diff options
| author | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2008-04-04 21:12:17 +0000 |
|---|---|---|
| committer | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2008-04-04 21:12:17 +0000 |
| commit | 130789c2d4622c33870f784569959893ae0d3427 (patch) | |
| tree | 657b2da3e0573c1b1c96417d33eb25ebac87fb82 /pki | |
| parent | 8833331ed583703846578a3d3326953a4e6fac74 (diff) | |
| download | pki-130789c2d4622c33870f784569959893ae0d3427.tar.gz pki-130789c2d4622c33870f784569959893ae0d3427.tar.xz pki-130789c2d4622c33870f784569959893ae0d3427.zip | |
bug#440989 - [SECURITY] CMC authorization check not done by default
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@17 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki')
| -rw-r--r-- | pki/base/ca/shared/profiles/ca/caCMCUserCert.cfg | 1 | ||||
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java | 9 | ||||
| -rw-r--r-- | pki/linux/common/pki-common.spec | 4 |
3 files changed, 12 insertions, 2 deletions
diff --git a/pki/base/ca/shared/profiles/ca/caCMCUserCert.cfg b/pki/base/ca/shared/profiles/ca/caCMCUserCert.cfg index 8b6936e06..f9f55851a 100644 --- a/pki/base/ca/shared/profiles/ca/caCMCUserCert.cfg +++ b/pki/base/ca/shared/profiles/ca/caCMCUserCert.cfg @@ -3,6 +3,7 @@ visible=true enable=true enableBy=admin auth.instance_id=CMCAuth +authz.acl=group="Certificate Manager Agents" name=Signed CMC-Authenticated User Certificate Enrollment input.list=i1,i2 input.i1.class_id=cmcCertReqInputImpl diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java index 693e04fb4..79c63be92 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java @@ -415,9 +415,16 @@ public class ProfileSubmitServlet extends ProfileServlet { AuthzToken authzToken = authorize(mAclMethod, authToken, acl); } catch (Exception e) { CMS.debug("ProfileSubmitServlet authorize: "+e.toString()); - if (xmlOutput) + if (xmlOutput) { outputError(response, CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR")); + } else { + args.set(ARG_ERROR_CODE, "1"); + args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, + "CMS_AUTHORIZATION_ERROR")); + outputTemplate(request, response, args); + } + return; } } diff --git a/pki/linux/common/pki-common.spec b/pki/linux/common/pki-common.spec index 04ad060e5..e5f3d9e96 100644 --- a/pki/linux/common/pki-common.spec +++ b/pki/linux/common/pki-common.spec @@ -33,7 +33,7 @@ ## Package Header Definitions %define base_name %{base_prefix}-%{base_component} %define base_version 1.0.0 -%define base_release 2 +%define base_release 3 %define base_group System Environment/Base %define base_vendor Red Hat, Inc. %define base_license GPLv2 with exceptions @@ -294,6 +294,8 @@ chmod 00755 %{_datadir}/%{base_prefix}/setup/postinstall ############################################################################### %changelog +* Fri Apr 4 2008 Christina Fu <cfu@redhat.com> 1.0.0-3 +- Fixed bug #40989 - [SECURITY] CMC authorization check not done by default * Fri Apr 4 2008 Christina Fu <cfu@redhat.com> 1.0.0-2 - Fixed bug #439052 - CMC CRMF requests cause exception in logging: Unmatched braces in the pattern * Tue Feb 19 2008 PKI Team <pki-devel@redhat.com> 1.0.0-1 |