esc/win32 build.sh,1.19,1.20
by Jack Magne
Author: jmagne
Update of /cvs/dirsec/esc/win32
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv665
Modified Files:
build.sh
Log Message:
Address another minor typo.
Index: build.sh
===================================================================
RCS file: /cvs/dirsec/esc/win32/build.sh,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- build.sh 10 Mar 2011 02:34:08 -0000 1.19
+++ build.sh 10 Mar 2011 19:10:27 -0000 1.20
@@ -450,9 +450,9 @@
CKY_INCLUDE_PATH=`cygpath -m $CKY_INCLUDE_PATH`
cd ../..
- make BUILD_OPT=1 import
+ make OS_RELEASE=5.1 BUILD_OPT=1 import
- make BUILD_OPT=1 CKY_INCLUDE="-I$ZLIB_INC_PATH -I$CKY_INCLUDE_PATH" CKY_LIB_LDD=$CKY_INCLUDE_PATH/.libs USE_XUL_SDK=1 ESC_VERSION=$ESC_VERSION_NO
+ make OS_RELEASE=5.1 BUILD_OPT=1 CKY_INCLUDE="-I$ZLIB_INC_PATH -I$CKY_INCLUDE_PATH" CKY_LIB_LDD=$CKY_INCLUDE_PATH/.libs USE_XUL_SDK=1 ESC_VERSION=$ESC_VERSION_NO
if [ $? != 0 ];
then
13 years, 1 month
esc/win32 build.sh,1.18,1.19
by Jack Magne
Author: jmagne
Update of /cvs/dirsec/esc/win32
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv11357
Modified Files:
build.sh
Log Message:
Fix xulrunner typo.
Index: build.sh
===================================================================
RCS file: /cvs/dirsec/esc/win32/build.sh,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- build.sh 10 Mar 2011 02:17:46 -0000 1.18
+++ build.sh 10 Mar 2011 02:34:08 -0000 1.19
@@ -100,9 +100,9 @@
XULRUNNER_DIR=xulrunner
XULRUNNER_FTP_PATH=http://releases.mozilla.org/pub/mozilla.org/
-XULRUNNER_PATH=xulrunner/releases/1.9.2.14/runtimes/
+XULRUNNER_PATH=xulrunner/releases/1.9.2.15/runtimes/
-XULRUNNER_ARCHIVE=xulrunner-1.9.2.14.en-US.win32.zip
+XULRUNNER_ARCHIVE=xulrunner-1.9.2.15.en-US.win32.zip
#Base Dirctory calc
13 years, 1 month
esc/win32 build.sh,1.17,1.18
by Jack Magne
Author: jmagne
Update of /cvs/dirsec/esc/win32
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv10893
Modified Files:
build.sh
Log Message:
Fix minor path issue.
Index: build.sh
===================================================================
RCS file: /cvs/dirsec/esc/win32/build.sh,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- build.sh 3 Mar 2011 21:55:51 -0000 1.17
+++ build.sh 10 Mar 2011 02:17:46 -0000 1.18
@@ -128,7 +128,8 @@
export PATH=${MOZ_TOOLS_BIN_PATH}:${ORIG_PATH}
-CORE_OBJ_DIR=`uname``uname -r`_OPT.OBJ
+#CORE_OBJ_DIR=`uname``uname -r`_OPT.OBJ
+CORE_OBJ_DIR=WINNT5.2_OPT.OBJ
export PATH=${ORIG_PATH}
13 years, 1 month
admserv/newinst
by Noriko Hosoi
admserv/newinst/src/ConfigDSDialogs.pm | 32 ++++++++++++++++++++------------
1 file changed, 20 insertions(+), 12 deletions(-)
New commits:
commit e855d30b07280bf15edf9fdcef301933987bb2b9
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Wed Mar 9 10:57:00 2011 -0800
Bug 476925 - Admin Server: Do not allow 8-bit passwords for the admin user
https://bugzilla.redhat.com/show_bug.cgi?id=476925
Description: Due to the following reasons, password of the admin
user is not supposed to include 8-bit characters.
