diff options
| author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-02-06 05:17:15 +0000 |
|---|---|---|
| committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-02-06 05:17:15 +0000 |
| commit | 007ea9610f73ddcc1265ef74d08e2325478e9992 (patch) | |
| tree | ecfbf7eb9c6f6c717ba7abb5462da3e0c2a612f7 /pki/base | |
| parent | dd36607684b28733582d8479b6d2761dc73ccb4d (diff) | |
| download | pki-007ea9610f73ddcc1265ef74d08e2325478e9992.tar.gz pki-007ea9610f73ddcc1265ef74d08e2325478e9992.tar.xz pki-007ea9610f73ddcc1265ef74d08e2325478e9992.zip | |
Bugzilla BZ# 481670 and others
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@211 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base')
| -rwxr-xr-x | pki/base/tps/forms/esc/cgi-bin/sow/cfg.pl | 2 | ||||
| -rwxr-xr-x | pki/base/tps/lib/perl/PKI/TPS/DRMInfoPanel.pm | 2 | ||||
| -rw-r--r-- | pki/base/tps/scripts/addAgents.ldif | 14 | ||||
| -rw-r--r-- | pki/base/tps/src/engine/RA.cpp | 22 | ||||
| -rw-r--r-- | pki/base/tps/src/include/engine/RA.h | 1 | ||||
| -rw-r--r-- | pki/base/tps/src/include/tus/tus_db.h | 5 | ||||
| -rw-r--r-- | pki/base/tps/src/main/ConfigStore.cpp | 1 | ||||
| -rw-r--r-- | pki/base/tps/src/modules/tokendb/mod_tokendb.cpp | 97 | ||||
| -rw-r--r-- | pki/base/tps/src/processor/RA_Enroll_Processor.cpp | 6 | ||||
| -rw-r--r-- | pki/base/tps/src/tus/tus_db.c | 161 |
10 files changed, 253 insertions, 58 deletions
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/cfg.pl b/pki/base/tps/forms/esc/cgi-bin/sow/cfg.pl index b55e8bde5..8cd11b762 100755 --- a/pki/base/tps/forms/esc/cgi-bin/sow/cfg.pl +++ b/pki/base/tps/forms/esc/cgi-bin/sow/cfg.pl @@ -130,7 +130,7 @@ sub is_agent() "-b \"" . "cn=TUS Officers,ou=Groups,".$x_basedn . "\" " . "-h \"" . $x_host . "\" " . "-p \"" . $x_port ."\" " . - "-1 \"(uniqueMember=uid=" . $uid . "*)\" | wc -l"; + "-1 \"(member=uid=" . $uid . "*)\" | wc -l"; my $matched = `$cmd`; chomp($matched); diff --git a/pki/base/tps/lib/perl/PKI/TPS/DRMInfoPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/DRMInfoPanel.pm index 89eaee619..d98760738 100755 --- a/pki/base/tps/lib/perl/PKI/TPS/DRMInfoPanel.pm +++ b/pki/base/tps/lib/perl/PKI/TPS/DRMInfoPanel.pm @@ -106,6 +106,8 @@ sub update $::config->put("conn.tks1.serverKeygen", "false"); $::config->put("op.enroll.userKey.keyGen.encryption.serverKeygen.enable", "false"); $::config->put("op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable", "false"); + $::config->put("op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme", "GenerateNewKey"); + $::config->put("op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.scheme", "GenerateNewKey"); $::config->put("conn.drm1.clientNickname", ""); $::config->put("conn.drm1.hostport", ""); } diff --git a/pki/base/tps/scripts/addAgents.ldif b/pki/base/tps/scripts/addAgents.ldif index af10c34cf..840c83f0c 100644 --- a/pki/base/tps/scripts/addAgents.ldif +++ b/pki/base/tps/scripts/addAgents.ldif @@ -23,29 +23,31 @@ objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson +objectClass: tpsProfileId uid: admin userPassword: $TOKENDB_AGENT_PWD sn: TUS Administrator cn: TUS Administrator userCertificate:: $TOKENDB_AGENT_CERT +profileID: