[Fedora-directory-commits] fedora-idm-console fedora-idm-console.spec, 1.2, 1.3
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/fedora-idm-console
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9332
Modified Files:
fedora-idm-console.spec
Log Message:
updated spec for Fedora DS 1.1 release
Index: fedora-idm-console.spec
===================================================================
RCS file: /cvs/dirsec/fedora-idm-console/fedora-idm-console.spec,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- fedora-idm-console.spec 7 Nov 2007 20:38:15 -0000 1.2
+++ fedora-idm-console.spec 19 Dec 2007 20:08:44 -0000 1.3
@@ -3,7 +3,7 @@
Name: fedora-idm-console
Version: %{major_version}.%{minor_version}
-Release: 4
+Release: 5%{?dist}
Summary: Fedora Management Console
Group: Applications
@@ -11,7 +11,7 @@
URL: http://directory.fedoraproject.org
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
-Source: %{name}-%{version}.tar.bz2
+Source: http://directory.fedoraproject.org/sources/%{name}-%{version}.tar.bz2
Requires: idm-console-framework >= 1.1
BuildRequires: ant >= 1.6.2
BuildRequires: ldapjdk
@@ -54,6 +54,9 @@
%{_bindir}/%{name}
%changelog
+* Wed Dec 19 2007 Rich Megginson <rmeggins(a)redhat.com> 1.1.0-5
+- for the Fedora DS 1.1 release
+
* Thu Oct 25 2007 Nathan Kinder <nkinder(a)redhat.com> 1.1.0-4
- Removed noarch to ensure we find the 64-bit library.
16 years, 4 months
[Fedora-directory-commits] console idm-console-framework.spec, 1.1, 1.2
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/console
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9286
Modified Files:
idm-console-framework.spec
Log Message:
updated spec for Fedora DS 1.1 release
Index: idm-console-framework.spec
===================================================================
RCS file: /cvs/dirsec/console/idm-console-framework.spec,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- idm-console-framework.spec 1 Aug 2007 21:29:55 -0000 1.1
+++ idm-console-framework.spec 19 Dec 2007 20:07:43 -0000 1.2
@@ -3,7 +3,7 @@
Name: idm-console-framework
Version: %{major_version}.%{minor_version}
-Release: 1
+Release: 2%{?dist}
Summary: Identity Management Console Framework
Group: System Environment/Libraries
@@ -54,7 +54,7 @@
rm -rf $RPM_BUILD_ROOT
%files
-%defattr(-,root,root)
+%defattr(-,root,root,-)
%{_javadir}/idm-console-base-%{version}.jar
%{_javadir}/idm-console-base-%{major_version}.jar
%{_javadir}/idm-console-base.jar
@@ -72,5 +72,8 @@
%{_javadir}/idm-console-nmclf_en.jar
%changelog
+* Wed Dec 19 2007 Rich Megginson <rmeggins(a)redhat.com> 1.1.0-2
+- for the fedora ds 1.1 release
+
* Wed Aug 1 2007 Nathan Kinder <nkinder(a)redhat.com> 1.1.0-1
- Initial creation (based on old fedora-idm-console package).
16 years, 4 months
[Fedora-directory-commits] adminserver/admserv/cgi-src40 ugdsconfig.c, 1.9, 1.10
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/cgi-src40
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14602/adminserver/admserv/cgi-src40
Modified Files:
ugdsconfig.c
Log Message:
Resolves: bug 426056
Bug Description: Unable to connect to admin express via SSL - firefox cipher issues?
Reviewed by: nkinder, nhosoi (Thanks!)
Fix Description: The admin server was defaulting to EXPORT instead of DOMESTIC so was not enabling the domestic ciphers by default. Then when the admin server SSL was configured, it would give it a list of old ciphers not currently supported by Firefox. Also, we are still being affected by Bug 151705 Processed: AS 6.2 Console cipher preferences bug, so when the list of ciphers pops up, you have to make sure all of the SSLv2 ciphers are disabled and the SSLv3 and TLS ciphers you want to use are enabled.
I also discovered a problem with the ugdsconfig CGI program - it was being caught by the admldapBuildInfoSSL problem where it tries to use the SIEDN to bind. So I had to use the same hack used in mod_admserv and elsewhere to force it to use the correct bind dn and password.
