November 2005 - 389-commits - Fedora Mailing-Lists

[Fedora-directory-commits] adminserver/admserv pkgadmin.mk, 1.31, 1.32

by Doctor Conrad

Author: nhosoi Update of /cvs/dirsec/adminserver/admserv In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1006/admserv Modified Files: pkgadmin.mk Log Message: Adjusted Admin Util and Console build path for the external build. Index: pkgadmin.mk =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/pkgadmin.mk,v retrieving revision 1.31 retrieving revision 1.32 diff -u -r1.31 -r1.32 --- pkgadmin.mk 16 Nov 2005 03:18:29 -0000 1.31 +++ pkgadmin.mk 23 Nov 2005 01:25:51 -0000 1.32 @@ -254,8 +254,8 @@ # Copy LIB ADMIN UTIL cd $(ADMINUTIL_LIBPATH); cp -p $(ADMINUTIL_SOLIBS) $(ADMIN_DIR)/bin/admin/lib - -$(MKDIR) $(ADMIN_DIR)/bin/admin/lib/property - cp -p $(ADMINUTIL_LIBPATH)/property/* $(ADMIN_DIR)/bin/admin/lib/property + -$(MKDIR) $(ADMIN_DIR)/bin/admin/lib/adminutil-properties + cp -p $(ADMINUTIL_LIBPATH)/adminutil-properties/* $(ADMIN_DIR)/bin/admin/lib/adminutil-properties cd $(ADMSERV_OBJDIR)/cmdln; \ cp -p admconfig $(ADMIN_DIR)/bin/admin;

18 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] adminserver buildpaths.mk, 1.4, 1.5 nsconfig.mk, 1.19, 1.20

by Doctor Conrad

Author: nhosoi Update of /cvs/dirsec/adminserver In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1006 Modified Files: buildpaths.mk nsconfig.mk Log Message: Adjusted Admin Util and Console build path for the external build. Index: buildpaths.mk =================================================================== RCS file: /cvs/dirsec/adminserver/buildpaths.mk,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- buildpaths.mk 3 Nov 2005 23:20:38 -0000 1.4 +++ buildpaths.mk 23 Nov 2005 01:25:45 -0000 1.5 @@ -84,7 +84,7 @@ SETUPUTIL_SOURCE_ROOT = $(BUILD_ROOT)/../setuputil #SETUPUTIL_BUILD_DIR = $(NSCP_DISTDIR_FULL_RTL)/setuputil -CONSOLE_SOURCE_DIR = $(BUILD_ROOT)/../console +CONSOLE_SOURCE_DIR = $(BUILD_ROOT)/.. #LDAPJDK_SOURCE_DIR = $(MOZILLA_SOURCE_ROOT) LDAPJDK_BUILD_DIR = $(CONSOLE_SOURCE_DIR)/imports/ldapjdk Index: nsconfig.mk =================================================================== RCS file: /cvs/dirsec/adminserver/nsconfig.mk,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- nsconfig.mk 16 Nov 2005 03:18:24 -0000 1.19 +++ nsconfig.mk 23 Nov 2005 01:25:45 -0000 1.20 @@ -793,7 +793,7 @@ ADMINUTIL_LIB_VERSION=10 ifdef ADMINUTIL_SOURCE_ROOT ADMINUTIL_LIBPATH = $(ADMINUTIL_SOURCE_ROOT)/built/adminutil/$(PLATFORM_DEST)/lib - ADMINUTIL_INCLUDE = $(ADMINUTIL_SOURCE_ROOT)/built/adminutil/$(PLATFORM_DEST)/include + ADMINUTIL_INCLUDE = $(ADMINUTIL_SOURCE_ROOT)/built/adminutil/$(PLATFORM_DEST)/include/adminutil-1.0 else ADMINUTIL_LIBPATH = $(ADMINUTIL_BUILD_DIR)/lib ADMINUTIL_INCLUDE = $(ADMINUTIL_BUILD_DIR)/include

