[Fedora-directory-commits] adminutil/include/libadmsslutil admsslutil.h, 1.3, 1.4 srvutilssl.h, 1.2, 1.3

Richard Allen Megginson (rmeggins) fedora-directory-commits at redhat.com
Tue May 8 19:13:27 UTC 2007 

Author: rmeggins

Update of /cvs/dirsec/adminutil/include/libadmsslutil
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19482/adminutil/include/libadmsslutil

Modified Files:
	admsslutil.h srvutilssl.h 
Log Message:
Resolves: bug 239475
Bug Description: adminutil: Several admin server related bugs
Reviewed by: nhosoi (Thanks!)
Fix Description:
1) I needed a function to return the SIE DN given a server ID (e.g. return
cn=slapd-localhost, cn=..... given slapd-localhost).  This is to avoid lots of
duplicate code in the admin server CGIs.  There is an SSL version as well.  Create non-ssl and ssl function to find the SIE DN given the SIE ID.  Change pset code to use these new functions
2) Need to be able to force NSS initialization via ADMSSL_Init*.  There were a couple of places where admin server would perform a SHA hash using homegrown code.  This has been removed in favor of using NSS.  ADMSSL_Init* would fail if
not configured for SSL, so we need to force it to initialize NSS even if SSL is
not configured.  Change the ADMSSL_Init* routines to accept a force parameter. If this parameter is true, force NSS_Initialize even if the adminutil is not configured for SSL.  Changed code that uses ADMSSL_Init* to use this new parameter.3) PSET attribute removal is just broken.  It corrupts the internal tree structure used to hold the attr/values.  The pset node removal code needed to set the node->left or ->right to NULL only after freeing it.  Fortunately this function is hardly used at all. 4) small memory leak in form_post.c - not a big deal as this is only used by
CGIs which usually don't free() anyway but just exit() to release their memory.  free memory after use
Resolves: bug 239475
Bug Description: adminutil: Several admin server related bugs
Reviewed by: nhosoi (Thanks!)
Fix Description:
1) I needed a function to return the SIE DN given a server ID (e.g. return
cn=slapd-localhost, cn=..... given slapd-localhost).  This is to avoid lots of
duplicate code in the admin server CGIs.  There is an SSL version as well.  Create non-ssl and ssl function to find the SIE DN given the SIE ID.  Change pset code to use these new functions
2) Need to be able to force NSS initialization via ADMSSL_Init*.  There were a couple of places where admin server would perform a SHA hash using homegrown code.  This has been removed in favor of using NSS.  ADMSSL_Init* would fail if
not configured for SSL, so we need to force it to initialize NSS even if SSL is
not configured.  Change the ADMSSL_Init* routines to accept a force parameter. If this parameter is true, force NSS_Initialize even if the adminutil is not configured for SSL.  Changed code that uses ADMSSL_Init* to use this new parameter.3) PSET attribute removal is just broken.  It corrupts the internal tree structure used to hold the attr/values.  The pset node removal code needed to set the node->left or ->right to NULL only after freeing it.  Fortunately this function is hardly used at all. 4) small memory leak in form_post.c - not a big deal as this is only used by
CGIs which usually don't free() anyway but just exit() to release their memory.  free memory after use
Resolves: bug 239475
Bug Description: adminutil: Several admin server related bugs
Reviewed by: nhosoi (Thanks!)
Fix Description:
1) I needed a function to return the SIE DN given a server ID (e.g. return
cn=slapd-localhost, cn=..... given slapd-localhost).  This is to avoid lots of
duplicate code in the admin server CGIs.  There is an SSL version as well.  Create non-ssl and ssl function to find the SIE DN given the SIE ID.  Change pset code to use these new functions
2) Need to be able to force NSS initialization via ADMSSL_Init*.  There were a couple of places where admin server would perform a SHA hash using homegrown code.  This has been removed in favor of using NSS.  ADMSSL_Init* would fail if
not configured for SSL, so we need to force it to initialize NSS even if SSL is
not configured.  Change the ADMSSL_Init* routines to accept a force parameter. If this parameter is true, force NSS_Initialize even if the adminutil is not configured for SSL.  Changed code that uses ADMSSL_Init* to use this new parameter.3) PSET attribute removal is just broken.  It corrupts the internal tree structure used to hold the attr/values.  The pset node removal code needed to set the node->left or ->right to NULL only after freeing it.  Fortunately this function is hardly used at all. 4) small memory leak in form_post.c - not a big deal as this is only used by
CGIs which usually don't free() anyway but just exit() to release their memory.  free memory after use
5) small memory error in the new code in resource.c - does not affect any
released code.  Make sure the buffer is correctly null terminated.  Also, clean up a small memory leak.
6) small memory leaks in various places in uginfo.c - also changed some code to
use PR_smprintf instead of fixed size buffers.  Fixed memory leaks.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no



Index: admsslutil.h
===================================================================
RCS file: /cvs/dirsec/adminutil/include/libadmsslutil/admsslutil.h,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- admsslutil.h	4 Apr 2007 19:37:46 -0000	1.3
+++ admsslutil.h	8 May 2007 19:13:25 -0000	1.4
@@ -55,13 +55,13 @@
 				 int* error_code);
 
 
-void MC_sslSecmodInit(char *path);
-
+/* force means init NSS even if SSL is not being used - for hashing, etc. */
 PR_IMPLEMENT(int)
-ADMSSL_Init(AdmldapInfo info, char *securitydir);
+ADMSSL_Init(AdmldapInfo info, char *securitydir, int force);
 
+/* force means init NSS even if SSL is not being used - for hashing, etc. */
 PR_IMPLEMENT(int)
-ADMSSL_InitSimple(char *configdir, char *securitydir);
+ADMSSL_InitSimple(char *configdir, char *securitydir, int force);
 
 char *ADM_GetPassword(char *prompt);
 
@@ -70,7 +70,6 @@
 #endif
 
 void set_security(PsetHndl pset, 
-		  char *securitydir, /* where security files (key/cert db) may be found */
 		  char *configdir, /* where config files may be found */
           char *security); /* on or off */
 


Index: srvutilssl.h
===================================================================
RCS file: /cvs/dirsec/adminutil/include/libadmsslutil/srvutilssl.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- srvutilssl.h	6 Dec 2005 18:38:37 -0000	1.2
+++ srvutilssl.h	8 May 2007 19:13:25 -0000	1.3
@@ -38,6 +38,10 @@
 PR_IMPLEMENT(AttributeList)
 getInstalledServerDNListSSL(AdmldapInfo info);
 
+/* return the SIE DN for the given server */
+PR_IMPLEMENT(char *)
+findSIEDNByIDSSL(AdmldapInfo info, const char *serverID);
+
 #ifdef __cplusplus
 }
 #endif

More information about the Fedora-directory-commits mailing list