1) Admin Console | Configure | Access does not take 8-bit password.
If such characters are entered, the characters are dropped.
(e.g., if "députés" is entered, the password will be "dputs".
2) Character encoding of Admin Express's login window depends on
browsers' implementation. And the server has no way to get
the character encoding information.
Despite of it, setup-ds-admin.pl accepts 8-bit admin user password.
This patch changes the behavior and rejects it.
diff --git a/admserv/newinst/src/ConfigDSDialogs.pm b/admserv/newinst/src/ConfigDSDialogs.pm
index b390502..8ec9ea0 100644
--- a/admserv/newinst/src/ConfigDSDialogs.pm
+++ b/admserv/newinst/src/ConfigDSDialogs.pm
@@ -300,22 +300,30 @@ my $configdsadmin = new Dialog (
$self->{manager}->{inf}->{General}->{ConfigDirectoryAdminID} = $ans;
}
} elsif ($index == 1) { # verify initial password
- my $test = $ans;
- if ($test) {
- $test =~ s/\s//g;
- }
- if (!$ans or (length($test) != length($ans))) {
- $self->{manager}->alert("dialog_configdsadmin_invalid");
+ if ($ans =~ /[\x00-\x7f]/) {
+ my $test = $ans;
+ if ($test) {
+ $test =~ s/\s//g;
+ }
+ if (!$ans or (length($test) != length($ans))) {
+ $self->{manager}->alert("dialog_configdsadmin_invalid");
+ } else {
+ $res = $DialogManager::NEXT;
+ $self->{firstpassword} = $ans; # save for next index
+ }
} else {
- $res = $DialogManager::NEXT;
- $self->{firstpassword} = $ans; # save for next index
+ $self->{manager}->alert("dialog_configdsadmin_invalid");
}
} elsif ($index == 2) { # verify second password
- if ($ans ne $self->{firstpassword}) {
- $self->{manager}->alert("dialog_configdsadmin_nomatch");
+ if ($ans =~ /[\x00-\x7f]/) {
+ if ($ans ne $self->{firstpassword}) {
+ $self->{manager}->alert("dialog_configdsadmin_nomatch");
+ } else {
+ $self->{manager}->{inf}->{General}->{ConfigDirectoryAdminPwd} = $ans;
+ $res = $DialogManager::NEXT;
+ }
} else {
- $self->{manager}->{inf}->{General}->{ConfigDirectoryAdminPwd} = $ans;
- $res = $DialogManager::NEXT;
+ $self->{manager}->alert("dialog_configdsadmin_invalid");
}
}
return $res;
13 years, 1 month
help/en
by Noriko Hosoi
help/en/header.html | 2 +-
help/en/help/configure_administration_server_access.html | 7 ++++++-
2 files changed, 7 insertions(+), 2 deletions(-)
New commits:
commit e72728ec2acd73aae077a0f9f4ab76eb473ec062
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Wed Mar 9 11:15:26 2011 -0800
Bug 476925 - Admin Server: Do not allow 8-bit passwords for
the admin user
https://bugzilla.redhat.com/show_bug.cgi?id=476925
Description: Admin Console | Configure | Access panel had dropped
User name text box some time back. The help page was not updated
to reflect the change. Plus, adding a note about the behavior
to handle passwords containing 8-bit characters.
diff --git a/help/en/header.html b/help/en/header.html
index 4af8c5d..a8b36eb 100644
--- a/help/en/header.html
+++ b/help/en/header.html
@@ -1,7 +1,7 @@
<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\">
<html>
<head>
- <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
+ <meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>389 Management Console and Administration Server Help</title>
<style type="text/css">
body {width:600px;margin:auto;padding:10px;}
diff --git a/help/en/help/configure_administration_server_access.html b/help/en/help/configure_administration_server_access.html
index e49534e..a5cdb72 100644
--- a/help/en/help/configure_administration_server_access.html
+++ b/help/en/help/configure_administration_server_access.html
@@ -9,7 +9,7 @@ Use this tab to specify a user name and password for the Administration Server A
The Administration Server Administrator is a special user that has full access to all features in the Administration Server. This user is created during installation. The Administration Server Administrator user name and password are stored in the file <code>admpw</code> in your Administration Server configuration directory.
