November 2005 - 389-commits - Fedora Mailing-Lists

[Fedora-directory-commits] adminserver/admserv/newinst/src ux-update.cc, 1.15, 1.16

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/newinst/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3710/adminserver/admserv/newinst/src Modified Files: ux-update.cc Log Message: Make sure the server uid owns the config directory and the other config files Index: ux-update.cc =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/ux-update.cc,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- ux-update.cc 17 Nov 2005 17:43:38 -0000 1.15 +++ ux-update.cc 18 Nov 2005 21:15:51 -0000 1.16 @@ -662,6 +662,10 @@ logUninstallInfo(sroot, "admin", "admin", dir); + /* make sure the config directory is owned by the ssuser */ + sprintf(tstr, "%s/admin-serv/config", sroot); + chown_file(SSuser, SSgroup, tstr); + /* * Write new admpw. */ @@ -713,6 +717,7 @@ fclose(f); logUninstallInfo(sroot, "admin", "admin", tstr); + chown_file(SSuser, SSgroup, tstr); sprintf(tstr, "chmod 640 %s/%s", sroot, DEFAULT_LDAPSWITCH); system(tstr); @@ -1199,6 +1204,7 @@ snprintf(src, sizeof(tstr), "%s/shared/config/template/nss.conf.tmpl", sroot); replaceTokensInFile(src, tstr, nssarray); chmod(tstr, S_IRUSR | S_IWUSR); + chown_file(SSuser, SSgroup, tstr); logUninstallInfo(sroot, "admin", "admin", tstr); snprintf(tstr, sizeof(tstr), "%s/admin-serv/config/console.conf", sroot);

18 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] adminserver/admserv/cgi-src40 sec-activate.c, 1.4, 1.5

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/cgi-src40 In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3686/adminserver/admserv/cgi-src40 Modified Files: sec-activate.c Log Message: Write changes to console.conf, not nss.conf Index: sec-activate.c =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/sec-activate.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- sec-activate.c 18 Aug 2005 18:59:03 -0000 1.4 +++ sec-activate.c 18 Nov 2005 21:15:03 -0000 1.5 @@ -656,7 +656,7 @@ /* change security parameters in server.xml, new for iWS6 */ if (strcmp(security, "off")==0) { - rv = update_conf("nss.conf", "NSSEngine", "off"); + rv = update_conf("console.conf", "NSSEngine", "off"); if (rv < 0) { rpt_err(APP_ERROR, NULL, getResourceString(DBT_SERVER_XML_MOD), NULL); } @@ -676,8 +676,8 @@ if (strlen(clientauth) == 0) { clientauth = (char*)"off"; } - rv = update_conf("nss.conf", "NSSEngine", "on"); - rv = update_conf("nss.conf", "NSSNickname", certnickname); + rv = update_conf("console.conf", "NSSEngine", "on"); + rv = update_conf("console.conf", "NSSNickname", certnickname); strcpy(protocols, ""); @@ -687,15 +687,15 @@ strcat(protocols, "SSLv3,TLSv1,"); protocols[strlen(protocols) - 1] = '\0'; /* remove trailing comma */ - rv = update_conf("nss.conf", "NSSProtocol", protocols); + rv = update_conf("console.conf", "NSSProtocol", protocols); snprintf(ciphers, BIG_LINE, "%s,%s", ssl2, ssl3); - rv = update_conf("nss.conf", "NSSCipherSuite", ciphers); + rv = update_conf("console.conf", "NSSCipherSuite", ciphers); if (!strcmp(clientauth, "on")) - rv = update_conf("nss.conf", "NSSVerifyClient", "require"); + rv = update_conf("console.conf", "NSSVerifyClient", "require"); else - rv = update_conf("nss.conf", "NSSVerifyClient", "none"); + rv = update_conf("console.conf", "NSSVerifyClient", "none"); if (rv < 0) { rpt_err(APP_ERROR, NULL, getResourceString(DBT_SERVER_XML_MOD), NULL);

18 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] adminserver/admserv/cfgstuff console.conf, 1.2, 1.3

