[Fedora-directory-commits] adminutil/lib/libadmsslutil Makefile, 1.4, 1.5 psetcssl.c, 1.1.1.1, 1.2
Noriko Hosoi (nhosoi)
fedora-directory-commits at redhat.com
Thu May 11 23:30:39 UTC 2006
- Previous message (by thread): [Fedora-directory-commits] adminutil/lib/libadminutil Makefile, 1.7, 1.8 admutil.c, 1.3, 1.4 admutil_pvt.h, 1.1.1.1, 1.2 psetc.c, 1.2, 1.3 uginfo.c, 1.2, 1.3
- Next message (by thread): [Fedora-directory-commits] mod_admserv mod_admserv.c,1.22,1.23
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nhosoi
Update of /cvs/dirsec/adminutil/lib/libadmsslutil
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17686/lib/libadmsslutil
Modified Files:
Makefile psetcssl.c
Log Message:
[161099] admin passwd in clear text in adm.conf
1) sie password is no longer stored in adm.conf. Instead, get it from client
via PIPE.
2) added subordinate functions: admldapGetXXX to retrieve ldap handle,
directory URL, and userDN.
3) updated Makefiles to clean up the old files from the previous make.
4) increased the buffer size to read in the local cache files.
Index: Makefile
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/Makefile,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- Makefile 22 Feb 2006 21:45:37 -0000 1.4
+++ Makefile 11 May 2006 23:30:32 -0000 1.5
@@ -99,8 +99,8 @@
$(SO_LIB): $(OBJS)
rm -f $@
$(LINK_DLL) $(OBJS) $(DEPLIBS)
- cd $(OBJLIBDIR); ln -s $(SO_NAME)$(SO_EXT) $(SO_NAME)$(SO_COREEXT)
- cd $(OBJLIBDIR); ln -s $(SO_NAME)$(SO_EXT) $(SO_NAME)$(SO_COREEXT).$(ADMSDK_SO_MAJORVERSION)
+ cd $(OBJLIBDIR); rm -f $(SO_NAME)$(SO_COREEXT); ln -s $(SO_NAME)$(SO_EXT) $(SO_NAME)$(SO_COREEXT)
+ cd $(OBJLIBDIR); rm -f $(SO_NAME)$(SO_COREEXT).$(ADMSDK_SO_MAJORVERSION); ln -s $(SO_NAME)$(SO_EXT) $(SO_NAME)$(SO_COREEXT).$(ADMSDK_SO_MAJORVERSION)
endif
endif
Index: psetcssl.c
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/psetcssl.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- psetcssl.c 20 Jul 2005 22:51:33 -0000 1.1.1.1
+++ psetcssl.c 11 May 2006 23:30:32 -0000 1.2
@@ -45,7 +45,6 @@
PsetHndl psethndl;
int ldapError, unbindF = 0;
-
if ((!ldapHost) || (ldapPort < 1) || (!sieDN)) {
/* set error code to SIEDN not available */
*errorcode = PSET_ARGS_ERROR;
@@ -53,34 +52,38 @@
}
/* Connect to the LDAP server */
-
- if (secure) ld = ldapssl_init(ldapHost, ldapPort, 1);
- else ld = ldap_init(ldapHost, ldapPort);
-
- /* authenticate to LDAP server*/
- if ((ldapError = ldap_simple_bind_s(ld, userDN, passwd))
- != LDAP_SUCCESS ) {
- switch (ldapError) {
- case LDAP_INAPPROPRIATE_AUTH:
- case LDAP_INVALID_CREDENTIALS:
- case LDAP_INSUFFICIENT_ACCESS:
- /* authenticate failed: Should not continue */
- /* ldap_perror( pset->ld, "ldap_simple_bind_s" ); */
- *errorcode = PSET_AUTH_FAIL;
- return NULL;
- case LDAP_NO_SUCH_OBJECT:
- case LDAP_ALIAS_PROBLEM:
- case LDAP_INVALID_DN_SYNTAX:
- /* Not a good DN */
- *errorcode = PSET_ENTRY_NOT_EXIST;
- return NULL;
- default:
- ldap_unbind(ld);
- unbindF = 0;
- ld = NULL;
+ if (NULL == passwd) { /* if passwd is not given, try info from client */
+ ADM_GetCurrentPassword(errorcode, &passwd);
+ }
+ if (NULL != passwd) { /* if passwd is not given, let's use cache data */
+ if (secure) ld = ldapssl_init(ldapHost, ldapPort, 1);
+ else ld = ldap_init(ldapHost, ldapPort);
+
+ /* authenticate to LDAP server*/
+ if ((ldapError = ldap_simple_bind_s(ld, userDN, passwd))
+ != LDAP_SUCCESS ) {
+ switch (ldapError) {
+ case LDAP_INAPPROPRIATE_AUTH:
+ case LDAP_INVALID_CREDENTIALS:
+ case LDAP_INSUFFICIENT_ACCESS:
+ /* authenticate failed: Should not continue */
+ /* ldap_perror( pset->ld, "ldap_simple_bind_s" ); */
+ *errorcode = PSET_AUTH_FAIL;
+ return NULL;
+ case LDAP_NO_SUCH_OBJECT:
+ case LDAP_ALIAS_PROBLEM:
+ case LDAP_INVALID_DN_SYNTAX:
+ /* Not a good DN */
+ *errorcode = PSET_ENTRY_NOT_EXIST;
+ return NULL;
+ default:
+ ldap_unbind(ld);
+ unbindF = 0;
+ ld = NULL;
+ }
}
+ else unbindF = 1;
}
- else unbindF = 1;
psethndl = psetFullLDAPImportRef(pseth,
ld,
@@ -89,12 +92,6 @@
filter,
unbindF,
errorcode, userDN, passwd);
- /*
- if (psethndl) {
- psetSetLDAPReferalInfo(psethndl, userDN, passwd);
- }
- */
-
return psethndl;
}
@@ -110,7 +107,7 @@
PR_IMPLEMENT(PsetHndl)
-psetCreateSSL(char* serverID, char* configRoot, char* userDN, char* passwd,
+psetCreateSSL(char* serverID, char* configRoot, char* user, char* passwd,
int* errorcode)
{
PsetHndl pset;
@@ -118,6 +115,7 @@
char *serverRoot = getenv("NETSITE_ROOT");
char path[PATH_MAX], *ldapHost=NULL, *sieDN, *bindPasswd = NULL;
char *secureStr = NULL;
+ char *userDN = NULL;
int ldapPort = 389, dummy, secure = 0;
ldapInfo = admldapBuildInfo(configRoot, errorcode);
@@ -152,13 +150,21 @@
}
/* Get SIE and password */
-
sieDN = admldapGetSIEDN(ldapInfo);
- if (!userDN) {
- userDN = sieDN;
+ if (!user) {
+ ADM_GetCurrentUsername(errorcode, &user);
+ }
+ /* if user is just attr val, get dn */
+ userDN = admldapGetUserDN(ldapInfo, user);
+ if (passwd) {
+ bindPasswd = passwd;
+ } else {
bindPasswd = admldapGetSIEPWD(ldapInfo);
+ if (!bindPasswd) {
+ passwd = bindPasswd; /* not to free bindPasswd */
+ ADM_GetCurrentPassword(errorcode, &bindPasswd);
+ }
}
- else bindPasswd = passwd;
if (configRoot)
PR_snprintf(path, sizeof(path), "%s%clocal.conf", configRoot, FILE_PATHSEP);
- Previous message (by thread): [Fedora-directory-commits] adminutil/lib/libadminutil Makefile, 1.7, 1.8 admutil.c, 1.3, 1.4 admutil_pvt.h, 1.1.1.1, 1.2 psetc.c, 1.2, 1.3 uginfo.c, 1.2, 1.3
- Next message (by thread): [Fedora-directory-commits] mod_admserv mod_admserv.c,1.22,1.23
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-directory-commits
mailing list