[389-commits] 2 commits - admserv/cgi-src40 VERSION.sh

Richard Allen Megginson rmeggins at fedoraproject.org
Fri Oct 28 23:33:52 UTC 2011 

 VERSION.sh                   |    2 -
 admserv/cgi-src40/security.c |   45 +++++++++++++++----------------------------
 2 files changed, 17 insertions(+), 30 deletions(-)

New commits:
commit f2e612472162f36f988ae63be8bb9bc78b85c8e3
Author: Rich Megginson <rmeggins at redhat.com>
Date:   Fri Oct 28 16:53:58 2011 -0600

    bump version to 1.1.25

diff --git a/VERSION.sh b/VERSION.sh
index 214584d..699116d 100644
--- a/VERSION.sh
+++ b/VERSION.sh
@@ -11,7 +11,7 @@ vendorurl=http://port389.org
 # PACKAGE_VERSION is constructed from these
 VERSION_MAJOR=1
 VERSION_MINOR=1
-VERSION_MAINT=24
+VERSION_MAINT=25
 # if this is a PRERELEASE, set VERSION_PREREL
 # otherwise, comment it out
 # be sure to include the dot prefix in the prerel


commit 1897c5ba53d4e385f16c88a75c13f7fb7a24cd92
Author: Rich Megginson <rmeggins at redhat.com>
Date:   Fri Oct 28 15:33:06 2011 -0600

    Bug 740959 - 389-console put CA certificates into wrong database
    
    https://bugzilla.redhat.com/show_bug.cgi?id=740959
    Resolves: bug 740959
    Bug Description: 389-console put CA certificates into wrong database
    Reviewed by: nhosoi (Thanks!)
    Branch: master
    Fix Description: Now that the openldap/NSS memory leaks have been fixed, we
    do not need the workaround of using NSS_InitContext, which doesn't work
    anyway for cert db management.  The fix is to revert to the old behavior
    of using NSS_Shutdown/NSS_Initialize so that we can be sure we are using
    the correct NSS database.
    Platforms tested: RHEL6 x86_64
    Flag Day: no
    Doc impact: no

diff --git a/admserv/cgi-src40/security.c b/admserv/cgi-src40/security.c
index 883c067..31da45d 100644
--- a/admserv/cgi-src40/security.c
+++ b/admserv/cgi-src40/security.c
@@ -115,7 +115,6 @@ extern "C" {
 int expired = 0;
 CERTCertDBHandle *certdb = NULL;
 char line[BIG_LINE];
-static NSSInitContext *secctx = NULL;
 
 static char *securitydir; /* based on the sie - security dir for ds or as */
 
@@ -234,27 +233,16 @@ static char * getParameter(char *key, char *keyName) {
   return get_cgi_var(key, getResourceString(DBT_PARAMETERMISSING), line);
 }
 
-static void closeAllSecurityDB(int global) {
+static void closeAllSecurityDB() {
   /* close all db */
   if (NSS_IsInitialized()) {
     SSL_ClearSessionCache();
   }
-  if (secctx) {
-    if (NSS_ShutdownContext(secctx)) {
-      PR_snprintf(line, sizeof(line), getResourceString(CMN_NSS_SHUTDOWN_ERROR),
-                  PR_GetError(),
-                  SSL_Strerror(PR_GetError()) ? SSL_Strerror(PR_GetError()) : "unknown");
-      rpt_err(GENERAL_FAILURE, line, NULL, NULL);
-    }
-    secctx = NULL;
-  }
-  if (global) {
-    if (NSS_Shutdown()) {
-      PR_snprintf(line, sizeof(line), getResourceString(CMN_NSS_SHUTDOWN_ERROR),
-                  PR_GetError(),
-                  SSL_Strerror(PR_GetError()) ? SSL_Strerror(PR_GetError()) : "unknown");
-      rpt_warning(GENERAL_FAILURE, line, NULL, NULL);
-    }
+  if (NSS_Shutdown()) {
+    PR_snprintf(line, sizeof(line), getResourceString(CMN_NSS_SHUTDOWN_ERROR),
+                PR_GetError(),
+                SSL_Strerror(PR_GetError()) ? SSL_Strerror(PR_GetError()) : "unknown");
+    rpt_warning(GENERAL_FAILURE, line, NULL, NULL);
   }
 }
 
@@ -266,7 +254,7 @@ static void errorAllocateMem() {
 }
 
 static void errorRpt(int type, char* detailInfo) {
-  closeAllSecurityDB(1);
+  closeAllSecurityDB();
   rpt_err(type, 
           getResourceString(DBT_ERROR_OCCURED), 
           detailInfo, 
@@ -274,7 +262,7 @@ static void errorRpt(int type, char* detailInfo) {
 }
 
 static void errorRptExtended(int type, char* detail, char* extra) {
-  closeAllSecurityDB(1);
+  closeAllSecurityDB();
   rpt_err(type, 
           getResourceString(DBT_ERROR_OCCURED), 
           detail, 
@@ -1033,18 +1021,17 @@ static void setTrust(char *certFingerprint, int trust) {
 static void securityInitialization(char* securitydir) {
 
   PRUint32 flags = 0;
+  char *db_name;
   int const minPwdLen = 8;
   int const pwdRequired = 1;
-  NSSInitParameters initParams;
 
-  memset(&initParams, 0, sizeof(initParams));
-  initParams.length = sizeof(initParams);
-  initParams.dbTokenDescription = strdup("internal (software)              ");
-  initParams.minPWLen = minPwdLen;
-  initParams.passwordRequired = pwdRequired;
+  /* PKSC11 module must be configured before NSS is initialized */
+  db_name =  strdup("internal (software)              ");
+  PK11_ConfigurePKCS11(NULL,NULL,NULL,db_name,NULL,NULL,NULL,NULL,
+                       minPwdLen, pwdRequired);
 
   /* init NSS */
-  if (!(secctx = NSS_InitContext(securitydir, NULL, NULL, SECMOD_DB, &initParams, flags))) {
+  if (NSS_Initialize(securitydir, NULL, NULL, SECMOD_DB, flags)) {
     PR_snprintf(line, sizeof(line), getResourceString(CMN_SSL_INIT_ERROR),
                 securitydir ? securitydir : "(null)", PR_GetError(),
                 SSL_Strerror(PR_GetError()) ? SSL_Strerror(PR_GetError()) : "unknown");
@@ -2140,7 +2127,7 @@ int main(int argc, char *argv[])
 	  /* we got here, we think sie is a valid prefix */
       /* close all db - we may have had to open the admin server key/cert db
 	     in order to use LDAPS before - now have to shut down NSS and reinit */
-      closeAllSecurityDB(0);
+      closeAllSecurityDB();
       securityInitialization(securitydir);
 
       if (!PORT_Strcmp(operation, "LIST_CERTIFICATE")) {
@@ -2262,7 +2249,7 @@ int main(int argc, char *argv[])
         errorRpt(INCORRECT_USAGE, line);
       }
       /* close all db */
-      closeAllSecurityDB(1);
+      closeAllSecurityDB();
     }
   }

More information about the 389-commits mailing list