[Fedora-directory-commits] adminserver/admserv/newinst/src ux-update.cc, 1.15, 1.16
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/newinst/src
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3710/adminserver/admserv/newinst/src
Modified Files:
ux-update.cc
Log Message:
Make sure the server uid owns the config directory and the other config files
Index: ux-update.cc
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/ux-update.cc,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- ux-update.cc 17 Nov 2005 17:43:38 -0000 1.15
+++ ux-update.cc 18 Nov 2005 21:15:51 -0000 1.16
@@ -662,6 +662,10 @@
logUninstallInfo(sroot, "admin", "admin", dir);
+ /* make sure the config directory is owned by the ssuser */
+ sprintf(tstr, "%s/admin-serv/config", sroot);
+ chown_file(SSuser, SSgroup, tstr);
+
/*
* Write new admpw.
*/
@@ -713,6 +717,7 @@
fclose(f);
logUninstallInfo(sroot, "admin", "admin", tstr);
+ chown_file(SSuser, SSgroup, tstr);
sprintf(tstr, "chmod 640 %s/%s", sroot, DEFAULT_LDAPSWITCH);
system(tstr);
@@ -1199,6 +1204,7 @@
snprintf(src, sizeof(tstr), "%s/shared/config/template/nss.conf.tmpl", sroot);
replaceTokensInFile(src, tstr, nssarray);
chmod(tstr, S_IRUSR | S_IWUSR);
+ chown_file(SSuser, SSgroup, tstr);
logUninstallInfo(sroot, "admin", "admin", tstr);
snprintf(tstr, sizeof(tstr), "%s/admin-serv/config/console.conf", sroot);
18 years, 5 months
[Fedora-directory-commits] adminserver/admserv/cgi-src40 sec-activate.c, 1.4, 1.5
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/cgi-src40
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3686/adminserver/admserv/cgi-src40
Modified Files:
sec-activate.c
Log Message:
Write changes to console.conf, not nss.conf
Index: sec-activate.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/sec-activate.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- sec-activate.c 18 Aug 2005 18:59:03 -0000 1.4
+++ sec-activate.c 18 Nov 2005 21:15:03 -0000 1.5
@@ -656,7 +656,7 @@
/* change security parameters in server.xml, new for iWS6 */
if (strcmp(security, "off")==0) {
- rv = update_conf("nss.conf", "NSSEngine", "off");
+ rv = update_conf("console.conf", "NSSEngine", "off");
if (rv < 0) {
rpt_err(APP_ERROR, NULL, getResourceString(DBT_SERVER_XML_MOD), NULL);
}
@@ -676,8 +676,8 @@
if (strlen(clientauth) == 0) {
clientauth = (char*)"off";
}
- rv = update_conf("nss.conf", "NSSEngine", "on");
- rv = update_conf("nss.conf", "NSSNickname", certnickname);
+ rv = update_conf("console.conf", "NSSEngine", "on");
+ rv = update_conf("console.conf", "NSSNickname", certnickname);
strcpy(protocols, "");
@@ -687,15 +687,15 @@
strcat(protocols, "SSLv3,TLSv1,");
protocols[strlen(protocols) - 1] = '\0'; /* remove trailing comma */
- rv = update_conf("nss.conf", "NSSProtocol", protocols);
+ rv = update_conf("console.conf", "NSSProtocol", protocols);
snprintf(ciphers, BIG_LINE, "%s,%s", ssl2, ssl3);
- rv = update_conf("nss.conf", "NSSCipherSuite", ciphers);
+ rv = update_conf("console.conf", "NSSCipherSuite", ciphers);
if (!strcmp(clientauth, "on"))
- rv = update_conf("nss.conf", "NSSVerifyClient", "require");
+ rv = update_conf("console.conf", "NSSVerifyClient", "require");
else
- rv = update_conf("nss.conf", "NSSVerifyClient", "none");
+ rv = update_conf("console.conf", "NSSVerifyClient", "none");
if (rv < 0) {
rpt_err(APP_ERROR, NULL, getResourceString(DBT_SERVER_XML_MOD), NULL);
18 years, 5 months
[Fedora-directory-commits] adminserver/admserv/cfgstuff console.conf, 1.2, 1.3
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/cfgstuff
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3660/adminserver/admserv/cfgstuff
Modified Files:
console.conf
Log Message:
1) default cert name is server-cert not Server-Cert
2) remove SSLv2
3) add "-" to the end of the cert/key db name prefix
Index: console.conf
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cfgstuff/console.conf,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- console.conf 18 Aug 2005 18:58:18 -0000 1.2