18 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] ldapserver/ldap/servers/slapd log.c, 1.6, 1.6.2.1 main.c, 1.7, 1.7.2.1 util.c, 1.6, 1.6.2.1 proto-slap.h, 1.10.2.1, 1.10.2.2

by Doctor Conrad

Author: nhosoi Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv963 Modified Files: Tag: Directory71RtmBranch log.c main.c util.c proto-slap.h Log Message: [173687] deadlock caused by error log rotation and logging Modified to change the owner to the "localuser" if the error log file is not owned by the user. Index: log.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/log.c,v retrieving revision 1.6 retrieving revision 1.6.2.1 diff -u -r1.6 -r1.6.2.1 --- log.c 19 Apr 2005 22:07:36 -0000 1.6 +++ log.c 23 Nov 2005 01:22:16 -0000 1.6.2.1 @@ -48,6 +48,7 @@ #include "log.h" #include "fe.h" +#include <pwd.h> /* getpwnam */ #if defined( XP_WIN32 ) #include <fcntl.h> @@ -3225,6 +3226,17 @@ char tbuf[TBUFSIZE]; struct logfileinfo *logp; char buffer[BUFSIZ]; + struct passwd *pw = NULL; + + slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); + + if ( slapdFrontendConfig->localuser != NULL ) { + if ( (pw = getpwnam( slapdFrontendConfig->localuser )) == NULL ) + return LOG_UNABLE_TO_OPENFILE; + } + else { + return LOG_UNABLE_TO_OPENFILE; + } if (!locked) LOG_ERROR_LOCK_WRITE( ); @@ -3287,6 +3299,12 @@ return LOG_UNABLE_TO_OPENFILE; } + /* make sure the logfile is owned by the localuser. If one of the + * alternate ns-slapd modes, such as db2bak, tries to log an error + * at startup, it will create the logfile as root! + */ + slapd_chown_if_not_owner(loginfo.log_error_file, pw->pw_uid, -1); + loginfo.log_error_fdes = fp; if (logfile_state == LOGFILE_REOPENED) { /* we have all the information */ Index: main.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/main.c,v retrieving revision 1.7 retrieving revision 1.7.2.1 diff -u -r1.7 -r1.7.2.1 --- main.c 19 Apr 2005 22:07:36 -0000 1.7 +++ main.c 23 Nov 2005 01:22:16 -0000 1.7.2.1 @@ -207,32 +207,6 @@ #ifndef WIN32 -/* Changes the ownership of the given file/directory iff not - already the owner - Returns 0 upon success or non-zero otherwise, usually -1 if - some system error occurred -*/ -static int -chown_if_not_owner(const char *filename, uid_t uid, gid_t gid) -{ - struct stat statbuf; - int result = 1; - if (!filename) - return result; - - memset(&statbuf, '\0', sizeof(statbuf)); - if (!(result = stat(filename, &statbuf))) - { - if (((uid != -1) && (uid != statbuf.st_uid)) || - ((gid != -1) && (gid != statbuf.st_gid))) - { - result = chown(filename, uid, gid); - } - } - - return result; -} - /* Four cases: - change ownership of all files in directory (strip_fn=PR_FALSE) @@ -258,7 +232,7 @@ if((ptr=strrchr(log,'/'))==NULL) { LDAPDebug(LDAP_DEBUG_ANY, "Caution changing ownership of ./%s \n",name,0,0); - chown_if_not_owner(log, pw->pw_uid, -1 ); + slapd_chown_if_not_owner(log, pw->pw_uid, -1 ); rc=1; } else if(log==ptr) { LDAPDebug(LDAP_DEBUG_ANY, "Caution changing ownership of / directory and its contents to %s\n",pw->pw_name,0,0); @@ -273,7 +247,7 @@ while( (entry = PR_ReadDir(dir , PR_SKIP_BOTH )) !=NULL ) { PR_snprintf(file,MAXPATHLEN+1,"%s/%s",log,entry->name); - chown_if_not_owner( file, pw->pw_uid, -1 ); + slapd_chown_if_not_owner( file, pw->pw_uid, -1 ); } PR_CloseDir( dir ); } @@ -302,7 +276,7 @@ } /* The instance directory needs to be owned by the local user */ - chown_if_not_owner( slapdFrontendConfig->instancedir, pw->pw_uid, -1 ); + slapd_chown_if_not_owner( slapdFrontendConfig->instancedir, pw->pw_uid, -1 ); PR_snprintf(dirname,sizeof(dirname),"%s/config",slapdFrontendConfig->instancedir); chown_dir_files(dirname, pw, PR_FALSE); /* config directory */ chown_dir_files(slapdFrontendConfig->accesslog, pw, PR_TRUE); /* do access log directory */ Index: util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/util.c,v retrieving revision 1.6 retrieving revision 1.6.2.1 diff -u -r1.6 -r1.6.2.1 --- util.c 19 Apr 2005 22:07:37 -0000 1.6 +++ util.c 23 Nov 2005 01:22:16 -0000 1.6.2.1 @@ -631,3 +631,30 @@ return( rc ); } /*****************************************************************************/ + +/* Changes the ownership of the given file/directory if not + already the owner + Returns 0 upon success or non-zero otherwise, usually -1 if + some system error occurred +*/ +int +slapd_chown_if_not_owner(const char *filename, uid_t uid, gid_t gid) +{ + struct stat statbuf; + int result = 1; + if (!filename) + return result; + + memset(&statbuf, '\0', sizeof(statbuf)); + if (!(result = stat(filename, &statbuf))) + { + if (((uid != -1) && (uid != statbuf.st_uid)) || + ((gid != -1) && (gid != statbuf.st_gid))) + { + result = chown(filename, uid, gid); + } + } + + return result; +} + Index: proto-slap.h =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/proto-slap.h,v retrieving revision 1.10.2.1 retrieving revision 1.10.2.2 diff -u -r1.10.2.1 -r1.10.2.2 --- proto-slap.h 25 Aug 2005 18:25:08 -0000 1.10.2.1 +++ proto-slap.h 23 Nov 2005 01:22:16 -0000 1.10.2.2 @@ -588,6 +588,7 @@ */ void slapd_nasty(char* str, int c, int err); int strarray2str( char **a, char *buf, size_t buflen, int include_quotes ); +int slapd_slapd_chown_if_not_owner(const char *filename, uid_t uid, gid_t gid); /* * modify.c

