admserv/newinst/src/AdminServer.pm.in | 56 ++++++++++++++++++++++++++++++++--
1 file changed, 53 insertions(+), 3 deletions(-)
New commits:
commit fa79ba174a410571af6206568877f91ccfe9aa8e
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Mon Sep 8 16:41:23 2014 -0400
Ticket 47891 - Admin Server reconfig breaks SSL config
Bug Description: The "reconfigAdminServer" function overwrites the
security files which breaks SSL.
Fix Description: When doing the "reconfig" operation make a backup
of the security files, and restore them at the
end of the operation.
https://fedorahosted.org/389/ticket/47891
Reviewed by: nhosoi(Thanks!)
diff --git a/admserv/newinst/src/AdminServer.pm.in
b/admserv/newinst/src/AdminServer.pm.in
index 7c7b511..a189c66 100644
--- a/admserv/newinst/src/AdminServer.pm.in
+++ b/admserv/newinst/src/AdminServer.pm.in
@@ -29,6 +29,10 @@ require Exporter;
updateSelinuxPolicy);
use File::Path;
+use File::Copy;
+
+my $secfile_backup_dir = "/tmp/adm-sec-files." . $$;
+
# tempfiles
use File::Temp qw(tempfile tempdir);
@@ -357,6 +361,7 @@ sub registerASWithConfigDS {
my @saveconffiles = qw(admserv.conf httpd.conf nss.conf console.conf);
my @savesecfiles = qw(cert8.db key3.db secmod.db password.conf);
+my @reconfigsavefiles = qw (httpd.conf nss.conf cert8.db key3.db secmod.db
password.conf);
# update other config files - these are the fields which users typically want to
# change during an install or an upgrade, that also must be synced to the Apache
@@ -420,14 +425,17 @@ sub updateHttpConfFiles {
debug(0, "Error backing up $admConf->{configdir}/console.conf failed:
$!");
}
}
- # backup savefiles for "remove-ds-admin.pl -a"
+ # backup the savefiles for "remove-ds-admin.pl -a"
foreach my $savefile (@saveconffiles, @savesecfiles) {
if (! -f "$admConf->{configdir}/bakup/$savefile") {
- if (system ("cp -p $admConf->{configdir}/$savefile
$admConf->{configdir}/bakup")) {
- debug(0, "Error backing up $admConf->{configdir}/$savefile
failed: $!");
+ if (-e "$admConf->{configdir}/$savefile"){
+ if(system ("cp -p $admConf->{configdir}/$savefile
$admConf->{configdir}/bakup")) {
+ debug(0, "Error backing up $admConf->{configdir}/$savefile
failed: $!\n");
+ }
}
}
}
+
return 1;
}
@@ -499,6 +507,42 @@ sub startAdminServer {
return 1;
}
+sub reconfig_backup_secfiles
+{
+ #
+ # Backup the security files, because when we reconfigure the admin
+ # server it overwrites these files and breaks SSL.
+ #
+ my $configdir = shift;
+
+ if ( ! -d $secfile_backup_dir){
+ mkdir ($secfile_backup_dir, 0755);
+ }
+ foreach my $savefile (@reconfigsavefiles) {
+ if ( -e "$configdir/$savefile"){
+ copy ("$configdir/$savefile",
"$secfile_backup_dir/$savefile");
+ debug(1, "Backing up $configdir/$savefile to
$secfile_backup_dir/$savefile\n");
+ if (! -e "$secfile_backup_dir/$savefile"){
+ debug(0, "Backup file $secfile_backup_dir/$savefile not found, error
$!\n");
+ }
+ }
+ }
+}
+
+sub reconfig_restore_secfiles
+{
+ #
+ # Restore security files
+ #
+ my $configdir = shift;
+
+ foreach my $savefile (@reconfigsavefiles) {
+ move ("$secfile_backup_dir/$savefile"
,"$configdir/$savefile");
+ debug(1, "Restoring $configdir/$savefile with
$secfile_backup_dir/$savefile\n");
+ }
+ rmdir ($secfile_backup_dir);
+}
+
sub createAdminServer {
my $setup = shift;
my $reconfig = shift;
@@ -506,6 +550,7 @@ sub createAdminServer {
if ($reconfig) {
$setup->msg('begin_reconfig_adminserver');
+ reconfig_backup_secfiles($setup->{inf}->{admin}->{config_dir});
} else {
$setup->msg('begin_create_adminserver');
}
@@ -572,6 +617,11 @@ sub createAdminServer {
# Update SELinux policy if needed
updateSelinuxPolicy($setup, $configdir, $securitydir, $logdir, $rundir);
+ # Restore the security files before we start the server
+ if ($reconfig) {
+ reconfig_restore_secfiles($setup->{inf}->{admin}->{config_dir});
+ }
+
if (!startAdminServer($setup, $configdir, $logdir, $rundir)) {
return 0;
}