[Fedora-directory-commits] console/src/com/netscape/management/client/topology AbstractServerObject.java, 1.4, 1.5 AdminGroupNode.java, 1.2, 1.3 topology.properties, 1.3, 1.4
by Doctor Conrad
Author: nkinder
Update of /cvs/dirsec/console/src/com/netscape/management/client/topology
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20617/src/com/netscape/management/client/topology
Modified Files:
AbstractServerObject.java AdminGroupNode.java
topology.properties
Log Message:
Resolves: 379211
Summary: Removed unused labels, corrected CRL file label, and added help dialog to LoginDialog class.
Index: AbstractServerObject.java
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/topology/AbstractServerObject.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- AbstractServerObject.java 9 Jul 2007 19:01:01 -0000 1.4
+++ AbstractServerObject.java 15 Nov 2007 16:56:53 -0000 1.5
@@ -74,7 +74,6 @@
"nsVendor", //"nsNickName",
"nsProductVersion", "nsBuildNumber", "nsRevisionNumber",
//"nsSerialNumber",
- //"nsInstalledLocation",
//"installationTimeStamp",
//"nsExpirationDate",
"nsBuildSecurity", };
Index: AdminGroupNode.java
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/topology/AdminGroupNode.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- AdminGroupNode.java 29 Jun 2007 20:32:29 -0000 1.2
+++ AdminGroupNode.java 15 Nov 2007 16:56:53 -0000 1.3
@@ -152,10 +152,7 @@
"nsAdminGroupName"), getName(), true, true),
new NodeData("description",
_resource.getString("ServerObject","description"),
- _description, true),
- new NodeData("nsInstalledLocation",
- _resource.getString("ServerObject",
- "nsInstalledLocation"), _installPath, false), };
+ _description, true), };
}
/**
Index: topology.properties
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/topology/topology.properties,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- topology.properties 29 Jun 2007 20:32:29 -0000 1.3
+++ topology.properties 15 Nov 2007 16:56:53 -0000 1.4
@@ -243,7 +243,6 @@
ServerObject-nsBuildNumber=Build number
ServerObject-nsRevisionNumber=Revision
ServerObject-nsSerialNumber=Serial number
-ServerObject-nsInstalledLocation=Installation path
ServerObject-installationTimeStamp=Installed date
ServerObject-nsExpirationDate=Expiration date
ServerObject-nsBuildSecurity=Security level
16 years, 5 months
[Fedora-directory-commits] console/src/com/netscape/management/client/security securityResource.properties, 1.1.1.1, 1.2
by Doctor Conrad
Author: nkinder
Update of /cvs/dirsec/console/src/com/netscape/management/client/security
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20617/src/com/netscape/management/client/security
Modified Files:
securityResource.properties
Log Message:
Resolves: 379211
Summary: Removed unused labels, corrected CRL file label, and added help dialog to LoginDialog class.
Index: securityResource.properties
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/security/securityResource.properties,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- securityResource.properties 18 Jul 2005 00:34:17 -0000 1.1.1.1
+++ securityResource.properties 15 Nov 2007 16:56:53 -0000 1.2
@@ -162,7 +162,7 @@
# Install CRL
InstallCRLDialog-help=admin
InstallCRLDialog-title=Add CRL/CKL
-InstallCRLDialog-enterFilename=Enter full path to CRL/CKL file:
+InstallCRLDialog-enterFilename=Enter CRL/CKL file:
InstallCRLDialog-crl=File contain a Certificate Revocation List (CRL)
InstallCRLDialog-krl=File contain a Compromised Key List (CKL)
16 years, 5 months
[Fedora-directory-commits] console/src/com/netscape/management/client/keycert CertManagementResource.properties, 1.1.1.1, 1.2
by Doctor Conrad
Author: nkinder
Update of /cvs/dirsec/console/src/com/netscape/management/client/keycert
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20617/src/com/netscape/management/client/keycert
Modified Files:
CertManagementResource.properties
Log Message:
Resolves: 379211
Summary: Removed unused labels, corrected CRL file label, and added help dialog to LoginDialog class.
Index: CertManagementResource.properties
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/keycert/CertManagementResource.properties,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- CertManagementResource.properties 18 Jul 2005 00:34:15 -0000 1.1.1.1
+++ CertManagementResource.properties 15 Nov 2007 16:56:53 -0000 1.2
@@ -68,7 +68,7 @@
# Add CRL Certificate Dialog
AddCRLCertificateDialog-dialogTitle=Add CRL/CKL
-AddCRLCertificateDialog-filename=Please enter full path to CRL/CKL file:
+AddCRLCertificateDialog-filename=Please enter CRL/CKL file:
AddCRLCertificateDialog-cklfiletype=File contains a Compromised Key List (CKL)
AddCRLCertificateDialog-crlfiletype=File contains a Certificate Revocation List (CRL)
AddCRLCertificateDialog-help=admin
16 years, 5 months
[Fedora-directory-commits] console/src/com/netscape/management/client/console LoginDialog.java, 1.2, 1.3 console.properties, 1.8, 1.9
by Doctor Conrad
Author: nkinder
Update of /cvs/dirsec/console/src/com/netscape/management/client/console
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20617/src/com/netscape/management/client/console
Modified Files:
LoginDialog.java console.properties
Log Message:
Resolves: 379211
Summary: Removed unused labels, corrected CRL file label, and added help dialog to LoginDialog class.
Index: LoginDialog.java
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/console/LoginDialog.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- LoginDialog.java 29 Jun 2007 20:32:28 -0000 1.2
+++ LoginDialog.java 15 Nov 2007 16:56:52 -0000 1.3
@@ -249,18 +249,14 @@
* invoke help
*/
protected void helpInvoked() {
- String urlString = Console._resource.getString("login", "help");
- if (urlString.length()>0) {
- //one level up to the <sr> instead of <sr>/java
- File f = new File("..");
-
- try {
- URL url = f.toURL();
-
- Browser browser = new Browser();
- browser.open(url.toString()+urlString, Browser.EXISTING_WINDOW);
- } catch (Exception urlError) {
- }
+ /* Display a help dialog */
+ String helpMsg = Console._resource.getString("login", "help");
+ if (helpMsg.length()>0) {
+ JOptionPane.showMessageDialog(
+ SplashScreen.getInstance(), helpMsg,
+ Console._resource.getString("login","helptitle"),
+ JOptionPane.INFORMATION_MESSAGE);
+ ModalDialogUtil.sleep();
}
}
}
Index: console.properties
===================================================================
RCS file: /cvs/dirsec/console/src/com/netscape/management/client/console/console.properties,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- console.properties 2 Jul 2007 18:49:24 -0000 1.8
+++ console.properties 15 Nov 2007 16:56:52 -0000 1.9
@@ -22,7 +22,8 @@
login-password=Password:
login-url=Administration URL:
login-copyright=Copyright (C) Red Hat, Inc.
