March 2011 - 389-commits - Fedora Mailing-Lists

by Jack Magne

Author: jmagne Update of /cvs/dirsec/esc/win32 In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv665 Modified Files: build.sh Log Message: Address another minor typo. Index: build.sh =================================================================== RCS file: /cvs/dirsec/esc/win32/build.sh,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- build.sh 10 Mar 2011 02:34:08 -0000 1.19 +++ build.sh 10 Mar 2011 19:10:27 -0000 1.20 @@ -450,9 +450,9 @@ CKY_INCLUDE_PATH=`cygpath -m $CKY_INCLUDE_PATH` cd ../.. - make BUILD_OPT=1 import + make OS_RELEASE=5.1 BUILD_OPT=1 import - make BUILD_OPT=1 CKY_INCLUDE="-I$ZLIB_INC_PATH -I$CKY_INCLUDE_PATH" CKY_LIB_LDD=$CKY_INCLUDE_PATH/.libs USE_XUL_SDK=1 ESC_VERSION=$ESC_VERSION_NO + make OS_RELEASE=5.1 BUILD_OPT=1 CKY_INCLUDE="-I$ZLIB_INC_PATH -I$CKY_INCLUDE_PATH" CKY_LIB_LDD=$CKY_INCLUDE_PATH/.libs USE_XUL_SDK=1 ESC_VERSION=$ESC_VERSION_NO if [ $? != 0 ]; then

13 years, 1 month

1
0
0 / 0

esc/win32 build.sh,1.18,1.19

by Jack Magne

Author: jmagne Update of /cvs/dirsec/esc/win32 In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv11357 Modified Files: build.sh Log Message: Fix xulrunner typo. Index: build.sh =================================================================== RCS file: /cvs/dirsec/esc/win32/build.sh,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- build.sh 10 Mar 2011 02:17:46 -0000 1.18 +++ build.sh 10 Mar 2011 02:34:08 -0000 1.19 @@ -100,9 +100,9 @@ XULRUNNER_DIR=xulrunner XULRUNNER_FTP_PATH=http://releases.mozilla.org/pub/mozilla.org/ -XULRUNNER_PATH=xulrunner/releases/1.9.2.14/runtimes/ +XULRUNNER_PATH=xulrunner/releases/1.9.2.15/runtimes/ -XULRUNNER_ARCHIVE=xulrunner-1.9.2.14.en-US.win32.zip +XULRUNNER_ARCHIVE=xulrunner-1.9.2.15.en-US.win32.zip #Base Dirctory calc

13 years, 1 month

1
0
0 / 0

esc/win32 build.sh,1.17,1.18

by Jack Magne

Author: jmagne Update of /cvs/dirsec/esc/win32 In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv10893 Modified Files: build.sh Log Message: Fix minor path issue. Index: build.sh =================================================================== RCS file: /cvs/dirsec/esc/win32/build.sh,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- build.sh 3 Mar 2011 21:55:51 -0000 1.17 +++ build.sh 10 Mar 2011 02:17:46 -0000 1.18 @@ -128,7 +128,8 @@ export PATH=${MOZ_TOOLS_BIN_PATH}:${ORIG_PATH} -CORE_OBJ_DIR=`uname``uname -r`_OPT.OBJ +#CORE_OBJ_DIR=`uname``uname -r`_OPT.OBJ +CORE_OBJ_DIR=WINNT5.2_OPT.OBJ export PATH=${ORIG_PATH}

