summaryrefslogtreecommitdiffstats
path: root/pki/base/common
diff options
context:
space:
mode:
authormharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2009-02-12 18:35:32 +0000
committermharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2009-02-12 18:35:32 +0000
commit7afb54c93ae56ea4bf09fc5012045b4e7c19a9ec (patch)
tree5dafd62821ed01a6d5540b5b9b02f3f19677f7a7 /pki/base/common
parent7315a95377ee364d8f14c68ef4a469fc7dae743d (diff)
downloadpki-7afb54c93ae56ea4bf09fc5012045b4e7c19a9ec.tar.gz
pki-7afb54c93ae56ea4bf09fc5012045b4e7c19a9ec.tar.xz
pki-7afb54c93ae56ea4bf09fc5012045b4e7c19a9ec.zip
Bugzilla Bug #467155 - Change "renameTo" to "cp -p ".
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@225 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common')
-rw-r--r--pki/base/common/build.xml10
-rw-r--r--pki/base/common/src/com/netscape/cms/logging/LogFile.java8
-rw-r--r--pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java55
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java27
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java26
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java41
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java30
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java30
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java32
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java35
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java27
-rw-r--r--pki/base/common/src/com/netscape/cmscore/base/FileConfigStore.java48
-rw-r--r--pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java40
13 files changed, 334 insertions, 75 deletions
diff --git a/pki/base/common/build.xml b/pki/base/common/build.xml
index 3bd4ec916..144aed620 100644
--- a/pki/base/common/build.xml
+++ b/pki/base/common/build.xml
@@ -27,6 +27,8 @@
<property name="ldapjdk.jar" value="${jar.home}/ldapjdk.jar"/>
<property name="servlet.jar" value="${jar.home}/servlet.jar"/>
<property name="velocity.jar" value="${jar.home}/velocity.jar"/>
+ <property name="xalan-j2.jar" value="${jar.home}/xalan-j2.jar"/>
+ <property name="xerces-j2.jar" value="${jar.home}/xerces-j2.jar"/>
<property name="cmsutil.jar" value="${pki-jar.home}/cmsutil.jar"/>
<property name="nsutil.jar" value="${pki-jar.home}/nsutil.jar"/>
@@ -40,6 +42,12 @@
<pathelement location="${symkey.jar}"/>
<pathelement location="${velocity.jar}"/>
</path>
+ <path id="javadoc_classpath">
+ <path refid="classpath"/>
+ <pathelement location="${xalan-j2.jar}"/>
+ <pathelement location="${xerces-j2.jar}"/>
+ <pathelement location="./build/classes"/>
+ </path>
<path id="test_classpath">
<pathelement location="${jar.home}/junit.jar"/>
<pathelement location="${build.classes}"/>
@@ -208,7 +216,7 @@
version="true"
use="true"
windowtitle="${ant.project.name}"
- classpathref="classpath"
+ classpathref="javadoc_classpath"
verbose="false">
<doctitle>
<![CDATA[<h1>${ant.project.name}</h1>]]>
diff --git a/pki/base/common/src/com/netscape/cms/logging/LogFile.java b/pki/base/common/src/com/netscape/cms/logging/LogFile.java
index 024dfcd99..b5239a8fa 100644
--- a/pki/base/common/src/com/netscape/cms/logging/LogFile.java
+++ b/pki/base/common/src/com/netscape/cms/logging/LogFile.java
@@ -727,6 +727,14 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
out.seek(out.length());
//XXX int or long?
mBytesWritten = (int) out.length();
+ if( !Utils.isNT() ) {
+ try {
+ Utils.exec( "chmod 00660 " + mFile.getCanonicalPath() );
+ } catch( IOException e ) {
+ CMS.debug( "Unable to change file permissions on "
+ + mFile.toString() );
+ }
+ }
mLogWriter = new BufferedWriter(
new FileWriter(out.getFD()), mBufferSize);
diff --git a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java
index 2abf55cdc..964225181 100644
--- a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java
+++ b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java
@@ -210,16 +210,57 @@ public class RollingLogFile extends LogFile {
//File backupFile = new File(mFileName + "." + mFileNumber);
File backupFile = new File(mFileName + "." + mLogFileDateFormat.format(mDate));
- // close, rename and reopen the log file
+ // close, backup, and reopen the log file zeroizing its contents
super.close();
- mFile.renameTo(backupFile);
- if( !Utils.isNT() ) {
- try {
- Utils.exec( "chmod 00660 " + backupFile.getCanonicalPath() );
- } catch( IOException e ) {
- CMS.debug( "Unable to change file permissions on "
+ try {
+ if( Utils.isNT() ) {
+ // NT is very picky on the path
+ Utils.exec( "copy " +
+ mFile.getCanonicalPath().replace( '/', '\\' ) +
+ " " +
+ backupFile.getCanonicalPath().replace( '/',
+ '\\' ) );
+ } else {
+ // Create a copy of the original file which
+ // preserves the original file permissions.
