[Pkg-fedora-ds-maintainers] 389-admin: Changes to 'ubuntu'
Timo Aaltonen
tjaalton-guest at alioth.debian.org
Tue Oct 8 09:13:25 UTC 2013
.gitignore | 4
Makefile.am | 5
VERSION.sh | 2
admserv/cfgstuff/httpd-2.4.conf.in | 742 ++++++++++++++++++++++++++++++
admserv/cgi-src40/admpw.c | 4
admserv/cgi-src40/config.c | 9
admserv/cgi-src40/dsconfig.c | 1
admserv/cgi-src40/htmladmin.c | 137 +++--
admserv/cgi-src40/monreplication.c | 1
admserv/cgi-src40/restartsrv.c | 5
admserv/cgi-src40/sec-activate.c | 31 -
admserv/cgi-src40/security.c | 118 +++-
admserv/cgi-src40/security.properties | 6
admserv/cgi-src40/statpingserv.c | 85 +--
admserv/cgi-src40/stopsrv.c | 5
admserv/cgi-src40/ugdsconfig.c | 1
admserv/cgi-src40/viewdata.c | 5
admserv/cgi-src40/viewlog.c | 13
admserv/newinst/src/AdminServer.pm.in | 33 +
admserv/newinst/src/remove-ds-admin.pl.in | 8
compile | 227 ++++++++-
configure.ac | 5
debian/changelog | 26 -
debian/control | 3
debian/gbp.conf | 6
debian/patches/fix-group-name.patch | 18
debian/patches/format-security.patch | 252 ----------
debian/patches/http_conf_fix | 48 +
debian/patches/series | 1
debian/watch | 3
depcomp | 189 +++++--
include/libadmin/dbtlibadmin.h | 2
install-sh | 35 -
lib/base/file.cpp | 8
lib/base/nscputil.cpp | 5
lib/libadmin/util.c | 88 +--
lib/libdsa/dsalib_confs.c | 16
lib/libdsa/dsalib_util.c | 8
m4/adminutil.m4 | 4
m4/httpd.m4 | 3
missing | 148 ++---
mod_admserv/mod_admserv.c | 81 +--
mod_restartd/mod_restartd-2.2.c | 16
wrappers/initscript.in | 3
44 files changed, 1647 insertions(+), 763 deletions(-)
New commits:
commit 1526dcc47fb496f831dc109dd9d4d97cfd8a7921
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Oct 8 12:11:32 2013 +0300
release to saucy
diff --git a/debian/changelog b/debian/changelog
index 83bce8e..4ea115f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+389-admin (1.1.35-0ubuntu1) saucy; urgency=low
+
+ * Sync from unreleased debian git
+ - new upstream bugfix release
+ - migrate to apache 2.4
+
+ -- Timo Aaltonen <tjaalton at ubuntu.com> Tue, 08 Oct 2013 12:10:47 +0300
+
389-admin (1.1.35-1) UNRELEASED; urgency=low
* New upstream release.
commit 740f5592d88d04f732f95e54daa273505b600a81
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Oct 8 12:04:19 2013 +0300
really add fix-group-name.patch
diff --git a/debian/patches/fix-group-name.patch b/debian/patches/fix-group-name.patch
new file mode 100644
index 0000000..9c17e2a
--- /dev/null
+++ b/debian/patches/fix-group-name.patch
@@ -0,0 +1,18 @@
+Description: nobody's group is called "nogroup" on Debian, not "nobody"
+Author: Colin Watson <cjwatson at ubuntu.com>
+Forwarded: not-needed
+Last-Update: 2013-10-07
+
+Index: b/configure.ac
+===================================================================
+--- a/configure.ac
++++ b/configure.ac
+@@ -114,7 +114,7 @@
+
+ # server userid, groupid
+ httpduser=nobody
+-httpdgroup=nobody
++httpdgroup=nogroup
+ admservport=9830
+ admservip=0.0.0.0
+ # this is the subdir under $PACKAGE_BASE_NAME where admin server
commit 4be2473f6cc98cdffae5d32167bb22ccec987662
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Oct 8 12:00:05 2013 +0300
add gbp.conf
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..e7072b6
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,6 @@
+[DEFAULT]
+debian-branch=debian-unstable
+upstream-branch=upstream-unstable
+upstream-tag=389-admin-%(version)s
+pristine-tar=True
+pristine-tar-commit=True
commit 55b273f5d8610c7532845d4e53114e220171cfa4
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Oct 8 11:21:37 2013 +0300
control, http_conf_fix: Migrate to apache 2.4, thanks Colin Watson! (Closes: #725701)
diff --git a/debian/changelog b/debian/changelog
index d410876..83bce8e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@
* New upstream release.
* watch: Add a comment about the upstream git tree.
+ * control, http_conf_fix: Migrate to apache 2.4, thanks Colin Watson!