-login-help=manual/en/console/help/login.htm
+login-help=Login to your Administration Server.\n\nYour admin user and Administration Server URL were configured at setup time.\n\nPlease refer to the setup log in your system tmp directory if you are unsure of\nthe Administration Server port or your admin user's userid.
+login-helptitle=Login Help
login-passwordDialogTitle=Bind Password
restart-title=Restart Directory Server
16 years, 5 months
[Fedora-directory-commits] adminserver/admserv/cgi-src40 security.c, 1.12, 1.13
by Doctor Conrad
Author: nkinder
Update of /cvs/dirsec/adminserver/admserv/cgi-src40
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1999
Modified Files:
security.c
Log Message:
Resolves: 370071
Summary: Fixed issues with loading CRL files.
Index: security.c
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/security.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- security.c 31 Oct 2007 05:30:53 -0000 1.12
+++ security.c 14 Nov 2007 23:42:43 -0000 1.13
@@ -93,8 +93,10 @@
#define FOOTER "-----END CERTIFICATE-----"
#define HEADERREQUEST "-----BEGIN %s CERTIFICATE REQUEST-----\n"
#define FOOTERREQUEST "\n-----END %s CERTIFICATE REQUEST-----\n"
-#define CRLHEADER "-----BEGIN X509 CRL-----"
-#define CRLFOOTER "-----END X509 CRL-----"
+#define X509CRLHEADER "-----BEGIN X509 CRL-----"
+#define X509CRLFOOTER "-----END X509 CRL-----"
+#define CRLHEADER "-----BEGIN CERTIFICATE REVOCATION LIST-----\n"
+#define CRLFOOTER "-----END CERTIFICATE REVOCATION LIST-----\n"
/*#else
#define HEADER "-----BEGIN CERTIFICATE----\n"
#define FOOTER "\n-----END CERTIFICATE-----\n"
@@ -1494,6 +1496,7 @@
SECItem derCrl;
char msg[BIG_LINE];
char *secdir = util_get_security_dir();
+ char full_path[PATH_MAX];
int list_type = (type && !PORT_Strcmp(type, "CKL"))? SEC_KRL_TYPE : SEC_CRL_TYPE;
if (!filename || !*filename ||
@@ -1506,9 +1509,12 @@
{/*try open the file*/
FILE *f;
+
+ PR_snprintf(full_path, sizeof(full_path), "%s%c%s", secdir, FILE_PATHSEP, filename);
+ form_unescape(full_path);
- if( !(f = fopen(filename, "rb")) ) {
- PR_snprintf(msg, sizeof(msg), getResourceString(DBT_NO_FILE_EXISTS), filename);
+ if( !(f = fopen(full_path, "rb")) ) {
+ PR_snprintf(msg, sizeof(msg), getResourceString(DBT_NO_FILE_EXISTS), full_path);
errorRpt(FILE_ERROR, msg);
} else {
int size;
@@ -1543,23 +1549,36 @@
ascii text file.
*/
{
+ int headerlen = 0;
char *DERCert = NULL;
char* begin = (char*) PORT_Strstr((const char*)ascii, CRLHEADER);
char* end = (char*) PORT_Strstr((const char*)ascii, CRLFOOTER);
+ /* Check for the alternate CRL header and footer format */
+ if (begin == NULL) {
+ begin = (char*) PORT_Strstr((const char*)ascii, X509CRLHEADER);
+ headerlen = strlen(X509CRLHEADER);
+ } else {
+ headerlen = strlen(CRLHEADER);
+ }
+
+ if (end == NULL) {
+ end = (char*) PORT_Strstr((const char*)ascii, X509CRLFOOTER);
+ }
+
if ((begin != NULL) && (end != NULL)) {
- end += PORT_Strlen(FOOTER);
+ /* chop the footer off */
*end = '\0';
- DERCert = (char*)PORT_ZAlloc(PORT_Strlen(begin));
-
- strcpy(DERCert, begin+strlen(CRLHEADER));
+ /* don't copy the header */
+ DERCert = (char*)PORT_ZAlloc(PORT_Strlen(begin - headerlen + 1));
+ strcpy(DERCert, (begin + headerlen));
if ( SECFailure == ATOB_ConvertAsciiToItem(&derCrl, DERCert) ) {
errorRpt(SYSTEM_ERROR, getResourceString(DBT_DECODE_CRL_ERROR));
}
} else {
- PR_snprintf(msg, sizeof(msg), getResourceString(DBT_INVALID_CRL), filename);
+ PR_snprintf(msg, sizeof(msg), getResourceString(DBT_INVALID_CRL), full_path);
errorRpt(FILE_ERROR, msg);
}
}
16 years, 5 months
[Fedora-directory-commits] ldapserver/ldap/servers/slapd daemon.c, 1.17, 1.18
by Doctor Conrad
Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2709
Modified Files:
daemon.c
Log Message:
Resolves: #383141
Summary: listenhost: hostname associated with multiple addresses
1) parentheses were needed around *addr, which should have been evaluated
before the array.
2) fixed a small memory leak.
Index: daemon.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/daemon.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- daemon.c 18 Oct 2007 00:08:34 -0000 1.17
+++ daemon.c 14 Nov 2007 20:18:53 -0000 1.18
@@ -2870,11 +2870,11 @@
slapi_ch_free ((void**)&netaddr);
}
*addr = (PRNetAddr **)slapi_ch_calloc(2, sizeof (PRNetAddr *));
- *addr[0] = netaddr;
+ (*addr)[0] = netaddr;
} else if (PR_SUCCESS == PR_StringToNetAddr(listenhost, netaddr)) {
/* PR_StringNetAddr newer than NSPR v4.6.2 supports both IPv4&v6 */;
*addr = (PRNetAddr **)slapi_ch_calloc(2, sizeof (PRNetAddr *));
- *addr[0] = netaddr;
+ (*addr)[0] = netaddr;
} else {
PRAddrInfo *infop = PR_GetAddrInfoByName( listenhost,
PR_AF_UNSPEC, (PR_AI_ADDRCONFIG|PR_AI_NOCANONNAME) );
@@ -2901,9 +2901,10 @@
for ( i = 0; i < addrcnt; i++ ) {
iter = PR_EnumerateAddrInfo( iter, infop, 0, netaddr );
if ( NULL == iter ) {
+ slapi_ch_free((void **)&netaddr); /* not used */
break;
}
- *addr[i] = netaddr;
+ (*addr)[i] = netaddr;
netaddr = (PRNetAddr *)slapi_ch_calloc(1, sizeof(PRNetAddr));
}
}
16 years, 5 months
[Fedora-directory-commits] ldapserver/ldap/servers/plugins/passthru ptconfig.c, 1.7, 1.8
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/passthru
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5435/ldapserver/ldap/servers/plugins/passthru
Modified Files:
ptconfig.c
Log Message:
Resolves: bug 197997
Bug Description: PTA config parsing broken
Reviewed by: nhosoi (Thanks!)
