[Fedora-directory-commits] adminutil/lib/libadmsslutil admsslutil.c, 1.6, 1.7 certmgt.c, 1.1.1.1, 1.2 psetcssl.c, 1.2, 1.3 secpwd.c, 1.1.1.1, 1.2 srvutilssl.c, 1.3, 1.4 uginfossl.c, 1.2, 1.3
Richard Allen Megginson (rmeggins)
fedora-directory-commits at redhat.com
Wed Apr 4 19:37:49 UTC 2007
- Previous message (by thread): [Fedora-directory-commits] adminutil/include/libadmsslutil admsslutil.h, 1.2, 1.3 certmgt.h, 1.2, 1.3 sslpset.h, 1.2, NONE
- Next message (by thread): [Fedora-directory-commits] adminutil/tests nsroot.ldif, NONE, 1.1 psetread.c, NONE, 1.1 psetreadssl.c, NONE, 1.1 psetwrite.c, NONE, 1.1 retrieveSIEssl.c, NONE, 1.1 setup.sh, NONE, 1.1 readme.txt, 1.1, 1.2 retrieveSIE.c, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rmeggins
Update of /cvs/dirsec/adminutil/lib/libadmsslutil
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30346/adminutil/lib/libadmsslutil
Modified Files:
admsslutil.c certmgt.c psetcssl.c secpwd.c srvutilssl.c
uginfossl.c
Log Message:
Resolves: bug 234420
Bug Description: adminutil: Use FHS paths and general code cleanup
Reviewed by: nkinder (Thanks!)
Fix Description:
1) Added a propertydir parameter to Makefile.am. This is where the .res files go. This also gets baked into the code so that the library knows where to find them.
2) The icu code expects the .res files to be in a packagename directory - packagename/foo.res not packagename_foo.res. I don't know how this ever worked. I also added en_US.res and en.res - icu recommends having the actual locale file rather than just falling back to the default root.res - see http://icu-project.org/userguide/ResourceManagement.html
3) There was quite a bit of dead code that I got rid of
4) Fixed many compiler warnings
5) There were quite a few memory leaks. The biggest one was probably in psetDelete, which did not actually delete the pset. Another one was the resource string handling - this returns malloc'd memory, and was never freed. I added the option to pass in a static sized buffer to hold the resource string - this may be truncated but we usually won't care. There were several places where the code was calling PR_Free on a data structure pointer - doing a "shallow" free rather than a "deep" free of all of the pointers in the data structure.
6) I merged in configuration from dbswitch.conf and other config files so that we could get rid of them and just have adm.conf. We'll have to take care of this during migration.
Platforms tested: RHEL4, FC6
Flag Day: no
Doc impact: no
Index: admsslutil.c
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/admsslutil.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- admsslutil.c 3 Nov 2006 17:41:06 -0000 1.6
+++ admsslutil.c 4 Apr 2007 19:37:47 -0000 1.7
@@ -69,6 +69,22 @@
char custom_file[BIG_LINE] = "";
char retried_token[BIG_LINE] = "";
+/* returns true if the given path is a valid directory, false otherwise */
+static int
+is_dir_ok(const char *path)
+{
+ PRFileInfo prinfo;
+ int ret = 0;
+
+ if (path && *path &&
+ (PR_SUCCESS == PR_GetFileInfo(path, &prinfo)) &&
+ prinfo.type == PR_FILE_DIRECTORY) {
+ ret = 1;
+ }
+
+ return ret;
+}
+
PR_IMPLEMENT(int)
admldapBuildInfoSSL(AdmldapInfo info, int *errorcode)
{
@@ -135,64 +151,13 @@
return 1;
}
-/*
- * Given filepath e.g. /opt/servers/alias/slapd-dilly-cert7.db
- * return slapd-dilly- as the prefix fo cert file;
- * or filepath is e.g. /opt/servers/alias/slapd-dilly-key3.db
- * return slapd-dilly- as the prefix for key file.