+ (Closes: #725701)
-- Timo Aaltonen <tjaalton at ubuntu.com> Tue, 08 Oct 2013 10:40:24 +0300
diff --git a/debian/control b/debian/control
index 90dc6c4..b4e3926 100644
--- a/debian/control
+++ b/debian/control
@@ -15,7 +15,7 @@ Build-Depends: quilt, debhelper (>= 9),
libperl-dev,
po-debconf,
389-ds-base-dev,
- apache2-threaded-dev,
+ apache2-dev,
libadminutil-dev,
apache2-mpm-worker,
libapache2-mod-nss,
diff --git a/debian/patches/http_conf_fix b/debian/patches/http_conf_fix
index 8eb4fed..1fa0357 100644
--- a/debian/patches/http_conf_fix
+++ b/debian/patches/http_conf_fix
@@ -2,11 +2,9 @@ Author: Michele Baldessari
Description: comment out mod_log_config (built in) and rename mod_nss
dirsrv httpd.conf path fixes
-Index: 389-admin/admserv/cfgstuff/httpd-2.2.conf.in
-===================================================================
---- 389-admin.orig/admserv/cfgstuff/httpd-2.2.conf.in 2011-10-11 15:33:59.489805355 +0300
-+++ 389-admin/admserv/cfgstuff/httpd-2.2.conf.in 2011-10-11 16:04:29.993761158 +0300
-@@ -120,7 +120,7 @@
+--- a/admserv/cfgstuff/httpd-2.2.conf.in
++++ b/admserv/cfgstuff/httpd-2.2.conf.in
+@@ -120,7 +120,7 @@ ThreadsPerChild 64
LoadModule authz_host_module @moddir@/mod_authz_host.so
LoadModule auth_basic_module @moddir@/mod_auth_basic.so
LoadModule authn_file_module @moddir@/mod_authn_file.so
@@ -15,7 +13,7 @@ Index: 389-admin/admserv/cfgstuff/httpd-2.2.conf.in
LoadModule env_module @moddir@/mod_env.so
LoadModule mime_magic_module @moddir@/mod_mime_magic.so
LoadModule unique_id_module @moddir@/mod_unique_id.so
-@@ -132,7 +132,7 @@
+@@ -132,7 +132,7 @@ LoadModule alias_module @moddir@/mod_ali
LoadModule rewrite_module @moddir@/mod_rewrite.so
LoadModule cgi_module @moddir@/mod_cgi.so
LoadModule restartd_module @admmoddir@/mod_restartd.so
@@ -24,11 +22,9 @@ Index: 389-admin/admserv/cfgstuff/httpd-2.2.conf.in
LoadModule admserv_module @admmoddir@/mod_admserv.so
### Section 2: 'Main' server configuration
-Index: 389-admin/admserv/cfgstuff/httpd.conf.in
-===================================================================
---- 389-admin.orig/admserv/cfgstuff/httpd.conf.in 2011-10-11 16:02:22.689869333 +0300
-+++ 389-admin/admserv/cfgstuff/httpd.conf.in 2011-10-11 16:04:29.997761279 +0300
-@@ -119,7 +119,7 @@
+--- a/admserv/cfgstuff/httpd.conf.in
++++ b/admserv/cfgstuff/httpd.conf.in
+@@ -119,7 +119,7 @@ ThreadsPerChild 64
# LoadModule foo_module modules/mod_foo.so
LoadModule access_module @moddir@/mod_access.so
LoadModule auth_module @moddir@/mod_auth.so
@@ -37,7 +33,7 @@ Index: 389-admin/admserv/cfgstuff/httpd.conf.in
LoadModule env_module @moddir@/mod_env.so
LoadModule mime_magic_module @moddir@/mod_mime_magic.so
LoadModule expires_module @moddir@/mod_expires.so
-@@ -142,7 +142,7 @@
+@@ -142,7 +142,7 @@ LoadModule file_cache_module @moddir@/mo
LoadModule mem_cache_module @moddir@/mod_mem_cache.so
LoadModule cgi_module @moddir@/mod_cgi.so
LoadModule restartd_module @admmoddir@/mod_restartd.so
@@ -46,3 +42,31 @@ Index: 389-admin/admserv/cfgstuff/httpd.conf.in
LoadModule admserv_module @admmoddir@/mod_admserv.so
### Section 2: 'Main' server configuration
+--- a/admserv/cfgstuff/httpd-2.4.conf.in
++++ b/admserv/cfgstuff/httpd-2.4.conf.in
+@@ -120,7 +120,7 @@ ThreadsPerChild 64
+ LoadModule authz_host_module @moddir@/mod_authz_host.so
+ LoadModule auth_basic_module @moddir@/mod_auth_basic.so
+ LoadModule authn_file_module @moddir@/mod_authn_file.so
+-LoadModule log_config_module @moddir@/mod_log_config.so
++#LoadModule log_config_module @moddir@/mod_log_config.so
+ LoadModule env_module @moddir@/mod_env.so
+ LoadModule mime_magic_module @moddir@/mod_mime_magic.so
+ LoadModule unique_id_module @moddir@/mod_unique_id.so
+@@ -132,14 +132,14 @@ LoadModule alias_module @moddir@/mod_ali
+ LoadModule rewrite_module @moddir@/mod_rewrite.so
+ LoadModule cgi_module @moddir@/mod_cgi.so
+ LoadModule restartd_module @admmoddir@/mod_restartd.so
+-LoadModule nss_module @nssmoddir@/libmodnss.so
++LoadModule nss_module @nssmoddir@/mod_nss.so
+ LoadModule admserv_module @admmoddir@/mod_admserv.so
+ LoadModule mpm_worker_module @moddir@/mod_mpm_worker.so
+ LoadModule access_compat_module @moddir@/mod_access_compat.so
+ LoadModule authn_core_module @moddir@/mod_authn_core.so
+ LoadModule authz_core_module @moddir@/mod_authz_core.so
+ LoadModule authz_user_module @moddir@/mod_authz_user.so
+-LoadModule unixd_module @moddir@/mod_unixd.so
++#LoadModule unixd_module @moddir@/mod_unixd.so
+
+ ### Section 2: 'Main' server configuration
+ #
commit d57dd1d7fa5add439b276c7690e2eee4f6ddab41
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Oct 8 10:46:49 2013 +0300
update the changelog
diff --git a/debian/changelog b/debian/changelog
index f6bff5b..d410876 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,6 @@
-389-admin (1.1.30-2) UNRELEASED; urgency=low
+389-admin (1.1.35-1) UNRELEASED; urgency=low
+ * New upstream release.
