[Pkg-fedora-ds-maintainers] 389-admin: Changes to 'upstream'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Fri Jul 10 15:03:33 UTC 2015
VERSION.sh | 2 -
admserv/cgi-src40/config.c | 4 +-
admserv/cgi-src40/security.c | 46 +++++++++++++++++++--------
admserv/cgi-src40/security.properties | 2 -
admserv/newinst/src/AdminServer.pm.in | 34 ++++++++++---------
admserv/newinst/src/register-ds-admin.pl.in | 17 +++++----
admserv/newinst/src/register-ds-admin.res.in | 2 +
7 files changed, 67 insertions(+), 40 deletions(-)
New commits:
commit df6547408bcc313bc66ff67963ff8059a1bed6a2
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Mon Jun 8 12:53:05 2015 -0700
bump version to 1.1.42
diff --git a/VERSION.sh b/VERSION.sh
index 1f0d104..bf55ea2 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -11,7 +11,7 @@ vendorurl=http://port389.org
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=1
-VERSION_MAINT=41
+VERSION_MAINT=42
# if this is a PRERELEASE, set VERSION_PREREL
# otherwise, comment it out
# be sure to include the dot prefix in the prerel
commit 42d65608dc312e0fa753841764ca8208a047e01a
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Fri Jun 5 14:28:53 2015 -0400
Ticket 47548 - register-ds-admin - silent file incorrectly processed
Bug Description: There was an improper check to see if any "instances"
were set in the INF file. THis lead to an erroneous
error.
FIx Description: Check that the instance array actually has elements.
https://fedorahosted.org/389/ticket/47548
Reviewed by: nhosoi(Thanks!)
diff --git a/admserv/newinst/src/register-ds-admin.pl.in b/admserv/newinst/src/register-ds-admin.pl.in
index 04e936a..dd100d9 100644
--- a/admserv/newinst/src/register-ds-admin.pl.in
+++ b/admserv/newinst/src/register-ds-admin.pl.in
@@ -123,7 +123,7 @@ sub get_cred_from_inst
# Check the remaining instances
#
my @insts = $mysetup->{inf}->{register}->{instance};
- if (@insts){
+ if ($#insts){
my $i = 0;
for (; $i <= $#insts; $i++){
my @inst_parts = split('::', $insts[$i]);
@@ -267,7 +267,7 @@ if ($setup->{inf}->{register}){
# Add the other instances (if any)
#
@silent_instances = $setup->{inf}->{register}->{instance};
- if (@silent_instances){
+ if ($#silent_instances){
my $i = 0;
for (; $i <= $#silent_instances; $i++){
my @inst_parts = split('::', $silent_instances[$i]);
commit 220b91d6acc6c8fadabffbc3a11fcf20c7033f9c
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Wed May 27 13:17:02 2015 -0700
bump version to 1.1.41
diff --git a/VERSION.sh b/VERSION.sh
index 765c91f..1f0d104 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -11,7 +11,7 @@ vendorurl=http://port389.org
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=1
-VERSION_MAINT=40
+VERSION_MAINT=41
# if this is a PRERELEASE, set VERSION_PREREL
# otherwise, comment it out
# be sure to include the dot prefix in the prerel
commit 8fc8d1dca1546a285dd7505a8ecb6602c748ac8b
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Wed May 27 13:10:53 2015 -0700
Ticket #47493 - Configuration Tab does not work with FIPS mode enabled
Description: To invoke Manage Certificate window, NSS slot needs to be
found by looking up the token name. When the token name is "internal
(software)", the slot is supposed to be found by PK11_GetInternalKeySlot
that provides the support for FIPS instead of PK11_FindSlotByName. This
patch calls the right api based upon the token type.
https://fedorahosted.org/389/ticket/47493
Reviewed by mreynolds at redhat.com (Thank you, Mark!!)