</p>
<p class="text">
-<b>User name.</b> Enter the user ID for the Administration Server Administrator.
+<b>User name.</b> User ID for the Administration Server Administrator.
</p>
<p class="text">
<b>Password.</b> Enter the Administration Server Administrator's password.
@@ -17,3 +17,8 @@ The Administration Server Administrator is a special user that has full access t
<p class="text">
<b>Confirm Password.</b> Enter the password again to confirm it.
</p>
+<p class="text">
+Note: if entered password contains non-ascii characters, the characters
+are dropped. For instance, you cannot enter one non-ascii character 'é'
+in the password text boxes.
+</p>
13 years, 1 month
console/src/com/netscape/management/client/topology AbstractServerObject.java, 1.5, 1.6
by Nathan Kinder
Author: nkinder
Update of /cvs/dirsec/console/src/com/netscape/management/client/topology
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv3514/src/com/netscape/management/client/topology
Modified Files:
AbstractServerObject.java
Log Message:
Bug 622436 - Removal of Security:domestic from Console
This patch removes the "Security level" field from the server info panels in
Console. One will no longer see this field.
Internally, the Console code still has a security level concept that is used
for enabling ciphers. It is not worth changing this as the code is widespread
and exposed via public API. It is possible that it is used by other projects,
such as Dogtag.
Index: AbstractServerObject.java
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/topology/AbstractServerObject.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- AbstractServerObject.java 15 Nov 2007 16:56:53 -0000 1.5
+++ AbstractServerObject.java 8 Mar 2011 22:05:45 -0000 1.6
@@ -84,10 +84,11 @@
static String _7bitDataKey[] = new String[]{ "serverProductName", };
static String _displayDataKey[] = new String[]{ "serverProductName",
- "description", //"serverVersionNumber",
+ "description", //"serverVersionNumber",
"installationTimeStamp", "nsProductName",
- "nsVendor", "nsProductVersion", "nsBuildNumber", "nsRevisionNumber",
- "nsBuildSecurity", };
+ "nsVendor", "nsProductVersion", "nsBuildNumber", "nsRevisionNumber",
+ //"nsBuildSecurity",
+ };
static String _nodeNameKey = "serverProductName";
13 years, 1 month
src/com
by Nathan Kinder
src/com/netscape/admin/dirserv/dirserv.properties | 2 ++
src/com/netscape/admin/dirserv/panel/EncryptionPanel.java | 5 +++++
2 files changed, 7 insertions(+)
New commits:
commit 9e2afe525ce807b7e63e72bc71135dc1ea92ed0d
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Tue Mar 8 12:42:04 2011 -0800
Bug 533505 - Warn about CA cert trust when enabling SSL in Console
This patch adds a warning dialog when one enables encryption for
Directory Server through the Console. The warning states that the
CA certificate chain that issued the server cert must be trusted
before restarting DS.
diff --git a/src/com/netscape/admin/dirserv/dirserv.properties b/src/com/netscape/admin/dirserv/dirserv.properties
index 3aa360a..90b56bd 100644
--- a/src/com/netscape/admin/dirserv/dirserv.properties
+++ b/src/com/netscape/admin/dirserv/dirserv.properties
@@ -1778,6 +1778,8 @@ encryption-confirm-clientauth-title=Require Client Authentication
encryption-confirm-clientauth-msg=When the server is configured to require SSL client authentication,\nConsole cannot use SSL to manage the server.\nIt will use a regular LDAP connection.
encryption-confirm-sslport-title=Encrypted Port Checking
encryption-confirm-sslport-msg=The encrypted port is %0. On Unix, using a port\nbelow 1024 requires the server to be installed as root.\n\nBefore restarting the server, make sure it was installed\nas root or set a port above 1024 using the Settings tab.
