diff options
author | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2008-06-26 17:45:10 +0000 |
---|---|---|
committer | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2008-06-26 17:45:10 +0000 |
commit | a9f7f6c2e7cf66967dbd093da18557455311ebe1 (patch) | |
tree | cb09194520fd8d2d236f8b2d4b80205b53142cb6 /pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java | |
parent | 3cd29ec6ca12bc86df562c4481b48c3b46c3c5c9 (diff) | |
download | pki-a9f7f6c2e7cf66967dbd093da18557455311ebe1.tar.gz pki-a9f7f6c2e7cf66967dbd093da18557455311ebe1.tar.xz pki-a9f7f6c2e7cf66967dbd093da18557455311ebe1.zip |
446685 - LDAP publisher doesn't store the bind password properly
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@63 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java | 64 |
1 files changed, 58 insertions, 6 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java index c8d3555d9..90037f4ca 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java @@ -41,6 +41,7 @@ import com.netscape.certsrv.apps.*; import com.netscape.certsrv.ca.*; import com.netscape.certsrv.ldap.*; import com.netscape.certsrv.publish.*; +import com.netscape.cmsutil.password.*; /** @@ -499,13 +500,40 @@ public class PublisherAdminServlet extends AdminServlet { commit(true); - /* Do a "PUT" of the new pw to the watchdog" */ + /* Do a "PUT" of the new pw to the watchdog" + ** do not remove - cfu if (pwd != null) CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd); + */ + + // support publishing dirsrv with different pwd than internaldb + // update passwordFile + String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT); + IPasswordStore pwdStore = CMS.getPasswordStore(); + CMS.debug("PublisherAdminServlet: setLDAPDest(): saving password for "+ prompt + " to password file"); + pwdStore.putPassword(prompt, + req.getParameter(Constants.PR_BIND_PASSWD)); + pwdStore.commit(); + CMS.debug("PublisherAdminServlet: setLDAPDest(): password saved"); + + // what a hack to do this without require restart server +// ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); + ILdapConnModule connModule = mProcessor.getLdapConnModule(); + ILdapAuthInfo authInfo = null; + if (connModule != null) { + authInfo = connModule.getLdapAuthInfo(); + } + +// authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); + if (authInfo != null) + CMS.debug("PublisherAdminServlet: setLDAPDest(): adding password to memory cache"); + authInfo.addPassword(prompt, pwd); try { + CMS.debug("PublisherAdminServlet: setLDAPDest(): restarting publishing processor"); mProcessor.shutdown(); mProcessor.startup(); + CMS.debug("PublisherAdminServlet: setLDAPDest(): publishing processor restarted"); } catch (Exception ex) { // force to save the config even there is error // ignore any exception @@ -756,12 +784,36 @@ public class PublisherAdminServlet extends AdminServlet { if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) && pwd != null) { - /* Do a "PUT" of the new pw to the watchdog" */ + /* Do a "PUT" of the new pw to the watchdog" + ** do not remove - cfu CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd); - // what a hack to do this without require restart server - ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); - - authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); + */ + + // support publishing dirsrv with different pwd than internaldb + // update passwordFile + String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT); + IPasswordStore pwdStore = CMS.getPasswordStore(); + CMS.debug("PublisherAdminServlet: testSetLDAPDest(): saving password for "+ + prompt + " to password file"); + pwdStore.putPassword(prompt, pwd); + pwdStore.commit(); + CMS.debug("PublisherAdminServlet: testSetLDAPDest(): password saved"); + + // what a hack to do this without require restart server +// ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); + ILdapConnModule connModule = mProcessor.getLdapConnModule(); + ILdapAuthInfo authInfo = null; + if (connModule != null) { + authInfo = connModule.getLdapAuthInfo(); + } else + CMS.debug("PublisherAdminServlet: testSetLDAPDest(): connModule null"); + +// authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); + if (authInfo != null) { + CMS.debug("PublisherAdminServlet: testSetLDAPDest(): adding password to memory cache"); + authInfo.addPassword(prompt, pwd); + } else + CMS.debug("PublisherAdminServlet: testSetLDAPDest(): authInfo null"); } //params.add(Constants.PR_SAVE_OK, // "\n \nConfiguration changes are now committed."); |