* watch: Add a comment about the upstream git tree.
-- Timo Aaltonen <tjaalton at ubuntu.com> Tue, 08 Oct 2013 10:40:24 +0300
commit f1b7faf162d41640f55f1892aa429205c3bfadba
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Oct 8 10:42:56 2013 +0300
add missing Uploaders: from -1
diff --git a/debian/control b/debian/control
index 59b27ee..90dc6c4 100644
--- a/debian/control
+++ b/debian/control
@@ -2,6 +2,7 @@ Source: 389-admin
Section: net
Priority: optional
Maintainer: Debian 389ds Team <pkg-fedora-ds-maintainers at lists.alioth.debian.org>
+Uploaders: Timo Aaltonen <tjaalton at ubuntu.com>
Build-Depends: quilt, debhelper (>= 9),
dh-autoreconf,
libnspr4-dev,
commit 63a7685bf01544f84acfced9f37c77dfcef1e716
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Oct 8 10:41:40 2013 +0300
finalize -1 and move previous change as -2
diff --git a/debian/changelog b/debian/changelog
index 810d83a..f6bff5b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,10 @@
-389-admin (1.1.30-1) UNRELEASED; urgency=low
+389-admin (1.1.30-2) UNRELEASED; urgency=low
+
+ * watch: Add a comment about the upstream git tree.
+
+ -- Timo Aaltonen <tjaalton at ubuntu.com> Tue, 08 Oct 2013 10:40:24 +0300
+
+389-admin (1.1.30-1) unstable; urgency=low
* New upstream release.
* control: Rewrap the build-depends.
@@ -31,7 +37,6 @@
* patches/speling_fixes: Drop, unnecessary.
* patches/remove_softokn3, rules: Patch dropped, fix linking in rules.
* watch: Fix the url.
- * watch: Add a comment about the upstream git tree.
-- Timo Aaltonen <tjaalton at ubuntu.com> Thu, 28 Jun 2012 10:13:28 +0300
commit 463ed9a71dfcdb801e58c24b06cd3e99d6f1a6c9
Author: Rich Megginson <rmeggins at redhat.com>
Date: Tue Aug 20 11:07:54 2013 -0600
bump version to 1.1.35
diff --git a/VERSION.sh b/VERSION.sh
index c4173c4..de6b8d0 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -11,7 +11,7 @@ vendorurl=http://port389.org
# PACKAGE_VERSION is constructed from these
VERSION_MAJOR=1
VERSION_MINOR=1
-VERSION_MAINT=34
+VERSION_MAINT=35
# if this is a PRERELEASE, set VERSION_PREREL
# otherwise, comment it out
# be sure to include the dot prefix in the prerel
commit 0417dc764a38a5e34c402754ed699a60caea86fa
Author: Rich Megginson <rmeggins at redhat.com>
Date: Fri Aug 16 10:53:13 2013 -0600
add Eclipse and patch files
diff --git a/.gitignore b/.gitignore
index b2642d7..d9fa51e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,5 @@
autom4te.cache
.project
.cproject
+.autotools
+*.patch
commit f2004eab1a9821c716a99a6efa925079d30ee457
Author: Rich Megginson <rmeggins at redhat.com>
Date: Fri Aug 16 10:51:55 2013 -0600
compiler warning - ldif_read_record lineno type depends on openldap version
Reviewed by: nkinder (Thanks!)
diff --git a/lib/libdsa/dsalib_confs.c b/lib/libdsa/dsalib_confs.c
index 36d9356..b4a1f4c 100644
--- a/lib/libdsa/dsalib_confs.c
+++ b/lib/libdsa/dsalib_confs.c
@@ -38,6 +38,18 @@
#include "nspr.h"
#include "plstr.h"
+/* ldif_read_record lineno argument type depends on openldap version */
+#if defined(USE_OPENLDAP)
+#include <ldap_features.h>
+#if LDAP_VENDOR_VERSION >= 20434 /* changed in 2.4.34 */
+typedef unsigned long int ldif_record_lineno_t;
+#else
+typedef int ldif_record_lineno_t;
+#endif
+#else
+typedef int ldif_record_lineno_t;
+#endif
+
int
dsalib_ldif_parse_line(
char *line,
@@ -75,11 +87,11 @@ ds_get_conf_from_file(FILE *conf)
int listsize = 0;
char **conf_list = NULL;
char *entry = 0;
- int lineno = 0;
- int i = 0;
#if defined(USE_OPENLDAP)
int buflen = 0;
#endif
+ ldif_record_lineno_t lineno;
+ int i = 0;
#if defined(USE_OPENLDAP)
while (ldif_read_record(conf, &lineno, &entry, &buflen)) {
commit c6e18768092c55d916548fc090c91b079c0d3c8a
Author: Rich Megginson <rmeggins at redhat.com>
Date: Fri Aug 16 10:49:44 2013 -0600
Ticket #47413 389-admin fails to build with latest httpd
https://fedorahosted.org/389/ticket/47413
Reviewed by: nkinder (Thanks!)
