diff options
| author | Rich Megginson <rmeggins@redhat.com> | 2005-03-11 03:55:45 +0000 |
|---|---|---|
| committer | Rich Megginson <rmeggins@redhat.com> | 2005-03-11 03:55:45 +0000 |
| commit | ac41be1c40808469de3511f6324b567153d4d957 (patch) | |
| tree | 143ee0cd547ae9bbc7eecc190ac4e86a6cbf0070 /ldap/admin | |
| parent | 1ad31fcefd33dd67c3c551033603e4748046afd9 (diff) | |
| download | ds-ac41be1c40808469de3511f6324b567153d4d957.tar.gz ds-ac41be1c40808469de3511f6324b567153d4d957.tar.xz ds-ac41be1c40808469de3511f6324b567153d4d957.zip | |
add support for instance creation using open source core DS components
Diffstat (limited to 'ldap/admin')
| -rw-r--r-- | ldap/admin/src/Makefile | 21 | ||||
| -rw-r--r-- | ldap/admin/src/cfg_sspt.c | 46 | ||||
| -rw-r--r-- | ldap/admin/src/create_instance.c | 238 | ||||
| -rw-r--r-- | ldap/admin/src/create_instance.h | 4 | ||||
| -rw-r--r-- | ldap/admin/src/ds_newinst.c | 118 | ||||
| -rw-r--r-- | ldap/admin/src/ds_newinst.pl | 213 | ||||
| -rw-r--r-- | ldap/admin/src/instindex.cpp | 268 |
7 files changed, 623 insertions, 285 deletions
diff --git a/ldap/admin/src/Makefile b/ldap/admin/src/Makefile index c57ea1ec..2d431579 100644 --- a/ldap/admin/src/Makefile +++ b/ldap/admin/src/Makefile @@ -56,6 +56,9 @@ OLD_EXTRA_LIBS := $(EXTRA_LIBS) EXTRA_LIBS = $(DYNAMIC_DEPLINK) $(ADMINUTIL_LINK) $(LDAP_NOSSL_LINK) \ $(SECURITYLINK) $(NSPRLINK) $(SETUPSDK_S_LINK) $(ICULINK) $(OLD_EXTRA_LIBS) +# these are the libraries to use when building the installer for the open source version +OPENSOURCE_LIBS = $(LDAP_ADMLIB) $(LDAP_NOSSL_LINK) $(SECURITYLINK) $(NSPRLINK) + ifeq ($(ARCH), WINNT) PLATFORM_INCLUDE = -I$(BUILD_ROOT)/include/nt SUBSYSTEM=console @@ -162,7 +165,7 @@ OLD_PROGS = ds_pcontrol ds_impldif \ PROGS = start restart shutdown ds_ldif2db \ ds_db2ldif ds_db2bak ds_listdb \ - ds_bak2db ds_rmdb ds_create \ + ds_bak2db ds_rmdb ds_create ds_newinst \ ds_remove ds_snmpctrl vlvindex addindex ifeq ($(ARCH), WINNT) @@ -182,7 +185,7 @@ BINS = $(addprefix $(BINDIR)/, $(PROGS)) endif ALLOBJS = $(addprefix $(OBJDEST)/, $(OBJECTS)) -PERL_SCRIPTS = migrateTo4 uname.lib Cgi.pm migrateInstance getConfigInfo migrateLocalDB migratePwdFile ds_viewlog.pl upgradeServer updatedsgw logconv.pl +PERL_SCRIPTS = migrateTo4 uname.lib Cgi.pm migrateInstance getConfigInfo migrateLocalDB migratePwdFile ds_viewlog.pl upgradeServer updatedsgw logconv.pl ds_newinst.pl PERL_SCRIPTS_DEST = $(addprefix $(BINDIR)/, $(PERL_SCRIPTS)) @@ -226,6 +229,20 @@ $(SECGLUEOBJ): $(ADMIN_SECGLUEOBJ) cp $(ADMIN_SECGLUEOBJ) $(SECGLUEOBJ) # Special objects +$(BINDIR)/ds_newinst: $(OBJDEST)/ds_newinst.o $(OBJDEST)/cfg_sspt.o \ + $(OBJDEST)/create_instance.o $(OBJDEST)/script-gen.o + $(LINK_EXE_NOLIBSOBJS) $(SHARED) $(EXTRALDFLAGS) \ + $(OBJDEST)/ds_newinst.o $(OBJDEST)/cfg_sspt.o \ + $(OBJDEST)/create_instance.o $(OBJDEST)/script-gen.o $(OPENSOURCE_LIBS) + +$(BINDIR)/ds_newinst.exe: $(OBJDEST)/ds_newinst.o $(OBJDEST)/cfg_sspt.o \ + $(OBJDEST)/create_instance.o $(OBJDEST)/script-gen.o + $(LINK_EXE) $(NT_NOLIBS) $(OBJDEST)/ds_newinst.o $(OBJDEST)/cfg_sspt.o \ + $(OBJDEST)/create_instance.o $(OBJDEST)/script-gen.o \ + $(LIBNT) $(OPENSOURCE_LIBS) +# linking this file causes a .exp and a .lib file to be generated which don't seem +# to be required while running, so I get rid of them + $(RM) $(subst .exe,.exp,$@) $(subst .exe,.lib,$@) $(BINDIR)/ds_create: $(OBJDEST)/instindex.o $(OBJDEST)/cfg_sspt.o \ $(OBJDEST)/create_instance.o $(OBJDEST)/configure_instance.o \ diff --git a/ldap/admin/src/cfg_sspt.c b/ldap/admin/src/cfg_sspt.c index 9143792b..8487c45f 100644 --- a/ldap/admin/src/cfg_sspt.c +++ b/ldap/admin/src/cfg_sspt.c @@ -1374,15 +1374,20 @@ config_suitespot(SLAPD_CONFIG* slapd, QUERY_VARS* query) return 1; /* parent dn of admin uid entry */ - parentDN = make_dn("%s, %s, %s", name_administratorsRDN, - name_topologyRDN, query->netscaperoot, 0); + if (query->netscaperoot) { + parentDN = make_dn("%s, %s, %s", name_administratorsRDN, + name_topologyRDN, query->netscaperoot, 0); + } + if (query->suffix) { status = create_base(connection, query->suffix); if (!status) { - add_aci_v(connection, query->suffix, ACI_user_allow_1, - "all", query->config_admin_uid, parentDN, 0); + if (parentDN && query->config_admin_uid) { + add_aci_v(connection, query->suffix, ACI_user_allow_1, + "all", query->config_admin_uid, parentDN, 0); + } status = create_group(connection, query->suffix, name_localDAGroup); } @@ -1396,14 +1401,16 @@ config_suitespot(SLAPD_CONFIG* slapd, QUERY_VARS* query) if (!status) { char realuid[1024] = {0}; - getUIDFromDN(query->config_admin_uid, realuid); + + if (query->config_admin_uid) { + getUIDFromDN(query->config_admin_uid, realuid); + } + if (realuid[0]) { /* admid is already a DN */ configAdminDN = strdup(query->config_admin_uid); - } - else - { + } else if (query->config_admin_uid) { /* create a DN for admid */ configAdminDN = make_dn(DN_formatUID, query->config_admin_uid, parentDN, 0); } @@ -1411,10 +1418,13 @@ config_suitespot(SLAPD_CONFIG* slapd, QUERY_VARS* query) /* Give the Configuration Admin group access to the root DSE entries */ - adminGroupDN = make_dn("%s, %s=%s, %s, %s", value_configAdminGroupRDN, - name_ou, value_groupsOU, - name_topologyRDN, - query->netscaperoot, 0); + if (query->netscaperoot) { + adminGroupDN = make_dn("%s, %s=%s, %s, %s", value_configAdminGroupRDN, + name_ou, value_groupsOU, + name_topologyRDN, + query->netscaperoot, 0); + } + if (query->suffix) { localDAGroupDN = make_dn("cn=%s, %s", name_localDAGroup, @@ -1426,16 +1436,18 @@ config_suitespot(SLAPD_CONFIG* slapd, QUERY_VARS* query) } for (ii = 0; ii < entryAndAccessListSize; ++ii) { - if (query->cfg_sspt) { + if (query->cfg_sspt && adminGroupDN) { add_aci_v(connection, entryAndAccessList[ii].entryDN, ACI_config_admin_group_allow, entryAndAccessList[ii].access, adminGroupDN, 0); } - add_aci_v(connection, entryAndAccessList[ii].entryDN, - ACI_user_allow_2, - entryAndAccessList[ii].access, - configAdminDN, 0); + if (configAdminDN) { + add_aci_v(connection, entryAndAccessList[ii].entryDN, + ACI_user_allow_2, + entryAndAccessList[ii].access, + configAdminDN, 0); + } if (localDAGroupDN) { add_aci_v(connection, entryAndAccessList[ii].entryDN, diff --git a/ldap/admin/src/create_instance.c b/ldap/admin/src/create_instance.c index cd81741f..301584c6 100644 --- a/ldap/admin/src/create_instance.c +++ b/ldap/admin/src/create_instance.c @@ -4690,3 +4690,241 @@ write_ldap_info( char *slapd_server_root, server_config_s *cf) return ret; } +/* ----------- Create a new server from configuration variables ----------- */ + + +int create_config(server_config_s *cf) +{ + char *t = NULL; + char error_param[BIG_LINE] = {0}; + + t = create_server(cf, error_param); + if(t) + { + char *msg; + if (error_param[0]) + { + msg = PR_smprintf("%s.error:could not create server %s - %s", + error_param, cf->servid, t); + } + else + { + msg = PR_smprintf("error:could not create server %s - %s", + cf->servid, t); + } + ds_show_message(msg); + PR_smprintf_free(msg); + } + else + { + ds_show_message("Created new Directory Server"); + return 0; + } + + return 1; +} + + +/* ------ check passwords are same and satisfy minimum length policy------- */ +static int check_passwords(char *pw1, char *pw2) +{ + if (strcmp (pw1, pw2) != 0) { + ds_report_error (DS_INCORRECT_USAGE, " different passwords", + "Enter the password again." + " The two passwords you entered are different."); + return 1; + } + + if ( ((int) strlen(pw1)) < 8 ) { + ds_report_error (DS_INCORRECT_USAGE, " password too short", + "The password must be at least 8 characters long."); + return 1; + } + + return 0; +} + +/* ------ Parse the results of a form and create a server from them ------- */ + + +int parse_form(server_config_s *cf) +{ + char *rm = getenv("REQUEST_METHOD"); + char *qs = getenv("QUERY_STRING"); + char* cfg_sspt_uid_pw1; + char* cfg_sspt_uid_pw2; + LDAPURLDesc *desc = 0; + char *temp = 0; + + if (!