[Fedora-directory-commits] ldapserver/ldap/servers/slapd libglobs.c, 1.34, 1.35 slapi-private.h, 1.34, 1.35 ssl.c, 1.23, 1.24
Noriko Hosoi
nhosoi at fedoraproject.org
Thu Feb 5 17:34:59 UTC 2009
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4758
Modified Files:
libglobs.c slapi-private.h ssl.c
Log Message:
Resolves: #484149
Summary: Clear directory manager password with password storage scheme other
than clear crashes the server
Description:
1) introducing a flag (_nss_initialized) and an API (slapd_nss_is_initialized)
to represent NSS_Initialize is called or not.
2) in config_set_rootpw, if the directory manager's password is given unhashed,
check if NSS is already initialized and the directory manager's password
storage scheme is clear or not. If NSS is not initialized and if the storage
scheme is not CLEAR, report it and return an error LDAP_PARAM_ERROR.
Index: libglobs.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/libglobs.c,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- libglobs.c 5 Dec 2008 22:41:52 -0000 1.34
+++ libglobs.c 5 Feb 2009 17:34:56 -0000 1.35
@@ -2501,12 +2501,20 @@
is_hashed = pw_val2scheme ( value, NULL, 0 );
if ( is_hashed ) {
- slapdFrontendConfig->rootpw = slapi_ch_strdup ( value );
- free_pw_scheme(is_hashed);
- }
- else {
- /* pwd enc func returns slapi_ch_malloc memory */
- slapdFrontendConfig->rootpw = (slapdFrontendConfig->rootpwstoragescheme->pws_enc)(value);
+ slapdFrontendConfig->rootpw = slapi_ch_strdup ( value );
+ free_pw_scheme(is_hashed);
+ } else if (slapd_nss_is_initialized() ||
+ (strcasecmp(slapdFrontendConfig->rootpwstoragescheme->pws_name,
+ "clear") == 0)) {
+ /* to hash, security library should have been initialized, by now */
+ /* pwd enc func returns slapi_ch_malloc memory */
+ slapdFrontendConfig->rootpw = (slapdFrontendConfig->rootpwstoragescheme->pws_enc)(value);
+ } else {
+ PR_snprintf ( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
+ "%s: password scheme mismatch (passwd scheme is %s; "
+ "password is clear text)", attrname,
+ slapdFrontendConfig->rootpwstoragescheme->pws_name);
+ retVal = LDAP_PARAM_ERROR;
}
CFG_UNLOCK_WRITE(slapdFrontendConfig);
Index: slapi-private.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/slapi-private.h,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- slapi-private.h 21 Jan 2009 00:00:32 -0000 1.34
+++ slapi-private.h 5 Feb 2009 17:34:56 -0000 1.35
@@ -1107,6 +1107,7 @@
/* Client SSL code */
int slapd_security_library_is_initialized( void );
+int slapd_nss_is_initialized( void );
char* slapd_get_tmp_dir( void );
/* util.c */
Index: ssl.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/ssl.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- ssl.c 28 Jan 2009 21:59:41 -0000 1.23
+++ ssl.c 5 Feb 2009 17:34:56 -0000 1.24
@@ -87,6 +87,7 @@
static int _security_library_initialized = 0;
static int _ssl_listener_initialized = 0;
+static int _nss_initialized = 0;
/* Our name for the internal token, must match PKCS-11 config data below */
static char *internalTokenName = "Internal (Software) Token";
@@ -469,6 +470,7 @@
/****** end of NSS Initialization ******/
+ _nss_initialized = 1;
slapi_ch_free_string(&certdir);
return rv;
}
@@ -1243,6 +1245,12 @@
return _ssl_listener_initialized;
}
+int
+slapd_nss_is_initialized()
+{
+ return _nss_initialized;
+}
+
/* memory to store tmpdir is allocated and returned; caller should free it. */
char* slapd_get_tmp_dir()
{
More information about the Fedora-directory-commits
mailing list