Branch: master
Fix Description: Use awk to parse out MIMEMagicFile from httpd.conf
Platforms tested: RHEL6 x86_64, Fedora 20
Flag Day: no
Doc impact: no
diff --git a/configure b/configure
index 881d344..bf81905 100755
--- a/configure
+++ b/configure
@@ -18085,7 +18085,7 @@ esac
httpdconf=${httpd_root}/${httpd_conf_rel}
-mimemagic=`grep MIMEMagicFile $httpdconf|grep -v \^# | awk '{print $2}'`
+mimemagic=`awk '"MIMEMagicFile" == $1" {print $2}' $httpdconf`
if test ! -f "$mimemagic" ; then
# assume relative to root
mimemagic=${httpd_root}/${mimemagic}
diff --git a/m4/httpd.m4 b/m4/httpd.m4
index f106e2a..b72054c 100644
--- a/m4/httpd.m4
+++ b/m4/httpd.m4
@@ -61,7 +61,7 @@ esac
httpdconf=${httpd_root}/${httpd_conf_rel}
-mimemagic=`grep MIMEMagicFile $httpdconf|grep -v \^# | awk '{print $2}'`
+mimemagic=`awk '"MIMEMagicFile" == $1" {print $2}' $httpdconf`
if test ! -f "$mimemagic" ; then
# assume relative to root
mimemagic=${httpd_root}/${mimemagic}
commit 2a67826ff30226436edff1653088924ef983f5a6
Author: Rich Megginson <rmeggins at redhat.com>
Date: Thu Aug 15 15:06:09 2013 -0600
add more debugging for SSL connection problems
diff --git a/mod_admserv/mod_admserv.c b/mod_admserv/mod_admserv.c
index 744364c..eacf1e8 100644
--- a/mod_admserv/mod_admserv.c
+++ b/mod_admserv/mod_admserv.c
@@ -779,6 +779,8 @@ static int
sslinit(AdmldapInfo info, const char *configdir)
{
if (!NSS_IsInitialized()) {
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0 /* status */, NULL,
+ "sslinit: doing NSS initialization");
/* mod_nss is used when we are a TLS/SSL server - mod_nss starts up before we do
and will set up all of the TLS/SSL stuff */
/* if we are acting as simply a TLS/SSL client to the directory server,
@@ -2088,6 +2090,11 @@ host_ip_init(apr_pool_t *p, apr_pool_t *plog,
if (admldapGetSecurity(info)) {
sslinit(info, configdir);
if (admldapBuildInfoSSL(info, &error)) {
+ if (error != ADMUTIL_OP_OK) {
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, base_server,
+ "host_ip_init(): problem creating secure AdmldapInfo (error code = %d)",
+ error);
+ }
} else {
ap_log_error(APLOG_MARK, APLOG_CRIT, 0, base_server,
"host_ip_init(): unable to create secure AdmldapInfo (error code = %d)",
@@ -2095,6 +2102,10 @@ host_ip_init(apr_pool_t *p, apr_pool_t *plog,
destroyAdmldap(info);
return DONE;
}
+ } else {
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, base_server,
+ "host_ip_init(): secure connection not enabled, skipping sslinit");
+
}
destroyAdmldap(info);
@@ -2261,6 +2272,11 @@ apr_status_t mod_admserv_unload(void *data)
{
if (NSS_IsInitialized()) {
SSL_ClearSessionCache();
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL,
+ "mod_admserv_unload: cleared SSL session cache");
+ } else {
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL,
+ "mod_admserv_unload: cannot clear cache - NSS not initialized");
}
return OK;
}
commit 6da58f7ef8aacfc926c2fbb1ec5cda79d2b8d002
Author: Rich Megginson <rmeggins at redhat.com>
Date: Thu Aug 15 15:04:29 2013 -0600
Ticket #47465 problem with 389-adminutil detection in m4/adminutil.m4 in 389-admin and 389-dsgw
https://fedorahosted.org/389/ticket/47465
Reviewed by: nhosoi (Thanks!)
Branch: master
Fix Description: Do not need to check for defined adminutil_lib and
adminutil_inc - pkg-config will fail if they cannot be determined.
