diff options
| author | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-02-12 18:35:32 +0000 |
|---|---|---|
| committer | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-02-12 18:35:32 +0000 |
| commit | 7afb54c93ae56ea4bf09fc5012045b4e7c19a9ec (patch) | |
| tree | 5dafd62821ed01a6d5540b5b9b02f3f19677f7a7 /pki/base/common/src/com/netscape/cms/servlet | |
| parent | 7315a95377ee364d8f14c68ef4a469fc7dae743d (diff) | |
| download | pki-7afb54c93ae56ea4bf09fc5012045b4e7c19a9ec.tar.gz pki-7afb54c93ae56ea4bf09fc5012045b4e7c19a9ec.tar.xz pki-7afb54c93ae56ea4bf09fc5012045b4e7c19a9ec.zip | |
Bugzilla Bug #467155 - Change "renameTo" to "cp -p ".
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@225 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet')
8 files changed, 197 insertions, 51 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java index 8b05f8849..21ce1e78e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java @@ -183,11 +183,34 @@ public class AdminServlet extends HttpServlet { public void outputHttpParameters(HttpServletRequest httpReq) { - CMS.debug("AdminServlet:serice() uri = " + httpReq.getRequestURI()); + CMS.debug("AdminServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { String pn = (String)paramNames.nextElement(); - CMS.debug("CMSServlet::service() param name='" + pn + "' value='" + httpReq.getParameter(pn) + "'" ); + // added this facility so that password can be hidden, + // all sensitive parameters should be prefixed with + // __ (double underscores); however, in the event that + // a security parameter slips through, we perform multiple + // additional checks to insure that it is NOT displayed + if( pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd") ) { + CMS.debug("AdminServlet::service() param name='" + pn + + "' value='(sensitive)'" ); + } else { + CMS.debug("AdminServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'" ); + } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java index 72c441b5b..1f1daec25 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -403,13 +403,29 @@ public abstract class CMSServlet extends HttpServlet { Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { String pn = (String)paramNames.nextElement(); - // added this facility so that password can be hided, + // added this facility so that password can be hidden, // all sensitive parameters should be prefixed with - // __ (double underscores) - if (pn.startsWith("__")) { - CMS.debug("CMSServlet::service() param name='" + pn + "' value='(sensitive)'" ); + // __ (double underscores); however, in the event that + // a security parameter slips through, we perform multiple + // additional checks to insure that it is NOT displayed + if( pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd") ) { + CMS.debug("CMSServlet::service() param name='" + pn + + "' value='(sensitive)'" ); } else { - CMS.debug("CMSServlet::service() param name='" + pn + "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("CMSServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'" ); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java index efb84e3fe..d28543a9c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java @@ -26,6 +26,7 @@ import javax.servlet.*; import javax.servlet.http.*; import com.netscape.certsrv.apps.*; import com.netscape.certsrv.base.*; +import com.netscape.cmsutil.util.Utils; /** @@ -50,27 +51,33 @@ public class CMSStartServlet extends HttpServlet { } File f1 = new File(old_path); if (f1.exists()) { - boolean success = f1.renameTo(f); - if (!success) { - String cmds[] = new String[3]; - if (File.separator.equals("\\")) { - cmds[0] = "cmd"; - cmds[1] = "/c"; - cmds[2] = "copy "+ - f1.getAbsolutePath().replace('/', '\\') + " " + - f.getAbsolutePath().replace('/', '\\'); + // The following block of code moves "CMS.cfg" to "CS.cfg". + try { + if( Utils.isNT() ) { + // NT is very picky on the path + Utils.exec( "copy " + + f1.getAbsolutePath().replace( '/', '\\' ) + + " " + + f.getAbsolutePath().replace( '/', '\\' ) ); } else { - cmds[0] = "/bin/sh"; - cmds[1] = "-c"; - cmds[2] = "cp " + f1.getAbsolutePath() + " " + - f.getAbsolutePath(); + // Create a copy of the original file which + // preserves the original file permissions. + Utils.exec( "cp -p " + f1.getAbsolutePath() + " " + + f.getAbsolutePath() ); } - try { - Process process = Runtime.getRuntime().exec(cmds); - process.waitFor(); - } catch (Exception e) { + // Remove the original file if and only if + // the backup copy was successful. + if( f.exists() ) { + f1.delete(); + + // Make certain that the new file has + // the correct permissions. + if( !Utils.isNT() ) { + Utils.exec( "chmod 00660 " + f.getAbsolutePath() ); + } } + } catch (Exception e) { } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java index 69dc7910e..8b85cd5be 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java @@ -53,15 +53,35 @@ public class BaseServlet extends VelocityServlet { } public void outputHttpParameters(HttpServletRequest httpReq) { - CMS.debug("CMSServlet:serice() uri = " + httpReq.getRequestURI()); + CMS.debug("BaseServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { String pn = (String) paramNames.nextElement(); - - CMS.debug( - "CMSServlet::service() param name='" + pn + "' value='" - + httpReq.getParameter(pn) + "'"); + // added this facility so that password can be hidden, + // all sensitive parameters should be prefixed with + // __ (double underscores); however, in the event that + // a security parameter slips through, we perform multiple + // additional checks to insure that it is NOT displayed + if( pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd") ) { + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='(sensitive)'" ); + } else { + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'" ); + } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java index 61a8a98a6..69e784356 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java @@ -53,15 +53,35 @@ public abstract class ConfigBaseServlet extends BaseServlet { Context context); public void outputHttpParameters(HttpServletRequest httpReq) { - CMS.debug("CMSServlet:serice() uri = " + httpReq.getRequestURI()); + CMS.debug("ConfigBaseServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { String pn = (String) paramNames.nextElement(); - - CMS.debug( - "CMSServlet::service() param name='" + pn + "' value='" - + httpReq.getParameter(pn) + "'"); + // added this facility so that password can be hidden, + // all sensitive parameters should be prefixed with + // __ (double underscores); however, in the event that + // a security parameter slips through, we perform multiple + // additional checks to insure that it is NOT displayed + if( pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd") ) { + CMS.debug("ConfigBaseServlet::service() param name='" + pn + + "' value='(sensitive)'" ); + } else { + CMS.debug("ConfigBaseServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'" ); + } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java index aa0affaca..2fc7e5150 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java @@ -232,16 +232,38 @@ profile, IRequest req) { requestB64 = com.netscape.osutil.OSUtil.BtoA(reqbuf); if (CMS.debugOn()) { - CMS.debug("Start of Input Parameters"); + CMS.debug("Start of ProfileSubmitCMCServlet Input Parameters"); Enumeration paramNames = request.getParameterNames(); while (paramNames.hasMoreElements()) { String paramName = (String) paramNames.nextElement(); - - CMS.debug("Input Parameter " + paramName + "='" + - request.getParameter(paramName) + "'"); + // added this facility so that password can be hidden, + // all sensitive parameters should be prefixed with + // __ (double underscores); however, in the event that + // a security parameter slips through, we perform multiple + // additional checks to insure that it is NOT displayed + if( paramName.startsWith("__") || + paramName.endsWith("password") || + paramName.endsWith("passwd") || + paramName.endsWith("pwd") || + paramName.equalsIgnoreCase("admin_password_again") || + paramName.equalsIgnoreCase("bindpassword") || + paramName.equalsIgnoreCase("bindpwd") || + paramName.equalsIgnoreCase("passwd") || + paramName.equalsIgnoreCase("password") || + paramName.equalsIgnoreCase("pin") || + paramName.equalsIgnoreCase("pwd") || + paramName.equalsIgnoreCase("pwdagain") || + paramName.equalsIgnoreCase("uPasswd") ) { + CMS.debug("ProfileSubmitCMCServlet Input Parameter " + + paramName + "='(sensitive)'"); + } else { + CMS.debug("ProfileSubmitCMCServlet Input Parameter " + + paramName + "='" + + request.getParameter(paramName) + "'"); + } } - CMS.debug("End of Input Parameters"); + CMS.debug("End of ProfileSubmitCMCServlet Input Parameters"); } CMS.debug("ProfileSubmitServlet: start serving"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java index 995ca5e33..c8a2483d8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java @@ -433,21 +433,40 @@ public class ProfileSubmitServlet extends ProfileServlet { Locale locale = getLocale(request); ArgSet args = new ArgSet(); -//xxx this ought to be removed. pwds are logged -/* if (CMS.debugOn()) { - CMS.debug("Start of Input Parameters"); + CMS.debug("Start of ProfileSubmitServlet Input Parameters"); Enumeration paramNames = request.getParameterNames(); while (paramNames.hasMoreElements()) { String paramName = (String) paramNames.nextElement(); - - CMS.debug("Input Parameter " + paramName + "='" + - request.getParameter(paramName) + "'"); + // added this facility so that password can be hidden, + // all sensitive parameters should be prefixed with + // __ (double underscores); however, in the event that + // a security parameter slips through, we perform multiple + // additional checks to insure that it is NOT displayed + if( paramName.startsWith("__") || + paramName.endsWith("password") || + paramName.endsWith("passwd") || + paramName.endsWith("pwd") || + paramName.equalsIgnoreCase("admin_password_again") || + paramName.equalsIgnoreCase("bindpassword") || + paramName.equalsIgnoreCase("bindpwd") || + paramName.equalsIgnoreCase("passwd") || + paramName.equalsIgnoreCase("password") || + paramName.equalsIgnoreCase("pin") || + paramName.equalsIgnoreCase("pwd") || + paramName.equalsIgnoreCase("pwdagain") || + paramName.equalsIgnoreCase("uPasswd") ) { + CMS.debug("ProfileSubmitServlet Input Parameter " + + paramName + "='(sensitive)'"); + } else { + CMS.debug("ProfileSubmitServlet Input Parameter " + + paramName + "='" + + request.getParameter(paramName) + "'"); + } } - CMS.debug("End of Input Parameters"); + CMS.debug("End of ProfileSubmitServlet Input Parameters"); } -*/ CMS.debug("ProfileSubmitServlet: start serving"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java index 8b2d9dfce..ec5a83e82 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java @@ -425,14 +425,33 @@ public class WizardServlet extends VelocityServlet { public void outputHttpParameters(HttpServletRequest httpReq) { - CMS.debug("WizardServlet:serice() uri = " + httpReq.getRequestURI()); + CMS.debug("WizardServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { String pn = (String)paramNames.nextElement(); - if (pn.startsWith("__")) { - CMS.debug("CMSServlet::service() param name='" + pn + "' value='(sensitive)'" ); + // added this facility so that password can be hidden, + // all sensitive parameters should be prefixed with + // __ (double underscores); however, in the event that + // a security parameter slips through, we perform multiple + // additional checks to insure that it is NOT displayed + if( pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd") ) { + CMS.debug("WizardServlet::service() param name='" + pn + + "' value='(sensitive)'" ); } else { - CMS.debug("CMSServlet::service() param name='" + pn + "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("WizardServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'" ); } } } |