Finally, I updated the list of ciphers in console.conf to reflect the full list of ciphers supported by mod_nss.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
Index: ugdsconfig.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/ugdsconfig.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- ugdsconfig.c 18 Jul 2007 22:10:22 -0000 1.9
+++ ugdsconfig.c 18 Dec 2007 19:55:23 -0000 1.10
@@ -230,20 +230,15 @@
return 0;
}
-
-/*
- * Return current U/G directory setting
- */
-static void handle_getconfig(const char *configdir, const char *securitydir)
+static AdmldapInfo
+local_get_admldapinfo(const char *configdir, const char *securitydir)
{
- char *inforef=NULL, *globaldirurl=NULL, *dirurl=NULL, *binddn=NULL, *bindpw=NULL;
AdmldapInfo adminfo;
int rc;
- logMsg("In handle_getconfig\n");
-
if(ADMSSL_InitSimple((char *)configdir, (char *)securitydir, 0)) {
- rpt_err(SYSTEM_ERROR, i18nMsg(DBT_ADMSSL_INIT_FAILED,"Cannot initialize SSL"), NULL, NULL);
+ rpt_err(SYSTEM_ERROR, i18nMsg(DBT_ADMSSL_INIT_FAILED,"Cannot initialize SSL"), NULL, NULL);
+ return NULL;
}
adminfo = admldapBuildInfo((char *)configdir, &rc);
@@ -251,14 +246,57 @@
logMsg("admldapBuildInfo failed, rc=%d, admroot=%s\n", rc, nonull_value((char *)configdir));
PR_snprintf(error_info, sizeof(error_info), i18nMsg(DBT_BUILD_LDAPINFO,"Failed to build ldap info (err=%d)"), rc);
rpt_err(SYSTEM_ERROR, error_info, NULL, NULL);
+ return NULL;
}
if (admldapGetSecurity(adminfo)) {
- if (!admldapBuildInfoSSL(adminfo, &rc)) {
- logMsg("admldapBuildInfo failed, rc=%d, admroot=%s\n", rc, nonull_value((char *)configdir));
- PR_snprintf(error_info, sizeof(error_info), i18nMsg(DBT_BUILD_LDAPINFO,"Failed to build ldap info (err=%d)"), rc);
+ /* Temporarily override the siedn. This needs to be
+ * done to get a valid LDAP handle.
+ */
+ char *siedn = NULL;
+ char *userdn = NULL;
+ char *siePasswd = NULL;
+
+ /* returned value from ADM_Get... should NOT be freed */
+ ADM_GetCurrentPassword(&rc, &siePasswd); /* via PIPE */
+ /* if userdn is initialized, override the siedn to make bind succeed */
+ ADM_GetUserDNString(&rc, &userdn);
+ if (strcasecmp(userdn, ADM_NOT_INITIALIZED)) {
+ siedn = admldapGetSIEDN(adminfo);
+ admldapSetSIEDN(adminfo, userdn);
+ admSetCachedSIEPWD(siePasswd);
+ }
+
+ if (!admldapBuildInfoSSL(adminfo, &rc)) {
+ logMsg("admldapBuildInfo failed, rc=%d, admroot=%s\n", rc, nonull_value((char *)configdir));
+ PR_snprintf(error_info, sizeof(error_info), i18nMsg(DBT_BUILD_LDAPINFO,"Failed to build ldap info (err=%d)"), rc);
rpt_err(SYSTEM_ERROR, error_info, NULL, NULL);
+ return NULL;
}
+
+ /* reset if we changed it */
+ if (siedn) {
+ admldapSetSIEDN(adminfo, siedn);
+ PL_strfree(siedn);
+ }
+ }
+
+ return adminfo;
+}
+
+/*
+ * Return current U/G directory setting
+ */
+static void handle_getconfig(const char *configdir, const char *securitydir)
+{
+ char *inforef=NULL, *globaldirurl=NULL, *dirurl=NULL, *binddn=NULL, *bindpw=NULL;
+ AdmldapInfo adminfo;
+ int rc;
+
+ logMsg("In handle_getconfig\n");
+
+ if (!(adminfo = local_get_admldapinfo(configdir, securitydir))) {
+ return;
}
if (!admldapGetDomainUserDirectory(adminfo, &globaldirurl, &binddn, &bindpw, &inforef, &rc)) {
@@ -305,8 +343,8 @@
logMsg("In handle_setconfig\n");
- if(ADMSSL_InitSimple((char *)configdir, (char *)securitydir, 0)) {
- rpt_err(SYSTEM_ERROR, i18nMsg(DBT_ADMSSL_INIT_FAILED,"Cannot initialize SSL"), NULL, NULL);
+ if (!(adminfo = local_get_admldapinfo(configdir, securitydir))) {
+ return;
}
inforef = get_cgi_var( "ugdsconfig.inforef", NULL, NULL );
@@ -319,22 +357,6 @@