Platforms tested: RHEL6 x86_64, Fedora 20
Flag Day: no
Doc impact: no
diff --git a/configure b/configure
index 5039a51..881d344 100755
--- a/configure
+++ b/configure
@@ -19725,10 +19725,6 @@ fi
fi
fi
-if test -z "$adminutil_inc" -o -z "$adminutil_lib"; then
- as_fn_error $? "ADMINUTIL not found, specify with --with-adminutil." "$LINENO" 5
-fi
-
# BEGIN COPYRIGHT BLOCK
# Copyright (C) 2007 Red Hat, Inc.
# All rights reserved.
diff --git a/m4/adminutil.m4 b/m4/adminutil.m4
index 1d5900b..c5d4893 100644
--- a/m4/adminutil.m4
+++ b/m4/adminutil.m4
@@ -62,7 +62,3 @@ if test -z "$adminutil_inc" -o -z "$adminutil_lib"; then
fi
fi
fi
-
-if test -z "$adminutil_inc" -o -z "$adminutil_lib"; then
- AC_MSG_ERROR([ADMINUTIL not found, specify with --with-adminutil.])
-fi
commit ebb0765b60b287f6b7f44188f4337076e8c3aa9d
Author: Rich Megginson <rmeggins at redhat.com>
Date: Thu Aug 15 15:03:44 2013 -0600
Ticket #47486 compiler warnings in adminutil, admin, dsgw
fix compiler warnings
Reviewed by: nhosoi (Thanks!)
Platforms tested: RHEL 6, Fedora 20
diff --git a/admserv/cgi-src40/admpw.c b/admserv/cgi-src40/admpw.c
index ff0dc6c..e695881 100644
--- a/admserv/cgi-src40/admpw.c
+++ b/admserv/cgi-src40/admpw.c
@@ -73,11 +73,10 @@ sha1_pw_enc(const char *pwd)
unsigned char hash[SHA1_LENGTH];
char *enc;
char *retval;
- SECStatus rc;
int32 pwdlen = strlen(pwd);
/* SHA1 hash the user's key */
- rc = PK11_HashBuf(SEC_OID_SHA1, hash, (unsigned char *)pwd, pwdlen);
+ PK11_HashBuf(SEC_OID_SHA1, hash, (unsigned char *)pwd, pwdlen);
/* convert to base64 */
if (!(enc = BTOA_DataToAscii(hash, sizeof(hash)))) {
return NULL;
@@ -181,6 +180,7 @@ int main(int argc, char *argv[])
int errorcode = 0;
char *configdir = util_get_conf_dir();
+ (void)_ai; /* get rid of unused variable warning */
logMsg(" In %s\n", argv[0]);
i18nInit();
diff --git a/admserv/cgi-src40/config.c b/admserv/cgi-src40/config.c
index 74e0a0c..ddb4af3 100644
--- a/admserv/cgi-src40/config.c
+++ b/admserv/cgi-src40/config.c
@@ -155,9 +155,8 @@ int main(int argc, char *argv[])
char **inputs = 0;
char *operation = 0;
char *qs = 0;
- char *nameptr, *valptr, *val;
+ char *nameptr, *valptr;
char error_info[128];
- char *valsbuf[2];
int setFlag = 0, getFlag = 0, forceSetFlag = 0;
int ignorePsetErrors = 0;
AttributeList resultList, nvl;
@@ -176,11 +175,9 @@ int main(int argc, char *argv[])
while (waitforever);
#endif
+ (void)_ai; /* get rid of unused variable warning */
i18nResource = res_find_and_init_resource(PROPERTYDIR, RESOURCE_FILE);
- valsbuf[0] = NULL;
- valsbuf[1] = NULL;
-
memset((void *)errp, 0, sizeof(int));
method = getenv("REQUEST_METHOD");
@@ -620,7 +617,7 @@ int main(int argc, char *argv[])
#endif
errorCode = PSET_OP_OK;
- val = psetGetAttrSingleValue(pset, nameptr, &errorCode);
+ (void)psetGetAttrSingleValue(pset, nameptr, &errorCode);
if (errorCode && !ignorePsetErrors) {
if (forceSetFlag)
addSingleValueAttribute(addList, j++, nameptr, valptr);
diff --git a/admserv/cgi-src40/dsconfig.c b/admserv/cgi-src40/dsconfig.c
index 899836b..b35826e 100644
--- a/admserv/cgi-src40/dsconfig.c
+++ b/admserv/cgi-src40/dsconfig.c
@@ -159,6 +159,7 @@ int main(int argc, char *argv[])
logMsg(" In %s\n", argv[0]);
+ (void)_ai; /* get rid of unused variable warning */
i18nInit();
/* GET or POST method */
diff --git a/admserv/cgi-src40/htmladmin.c b/admserv/cgi-src40/htmladmin.c
index 7110526..b168ce7 100644
--- a/admserv/cgi-src40/htmladmin.c
+++ b/admserv/cgi-src40/htmladmin.c
@@ -1582,6 +1582,7 @@ int main(int argc, char *argv[])
const char *configdir = util_get_conf_dir();
const char *secdir = util_get_security_dir();
+ (void)_ai; /* get rid of unused variable warning */
i18nResource = res_find_and_init_resource(PROPERTYDIR, RESOURCE_FILE);
acceptLanguage = "en";
if (lang) acceptLanguage = strdup(lang);
diff --git a/admserv/cgi-src40/monreplication.c b/admserv/cgi-src40/monreplication.c
index 253dcaf..2b07038 100644
--- a/admserv/cgi-src40/monreplication.c
+++ b/admserv/cgi-src40/monreplication.c
@@ -85,6 +85,7 @@ int main(int argc, char *argv[])