-*/
-static void
-getPrefix(char *filepath, char *basename, char *prefix, int maxprefixlen)
-{
- char *filename, *base;
- int prefixLen;
-
- if (NULL == prefix || 0 == maxprefixlen) {
- return;
- }
- prefix[0] = '\0';
-
- if((filename = strrchr(filepath, FILE_PATHSEP)) == NULL) {
- filename=filepath;
- }
- else {
- filename++; /* Skip '/' */
- }
-
- /* basename is either "-cert" or "-key" - look for last occurance */
- base = PL_strrstr(filename, basename);
- if (base == NULL) {
- return;
- }
-
- /* Include '-' into prefix */
- prefixLen = base-filename+1;
- if (prefixLen > maxprefixlen) {
- return;
- }
- memcpy(prefix, filename, prefixLen);
- prefix[prefixLen]=0;
-}
-
-static int initNSS(char *certdbFile, char *keydbFile)
+static int initNSS(const char *securitydir, AdmldapInfo info)
{
- char certdbPrefix[256], keydbPrefix[256];
- char secdbDir[PATH_MAX];
- char admconfDir[PATH_MAX];
+ char *custom_file_copy = NULL;
PRUint32 flags = 0;
char *db_name;
- getPrefix(certdbFile, "-cert", certdbPrefix, 256);
- getPrefix(keydbFile, "-key", keydbPrefix, 256);
-
- if(('\0' == certdbPrefix) || ('\0' == keydbPrefix)) return -1;
-
- PR_snprintf(secdbDir, sizeof(secdbDir), "%s%calias",
- getenv("NETSITE_ROOT"), FILE_PATHSEP);
- PR_snprintf(admconfDir, sizeof(admconfDir), "%s%cadmin-serv%cconfig",
- getenv("NETSITE_ROOT"), FILE_PATHSEP,FILE_PATHSEP);
-
/* PKSC11 module must be configured before NSS is initialized */
db_name = PL_strdup("internal (software) ");
if (!db_name) {
@@ -203,18 +168,23 @@
/*minPwdLen=*/8, /*pwdRequired=*/1);
/* init NSS */
- if (NSS_Initialize(secdbDir, certdbPrefix, keydbPrefix, "secmod.db", flags)) {
+ if (NSS_Initialize(securitydir, NULL, NULL, "secmod.db", flags)) {
return -1;
}
+ /* custom file should contain a line like this:
+ pinFile:/path/to/pinfile
+ The pin file should contain the pin for the token
+ We just use adm.conf as the custom file.
+ */
+ custom_file_copy = admldapGetConfigFileName(info);
+ PR_snprintf(custom_file, sizeof(custom_file), custom_file_copy);
+ PL_strfree(custom_file_copy);
/* set password function */
- PR_snprintf(custom_file, sizeof(custom_file), "%s%ccustom.conf",
- admconfDir, FILE_PATHSEP);
PK11_SetPasswordFunc(getPassword_cb);
/* enable all default ciphers */
- if (SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_FALSE)
- || SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE)) {
+ if (SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_FALSE)) {
return -1;
}
@@ -228,41 +198,32 @@
PR_IMPLEMENT(int)
-ADMSSL_InitSimple2(char* serverRoot)
+ADMSSL_InitSimple(char* configdir, char *securitydir)
{
AdmldapInfo admLdapInfo=NULL;
- char configDir[256];
int error;
- PR_snprintf(configDir, sizeof(configDir), "%s%cadmin-serv%cconfig",
- serverRoot, FILE_PATHSEP, FILE_PATHSEP);
- admLdapInfo = admldapBuildInfo(configDir, &error);
+ admLdapInfo = admldapBuildInfo(configdir, &error);
if (!admLdapInfo) return -1;
- if (!admldapGetSecurity(admLdapInfo)) return 0;
+ if (admldapGetSecurity(admLdapInfo)) {
+ error = ADMSSL_Init(admLdapInfo, securitydir);
+ } else {
+ error = 0;
+ }
- error = ADMSSL_Init(admLdapInfo, configDir);
destroyAdmldap(admLdapInfo);
return error;
}
-PR_IMPLEMENT(int)
-ADMSSL_InitSimple()
-{
- char *serverRoot = getenv("NETSITE_ROOT");
-
- return ADMSSL_InitSimple2(serverRoot);
-}
-
-
/* set minimum SSL stuff for LDAP/SSL to work */
PR_IMPLEMENT(int)
-ADMSSL_Init(AdmldapInfo info, char *admroot)
+ADMSSL_Init(AdmldapInfo info, char *securitydir)
{
- char *certdbFile, *keydbFile;
int secure;
char *dirURL, *bindDN, *bindPwd, *dirInfoRef;
int errCode;
+ int needfree = 0;
secure = admldapGetSecurity(info);
@@ -278,14 +239,18 @@
return 0;
}
- certdbFile = admldapGetCertDBFile(info);
- keydbFile = admldapGetKeyDBFile(info);
+ if (!securitydir) {
+ securitydir = admldapGetSecurityDir(info);
+ needfree = 1;
+ }
+
+ if((!securitydir)) return -1;
- if((!certdbFile) || (!keydbFile) || (!admroot)) return -1;
+ errCode = initNSS(securitydir, info);
- errCode = initNSS(certdbFile, keydbFile);
- PR_Free(certdbFile);
- PR_Free(keydbFile);
+ if (needfree) {
+ PL_strfree(securitydir);
+ }
return errCode;
}
@@ -433,244 +398,17 @@
#endif /* NET_SSL */
-
-/*
- * In HCL 1.5 final this is called by each socket created.
