Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/rever
In directory
cvs-int.fedora.redhat.com:/tmp/cvs-serv1102/ldapserver/ldap/servers/plugins/rever
Modified Files:
des.c
Log Message:
Resolves: bug 262021
Bug Description: Migration script does not migrate nsDS5ReplicaCredentials correctly.
Reviewed by: nkinder (Thanks!)
Fix Description: 7.1 and earlier chaining and replication credentials were stored
incorrectly on little endian machines (x86 and itanium). They were
"accidentally" stored correctly on big endian machines (sparc, pa-risc) because
val == ntohl(val) on those platforms. When migrating from a little endian machine, we
need to decode the password using the broken algorithm and re-encode it using the good
method. We determine if the password is encode incorrectly by the following method: we
use migratecred to decode and encode using the old path. If the values are equal, this
means the password was already encoded correctly and we don't need to fix it.
Otherwise, we set the flag that tells migratecred to fix it. In order to decode the
broken password correctly on big endian machines, we have to swap the byte order to
convert the values to little endian.
Platforms tested: RHEL5 x86_64, RHEL5 i386, Solaris 9
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Index: des.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/rever/des.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- des.c 20 Sep 2007 20:27:34 -0000 1.8
+++ des.c 24 Sep 2007 22:54:54 -0000 1.9
@@ -492,7 +492,7 @@
migrateCredentials(char *oldpath, char *newpath, char *oldcred)
{
static char *useBrokenUUID = "USE_BROKEN_UUID=1";
- static char *disableBrokenUUID = "USE_BROKEN_UUID";
+ static char *disableBrokenUUID = "USE_BROKEN_UUID=0";
char *plain = NULL;
char *cipher = NULL;
Show replies by date