char configfile[256] = {'\0'};
char *resstr;
+ (void)_ai; /* get rid of unused variable warning */
i18nInit();
fprintf(stdout, "Content-type: text/html;charset=utf-8\n\n");
diff --git a/admserv/cgi-src40/restartsrv.c b/admserv/cgi-src40/restartsrv.c
index 87e76bf..69d8853 100644
--- a/admserv/cgi-src40/restartsrv.c
+++ b/admserv/cgi-src40/restartsrv.c
@@ -125,6 +125,7 @@ int main(int argc, char *argv[])
char *acceptLanguage = (char*)"en", *lang=getenv((char*)"HTTP_ACCEPT_LANGUAGE");
Resource *i18nResource = NULL;
+ (void)_ai; /* get rid of unused variable warning */
i18nResource = res_find_and_init_resource(PROPERTYDIR, RESOURCE_FILE);
if (lang) acceptLanguage = strdup(lang);
diff --git a/admserv/cgi-src40/sec-activate.c b/admserv/cgi-src40/sec-activate.c
index a36f75f..6ae70ed 100644
--- a/admserv/cgi-src40/sec-activate.c
+++ b/admserv/cgi-src40/sec-activate.c
@@ -499,6 +499,7 @@ int main(int argc, char *argv[])
AdmldapInfo ldapInfo = NULL;
char *lang;
+ (void)_ai; /* get rid of unused variable warning */
memset((void *)errp, 0, sizeof(int));
method = getenv("REQUEST_METHOD");
diff --git a/admserv/cgi-src40/statpingserv.c b/admserv/cgi-src40/statpingserv.c
index d6e55f7..3fc5616 100644
--- a/admserv/cgi-src40/statpingserv.c
+++ b/admserv/cgi-src40/statpingserv.c
@@ -75,6 +75,7 @@ int main(int argc, char *argv[])
char *portstr;
struct PRFileInfo64 prfileinfo;
+ (void)_ai; /* get rid of unused variable warning */
m = getenv("REQUEST_METHOD");
if(!strcmp(m, "GET")) {
diff --git a/admserv/cgi-src40/stopsrv.c b/admserv/cgi-src40/stopsrv.c
index 436989e..b2b83c9 100644
--- a/admserv/cgi-src40/stopsrv.c
+++ b/admserv/cgi-src40/stopsrv.c
@@ -85,6 +85,7 @@ int main(int argc, char *argv[])
char *return_format = NULL;
char *qs = 0;
+ (void)_ai; /* get rid of unused variable warning */
i18nResource = res_find_and_init_resource(PROPERTYDIR, RESOURCE_FILE);
if (lang) acceptLanguage = strdup(lang);
diff --git a/admserv/cgi-src40/ugdsconfig.c b/admserv/cgi-src40/ugdsconfig.c
index 9be5332..0b23d93 100644
--- a/admserv/cgi-src40/ugdsconfig.c
+++ b/admserv/cgi-src40/ugdsconfig.c
@@ -179,6 +179,7 @@ int main(int argc, char *argv[])
const char *configdir = util_get_conf_dir();
const char *secdir = util_get_security_dir();
+ (void)_ai; /* get rid of unused variable warning */
logMsg(" In %s\n", argv[0]);
i18nInit();
diff --git a/admserv/cgi-src40/viewdata.c b/admserv/cgi-src40/viewdata.c
index 7dd5d80..5cba168 100644
--- a/admserv/cgi-src40/viewdata.c
+++ b/admserv/cgi-src40/viewdata.c
@@ -412,6 +412,7 @@ int main(int argc, char *argv[])
AdmldapInfo ldapInfo = get_adm_ldapinfo(configdir, secdir);
+ (void)_ai; /* get rid of unused variable warning */
i18nInit();
if(!get_bindinfo(&binddn, &bindpw))
diff --git a/admserv/cgi-src40/viewlog.c b/admserv/cgi-src40/viewlog.c
index e4ec208..4a36780 100644
--- a/admserv/cgi-src40/viewlog.c
+++ b/admserv/cgi-src40/viewlog.c
@@ -341,6 +341,7 @@ int main(int argc, char *argv[])
int rc = 0;
char *configdir = NULL;
+ (void)_ai; /* get rid of unused variable warning */
i18nInit();
fprintf(stdout, "Content-type: text/html;charset=utf-8\n\n");
diff --git a/include/libadmin/dbtlibadmin.h b/include/libadmin/dbtlibadmin.h
index 24048c7..9c40647 100644
--- a/include/libadmin/dbtlibadmin.h
+++ b/include/libadmin/dbtlibadmin.h
@@ -21,8 +21,6 @@
#define LIBRARY_NAME "libadmin"
-static char dbtlibadminid[] = "$DBT: libadmin referenced v1 $";
-
#include "i18n.h"
BEGIN_STR(libadmin)
diff --git a/lib/base/file.cpp b/lib/base/file.cpp
index ac2ece6..0ca4c9b 100644
--- a/lib/base/file.cpp
+++ b/lib/base/file.cpp
@@ -483,19 +483,11 @@ NSAPI_PUBLIC int system_errmsg_fn(char **buff, size_t maxlen)
char static_error[128];
char *lmsg = 0; /* Local message pointer */
size_t msglen = 0;
- int sys_error = 0;
PRErrorCode nscp_error;
#ifdef XP_WIN32
LPTSTR sysmsg = 0;
#endif
-
- /* Grab the OS error message */
-#ifdef XP_WIN32
- sys_error = GetLastError();
-#else
- sys_error = errno;
-#endif
nscp_error = PR_GetError();
/* If there is a NSPR error, but it is "unknown", try to get the OSError