+encryption-warn-ca-chain-trust-title=Certificate Authority Trust
+encryption-warn-ca-chain-trust-msg=Ensure that the CA certificate chain for the CA that\nissued your server certificate has been imported\nand trusted before restarting your Directory Server.\n\nThe Directory Server will not start successfully\nif the CA certificate chain is not trusted.
# Cipher suites
ciphers-title=Encryption Preferences
diff --git a/src/com/netscape/admin/dirserv/panel/EncryptionPanel.java b/src/com/netscape/admin/dirserv/panel/EncryptionPanel.java
index 0e7ad9f..e131bf4 100644
--- a/src/com/netscape/admin/dirserv/panel/EncryptionPanel.java
+++ b/src/com/netscape/admin/dirserv/panel/EncryptionPanel.java
@@ -273,6 +273,11 @@ public class EncryptionPanel extends BlankPanel
// Warn the user he needs to restart the server
DSUtil.showInformationDialog(frame, "requires-restart", (String)null);
+
+ // If they are enabling encryption, warn them to trust the CA chain too
+ if (_configData.sslServerOn) {
+ DSUtil.showInformationDialog(frame, "warn-ca-chain-trust", (String)null, _section);
+ }
/* Warn the user: port below 1024 require root install on unix */
if (_configData.sslServerOn && !DSUtil.isNT(consoleInfo)) {
13 years, 1 month
src/com
by Nathan Kinder
src/com/netscape/admin/dirserv/panel/replication/WindowsAgreementDestinationPanel.java | 2 +-
src/com/netscape/admin/dirserv/panel/replication/replication.properties | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
New commits:
commit 15240e988640f0a8651a360dfdc285c57b7da42a
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Tue Mar 8 11:35:10 2011 -0800
Bug 158262 - Windows Sync UI is inconistent
The dialog used to create a winsync agreement is not consistent
in the way that the labels are used. The label used for the port
number is abbreviated to "Port Num" and has a trailing colon where
the rest of the labels are not abbreviated and do not have trailing
colons. This patch fixes the port number label to be consistent
with the rest of the labels. The gbc fill contraint needed to be
changed to get the now longer label to display correctly.
diff --git a/src/com/netscape/admin/dirserv/panel/replication/WindowsAgreementDestinationPanel.java b/src/com/netscape/admin/dirserv/panel/replication/WindowsAgreementDestinationPanel.java
index 03f80bf..672d188 100755
--- a/src/com/netscape/admin/dirserv/panel/replication/WindowsAgreementDestinationPanel.java
+++ b/src/com/netscape/admin/dirserv/panel/replication/WindowsAgreementDestinationPanel.java
@@ -269,7 +269,7 @@ public class WindowsAgreementDestinationPanel extends WAgreementPanel implements
_domainControllerPortLabel.setToolTipText(_resource.getString(_section,"win-domain-port-ttip"));
ReplicationTool.resetGBC(gbc);
gbc.anchor = gbc.WEST;
- gbc.fill = gbc.NONE;
+ //gbc.fill = gbc.NONE;
// gbc.insets = new Insets(0,70,space,different);
diff --git a/src/com/netscape/admin/dirserv/panel/replication/replication.properties b/src/com/netscape/admin/dirserv/panel/replication/replication.properties
index 7d2f356..39521f5 100644
--- a/src/com/netscape/admin/dirserv/panel/replication/replication.properties
+++ b/src/com/netscape/admin/dirserv/panel/replication/replication.properties
@@ -226,7 +226,7 @@ winsync-destination-dialog-ds-rep-area-label=DS Subtree
winsync-destination-dialog-ds-rep-area-ttip=Example: ou=People, dc=example, ex=com
winsync-destination-dialog-win-domain-host-label=Domain Controller Host
winsync-destination-dialog-win-domain-host-ttip=Example: hostname
-winsync-destination-dialog-win-domain-port-label=Port Num:
+winsync-destination-dialog-win-domain-port-label=Port Number
winsync-destination-dialog-win-domain-port-ttip=389
winsync-destination-dialog-win-syncnew-label=Sync New Windows Users
winsync-destination-dialog-win-syncnew-ttip=When enabled, a user will be added to directory server when it is added to Active Directory.