logMsg("binddn=%s\n", nonull_value(binddn));
logMsg("bindpw size=%d\n", strlen(nonull_value(bindpw)));
-
- adminfo = admldapBuildInfo((char *)configdir, &rc);
- if (adminfo == NULL) {
- logMsg("admldapBuildInfo failed, rc=%d, admroot=%s\n", rc, nonull_value((char *)configdir));
- PR_snprintf(error_info, sizeof(error_info), i18nMsg(DBT_BUILD_LDAPINFO,"Failed to build ldap info (err=%d)"), rc);
- rpt_err(SYSTEM_ERROR, error_info, NULL, NULL);
- }
-
- if (admldapGetSecurity(adminfo)) {
- if (!admldapBuildInfoSSL(adminfo, &rc)) {
- logMsg("admldapBuildInfo failed, rc=%d, admroot=%s\n", rc, nonull_value((char *)configdir));
- PR_snprintf(error_info, sizeof(error_info), i18nMsg(DBT_BUILD_LDAPINFO,"Failed to build ldap info (err=%d)"), rc);
- rpt_err(SYSTEM_ERROR, error_info, NULL, NULL);
- }
- }
-
if (inforef != NULL) {
if (strcasecmp(inforef,"default")==0) {
siedn = admldapGetSIEDN(adminfo);
16 years, 4 months
[Fedora-directory-commits] adminserver/admserv/cfgstuff console.conf.in, 1.2, 1.3
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/cfgstuff
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14602/adminserver/admserv/cfgstuff
Modified Files:
console.conf.in
Log Message:
Resolves: bug 426056
Bug Description: Unable to connect to admin express via SSL - firefox cipher issues?
Reviewed by: nkinder, nhosoi (Thanks!)
Fix Description: The admin server was defaulting to EXPORT instead of DOMESTIC so was not enabling the domestic ciphers by default. Then when the admin server SSL was configured, it would give it a list of old ciphers not currently supported by Firefox. Also, we are still being affected by Bug 151705 Processed: AS 6.2 Console cipher preferences bug, so when the list of ciphers pops up, you have to make sure all of the SSLv2 ciphers are disabled and the SSLv3 and TLS ciphers you want to use are enabled.
I also discovered a problem with the ugdsconfig CGI program - it was being caught by the admldapBuildInfoSSL problem where it tries to use the SIEDN to bind. So I had to use the same hack used in mod_admserv and elsewhere to force it to use the correct bind dn and password.
Finally, I updated the list of ciphers in console.conf to reflect the full list of ciphers supported by mod_nss.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
Index: console.conf.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cfgstuff/console.conf.in,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- console.conf.in 22 Jun 2007 01:34:19 -0000 1.2
+++ console.conf.in 18 Dec 2007 19:55:23 -0000 1.3
@@ -95,7 +95,8 @@
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_nss documentation for a complete list.
-NSSCipherSuite -des,-rc2export,+rc4export,+desede3,+rc4,-rc2,+rsa_rc2_40_md5,+rsa_rc4_128_md5,+rsa_3des_sha,+rsa_rc4_40_md5,+fips_des_sha,+fips_3des_sha,+rsa_des_sha,-rsa_null_md5
+# SSL 3 ciphers. SSL 2 is disabled by default.
+NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
NSSProtocol SSLv3,TLSv1
16 years, 4 months
[Fedora-directory-commits] adminserver configure.ac, 1.23, 1.24 aclocal.m4, 1.37, 1.38 configure, 1.41, 1.42 config.h.in, 1.6, 1.7 missing, 1.27, 1.28 install-sh, 1.27, 1.28 depcomp, 1.27, 1.28 compile, 1.26, 1.27 Makefile.in, 1.44, 1.45 config.sub, 1.27, 1.28 config.guess, 1.27, 1.28
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14602/adminserver
Modified Files:
configure.ac aclocal.m4 configure config.h.in missing
install-sh depcomp compile Makefile.in config.sub config.guess
Log Message:
Resolves: bug 426056
Bug Description: Unable to connect to admin express via SSL - firefox cipher issues?