- * Pass the socket in. - adam
- */
-PR_IMPLEMENT(void)
-servssl_init(PsetHndl pset, PRFileDesc *fd, char *admroot)
-{
- SECKEYPrivateKey *key = NULL;
- CERTCertificate *cert = NULL;
- int rv;
-
- int errorCode;
- AttrNameList family_list;
-
- char *keyfn = NULL;
- char *certfn = NULL;
- char *val = NULL;
- char *val2 = NULL;
- int stimeout;
- long ssl3timeout;
-#define CIPHER_STRLEN 1024
- char cipher_string[CIPHER_STRLEN];
- int cipher_len = CIPHER_STRLEN;
-
- if (!pset) {
- servssl_error("Security Initialization: Failed to retrieve SSL cipher family information\n");
- return;
- }
-
- /* Get general pset information */
-
- keyfn = psetGetAttrSingleValue(pset,
- "configuration.encryption.nsKeyfile",
- &errorCode);
-
- certfn = psetGetAttrSingleValue(pset,
- "configuration.encryption.nsCertfile",
- &errorCode);
-
- val = psetGetAttrSingleValue(pset,
- "configuration.encryption.nsSslSessionTimeout",
- &errorCode);
-
- val2 = psetGetAttrSingleValue(pset,
- "configuration.encryption.nsSsl3SessionTimeout",
- &errorCode);
-
- if((!keyfn) || (!certfn) || (!val) || (!val2)) {
- servssl_error("Security Initialization: Failed to retrieve SSL cipher family information (error code = %d)\n", errorCode);
- return;
- }
-
- stimeout = atoi(val);
- ssl3timeout = atol(val2);
-
- /* Initialize the cert data base */
- if (initNSS(certfn, keyfn)) {
- servssl_error("Security Initialization: Failed to initialize NSS\n");
- return;
- }
-
- /* Set SSL cipher preferences */
- cipher_string[0] = '\0';
- val = NULL;
- val = psetGetAttrSingleValue(pset,
- "configuration.encryption.nsSsl2Ciphers",
- &errorCode);
- if(val && strcmp(val, "blank")) {
- PL_strncat(cipher_string, val, cipher_len);
- cipher_len -= PL_strlen(val);
- }
-
- val = NULL;
- val = psetGetAttrSingleValue(pset,
- "configuration.encryption.nsSsl3Ciphers",
- &errorCode);
- if(val && strcmp(val, "blank")) {
- if(cipher_string[0] != '\0') {
- PL_strncat(cipher_string, ",", cipher_len);
- cipher_len -= 1;
- }
- PL_strncat(cipher_string, val, cipher_len);
- cipher_len -= PL_strlen(val);
- }
-
- if(!strcmp(cipher_string, ""))
- _conf_setciphers(NULL);
- else {
- if(_conf_setciphers(cipher_string))
- servssl_warn("Security Initialization Warning: Failed to set SSL cipher preference information!");
- }
-
-
- /*
- * Now, get the complete list of cipher families. Each family
- * has a token name and personality name which we'll use to find
- * appropriate keys and certs, and call SSL_ConfigSecureServer
- * with.
- */
-
- if((family_list = psetGetChildren(pset, "configuration.Encryption", &errorCode))) {
- char **family;
- char cert_name[ADMSSL_BUF_LEN];
- char family_attribute[ADMSSL_BUF_LEN];
- char *token;
- char *personality;
- PK11SlotInfo *current_slot;
-
- for (family = family_list; *family; family++) {
-
- token = NULL;
- personality = NULL;
- val = NULL;
-
- PR_snprintf(family_attribute, sizeof(family_attribute),
- "%s.nsSslActivation", *family);
- val = psetGetAttrSingleValue(pset,
- family_attribute,
- &errorCode);
-
- if((!val) || (!strcmp(val, "off")))
- /* this family was turned off, goto next */
- continue;
-
- PR_snprintf(family_attribute, sizeof(family_attribute),
- "%s.nsSslToken", *family);
- token = psetGetAttrSingleValue(pset,
- family_attribute,
- &errorCode);
- PR_snprintf(family_attribute, sizeof(family_attribute),
- "%s.nsSslPersonalityssl", *family);
- personality = psetGetAttrSingleValue(pset,
- family_attribute,
- &errorCode);
-
- if((token) && (personality)) {
- if(strstr(token, "internal")) {
- PL_strncpyz(cert_name, personality, sizeof(cert_name));
- current_slot = PK11_GetInternalKeySlot();
- }
- else {
- /* external PKCS #11 token - attach token name */
- PR_snprintf(cert_name, sizeof(cert_name), "%s:%s",
- token, personality);
- current_slot = PK11_FindSlotByName(token);
- }
- }
- else {
- servssl_error("Security Initialization: Failed to get cipher family information");
- }
-