+++ console.conf 18 Nov 2005 21:14:12 -0000 1.3
@@ -82,21 +82,21 @@
# SSL Certificate Nickname:
# The nickname of the server certificate you are going to use.
-NSSNickname Server-Cert
+NSSNickname server-cert
# Server Certificate Database:
# The NSS security database directory that holds the certificates and
# keys. The database consists of 3 files: cert8.db, key3.db and secmod.db.
# Provide the directory that these files exist.
NSSCertificateDatabase %%%sroot%%%/alias
-NSSDBPrefix %%%instancename%%%
+NSSDBPrefix %%%instancename%%%-
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_nss documentation for a complete list.
NSSCipherSuite -des,-rc2export,+rc4export,+desede3,+rc4,-rc2,+rsa_rc2_40_md5,+rsa_rc4_128_md5,+rsa_3des_sha,+rsa_rc4_40_md5,+fips_des_sha,+fips_3des_sha,+rsa_des_sha,-rsa_null_md5
-NSSProtocol SSLv2,SSLv3,TLSv1
+NSSProtocol SSLv3,TLSv1
# Client Authentication (Type):
# Client certificate verification type. Types are none, optional and
18 years, 5 months
[Fedora-directory-commits] ldapserver/ldap/servers/slapd main.c, 1.8, 1.9
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3602/ldapserver/ldap/servers/slapd
Modified Files:
main.c
Log Message:
Move NSS/SSL initialization after the setuid so that key/cert/other nss
related files are owned by the correct user, but make that happen before
the detach so we can ask for the pin on the terminal.
Index: main.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/main.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- main.c 17 Nov 2005 17:41:11 -0000 1.8
+++ main.c 18 Nov 2005 21:09:46 -0000 1.9
@@ -645,7 +645,7 @@
{
int return_value = 0;
slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig();
- daemon_ports_t arg = {0};
+ daemon_ports_t ports_info = {0};
Slapi_Backend *be = NULL;
int init_ssl;
#ifndef __LP64__
@@ -882,54 +882,6 @@
#endif
/*
- * Detach ourselves from the terminal (unless running in debug mode).
- * We must detach before we start any threads since detach forks() on
- * UNIX.
- */
- detach();
-
- /*
- * Now write our PID to the startup PID file.
- * This is used by the start up script to determine our PID quickly
- * after we fork, without needing to wait for the 'real' pid file to be
- * written. That could take minutes. And the start script will wait
- * that long looking for it. With this new 'early pid' file, it can avoid
- * doing that, by detecting the pid and watching for the process exiting.
- * This removes the blank stares all round from start-slapd when the server
- * fails to start for some reason
- */
- write_start_pid_file();
-
- /* Make sure we aren't going to run slapd in
- * a mode that is going to conflict with other
- * slapd processes that are currently running
- */
- if ((slapd_exemode != SLAPD_EXEMODE_REFERRAL) &&
- ( add_new_slapd_process(slapd_exemode, db2ldif_dump_replica,
- skip_db_protect_check) == -1 )) {
- LDAPDebug( LDAP_DEBUG_ANY,
- "Shutting down due to possible conflicts with other slapd processes\n",
- 0, 0, 0 );
- exit(1);
- }
-
-
- /*
- * Now it is safe to log our first startup message. If we were to
- * log anything earlier than now it would appear on the admin startup
- * screen twice because before we detach everything is sent to both
- * stderr and our error log. Yuck.