diff --git a/admserv/cgi-src40/security.c b/admserv/cgi-src40/security.c
index 34bf3a7..2d7f38d 100644
--- a/admserv/cgi-src40/security.c
+++ b/admserv/cgi-src40/security.c
@@ -890,13 +890,20 @@ static void listCert(char* tokenName) {
CERTCertList *certList;
CERTCertListNode *cln;
- PK11SlotInfo *slot = PK11_FindSlotByName(tokenName);
+ PK11SlotInfo *slot = NULL;
PK11SlotInfo *internal_slot;
char *internalTokenName;
+ if (tokenName && (!strcasecmp(tokenName, "internal") ||
+ !strcasecmp(tokenName, "internal (software)"))) {
+ slot = PK11_GetInternalKeySlot();
+ } else {
+ slot = PK11_FindSlotByName(tokenName);
+ }
+
if (!slot) {
- errorRpt(GENERAL_FAILURE, getResourceString(DBT_TOKEN_NAME));
- return;
+ errorRpt(GENERAL_FAILURE, getResourceString(DBT_TOKEN_NAME));
+ return;
}
if (PK11_IsInternal(slot)) {
commit 6b0e7456d2a8b605e737a62010c0bf40d03441f1
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Tue May 26 23:05:11 2015 -0700
Ticket #48186 - register-ds-admin.pl script prints clear text password in the terminal
Description: Call reg_get_passwd for the remote DS password, as well.
https://fedorahosted.org/389/ticket/48186
Reviewed by mreynolds at redhat.com (Thank you, Mark!!)
diff --git a/admserv/newinst/src/register-ds-admin.pl.in b/admserv/newinst/src/register-ds-admin.pl.in
index aebe0ba..04e936a 100644
--- a/admserv/newinst/src/register-ds-admin.pl.in
+++ b/admserv/newinst/src/register-ds-admin.pl.in
@@ -62,8 +62,12 @@ sub reg_get_passwd
my $key = shift;
my $value0 = shift;
my $value1 = shift;
+ my $value2 = shift;
- print("\n==============================================================================\n");
+ if ( ! $value2 )
+ {
+ print("\n==============================================================================\n");
+ }
if ( $value1 )
{
$setup->msg(0, $key, $value0, $value1);
@@ -827,10 +831,7 @@ if ($silent eq "no")
chomp($remote_binddn = <>);
}
- $setup->msg(0, 'remote_prompt', "bind password");
- while($remote_bindpw eq ""){
- chomp($remote_bindpw = <>);
- }
+ $remote_bindpw = reg_get_passwd($setup, 'remote_prompt_bind_password', "", 0, 1);
$setup->msg(0, 'remote_conn_use_ssl');
chomp($local_certdir = <>);
diff --git a/admserv/newinst/src/register-ds-admin.res.in b/admserv/newinst/src/register-ds-admin.res.in
index 99cb3e3..f7c0e67 100644
--- a/admserv/newinst/src/register-ds-admin.res.in
+++ b/admserv/newinst/src/register-ds-admin.res.in
@@ -62,6 +62,8 @@ remote_register_direction = Register local servers to
remote_prompt = Enter Remote %s:
+remote_prompt_bind_password = Enter Remote bind password:
+
remote_conn_use_ssl = If using SSL, enter certificate db directory:
remote_register_completed = Successfully registered host '%s' with the configuration server on '%s'.\n
commit c3e77fb4d6d6f4db8e577c96214bd39179c5c9e0
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Fri May 22 16:43:08 2015 -0400
Ticket 47548 - register-ds-admin.pl fails to set local bind DN and password
Description: During a interactive session the local bind DN and password
are not correctly set.
https://fedorahosted.org/389/ticket/47548
Reviewed by: nhosoi(Thanks!)