Reviewed by: nkinder, nhosoi (Thanks!)
Fix Description: The admin server was defaulting to EXPORT instead of DOMESTIC so was not enabling the domestic ciphers by default. Then when the admin server SSL was configured, it would give it a list of old ciphers not currently supported by Firefox. Also, we are still being affected by Bug 151705 Processed: AS 6.2 Console cipher preferences bug, so when the list of ciphers pops up, you have to make sure all of the SSLv2 ciphers are disabled and the SSLv3 and TLS ciphers you want to use are enabled.
I also discovered a problem with the ugdsconfig CGI program - it was being caught by the admldapBuildInfoSSL problem where it tries to use the SIEDN to bind. So I had to use the same hack used in mod_admserv and elsewhere to force it to use the correct bind dn and password.
Finally, I updated the list of ciphers in console.conf to reflect the full list of ciphers supported by mod_nss.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
Index: configure.ac
===================================================================
RCS file: /cvs/dirsec/adminserver/configure.ac,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- configure.ac 12 Dec 2007 00:45:38 -0000 1.23
+++ configure.ac 18 Dec 2007 19:55:22 -0000 1.24
@@ -102,6 +102,8 @@
m4_include(m4/fhs.m4)
+AC_DEFINE([NS_DOMESTIC], [1], [Domestic security level enabled by default])
+
# server userid, groupid
httpduser=nobody
httpdgroup=nobody
Index: configure
===================================================================
RCS file: /cvs/dirsec/adminserver/configure,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -r1.41 -r1.42
--- configure 17 Dec 2007 20:10:05 -0000 1.41
+++ configure 18 Dec 2007 19:55:22 -0000 1.42
@@ -23030,6 +23030,12 @@
fi
+
+cat >>confdefs.h <<\_ACEOF
+#define NS_DOMESTIC 1
+_ACEOF
+
+
# server userid, groupid
httpduser=nobody
httpdgroup=nobody
Index: config.h.in
===================================================================
RCS file: /cvs/dirsec/adminserver/config.h.in,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- config.h.in 30 Jul 2007 23:13:45 -0000 1.6
+++ config.h.in 18 Dec 2007 19:55:23 -0000 1.7
@@ -248,6 +248,9 @@
/* Define to 1 if your C compiler doesn't accept -c and -o together. */
#undef NO_MINUS_C_MINUS_O
+/* Domestic security level enabled by default */
+#undef NS_DOMESTIC
+
/* OS version */
#undef OSVERSION
16 years, 4 months
[Fedora-directory-commits] adminserver/admserv/newinst/src AdminMigration.pm.in, 1.7, 1.8
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/newinst/src
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14172/adminserver/admserv/newinst/src
Modified Files:
AdminMigration.pm.in
Log Message:
Resolves: bug 425849
Bug Description: migrate-ds-admin.pl spins at 100% cpu
Reviewed by: nkinder (Thanks!)
Fix Description: It was spinning because inst_dir was not being set, so it kept trying to find the parent directory of a non-existent directory. In migration, the old instance has no instance dir - we will fill that in during instance creation, so just skip it if not set. I also found and fixed another bug in migration with the usage of file_name_is_absolute - have to use the full module name and function name.