- */
- if (1) {
- char *versionstring = config_get_versionstring();
- char *buildnum = config_get_buildnum();
- LDAPDebug( LDAP_DEBUG_ANY, "%s B%s starting up\n",
- versionstring, buildnum, 0 );
- slapi_ch_free((void **)&buildnum);
- slapi_ch_free((void **)&versionstring);
- }
-
- /*
* After we read the config file we should make
* sure that everything we needed to read in has
* been read in and we'll start whatever threads,
@@ -946,19 +898,19 @@
*/
{
- arg.n_port = (unsigned short)n_port;
+ ports_info.n_port = (unsigned short)n_port;
if ( slapd_listenhost2addr( config_get_listenhost(),
- &arg.n_listenaddr ) != 0 ) {
+ &ports_info.n_listenaddr ) != 0 ) {
return(1);
}
- arg.s_port = (unsigned short)s_port;
+ ports_info.s_port = (unsigned short)s_port;
if ( slapd_listenhost2addr( config_get_securelistenhost(),
- &arg.s_listenaddr ) != 0 ) {
+ &ports_info.s_listenaddr ) != 0 ) {
return(1);
}
- return_value = daemon_pre_setuid_init(&arg);
+ return_value = daemon_pre_setuid_init(&ports_info);
if (0 != return_value) {
LDAPDebug( LDAP_DEBUG_ANY, "Failed to init daemon\n",
0, 0, 0 );
@@ -1006,6 +958,62 @@
exit( 1 );
}
+ if ( init_ssl && ( 0 != slapd_ssl_init2(&ports_info.s_socket, 0) ) ) {
+ LDAPDebug(LDAP_DEBUG_ANY,
+ "ERROR: SSL Initialization phase 2 Failed.\n", 0, 0, 0 );
+ exit( 1 );
+ }
+
+ /*
+ * Detach ourselves from the terminal (unless running in debug mode).
+ * We must detach before we start any threads since detach forks() on
+ * UNIX.
+ * Have to detach after ssl_init - the user may be prompted for the PIN
+ * on the terminal, so it must be open.
+ */
+ detach();
+
+ /*
+ * Now write our PID to the startup PID file.
+ * This is used by the start up script to determine our PID quickly
+ * after we fork, without needing to wait for the 'real' pid file to be
+ * written. That could take minutes. And the start script will wait
+ * that long looking for it. With this new 'early pid' file, it can avoid
+ * doing that, by detecting the pid and watching for the process exiting.
+ * This removes the blank stares all round from start-slapd when the server
+ * fails to start for some reason
+ */
+ write_start_pid_file();
+
+ /* Make sure we aren't going to run slapd in
+ * a mode that is going to conflict with other
+ * slapd processes that are currently running
+ */
+ if ((slapd_exemode != SLAPD_EXEMODE_REFERRAL) &&
+ ( add_new_slapd_process(slapd_exemode, db2ldif_dump_replica,
+ skip_db_protect_check) == -1 )) {
+ LDAPDebug( LDAP_DEBUG_ANY,
+ "Shutting down due to possible conflicts with other slapd processes\n",
+ 0, 0, 0 );
+ exit(1);
+ }
+
+
+ /*
+ * Now it is safe to log our first startup message. If we were to
+ * log anything earlier than now it would appear on the admin startup
+ * screen twice because before we detach everything is sent to both
+ * stderr and our error log. Yuck.
