diff options
35 files changed, 661 insertions, 131 deletions
diff --git a/pki/base/common/build.xml b/pki/base/common/build.xml index 3bd4ec916..144aed620 100644 --- a/pki/base/common/build.xml +++ b/pki/base/common/build.xml @@ -27,6 +27,8 @@ <property name="ldapjdk.jar" value="${jar.home}/ldapjdk.jar"/> <property name="servlet.jar" value="${jar.home}/servlet.jar"/> <property name="velocity.jar" value="${jar.home}/velocity.jar"/> + <property name="xalan-j2.jar" value="${jar.home}/xalan-j2.jar"/> + <property name="xerces-j2.jar" value="${jar.home}/xerces-j2.jar"/> <property name="cmsutil.jar" value="${pki-jar.home}/cmsutil.jar"/> <property name="nsutil.jar" value="${pki-jar.home}/nsutil.jar"/> @@ -40,6 +42,12 @@ <pathelement location="${symkey.jar}"/> <pathelement location="${velocity.jar}"/> </path> + <path id="javadoc_classpath"> + <path refid="classpath"/> + <pathelement location="${xalan-j2.jar}"/> + <pathelement location="${xerces-j2.jar}"/> + <pathelement location="./build/classes"/> + </path> <path id="test_classpath"> <pathelement location="${jar.home}/junit.jar"/> <pathelement location="${build.classes}"/> @@ -208,7 +216,7 @@ version="true" use="true" windowtitle="${ant.project.name}" - classpathref="classpath" + classpathref="javadoc_classpath" verbose="false"> <doctitle> <![CDATA[<h1>${ant.project.name}</h1>]]> diff --git a/pki/base/common/src/com/netscape/cms/logging/LogFile.java b/pki/base/common/src/com/netscape/cms/logging/LogFile.java index 024dfcd99..b5239a8fa 100644 --- a/pki/base/common/src/com/netscape/cms/logging/LogFile.java +++ b/pki/base/common/src/com/netscape/cms/logging/LogFile.java @@ -727,6 +727,14 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo { out.seek(out.length()); //XXX int or long? mBytesWritten = (int) out.length(); + if( !Utils.isNT() ) { + try { + Utils.exec( "chmod 00660 " + mFile.getCanonicalPath() ); + } catch( IOException e ) { + CMS.debug( "Unable to change file permissions on " + + mFile.toString() ); + } + } mLogWriter = new BufferedWriter( new FileWriter(out.getFD()), mBufferSize); diff --git a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java index 2abf55cdc..964225181 100644 --- a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java +++ b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java @@ -210,16 +210,57 @@ public class RollingLogFile extends LogFile { //File backupFile = new File(mFileName + "." + mFileNumber); File backupFile = new File(mFileName + "." + mLogFileDateFormat.format(mDate)); - // close, rename and reopen the log file + // close, backup, and reopen the log file zeroizing its contents super.close(); - mFile.renameTo(backupFile); - if( !Utils.isNT() ) { - try { - Utils.exec( "chmod 00660 " + backupFile.getCanonicalPath() ); - } catch( IOException e ) { - CMS.debug( "Unable to change file permissions on " + try { + if( Utils.isNT() ) { + // NT is very picky on the path + Utils.exec( "copy " + + mFile.getCanonicalPath().replace( '/', '\\' ) + + " " + + backupFile.getCanonicalPath().replace( '/', + '\\' ) ); + } else { + // Create a copy of the original file which + // preserves the original file permissions. + Utils.exec( "cp -p " + mFile.getCanonicalPath() + " " + + backupFile.getCanonicalPath() ); + } + + // Zeroize the original file if and only if + // the backup copy was successful. + if( backupFile.exists() ) { + + // Make certain that the backup file has + // the correct permissions. + if( !Utils.isNT() ) { + Utils.exec( "chmod 00660 " + backupFile.getCanonicalPath() ); + } + + try { + // Open and close the original file + // to zeroize its contents. + PrintWriter pw = new PrintWriter( mFile ); + pw.close(); + + // Make certain that the original file retains + // the correct permissions. + if( !Utils.isNT() ) { + Utils.exec( "chmod 00660 " + mFile.getCanonicalPath() ); + } + } catch ( FileNotFoundException e ) { + CMS.debug( "Unable to zeroize " + + mFile.toString() ); + } + } else { + CMS.debug( "Unable to backup " + + mFile.toString() + " to " + backupFile.toString() ); } + } catch( Exception e ) { + CMS.debug( "Unable to backup " + + mFile.toString() + " to " + + backupFile.toString() ); } super.open(); // will reset mBytesWritten mFileNumber++; diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java index 8b05f8849..21ce1e78e 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java @@ -183,11 +183,34 @@ public class AdminServlet extends HttpServlet { public void outputHttpParameters(HttpServletRequest httpReq) { - CMS.debug("AdminServlet:serice() uri = " + httpReq.getRequestURI()); + CMS.debug("AdminServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { String pn = (String)paramNames.nextElement(); - CMS.debug("CMSServlet::service() param name='" + pn + "' value='" + httpReq.getParameter(pn) + "'" ); + // added this facility so that password can be hidden, + // all sensitive parameters should be prefixed with + // __ (double underscores); however, in the event that + // a security parameter slips through, we perform multiple + // additional checks to insure that it is NOT displayed + if( pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd") ) { + CMS.debug("AdminServlet::service() param name='" + pn + + "' value='(sensitive)'" ); + } else { + CMS.debug("AdminServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'" ); + } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java index 72c441b5b..1f1daec25 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java @@ -403,13 +403,29 @@ public abstract class CMSServlet extends HttpServlet { Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { String pn = (String)paramNames.nextElement(); - // added this facility so that password can be hided, + // added this facility so that password can be hidden, // all sensitive parameters should be prefixed with - // __ (double underscores) - if (pn.startsWith("__")) { - CMS.debug("CMSServlet::service() param name='" + pn + "' value='(sensitive)'" ); + // __ (double underscores); however, in the event that + // a security parameter slips through, we perform multiple + // additional checks to insure that it is NOT displayed + if( pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd") ) { + CMS.debug("CMSServlet::service() param name='" + pn + + "' value='(sensitive)'" ); } else { - CMS.debug("CMSServlet::service() param name='" + pn + "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("CMSServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'" ); } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java index efb84e3fe..d28543a9c 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java @@ -26,6 +26,7 @@ import javax.servlet.