Fix Description: The problem is that it is very difficult to use a comma as a delimiter between the url and the optional settings. This is because the suffix may contain many commas. The argument string may look like this:
ldap://host1:port1 host2:port2 .... hostN:portN/a,long,suffix1:a,long,suffix2;....;a,long,suffixN optional,numeric,settings
The ldap url may not contain any spaces after the hostlist - the suffixlist part must contain only url encoded spaces if the suffix actually has a space in it. So the solution is to use a space to separate the url from the options list. The parser looks for the first space after the last "/" in the url. This should be ok - at least it will not break the most common use of pta, which is to allow the config DS admin user to log into servers that do not have the o=NetscapeRoot. setup will use something like this:
ldap://configdshost:configdsport/o=NetscapeRoot
with not optional settings - this should parse just fine with the new code.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: ptconfig.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/passthru/ptconfig.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- ptconfig.c 28 Sep 2007 22:46:50 -0000 1.7
+++ ptconfig.c 14 Nov 2007 17:53:44 -0000 1.8
@@ -131,10 +131,29 @@
*/
prevsrvr = NULL;
for ( i = 0; i < argc; ++i ) {
+ char *p = NULL;
srvr = (PassThruServer *)slapi_ch_calloc( 1, sizeof( PassThruServer ));
srvr->ptsrvr_url = slapi_ch_strdup( argv[i] );
- if (( p = strchr( srvr->ptsrvr_url, ',' )) == NULL ) {
+ /* since the ldap url may contain both spaces (to delimit multiple hosts)
+ and commas (in suffixes), we have to search for the first space
+ after the last /, then look for any commas after that
+ This assumes the ldap url looks like this:
+ ldap(s)://host:port host:port .... host:port/suffixes
+ That is, it assumes there is always a trailing slash on the ldapurl
+ and that the url does not look like this: ldap://host
+ also assumes suffixes do not have any / in them
+ */
+ if (p = strrchr(srvr->ptsrvr_url, '/')) { /* look for last / */
+ p = strchr(p, ' '); /* look for first space after last / */
+ if (p) {
+ if (!strchr(p, ',')) { /* no comma */
+ p = NULL; /* just use defaults */
+ }
+ }
+ }
+
+ if (!p) {
/*
* use defaults for maxconnections, maxconcurrency, timeout,
* LDAP version, and connlifetime.
@@ -152,7 +171,7 @@
* maxconnections,maxconcurrency,timeout,ldapversion
* OR maxconnections,maxconcurrency,timeout,ldapversion,lifetime
*/
- *p++ = '\0';
+ *p++ = '\0'; /* p points at space preceding optional arguments */
rc = sscanf( p, "%d,%d,%d,%d,%d", &srvr->ptsrvr_maxconnections,
&srvr->ptsrvr_maxconcurrency, &tosecs,
&srvr->ptsrvr_ldapversion, &srvr->ptsrvr_connlifetime );
16 years, 5 months
[Fedora-directory-commits] adminserver/include/libdsa dsalib.h, 1.5, 1.6
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminserver/include/libdsa
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5290/adminserver/include/libdsa
Modified Files:
dsalib.h
Log Message:
Resolves: bug 186280
Bug Description: Close potential security vulnerabilities in CGI code
Reviewed by: nhosoi (Thanks!)
Fix Description: This is for the CGIs moved into adminserver from ds. There is quite a bit of code here that we don't use anymore. We can also get rid of Import.java and Export.java in the ds console code. This addresses the security issues because, even though the console doesn't ever call the tasks that invoke the CGIs for db2ldif, ldif2db, etc. a malicious user could still attempt to invoke a task remotely and pass in bogus file and directory names.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: dsalib.h
===================================================================
RCS file: /cvs/dirsec/adminserver/include/libdsa/dsalib.h,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- dsalib.h 31 Aug 2007 17:01:38 -0000 1.5
+++ dsalib.h 14 Nov 2007 17:51:56 -0000 1.6
@@ -119,12 +119,6 @@
#endif
#endif
-#if defined( XP_WIN32 )
- #define PATH_FOR_PLATFORM(_path) ds_unixtodospath(_path)
-#else
- #define PATH_FOR_PLATFORM(_path)
-#endif
-
#define START_SCRIPT "start-slapd"
#define RESTART_SCRIPT "restart-slapd"
#define STOP_SCRIPT "stop-slapd"
@@ -230,14 +224,6 @@
extern struct ds_cfg_info ds_cfg_info[];
-#define LDBM_DATA_SIZE 5
-
-/*ldbm specific backend information*/
-struct ldbm_data {
- char *tv[LDBM_DATA_SIZE][2]; /*type and value*/
-};
-
-
/*
* varname for ds_showparam()
* NOTE: these must be kept in synch with the ds_cfg_info array defined
@@ -284,9 +270,6 @@
extern DS_EXPORT_SYMBOL char *ds_get_server_name();
extern DS_EXPORT_SYMBOL void ds_send_error(char *errstr, int print_errno);
extern DS_EXPORT_SYMBOL void ds_send_status(char *str);
-extern DS_EXPORT_SYMBOL char *ds_get_cgi_var(char *cgi_var_name);
-extern DS_EXPORT_SYMBOL char *ds_get_cgi_var_simple(int index);
-extern DS_EXPORT_SYMBOL char *ds_get_cgi_multiple(char *cgi_var_name);
extern DS_EXPORT_SYMBOL char *ds_get_errors_name();
extern DS_EXPORT_SYMBOL char *ds_get_access_name();
extern DS_EXPORT_SYMBOL char *ds_get_audit_name();
@@ -298,19 +281,7 @@
extern DS_EXPORT_SYMBOL int ds_get_file_size(char *fileName);
extern DS_EXPORT_SYMBOL void ds_display_tail(char *fileName, int timeOut,
int startSeek, char *doneMsg, char *lastLine);
-extern DS_EXPORT_SYMBOL int ds_ldif2db_preserve(char *file);
-extern DS_EXPORT_SYMBOL int ds_ldif2db(char *file);
-extern DS_EXPORT_SYMBOL int ds_ldif2db_backend_subtree(char *file, char *backend, char *subtree);
-extern DS_EXPORT_SYMBOL int ds_db2ldif(char *file);
-extern DS_EXPORT_SYMBOL int ds_vlvindex(char **backendList, char **attrList);
-extern DS_EXPORT_SYMBOL int ds_addindex(char **attrList, char *backendName);
-extern DS_EXPORT_SYMBOL int ds_db2ldif_subtree(char *file, char *subtree);
extern DS_EXPORT_SYMBOL char **ds_get_bak_dirs();
-extern DS_EXPORT_SYMBOL int ds_db2bak(char *file);
-extern DS_EXPORT_SYMBOL int ds_bak2db(char *file);
-extern DS_EXPORT_SYMBOL int ds_get_monitor(int frontend, char *port);
-extern DS_EXPORT_SYMBOL int ds_get_bemonitor(char *bemdn, char *port);
-extern DS_EXPORT_SYMBOL int ds_client_access(char *port, char *dn);
extern DS_EXPORT_SYMBOL char **ds_get_config(int type);
extern DS_EXPORT_SYMBOL char *ds_get_config_dir();
extern DS_EXPORT_SYMBOL void ds_set_config_dir(char *config_dir);
@@ -318,84 +289,15 @@
extern DS_EXPORT_SYMBOL void ds_set_run_dir(char *run_dir);
extern DS_EXPORT_SYMBOL char *ds_get_bak_dir();
extern DS_EXPORT_SYMBOL void ds_set_bak_dir(char *bak_dir);
-extern DS_EXPORT_SYMBOL char *ds_get_pwenc(char *passwd_hash, char *password);
