[Fedora-directory-commits] adminserver/admserv/cfgstuff admserv.conf.in, 1.13, 1.14 ds_removal.in, 1.2, 1.3
by Richard Allen Megginson
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/cfgstuff
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21602/adminserver/admserv/cfgstuff
Modified Files:
admserv.conf.in ds_removal.in
Log Message:
Resolves: bug 480869
Bug Description: DS console: Can not delete DS instance
Reviewed by: nkinder (Thanks!)
Fix Description: As it turns out, my assumption that ds_remove in CGI mode also did the unregistration was false. It is the console that does the unregistration, only after the ds_remove CGI returns success. So, ds_remove needs to run with AdminSDK off, just like the other "special" CGI programs. In addition, ds_remove needs to be more robust - if there is an error during ds_remove, you should be allowed to try again after fixing something. However, the way the error handling worked did not differentiate between fatal errors and errors that could be ignored. In order to do this properly, we need to propagate the errors back up to the top level (oh how I wish perl had real exception handling . . .). The main type of error we need to ignore is file not found or process not found. If we attempted to remove before and that attempt failed for some reason, and left a partial instance, we need to be able to run the remove command again, skipping over the things we shutdown or
removed already, and clean up the stuff we need to remove. This can also happen if you use the console to create a ds instance, and remove-ds.pl to remove the instance. The instance will still show up in the console. We need to be able to use the Remove Server in the console to remove the instance from the console, even through there is no physical instance on disk any more. Since the console will only do the unregistration if the CGI returns success, we need to make sure the CGI returns success even though there is no instance on disk. When ds_remove is run via ds_removal, it will do the unregistration.
I also took this opportunity to refactor the remove code, creating a removeDSInstance method in DSCreate.pm, and moving some of the other removal helper functions to Util.pm. That simplified the code in both ds_remove and remove-ds.pl.
I added a remove-ds-admin.pl script - one of the problems that users have is that they run setup-ds-admin.pl, then hit some error (e.g. bad DNS setup), then find that they cannot restore the system to the state before they ran setup-ds-admin.pl. remove-ds-admin.pl does this.
Finally, I added some man pages to the admin package for those commonly used commands.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
Index: admserv.conf.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cfgstuff/admserv.conf.in,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- admserv.conf.in 22 Jan 2009 22:03:01 -0000 1.13
+++ admserv.conf.in 27 Feb 2009 14:33:28 -0000 1.14
@@ -119,7 +119,7 @@
# Handle Stop, Start, Restart, Instance Creation - invoke mod_restartd
# need to add instance creation because you may want to create an instance
# of DS on a low port, and instance creation starts the instance as well
-<LocationMatch /*/[tT]asks/[Oo]peration/(?i:stop|start|restart|startconfigds|create)$>
+<LocationMatch /*/[tT]asks/[Oo]peration/(?i:stop|start|restart|startconfigds|create|remove)$>
AuthUserFile @configdir@/admpw
AuthType basic
AuthName "Admin Server"
@@ -132,17 +132,3 @@
Order allow,deny
Allow from all
</LocationMatch>
-
-# special case for the remove task - it needs to use the password pipe
-<LocationMatch /*/[tT]asks/[Oo]peration/(?i:remove)$>
- AuthUserFile @configdir@/admpw
- AuthType basic
- AuthName "Admin Server"
- Require valid-user
- AdminSDK on
- ADMCgiBinDir @cgibindir@
- Options +ExecCGI
- RetainPerms on
- Order allow,deny
- Allow from all
-</LocationMatch>
Index: ds_removal.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cfgstuff/ds_removal.in,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- ds_removal.in 14 Jul 2008 20:27:02 -0000 1.2
+++ ds_removal.in 27 Feb 2009 14:33:28 -0000 1.3
@@ -50,7 +50,7 @@
err2=""
server_id=""
admin_pw=""
-forceflag=
+forceflag=0
while [ "$1" != "" ]
do
15 years, 3 months
[Fedora-directory-commits] adminserver/admserv/cgi-src40 ds_remove.in, 1.8, 1.9
by Richard Allen Megginson
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/cgi-src40
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21602/adminserver/admserv/cgi-src40
Modified Files:
ds_remove.in
Log Message:
Resolves: bug 480869
Bug Description: DS console: Can not delete DS instance
Reviewed by: nkinder (Thanks!)
Fix Description: As it turns out, my assumption that ds_remove in CGI mode also did the unregistration was false. It is the console that does the unregistration, only after the ds_remove CGI returns success. So, ds_remove needs to run with AdminSDK off, just like the other "special" CGI programs. In addition, ds_remove needs to be more robust - if there is an error during ds_remove, you should be allowed to try again after fixing something. However, the way the error handling worked did not differentiate between fatal errors and errors that could be ignored. In order to do this properly, we need to propagate the errors back up to the top level (oh how I wish perl had real exception handling . . .). The main type of error we need to ignore is file not found or process not found. If we attempted to remove before and that attempt failed for some reason, and left a partial instance, we need to be able to run the remove command again, skipping over the things we shutdown or
removed already, and clean up the stuff we need to remove. This can also happen if you use the console to create a ds instance, and remove-ds.pl to remove the instance. The instance will still show up in the console. We need to be able to use the Remove Server in the console to remove the instance from the console, even through there is no physical instance on disk any more. Since the console will only do the unregistration if the CGI returns success, we need to make sure the CGI returns success even though there is no instance on disk. When ds_remove is run via ds_removal, it will do the unregistration.
I also took this opportunity to refactor the remove code, creating a removeDSInstance method in DSCreate.pm, and moving some of the other removal helper functions to Util.pm. That simplified the code in both ds_remove and remove-ds.pl.
I added a remove-ds-admin.pl script - one of the problems that users have is that they run setup-ds-admin.pl, then hit some error (e.g. bad DNS setup), then find that they cannot restore the system to the state before they ran setup-ds-admin.pl. remove-ds-admin.pl does this.
Finally, I added some man pages to the admin package for those commonly used commands.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
Index: ds_remove.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cgi-src40/ds_remove.in,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- ds_remove.in 24 Feb 2009 14:25:42 -0000 1.8
+++ ds_remove.in 27 Feb 2009 14:33:28 -0000 1.9
@@ -24,106 +24,15 @@
use File::Basename;
use File::Path;
use CGI qw(:cgi :oldstyle_urls);
+use POSIX qw(:errno_h);
+
use Inf;
use AdminUtil;
use Util;
-use FileConn;
use Resource;
+use DSCreate qw(removeDSInstance);
-# remove_tree($centry, $key, $instname, [$isparent, [$dontremove]])
-# $centry: entry to look for the path to be removed
-# $key: key to look for the path in the entry
-# $instname: instance name "slapd-<ID>" to check the path
-# $isparent: specify 1 to remove from the parent dir
-# $dontremove: pattern not to be removed (e.g., ".db$")
-sub remove_tree
-{
- my $centry = shift;
- my $key = shift;
- my $instname = shift;
- my $isparent = shift;
- my $dontremove = shift;
-
- foreach my $path ( @{$centry->{$key}} )
- {
- my $rmdir = "";
- my $rc = 0;
- if ( 1 == $isparent )
- {
- $rmdir = dirname($path);
- }
- else
- {
- $rmdir = $path;
- }
- if ( -d $rmdir && $rmdir =~ /$instname/ )
- {
- if ( "" eq "$dontremove" )
- {
- $rc = rmtree($rmdir);
- if ( 0 == $rc )
- {
- print "Content-type: text/plain\n\n";
- print "NMC_ErrInfo: $rmdir was not removed.\n";
- print STDERR "Warning: $rmdir was not removed.\n";
- }
- }
- else
- {
- # Skip the dontremove files
- $rc = opendir(DIR, $rmdir);
- if ($rc)