Platforms tested: RHEL4 32bit and 64bit
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: AdminMigration.pm.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/AdminMigration.pm.in,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- AdminMigration.pm.in 7 Dec 2007 00:09:36 -0000 1.7
+++ AdminMigration.pm.in 17 Dec 2007 23:50:08 -0000 1.8
@@ -34,7 +34,7 @@
use SetupLog;
use File::Path;
-use File::Spec qw(file_name_is_absolute);
+use File::Spec;
# tempfiles
use File::Temp qw(tempfile tempdir);
@@ -485,7 +485,7 @@
# if ldapStart is not an absolute path, we need to add
# the directory server instance dir (ServerRoot) to it
if ($mig->{inf}->{admin}->{ldapStart} &&
- !file_name_is_absolute($mig->{inf}->{admin}->{ldapStart})) {
+ !File::Spec->file_name_is_absolute($mig->{inf}->{admin}->{ldapStart})) {
debug(1, "Need to make ldapStart an absolute path - ", $mig->{ServerRoot}, "/",
$mig->{inf}->{admin}->{ldapStart}, "\n");
$mig->{inf}->{admin}->{ldapStart} = $mig->{ServerRoot} . "/" . $mig->{inf}->{admin}->{ldapStart};
16 years, 4 months
[Fedora-directory-commits] ldapserver/ldap/admin/src/scripts Util.pm.in, 1.15, 1.16
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14146/ldapserver/ldap/admin/src/scripts
Modified Files:
Util.pm.in
Log Message:
Resolves: bug 425849
Bug Description: migrate-ds-admin.pl spins at 100% cpu
Reviewed by: nkinder (Thanks!)
Fix Description: It was spinning because inst_dir was not being set, so it kept trying to find the parent directory of a non-existent directory. In migration, the old instance has no instance dir - we will fill that in during instance creation, so just skip it if not set. I also found and fixed another bug in migration with the usage of file_name_is_absolute - have to use the full module name and function name.
Platforms tested: RHEL4 32bit and 64bit
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: Util.pm.in
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/Util.pm.in,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- Util.pm.in 14 Dec 2007 17:22:59 -0000 1.15
+++ Util.pm.in 17 Dec 2007 23:49:50 -0000 1.16
@@ -842,7 +842,9 @@
$conn->close();
- print $outfh "inst_dir = $inst_dir\n";
+ if ($inst_dir) {
+ print $outfh "inst_dir = $inst_dir\n";
+ }
print $outfh "Suffix = $suffix\n";
close $outfh;
16 years, 4 months
[Fedora-directory-commits] adminserver Makefile.am, 1.37, 1.38 aclocal.m4, 1.36, 1.37 configure, 1.40, 1.41 missing, 1.26, 1.27 install-sh, 1.26, 1.27 Makefile.in, 1.43, 1.44 depcomp, 1.26, 1.27 config.sub, 1.26, 1.27 config.guess, 1.26, 1.27 compile, 1.25, 1.26
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminserver
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20143/adminserver
Modified Files:
Makefile.am aclocal.m4 configure missing install-sh
Makefile.in depcomp config.sub config.guess compile
Log Message:
Resolves: bug 425861
Bug Description: Instance creation through console is broken
Reviewed by: nhosoi (Thanks!)
Fix Description: This was caused by my fix for bug 420751. When I added the as_uid to fix the ACI for the admin user, I did not add the mapping everywhere it was used. Unfortunately, I found that the code I added it to could only be used with a live connection to the new directory server, not a FileConn to the dse.ldif. So I had to add a new function to add this ACI to the new root suffix after the server had been started.
Another problem with instance creation was that the org entries were not being added when creating a new instance in the console. The default should be to create them if nothing else was specified.
Another problem was that instance creation was leaving temp ldif files around.
I also had to make sure ServerAdminID was specified everywhere it was needed by dirserver.map, or this would also have broken ds_remove.
Platforms tested: RHEL5 x86_64
Flag Day: Yes - autotool file change in adminserver
Doc impact: no
Index: Makefile.am
===================================================================
RCS file: /cvs/dirsec/adminserver/Makefile.am,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- Makefile.am 12 Dec 2007 00:45:38 -0000 1.37
+++ Makefile.am 17 Dec 2007 20:10:04 -0000 1.38
@@ -175,7 +175,8 @@
admserv/newinst/src/adminserver.map \
admserv/newinst/src/dirserver.map \
admserv/newinst/src/asmigrate.map \
- admserv/newinst/src/updateconsoleinfo.map
+ admserv/newinst/src/updateconsoleinfo.map \
+ admserv/newinst/src/dssuffixadmin.map
cgibin_PROGRAMS = admpw security ugdsconfig ReadLog start_config_ds \
config statpingserv viewdata dsconfig monreplication restartsrv \
Index: Makefile.in
===================================================================
RCS file: /cvs/dirsec/adminserver/Makefile.in,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- Makefile.in 12 Dec 2007 00:45:38 -0000 1.43
+++ Makefile.in 17 Dec 2007 20:10:05 -0000 1.44
@@ -569,7 +569,8 @@
admserv/newinst/src/adminserver.map \
admserv/newinst/src/dirserver.map \
admserv/newinst/src/asmigrate.map \
- admserv/newinst/src/updateconsoleinfo.map
+ admserv/newinst/src/updateconsoleinfo.map \
+ admserv/newinst/src/dssuffixadmin.map
cgibin_SCRIPTS = admserv/cgi-src40/ds_create \
admserv/cgi-src40/ds_remove \
16 years, 4 months
[Fedora-directory-commits] adminserver/admserv/cgi-src40 ds_create.in, 1.6, 1.7
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/cgi-src40
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20143/adminserver/admserv/cgi-src40
Modified Files:
ds_create.in
Log Message:
Resolves: bug 425861
Bug Description: Instance creation through console is broken
Reviewed by: nhosoi (Thanks!)