diff --git a/admserv/newinst/src/register-ds-admin.pl.in b/admserv/newinst/src/register-ds-admin.pl.in
index 08c7108..aebe0ba 100644
--- a/admserv/newinst/src/register-ds-admin.pl.in
+++ b/admserv/newinst/src/register-ds-admin.pl.in
@@ -605,6 +605,8 @@ $setup->msg('register_new_confds', $new_confdsid);
if ($silent eq "no"){
$setup->{inf}->{slapd}->{RootDNPwd} = reg_get_passwd($setup, 'input_rootdn_passwd', $new_confdsid);
+ $localrootpw = $setup->{inf}->{slapd}->{RootDNPwd};
+ $localrootdn = $setup->{inf}->{slapd}->{RootDN};
}
if ( ($#admConfKeys >= 0 && ($orig_confdsid ne $new_confdsid)) ||
commit 66fe23d1f3ba4d253ad6f1d51099cdb802d20073
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Wed May 6 13:27:01 2015 -0700
bump version to 1.1.40
diff --git a/VERSION.sh b/VERSION.sh
index 6a2ede6..765c91f 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -11,7 +11,7 @@ vendorurl=http://port389.org
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=1
-VERSION_MAINT=39
+VERSION_MAINT=40
# if this is a PRERELEASE, set VERSION_PREREL
# otherwise, comment it out
# be sure to include the dot prefix in the prerel
commit 1bece0e524811a0da8aae5a27c3c130a7e452a4e
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Thu Apr 30 17:52:47 2015 -0700
Ticket #47467 - Improve Add CRL/CKL dialog and errors
Description: Additional modifications to the error messages.
When an input for CRL/CKL is missing, the generated error message
is not broken and does not give much help.
DBT_MISSING_THIS + DBT_MISSING_FILE
You should enter a No file specified. Enter the full path of a file.'
If the object of the "enter" is DBT_MISSING_FILE, change to just print
it. And modified the sentense as follows:
Enter a file name in the configuration directory or the full path of
a file.
https://fedorahosted.org/389/ticket/47467
Reviewed by rmeggins at redhat.com (Thank you, Rich!!)
diff --git a/admserv/cgi-src40/security.c b/admserv/cgi-src40/security.c
index d604f88..34bf3a7 100644
--- a/admserv/cgi-src40/security.c
+++ b/admserv/cgi-src40/security.c
@@ -223,9 +223,14 @@ getResourceString(char *key) {
}
}
-static char * getParameter(char *key, char *keyName) {
-
- PR_snprintf(line, sizeof(line), getResourceString(DBT_MISSING_THIS), keyName);
+static char * getParameter(char *key, char *keyName)
+{
+ if (strcmp(keyName, getResourceString(DBT_MISSING_FILE))) {
+ /* not a missing file */
+ PR_snprintf(line, sizeof(line), getResourceString(DBT_MISSING_THIS), keyName);
+ } else {
+ PR_snprintf(line, sizeof(line), getResourceString(DBT_MISSING_FILE));
+ }
return get_cgi_var(key, getResourceString(DBT_PARAMETERMISSING), line);
}
diff --git a/admserv/cgi-src40/security.properties b/admserv/cgi-src40/security.properties
index 289eef5..7a67f5d 100644
--- a/admserv/cgi-src40/security.properties
+++ b/admserv/cgi-src40/security.properties
@@ -61,7 +61,7 @@ security45 { "Unable to find the CRL or CKL specified." }
security50 { "Could not open file %s. File does not exist or filename is invalid. A filename that exists in the server security directory must be specified. Absolute or relative paths should not be specified." }
security51 { "Could not add module found in file %s." }
security52 { "The module has been successfully added. Please restart the console for changes to take effect." }
-security53 { "No file specified. Enter the full path of a file." }
+security53 { "No file specified. Enter a file name in the configuration directory or the full path of a file." }
security54 { "No file format specified." }
security55 { "Invalid file format." }
security56 { "No module name or incorrect module name specified. Please enter a valid module name." }
commit d1de836de72a9633fa8fd1743b35b9a7a54333ea
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Wed Apr 29 22:39:49 2015 -0700
Ticket #48171 - remove-ds-admin.pl removes files in the rpm
Description: remove-ds-admin.pl expects /etc/dirsrv/admin-serv/bakup
contains the original config files from rpm to replace with. If
setup-ds-admin.pl fails for some reason, it quits without backing up
the files. In the case, remove-ds-admin.pl just removes the config
files since there is no way to restore them.
This patch moves the backup code before the operation that has a
possibility to fail. This allows setup-ds-admin.pl to create the
backups even if the setup fails.