All Profiles dn: cn=TUS Agents,ou=Groups,$TOKENDB_ROOT objectClass: top -objectClass: groupOfUniqueNames +objectClass: groupOfNames cn: TUS Agents -uniqueMember: uid=admin,ou=People,$TOKENDB_ROOT +member: uid=admin,ou=People,$TOKENDB_ROOT description: Agents for TUS dn: cn=TUS Officers,ou=Groups,$TOKENDB_ROOT objectClass: top -objectClass: groupOfUniqueNames +objectClass: groupOfNames cn: TUS Officers -uniqueMember: uid=admin,ou=People,$TOKENDB_ROOT +member: uid=admin,ou=People,$TOKENDB_ROOT description: Operators for TUS dn: cn=TUS Administrators,ou=Groups,$TOKENDB_ROOT objectClass: top -objectClass: groupOfUniqueNames +objectClass: groupOfNames cn: TUS Administrators -uniqueMember: uid=admin,ou=People,$TOKENDB_ROOT +member: uid=admin,ou=People,$TOKENDB_ROOT description: Administrators for TUS diff --git a/pki/base/tps/src/engine/RA.cpp b/pki/base/tps/src/engine/RA.cpp index 23318ac78..95d0601a1 100644 --- a/pki/base/tps/src/engine/RA.cpp +++ b/pki/base/tps/src/engine/RA.cpp @@ -387,6 +387,7 @@ TPS_PUBLIC int RA::Shutdown() { tus_db_end(); + tus_db_cleanup(); if( m_pod_lock != NULL ) { PR_DestroyLock( m_pod_lock ); @@ -1784,6 +1785,10 @@ int RA::InitializeHttpConnections(const char *id, int *len, HttpConnection **con ctx->InitializationError( "RA::InitializeHttpConnections", __LINE__ ); rc = -1; + if (cinfo != NULL) { + delete cinfo; + cinfo = NULL; + } goto loser; } @@ -1803,6 +1808,10 @@ int RA::InitializeHttpConnections(const char *id, int *len, HttpConnection **con clientnickname, i ); rc = -2; + if (cinfo != NULL) { + delete cinfo; + cinfo = NULL; + } goto loser; } else { RA::Debug( LL_PER_CONNECTION, @@ -1824,6 +1833,10 @@ int RA::InitializeHttpConnections(const char *id, int *len, HttpConnection **con id, i ); rc = -3; + if (cinfo != NULL) { + delete cinfo; + cinfo = NULL; + } goto loser; } @@ -2012,6 +2025,11 @@ TPS_PUBLIC int RA::ra_allow_token_reenroll(char *cuid) return allow_token_reenroll(cuid); } +TPS_PUBLIC void RA::ra_tus_print_integer(char *out, SECItem *data) +{ + tus_print_integer(out, data); +} + int RA::tdb_activity(char *ip, char *cuid, const char *op, const char *result, const char *msg, const char *userid, const char *token_type) { return add_activity(ip, cuid, op, result, msg, userid, token_type); @@ -2049,7 +2067,9 @@ int RA::tdb_update_certificates(char* cuid, char **tokentypes, char *userid, CER RA::Debug(LL_PER_PDU, "RA::tdb_update_certificates", "adding cert=%x", certificates[i]); - PR_snprintf(filter, 512, "tokenSerial=%x", DER_GetInteger(&(certificates[i])->serialNumber)); + PR_snprintf(filter, 512, "tokenSerial=%x"); + tus_print_integer(filter, &(certificates[i])->serialNumber); + int r = find_tus_certificate_entries_by_order_no_vlv(filter, &result, 1); bool found = false; if (r == LDAP_SUCCESS) { diff --git a/pki/base/tps/src/include/engine/RA.h b/pki/base/tps/src/include/engine/RA.h index 5bf076851..408146578 100644 --- a/pki/base/tps/src/include/engine/RA.h +++ b/pki/base/tps/src/include/engine/RA.h @@ -177,6 +177,7 @@ class RA char *filter, int num, LDAPMessage **msg, int order); TPS_PUBLIC static int ra_find_tus_certificate_entries_by_order_no_vlv( char *filter, LDAPMessage **msg, int