(cf->sroot = getenv("NETSITE_ROOT"))) { + ds_report_error (DS_INCORRECT_USAGE, " NETSITE_ROOT environment variable not set.", + "The environment variable NETSITE_ROOT must be set to the server root directory."); + return 1; + } + + if (rm && qs && !strcmp(rm, "GET")) + { + ds_get_begin(qs); + } + else if (ds_post_begin(stdin)) + { + return 1; + } + + if (rm) + { + printf("Content-type: text/plain\n\n"); + } + /* else we are being called from server installation; no output */ + + if (!(cf->servname = ds_a_get_cgi_var("servname", "Server Name", + "Please give a hostname for your server."))) + { + return 1; + } + + cf->bindaddr = ds_a_get_cgi_var("bindaddr", NULL, NULL); + if (!(cf->servport = ds_a_get_cgi_var("servport", "Server Port", + "Please specify the TCP port number for this server."))) + { + return 1; + } + + cf->cfg_sspt = ds_a_get_cgi_var("cfg_sspt", NULL, NULL); + cf->cfg_sspt_uid = ds_a_get_cgi_var("cfg_sspt_uid", NULL, NULL); + if (cf->cfg_sspt_uid && *(cf->cfg_sspt_uid) && + !(cf->cfg_sspt_uidpw = ds_a_get_cgi_var("cfg_sspt_uid_pw", NULL, NULL))) + { + + if (!(cfg_sspt_uid_pw1 = ds_a_get_cgi_var("cfg_sspt_uid_pw1", "Password", + "Enter the password for the Mission Control Administrator's account."))) + { + return 1; + } + + if (!(cfg_sspt_uid_pw2 = ds_a_get_cgi_var("cfg_sspt_uid_pw2", "Password", + "Enter the password for the Mission Control Administrator account, " + "twice."))) + { + return 1; + } + + if (strcmp (cfg_sspt_uid_pw1, cfg_sspt_uid_pw2) != 0) + { + ds_report_error (DS_INCORRECT_USAGE, " different passwords", + "Enter the Mission Control Administrator account password again." + " The two Mission Control Administrator account passwords " + "you entered are different."); + return 1; + } + if ( ((int) strlen(cfg_sspt_uid_pw1)) < 1 ) { + ds_report_error (DS_INCORRECT_USAGE, " password too short", + "The password must be at least 1 character long."); + return 1; + } + cf->cfg_sspt_uidpw = cfg_sspt_uid_pw1; + } + + if (cf->cfg_sspt && *cf->cfg_sspt && !strcmp(cf->cfg_sspt, "1") && + !cf->cfg_sspt_uid) + { + ds_report_error (DS_INCORRECT_USAGE, + " Userid not specified", + "A Userid for Mission Control Administrator must be specified."); + return 1; + } + cf->start_server = ds_a_get_cgi_var("start_server", NULL, NULL); + cf->secserv = ds_a_get_cgi_var("secserv", NULL, NULL); + if (cf->secserv && strcmp(cf->secserv, "off")) + cf->secservport = ds_a_get_cgi_var("secservport", NULL, NULL); + if (!(cf->servid = ds_a_get_cgi_var("servid", "Server Identifier", + "Please give your server a short identifier."))) + { + return 1; + } + +#ifdef XP_UNIX + cf->servuser = ds_a_get_cgi_var("servuser", NULL, NULL); +#endif + + cf->suffix = dn_normalize_convert(ds_a_get_cgi_var("suffix", NULL, NULL)); + + if (cf->suffix == NULL) { + cf->suffix = ""; + } + + cf->rootdn = dn_normalize_convert(ds_a_get_cgi_var("rootdn", NULL, NULL)); + if (cf->rootdn && *(cf->rootdn)) { + if (!(cf->rootpw = ds_a_get_cgi_var("rootpw", NULL, NULL))) + { + char* pw1 = ds_a_get_cgi_var("rootpw1", "Password", + "Enter the password for the unrestricted user."); + char* pw2 = ds_a_get_cgi_var("rootpw2", "Password", + "Enter the password for the unrestricted user, twice."); + + if (!pw1 || !pw2 || check_passwords(pw1, pw2)) + { + return 1; + } + + cf->rootpw = pw1; + } + /* Encode the password in SSHA by default */ + cf->roothashedpw = (char *)ds_salted_sha1_pw_enc (cf->rootpw); + } + + cf->admin_domain = ds_a_get_cgi_var("admin_domain", NULL, NULL); + + if ((temp = ds_a_get_cgi_var("use_existing_config_ds", NULL, NULL))) { + cf->use_existing_config_ds = atoi(temp); + } else { + cf->use_existing_config_ds = 1; /* there must already be one */ + } + + if ((temp = ds_a_get_cgi_var("use_existing_user_ds", NULL, NULL))) { + cf->use_existing_config_ds = atoi(temp); + } else { + cf->use_existing_user_ds = 0; /* we are creating it */ + } + + temp = ds_a_get_cgi_var("ldap_url", NULL, NULL); + if (temp && !ldap_url_parse(temp, &desc) && desc) + { + char *suffix; + + if (desc->lud_dn && *desc->lud_dn) { /* use given DN for netscaperoot suffix */ + cf->netscaperoot = strdup(desc->lud_dn); + suffix = cf->netscaperoot; + } else { /* use the default */ + suffix = dn_normalize_convert(strdup(cf->netscaperoot)); + } + /* the config ds connection may require SSL */ + int isSSL = !strncmp(temp, "ldaps:", strlen("ldaps:")); + cf->config_ldap_url = PR_smprintf("ldap%s://%s:%d/%s", + (isSSL ? "s" : ""), desc->lud_host, + desc->lud_port, suffix); + ldap_free_urldesc(desc); + } + + /* if being called as a CGI, the user_ldap_url will be the directory + we're creating */ + /* this is the directory we're creating, and we cannot create an ssl + directory, so we don't have to worry about ldap vs ldaps here */ + if ((temp = ds_a_get_cgi_var("user_ldap_url", NULL, NULL))) { + cf->user_ldap_url = strdup(temp); + } else { + cf->user_ldap_url = PR_smprintf("ldap://%s:%s/%s", cf->servname, + cf->servport, cf->suffix); + } + + cf->samplesuffix = NULL; + + cf->disable_schema_checking = ds_a_get_cgi_var("disable_schema_checking", + NULL, NULL); + + cf->adminport = ds_a_get_cgi_var("adminport", NULL, NULL); + + cf->install_ldif_file = ds_a_get_cgi_var("install_ldif_file", NULL, NULL); + + return 0; +} diff --git a/ldap/admin/src/create_instance.h b/ldap/admin/src/create_instance.h index a4799fb1..7f8f8ff4 100644 --- a/ldap/admin/src/create_instance.h +++ b/ldap/admin/src/create_instance.h @@ -105,6 +105,10 @@ char *create_server(server_config_s *cf, char *param_name); int generate_script(const char *inpath, const char *outpath, int mode, const char *table[][2]); +/* richm - moved from instindex.cpp */ +int create_config(server_config_s *cf); +int parse_form(server_config_s *cf); + #ifdef __cplusplus } #endif /* __cplusplus */ diff --git a/ldap/admin/src/ds_newinst.c b/ldap/admin/src/ds_newinst.c new file mode 100644 index 00000000..d296764f --- /dev/null +++ b/ldap/admin/src/ds_newinst.c @@ -0,0 +1,118 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright (C) 2005 Red Hat, Inc. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +/* + * ds_newinst.c - creates a new instance of directory server, scripts, + * configuration, etc. Does not create any Admin Server stuff or + * deal with any setupsdk stuff, but may be optionally used to create + * and configure the config suffix (o=NetscapeRoot) + */ + +#include <nss.h> +#include <nspr.h> + +#include "create_instance.h" + +#include "dsalib.h" +#include "ldap.h" + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +/* --------------------------------- main --------------------------------- */ + +static void +printInfo(int argc, char *argv[], char *envp[], FILE* fp) +{ + int ii = 0; + if (!fp) + fp = stdout; + + fprintf(fp, "Program name = %s\n", argv[0]); + for (ii = 1; ii < argc; ++ii) + { + fprintf(fp, "argv[%d] = %s\n", ii, argv[ii]); + } + + for (ii = 0; envp[ii]; ++ii) + { + fprintf(fp, "%s\n", envp[ii]); + } + + fprintf(fp, "#####################################\n"); +} + +int main(int argc, char *argv[], char *envp[]) +{ + char *rm = getenv("REQUEST_METHOD"); + int status = 0; + server_config_s cf; + char *infFileName = 0; + int reconfig = 0; + int ii = 0; + int cgi = 0; + + /* Initialize NSS to make ds_salted_sha1_pw_enc() happy */ + if (NSS_NoDB_Init(NULL) != SECSuccess) { + ds_report_error(DS_GENERAL_FAILURE, " initialization failure", + "Unable to initialize the NSS subcomponent."); + exit(1); + } + + /* make stdout unbuffered */ + setbuf(stdout, 0); + +#ifdef XP_WIN32 + if ( getenv("DEBUG_DSINST") ) + DebugBreak(); +#endif + + memset(&cf, 0, sizeof(cf)); + set_defaults(0, 0, &cf); + + /* scan cmd line arguments */ + for (ii = 0; ii < argc; ++ii) + { + if (!strcmp(argv[ii], "-f") && (ii + 1) < argc && + argv[ii+1]) + infFileName = argv[ii+1]; + else if (!strcmp(argv[ii], "-r")) + reconfig = 1; + } + + /* being called as a CGI */ + if (rm) + { + cgi = 1; + status = parse_form(&cf); + if (!status) + status = create_config(&cf); + } + /* case 3: punt */ + else + { + ds_report_error ( + DS_INCORRECT_USAGE, + "No request method specified", + "A REQUEST_METHOD must be specified (POST, GET) to run this CGI program."); + status = 1; + } + + if (cgi) + { + /* The line below is used by the console to detect + the end of the operation. See replyHandler() in + MigrateCreate.java */ + fprintf(stdout, "NMC_Status: %d\n", status); + /* In the past, we used to call rpt_success() or rpt_err() + according to status. However these functions are not designed + for our case: they print an HTTP header line "Content-type: text/html" */ + } + +#if defined( hpux ) + _exit(status); +#endif + return status; +} diff --git a/ldap/admin/src/ds_newinst.pl b/ldap/admin/src/ds_newinst.pl new file mode 100644 index 00000000..32c8e87e --- /dev/null +++ b/ldap/admin/src/ds_newinst.pl @@ -0,0 +1,213 @@ +# BEGIN COPYRIGHT BLOCK +# Copyright (C) 2005 Red Hat, Inc. +# All rights reserved. +# END COPYRIGHT BLOCK +use IPC::Open2; +use Symbol; +use URI::Escape; +use Cwd; +use File::Basename; + +sub usage { + my $msg = shift; + print "Error: $msg\n"; + print "Usage: $0 filename.inf\n"; + exit 1 +} + +sub getCgiContentAndLength { + my $args = shift; + my $escapechars = "^a-zA-Z0-9"; # escape all non alphanum chars + my $content = ""; + my $firsttime = 1; + while (my ($kk, $vv) = each %{$args}) { + if ($firsttime) { + $firsttime = 0; + } else { + $content = $content . "&"; + } + $content = $content . $kk . "=" . uri_escape($vv, $escapechars); + } + my $length = length($content); + + return ($content, $length); +} + +# fakes out the ds_newinst program into thinking it is getting cgi input +sub cgiFake { + my ($sroot, $verbose, $prog, $args) = @_; + # construct content string + my ($content, $length) = &getCgiContentAndLength($args); + + # setup CGI environment + $ENV{REQUEST_METHOD} = "POST"; + $ENV{NETSITE_ROOT} = $sroot; + $ENV{CONTENT_LENGTH} = $length; + $ENV{SERVER_NAMES} = 'slapd-' . $args->{servid}; + +# print "content = $content\n"; + + # open the program + my $curdir = getcwd(); + my $dir = dirname($prog); + my $exe = basename($prog); + chdir $dir; + my $input = gensym(); + my $output = gensym(); + my $pid = open2($input, $output, "./$exe"); + sleep(1); # allow prog to init stdin read buffers + print $output $content, "\n"; + close $output; + + if ($?) { + print "Warning: $prog returned code $? and $!\n"; + } + + my $exitCode = 1; + my @lines; + while (<$input>) { + print $_ if ($verbose); + push @lines, $_; + if (/^NMC_Status:\s*(\d+)/) { + $exitCode = $1; + last; + } + } + close $input; + chdir $curdir; + + if ($exitCode) { + print "CGI $prog failed with $exitCode: here is the output:\n"; + map { print $_ } @lines; + } + + if ($exitCode != 0) { + print "Error: could not run $prog: $exitCode\n"; + return $exitCode; + } + + return 0; +} + +sub addAndCheck { + my $dest = shift; + my $dkey = shift; + my $source = shift; + my $ssec = shift; + my $skey = shift; + + if (! $source->{$ssec}->{$skey}) { + usage("Missing required parameter $ssec - $skey\n"); + } + + $dest->{$dkey} = $source->{$ssec}->{$skey}; +} + +my $filename = $ARGV[0]; +usage("$filename not found") if (! -f $filename); + +my $curSection; +# each key in the table is a section name +# the value is a hash ref of the items in that section +# in that hash ref, each key is the config param name, +# and the value is the config param value +my %table = (); + +open(IN, $filename); +while (<IN>) { + # e.g. [General] + if (/^\[(.*?)\]/) { + $curSection = $1; + } elsif (/^\s*$/) { + next; # skip blank lines + } elsif (/^\s*\#/) { + next; # skip comment lines + } elsif (/^\s*(.*?)\s*=\s*(.*?)