[Fedora-directory-commits] adminserver/admserv/cgi-src40 download.c, 1.5, 1.6 sec-activate.c, 1.6, 1.7
Noriko Hosoi (nhosoi)
fedora-directory-commits at redhat.com
Fri May 12 00:41:32 UTC 2006
Author: nhosoi
Update of /cvs/dirsec/adminserver/admserv/cgi-src40
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20170/admserv/cgi-src40
Modified Files:
download.c sec-activate.c
Log Message:
[161099] admin passwd in clear text in adm.conf
1) ns-update (ux-update.cc) stops storing admin password (siepid) in adm.conf.
And by calling psetCreate, it generates the local cache file local.conf in
the post install phase.
2) ns-update links with adminutil and its dependent components.
ns-update has RPATH pointing the components' location.
3) got rid of the code retrieving the admin password from adm.conf from
ns-config (ux-config.cc) and ns-remove (ux-remove.cc). Both has the info
input by the user.
4) CGI debug (download.c)
Index: download.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/download.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- download.c 31 Mar 2006 22:58:20 -0000 1.5
+++ download.c 12 May 2006 00:41:29 -0000 1.6
@@ -147,7 +147,7 @@
continue;
/* check if this is a dir and has an executable */
- safe_snprintf(&(path[baselen]), sizeof(path), "%c%s", FILE_SEP, dir_name(ep1));
+ safe_snprintf(&(path[baselen]), sizeof(path) - baselen, "%c%s", FILE_SEP, dir_name(ep1));
if (!(dp2 = dir_open(path)))
continue;
@@ -185,6 +185,8 @@
char *acceptLanguage = NULL;
char *loc;
+ memset(platforms, 0, MAX_NUM_DOWNLOADS * sizeof(char *));
+ memset(paths, 0, MAX_NUM_DOWNLOADS * sizeof(char *));
count = populate_download_menu(platforms, paths);
has_dsgw = dsgw_exists();
Index: sec-activate.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/sec-activate.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sec-activate.c 31 Mar 2006 22:58:20 -0000 1.6
+++ sec-activate.c 12 May 2006 00:41:29 -0000 1.7
@@ -107,14 +107,14 @@
rv = psetAddSingleValueAttribute(pset, name, value);
if(rv != PSET_OP_OK)
rpt_err(APP_ERROR, getResourceString(DBT_GENERIC_PSET_FAILURE),
- getResourceString(DBT_PSET_ATTR_CREATE), NULL);
+ getResourceString(DBT_PSET_ATTR_CREATE), NULL);
}
else {
/* modify entry */
rv = psetSetSingleValueAttr(pset, name, value);
if(rv != PSET_OP_OK)
rpt_err(APP_ERROR, getResourceString(DBT_GENERIC_PSET_FAILURE),
- getResourceString(DBT_PSET_ATTR_MODIFY), NULL);
+ getResourceString(DBT_PSET_ATTR_MODIFY), NULL);
}
}
@@ -230,8 +230,8 @@
strcpy(temp_return, "");
val = psetGetAttrSingleValue(pset,
- "configuration.nsServerSecurity",
- &errorCode);
+ "configuration.nsServerSecurity",
+ &errorCode);
if(val)
PR_snprintf(temp, sizeof(temp), "security=%s\n", val);
else
@@ -246,28 +246,28 @@
token = NULL;
personality = NULL;
- PR_snprintf(family_attribute, sizeof(family_attribute), "%s.nsSSLActivation", *family);
+ PR_snprintf(family_attribute, sizeof(family_attribute), "%s.nsSSLActivation", *family);
val = psetGetAttrSingleValue(pset,
- family_attribute,
- &errorCode);
+ family_attribute,
+ &errorCode);
PR_snprintf(family_attribute, sizeof(family_attribute), "%s.nsSSLToken", *family);
token = psetGetAttrSingleValue(pset,
- family_attribute,
- &errorCode);
+ family_attribute,
+ &errorCode);