Fix Description: This was caused by my fix for bug 420751. When I added the as_uid to fix the ACI for the admin user, I did not add the mapping everywhere it was used. Unfortunately, I found that the code I added it to could only be used with a live connection to the new directory server, not a FileConn to the dse.ldif. So I had to add a new function to add this ACI to the new root suffix after the server had been started.
Another problem with instance creation was that the org entries were not being added when creating a new instance in the console. The default should be to create them if nothing else was specified.
Another problem was that instance creation was leaving temp ldif files around.
I also had to make sure ServerAdminID was specified everywhere it was needed by dirserver.map, or this would also have broken ds_remove.
Platforms tested: RHEL5 x86_64
Flag Day: Yes - autotool file change in adminserver
Doc impact: no
Index: ds_create.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/ds_create.in,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- ds_create.in 6 Nov 2007 18:16:02 -0000 1.6
+++ ds_create.in 17 Dec 2007 20:10:05 -0000 1.7
@@ -21,6 +21,7 @@
use strict;
+use Mozilla::LDAP::API qw(ldap_explode_dn);
use CGI qw(:cgi :oldstyle_urls);
use Inf;
use AdminUtil;
@@ -45,7 +46,7 @@
my @errs = createDSInstance($inf);
if (@errs) {
print "Content-type: text/plain\n\n";
- print "NMC_ErrInfo: ", $res->getText(@errs), "\n";
+ print "NMC_ErrInfo: \n", $res->getText(@errs), "\n";
print "NMC_Status: 1\n";
exit 1;
}
@@ -63,28 +64,41 @@
$inf->{General}->{AdminDomain} = $query->param('admin_domain') ||
$admConf->{AdminDomain};
+# need to get the admin uid
+if (!$inf->{admin}->{ServerAdminID}) {
+ my @rdns = ldap_explode_dn($inf->{General}->{ConfigDirectoryAdminID}, 1);
+ $inf->{admin}->{ServerAdminID} = $rdns[0];
+}
+
if (!createSubDSNoConn($inf, \@errs)) {
print "Content-type: text/plain\n\n";
- print "NMC_ErrInfo: ", $res->getText(@errs), "\n";
+ print "NMC_ErrInfo: \n", $res->getText(@errs), "\n";
print "NMC_Status: 1\n";
exit 1;
}
my $servid = $query->param('servid');
-if (!defined($start_server) or $start_server) {
- $inf->{slapd}->{start_server} = 1;
- if (@errs = DSCreate::startServer($inf)) {
- print "Content-type: text/plain\n\n";
- print "NMC_ErrInfo: ", $res->getText(@errs), "\n";
- print "NMC_Status: 1\n";
- exit 1;
- }
+# now start the server
+$inf->{slapd}->{start_server} = 1;
+if (@errs = DSCreate::startServer($inf)) {
+ print "Content-type: text/plain\n\n";
+ print "NMC_ErrInfo: \n", $res->getText(@errs), "\n";
+ print "NMC_Status: 1\n";
+ exit 1;
+}
+
+# add the aci that allows the admin user to administer the server
+if (!addConfigACIsToSubDS($inf, \@errs)) {
+ print "Content-type: text/plain\n\n";
+ print "NMC_ErrInfo: \n", $res->getText(@errs), "\n";
+ print "NMC_Status: 1\n";
+ exit 1;
}
# register the new server with the configuration ds
if (!registerDSWithConfigDS($servid, \@errs, $inf)) {
print "Content-type: text/plain\n\n";
- print "NMC_ErrInfo: ", $res->getText(@errs), "\n";
+ print "NMC_ErrInfo: \n", $res->getText(@errs), "\n";
print "NMC_Status: 1\n";
exit 1;
}
16 years, 4 months
[Fedora-directory-commits] adminserver/admserv/newinst/src dssuffixadmin.map.in, NONE, 1.1 AdminUtil.pm.in, 1.17, 1.18 dirserver.map.in, 1.8, 1.9
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/newinst/src
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20143/adminserver/admserv/newinst/src
Modified Files:
AdminUtil.pm.in dirserver.map.in
Added Files:
dssuffixadmin.map.in
Log Message:
Resolves: bug 425861
Bug Description: Instance creation through console is broken
Reviewed by: nhosoi (Thanks!)