- {
- while (defined(my $file = readdir(DIR)))
- {
- next if ( "$file" =~ /$dontremove/ );
- next if ( "$file" eq "." );
- next if ( "$file" eq ".." );
- my $rmfile = $rmdir . "/" . $file;
- my $rc0 = rmtree($rmfile);
- if ( 0 == $rc0 )
- {
- print "Content-type: text/plain\n\n";
- print "NMC_ErrInfo: $rmfile was not removed.\n";
- print STDERR "Warning: $rmfile was not removed.\n";
- }
- }
- closedir(DIR);
- }
- my $newrmdir = $rmdir . ".removed";
- my $rc1 = 1;
- if ( -d $newrmdir )
- {
- $rc1 = rmtree($newrmdir);
- if ( 0 == $rc1 )
- {
- print "Content-type: text/plain\n\n";
- print "NMC_ErrInfo: $newrmdir was not removed.\n";
- print STDERR "Warning: $newrmdir was not removed.\n";
- }
- }
- if ( 0 < $rc1 )
- {
- rename($rmdir, $newrmdir);
- }
- }
- }
- }
-}
-
-sub remove_pidfile
-{
- my ($type, $instdir, $instname) = @_;
-
- my $pattern = "^" . $type . ".*=";
- my $pidline = `grep $pattern $instdir/start-slapd`;
- chomp($pidline);
- my ($key, $pidfile) = split(/=/, $pidline);
- if ( -e $pidfile && $pidfile =~ /$instname/ )
- {
- unlink($pidfile);
- }
-}
+print "Content-type: text/plain\n\n";
my $res = new Resource("@propertydir(a)/ds_remove.res",
"@propertydir(a)/setup-ds-admin.res",
@@ -131,156 +40,105 @@
# parse the input parameters
my $query = new CGI;
-
-# call ds_newinst as a GET (GET or POST works, GET is simpler)
-$ENV{REQUEST_METHOD} = "GET";
-$ENV{QUERY_STRING} = $query->query_string();
-
+my @errs;
my $force = $query->param('force');
+if (!defined($force) || (length($force) == 0)) {
+ $force = 1; # force use of force for CGI
+}
my $instname = $query->param('InstanceName');
my ($slapd, $inst) = split(/-/, $instname, 2);
-my $configdir = "@instconfigdir@/slapd-$inst";
+my $baseconfigdir = $ENV{DS_CONFIG_DIR} || "@instconfigdir@";
+my $configdir = "$baseconfigdir/slapd-$inst";
+my $status = 0;
if ( ! -d $configdir )
{
- print "Content-type: text/plain\n\n";
- print "NMC_ErrInfo: $configdir does not exist\n";
- print "NMC_Status: 1\n";
- print STDERR "Error: $configdir does not exist\n";
- exit 1;
+ print "NMC_ErrInfo: could not read $configdir - Error: $!\n";
+ print STDERR "Error: could not read $configdir - Error: $!\n";
+ # look for error other than "not found"
+ if ($! != ENOENT) { # not found is ok
+ $status = 1;
+ }
+ if (!$force) {
+ exit 1;
+ }
}
-my @errs;
+
+# NOTE about @errs - the return value will be an array
+# or an array of array refs - usually the last element
+# of the array will be the errno
+# first, gather the information needed by unregister
my $inf = createInfFromConfig($configdir, $inst, \@errs);
if (@errs)
{
- print "Content-type: text/plain\n\n";
print "NMC_ErrInfo: ", $res->getText(@errs), "\n";
- print "NMC_Status: 1\n";
print STDERR "Error: ", $res->getText(@errs), "\n";
- exit 1;
+ # look for error other than "not found"
+ if ($errs[-1] != ENOENT) { # not found is ok
+ $status = 1;
+ }
+ if (!$force) {
+ exit 1;
+ }
+}
+if (!$inf) {
+ $inf = new Inf; # create empty one
+}
+
+# next, remove the instance
+@errs = removeDSInstance($inst, $force);
+if (@errs) {
+ my $realerror;
+ for (@errs) {
+ my $text = $res->getText($_);
+ print "NMC_ErrInfo: $text\n";
+ print STDERR "Error: $text\n";
+ if ($_->[-1] != ENOENT) { # not found is ok
+ $realerror = 1;
+ }
+ }
+ if ($realerror) {
+ $status = 1;
+ }
+ if (!$force) {
+ exit 1;
+ }
}
# add the parmeters necessary to configure this DS to be managed
# by the console and to be registered with the config DS - these
# are usually passed in via the CGI params, or use reasonable
# default values
-my $admConf = getAdmConf("@instconfigdir@/admin-serv");
+my $admConf = getAdmConf("$baseconfigdir/admin-serv");
$inf->{General}->{ConfigDirectoryLdapURL} = $query->param('ldap_url') ||
$admConf->{ldapurl};
$inf->{General}->{AdminDomain} = $query->param('admin_domain') ||
$admConf->{AdminDomain};
-# read the config file to find out the paths
-my $dseldif = "@instconfigdir(a)/$instname/dse.ldif";
-my $conn = new FileConn($dseldif);
-if (!$conn) {
- print "Content-type: text/plain\n\n";
- print "NMC_ErrInfo: Could not open $dseldif: Error: $!\n";
- print "NMC_Status: 1\n";
- print STDERR "Error: Could not open $dseldif: Error: $!\n";
- exit 1;
-}
-
-my $dn = "cn=config";
-my $entry = $conn->search($dn, "base", "(cn=*)", 0);
-if (!$entry)
-{
- print "Content-type: text/plain\n\n";
- print "NMC_ErrInfo: Search $dn in $dseldif failed: $entry\n";
- print "NMC_Status: 1\n";
- print STDERR "Error: Search $dn in $dseldif failed: $entry\n";
- exit 1;
-}
-
# Unregister the server from the configuration ds
# get config ds url from input or admconf
# get admin id from input or admconf
-# must get admin password from input (PASSWORD_PIPE?)
# get admin domain
# config ds info
if (!unregisterDSWithConfigDS($inst, \@errs, $inf) && !$force)
{
- print "Content-type: text/plain\n\n";
print "NMC_ErrInfo: ", $res->getText(@errs), "\n";
- print "NMC_Status: 1\n";
+ $status = 1;
print STDERR "Error:", $res->getText(@errs), "\n";
- exit 1;
-}
-
-$dn = "cn=config,cn=ldbm database,cn=plugins,cn=config";
-my $dbentry = $conn->search($dn, "base", "(cn=*)", 0);
-if (!$dbentry)
-{
- print "Content-type: text/plain\n\n";
- print "NMC_ErrInfo: Search $dn in $dseldif failed: $dbentry\n";
- print "NMC_Status: 1\n";
- print "Error: Search $dn in $dseldif failed: $dbentry\n";
- exit 1;
-}
-$conn->close();
-
-# stop the server
-my $instdir = "";
-foreach my $path ( @{$entry->{"nsslapd-instancedir"}} )
-{
- if ( -d $path )
- {
- my $prog = $path . "/stop-slapd";
- if (-x $prog) {
- $? = 0;
- # run the CGI
- my $output = `$prog 2>&1`;
- my $status = $?;
- if ($status) {
- # Ignore the stop failure
- print "Content-type: text/plain\n\n";
- print "NMC_ErrInfo: Could not stop directory server: $output\n";
- print STDERR "Warning: Could not stop directory server: $output\n";
- }
- $instdir = $path; # need to use it later...
- } elsif (!$force) {
- print "Content-type: text/plain\n\n";
- print "NMC_ErrInfo: The program $prog does not exist\n";
- print "NMC_Status: 1\n";
- print STDERR "Error: The program $prog does not exist\n";
- exit 1;
- }
+ if (!$force) {
+ exit 1;
}
}
-
-# remove physical dirs/files
-remove_tree($dbentry, "nsslapd-directory", $instname, 1);
-remove_tree($dbentry, "nsslapd-db-logdirectory", $instname, 1);
-remove_tree($entry, "nsslapd-lockdir", $instname);
-remove_tree($entry, "nsslapd-tmpdir", $instname);
-remove_tree($entry, "nsslapd-bakdir", $instname, 1);
-remove_tree($entry, "nsslapd-errorlog", $instname, 1);
-# instance dir
-if ( -d $instdir && $instdir =~ /$instname/ )
+if ( 1 == isConfigDS($instname, "$baseconfigdir/admin-serv") )
{
- # clean up pid files (if any)
- remove_pidfile("STARTPIDFILE", $instdir, $instname);
- remove_pidfile("PIDFILE", $instdir, $instname);
-
- if ( 1 == isConfigDS($instname, "@instconfigdir@/admin-serv") )
- {
- # if it is the Config DS, adm.conf and local.conf needs to be removed.
- unlink("@instconfigdir(a)/admin-serv/adm.conf");
- unlink("@instconfigdir(a)/admin-serv/local.conf");
- }
-
- my $rc = rmtree($instdir);
- if ( 0 == $rc )
- {
- print "Content-type: text/plain\n\n";
- print "NMC_ErrInfo: $instdir was not removed.\n";
- print STDERR "Warning: $instdir was not removed.\n";
- }
+ # if it is the Config DS, adm.conf and local.conf needs to be removed.
+ unlink("$baseconfigdir/admin-serv/adm.conf");
+ unlink("$baseconfigdir/admin-serv/local.conf");
}
-# Finally, config dir
-remove_tree($entry, "nsslapd-schemadir", $instname, 1, "\.db\$");
-# if we got here, report success
-print "Content-type: text/plain\n\n";
-print "NMC_Status: 0\n";
exit 0;
+
+END {
+ # report status, no matter where or when exit was called
+ print "NMC_Status: $status\n";
+}
15 years, 3 months
[Fedora-directory-commits] adminserver/admserv/newinst/src remove-ds-admin.pl.in, NONE, 1.1 AdminServer.pm.in, 1.15, 1.16 AdminUtil.pm.in, 1.20, 1.21 setup-ds-admin.pl.in, 1.13, 1.14 setup-ds-admin.res.in, 1.10, 1.11
by Richard Allen Megginson
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/newinst/src
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21602/adminserver/admserv/newinst/src
Modified Files:
AdminServer.pm.in AdminUtil.pm.in setup-ds-admin.pl.in
setup-ds-admin.res.in
Added Files:
remove-ds-admin.pl.in
Log Message:
Resolves: bug 480869
Bug Description: DS console: Can not delete DS instance
Reviewed by: nkinder (Thanks!)