+ */
+ if (1) {
+ char *versionstring = config_get_versionstring();
+ char *buildnum = config_get_buildnum();
+ LDAPDebug( LDAP_DEBUG_ANY, "%s B%s starting up\n",
+ versionstring, buildnum, 0 );
+ slapi_ch_free((void **)&buildnum);
+ slapi_ch_free((void **)&versionstring);
+ }
+
/* -sduloutre: compute_init() and entry_computed_attr_init() moved up */
if (slapd_exemode != SLAPD_EXEMODE_REFERRAL) {
@@ -1143,7 +1151,7 @@
{
time( &starttime );
- slapd_daemon(&arg);
+ slapd_daemon(&ports_info);
}
LDAPDebug( LDAP_DEBUG_ANY, "slapd stopped.\n", 0, 0, 0 );
reslimit_cleanup();
18 years, 5 months
[Fedora-directory-commits] ldapserver/ldap/servers/slapd daemon.c, 1.6, 1.7
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3562/ldapserver/ldap/servers/slapd
Modified Files:
daemon.c
Log Message:
Move ssl init on the secure socket into main with the rest of the nss/ssl init
Index: daemon.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/daemon.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- daemon.c 19 Apr 2005 22:07:36 -0000 1.6
+++ daemon.c 18 Nov 2005 21:07:38 -0000 1.7
@@ -406,8 +406,6 @@
#ifdef XP_WIN32
ports->s_socket_native = PR_FileDesc2NativeHandle(ports->s_socket);
#endif
- /* check if ports->s_socket != -1 ? */
- rc = slapd_ssl_init2 ( &ports->s_socket, 0 );
} else {
ports->s_socket = SLAPD_INVALID_SOCKET;
#ifdef XP_WIN32
18 years, 5 months
[Fedora-directory-commits] mod_nss nss_pcache.c,1.7,1.8
by Doctor Conrad
Author: rcritten
Update of /cvs/dirsec/mod_nss
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26699
Modified Files:
nss_pcache.c
Log Message:
Fix command-line argument miscounting caused by the addition of the
FIPS flag. The result was that the database prefix was always
missed.
Also check the return value of NSS_Initialize() and print and exit if
the database is not opened.
Index: nss_pcache.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_pcache.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- nss_pcache.c 19 Aug 2005 21:42:20 -0000 1.7
+++ nss_pcache.c 18 Nov 2005 16:10:23 -0000 1.8
@@ -319,7 +319,12 @@
PK11_ConfigurePKCS11(NULL,NULL,NULL, INTERNAL_TOKEN_NAME, NULL, NULL,NULL,NULL,8,1);
/* Initialize NSS and open the certificate database read-only. */
- rv = NSS_Initialize(argv[2], argc == 3 ? argv[3] : NULL, argc == 3 ? argv[3] : NULL, "secmod.db", NSS_INIT_READONLY);
+ rv = NSS_Initialize(argv[2], argc == 4 ? argv[3] : NULL, argc == 4 ? argv[3] : NULL, "secmod.db", NSS_INIT_READONLY);
+
+ if (rv != SECSuccess) {
+ fprintf(stderr, "Unable to initialize NSS database: %d\n", rv);
+ exit(1);
+ }
if (fipsmode) {
if (!PK11_IsFIPS()) {
18 years, 5 months
[Fedora-directory-commits] ldapserver/ldap/cm/newinst setup.patch, 1.2, 1.3
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/cm/newinst
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28462
Modified Files:
setup.patch
Log Message:
[173524] setup scripts retrieves incorrect adminid
Fixed to get the adminid from the right place: adminpw
setup.patch:
Index: setup.patch
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/newinst/setup.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- setup.patch 25 Oct 2005 16:55:49 -0000 1.2
+++ setup.patch 17 Nov 2005 23:51:54 -0000 1.3
@@ -95,6 +95,12 @@
echo $rval
}
+getValFromAdmpw() {
+ cfile=$1
+ rval=`head -1 $serverroot/admin-serv/config/$cfile | awk -F\: '{print $1}'`
+ echo $rval
+}
+
dsinst=`getValFromAdminConf "ldapStart:" "adm.conf" | awk -F/ '{print $1}'`
dsconffile=$serverroot/$dsinst/config/dse.ldif
if [ ! -f $dsconffile ]; then
@@ -197,7 +203,7 @@
ldaphost=`getValFromAdminConf "ldapHost:" "adm.conf"`
ldapport=`getValFromAdminConf "ldapPort:" "adm.conf"`
-siepid=`getValFromAdminConf "siepid:" "adm.conf"`
+adminid=`getValFromAdmpw "admpw"`
suitespotuser=`ls -l $dsconffile | awk '{print $3}'`
suitespotgroup=`ls -l $dsconffile | awk '{print $4}'`
admindomain=`echo $ldaphost | awk -F. '{if ($5) {print $2 "." $3 "." $4 "." $5} else if ($4) {print $2 "." $3 "." $4} else if ($3) {print $2 "." $3} else if ($2) {print $2} else {print ""}}'`
@@ -215,11 +221,11 @@
echo "Administrator password is required. Here is your current information:"
echo ""
echo "Configuration Directory: ldap://$ldaphost:$ldapport/o=NetscapeRoot"
-echo "Configuration Administrator ID: $siepid"
+echo "Configuration Administrator ID: $adminid"
echo ""
echo "At the prompt, please enter the password for the Configuration Administrator."
