if the task updates the password, the main console info uses that change, and vice versa. I also added a couple of debug items. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: CGIAccessSetup.java =================================================================== RCS file: /cvs/dirsec/admservconsole/src/com/netscape/management/admserv/panel/CGIAccessSetup.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- CGIAccessSetup.java 15 Jun 2006 17:02:33 -0000 1.2 +++ CGIAccessSetup.java 5 Dec 2007 19:54:23 -0000 1.3 @@ -74,7 +74,7 @@ _consoleInfo.getAuthenticationDN(), _consoleInfo.getAuthenticationPassword()); } catch (MalformedURLException e) { - Debug.println("CGIDataModel.setConfiguration "+e); + Debug.println("CGIAccessSetup.save: "+e); throw new RemoteRequestException(e); } @@ -85,7 +85,6 @@ } int status = task.getStatus(); - Debug.println(adminURL + " "+status); AdminOperation.processAdmTaskStatus(adminURL, task, _consoleInfo); } Index: CGIDataModel.java =================================================================== RCS file: /cvs/dirsec/admservconsole/src/com/netscape/management/admserv/panel/CGIDataModel.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- CGIDataModel.java 22 May 2006 18:14:41 -0000 1.1.1.1 +++ CGIDataModel.java 5 Dec 2007 19:54:23 -0000 1.2 @@ -258,7 +258,8 @@ int status = task.getStatus(); _loaded = (status == 0); - Debug.println(adminURL + " "+status); + Debug.println("CGIDataModel.getConfiguration(): called URL " + + adminURL + " "+status); AdminOperation.processAdmTaskStatus(adminURL, task, _consoleInfo); From fedora-directory-commits at redhat.com Thu Dec 6 02:45:22 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Wed, 5 Dec 2007 21:45:22 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src/scripts template-db2index.pl.in, 1.4, 1.5 Message-ID: <200712060245.lB62jMcj018522@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18494 Modified Files: template-db2index.pl.in Log Message: Resolves: #403751 Summary: command line scripts fine tuning (Comment #1) Description: dded "-T vlvAttributeName: ..." to the usage Index: template-db2index.pl.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/template-db2index.pl.in,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- template-db2index.pl.in 12 Feb 2007 19:55:10 -0000 1.4 +++ template-db2index.pl.in 6 Dec 2007 02:45:20 -0000 1.5 @@ -42,19 +42,20 @@ sub usage { print(STDERR "Usage: $0 [-v] -D rootdn { -w password | -w - | -j filename } \n"); print(STDERR " -n instance [-t attributeName[:indextypes[:matchingrules]]]\n"); - print(STDERR " Opts: -D rootdn - Directory Manager\n"); - print(STDERR " : -w password - Directory Manager's password\n"); - print(STDERR " : -w - - Prompt for Directory Manager's password\n"); - print(STDERR " : -j filename - Read Directory Manager's password from file\n"); - print(STDERR " : -n instance - instance to be indexed\n"); + print(STDERR " Opts: -D rootdn - Directory Manager\n"); + print(STDERR " : -w password - Directory Manager's password\n"); + print(STDERR " : -w - - Prompt for Directory Manager's password\n"); + print(STDERR " : -j filename - Read Directory Manager's password from file\n"); + print(STDERR " : -n instance - instance to be indexed\n"); print(STDERR " : -t attributeName[:indextypes[:matchingrules]]\n"); - print(STDERR " - attribute: name of the attribute to be indexed\n"); - print(STDERR " If omitted, all the indexes defined \n"); - print(STDERR " for that instance are generated.\n"); - print(STDERR " - indextypes: comma separated index types\n"); - print(STDERR " - matchingrules: comma separated matrules\n"); - print(STDERR " Example: -t foo:eq,pres\n"); - print(STDERR " : -v - verbose\n"); + print(STDERR " - attributeName: name of the attribute to be indexed\n"); + print(STDERR " If omitted, all the indexes defined \n"); + print(STDERR " for that instance are generated.\n"); + print(STDERR " - indextypes: comma separated index types\n"); + print(STDERR " - matchingrules: comma separated matrules\n"); + print(STDERR " Example: -t foo:eq,pres\n"); + print(STDERR " : -T vlvAttributeName - vlvAttributeName: name of the vlv attribute to be indexed\n"); + print(STDERR " : -v - verbose\n"); } $instance = ""; From fedora-directory-commits at redhat.com Thu Dec 6 02:46:20 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Wed, 5 Dec 2007 21:46:20 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src logconv.pl, 1.6, 1.7 Message-ID: <200712060246.lB62kKti018557@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/admin/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18538 Modified Files: logconv.pl Log Message: Resolves: #403751 Summary: command line scripts fine tuning (Comment #2) Description: removed words "6.x" and "iWS" from the output messages. Index: logconv.pl =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/logconv.pl,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- logconv.pl 18 Apr 2006 18:57:44 -0000 1.6 +++ logconv.pl 6 Dec 2007 02:46:17 -0000 1.7 @@ -365,7 +365,6 @@ print "Deletes: $delete\n"; print "Mod RDNs: $modrdn\n"; print "\n"; -print "6.x Stats \n"; print "Persistent Searches: $persistent\n"; print "Internal Operations: $internal\n"; print "Entry Operations: $entryOp\n"; @@ -802,16 +801,16 @@ } -############################################### -# # -# Gather and process extended operations 6.x # -# # -############################################### +########################################## +# # +# Gather and process extended operations # +# # +########################################## if ($usage =~ /x/i || $verb eq "yes"){ if ($extendedop > 0){ -print "\n\n----- 6.x Extended Operations -----\n\n"; +print "\n\n----- Extended Operations -----\n\n"; foreach $oids (sort { $oid{$b} <=> $oid{$a} } (keys %oid) ){ if ($oids eq "2.16.840.1.113730.3.5.1"){ $oidmessage = "Transaction Request"} @@ -824,7 +823,7 @@ elsif ($oids eq "2.16.840.1.113730.3.5.8"){ $oidmessage = "Finished Bulk Import"} elsif ($oids eq "2.16.840.1.113730.3.6.1"){ $oidmessage = "Incremental Update Replication Protocol"} elsif ($oids eq "2.16.840.1.113730.3.6.2"){ $oidmessage = "Total Update Replication Protocol (Initialization)"} - elsif ($oids eq "2.16.840.1.113730.3.5.9"){ $oidmessage = "Digest Authentication (iWS 6.x)"} + elsif ($oids eq "2.16.840.1.113730.3.5.9"){ $oidmessage = "Digest Authentication"} else {$oidmessage = "Other"} printf "%-6s %-23s %-60s\n", $oid{ $oids }, $oids, $oidmessage; From fedora-directory-commits at redhat.com Thu Dec 6 02:53:46 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Wed, 5 Dec 2007 21:53:46 -0500 Subject: [Fedora-directory-commits] admservconsole/help/en header.html, 1.1, 1.2 Message-ID: <200712060253.lB62rkkh019150@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/admservconsole/help/en In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18950 Modified Files: header.html Log Message: Resolves: #379191 Summary: Online help: Directory Console (ds-console) (Comment #14) Description: CSS header file provided by Deon. Index: header.html =================================================================== RCS file: /cvs/dirsec/admservconsole/help/en/header.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- header.html 9 Aug 2007 16:04:03 -0000 1.1 +++ header.html 6 Dec 2007 02:53:44 -0000 1.2 @@ -3,18 +3,17 @@ Fedora Management Console and Administration Server Help - - + *.text {font-size: 12px;font-family:arial;color:#555555;} + Fedora Management Console and Administration Server Help
-
From fedora-directory-commits at redhat.com Thu Dec 6 02:59:36 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Wed, 5 Dec 2007 21:59:36 -0500 Subject: [Fedora-directory-commits] directoryconsole/help/en header.html, 1.1, 1.2 Message-ID: <200712060259.lB62xam6019575@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/directoryconsole/help/en In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19243 Modified Files: header.html Log Message: Resolves: #379191 Summary: Online help: Directory Console (ds-console) (Comment #14) Description: CSS header file provided by Deon. Index: header.html =================================================================== RCS file: /cvs/dirsec/directoryconsole/help/en/header.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- header.html 13 Aug 2007 22:28:09 -0000 1.1 +++ header.html 6 Dec 2007 02:59:34 -0000 1.2 @@ -3,18 +3,17 @@ Fedora Management Console and Directory Server Help - - + *.text {font-size: 12px;font-family:arial;color:#555555;} + Fedora Management Console and Directory Server Help
-
From fedora-directory-commits at redhat.com Thu Dec 6 17:08:37 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 6 Dec 2007 12:08:37 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/cgi-src40 help.js, 1.2, 1.3 Message-ID: <200712061708.lB6H8bLQ011398@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver/admserv/cgi-src40 In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10903/admserv/cgi-src40 Modified Files: help.js Log Message: Resolves: #411231 Summary: [Admin express] help button brings up an error page Description: mapfile info (tokens.map) was missing from help.js and template.c. Index: help.js =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/help.js,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- help.js 18 Aug 2005 18:59:03 -0000 1.2 +++ help.js 6 Dec 2007 17:08:35 -0000 1.3 @@ -38,7 +38,7 @@ function help(helpdir, token) { - newlocation = manualBase()+"/help/" + helpCommand() + "?helpdir="+helpdir+"&token="+token; + newlocation = manualBase()+"/help/" + helpCommand() + "?helpdir="+helpdir+"&token="+token+"&mapfile=tokens.map"; if (top.HelpWindow) { From fedora-directory-commits at redhat.com Thu Dec 6 17:08:38 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 6 Dec 2007 12:08:38 -0500 Subject: [Fedora-directory-commits] adminserver/lib/libadmin template.c, 1.8, 1.9 Message-ID: <200712061708.lB6H8c7x011404@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/adminserver/lib/libadmin In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10903/lib/libadmin Modified Files: template.c Log Message: Resolves: #411231 Summary: [Admin express] help button brings up an error page Description: mapfile info (tokens.map) was missing from help.js and template.c. Index: template.c =================================================================== RCS file: /cvs/dirsec/adminserver/lib/libadmin/template.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- template.c 9 May 2007 00:26:37 -0000 1.8 +++ template.c 6 Dec 2007 17:08:35 -0000 1.9 @@ -382,7 +382,7 @@ * URL changed to add new "mapfile" parameter for 5.0 help system - Adam */ util_snprintf( line, sizeof(line), - "window.open('%s/manual/help/help?helpdir=admin&token=%s', '" + "window.open('%s/manual/help/help?helpdir=admin&token=%s&mapfile=tokens.map', '" INFO_IDX_NAME"_%s', " HELP_WIN_OPTIONS");", getenv("SERVER_URL"), topic, From fedora-directory-commits at redhat.com Fri Dec 7 00:08:27 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Thu, 6 Dec 2007 19:08:27 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src/scripts DSMigration.pm.in, 1.23, 1.24 Util.pm.in, 1.13, 1.14 Message-ID: <200712070008.lB708Rnn030293@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30274/ldapserver/ldap/admin/src/scripts Modified Files: DSMigration.pm.in Util.pm.in Log Message: Resolves: bug 400421 Bug Description: unable to restart configDS via console Reviewed by: nhosoi (Thanks!) Fix Description: We were using the old format for the ldapStart directive, which assumed everything was under a serverroot, so it just stored the relative path. We need the absolute path. During regular setup, we can get this from the directory server instance. During migration, we need to update the ldapStart directive to use the absolute path, so we need to get that information from the directory server code. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: DSMigration.pm.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/DSMigration.pm.in,v retrieving revision 1.23 retrieving revision 1.24 diff -u -r1.23 -r1.24 --- DSMigration.pm.in 14 Nov 2007 15:12:09 -0000 1.23 +++ DSMigration.pm.in 7 Dec 2007 00:08:25 -0000 1.24 @@ -895,6 +895,16 @@ my $mig = shift; my @errs; + # migration needs to know the instance directory for the directory + # servers - this assumes they are all in the same place + if (!$mig->{ServerRoot}) { + if ("@with_fhs_opt@") { + $mig->{ServerRoot} = "$inf->{General}->{prefix}/opt/@PACKAGE_NAME@"; + } else { + $mig->{ServerRoot} = "$inf->{General}->{prefix}@serverdir@"; + } + } + # for each instance foreach my $inst (@{$mig->{instances}}) { if (-f "$mig->{configdir}/$inst/dse.ldif") { Index: Util.pm.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/Util.pm.in,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- Util.pm.in 21 Nov 2007 20:27:38 -0000 1.13 +++ Util.pm.in 7 Dec 2007 00:08:25 -0000 1.14 @@ -829,8 +829,20 @@ last if ($ent->hasValue('cn', 'userRoot', 1)); $ent = $conn->nextEntry(); } + + # we also need the instance dir + $ent = $conn->search("cn=config", "base", "(objectclass=*)"); + if (!$ent) { + push @{$errs}, "error_opening_dseldif", $fname, $!; + close $outfh; + $conn->close(); + return 0; + } + my $inst_dir = $ent->getValue('nsslapd-instancedir'); + $conn->close(); + print $outfh, "inst_dir = $inst_dir\n"; print $outfh "Suffix = $suffix\n"; close $outfh; From fedora-directory-commits at redhat.com Fri Dec 7 00:09:39 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Thu, 6 Dec 2007 19:09:39 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/newinst/src AdminMigration.pm.in, 1.6, 1.7 AdminServer.pm.in, 1.11, 1.12 Message-ID: <200712070009.lB709dMd030336@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/newinst/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30317/adminserver/admserv/newinst/src Modified Files: AdminMigration.pm.in AdminServer.pm.in Log Message: Resolves: bug 400421 Bug Description: unable to restart configDS via console Reviewed by: nhosoi (Thanks!) Fix Description: We were using the old format for the ldapStart directive, which assumed everything was under a serverroot, so it just stored the relative path. We need the absolute path. During regular setup, we can get this from the directory server instance. During migration, we need to update the ldapStart directive to use the absolute path, so we need to get that information from the directory server code. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: AdminMigration.pm.in =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/AdminMigration.pm.in,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- AdminMigration.pm.in 14 Sep 2007 21:26:08 -0000 1.6 +++ AdminMigration.pm.in 7 Dec 2007 00:09:36 -0000 1.7 @@ -34,6 +34,7 @@ use SetupLog; use File::Path; +use File::Spec qw(file_name_is_absolute); # tempfiles use File::Temp qw(tempfile tempdir); @@ -480,6 +481,16 @@ $mig->{inf}->{admin}->{sie} =~ s/\bNetscape\b/@capbrand@/g; $mig->{inf}->{admin}->{isie} =~ s/\bNetscape\b/@capbrand@/g; + # update ldapStart + # if ldapStart is not an absolute path, we need to add + # the directory server instance dir (ServerRoot) to it + if ($mig->{inf}->{admin}->{ldapStart} && + !file_name_is_absolute($mig->{inf}->{admin}->{ldapStart})) { + debug(1, "Need to make ldapStart an absolute path - ", $mig->{ServerRoot}, "/", + $mig->{inf}->{admin}->{ldapStart}, "\n"); + $mig->{inf}->{admin}->{ldapStart} = $mig->{ServerRoot} . "/" . $mig->{inf}->{admin}->{ldapStart}; + } + if (!updateAdmConf({ldapurl => $mig->{inf}->{General}->{ConfigDirectoryLdapURL}, userdn => $mig->{inf}->{General}->{ConfigDirectoryAdminID}, SuiteSpotUserID => $mig->{inf}->{General}->{SuiteSpotUserID}, Index: AdminServer.pm.in =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/AdminServer.pm.in,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- AdminServer.pm.in 20 Sep 2007 01:01:21 -0000 1.11 +++ AdminServer.pm.in 7 Dec 2007 00:09:36 -0000 1.12 @@ -157,8 +157,8 @@ my @start_slapd; if ($setup->{inf}->{slapd}->{SlapdConfigForMC} =~ /yes/i) { - my $slapdid = $setup->{inf}->{slapd}->{ServerIdentifier}; - @start_slapd = ('ldapStart', "slapd-$slapdid/start-slapd"); + my $inst_dir = $setup->{inf}->{slapd}->{inst_dir}; + @start_slapd = ('ldapStart', "$inst_dir/start-slapd"); } $setup->msg('updating_admconf'); my $rc = updateAdmConf({ldapurl => $setup->{inf}->{General}->{ConfigDirectoryLdapURL}, From fedora-directory-commits at redhat.com Fri Dec 7 01:27:49 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 6 Dec 2007 20:27:49 -0500 Subject: [Fedora-directory-commits] admservconsole/help/en tokens.map, 1.3, 1.4 Message-ID: <200712070127.lB71RnRa008612@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/admservconsole/help/en In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8577 Modified Files: tokens.map Log Message: Resolves: #159011 Summary: online help for details of CRL missing (Comment #6,7) Description: adding a missing map for the token CertificateDetailDialog_CRL: CertificateDetailDialog_CRL-help = help/list_crl_ckl.html And piggybacking to fix replication-monitor token. Index: tokens.map =================================================================== RCS file: /cvs/dirsec/admservconsole/help/en/tokens.map,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- tokens.map 14 Nov 2007 16:46:15 -0000 1.3 +++ tokens.map 7 Dec 2007 01:27:47 -0000 1.4 @@ -144,6 +144,7 @@ ;MANAGE REVOKED CERTIFICATES CRLCertificatePane-help = help/manage_certificates_revoked_certs.html InstallCRLDialog-help = help/add_crl_ckl.html +CertificateDetailDialog_CRL-help = help/list_crl_ckl.html ;SECURITY - CONFIGURE SECURITY MODULES PKCSConfigDialog-help = help/configure_security_modules.html @@ -192,5 +193,5 @@ HTMLAdmin = help/administration_express.html ViewData = help/administration_express_server_information.html ViewLog = help/administration_express_logs.html -replication-Monitor = help/replication_monitor.html +MonReplication = help/replication_monitor.html ;End From fedora-directory-commits at redhat.com Fri Dec 7 01:27:49 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 6 Dec 2007 20:27:49 -0500 Subject: [Fedora-directory-commits] admservconsole/help/en/help list_crl_ckl.html, NONE, 1.1 create_user_administrator_posix_user.html, 1.1, 1.2 search_users_and_groups_advanced.html, 1.1, 1.2 Message-ID: <200712070127.lB71Rn2u008619@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/admservconsole/help/en/help In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8577/help Modified Files: create_user_administrator_posix_user.html search_users_and_groups_advanced.html Added Files: list_crl_ckl.html Log Message: Resolves: #159011 Summary: online help for details of CRL missing (Comment #6,7) Description: adding a missing map for the token CertificateDetailDialog_CRL: CertificateDetailDialog_CRL-help = help/list_crl_ckl.html And piggybacking to fix replication-monitor token. --- NEW FILE list_crl_ckl.html ---

Certificate Information - Detail

General

    This panel lists detailed information about the selected certificate.