\s*$/) { + $table{$curSection}->{$1} = $2; + } +} +close IN; + +#printhash (\%table); + +# next, construct a hash table with our arguments + +my %cgiargs = (); + +# the following items are always required +addAndCheck(\%cgiargs, "sroot", \%table, "General", "ServerRoot"); +addAndCheck(\%cgiargs, "servname", \%table, "General", "FullMachineName"); +addAndCheck(\%cgiargs, "servuser", \%table, "General", "SuiteSpotUserID"); +addAndCheck(\%cgiargs, "servport", \%table, "slapd", "ServerPort"); +addAndCheck(\%cgiargs, "rootdn", \%table, "slapd", "RootDN"); +addAndCheck(\%cgiargs, "rootpw", \%table, "slapd", "RootDNPwd"); +addAndCheck(\%cgiargs, "servid", \%table, "slapd", "ServerIdentifier"); +addAndCheck(\%cgiargs, "suffix", \%table, "slapd", "Suffix"); + +# the following items are optional + +# port number for Admin Server - used to configure some web apps +$cgiargs{adminport} = $table{admin}->{Port}; + +# If this is set, the new DS instance will be set up for use as +# a Configuration DS (e.g. o=NetscapeRoot) +$cgiargs{cfg_sspt} = $table{slapd}->{SlapdConfigForMC}; +# set this to 1 to register this DS with an existing Configuration DS +# or 0 to create this DS as a new Configuration DS +$cgiargs{use_existing_config_ds} = $table{slapd}->{UseExistingMC}; +# set this to 1 when creating a new Configuration DS if you do not +# want to configure the new DS to also serve user data +$cgiargs{use_existing_user_ds} = $table{slapd}->{UseExistingUG}; + +# the following items are required to register this new instance with a config DS +# or to make the new instance a Configuration DS +if ($cgiargs{cfg_sspt} || + $table{General}->{ConfigDirectoryAdminID} || + $table{General}->{ConfigDirectoryAdminPwd} || + $table{General}->{ConfigDirectoryLdapURL} || + $table{General}->{AdminDomain}) { + addAndCheck(\%cgiargs, "cfg_sspt_uid", \%table, "General", "ConfigDirectoryAdminID"); + addAndCheck(\%cgiargs, "cfg_sspt_uid_pw", \%table, "General", "ConfigDirectoryAdminPwd"); + addAndCheck(\%cgiargs, "ldap_url", \%table, "General", "ConfigDirectoryLdapURL"); + addAndCheck(\%cgiargs, "admin_domain", \%table, "General", "AdminDomain"); +} + +# +if ($table{slapd}->{UserDirectoryLdapURL}) { + $cgiargs{user_ldap_url} = $table{slapd}->{UserDirectoryLdapURL}; +} else { + $cgiargs{user_ldap_url} = $cgiargs{ldap_url}; +} + +# populate the DS with this file - the suffix in this file must +# be the suffix specified in the suffix argument above +# the filename should use the full absolute path +$cgiargs{install_ldif_file} = $table{slapd}->{InstallLdifFile}; + +# if for some reason you do not want the server started after instance creation +# the following line can be commented out - NOTE that if you are creating the +# Configuration DS, it will be started anyway +$cgiargs{start_server} = 1; + +my $sroot = $cgiargs{sroot}; + +my $rc = &cgiFake($sroot, $verbose, + $sroot . "/bin/slapd/admin/bin/ds_newinst", + \%cgiargs); + +if (!$rc) { + print "Success! Your new directory server instance was created\n"; +} else { + print "Error: Could not create new directory server instance\n"; +} + +sub printhash { + my $table = shift; + + while (my ($key,$val) = each %{$table}) { + print "[$key]\n"; + while (my ($k2,$v2) = each %{$val}) { + print "$k2 = $v2\n"; + } + } +} diff --git a/ldap/admin/src/instindex.cpp b/ldap/admin/src/instindex.cpp index f37ef2df..a26f091e 100644 --- a/ldap/admin/src/instindex.cpp +++ b/ldap/admin/src/instindex.cpp @@ -22,270 +22,6 @@ #include <stdlib.h> #include <string.h> -char *ds_salted_sha1_pw_enc(char* pwd); - - - -/* ----------- Create a new server from configuration variables ----------- */ - - -static int create_config(server_config_s *cf) -{ - char *t = NULL; - char error_param[BIG_LINE] = {0}; - - t = create_server(cf, error_param); - if(t) - { - char *msg; - if (error_param[0]) - { - msg = PR_smprintf("%s.error:could not create server %s - %s", - error_param, cf->servid, t); - } - else - { - msg = PR_smprintf("error:could not create server %s - %s", - cf->servid, t); - } - ds_show_message(msg); - PR_smprintf_free(msg); - } - else