order); + TPS_PUBLIC static void ra_tus_print_integer(char *out, SECItem *data); TPS_PUBLIC static int ra_update_token_status_reason_userid(char *userid, char *cuid, const char *status, const char *reason, int modifyDateOfCreate); static int tdb_add_token_entry(char *userid, char* cuid, const char *status, const char *token_type); diff --git a/pki/base/tps/src/include/tus/tus_db.h b/pki/base/tps/src/include/tus/tus_db.h index f05c8ced3..2f0e6eca4 100644 --- a/pki/base/tps/src/include/tus/tus_db.h +++ b/pki/base/tps/src/include/tus/tus_db.h @@ -125,7 +125,7 @@ #define USER_CN "cn" #define USER_CERT "userCertificate" #define PROFILE_ID "profileID" -#define GROUP_UNIQUEMEMBER "uniqueMember" +#define GROUP_MEMBER "member" #define SUBGROUP_ID "cn" /* roles */ @@ -155,6 +155,9 @@ TPS_PUBLIC int update_token_policy (char *cn, char *policy); TPS_PUBLIC char *get_token_policy (char *cn); TPS_PUBLIC char *get_token_userid(char *cn); TPS_PUBLIC void tus_db_end(); +TPS_PUBLIC void tus_db_cleanup(); +TPS_PUBLIC void tus_print_as_hex(char *out, SECItem *data); +TPS_PUBLIC void tus_print_integer(char *out, SECItem *data); TPS_PUBLIC int is_tus_db_entry_disabled(char *cn); TPS_PUBLIC int add_default_tus_db_entry (const char *uid, const char *agentid, char *cn, const char *status, char *applet_version, char *key_info, const char *token_type ); TPS_PUBLIC int delete_tus_db_entry (char *userid, char *cn); diff --git a/pki/base/tps/src/main/ConfigStore.cpp b/pki/base/tps/src/main/ConfigStore.cpp index 26e74852f..ce06091d6 100644 --- a/pki/base/tps/src/main/ConfigStore.cpp +++ b/pki/base/tps/src/main/ConfigStore.cpp @@ -155,6 +155,7 @@ ConfigStore::~ConfigStore () PR_Free(m_substore_name); } m_root->release(); + delete m_root; } diff --git a/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp index 6b475f611..2d1766b0c 100644 --- a/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp +++ b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp @@ -84,6 +84,7 @@ extern TOKENDB_PUBLIC char *nss_var_lookup( apr_pool_t *p, server_rec *s, #define MAX_INJECTION_SIZE 5120 #define MAX_OVERLOAD 20 +#define SHORT_LEN 256 #define BASE64_HEADER "-----BEGIN CERTIFICATE-----\n" #define BASE64_FOOTER "-----END CERTIFICATE-----\n" @@ -295,7 +296,7 @@ char *unencode(const char *src) * must be freed by caller. * example: get_field("op=hello&name=foo&title=bar", "name=") returns foo */ -char *get_field( char *s, char* fname) +char *get_field( char *s, char* fname, int len) { char *end = NULL; int n; @@ -315,6 +316,9 @@ char *get_field( char *s, char* fname) if (n == 0) { return NULL; + } else if (n > len) { + /* string too long */ + return NULL; } else { return PL_strndup( s, n ); } @@ -326,10 +330,17 @@ char *get_field( char *s, char* fname) * params: post - apr_table with post data * : fname = name of post-field */ -char *get_post_field( apr_table_t *post, const char *fname) +char *get_post_field( apr_table_t *post, const char *fname, int len) { + char *ret = NULL; if (post) { - return unencode(apr_table_get(post, fname)); + ret = unencode(apr_table_get(post, fname)); + if ((ret != NULL) && (PL_strlen(ret) > len)) { + PR_Free(ret); + return NULL; + } else { + return ret; + } } else { return NULL; } @@ -339,10 +350,17 @@ char *get_post_field( apr_table_t *post, const char *fname) * similar to get_post_field - but returns the original post data * without unencoding - used for userCert */ -char *get_encoded_post_field(apr_table_t *post, const char *fname) +char *get_encoded_post_field(apr_table_t *post, const char *fname, int len) { + char *ret = NULL; if (post) { - return PL_strdup(apr_table_get(post, fname)); + ret = PL_strdup(apr_table_get(post, fname)); + if ((ret != NULL) && (PL_strlen(ret) > len)) { + PL_strfree(ret); + return NULL; + } else { + return ret; + } } else { return NULL; } @@ -692,9 +710,9 @@ void getUserFilter (char *filter, char *query) { char *firstName = NULL; char *lastName = NULL; - uid = get_field(query, "uid="); - firstName = get_field(query, "firstName="); - lastName = get_field(query, "lastName="); + uid = get_field(query, "uid=", SHORT_LEN); + firstName = get_field(query, "firstName=", SHORT_LEN); + lastName = get_field(query, "lastName=", SHORT_LEN); filter[0] = '\0'; @@ -2191,6 +2209,7 @@ mod_tokendb_terminate( void *data ) "The Tokendb module has been terminated!" ); tus_db_end(); + tus_db_cleanup(); /* Since all members of mod_tokendb_server_configuration are allocated */ /* from a pool, there is no need to unset any of these members. */ @@ -3593,7 +3612,7 @@ mod_tokendb_handler( request_rec *rq ) "var userid = \"", userid, "\";\n" ); - topLevel = get_field(query, "top="); + topLevel = get_field(query, "top=", SHORT_LEN); if ((topLevel != NULL) && (PL_strstr(topLevel, "operator"))) { PL_strcat(injection, "var topLevel = \"operator\";\n"); } @@ -3644,7 +3663,7 @@ mod_tokendb_handler( request_rec *rq ) "var userid = \"", userid, "\";\n"); - topLevel = get_field(query, "top="); + topLevel = get_field(query, "top=", SHORT_LEN); if ((topLevel != NULL) && (PL_strstr(topLevel, "operator"))) { PL_strcat(injection, "var topLevel = \"operator\";\n"); } @@ -3669,7 +3688,7 @@ mod_tokendb_handler( request_rec *rq ) "var userid = \"", userid, "\";\n"); - topLevel = get_field(query, "top="); + topLevel = get_field(query, "top=", SHORT_LEN); if ((topLevel != NULL) && (PL_strstr(topLevel, "operator"))) { PL_strcat(injection, "var topLevel = \"operator\";\n"); } @@ -3972,7 +3991,7 @@ mod_tokendb_handler( request_rec *rq ) /* start_val used in paging of profiles on the edit_user page */ if (PL_strstr( query, "op=edit_user") ) { - char *start_val_str = get_field(query, "start_val="); + char *start_val_str = get_field(query, "start_val=", SHORT_LEN); if (start_val_str != NULL) { start_val = atoi(start_val_str); do_free(start_val_str); @@ -3984,7 +4003,7 @@ mod_tokendb_handler( request_rec *rq ) /* flash used to display edit result upon redirection back to the edit_user page */ if (PL_strstr(query, "op=edit_user") ) { - char *flash = get_field(query, "flash="); + char *flash = get_field(query, "flash=", SHORT_LEN); if (flash != NULL) { PL_strcat(injection, "var flash = \""); PL_strcat(injection, flash); @@ -4109,7 +4128,7 @@ mod_tokendb_handler( request_rec *rq ) if ((PL_strstr( query, "op=edit_user")) || (PL_strstr( query, "op=user_delete_confirm"))) { - uid = get_field(query, "uid="); + uid = get_field(query, "uid=", SHORT_LEN); bool officer = false; bool agent = false; bool admin = false; @@ -4190,7 +4209,7 @@ mod_tokendb_handler( request_rec *rq ) } } } - topLevel = get_field(query, "top="); + topLevel = get_field(query, "top=", SHORT_LEN); if ((topLevel != NULL) && (PL_strstr(topLevel, "operator"))) { PL_strcat(injection, "var topLevel = \"operator\";\n"); } @@ -4266,9 +4285,9 @@ mod_tokendb_handler( request_rec *rq ) return DECLINED; } - uid = get_post_field(post, "uid"); - char *profile = get_post_field(post, "profile_0"); - char *other_profile = get_post_field(post, "other_profile"); + uid = get_post_field(post, "uid", SHORT_LEN); + char *profile = get_post_field(post, "profile_0", SHORT_LEN); + char *other_profile = get_post_field(post, "other_profile", SHORT_LEN); if ((profile != NULL) && (uid != NULL)) { if (PL_strstr(profile, "Other Profiles")) { if ((other_profile != NULL) && (match_profile(other_profile))) { @@ -4329,13 +4348,13 @@ mod_tokendb_handler( request_rec *rq ) return DECLINED; } // first save user details - uid = get_post_field(post, "uid"); - firstName = get_post_field(post, "firstName"); - lastName = get_post_field(post, "lastName"); - userCert = get_encoded_post_field(post, "userCert"); - opOperator = get_post_field(post, "opOperator"); - opAgent = get_post_field(post, "opAgent"); - opAdmin = get_post_field(post, "opAdmin"); + uid = get_post_field(post, "uid", SHORT_LEN); + firstName = get_post_field(post, "firstName", SHORT_LEN); + lastName = get_post_field(post, "lastName", SHORT_LEN); + userCert = get_encoded_post_field(post, "userCert", HUGE_STRING_LEN); + opOperator = get_post_field(post, "opOperator", SHORT_LEN); + opAgent = get_post_field(post, "opAgent", SHORT_LEN); + opAdmin = get_post_field(post, "opAdmin", SHORT_LEN); PR_snprintf((char *)userCN, 256, "%s %s", firstName, lastName); @@ -4407,15 +4426,15 @@ mod_tokendb_handler( request_rec *rq ) do_free(opAdmin); // save profile details - int nProfiles = atoi (get_post_field(post, "nProfiles")); + int nProfiles = atoi (get_post_field(post, "nProfiles", SHORT_LEN)); for (int i=0; i< nProfiles; i++) { char p_name[256]; char p_delete[256]; PR_snprintf(p_name, 256, "profile_%d", i); PR_snprintf(p_delete, 256, "delete_%d", i); - char *profile = get_post_field(post, p_name); - char *p_del = get_post_field(post, p_delete); + char *profile = get_post_field(post, p_name, SHORT_LEN); + char *p_del = get_post_field(post, p_delete, SHORT_LEN); if ((profile != NULL) && (p_del != NULL) && (PL_strstr(p_del, "delete"))) { status = delete_profile_from_user(userid, uid, profile); @@ -4560,10 +4579,10 @@ mod_tokendb_handler( request_rec *rq ) return DECLINED; } - uid = get_post_field(post, "uid"); - opOperator = get_post_field(post, "opOperator"); - opAdmin = get_post_field(post, "opAdmin"); - opAgent = get_post_field(post, "opAgent"); + uid = get_post_field(post, "uid", SHORT_LEN); + opOperator = get_post_field(post, "opOperator", SHORT_LEN); + opAdmin = get_post_field(post, "opAdmin", SHORT_LEN); + opAgent = get_post_field(post, "opAgent", SHORT_LEN); if (uid == NULL) { error_out("Error in delete user. userid is null", "Error in delete user. userid is