extern DS_EXPORT_SYMBOL int ds_check_config(int type);
-extern DS_EXPORT_SYMBOL int ds_check_pw(char *pwhash, char *pwclear);
-extern DS_EXPORT_SYMBOL int ds_set_config(char *change_file_name);
extern DS_EXPORT_SYMBOL char **ds_get_conf_from_file(FILE *conf);
-extern DS_EXPORT_SYMBOL void ds_display_config(char **ds_config);
extern DS_EXPORT_SYMBOL char *ds_get_var_name(int varnum);
-extern DS_EXPORT_SYMBOL int ds_showparam(char **ds_config, int varname, int phase,
- int occurance, char *dispname, int size, int maxlength, unsigned flags,
- char *url);
-extern DS_EXPORT_SYMBOL void ds_show_pwmaxage(char *value);
-extern DS_EXPORT_SYMBOL void ds_show_pwhash(char *value);
extern DS_EXPORT_SYMBOL char *ds_get_value(char **ds_config, char *parm, int phase, int occurance);
-extern DS_EXPORT_SYMBOL void ds_apply_cfg_changes(int param_list[], int changed);
-extern DS_EXPORT_SYMBOL int ds_commit_cfg_changes();
-extern DS_EXPORT_SYMBOL int ds_config_updated();
-extern DS_EXPORT_SYMBOL void ds_display_header(char *font_size, char *header);
-extern DS_EXPORT_SYMBOL void ds_display_message(char *font_size, char *header);
-extern DS_EXPORT_SYMBOL void ds_print_file_form(char *action, char *fileptr, char *full_fileptr);
-extern DS_EXPORT_SYMBOL char *ds_get_file_meaning(char *file);
-extern DS_EXPORT_SYMBOL void ds_print_file_name(char *fileptr);
extern DS_EXPORT_SYMBOL int ds_file_exists(char *filename);
-extern DS_EXPORT_SYMBOL int ds_cp_file(char *sfile, char *dfile, int mode);
-extern DS_EXPORT_SYMBOL time_t ds_get_mtime(char *filename);
extern DS_EXPORT_SYMBOL char *ds_get_config_value( int option );
extern DS_EXPORT_SYMBOL char **ds_get_file_list( char *dir );
extern DS_EXPORT_SYMBOL char *ds_get_tmp_dir();
-extern DS_EXPORT_SYMBOL void ds_unixtodospath(char *szText);
-extern DS_EXPORT_SYMBOL void ds_timetofname(char *szText);
extern DS_EXPORT_SYMBOL void ds_dostounixpath(char *szText);
-extern DS_EXPORT_SYMBOL int ds_saferename(char *szSrc, char *szTarget);
-extern DS_EXPORT_SYMBOL char *get_specific_help_button(char *help_link,
- char *dispname, char *helpinfo);
-
-/* Change the DN to a canonical format (in place); return DN. */
-extern DS_EXPORT_SYMBOL char* dn_normalize (char* DN);
-
-/* Change the DN to a canonical format (in place) and convert to v3; return DN. */
-extern DS_EXPORT_SYMBOL char* dn_normalize_convert (char* DN);
-
-/* if dn contains an unescaped quote return true */
-extern DS_EXPORT_SYMBOL int ds_dn_uses_LDAPv2_quoting(const char *dn);
-
-/* Return a copy of the DN, but with optional whitespace inserted. */
-extern DS_EXPORT_SYMBOL char* ds_dn_expand (char* DN);
-
-/* Return the value if it can be stored 'as is' in a config file.
- If it requires enquoting, allocate and return its enquoted form.
- The caller should free() the returned pointer iff it's != value.
- On Windows, we don't want to double up on "\" characters in filespecs,
- so we need to pass in the value type */
-extern DS_EXPORT_SYMBOL char* ds_enquote_config_value (int paramnum, char* value);
-
-/*
- * Bring up a javascript alert.
- */
-extern DS_EXPORT_SYMBOL void ds_alert_user(char *header, char *message);
-
-/* Construct and return the DN that corresponds to the give DNS name.
- The caller should free() the returned pointer. */
-extern DS_EXPORT_SYMBOL char* ds_DNS_to_DN (char* DNS);
-
-/* Construct and return the DN of the LDAP server's own entry.
- The caller must NOT free() the returned pointer. */
-extern DS_EXPORT_SYMBOL char* ds_get_config_DN (char** ds_config);
-
-/* Encode characters, as described in RFC 1738 section 2.2,
- if they're 'unsafe' (as defined in RFC 1738), or '?' or
- <special> (as defined in RFC 1779).
- The caller should free() the returned pointer. */
-extern DS_EXPORT_SYMBOL char* ds_URL_encode (const char*);
-
-/* Decode characters, as described in RFC 1738 section 2.2.
- The caller should free() the returned pointer. */
-extern DS_EXPORT_SYMBOL char* ds_URL_decode (const char*);
-
-/* Encode all characters, even if 'safe' */
-extern DS_EXPORT_SYMBOL char* ds_encode_all (const char*);
/* Change the effective UID and GID of this process to
those associated with the given localuser (if any). */
@@ -409,8 +311,6 @@
what they were before calling ds_become_localuser(). */
extern DS_EXPORT_SYMBOL char* ds_become_original();
-extern DS_EXPORT_SYMBOL char* ds_makeshort(char *filepath);
-
extern DS_EXPORT_SYMBOL int ds_search_file(char *filename, char *searchstring, char **returnstring);
/* Display an error to the user and exit from a CGI */
@@ -419,34 +319,13 @@
/* Display a warning to the user */
extern DS_EXPORT_SYMBOL void ds_report_warning(int type, char *errmsg, char *details);
-/* These functions are used by the program to alter the output behaviour
-if not executing in a CGI context */
-extern DS_EXPORT_SYMBOL int ds_get_formatted_output(void);
-extern DS_EXPORT_SYMBOL void ds_set_formatted_output(int val);
-
/* show a message to be parsed by the non-HTML front end */
extern DS_EXPORT_SYMBOL void ds_show_message(const char *message);
-/* show a key/value pair to be parsed by the non-HTML front end */
-extern DS_EXPORT_SYMBOL void ds_show_key_value(char *key, char *value);
-
-extern DS_EXPORT_SYMBOL void ds_submit(char *helptarget) ;
-extern DS_EXPORT_SYMBOL char *ds_get_helpbutton(char *topic);
-
extern DS_EXPORT_SYMBOL void alter_startup_line(char *startup_line);
-extern DS_EXPORT_SYMBOL int ds_dir_exists(char *fn);
-extern DS_EXPORT_SYMBOL int ds_mkdir(char *dir, int mode);
-extern DS_EXPORT_SYMBOL char *ds_mkdir_p(char *dir, int mode);
-extern DS_EXPORT_SYMBOL char *ds_salted_sha1_pw_enc (char* pwd);
-extern DS_EXPORT_SYMBOL char * ds_escape_for_shell( char *s );
-
-extern DS_EXPORT_SYMBOL char **ds_string_to_vec(char *s);
-
extern DS_EXPORT_SYMBOL char *ds_system_errmsg(void);
-extern DS_EXPORT_SYMBOL int ds_exec_and_report(char *cmd);
-
/*
remove a registry key and report an error message if unsuccessful
*/
16 years, 5 months
[Fedora-directory-commits] adminserver/lib/libdsa dsalib_conf.c, 1.5, 1.6 dsalib_db.c, 1.4, 1.5 dsalib_util.c, 1.3, 1.4 dsalib_dn.c, 1.2, NONE dsalib_filename.c, 1.2, NONE dsalib_ldif.c, 1.3, NONE dsalib_pw.c, 1.2, NONE
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminserver/lib/libdsa
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5290/adminserver/lib/libdsa
Modified Files:
dsalib_conf.c dsalib_db.c dsalib_util.c
Removed Files:
dsalib_dn.c dsalib_filename.c dsalib_ldif.c dsalib_pw.c
Log Message:
Resolves: bug 186280
Bug Description: Close potential security vulnerabilities in CGI code
Reviewed by: nhosoi (Thanks!)