echo ""
-echo "administrator ID: $siepid"
+echo "administrator ID: $adminid"
siepasswd=""
while [ "$siepasswd" = "" ]; do
printf "Password: "
@@ -234,7 +240,7 @@
echo "SuitespotGroup= $suitespotgroup" >> $inffile
echo "ServerRoot= $serverroot" >> $inffile
echo "ConfigDirectoryLdapURL= ldap://$ldaphost:$ldapport/" >> $inffile
-echo "ConfigDirectoryAdminID= $siepid" >> $inffile
+echo "ConfigDirectoryAdminID= $adminid" >> $inffile
echo "AdminDomain= $admindomain" >> $inffile
echo "ConfigDirectoryAdminPwd= $siepasswd" >> $inffile
echo "Components= slapd-71sp1" >> $inffile
@@ -272,36 +278,41 @@
echo "$conffile: SSL on ..."
}
-for dir in `cat dssecure.txt` ; do
- clear
- if [ -f $dir/config/dse.ldif ]; then
- security=`grep -i "^nsslapd-security:" $dir/config/dse.ldif | awk '{print $1}'`
- $dir/stop-slapd
- cat $dir/config/dse.ldif | sed -e "s/\($security\) .*/\1 on/g" > $dir/config/dse.ldif.0
- mv $dir/config/dse.ldif.0 $dir/config/dse.ldif
- echo "$dir/config/dse.ldif: SSL on ..."
- echo "Restarting Directory Server: $dir/start-slapd"
- $dir/start-slapd
- fi
-done
+if [ -f dssecure.txt ]; then
+ for dir in `cat dssecure.txt` ; do
+ clear
+ if [ -f $dir/config/dse.ldif ]; then
+ security=`grep -i "^nsslapd-security:" $dir/config/dse.ldif | awk '{print $1}'`
+ $dir/stop-slapd
+ cat $dir/config/dse.ldif | sed -e "s/\($security\) .*/\1 on/g" > $dir/config/dse.ldif.0
+ mv $dir/config/dse.ldif.0 $dir/config/dse.ldif
+ echo "$dir/config/dse.ldif: SSL on ..."
+ echo "Restarting Directory Server: $dir/start-slapd"
+ $dir/start-slapd
+ fi
+ done
+ rm -f dssecure.txt
+fi
if [ $isadminsslon -ne 0 ]; then
$serverroot/stop-admin
fi
-for confline in `cat assecure.txt` ; do
- conffile=`echo $confline | awk -F= '{print $1}'`
- confparam=`echo $confline | awk -F= '{print $2}'`
- echo $conffile | grep "\.xml$" > /dev/null 2>&1
- rval=$?
- if [ $rval -eq 0 ]; then
- adminXmlSSLOn $conffile $confparam
- else
- adminSSLOn $conffile $confparam
- fi
-done
+if [ -f assecure.txt ]; then
+ for confline in `cat assecure.txt` ; do
+ conffile=`echo $confline | awk -F= '{print $1}'`
+ confparam=`echo $confline | awk -F= '{print $2}'`
+ echo $conffile | grep "\.xml$" > /dev/null 2>&1
+ rval=$?