13 years, 1 month

1
0
0 / 0

admserv/newinst

by Noriko Hosoi

admserv/newinst/src/ConfigDSDialogs.pm | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) New commits: commit e855d30b07280bf15edf9fdcef301933987bb2b9 Author: Noriko Hosoi <nhosoi(a)redhat.com> Date: Wed Mar 9 10:57:00 2011 -0800 Bug 476925 - Admin Server: Do not allow 8-bit passwords for the admin user https://bugzilla.redhat.com/show_bug.cgi?id=476925 Description: Due to the following reasons, password of the admin user is not supposed to include 8-bit characters. 1) Admin Console | Configure | Access does not take 8-bit password. If such characters are entered, the characters are dropped. (e.g., if "députés" is entered, the password will be "dputs". 2) Character encoding of Admin Express's login window depends on browsers' implementation. And the server has no way to get the character encoding information. Despite of it, setup-ds-admin.pl accepts 8-bit admin user password. This patch changes the behavior and rejects it. diff --git a/admserv/newinst/src/ConfigDSDialogs.pm b/admserv/newinst/src/ConfigDSDialogs.pm index b390502..8ec9ea0 100644 --- a/admserv/newinst/src/ConfigDSDialogs.pm +++ b/admserv/newinst/src/ConfigDSDialogs.pm @@ -300,22 +300,30 @@ my $configdsadmin = new Dialog ( $self->{manager}->{inf}->{General}->{ConfigDirectoryAdminID} = $ans; } } elsif ($index == 1) { # verify initial password - my $test = $ans; - if ($test) { - $test =~ s/\s//g; - } - if (!$ans or (length($test) != length($ans))) { - $self->{manager}->alert("dialog_configdsadmin_invalid"); + if ($ans =~ /[\x00-\x7f]/) { + my $test = $ans; + if ($test) { + $test =~ s/\s//g; + } + if (!$ans or (length($test) != length($ans))) { + $self->{manager}->alert("dialog_configdsadmin_invalid"); + } else { + $res = $DialogManager::NEXT; + $self->{firstpassword} = $ans; # save for next index + } } else { - $res = $DialogManager::NEXT; - $self->{firstpassword} = $ans; # save for next index + $self->{manager}->alert("dialog_configdsadmin_invalid"); } } elsif ($index == 2) { # verify second password - if ($ans ne $self->{firstpassword}) { - $self->{manager}->alert("dialog_configdsadmin_nomatch"); + if ($ans =~ /[\x00-\x7f]/) { + if ($ans ne $self->{firstpassword}) { + $self->{manager}->alert("dialog_configdsadmin_nomatch"); + } else { + $self->{manager}->{inf}->{General}->{ConfigDirectoryAdminPwd} = $ans; + $res = $DialogManager::NEXT; + } } else { - $self->{manager}->{inf}->{General}->{ConfigDirectoryAdminPwd} = $ans; - $res = $DialogManager::NEXT; + $self->{manager}->alert("dialog_configdsadmin_invalid"); } } return $res;

13 years, 1 month

1
0
0 / 0

help/en

by Noriko Hosoi

help/en/header.html | 2 +- help/en/help/configure_administration_server_access.html | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) New commits: commit e72728ec2acd73aae077a0f9f4ab76eb473ec062 Author: Noriko Hosoi <nhosoi(a)redhat.com> Date: Wed Mar 9 11:15:26 2011 -0800 Bug 476925 - Admin Server: Do not allow 8-bit passwords for the admin user https://bugzilla.redhat.com/show_bug.cgi?id=476925 Description: Admin Console | Configure | Access panel had dropped User name text box some time back. The help page was not updated to reflect the change. Plus, adding a note about the behavior to handle passwords containing 8-bit characters. diff --git a/help/en/header.html b/help/en/header.html index 4af8c5d..a8b36eb 100644 --- a/help/en/header.html +++ b/help/en/header.html @@ -1,7 +1,7 @@ <!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"> <html> <head> - <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" /> + <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> <title>389 Management Console and Administration Server Help</title> <style type="text/css"> body {width:600px;margin:auto;padding:10px;} diff --git a/help/en/help/configure_administration_server_access.html b/help/en/help/configure_administration_server_access.html index e49534e..a5cdb72 100644 --- a/help/en/help/configure_administration_server_access.html +++ b/help/en/help/configure_administration_server_access.html @@ -9,7 +9,7 @@ Use this tab to specify a user name and password for the Administration Server A The Administration Server Administrator is a special user that has full access to all features in the Administration Server. This user is created during installation. The Administration Server Administrator user name and password are stored in the file <code>admpw</code> in your Administration Server configuration directory. -User name. Enter the user ID for the Administration Server Administrator. +User name. User ID for the Administration Server Administrator. Password. Enter the Administration Server Administrator's password. @@ -17,3 +17,8 @@ The Administration Server Administrator is a special user that has full access t Confirm Password. Enter the password again to confirm it. + +Note: if entered password contains non-ascii characters, the characters +are dropped. For instance, you cannot enter one non-ascii character 'é' +in the password text boxes. +

