From e42063913d9ac804c782151b56ee5c695f308d36 Mon Sep 17 00:00:00 2001
From: Nathan Kinder <nkinder@redhat.com>
Date: Thu, 18 Apr 2013 15:32:04 -0700
Subject: [PATCH] Ticket #47334 - Avoid quoting all settings in console.conf

A change was made a few years back that quotes all values that our
security CGI sets in console.conf.  This was needed to make cert
nicknames with spaces in them work properly.  This is the correct
thing do to for the NSSNickname setting, but other mod_nss settings
do not allow quoted values.  We really don't need to quote any of
the other settings in console.conf aside from NSSNickname.

This patch changes the helper function we use to update console.conf
such that the caller can specify if the value should be quoted or
not.  We only use quoting when writing the NSSNickname value.
---
 admserv/cgi-src40/sec-activate.c | 30 +++++++++++++++++++-----------
 1 file changed, 19 insertions(+), 11 deletions(-)

diff --git a/admserv/cgi-src40/sec-activate.c b/admserv/cgi-src40/sec-activate.c
index 52bd41d..a36f75f 100644
--- a/admserv/cgi-src40/sec-activate.c
+++ b/admserv/cgi-src40/sec-activate.c
@@ -81,7 +81,7 @@ extern "C" {
 #define DBT_PSET_INV_ATTR                resource_key(RESOURCE_FILE, "16")
 #define DBT_ADMIN_CONF_MOD               resource_key(RESOURCE_FILE, "17")
 
-static int update_conf(char *configdir, char *file, char *name, char *val);
+static int update_conf(char *configdir, char *file, char *name, char *val, int quoted);
 
 Resource       *i18nResource;
 char           *acceptLanguage;
@@ -619,7 +619,7 @@ int main(int argc, char *argv[])
 
     /* change security parameters in console.conf */
     if (strcmp(security, "off")==0) {
-      rv = update_conf(configdir, "console.conf", "NSSEngine", "off");
+      rv = update_conf(configdir, "console.conf", "NSSEngine", "off", 0);
       if (rv < 0) {
         rpt_err(APP_ERROR, NULL, getResourceString(DBT_ADMIN_CONF_MOD), NULL);
       }
@@ -658,8 +658,8 @@ int main(int argc, char *argv[])
       if (strlen(clientauth) == 0) {
         clientauth = (char*)"off";
       }
-      rv = update_conf(configdir, "console.conf", "NSSEngine", "on");
-      rv = update_conf(configdir, "console.conf", "NSSNickname", certnickname);
+      rv = update_conf(configdir, "console.conf", "NSSEngine", "on", 0);
+      rv = update_conf(configdir, "console.conf", "NSSNickname", certnickname, 1);
 
       strcpy(protocols, "");
 
@@ -669,17 +669,17 @@ int main(int argc, char *argv[])
           strcat(protocols, "SSLv3,TLSv1,");
       protocols[strlen(protocols) - 1] = '\0'; /* remove trailing comma */
 
-      rv = update_conf(configdir, "console.conf", "NSSProtocol", protocols);
+      rv = update_conf(configdir, "console.conf", "NSSProtocol", protocols, 0);
 
       snprintf(ciphers, sizeof(ciphers), "%s,%s", ssl2, merged_ssl3);
       PR_smprintf_free(merged_ssl3);
       ciphers[sizeof(ciphers)-1] = 0;
-      rv = update_conf(configdir, "console.conf", "NSSCipherSuite", ciphers);
+      rv = update_conf(configdir, "console.conf", "NSSCipherSuite", ciphers, 0);
 
       if (!strcmp(clientauth, "on"))
-        rv = update_conf(configdir, "console.conf", "NSSVerifyClient", "require");
+        rv = update_conf(configdir, "console.conf", "NSSVerifyClient", "require", 0);
       else
-        rv = update_conf(configdir, "console.conf", "NSSVerifyClient", "none");
+        rv = update_conf(configdir, "console.conf", "NSSVerifyClient", "none", 0);
 
       if (rv < 0) {
         rpt_err(APP_ERROR, NULL, getResourceString(DBT_ADMIN_CONF_MOD), NULL);
@@ -703,7 +703,7 @@ int main(int argc, char *argv[])
  * Modify any attribute in a configuration file with a name/value pair
  * If the attribute value is NULL, remove it from the file completely.
  */
-static int update_conf(char *configdir, char *file, char *name, char *val) {
+static int update_conf(char *configdir, char *file, char *name, char *val, int quoted) {
 
   FILE *f;
   int i, modified=0;
@@ -725,7 +725,11 @@ static int update_conf(char *configdir, char *file, char *name, char *val) {
   while(fgets(inbuf, sizeof(inbuf), f) != NULL) {
     if (strncasecmp(inbuf,name,strlen(name)) == 0) { /* Line starts with the attribute name */
       if(val && *val != '\0') {
-        PR_snprintf(buf, sizeof(buf), "%s \"%s\"\n", name, val);
+        if (quoted) {
+          PR_snprintf(buf, sizeof(buf), "%s \"%s\"\n", name, val);
+        } else {
+          PR_snprintf(buf, sizeof(buf), "%s %s\n", name, val);
+        }
         lines[linecnt++] = strdup(buf);
         modified=1;
       }
@@ -740,7 +744,11 @@ static int update_conf(char *configdir, char *file, char *name, char *val) {
   fclose(f);
 
   if (!modified && (val && *val != '\0')) { /* Add the attribute name/val pair*/
-    PR_snprintf(buf, sizeof(buf), "%s \"%s\"\n", name, val);
+    if (quoted) {
+      PR_snprintf(buf, sizeof(buf), "%s \"%s\"\n", name, val);
+    } else {
+      PR_snprintf(buf, sizeof(buf), "%s %s\n", name, val);
+    }
     lines[linecnt++] = strdup(buf);
   }
 
-- 
1.8.1.4