+ if [ $rval -eq 0 ]; then
+ adminXmlSSLOn $conffile $confparam
+ else
+ adminSSLOn $conffile $confparam
+ fi
+ done
+ rm -f assecuire.txt
+fi
if [ $isadminsslon -ne 0 ]; then
echo "Restarting Administration Server: $serverroot/start-admin"
$serverroot/start-admin
fi
-rm -f dssecure.txt assecuire.txt
18 years, 5 months
[Fedora-directory-commits] ldapserver/ldap/cm/newinst setup, 1.9.2.6, 1.9.2.7 setup.patch, 1.1.2.5, 1.1.2.6
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/cm/newinst
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28347
Modified Files:
Tag: Directory71RtmBranch
setup setup.patch
Log Message:
[173524] setup scripts retrieves incorrect adminid
Fixed to get the adminid from the right place: adminpw in the 2 setup scripts: one for rpm and another for the classic setup.
Index: setup
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/newinst/setup,v
retrieving revision 1.9.2.6
retrieving revision 1.9.2.7
diff -u -r1.9.2.6 -r1.9.2.7
--- setup 27 Oct 2005 17:50:16 -0000 1.9.2.6
+++ setup 17 Nov 2005 23:29:42 -0000 1.9.2.7
@@ -137,6 +137,19 @@
echo $rval
}
+getValFromAdmpw() {
+ cfile=$1
+ rval=`head -1 $sroot/admin-serv/config/$cfile | cut -f1 -d\:`
+ echo $rval
+}
+
+getValFromInf() {
+ cattr=$1
+ cfile=$2
+ rval=`grep -i ^$cattr $cfile | head -1 | sed -e 's/^.*=[ ]*//'`
+ echo $rval
+}
+
logfile=`doMktmp log`
myargs=
silent=
@@ -365,7 +378,7 @@
ldaphost=`getValFromAdminConf "ldapHost:" "adm.conf"`
ldapport=`getValFromAdminConf "ldapPort:" "adm.conf"`
adminport=`getValFromAdminConf "\<port:" "adm.conf"`
- siepid=`getValFromAdminConf "siepid:" "adm.conf"`
+ adminid=`getValFromAdmpw "admpw"`
sysuser=`getValFromAdminConf "nsSuiteSpotUser:" "local.conf"`
suitespotuser=`ls -l $sroot/$dsinst/config/dse.ldif | awk '{print $3}'`
suitespotgroup=`ls -l $sroot/$dsinst/config/dse.ldif | awk '{print $4}'`
@@ -378,11 +391,11 @@
echo "Administrator password is required. Here is your current information:"
echo ""
echo "Configuration Directory: ldap://$ldaphost:$ldapport/o=NetscapeRoot"
- echo "Configuration Administrator ID: $siepid"
+ echo "Configuration Administrator ID: $adminid"
echo ""
echo "At the prompt, please enter the password for the Configuration Administrator."