Also, read_conf and update_conf in cgi-src40/config.c uses given path
and file name instead of the generated full path which is set up an
empty string if the file is not accessible or not a plain file.
https://fedorahosted.org/389/ticket/48171
Reviewed by rmeggins at redhat.com (Thank you, Rich!!)
diff --git a/admserv/cgi-src40/config.c b/admserv/cgi-src40/config.c
index ddb4af3..8b16737 100644
--- a/admserv/cgi-src40/config.c
+++ b/admserv/cgi-src40/config.c
@@ -714,7 +714,7 @@ static char * read_conf(char *file, char *name) {
f = fopen(filename, "r");
if (f==NULL) {
char msg[BIG_LINE];
- PR_snprintf(msg, BIG_LINE, "Cannot open file %s for reading", filename);
+ PR_snprintf(msg, BIG_LINE, "Cannot open file %s/%s for reading", configdir, file);
rpt_err(SYSTEM_ERROR, msg, NULL, NULL);
}
@@ -752,7 +752,7 @@ static int update_conf(char *file, char *name, char *val) {
f = fopen(filename, "r");
if (f==NULL) {
char msg[BIG_LINE];
- PR_snprintf(msg, BIG_LINE, "Cannot open file %s for reading", filename);
+ PR_snprintf(msg, BIG_LINE, "Cannot open file %s/%s for reading", configdir, file);
rpt_err(SYSTEM_ERROR, msg, NULL, NULL);
}
diff --git a/admserv/newinst/src/AdminServer.pm.in b/admserv/newinst/src/AdminServer.pm.in
index 0c98a6e..a141596 100644
--- a/admserv/newinst/src/AdminServer.pm.in
+++ b/admserv/newinst/src/AdminServer.pm.in
@@ -384,6 +384,23 @@ sub updateHttpConfFiles {
libpath_add("@LIBPATH@");
libpath_add("$savepath");
$ENV{SHLIB_PATH} = $ENV{LD_LIBRARY_PATH};
+
+ if (! -d "$admConf->{configdir}/bakup") {
+ if (system ("mkdir -p $admConf->{configdir}/bakup")) {
+ debug(0, "Error backing up $admConf->{configdir}/console.conf failed: $!");
+ }
+ }
+ # backup the savefiles for "remove-ds-admin.pl -a"
+ foreach my $savefile (@saveconffiles, @savesecfiles) {
+ if (! -f "$admConf->{configdir}/bakup/$savefile") {
+ if (-e "$admConf->{configdir}/$savefile"){
+ if(system ("cp -p $admConf->{configdir}/$savefile $admConf->{configdir}/bakup")) {
+ debug(0, "Error backing up $admConf->{configdir}/$savefile failed: $!\n");
+ }
+ }
+ }
+ }
+
my $cmd = "@cgibindir@/config op=set configuration.nsSuiteSpotUser=\"$user\"";
if (!defined($origport) or ($port != $origport)) { # need to change the port number
$cmd .= " configuration.nsServerPort=\"$port\"";
@@ -391,7 +408,7 @@ sub updateHttpConfFiles {
if ($serverAddress) {
$cmd .= " configuration.nsServerAddress=\"$serverAddress\"";
}
-
+ debug(1, "Running $cmd ...");
$? = 0; # clear error
my $output = `$cmd 2>&1`;