- /* Step Three.6 - If in FIPS mode, authenticate to the token before doing anything else */
- if(PK11_IsFIPS()) {
- PK11_Authenticate(current_slot, PR_FALSE, NULL);
- }
-
- PK11_SetSlotPWValues(current_slot, 0, 0);
-
- /* Step Four -- Locate the server certificate */
- cert = PK11_FindCertFromNickname(cert_name, NULL);
-
- if (cert == NULL) {
- servssl_error("Security Initialization: Can't find certificate (%s)", personality);
- }
-
- /* Step Four.5 -- check that the cert is valid */
- if(CERT_VerifyCertNow(/*certdb=*/NULL, cert, PR_FALSE, certUsageSSLServer, NULL) != SECSuccess) {
- servssl_warn("Security Initialization Warning: For certificate (%s) - %s",
- personality, SSL_Strerror(PR_GetError()));
- }
-
- /* Step Five -- Get the private key from cert */
- key = PK11_FindKeyByAnyCert(cert, NULL);
-
- if (key == NULL) {
- servssl_error("Security Initialization: Unable to retrieve private key (%d)", PR_GetError());
- }
-
- /* Step Six -- Configure Secure Server Mode */
- if(fd) {
- if(PK11_FortezzaHasKEA(cert) == PR_TRUE)
- rv = SSL_ConfigSecureServer(fd, cert, key, kt_fortezza);
- else
- rv = SSL_ConfigSecureServer(fd, cert, key, kt_rsa);
- }
- if (rv) {
- servssl_error("Security Initialization: Server key/certificate is bad (%d)",
- PR_GetError());
- }
- }
- }
-
- /* Step Seven -- Configure Server Session ID Cache */
- val = (char *)PR_Malloc(L_tmpnam * sizeof(char));
-#ifdef XP_WIN32
- if(GetTempPath(L_tmpnam, val) == 0)
- servssl_error("Security Initialization: Config of server nonce cache failed, "
- "cannot find a valid temporary directory! (%d)", GetLastError());
- rv = SSL_ConfigServerSessionIDCache(0, stimeout, ssl3timeout, val);
-#else
- rv = SSL_ConfigServerSessionIDCache(0, stimeout, ssl3timeout, dirname(tmpnam(val)));
-#endif
- PR_Free(val);
- if (rv) {
- if (PR_GetError() == ENOSPC) {
- servssl_error("Security Initialization: Config of server nonce cache failed, "
- "out of disk space! Make more room in /tmp "
- "and try again.");
- }
- else {
- servssl_error("Security Initialization: Config of server nonce cache failed (%d)",
- PR_GetError());
- }
- }
-
- /* Question- Any house cleaning here???? key, keydb, cert and certdb */
-}
-
-
/*
* Modify "security" in adm.conf and DS
*/
void set_security(PsetHndl pset,
- char *sroot,
- char *security,
- char *cert_file,
- char *key_file)
-{
- FILE *f;
- int i, modified_security=0, modified_cert=0, modified_key=0;
- static char filename[BIG_LINE];
- static char inbuf[BIG_LINE];
- static char buf[BIG_LINE];
- int linecnt=0;
- char *col;
- char *lines[50];
+ char *securitydir, /* where security files can be found */
+ char *configdir, /* where config files can be found */
+ char *security /* security on/off */
+)
+{
int rv;
+ AdmldapInfo admInfo = NULL;
/* set security attribute in DS */
if((pset) && (security) && (*security != '\0')) {
@@ -688,96 +426,21 @@
}
}
- /* add/edit security field in adm.conf */
- for(i=0; i<50; i++)
- lines[i] = NULL;
-
- PR_snprintf(filename, sizeof(filename),
- "%s/admin-serv/config/adm.conf", sroot);
-
- f = fopen(filename, "r");
- if (f==NULL) {
- fclose(f);
+ /* add/edit security fields in adm.conf */
+ rv = 0;
+ admInfo = admldapBuildInfoOnly(configdir, &rv);
+ if (!admInfo || rv) {
servssl_error("Can not open adm.conf for reading");
}
-
- while(fgets(inbuf, sizeof(inbuf), f) != NULL) {
- if ((strstr(inbuf,"security:") == inbuf) &&
- (security && *security != '\0')) {
- /* Line starts with "security" */
- col = strrchr(inbuf,':');
- if (col == NULL) {
- servssl_error("Bad format for adminurl in adm.conf");
- }
- *col=0;
- PR_snprintf(buf, sizeof(buf), "%s: %s\n", inbuf, security);
- lines[linecnt++] = PL_strdup(buf);
- modified_security=1;
- }
- else if ((strstr(inbuf,"certDBFile:") == inbuf) &&
- (cert_file && *cert_file != '\0')) {
- /* Line starts with "certDBFile" */
- col = strchr(inbuf,':');
- if (col == NULL) {
- servssl_error("Bad format for adminurl in adm.conf");
- }
- *col=0;
- PR_snprintf(buf, sizeof(buf), "%s: %s%c%s\n",