    Issuer. Lists the CA who issued each CRL or CKL.

    Signature algorithm. The mathematical formula used to sign the certificate.

    Version. The version number of the public key algorithm.

    Issuer DN. The full DN of the Certificate Authority (CA).

    Effective Date. Lists the date on which the CRL or CKL was issued.

    Next Update. Shows when an updated CRL or CKL will be available.

Revocation List

    This panel lists serial numbers and dates revoked by the CA.

Index: create_user_administrator_posix_user.html =================================================================== RCS file: /cvs/dirsec/admservconsole/help/en/help/create_user_administrator_posix_user.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- create_user_administrator_posix_user.html 9 Aug 2007 16:04:04 -0000 1.1 +++ create_user_administrator_posix_user.html 7 Dec 2007 01:27:47 -0000 1.2 @@ -9,13 +9,13 @@ Enable Posix user attributes. Check this box to enable the fields in this panel.

-UID Number. (Optional) Enter the user or administrator's UNIX ID number. +UID Number. Enter the user or administrator's UNIX ID number.

-GID Number. (Optional) Enter the user or administrator's UNIX group ID number. +GID Number. Enter the user or administrator's UNIX group ID number.

-Home Directory. (Optional) Enter the path to the user or administrator's home directory. For example, /u/jdoe. +Home Directory. Enter the path to the user or administrator's home directory. For example, /u/jdoe.

Login Shell. (Optional) Enter the path to the user or administrator's login shell. For example, /usr/local/bin/tcsh. Index: search_users_and_groups_advanced.html =================================================================== RCS file: /cvs/dirsec/admservconsole/help/en/help/search_users_and_groups_advanced.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- search_users_and_groups_advanced.html 9 Aug 2007 16:04:04 -0000 1.1 +++ search_users_and_groups_advanced.html 7 Dec 2007 01:27:47 -0000 1.2 @@ -74,5 +74,5 @@ Search (button). Click to begin searching.

-Basic. Click to view fewer fields. +By Filter (button). Click to use the search by filter.

From fedora-directory-commits at redhat.com Fri Dec 7 16:41:56 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Fri, 7 Dec 2007 11:41:56 -0500 Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/topology topology.properties, 1.4, 1.5 Message-ID: <200712071641.lB7Gfurb001828@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/console/src/com/netscape/management/client/topology In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1809 Modified Files: topology.properties Log Message: Resolves: bug 214977 Description: Small typo in console Index: topology.properties =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/topology/topology.properties,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- topology.properties 15 Nov 2007 16:56:53 -0000 1.4 +++ topology.properties 7 Dec 2007 16:41:54 -0000 1.5 @@ -167,7 +167,7 @@ error-ClassLoaderTitle=Class Loader Error error-CreateServerObject=Failed to instantiate Server Object for {0}: error-CannotChangePermission=Cannot change permission. -error-EntryExisted=Entry already existed. +error-EntryExisted=Entry already exists. error-CannotCreateServerObject=Initialize server object error. Could not initialize object: error-CannotCreateServerObjectTitle=Loading Server Object Error error-CloneError=There are no target servers to clone to. From fedora-directory-commits at redhat.com Fri Dec 7 17:43:52 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Fri, 7 Dec 2007 12:43:52 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/cfgstuff admserv.conf.in, 1.9, 1.10 Message-ID: <200712071743.lB7Hhq06014270@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/cfgstuff In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14223/adminserver/admserv/cfgstuff Modified Files: admserv.conf.in Log Message: Resolves: bug 407011 Bug Description: GIF missing on the front page for admin web ui Reviewed by: nhosoi (Thanks!) Fix Description: Yet another carry over from the days when everything was under the single server root. We should not use relative paths for the icons, but just use "/icons/" for the path, and let Apache map that to the real location of the icon files. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: admserv.conf.in =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cfgstuff/admserv.conf.in,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- admserv.conf.in 27 Sep 2007 16:54:30 -0000 1.9 +++ admserv.conf.in 7 Dec 2007 17:43:50 -0000 1.10 @@ -67,6 +67,7 @@ # remap admin server icons Alias /admin-serv/tasks/icons/ @icondir@/ +Alias /icons/ @icondir@/ # Handle the initial login From fedora-directory-commits at redhat.com Fri Dec 7 17:43:52 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Fri, 7 Dec 2007 12:43:52 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/cgi-src40 htmladmin.properties, 1.6, 1.7 viewdata.properties, 1.5, 1.6 viewlog.properties, 1.5, 1.6 Message-ID: <200712071743.lB7Hhq8r014276@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/cgi-src40 In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14223/adminserver/admserv/cgi-src40 Modified Files: htmladmin.properties viewdata.properties viewlog.properties Log Message: Resolves: bug 407011 Bug Description: GIF missing on the front page for admin web ui Reviewed by: nhosoi (Thanks!) Fix Description: Yet another carry over from the days when everything was under the single server root. We should not use relative paths for the icons, but just use "/icons/" for the path, and let Apache map that to the real location of the icon files. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: htmladmin.properties =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/htmladmin.properties,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- htmladmin.properties 9 May 2007 00:26:30 -0000 1.6 +++ htmladmin.properties 7 Dec 2007 17:43:50 -0000 1.7 @@ -64,41 +64,41 @@ //#/* html resource string - output_topology() */ htmladmin60 { "\n\n" } htmladmin61 { "\n" } -htmladmin62 { "\n\n\n\n" } -htmladmin63 { "\n\n\n\n" } -htmladmin64 { "\n\n\n\n" } -htmladmin65 { "\n\n\n\n" } -htmladmin66 { "\n\n\n\n\n\"" } -htmladmin67 { "\n\n\n\n\n\n\n" } +htmladmin63 { "\n\n\n\n" } +htmladmin64 { "\n\n\n\n" } +htmladmin65 { "\n\n\n\n" } +htmladmin66 { "\n\n\n\n\n\"" } +htmladmin67 { "\n\n\n\n
 %s
 %s
 %s
 %s%s
\n* %s Server Manager
\n* %s\n

\n\n" } -htmladmin68 { " " } -htmladmin69 { " " } +htmladmin62 { "

 %s
 %s
 %s
 %s%s
\n* %s Server Manager
\n* %s\n

\n\n" } +htmladmin68 { " " } +htmladmin69 { " " } htmladmin70 { "Server Info |\n" } htmladmin71 { "Logs |\n" } htmladmin72 { "%s%s Status=%s%s\n\n" } htmladmin73 { "On" } htmladmin74 { "Off" } htmladmin75 { "Unknown" } -htmladmin76 { " " } -htmladmin77 { " " } +htmladmin76 { " " } +htmladmin77 { " " } htmladmin78 { "Server Info |\n" } htmladmin79 { "Logs |\n" } htmladmin80 { "Server Info |\n" } htmladmin81 { "Logs\n" } htmladmin82 { "%s%s\n\n" } -htmladmin83 { "

\n\n\n\n\n\n\n" } -htmladmin84 { " " } -htmladmin85 { " " } +htmladmin83 { "\n\n\n\n\n\n\n\n\n\n\n\n\n
\n\n\n\n\n
*%s
\n
\n\n\n\n\n\n\n" } +htmladmin84 { " " } +htmladmin85 { " " } htmladmin86 { " Status=%s%s\n\n" } -htmladmin87 { " " } -htmladmin88 { " " } +htmladmin87 { " " } +htmladmin88 { " " } htmladmin89 { "Server Info |\n" } htmladmin90 { "Logs |\n" } -htmladmin91 { " " } -htmladmin92 { " " } +htmladmin91 { " " } +htmladmin92 { " " } htmladmin93 { "Server Info |\n" } htmladmin94 { "Logs |\n" } -htmladmin95 { " " } -htmladmin96 { " " } +htmladmin95 { " " } +htmladmin96 { " " } htmladmin97 { "\n" } htmladmin98 { "\n" } htmladmin99 { "

\n\n\n\n" } Index: viewdata.properties =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/viewdata.properties,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- viewdata.properties 18 Aug 2005 18:59:03 -0000 1.5 +++ viewdata.properties 7 Dec 2007 17:43:50 -0000 1.6 @@ -42,7 +42,7 @@ viewdata30 { "\n\n\n\n" } viewdata31 { "
\n\n\n\n\n
*%s
\n		Server Info |Logs |
\n
Description:
\n		%s
\n" } viewdata32 { "
\n" } -viewdata33 { "
%s
 