# Check the output of the config CGI to see if something bad happened.
@@ -423,21 +440,6 @@ sub updateHttpConfFiles {
print CONSOLECONF @contents;
close (CONSOLECONF);
}
- if (! -d "$admConf->{configdir}/bakup") {
- if (system ("mkdir -p $admConf->{configdir}/bakup")) {
- debug(0, "Error backing up $admConf->{configdir}/console.conf failed: $!");
- }
- }
- # backup the savefiles for "remove-ds-admin.pl -a"
- foreach my $savefile (@saveconffiles, @savesecfiles) {
- if (! -f "$admConf->{configdir}/bakup/$savefile") {
- if (-e "$admConf->{configdir}/$savefile"){
- if(system ("cp -p $admConf->{configdir}/$savefile $admConf->{configdir}/bakup")) {
- debug(0, "Error backing up $admConf->{configdir}/$savefile failed: $!\n");
- }
- }
- }
- }
return 1;
}
commit a22fbf95c2d01211dfde082bb22c55772b91001b
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Fri Apr 24 22:05:50 2015 -0700
bump version to 1.1.39
diff --git a/VERSION.sh b/VERSION.sh
index 6440fa1..6a2ede6 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -11,7 +11,7 @@ vendorurl=http://port389.org
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=1
-VERSION_MAINT=38
+VERSION_MAINT=39
# if this is a PRERELEASE, set VERSION_PREREL
# otherwise, comment it out
# be sure to include the dot prefix in the prerel
commit 544b46e49928e60cbe94aea3af6688350fdf94ee
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Fri Apr 24 14:12:46 2015 -0700
Ticket #48153 - [adminserver] support NSS 3.18
Description: The security CGI had some issues when it fails to open/
load the NSS cert db. This patch makes sure that if opening the db
fails, the security CGI correctly reports an error and quits.
https://fedorahosted.org/389/ticket/48153
Reviewed by rmeggins at redhat.com (Thank you, Rich!!)
diff --git a/admserv/cgi-src40/security.c b/admserv/cgi-src40/security.c
index 8575d56..d604f88 100644
--- a/admserv/cgi-src40/security.c
+++ b/admserv/cgi-src40/security.c
@@ -234,12 +234,12 @@ static void closeAllSecurityDB() {
/* close all db */
if (NSS_IsInitialized()) {
SSL_ClearSessionCache();
- }
- if (NSS_Shutdown()) {
- PR_snprintf(line, sizeof(line), getResourceString(CMN_NSS_SHUTDOWN_ERROR),
- PR_GetError(),
- SSL_Strerror(PR_GetError()) ? SSL_Strerror(PR_GetError()) : "unknown");
- rpt_warning(GENERAL_FAILURE, line, NULL, NULL);
+ if (NSS_Shutdown()) {
+ PR_snprintf(line, sizeof(line), getResourceString(CMN_NSS_SHUTDOWN_ERROR),
+ PR_GetError(),
+ SSL_Strerror(PR_GetError()) ? SSL_Strerror(PR_GetError()) : "unknown");
+ rpt_warning(GENERAL_FAILURE, line, NULL, NULL);
+ }
}
}
@@ -256,6 +256,7 @@ static void errorRpt(int type, char* detailInfo) {
getResourceString(DBT_ERROR_OCCURED),
detailInfo,
NULL);
+ exit(0); /* Make sure it really exits */
}
static void errorRptExtended(int type, char* detail, char* extra) {
@@ -264,6 +265,7 @@ static void errorRptExtended(int type, char* detail, char* extra) {
getResourceString(DBT_ERROR_OCCURED),
detail,
extra);
+ exit(0); /* Make sure it really exits */
}
/* return true if all of the chars in s are valid chars for use in
@@ -1037,6 +1039,12 @@ static void securityInitialization(char* securitydir) {
/* Set certdb handle */
certdb = CERT_GetDefaultCertDB();
+ if (!certdb) {
+ PR_snprintf(line, sizeof(line), getResourceString(CMN_SSL_INIT_ERROR),
+ securitydir ? securitydir : "(null)", PR_GetError(),
+ SSL_Strerror(PR_GetError()) ? SSL_Strerror(PR_GetError()) : "unknown");
+ errorRpt(GENERAL_FAILURE, line);
+ }
/* set password function */
PK11_SetPasswordFunc(getPassword_cb);
@@ -2143,7 +2151,7 @@ int main(int argc, char *argv[])
if (!operation) {
/* if we got here it means front end pass back
- a bogus operation string */
+ a bogus operation string */
PR_snprintf(line, sizeof(line), getResourceString(DBT_NO_OP), operation);
errorRpt(INCORRECT_USAGE, line);
} else if (!PORT_Strcmp(operation, "MIGRATE_DB")) {
More information about the Pkg-fedora-ds-maintainers
mailing list