Fix Description: As it turns out, my assumption that ds_remove in CGI mode also did the unregistration was false. It is the console that does the unregistration, only after the ds_remove CGI returns success. So, ds_remove needs to run with AdminSDK off, just like the other "special" CGI programs. In addition, ds_remove needs to be more robust - if there is an error during ds_remove, you should be allowed to try again after fixing something. However, the way the error handling worked did not differentiate between fatal errors and errors that could be ignored. In order to do this properly, we need to propagate the errors back up to the top level (oh how I wish perl had real exception handling . . .). The main type of error we need to ignore is file not found or process not found. If we attempted to remove before and that attempt failed for some reason, and left a partial instance, we need to be able to run the remove command again, skipping over the things we shutdown or
removed already, and clean up the stuff we need to remove. This can also happen if you use the console to create a ds instance, and remove-ds.pl to remove the instance. The instance will still show up in the console. We need to be able to use the Remove Server in the console to remove the instance from the console, even through there is no physical instance on disk any more. Since the console will only do the unregistration if the CGI returns success, we need to make sure the CGI returns success even though there is no instance on disk. When ds_remove is run via ds_removal, it will do the unregistration.
I also took this opportunity to refactor the remove code, creating a removeDSInstance method in DSCreate.pm, and moving some of the other removal helper functions to Util.pm. That simplified the code in both ds_remove and remove-ds.pl.
I added a remove-ds-admin.pl script - one of the problems that users have is that they run setup-ds-admin.pl, then hit some error (e.g. bad DNS setup), then find that they cannot restore the system to the state before they ran setup-ds-admin.pl. remove-ds-admin.pl does this.
Finally, I added some man pages to the admin package for those commonly used commands.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
--- NEW FILE remove-ds-admin.pl.in ---
#!@perlexec@
# BEGIN COPYRIGHT BLOCK
# This Program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; version 2 of the License.
#
# This Program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA.
#
# Copyright (C) 2007 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK
#
use lib qw(@perlpath@);
use strict;
use File::Basename;
use File::Path;
use Util;
use Resource;
use DSCreate qw(removeDSInstance);
use AdminServer qw(removeAdminServer);
sub usage {
print(STDERR "Usage: $0 [-f] [-d -d ...]\n\n");
print(STDERR " Opts: -f - force removal\n");
print(STDERR " -d - turn on debugging output\n");
print(STDERR " -y - actually do the removal\n");
print(STDERR "WARNING: This command is extremely destructive!\n");
print(STDERR " It will remove all of the data and configuration\n");
print(STDERR " of all directory servers and admin servers, with\n");
print(STDERR " no chance of recovery. Therefore, in order to actually\n");
print(STDERR " do this, you must give the -y option.\n");
}
my $res = new Resource("@propertydir(a)/setup-ds.res",
"@propertydir(a)/setup-ds-admin.res");
my $i = 0;
my $force = "";
# load args from the command line
while ($i <= $#ARGV) {
if ( "$ARGV[$i]" eq "-f" ) {
$force = 1;
} elsif ("$ARGV[$i]" eq "-d") {
$Util::debuglevel++;
} else {
&usage; exit(1);
}
$i++;
}
my $baseconfigdir = $ENV{DS_CONFIG_DIR} || "@instconfigdir@";
my @instances = ();
my @errs;
if ( ! -d $baseconfigdir )
{
print STDERR "Error: $baseconfigdir does not exist\n";
exit 1;
}
# get all of our directory server instances
for my $dir (glob("$baseconfigdir/slapd-*")) {
next if ($dir =~ /\.removed/);
if (-d $dir) {
$dir =~ s,$baseconfigdir/,,; # strip off dir part
$dir =~ s/slapd-//; # strip off slapd part
push @instances, $dir;
}
}
# remove all of the directory servers
for my $inst (@instances) {
my $configdir = "$baseconfigdir/slapd-$inst";
if ( ! -d $configdir )
{
print STDERR "Error: $configdir does not exist\n";
if (!$force) {
exit 1;
}
}
@errs = removeDSInstance($inst, $force);
if (@errs) {
print STDERR "The following errors occurred during removal of $inst:\n";
for (@errs) {
print STDERR $res->getText($_);
}
print STDERR "Error: could not remove directory server $inst\n";
if (!$force) {
exit 1;
}
}
}
# remove the admin server
if (@errs = removeAdminServer($baseconfigdir, $force)) {
print STDERR "The following errors occurred during removal of the admin server:\n";
for (@errs) {
print STDERR $res->getText($_);
}
print STDERR "Error: could not remove admin server\n";
if (!$force) {
exit 1;
}
}
# if we got here, report success
print "Removed admin server and all directory server instances\n";
exit 0;
# emacs settings
# Local Variables:
# mode:perl
# indent-tabs-mode: nil
# tab-width: 4
# End:
Index: AdminServer.pm.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/AdminServer.pm.in,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- AdminServer.pm.in 28 Jan 2009 21:25:58 -0000 1.15
+++ AdminServer.pm.in 27 Feb 2009 14:33:27 -0000 1.16
@@ -21,10 +21,10 @@
@ISA = qw(Exporter);
@EXPORT = qw(createAdminServer reconfigAdminServer
createASFilesAndDirs setFileOwnerPerms updateHttpConfFiles
- startAdminServer);
+ startAdminServer removeAdminServer);
@EXPORT_OK = qw(createAdminServer reconfigAdminServer
createASFilesAndDirs setFileOwnerPerms updateHttpConfFiles
- startAdminServer);
+ startAdminServer removeAdminServer);
use File::Path;
# tempfiles
@@ -502,6 +502,91 @@
return createAdminServer($setup, 1);
}
+sub stopAdminServer {
+ my $prog = "@sbindir@/stop-ds-admin";
+ if (-x $prog) {
+ $? = 0;
+ # run the stop command
+ my $output = `$prog 2>&1`;
+ my $status = $?;
+ debug(3, "stopping admin server returns status $status: output $output\n");
+ if ($status) {
+ # Ignore the stop failure
+ debug(1,"Warning: Could not stop admin server: status $status: output $output\n");
+ return 1;
+ }
+ } else {
+ debug(1, "stopping admin server: no such program $prog: cannot stop server\n");
+ return;
+ }
+
+ debug(1, "Successfully stopped admin server\n");
+ return 1;
+}
+
+sub removeAdminServer {
+ my $baseconfigdir = shift;
+ my $force = shift;
+ if (!stopAdminServer()) {
+ if ($force) {
+ debug(1, "Warning: Could not stop admin server - forcing continue\n");
+ } else {
+ debug(1, "Error: Could not stop admin server - aborting - use -f flag to force removal\n");
+ return ( [ 'error_stopping_adminserver', $! ] );
+ }
+ }
+
+ my $configdir = $ENV{ADMSERV_CONF_DIR} || $baseconfigdir . "/admin-serv";
+
+ my $securitydir = $configdir;
+
+ my $logdir = $ENV{ADMSERV_LOG_DIR} || "@logdir@";
+
+ my $rundir = $ENV{ADMSERV_PID_DIR} || "@piddir@";
+
+ # remove admin server files in $rundir
+ my $file;
+ for $file (glob("$rundir/admin-serv.*")) {
+ unlink($file);
+ }
+
+ # remove admin server log dir
+ if ($logdir =~ /admin-serv/) { # make sure directory has admin-serv in it somewhere
+ if (!rmtree($logdir)) {
+ debug(1, "Warning: Could not remove directory $logdir: $!\n");
+ if (!$force) {
+ return ( [ 'error_removing_path', $logdir, $! ] );
+ }
+ }
+ }
+
+ # remove config files
+ my @savefiles = qw(admserv.conf httpd.conf nss.conf console.conf cert8.db key3.db secmod.db);
+ if (opendir(CONFDIR, $configdir)) {
+ while ($file = readdir(CONFDIR)) {
+ next if ($file eq '.' || $file eq '..');
+ if (-d "$configdir/$file") {
+ debug(1, "Skipping directory $configdir/$file - remove manually\n");
+ next;
+ }
+ if (grep /^$file$/, @savefiles) {
+ debug(1, "saving file $configdir/$file\n");
+ } else {
+ debug(1, "removing file $configdir/$file\n");
+ unlink("$configdir/$file");
+ }
+ }
+ closedir(CONFDIR);
+ } else {
+ debug(1, "Error: could not read config files in $configdir: $!");
+ if (!$force) {
+ return ( [ 'error_removing_path', $configdir, $! ] );
+ }
+ }
+
+ return;
+}
+
1;
# emacs settings
Index: AdminUtil.pm.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/AdminUtil.pm.in,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- AdminUtil.pm.in 24 Feb 2009 14:25:42 -0000 1.20
+++ AdminUtil.pm.in 27 Feb 2009 14:33:27 -0000 1.21
@@ -816,7 +816,7 @@
my $instinf;
# setup will usually supply everything, but ds_create will not
- if (!$inf->{slapd}->{RootDNPwd}) {
+ if ($isRegister && !$inf->{slapd}->{RootDNPwd}) {
$instinf = createInfFromConfig("$configdir/$inst", $inst, $errs);
if (!$instinf or @{$errs}) {
if ($needclose) {
Index: setup-ds-admin.pl.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/setup-ds-admin.pl.in,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- setup-ds-admin.pl.in 17 Dec 2008 17:26:11 -0000 1.13
+++ setup-ds-admin.pl.in 27 Feb 2009 14:33:27 -0000 1.14
@@ -263,3 +263,10 @@
}
}
}
+
+# emacs settings
+# Local Variables:
+# mode:perl
+# indent-tabs-mode: nil
+# tab-width: 4
+# End:
Index: setup-ds-admin.res.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/newinst/src/setup-ds-admin.res.in,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- setup-ds-admin.res.in 14 Jul 2008 18:43:02 -0000 1.10
+++ setup-ds-admin.res.in 27 Feb 2009 14:33:27 -0000 1.11
@@ -106,6 +106,7 @@
error_creating_adminserver_maptbl = Could not create the map table for registering the Admin Server with the configuration directory server.\n
error_updating_localconf = Could not update the local admin server configuration file '%s'. Error: %s\n
error_starting_adminserver = Could not start the admin server. Error: %s\n
+error_stopping_adminserver = Could not stop the admin server. Error: %s\n
registering_adminserver = Registering admin server with the configuration directory server . . .\n
error_adding_adminserver_config_entry = Could not add the admin server configuration entry '%s'.\nCheck the configuration directory server access and error log for more details.\n
error_updating_localconf_entry = Could not update the local admin server configuration file for the configuration entry '%s'.\n
15 years, 3 months
[Fedora-directory-commits] ldapserver/man/man8 remove-ds.pl.8, 1.1, 1.2 migrate-ds.pl.8, 1.1, 1.2
by Richard Allen Megginson
Author: rmeggins
Update of /cvs/dirsec/ldapserver/man/man8
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21533/ldapserver/man/man8
Modified Files:
remove-ds.pl.8 migrate-ds.pl.8
Log Message:
Resolves: bug 480869
Bug Description: DS console: Can not delete DS instance
Reviewed by: nkinder (Thanks!)