18 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] ldapserver/ldap/servers/plugins/views views.c, 1.6, 1.7

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/views In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23412/ldapserver/ldap/servers/plugins/views Modified Files: views.c Log Message: Cannot pass const strings into slapi_str2filter, since it can modify the contents. I'm not sure why we haven't caught this earlier, but I believe it has something to do with the patch to make ds build on Fedora Core 4 with gcc4. To do that, we turn off the -fwriteable-strings argument to gcc. I suppose with it on, it moves those strings to some sort of writeable memory location. With it off, constant strings are definitely in the data section. There was one place in views that used a constant string, and a couple of places in the windows sync code. Index: views.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/views/views.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- views.c 11 Aug 2005 16:45:04 -0000 1.6 +++ views.c 22 Nov 2005 03:40:14 -0000 1.7 @@ -735,6 +735,7 @@ Slapi_Filter *pCurrentFilter = 0; Slapi_Filter *pBuiltFilter = 0; Slapi_Filter *pViewEntryExcludeFilter = 0; + char *excludeFilter; if(pView->includeAncestorFiltersFilter) { @@ -769,7 +770,11 @@ } /* filter for removing view entries from search */ - pViewEntryExcludeFilter = slapi_str2filter( "(!(objectclass=" VIEW_OBJECTCLASS "))" ); + /* richm - slapi_str2filter _writes_ to it's argument, so we have to pass in + some writeable memory, or core dump, do not pass go */ + excludeFilter = slapi_ch_strdup("(!(objectclass=" VIEW_OBJECTCLASS "))"); + pViewEntryExcludeFilter = slapi_str2filter( excludeFilter ); + slapi_ch_free_string(&excludeFilter); if(pBuiltFilter) pView->includeAncestorFiltersFilter = slapi_filter_join_ex( LDAP_FILTER_AND, pBuiltFilter, pViewEntryExcludeFilter, 0 );

18 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] ldapserver/ldap/servers/plugins/replication windows_protocol_util.c, 1.22, 1.23