" } +viewdata33 { "
%s
 
" } viewdata34 { "Upgrade Available\n" } viewdata35 { "No Upgrade Available\n" } viewdata36 { "%s\n" } Index: viewlog.properties =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/viewlog.properties,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- viewlog.properties 27 Jun 2007 22:24:59 -0000 1.5 +++ viewlog.properties 7 Dec 2007 17:43:50 -0000 1.6 @@ -42,7 +42,7 @@ viewlog23 { " - + @@ -66,12 +66,12 @@
- + - + @@ -81,7 +81,7 @@ - + - + - + - +
   Fedora Home Page
Check for upgrades and information about Fedora server products. 		 
   Fedora Administration Express
View server status and configuration/log data. Index: admserv_dsgw.html =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/html/admserv_dsgw.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- admserv_dsgw.html 15 Nov 2007 17:02:02 -0000 1.1 +++ admserv_dsgw.html 7 Dec 2007 17:43:50 -0000 1.2 @@ -1,5 +1,5 @@
   Directory Server Gateway
Search for and edit directory entries. Index: admserv_orgchart.html =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/html/admserv_orgchart.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- admserv_orgchart.html 15 Nov 2007 17:02:02 -0000 1.1 +++ admserv_orgchart.html 7 Dec 2007 17:43:50 -0000 1.2 @@ -1,5 +1,5 @@
   Directory Server Org Charts
Browse org charts of your organization. Index: admserv_phonebook.html =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/html/admserv_phonebook.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- admserv_phonebook.html 15 Nov 2007 17:02:02 -0000 1.1 +++ admserv_phonebook.html 7 Dec 2007 17:43:50 -0000 1.2 @@ -1,5 +1,5 @@
   Directory Server Express
Search for users by name, user ID or extension. Index: htmladmin.html =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/html/htmladmin.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- htmladmin.html 24 Jul 2006 12:53:20 -0000 1.1 +++ htmladmin.html 7 Dec 2007 17:43:50 -0000 1.2 @@ -80,7 +80,7 @@ 		-
Help +
Help
From fedora-directory-commits at redhat.com Fri Dec 7 20:44:40 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 7 Dec 2007 15:44:40 -0500 Subject: [Fedora-directory-commits] console/src/com/netscape/management/client/console Console.java, 1.11, 1.12 Message-ID: <200712072044.lB7KieEa016301@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/console/src/com/netscape/management/client/console In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16262 Modified Files: Console.java Log Message: Resolves: #192022 Summary: Admin Server fails to bring up Config DS (Comment #8) Description: _splashScreen.toFront(); was called before displaying the dialog, which caused the dialog hidden behind the splash screen. By removing the toFront line, we can see the dialog. Index: Console.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/console/Console.java,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- Console.java 26 Jul 2007 23:08:48 -0000 1.11 +++ Console.java 7 Dec 2007 20:44:38 -0000 1.12 @@ -1314,7 +1314,6 @@ rd.showModal(); if (rd.isCancel()) System.exit(0); - _splashScreen.toFront(); if (!restartDirectoryServer(rd.getUsername(), rd.getPassword(), rd.getURL())) { From fedora-directory-commits at redhat.com Sat Dec 8 16:06:14 2007 From: fedora-directory-commits at redhat.com (fedora-directory-commits at redhat.com) Date: Sat, 8 Dec 2007 11:06:14 -0500 Subject: [Fedora-directory-commits] Only 3 Days Left - Get Your Sample!‏ Message-ID: <20071208080313.159631.qmail@deep.soborka.net> An HTML attachment was scrubbed... URL: From fedora-directory-commits at redhat.com Sat Dec 8 17:42:52 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Sat, 8 Dec 2007 12:42:52 -0500 Subject: [Fedora-directory-commits] adminserver/wrappers initscript.in, 1.3, 1.4 Message-ID: <200712081742.lB8Hgqip002069@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/wrappers In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2050/adminserver/wrappers Modified Files: initscript.in Log Message: Resolves: bug 400221 Bug Description: init.d scripts to restart ds instance on solaris produces output with -n Reviewed by: nhosoi (Thanks!) Fix Description: We cannot figure out at build time whether to use echo -n or echo \c because the user may use a different shell at run time e.g. using bash to run configure but using /sbin/sh at run time. So, we just figure out at runtime what kind of echo is being used and deal with it. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: initscript.in =================================================================== RCS file: /cvs/dirsec/adminserver/wrappers/initscript.in,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- initscript.in 8 Oct 2007 14:37:29 -0000 1.3 +++ initscript.in 8 Dec 2007 17:42:49 -0000 1.4 @@ -24,10 +24,17 @@ exit 0 fi -# Solaris echo cannot use -n - linux echo by default cannot use \c +# figure out which echo we're using +ECHO_N=`echo -n` + +# some shells echo cannot use -n - linux echo by default cannot use \c echo_n() { - echo @ECHO_N@ "$*@ECHO_C@" + if [ "$ECHO_N" = '-n' ] ; then + echo "$*\c" + else + echo -n "$*" + fi } # failure and success are not defined on some platforms From fedora-directory-commits at redhat.com Sat Dec 8 17:40:34 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Sat, 8 Dec 2007 12:40:34 -0500 Subject: [Fedora-directory-commits] ldapserver/wrappers initscript.in, 1.7, 1.8 Message-ID: <200712081740.lB8HeYw1001881@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/wrappers In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1859/ldapserver/wrappers Modified Files: initscript.in Log Message: Reviewed by: nhosoi (Thanks!) Fix Description: We cannot figure out at build time whether to use echo -n or echo \c because the user may use a different shell at run time e.g. using bash to run configure but using /sbin/sh at run time. So, we just figure out at runtime what kind of echo is being used and deal with it. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: initscript.in =================================================================== RCS file: /cvs/dirsec/ldapserver/wrappers/initscript.in,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- initscript.in 5 Oct 2007 23:45:50 -0000 1.7 +++ initscript.in 8 Dec 2007 17:40:32 -0000 1.8 @@ -26,10 +26,17 @@ exit 0 fi -# Solaris echo cannot use -n - linux echo by default cannot use \c +# figure out which echo we're using +ECHO_N=`echo -n` + +# some shells echo cannot use -n - linux echo by default cannot use \c echo_n() { - echo @ECHO_N@ "$*@ECHO_C@" + if [ "$ECHO_N" = '-n' ] ; then + echo "$*\c" + else + echo -n "$*" + fi } # failure and success are not defined on some platforms From fedora-directory-commits at redhat.com Sat Dec 8 19:17:39 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Sat, 8 Dec 2007 14:17:39 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd/tools dbscan.c, 1.19, 1.20 Message-ID: <200712081917.lB8JHdY8020373@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20350 Modified Files: dbscan.c Log Message: Resolves: bug 416721 Descriptionn: fedora-ds-base build problem Fix Description: Correct usage of va_list and vfprintf Index: dbscan.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/tools/dbscan.c,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- dbscan.c 28 Nov 2007 17:21:39 -0000 1.19 +++ dbscan.c 8 Dec 2007 19:17:37 -0000 1.20 @@ -142,6 +142,7 @@ va_start(ap, fmt); vfprintf(stdout, fmt, ap); + va_end(ap); } void db_printfln(char *fmt, ...) @@ -150,7 +151,8 @@ va_start(ap, fmt); vfprintf(stdout, fmt, ap); - vfprintf(stdout, "\n", NULL); + va_end(ap); + fprintf(stdout, "\n"); } int MAX_BUFFER = 4096; From fedora-directory-commits at redhat.com Mon Dec 10 17:24:23 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Mon, 10 Dec 2007 12:24:23 -0500 Subject: [Fedora-directory-commits] admservconsole/src/com/netscape/management/admserv/panel AccessConfigPanel.java, 1.1.1.1, 1.2 Message-ID: <200712101724.lBAHONR5027358@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/admservconsole/src/com/netscape/management/admserv/panel In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27220 Modified Files: AccessConfigPanel.java Log Message: Resolves: #416311 Summary: Admin Console: change admin user text field to label Description: Username value is a text field. By default, it is "admin" and it is the uid attribute value of admin entry. It can be changed (e.g., newadmin), but the uid attribute value is not touched. This causes both "newadmin" and "admin" can be used to login, which is confusing. Since uid attribute value is not modified together, there is no much sense to allow the username modifiable. changing the type to label. Index: AccessConfigPanel.java =================================================================== RCS file: /cvs/dirsec/admservconsole/src/com/netscape/management/admserv/panel/AccessConfigPanel.java,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -r1.1.1.1 -r1.2 --- AccessConfigPanel.java 22 May 2006 18:14:45 -0000 1.1.1.1 +++ AccessConfigPanel.java 10 Dec 2007 17:24:21 -0000 1.2 @@ -56,7 +56,7 @@ Help _help; JCheckBox _cbDSGW; - SingleByteTextField _txtUserName; + JLabel _lblUserName; SingleBytePasswordField _txtPassword, _txtConfirm; @@ -104,7 +104,6 @@ } public void registerEditComponents(EditMonitor editMonitor) { - editMonitor.monitor(_txtUserName); editMonitor.monitor(_txtPassword); editMonitor.monitor(_txtConfirm); //editMonitor.monitor(_cbDSGW); @@ -125,42 +124,27 @@ //String dsgw = (_cbDSGW.isSelected()) ? "on" : "off"; //data.setAttribute(AttrNames.CONFIG_DSGW, dsgw); - String newuid = _txtUserName.getText(); String newpw1 = _txtPassword.getText(); String newpw2 = _txtConfirm.getText(); String olduid = _configData.getAttribute(AttrNames.ADMPW_UID); - if (newuid.length() == 0) { - throw new ValidationException("", _i18nMsgEnterUID); - } - // User name changed - else if (!olduid.equals(newuid)) { - if (newpw1.length() == 0) { - throw new ValidationException("", _i18nMsgEnterPWD); - } else if (!newpw1.equals(newpw2)) { + // check if password changed + if (newpw1.length() != 0) { + if (!newpw1.equals(newpw2)) { throw new ValidationException("", _i18nMsgPWDMismatch); } - } else { // check if password changed - if (newpw1.length() != 0) { - if (!newpw1.equals(newpw2)) { - throw new ValidationException("", _i18nMsgPWDMismatch); - } - } } - if (! newuid.equals(olduid)) { - Debug.println("CHANGE UID TO " + newuid); - _configData.setAttribute(AttrNames.ADMPW_UID, newuid); - } if (newpw1.length() > 0) { - Debug.println("CHANGE PWD "); + Debug.println("CHANGE PWD TO " + newpw1); _configData.setAttribute(AttrNames.ADMPW_PWD, newpw1); } } private void setUserName(String name) { - _txtUserName.setText((name == null) ? "" : name); + _lblUserName.setText((name == null) ? "" : name); + _lblUserName.repaint(); } @@ -208,13 +192,14 @@ GBC.NONE); //fill group.add(uidLabel, gbc); - _txtUserName = new SingleByteTextField(16); + // Changed from textfield to a label whose contents is fetched by the CGI + _lblUserName = new JLabel("."); // will be overridden gbc.setInsets(0, DIFFERENT_COMPONENT_SPACE, 0, 0); gbc.setGrid(1, 0, 1, 1); gbc.setSpace(0.0, 0.0, GBC.WEST, // anchor GBC.HORIZONTAL); //fill - group.add(_txtUserName, gbc); - uidLabel.setLabelFor(_txtUserName); + group.add(_lblUserName, gbc); + uidLabel.setLabelFor(_lblUserName); JLabel pwdLabel = new JLabel(_i18nPWD); gbc.setInsets(COMPONENT_SPACE, 0, 0, 0); From fedora-directory-commits at redhat.com Mon Dec 10 18:24:15 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Mon, 10 Dec 2007 13:24:15 -0500 Subject: [Fedora-directory-commits] admservconsole/src/com/netscape/management/admserv/panel CGIAccessSetup.java, 1.3, 1.4 Message-ID: <200712101824.lBAIOFGp005840@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/admservconsole/src/com/netscape/management/admserv/panel In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5734 Modified Files: CGIAccessSetup.java Log Message: Resolves: #400341 Summary: Console: unable to reset admin user password (Comment #7) Description: Adding the code to check if the login user matches the Admin User or not using the regular expression. Index: CGIAccessSetup.java =================================================================== RCS file: /cvs/dirsec/admservconsole/src/com/netscape/management/admserv/panel/CGIAccessSetup.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- CGIAccessSetup.java 5 Dec 2007 19:54:23 -0000 1.3 +++ CGIAccessSetup.java 10 Dec 2007 18:24:13 -0000 1.4 @@ -50,6 +50,7 @@ /** * CGI arguments used in setConfiguration() */ + // We may want to remove this since we won't be calling set with a new UID public String getCGIParamsForSetOp() { String uid = getAttribute(AttrNames.ADMPW_UID); return "op=set&" + AttrNames.ADMPW_UID + "=" + @@ -61,7 +62,7 @@ super.save(); - // Use change-sie-passwod command to change the password + // Use change-sie-password command to change the password String pwd = getAttribute(AttrNames.ADMPW_PWD); if (pwd != null) { @@ -74,21 +75,25 @@ _consoleInfo.getAuthenticationDN(), _consoleInfo.getAuthenticationPassword()); } catch (MalformedURLException e) { - Debug.println("CGIAccessSetup.save: "+e); + Debug.println("CGIDataModel.setConfiguration "+e); throw new RemoteRequestException(e); } if (0 == task.exec()) { // Since we've updated the Admin Password, // let's update the one in _consoleInfo. - _consoleInfo.setAuthenticationPassword(pwd); + // But, only do this if we are logged in as the admin user! + String authDN = _consoleInfo.getAuthenticationDN().toLowerCase(); + String authUID = getAttribute(AttrNames.ADMPW_UID).toLowerCase(); + if (authDN.matches("uid=" + authUID + ", *ou=administrators, *ou=topologymanagement, *o=netscaperoot")) { + _consoleInfo.setAuthenticationPassword(pwd); + } } int status = task.getStatus(); + Debug.println(adminURL + " "+status); AdminOperation.processAdmTaskStatus(adminURL, task, _consoleInfo); } } - - } From fedora-directory-commits at redhat.com Wed Dec 12 00:45:40 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Tue, 11 Dec 2007 19:45:40 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/schema/ldif 16dssuffixadmin.mod.tmpl, NONE, 1.1 12dsconfig.mod.tmpl, 1.1, 1.2 13dsschema.mod.tmpl, 1.1, 1.2 Message-ID: <200712120045.lBC0jeF0013726@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/schema/ldif In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13672/adminserver/admserv/schema/ldif Modified Files: 12dsconfig.mod.tmpl 13dsschema.mod.tmpl Added Files: 16dssuffixadmin.mod.tmpl Log Message: Resolves: bug 420751 Bug Description: Console admin user unable to manage users&groups Reviewed by: nkinder, nhosoi (Thanks!) Fix Description: I added a new template file for adding the acis to the default suffix. I also fixed a couple of places in the other template files where we were referring to uid=admin instead of uid=%as_uid%, in case the user doesn't use the default "admin" for the console admin. Platforms tested: RHEL5 x86_64 Flag Day: Yes - autotool file change Doc impact: no --- NEW FILE 16dssuffixadmin.mod.tmpl --- # BEGIN COPYRIGHT BLOCK # Copyright (C) 2007 Red Hat, Inc. # All rights reserved. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # # END COPYRIGHT BLOCK dn: %ds_suffix% changetype: modify add: aci aci: (targetattr="*")(version 3.0; acl "Configuration Administrators Group"; allow (all) groupdn="ldap:///cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=NetscapeRoot";) aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (all) userdn="ldap:///uid=%as_uid%,ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";) aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = "ldap:///cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";) Index: 12dsconfig.mod.tmpl =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/12dsconfig.mod.tmpl,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- 12dsconfig.mod.tmpl 20 Jun 2007 23:50:11 -0000 1.1 +++ 12dsconfig.mod.tmpl 12 Dec 2007 00:45:38 -0000 1.2 @@ -21,7 +21,7 @@ changetype: modify add: aci aci: (targetattr="*")(version 3.0; acl "Configuration Administrators Group"; allow (all) groupdn="ldap:///cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=NetscapeRoot";) -aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (all) userdn="ldap:///uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";) +aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (all) userdn="ldap:///uid=%as_uid%, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";) aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = "ldap:///cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";) dn: cn=SNMP,cn=config Index: 13dsschema.mod.tmpl =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/13dsschema.mod.tmpl,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- 13dsschema.mod.tmpl 20 Jun 2007 23:50:11 -0000 1.1 +++ 13dsschema.mod.tmpl 12 Dec 2007 00:45:38 -0000 1.2 @@ -22,5 +22,5 @@ add: aci aci: (target="ldap:///cn=schema")(targetattr !