Fix Description: As it turns out, my assumption that ds_remove in CGI mode also did the unregistration was false. It is the console that does the unregistration, only after the ds_remove CGI returns success. So, ds_remove needs to run with AdminSDK off, just like the other "special" CGI programs. In addition, ds_remove needs to be more robust - if there is an error during ds_remove, you should be allowed to try again after fixing something. However, the way the error handling worked did not differentiate between fatal errors and errors that could be ignored. In order to do this properly, we need to propagate the errors back up to the top level (oh how I wish perl had real exception handling . . .). The main type of error we need to ignore is file not found or process not found. If we attempted to remove before and that attempt failed for some reason, and left a partial instance, we need to be able to run the remove command again, skipping over the things we shutdown or
removed already, and clean up the stuff we need to remove. This can also happen if you use the console to create a ds instance, and remove-ds.pl to remove the instance. The instance will still show up in the console. We need to be able to use the Remove Server in the console to remove the instance from the console, even through there is no physical instance on disk any more. Since the console will only do the unregistration if the CGI returns success, we need to make sure the CGI returns success even though there is no instance on disk. When ds_remove is run via ds_removal, it will do the unregistration.
I also took this opportunity to refactor the remove code, creating a removeDSInstance method in DSCreate.pm, and moving some of the other removal helper functions to Util.pm. That simplified the code in both ds_remove and remove-ds.pl.
I added a remove-ds-admin.pl script - one of the problems that users have is that they run setup-ds-admin.pl, then hit some error (e.g. bad DNS setup), then find that they cannot restore the system to the state before they ran setup-ds-admin.pl. remove-ds-admin.pl does this.
Finally, I added some man pages to the admin package for those commonly used commands.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
Index: remove-ds.pl.8
===================================================================
RCS file: /cvs/dirsec/ldapserver/man/man8/remove-ds.pl.8,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- remove-ds.pl.8 13 Feb 2009 20:05:59 -0000 1.1
+++ remove-ds.pl.8 27 Feb 2009 14:33:12 -0000 1.2
@@ -19,7 +19,7 @@
remove\-ds.pl \- Remove an instance of Directory Server
.SH SYNOPSIS
.B remove-ds.pl
-[\-f] \-i \fIinstance\fR
+[\-f] [\-d \-d ... \-d] \-i \fIinstance\fR
.SH DESCRIPTION
Removes a Directory Server instance from the system. The instance
will be shutdown and the files will be removed. The certificate
@@ -36,6 +36,9 @@
.B \fB\-f\fR
Force removal
.TP
+.B \fB\-d\fR
+Enable debugging - adding more -d will make output more verbose
+.TP
.B \fB\-i\fR \fIinstance\fR
The full name of the instance to remove (e.g. slapd-example)
.br
Index: migrate-ds.pl.8
===================================================================
RCS file: /cvs/dirsec/ldapserver/man/man8/migrate-ds.pl.8,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- migrate-ds.pl.8 15 Jul 2008 15:50:56 -0000 1.1
+++ migrate-ds.pl.8 27 Feb 2009 14:33:12 -0000 1.2
@@ -125,14 +125,23 @@
the same name as the database instance directory, with a ".ldif". For
example, if you have
.IP
-/opt/fedora\-ds/slapd\-instance/db/userRoot/ and
+.ad l
+.nf
+/opt/fedora\-ds/slapd\-instance/db/userRoot/
+and
/opt/fedora\-ds/slapd\-instance/db/NetscapeRoot/
+.na
+.fi
.PP
you must first use db2ldif to export these databases to LDIF e.g.
.IP
+.ad l
+.nf
cd /opt/fedora\-ds/slapd\-instance
\&./db2ldif \fB\-n\fR userRoot \fB\-a\fR /opt/fedora\-ds/slapd\-instance/db/userRoot.ldif and
\&./db2ldif \fB\-n\fR NetscapeRoot \fB\-a\fR /opt/fedora\-ds/slapd\-instance/db/NetscapeRoot.ldif
+.fi
+.na
.PP
Then you must somehow make your old server root directory available on
the destination machine, either by creating a tar archive on the source
15 years, 3 months
[Fedora-directory-commits] ldapserver/ldap/admin/src/scripts DSCreate.pm.in, 1.16, 1.17 DSMigration.pm.in, 1.27, 1.28 FileConn.pm, 1.5, 1.6 Inf.pm, 1.6, 1.7 SetupLog.pm, 1.2, 1.3 Util.pm.in, 1.19, 1.20 remove-ds.pl.in, 1.2, 1.3 setup-ds.res.in, 1.15, 1.16
by Richard Allen Megginson
Author: rmeggins
Update of /cvs/dirsec/ldapserver/ldap/admin/src/scripts
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21533/ldapserver/ldap/admin/src/scripts
Modified Files:
DSCreate.pm.in DSMigration.pm.in FileConn.pm Inf.pm
SetupLog.pm Util.pm.in remove-ds.pl.in setup-ds.res.in
Log Message:
Resolves: bug 480869
Bug Description: DS console: Can not delete DS instance
Reviewed by: nkinder (Thanks!)
Fix Description: As it turns out, my assumption that ds_remove in CGI mode also did the unregistration was false. It is the console that does the unregistration, only after the ds_remove CGI returns success. So, ds_remove needs to run with AdminSDK off, just like the other "special" CGI programs. In addition, ds_remove needs to be more robust - if there is an error during ds_remove, you should be allowed to try again after fixing something. However, the way the error handling worked did not differentiate between fatal errors and errors that could be ignored. In order to do this properly, we need to propagate the errors back up to the top level (oh how I wish perl had real exception handling . . .). The main type of error we need to ignore is file not found or process not found. If we attempted to remove before and that attempt failed for some reason, and left a partial instance, we need to be able to run the remove command again, skipping over the things we shutdown or
removed already, and clean up the stuff we need to remove. This can also happen if you use the console to create a ds instance, and remove-ds.pl to remove the instance. The instance will still show up in the console. We need to be able to use the Remove Server in the console to remove the instance from the console, even through there is no physical instance on disk any more. Since the console will only do the unregistration if the CGI returns success, we need to make sure the CGI returns success even though there is no instance on disk. When ds_remove is run via ds_removal, it will do the unregistration.
I also took this opportunity to refactor the remove code, creating a removeDSInstance method in DSCreate.pm, and moving some of the other removal helper functions to Util.pm. That simplified the code in both ds_remove and remove-ds.pl.
I added a remove-ds-admin.pl script - one of the problems that users have is that they run setup-ds-admin.pl, then hit some error (e.g. bad DNS setup), then find that they cannot restore the system to the state before they ran setup-ds-admin.pl. remove-ds-admin.pl does this.