Fix Description: This is for the CGIs moved into adminserver from ds. There is quite a bit of code here that we don't use anymore. We can also get rid of Import.java and Export.java in the ds console code. This addresses the security issues because, even though the console doesn't ever call the tasks that invoke the CGIs for db2ldif, ldif2db, etc. a malicious user could still attempt to invoke a task remotely and pass in bogus file and directory names.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: dsalib_conf.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libdsa/dsalib_conf.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- dsalib_conf.c 31 Aug 2007 17:01:38 -0000 1.5
+++ dsalib_conf.c 14 Nov 2007 17:51:56 -0000 1.6
@@ -139,94 +139,3 @@
}
return NULL;
}
-
-static size_t
-count_quotes (const char* s)
-{
- size_t count = 0;
- const char* t = s;
- if (t) while ((t = strpbrk (t, "\"\\")) != NULL) {
- ++count;
- ++t;
- }
- return count;
-}
-
-DS_EXPORT_SYMBOL char*
-ds_enquote_config_value (int paramnum, char* s)
-{
- char* result;
- char* brkcharset = "\"\\ \t\r\n";
- char *encoded_quote = "22"; /* replace quote with \22 */
- int encoded_quote_len = strlen(encoded_quote);
- char *begin = s;
- if (*s && ! strpbrk (s, brkcharset) &&
- ! (paramnum == DS_AUDITFILE || paramnum == DS_ACCESSLOG ||
-#if defined( XP_WIN32 )
- paramnum == DS_SUFFIX ||
-#endif
- paramnum == DS_ERRORLOG)) {
- result = s;
- } else {
- char* t = malloc (strlen (s) + count_quotes (s) + 3);
- result = t;
- *t++ = '"';
- while (*s) {
- switch (*s) {
-
- case '"':
- /* convert escaped quotes by replacing the quote with
- escape code e.g. 22 so that \" is converted to \22 "*/
- if ((s > begin) && (*(s - 1) == '\\'))
- {
- strcpy(t, encoded_quote);
- t += encoded_quote_len;
- }
- else /* unescaped ", just replace with \22 "*/
- {
- *t++ = '\\';
- strcpy(t, encoded_quote);
- t += encoded_quote_len;
- }
- ++s;
- break;
-
- default:
- *t++ = *s++; /* just copy it */
- break;
- }
- }
- *t++ = '"';
- *t = '\0';
- }
- return result;
-}
-
-DS_EXPORT_SYMBOL char*
-ds_DNS_to_DN (char* DNS)
-{
- static const char* const RDN = "dc=";
- char* DN;
- char* dot;
- size_t components;
- if (DNS == NULL || *DNS == '\0') {
- return strdup ("");
- }
- components = 1;
- for (dot = strchr (DNS, '.'); dot != NULL; dot = strchr (dot + 1, '.')) {
- ++components;
- }
- DN = malloc (strlen (DNS) + (components * strlen(RDN)) + 1);
- strcpy (DN, RDN);
- for (dot = strchr (DNS, '.'); dot != NULL; dot = strchr (dot + 1, '.')) {
- *dot = '\0';
- strcat (DN, DNS);
- strcat (DN, ",");
- strcat (DN, RDN);
- DNS = dot + 1;
- *dot = '.';
- }
- strcat (DN, DNS);
- dn_normalize (DN);
- return DN;
-}
Index: dsalib_db.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libdsa/dsalib_db.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- dsalib_db.c 24 Jul 2007 20:10:18 -0000 1.4
+++ dsalib_db.c 14 Nov 2007 17:51:56 -0000 1.5
@@ -80,308 +80,3 @@
return(bak_dirs);
}
-
-/*
- * Restore a database based on a backup directory name.
- * 0: success
- * anything else: failure
- */
-DS_EXPORT_SYMBOL int
-ds_bak2db(char *file)
-{
- char startup_line[BIG_LINE];
- char statfile[PATH_MAX];
- char *tmp_dir;
- char *instdir;
- int haderror = 0;
- int error = -1;
- int status;
- FILE *sf = NULL;
- struct stat fstats;
-
- if ( file == NULL ) {
- return DS_NULL_PARAMETER;
- }
- status = ds_get_updown_status();
- if ( status == DS_SERVER_UP ) {
- return DS_SERVER_MUST_BE_DOWN;
- }
- if ( (instdir = ds_get_instance_dir()) == NULL ) {
- return DS_NO_INSTANCE_DIR;
- }
-
- if ( file[strlen(file) - 1] == '\n' ) /* strip out returns */
- file[strlen(file) - 1] = '\0';
-
- if( stat( file, &fstats ) == -1 && errno == ENOENT ) {
- return DS_CANNOT_OPEN_BACKUP_FILE;
- } else if( !(fstats.st_mode & S_IFDIR) ) {
- return DS_NOT_A_DIRECTORY;
- }
-
- tmp_dir = ds_get_tmp_dir();
- PR_snprintf(statfile, PATH_MAX, "%s%cbak2db.%d", tmp_dir, FILE_SEP, (int)getpid());
- PR_snprintf(startup_line, BIG_LINE,
- "%s%cbak2db "
- "%s%s%s > "
- "%s%s%s 2>&1",
- instdir, FILE_SEP,
- ENQUOTE, file, ENQUOTE,
- ENQUOTE, statfile, ENQUOTE );
- alter_startup_line(startup_line);
- fflush(0);
- error = system(startup_line);
- fflush(0);
- if ( error == -1 ) {
- return DS_CANNOT_EXEC;
- }
- fflush(0);
- if( !(sf = fopen(statfile, "r")) ) {
- return DS_CANNOT_OPEN_STAT_FILE;
- }
-
- while ( fgets(startup_line, BIG_LINE, sf) ) {
- if ((strstr(startup_line, "- Restoring file")) ||
- (strstr(startup_line, "- Checkpointing"))) {
- ds_show_message(startup_line);
- } else {
- haderror = 1;
- ds_send_error(startup_line, 0);
- }
- }
-
- fclose(sf);
- unlink(statfile);
-
- if ( haderror )
- return DS_UNKNOWN_ERROR;
- return 0;
-}
-
-/*
- * Create a backup based on a file name.