+ Utils.exec( "cp -p " + mFile.getCanonicalPath() + " " +
+ backupFile.getCanonicalPath() );
+ }
+
+ // Zeroize the original file if and only if
+ // the backup copy was successful.
+ if( backupFile.exists() ) {
+
+ // Make certain that the backup file has
+ // the correct permissions.
+ if( !Utils.isNT() ) {
+ Utils.exec( "chmod 00660 " + backupFile.getCanonicalPath() );
+ }
+
+ try {
+ // Open and close the original file
+ // to zeroize its contents.
+ PrintWriter pw = new PrintWriter( mFile );
+ pw.close();
+
+ // Make certain that the original file retains
+ // the correct permissions.
+ if( !Utils.isNT() ) {
+ Utils.exec( "chmod 00660 " + mFile.getCanonicalPath() );
+ }
+ } catch ( FileNotFoundException e ) {
+ CMS.debug( "Unable to zeroize "
+ + mFile.toString() );
+ }
+ } else {
+ CMS.debug( "Unable to backup "
+ + mFile.toString() + " to "
+ backupFile.toString() );
}
+ } catch( Exception e ) {
+ CMS.debug( "Unable to backup "
+ + mFile.toString() + " to "
+ + backupFile.toString() );
}
super.open(); // will reset mBytesWritten
mFileNumber++;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java
index 8b05f8849..21ce1e78e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java
@@ -183,11 +183,34 @@ public class AdminServlet extends HttpServlet {
public void outputHttpParameters(HttpServletRequest httpReq)
{
- CMS.debug("AdminServlet:serice() uri = " + httpReq.getRequestURI());
+ CMS.debug("AdminServlet:service() uri = " + httpReq.getRequestURI());
Enumeration paramNames = httpReq.getParameterNames();
while (paramNames.hasMoreElements()) {
String pn = (String)paramNames.nextElement();
- CMS.debug("CMSServlet::service() param name='" + pn + "' value='" + httpReq.getParameter(pn) + "'" );
+ // added this facility so that password can be hidden,
+ // all sensitive parameters should be prefixed with
+ // __ (double underscores); however, in the event that
+ // a security parameter slips through, we perform multiple
+ // additional checks to insure that it is NOT displayed
+ if( pn.startsWith("__") ||
+ pn.endsWith("password") ||
+ pn.endsWith("passwd") ||
+ pn.endsWith("pwd") ||
+ pn.equalsIgnoreCase("admin_password_again") ||
+ pn.equalsIgnoreCase("bindpassword") ||
+ pn.equalsIgnoreCase("bindpwd") ||
+ pn.equalsIgnoreCase("passwd") ||
+ pn.equalsIgnoreCase("password") ||
+ pn.equalsIgnoreCase("pin") ||
+ pn.equalsIgnoreCase("pwd") ||
+ pn.equalsIgnoreCase("pwdagain") ||
+ pn.equalsIgnoreCase("uPasswd") ) {
+ CMS.debug("AdminServlet::service() param name='" + pn +
+ "' value='(sensitive)'" );
+ } else {
+ CMS.debug("AdminServlet::service() param name='" + pn +
+ "' value='" + httpReq.getParameter(pn) + "'" );
+ }
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
index 72c441b5b..1f1daec25 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
@@ -403,13 +403,29 @@ public abstract class CMSServlet extends HttpServlet {
Enumeration paramNames = httpReq.getParameterNames();
while (paramNames.hasMoreElements()) {
String pn = (String)paramNames.nextElement();
- // added this facility so that password can be hided,
+ // added this facility so that password can be hidden,
// all sensitive parameters should be prefixed with
- // __ (double underscores)
- if (pn.startsWith("__")) {
- CMS.debug("CMSServlet::service() param name='" + pn + "' value='(sensitive)'" );
+ // __ (double underscores); however, in the event that
+ // a security parameter slips through, we perform multiple
+ // additional checks to insure that it is NOT displayed
+ if( pn.startsWith("__") ||
+ pn.endsWith("password") ||
+ pn.endsWith("passwd") ||
+ pn.endsWith("pwd") ||
+ pn.equalsIgnoreCase("admin_password_again") ||
+ pn.equalsIgnoreCase("bindpassword") ||
+ pn.equalsIgnoreCase("bindpwd") ||
+ pn.equalsIgnoreCase("passwd") ||
+ pn.equalsIgnoreCase("password") ||
