Domů Procházet Nápověda
Registrovat se Přihlásit se
Apq
/
389-ds-base
zrcadlo https://github.com/389ds/389-ds-base.git
1
0
Rozštěpit 0
Soubory Úkoly 0 Wiki
Procházet zdrojové kódy

The DS console Configuration Encryption tab was giving an error. The error was due to the security CGI not being able to read the ds key/cert db files. They were owned by root instead of the server uid because they were being created by NSS_Initialize which was being called before the server did the setuid.
The fix is to move the NSS/SSL initialization code to just after the setuid call.

Rich Megginson před 20 roky
rodič
99d449ab02
revize
fe8cdf5e63
1 změnil soubory, kde provedl 28 přidání a 29 odebrání
Rozdělené zobrazení Ukázat statistiku rozdílových dat
  1. 28 29
      ldap/servers/slapd/main.c

+ 28 - 29
ldap/servers/slapd/main.c
Zobrazit soubor 

@@ -817,35 +817,6 @@ main( int argc, char **argv)
 
 	/* Set entry points in libslapd */
 
 	set_entry_points();
 
 
-	/*
 
-	 * Initialise NSS once for the whole slapd process, whether SSL
 
-	 * is enabled or not. We use NSS for random number generation and
 
-	 * other things even if we are not going to accept SSL connections.
 
-	 * We also need NSS for attribute encryption/decryption on import and export.
 
-	 */
 
-	init_ssl = ( (slapd_exemode == SLAPD_EXEMODE_SLAPD) || importexport_encrypt) 
-				&& config_get_security()
 
-				&& (0 != s_port) && (s_port <= LDAP_PORT_MAX);
 
-	/* As of DS 6.1, always do a full initialization so that other
 
-	 * modules can assume NSS is available
 
-     */
 
-	if ( slapd_nss_init((slapd_exemode == SLAPD_EXEMODE_SLAPD),
 
-			(slapd_exemode != SLAPD_EXEMODE_REFERRAL) /* have config? */ )) {
 
-		 LDAPDebug(LDAP_DEBUG_ANY,
 
-					"ERROR: NSS Initialization Failed.\n", 0, 0, 0);
 
-		 exit (1);
 
-	}
 
-
 
-	if (slapd_exemode == SLAPD_EXEMODE_SLAPD) {
 
-		client_auth_init();
 
-	}
 
-
 
-	if ( init_ssl && ( 0 != slapd_ssl_init())) {
 
-		LDAPDebug(LDAP_DEBUG_ANY,
 
-					"ERROR: SSL Initialization Failed.\n", 0, 0, 0 );
 
-		exit( 1 );
 
-	}
 
-
 
 	/*
 
 	 * if we were called upon to do special database stuff, do it and be
 
 	 * done.
 
@@ -1006,6 +977,34 @@ main( int argc, char **argv)
 
 	}
 
 #endif
 
 
+	/*
 
+	 * Initialise NSS once for the whole slapd process, whether SSL
 
+	 * is enabled or not. We use NSS for random number generation and
 
+	 * other things even if we are not going to accept SSL connections.
 
+	 * We also need NSS for attribute encryption/decryption on import and export.
 
+	 */
 
+	init_ssl = ( (slapd_exemode == SLAPD_EXEMODE_SLAPD) || importexport_encrypt) 
+				&& config_get_security()
 
+				&& (0 != s_port) && (s_port <= LDAP_PORT_MAX);
 
+	/* As of DS 6.1, always do a full initialization so that other
 
+	 * modules can assume NSS is available
 
+     */
 
+	if ( slapd_nss_init((slapd_exemode == SLAPD_EXEMODE_SLAPD),
 
+			(slapd_exemode != SLAPD_EXEMODE_REFERRAL) /* have config? */ )) {
 
+		 LDAPDebug(LDAP_DEBUG_ANY,
 
+					"ERROR: NSS Initialization Failed.\n", 0, 0, 0);
 
+		 exit (1);
 
+	}
 
+
 
+	if (slapd_exemode == SLAPD_EXEMODE_SLAPD) {
 
+		client_auth_init();
 
+	}
 
+
 
+	if ( init_ssl && ( 0 != slapd_ssl_init())) {
 
+		LDAPDebug(LDAP_DEBUG_ANY,
 
+					"ERROR: SSL Initialization Failed.\n", 0, 0, 0 );
 
+		exit( 1 );
 
+	}
 
 
 	/* -sduloutre: compute_init() and entry_computed_attr_init() moved up */