Finally, I added some man pages to the admin package for those commonly used commands.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
Index: DSCreate.pm.in
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/DSCreate.pm.in,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- DSCreate.pm.in 24 Feb 2009 14:24:46 -0000 1.16
+++ DSCreate.pm.in 27 Feb 2009 14:33:12 -0000 1.17
@@ -54,6 +54,7 @@
use File::Path;
use File::Copy;
use File::Basename qw(basename dirname);
+use POSIX qw(:errno_h);
# load perldap
use Mozilla::LDAP::Conn;
@@ -63,8 +64,8 @@
use Exporter;
@ISA = qw(Exporter);
-@EXPORT = qw(createDSInstance);
-@EXPORT_OK = qw(createDSInstance);
+@EXPORT = qw(createDSInstance removeDSInstance);
+@EXPORT_OK = qw(createDSInstance removeDSInstance);
use strict;
@@ -897,6 +898,133 @@
return @errs;
}
+sub stopServer {
+ my $instancedir = shift;
+ my $prog = $instancedir . "/stop-slapd";
+ if (-x $prog) {
+ $? = 0;
+ # run the stop command
+ my $output = `$prog 2>&1`;
+ my $status = $?;
+ debug(3, "stopping server $instancedir returns status $status: output $output\n");
+ if ($status) {
+ debug(1,"Warning: Could not stop directory server: status $status: output $output\n");
+ # if the server is not running, that's ok
+ if ($output =~ /not running/) {
+ $! = ENOENT;
+ return 1;
+ }
+ # else, some other error (e.g. permission) - return false for error
+ return;
+ }
+ } else {
+ debug(1, "stopping server: no such program $prog: cannot stop server\n");
+ return;
+ }
+
+ debug(1, "Successfully stopped server $instancedir\n");
+ return 1;
+}
+
+# NOTE: Returns a list of array ref - each array ref is suitable for passing
+# to Resource::getText
+sub removeDSInstance {
+ my $inst = shift;
+ my $force = shift;
+ my $baseconfigdir = $ENV{DS_CONFIG_DIR} || "@instconfigdir@";
+ my $instname = "slapd-$inst";
+ my $configdir = "$baseconfigdir/$instname";
+ my @errs;
+ if ( ! -d $configdir )
+ {
+ debug(1, "Error: $configdir does not exist: $!\n");
+ return ( [ 'error_no_such_instance', $configdir, $! ] );
+ }
+ # read the config file to find out the paths
+ my $dseldif = "$configdir/dse.ldif";
+ my $conn = new FileConn($dseldif, 1);
+ if (!$conn) {
+ debug(1, "Error: Could not open config file $dseldif: Error $!\n");
+ return ( [ 'error_opening_dseldif', $dseldif, $! ] );
+ }
+
+ my $dn = "cn=config";
+ my $entry = $conn->search($dn, "base", "(cn=*)", 0);
+ if (!$entry)
+ {
+ debug(1, "Error: Search $dn in $dseldif failed: $entry\n");
+ push @errs, [ 'error_finding_config_entry', $dn, $dseldif, $conn->getErrorString() ];
+ }
+
+ $dn = "cn=config,cn=ldbm database,cn=plugins,cn=config";
+ my $dbentry = $conn->search($dn, "base", "(cn=*)", 0);
+ if (!$dbentry)
+ {
+ debug(1, "Error: Search $dn in $dseldif failed: $dbentry\n");
+ push @errs, [ 'error_finding_config_entry', $dn, $dseldif, $conn->getErrorString() ];
+ }
+ $conn->close();
+
+ # stop the server
+ my $instdir = "";
+ if ($entry) {
+ foreach my $path ( @{$entry->{"nsslapd-instancedir"}} )
+ {
+ if (!stopServer($path)) {
+ if ($force) {
+ debug(1, "Warning: Could not stop directory server - Error: $! - forcing continue\n");
+ } elsif ($! == ENOENT) { # stop script not found or server not running
+ debug(1, "Warning: Could not stop directory server: already removed or not running\n");
+ push @errs, [ 'error_stopping_server', $path, $! ];
+ } else { # real error
+ debug(1, "Error: Could not stop directory server - aborting - use -f flag to force removal\n");
+ push @errs, [ 'error_stopping_server', $path, $! ];
+ return @errs;
+ }
+ }
+ $instdir = $path;
+ }
+ }
+
+ # remove physical dirs/files
+ if ($dbentry) {
+ push @errs, remove_tree($dbentry, "nsslapd-directory", $instname, 1);
+ push @errs, remove_tree($dbentry, "nsslapd-db-logdirectory", $instname, 1);
+ }
+ if ($entry) {
+ push @errs, remove_tree($entry, "nsslapd-lockdir", $instname);
+ push @errs, remove_tree($entry, "nsslapd-tmpdir", $instname);
+ push @errs, remove_tree($entry, "nsslapd-bakdir", $instname, 1);
+ push @errs, remove_tree($entry, "nsslapd-errorlog", $instname, 1);
+ }
+
+ # instance dir
+ if ( -d $instdir && $instdir =~ /$instname/ )
+ {
+ # clean up pid files (if any)
+ remove_pidfile("STARTPIDFILE", $instdir, $instname);
+ remove_pidfile("PIDFILE", $instdir, $instname);
+
+ my $rc = rmtree($instdir);
+ if ( 0 == $rc )
+ {
+ push @errs, [ 'error_removing_path', $instdir, $! ];
+ debug(1, "Warning: $instdir was not removed. Error: $!\n");
+ }
+ }
+ # Finally, config dir
+ push @errs, remove_tree($entry, "nsslapd-schemadir", $instname, 1, "\.db\$");
+
+ # if we got here, report success
+ if (@errs) {
+ debug(1, "Could not successfully remove $instname\n");
+ } else {
+ debug(1, "Instance $instname removed.\n");
+ }
+
+ return @errs;
+}
+
1;
# emacs settings
Index: DSMigration.pm.in
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/DSMigration.pm.in,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- DSMigration.pm.in 24 Feb 2009 14:24:47 -0000 1.27
+++ DSMigration.pm.in 27 Feb 2009 14:33:12 -0000 1.28
@@ -363,7 +363,10 @@
($fh, $tmpldiffile) = tempfile("nsrootXXXXXX", UNLINK => 0,
SUFFIX => ".ldif", OPEN => 1,
DIR => File::Spec->tmpdir);
- open( MYLDIF, "$ldiffile" ) || confess "Can't open $ldiffile: $!";
+ if (!open( MYLDIF, "$ldiffile" )) {
+ debug(1, "Error: Can't open $ldiffile: $!");
+ return;
+ }
my $in = new Mozilla::LDAP::LDIF(*MYLDIF);
while (my $ent = readOneEntry $in) {
my $dn = $ent->getDN();
@@ -443,12 +446,16 @@
my $deleteflag = 0;
if ($fname =~ /NetscapeRoot.ldif$/) {
$fname = migrateNetscapeRoot($fname);
- # make sure $fname is owned by the server user
- my $cfgent = $dest->search("cn=config", "base", "(objectclass=*)");
- my $user = $cfgent->getValues('nsslapd-localuser');
- my $uid = getpwnam $user;
- chown $uid, -1, $fname;
- $deleteflag = 1;
+ if ($fname) {
+ # make sure $fname is owned by the server user
+ my $cfgent = $dest->search("cn=config", "base", "(objectclass=*)");
+ my $user = $cfgent->getValues('nsslapd-localuser');
+ my $uid = getpwnam $user;
+ chown $uid, -1, $fname;
+ $deleteflag = 1;
+ } else {
+ return ("error_creating_templdif", $!);
+ }
}
my $cmd = "$inst_dir/ldif2db -n \"$dbname\" -i \"$fname\"";
debug(1, "migrateDatabases: executing command $cmd\n");
@@ -838,7 +845,10 @@
my %intattrs = ();
for (glob("$newschemadir/*.ldif")) {
# read in schema entry from LDIF
- open( MYSCHEMA, $_ ) || die "Can't open $_: $!";
+ if (!open( MYSCHEMA, $_ )) {
+ debug(0, "Can't open schema file $_: $!\n");
+ next;
+ }
my $in = new Mozilla::LDAP::LDIF(*MYSCHEMA);
while (my $ent = readOneEntry $in) {
my @attrs = $ent->getValues('attributeTypes');
Index: FileConn.pm
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/FileConn.pm,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- FileConn.pm 24 Feb 2009 14:24:47 -0000 1.5
+++ FileConn.pm 27 Feb 2009 14:33:12 -0000 1.6
@@ -46,7 +46,7 @@
use Mozilla::LDAP::Utils qw(normalizeDN);
use Mozilla::LDAP::LDIF;
-use Carp;
+use Util qw(debug);
require Exporter;
@ISA = qw(Exporter Mozilla::LDAP::Conn);
@@ -96,7 +96,7 @@
}
if (!open( MYLDIF, "$filename" )) {
- confess "Can't open $filename: $!";
+ debug(1, "Could not open $filename: $!\n");
return 0;
}
@@ -104,7 +104,7 @@
$self->{reading} = 1;
while ($ent = readOneEntry $in) {
if (!$self->add($ent)) {
- confess "Error: could not add entry ", $ent->getDN(), ":", $self->getErrorString();