+ pn.equalsIgnoreCase("pin") ||
+ pn.equalsIgnoreCase("pwd") ||
+ pn.equalsIgnoreCase("pwdagain") ||
+ pn.equalsIgnoreCase("uPasswd") ) {
+ CMS.debug("CMSServlet::service() param name='" + pn +
+ "' value='(sensitive)'" );
} else {
- CMS.debug("CMSServlet::service() param name='" + pn + "' value='" + httpReq.getParameter(pn) + "'" );
+ CMS.debug("CMSServlet::service() param name='" + pn +
+ "' value='" + httpReq.getParameter(pn) + "'" );
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
index efb84e3fe..d28543a9c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
@@ -26,6 +26,7 @@ import javax.servlet.*;
import javax.servlet.http.*;
import com.netscape.certsrv.apps.*;
import com.netscape.certsrv.base.*;
+import com.netscape.cmsutil.util.Utils;
/**
@@ -50,27 +51,33 @@ public class CMSStartServlet extends HttpServlet {
}
File f1 = new File(old_path);
if (f1.exists()) {
- boolean success = f1.renameTo(f);
- if (!success) {
- String cmds[] = new String[3];
- if (File.separator.equals("\\")) {
- cmds[0] = "cmd";
- cmds[1] = "/c";
- cmds[2] = "copy "+
- f1.getAbsolutePath().replace('/', '\\') + " " +
- f.getAbsolutePath().replace('/', '\\');
+ // The following block of code moves "CMS.cfg" to "CS.cfg".
+ try {
+ if( Utils.isNT() ) {
+ // NT is very picky on the path
+ Utils.exec( "copy " +
+ f1.getAbsolutePath().replace( '/', '\\' ) +
+ " " +
+ f.getAbsolutePath().replace( '/', '\\' ) );
} else {
- cmds[0] = "/bin/sh";
- cmds[1] = "-c";
- cmds[2] = "cp " + f1.getAbsolutePath() + " " +
- f.getAbsolutePath();
+ // Create a copy of the original file which
+ // preserves the original file permissions.
+ Utils.exec( "cp -p " + f1.getAbsolutePath() + " " +
+ f.getAbsolutePath() );
}
- try {
- Process process = Runtime.getRuntime().exec(cmds);
- process.waitFor();
- } catch (Exception e) {
+ // Remove the original file if and only if
+ // the backup copy was successful.
+ if( f.exists() ) {
+ f1.delete();
+
+ // Make certain that the new file has
+ // the correct permissions.
+ if( !Utils.isNT() ) {
+ Utils.exec( "chmod 00660 " + f.getAbsolutePath() );
+ }
}
+ } catch (Exception e) {
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
index 69dc7910e..8b85cd5be 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
@@ -53,15 +53,35 @@ public class BaseServlet extends VelocityServlet {
}
public void outputHttpParameters(HttpServletRequest httpReq) {
- CMS.debug("CMSServlet:serice() uri = " + httpReq.getRequestURI());
+ CMS.debug("BaseServlet:service() uri = " + httpReq.getRequestURI());
Enumeration paramNames = httpReq.getParameterNames();
while (paramNames.hasMoreElements()) {
String pn = (String) paramNames.nextElement();
-
- CMS.debug(
- "CMSServlet::service() param name='" + pn + "' value='"
- + httpReq.getParameter(pn) + "'");
+ // added this facility so that password can be hidden,
+ // all sensitive parameters should be prefixed with
+ // __ (double underscores); however, in the event that
+ // a security parameter slips through, we perform multiple
+ // additional checks to insure that it is NOT displayed
+ if( pn.startsWith("__") ||
+ pn.endsWith("password") ||
+ pn.endsWith("passwd") ||
+ pn.endsWith("pwd") ||
+ pn.equalsIgnoreCase("admin_password_again") ||
+ pn.equalsIgnoreCase("bindpassword") ||
+ pn.equalsIgnoreCase("bindpwd") ||
+ pn.equalsIgnoreCase("passwd") ||
+ pn.equalsIgnoreCase("password") ||
+ pn.equalsIgnoreCase("pin") ||
+ pn.equalsIgnoreCase("pwd") ||
+ pn.equalsIgnoreCase("pwdagain") ||
+ pn.equalsIgnoreCase("uPasswd") ) {
+ CMS.debug("BaseServlet::service() param name='" + pn +
+ "' value='(sensitive)'" );
+ } else {
+ CMS.debug("BaseServlet::service() param name='" + pn +
+ "' value='" + httpReq.getParameter(pn) + "'" );
+ }
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java
index 61a8a98a6..69e784356 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java