- inbuf, sroot, FILE_PATHSEP, cert_file);
- lines[linecnt++] = PL_strdup(buf);
- modified_cert=1;
- }
- else if ((strstr(inbuf,"keyDBFile:") == inbuf) &&
- (key_file && *key_file != '\0')) {
- /* Line starts with "keyDBFile" */
- col = strchr(inbuf,':');
- if (col == NULL) {
- servssl_error("Bad format for adminurl in adm.conf");
- }
- *col=0;
- PR_snprintf(buf, sizeof(buf), "%s: %s%c%s\n",
- inbuf, sroot, FILE_PATHSEP, key_file);
- lines[linecnt++] = PL_strdup(buf);
- modified_key=1;
- }
- else {
- lines[linecnt++] = PL_strdup(inbuf);
- }
- }
- fclose(f);
-
- if ((!modified_security) &&
- (security && *security != '\0')) {
- /* security not found - put it in */
- PR_snprintf(buf, sizeof(buf), "security: %s\n", security);
- lines[linecnt++] = PL_strdup(buf);
- }
- if ((!modified_cert) &&
- (cert_file && *cert_file != '\0')) {
- /* certDBFile not found - put it in */
- PR_snprintf(buf, sizeof(buf), "certDBFile: %s%c%s\n",
- sroot, FILE_PATHSEP, cert_file);
- lines[linecnt++] = PL_strdup(buf);
- }
- if ((!modified_key) &&
- (key_file && *key_file != '\0')) {
- /* keyDBFile not found - put it in */
- PR_snprintf(buf, sizeof(buf), "keyDBFile: %s%c%s\n",
- sroot, FILE_PATHSEP, key_file);
- lines[linecnt++] = PL_strdup(buf);
+
+ if (is_dir_ok(securitydir)) {
+ admldapSetSecurityDir(admInfo, securitydir);
}
-
- f = fopen(filename, "w");
- if (f==NULL) {
- fclose(f);
+
+ if (admldapWriteInfoFile(admInfo)) {
servssl_error("Can not open adm.conf for writing");
}
-
- for (i=0; i < linecnt; i++) {
- fprintf(f, "%s", lines[i]);
- }
-
- fclose(f);
+ destroyAdmldap(admInfo);
}
@@ -920,12 +583,11 @@
PR_IMPLEMENT(PRFileDesc*)
-SSLSocket_init(PRFileDesc *req_socket)
+SSLSocket_init(PRFileDesc *req_socket, const char *configdir, const char *securitydir)
{
PRFileDesc *ssl_socket = NULL;
- char *serverRoot = getenv("NETSITE_ROOT");
- if (ADMSSL_InitSimple() != 0) {
+ if (ADMSSL_InitSimple((char *)configdir, (char *)securitydir) != 0) {
PR_Close(ssl_socket);
return NULL;
}
Index: certmgt.c
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/certmgt.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- certmgt.c 20 Jul 2005 22:51:33 -0000 1.1.1.1
+++ certmgt.c 4 Apr 2007 19:37:47 -0000 1.2
@@ -37,26 +37,6 @@
#include <stdlib.h>
#include <string.h>
-/*
- * This function should not be used as of NSS 3.2. Open of CERTDB is
- * done with NSS initialize functions.
- */
-PR_IMPLEMENT(int)
-cmgOpenCertDB(char * alias, CERTCertDBHandle **dbhandle)
-{
- servssl_error("cmgOpenCertDB should not be used as of NSS 3.2\n");
- return -1;
-}
-
-/*
- * This function should not be used as of NSS 3.2. Close of CERTDB is
- * done with NSS_Shutdown() call.
- */
-PR_IMPLEMENT(void)
-cmgCloseCertDB(CERTCertDBHandle * handle)
-{
- servssl_error("cmgCloseCertDB should not be used as of NSS 3.2\n");
-}
/* Get a representative string for a given SECName */
PR_IMPLEMENT(char *)
@@ -82,40 +62,6 @@
return PORT_Strdup(s);
}
-PR_IMPLEMENT(int)
-cmgShowCerts(CERTCertDBHandle * handle, char * caption)
-{
- servssl_error("cmgShowCerts() is not ported to NSS 3.2 as not used (HTML)\n");
- return -1;
-}
-
-
-/*
- * cmgShowCertsBySlot
- * Output a list of server certificates belonging to an external slot.
- * (no HTML output)
- */
-
-PR_IMPLEMENT(int)
-cmgShowCertsBySlot(PK11SlotInfo *slot)
-{
- servssl_error("cmgShowCertsBySlot is not ported to NSS 3.2 as not used\n");
- return -1;
-}
-
-
-/*
- * cmgShowInternalCerts
- * Output a list of server certificates belonging to an internal slot.
- * (Unlike cmgShowCerts, this has no HTML output)
- */
-
-PR_IMPLEMENT(int)
-cmgShowInternalCerts(CERTCertDBHandle *handle)
-{
- servssl_error("cmgShowInternalCerts is not ported to NSS 3.2 as not used\n");
- return -1;
-}
static SECStatus cmgShowCrlRow(CERTSignedCrl *crl)
{
@@ -156,156 +102,6 @@
}
-#define BREAK "<br>"
-#define BREAKLEN 4
-#define COMMA ", "
-#define COMMALEN 2
-
-/********
- XXX Out of date, use at your own risk!