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/replication In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23412/ldapserver/ldap/servers/plugins/replication Modified Files: windows_protocol_util.c Log Message: Cannot pass const strings into slapi_str2filter, since it can modify the contents. I'm not sure why we haven't caught this earlier, but I believe it has something to do with the patch to make ds build on Fedora Core 4 with gcc4. To do that, we turn off the -fwriteable-strings argument to gcc. I suppose with it on, it moves those strings to some sort of writeable memory location. With it off, constant strings are definitely in the data section. There was one place in views that used a constant string, and a couple of places in the windows sync code. Index: windows_protocol_util.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/replication/windows_protocol_util.c,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- windows_protocol_util.c 20 Oct 2005 17:12:16 -0000 1.22 +++ windows_protocol_util.c 22 Nov 2005 03:40:08 -0000 1.23 @@ -1570,11 +1570,12 @@ { int retval = 0; - char *string_deleted = "(isdeleted=*)"; + char *string_deleted = slapi_ch_strdup("(isdeleted=*)"); /* DBDB: we should allocate these filters once and keep them around for better performance */ Slapi_Filter *filter_deleted = slapi_str2filter( string_deleted ); + slapi_ch_free_string(&string_deleted); /* DBDB: this should be one filter, the code originally tested separately and hasn't been fixed yet */ if ( (slapi_filter_test_simple( e, filter_deleted ) == 0) ) { @@ -2251,9 +2252,10 @@ /* Next test for the correct kind of entry */ if (local_entry) { /* DBDB: we should allocate these filters once and keep them around for better performance */ - char *string_filter = "(&(|(objectclass=ntuser)(objectclass=ntgroup))(ntUserDomainId=*))"; + char *string_filter = slapi_ch_strdup("(&(|(objectclass=ntuser)(objectclass=ntgroup))(ntUserDomainId=*))"); Slapi_Filter *filter = slapi_str2filter( string_filter ); + slapi_ch_free_string(&string_filter); if (slapi_filter_test_simple( (Slapi_Entry*)local_entry, filter ) == 0) { retval = 1;

18 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] ldapserver/ldap/servers/slapd main.c, 1.9, 1.10