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/cfgstuff In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3660/adminserver/admserv/cfgstuff Modified Files: console.conf Log Message: 1) default cert name is server-cert not Server-Cert 2) remove SSLv2 3) add "-" to the end of the cert/key db name prefix Index: console.conf =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cfgstuff/console.conf,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- console.conf 18 Aug 2005 18:58:18 -0000 1.2 +++ console.conf 18 Nov 2005 21:14:12 -0000 1.3 @@ -82,21 +82,21 @@ # SSL Certificate Nickname: # The nickname of the server certificate you are going to use. -NSSNickname Server-Cert +NSSNickname server-cert # Server Certificate Database: # The NSS security database directory that holds the certificates and # keys. The database consists of 3 files: cert8.db, key3.db and secmod.db. # Provide the directory that these files exist. NSSCertificateDatabase %%%sroot%%%/alias -NSSDBPrefix %%%instancename%%% +NSSDBPrefix %%%instancename%%%- # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_nss documentation for a complete list. NSSCipherSuite -des,-rc2export,+rc4export,+desede3,+rc4,-rc2,+rsa_rc2_40_md5,+rsa_rc4_128_md5,+rsa_3des_sha,+rsa_rc4_40_md5,+fips_des_sha,+fips_3des_sha,+rsa_des_sha,-rsa_null_md5 -NSSProtocol SSLv2,SSLv3,TLSv1 +NSSProtocol SSLv3,TLSv1 # Client Authentication (Type): # Client certificate verification type. Types are none, optional and

18 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] ldapserver/ldap/servers/slapd main.c, 1.8, 1.9

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3602/ldapserver/ldap/servers/slapd Modified Files: main.c Log Message: Move NSS/SSL initialization after the setuid so that key/cert/other nss related files are owned by the correct user, but make that happen before the detach so we can ask for the pin on the terminal. Index: main.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/main.c,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- main.c 17 Nov 2005 17:41:11 -0000 1.8 +++ main.c 18 Nov 2005 21:09:46 -0000 1.9 @@ -645,7 +645,7 @@ { int return_value = 0; slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); - daemon_ports_t arg = {0}; + daemon_ports_t ports_info = {0}; Slapi_Backend *be = NULL; int init_ssl; #ifndef __LP64__ @@ -882,54 +882,6 @@ #endif /* - * Detach ourselves from the terminal (unless running in debug mode). - * We must detach before we start any threads since detach forks() on - * UNIX. - */ - detach(); - - /* - * Now write our PID to the startup PID file. - * This is used by the start up script to determine our PID quickly - * after we fork, without needing to wait for the 'real' pid file to be - * written. That could take minutes. And the start script will wait - * that long looking for it. With this new 'early pid' file, it can avoid - * doing that, by detecting the pid and watching for the process exiting. - * This removes the blank stares all round from start-slapd when the server - * fails to start for some reason - */ - write_start_pid_file(); - - /* Make sure we aren't going to run slapd in - * a mode that is going to conflict with other - * slapd processes that are currently running - */ - if ((slapd_exemode != SLAPD_EXEMODE_REFERRAL) && - ( add_new_slapd_process(slapd_exemode, db2ldif_dump_replica, - skip_db_protect_check) == -1 )) { - LDAPDebug( LDAP_DEBUG_ANY, - "Shutting down due to possible conflicts with other slapd processes\n", - 0, 0, 0 ); - exit(1); - } - - - /* - * Now it is safe to log our first startup message. If we