if (!t) - { - ds_show_message("Created new Directory Server"); - return 0; - } - - return 1; -} - - -/* ------ check passwords are same and satisfy minimum length policy------- */ -static int check_passwords(char *pw1, char *pw2) -{ - if (strcmp (pw1, pw2) != 0) { - ds_report_error (INCORRECT_USAGE, " different passwords", - "Enter the password again." - " The two passwords you entered are different."); - return 1; - } - - if ( ((int) strlen(pw1)) < 8 ) { - ds_report_error (INCORRECT_USAGE, " password too short", - "The password must be at least 8 characters long."); - return 1; - } - - return 0; -} - -/* ------ Parse the results of a form and create a server from them ------- */ - - -static int parse_form(server_config_s *cf) -{ - char *rm = getenv("REQUEST_METHOD"); - char *qs = getenv("QUERY_STRING"); - char* cfg_sspt_uid_pw1; - char* cfg_sspt_uid_pw2; - LDAPURLDesc *desc = 0; - char *temp = 0; - - cf->sroot = getenv("NETSITE_ROOT"); - - if (rm && qs && !strcmp(rm, "GET")) - { - ds_get_begin(qs); - } - else if (ds_post_begin(stdin)) - { - return 1; - } - - if (rm) - { - printf("Content-type: text/plain\n\n"); - } - /* else we are being called from server installation; no output */ - - if (!(cf->servname = ds_a_get_cgi_var("servname", "Server Name", - "Please give a hostname for your server."))) - { - return 1; - } - - cf->bindaddr = ds_a_get_cgi_var("bindaddr", NULL, NULL); - if (!(cf->servport = ds_a_get_cgi_var("servport", "Server Port", - "Please specify the TCP port number for this server."))) - { - return 1; - } - /* the suitespot 3x uid is the uid to use for setting up */ - /* a 4.x server to serve as a suitespot 3.x host */ - cf->suitespot3x_uid = ds_a_get_cgi_var("suitespot3x_uid", NULL, NULL); - cf->cfg_sspt = ds_a_get_cgi_var("cfg_sspt", NULL, NULL); - cf->cfg_sspt_uid = ds_a_get_cgi_var("cfg_sspt_uid", NULL, NULL); - if (cf->cfg_sspt_uid && *(cf->cfg_sspt_uid) && - !(cf->cfg_sspt_uidpw = ds_a_get_cgi_var("cfg_sspt_uid_pw", NULL, NULL))) - { - - if (!(cfg_sspt_uid_pw1 = ds_a_get_cgi_var("cfg_sspt_uid_pw1", "Password", - "Enter the password for the Mission Control Administrator's account."))) - { - return 1; - } - - if (!(cfg_sspt_uid_pw2 = ds_a_get_cgi_var("cfg_sspt_uid_pw2", "Password", - "Enter the password for the Mission Control Administrator account, " - "twice."))) - { - return 1; - } - - if (strcmp (cfg_sspt_uid_pw1, cfg_sspt_uid_pw2) != 0) - { - ds_report_error (INCORRECT_USAGE, " different passwords", - "Enter the Mission Control Administrator account password again." - " The two Mission Control Administrator account passwords " - "you entered are different."); - return 1; - } - if ( ((int) strlen(cfg_sspt_uid_pw1)) < 1 ) { - ds_report_error (INCORRECT_USAGE, " password too short", - "The password must be at least 1 character long."); - return 1; - } - cf->cfg_sspt_uidpw = cfg_sspt_uid_pw1; - } - - if (cf->cfg_sspt && *cf->cfg_sspt && !strcmp(cf->cfg_sspt, "1") && - !cf->cfg_sspt_uid) - { - ds_report_error (INCORRECT_USAGE, - " Userid not specified", - "A Userid for Mission Control Administrator must be specified."); - return 1; - } - cf->start_server = ds_a_get_cgi_var("start_server", NULL, NULL); - cf->secserv = ds_a_get_cgi_var("secserv", NULL, NULL); - if (cf->secserv && strcmp(cf->secserv, "off")) - cf->secservport = ds_a_get_cgi_var("secservport", NULL, NULL); - if (!(cf->servid = ds_a_get_cgi_var("servid", "Server Identifier", - "Please give your server a short identifier."))) - { - return 1; - } - -#ifdef XP_UNIX - cf->servuser = ds_a_get_cgi_var("servuser", NULL, NULL); -#endif - - /*cf->suffix = ds_a_get_cgi_var("suffix", "Subtree to store in this database",*/ - /*"Please specify the Subtree to store in this database");*/ - cf->suffix = NULL; - cf->suffix = dn_normalize_convert(ds_a_get_cgi_var("suffix", NULL, NULL)); - - if (cf->suffix == NULL) { - cf->suffix = ""; - } - - cf->rootdn = dn_normalize_convert(ds_a_get_cgi_var("rootdn", NULL, NULL)); - if (cf->rootdn && *(cf->rootdn)) { - if (!