="aci")(version 3.0;acl "anonymous, no acis"; allow (read, search, compare) userdn = "ldap:///anyone";) aci: (targetattr="*")(version 3.0; acl "Configuration Administrators Group"; allow (all) groupdn="ldap:///cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=NetscapeRoot";) -aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (all) userdn="ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";) +aci: (targetattr="*")(version 3.0; acl "Configuration Administrator"; allow (all) userdn="ldap:///uid=%as_uid%,ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";) aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all) groupdn = "ldap:///cn=slapd-%dsid%, cn=%brand% Directory Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot";) From fedora-directory-commits at redhat.com Wed Dec 12 00:45:41 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Tue, 11 Dec 2007 19:45:41 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/newinst/src AdminUtil.pm.in, 1.16, 1.17 Message-ID: <200712120045.lBC0jf5J013748@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/newinst/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13672/adminserver/admserv/newinst/src Modified Files: AdminUtil.pm.in Log Message: Resolves: bug 420751 Bug Description: Console admin user unable to manage users&groups Reviewed by: nkinder, nhosoi (Thanks!) Fix Description: I added a new template file for adding the acis to the default suffix. I also fixed a couple of places in the other template files where we were referring to uid=admin instead of uid=%as_uid%, in case the user doesn't use the default "admin" for the console admin. Platforms tested: RHEL5 x86_64 Flag Day: Yes - autotool file change Doc impact: no Index: AdminUtil.pm.in =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/AdminUtil.pm.in,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- AdminUtil.pm.in 2 Oct 2007 23:35:01 -0000 1.16 +++ AdminUtil.pm.in 12 Dec 2007 00:45:39 -0000 1.17 @@ -270,7 +270,8 @@ '@ldifdir@/02globalpreferences.ldif.tmpl', '@ldifdir@/12dsconfig.mod.tmpl', '@ldifdir@/13dsschema.mod.tmpl', - '@ldifdir@/14dsmonitor.mod.tmpl' + '@ldifdir@/14dsmonitor.mod.tmpl', + '@ldifdir@/16dssuffixadmin.mod.tmpl' ); my $setupinf = new Inf("@infdir@/setup.inf"); my $admininf = new Inf("@infdir@/admin.inf"); @@ -302,7 +303,8 @@ my @ldiffiles = ('@ldifdir@/12dsconfig.mod.tmpl', '@ldifdir@/13dsschema.mod.tmpl', '@ldifdir@/14dsmonitor.mod.tmpl', - '@ldifdir@/15dspta.ldif.tmpl' + '@ldifdir@/15dspta.ldif.tmpl', + '@ldifdir@/16dssuffixadmin.mod.tmpl' ); my $setupinf = new Inf("@infdir@/setup.inf"); my $admininf = new Inf("@infdir@/admin.inf"); From fedora-directory-commits at redhat.com Wed Dec 12 00:45:41 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Tue, 11 Dec 2007 19:45:41 -0500 Subject: [Fedora-directory-commits] adminserver Makefile.am, 1.36, 1.37 configure.ac, 1.22, 1.23 aclocal.m4, 1.35, 1.36 configure, 1.39, 1.40 missing, 1.25, 1.26 install-sh, 1.25, 1.26 depcomp, 1.25, 1.26 compile, 1.24, 1.25 Makefile.in, 1.42, 1.43 config.sub, 1.25, 1.26 config.guess, 1.25, 1.26 Message-ID: <200712120045.lBC0jfu0013736@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13672/adminserver Modified Files: Makefile.am configure.ac aclocal.m4 configure missing install-sh depcomp compile Makefile.in config.sub config.guess Log Message: Resolves: bug 420751 Bug Description: Console admin user unable to manage users&groups Reviewed by: nkinder, nhosoi (Thanks!) Fix Description: I added a new template file for adding the acis to the default suffix. I also fixed a couple of places in the other template files where we were referring to uid=admin instead of uid=%as_uid%, in case the user doesn't use the default "admin" for the console admin. Platforms tested: RHEL5 x86_64 Flag Day: Yes - autotool file change Doc impact: no Index: Makefile.am =================================================================== RCS file: /cvs/dirsec/adminserver/Makefile.am,v retrieving revision 1.36 retrieving revision 1.37 diff -u -r1.36 -r1.37 --- Makefile.am 15 Nov 2007 17:02:02 -0000 1.36 +++ Makefile.am 12 Dec 2007 00:45:38 -0000 1.37 @@ -159,6 +159,7 @@ admserv/schema/ldif/13dsschema.mod.tmpl \ admserv/schema/ldif/14dsmonitor.mod.tmpl \ admserv/schema/ldif/15dspta.ldif.tmpl \ + admserv/schema/ldif/16dssuffixadmin.mod.tmpl \ admserv/schema/ldif/20asdata.ldif.tmpl \ admserv/schema/ldif/21astasks.ldif.tmpl \ admserv/schema/ldif/22ascommands.ldif.tmpl \ Index: configure.ac =================================================================== RCS file: /cvs/dirsec/adminserver/configure.ac,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- configure.ac 5 Oct 2007 23:48:01 -0000 1.22 +++ configure.ac 12 Dec 2007 00:45:38 -0000 1.23 @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) -AC_INIT([dirsrv-admin], [1.1.0], [http://bugzilla.redhat.com/]) +AC_INIT([dirsrv-admin], [1.1.1], [http://bugzilla.redhat.com/]) AC_CONFIG_SRCDIR([admserv/cgi-src40/viewlog.c]) AM_INIT_AUTOMAKE([1.9 foreign subdir-objects]) AM_MAINTAINER_MODE Index: configure =================================================================== RCS file: /cvs/dirsec/adminserver/configure,v retrieving revision 1.39 retrieving revision 1.40 diff -u -r1.39 -r1.40 --- configure 15 Nov 2007 17:02:02 -0000 1.39 +++ configure 12 Dec 2007 00:45:38 -0000 1.40 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.59 for dirsrv-admin 1.1.0. +# Generated by GNU Autoconf 2.59 for dirsrv-admin 1.1.1. # # Report bugs to . # @@ -423,8 +423,8 @@ # Identity of this package. PACKAGE_NAME='dirsrv-admin' PACKAGE_TARNAME='dirsrv-admin' -PACKAGE_VERSION='1.1.0' -PACKAGE_STRING='dirsrv-admin 1.1.0' +PACKAGE_VERSION='1.1.1' +PACKAGE_STRING='dirsrv-admin 1.1.1' PACKAGE_BUGREPORT='http://bugzilla.redhat.com/' ac_unique_file="admserv/cgi-src40/viewlog.c" @@ -957,7 +957,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures dirsrv-admin 1.1.0 to adapt to many kinds of systems. +\`configure' configures dirsrv-admin 1.1.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1023,7 +1023,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of dirsrv-admin 1.1.0:";; + short | recursive ) echo "Configuration of dirsrv-admin 1.1.1:";; esac cat <<\_ACEOF @@ -1202,7 +1202,7 @@ test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF -dirsrv-admin configure 1.1.0 +dirsrv-admin configure 1.1.1 generated by GNU Autoconf 2.59 Copyright (C) 2003 Free Software Foundation, Inc. @@ -1216,7 +1216,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by dirsrv-admin $as_me 1.1.0, which was +It was created by dirsrv-admin $as_me 1.1.1, which was generated by GNU Autoconf 2.59. Invocation command line was $ $0 $@ @@ -1860,7 +1860,7 @@ # Define the identity of the package. PACKAGE='dirsrv-admin' - VERSION='1.1.0' + VERSION='1.1.1' cat >>confdefs.h <<_ACEOF @@ -25607,7 +25607,7 @@ } >&5 cat >&5 <<_CSEOF -This file was extended by dirsrv-admin $as_me 1.1.0, which was +This file was extended by dirsrv-admin $as_me 1.1.1, which was generated by GNU Autoconf 2.59. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -25670,7 +25670,7 @@ cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -dirsrv-admin config.status 1.1.0 +dirsrv-admin config.status 1.1.1 configured by $0, generated by GNU Autoconf 2.59, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" Index: Makefile.in =================================================================== RCS file: /cvs/dirsec/adminserver/Makefile.in,v retrieving revision 1.42 retrieving revision 1.43 diff -u -r1.42 -r1.43 --- Makefile.in 15 Nov 2007 17:02:02 -0000 1.42 +++ Makefile.in 12 Dec 2007 00:45:38 -0000 1.43 @@ -553,6 +553,7 @@ admserv/schema/ldif/13dsschema.mod.tmpl \ admserv/schema/ldif/14dsmonitor.mod.tmpl \ admserv/schema/ldif/15dspta.ldif.tmpl \ + admserv/schema/ldif/16dssuffixadmin.mod.tmpl \ admserv/schema/ldif/20asdata.ldif.tmpl \ admserv/schema/ldif/21astasks.ldif.tmpl \ admserv/schema/ldif/22ascommands.ldif.tmpl \ From fedora-directory-commits at redhat.com Wed Dec 12 01:26:30 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Tue, 11 Dec 2007 20:26:30 -0500 Subject: [Fedora-directory-commits] adminserver/pkg fedora-ds-admin.spec, 1.1, 1.2 Message-ID: <200712120126.lBC1QUL5022368@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/pkg In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22339 Modified Files: fedora-ds-admin.spec Log Message: update to version 1.1.1 Index: fedora-ds-admin.spec =================================================================== RCS file: /cvs/dirsec/adminserver/pkg/fedora-ds-admin.spec,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- fedora-ds-admin.spec 7 Nov 2007 16:21:56 -0000 1.1 +++ fedora-ds-admin.spec 12 Dec 2007 01:26:27 -0000 1.2 @@ -3,9 +3,9 @@ Summary: Fedora Administration Server (admin) Name: fedora-ds-admin -Version: 1.1.0 -Release: 1.15%{?dist} -License: GPL +Version: 1.1.1 +Release: 1%{?dist} +License: GPLv2 URL: http://directory.fedoraproject.org/ Group: System Environment/Daemons BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -26,13 +26,14 @@ Requires: mod_nss # the following are needed for some of our scripts Requires: perl-Mozilla-LDAP +Requires: nss-tools # for the init script Requires(post): /sbin/chkconfig Requires(preun): /sbin/chkconfig Requires(preun): /sbin/service -Source0: %{name}-%{version}.tar.bz2 +Source0: http://directory.fedoraproject.org/sources/%{name}-%{version}.tar.bz2 # fedora-ds-cvs.sh should be used to generate the source tarball from CVS Source1: %{name}-cvs.sh @@ -101,6 +102,12 @@ %{_libdir}/%{pkgname} %changelog +* Tue Dec 11 2007 Rich Megginson - 1.1.1-1 +- this is the final GA candidate + +* Tue Nov 6 2007 Rich Megginson - 1.1.0-1.16 +- fix several beta blocker issues + * Mon Oct 15 2007 Rich Megginson - 1.1.0-1.15 - fix bogus dist macro - change mozldap6 to mozldap From fedora-directory-commits at redhat.com Wed Dec 12 01:26:30 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Tue, 11 Dec 2007 20:26:30 -0500 Subject: [Fedora-directory-commits] adminserver/pkg/el4 fedora-ds-admin.spec, 1.1, 1.2 Message-ID: <200712120126.lBC1QUAU022374@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/pkg/el4 In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22339/el4 Modified Files: fedora-ds-admin.spec Log Message: update to version 1.1.1 Index: fedora-ds-admin.spec =================================================================== RCS file: /cvs/dirsec/adminserver/pkg/el4/fedora-ds-admin.spec,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- fedora-ds-admin.spec 7 Nov 2007 16:21:56 -0000 1.1 +++ fedora-ds-admin.spec 12 Dec 2007 01:26:28 -0000 1.2 @@ -3,9 +3,9 @@ Summary: Fedora Administration Server (admin) Name: fedora-ds-admin -Version: 1.1.0 -Release: 1.15%{?dist} -License: GPL +Version: 1.1.1 +Release: 1%{?dist} +License: GPLv2 URL: http://directory.fedoraproject.org/ Group: System Environment/Daemons BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -26,13 +26,14 @@ Requires: fortitude-mod_nss # the following are needed for some of our scripts Requires: perl-Mozilla-LDAP +Requires: dirsec-nss-tools # for the init script Requires(post): /sbin/chkconfig Requires(preun): /sbin/chkconfig Requires(preun): /sbin/service -Source0: %{name}-%{version}.tar.bz2 +Source0: http://directory.fedoraproject.org/sources/%{name}-%{version}.tar.bz2 # fedora-ds-cvs.sh should be used to generate the source tarball from CVS Source1: %{name}-cvs.sh @@ -101,6 +102,9 @@ %{_libdir}/%{pkgname} %changelog +* Tue Dec 11 2007 Rich Megginson - 1.1.1-1 +- this is the GA candidate + * Mon Oct 15 2007 Rich Megginson - 1.1.0-1.15 - fix bogus dist macro - change mozldap6 to mozldap From fedora-directory-commits at redhat.com Thu Dec 13 18:46:10 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 13 Dec 2007 13:46:10 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/syntaxes value.c, 1.5, 1.5.2.1 Message-ID: <200712131846.lBDIkAdp023494@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/syntaxes In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23267 Modified Files: Tag: Directory71RtmBranch value.c Log Message: Resolves: #395121 Summary: rhds71sp3,4 - ns-slapd process dies with segmentation fault Related bug: 339791 Index: value.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/syntaxes/value.c,v retrieving revision 1.5 retrieving revision 1.5.2.1 diff -u -r1.5 -r1.5.2.1 --- value.c 19 Apr 2005 22:07:35 -0000 1.5 +++ value.c 13 Dec 2007 18:46:07 -0000 1.5.2.1 @@ -81,6 +81,7 @@ int trim_spaces ) { + char *head = s; char *d; int prevspace, curspace; @@ -154,7 +155,7 @@ char *nd; nd = ldap_utf8prev(d); - while (nd && utf8isspace_fast(nd)) { + while (nd && nd >= head && utf8isspace_fast(nd)) { d = nd; nd = ldap_utf8prev(d); *d = '\0'; From fedora-directory-commits at redhat.com Thu Dec 13 22:01:48 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Thu, 13 Dec 2007 17:01:48 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src/scripts DSMigration.pm.in, 1.24, 1.25 Message-ID: <200712132201.lBDM1mAm027535@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27512 Modified Files: DSMigration.pm.in Log Message: Resolves: bug 424381 Description: migrate-ds-admin.pl script - not working Fix Description: Broken while fixing bug 400421 - Need to use $mig->{inf} instead of $inf Index: DSMigration.pm.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/DSMigration.pm.in,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- DSMigration.pm.in 7 Dec 2007 00:08:25 -0000 1.24 +++ DSMigration.pm.in 13 Dec 2007 22:01:46 -0000 1.25 @@ -899,9 +899,9 @@ # servers - this assumes they are all in the same place if (!$mig->{ServerRoot}) { if ("@with_fhs_opt@") { - $mig->{ServerRoot} = "$inf->{General}->{prefix}/opt/@PACKAGE_NAME@"; + $mig->{ServerRoot} = "$mig->{inf}->{General}->{prefix}/opt/@PACKAGE_NAME@"; } else { - $mig->{ServerRoot} = "$inf->{General}->{prefix}@serverdir@"; + $mig->{ServerRoot} = "$mig->{inf}->{General}->{prefix}@serverdir@"; } } From fedora-directory-commits at redhat.com Fri Dec 14 17:23:02 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Fri, 14 Dec 2007 12:23:02 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src/scripts Util.pm.in, 1.14, 1.15 Message-ID: <200712141723.lBEHN2sT030630@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30613 Modified Files: Util.pm.in Log Message: Resolves: bug 424381 Description: migrate-ds-admin.pl script - not working Fix Description: Was getting this output - GLOB(0x9d908d8)inst_dir = - forgot a comma Index: Util.pm.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/Util.pm.in,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- Util.pm.in 7 Dec 2007 00:08:25 -0000 1.14 +++ Util.pm.in 14 Dec 2007 17:22:59 -0000 1.15 @@ -842,7 +842,7 @@ $conn->close(); - print $outfh, "inst_dir = $inst_dir\n"; + print $outfh "inst_dir = $inst_dir\n"; print $outfh "Suffix = $suffix\n"; close $outfh; From fedora-directory-commits at redhat.com Fri Dec 14 21:43:26 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Fri, 14 Dec 2007 16:43:26 -0500 Subject: [Fedora-directory-commits] fedora-idm-console/win fedora-idm-console.bat, 1.1, 1.2 Message-ID: <200712142143.lBELhQYu031127@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/fedora-idm-console/win In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31108 Modified Files: fedora-idm-console.bat Log Message: support for JAVA with spaces in the pathname Index: fedora-idm-console.bat =================================================================== RCS file: /cvs/dirsec/fedora-idm-console/win/fedora-idm-console.bat,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- fedora-idm-console.bat 31 Aug 2007 23:34:32 -0000 1.1 +++ fedora-idm-console.bat 14 Dec 2007 21:43:23 -0000 1.2 @@ -21,7 +21,7 @@ rem set the JAVA to use here rem set JAVA=C:\j2sdk1.4.2_15\bin\java -if not %JAVA%foo==foo goto launch +if not "%JAVA%foo"=="foo" goto launch where java > nul 2>&1 || goto findjre @@ -74,6 +74,6 @@ rem Launch the Console rem echo on -%JAVA% "-Djava.library.path=%JSSDIR%" -cp "%JSSDIR%/jss4.jar;%LDAPJARDIR%/ldapjdk.jar;%CONSOLEJARDIR%/idm-console-base.jar;%CONSOLEJARDIR%/idm-console-mcc.jar;%CONSOLEJARDIR%/idm-console-mcc_en.jar;%CONSOLEJARDIR%/idm-console-nmclf.jar;%CONSOLEJARDIR%/idm-console-nmclf_en.jar;%FIDMCONSOLEJARDIR%/fedora-idm-console_en.jar" -Djava.util.prefs.systemRoot=%HOME%/.fedora-idm-console -Djava.util.prefs.userRoot=%HOME%/.fedora-idm-console com.netscape.management.client.console.Console %* +"%JAVA%" "-Djava.library.path=%JSSDIR%" -cp "%JSSDIR%/jss4.jar;%LDAPJARDIR%/ldapjdk.jar;%CONSOLEJARDIR%/idm-console-base.jar;%CONSOLEJARDIR%/idm-console-mcc.jar;%CONSOLEJARDIR%/idm-console-mcc_en.jar;%CONSOLEJARDIR%/idm-console-nmclf.jar;%CONSOLEJARDIR%/idm-console-nmclf_en.jar;%FIDMCONSOLEJARDIR%/fedora-idm-console_en.jar" -Djava.util.prefs.systemRoot=%HOME%/.fedora-idm-console -Djava.util.prefs.userRoot=%HOME%/.fedora-idm-console com.netscape.management.client.console.Console %* :end From fedora-directory-commits at redhat.com Fri Dec 14 22:06:32 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Fri, 14 Dec 2007 17:06:32 -0500 Subject: [Fedora-directory-commits] fedora-idm-console/win License.rtf, NONE, 1.1 Message-ID: <200712142206.lBEM6WYx006346@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/fedora-idm-console/win In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6330 Added Files: License.rtf Log Message: added license --- NEW FILE License.rtf --- {\rtf1\ansi\deff0{\fonttbl{\f0\fswiss\fcharset0 Arial;}} {\*\generator Msftedit 5.41.21.2500;}\viewkind4\uc1\pard\lang1033\f0\fs20 Copyright (C) 2007 Red Hat, Inc.