null"); @@ -4646,13 +4665,13 @@ mod_tokendb_handler( request_rec *rq ) return DECLINED; } - uid = get_post_field(post, "userid"); - firstName = get_post_field(post, "firstName"); - lastName = get_post_field(post, "lastName"); - opOperator = get_post_field(post, "opOperator"); - opAdmin = get_post_field(post, "opAdmin"); - opAgent = get_post_field(post, "opAgent"); - userCert = get_encoded_post_field(post, "cert"); + uid = get_post_field(post, "userid", SHORT_LEN); + firstName = get_post_field(post, "firstName", SHORT_LEN); + lastName = get_post_field(post, "lastName", SHORT_LEN); + opOperator = get_post_field(post, "opOperator", SHORT_LEN); + opAdmin = get_post_field(post, "opAdmin", SHORT_LEN); + opAgent = get_post_field(post, "opAgent", SHORT_LEN); + userCert = get_encoded_post_field(post, "cert", HUGE_STRING_LEN); if ((PL_strlen(uid) == 0) || (PL_strlen(firstName) == 0) || (PL_strlen(lastName) == 0)) { error_out("Bad input to op=addUser", "Bad input to op=addUser"); diff --git a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp index 6370d9258..d300b00c0 100644 --- a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp +++ b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp @@ -547,8 +547,10 @@ RA_Status RA_Enroll_Processor::DoEnrollment(AuthParams *login, RA_Session *sessi certificates[index] = CERT_DecodeCertFromPackage((char *) cert_string, (int) cert->size()); if (certificates[index] != NULL) { - RA::Debug("DoEnrollment", "Received Certificate 0x%x", - DER_GetInteger(&certificates[index]->serialNumber)); + char msg[2048]; + RA::ra_tus_print_integer(msg, &certificates[index]->serialNumber); + RA::Debug("DoEnrollment", "Received Certificate"); + RA::Debug("DoEnrollment", msg); } free(cert_string); ktypes[index] = strdup(keyType); diff --git a/pki/base/tps/src/tus/tus_db.c b/pki/base/tps/src/tus/tus_db.c index 8719fce7b..3ab7ae1d0 100644 --- a/pki/base/tps/src/tus/tus_db.c +++ b/pki/base/tps/src/tus/tus_db.c @@ -384,6 +384,8 @@ TPS_PUBLIC int get_tus_db_config(char *cfg_name) audit_fd = PR_Open(s, PR_RDWR | PR_CREATE_FILE | PR_APPEND, 400 | 200); } + PL_strfree( s ); + s = NULL; } else { if( buf != NULL ) { PR_Free( buf ); @@ -404,6 +406,8 @@ TPS_PUBLIC int get_tus_db_config(char *cfg_name) s = PL_strndup(v, n); if (s != NULL) { set_tus_db_host(s); + PL_strfree( s ); + s = NULL; } else { if( buf != NULL ) { PR_Free( buf ); @@ -425,6 +429,8 @@ TPS_PUBLIC int get_tus_db_config(char *cfg_name) s = PL_strndup(v, n); if (s != NULL) { defaultPolicy = PL_strdup( s ); + PL_strfree( s ); + s = NULL; } else { if( buf != NULL ) { PR_Free( buf ); @@ -445,6 +451,8 @@ TPS_PUBLIC int get_tus_db_config(char *cfg_name) s = PL_strndup(v, n); if (s != NULL) { set_tus_db_userBaseDN(s); + PL_strfree( s ); + s = NULL; } else { if( buf != NULL ) { PR_Free( buf ); @@ -465,6 +473,8 @@ TPS_PUBLIC int get_tus_db_config(char *cfg_name) s = PL_strndup(v, n); if (s != NULL) { set_tus_db_baseDN(s); + PL_strfree( s ); + s = NULL; } else { if( buf != NULL ) { PR_Free( buf ); @@ -484,6 +494,8 @@ TPS_PUBLIC int get_tus_db_config(char *cfg_name) s = PL_strndup(v, n); if (s != NULL) { set_tus_db_activityBaseDN(s); + PL_strfree( s ); + s = NULL; } else { if( buf != NULL ) { PR_Free( buf ); @@ -503,6 +515,8 @@ TPS_PUBLIC int get_tus_db_config(char *cfg_name) s = PL_strndup(v, n); if (s != NULL) { set_tus_db_certBaseDN(s); + PL_strfree( s ); + s = NULL; } else { if( buf != NULL ) { PR_Free( buf ); @@ -522,6 +536,8 @@ TPS_PUBLIC int get_tus_db_config(char *cfg_name) s = PL_strndup(v, n); if (s != NULL) { set_tus_db_bindDN(s); + PL_strfree( s ); + s = NULL; } else { if( buf != NULL ) { PR_Free( buf ); @@ -549,6 +565,8 @@ TPS_PUBLIC int get_tus_db_config(char *cfg_name) PR_fprintf(debug_fd, "freeing p - %s\n", p); PR_Free( p ); } + PL_strfree( s ); + s = NULL; } else { if( buf != NULL ) { PR_Free( buf ); @@ -693,7 +711,7 @@ TPS_PUBLIC int tus_authorize(const char *group, const char *userid) LDAPMessage *result = NULL; PR_snprintf(filter, 4096, - "(&(cn=%s)(uniqueMember=uid=%s,*))", group ,userid); + "(&(cn=%s)(member=uid=%s,*))", group ,userid); for (tries = 0; tries < MAX_RETRIES; tries++) { if ((rc = ldap_search_ext_s(ld, userBaseDN, LDAP_SCOPE_SUBTREE, filter, NULL, 0, NULL, NULL, NULL, 0, &result)) == LDAP_SUCCESS ) @@ -889,6 +907,132 @@ TPS_PUBLIC void tus_db_end() } } +TPS_PUBLIC void tus_db_cleanup() +{ + if (ssl != NULL) { + PL_strfree(ssl); + ssl = NULL; + } + if (host != NULL) { + PL_strfree(host); + host = NULL; + } + if (userBaseDN != NULL) { + PL_strfree(userBaseDN); + userBaseDN = NULL; + } + if (baseDN != NULL) { + PL_strfree(baseDN); + baseDN = NULL; + } + if (activityBaseDN != NULL) { + PL_strfree(activityBaseDN); + activityBaseDN = NULL; + } + if(certBaseDN != NULL) { + PL_strfree(certBaseDN); + certBaseDN = NULL; + } + if(bindDN != NULL) { + PL_strfree(bindDN); + bindDN = NULL; + } + if(bindPass != NULL) { + PL_strfree(bindPass); + bindPass = NULL; + } + if(defaultPolicy != NULL) { + PL_strfree(defaultPolicy); + defaultPolicy = NULL; + } + if (debug_fd != NULL) { + PR_Close(debug_fd); + debug_fd = NULL; + } + if (audit_fd != NULL) { + PR_Close(audit_fd); + audit_fd = NULL; + } +} + +/***** + * tus_print_integer + * summary: prints serial number as hex string + * modeled on SECU_PrintInteger. The length + * 4 below is arbitrary - but works! + * params: out - output hexidecimal string + * data - serial number as SECItem + */ +TPS_PUBLIC void tus_print_integer(char *out, SECItem *i) +{ + int iv; + + if (!i || !i->len || !i->data) { + sprintf(out, "(null)"); + } else if (i->len > 4) { + tus_print_as_hex(out, i); + } else { + if (i->type == siUnsignedInteger && *i->data & 0x80) { + /* Make sure i->data has zero in the highest byte + * if i->data is an unsigned integer */ + SECItem tmpI; + char data[] = {0, 0, 0, 0, 0}; + + PORT_Memcpy(data + 1, i->data, i->len); + tmpI.len = i->len + 1; + tmpI.data = (void*)data; + + iv = DER_GetInteger(&tmpI); + } else { + iv = DER_GetInteger(i); + } + sprintf(out, "%x", iv); + } +} + +/*** + * tus_print_as_hex + * summary: prints serial number as a hex string, needed + * because DER_GetInteger only works for small numbers + * modeled on SECU_PrintAsHex + * params: out - output hexidecimal string + * data - serial number as SECItem + */ +TPS_PUBLIC void tus_print_as_hex(char *out, SECItem *data) +{ + unsigned i; + int isString = 1; + char