PR_snprintf(family_attribute, sizeof(family_attribute), "%s.nsSSLPersonalityssl", *family);
personality = psetGetAttrSingleValue(pset,
- family_attribute,
- &errorCode);
+ family_attribute,
+ &errorCode);
if((!val) || (!token) || (!personality)) {
- PL_strcatn(temp_return, sizeof(temp_return), "familyList=NULL\n");
- *return_string = PORT_Strdup(temp_return);
- return -1;
+ PL_strcatn(temp_return, sizeof(temp_return), "familyList=NULL\n");
+ *return_string = PORT_Strdup(temp_return);
+ return -1;
}
family_name = strrchr(*family, '.');
family_name++;
-
+
PR_snprintf(temp, sizeof(temp), "familyList=%s\n", family_name);
PL_strcatn(temp_return, sizeof(temp_return), temp);
@@ -287,8 +287,8 @@
val = NULL;
val = psetGetAttrSingleValue(pset,
- "configuration.encryption.nsSSL2",
- &errorCode);
+ "configuration.encryption.nsSSL2",
+ &errorCode);
PL_strcatn(temp_return, sizeof(temp_return), "ssl2-activated=");
if(val)
PL_strcatn(temp_return, sizeof(temp_return), val);
@@ -296,8 +296,8 @@
val = NULL;
val = psetGetAttrSingleValue(pset,
- "configuration.encryption.nsSSL2Ciphers",
- &errorCode);
+ "configuration.encryption.nsSSL2Ciphers",
+ &errorCode);
PL_strcatn(temp_return, sizeof(temp_return), "ssl2=");
if(val)
PL_strcatn(temp_return, sizeof(temp_return), val);
@@ -305,8 +305,8 @@
val = NULL;
val = psetGetAttrSingleValue(pset,
- "configuration.encryption.nsSSL3",
- &errorCode);
+ "configuration.encryption.nsSSL3",
+ &errorCode);
PL_strcatn(temp_return, sizeof(temp_return), "ssl3-activated=");
if(val)
PL_strcatn(temp_return, sizeof(temp_return), val);
@@ -314,8 +314,8 @@
val = NULL;
val = psetGetAttrSingleValue(pset,
- "configuration.encryption.nsSSL3Ciphers",
- &errorCode);
+ "configuration.encryption.nsSSL3Ciphers",
+ &errorCode);
PL_strcatn(temp_return, sizeof(temp_return), "ssl3=");
if(val)
PL_strcatn(temp_return, sizeof(temp_return), val);
@@ -323,8 +323,8 @@
val = NULL;
val = psetGetAttrSingleValue(pset,
- "configuration.encryption.nsSSLClientAuth",
- &errorCode);
+ "configuration.encryption.nsSSLClientAuth",
+ &errorCode);
PL_strcatn(temp_return, sizeof(temp_return), "clientauth=");
if(val)
PL_strcatn(temp_return, sizeof(temp_return), val);
@@ -343,10 +343,10 @@
*/
int SetSSLFamilyAttributes(PsetHndl pset, family_input *family_head,
- char *ssl2,
- char *ssl3,
- char *ssl2_act,
- char *ssl3_act) {
+ char *ssl2,
+ char *ssl3,
+ char *ssl2_act,
+ char *ssl3_act) {
family_input *family_ptr = family_head;
family_input *delete_ptr;
@@ -361,39 +361,39 @@
while(family_ptr != NULL) {
PR_snprintf(family_sie_entry, sizeof(family_sie_entry),
- "configuration.encryption.%s",
- family_ptr->family_name);
+ "configuration.encryption.%s",
+ family_ptr->family_name);
if((rv = psetCheckAttribute(pset, family_sie_entry)) == PSET_OP_FAIL) {
/* family entry doesn't exist, create it */
/* create encryption first if it doesn't exist */
if((rv2 = psetCheckAttribute(pset, "configuration.encryption")) == PSET_OP_FAIL)
- {
+ {
- AttrNameList list_name2;
- AttributeList initlist2;
- list_name2 = createAttrNameList(1);
- addName(list_name2, 0, "nsEncryptionConfig");
- initlist2 = createAttributeList(9);
- addSingleValueAttribute(initlist2, 0, "nsCertfile", "blank");
- addSingleValueAttribute(initlist2, 1, "nsKeyfile", "blank");