were to - * log anything earlier than now it would appear on the admin startup - * screen twice because before we detach everything is sent to both - * stderr and our error log. Yuck. - */ - if (1) { - char *versionstring = config_get_versionstring(); - char *buildnum = config_get_buildnum(); - LDAPDebug( LDAP_DEBUG_ANY, "%s B%s starting up\n", - versionstring, buildnum, 0 ); - slapi_ch_free((void **)&buildnum); - slapi_ch_free((void **)&versionstring); - } - - /* * After we read the config file we should make * sure that everything we needed to read in has * been read in and we'll start whatever threads, @@ -946,19 +898,19 @@ */ { - arg.n_port = (unsigned short)n_port; + ports_info.n_port = (unsigned short)n_port; if ( slapd_listenhost2addr( config_get_listenhost(), - &arg.n_listenaddr ) != 0 ) { + &ports_info.n_listenaddr ) != 0 ) { return(1); } - arg.s_port = (unsigned short)s_port; + ports_info.s_port = (unsigned short)s_port; if ( slapd_listenhost2addr( config_get_securelistenhost(), - &arg.s_listenaddr ) != 0 ) { + &ports_info.s_listenaddr ) != 0 ) { return(1); } - return_value = daemon_pre_setuid_init(&arg); + return_value = daemon_pre_setuid_init(&ports_info); if (0 != return_value) { LDAPDebug( LDAP_DEBUG_ANY, "Failed to init daemon\n", 0, 0, 0 ); @@ -1006,6 +958,62 @@ exit( 1 ); } + if ( init_ssl && ( 0 != slapd_ssl_init2(&ports_info.s_socket, 0) ) ) { + LDAPDebug(LDAP_DEBUG_ANY, + "ERROR: SSL Initialization phase 2 Failed.\n", 0, 0, 0 ); + exit( 1 ); + } + + /* + * Detach ourselves from the terminal (unless running in debug mode). + * We must detach before we start any threads since detach forks() on + * UNIX. + * Have to detach after ssl_init - the user may be prompted for the PIN + * on the terminal, so it must be open. + */ + detach(); + + /* + * Now write our PID to the startup PID file. + * This is used by the start up script to determine our PID quickly + * after we fork, without needing to wait for the 'real' pid file to be + * written. That could take minutes. And the start script will wait + * that long looking for it. With this new 'early pid' file, it can avoid + * doing that, by detecting the pid and watching for the process exiting. + * This removes the blank stares all round from start-slapd when the server + * fails to start for some reason + */ + write_start_pid_file(); + + /* Make sure we aren't going to run slapd in + * a mode that is going to conflict with other + * slapd processes that are currently running + */ + if ((slapd_exemode != SLAPD_EXEMODE_REFERRAL) && + ( add_new_slapd_process(slapd_exemode, db2ldif_dump_replica, + skip_db_protect_check) == -1 )) { + LDAPDebug( LDAP_DEBUG_ANY, + "Shutting down due to possible conflicts with other slapd processes\n", + 0, 0, 0 ); + exit(1); + } + + + /* + * Now it is safe to log our first startup message. If we were to + * log anything earlier than now it would appear on the admin startup + * screen twice because before we detach everything is sent to both + * stderr and our error log. Yuck. + */ + if (1) { + char *versionstring = config_get_versionstring(); + char *buildnum = config_get_buildnum(); + LDAPDebug( LDAP_DEBUG_ANY, "%s B%s starting up\n", + versionstring, buildnum, 0 ); + slapi_ch_free((void **)&buildnum); + slapi_ch_free((void **)&versionstring); + } + /* -sduloutre: compute_init() and entry_computed_attr_init() moved up */ if (slapd_exemode != SLAPD_EXEMODE_REFERRAL) { @@ -1143,7 +1151,7 @@ { time( &starttime ); - slapd_daemon(&arg); + slapd_daemon(&ports_info); } LDAPDebug( LDAP_DEBUG_ANY, "slapd stopped.\n", 0, 0, 0 ); reslimit_cleanup();