@@ -53,15 +53,35 @@ public abstract class ConfigBaseServlet extends BaseServlet {
Context context);
public void outputHttpParameters(HttpServletRequest httpReq) {
- CMS.debug("CMSServlet:serice() uri = " + httpReq.getRequestURI());
+ CMS.debug("ConfigBaseServlet:service() uri = " + httpReq.getRequestURI());
Enumeration paramNames = httpReq.getParameterNames();
while (paramNames.hasMoreElements()) {
String pn = (String) paramNames.nextElement();
-
- CMS.debug(
- "CMSServlet::service() param name='" + pn + "' value='"
- + httpReq.getParameter(pn) + "'");
+ // added this facility so that password can be hidden,
+ // all sensitive parameters should be prefixed with
+ // __ (double underscores); however, in the event that
+ // a security parameter slips through, we perform multiple
+ // additional checks to insure that it is NOT displayed
+ if( pn.startsWith("__") ||
+ pn.endsWith("password") ||
+ pn.endsWith("passwd") ||
+ pn.endsWith("pwd") ||
+ pn.equalsIgnoreCase("admin_password_again") ||
+ pn.equalsIgnoreCase("bindpassword") ||
+ pn.equalsIgnoreCase("bindpwd") ||
+ pn.equalsIgnoreCase("passwd") ||
+ pn.equalsIgnoreCase("password") ||
+ pn.equalsIgnoreCase("pin") ||
+ pn.equalsIgnoreCase("pwd") ||
+ pn.equalsIgnoreCase("pwdagain") ||
+ pn.equalsIgnoreCase("uPasswd") ) {
+ CMS.debug("ConfigBaseServlet::service() param name='" + pn +
+ "' value='(sensitive)'" );
+ } else {
+ CMS.debug("ConfigBaseServlet::service() param name='" + pn +
+ "' value='" + httpReq.getParameter(pn) + "'" );
+ }
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
index aa0affaca..2fc7e5150 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
@@ -232,16 +232,38 @@ profile, IRequest req) {
requestB64 = com.netscape.osutil.OSUtil.BtoA(reqbuf);
if (CMS.debugOn()) {
- CMS.debug("Start of Input Parameters");
+ CMS.debug("Start of ProfileSubmitCMCServlet Input Parameters");
Enumeration paramNames = request.getParameterNames();
while (paramNames.hasMoreElements()) {
String paramName = (String) paramNames.nextElement();
-
- CMS.debug("Input Parameter " + paramName + "='" +
- request.getParameter(paramName) + "'");
+ // added this facility so that password can be hidden,
+ // all sensitive parameters should be prefixed with
+ // __ (double underscores); however, in the event that
+ // a security parameter slips through, we perform multiple
+ // additional checks to insure that it is NOT displayed
+ if( paramName.startsWith("__") ||
+ paramName.endsWith("password") ||
+ paramName.endsWith("passwd") ||
+ paramName.endsWith("pwd") ||
+ paramName.equalsIgnoreCase("admin_password_again") ||
+ paramName.equalsIgnoreCase("bindpassword") ||
+ paramName.equalsIgnoreCase("bindpwd") ||
+ paramName.equalsIgnoreCase("passwd") ||
+ paramName.equalsIgnoreCase("password") ||
+ paramName.equalsIgnoreCase("pin") ||
+ paramName.equalsIgnoreCase("pwd") ||
+ paramName.equalsIgnoreCase("pwdagain") ||
+ paramName.equalsIgnoreCase("uPasswd") ) {
+ CMS.debug("ProfileSubmitCMCServlet Input Parameter " +
+ paramName + "='(sensitive)'");
+ } else {
+ CMS.debug("ProfileSubmitCMCServlet Input Parameter " +
+ paramName + "='" +
+ request.getParameter(paramName) + "'");
+ }
}
- CMS.debug("End of Input Parameters");
+ CMS.debug("End of ProfileSubmitCMCServlet Input Parameters");
}
CMS.debug("ProfileSubmitServlet: start serving");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
index 995ca5e33..c8a2483d8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
@@ -433,21 +433,40 @@ public class ProfileSubmitServlet extends ProfileServlet {
Locale locale = getLocale(request);
ArgSet args = new ArgSet();
-//xxx this ought to be removed. pwds are logged
-/*
if (CMS.debugOn()) {
- CMS.debug("Start of Input Parameters");
+ CMS.debug("Start of ProfileSubmitServlet Input Parameters");