\par All rights reserved.\par \par This library is free software; you can redistribute it and/or\par modify it under the terms of the GNU Lesser General Public\par License as published by the Free Software Foundation version\par 2.1 of the License.\par \par This library is distributed in the hope that it will be useful,\par but WITHOUT ANY WARRANTY; without even the implied warranty of\par MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\par Lesser General Public License for more details.\par \par You should have received a copy of the GNU Lesser General Public\par License along with this library; if not, write to the Free Software\par Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\par } From fedora-directory-commits at redhat.com Mon Dec 17 20:08:49 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 17 Dec 2007 15:08:49 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src/scripts DSCreate.pm.in, 1.8, 1.9 Message-ID: <200712172008.lBHK8nu1020112@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20094/ldapserver/ldap/admin/src/scripts Modified Files: DSCreate.pm.in Log Message: Resolves: bug 425861 Bug Description: Instance creation through console is broken Reviewed by: nhosoi (Thanks!) Fix Description: This was caused by my fix for bug 420751. When I added the as_uid to fix the ACI for the admin user, I did not add the mapping everywhere it was used. Unfortunately, I found that the code I added it to could only be used with a live connection to the new directory server, not a FileConn to the dse.ldif. So I had to add a new function to add this ACI to the new root suffix after the server had been started. Another problem with instance creation was that the org entries were not being added when creating a new instance in the console. The default should be to create them if nothing else was specified. Another problem was that instance creation was leaving temp ldif files around. I also had to make sure ServerAdminID was specified everywhere it was needed by dirserver.map, or this would also have broken ds_remove. Platforms tested: RHEL5 x86_64 Flag Day: Yes - autotool file change in adminserver Doc impact: no Index: DSCreate.pm.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/DSCreate.pm.in,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- DSCreate.pm.in 18 Oct 2007 01:41:13 -0000 1.8 +++ DSCreate.pm.in 17 Dec 2007 20:08:46 -0000 1.9 @@ -459,10 +459,14 @@ sub initDatabase { my $inf = shift; + my $istempldif = 0; # If the user has specified an LDIF file to use to initialize the database, # load it now my $ldiffile = $inf->{slapd}->{InstallLdifFile}; - if ($ldiffile && -f $ldiffile) { + if ($ldiffile =~ /none/i) { + debug(1, "No ldif file or org entries specified - no initial database will be created\n"); + return (); + } elsif ($ldiffile && -f $ldiffile) { debug(1, "Loading initial ldif file $ldiffile\n"); } elsif (($inf->{slapd}->{Suffix} =~ /^(.*?)=/) && $suffixTable{$1}) { my @errs; @@ -477,7 +481,8 @@ } my @ldiffiles = ($template, "$inf->{General}->{prefix}@templatedir@/template-baseacis.ldif"); - if (exists($inf->{slapd}->{InstallLdifFile}) and + # default is to create org entries unless explicitly set to none + if (!exists($inf->{slapd}->{InstallLdifFile}) or ($inf->{slapd}->{InstallLdifFile} =~ /suggest/i)) { push @ldiffiles, "$inf->{General}->{prefix}@templatedir@/template.ldif"; } @@ -495,6 +500,7 @@ } # $templdif now contains the ldif to import $ldiffile = $templdif; + $istempldif = 1; } if (!$ldiffile) { return (); @@ -503,8 +509,12 @@ my $cmd = "$inf->{slapd}->{inst_dir}/ldif2db -n userRoot -i \'$ldiffile\'"; $? = 0; # clear error condition my $output = `$cmd 2>&1`; - if ($?) { - return ('error_importing_ldif', $ldiffile, $?, $output); + my $result = $?; + if ($istempldif) { + unlink($ldiffile); + } + if ($result) { + return ('error_importing_ldif', $ldiffile, $result, $output); } debug(1, $output); From fedora-directory-commits at redhat.com Mon Dec 17 20:10:06 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 17 Dec 2007 15:10:06 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/newinst/src dssuffixadmin.map.in, NONE, 1.1 AdminUtil.pm.in, 1.17, 1.18 dirserver.map.in, 1.8, 1.9 Message-ID: <200712172010.lBHKA6Xm020219@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/newinst/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20143/adminserver/admserv/newinst/src Modified Files: AdminUtil.pm.in dirserver.map.in Added Files: dssuffixadmin.map.in Log Message: Resolves: bug 425861 Bug Description: Instance creation through console is broken Reviewed by: nhosoi (Thanks!) Fix Description: This was caused by my fix for bug 420751. When I added the as_uid to fix the ACI for the admin user, I did not add the mapping everywhere it was used. Unfortunately, I found that the code I added it to could only be used with a live connection to the new directory server, not a FileConn to the dse.ldif. So I had to add a new function to add this ACI to the new root suffix after the server had been started. Another problem with instance creation was that the org entries were not being added when creating a new instance in the console. The default should be to create them if nothing else was specified. Another problem was that instance creation was leaving temp ldif files around. I also had to make sure ServerAdminID was specified everywhere it was needed by dirserver.map, or this would also have broken ds_remove. Platforms tested: RHEL5 x86_64 Flag Day: Yes - autotool file change in adminserver Doc impact: no --- NEW FILE dssuffixadmin.map.in --- # BEGIN COPYRIGHT BLOCK # This Program is free software; you can redistribute it and/or modify it under # the terms of the GNU General Public License as published by the Free Software # Foundation; version 2 of the License. # # This Program is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along with # this Program; if not, write to the Free Software Foundation, Inc., 59 Temple # Place, Suite 330, Boston, MA 02111-1307 USA. # # Copyright (C) 2007 Red Hat, Inc. # All rights reserved. # END COPYRIGHT BLOCK # # register_param.map: # This file is used by the register_server.pl script to register the server # info to the Configuration Directory Server. The server info is stored in # the (template) ldif files located in @ldifdir at . In case a server entry has # %...% format parameters, this map table is used to resolve it and replace # the parameter with the value defined in this file. # # [Parameter resolution rules] # * If the right-hand value is in ` (backquote), the value is eval'ed by perl. # The output should be stored in $returnvalue to pass to the internal hash. # * If the right-hand value is in " (doublequote), the value is passed as is. # * If the right-hand value is not in any quote, the value should be found # in either of the setup inf file (static) or the install inf file (dynamic). # * The right-hand value could have the format Key:"default_value". # In this case, Key is searched in the inf files first. # If the Key is not found, the default_value is set. # * Variables surrounded by @ (e.g., @configdir@) are replaced with the # system path at the compile time. # * The right-hand value can contain variables surrounded by % (e.g., %asid%) # which refers the right-hand value (key) of this map file. # fqdn = FullMachineName domain = AdminDomain brand = Brand dsid = ServerIdentifier ds_suffix = Suffix as_uid = ServerAdminID Index: AdminUtil.pm.in =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/AdminUtil.pm.in,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- AdminUtil.pm.in 12 Dec 2007 00:45:39 -0000 1.17 +++ AdminUtil.pm.in 17 Dec 2007 20:10:04 -0000 1.18 @@ -24,13 +24,13 @@ getLocalConfigDS getPset registerDSWithConfigDS registerManyDSWithConfigDS createSubDSNoConn registerScatteredDSWithConfigDS - unregisterDSWithConfigDS isConfigDS); + unregisterDSWithConfigDS isConfigDS addConfigACIsToSubDS); @EXPORT_OK = qw(getAdmConf getConfigDSConn createConfigDS createSubDS updateAdmConf updateAdmpw updateLocalConf importCACert getLocalConfigDS getPset registerDSWithConfigDS registerManyDSWithConfigDS createSubDSNoConn registerScatteredDSWithConfigDS - unregisterDSWithConfigDS isConfigDS); + unregisterDSWithConfigDS isConfigDS addConfigACIsToSubDS); # load perldap use Mozilla::LDAP::Conn; @@ -298,14 +298,15 @@ my $conn = shift; my $inf = shift; my $errs = shift; + my @additionalLdifFiles = @_; # add the o=NetscapeRoot tree using the mapper and ldif templates my @ldiffiles = ('@ldifdir@/12dsconfig.mod.tmpl', '@ldifdir@/13dsschema.mod.tmpl', '@ldifdir@/14dsmonitor.mod.tmpl', - '@ldifdir@/15dspta.ldif.tmpl', - '@ldifdir@/16dssuffixadmin.mod.tmpl' + '@ldifdir@/15dspta.ldif.tmpl' ); + push @ldiffiles, @additionalLdifFiles; my $setupinf = new Inf("@infdir@/setup.inf"); my $admininf = new Inf("@infdir@/admin.inf"); my $dsinf = new Inf("@infdir@/slapd.inf"); @@ -347,7 +348,7 @@ return 0; } - return internalCreateSubDS($conn, $inf, $errs); + return internalCreateSubDS($conn, $inf, $errs, '@ldifdir@/16dssuffixadmin.mod.tmpl'); } # same as createSubDS but works directly on the dse.ldif file itself @@ -363,6 +364,45 @@ return internalCreateSubDS($conn, $inf, $errs); } +sub addConfigACIsToSubDS { + my $inf = shift; + my $errs = shift; + + # open a connection to the directory server + my $conn = new Mozilla::LDAP::Conn($inf->{General}->{FullMachineName}, + $inf->{slapd}->{ServerPort}, + $inf->{slapd}->{RootDN}, + $inf->{slapd}->{RootDNPwd}, + $inf->{General}->{certdir}); + if (!$conn) { + @{$errs} = ('error_connection_failed', $inf->{General}->{FullMachineName}, + $inf->{slapd}->{ServerPort}, $inf->{slapd}->{RootDN}, + $conn->getErrorString()); + return 0; + } + + my @ldiffiles = ('@ldifdir@/16dssuffixadmin.mod.tmpl'); + my $setupinf = new Inf("@infdir@/setup.inf"); + my $admininf = new Inf("@infdir@/admin.inf"); + my $dsinf = new Inf("@infdir@/slapd.inf"); + my $mapper = new Inf("@infdir@/dssuffixadmin.map"); + + $mapper = process_maptbl($mapper, $errs, $inf, $dsinf, $admininf, $setupinf); + if (!$mapper or @{$errs}) { + $conn->close(); + if (!@{$errs}) { + @{$errs} = ('error_creating_configds_maptbl'); + } + return 0; + } + + getMappedEntries($mapper, \@ldiffiles, $errs, \&check_and_add_entry, + [$conn]); + + $conn->close(); + return @{$errs} ? 0 : 1; +} + sub updateAdmConf { my $params = shift; # hashref my $configdir = shift || "@configdir@"; @@ -756,6 +796,12 @@ return 0; } + # need to get the admin uid + if (!$inf->{admin}->{ServerAdminID}) { + my @rdns = ldap_explode_dn($inf->{General}->{ConfigDirectoryAdminID}, 1); + $inf->{admin}->{ServerAdminID} = $rdns[0]; + } + my $instinf; # setup will usually supply everything, but ds_create will not if (!$inf->{slapd}->{RootDNPwd}) { Index: dirserver.map.in =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/dirserver.map.in,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- dirserver.map.in 15 Aug 2007 22:08:14 -0000 1.8 +++ dirserver.map.in 17 Dec 2007 20:10:04 -0000 1.9 @@ -44,6 +44,7 @@ timestamp = `use Time::gmtime; my $gm = gmtime; $returnvalue = sprintf ("%04d%02d%02d%02d%02d%02dZ", 1900+$gm->year, 1+$gm->mon, $gm->mday, $gm->hour, $gm->min, $gm->sec);` asid = `$returnvalue = $mapper->{fqdn}; $returnvalue =~ s/\..*$//;` +as_uid = ServerAdminID as_sie = "cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot" ds_version = Version ds_baseversion = BaseVersion From fedora-directory-commits at redhat.com Mon Dec 17 20:10:07 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 17 Dec 2007 15:10:07 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/cgi-src40 ds_create.in, 1.6, 1.7 Message-ID: <200712172010.lBHKA71S020243@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/cgi-src40 In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20143/adminserver/admserv/cgi-src40 Modified Files: ds_create.in Log Message: Resolves: bug 425861 Bug Description: Instance creation through console is broken Reviewed by: nhosoi (Thanks!) Fix Description: This was caused by my fix for bug 420751. When I added the as_uid to fix the ACI for the admin user, I did not add the mapping everywhere it was used. Unfortunately, I found that the code I added it to could only be used with a live connection to the new directory server, not a FileConn to the dse.ldif. So I had to add a new function to add this ACI to the new root suffix after the server had been started. Another problem with instance creation was that the org entries were not being added when creating a new instance in the console. The default should be to create them if nothing else was specified. Another problem was that instance creation was leaving temp ldif files around. I also had to make sure ServerAdminID was specified everywhere it was needed by dirserver.map, or this would also have broken ds_remove. Platforms tested: RHEL5 x86_64 Flag Day: Yes - autotool file change in adminserver Doc impact: no Index: ds_create.in =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/ds_create.in,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- ds_create.in 6 Nov 2007 18:16:02 -0000 1.6 +++ ds_create.in 17 Dec 2007 20:10:05 -0000 1.7 @@ -21,6 +21,7 @@ use strict; +use Mozilla::LDAP::API qw(ldap_explode_dn); use CGI qw(:cgi :oldstyle_urls); use Inf; use AdminUtil; @@ -45,7 +46,7 @@ my @errs = createDSInstance($inf); if (@errs) { print "Content-type: text/plain\n\n"; - print "NMC_ErrInfo: ", $res->getText(@errs), "\n"; + print "NMC_ErrInfo: \n", $res->getText(@errs), "\n"; print "NMC_Status: 1\n"; exit 1; } @@ -63,28 +64,41 @@ $inf->{General}->{AdminDomain} = $query->param('admin_domain') || $admConf->{AdminDomain}; +# need to get the admin uid +if (!$inf->{admin}->{ServerAdminID}) { + my @rdns = ldap_explode_dn($inf->{General}->{ConfigDirectoryAdminID}, 1); + $inf->{admin}->{ServerAdminID} = $rdns[0]; +} + if (!createSubDSNoConn($inf, \@errs)) { print "Content-type: text/plain\n\n"; - print "NMC_ErrInfo: ", $res->getText(@errs), "\n"; + print "NMC_ErrInfo: \n", $res->getText(@errs), "\n"; print "NMC_Status: 1\n"; exit 1; } my $servid = $query->param('servid'); -if (!defined($start_server) or $start_server) { - $inf->{slapd}->{start_server} = 1; - if (@errs = DSCreate::startServer($inf)) { - print "Content-type: text/plain\n\n"; - print "NMC_ErrInfo: ", $res->getText(@errs), "\n"; - print "NMC_Status: 1\n"; - exit 1; - } +# now start the server +$inf->{slapd}->{start_server} = 1; +if (@errs = DSCreate::startServer($inf)) { + print "Content-type: text/plain\n\n"; + print "NMC_ErrInfo: \n", $res->getText(@errs), "\n"; + print "NMC_Status: 1\n"; + exit 1; +} + +# add the aci that allows the admin user to administer the server +if (!addConfigACIsToSubDS($inf, \@errs)) { + print "Content-type: text/plain\n\n"; + print "NMC_ErrInfo: \n", $res->getText(@errs), "\n"; + print "NMC_Status: 1\n"; + exit 1; } # register the new server with the configuration ds if (!registerDSWithConfigDS($servid, \@errs, $inf)) { print "Content-type: text/plain\n\n"; - print "NMC_ErrInfo: ", $res->getText(@errs), "\n"; + print "NMC_ErrInfo: \n", $res->getText(@errs), "\n"; print "NMC_Status: 1\n"; exit 1; } From fedora-directory-commits at redhat.com Mon Dec 17 20:10:07 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 17 Dec 2007 15:10:07 -0500 Subject: [Fedora-directory-commits] adminserver Makefile.am, 1.37, 1.38 aclocal.m4, 1.36, 1.37 configure, 1.40, 1.41 missing, 1.26, 1.27 install-sh, 1.26, 1.27 Makefile.in, 1.43, 1.44 depcomp, 1.26, 1.27 config.sub, 1.26, 1.27 config.guess, 1.26, 1.27 compile, 1.25, 1.26 Message-ID: <200712172010.lBHKA7oK020236@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20143/adminserver Modified Files: Makefile.am aclocal.m4 configure missing install-sh Makefile.in depcomp config.sub config.guess compile Log Message: Resolves: bug 425861 Bug Description: Instance creation through console is broken Reviewed by: nhosoi (Thanks!) Fix Description: This was caused by my fix for bug 420751. When I added the as_uid to fix the ACI for the admin user, I did not add the mapping everywhere it was used. Unfortunately, I found that the code I added it to could only be used with a live connection to the new directory server, not a FileConn to the dse.ldif. So I had to add a new function to add this ACI to the new root suffix after the server had been started. Another problem with instance creation was that the org entries were not being added when creating a new instance in the console. The default should be to create them if nothing else was specified. Another problem was that instance creation was leaving temp ldif files around. I also had to make sure ServerAdminID was specified everywhere it was needed by dirserver.map, or this would also have broken ds_remove. Platforms tested: RHEL5 x86_64 Flag Day: Yes - autotool file change in adminserver Doc impact: no Index: Makefile.am =================================================================== RCS file: /cvs/dirsec/adminserver/Makefile.am,v retrieving revision 1.37 retrieving revision 1.38 diff -u -r1.37 -r1.38 --- Makefile.am 12 Dec 2007 00:45:38 -0000 1.37 +++ Makefile.am 17 Dec 2007 20:10:04 -0000 1.38 @@ -175,7 +175,8 @@ admserv/newinst/src/adminserver.map \ admserv/newinst/src/dirserver.map \ admserv/newinst/src/asmigrate.map \ - admserv/newinst/src/updateconsoleinfo.map + admserv/newinst/src/updateconsoleinfo.map \ + admserv/newinst/src/dssuffixadmin.map cgibin_PROGRAMS = admpw security ugdsconfig ReadLog start_config_ds \ config statpingserv viewdata dsconfig monreplication restartsrv \ Index: Makefile.in =================================================================== RCS file: /cvs/dirsec/adminserver/Makefile.in,v retrieving revision 1.43 retrieving revision 1.44 diff -u -r1.43 -r1.44 --- Makefile.in 12 Dec 2007 00:45:38 -0000 1.43 +++ Makefile.in 17 Dec 2007 20:10:05 -0000 1.44 @@ -569,7 +569,8 @@ admserv/newinst/src/adminserver.map \ admserv/newinst/src/dirserver.map \ admserv/newinst/src/asmigrate.map \ - admserv/newinst/src/updateconsoleinfo.map + admserv/newinst/src/updateconsoleinfo.map \ + admserv/newinst/src/dssuffixadmin.map cgibin_SCRIPTS = admserv/cgi-src40/ds_create \ admserv/cgi-src40/ds_remove \ From fedora-directory-commits at redhat.com Mon Dec 17 23:49:53 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 17 Dec 2007 18:49:53 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/admin/src/scripts Util.pm.in, 1.15, 1.16 Message-ID: <200712172349.lBHNnrmP014163@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14146/ldapserver/ldap/admin/src/scripts Modified Files: Util.pm.in Log Message: Resolves: bug 425849 Bug Description: migrate-ds-admin.pl spins at 100% cpu Reviewed by: nkinder (Thanks!) Fix Description: It was spinning because inst_dir was not being set, so it kept trying to find the parent directory of a non-existent directory. In migration, the old instance has no instance dir - we will fill that in during instance creation, so just skip it if not set. I also found and fixed another bug in migration with the usage of file_name_is_absolute - have to use the full module name and function name. Platforms tested: RHEL4 32bit and 64bit Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: Util.pm.in =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/Util.pm.in,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- Util.pm.in 14 Dec 2007 17:22:59 -0000 1.15 +++ Util.pm.in 17 Dec 2007 23:49:50 -0000 1.16 @@ -842,7 +842,9 @@ $conn->close(); - print $outfh "inst_dir = $inst_dir\n"; + if ($inst_dir) { + print $outfh "inst_dir = $inst_dir\n"; + } print $outfh "Suffix = $suffix\n"; close $outfh; From fedora-directory-commits at redhat.com Mon Dec 17 23:50:10 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Mon, 17 Dec 2007 18:50:10 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/newinst/src AdminMigration.pm.in, 1.7, 1.8 Message-ID: <200712172350.lBHNoAw2014189@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/newinst/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14172/adminserver/admserv/newinst/src Modified Files: AdminMigration.pm.in Log Message: Resolves: bug 425849 Bug Description: migrate-ds-admin.pl spins at 100% cpu Reviewed by: nkinder (Thanks!) Fix Description: It was spinning because inst_dir was not being set, so it kept trying to find the parent directory of a non-existent directory. In migration, the old instance has no instance dir - we will fill that in during instance creation, so just skip it if not set. I also found and fixed another bug in migration with the usage of file_name_is_absolute - have to use the full module name and function name. Platforms tested: RHEL4 32bit and 64bit Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none Index: AdminMigration.pm.in =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/AdminMigration.pm.in,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- AdminMigration.pm.in 7 Dec 2007 00:09:36 -0000 1.7 +++ AdminMigration.pm.in 17 Dec 2007 23:50:08 -0000 1.8 @@ -34,7 +34,7 @@ use SetupLog; use File::Path; -use File::Spec qw(file_name_is_absolute); +use File::Spec; # tempfiles use File::Temp qw(tempfile tempdir); @@ -485,7 +485,7 @@ # if ldapStart is not an absolute path, we need to add # the directory server instance dir (ServerRoot) to it if ($mig->{inf}->{admin}->{ldapStart} && - !file_name_is_absolute($mig->{inf}->{admin}->{ldapStart})) { + !File::Spec->file_name_is_absolute($mig->{inf}->{admin}->{ldapStart})) { debug(1, "Need to make ldapStart an absolute path - ", $mig->{ServerRoot}, "/", $mig->{inf}->{admin}->{ldapStart}, "\n"); $mig->{inf}->{admin}->{ldapStart} = $mig->{ServerRoot} . "/" . $mig->{inf}->{admin}->{ldapStart}; From fedora-directory-commits at redhat.com Tue Dec 18 19:55:25 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Tue, 18 Dec 2007 14:55:25 -0500 Subject: [Fedora-directory-commits] adminserver configure.ac, 1.23, 1.24 aclocal.m4, 1.37, 1.38 configure, 1.41, 1.42 config.h.in, 1.6, 1.7 missing, 1.27, 1.28 install-sh, 1.27, 1.28 depcomp, 1.27, 1.28 compile, 1.26, 1.27 Makefile.in, 1.44, 1.45 config.sub, 1.27, 1.28 config.guess, 1.27, 1.28 Message-ID: <200712181955.lBIJtPV4014670@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14602/adminserver Modified Files: configure.ac aclocal.m4 configure config.h.in missing install-sh depcomp compile Makefile.in config.sub config.guess Log Message: Resolves: bug 426056 Bug Description: Unable to connect to admin express via SSL - firefox cipher issues? Reviewed by: nkinder, nhosoi (Thanks!) Fix Description: The admin server was defaulting to EXPORT instead of DOMESTIC so was not enabling the domestic ciphers by default. Then when the admin server SSL was configured, it would give it a list of old ciphers not currently supported by Firefox. Also, we are still being affected by Bug 151705 Processed: AS 6.2 Console cipher preferences bug, so when the list of ciphers pops up, you have to make sure all of the SSLv2 ciphers are disabled and the SSLv3 and TLS ciphers you want to use are enabled. I also discovered a problem with the ugdsconfig CGI program - it was being caught by the admldapBuildInfoSSL problem where it tries to use the SIEDN to bind. So I had to use the same hack used in mod_admserv and elsewhere to force it to use the correct bind dn and password. Finally, I updated the list of ciphers in console.conf to reflect the full list of ciphers supported by mod_nss. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no Index: configure.ac =================================================================== RCS file: /cvs/dirsec/adminserver/configure.ac,v retrieving revision 1.23 retrieving revision 1.24 diff -u -r1.23 -r1.24 --- configure.ac 12 Dec 2007 00:45:38 -0000 1.23 +++ configure.ac 18 Dec 2007 19:55:22 -0000 1.24 @@ -102,6 +102,8 @@ m4_include(m4/fhs.m4) +AC_DEFINE([NS_DOMESTIC], [1], [Domestic security level enabled by default]) + # server userid, groupid httpduser=nobody httpdgroup=nobody Index: configure =================================================================== RCS file: /cvs/dirsec/adminserver/configure,v retrieving revision 1.41 retrieving revision 1.42 diff -u -r1.41 -r1.42 --- configure 17 Dec 2007 20:10:05 -0000 1.41 +++ configure 18 Dec 2007 19:55:22 -0000 1.42 @@ -23030,6 +23030,12 @@ fi + +cat >>confdefs.h <<\_ACEOF +#define NS_DOMESTIC 1 +_ACEOF + + # server userid, groupid httpduser=nobody httpdgroup=nobody Index: config.h.in =================================================================== RCS file: /cvs/dirsec/adminserver/config.h.in,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- config.h.in 30 Jul 2007 23:13:45 -0000 1.6 +++ config.h.in 18 Dec 2007 19:55:23 -0000 1.7 @@ -248,6 +248,9 @@ /* Define to 1 if your C compiler doesn't accept -c and -o together. */ #undef NO_MINUS_C_MINUS_O +/* Domestic security level enabled by default */ +#undef NS_DOMESTIC + /* OS version */ #undef OSVERSION From fedora-directory-commits at redhat.com Tue Dec 18 19:55:25 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Tue, 18 Dec 2007 14:55:25 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/cfgstuff console.conf.in, 1.2, 1.3 Message-ID: <200712181955.lBIJtPCp014676@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/cfgstuff In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14602/adminserver/admserv/cfgstuff Modified Files: console.conf.in Log Message: Resolves: bug 426056 Bug Description: Unable to connect to admin express via SSL - firefox cipher issues? Reviewed by: nkinder, nhosoi (Thanks!) Fix Description: The admin server was defaulting to EXPORT instead of DOMESTIC so was not enabling the domestic ciphers by default. Then when the admin server SSL was configured, it would give it a list of old ciphers not currently supported by Firefox. Also, we are still being affected by Bug 151705 Processed: AS 6.2 Console cipher preferences bug, so when the list of ciphers pops up, you have to make sure all of the SSLv2 ciphers are disabled and the SSLv3 and TLS ciphers you want to use are enabled. I also discovered a problem with the ugdsconfig CGI program - it was being caught by the admldapBuildInfoSSL problem where it tries to use the SIEDN to bind. So I had to use the same hack used in mod_admserv and elsewhere to force it to use the correct bind dn and password. Finally, I updated the list of ciphers in console.conf to reflect the full list of ciphers supported by mod_nss. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no Index: console.conf.in =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cfgstuff/console.conf.in,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- console.conf.in 22 Jun 2007 01:34:19 -0000 1.2 +++ console.conf.in 18 Dec 2007 19:55:23 -0000 1.3 @@ -95,7 +95,8 @@ # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_nss documentation for a complete list. -NSSCipherSuite -des,-rc2export,+rc4export,+desede3,+rc4,-rc2,+rsa_rc2_40_md5,+rsa_rc4_128_md5,+rsa_3des_sha,+rsa_rc4_40_md5,+fips_des_sha,+fips_3des_sha,+rsa_des_sha,-rsa_null_md5 +# SSL 3 ciphers. SSL 2 is disabled by default. +NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha NSSProtocol SSLv3,TLSv1 From fedora-directory-commits at redhat.com Tue Dec 18 19:55:25 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Tue, 18 Dec 2007 14:55:25 -0500 Subject: [Fedora-directory-commits] adminserver/admserv/cgi-src40 ugdsconfig.c, 1.9, 1.10 Message-ID: <200712181955.lBIJtP7X014683@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/cgi-src40 In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14602/adminserver/admserv/cgi-src40 Modified Files: ugdsconfig.c Log Message: Resolves: bug 426056 Bug Description: Unable to connect to admin express via SSL - firefox cipher issues? Reviewed by: nkinder, nhosoi (Thanks!) Fix Description: The admin server was defaulting to EXPORT instead of DOMESTIC so was not enabling the domestic ciphers by default. Then when the admin server SSL was configured, it would give it a list of old ciphers not currently supported by Firefox. Also, we are still being affected by Bug 151705 Processed: AS 6.2 Console cipher preferences bug, so when the list of ciphers pops up, you have to make sure all of the SSLv2 ciphers are disabled and the SSLv3 and TLS ciphers you want to use are enabled. I also discovered a problem with the ugdsconfig CGI program - it was being caught by the admldapBuildInfoSSL problem where it tries to use the SIEDN to bind. So I had to use the same hack used in mod_admserv and elsewhere to force it to use the correct bind dn and password. Finally, I updated the list of ciphers in console.conf to reflect the full list of ciphers supported by mod_nss. Platforms tested: RHEL5 x86_64 Flag Day: no Doc impact: no Index: ugdsconfig.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/ugdsconfig.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- ugdsconfig.c 18 Jul 2007 22:10:22 -0000 1.9 +++ ugdsconfig.c 18 Dec 2007 19:55:23 -0000 1.10 @@ -230,20 +230,15 @@ return 0; } - -/* - * Return current U/G directory setting - */ -static void handle_getconfig(const char *configdir, const char *securitydir) +static AdmldapInfo +local_get_admldapinfo(const char *configdir, const char *securitydir) { - char *inforef=NULL, *globaldirurl=NULL, *dirurl=NULL, *binddn=NULL, *bindpw=NULL; AdmldapInfo adminfo; int rc; - logMsg("In handle_getconfig\n"); - if(ADMSSL_InitSimple((char *)configdir, (char *)securitydir, 0)) { - rpt_err(SYSTEM_ERROR, i18nMsg(DBT_ADMSSL_INIT_FAILED,"Cannot initialize SSL"), NULL, NULL); + rpt_err(SYSTEM_ERROR, i18nMsg(DBT_ADMSSL_INIT_FAILED,"Cannot initialize SSL"), NULL, NULL); + return NULL; } adminfo = admldapBuildInfo((char *)configdir, &rc); @@ -251,14 +246,57 @@ logMsg("admldapBuildInfo failed, rc=%d, admroot=%s\n", rc, nonull_value((char *)configdir)); PR_snprintf(error_info, sizeof(error_info), i18nMsg(DBT_BUILD_LDAPINFO,"Failed to build ldap info (err=%d)"), rc); rpt_err(SYSTEM_ERROR, error_info, NULL, NULL); + return NULL; } if (admldapGetSecurity(adminfo)) { - if (!admldapBuildInfoSSL(adminfo, &rc)) { - logMsg("admldapBuildInfo failed, rc=%d, admroot=%s\n", rc, nonull_value((char *)configdir)); - PR_snprintf(error_info, sizeof(error_info), i18nMsg(DBT_BUILD_LDAPINFO,"Failed to build ldap info (err=%d)"), rc); + /* Temporarily override the siedn. This needs to be + * done to get a valid LDAP handle. + */ + char *siedn = NULL; + char *userdn = NULL; + char *siePasswd = NULL; + + /* returned value from ADM_Get... should NOT be freed */ + ADM_GetCurrentPassword(&rc, &siePasswd); /* via PIPE */ + /* if userdn is initialized, override the siedn to make bind succeed */ + ADM_GetUserDNString(&rc, &userdn); + if (strcasecmp(userdn, ADM_NOT_INITIALIZED)) { + siedn = admldapGetSIEDN(adminfo); + admldapSetSIEDN(adminfo, userdn); + admSetCachedSIEPWD(siePasswd); + } + + if (!admldapBuildInfoSSL(adminfo, &rc)) { + logMsg("admldapBuildInfo failed, rc=%d, admroot=%s\n", rc, nonull_value((char *)configdir)); + PR_snprintf(error_info, sizeof(error_info), i18nMsg(DBT_BUILD_LDAPINFO,"Failed to build ldap info (err=%d)"), rc); rpt_err(SYSTEM_ERROR, error_info, NULL, NULL); + return NULL; } + + /* reset if we changed it */ + if (siedn) { + admldapSetSIEDN(adminfo, siedn); + PL_strfree(siedn); + } + } + + return adminfo; +} + +/* + * Return current U/G directory setting + */ +static void handle_getconfig(const char *configdir, const char *securitydir) +{ + char *inforef=NULL, *globaldirurl=NULL, *dirurl=NULL, *binddn=NULL, *bindpw=NULL; + AdmldapInfo adminfo; + int rc; + + logMsg("In handle_getconfig\n"); + + if (!(adminfo = local_get_admldapinfo(configdir, securitydir))) { + return; } if (!admldapGetDomainUserDirectory(adminfo, &globaldirurl, &binddn, &bindpw, &inforef, &rc)) { @@ -305,8 +343,8 @@ logMsg("In handle_setconfig\n"); - if(ADMSSL_InitSimple((char *)configdir, (char *)securitydir, 0)) { - rpt_err(SYSTEM_ERROR, i18nMsg(DBT_ADMSSL_INIT_FAILED,"Cannot initialize SSL"), NULL, NULL); + if (!(adminfo = local_get_admldapinfo(configdir, securitydir))) { + return; } inforef = get_cgi_var( "ugdsconfig.inforef", NULL, NULL ); @@ -319,22 +357,6 @@ logMsg("binddn=%s\n", nonull_value(binddn)); logMsg("bindpw size=%d\n", strlen(nonull_value(bindpw))); - - adminfo = admldapBuildInfo((char *)configdir, &rc); - if (adminfo == NULL) { - logMsg("admldapBuildInfo failed, rc=%d, admroot=%s\n", rc, nonull_value((char *)configdir)); - PR_snprintf(error_info, sizeof(error_info), i18nMsg(DBT_BUILD_LDAPINFO,"Failed to build ldap info (err=%d)"), rc); - rpt_err(SYSTEM_ERROR, error_info, NULL, NULL); - } - - if (admldapGetSecurity(adminfo)) { - if (!admldapBuildInfoSSL(adminfo, &rc)) { - logMsg("admldapBuildInfo failed, rc=%d, admroot=%s\n", rc, nonull_value((char *)configdir)); - PR_snprintf(error_info, sizeof(error_info), i18nMsg(DBT_BUILD_LDAPINFO,"Failed to build ldap info (err=%d)"), rc); - rpt_err(SYSTEM_ERROR, error_info, NULL, NULL); - } - } - if (inforef != NULL) { if (strcasecmp(inforef,"default")==0) { siedn = admldapGetSIEDN(adminfo); From fedora-directory-commits at redhat.com Wed Dec 19 20:07:45 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 19 Dec 2007 15:07:45 -0500 Subject: [Fedora-directory-commits] console idm-console-framework.spec, 1.1, 1.2 Message-ID: <200712192007.lBJK7jVJ009303@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/console In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9286 Modified Files: idm-console-framework.spec Log Message: updated spec for Fedora DS 1.1 release Index: idm-console-framework.spec =================================================================== RCS file: /cvs/dirsec/console/idm-console-framework.spec,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- idm-console-framework.spec 1 Aug 2007 21:29:55 -0000 1.1 +++ idm-console-framework.spec 19 Dec 2007 20:07:43 -0000 1.2 @@ -3,7 +3,7 @@ Name: idm-console-framework Version: %{major_version}.