- We now use CERT_FormatName instead. -Adam
-*********/
-
-PR_IMPLEMENT(char *)
-cmgFormatName(CERTName *name)
-{
- CERTRDN** rdns;
- CERTRDN *rdn;
- CERTAVA** avas;
- CERTAVA* ava;
- char *buf = 0;
- char *tmpbuf = 0;
- unsigned len = 0;
- int tag;
- SECItem *cn, *email, *org, *orgunit, *loc, *state, *country;
- PRBool first;
-
- cn = 0;
- email = 0;
- org = 0;
- orgunit = 0;
- loc = 0;
- state = 0;
- country = 0;
-
- /* Loop over name components and gather the interesting ones */
- rdns = name->rdns;
- while ((rdn = *rdns++) != 0) {
- avas = rdn->avas;
- while ((ava = *avas++) != 0) {
- tag = CERT_GetAVATag(ava);
- switch(tag) {
- case SEC_OID_AVA_COMMON_NAME:
- cn = &ava->value;
- len += cn->len;
- break;
- case SEC_OID_AVA_COUNTRY_NAME:
- country = &ava->value;
- len += country->len;
- break;
- case SEC_OID_AVA_LOCALITY:
- loc = &ava->value;
- len += loc->len;
- break;
- case SEC_OID_AVA_STATE_OR_PROVINCE:
- state = &ava->value;
- len += state->len;
- break;
- case SEC_OID_AVA_ORGANIZATION_NAME:
- org = &ava->value;
- len += org->len;
- break;
- case SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME:
- orgunit = &ava->value;
- len += orgunit->len;
- break;
- case SEC_OID_PKCS9_EMAIL_ADDRESS:
- email = &ava->value;
- len += email->len;
- break;
- default:
- break;
- }
- }
- }
-
- /* XXX - add some for formatting */
- len += 128;
-
- /* allocate buffer */
- buf = (char *)PORT_Alloc(len);
- if ( !buf ) {
- return(0);
- }
-
- tmpbuf = buf;
-
- if ( cn ) {
- PORT_Memcpy(tmpbuf, cn->data + 2, cn->len - 2);
- tmpbuf += ( cn->len - 2 );
- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
- tmpbuf += BREAKLEN;
- }
- if ( email ) {
- PORT_Memcpy(tmpbuf, email->data + 2, email->len - 2);
- tmpbuf += ( email->len - 2 );
- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
- tmpbuf += BREAKLEN;
- }
- if ( orgunit ) {
- PORT_Memcpy(tmpbuf, orgunit->data + 2, orgunit->len - 2);
- tmpbuf += ( orgunit->len - 2 );
- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
- tmpbuf += BREAKLEN;
- }
- if ( org ) {
- PORT_Memcpy(tmpbuf, org->data + 2, org->len - 2);
- tmpbuf += ( org->len - 2 );
- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
- tmpbuf += BREAKLEN;
- }
- first = PR_TRUE;
- if ( loc ) {
- PORT_Memcpy(tmpbuf, loc->data + 2, loc->len - 2);
- tmpbuf += ( loc->len - 2 );
- first = PR_FALSE;
- }
- if ( state ) {
- if ( !first ) {
- PORT_Memcpy(tmpbuf, COMMA, COMMALEN);
- tmpbuf += COMMALEN;
- }
- PORT_Memcpy(tmpbuf, state->data + 2, state->len - 2);
- tmpbuf += ( state->len - 2 );
- first = PR_FALSE;
- }
- if ( country ) {
- if ( !first ) {
- PORT_Memcpy(tmpbuf, COMMA, COMMALEN);
- tmpbuf += COMMALEN;
- }
- PORT_Memcpy(tmpbuf, country->data + 2, country->len - 2);
- tmpbuf += ( country->len - 2 );
- first = PR_FALSE;
- }
- if ( !first ) {
- PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
- tmpbuf += BREAKLEN;
- }
-
- *tmpbuf = 0;
-
- return(buf);
-}
-
-PR_IMPLEMENT(char *)
-cmgHTMLCertInfo(CERTCertificate *cert)
-{
- servssl_error("cmgHTMLCertInfo() is not ported to NSS 3.2 as not used (HTML)\n");
- return NULL;
-}
-
-
PR_IMPLEMENT(char *)
cmgHTMLCrlInfo(CERTSignedCrl *crl)
{
@@ -314,7 +110,6 @@
#define NCHARPERLINE 50
#define NLINES 20
- const int output_buflen = NCHARPERLINE * NLINES;
char * outputBuffer;
if (!crl) {
@@ -402,21 +197,3 @@
else
return NULL;
}
-
-
-void
-ByteRev(unsigned char *cpLENumber, int iSize)
-{
- int iCursor = 0, iLimit;
- unsigned char cTemp;
-
- iLimit = iSize/2; /* Last byte to exchange */
- for (; iCursor<iLimit; iCursor++)
- {
- cTemp = *(cpLENumber+iCursor);
- *(cpLENumber+iCursor) = *(cpLENumber+iSize-iCursor-1);
- *(cpLENumber+iSize-iCursor-1) = cTemp;
- }
-
- return;
-}
Index: psetcssl.c