- addSingleValueAttribute(initlist2, 2, "nsSSL2", "off"); /* by default */
- addSingleValueAttribute(initlist2, 3, "nsSSL3", "off"); /* by default */
- addSingleValueAttribute(initlist2, 4, "nsSSLSessionTimeout", "0");
- addSingleValueAttribute(initlist2, 5, "nsSSL3SessionTimeout", "0");
- addSingleValueAttribute(initlist2, 6, "nsSSLClientAuth", "off"); /* hardcoded for now */
- addSingleValueAttribute(initlist2, 7, "nsSSL2Ciphers", "blank");
- addSingleValueAttribute(initlist2, 8, "nsSSL3Ciphers", "blank");
-
- if(psetAddEntry(pset, "configuration", "encryption", list_name2, initlist2) != PSET_OP_OK) {
- rpt_err(APP_ERROR, getResourceString(DBT_GENERIC_PSET_FAILURE),
- getResourceString(DBT_PSET_ATTR_CREATE), NULL);
- }
- }
+ AttrNameList list_name2;
+ AttributeList initlist2;
+ list_name2 = createAttrNameList(1);
+ addName(list_name2, 0, "nsEncryptionConfig");
+ initlist2 = createAttributeList(9);
+ addSingleValueAttribute(initlist2, 0, "nsCertfile", "blank");
+ addSingleValueAttribute(initlist2, 1, "nsKeyfile", "blank");
+ addSingleValueAttribute(initlist2, 2, "nsSSL2", "off"); /* by default */
+ addSingleValueAttribute(initlist2, 3, "nsSSL3", "off"); /* by default */
+ addSingleValueAttribute(initlist2, 4, "nsSSLSessionTimeout", "0");
+ addSingleValueAttribute(initlist2, 5, "nsSSL3SessionTimeout", "0");
+ addSingleValueAttribute(initlist2, 6, "nsSSLClientAuth", "off"); /* hardcoded for now */
+ addSingleValueAttribute(initlist2, 7, "nsSSL2Ciphers", "blank");
+ addSingleValueAttribute(initlist2, 8, "nsSSL3Ciphers", "blank");
+
+ if(psetAddEntry(pset, "configuration", "encryption", list_name2, initlist2) != PSET_OP_OK) {
+ rpt_err(APP_ERROR, getResourceString(DBT_GENERIC_PSET_FAILURE),
+ getResourceString(DBT_PSET_ATTR_CREATE), NULL);
+ }
+ }
else if(rv2 == PSET_ATTR_EXIST)
- /* it exists, but as an attribute?! */
- rpt_err(APP_ERROR, getResourceString(DBT_GENERIC_PSET_FAILURE),
- getResourceString(DBT_PSET_INV_ATTR), NULL);
+ /* it exists, but as an attribute?! */
+ rpt_err(APP_ERROR, getResourceString(DBT_GENERIC_PSET_FAILURE),
+ getResourceString(DBT_PSET_INV_ATTR), NULL);
list_name = createAttrNameList(1);
addName(list_name, 0, "nsEncryptionModule");
@@ -403,14 +403,14 @@
addSingleValueAttribute(initlist, 2, "nsSSLActivation", "blank");
if(psetAddEntry(pset, "configuration.encryption", family_ptr->family_name, list_name, initlist) != PSET_OP_OK) {
- rpt_err(APP_ERROR, getResourceString(DBT_GENERIC_PSET_FAILURE),
- getResourceString(DBT_PSET_ATTR_CREATE), NULL);
+ rpt_err(APP_ERROR, getResourceString(DBT_GENERIC_PSET_FAILURE),
+ getResourceString(DBT_PSET_ATTR_CREATE), NULL);
}
}
else if(rv == PSET_ATTR_EXIST)
/* it exists, but as an attribute?! */
rpt_err(APP_ERROR, getResourceString(DBT_GENERIC_PSET_FAILURE),
- getResourceString(DBT_PSET_INV_ATTR), NULL);
+ getResourceString(DBT_PSET_INV_ATTR), NULL);
PR_snprintf(family_token_attr, sizeof(family_token_attr), "%s.nsSSLToken", family_sie_entry);
PR_snprintf(family_cert_attr, sizeof(family_cert_attr), "%s.nsSSLPersonalityssl", family_sie_entry);
@@ -473,7 +473,6 @@
char *username = 0;
char *localAdmin = 0;
char *binddn = 0;
- char *bindpw = 0;
char *security = NULL;
char *ssl2 = NULL;
@@ -513,7 +512,6 @@
acceptLanguage = "en";
