Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10811/ldap/servers/slapd
Modified Files:
ssl.c
Log Message:
Resolves: 455629
Summary: Ensure server group has proper permissions on certificate db files.
Index: ssl.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/ssl.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- ssl.c 5 Feb 2009 17:34:56 -0000 1.24
+++ ssl.c 6 Feb 2009 00:29:44 -0000 1.25
@@ -410,6 +410,9 @@
int len = 0;
PRUint32 nssFlags = 0;
char *certdir;
+ char *certdb_file_name = NULL;
+ char *keydb_file_name = NULL;
+ char *secmoddb_file_name = NULL;
/* set in slapd_bootstrap_config,
thus certdir is available even if config_available is false */
@@ -468,9 +471,23 @@
return -1;
}
- /****** end of NSS Initialization ******/
+ /* NSS creates the certificate db files with a mode of 600. There
+ * is no way to pass in a mode to use for creation to NSS, so we
+ * need to modify it after creation. We need to allow read and
+ * write permission to the group so the certs can be managed via
+ * the console/adminserver. */
+ certdb_file_name = slapi_ch_smprintf("%s/cert8.db", certdir);
+ keydb_file_name = slapi_ch_smprintf("%s/key3.db", certdir);
+ secmoddb_file_name = slapi_ch_smprintf("%s/secmod.db", certdir);
+ chmod(certdb_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP );
+ chmod(keydb_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP );
+ chmod(secmoddb_file_name, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP );
+ /****** end of NSS Initialization ******/
_nss_initialized = 1;
+ slapi_ch_free_string(&certdb_file_name);
+ slapi_ch_free_string(&keydb_file_name);
+ slapi_ch_free_string(&secmoddb_file_name);
slapi_ch_free_string(&certdir);
return rv;
}
Show replies by date