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/psetcssl.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- psetcssl.c 11 May 2006 23:30:32 -0000 1.2
+++ psetcssl.c 4 Apr 2007 19:37:47 -0000 1.3
@@ -25,6 +25,7 @@
#include <ctype.h>
#include "ldap.h"
#include "ldap_ssl.h"
+#include "libadminutil/distadm.h"
#include "libadmsslutil/psetcssl.h"
#ifdef XP_WIN32
@@ -36,13 +37,53 @@
#define PATH_MAX 256
#endif
+/* returns true if the given path is a valid directory, false otherwise */
+static int
+is_dir_ok(const char *path)
+{
+ PRFileInfo prinfo;
+ int ret = 0;
+
+ if (path && *path &&
+ (PR_SUCCESS == PR_GetFileInfo(path, &prinfo)) &&
+ prinfo.type == PR_FILE_DIRECTORY) {
+ ret = 1;
+ }
+
+ return ret;
+}
+
+/* returns full path and file name if the file was found somewhere, false otherwise
+ file may not yet exist, but we will create it if the dir exists */
+static char *
+find_file_in_paths(
+ const char *filename, /* the base filename to look for */
+ const char *path /* path given by caller */
+)
+{
+ char *retval = NULL;
+ char *adminutilConfDir = getenv(ADMINUTIL_CONFDIR_ENV_VAR);
+
+ /* try given path */
+ if (!is_dir_ok(path)) {
+ if (is_dir_ok(adminutilConfDir)) {
+ path = adminutilConfDir;
+ } else {
+ return retval;
+ }
+ }
+ retval = PR_smprintf("%s/%s", path, filename);
+
+ return retval;
+}
+
PR_IMPLEMENT(PsetHndl)
psetRealLDAPImportSSL(PsetHndl pseth, char* ldapHost, int ldapPort,
int secure, char* sieDN, char* userDN, char* passwd,
char* configFile, char* filter, int* errorcode)
{
LDAP *ld = NULL;
- PsetHndl psethndl;
+ PsetHndl psethndl = NULL;
int ldapError, unbindF = 0;
if ((!ldapHost) || (ldapPort < 1) || (!sieDN)) {
@@ -68,12 +109,14 @@
case LDAP_INSUFFICIENT_ACCESS:
/* authenticate failed: Should not continue */
/* ldap_perror( pset->ld, "ldap_simple_bind_s" ); */
+ ldap_unbind(ld);
*errorcode = PSET_AUTH_FAIL;
return NULL;
case LDAP_NO_SUCH_OBJECT:
case LDAP_ALIAS_PROBLEM:
case LDAP_INVALID_DN_SYNTAX:
/* Not a good DN */
+ ldap_unbind(ld);
*errorcode = PSET_ENTRY_NOT_EXIST;
return NULL;
default:
@@ -111,12 +154,10 @@
int* errorcode)
{
PsetHndl pset;
- AdmldapInfo ldapInfo= NULL, admLdapInfo=NULL;
- char *serverRoot = getenv("NETSITE_ROOT");
- char path[PATH_MAX], *ldapHost=NULL, *sieDN, *bindPasswd = NULL;
- char *secureStr = NULL;
+ AdmldapInfo ldapInfo= NULL;
+ char *path = NULL, *ldapHost=NULL, *sieDN, *bindPasswd = NULL;
char *userDN = NULL;
- int ldapPort = 389, dummy, secure = 0;
+ int ldapPort = -1, secure = 0;
ldapInfo = admldapBuildInfo(configRoot, errorcode);
@@ -126,18 +167,6 @@
ldapHost = admldapGetHost(ldapInfo);
ldapPort = admldapGetPort(ldapInfo);
- /* For non-admin server, if no ldap information, get ldap host and port
- from admin server */
- if (strcasecmp(serverID, "admin-serv")) {
- if (!ldapHost && serverRoot) {
- PR_snprintf(path, sizeof(path), "%s%cadmin-serv%cconfig",
- serverRoot, FILE_PATHSEP, FILE_PATHSEP);
- admLdapInfo = admldapBuildInfo(configRoot, &dummy);
- ldapHost = admldapGetHost(admLdapInfo);
- ldapPort = admldapGetPort(admLdapInfo);
- }
- }
-
*errorcode = PSET_OP_OK;
if (!ldapHost) ldapHost = PL_strdup("localhost");
@@ -152,6 +181,9 @@
/* Get SIE and password */
sieDN = admldapGetSIEDN(ldapInfo);
if (!user) {
+ ADM_GetUserDNString(errorcode, &user);
+ }
+ if (!user) {
ADM_GetCurrentUsername(errorcode, &user);
}
/* if user is just attr val, get dn */
@@ -166,17 +198,19 @@
}
}
- if (configRoot)
- PR_snprintf(path, sizeof(path), "%s%clocal.conf", configRoot, FILE_PATHSEP);
- else
- PR_snprintf(path, sizeof(path), "%s%c%s%cconfig%clocal.conf",
- serverRoot, FILE_PATHSEP, serverID, FILE_PATHSEP, FILE_PATHSEP);
+ /* find local.conf file */
+ if (!(path = find_file_in_paths("local.conf", configRoot))) {
+ /* error - no valid file or dir could be found */