13 years, 1 month

1
0
0 / 0

console/src/com/netscape/management/client/topology AbstractServerObject.java, 1.5, 1.6

by Nathan Kinder

Author: nkinder Update of /cvs/dirsec/console/src/com/netscape/management/client/topology In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv3514/src/com/netscape/management/client/topology Modified Files: AbstractServerObject.java Log Message: Bug 622436 - Removal of Security:domestic from Console This patch removes the "Security level" field from the server info panels in Console. One will no longer see this field. Internally, the Console code still has a security level concept that is used for enabling ciphers. It is not worth changing this as the code is widespread and exposed via public API. It is possible that it is used by other projects, such as Dogtag. Index: AbstractServerObject.java =================================================================== RCS file: /cvs/dirsec/console/src/com/netscape/management/client/topology/AbstractServerObject.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- AbstractServerObject.java 15 Nov 2007 16:56:53 -0000 1.5 +++ AbstractServerObject.java 8 Mar 2011 22:05:45 -0000 1.6 @@ -84,10 +84,11 @@ static String _7bitDataKey[] = new String[]{ "serverProductName", }; static String _displayDataKey[] = new String[]{ "serverProductName", - "description", //"serverVersionNumber", + "description", //"serverVersionNumber", "installationTimeStamp", "nsProductName", - "nsVendor", "nsProductVersion", "nsBuildNumber", "nsRevisionNumber", - "nsBuildSecurity", }; + "nsVendor", "nsProductVersion", "nsBuildNumber", "nsRevisionNumber", + //"nsBuildSecurity", + }; static String _nodeNameKey = "serverProductName";

13 years, 1 month

1
0
0 / 0

src/com

by Nathan Kinder

src/com/netscape/admin/dirserv/dirserv.properties | 2 ++ src/com/netscape/admin/dirserv/panel/EncryptionPanel.java | 5 +++++ 2 files changed, 7 insertions(+) New commits: commit 9e2afe525ce807b7e63e72bc71135dc1ea92ed0d Author: Nathan Kinder <nkinder(a)redhat.com> Date: Tue Mar 8 12:42:04 2011 -0800 Bug 533505 - Warn about CA cert trust when enabling SSL in Console This patch adds a warning dialog when one enables encryption for Directory Server through the Console. The warning states that the CA certificate chain that issued the server cert must be trusted before restarting DS. diff --git a/src/com/netscape/admin/dirserv/dirserv.properties b/src/com/netscape/admin/dirserv/dirserv.properties index 3aa360a..90b56bd 100644 --- a/src/com/netscape/admin/dirserv/dirserv.properties +++ b/src/com/netscape/admin/dirserv/dirserv.properties @@ -1778,6 +1778,8 @@ encryption-confirm-clientauth-title=Require Client Authentication encryption-confirm-clientauth-msg=When the server is configured to require SSL client authentication,\nConsole cannot use SSL to manage the server.\nIt will use a regular LDAP connection. encryption-confirm-sslport-title=Encrypted Port Checking encryption-confirm-sslport-msg=The encrypted port is %0. On Unix, using a port\nbelow 1024 requires the server to be installed as root.\n\nBefore restarting the server, make sure it was installed\nas root or set a port above 1024 using the Settings tab. +encryption-warn-ca-chain-trust-title=Certificate Authority Trust +encryption-warn-ca-chain-trust-msg=Ensure that the CA certificate chain for the CA that\nissued your server certificate has been imported\nand trusted before restarting your Directory Server.\n\nThe Directory Server will not start successfully\nif the CA certificate chain is not trusted. # Cipher suites ciphers-title=Encryption Preferences diff --git a/src/com/netscape/admin/dirserv/panel/EncryptionPanel.java b/src/com/netscape/admin/dirserv/panel/EncryptionPanel.java index 0e7ad9f..e131bf4 100644 --- a/src/com/netscape/admin/dirserv/panel/EncryptionPanel.java +++ b/src/com/netscape/admin/dirserv/panel/EncryptionPanel.java @@ -273,6 +273,11 @@ public class EncryptionPanel extends BlankPanel // Warn the user he needs to restart the server DSUtil.showInformationDialog(frame, "requires-restart", (String)null); + + // If they are enabling encryption, warn them to trust the CA chain too + if (_configData.sslServerOn) { + DSUtil.showInformationDialog(frame, "warn-ca-chain-trust", (String)null, _section); + } /* Warn the user: port below 1024 require root install on unix */ if (_configData.sslServerOn && !DSUtil.isNT(consoleInfo)) {