Fix Description: This was caused by my fix for bug 420751. When I added the as_uid to fix the ACI for the admin user, I did not add the mapping everywhere it was used. Unfortunately, I found that the code I added it to could only be used with a live connection to the new directory server, not a FileConn to the dse.ldif. So I had to add a new function to add this ACI to the new root suffix after the server had been started.
Another problem with instance creation was that the org entries were not being added when creating a new instance in the console. The default should be to create them if nothing else was specified.
Another problem was that instance creation was leaving temp ldif files around.
I also had to make sure ServerAdminID was specified everywhere it was needed by dirserver.map, or this would also have broken ds_remove.
Platforms tested: RHEL5 x86_64
Flag Day: Yes - autotool file change in adminserver
Doc impact: no
--- NEW FILE dssuffixadmin.map.in ---
# BEGIN COPYRIGHT BLOCK
# This Program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; version 2 of the License.
#
# This Program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA.
#
# Copyright (C) 2007 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
# register_param.map:
# This file is used by the register_server.pl script to register the server
# info to the Configuration Directory Server. The server info is stored in
# the (template) ldif files located in @ldifdir@. In case a server entry has
# %...% format parameters, this map table is used to resolve it and replace
# the parameter with the value defined in this file.
#
# [Parameter resolution rules]
# * If the right-hand value is in ` (backquote), the value is eval'ed by perl.
# The output should be stored in $returnvalue to pass to the internal hash.
# * If the right-hand value is in " (doublequote), the value is passed as is.
# * If the right-hand value is not in any quote, the value should be found
# in either of the setup inf file (static) or the install inf file (dynamic).
# * The right-hand value could have the format Key:"default_value".
# In this case, Key is searched in the inf files first.
# If the Key is not found, the default_value is set.
# * Variables surrounded by @ (e.g., @configdir@) are replaced with the
# system path at the compile time.
# * The right-hand value can contain variables surrounded by % (e.g., %asid%)
# which refers the right-hand value (key) of this map file.
#
fqdn = FullMachineName
domain = AdminDomain
brand = Brand
dsid = ServerIdentifier
ds_suffix = Suffix
as_uid = ServerAdminID
Index: AdminUtil.pm.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/AdminUtil.pm.in,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- AdminUtil.pm.in 12 Dec 2007 00:45:39 -0000 1.17
+++ AdminUtil.pm.in 17 Dec 2007 20:10:04 -0000 1.18
@@ -24,13 +24,13 @@
getLocalConfigDS getPset registerDSWithConfigDS
registerManyDSWithConfigDS createSubDSNoConn
registerScatteredDSWithConfigDS
- unregisterDSWithConfigDS isConfigDS);
+ unregisterDSWithConfigDS isConfigDS addConfigACIsToSubDS);
@EXPORT_OK = qw(getAdmConf getConfigDSConn createConfigDS createSubDS
updateAdmConf updateAdmpw updateLocalConf importCACert
getLocalConfigDS getPset registerDSWithConfigDS
registerManyDSWithConfigDS createSubDSNoConn
registerScatteredDSWithConfigDS