Enumeration paramNames = request.getParameterNames();
while (paramNames.hasMoreElements()) {
String paramName = (String) paramNames.nextElement();
-
- CMS.debug("Input Parameter " + paramName + "='" +
- request.getParameter(paramName) + "'");
+ // added this facility so that password can be hidden,
+ // all sensitive parameters should be prefixed with
+ // __ (double underscores); however, in the event that
+ // a security parameter slips through, we perform multiple
+ // additional checks to insure that it is NOT displayed
+ if( paramName.startsWith("__") ||
+ paramName.endsWith("password") ||
+ paramName.endsWith("passwd") ||
+ paramName.endsWith("pwd") ||
+ paramName.equalsIgnoreCase("admin_password_again") ||
+ paramName.equalsIgnoreCase("bindpassword") ||
+ paramName.equalsIgnoreCase("bindpwd") ||
+ paramName.equalsIgnoreCase("passwd") ||
+ paramName.equalsIgnoreCase("password") ||
+ paramName.equalsIgnoreCase("pin") ||
+ paramName.equalsIgnoreCase("pwd") ||
+ paramName.equalsIgnoreCase("pwdagain") ||
+ paramName.equalsIgnoreCase("uPasswd") ) {
+ CMS.debug("ProfileSubmitServlet Input Parameter " +
+ paramName + "='(sensitive)'");
+ } else {
+ CMS.debug("ProfileSubmitServlet Input Parameter " +
+ paramName + "='" +
+ request.getParameter(paramName) + "'");
+ }
}
- CMS.debug("End of Input Parameters");
+ CMS.debug("End of ProfileSubmitServlet Input Parameters");
}
-*/
CMS.debug("ProfileSubmitServlet: start serving");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java
index 8b2d9dfce..ec5a83e82 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java
@@ -425,14 +425,33 @@ public class WizardServlet extends VelocityServlet {
public void outputHttpParameters(HttpServletRequest httpReq)
{
- CMS.debug("WizardServlet:serice() uri = " + httpReq.getRequestURI());
+ CMS.debug("WizardServlet:service() uri = " + httpReq.getRequestURI());
Enumeration paramNames = httpReq.getParameterNames();
while (paramNames.hasMoreElements()) {
String pn = (String)paramNames.nextElement();
- if (pn.startsWith("__")) {
- CMS.debug("CMSServlet::service() param name='" + pn + "' value='(sensitive)'" );
+ // added this facility so that password can be hidden,
+ // all sensitive parameters should be prefixed with
+ // __ (double underscores); however, in the event that
+ // a security parameter slips through, we perform multiple
+ // additional checks to insure that it is NOT displayed
+ if( pn.startsWith("__") ||
+ pn.endsWith("password") ||
+ pn.endsWith("passwd") ||
+ pn.endsWith("pwd") ||
+ pn.equalsIgnoreCase("admin_password_again") ||
+ pn.equalsIgnoreCase("bindpassword") ||
+ pn.equalsIgnoreCase("bindpwd") ||
+ pn.equalsIgnoreCase("passwd") ||
+ pn.equalsIgnoreCase("password") ||
+ pn.equalsIgnoreCase("pin") ||
+ pn.equalsIgnoreCase("pwd") ||
+ pn.equalsIgnoreCase("pwdagain") ||
+ pn.equalsIgnoreCase("uPasswd") ) {
+ CMS.debug("WizardServlet::service() param name='" + pn +
+ "' value='(sensitive)'" );
} else {
- CMS.debug("CMSServlet::service() param name='" + pn + "' value='" + httpReq.getParameter(pn) + "'" );
+ CMS.debug("WizardServlet::service() param name='" + pn +
+ "' value='" + httpReq.getParameter(pn) + "'" );
}
}
}
diff --git a/pki/base/common/src/com/netscape/cmscore/base/FileConfigStore.java b/pki/base/common/src/com/netscape/cmscore/base/FileConfigStore.java
index 35e5f3e8c..e9cd48a57 100644
--- a/pki/base/common/src/com/netscape/cmscore/base/FileConfigStore.java
+++ b/pki/base/common/src/com/netscape/cmscore/base/FileConfigStore.java
@@ -22,6 +22,7 @@ import java.io.*;
import java.util.*;
import com.netscape.certsrv.base.*;
import com.netscape.certsrv.apps.CMS;
+import com.netscape.cmsutil.util.Utils;
/**
@@ -78,7 +79,8 @@ public class FileConfigStore extends PropConfigStore implements
}
/**
- * The original config file is moved to <filename>.<date>.
