[Fedora-directory-devel] Please review: Bug 245369: mod_admserv: Task cache refresh uses wrong credentials
Richard Megginson
rmeggins at redhat.com
Fri Jun 22 21:12:46 UTC 2007
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245369
Resolves: bug 245369
Bug Description: mod_admserv: Task cache refresh uses wrong credentials
Reviewed by: ???
Files: see diff
Branch: HEAD
Fix Description: When the user requests a Task url, the admin server first
figures out which server instance (or product) the request is for, then
checks
to see if it has seen that server or product before. If not, it uses the
function sync_task_sie_data() to read the task data from the SIEs and ISIEs.
However, it needs to use the credentials of the currently authenticated user
to do so, because the tasks are protected by ACIs, and the user should
only be
allowed to read those tasks the user has access to. The interface to read
these tasks is not great. It expects the SIE is a user with a password, and
it attempts to bind as that user, instead of the currently authenticated
user.
I had to hack it to force it to use the current userdn and password instead
of the SIE DN and SIE password.
The SIE DN and password are now deprecated for binding. There were a couple
of places where the SIE was used for both the bind DN and the SIE DN. I've
created another structure member for the admservSieDN for use as the SIE
(the
configuration base DN) instead of as a bind DN, and deprecated the use
of the
SIE as the bind DN elsewhere in the code.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=157632&action=diff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20070622/92ca591c/attachment.bin>
More information about the Fedora-directory-devel
mailing list