13 years, 1 month

1
0
0 / 0

src/com

by Nathan Kinder

src/com/netscape/admin/dirserv/panel/replication/WindowsAgreementDestinationPanel.java | 2 +- src/com/netscape/admin/dirserv/panel/replication/replication.properties | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) New commits: commit 15240e988640f0a8651a360dfdc285c57b7da42a Author: Nathan Kinder <nkinder(a)redhat.com> Date: Tue Mar 8 11:35:10 2011 -0800 Bug 158262 - Windows Sync UI is inconistent The dialog used to create a winsync agreement is not consistent in the way that the labels are used. The label used for the port number is abbreviated to "Port Num" and has a trailing colon where the rest of the labels are not abbreviated and do not have trailing colons. This patch fixes the port number label to be consistent with the rest of the labels. The gbc fill contraint needed to be changed to get the now longer label to display correctly. diff --git a/src/com/netscape/admin/dirserv/panel/replication/WindowsAgreementDestinationPanel.java b/src/com/netscape/admin/dirserv/panel/replication/WindowsAgreementDestinationPanel.java index 03f80bf..672d188 100755 --- a/src/com/netscape/admin/dirserv/panel/replication/WindowsAgreementDestinationPanel.java +++ b/src/com/netscape/admin/dirserv/panel/replication/WindowsAgreementDestinationPanel.java @@ -269,7 +269,7 @@ public class WindowsAgreementDestinationPanel extends WAgreementPanel implements _domainControllerPortLabel.setToolTipText(_resource.getString(_section,"win-domain-port-ttip")); ReplicationTool.resetGBC(gbc); gbc.anchor = gbc.WEST; - gbc.fill = gbc.NONE; + //gbc.fill = gbc.NONE; // gbc.insets = new Insets(0,70,space,different); diff --git a/src/com/netscape/admin/dirserv/panel/replication/replication.properties b/src/com/netscape/admin/dirserv/panel/replication/replication.properties index 7d2f356..39521f5 100644 --- a/src/com/netscape/admin/dirserv/panel/replication/replication.properties +++ b/src/com/netscape/admin/dirserv/panel/replication/replication.properties @@ -226,7 +226,7 @@ winsync-destination-dialog-ds-rep-area-label=DS Subtree winsync-destination-dialog-ds-rep-area-ttip=Example: ou=People, dc=example, ex=com winsync-destination-dialog-win-domain-host-label=Domain Controller Host winsync-destination-dialog-win-domain-host-ttip=Example: hostname -winsync-destination-dialog-win-domain-port-label=Port Num: +winsync-destination-dialog-win-domain-port-label=Port Number winsync-destination-dialog-win-domain-port-ttip=389 winsync-destination-dialog-win-syncnew-label=Sync New Windows Users winsync-destination-dialog-win-syncnew-ttip=When enabled, a user will be added to directory server when it is added to Active Directory.