echo ""
- echo "administrator ID: $siepid"
+ echo "administrator ID: $adminid"
siepasswd=""
while [ "$siepasswd" = "" ]; do
printf "Password: "
@@ -396,12 +409,12 @@
echo "SuitespotGroup= $suitespotgroup" >> $inffile
echo "ServerRoot= $sroot" >> $inffile
echo "ConfigDirectoryLdapURL= ldap://$ldaphost:$ldapport/o=NetscapeRoot" >> $inffile
- echo "ConfigDirectoryAdminID= $siepid" >> $inffile
+ echo "ConfigDirectoryAdminID= $adminid" >> $inffile
echo "AdminDomain= $admindomain" >> $inffile
echo "ConfigDirectoryAdminPwd= $siepasswd" >> $inffile
echo "" >> $inffile
echo "[admin]" >> $inffile
- echo "ServerAdminID= $siepid" >> $inffile
+ echo "ServerAdminID= $adminid" >> $inffile
echo "ServerAdminPwd= $siepasswd" >> $inffile
echo "SysUser= $sysuser" >> $inffile
echo "Port= $adminport" >> $inffile
@@ -508,6 +521,16 @@
sed -e "s/jvm.option=\(.*\)/jvm.option=\1 -Djava.compiler=NONE/" admin-serv/config/jvm12.conf > admin-serv/config/jvm12.tmp
mv admin-serv/config/jvm12.tmp admin-serv/config/jvm12.conf
+# get user, host, port for startconsole
+adminport=`getValFromInf Port $inffile`
+adminhost=`getValFromInf FullMachineName $inffile`
+adminuser=`getValFromInf ConfigDirectoryAdminID $inffile`
+
+echo ""
+echo "You can now use the console. Here is the command to use to start the console:" | tee -a $logfile
+echo "cd $sroot" | tee -a $logfile
+echo "./startconsole -u $adminuser -a http://$adminhost:$adminport/" | tee -a $logfile
+echo""
echo "INFO Finished with setup, logfile is setup/setup.log" | tee -a $logfile
if [ -f setup/setup.log ] ; then
cat $logfile >> setup/setup.log
@@ -527,4 +550,5 @@
fi
rm -f $inffile
fi
+
exit 0
setup.patch:
Index: setup.patch
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/cm/newinst/setup.patch,v
retrieving revision 1.1.2.5
retrieving revision 1.1.2.6
diff -u -r1.1.2.5 -r1.1.2.6
--- setup.patch 27 Oct 2005 17:50:16 -0000 1.1.2.5
+++ setup.patch 17 Nov 2005 23:29:42 -0000 1.1.2.6
@@ -95,6 +95,12 @@
echo $rval
}
+getValFromAdmpw() {
+ cfile=$1
+ rval=`head -1 $serverroot/admin-serv/config/$cfile | awk -F\: '{print $1}'`
+ echo $rval
+}
+
dsinst=`getValFromAdminConf "ldapStart:" "adm.conf" | awk -F/ '{print $1}'`
dsconffile=$serverroot/$dsinst/config/dse.ldif
if [ ! -f $dsconffile ]; then
@@ -197,7 +203,7 @@
ldaphost=`getValFromAdminConf "ldapHost:" "adm.conf"`
ldapport=`getValFromAdminConf "ldapPort:" "adm.conf"`
-siepid=`getValFromAdminConf "siepid:" "adm.conf"`
+adminid=`getValFromAdmpw "admpw"`
suitespotuser=`ls -l $dsconffile | awk '{print $3}'`
suitespotgroup=`ls -l $dsconffile | awk '{print $4}'`
admindomain=`echo $ldaphost | awk -F. '{if ($5) {print $2 "." $3 "." $4 "." $5} else if ($4) {print $2 "." $3 "." $4} else if ($3) {print $2 "." $3} else if ($2) {print $2} else {print ""}}'`
@@ -215,11 +221,11 @@
echo "Administrator password is required. Here is your current information:"
echo ""
echo "Configuration Directory: ldap://$ldaphost:$ldapport/o=NetscapeRoot"
-echo "Configuration Administrator ID: $siepid"
+echo "Configuration Administrator ID: $adminid"
echo ""
echo "At the prompt, please enter the password for the Configuration Administrator."