18 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] ldapserver/ldap/servers/slapd daemon.c, 1.6, 1.7

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3562/ldapserver/ldap/servers/slapd Modified Files: daemon.c Log Message: Move ssl init on the secure socket into main with the rest of the nss/ssl init Index: daemon.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/daemon.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- daemon.c 19 Apr 2005 22:07:36 -0000 1.6 +++ daemon.c 18 Nov 2005 21:07:38 -0000 1.7 @@ -406,8 +406,6 @@ #ifdef XP_WIN32 ports->s_socket_native = PR_FileDesc2NativeHandle(ports->s_socket); #endif - /* check if ports->s_socket != -1 ? */ - rc = slapd_ssl_init2 ( &ports->s_socket, 0 ); } else { ports->s_socket = SLAPD_INVALID_SOCKET; #ifdef XP_WIN32

18 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] mod_nss nss_pcache.c,1.7,1.8

by Doctor Conrad

Author: rcritten Update of /cvs/dirsec/mod_nss In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26699 Modified Files: nss_pcache.c Log Message: Fix command-line argument miscounting caused by the addition of the FIPS flag. The result was that the database prefix was always missed. Also check the return value of NSS_Initialize() and print and exit if the database is not opened. Index: nss_pcache.c =================================================================== RCS file: /cvs/dirsec/mod_nss/nss_pcache.c,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- nss_pcache.c 19 Aug 2005 21:42:20 -0000 1.7 +++ nss_pcache.c 18 Nov 2005 16:10:23 -0000 1.8 @@ -319,7 +319,12 @@ PK11_ConfigurePKCS11(NULL,NULL,NULL, INTERNAL_TOKEN_NAME, NULL, NULL,NULL,NULL,8,1); /* Initialize NSS and open the certificate database read-only. */ - rv = NSS_Initialize(argv[2], argc == 3 ? argv[3] : NULL, argc == 3 ? argv[3] : NULL, "secmod.db", NSS_INIT_READONLY); + rv = NSS_Initialize(argv[2], argc == 4 ? argv[3] : NULL, argc == 4 ? argv[3] : NULL, "secmod.db", NSS_INIT_READONLY); + + if (rv != SECSuccess) { + fprintf(stderr, "Unable to initialize NSS database: %d\n", rv); + exit(1); + } if (fipsmode) { if (!PK11_IsFIPS()) {

18 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] ldapserver/ldap/cm/newinst setup.patch, 1.2, 1.3

by Doctor Conrad

Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/cm/newinst In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28462 Modified Files: setup.patch Log Message: [173524] setup scripts retrieves incorrect adminid Fixed to get the adminid from the right place: adminpw setup.patch: Index: setup.patch =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/cm/newinst/setup.patch,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- setup.patch 25 Oct 2005 16:55:49 -0000 1.2 +++ setup.patch 17 Nov 2005 23:51:54 -0000 1.3 @@ -95,6 +95,12 @@ echo $rval } +getValFromAdmpw() { + cfile=$1 + rval=`head -1 $serverroot/admin-serv/config/$cfile | awk -F\: '{print $1}'` + echo $rval +} + dsinst=`getValFromAdminConf "ldapStart:" "adm.conf" | awk -F/ '{print $1}'` dsconffile=$serverroot/$dsinst/config/dse.ldif if [ ! -f $dsconffile ]; then @@ -197,7 +203,7 @@ ldaphost=`getValFromAdminConf "ldapHost:" "adm.conf"` ldapport=`getValFromAdminConf "ldapPort:" "adm.conf"` -siepid=`getValFromAdminConf "siepid:" "adm.conf"` +adminid=`getValFromAdmpw "admpw"` suitespotuser=`ls -l $dsconffile | awk '{print $3}'` suitespotgroup=`ls -l $dsconffile | awk '{print $4}'` admindomain=`echo $ldaphost | awk -F. '{if ($5) {print $2 "." $3 "." $4 "." $5} else if ($4) {print $2 "." $3 "." $4} else if ($3) {print $2 "." $3} else if ($2) {print $2} else {print ""}}'` @@ -215,11 +221,11 @@ echo "Administrator password is required. Here is your current information:" echo "" echo "Configuration Directory: ldap://$ldaphost:$ldapport/o=NetscapeRoot" -echo "Configuration Administrator ID: $siepid" +echo "Configuration Administrator ID: $adminid" echo "" echo "At the prompt, please enter the password for the Configuration Administrator." echo "" -echo "administrator ID: $siepid" +echo "administrator ID: $adminid" siepasswd="" while [ "$siepasswd" = "" ]; do printf "Password: " @@ -234,7 +240,7 @@ echo "SuitespotGroup= $suitespotgroup" >> $inffile echo "ServerRoot= $serverroot" >> $inffile echo "ConfigDirectoryLdapURL= ldap://$ldaphost:$ldapport/" >> $inffile -echo "ConfigDirectoryAdminID= $siepid" >> $inffile +echo "ConfigDirectoryAdminID= $adminid" >> $inffile echo "AdminDomain= $admindomain" >> $inffile echo "ConfigDirectoryAdminPwd= $siepasswd" >> $inffile echo "Components= slapd-71sp1" >> $inffile @@ -272,36 +278,41 @@ echo "$conffile: SSL on ..." } -for dir in `cat dssecure.txt` ; do - clear - if [ -f $dir/config/dse.ldif ]; then - security=`grep -i "^nsslapd-security:" $dir/config/dse.ldif | awk '{print $1}'` - $dir/stop-slapd - cat $dir/config/dse.ldif | sed -e "s/$$security$ .*/\1 on/g" > $dir/config/dse.ldif.0 - mv $dir/config/dse.ldif.0 $dir/config/dse.ldif - echo "$dir/config/dse.ldif: SSL on ..." - echo "Restarting Directory Server: $dir/start-slapd" - $dir/start-slapd - fi -done +if [ -f dssecure.txt ]; then + for dir in `cat dssecure.txt` ; do + clear + if [ -f $dir/config/dse.ldif ]; then + security=`grep -i "^nsslapd-security:" $dir/config/dse.ldif | awk '{print $1}'` + $dir/stop-slapd + cat $dir/config/dse.ldif | sed -e "s/$$security$ .*/\1 on/g" > $dir/config/dse.ldif.0 + mv $dir/config/dse.ldif.0 $dir/config/dse.ldif + echo "$dir/config/dse.ldif: SSL on ..." + echo "Restarting Directory Server: $dir/start-slapd" + $dir/start-slapd + fi + done + rm -f dssecure.txt +fi if [ $isadminsslon -ne 0 ]; then $serverroot/stop-admin fi -for confline in `cat assecure.txt` ; do - conffile=`echo $confline | awk -F= '{print $1}'` - confparam=`echo $confline | awk -F= '{print $2}'` - echo $conffile | grep "\.xml$" > /dev/null 2>&1 - rval=$? - if [ $rval -eq 0 ]; then - adminXmlSSLOn $conffile $confparam - else - adminSSLOn $conffile $confparam - fi -done +if [ -f assecure.txt ]; then + for confline in `cat assecure.txt` ; do + conffile=`echo $confline | awk -F= '{print $1}'` + confparam=`echo $confline | awk -F= '{print $2}'` + echo $conffile | grep "\.xml$" > /dev/null 2>&1 + rval=$? + if [ $rval -eq 0 ]; then + adminXmlSSLOn $conffile $confparam + else + adminSSLOn $conffile $confparam + fi + done + rm -f assecuire.txt +fi if [ $isadminsslon -ne 0 ]; then echo "Restarting Administration Server: $serverroot/start-admin" $serverroot/start-admin fi -rm -f dssecure.txt assecuire.txt