+ debug(1, "Error: could not add entry " . $ent->getDN() . ":" . $self->getErrorString());
}
}
delete $self->{reading};
@@ -187,7 +187,7 @@
}
if (!open( MYLDIF, ">$filename" )) {
- confess "Can't write $filename: $!";
+ debug(1, "Can't write $filename: $!\n");
return 0;
}
@@ -416,11 +416,15 @@
my $dn = $entry->getDN();
my $ndn = normalizeDN($dn);
- confess "Attempt to modify read only $self->{filename} entry $dn" if ($self->{readonly});
+ if ($self->{readonly}) {
+ debug(1, "Attempt to update read only $self->{filename} entry $dn\n");
+ return 0;
+ }
$self->setErrorCode(0);
if (!exists($self->{$ndn})) {
$self->setErrorCode(LDAP_NO_SUCH_OBJECT);
+ debug(1, "Attempt to update entry $dn that does not exist\n");
return 0;
}
@@ -435,7 +439,10 @@
my $self = shift;
my $dn = shift;
- confess "Attempt to modify read only $self->{filename} entry $dn" if ($self->{readonly});
+ if ($self->{readonly}) {
+ debug(1, "Attempt to delete read only $self->{filename} entry $dn\n");
+ return 0;
+ }
if (ref($dn)) {
$dn = $dn->getDN(); # an Entry
@@ -445,11 +452,13 @@
$self->setErrorCode(0);
if (!exists($self->{$ndn})) {
$self->setErrorCode(LDAP_NO_SUCH_OBJECT);
+ debug(1, "Attempt to delete entry $dn that does not exist\n");
return 0;
}
if (@{$self->{$ndn}->{children}}) {
$self->setErrorCode(LDAP_NOT_ALLOWED_ON_NONLEAF);
+ debug(1, "Attempt to delete entry $dn that has children\n");
return 0;
}
Index: Inf.pm
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/Inf.pm,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- Inf.pm 24 Feb 2009 16:57:45 -0000 1.6
+++ Inf.pm 27 Feb 2009 14:33:12 -0000 1.7
@@ -82,7 +82,10 @@
if ($filename eq "-") {
$inffh = \*STDIN;
} else {
- open INF, $filename or die "Error: could not open inf file $filename: $!";
+ if (!open(INF, $filename)) {
+ print STDERR "Error: could not open inf file $filename: $!\n";
+ return;
+ }
$inffh = \*INF;
}
while (<$inffh>) {
@@ -180,7 +183,10 @@
return if ($filename eq "-");
- open INF, ">$filename" or die "Error: could not write inf file $filename: $!";
+ if (!open(INF, ">$filename")) {
+ print STDERR "Error: could not write inf file $filename: $!\n";
+ return;
+ }
# write General section first
$self->writeSection('General', \*INF);
print INF "\n";
Index: SetupLog.pm
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/SetupLog.pm,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- SetupLog.pm 29 Jun 2007 21:12:21 -0000 1.2
+++ SetupLog.pm 27 Feb 2009 14:33:12 -0000 1.3
@@ -67,7 +67,10 @@
($fh, $filename) = tempfile("${prefix}XXXXXX", UNLINK => 0,
SUFFIX => ".log", DIR => File::Spec->tmpdir);
} else {
- open LOGFILE, ">$filename" or die "Error: could not open logfile $filename: $!";
+ if (!open(LOGFILE, ">$filename")) {
+ print STDERR "Error: could not open logfile $filename: $!\n";
+ return;
+ }
$fh = \*LOGFILE;
}
$self->{fh} = $fh;
Index: Util.pm.in
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/Util.pm.in,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- Util.pm.in 24 Feb 2009 14:24:47 -0000 1.19
+++ Util.pm.in 27 Feb 2009 14:33:12 -0000 1.20
@@ -48,11 +48,11 @@
@EXPORT = qw(portAvailable getAvailablePort isValidDN addSuffix getMappedEntries
process_maptbl check_and_add_entry getMappedEntries
getHashedPassword debug createInfFromConfig
- isValidServerID isValidUser makePaths getLogin);
+ isValidServerID isValidUser makePaths getLogin remove_tree remove_pidfile);
@EXPORT_OK = qw(portAvailable getAvailablePort isValidDN addSuffix getMappedEntries
process_maptbl check_and_add_entry getMappedEntries
getHashedPassword debug createInfFromConfig
- isValidServerID isValidUser makePaths getLogin);
+ isValidServerID isValidUser makePaths getLogin remove_tree remove_pidfile);
use strict;
@@ -60,6 +60,9 @@
use File::Temp qw(tempfile tempdir);
use File::Basename qw(dirname);
+use File::Path qw(rmtree);
+
+use Carp;
$Util::debuglevel = 0;
# use like this:
@@ -115,8 +118,10 @@
# we want the name of the effective user id of this process e.g. if someone did
# an su root, we want getLogin to return "root" not the originating id (getlogin)
# in perl, $> is the effective numeric user id - we need to turn it into a string
+# use confess here because if we cannot determine the user, something is really,
+# really wrong and we need to abort immediately
sub getLogin {
- return (getpwuid($>))[0] || $ENV{USER} || die "Error: could not determine the current user ID: $!";
+ return (getpwuid($>))[0] || $ENV{USER} || confess "Error: could not determine the current user ID: $!";
}
sub isValidUser {
@@ -814,6 +819,101 @@
return ();
}
+# remove_tree($centry, $key, $instname, [$isparent, [$dontremove]])
+# $centry: entry to look for the path to be removed
+# $key: key to look for the path in the entry
+# $instname: instance name "slapd-<ID>" to check the path
+# $isparent: specify 1 to remove from the parent dir
+# $dontremove: pattern not to be removed (e.g., ".db$")
+sub remove_tree
+{
+ my $centry = shift;
+ my $key = shift;
+ my $instname = shift;
+ my $isparent = shift;
+ my $dontremove = shift;
+ my @errs = (); # a list of array refs - each array ref is suitable for passing to Resource::getText
+
+ foreach my $path ( @{$centry->{$key}} )
+ {
+ my $rmdir = "";
+ my $rc = 0;
+ if ( 1 == $isparent )
+ {
+ $rmdir = dirname($path);
+ }
+ else
+ {
+ $rmdir = $path;
+ }
+ if ( -d $rmdir && $rmdir =~ /$instname/ )
+ {
+ if ( "" eq "$dontremove" )
+ {
+ $rc = rmtree($rmdir);
+ if ( 0 == $rc )
+ {
+ push @errs, [ 'error_removing_path', $rmdir, $! ];
+ debug(1, "Warning: $rmdir was not removed. Error: $!\n");
+ }
+ }
+ else
+ {
+ # Skip the dontremove files
+ $rc = opendir(DIR, $rmdir);
+ if ($rc)
+ {
+ while (defined(my $file = readdir(DIR)))
+ {
+ next if ( "$file" =~ /$dontremove/ );
+ next if ( "$file" eq "." );
+ next if ( "$file" eq ".." );
+ my $rmfile = $rmdir . "/" . $file;
+ my $rc0 = rmtree($rmfile);
+ if ( 0 == $rc0 )
+ {
+ push @errs, [ 'error_removing_path', $rmfile, $! ];
+ debug(1, "Warning: $rmfile was not removed. Error: $!\n");
+ }
+ }
+ closedir(DIR);
+ }
+ my $newrmdir = $rmdir . ".removed";
+ my $rc1 = 1;
+ if ( -d $newrmdir )
+ {
+ $rc1 = rmtree($newrmdir);
+ if ( 0 == $rc1 )
+ {
+ push @errs, [ 'error_removing_path', $newrmdir, $! ];
+ debug(1, "Warning: $newrmdir was not removed. Error: $!\n");
+ }
+ }
+ if ( 0 < $rc1 )
+ {
+ rename($rmdir, $newrmdir);
+ }
+ }
+ }
+ }
+
+ return @errs; # a list of array refs - if (!@errs) then success
+}
+
+sub remove_pidfile
+{
+ my ($type, $instdir, $instname) = @_;
+
+ my $pattern = "^" . $type . ".*=";
+ my $pidline = `grep $pattern $instdir/start-slapd`;
+ chomp($pidline);
+ my ($key, $pidfile) = split(/=/, $pidline);
+ if ( -e $pidfile && $pidfile =~ /$instname/ )
+ {
+ unlink($pidfile);
+ }
+}
+
1;
# emacs settings
Index: remove-ds.pl.in
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/remove-ds.pl.in,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- remove-ds.pl.in 24 Feb 2009 14:24:47 -0000 1.2
+++ remove-ds.pl.in 27 Feb 2009 14:33:12 -0000 1.3
@@ -24,111 +24,22 @@
use File::Basename;
use File::Path;
use Util;
-use FileConn;
+use Resource;
+use DSCreate qw(removeDSInstance);
+
+my $res = new Resource("@propertydir(a)/setup-ds.res");
sub usage {
- print(STDERR "Usage: $0 [-f] -i instance\n\n");
+ print(STDERR "Usage: $0 [-f] [-d -d ... -d] -i instance\n\n");