echo ""
-echo "administrator ID: $siepid"
+echo "administrator ID: $adminid"
siepasswd=""
while [ "$siepasswd" = "" ]; do
printf "Password: "
@@ -234,7 +240,7 @@
echo "SuitespotGroup= $suitespotgroup" >> $inffile
echo "ServerRoot= $serverroot" >> $inffile
echo "ConfigDirectoryLdapURL= ldap://$ldaphost:$ldapport/" >> $inffile
-echo "ConfigDirectoryAdminID= $siepid" >> $inffile
+echo "ConfigDirectoryAdminID= $adminid" >> $inffile
echo "AdminDomain= $admindomain" >> $inffile
echo "ConfigDirectoryAdminPwd= $siepasswd" >> $inffile
echo "Components= slapd-71sp1" >> $inffile
18 years, 5 months
[Fedora-directory-commits] mod_restartd mod_restartd.c,1.3,1.4
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/mod_restartd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17680
Modified Files:
mod_restartd.c
Log Message:
add the create CGI to the list of CGIs which mod_restartd is allowed to execute
Index: mod_restartd.c
===================================================================
RCS file: /cvs/dirsec/mod_restartd/mod_restartd.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- mod_restartd.c 2 Nov 2005 01:29:06 -0000 1.3
+++ mod_restartd.c 17 Nov 2005 17:44:44 -0000 1.4
@@ -839,7 +839,7 @@
}
}
- regcomp(&uriPat, "/.*/tasks/operation/(start|restart|stop|startconfigds)$",
+ regcomp(&uriPat, "/.*/tasks/operation/(start|restart|stop|startconfigds|create)$",
REG_EXTENDED|REG_NOSUB|REG_ICASE);
return OK;
18 years, 5 months
[Fedora-directory-commits] adminserver/admserv/newinst/src ux-update.cc, 1.14, 1.15
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/newinst/src
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17654/adminserver/admserv/newinst/src
Modified Files:
ux-update.cc
Log Message:
Admin server post install was core dumping in express mode because it did
not have the apache root information. This information is obtained in
the other install modes. The fix is to copy some code from the preinstaller
that figures out the value of ApacheRoot from the Apache binary.
Index: ux-update.cc
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/ux-update.cc,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- ux-update.cc 10 Nov 2005 01:12:59 -0000 1.14
+++ ux-update.cc 17 Nov 2005 17:43:38 -0000 1.15
@@ -209,6 +209,61 @@
return result;
}
+static char *get_value(char * file, char * attr) {
+ char cmd[1024];
+ char buf[1024];
+ FILE *fp;
+
+ sprintf(cmd, "%s -V", file);
+ fp = popen(cmd, "r");
+
+ if (fp != NULL) {
+ char *x, *t;
+ while ((fgets(buf, sizeof(buf), fp)) > 0) {
+ x = (char *)strstr(buf, attr);
+ if (x) {
+ t = (char *)strtok(buf, "\"");
+ if (t) {
+ t = (char *)strtok(NULL, "\"");
+ if (t) {
+ pclose(fp);
+ return (char *)(strdup(t));
+ }
+ }
+ }
+ }
+ }
+ pclose(fp);
+ return NULL;
+}
+
+static NSString
+findApacheRoot(const char *dir)
+{
+ char path[1024];
+ char errMsg[SML_BUF];
+ struct stat st;
+ char *v;
+
+ snprintf(path, sizeof(path), "%s/httpd.worker", dir);
+ if (stat(path, &st) != 0) {
+ snprintf(path, sizeof(path), "%s/httpd", dir);
+ if (stat(path, &st) != 0) {
+ return NULL;
+ }
+ }
+
+ v = get_value(path, "HTTPD_ROOT");
+ if (v) {
+ sprintf(path, "%s/modules", v);
+ if (stat(path, &st) != 0) {
+ return NULL;
+ }
+ }
+
+ return v;
+}
+
void
configTasks(const Ldap *ldap, const char *sroot, const char *sieDN)
{
@@ -490,12 +545,17 @@
s = adminInfo->get("SysUser");
strcpy(adminUser, s);
- s = adminInfo->get("ApacheRoot");
- strcpy(apacheRoot, s);
-
s = adminInfo->get("ApacheDir");
strcpy(apacheDir, s);
+ s = adminInfo->get("ApacheRoot");
+ if (!s) {
+ NSString ar = findApacheRoot(apacheDir);
+ strcpy(apacheRoot, (const char *)ar);
+ } else {
+ strcpy(apacheRoot, s);
+ }
+
snprintf(apacheBin, sizeof(apacheBin), "%s/httpd.worker", apacheDir);
if (stat(apacheBin, &st) != 0) {
snprintf(apacheBin, sizeof(apacheBin), "%s/httpd", apacheDir);
18 years, 5 months