diff --git a/lib/base/nscputil.cpp b/lib/base/nscputil.cpp
index 77e7a6e..1fb6a27 100644
--- a/lib/base/nscputil.cpp
+++ b/lib/base/nscputil.cpp
@@ -833,11 +833,12 @@ util_waitpid(pid_t pid, int *statptr, int options)
for(rv = 0; !rv; PR_Sleep(500)) {
rv = waitpid(pid, statptr, options | WNOHANG);
if (rv == -1) {
- if (errno == EINTR)
+ if (errno == EINTR) {
rv = 0; /* sleep and try again */
- else
+ } else {
// ereport(LOG_WARN, "waitpid failed for pid %d:%s", pid, system_errmsg());
;
+ }
}
}
return rv;
diff --git a/lib/libadmin/util.c b/lib/libadmin/util.c
index be651b4..29c77b5 100644
--- a/lib/libadmin/util.c
+++ b/lib/libadmin/util.c
@@ -1558,17 +1558,19 @@ util_ldap_init(
if (secure > 0) {
#if defined(USE_OPENLDAP)
int optval = 0;
+#else
+ LDAP *myld = NULL;
#endif /* !USE_OPENLDAP */
int ssl_strength = 0;
- LDAP *myld = NULL;
+#if !defined(USE_OPENLDAP)
/* we can only use the set functions below with a real
LDAP* if it has already gone through ldapssl_init -
so, use NULL if using starttls */
if (secure == 1) {
myld = ld;
}
-
+#endif
/* verify certificate only */
#if defined(USE_OPENLDAP)
ssl_strength = LDAP_OPT_X_TLS_NEVER;
@@ -1683,55 +1685,12 @@ util_ldap_bind(
{
int rc = LDAP_SUCCESS;
int err = LDAP_SUCCESS;
- int secure = 0;
struct berval bvcreds = {0, NULL};
LDAPMessage *result = NULL;
struct berval *servercredp = NULL;
-#if defined(USE_OPENLDAP)
- /* openldap doesn't have a SSL/TLS yes/no flag - so grab the
- ldapurl, parse it, and see if it is a secure one */
- char *ldapurl = NULL;
-
- ldap_get_option(ld, LDAP_OPT_URI, &ldapurl);
- if (ldapurl && !PL_strncasecmp(ldapurl, "ldaps", 5)) {
- secure = 1;
- }
- PL_strfree(ldapurl);
- ldapurl = NULL;
-#else /* !USE_OPENLDAP */
- ldap_get_option(ld, LDAP_OPT_SSL, &secure);
-#endif
-#ifdef EXTERNAL_AUTH_SUPPORTED
- if (secure && mech && !strcmp(mech, LDAP_SASL_EXTERNAL)) {
- /* SSL connections will use the server's security context
- and cert for client auth */
- rc = slapd_SSL_client_auth(ld);
-
- if (rc != 0) {
-#ifdef DEBUG
- fprintf(stderr, "util_ldap_bind: "
- "Error: could not configure the server for cert "
- "auth - error %d - make sure the server is "
- "correctly configured for SSL/TLS\n", rc);
-#endif
- goto done;
- } else {
-#ifdef DEBUG
- fprintf(stderr, "util_ldap_bind: "
- "Set up conn to use client auth\n");
-#endif
- }
- bvcreds.bv_val = NULL; /* ignore username and passed in creds */
- bvcreds.bv_len = 0; /* for external auth */
- bindid = NULL;
- } else { /* other type of auth */
-#endif /* EXTERNAL_AUTH_SUPPORTED */
- bvcreds.bv_val = (char *)creds;
- bvcreds.bv_len = creds ? strlen(creds) : 0;
-#ifdef EXTERNAL_AUTH_SUPPORTED
- }
-#endif /* EXTERNAL_AUTH_SUPPORTED */
+ bvcreds.bv_val = (char *)creds;
+ bvcreds.bv_len = creds ? strlen(creds) : 0;
/* The connection has been set up - now do the actual bind, depending on
the mechanism and arguments */
diff --git a/lib/libdsa/dsalib_util.c b/lib/libdsa/dsalib_util.c
index da875df..803f86d 100644
--- a/lib/libdsa/dsalib_util.c
+++ b/lib/libdsa/dsalib_util.c
@@ -402,18 +402,10 @@ ds_system_errmsg(void)
static char static_error[BUFSIZ];
char *lmsg = 0; /* Local message pointer */
size_t msglen = 0;
- int sys_error = 0;
#ifdef XP_WIN32
LPTSTR sysmsg = 0;
#endif
- /* Grab the OS error message */
-#ifdef XP_WIN32
- sys_error = GetLastError();
-#else
- sys_error = errno;
-#endif
-
#if defined(XP_WIN32)
msglen = FormatMessage(
FORMAT_MESSAGE_FROM_SYSTEM|FORMAT_MESSAGE_ALLOCATE_BUFFER,
diff --git a/mod_admserv/mod_admserv.c b/mod_admserv/mod_admserv.c
index 9eca803..744364c 100644
--- a/mod_admserv/mod_admserv.c
+++ b/mod_admserv/mod_admserv.c
@@ -2641,7 +2641,7 @@ static int
authenticate_user(LdapServerData *data, char *baseDN, char *user, const char *pw, request_rec *r)
{
LDAP *server;
- char *uid, *userdn, *ldapURL;
+ char *userdn, *ldapURL;
int ldapError = LDAP_SUCCESS;
int pw_expiring = 0;
int tries = 0;
@@ -2686,13 +2686,10 @@ authenticate_user(LdapServerData *data, char *baseDN, char *user, const char *pw