- * 0: success
- * anything else: failure
- */
-DS_EXPORT_SYMBOL int
-ds_db2bak(char *file)
-{
- char startup_line[BIG_LINE];
- char statfile[PATH_MAX];
- char *tmp_dir;
- char *instdir;
- int haderror = 0;
- int error = -1;
- FILE *sf = NULL;
- int lite = 0;
-#ifdef XP_WIN32
- time_t ltime;
-#endif
-
- if ( (instdir = ds_get_instance_dir()) == NULL ) {
- return DS_NO_INSTANCE_DIR;
- }
-
- if ( (file == NULL) || (strlen(file) == 0) )
- file = NULL;
-
- tmp_dir = ds_get_tmp_dir();
- PR_snprintf(statfile, PATH_MAX, "%s%cdb2bak.%d", tmp_dir, FILE_SEP, (int)getpid());
-
-
-#if defined( XP_WIN32 )
- if( file == NULL )
- {
- file = malloc( BIG_LINE );
-
- time( <ime );
- PR_snprintf( file, BIG_LINE, "%s", ctime( <ime ) );
- ds_timetofname( file );
- }
-
- /* Check if the directory exists or can be created */
- if ( !ds_file_exists( file ) ) {
- char *errmsg = ds_mkdir_p( file, NEWDIR_MODE );
- if( errmsg != NULL ) {
-/* ds_send_error(errmsg, 10);
- */
- return DS_CANNOT_CREATE_DIRECTORY;
- }
- }
-#endif
-
-/* DBDB: note on the following line.
- * Originally this had quotes round the directory name.
- * I found that this made the script not work becuase
- * a path of the form "foo"/bar/"baz" was passed to slapd.
- * the c runtime didn't like this. Perhaps there's a simple
- * solution, but for now I've modified this line here to
- * not quote the directory name. This means that backup
- * directories can't have spaces in them.
- */
-
-
- PR_snprintf(startup_line, sizeof(startup_line),
- "%s%cdb2bak "
- "%s%s%s > "
- "%s%s%s 2>&1",
- instdir, FILE_SEP,
- ENQUOTE,
- (file == NULL) ? "" : file,
- ENQUOTE,
- ENQUOTE, statfile, ENQUOTE);
-
- PATH_FOR_PLATFORM( startup_line );
- alter_startup_line(startup_line);
- fflush(0);
- error = system(startup_line);
- if ( error == -1 ) {
- return DS_CANNOT_EXEC;
- }
- if( !(sf = fopen(statfile, "r")) ) {
- return DS_CANNOT_OPEN_STAT_FILE;
- }
-
- while ( fgets(startup_line, BIG_LINE, sf) ) {
- if (strstr(startup_line, " - Backing up file") ||
- strstr(startup_line, " - Checkpointing database")) {
- ds_show_message(startup_line);
- } else {
- haderror = 1;
- if (strstr ( startup_line, "restricted mode")) {
- lite = 1;
- }
- ds_send_error(startup_line, 0);
- }
- }
- fclose(sf);
- unlink(statfile);
-
- if ( lite && haderror )
- return DS_HAS_TOBE_READONLY_MODE;
-
- if ( haderror )
- return DS_UNKNOWN_ERROR;
- return 0;
-}
-
-static void
-process_and_report( char *line, int line_size, FILE *cmd )
-{
- while(fgets(line, line_size, cmd)) {
- /* Strip off line feeds */
- int ind = strlen( line ) - 1;
- while ( (ind >= 0) &&
- ((line[ind] == '\n') ||
- (line[ind] == '\r')) ) {
- line[ind] = 0;
- ind--;
- }
- if ( ind < 1 ) {
- continue;
- }
- ds_send_status(line);
- }
-}
-
-static int exec_and_report( char *startup_line )
-{
- FILE *cmd = NULL;
- char line[BIG_LINE];
- int haderror = 0;
-
- PATH_FOR_PLATFORM( startup_line );
- alter_startup_line(startup_line);
-
- /*
- fprintf( stdout, "Launching <%s>\n", startup_line );
- */
-
- fflush(0);
- cmd = popen(startup_line, "r");
- if(!cmd) {
- return DS_CANNOT_EXEC;
- }
- process_and_report( line, sizeof(line), cmd );
- pclose(cmd);
-
- /*
- ** The VLV indexing code prints OK,
- ** if the index was successfully created.