%{minor_version} -Release: 1 +Release: 2%{?dist} Summary: Identity Management Console Framework Group: System Environment/Libraries @@ -54,7 +54,7 @@ rm -rf $RPM_BUILD_ROOT %files -%defattr(-,root,root) +%defattr(-,root,root,-) %{_javadir}/idm-console-base-%{version}.jar %{_javadir}/idm-console-base-%{major_version}.jar %{_javadir}/idm-console-base.jar @@ -72,5 +72,8 @@ %{_javadir}/idm-console-nmclf_en.jar %changelog +* Wed Dec 19 2007 Rich Megginson 1.1.0-2 +- for the fedora ds 1.1 release + * Wed Aug 1 2007 Nathan Kinder 1.1.0-1 - Initial creation (based on old fedora-idm-console package). From fedora-directory-commits at redhat.com Wed Dec 19 20:08:47 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 19 Dec 2007 15:08:47 -0500 Subject: [Fedora-directory-commits] fedora-idm-console fedora-idm-console.spec, 1.2, 1.3 Message-ID: <200712192008.lBJK8lUI009349@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/fedora-idm-console In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9332 Modified Files: fedora-idm-console.spec Log Message: updated spec for Fedora DS 1.1 release Index: fedora-idm-console.spec =================================================================== RCS file: /cvs/dirsec/fedora-idm-console/fedora-idm-console.spec,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- fedora-idm-console.spec 7 Nov 2007 20:38:15 -0000 1.2 +++ fedora-idm-console.spec 19 Dec 2007 20:08:44 -0000 1.3 @@ -3,7 +3,7 @@ Name: fedora-idm-console Version: %{major_version}.%{minor_version} -Release: 4 +Release: 5%{?dist} Summary: Fedora Management Console Group: Applications @@ -11,7 +11,7 @@ URL: http://directory.fedoraproject.org BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -Source: %{name}-%{version}.tar.bz2 +Source: http://directory.fedoraproject.org/sources/%{name}-%{version}.tar.bz2 Requires: idm-console-framework >= 1.1 BuildRequires: ant >= 1.6.2 BuildRequires: ldapjdk @@ -54,6 +54,9 @@ %{_bindir}/%{name} %changelog +* Wed Dec 19 2007 Rich Megginson 1.1.0-5 +- for the Fedora DS 1.1 release + * Thu Oct 25 2007 Nathan Kinder 1.1.0-4 - Removed noarch to ensure we find the 64-bit library. From fedora-directory-commits at redhat.com Wed Dec 19 20:10:29 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 19 Dec 2007 15:10:29 -0500 Subject: [Fedora-directory-commits] console idm-console-framework.spec, 1.2, 1.3 Message-ID: <200712192010.lBJKATSS009420@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/console In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9403 Modified Files: idm-console-framework.spec Log Message: minor tweak to deps and source url Index: idm-console-framework.spec =================================================================== RCS file: /cvs/dirsec/console/idm-console-framework.spec,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- idm-console-framework.spec 19 Dec 2007 20:07:43 -0000 1.2 +++ idm-console-framework.spec 19 Dec 2007 20:10:27 -0000 1.3 @@ -12,12 +12,12 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: noarch -Source: %{name}-%{version}.tar.bz2 +Source: http://directory.fedoraproject.org/sources/%{name}-%{version}.tar.bz2 Requires: ldapjdk -Requires: jss >= 4.2 +Requires: jss BuildRequires: ant >= 1.6.2 BuildRequires: ldapjdk -BuildRequires: jss >= 4.2 +BuildRequires: jss %description A Java Management Console framework used for remote server management. From fedora-directory-commits at redhat.com Wed Dec 19 20:11:33 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 19 Dec 2007 15:11:33 -0500 Subject: [Fedora-directory-commits] directoryconsole fedora-ds-console.spec, 1.4, 1.5 Message-ID: <200712192011.lBJKBXsZ009481@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/directoryconsole In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9464 Modified Files: fedora-ds-console.spec Log Message: updated spec for Fedora DS 1.1 release Index: fedora-ds-console.spec =================================================================== RCS file: /cvs/dirsec/directoryconsole/fedora-ds-console.spec,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- fedora-ds-console.spec 13 Aug 2007 22:28:08 -0000 1.4 +++ fedora-ds-console.spec 19 Dec 2007 20:11:31 -0000 1.5 @@ -6,7 +6,7 @@ Name: fedora-ds-console Version: %{major_version}.%{minor_version} -Release: 4 +Release: 5%{?dist} Summary: Fedora Directory Server Management Console Group: Applications @@ -15,11 +15,11 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: noarch -Source: %{name}-%{version}.tar.bz2 -Requires: %{shortname}-admin >= 1.1 +Source: http://directory.fedoraproject.org/sources/%{name}-%{version}.tar.bz2 +Requires: %{shortname}-admin BuildRequires: ant >= 1.6.2 BuildRequires: ldapjdk -BuildRequires: idm-console-framework >= 1.1 +BuildRequires: idm-console-framework %description A Java based remote management console used for Managing Fedora @@ -67,6 +67,9 @@ %doc %{_datadir}/%{pkgname}/manual/en/slapd/help/*.html %changelog +* Wed Dec 19 2007 Rich Megginson 1.1.0-5 +- This is for the Fedora DS 1.1 release + * Mon Aug 13 2007 Nathan Kinder 1.1.0-4 - Added online help files to package. Use pkgname for filesystem path naming instead of shortname. From fedora-directory-commits at redhat.com Wed Dec 19 20:13:46 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 19 Dec 2007 15:13:46 -0500 Subject: [Fedora-directory-commits] admservconsole fedora-admin-console.spec, 1.4, 1.5 Message-ID: <200712192013.lBJKDkOe009564@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/admservconsole In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9547 Modified Files: fedora-admin-console.spec Log Message: updated spec for Fedora DS 1.1 release Index: fedora-admin-console.spec =================================================================== RCS file: /cvs/dirsec/admservconsole/fedora-admin-console.spec,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- fedora-admin-console.spec 7 Nov 2007 22:07:17 -0000 1.4 +++ fedora-admin-console.spec 19 Dec 2007 20:13:44 -0000 1.5 @@ -7,7 +7,7 @@ Name: fedora-admin-console Version: %{major_version}.%{minor_version} -Release: 3%{?dist} +Release: 4%{?dist} Summary: Fedora Admin Server Management Console Group: Applications @@ -16,11 +16,11 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: noarch -Source: %{name}-%{version}.tar.bz2 -Requires: %{dsname}-admin >= 1.1 +Source: http://directory.fedoraproject.org/sources/%{name}-%{version}.tar.bz2 +Requires: %{dsname}-admin BuildRequires: ant >= 1.6.2 BuildRequires: ldapjdk -BuildRequires: idm-console-framework >= 1.1 +BuildRequires: idm-console-framework %description A Java based remote management console used for Managing Fedora @@ -68,6 +68,9 @@ %doc %{_datadir}/%{pkgname}/manual/en/admin/help/*.html %changelog +* Wed Dec 19 2007 Rich Megginson - 1.1.0-4 +- This is for the Fedora DS 1.1 release + * Thu Oct 25 2007 Rich Megginson - 1.1.0-3 - updated sources - use dirsrv as package name From fedora-directory-commits at redhat.com Wed Dec 19 20:18:37 2007 From: fedora-directory-commits at redhat.com (Richard Allen Megginson (rmeggins)) Date: Wed, 19 Dec 2007 15:18:37 -0500 Subject: [Fedora-directory-commits] ldapserver configure.ac, 1.44, 1.45 aclocal.m4, 1.60, 1.61 configure, 1.77, 1.78 missing, 1.45, 1.46 install-sh, 1.45, 1.46 compile, 1.44, 1.45 depcomp, 1.45, 1.46 Makefile.in, 1.81, 1.82 config.sub, 1.44, 1.45 config.guess, 1.44, 1.45 Message-ID: <200712192018.lBJKIbHT009774@cvs-int.fedora.redhat.com> Author: rmeggins Update of /cvs/dirsec/ldapserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9738 Modified Files: configure.ac aclocal.m4 configure missing install-sh compile depcomp Makefile.in config.sub config.guess Log Message: bump version to 1.1.0 for Fedora DS 1.1 release Index: configure.ac =================================================================== RCS file: /cvs/dirsec/ldapserver/configure.ac,v retrieving revision 1.44 retrieving revision 1.45 diff -u -r1.44 -r1.45 --- configure.ac 7 Nov 2007 15:08:21 -0000 1.44 +++ configure.ac 19 Dec 2007 20:18:34 -0000 1.45 @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) # This version is the version returned by ns-slapd -v -AC_INIT([dirsrv], [1.1.0b2], [http://bugzilla.redhat.com/]) +AC_INIT([dirsrv], [1.1.0], [http://bugzilla.redhat.com/]) # AC_CONFIG_HEADER must be called right after AC_INIT. AC_CONFIG_HEADERS([config.h]) AM_INIT_AUTOMAKE([1.9 foreign subdir-objects]) Index: configure =================================================================== RCS file: /cvs/dirsec/ldapserver/configure,v retrieving revision 1.77 retrieving revision 1.78 diff -u -r1.77 -r1.78 --- configure 7 Nov 2007 15:08:21 -0000 1.77 +++ configure 19 Dec 2007 20:18:34 -0000 1.78 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.59 for dirsrv 1.1.0b2. +# Generated by GNU Autoconf 2.59 for dirsrv 1.1.0. # # Report bugs to . # @@ -423,8 +423,8 @@ # Identity of this package. PACKAGE_NAME='dirsrv' PACKAGE_TARNAME='dirsrv' -PACKAGE_VERSION='1.1.0b2' -PACKAGE_STRING='dirsrv 1.1.0b2' +PACKAGE_VERSION='1.1.0' +PACKAGE_STRING='dirsrv 1.1.0' PACKAGE_BUGREPORT='http://bugzilla.redhat.com/' # Factoring default headers for most tests. @@ -954,7 +954,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures dirsrv 1.1.0b2 to adapt to many kinds of systems. +\`configure' configures dirsrv 1.1.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1020,7 +1020,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of dirsrv 1.1.0b2:";; + short | recursive ) echo "Configuration of dirsrv 1.1.0:";; esac cat <<\_ACEOF @@ -1201,7 +1201,7 @@ test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF -dirsrv configure 1.1.0b2 +dirsrv configure 1.1.0 generated by GNU Autoconf 2.59 Copyright (C) 2003 Free Software Foundation, Inc. @@ -1215,7 +1215,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by dirsrv $as_me 1.1.0b2, which was +It was created by dirsrv $as_me 1.1.0, which was generated by GNU Autoconf 2.59. Invocation command line was $ $0 $@ @@ -1861,7 +1861,7 @@ # Define the identity of the package. PACKAGE='dirsrv' - VERSION='1.1.0b2' + VERSION='1.1.0' cat >>confdefs.h <<_ACEOF @@ -25741,7 +25741,7 @@ } >&5 cat >&5 <<_CSEOF -This file was extended by dirsrv $as_me 1.1.0b2, which was +This file was extended by dirsrv $as_me 1.1.0, which was generated by GNU Autoconf 2.59. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -25804,7 +25804,7 @@ cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -dirsrv config.status 1.1.0b2 +dirsrv config.status 1.1.0 configured by $0, generated by GNU Autoconf 2.59, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" From fedora-directory-commits at redhat.com Fri Dec 21 00:03:48 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 20 Dec 2007 19:03:48 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/acl acllas.c, 1.5, 1.5.2.1 aclanom.c, 1.5, 1.5.2.1 Message-ID: <200712210003.lBL03mpt025880@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/acl In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24843/plugins/acl Modified Files: Tag: Directory71RtmBranch acllas.c aclanom.c Log Message: Resolves: #297221 Summary: rhds71 Malformed Dynamic Authorization Group makes Directory Server Crash Note: applying the fixes in HEAD to Directory71RtmBranch Index: acllas.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/acl/acllas.c,v retrieving revision 1.5 retrieving revision 1.5.2.1 diff -u -r1.5 -r1.5.2.1 --- acllas.c 19 Apr 2005 22:07:28 -0000 1.5 +++ acllas.c 21 Dec 2007 00:03:45 -0000 1.5.2.1 @@ -3027,9 +3027,17 @@ /* Convert the filter string */ f = slapi_str2filter ( ludp->lud_filter ); + if (ludp->lud_filter && (f == NULL)) { /* bogus filter */ + slapi_log_error(SLAPI_LOG_FATAL, plugin_name, + "DS_LASUserAttrEval: The member URL search filter in entry [%s] is not valid: [%s]\n", + n_clientdn, ludp->lud_filter); + ldap_free_urldesc( ludp ); + return ACL_FALSE; + } + rc = ACL_TRUE; - if (0 != slapi_vattr_filter_test ( aclpb->aclpb_pblock, - aclpb->aclpb_client_entry, f, 0 /* no acces chk */ )) + if (f && (0 != slapi_vattr_filter_test ( aclpb->aclpb_pblock, + aclpb->aclpb_client_entry, f, 0 /* no acces chk */ ))) rc = ACL_FALSE; ldap_free_urldesc( ludp ); @@ -3844,6 +3852,8 @@ int rc = ACL_FALSE; Slapi_Filter *f = NULL; + PR_ASSERT(str); + if ((f = slapi_str2filter(str)) == NULL) { slapi_log_error(SLAPI_LOG_FATAL, plugin_name, "Warning: Bad targetfilter(%s) in aci: does not match\n", str); Index: aclanom.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/acl/aclanom.c,v retrieving revision 1.5 retrieving revision 1.5.2.1 diff -u -r1.5 -r1.5.2.1 --- aclanom.c 19 Apr 2005 22:07:28 -0000 1.5 +++ aclanom.c 21 Dec 2007 00:03:45 -0000 1.5.2.1 @@ -233,8 +233,16 @@ } a_profile->anom_targetinfo[a_numacl].anom_filter = NULL; - if ( aci->targetFilterStr ) + if ( aci->targetFilterStr ) { a_profile->anom_targetinfo[a_numacl].anom_filter = slapi_str2filter ( aci->targetFilterStr ); + if (NULL == a_profile->anom_targetinfo[a_numacl].anom_filter) { + const char *dn = slapi_sdn_get_dn ( aci->aci_sdn ); + slapi_log_error(SLAPI_LOG_FATAL, plugin_name, + "Error: invalid filter [%s] in anonymous aci in entry [%s]\n", + aci->targetFilterStr, dn); + goto cleanup; + } + } i = 0; srcattrArray = aci->targetAttr; From fedora-directory-commits at redhat.com Fri Dec 21 00:03:48 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 20 Dec 2007 19:03:48 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/plugins/statechange statechange.c, 1.5, 1.5.2.1 Message-ID: <200712210003.lBL03mD6025886@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/statechange In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24843/plugins/statechange Modified Files: Tag: Directory71RtmBranch statechange.c Log Message: Resolves: #297221 Summary: rhds71 Malformed Dynamic Authorization Group makes Directory Server Crash Note: applying the fixes in HEAD to Directory71RtmBranch Index: statechange.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/statechange/statechange.c,v retrieving revision 1.5 retrieving revision 1.5.2.1 diff -u -r1.5 -r1.5.2.1 --- statechange.c 19 Apr 2005 22:07:35 -0000 1.5 +++ statechange.c 21 Dec 2007 00:03:46 -0000 1.5.2.1 @@ -326,7 +326,20 @@ item->dn = 0; item->filter = slapi_ch_strdup(filter); item->caller_data = caller_data; - item->realfilter = slapi_str2filter(writable_filter); + if (writable_filter && + (NULL == (item->realfilter = slapi_str2filter(writable_filter)))) { + slapi_log_error(SLAPI_LOG_FATAL, SCN_PLUGIN_SUBSYSTEM, + "Error: invalid filter in statechange entry [%s]: [%s]\n", + dn, filter); + slapi_ch_free_string(&item->caller_id); + slapi_ch_free_string(&item->dn); + slapi_ch_free_string(&item->filter); + slapi_ch_free_string(&writable_filter); + slapi_ch_free((void **)&item); + return -1; + } else if (!writable_filter) { + item->realfilter = NULL; + } item->func = func; slapi_lock_mutex(buffer_lock); From fedora-directory-commits at redhat.com Fri Dec 21 00:03:48 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Thu, 20 Dec 2007 19:03:48 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd index_subsystem.c, 1.5, 1.5.2.1 plugin_internal_op.c, 1.5, 1.5.2.1 Message-ID: <200712210003.lBL03mkC025893@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24843/slapd Modified Files: Tag: Directory71RtmBranch index_subsystem.c plugin_internal_op.c Log Message: Resolves: #297221 Summary: rhds71 Malformed Dynamic Authorization Group makes Directory Server Crash Note: applying the fixes in HEAD to Directory71RtmBranch Index: index_subsystem.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/index_subsystem.c,v retrieving revision 1.5 retrieving revision 1.5.2.1 diff -u -r1.5 -r1.5.2.1 --- index_subsystem.c 19 Apr 2005 22:07:36 -0000 1.5 +++ index_subsystem.c 21 Dec 2007 00:03:46 -0000 1.5.2.1 @@ -1029,7 +1029,7 @@ Slapi_Filter *tmp_f = slapi_str2filter(registration_item->index_filter); Slapi_Backend *be; - if(!theCache) + if(!theCache || !tmp_f) return -1; index_subsys_write_lock(); Index: plugin_internal_op.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/plugin_internal_op.c,v retrieving revision 1.5 retrieving revision 1.5.2.1 diff -u -r1.5 -r1.5.2.1 --- plugin_internal_op.c 19 Apr 2005 22:07:36 -0000 1.5 +++ plugin_internal_op.c 21 Dec 2007 00:03:46 -0000 1.5.2.1 @@ -717,7 +717,7 @@ op->o_search_entry_handler = internal_srch_entry_callback; op->o_search_referral_handler = internal_ref_entry_callback; - filter = slapi_str2filter(ifstr ? (fstr = slapi_ch_strdup(ifstr)) : ""); + filter = slapi_str2filter(ifstr ? (fstr = slapi_ch_strdup(ifstr)) : NULL); if(scope == LDAP_SCOPE_BASE) filter->f_flags |= (SLAPI_FILTER_LDAPSUBENTRY | SLAPI_FILTER_TOMBSTONE); if (NULL == filter) { From fedora-directory-commits at redhat.com Fri Dec 21 17:38:50 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 21 Dec 2007 12:38:50 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd ava.c, 1.4.2.1, 1.4.2.2 Message-ID: <200712211738.lBLHcoY8008743@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8637 Modified Files: Tag: Directory71RtmBranch ava.c Log Message: Resolves: #247725 Summary: rhds71 Invalid LDIF Syntax crashes directory server Note: applying the fixes in HEAD to Directory71RtmBranch Index: ava.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/ava.c,v retrieving revision 1.4.2.1 retrieving revision 1.4.2.2 diff -u -r1.4.2.1 -r1.4.2.2 --- ava.c 2 Mar 2006 01:12:25 -0000 1.4.2.1 +++ ava.c 21 Dec 2007 17:38:48 -0000 1.4.2.2 @@ -108,7 +108,7 @@ strcpy_special_undo( char *d, const char *s ) { const char *end = s + strlen(s); - for ( ; *s; s++ ) + for ( ; s < end && *s; s++ ) { switch ( *s ) { From fedora-directory-commits at redhat.com Fri Dec 21 21:35:10 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 21 Dec 2007 16:35:10 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd log.h, 1.4, 1.4.2.1 log.c, 1.6.2.4, 1.6.2.5 Message-ID: <200712212135.lBLLZAUZ011581@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11544 Modified Files: Tag: Directory71RtmBranch log.h log.c Log Message: Resolves: #202890 Summary: 202890: Crash at startup with 0kB rotationinfo files Note: applying the fixes in HEAD to Directory71RtmBranch Index: log.