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/ldapserver/ldap/servers/slapd In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9395/ldapserver/ldap/servers/slapd Modified Files: main.c Log Message: 1) Move the import, export, etc. (non network server mode) code to after the NSS/SSL init. For example, import needs to hash passwords, export of encrypted attrs needs encryption. 2) Only create, configure (for SSL) and bind TCP ports if running in regular or referral mode. Before, the code short circuited if doing import, export, etc. before getting to the port stuff. But since 1) above, the code needs to take care only to do network related stuff if in network mode. Index: main.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/main.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- main.c 18 Nov 2005 21:09:46 -0000 1.9 +++ main.c 21 Nov 2005 04:07:07 -0000 1.10 @@ -817,68 +817,23 @@ /* Set entry points in libslapd */ set_entry_points(); - /* - * if we were called upon to do special database stuff, do it and be - * done. - */ - switch ( slapd_exemode ) { - case SLAPD_EXEMODE_LDIF2DB: - return slapd_exemode_ldif2db(); - - case SLAPD_EXEMODE_DB2LDIF: - return slapd_exemode_db2ldif(argc,argv); - - case SLAPD_EXEMODE_DB2INDEX: - return slapd_exemode_db2index(); - - case SLAPD_EXEMODE_ARCHIVE2DB: - return slapd_exemode_archive2db(); - - case SLAPD_EXEMODE_DB2ARCHIVE: - return slapd_exemode_db2archive(); - - case SLAPD_EXEMODE_DBTEST: - return slapd_exemode_dbtest(); - - case SLAPD_EXEMODE_REFERRAL: - /* check that all the necessary info was given, then go on */ - if (! config_check_referral_mode()) { - LDAPDebug(LDAP_DEBUG_ANY, - "ERROR: No referral URL supplied\n", 0, 0, 0); - usage( myname, extraname ); - exit(1); - } - break; - - case SLAPD_EXEMODE_SUFFIX2INSTANCE: - return slapd_exemode_suffix2instance(); - -#if defined(UPGRADEDB) - case SLAPD_EXEMODE_UPGRADEDB: - return slapd_exemode_upgradedb(); -#endif - - case SLAPD_EXEMODE_PRINTVERSION: - slapd_print_version(1); - exit(1); - } - #if defined( XP_WIN32 ) - /* Register with the NT EventLog */ - hSlapdEventSource = RegisterEventSource(NULL, pszServerName ); - if( !hSlapdEventSource ) - { - char szMessage[256]; - PR_snprintf( szMessage, sizeof(szMessage), "Directory Server %s is terminating. Failed " - "to set the EventLog source.", pszServerName); - MessageBox(GetDesktopWindow(), szMessage, " ", - MB_ICONEXCLAMATION | MB_OK); - exit( 1 ); - } + if (slapd_exemode == SLAPD_EXEMODE_SLAPD) { + /* Register with the NT EventLog */ + hSlapdEventSource = RegisterEventSource(NULL, pszServerName ); + if( !hSlapdEventSource ) { + char szMessage[256]; + PR_snprintf( szMessage, sizeof(szMessage), "Directory Server %s is terminating. Failed " + "to set the EventLog source.", pszServerName); + MessageBox(GetDesktopWindow(), szMessage, " ", + MB_ICONEXCLAMATION | MB_OK); + exit( 1 ); + } - /* Check to ensure there isn't a copy of this server already running. */ - if( MultipleInstances() ) - exit( 1 ); + /* Check to ensure there isn't a copy of this server already running. */ + if( MultipleInstances() ) + exit( 1 ); + } #endif /* @@ -897,7 +852,8 @@ * we need to be root in order to open them. */ - { + if ((slapd_exemode == SLAPD_EXEMODE_SLAPD) || + (slapd_exemode == SLAPD_EXEMODE_REFERRAL)) { ports_info.n_port = (unsigned short)n_port; if ( slapd_listenhost2addr( config_get_listenhost(), &ports_info.n_listenaddr ) != 0 ) { @@ -958,13 +914,62 @@ exit( 1 ); } - if ( init_ssl && ( 0 != slapd_ssl_init2(&ports_info.s_socket, 0) ) ) { - LDAPDebug(LDAP_DEBUG_ANY, - "ERROR: SSL Initialization phase 2 Failed.\n", 0, 0, 0 ); - exit( 1 ); + if ((slapd_exemode == SLAPD_EXEMODE_SLAPD) || + (slapd_exemode == SLAPD_EXEMODE_REFERRAL)) { + if ( init_ssl && ( 0 != slapd_ssl_init2(&ports_info.s_socket, 0) ) ) { + LDAPDebug(LDAP_DEBUG_ANY, + "ERROR: SSL Initialization phase 2 Failed.\n", 0, 0, 0 ); + exit( 1 ); + } } /* + * if we were called upon to do special database stuff, do it and be + * done. + */ + switch ( slapd_exemode ) { + case SLAPD_EXEMODE_LDIF2DB: + return slapd_exemode_ldif2db(); + + case SLAPD_EXEMODE_DB2LDIF: + return slapd_exemode_db2ldif(argc,argv); + + case SLAPD_EXEMODE_DB2INDEX: + return slapd_exemode_db2index(); + + case SLAPD_EXEMODE_ARCHIVE2DB: + return slapd_exemode_archive2db(); + + case SLAPD_EXEMODE_DB2ARCHIVE: + return slapd_exemode_db2archive(); + + case SLAPD_EXEMODE_DBTEST: + return slapd_exemode_dbtest(); + + case SLAPD_EXEMODE_REFERRAL: + /* check that all the necessary info was given, then go on */ + if (! config_check_referral_mode()) { + LDAPDebug(LDAP_DEBUG_ANY, + "ERROR: No referral URL supplied\n", 0, 0, 0); + usage( myname, extraname ); + exit(1); + } + break; + + case SLAPD_EXEMODE_SUFFIX2INSTANCE: + return slapd_exemode_suffix2instance(); + +#if defined(UPGRADEDB) + case SLAPD_EXEMODE_UPGRADEDB: + return slapd_exemode_upgradedb(); +#endif + + case SLAPD_EXEMODE_PRINTVERSION: + slapd_print_version(1); + exit(1); + } + + /* * Detach ourselves from the terminal (unless running in debug mode). * We must detach before we start any threads since detach forks() on * UNIX.

18 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] ldapserver/ldap/cm Makefile,1.44,1.45

by Doctor Conrad

Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/cm In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9675 Modified Files: Makefile Log Message: Need to package online help files for external builds Index: Makefile =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/cm/Makefile,v retrieving revision 1.44 retrieving revision 1.45 diff -u -r1.44 -r1.45 --- Makefile 16 Nov 2005 03:53:06 -0000 1.44 +++ Makefile 19 Nov 2005 00:50:32 -0000 1.45 @@ -515,12 +515,11 @@ fi # copy the manual files from the zip files or checked out directory if [ "$(DSDOC_DIR)" -a -d "$(DSDOC_DIR)" ] ; then \ - cd $(RELDIR)/manual/en/slapd; \ if [ -f $(DSDOC_DIR)/$(DSDOC_COPYRIGHT) ] ; then \ - $(UNZIP) $(DSDOC_DIR)/$(DSDOC_COPYRIGHT); \ - $(UNZIP) $(DSDOC_DIR)/$(DSDOC_CLIENTS); \ + $(UNZIP) $(DSDOC_DIR)/$(DSDOC_COPYRIGHT) -d $(RELDIR)/manual/en/slapd ; \ + $(UNZIP) $(DSDOC_DIR)/$(DSDOC_CLIENTS) -d $(RELDIR)/manual/en/slapd ; \ else \ - cp -r $(DSDOC_DIR) . ; \ + cp -r $(DSDOC_DIR) $(RELDIR)/manual/en/slapd ; \ fi ; \ fi