(cf->rootpw = ds_a_get_cgi_var("rootpw", NULL, NULL))) - { - char* pw1 = ds_a_get_cgi_var("rootpw1", "Password", - "Enter the password for the unrestricted user."); - char* pw2 = ds_a_get_cgi_var("rootpw2", "Password", - "Enter the password for the unrestricted user, twice."); - - if (!pw1 || !pw2 || check_passwords(pw1, pw2)) - { - return 1; - } - - cf->rootpw = pw1; - } - /* Encode the password in SSHA by default */ - cf->roothashedpw = (char *)ds_salted_sha1_pw_enc (cf->rootpw); - } - - cf->replicationdn = dn_normalize_convert(ds_a_get_cgi_var("replicationdn", NULL, NULL)); - if(cf->replicationdn && *(cf->replicationdn)) - { - if (!(cf->replicationpw = ds_a_get_cgi_var("replicationpw", NULL, NULL))) - { - char *replicationpw1 = ds_a_get_cgi_var("replicationpw1", "Password", - "Enter the password for the replication dn."); - char *replicationpw2 = ds_a_get_cgi_var("replicationpw2", "Password", - "Enter the password for the replication dn, twice."); - - if (!replicationpw1 || !replicationpw2 || check_passwords(replicationpw1, replicationpw2)) - { - return 1; - } - - cf->replicationpw = replicationpw1; - } - /* Encode the password in SSHA by default */ - cf->replicationhashedpw = (char *)ds_salted_sha1_pw_enc (cf->replicationpw); - } - - cf->consumerdn = dn_normalize_convert(ds_a_get_cgi_var("consumerdn", NULL, NULL)); - if(cf->consumerdn && *(cf->consumerdn)) - { - if (!(cf->consumerpw = ds_a_get_cgi_var("consumerpw", NULL, NULL))) - { - char *consumerpw1 = ds_a_get_cgi_var("consumerpw1", "Password", - "Enter the password for the consumer dn."); - char *consumerpw2 = ds_a_get_cgi_var("consumerpw2", "Password", - "Enter the password for the consumer dn, twice."); - - if (!consumerpw1 || !consumerpw2 || check_passwords(consumerpw1, consumerpw2)) - { - return 1; - } - - cf->consumerpw = consumerpw1; - } - /* Encode the password in SSHA by default */ - cf->consumerhashedpw = (char *)ds_salted_sha1_pw_enc (cf->consumerpw); - } - - cf->changelogdir = ds_a_get_cgi_var("changelogdir", NULL, NULL); - cf->changelogsuffix = dn_normalize_convert(ds_a_get_cgi_var("changelogsuffix", NULL, NULL)); - - cf->admin_domain = ds_a_get_cgi_var("admin_domain", NULL, NULL); - cf->use_existing_config_ds = 1; /* there must already be one */ - cf->use_existing_user_ds = 0; /* we are creating it */ - - temp = ds_a_get_cgi_var("ldap_url", NULL, NULL); - if (temp && !ldap_url_parse(temp, &desc) && desc) - { - char *suffix = dn_normalize_convert(strdup(cf->netscaperoot)); - /* the config ds connection may require SSL */ - int isSSL = !strncmp(temp, "ldaps:", strlen("ldaps:")); - cf->config_ldap_url = PR_smprintf("ldap%s://%s:%d/%s", - (isSSL ? "s" : ""), desc->lud_host, - desc->lud_port, suffix); - ldap_free_urldesc(desc); - } - - /* if being called as a CGI, the user_ldap_url will be the directory - we're creating */ - /* this is the directory we're creating, and we cannot create an ssl - directory, so we don't have to worry about ldap vs ldaps here */ - cf->user_ldap_url = PR_smprintf("ldap://%s:%s/%s", cf->servname, - cf->servport, cf->suffix); - - cf->samplesuffix = NULL; - - cf->disable_schema_checking = ds_a_get_cgi_var("disable_schema_checking", - NULL, NULL); - return 0; -} - - /* --------------------------------- main --------------------------------- */ static void @@ -355,7 +91,7 @@ int main(int argc, char *argv[], char * /*envp*/ []) FILE *infFile = fopen(infFileName, "r"); if (!infFile) { - ds_report_error(INCORRECT_USAGE, infFileName, + ds_report_error(DS_INCORRECT_USAGE, infFileName, "This file could not be opened. A valid file must be given."); status = 1; } @@ -388,7 +124,7 @@ int main(int argc, char *argv[], char * /*envp*/ []) else { ds_report_error ( - INCORRECT_USAGE, + DS_INCORRECT_USAGE, "No request method specified", "A REQUEST_METHOD must be specified (POST, GET) to run this CGI program."); status = 1; |