tmp[32]; + + PR_snprintf(out, 2, ""); + + /* take a pass to see if it's all printable. */ + for (i = 0; i < data->len; i++) { + unsigned char val = data->data[i]; + if (!val || !isprint(val)) { + isString = 0; + break; + } + } + + if (!isString) { + for (i = 0; i < data->len; i++) { + PR_snprintf(tmp, 32, "%02x", data->data[i]); + PL_strcat(out, tmp); + } + } else { + for (i = 0; i < data->len; i++) { + unsigned char val = data->data[i]; + + if (val != NULL) { + PR_snprintf(tmp, 32, "%c", val); + PL_strcat(out, tmp); + } + } + } + PL_strcat(out, '\0'); +} + char **parse_number_change(int n) { char tmp[32]; @@ -1468,7 +1612,8 @@ int add_certificate (char *tokenid, char *origin, char *tokenType, char *userid, time.tm_hour, time.tm_min, time.tm_sec); /* unique id per activity */ - PR_snprintf(serialnumber, 2048, "%x", DER_GetInteger(&certificate->serialNumber)); + tus_print_integer(serialnumber, &certificate->serialNumber); + PR_snprintf(name, 16, "%04d%02d%02d%02d%02d%02dZ", time.tm_year, (time.tm_month + 1), time.tm_mday, time.tm_hour, time.tm_min, time.tm_sec); @@ -2113,7 +2258,7 @@ TPS_PUBLIC int add_user_to_role_db_entry(const char *agentid, char *userid, cons userid_values[1] = NULL; a01.mod_op = LDAP_MOD_ADD; - a01.mod_type = GROUP_UNIQUEMEMBER; + a01.mod_type = GROUP_MEMBER; a01.mod_values = userid_values; mods[0] = &a01; mods[1] = NULL; @@ -2124,7 +2269,7 @@ TPS_PUBLIC int add_user_to_role_db_entry(const char *agentid, char *userid, cons rc = update_tus_general_db_entry(agentid, dn, mods); if (rc == LDAP_SUCCESS) { - PR_snprintf("Added role %s to user %s", role, userid); + PR_snprintf(msg, 256, "Added role %s to user %s", role, userid); audit_log("add_user_to_role", agentid, msg); } return rc; @@ -2155,7 +2300,7 @@ TPS_PUBLIC int delete_user_from_role_db_entry(const char *agentid, char *userid, userid_values[1] = NULL; a01.mod_op = LDAP_MOD_DELETE; - a01.mod_type = GROUP_UNIQUEMEMBER; + a01.mod_type = GROUP_MEMBER; a01.mod_values = userid_values; mods[0] = &a01; mods[1] = NULL; @@ -2165,7 +2310,7 @@ TPS_PUBLIC int delete_user_from_role_db_entry(const char *agentid, char *userid, rc = update_tus_general_db_entry(agentid, dn, mods); if (rc == LDAP_SUCCESS) { - PR_snprintf("Deleted role %s from user %s", role, userid); + PR_snprintf(msg, 256, "Deleted role %s from user %s", role, userid); audit_log("delete_user_from_role", agentid, msg); } @@ -2200,7 +2345,7 @@ TPS_PUBLIC int delete_profile_from_user(const char *agentid, char *userid, const rc = update_tus_general_db_entry(agentid, dn, mods); if (rc == LDAP_SUCCESS) { - PR_snprintf("Deleted profile %s from user %s", profile, userid); + PR_snprintf(msg, 256, "Deleted profile %s from user %s", profile, userid); audit_log("delete_profile_from_user", agentid, msg); } @@ -2527,7 +2672,7 @@ TPS_PUBLIC int find_tus_user_role_entries( const char*uid, LDAPMessage **result) char *subgroup_attrs[] = {SUBGROUP_ID, NULL}; PR_snprintf(groupBaseDN, 256, "ou=Groups,%s", userBaseDN); - PR_snprintf(filter, 256, "uniqueMember=uid=%s,ou=People,%s", uid, userBaseDN); + PR_snprintf(filter, 256, "member=uid=%s,ou=People,%s", uid, userBaseDN); tus_check_conn(); for (tries = 0; tries < MAX_RETRIES; tries++) { |