18 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] adminserver/admserv/cfgstuff admserv.conf, 1.10, 1.11

by Doctor Conrad

Author: nkinder Update of /cvs/dirsec/adminserver/admserv/cfgstuff In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9626 Modified Files: admserv.conf Log Message: Admin Express cgi needs NESCompatEnv set for help to work Index: admserv.conf =================================================================== RCS file: /cvs/dirsec/adminserver/admserv/cfgstuff/admserv.conf,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- admserv.conf 17 Nov 2005 17:41:55 -0000 1.10 +++ admserv.conf 19 Nov 2005 00:43:02 -0000 1.11 @@ -88,6 +88,7 @@ AuthName "Admin Server" Require valid-user AdminSDK on + NESCompatEnv on Options +ExecCGI </LocationMatch>

18 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] mod_admserv mod_admserv.c,1.17,1.18

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/mod_admserv In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3754 Modified Files: mod_admserv.c Log Message: Make sure the pset cache file (local.conf) is owned by the server uid. Change the euid to the server uid before calling psetCreateSSL, then change it back afterwards. Index: mod_admserv.c =================================================================== RCS file: /cvs/dirsec/mod_admserv/mod_admserv.c,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- mod_admserv.c 15 Aug 2005 15:55:16 -0000 1.17 +++ mod_admserv.c 18 Nov 2005 21:18:42 -0000 1.18 @@ -42,6 +42,12 @@ #include "http_request.h" #include "http_log.h" +/* need uid and gid of apache process after setuid */ +#if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE) +#include "unixd.h" +#define CHANGE_EUID 1 +#endif + #include "libadminutil/distadm.h" #include "libadminutil/admutil.h" #include "libadminutil/resource.h" @@ -1948,7 +1954,9 @@ server_rec *base_server) { int error; - +#ifdef CHANGE_EUID + int reseteuid = 0; +#endif /* CHANGE_EUID */ AdmldapInfo info; PsetHndl pset; char *val; @@ -1979,11 +1987,26 @@ } } +#ifdef CHANGE_EUID + /* make sure pset creates the cache file owned by the server uid, not root */ + if (geteuid() == 0) { + seteuid(unixd_config.user_id); + reseteuid = 1; + } +#endif /* CHANGE_EUID */ + pset = psetCreateSSL((char*)"admin-serv", path, NULL, NULL, &error); + +#ifdef CHANGE_EUID + if (reseteuid) { + seteuid(0); + } +#endif /* CHANGE_EUID */ + if (pset) { } else { ap_log_error(APLOG_MARK, APLOG_CRIT, 0, base_server,

18 years, 5 months

1
0
0 / 0

[Fedora-directory-commits] adminserver/base Makefile,1.15,1.16

by Doctor Conrad

Author: rmeggins Update of /cvs/dirsec/adminserver/base In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3732/adminserver/base Modified Files: Makefile Log Message: Package libjss3.so in lib, not lib/jss Index: Makefile =================================================================== RCS file: /cvs/dirsec/adminserver/base/Makefile,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- Makefile 9 Nov 2005 23:22:55 -0000 1.15 +++ Makefile 18 Nov 2005 21:16:39 -0000 1.16 @@ -192,11 +192,11 @@ (cd $(CONSOLE_BASE_DIR); cp -p startconsole $(CLIENT_DIR)/) # Copy JSS lib - -$(MKDIR) $(CLIENT_DIR)/lib/jss + -$(MKDIR) $(CLIENT_DIR)/lib ifeq ($(ARCH), HPUX) - cp -p $(JSSSDK_PATH)/libjss3.sl $(CLIENT_DIR)/lib/jss/. + cp -p $(JSSSDK_PATH)/libjss3.sl $(CLIENT_DIR)/lib else - cp -p $(JSSSDK_PATH)/libjss3.so $(CLIENT_DIR)/lib/jss/. + cp -p $(JSSSDK_PATH)/libjss3.so $(CLIENT_DIR)/lib endif # Cleanup before making distributable zip

18 years, 5 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-commits November 2005