print(STDERR " Opts: -f - force removal\n");
- print(STDERR " -i instance - instance name to remove (e.g. - slapd-example)\n");
-}
-
-# remove_tree($centry, $key, $instname, [$isparent, [$dontremove]])
-# $centry: entry to look for the path to be removed
-# $key: key to look for the path in the entry
-# $instname: instance name "slapd-<ID>" to check the path
-# $isparent: specify 1 to remove from the parent dir
-# $dontremove: pattern not to be removed (e.g., ".db$")
-sub remove_tree
-{
- my $centry = shift;
- my $key = shift;
- my $instname = shift;
- my $isparent = shift;
- my $dontremove = shift;
-
- foreach my $path ( @{$centry->{$key}} )
- {
- my $rmdir = "";
- my $rc = 0;
- if ( 1 == $isparent )
- {
- $rmdir = dirname($path);
- }
- else
- {
- $rmdir = $path;
- }
- if ( -d $rmdir && $rmdir =~ /$instname/ )
- {
- if ( "" eq "$dontremove" )
- {
- $rc = rmtree($rmdir);
- if ( 0 == $rc )
- {
- print STDERR "Warning: $rmdir was not removed.\n";
- }
- }
- else
- {
- # Skip the dontremove files
- $rc = opendir(DIR, $rmdir);
- if ($rc)
- {
- while (defined(my $file = readdir(DIR)))
- {
- next if ( "$file" =~ /$dontremove/ );
- next if ( "$file" eq "." );
- next if ( "$file" eq ".." );
- my $rmfile = $rmdir . "/" . $file;
- my $rc0 = rmtree($rmfile);
- if ( 0 == $rc0 )
- {
- print STDERR "Warning: $rmfile was not removed.\n";
- }
- }
- closedir(DIR);
- }
- my $newrmdir = $rmdir . ".removed";
- my $rc1 = 1;
- if ( -d $newrmdir )
- {
- $rc1 = rmtree($newrmdir);
- if ( 0 == $rc1 )
- {
- print STDERR "Warning: $newrmdir was not removed.\n";
- }
- }
- if ( 0 < $rc1 )
- {
- rename($rmdir, $newrmdir);
- }
- }
- }
- }
-}
-
-sub remove_pidfile
-{
- my ($type, $instdir, $instname) = @_;
-
- my $pattern = "^" . $type . ".*=";
- my $pidline = `grep $pattern $instdir/start-slapd`;
- chomp($pidline);
- my ($key, $pidfile) = split(/=/, $pidline);
- if ( -e $pidfile && $pidfile =~ /$instname/ )
- {
- unlink($pidfile);
- }
+ print(STDERR " -i instance - instance name to remove (e.g. - slapd-example)\n");
+ print(STDERR " -d - turn on debugging output\n");
}
my $i = 0;
my $force = "";
my $instname = "";
-if ($#ARGV > 2) {
- &usage; exit(1);
-}
-
# load args from the command line
while ($i <= $#ARGV) {
if ( "$ARGV[$i]" eq "-f" ) {
@@ -136,6 +47,10 @@
} elsif ("$ARGV[$i]" eq "-i") {
$i++;
$instname = $ARGV[$i];
+ } elsif ("$ARGV[$i]" eq "-d") {
+ $Util::debuglevel++;
+ } else {
+ &usage; exit(1);
}
$i++;
}
@@ -152,86 +67,23 @@
exit 1;
}
-my $configdir = "@instconfigdir@/slapd-$inst";
-if ( ! -d $configdir )
-{
- print STDERR "Error: $configdir does not exist\n";
- exit 1;
-}
-
-# read the config file to find out the paths
-my $dseldif = "@instconfigdir(a)/$instname/dse.ldif";
-my $conn = new FileConn($dseldif);
-if (!$conn) {
- print STDERR "Error: Could not open config file $dseldif: Error $!\n";
- exit 1;
-}
-
-my $dn = "cn=config";
-my $entry = $conn->search($dn, "base", "(cn=*)", 0);
-if (!$entry)
-{
- print STDERR "Error: Search $dn in $dseldif failed: $entry\n";
- exit 1;
-}
-
-$dn = "cn=config,cn=ldbm database,cn=plugins,cn=config";
-my $dbentry = $conn->search($dn, "base", "(cn=*)", 0);
-if (!$dbentry)
-{
- print "Error: Search $dn in $dseldif failed: $dbentry\n";
- exit 1;
-}
-$conn->close();
-
-# stop the server
-my $instdir = "";
-foreach my $path ( @{$entry->{"nsslapd-instancedir"}} )
-{
- if ( -d $path )
- {
- my $prog = $path . "/stop-slapd";
- if (-x $prog) {
- $? = 0;
- # run the stop command
- my $output = `$prog 2>&1`;
- my $status = $?;
- if ($status) {
- # Ignore the stop failure
- print STDERR "Warning: Could not stop directory server: $output\n";
- }
- $instdir = $path; # need to use it later...
- } elsif (!$force) {
- print STDERR "Error: The program $prog does not exist\n";
- exit 1;
- }
- }
-}
-
-# remove physical dirs/files
-remove_tree($dbentry, "nsslapd-directory", $instname, 1);
-remove_tree($dbentry, "nsslapd-db-logdirectory", $instname, 1);
-remove_tree($entry, "nsslapd-lockdir", $instname);
-remove_tree($entry, "nsslapd-tmpdir", $instname);
-remove_tree($entry, "nsslapd-bakdir", $instname, 1);
-remove_tree($entry, "nsslapd-errorlog", $instname, 1);
-
-# instance dir
-if ( -d $instdir && $instdir =~ /$instname/ )
-{
- # clean up pid files (if any)
- remove_pidfile("STARTPIDFILE", $instdir, $instname);
- remove_pidfile("PIDFILE", $instdir, $instname);
-
- my $rc = rmtree($instdir);
- if ( 0 == $rc )
- {
- print STDERR "Warning: $instdir was not removed.\n";
+my @errs = removeDSInstance($inst, $force);
+if (@errs) {
+ print STDERR "The following errors occurred during removal:\n";
+ for (@errs) {
+ print STDERR $res->getText($_);
}
+ print STDERR "Error: could not remove directory server $inst\n";
+ exit 1;
}
-# Finally, config dir
-remove_tree($entry, "nsslapd-schemadir", $instname, 1, "\.db\$");
# if we got here, report success
print "Instance $instname removed.\n";
exit 0;
+
+# emacs settings
+# Local Variables:
+# mode:perl
+# indent-tabs-mode: nil
+# tab-width: 4
+# End:
Index: setup-ds.res.in
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/admin/src/scripts/setup-ds.res.in,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- setup-ds.res.in 24 Feb 2009 14:24:47 -0000 1.15
+++ setup-ds.res.in 27 Feb 2009 14:33:12 -0000 1.16
@@ -120,6 +120,7 @@
error_enabling_feature = Could not enable the directory server feature '%s'. Error: %s\n
error_importing_ldif = Could not import LDIF file '%s'. Error: %s. Output: %s\n
error_starting_server = Could not start the directory server using command '%s'. The last line from the error log was '%s'. Error: %s\n
+error_stopping_server = Could not stop the directory server '%s'. Error: %s\n
error_missing_port_and_ldapi = Either ServerPort or ldapifilepath must be specified. The server must listen to something.\n
error_missing_port = No ServerPort specified. The server must have a port number to listen to (default 389).\n
error_server_already_exists = Error: the server already exists at '%s'\
@@ -131,3 +132,6 @@
error_opening_tempinf = Could not create temporary .inf file for config. Error: %s\n
error_writing_ldif = Could not write the LDIF file '%s'. Error: %s\n
error_creating_templdif = Could not create temporary LDIF file. Error: %s\n
+error_no_such_instance = Error: could not find directory server configuration directory '%s'. Error: %s\n
+error_finding_config_entry = Error: could not find the config entry '%s' in '%s'. Error: %s\n
+error_removing_path = Error: could not remove path '%s'. Error: %s\n
15 years, 3 months
[Fedora-directory-commits] esc/src/app/xul/esc/defaults/preferences esc-prefs.js, 1.5, 1.6
by Jack Magne
Author: jmagne
Update of /cvs/dirsec/esc/src/app/xul/esc/defaults/preferences
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21298/esc/defaults/preferences
Modified Files:
esc-prefs.js
Log Message:
No more command line switch for sec officer mode, #236268.
Index: esc-prefs.js
===================================================================
RCS file: /cvs/dirsec/esc/src/app/xul/esc/defaults/preferences/esc-prefs.js,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- esc-prefs.js 6 Mar 2007 00:15:14 -0000 1.5
+++ esc-prefs.js 27 Feb 2009 03:31:43 -0000 1.6
@@ -25,7 +25,22 @@
pref("esc.tps.message.timeout","90");
+#Do we populate CAPI certs on windows?
pref("esc.windows.do.capi","yes");
+#Do we disable the password prompt ?