+ *errorcode = PSET_ENV_ERR;
+ }
pset = psetRealCreateSSL(ldapHost, ldapPort, secure, sieDN, userDN,
bindPasswd, path, errorcode);
destroyAdmldap(ldapInfo);
+ PR_Free(userDN);
PR_Free(ldapHost);
PR_Free(sieDN);
+ PR_smprintf_free(path);
if (!passwd) { if (bindPasswd) PR_Free(bindPasswd); }
return pset;
}
Index: secpwd.c
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/secpwd.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- secpwd.c 20 Jul 2005 22:51:33 -0000 1.1.1.1
+++ secpwd.c 4 Apr 2007 19:37:47 -0000 1.2
@@ -39,6 +39,10 @@
#include <termios.h>
#include <stdio.h>
+#if HAVE_UNISTD_H == 1
+#include <unistd.h>
+#endif
+
static void echoOff(int fd)
{
if (isatty(fd)) {
Index: srvutilssl.c
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/srvutilssl.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- srvutilssl.c 3 Nov 2006 21:26:35 -0000 1.3
+++ srvutilssl.c 4 Apr 2007 19:37:47 -0000 1.4
@@ -80,7 +80,8 @@
nl = retrieveSIEs(domainPset, domainDN, adminName);
- psetDelete(domainPset); /* free sie, domainDN, internally */
+ psetDelete(domainPset);
+ if (domainDN) PR_Free(domainDN);
if (sie) PR_Free(sie);
if (isie) PR_Free(isie);
return nl;
@@ -136,6 +137,7 @@
resultList = retrieveISIEs(domainPset, domainDN);
psetDelete(domainPset);
+ PR_Free(isie);
return resultList;
err:
if (isie) PR_Free(isie);
Index: uginfossl.c
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/uginfossl.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- uginfossl.c 3 Nov 2006 21:26:35 -0000 1.2
+++ uginfossl.c 4 Apr 2007 19:37:47 -0000 1.3
@@ -34,9 +34,8 @@
static AdmldapInfo
-admldapCGIbuild(int* error_code)
+admldapCGIbuild(AdmldapInfo ldapInfo, int* error_code)
{
- AdmldapInfo ldapInfo;
char *localAdmin = 0;
char *username = 0;
char *binddn = 0;
@@ -45,17 +44,11 @@
LDAP *ld;
int rv, err;
int ldapError;
- char *admroot = getenv("ADMSERV_ROOT");
- /* Get UserDN and User Password */
- if (admroot) {
- ldapInfo = admldapBuildInfo(admroot, &rv);
- }
- else {
+ if (!ldapInfo) {
*error_code = ADMUTIL_ENV_ERR;
return NULL;
}
-
/* Get UserDN and User Password */
rv = ADM_GetUserDNString(&err, &binddn);
@@ -156,16 +149,16 @@
}
PR_IMPLEMENT(int)
-admldapSetAdmGrpUserDirectoryCGI(char* directoryURL,
+admldapSetAdmGrpUserDirectoryCGI(AdmldapInfo ldapInfo,
+ char* directoryURL,
char* bindDN,
char* bindPassword,
char* directoryInfoRef,
int* error_code)
{
int errorCode, status;
- AdmldapInfo ldapInfo;
- if ((ldapInfo = admldapCGIbuild(&errorCode)) == NULL) {
+ if ((ldapInfo = admldapCGIbuild(ldapInfo, &errorCode)) == NULL) {
*error_code = UG_OP_FAIL;
return 0;
}
@@ -177,21 +170,20 @@
directoryInfoRef,
error_code);
- destroyAdmldap(ldapInfo);
return status;
}
PR_IMPLEMENT(int)
-admldapSetDomainUserDirectoryCGI(char* directoryURL,
+admldapSetDomainUserDirectoryCGI(AdmldapInfo ldapInfo,
+ char* directoryURL,
char* bindDN,
char* bindPassword,
char* directoryInfoRef,
int* error_code)
{
int errorCode, status;
- AdmldapInfo ldapInfo;
- if ((ldapInfo = admldapCGIbuild(&errorCode)) == NULL) {
+ if ((ldapInfo = admldapCGIbuild(ldapInfo, &errorCode)) == NULL) {
*error_code = UG_OP_FAIL;
return 0;
}
@@ -203,6 +195,5 @@
directoryInfoRef,
error_code);
- destroyAdmldap(ldapInfo);
return status;
}
- Previous message (by thread): [Fedora-directory-commits] adminutil/include/libadmsslutil admsslutil.h, 1.2, 1.3 certmgt.h, 1.2, 1.3 sslpset.h, 1.2, NONE
- Next message (by thread): [Fedora-directory-commits] adminutil/tests nsroot.ldif, NONE, 1.1 psetread.c, NONE, 1.1 psetreadssl.c, NONE, 1.1 psetwrite.c, NONE, 1.1 retrieveSIEssl.c, NONE, 1.1 setup.sh, NONE, 1.1 readme.txt, 1.1, 1.2 retrieveSIE.c, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-directory-commits
mailing list