13 years, 1 month

1
0
0 / 0

admserv/genrb_wrapper.sh

by Nathan Kinder

admserv/genrb_wrapper.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) New commits: commit 9866d753283e1683d169ba1439696286c9b638cf Author: Nathan Kinder <nkinder(a)redhat.com> Date: Tue Mar 8 11:16:27 2011 -0800 Bug 614690 - Don't use exec to call genrb The genrb wrapper script currently uses exec to call genrb. On HP-UX, this doesn't pass the environment variables properly. We can just remove the exec from the wrapper. diff --git a/admserv/genrb_wrapper.sh b/admserv/genrb_wrapper.sh index 94508ad..7fb4bd3 100644 --- a/admserv/genrb_wrapper.sh +++ b/admserv/genrb_wrapper.sh @@ -33,4 +33,4 @@ fi icu_bin="$1" ; shift icu_lib="$1" ; shift # HP SHLIB_PATH too for old versions of HP-UX -SHLIB_PATH=$icu_lib:$SHLIB_PATH LD_LIBRARY_PATH=$icu_lib:$LD_LIBRARY_PATH PATH=$icu_bin:$PATH exec genrb "$@" +SHLIB_PATH=$icu_lib:$SHLIB_PATH LD_LIBRARY_PATH=$icu_lib:$LD_LIBRARY_PATH PATH=$icu_bin:$PATH genrb "$@"

13 years, 1 month

1
0
0 / 0

Branch '389-ds-base-1.2.8' - ldap/servers

by Nathan Kinder

ldap/servers/slapd/log.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) New commits: commit 235e3a65d132326ff8a4e18422c114e8b0e21176 Author: Nathan Kinder <nkinder(a)redhat.com> Date: Mon Mar 7 11:52:26 2011 -0800 Bug 504803 - Allow maxlogsize to be set if logmaxdiskspace is -1 Both the maxlogsize and logmaxdiskspace parameters are allowed to have values of -1. If you set logmaxdiskspace to -1 and then later attempt to set maxlogsize to any other valid value, the server rejects the change with an operations error. The problem is that the two parameters are compared to ensure that maxlogsize is not greater and the logmaxdiskspace. We need to skip this check if logmaxdiskspace is unlimited (-1). I also found that we were converting -1 to a smaller negative number when doing the MB->bytes conversion. This causes other validation errors that expect -1, but not a smaller negative number. The fix is to skip the conversion to bytes and just set a value of -1. diff --git a/ldap/servers/slapd/log.c b/ldap/servers/slapd/log.c index 98090e8..f5ad2dc 100644 --- a/ldap/servers/slapd/log.c +++ b/ldap/servers/slapd/log.c @@ -4162,14 +4162,26 @@ check_log_max_size( char *maxdiskspace_str, if ( maxdiskspace == -1 ) { maxdiskspace = current_maxdiskspace; } - maxdiskspaceB = (PRInt64)maxdiskspace * LOG_MB_IN_BYTES; + + if ( maxdiskspace == -1 ) { + maxdiskspaceB = -1; + } else { + maxdiskspaceB = (PRInt64)maxdiskspace * LOG_MB_IN_BYTES; + } if ( mlogsize == -1 ) { mlogsize = current_mlogsize; } - mlogsizeB = (PRInt64)mlogsize * LOG_MB_IN_BYTES; + + if ( mlogsize == -1 ) { + mlogsizeB = -1; + } else { + mlogsizeB = (PRInt64)mlogsize * LOG_MB_IN_BYTES; + } - if ( maxdiskspace < mlogsize ) + /* If maxdiskspace is negative, it is unlimited. There is + * no need to compate it to the logsize in this case. */ + if (( maxdiskspace >= 0 ) && ( maxdiskspace < mlogsize )) { /* fail */ PR_snprintf ( returntext, SLAPI_DSE_RETURNTEXT_SIZE,

13 years, 1 month

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-commits March 2011