+ * The original config file is copied to
+ * <filename>.<current_time_in_milliseconds>.
* Commits the current properties to the configuration file.
* <P>
*
@@ -89,12 +91,48 @@ public class FileConfigStore extends PropConfigStore implements
File newName = new File(mFile.getPath() + "." +
Long.toString(System.currentTimeMillis()));
- if (!mFile.renameTo(newName)) {
- throw new EBaseException("rename failed");
+ try {
+ if( Utils.isNT() ) {
+ // NT is very picky on the path
+ Utils.exec( "copy " +
+ mFile.getAbsolutePath().replace( '/', '\\' ) +
+ " " +
+ newName.getAbsolutePath().replace( '/',
+ '\\' ) );
+ } else {
+ // Create a copy of the original file which
+ // preserves the original file permissions.
+ Utils.exec( "cp -p " + mFile.getAbsolutePath() + " " +
+ newName.getAbsolutePath() );
+ }
+
+ // Proceed only if the backup copy was successful.
+ if( !newName.exists() ) {
+ throw new EBaseException( "backup copy failed" );
+ } else {
+ // Make certain that the backup file has
+ // the correct permissions.
+ if( !Utils.isNT() ) {
+ Utils.exec( "chmod 00660 " + newName.getAbsolutePath() );
+ }
+ }
+ } catch( EBaseException e ) {
+ throw new EBaseException( "backup copy failed" );
+ }
+ }
+
+ // Overwrite the contents of the original file
+ // to preserve the original file permissions.
+ save( mFile.getPath() );
+
+ try {
+ // Make certain that the original file retains
+ // the correct permissions.
+ if( !Utils.isNT() ) {
+ Utils.exec( "chmod 00660 " + mFile.getCanonicalPath() );
}
+ } catch( Exception e ) {
}
- // proceed only if the rename is successful
- save(mFile.getPath());
}
/**
diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java b/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java
index abba2dcec..234a425d7 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java
@@ -35,6 +35,7 @@ import com.netscape.cmscore.base.*;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.logging.ILogger;
+import com.netscape.cmsutil.util.Utils;
/*
@@ -384,20 +385,37 @@ public class PWsdrCache {
File origFile = new File(mPWcachedb);
try {
- if (tmpPWcache.renameTo(origFile) == true) {
- debug("operation completed for " + mPWcachedb);
+ if( Utils.isNT() ) {
+ // NT is very picky on the path
+ Utils.exec( "copy " +
+ tmpPWcache.getAbsolutePath().replace( '/',
+ '\\' ) +
+ " " +
+ origFile.getAbsolutePath().replace( '/',
+ '\\' ) );
} else {
- if (isNT()) {
- // NT is very picky on the path
- exec("copy " +
- tmpPWcache.getAbsolutePath().replace('/', '\\') + " " +
- origFile.getAbsolutePath().replace('/', '\\'));
- } else {
- exec("cp " + tmpPWcache.getAbsolutePath() + " " +
- origFile.getAbsolutePath());
+ // Create a copy of the original file which
+ // preserves the original file permissions.
+ Utils.exec( "cp -p " + tmpPWcache.getAbsolutePath() + " " +
+ origFile.getAbsolutePath() );
+ }
+
+ // Remove the original file if and only if
+ // the backup copy was successful.
+ if( origFile.exists() ) {
+ if( !Utils.isNT() ) {
+ try {
+ Utils.exec( "chmod 00660 " +
+ origFile.getCanonicalPath() );
+ } catch( IOException e ) {
+ CMS.debug( "Unable to change file permissions on "
+ + origFile.toString() );
+ }
}
+ tmpPWcache.delete();
+ debug( "operation completed for " + mPWcachedb );
}
- } catch (EBaseException exx) {
+ } catch (Exception exx) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_CACHE", exx.toString()));
throw new EBaseException(exx.toString() + ": " + mPWcachedb);
}
generated by cgit (git 2.34.1) at 2024-06-23 04:59:58 +0000