*; import javax.servlet.http.*; import com.netscape.certsrv.apps.*; import com.netscape.certsrv.base.*; +import com.netscape.cmsutil.util.Utils; /** @@ -50,27 +51,33 @@ public class CMSStartServlet extends HttpServlet { } File f1 = new File(old_path); if (f1.exists()) { - boolean success = f1.renameTo(f); - if (!success) { - String cmds[] = new String[3]; - if (File.separator.equals("\\")) { - cmds[0] = "cmd"; - cmds[1] = "/c"; - cmds[2] = "copy "+ - f1.getAbsolutePath().replace('/', '\\') + " " + - f.getAbsolutePath().replace('/', '\\'); + // The following block of code moves "CMS.cfg" to "CS.cfg". + try { + if( Utils.isNT() ) { + // NT is very picky on the path + Utils.exec( "copy " + + f1.getAbsolutePath().replace( '/', '\\' ) + + " " + + f.getAbsolutePath().replace( '/', '\\' ) ); } else { - cmds[0] = "/bin/sh"; - cmds[1] = "-c"; - cmds[2] = "cp " + f1.getAbsolutePath() + " " + - f.getAbsolutePath(); + // Create a copy of the original file which + // preserves the original file permissions. + Utils.exec( "cp -p " + f1.getAbsolutePath() + " " + + f.getAbsolutePath() ); } - try { - Process process = Runtime.getRuntime().exec(cmds); - process.waitFor(); - } catch (Exception e) { + // Remove the original file if and only if + // the backup copy was successful. + if( f.exists() ) { + f1.delete(); + + // Make certain that the new file has + // the correct permissions. + if( !Utils.isNT() ) { + Utils.exec( "chmod 00660 " + f.getAbsolutePath() ); + } } + } catch (Exception e) { } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java index 69dc7910e..8b85cd5be 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java @@ -53,15 +53,35 @@ public class BaseServlet extends VelocityServlet { } public void outputHttpParameters(HttpServletRequest httpReq) { - CMS.debug("CMSServlet:serice() uri = " + httpReq.getRequestURI()); + CMS.debug("BaseServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { String pn = (String) paramNames.nextElement(); - - CMS.debug( - "CMSServlet::service() param name='" + pn + "' value='" - + httpReq.getParameter(pn) + "'"); + // added this facility so that password can be hidden, + // all sensitive parameters should be prefixed with + // __ (double underscores); however, in the event that + // a security parameter slips through, we perform multiple + // additional checks to insure that it is NOT displayed + if( pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd") ) { + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='(sensitive)'" ); + } else { + CMS.debug("BaseServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'" ); + } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java index 61a8a98a6..69e784356 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java @@ -53,15 +53,35 @@ public abstract class ConfigBaseServlet extends BaseServlet { Context context); public void outputHttpParameters(HttpServletRequest httpReq) { - CMS.debug("CMSServlet:serice() uri = " + httpReq.getRequestURI()); + CMS.debug("ConfigBaseServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { String pn = (String) paramNames.nextElement(); - - CMS.debug( - "CMSServlet::service() param name='" + pn + "' value='" - + httpReq.getParameter(pn) + "'"); + // added this facility so that password can be hidden, + // all sensitive parameters should be prefixed with + // __ (double underscores); however, in the event that + // a security parameter slips through, we perform multiple + // additional checks to insure that it is NOT displayed + if( pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd") ) { + CMS.debug("ConfigBaseServlet::service() param name='" + pn + + "' value='(sensitive)'" ); + } else { + CMS.debug("ConfigBaseServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'" ); + } } } diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java index aa0affaca..2fc7e5150 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java @@ -232,16 +232,38 @@ profile, IRequest req) { requestB64 = com.netscape.osutil.OSUtil.BtoA(reqbuf); if (CMS.debugOn()) { - CMS.debug("Start of Input Parameters"); + CMS.debug("Start of ProfileSubmitCMCServlet Input Parameters"); Enumeration paramNames = request.getParameterNames(); while (paramNames.hasMoreElements()) { String paramName = (String) paramNames.nextElement(); - - CMS.debug("Input Parameter " + paramName + "='" + - request.getParameter(paramName) + "'"); + // added this facility so that password can be hidden, + // all sensitive parameters should be prefixed with + // __ (double underscores); however, in the event that + // a security parameter slips through, we perform multiple + // additional checks to insure that it is NOT displayed + if( paramName.startsWith("__") || + paramName.endsWith("password") || + paramName.endsWith("passwd") || + paramName.endsWith("pwd") || + paramName.equalsIgnoreCase("admin_password_again") || + paramName.equalsIgnoreCase("bindpassword") || + paramName.equalsIgnoreCase("bindpwd") || + paramName.equalsIgnoreCase("passwd") || + paramName.equalsIgnoreCase("password") || + paramName.equalsIgnoreCase("pin") || + paramName.equalsIgnoreCase("pwd") || + paramName.equalsIgnoreCase("pwdagain") || + paramName.equalsIgnoreCase("uPasswd") ) { + CMS.debug("ProfileSubmitCMCServlet Input Parameter " + + paramName + "='(sensitive)'"); + } else { + CMS.debug("ProfileSubmitCMCServlet Input Parameter " + + paramName + "='" + + request.getParameter(paramName) + "'"); + } } - CMS.debug("End of Input Parameters"); + CMS.debug("End of ProfileSubmitCMCServlet Input Parameters"); } CMS.debug("ProfileSubmitServlet: start serving"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java index 995ca5e33..c8a2483d8 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java @@ -433,21 +433,40 @@ public class ProfileSubmitServlet extends ProfileServlet { Locale locale = getLocale(request); ArgSet args = new ArgSet(); -//xxx this ought to be removed. pwds are logged -/* if (CMS.debugOn()) { - CMS.debug("Start of Input Parameters"); + CMS.debug("Start of ProfileSubmitServlet Input Parameters"); Enumeration paramNames = request.getParameterNames(); while (paramNames.hasMoreElements()) { String paramName = (String) paramNames.nextElement(); - - CMS.debug("Input Parameter " + paramName + "='" + - request.getParameter(paramName) + "'"); + // added this facility so that password can be hidden, + // all sensitive parameters should be prefixed with + // __ (double underscores); however, in the event that + // a security parameter slips through, we perform multiple + // additional checks to insure that it is NOT displayed + if( paramName.startsWith("__") || + paramName.endsWith("password") || + paramName.endsWith("passwd") || + paramName.endsWith("pwd") || + paramName.equalsIgnoreCase("admin_password_again") || + paramName.equalsIgnoreCase("bindpassword") || + paramName.equalsIgnoreCase("bindpwd") || + paramName.equalsIgnoreCase("passwd") || + paramName.equalsIgnoreCase("password") || + paramName.equalsIgnoreCase("pin") || + paramName.equalsIgnoreCase("pwd") || + paramName.equalsIgnoreCase("pwdagain") || + paramName.equalsIgnoreCase("uPasswd") ) { + CMS.debug("ProfileSubmitServlet Input Parameter " + + paramName + "='(sensitive)'"); + } else { + CMS.debug("ProfileSubmitServlet Input Parameter " + + paramName + "='" + + request.getParameter(paramName) + "'"); + } } - CMS.debug("End of Input Parameters"); + CMS.debug("End of ProfileSubmitServlet Input Parameters"); } -*/ CMS.debug("ProfileSubmitServlet: start serving"); diff --git a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java index 8b2d9dfce..ec5a83e82 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java @@ -425,14 +425,33 @@ public class WizardServlet extends VelocityServlet { public void outputHttpParameters(HttpServletRequest httpReq) { - CMS.debug("WizardServlet:serice() uri = " + httpReq.getRequestURI()); + CMS.debug("WizardServlet:service() uri = " + httpReq.getRequestURI()); Enumeration paramNames = httpReq.getParameterNames(); while (paramNames.hasMoreElements()) { String pn = (String)paramNames.nextElement(); - if (pn.startsWith("__")) { - CMS.debug("CMSServlet::service() param name='" + pn + "' value='(sensitive)'" ); + // added this facility so that password can be hidden, + // all sensitive parameters should be prefixed with + // __ (double underscores); however, in the event that + // a security parameter slips through, we perform multiple + // additional checks to insure that it is NOT displayed + if( pn.startsWith("__") || + pn.endsWith("password") || + pn.endsWith("passwd") || + pn.endsWith("pwd") || + pn.equalsIgnoreCase("admin_password_again") || + pn.equalsIgnoreCase("bindpassword") || + pn.equalsIgnoreCase("bindpwd") || + pn.equalsIgnoreCase("passwd") || + pn.equalsIgnoreCase("password") || + pn.equalsIgnoreCase("pin") || + pn.equalsIgnoreCase("pwd") || + pn.equalsIgnoreCase("pwdagain") || + pn.equalsIgnoreCase("uPasswd") ) { + CMS.debug("WizardServlet::service() param name='" + pn + + "' value='(sensitive)'" ); } else { - CMS.debug("CMSServlet::service() param name='" + pn + "' value='" + httpReq.getParameter(pn) + "'" ); + CMS.debug("WizardServlet::service() param name='" + pn + + "' value='" + httpReq.getParameter(pn) + "'" ); } } } diff --git a/pki/base/common/src/com/netscape/cmscore/base/FileConfigStore.java b/pki/base/common/src/com/netscape/cmscore/base/FileConfigStore.java index 35e5f3e8c..e9cd48a57 100644 --- a/pki/base/common/src/com/netscape/cmscore/base/FileConfigStore.java +++ b/pki/base/common/src/com/netscape/cmscore/base/FileConfigStore.java @@ -22,6 +22,7 @@ import java.io.*; import java.util.*; import com.netscape.certsrv.base.*; import com.netscape.certsrv.apps.CMS; +import com.netscape.cmsutil.util.Utils; /** @@ -78,7 +79,8 @@ public class FileConfigStore extends PropConfigStore implements } /** - * The original config file is moved to <filename>.<date>. + * The original config file is copied to + * <filename>.<current_time_in_milliseconds>. * Commits the current properties to the configuration file. * <P> * @@ -89,12 +91,48 @@ public class FileConfigStore extends PropConfigStore implements File newName = new File(mFile.getPath() + "." + Long.toString(System.currentTimeMillis())); - if (!mFile.renameTo(newName)) { - throw new EBaseException("rename failed"); + try { + if( Utils.isNT() ) { + // NT is very picky on the path + Utils.exec( "copy " + + mFile.getAbsolutePath().replace( '/', '\\' ) + + " " + + newName.getAbsolutePath().replace( '/', + '\\' ) ); + } else { + // Create a copy of the original file which + // preserves the original file permissions. + Utils.exec( "cp -p " + mFile.getAbsolutePath() + " " + + newName.getAbsolutePath() ); + } + + // Proceed only if the backup copy was successful. + if( !newName.exists() ) { + throw new EBaseException( "backup copy failed" ); + } else { + // Make certain that the backup file has + // the correct permissions. + if( !Utils.isNT() ) { + Utils.exec( "chmod 00660 " + newName.getAbsolutePath() ); + } + } + } catch( EBaseException e ) { + throw new EBaseException( "backup copy failed" ); + } + } + + // Overwrite the contents of the original file + // to preserve the original file permissions. + save( mFile.getPath() ); + + try { + // Make certain that the original file retains + // the correct permissions. + if( !Utils.isNT() ) { + Utils.exec( "chmod 00660 " + mFile.getCanonicalPath() ); } + } catch( Exception e ) { } - // proceed only if the rename is successful - save(mFile.getPath()); } /** diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java b/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java index abba2dcec..234a425d7 100644 --- a/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java +++ b/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java @@ -35,6 +35,7 @@ import com.netscape.cmscore.base.*; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.logging.ILogger; +import com.netscape.cmsutil.util.Utils; /* @@ -384,20 +385,37 @@ public class PWsdrCache { File origFile = new File(mPWcachedb); try { - if (tmpPWcache.renameTo(origFile) == true) { - debug("operation completed for " + mPWcachedb); + if( Utils.isNT() ) { + // NT is very picky on the path + Utils.exec( "copy " + + tmpPWcache.getAbsolutePath().replace( '/', + '\\' ) + + " " + + origFile.getAbsolutePath().replace( '/', + '\\' ) ); } else { - if (isNT()) { - // NT is very picky on the path - exec("copy " + - tmpPWcache.getAbsolutePath().replace('/', '\\') + " " + - origFile.getAbsolutePath().replace('/', '\\')); - } else { - exec("cp " + tmpPWcache.getAbsolutePath() + " " + - origFile.getAbsolutePath()); + // Create a copy of the original file which + // preserves the original file permissions. + Utils.exec( "cp -p " + tmpPWcache.getAbsolutePath() + " " + + origFile.getAbsolutePath() ); + } + + // Remove the original file if and only if + // the backup copy was successful. + if( origFile.exists() ) { + if( !Utils.isNT() ) { + try { + Utils.exec( "chmod 00660 " + + origFile.getCanonicalPath() ); + } catch( IOException e ) { + CMS.debug( "Unable to change file permissions on " + + origFile.toString() ); + } } + tmpPWcache.delete(); + debug( "operation completed for " + mPWcachedb ); } - } catch (EBaseException exx) { + } catch (Exception exx) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_CACHE", exx.toString())); throw new EBaseException(exx.toString() + ": " + mPWcachedb); } diff --git a/pki/base/java-tools/build.xml b/pki/base/java-tools/build.xml index 79dba975c..cb2ac2d21 100644 --- a/pki/base/java-tools/build.xml +++ b/pki/base/java-tools/build.xml @@ -38,6 +38,10 @@ <pathelement location="${cms.jar}"/> <pathelement location="${certsrv.jar}"/> </path> + <path id="javadoc_classpath"> + <path refid="classpath"/> + <pathelement location="./build/classes"/> + </path> <target name="clean" @@ -149,7 +153,7 @@ version="true" use="true" windowtitle="${ant.project.name}" - classpathref="classpath" + classpathref="javadoc_classpath" verbose="false"> <doctitle> <![CDATA[<h1>${ant.project.name}</h1>]]> diff --git a/pki/base/java-tools/src/com/netscape/cmstools/PasswordCache.java b/pki/base/java-tools/src/com/netscape/cmstools/PasswordCache.java index 388fedcd8..2031337de 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/PasswordCache.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/PasswordCache.java @@ -612,28 +612,55 @@ class PWsdrCache { if (tmpPWcache.exists()) { // it wasn't removed? tmpPWcache.delete(); - tmpPWcache = new File(mPWcachedb + ".tmp"); } FileOutputStream outstream = new FileOutputStream(mPWcachedb + ".tmp"); outstream.write(writebuf); outstream.close(); + // Make certain that this temporary file has + // the correct permissions. + if( !isNT() ) { + exec( "chmod 00660 " + tmpPWcache.getAbsolutePath() ); + } + File origFile = new File(mPWcachedb); try { - if (tmpPWcache.renameTo(origFile) == true) { - debug("operation completed for " + mPWcachedb); + // Always remove any pre-existing target file + if( origFile.exists() ) { + origFile.delete(); + } + + if (isNT()) { + // NT is very picky on the path + exec("copy " + + tmpPWcache.getAbsolutePath().replace('/', '\\') + " " + + origFile.getAbsolutePath().replace('/', '\\')); } else { - if (isNT()) { - // NT is very picky on the path - exec("copy " + - tmpPWcache.getAbsolutePath().replace('/', '\\') + " " + - origFile.getAbsolutePath().replace('/', '\\')); - } else { - exec("cp " + tmpPWcache.getAbsolutePath() + " " + - origFile.getAbsolutePath()); + // Create a copy of the temporary file which + // preserves the temporary file's permissions. + exec("cp -p " + tmpPWcache.getAbsolutePath() + " " + + origFile.getAbsolutePath()); + } + + // Remove the temporary file if and only if + // the "rename" was successful. + if( origFile.exists() ) { + tmpPWcache.delete(); + + // Make certain that the final file has + // the correct permissions. + if( !isNT() ) { + exec( "chmod 00660 " + origFile.getAbsolutePath() ); } + + // report success + debug( "Renaming operation completed for " + mPWcachedb ); + } else { + // report failure and exit + debug( "Renaming operation failed for " + mPWcachedb ); + System.exit(1); } } catch (IOException exx) { System.out.println("sdrPWcache: Error " + exx.toString()); diff --git a/pki/base/ra/etc/init.d/httpd b/pki/base/ra/etc/init.d/httpd index 7f675216d..171a15ccc 100755 --- a/pki/base/ra/etc/init.d/httpd +++ b/pki/base/ra/etc/init.d/httpd @@ -27,6 +27,9 @@ # config: [HTTPD_CONF] # pidfile: [SERVER_ROOT]/logs/[INSTANCE_ID].pid +# Disallow 'others' the ability to 'write' to new files +umask 00002 + # Check to insure that this script's original invocation directory # has not been deleted! CWD=`/bin/pwd > /dev/null 2>&1` @@ -287,6 +290,14 @@ start() { echo -n "https://[SERVER_NAME]:$SECURE_PORT" echo echo + + # Set permissions of log files + pki_logs_directory=`dirname ${pidfile}` + for file in ${pki_logs_directory}; do + if [ "${file}" != "${pidfile}" ]; then + chmod -R 00660 ${file} + fi + done else if [ -x /etc/init.d/functions ]; then echo_failure > /etc/rhgb/temp/rhgb-console diff --git a/pki/base/ra/lib/perl/PKI/RA/CertRequestPanel.pm b/pki/base/ra/lib/perl/PKI/RA/CertRequestPanel.pm index 63e57c4fa..ab58610ec 100755 --- a/pki/base/ra/lib/perl/PKI/RA/CertRequestPanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/CertRequestPanel.pm @@ -100,6 +100,7 @@ sub update my $token_pwd = $::pwdconf->get($tokenname); $token_pwd =~ s/\n//g; open FILE, ">$instanceDir/conf/.pwfile"; + system( "chmod 00660 $instanceDir/conf/.pwfile" ); print FILE $token_pwd; close FILE; diff --git a/pki/base/ra/lib/perl/PKI/RA/Config.pm b/pki/base/ra/lib/perl/PKI/RA/Config.pm index 317b9d91a..6dab970bd 100755 --- a/pki/base/ra/lib/perl/PKI/RA/Config.pm +++ b/pki/base/ra/lib/perl/PKI/RA/Config.pm @@ -104,10 +104,14 @@ sub commit my $suffix = time(); if (-e $self->{filename}) { - system("mv \"" . $self->{filename} . "\" \"" . + # Create a copy of the original file which + # preserves the original file permissions + system("cp -p \"" . $self->{filename} . "\" \"" . $self->{filename} . "." . $suffix . "\""); } + # Overwrite the contents of the original file + # to preserve the original file permissions open(F, ">" . $self->{filename}); foreach my $k (sort keys %{$hash}) { print F "$k=$self->{hash}{$k}\n"; @@ -127,9 +131,13 @@ sub commit_with_backup # print $self->{filename} . "\n"; my $hash = $self->{hash}; my $suffix = time(); - system("mv \"" . $self->{filename} . "\" \"" . + # Create a copy of the original file which + # preserves the original file permissions + system("cp -p \"" . $self->{filename} . "\" \"" . $self->{filename} . "." . $suffix . "\""); + # Overwrite the contents of the original file + # to preserve the original file permissions open(F, ">" . $self->{filename}); foreach my $k (sort keys %{$hash}) { print F "$k=$self->{hash}{$k}\n"; diff --git a/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm b/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm index 3e8b02f1a..b44f9db89 100755 --- a/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm @@ -117,6 +117,7 @@ sub register_ra my $token_pwd = $::pwdconf->get($tokenname); open FILE, ">$instDir/conf/.pwfile"; + system( "chmod 00660 $instDir/conf/.pwfile" ); $token_pwd =~ s/\n//g; print FILE $token_pwd; close FILE; @@ -300,6 +301,7 @@ sub display # update nss.conf open(TMP_NSS_CONF, ">$instDir/conf/nss.conf.tmp"); + system( "chmod 00660 $instDir/conf/nss.conf.tmp" ); open(NSS_CONF, "<$instDir/conf/nss.conf"); while (<NSS_CONF>) { if (/NSSVerifyClient none/) { @@ -315,7 +317,14 @@ sub display close(NSS_CONF); close(TMP_NSS_CONF); - system("mv $instDir/conf/nss.conf.tmp $instDir/conf/nss.conf"); + # Create a copy of the original file which + # preserves the original file permissions + system( "cp -p $instDir/conf/nss.conf.tmp $instDir/conf/nss.conf" ); + + # Remove the original file only if the backup copy was successful + if( -e "$instDir/conf/nss.conf" ) { + system( "rm $instDir/conf/nss.conf.tmp" ); + } &PKI::RA::Wizard::debug_log("DonePanel: Connecting to Security Domain"); diff --git a/pki/base/ra/lib/perl/PKI/RA/Login.pm b/pki/base/ra/lib/perl/PKI/RA/Login.pm index 0eab829cd..250b278be 100755 --- a/pki/base/ra/lib/perl/PKI/RA/Login.pm +++ b/pki/base/ra/lib/perl/PKI/RA/Login.pm @@ -102,6 +102,9 @@ $config->load_file("$pkiroot/conf/CS.cfg"); # read password cache file my $pwdconf = PKI::RA::Config->new(); $pwdconf->load_file("$pkiroot/conf/pwcache.conf"); +if( -e "$pkiroot/conf/pwcache.conf" ) { + system( "chmod 00660 $pkiroot/conf/pwcache.conf" ); +} # create cfg debug log open(DEBUG, ">>" . $config->get("service.instanceDir") . @@ -231,7 +234,10 @@ sub render_panel # fill in variables for new panel if ($currentpanel->{panelvars}) { $Data::Dumper::Indent = 1; - &debug_log("q=".Dumper($q)); + # The '&debug_log("q=".Dumper($q));' call must be commented out to fix + # Bugzilla Bug #249923: Incorrect file permissions on + # various files and/or directories + # &debug_log("q=".Dumper($q)); $currentpanel->{panelvars}($q); } @@ -290,10 +296,10 @@ sub handler { my $q = new CGI; # check cookie - my $pin = $q->param('pin'); + my $pin = $q->param('__pin'); if (defined($pin)) { my $cookie = $q->cookie( - -name=>'pin', + -name=>'__pin', -value=> $pin, -expires=>'+1y', -path=>'/'); @@ -305,7 +311,24 @@ sub handler { &debug_log("RA wizard: uri='" . $ENV{REQUEST_URI} . "'"); my @pnames = $q->param(); foreach $pn (@pnames) { - if ($pn =~ /^__/) { + # added this facility so that password can be hidden, + # all sensitive parameters should be prefixed with + # __ (double underscores); however, in the event that + # a security parameter slips through, we perform multiple + # additional checks to insure that it is NOT displayed + if( $pn =~ /^__/ || + $pn =~ /password$/ || + $pn =~ /passwd$/ || + $pn =~ /pwd$/ || + $pn =~ /admin_password_again/i || + $pn =~ /bindpassword/i || + $pn =~ /bindpwd/i || + $pn =~ /passwd/i || + $pn =~ /password/i || + $pn =~ /pin/i || + $pn =~ /pwd/i || + $pn =~ /pwdagain/i || + $pn =~ /uPasswd/i ) { &debug_log("RA wizard: http parameter name='" . $pn . "' value='(sensitive)'"); } else { &debug_log("RA wizard: http parameter name='" . $pn . "' value='" . $q->param($pn) . "'"); diff --git a/pki/base/ra/lib/perl/PKI/RA/NamePanel.pm b/pki/base/ra/lib/perl/PKI/RA/NamePanel.pm index 326db2dd5..0a67dc213 100755 --- a/pki/base/ra/lib/perl/PKI/RA/NamePanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/NamePanel.pm @@ -151,6 +151,7 @@ sub update my $token_pwd = $::pwdconf->get($tokenname); &PKI::RA::Wizard::debug_log("NamePanel: creating pwfile"); open FILE, ">$instanceDir/conf/.pwfile"; + system( "chmod 00660 $instanceDir/conf/.pwfile" ); $token_pwd =~ s/\n//g; print FILE $token_pwd; close FILE; @@ -188,6 +189,7 @@ sub update &PKI::RA::Wizard::debug_log("NamePanel: update got key type $keytype"); my $req; + my $debug_req; my $filename = "/tmp/random.$$"; `dd if\=/dev/urandom of\=\"$filename\" count\=256 bs\=1`; if ($keytype eq "rsa") { @@ -286,14 +288,14 @@ GEN_CERT: } if ($changed eq "true") { $req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port"; +$debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sensitive)\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port"; } else { $req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port"; +$debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sensitive)\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port"; } - &PKI::RA::Wizard::debug_log("req = " . $req); - system("$req > $tmpfile"); - my $content = `cat $tmpfile`; - system("rm $tmpfile"); + &PKI::RA::Wizard::debug_log("debug_req = " . $debug_req); + my $content = `$req`; &PKI::RA::Wizard::debug_log("content = " . $content); $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; diff --git a/pki/base/ra/lib/perl/PKI/RA/ReqCertInfo.pm b/pki/base/ra/lib/perl/PKI/RA/ReqCertInfo.pm index c752d6a48..75fba5c42 100755 --- a/pki/base/ra/lib/perl/PKI/RA/ReqCertInfo.pm +++ b/pki/base/ra/lib/perl/PKI/RA/ReqCertInfo.pm @@ -157,6 +157,7 @@ sub get_cert_pp my $token_pwd = $::pwdconf->get($tokenname); open FILE, ">$instanceDir/conf/.pwfile"; + system( "chmod 00660 $instanceDir/conf/.pwfile" ); $token_pwd =~ s/\n//g; print FILE $token_pwd; close FILE; diff --git a/pki/base/ra/lib/perl/PKI/RA/wizard.pm b/pki/base/ra/lib/perl/PKI/RA/wizard.pm index c17143ce0..f7d87223a 100755 --- a/pki/base/ra/lib/perl/PKI/RA/wizard.pm +++ b/pki/base/ra/lib/perl/PKI/RA/wizard.pm @@ -99,6 +99,9 @@ $config->load_file("$pkiroot/conf/CS.cfg"); # read password cache file my $pwdconf = PKI::RA::Config->new(); $pwdconf->load_file("$pkiroot/conf/pwcache.conf"); +if( -e "$pkiroot/conf/pwcache.conf" ) { + system( "chmod 00660 $pkiroot/conf/pwcache.conf" ); +} # create cfg debug log my $logfile = $config->get("service.instanceDir") . "/logs/debug"; @@ -260,7 +263,10 @@ sub render_panel # fill in variables for new panel if ($currentpanel->{panelvars}) { $Data::Dumper::Indent = 1; - &debug_log("q=".Dumper($q)); + # The '&debug_log("q=".Dumper($q));' call must be commented out to fix + # Bugzilla Bug #249923: Incorrect file permissions on + # various files and/or directories + # &debug_log("q=".Dumper($q)); $currentpanel->{panelvars}($q); } @@ -317,7 +323,7 @@ sub handler { my $q = new CGI; # check cookie - my $cookie = $q->cookie('pin'); + my $cookie = $q->cookie('__pin'); my $pin = $::config->get("preop.pin"); if ($cookie ne $pin) { print $q->redirect("login"); @@ -328,7 +334,24 @@ sub handler { &debug_log("RA wizard: uri='" . $ENV{REQUEST_URI} . "'"); my @pnames = $q->param(); foreach $pn (@pnames) { - if ($pn =~ /^__/) { + # added this facility so that password can be hidden, + # all sensitive parameters should be prefixed with + # __ (double underscores); however, in the event that + # a security parameter slips through, we perform multiple + # additional checks to insure that it is NOT displayed + if( $pn =~ /^__/ || + $pn =~ /password$/ || + $pn =~ /passwd$/ || + $pn =~ /pwd$/ || + $pn =~ /admin_password_again/i || + $pn =~ /bindpassword/i || + $pn =~ /bindpwd/i || + $pn =~ /passwd/i || + $pn =~ /password/i || + $pn =~ /pin/i || + $pn =~ /pwd/i || + $pn =~ /pwdagain/i || + $pn =~ /uPasswd/i ) { &debug_log("RA wizard: http parameter name='" . $pn . "' value='(sensitive)'"); } else { &debug_log("RA wizard: http parameter name='" . $pn . "' value='" . $q->param($pn) . "'"); diff --git a/pki/base/setup/pkicreate b/pki/base/setup/pkicreate index df0dfb2f4..3313d9f6f 100755 --- a/pki/base/setup/pkicreate +++ b/pki/base/setup/pkicreate @@ -30,7 +30,7 @@ # -pki_instance_name=pki-ca1 # -subsystem_type=ca # -secure_port=9543 || -agent_secure_port=9543 -# -ee_secure_port=9544 +# -ee_secure_port=9544 # -admin_secure_port=9545 # -unsecure_port=9580 # -tomcat_server_port=9801 @@ -278,15 +278,16 @@ my $velocity_prop_base_name = "velocity.properties"; # CA, KRA, OCSP, TKS my $web_xml_base_name = "web.xml"; # CA, KRA, OCSP, TKS # Subdirectory names -my $initd_base_subsystem_dir = "init.d"; # CA, KRA, OCSP, TKS, RA, TPS -my $perl_base_instance_symlink = "perl"; # RA, TPS -my $perl_base_subsystem_dir = "perl"; # RA, TPS -my $webapps_root_base_instance_dir = "ROOT"; # CA, KRA, OCSP, TKS -my $webapps_root_base_subsystem_dir = "ROOT"; # CA, KRA, OCSP, TKS -my $webinf_base_instance_dir = "WEB-INF"; # CA, KRA, OCSP, TKS -my $agent_base_ui_instance_dir = "agent"; # CA, KRA, OCSP, TKS -my $ee_base_ui_instance_dir = "ee"; # CA, KRA, OCSP, TKS -my $admin_base_ui_instance_dir = "admin"; # CA, KRA, OCSP, TKS +my $initd_base_subsystem_dir = "init.d"; # CA, KRA, OCSP, TKS, RA, TPS +my $perl_base_instance_symlink = "perl"; # RA, TPS +my $perl_base_subsystem_dir = "perl"; # RA, TPS +my $signed_audit_base_instance_dir = "signedAudit"; # CA, KRA, OCSP, TKS +my $webapps_root_base_instance_dir = "ROOT"; # CA, KRA, OCSP, TKS +my $webapps_root_base_subsystem_dir = "ROOT"; # CA, KRA, OCSP, TKS +my $webinf_base_instance_dir = "WEB-INF"; # CA, KRA, OCSP, TKS +my $agent_base_ui_instance_dir = "agent"; # CA, KRA, OCSP, TKS +my $ee_base_ui_instance_dir = "ee"; # CA, KRA, OCSP, TKS +my $admin_base_ui_instance_dir = "admin"; # CA, KRA, OCSP, TKS # Defaults my $default_apache_pids_path = "/var/run"; @@ -1748,6 +1749,21 @@ sub process_pki_directories() emit( "Failed to copy directory $logs_subsystem_path to $logs_instance_path ...\n" ); return 0; } + + ## (CA, KRA, OCSP, TKS instances) + if( ( $subsystem_type ne $RA ) && + ( $subsystem_type ne $TPS ) ) { + ## Create a "signedAudit" directory + $result = create_directory( "$logs_instance_path/$signed_audit_base_instance_dir" ); + if( !$result ) { + emit( "Failed to create directory $logs_instance_path/$signed_audit_base_instance_dir ...\n" ); + return 0; + } + + ## Fix permissions of "signedAudit" directory + chmod( $default_dir_permissions, + "$logs_instance_path/$signed_audit_base_instance_dir" ); + } } else { # Populate optionally redirected instance directory path # and setup a symlink in the standard area @@ -1758,6 +1774,21 @@ sub process_pki_directories() return 0; } + ## (CA, KRA, OCSP, TKS instances) + if( ( $subsystem_type ne $RA ) && + ( $subsystem_type ne $TPS ) ) { + ## Create a "signedAudit" directory + $result = create_directory( "$redirected_logs_path/$signed_audit_base_instance_dir" ); + if( !$result ) { + emit( "Failed to create directory $redirected_logs_path/$signed_audit_base_instance_dir ...\n" ); + return 0; + } + + ## Fix permissions of "signedAudit" directory + chmod( $default_dir_permissions, + "$redirected_logs_path/$signed_audit_base_instance_dir" ); + } + push( @installed_stray_directories, $redirected_logs_path ); @@ -2091,7 +2122,16 @@ sub process_file_template # process each line substituting each [KEY] # with its corresponding slot hash value while( my( $key, $value ) = each( %$l_slot_hash ) ) { - emit( " replacing: $key with: $value\n" ); + if( $key eq $PKI_CERT_DB_PASSWORD_SLOT ) { + # Although this is nothing more than a random number + # used for initialization, for consistency, as with ALL + # other password/pin values (with one notable EXCEPTION), + # the word "(sensitive)" is printed out rather than the + # contents of "$value". + emit( " replacing: $key with: (sensitive)\n" ); + } else { + emit( " replacing: $key with: $value\n" ); + } $buff =~ s/\[$key\]/$value/g; } @@ -2221,7 +2261,7 @@ LoadModule nss_module /opt/fortitude/modules.local/libmodnss.so $slot_hash{$PKI_CLOSE_SEPARATE_PORTS_COMMENT_WEB_SLOT} = ""; } - $slot_hash{$PKI_WEBAPPS_NAME} = $webapps_base_subsystem_dir; + $slot_hash{$PKI_WEBAPPS_NAME} = $webapps_base_subsystem_dir; $slot_hash{$PKI_USER_SLOT} = $pki_user; $slot_hash{$TOMCAT_SERVER_PORT_SLOT} = $tomcat_server_port; $slot_hash{$PKI_FLAVOR_SLOT} = $pki_flavor; @@ -2241,6 +2281,18 @@ LoadModule nss_module /opt/fortitude/modules.local/libmodnss.so return 0; } + # fix ownership for "CS.cfg" + $result = give_file_to( $pki_cfg_instance_file_path, + $pki_user, + $pki_group ); + if( !$result ) { + emit( "Can't change ownership of $pki_cfg_instance_file_path.\n", + "error" ); + return 0; + } + + chmod( $default_file_permissions, + $pki_cfg_instance_file_path ); # process "httpd" template # @@ -2384,6 +2436,17 @@ LoadModule nss_module /opt/fortitude/modules.local/libmodnss.so return 0; } + # fix ownership for httpd.conf + $result = give_file_to( $httpd_conf_instance_file_path, + $pki_user, + $pki_group ); + if( !$result ) { + emit( "Can't change ownership of " + . "$httpd_conf_instance_file_path.\n", + "error" ); + return 0; + } + chmod( $default_file_permissions, $httpd_conf_instance_file_path ); @@ -2419,6 +2482,17 @@ LoadModule nss_module /opt/fortitude/modules.local/libmodnss.so return 0; } + # fix ownership for perl.conf + $result = give_file_to( $perl_conf_instance_file_path, + $pki_user, + $pki_group ); + if( !$result ) { + emit( "Can't change ownership of " + . "$perl_conf_instance_file_path.