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/log.h,v retrieving revision 1.4 retrieving revision 1.4.2.1 diff -u -r1.4 -r1.4.2.1 --- log.h 19 Apr 2005 22:07:36 -0000 1.4 +++ log.h 21 Dec 2007 21:35:08 -0000 1.4.2.1 @@ -69,6 +69,7 @@ #define LOG_EXCEEDED 2 /*err: > max logs allowed */ #define LOG_ROTATE 3 /*ok; go to the next log */ #define LOG_UNABLE_TO_OPENFILE 4 +#define LOG_DONE 5 #define LOG_UNIT_UNKNOWN 0 #define LOG_UNIT_MONTHS 1 @@ -91,6 +92,8 @@ #define LOG_BUFFER_MAXSIZE 512 * 1024 +#define PREVLOGFILE "Previous Log File:" + /* see log.c for why this is done */ #ifdef XP_WIN32 typedef FILE *LOGFD; Index: log.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/log.c,v retrieving revision 1.6.2.4 retrieving revision 1.6.2.5 diff -u -r1.6.2.4 -r1.6.2.5 --- log.c 19 Mar 2006 18:37:45 -0000 1.6.2.4 +++ log.c 21 Dec 2007 21:35:08 -0000 1.6.2.5 @@ -58,6 +58,9 @@ #include "proto-ntutil.h" extern HANDLE hSlapdEventSource; extern LPTSTR pszServerName; +#define _PSEP '\\' +#else +#define _PSEP '/' #endif /************************************************************************** * GLOBALS, defines, and ... @@ -114,12 +117,14 @@ static int log__error_rotationinfof(char *pathname); static int log__audit_rotationinfof(char *pathname); static int log__extract_logheader (FILE *fp, long *f_ctime, int *f_size); +static int log__check_prevlogs (FILE *fp, char *filename); static int log__getfilesize(LOGFD fp); static int log__enough_freespace(char *path); static int vslapd_log_error(LOGFD fp, char *subsystem, char *fmt, va_list ap ); static int vslapd_log_access(char *fmt, va_list ap ); static void log_convert_time (time_t ctime, char *tbuf, int type); +static time_t log_reverse_convert_time (char *tbuf); static LogBufferInfo *log_create_buffer(size_t sz); static void log_append_buffer2(time_t tnl, LogBufferInfo *lbi, char *msg1, size_t size1, char *msg2, size_t size2); static void log_flush_buffer(LogBufferInfo *lbi, int type, int sync_now); @@ -2128,8 +2133,8 @@ logp = loginfo.log_access_logchain; while ( logp) { log_convert_time (logp->l_ctime, tbuf, 1 /*short*/); - PR_snprintf(buffer, sizeof(buffer), "LOGINFO:Previous Log File:%s.%s (%lu) (%u)\n", - loginfo.log_access_file, tbuf, logp->l_ctime, logp->l_size); + PR_snprintf(buffer, sizeof(buffer), "LOGINFO:%s%s.%s (%lu) (%u)\n", + PREVLOGFILE, loginfo.log_access_file, tbuf, logp->l_ctime, logp->l_size); LOG_WRITE(fpinfo, buffer, strlen(buffer), 0); logp = logp->l_next; } @@ -2429,6 +2434,130 @@ return 1; } + +#define ERRORSLOG 1 +#define ACCESSLOG 2 +#define AUDITLOG 3 + +static int +log__fix_rotationinfof(char *pathname) +{ + char *logsdir = NULL; + time_t now; + PRDir *dirptr = NULL; + PRDirEntry *dirent = NULL; + PRDirFlags dirflags = PR_SKIP_BOTH & PR_SKIP_HIDDEN; + char *log_type = NULL; + int log_type_id; + int rval = LOG_ERROR; + char *p; + + /* rotation info file is broken; can't trust the contents */ + time (&now); + loginfo.log_error_ctime = now; + logsdir = slapi_ch_strdup(pathname); + p = strrchr(logsdir, _PSEP); + if (NULL == p) /* pathname is not path/filename.rotationinfo; do nothing */ + goto done; + + *p = '\0'; + log_type = ++p; + p = strchr(log_type, '.'); + if (NULL == p) /* file is not rotationinfo; do nothing */ + goto done; + *p = '\0'; + + if (0 == strcmp(log_type, "errors")) + log_type_id = ERRORSLOG; + else if (0 == strcmp(log_type, "access")) + log_type_id = ACCESSLOG; + else if (0 == strcmp(log_type, "audit")) + log_type_id = AUDITLOG; + else + goto done; /* file is not errors nor access nor audit; do nothing */ + + if (!(dirptr = PR_OpenDir(logsdir))) + goto done; + + switch (log_type_id) { + case ERRORSLOG: + loginfo.log_numof_error_logs = 0; + loginfo.log_error_logchain = NULL; + break; + case ACCESSLOG: + loginfo.log_numof_access_logs = 0; + loginfo.log_access_logchain = NULL; + break; + case AUDITLOG: + loginfo.log_numof_audit_logs = 0; + loginfo.log_audit_logchain = NULL; + break; + } + /* read the directory entries into a linked list */ + for (dirent = PR_ReadDir(dirptr, dirflags); dirent ; + dirent = PR_ReadDir(dirptr, dirflags)) { + if (0 == strcmp(log_type, dirent->name)) { + switch (log_type_id) { + case ERRORSLOG: + loginfo.log_numof_error_logs++; + break; + case ACCESSLOG: + loginfo.log_numof_access_logs++; + break; + case AUDITLOG: + loginfo.log_numof_audit_logs++; + break; + } + } else if (0 == strncmp(log_type, dirent->name, strlen(log_type)) && + (p = strrchr(dirent->name, '.')) != NULL && + 15 == strlen(++p) && + NULL != strchr(p, '-')) { /* e.g., errors.20051123-165135 */ + struct logfileinfo *logp; + char *q; + int ignoreit = 0; + + for (q = p; q && *q; q++) { + if (*q != '-' && !isdigit(*q)) + ignoreit = 1; + } + if (ignoreit) + continue; + + logp = (struct logfileinfo *) slapi_ch_malloc (sizeof (struct logfileinfo)); + logp->l_ctime = log_reverse_convert_time(p); + switch (log_type_id) { + case ERRORSLOG: + logp->l_size = loginfo.log_error_maxlogsize; /* dummy */ + logp->l_next = loginfo.log_error_logchain; + loginfo.log_error_logchain = logp; + loginfo.log_numof_error_logs++; + break; + case ACCESSLOG: + logp->l_size = loginfo.log_access_maxlogsize; + logp->l_next = loginfo.log_access_logchain; + loginfo.log_access_logchain = logp; + loginfo.log_numof_access_logs++; + break; + case AUDITLOG: + logp->l_size =loginfo.log_audit_maxlogsize; + logp->l_next = loginfo.log_audit_logchain; + loginfo.log_audit_logchain = logp; + loginfo.log_numof_audit_logs++; + break; + } + } + } + rval = LOG_SUCCESS; +done: + if (NULL != dirptr) + PR_CloseDir(dirptr); + slapi_ch_free_string(&logsdir); + return rval; +} +#undef ERRORSLOG +#undef ACCESSLOG +#undef AUDITLOG + /****************************************************************************** * log__access_rotationinfof * @@ -2445,8 +2574,8 @@ int main_log = 1; time_t now; FILE *fp; + int rval, logfile_type = LOGFILE_REOPENED; - /* ** Okay -- I confess, we want to use NSPR calls but I want to ** use fgets and not use PR_Read() and implement a complicated @@ -2464,7 +2593,7 @@ ** We have reopened the log access file. Now we need to read the ** log file info and update the values. */ - while (log__extract_logheader(fp, &f_ctime, &f_size) == LOG_CONTINUE) { + while ((rval = log__extract_logheader(fp, &f_ctime, &f_size)) == LOG_CONTINUE) { /* first we would get the main log info */ if (f_ctime == 0 && f_size == 0) continue; @@ -2497,16 +2626,94 @@ } loginfo.log_numof_access_logs++; } + if (LOG_DONE == rval) + rval = log__check_prevlogs(fp, pathname); + fclose (fp); + + if (LOG_ERROR == rval) + if (LOG_SUCCESS == log__fix_rotationinfof(pathname)) + logfile_type = LOGFILE_NEW; /* Check if there is a rotation overdue */ if (loginfo.log_access_rotationsync_enabled && loginfo.log_access_rotationunit != LOG_UNIT_HOURS && loginfo.log_access_rotationunit != LOG_UNIT_MINS && - loginfo.log_access_ctime < loginfo.log_access_rotationsyncclock - loginfo.log_access_rotationtime_secs) { - loginfo.log_access_rotationsyncclock -= loginfo.log_access_rotationtime_secs; + loginfo.log_access_ctime < loginfo.log_access_rotationsyncclock - PR_ABS(loginfo.log_access_rotationtime_secs)) { + loginfo.log_access_rotationsyncclock -= PR_ABS(loginfo.log_access_rotationtime_secs); } - fclose (fp); - return LOGFILE_REOPENED; + return logfile_type; +} + +/* +* log__check_prevlogs +* +* check if a given prev log file (e.g., /opt/fedora-ds/slapd-fe/logs/errors.20051201-101347) +* is found in the rotationinfo file. +*/ +static int +log__check_prevlogs (FILE *fp, char *pathname) +{ + char buf[BUFSIZ], *p; + char *logsdir = NULL; + int rval = LOG_CONTINUE; + char *log_type = NULL; + PRDir *dirptr = NULL; + PRDirEntry *dirent = NULL; + PRDirFlags dirflags = PR_SKIP_BOTH & PR_SKIP_HIDDEN; + + logsdir = slapi_ch_strdup(pathname); + p = strrchr(logsdir, _PSEP); + if (NULL == p) /* pathname is not path/filename.rotationinfo; do nothing */ + goto done; + + *p = '\0'; + log_type = ++p; + p = strchr(log_type, '.'); + if (NULL == p) /* file is not rotationinfo; do nothing */ + goto done; + *p = '\0'; + + if (0 != strcmp(log_type, "errors") && + 0 != strcmp(log_type, "access") && + 0 != strcmp(log_type, "audit")) + goto done; /* file is not errors nor access nor audit; do nothing */ + + if (!(dirptr = PR_OpenDir(logsdir))) + goto done; + + for (dirent = PR_ReadDir(dirptr, dirflags); dirent ; + dirent = PR_ReadDir(dirptr, dirflags)) { + if (0 == strncmp(log_type, dirent->name, strlen(log_type)) && + (p = strrchr(dirent->name, '.')) != NULL && + 15 == strlen(++p) && + NULL != strchr(p, '-')) { /* e.g., errors.20051123-165135 */ + char *q; + int ignoreit = 0; + + for (q = p; q && *q; q++) { + if (*q != '-' && !isdigit(*q)) + ignoreit = 1; + } + if (ignoreit) + continue; + + fseek(fp, 0 ,SEEK_SET); + buf[BUFSIZ-1] = '\0'; + while (fgets(buf, BUFSIZ - 1, fp)) { + if (strstr(buf, dirent->name)) { + rval = LOG_CONTINUE; /* found in .rotationinfo */ + continue; + } + } + rval = LOG_ERROR; /* not found in .rotationinfo */ + break; + } + } +done: + if (NULL != dirptr) + PR_CloseDir(dirptr); + slapi_ch_free_string(&logsdir); + return rval; } /****************************************************************************** @@ -2528,8 +2735,9 @@ if ( fp == NULL) return LOG_ERROR; - if (fgets(buf, BUFSIZ, fp) == NULL) { - return LOG_ERROR; + buf[BUFSIZ-1] = '\0'; /* for safety */ + if (fgets(buf, BUFSIZ - 1, fp) == NULL) { + return LOG_DONE; } if ((p=strstr(buf, "LOGINFO")) == NULL) { @@ -2568,6 +2776,23 @@ /* Now p must hold the size value */ *f_size = atoi(p); + /* check if the Previous Log file really exists */ + if ((p = strstr(buf, PREVLOGFILE)) != NULL) { + p += strlen(PREVLOGFILE); + s = strchr(p, ' '); + if (NULL == s) { + s = strchr(p, '('); + if (NULL != s) { + *s = '\0'; + } + } else { + *s = '\0'; + } + if (PR_SUCCESS != PR_Access(p, PR_ACCESS_EXISTS)) { + return LOG_ERROR; + } + } + return LOG_CONTINUE; } @@ -2719,13 +2944,17 @@ default: return NULL; } - list = (char **) slapi_ch_calloc(1, num * sizeof(char *)); + list = (char **) slapi_ch_calloc(1, (num + 1) * sizeof(char *)); i = 0; while (logp) { log_convert_time (logp->l_ctime, tbuf, 1 /*short */); PR_snprintf(buf, sizeof(buf), "%s.%s", file, tbuf); list[i] = slapi_ch_strdup(buf); i++; + if (i == num) { /* mismatch b/w num and logchain; + cut the chain and save the process */ + break; + } logp = logp->l_next; } list[i] = NULL; @@ -3066,7 +3295,7 @@ int main_log = 1; time_t now; FILE *fp; - + int rval, logfile_type = LOGFILE_REOPENED; /* ** Okay -- I confess, we want to use NSPR calls but I want to @@ -3085,7 +3314,7 @@ ** We have reopened the log error file. Now we need to read the ** log file info and update the values. */ - while (log__extract_logheader(fp, &f_ctime, &f_size) == LOG_CONTINUE) { + while ((rval = log__extract_logheader(fp, &f_ctime, &f_size)) == LOG_CONTINUE) { /* first we would get the main log info */ if (f_ctime == 0 && f_size == 0) continue; @@ -3118,17 +3347,23 @@ } loginfo.log_numof_error_logs++; } + if (LOG_DONE == rval) + rval = log__check_prevlogs(fp, pathname); + fclose (fp); + + if (LOG_ERROR == rval) + if (LOG_SUCCESS == log__fix_rotationinfof(pathname)) + logfile_type = LOGFILE_NEW; /* Check if there is a rotation overdue */ if (loginfo.log_error_rotationsync_enabled && loginfo.log_error_rotationunit != LOG_UNIT_HOURS && loginfo.log_error_rotationunit != LOG_UNIT_MINS && - loginfo.log_error_ctime < loginfo.log_error_rotationsyncclock - loginfo.log_error_rotationtime_secs) { - loginfo.log_error_rotationsyncclock -= loginfo.log_error_rotationtime_secs; + loginfo.log_error_ctime < loginfo.log_error_rotationsyncclock - PR_ABS(loginfo.log_error_rotationtime_secs)) { + loginfo.log_error_rotationsyncclock -= PR_ABS(loginfo.log_error_rotationtime_secs); } - fclose (fp); - return LOGFILE_REOPENED; + return logfile_type; } /****************************************************************************** @@ -3147,7 +3382,7 @@ int main_log = 1; time_t now; FILE *fp; - + int rval, logfile_type = LOGFILE_REOPENED; /* ** Okay -- I confess, we want to use NSPR calls but I want to @@ -3166,7 +3401,7 @@ ** We have reopened the log audit file. Now we need to read the ** log file info and update the values. */ - while (log__extract_logheader(fp, &f_ctime, &f_size) == LOG_CONTINUE) { + while ((rval = log__extract_logheader(fp, &f_ctime, &f_size)) == LOG_CONTINUE) { /* first we would get the main log info */ if (f_ctime == 0 && f_size == 0) continue; @@ -3199,17 +3434,23 @@ } loginfo.log_numof_audit_logs++; } + if (LOG_DONE == rval) + rval = log__check_prevlogs(fp, pathname); + fclose (fp); + + if (LOG_ERROR == rval) + if (LOG_SUCCESS == log__fix_rotationinfof(pathname)) + logfile_type = LOGFILE_NEW; /* Check if there is a rotation overdue */ if (loginfo.log_audit_rotationsync_enabled && loginfo.log_audit_rotationunit != LOG_UNIT_HOURS && loginfo.log_audit_rotationunit != LOG_UNIT_MINS && - loginfo.log_audit_ctime < loginfo.log_audit_rotationsyncclock - loginfo.log_audit_rotationtime_secs) { - loginfo.log_audit_rotationsyncclock -= loginfo.log_audit_rotationtime_secs; + loginfo.log_audit_ctime < loginfo.log_audit_rotationsyncclock - PR_ABS(loginfo.log_audit_rotationtime_secs)) { + loginfo.log_audit_rotationsyncclock -= PR_ABS(loginfo.log_audit_rotationtime_secs); } - fclose (fp); - return LOGFILE_REOPENED; + return logfile_type; } /****************************************************************************** @@ -3336,8 +3577,8 @@ logp = loginfo.log_error_logchain; while ( logp) { log_convert_time (logp->l_ctime, tbuf, 1 /*short */); - PR_snprintf(buffer, sizeof(buffer), "LOGINFO:Previous Log File:%s.%s (%lu) (%u)\n", - loginfo.log_error_file, tbuf, logp->l_ctime, logp->l_size); + PR_snprintf(buffer, sizeof(buffer), "LOGINFO:%s%s.%s (%lu) (%u)\n", + PREVLOGFILE, loginfo.log_error_file, tbuf, logp->l_ctime, logp->l_size); LOG_WRITE(fpinfo, buffer, strlen(buffer), 0); logp = logp->l_next; } @@ -3457,8 +3698,8 @@ logp = loginfo.log_audit_logchain; while ( logp) { log_convert_time (logp->l_ctime, tbuf, 1 /*short */); - PR_snprintf(buffer, sizeof(buffer), "LOGINFO:Previous Log File:%s.%s (%d) (%d)\n", - loginfo.log_audit_file, tbuf, (int)logp->l_ctime, logp->l_size); + PR_snprintf(buffer, sizeof(buffer), "LOGINFO:%s%s.%s (%d) (%d)\n", + PREVLOGFILE, loginfo.log_audit_file, tbuf, (int)logp->l_ctime, logp->l_size); LOG_WRITE(fpinfo, buffer, strlen(buffer), 0); logp = logp->l_next; } @@ -3629,7 +3870,6 @@ static void log_convert_time (time_t ctime, char *tbuf, int type) { - struct tm *tmsp, tms; #ifdef _WIN32 @@ -3649,6 +3889,27 @@ } +/* + * log_reverse_convert_time + * convert the given string formatted time (output from log_convert_time) + * into time_t + */ +static time_t +log_reverse_convert_time(char *tbuf) +{ + struct tm tm; + + if (strchr(tbuf, '-')) { /* short format */ + strptime(tbuf, "%Y%m%d-%H%M%S", &tm); + } else if (strchr(tbuf, '/') && strchr(tbuf, ':')) { /* long format */ + strptime(tbuf, "%d/%b/%Y:%H:%M:%S", &tm); + } else { + return 0; + } + + return mktime(&tm); +} + int check_log_max_size( char *maxdiskspace_str, char *mlogsize_str, From fedora-directory-commits at redhat.com Sat Dec 22 00:32:10 2007 From: fedora-directory-commits at redhat.com (Noriko Hosoi (nhosoi)) Date: Fri, 21 Dec 2007 19:32:10 -0500 Subject: [Fedora-directory-commits] ldapserver/ldap/servers/slapd pw_mgmt.c, 1.6, 1.6.2.1 Message-ID: <200712220032.lBM0WAmP005882@cvs-int.fedora.redhat.com> Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5623 Modified Files: Tag: Directory71RtmBranch pw_mgmt.c Log Message: Resolves: #229513 Summary: CRM #1160370 RHDS does not reset passwordRetryCount to 0 upon a successful BIND Note: applying the fixes in HEAD to Directory71RtmBranch Index: pw_mgmt.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/pw_mgmt.c,v retrieving revision 1.6 retrieving revision 1.6.2.1 diff -u -r1.6 -r1.6.2.1 --- pw_mgmt.c 19 Apr 2005 22:07:36 -0000 1.6 +++ pw_mgmt.c 22 Dec 2007 00:32:08 -0000 1.6.2.1 @@ -67,9 +67,9 @@ pwpolicy = new_passwdPolicy(pb, dn); /* after the user binds with authentication, clear the retry count */ - if ( pwpolicy->pw_lockout == 1) + if (pwpolicy->pw_lockout == 1) { - if(slapi_entry_attr_get_int( e, "passwordRetryCount") > 0) + if(slapi_entry_attr_get_int(e, "passwordRetryCount") > 0) { slapi_mods_add_string(&smods, LDAP_MOD_REPLACE, "passwordRetryCount", "0"); } @@ -90,12 +90,14 @@ pw_exp_date = time_plus_sec ( cur_time, pwpolicy->pw_maxage ); - timestring = format_genTime (pw_exp_date); + timestring = format_genTime (pw_exp_date); slapi_mods_add_string(&smods, LDAP_MOD_REPLACE, "passwordExpirationTime", timestring); slapi_ch_free((void **)×tring); slapi_mods_add_string(&smods, LDAP_MOD_REPLACE, "passwordExpWarned", "0"); pw_apply_mods(dn, &smods); + } else if (pwpolicy->pw_lockout == 1) { + pw_apply_mods(dn, &smods); } slapi_mods_done(&smods); delete_passwdPolicy(&pwpolicy); @@ -104,7 +106,7 @@ pw_exp_date = parse_genTime(passwordExpirationTime); - slapi_ch_free((void**)&passwordExpirationTime); + slapi_ch_free((void**)&passwordExpirationTime); /* Check if password has been reset */ if ( pw_exp_date == NO_TIME ) {