18 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] ldapserver/ldap/cm/newinst setup, 1.9.2.6, 1.9.2.7 setup.patch, 1.1.2.5, 1.1.2.6

by Doctor Conrad

Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/cm/newinst In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28347 Modified Files: Tag: Directory71RtmBranch setup setup.patch Log Message: [173524] setup scripts retrieves incorrect adminid Fixed to get the adminid from the right place: adminpw in the 2 setup scripts: one for rpm and another for the classic setup. Index: setup =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/cm/newinst/setup,v retrieving revision 1.9.2.6 retrieving revision 1.9.2.7 diff -u -r1.9.2.6 -r1.9.2.7 --- setup 27 Oct 2005 17:50:16 -0000 1.9.2.6 +++ setup 17 Nov 2005 23:29:42 -0000 1.9.2.7 @@ -137,6 +137,19 @@ echo $rval } +getValFromAdmpw() { + cfile=$1 + rval=`head -1 $sroot/admin-serv/config/$cfile | cut -f1 -d\:` + echo $rval +} + +getValFromInf() { + cattr=$1 + cfile=$2 + rval=`grep -i ^$cattr $cfile | head -1 | sed -e 's/^.*=[ ]*//'` + echo $rval +} + logfile=`doMktmp log` myargs= silent= @@ -365,7 +378,7 @@ ldaphost=`getValFromAdminConf "ldapHost:" "adm.conf"` ldapport=`getValFromAdminConf "ldapPort:" "adm.conf"` adminport=`getValFromAdminConf "\<port:" "adm.conf"` - siepid=`getValFromAdminConf "siepid:" "adm.conf"` + adminid=`getValFromAdmpw "admpw"` sysuser=`getValFromAdminConf "nsSuiteSpotUser:" "local.conf"` suitespotuser=`ls -l $sroot/$dsinst/config/dse.ldif | awk '{print $3}'` suitespotgroup=`ls -l $sroot/$dsinst/config/dse.ldif | awk '{print $4}'` @@ -378,11 +391,11 @@ echo "Administrator password is required. Here is your current information:" echo "" echo "Configuration Directory: ldap://$ldaphost:$ldapport/o=NetscapeRoot" - echo "Configuration Administrator ID: $siepid" + echo "Configuration Administrator ID: $adminid" echo "" echo "At the prompt, please enter the password for the Configuration Administrator." echo "" - echo "administrator ID: $siepid" + echo "administrator ID: $adminid" siepasswd="" while [ "$siepasswd" = "" ]; do printf "Password: " @@ -396,12 +409,12 @@ echo "SuitespotGroup= $suitespotgroup" >> $inffile echo "ServerRoot= $sroot" >> $inffile echo "ConfigDirectoryLdapURL= ldap://$ldaphost:$ldapport/o=NetscapeRoot" >> $inffile - echo "ConfigDirectoryAdminID= $siepid" >> $inffile + echo "ConfigDirectoryAdminID= $adminid" >> $inffile echo "AdminDomain= $admindomain" >> $inffile echo "ConfigDirectoryAdminPwd= $siepasswd" >> $inffile echo "" >> $inffile echo "[admin]" >> $inffile - echo "ServerAdminID= $siepid" >> $inffile + echo "ServerAdminID= $adminid" >> $inffile echo "ServerAdminPwd= $siepasswd" >> $inffile echo "SysUser= $sysuser" >> $inffile echo "Port= $adminport" >> $inffile @@ -508,6 +521,16 @@ sed -e "s/jvm.option=$.*$/jvm.option=\1 -Djava.compiler=NONE/" admin-serv/config/jvm12.conf > admin-serv/config/jvm12.tmp mv admin-serv/config/jvm12.tmp admin-serv/config/jvm12.conf +# get user, host, port for startconsole +adminport=`getValFromInf Port $inffile` +adminhost=`getValFromInf FullMachineName $inffile` +adminuser=`getValFromInf ConfigDirectoryAdminID $inffile` + +echo "" +echo "You can now use the console. Here is the command to use to start the console:" | tee -a $logfile +echo "cd $sroot" | tee -a $logfile +echo "./startconsole -u $adminuser -a http://$adminhost:$adminport/" | tee -a $logfile +echo"" echo "INFO Finished with setup, logfile is setup/setup.log" | tee -a $logfile if [ -f setup/setup.log ] ; then cat $logfile >> setup/setup.log @@ -527,4 +550,5 @@ fi rm -f $inffile fi + exit 0 setup.patch: Index: setup.patch =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/cm/newinst/setup.patch,v retrieving revision 1.1.2.5 retrieving revision 1.1.2.6 diff -u -r1.1.2.5 -r1.1.2.6 --- setup.patch 27 Oct 2005 17:50:16 -0000 1.1.2.5 +++ setup.patch 17 Nov 2005 23:29:42 -0000 1.1.2.6 @@ -95,6 +95,12 @@ echo $rval } +getValFromAdmpw() { + cfile=$1 + rval=`head -1 $serverroot/admin-serv/config/$cfile | awk -F\: '{print $1}'` + echo $rval +} + dsinst=`getValFromAdminConf "ldapStart:" "adm.conf" | awk -F/ '{print $1}'` dsconffile=$serverroot/$dsinst/config/dse.ldif if [ ! -f $dsconffile ]; then @@ -197,7 +203,7 @@ ldaphost=`getValFromAdminConf "ldapHost:" "adm.conf"` ldapport=`getValFromAdminConf "ldapPort:" "adm.conf"` -siepid=`getValFromAdminConf "siepid:" "adm.conf"` +adminid=`getValFromAdmpw "admpw"` suitespotuser=`ls -l $dsconffile | awk '{print $3}'` suitespotgroup=`ls -l $dsconffile | awk '{print $4}'` admindomain=`echo $ldaphost | awk -F. '{if ($5) {print $2 "." $3 "." $4 "." $5} else if ($4) {print $2 "." $3 "." $4} else if ($3) {print $2 "." $3} else if ($2) {print $2} else {print ""}}'` @@ -215,11 +221,11 @@ echo "Administrator password is required. Here is your current information:" echo "" echo "Configuration Directory: ldap://$ldaphost:$ldapport/o=NetscapeRoot" -echo "Configuration Administrator ID: $siepid" +echo "Configuration Administrator ID: $adminid" echo "" echo "At the prompt, please enter the password for the Configuration Administrator." echo "" -echo "administrator ID: $siepid" +echo "administrator ID: $adminid" siepasswd="" while [ "$siepasswd" = "" ]; do printf "Password: " @@ -234,7 +240,7 @@ echo "SuitespotGroup= $suitespotgroup" >> $inffile echo "ServerRoot= $serverroot" >> $inffile echo "ConfigDirectoryLdapURL= ldap://$ldaphost:$ldapport/" >> $inffile -echo "ConfigDirectoryAdminID= $siepid" >> $inffile +echo "ConfigDirectoryAdminID= $adminid" >> $inffile echo "AdminDomain= $admindomain" >> $inffile echo "ConfigDirectoryAdminPwd= $siepasswd" >> $inffile echo "Components= slapd-71sp1" >> $inffile