\n", + "error" ); + return 0; + } + chmod( $default_file_permissions, $perl_conf_instance_file_path ); @@ -3571,6 +3645,10 @@ ASK_AGAIN: . "start | stop | restart\n", "log" ); + # EXCEPTION: To enable a user to easily configure their PKI subsystem, + # this is the ONLY instance in which we print out the actual + # value of the the one-time random PIN, as well as store this + # message at the end of the initialization log. if( $ee_secure_port > 0 ) { print( STDOUT "Please start the configuration by accessing:\n" diff --git a/pki/base/tps/Makefile.in b/pki/base/tps/Makefile.in index 89ee71dea..5685087d2 100644 --- a/pki/base/tps/Makefile.in +++ b/pki/base/tps/Makefile.in @@ -3565,6 +3565,7 @@ uninstall-cgibin_sowDATA: done install-confDATA: $(conf_DATA) @$(NORMAL_INSTALL) + chmod 00660 "$(srcdir)/doc/CS.cfg" test -z "$(confdir)" || $(mkdir_p) "$(DESTDIR)$(confdir)" @list='$(conf_DATA)'; for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ @@ -3572,6 +3573,7 @@ install-confDATA: $(conf_DATA) echo " $(confDATA_INSTALL) '$$d$$p' '$(DESTDIR)$(confdir)/$$f'"; \ $(confDATA_INSTALL) "$$d$$p" "$(DESTDIR)$(confdir)/$$f"; \ done + chmod 00660 "$(DESTDIR)/$(confdir)/CS.cfg" uninstall-confDATA: @$(NORMAL_UNINSTALL) diff --git a/pki/base/tps/etc/init.d/httpd b/pki/base/tps/etc/init.d/httpd index 24936fd0c..7204d9c16 100755 --- a/pki/base/tps/etc/init.d/httpd +++ b/pki/base/tps/etc/init.d/httpd @@ -30,6 +30,9 @@ # config: [HTTPD_CONF] # pidfile: [SERVER_ROOT]/logs/[INSTANCE_ID].pid +# Disallow 'others' the ability to 'write' to new files +umask 00002 + # Check to insure that this script's original invocation directory # has not been deleted! CWD=`/bin/pwd > /dev/null 2>&1` @@ -286,6 +289,14 @@ start() { echo -n "https://[SERVER_NAME]:$SECURE_PORT" echo echo + + # Set permissions of log files + pki_logs_directory=`dirname ${pidfile}` + for file in ${pki_logs_directory}; do + if [ "${file}" != "${pidfile}" ]; then + chmod -R 00660 ${file} + fi + done else if [ -x /etc/init.d/functions ]; then echo_failure > /etc/rhgb/temp/rhgb-console diff --git a/pki/base/tps/lib/perl/PKI/TPS/CertRequestPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/CertRequestPanel.pm index 0ce493496..156c0d0ab 100755 --- a/pki/base/tps/lib/perl/PKI/TPS/CertRequestPanel.pm +++ b/pki/base/tps/lib/perl/PKI/TPS/CertRequestPanel.pm @@ -99,6 +99,7 @@ sub update my $token_pwd = $::pwdconf->get($tokenname); $token_pwd =~ s/\n//g; open FILE, ">$instanceDir/conf/.pwfile"; + system( "chmod 00660 $instanceDir/conf/.pwfile" ); print FILE $token_pwd; close FILE; diff --git a/pki/base/tps/lib/perl/PKI/TPS/Config.pm b/pki/base/tps/lib/perl/PKI/TPS/Config.pm index c6cce70fd..9972660e9 100755 --- a/pki/base/tps/lib/perl/PKI/TPS/Config.pm +++ b/pki/base/tps/lib/perl/PKI/TPS/Config.pm @@ -103,10 +103,14 @@ sub commit my $suffix = time(); if (-e $self->{filename}) { - system("mv \"" . $self->{filename} . "\" \"" . + # Create a copy of the original file which + # preserves the original file permissions + system("cp -p \"" . $self->{filename} . "\" \"" . $self->{filename} . "." . $suffix . "\""); } + # Overwrite the contents of the original file + # to preserve the original file permissions open(F, ">" . $self->{filename}); foreach my $k (sort keys %{$hash}) { print F "$k=$self->{hash}{$k}\n"; @@ -126,9 +130,13 @@ sub commit_with_backup # print $self->{filename} . "\n"; my $hash = $self->{hash}; my $suffix = time(); - system("mv \"" . $self->{filename} . "\" \"" . + # Create a copy of the original file which + # preserves the original file permissions + system("cp -p \"" . $self->{filename} . "\" \"" . $self->{filename} . "." . $suffix . "\""); + # Overwrite the contents of the original file + # to preserve the original file permissions open(F, ">" . $self->{filename}); foreach my $k (sort keys %{$hash}) { print F "$k=$self->{hash}{$k}\n"; diff --git a/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm index 1f5b1a4d5..677ae3cd4 100755 --- a/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm +++ b/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm @@ -116,6 +116,7 @@ sub register_tps my $token_pwd = $::pwdconf->get($tokenname); open FILE, ">$instDir/conf/.pwfile"; + system( "chmod 00660 $instDir/conf/.pwfile" ); $token_pwd =~ s/\n//g; print FILE $token_pwd; close FILE; @@ -312,6 +313,7 @@ sub display # update nss.conf open(TMP_NSS_CONF, ">$instDir/conf/nss.conf.tmp"); + system( "chmod 00660 $instDir/conf/nss.conf.tmp" ); open(NSS_CONF, "<$instDir/conf/nss.conf"); while (<NSS_CONF>) { if (/NSSVerifyClient none/) { @@ -327,7 +329,14 @@ sub display close(NSS_CONF); close(TMP_NSS_CONF); - system("mv $instDir/conf/nss.conf.tmp $instDir/conf/nss.conf"); + # Create a copy of the original file which + # preserves the original file permissions + system( "cp -p $instDir/conf/nss.conf.tmp $instDir/conf/nss.conf" ); + + # Remove the original file only if the backup copy was successful + if( -e "$instDir/conf/nss.conf" ) { + system( "rm $instDir/conf/nss.conf.tmp" ); + } &PKI::TPS::Wizard::debug_log("DonePanel: Connecting to Security Domain"); diff --git a/pki/base/tps/lib/perl/PKI/TPS/Login.pm b/pki/base/tps/lib/perl/PKI/TPS/Login.pm index 22809a022..7a8fd817a 100755 --- a/pki/base/tps/lib/perl/PKI/TPS/Login.pm +++ b/pki/base/tps/lib/perl/PKI/TPS/Login.pm @@ -101,6 +101,9 @@ $config->load_file("$pkiroot/conf/CS.cfg"); # read password cache file my $pwdconf = PKI::TPS::Config->new(); $pwdconf->load_file("$pkiroot/conf/pwcache.conf"); +if( -e "$pkiroot/conf/pwcache.conf" ) { + system( "chmod 00660 $pkiroot/conf/pwcache.conf" ); +} # create cfg debug log open(DEBUG, ">>" . $config->get("service.instanceDir") . @@ -230,7 +233,10 @@ sub render_panel # fill in variables for new panel if ($currentpanel->{panelvars}) { $Data::Dumper::Indent = 1; - &debug_log("q=".Dumper($q)); + # The '&debug_log("q=".Dumper($q));' call must be commented out to fix + # Bugzilla Bug #249923: Incorrect file permissions on + # various files and/or directories + # &debug_log("q=".Dumper($q)); $currentpanel->{panelvars}($q); } @@ -289,10 +295,10 @@ sub handler { my $q = new CGI; # check cookie - my $pin = $q->param('pin'); + my $pin = $q->param('__pin'); if (defined($pin)) { my $cookie = $q->cookie( - -name=>'pin', + -name=>'__pin', -value=> $pin, -expires=>'+1y', -path=>'/'); @@ -304,7 +310,24 @@ sub handler { &debug_log("TPS wizard: uri='" . $ENV{REQUEST_URI} . "'"); my @pnames = $q->param(); foreach $pn (@pnames) { - if ($pn =~ /^__/) { + # added this facility so that password can be hidden, + # all sensitive parameters should be prefixed with + # __ (double underscores); however, in the event that + # a security parameter slips through, we perform multiple + # additional checks to insure that it is NOT displayed + if( $pn =~ /^__/ || + $pn =~ /password$/ || + $pn =~ /passwd$/ || + $pn =~ /pwd$/ || + $pn =~ /admin_password_again/i || + $pn =~ /bindpassword/i || + $pn =~ /bindpwd/i || + $pn =~ /passwd/i || + $pn =~ /password/i || + $pn =~ /pin/i || + $pn =~ /pwd/i || + $pn =~ /pwdagain/i || + $pn =~ /uPasswd/i ) { &debug_log("TPS wizard: http parameter name='" . $pn . "' value='(sensitive)'"); } else { &debug_log("TPS wizard: http parameter name='" . $pn . "' value='" . $q->param($pn) . "'"); diff --git a/pki/base/tps/lib/perl/PKI/TPS/NamePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/NamePanel.pm index 8ac588bfd..21ef98a4a 100755 --- a/pki/base/tps/lib/perl/PKI/TPS/NamePanel.pm +++ b/pki/base/tps/lib/perl/PKI/TPS/NamePanel.pm @@ -150,6 +150,7 @@ sub update my $token_pwd = $::pwdconf->get($tokenname); &PKI::TPS::Wizard::debug_log("NamePanel: creating pwfile"); open FILE, ">$instanceDir/conf/.pwfile"; + system( "chmod 00660 $instanceDir/conf/.pwfile" ); $token_pwd =~ s/\n//g; print FILE $token_pwd; close FILE; @@ -187,6 +188,7 @@ sub update &PKI::TPS::Wizard::debug_log("NamePanel: update got key type $keytype"); my $req; + my $debug_req; my $filename = "/tmp/random.$$"; `dd if\=/dev/urandom of\=\"$filename\" count\=256 bs\=1`; if ($keytype eq "rsa") { @@ -285,14 +287,14 @@ GEN_CERT: } if ($changed eq "true") { $req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port"; +$debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sensitive)\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port"; } else { $req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port"; +$debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sensitive)\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port"; } - &PKI::TPS::Wizard::debug_log("req = " . $req); - system("$req > $tmpfile"); - my $content = `cat $tmpfile`; - system("rm $tmpfile"); + &PKI::TPS::Wizard::debug_log("debug_req = " . $debug_req); + my $content = `$req`; &PKI::TPS::Wizard::debug_log("content = " . $content); $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; diff --git a/pki/base/tps/lib/perl/PKI/TPS/ReqCertInfo.pm b/pki/base/tps/lib/perl/PKI/TPS/ReqCertInfo.pm index 100962465..c96609d23 100755 --- a/pki/base/tps/lib/perl/PKI/TPS/ReqCertInfo.pm +++ b/pki/base/tps/lib/perl/PKI/TPS/ReqCertInfo.pm @@ -156,6 +156,7 @@ sub get_cert_pp my $token_pwd = $::pwdconf->get($tokenname); open FILE, ">$instanceDir/conf/.pwfile"; + system( "chmod 00660 $instanceDir/conf/.pwfile" ); $token_pwd =~ s/\n//g; print FILE $token_pwd; close FILE; diff --git a/pki/base/tps/lib/perl/PKI/TPS/wizard.pm b/pki/base/tps/lib/perl/PKI/TPS/wizard.pm index 075893da2..1dc27b0d5 100755 --- a/pki/base/tps/lib/perl/PKI/TPS/wizard.pm +++ b/pki/base/tps/lib/perl/PKI/TPS/wizard.pm @@ -100,10 +100,15 @@ $config->load_file("$pkiroot/conf/CS.cfg"); # read password cache file my $pwdconf = PKI::TPS::Config->new(); $pwdconf->load_file("$pkiroot/conf/pwcache.conf"); +if( -e "$pkiroot/conf/pwcache.conf" ) { + system( "chmod 00660 $pkiroot/conf/pwcache.conf" ); +} # create cfg debug log -open(DEBUG, ">>" . $config->get("service.instanceDir") . - "/logs/debug"); +my $logfile = $config->get("service.instanceDir") . "/logs/debug"; +system( "touch $logfile" ); +system( "chmod 00660 $logfile" ); +open(DEBUG, ">>" . $logfile); # apache server @@ -263,7 +268,10 @@ sub render_panel # fill in variables for new panel if ($currentpanel->{panelvars}) { $Data::Dumper::Indent = 1; - &debug_log("q=".Dumper($q)); + # The '&debug_log("q=".Dumper($q));' call must be commented out to fix + # Bugzilla Bug #249923: Incorrect file permissions on + # various files and/or directories + # &debug_log("q=".Dumper($q)); $currentpanel->{panelvars}($q); } @@ -323,7 +331,7 @@ sub handler { my $q = new CGI; # check cookie - my $cookie = $q->cookie('pin'); + my $cookie = $q->cookie('__pin'); my $pin = $::config->get("preop.pin"); if ($cookie ne $pin) { print $q->redirect("login"); @@ -334,7 +342,24 @@ sub handler { &debug_log("TPS wizard: uri='" . $ENV{REQUEST_URI} . "'"); my @pnames = $q->param(); foreach $pn (@pnames) { - if ($pn =~ /^__/) { + # added this facility so that password can be hidden, + # all sensitive parameters should be prefixed with + # __ (double underscores); however, in the event that + # a security parameter slips through, we perform multiple + # additional checks to insure that it is NOT displayed + if( $pn =~ /^__/ || + $pn =~ /password$/ || + $pn =~ /passwd$/ || + $pn =~ /pwd$/ || + $pn =~ /admin_password_again/i || + $pn =~ /bindpassword/i || + $pn =~ /bindpwd/i || + $pn =~ /passwd/i || + $pn =~ /password/i || + $pn =~ /pin/i || + $pn =~ /pwd/i || + $pn =~ /pwdagain/i || + $pn =~ /uPasswd/i ) { &debug_log("TPS wizard: http parameter name='" . $pn . "' value='(sensitive)'"); } else { &debug_log("TPS wizard: http parameter name='" . $pn . "' value='" . $q->param($pn) . "'"); diff --git a/pki/base/tps/setup/create.pl b/pki/base/tps/setup/create.pl index 54c23be9c..931260d03 100755 --- a/pki/base/tps/setup/create.pl +++ b/pki/base/tps/setup/create.pl @@ -734,6 +734,7 @@ sub PopulateTPSTemplates { &CopyTemplate("$tpsDir/config/CS.cfg", "$serverRoot/$instanceID/config/CS.cfg"); + chmod(00660, "$serverRoot/$instanceID/config/CS.cfg"); print "Creating $serverRoot/cgi-bin ...\n"; mkdir ("$serverRoot/cgi-bin", 0755); diff --git a/pki/base/util/build.xml b/pki/base/util/build.xml index 315f99d23..eb144df13 100644 --- a/pki/base/util/build.xml +++ b/pki/base/util/build.xml @@ -24,6 +24,7 @@ <property name="jss.jar" value="${jss.home}/jss4.jar"/> <property name="osutil.jar" value="${jni-jar.home}/osutil.jar"/> <property name="ldapjdk.jar" value="${jar.home}/ldapjdk.jar"/> + <property name="xerces-j2.jar" value="${jar.home}/xerces-j2.jar"/> <path id="classpath"> <pathelement location="${jss.jar}"/> @@ -31,8 +32,8 @@ <pathelement location="${osutil.jar}"/> </path> <path id="javadoc_classpath"> - <pathelement location="${jss.jar}"/> - <pathelement location="${ldapjdk.jar}"/> + <path refid="classpath"/> + <pathelement location="${xerces-j2.jar}"/> <pathelement location="./build/classes"/> </path> |