return DECLINED; /* fall back to final check against admpw */
}
-
- uid = user;
} else {
/* it's a DN */
userdn = user;
- uid = NULL;
/* strip the leading "ldap:", if present */
commit 14b1bf927e6b0ac47273a48ea4cbb58d12237dfc
Author: Rich Megginson <rmeggins at redhat.com>
Date: Thu Aug 15 15:02:16 2013 -0600
ignore files generated by Eclipse
diff --git a/.gitignore b/.gitignore
index c0b150c..b2642d7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,4 @@
*~
autom4te.cache
+.project
+.cproject
commit 0de39490d43897ea3e53e7128b1dab02f36b7506
Author: Nathan Kinder <nkinder at redhat.com>
Date: Wed Aug 14 11:30:28 2013 -0700
Ticket 47467 - Improve CRL import error messages
The error messages returned by the security CGI when failing to
import a CRL aren't helpful. Specifically, we don't indicate
that the CRL file must be specifed as a plain filename that exists
in the server security directory. When we fail to find a valid
CRL, we don't indicate that the expected format is PEM. This
patch improves the error messages that are returned for display in
the Console.
diff --git a/admserv/cgi-src40/security.properties b/admserv/cgi-src40/security.properties
index 183bad0..289eef5 100644
--- a/admserv/cgi-src40/security.properties
+++ b/admserv/cgi-src40/security.properties
@@ -58,7 +58,7 @@ security43 { "Unable to delete the certificate specified." }
security44 { "Unable to delete the CRL or CKL specified." }
security45 { "Unable to find the CRL or CKL specified." }
//#/* module operation */
-security50 { "Could not open file %s. File does not exist or filename is invalid." }
+security50 { "Could not open file %s. File does not exist or filename is invalid. A filename that exists in the server security directory must be specified. Absolute or relative paths should not be specified." }
security51 { "Could not add module found in file %s." }
security52 { "The module has been successfully added. Please restart the console for changes to take effect." }
security53 { "No file specified. Enter the full path of a file." }
@@ -96,7 +96,7 @@ security103 { "Unable to init the internal (software) token." }
security110 { "Error decoding the CRL/CKL file. Please make sure it is valid." }
security111 { "Error deleting the existing CRL/CKL in replacement process." }
security112 { "Error writing the new CRL/CKL into the certificate database." }
-security113 { "The file %s does not contain a valid CRL/CKL" }
+security113 { "The file %s does not contain a valid CRL/CKL. Please make sure it is in the PEM format (base64 encoded DER)." }
//#/* key/cert migration */
security120 { "Alias" }
security121 { "Key or Certificate database doesn't exist in the old server root specified" }
commit 4555aff338e70d646d4867460f37cfdd49b7f456
Author: Nathan Kinder <nkinder at redhat.com>
Date: Tue Aug 13 15:47:47 2013 -0700
Ticket 362 - Directory Console generates insufficient key strength
The security CGI that is called by the Console is limited terms of
key generation and the signing algorithm used for the request. The
RSA key size is limited to 1024 bit or less, and the signing algorithm
is hardcoded to MD5.
This patch increases the maximum RSA key size to 4096 and uses a
default of 2048 if the caller doesn't specify a key size. The default
signing algorithm is changed to SHA-1, and a new CGI parameter has been
added to allow the caller to alternatively choose SHA-256, SHA-384, or
SHA-512.
diff --git a/admserv/cgi-src40/security.c b/admserv/cgi-src40/security.c
index 1cee29d..3664d70 100644
--- a/admserv/cgi-src40/security.c
+++ b/admserv/cgi-src40/security.c
@@ -73,11 +73,8 @@ extern "C" {
}
#endif
-#ifdef NS_DOMESTIC
-#define MAX_KEY_BITS 1024/*2048*/
-#else
-#define MAX_KEY_BITS 512/*1024*/
-#endif
+#define DEFAULT_KEY_BITS 2048
+#define MAX_KEY_BITS 4096
#define SUBJECT_NEW "Certificate request"
#define SUBJECT_OLD "Certificate renewal"
@@ -1064,6 +1061,8 @@ generateCertificateRequest(SECKEYPrivateKey* privateKey, SECKEYPublicKey* pubKey
More information about the Pkg-fedora-ds-maintainers
mailing list