18 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] mod_restartd mod_restartd.c,1.3,1.4

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/mod_restartd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17680 Modified Files: mod_restartd.c Log Message: add the create CGI to the list of CGIs which mod_restartd is allowed to execute Index: mod_restartd.c =================================================================== RCS file: /cvs/dirsec/mod_restartd/mod_restartd.c,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- mod_restartd.c 2 Nov 2005 01:29:06 -0000 1.3 +++ mod_restartd.c 17 Nov 2005 17:44:44 -0000 1.4 @@ -839,7 +839,7 @@ } } - regcomp(&uriPat, "/.*/tasks/operation/(start|restart|stop|startconfigds)$", + regcomp(&uriPat, "/.*/tasks/operation/(start|restart|stop|startconfigds|create)$", REG_EXTENDED|REG_NOSUB|REG_ICASE); return OK;

18 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] adminserver/admserv/newinst/src ux-update.cc, 1.14, 1.15

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/adminserver/admserv/newinst/src In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17654/adminserver/admserv/newinst/src Modified Files: ux-update.cc Log Message: Admin server post install was core dumping in express mode because it did not have the apache root information. This information is obtained in the other install modes. The fix is to copy some code from the preinstaller that figures out the value of ApacheRoot from the Apache binary. Index: ux-update.cc =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/ux-update.cc,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- ux-update.cc 10 Nov 2005 01:12:59 -0000 1.14 +++ ux-update.cc 17 Nov 2005 17:43:38 -0000 1.15 @@ -209,6 +209,61 @@ return result; } +static char *get_value(char * file, char * attr) { + char cmd[1024]; + char buf[1024]; + FILE *fp; + + sprintf(cmd, "%s -V", file); + fp = popen(cmd, "r"); + + if (fp != NULL) { + char *x, *t; + while ((fgets(buf, sizeof(buf), fp)) > 0) { + x = (char *)strstr(buf, attr); + if (x) { + t = (char *)strtok(buf, "\""); + if (t) { + t = (char *)strtok(NULL, "\""); + if (t) { + pclose(fp); + return (char *)(strdup(t)); + } + } + } + } + } + pclose(fp); + return NULL; +} + +static NSString +findApacheRoot(const char *dir) +{ + char path[1024]; + char errMsg[SML_BUF]; + struct stat st; + char *v; + + snprintf(path, sizeof(path), "%s/httpd.worker", dir); + if (stat(path, &st) != 0) { + snprintf(path, sizeof(path), "%s/httpd", dir); + if (stat(path, &st) != 0) { + return NULL; + } + } + + v = get_value(path, "HTTPD_ROOT"); + if (v) { + sprintf(path, "%s/modules", v); + if (stat(path, &st) != 0) { + return NULL; + } + } + + return v; +} + void configTasks(const Ldap *ldap, const char *sroot, const char *sieDN) { @@ -490,12 +545,17 @@ s = adminInfo->get("SysUser"); strcpy(adminUser, s); - s = adminInfo->get("ApacheRoot"); - strcpy(apacheRoot, s); - s = adminInfo->get("ApacheDir"); strcpy(apacheDir, s); + s = adminInfo->get("ApacheRoot"); + if (!s) { + NSString ar = findApacheRoot(apacheDir); + strcpy(apacheRoot, (const char *)ar); + } else { + strcpy(apacheRoot, s); + } + snprintf(apacheBin, sizeof(apacheBin), "%s/httpd.worker", apacheDir); if (stat(apacheBin, &st) != 0) { snprintf(apacheBin, sizeof(apacheBin), "%s/httpd", apacheDir);

18 years, 5 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-commits November 2005