- */
- if (strcmp(line,"OK")==0) {
- haderror = 0;
- } else {
- haderror = DS_UNKNOWN_ERROR;
- }
-
- return haderror;
-}
-
-/*
- * Create a vlv index
- * 0: success
- * anything else: failure
- */
-DS_EXPORT_SYMBOL int
-ds_vlvindex(char **backendList, char **vlvList)
-{
- char startup_line[BIG_LINE];
- char *instdir;
- char **vlvc = NULL;
-
-
- instdir = ds_get_instance_dir();
- if ( instdir == NULL ) {
- return DS_NO_INSTANCE_DIR;
- }
-
- PR_snprintf(startup_line, sizeof(startup_line), "%s/%s db2index "
- "-D %s%s/%s "
- "-n %s ",
- CMDBINDIR, SLAPD_NAME,
- ENQUOTE, instdir, ENQUOTE,
- backendList[0]);
-
-
- /* Create vlv TAG */
- vlvc=vlvList;
- while( *vlvc != NULL ) {
- PR_snprintf( startup_line, sizeof(startup_line), "%s -T %s%s%s", startup_line,"\"",*vlvc,"\"" );
- vlvc++;
- }
-
- return exec_and_report( startup_line );
-}
-
-/*
- * Create one or more indexes
- * 0: success
- * anything else: failure
- */
-DS_EXPORT_SYMBOL int
-ds_addindex(char **attrList, char *backendName)
-{
- char startup_line[BIG_LINE];
- char *instdir;
-
- instdir = ds_get_instance_dir();
-
- if ( instdir == NULL ) {
- return DS_NO_INSTANCE_DIR;
- }
-
- PR_snprintf(startup_line, sizeof(startup_line), "%s/%s db2index "
- "-D %s%s%s "
- "-n %s",
- CMDBINDIR, SLAPD_NAME,
- ENQUOTE, instdir, ENQUOTE,
- backendName);
-
- while( *attrList != NULL ) {
- PR_snprintf( startup_line, sizeof(startup_line), "%s -t %s", startup_line, *attrList );
- attrList++;
- }
-
- return exec_and_report( startup_line );
-}
Index: dsalib_util.c
===================================================================
RCS file: /cvs/dirsec/adminserver/lib/libdsa/dsalib_util.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- dsalib_util.c 31 Aug 2007 17:01:38 -0000 1.3
+++ dsalib_util.c 14 Nov 2007 17:51:56 -0000 1.4
@@ -81,51 +81,6 @@
return 0;
}
-DS_EXPORT_SYMBOL int
-ds_mkdir(char *dir, int mode)
-{
- if(!ds_file_exists(dir)) {
-#ifdef XP_UNIX
- if(mkdir(dir, mode) == -1)
-#else /* XP_WIN32 */
- if(!CreateDirectory(dir, NULL))
-#endif /* XP_WIN32 */
- return -1;
- }
- return 0;
-}
-
-
-DS_EXPORT_SYMBOL char *
-ds_mkdir_p(char *dir, int mode)
-{
- static char errmsg[ERR_SIZE];
- struct stat fi;
- char *t;
-
-#ifdef XP_UNIX
- t = dir + 1;
-#else /* XP_WIN32 */
- t = dir + 3;
-#endif /* XP_WIN32 */
-
- while(1) {
- t = strchr(t, FILE_PATHSEP);
-
- if(t) *t = '\0';
- if(stat(dir, &fi) == -1) {
- if(ds_mkdir(dir, mode) == -1) {
- PR_snprintf(errmsg, sizeof(errmsg), "mkdir %s failed (%s)", dir, ds_system_errmsg());
- return errmsg;
- }
- }
- if(t) *t++ = FILE_PATHSEP;
- else break;
- }
- return NULL;
-}
-
-
/*
* Given the name of a directory, return a NULL-terminated array of
* the file names contained in that directory. Returns NULL if the directory
@@ -210,100 +165,6 @@
}
#endif /* ( XP_WIN32 ) */
-
-DS_EXPORT_SYMBOL time_t
-ds_get_mtime(char *filename)
-{
- struct stat fi;
-
- if ( stat(filename, &fi) )
- return 0;
- return fi.st_mtime;
-}
-
-/*
- * Copy files: return is
- * 1: success
- * 0: failure
- * Print errors as needed.
- */
-DS_EXPORT_SYMBOL int
-ds_cp_file(char *sfile, char *dfile, int mode)
-{
-#if defined( XP_WIN32 )
- return( CopyFile( sfile, dfile, FALSE ) ); /* Copy even if dfile exists */
-#else
- int sfd, dfd, len;
- struct stat fi;
- char copy_buffer[COPY_BUFFER_SIZE];
- unsigned long read_len;
- char error[BIG_LINE];
-
-/* Make sure we're in the right umask */
- umask(022);
-
- if( (sfd = open(sfile, O_RDONLY)) == -1) {
- PR_snprintf(error, sizeof(error), "Can't open file %s for reading.", sfile);
- ds_send_error(error, 1);
- return(0);
- }
-
- fstat(sfd, &fi);
- if (!(S_ISREG(fi.st_mode))) {
- PR_snprintf(error, sizeof(error), "File %s is not a regular file.", sfile);
- ds_send_error(error, 1);
- close(sfd);
- return(0);
- }
- len = fi.st_size;
-
- if( (dfd = open(dfile, O_RDWR | O_CREAT | O_TRUNC, mode)) == -1) {
- PR_snprintf(error, sizeof(error), "can't write to file %s", dfile);
- ds_send_error(error, 1);
- close(sfd);
- return(0);
- }
- while (len) {
- read_len = len>COPY_BUFFER_SIZE?COPY_BUFFER_SIZE:len;
-
- if ( (read_len = read(sfd, copy_buffer, read_len)) == -1) {
- PR_snprintf(error, sizeof(error), "Error reading file %s for copy.", sfile);
- ds_send_error(error, 1);
- close(sfd);
- close(dfd);
- return(0);
- }
-
- if ( write(dfd, copy_buffer, read_len) != read_len) {
- PR_snprintf(error, sizeof(error), "Error writing file %s for copy.", dfile);
- ds_send_error(error, 1);
- close(sfd);
- close(dfd);
- return(0);
- }
-
- len -= read_len;
- }
- close(sfd);
- close(dfd);
- return(1);
-#endif
-}
-
-DS_EXPORT_SYMBOL void
-ds_unixtodospath(char *szText)
-{
- if(szText)
- {
- while(*szText)
- {
- if( *szText == '/' )
- *szText = '\\';
- szText++;
- }
- }
-}
-
/* converts '\' chars to '/' */
DS_EXPORT_SYMBOL void
ds_dostounixpath(char *szText)
@@ -319,134 +180,6 @@
}
}
-/* converts ':' chars to ' ' */
-DS_EXPORT_SYMBOL void
-ds_timetofname(char *szText)
-{
- if(szText)
- {
- /* Replace trailing newline */
- szText[ strlen( szText ) -1 ] = 0;
- while(*szText)
- {
- if( *szText == ':' ||
- *szText == ' ' )
- *szText = '_';
- szText++;
- }
- }
-}
-
-/* Effects a rename in 2 steps, needed on NT because if the
-target of a rename() already exists, the rename() will fail. */
-DS_EXPORT_SYMBOL int
-ds_saferename(char *szSrc, char *szTarget)
-{
-#ifdef XP_WIN32
- int iRetVal;
- char *szTmpFile;
- struct stat buf;
-#endif
-
- if( !szSrc || !szTarget )
- return 1;
-
-#if defined( XP_WIN32 )
-
- szTmpFile = mktemp("slrnXXXXXX" );
- if( stat( szTarget, &buf ) == 0 )
- {
- /* Target file exists */
- if( !szTmpFile )
- return 1;
-
- if( !ds_cp_file( szTarget, szTmpFile, 0644) )
- return( 1 );
-
- unlink( szTarget );
- if( (iRetVal = rename( szSrc, szTarget )) != 0 )
- {
- /* Failed to rename, copy back. */
- ds_cp_file( szTmpFile, szTarget, 0644);
- }
- /* Now remove temp file */
- unlink( szTmpFile );
- }
- else
- iRetVal = rename(szSrc, szTarget);
-
- return iRetVal;
-#else
- return rename(szSrc, szTarget);
-#endif
-
-}
-
-DS_EXPORT_SYMBOL char*
-ds_encode_all (const char* s)
-{
- char* r;
- size_t l;
- size_t i;
- if (s == NULL || *s == '\0') {
- return strdup ("");
- }
- l = strlen (s);
- r = malloc (l * 3 + 1);
- for (i = 0; *s != '\0'; ++s) {
- r[i++] = '%';
- sprintf (r + i, "%.2X", 0xFF & (unsigned int)*s);
- i += 2;
- }
- r[i] = '\0';
- return r;
-}
-
-DS_EXPORT_SYMBOL char*
-ds_URL_encode (const char* s)
-{
- char* r;
- size_t l;
- size_t i;
- if (s == NULL || *s == '\0') {
- return strdup ("");
- }
- l = strlen (s) + 1;
- r = malloc (l);
- for (i = 0; *s != '\0'; ++s) {
- if (*s >= 0x20 && *s <= 0x7E && strchr (" <>\"#%{}[]|\\^~`?,;=+\n", *s) == NULL) {
- if (l - i <= 1) r = realloc (r, l *= 2);
- r[i++] = *s;
- } else { /* encode *s */
- if (l - i <= 3) r = realloc (r, l *= 2);
- r[i++] = '%';
- sprintf (r + i, "%.2X", 0xFF & (unsigned int)*s);
- i += 2;
- }
- }
- r[i] = '\0';
- return r;
-}
-
-DS_EXPORT_SYMBOL char*
-ds_URL_decode (const char* original)
-{
- char* r = strdup (original);
- char* s;
- for (s = r; *s != '\0'; ++s) {
- if (*s == '+') {
- *s = ' ';
- }
- else if (*s == '%' && isxdigit(s[1]) && isxdigit(s[2])) {
- memmove (s, s+1, 2);
- s[2] = '\0';
- *s = (char)strtoul (s, NULL, 16);
- memmove (s+1, s+3, strlen (s+3) + 1);
- }
- }
- return r;
-}
-
#if !defined( XP_WIN32 )
#include <errno.h> /* errno */
#include <pwd.h> /* getpwnam */
@@ -547,26 +280,6 @@
#endif
}
-/*
- * When a path containing a long filename is passed to system(), the call
- * fails. Therfore, we need to use the short version of the path, when
- * constructing the path to pass to system().