if (lang) acceptLanguage = strdup(lang);
-
/* Initialize PSET for reading/writing */
/* Get UserDN and User Password */
@@ -526,29 +524,26 @@
/* No DN, maybe it is local super */
localAdmin = admGetLocalAdmin(NULL, &rv);
if (localAdmin) {
- if (PORT_Strcmp(username, localAdmin))
- rpt_err(ELEM_MISSING, getResourceString(DBT_PSET_INIT_NO_USERDN), NULL, NULL);
- else {
- binddn = NULL;
- bindpw = NULL;
- }
+ if (PORT_Strcmp(username, localAdmin))
+ rpt_err(ELEM_MISSING, getResourceString(DBT_PSET_INIT_NO_USERDN), NULL, NULL);
+ else {
+ binddn = NULL;
+ }
}
else
- rpt_err(ELEM_MISSING, getResourceString(DBT_PSET_INIT_NO_USERDN), NULL, NULL);
+ rpt_err(ELEM_MISSING, getResourceString(DBT_PSET_INIT_NO_USERDN), NULL, NULL);
}
}
- if (binddn) rv = ADM_GetCurrentPassword(&err, &bindpw);
-
if(!method || !*method) {
/* non-UI CGI - can't call ADMSSL_InitSimple() */
server_root = strdup(argv[1]);
if(server_root[strlen(server_root)-1] == FILE_PATHSEP)
server_root[strlen(server_root)-1] = '\0';
PR_snprintf(admroot, sizeof(admroot), "%s%cadmin-serv%cconfig",
- server_root,
- FILE_PATHSEP,
- FILE_PATHSEP);
+ server_root,
+ FILE_PATHSEP,
+ FILE_PATHSEP);
ldapInfo = admldapBuildInfoCbk(admroot, pwdCbk, &rv);
@@ -565,9 +560,9 @@
else {
server_root = getenv("NETSITE_ROOT");
PR_snprintf(admroot, sizeof(admroot), "%s%cadmin-serv%cconfig",
- server_root,
- FILE_PATHSEP,
- FILE_PATHSEP);
+ server_root,
+ FILE_PATHSEP,
+ FILE_PATHSEP);
rv = ADMSSL_InitSimple();
if (rv) {
rpt_err(APP_ERROR, getResourceString(DBT_ADMSSL_INIT_FAIL), NULL, NULL);
@@ -577,10 +572,10 @@
/* Initialize the pset */
pset = psetCreateSSL("admin-serv",
- admroot,
- /* userDN */ NULL,
- /* passwd */ NULL,
- /* errorcode */ &rv);
+ admroot,
+ /* userDN */ NULL,
+ /* passwd */ NULL,
+ /* errorcode */ &rv);
if (!pset)
rpt_err(APP_ERROR, getResourceString(DBT_PSET_CREATE_FAIL), NULL, NULL);
@@ -654,7 +649,7 @@
if (strcmp(security, "off")==0) {
rv = update_conf("console.conf", "NSSEngine", "off");
if (rv < 0) {
- rpt_err(APP_ERROR, NULL, getResourceString(DBT_SERVER_XML_MOD), NULL);
+ rpt_err(APP_ERROR, NULL, getResourceString(DBT_SERVER_XML_MOD), NULL);
}
}
else if (strcmp(security, "on")==0) {
@@ -663,12 +658,12 @@
char ciphers[BIG_LINE];
if (get_cert_nickname(certnickname, sizeof(certnickname)) < 0) {
- char * scratch = PR_smprintf(getResourceString(DBT_CGI_MISSING_ARGS), certnickname);
- rpt_err(ELEM_MISSING, NULL, scratch, NULL);
- PR_smprintf_free(scratch); /* never executed */
+ char * scratch = PR_smprintf(getResourceString(DBT_CGI_MISSING_ARGS), certnickname);
+ rpt_err(ELEM_MISSING, NULL, scratch, NULL);
+ PR_smprintf_free(scratch); /* never executed */
}
if (strlen(clientauth) == 0) {
- clientauth = (char*)"off";
+ clientauth = (char*)"off";
}
rv = update_conf("console.conf", "NSSEngine", "on");
rv = update_conf("console.conf", "NSSNickname", certnickname);
@@ -693,7 +688,7 @@
rv = update_conf("console.conf", "NSSVerifyClient", "none");
if (rv < 0) {
- rpt_err(APP_ERROR, NULL, getResourceString(DBT_SERVER_XML_MOD), NULL);
+ rpt_err(APP_ERROR, NULL, getResourceString(DBT_SERVER_XML_MOD), NULL);
}
} else {
rpt_err(INCORRECT_USAGE, getResourceString(DBT_CGI_INVALID_ARGS), NULL, NULL);
More information about the Fedora-directory-commits
mailing list