- unregisterDSWithConfigDS isConfigDS);
+ unregisterDSWithConfigDS isConfigDS addConfigACIsToSubDS);
# load perldap
use Mozilla::LDAP::Conn;
@@ -298,14 +298,15 @@
my $conn = shift;
my $inf = shift;
my $errs = shift;
+ my @additionalLdifFiles = @_;
# add the o=NetscapeRoot tree using the mapper and ldif templates
my @ldiffiles = ('@ldifdir(a)/12dsconfig.mod.tmpl',
'@ldifdir(a)/13dsschema.mod.tmpl',
'@ldifdir(a)/14dsmonitor.mod.tmpl',
- '@ldifdir(a)/15dspta.ldif.tmpl',
- '@ldifdir(a)/16dssuffixadmin.mod.tmpl'
+ '@ldifdir(a)/15dspta.ldif.tmpl'
);
+ push @ldiffiles, @additionalLdifFiles;
my $setupinf = new Inf("@infdir(a)/setup.inf");
my $admininf = new Inf("@infdir(a)/admin.inf");
my $dsinf = new Inf("@infdir(a)/slapd.inf");
@@ -347,7 +348,7 @@
return 0;
}
- return internalCreateSubDS($conn, $inf, $errs);
+ return internalCreateSubDS($conn, $inf, $errs, '@ldifdir(a)/16dssuffixadmin.mod.tmpl');
}
# same as createSubDS but works directly on the dse.ldif file itself
@@ -363,6 +364,45 @@
return internalCreateSubDS($conn, $inf, $errs);
}
+sub addConfigACIsToSubDS {
+ my $inf = shift;
+ my $errs = shift;
+
+ # open a connection to the directory server
+ my $conn = new Mozilla::LDAP::Conn($inf->{General}->{FullMachineName},
+ $inf->{slapd}->{ServerPort},
+ $inf->{slapd}->{RootDN},
+ $inf->{slapd}->{RootDNPwd},
+ $inf->{General}->{certdir});
+ if (!$conn) {
+ @{$errs} = ('error_connection_failed', $inf->{General}->{FullMachineName},
+ $inf->{slapd}->{ServerPort}, $inf->{slapd}->{RootDN},
+ $conn->getErrorString());
+ return 0;
+ }
+
+ my @ldiffiles = ('@ldifdir(a)/16dssuffixadmin.mod.tmpl');
+ my $setupinf = new Inf("@infdir(a)/setup.inf");
+ my $admininf = new Inf("@infdir(a)/admin.inf");
+ my $dsinf = new Inf("@infdir(a)/slapd.inf");
+ my $mapper = new Inf("@infdir(a)/dssuffixadmin.map");
+
+ $mapper = process_maptbl($mapper, $errs, $inf, $dsinf, $admininf, $setupinf);
+ if (!$mapper or @{$errs}) {
+ $conn->close();
+ if (!@{$errs}) {
+ @{$errs} = ('error_creating_configds_maptbl');
+ }
+ return 0;
+ }
+
+ getMappedEntries($mapper, \@ldiffiles, $errs, \&check_and_add_entry,
+ [$conn]);
+
+ $conn->close();
+ return @{$errs} ? 0 : 1;
+}
+
sub updateAdmConf {
my $params = shift; # hashref
my $configdir = shift || "@configdir@";
@@ -756,6 +796,12 @@
return 0;
}
+ # need to get the admin uid
+ if (!$inf->{admin}->{ServerAdminID}) {
+ my @rdns = ldap_explode_dn($inf->{General}->{ConfigDirectoryAdminID}, 1);
+ $inf->{admin}->{ServerAdminID} = $rdns[0];
+ }
+
my $instinf;
# setup will usually supply everything, but ds_create will not
if (!$inf->{slapd}->{RootDNPwd}) {
Index: dirserver.map.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/dirserver.map.in,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- dirserver.map.in 15 Aug 2007 22:08:14 -0000 1.8
+++ dirserver.map.in 17 Dec 2007 20:10:04 -0000 1.9
@@ -44,6 +44,7 @@
timestamp = `use Time::gmtime; my $gm = gmtime; $returnvalue = sprintf ("%04d%02d%02d%02d%02d%02dZ", 1900+$gm->year, 1+$gm->mon, $gm->mday, $gm->hour, $gm->min, $gm->sec);`
asid = `$returnvalue = $mapper->{fqdn}; $returnvalue =~ s/\..*$//;`
+as_uid = ServerAdminID
as_sie = "cn=admin-serv-%asid%, cn=%brand% Administration Server, cn=Server Group, cn=%fqdn%, ou=%domain%, o=NetscapeRoot"
ds_version = Version
ds_baseversion = BaseVersion
16 years, 4 months