13 years, 1 month
admserv/genrb_wrapper.sh
by Nathan Kinder
admserv/genrb_wrapper.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 9866d753283e1683d169ba1439696286c9b638cf
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Tue Mar 8 11:16:27 2011 -0800
Bug 614690 - Don't use exec to call genrb
The genrb wrapper script currently uses exec to call genrb. On
HP-UX, this doesn't pass the environment variables properly. We
can just remove the exec from the wrapper.
diff --git a/admserv/genrb_wrapper.sh b/admserv/genrb_wrapper.sh
index 94508ad..7fb4bd3 100644
--- a/admserv/genrb_wrapper.sh
+++ b/admserv/genrb_wrapper.sh
@@ -33,4 +33,4 @@ fi
icu_bin="$1" ; shift
icu_lib="$1" ; shift
# HP SHLIB_PATH too for old versions of HP-UX
-SHLIB_PATH=$icu_lib:$SHLIB_PATH LD_LIBRARY_PATH=$icu_lib:$LD_LIBRARY_PATH PATH=$icu_bin:$PATH exec genrb "$@"
+SHLIB_PATH=$icu_lib:$SHLIB_PATH LD_LIBRARY_PATH=$icu_lib:$LD_LIBRARY_PATH PATH=$icu_bin:$PATH genrb "$@"
13 years, 1 month
Branch '389-ds-base-1.2.8' - ldap/servers
by Nathan Kinder
ldap/servers/slapd/log.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
New commits:
commit 235e3a65d132326ff8a4e18422c114e8b0e21176
Author: Nathan Kinder <nkinder(a)redhat.com>
Date: Mon Mar 7 11:52:26 2011 -0800
Bug 504803 - Allow maxlogsize to be set if logmaxdiskspace is -1
Both the maxlogsize and logmaxdiskspace parameters are allowed to
have values of -1. If you set logmaxdiskspace to -1 and then
later attempt to set maxlogsize to any other valid value, the
server rejects the change with an operations error.
The problem is that the two parameters are compared to ensure that
maxlogsize is not greater and the logmaxdiskspace. We need to
skip this check if logmaxdiskspace is unlimited (-1). I also found
that we were converting -1 to a smaller negative number when doing
the MB->bytes conversion. This causes other validation errors that
expect -1, but not a smaller negative number. The fix is to skip
the conversion to bytes and just set a value of -1.
diff --git a/ldap/servers/slapd/log.c b/ldap/servers/slapd/log.c
index 98090e8..f5ad2dc 100644
--- a/ldap/servers/slapd/log.c
+++ b/ldap/servers/slapd/log.c
@@ -4162,14 +4162,26 @@ check_log_max_size( char *maxdiskspace_str,
if ( maxdiskspace == -1 ) {
maxdiskspace = current_maxdiskspace;
}
- maxdiskspaceB = (PRInt64)maxdiskspace * LOG_MB_IN_BYTES;
+
+ if ( maxdiskspace == -1 ) {
+ maxdiskspaceB = -1;
+ } else {
+ maxdiskspaceB = (PRInt64)maxdiskspace * LOG_MB_IN_BYTES;
+ }
if ( mlogsize == -1 ) {
mlogsize = current_mlogsize;
}
- mlogsizeB = (PRInt64)mlogsize * LOG_MB_IN_BYTES;
+
+ if ( mlogsize == -1 ) {
+ mlogsizeB = -1;
+ } else {
+ mlogsizeB = (PRInt64)mlogsize * LOG_MB_IN_BYTES;
+ }
- if ( maxdiskspace < mlogsize )
+ /* If maxdiskspace is negative, it is unlimited. There is
+ * no need to compate it to the logsize in this case. */
+ if (( maxdiskspace >= 0 ) && ( maxdiskspace < mlogsize ))
{
/* fail */
PR_snprintf ( returntext, SLAPI_DSE_RETURNTEXT_SIZE,
13 years, 1 month