- */
-DS_EXPORT_SYMBOL char*
-ds_makeshort( char * filepath )
-{
-#if defined( XP_WIN32 )
- char *shortpath = malloc( MAX_PATH );
- DWORD dwStatus;
- if( shortpath )
- {
- dwStatus = GetShortPathName( filepath, shortpath, MAX_PATH );
- return( shortpath );
- }
-#endif
- return filepath;
-}
-
/* returns 1 if string "searchstring" found in file "filename" */
/* if found, returnstring is allocated and filled with the line */
/* caller should release the memory */
@@ -711,46 +424,6 @@
return;
}
-DS_EXPORT_SYMBOL void
-ds_show_key_value(char *key, char *value)
-{
- FILE *logfp;
- printf("%s%s%s\n", key, SEPARATOR, value);
-
- if ((logfp = get_logfp())) {
- fprintf(logfp, "%s%s%s\n", key, SEPARATOR, value);
- fclose(logfp);
- }
- return;
-}
-
-/* Stolen from the Admin Server dsgw_escape_for_shell */
-DS_EXPORT_SYMBOL char *
-ds_escape_for_shell( char *s )
-{
- char *escaped;
- char tmpbuf[4];
- size_t x,l;
-
- if ( s == NULL ) {
- return( s );
- }
-
- l = 3 * strlen( s ) + 1;
- escaped = malloc( l );
- memset( escaped, 0, l );
- for ( x = 0; s[x]; x++ ) {
- if (( (unsigned char)s[x] & 0x80 ) == 0 ) {
- strncat( escaped, &s[x], 1 );
- } else {
- /* not an ASCII character - escape it */
- sprintf( tmpbuf, "\\%x", (unsigned)(((unsigned char)(s[x])) & 0xff) );
- strcat( escaped, tmpbuf );
- }
- }
- return( escaped );
-}
-
DS_EXPORT_SYMBOL char *
ds_system_errmsg(void)
{
--- dsalib_dn.c DELETED ---
--- dsalib_filename.c DELETED ---
--- dsalib_ldif.c DELETED ---
--- dsalib_pw.c DELETED ---
16 years, 5 months
[Fedora-directory-commits] adminserver/admserv/schema/ldif 11dstasks.ldif.tmpl, 1.4, 1.5
by Doctor Conrad
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/schema/ldif
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5290/adminserver/admserv/schema/ldif
Modified Files:
11dstasks.ldif.tmpl
Log Message:
Resolves: bug 186280
Bug Description: Close potential security vulnerabilities in CGI code
Reviewed by: nhosoi (Thanks!)
Fix Description: This is for the CGIs moved into adminserver from ds. There is quite a bit of code here that we don't use anymore. We can also get rid of Import.java and Export.java in the ds console code. This addresses the security issues because, even though the console doesn't ever call the tasks that invoke the CGIs for db2ldif, ldif2db, etc. a malicious user could still attempt to invoke a task remotely and pass in bogus file and directory names.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: 11dstasks.ldif.tmpl
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/schema/ldif/11dstasks.ldif.tmpl,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- 11dstasks.ldif.tmpl 4 Jul 2007 01:31:33 -0000 1.4
+++ 11dstasks.ldif.tmpl 14 Nov 2007 17:51:55 -0000 1.5
@@ -63,7 +63,6 @@
objectClass: nstask
objectClass: nsAdminObject
nsClassname: com.netscape.admin.dirserv.task.Backup@%ds_console_jar%@%as_sie%
-nsExecRef: ds_db2bak
cn: Backup
dn: cn=Restore, cn=operation, cn=Tasks, %ds_sie%
@@ -71,7 +70,6 @@
objectClass: nstask
objectClass: nsAdminObject
nsClassname: com.netscape.admin.dirserv.task.Restore@%ds_console_jar%@%as_sie%
-nsExecRef: ds_bak2db
cn: Restore
dn: cn=KeyCert, cn=operation, cn=Tasks, %ds_sie%
@@ -102,20 +100,6 @@
nsClassname: com.netscape.admin.dirserv.task.CompleteExport@%ds_console_jar%@%as_sie%
cn: CompleteExport
-dn: cn=Export, cn=operation, cn=Tasks, %ds_sie%
-objectClass: top
-objectClass: nstask
-objectClass: nsAdminObject
-nsExecRef: ds_db2ldif
-cn: Export
-
-dn: cn=Import, cn=operation, cn=Tasks, %ds_sie%
-objectClass: top
-objectClass: nstask
-objectClass: nsAdminObject
-nsExecRef: ds_ldif2db
-cn: Import
-
dn: cn=ViewLog, cn=operation, cn=Tasks, %ds_sie%
objectClass: top
objectClass: nstask
@@ -141,14 +125,12 @@
objectClass: top
objectClass: nstask
objectClass: nsAdminObject
-nsExecRef: ds_vlvindex
cn: CreateVLVIndex
dn: cn=AddIndex, cn=operation, cn=Tasks, %ds_sie%
objectClass: top
objectClass: nstask
objectClass: nsAdminObject
-nsExecRef: ds_addindex
cn: AddIndex
dn: cn=SNMPCtrl, cn=operation, cn=Tasks, %ds_sie%
16 years, 5 months