+
pref("esc.disable.password.prompt","yes");
+
+#Sample Security Officer Enrollment UI
+
+#pref("esc.security.url","http://test.host.com:7888/cgi-bin/so/enroll.cgi");
+
+#Sample Security Officer Workstation UI
+
+#pref("esc.security.url","https://test.host.com:7889/cgi-bin/sow/welcome.cgi");
+
+#Hide the format button or not.
+
+pref("esc.hide.format","no");
15 years, 3 months
[Fedora-directory-commits] esc/src/app/xul/esc/chrome/content/esc ESC.js, 1.20, 1.21
by Jack Magne
Author: jmagne
Update of /cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21298/esc/chrome/content/esc
Modified Files:
ESC.js
Log Message:
No more command line switch for sec officer mode, #236268.
Index: ESC.js
===================================================================
RCS file: /cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc/ESC.js,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- ESC.js 26 Feb 2009 23:30:15 -0000 1.20
+++ ESC.js 27 Feb 2009 03:31:42 -0000 1.21
@@ -1909,6 +1909,20 @@
return result;
}
+function SelectESCPageCMDLine()
+{
+ var securityURL = DoCoolKeyGetConfigValue(ESC_SECURITY_URL);
+
+ if(securityURL)
+ {
+ launchESCSecMode();
+ return;
+ }
+
+ launchSETTINGS();
+
+}
+
function SelectESCPage(keyType,keyID,phoneHomeFailed)
{
@@ -3800,15 +3814,24 @@
//Is the security mode up?
function CheckForSecurityMode()
{
- var securityWnd = IsPageWindowPresent(SECURITY_WINDOW);
- var faceToFaceMode = 0;
+ var securityWnd = IsPageWindowPresent(SECURITY_WINDOW);
+ var faceToFaceMode = 0;
- recordMessage("CheckForSecurityMode: " + securityWnd);
+ recordMessage("CheckForSecurityMode: " + securityWnd);
+
+ if(securityWnd) {
+ faceToFaceMode = 1;
+ return faceToFaceMode;
+ }
- if(securityWnd)
- faceToFaceMode = 1;
+ var securityURL = DoCoolKeyGetConfigValue(ESC_SECURITY_URL);
- return faceToFaceMode;
+ if(securityURL)
+ {
+ faceToFaceMode = 1;
+ }
+
+ return faceToFaceMode;
}
//Launch Phone Home bootstrap dialog as last resort
@@ -3904,12 +3927,10 @@
//Launch security mode window
-function launchESCSecMode(aUrl)
+function launchESCSecMode()
{
recordMessage("In launchESCSecMode");
- DoCoolKeySetConfigValue(ESC_SECURITY_URL,aUrl);
-
var secWnd = IsPageWindowPresent(SECURITY_WINDOW);
if(!secWnd)
{
@@ -3952,6 +3973,15 @@
var enrollWnd = IsPageWindowPresent(ENROLL_WINDOW);
var adminWnd = IsPageWindowPresent(ADMIN_WINDOW);
+ var securityURL = DoCoolKeyGetConfigValue(ESC_SECURITY_URL);
+
+ if(securityURL)
+ {
+ launchESCSecMode();
+ return;
+
+ }
+
if(!adminWnd)
{
launchSETTINGS();
15 years, 3 months
[Fedora-directory-commits] esc/src/app/xul/esc/components escCLH.js, 1.3, 1.4
by Jack Magne
Author: jmagne
Update of /cvs/dirsec/esc/src/app/xul/esc/components
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21298/esc/components
Modified Files:
escCLH.js
Log Message:
No more command line switch for sec officer mode, #236268.
Index: escCLH.js
===================================================================
RCS file: /cvs/dirsec/esc/src/app/xul/esc/components/escCLH.js,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- escCLH.js 28 Feb 2007 19:05:30 -0000 1.3
+++ escCLH.js 27 Feb 2009 03:31:43 -0000 1.4
@@ -48,16 +48,6 @@
var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"].getService(Components.interfaces.nsIWindowMediator);
var win = wm.getMostRecentWindow(null);
- var doSecMode = false;
- var secModeURL=null;
-
- secModeURL = cmdLine.handleFlagWithParam("secmode",false);
- if (secModeURL) {
- doSecMode = true;
- cmdLine.preventDefault = true;
- }
-
-
var showUsage = cmdLine.handleFlag("usage",false);
recordMessage("ShowUsage flag: " + showUsage);
@@ -78,17 +68,7 @@
recordMessage("Base window . " + locName);
- if(doSecMode)
- {
-
- var uri = cmdLine.resolveURI(secModeURL);
- recordMessage("Attempting security mode. url: " + secModeURL);
- win.launchESCSecMode(secModeURL);
- }
- else
- {
- win.launchSETTINGS();
- }
+ win.SelectESCPageCMDLine();
recordMessage("Done command line handling...");
return;
15 years, 3 months
[Fedora-directory-commits] adminserver/admserv/cfgstuff console.conf.in, 1.4, 1.5
by Richard Allen Megginson
Author: rmeggins
Update of /cvs/dirsec/adminserver/admserv/cfgstuff
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv31586
Modified Files:
console.conf.in
Log Message:
Resolves: bug 166230
Description: Admin Server management window misparses access log
Fix Description: add HostnameLookups off to the default console.conf template with a comment about what it does
Index: console.conf.in
===================================================================
RCS file: /cvs/dirsec/adminserver/admserv/cfgstuff/console.conf.in,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- console.conf.in 29 Jan 2009 21:33:11 -0000 1.4
+++ console.conf.in 26 Feb 2009 23:45:59 -0000 1.5
@@ -46,6 +46,16 @@
</IfModule>
#
+# By default, the log files will only log the client IP address,
+# not the hostname, to avoid having to do a DNS lookup
+# for each request. If HostnameLookups is off, you will also see
+# notices in the error log saying that
+# admserv_host_ip_check: ap_get_remote_host could not resolve the IP address
+# If you want to have hostnames in the log instead of IP addresses, change
+# this to "on". Use a value of "double" to make it do double reverse DNS lookups.
+HostnameLookups off
+
+#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
15 years, 3 months
[Fedora-directory-commits] esc/src/app/xul/esc/chrome/content/esc ESC.js, 1.19, 1.20
by Jack Magne
Author: jmagne
Update of /cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25090
Modified Files:
ESC.js
Log Message:
Provide hide format button feature. #485748.
Index: ESC.js
===================================================================
RCS file: /cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc/ESC.js,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- ESC.js 26 Feb 2009 22:34:42 -0000 1.19
+++ ESC.js 26 Feb 2009 23:30:15 -0000 1.20
@@ -45,12 +45,16 @@
const ENROLLED_TOKEN_URL = "EnrolledTokenURL";
const TOKEN_TYPE = "TokenType";
const RESET_PHONE_HOME = "ResetPhoneHome";
+
+// Config params
+
const ESC_IGNORE_TOKEN_BROWSER_URL = "esc.ignore.token.browser.url";
const ESC_TOKEN_BROWSER_URL_ESTABLISHED = "esc.token.browser.established";
const ESC_IGNORE_KEY_ISSUER_INFO = "esc.ignore.key.issuer.info";
const ESC_FACE_TO_FACE_MODE = "esc.face.to.face.mode";
const ESC_SECURITY_URL="esc.security.url";
const ESC_SECURE_URL="esc.secure.url";
+const ESC_HIDE_FORMAT="esc.hide.format";
const CLEAN_TOKEN = "cleanToken";
const UNINITIALIZED = 1;
@@ -2120,6 +2124,12 @@
isCool = DoGetCoolKeyIsReallyCoolKey(keyType, keyID);
+ var hideFormatConfig = DoCoolKeyGetConfigValue(ESC_HIDE_FORMAT);
+ var hideFormat = false;
+
+ if(hideFormatConfig == "yes")
+ hideFormat = true;
+
var noKey = 0;
if(!keyType && !keyID)
@@ -2245,6 +2255,12 @@
detailsKeyLabel.setAttribute("value",getBundleString("noKeysPresent"));
HideItem(detailsImage);
+ if(hideFormat) {
+ HideItem(formatbtn);
+ if(adminkeymenu)
+ HideItem(menu_format);
+ }
+
return;
}
@@ -2267,6 +2283,7 @@
if(!isLoginKey)
{
EnableItem(formatbtn);
+
if(adminkeymenu)
EnableItem(menu_format);
}
@@ -2291,6 +2308,12 @@
if(!isBusy)
detailsKeyLabel.setAttribute("value",getBundleString("enrolledKey"));
+ if(hideFormat) {
+ HideItem(formatbtn);
+ if(adminkeymenu)
+ HideItem(menu_format);
+ }
+
return;
}
@@ -2333,6 +2356,12 @@
DisableItem(formatbtn);
}
+ if(hideFormat) {
+ HideItem(formatbtn);
+ if(adminkeymenu)
+ HideItem(menu_format);
+ }
+
return;
}
@@ -2367,6 +2396,12 @@
}
+ if(hideFormat) {
+ HideItem(formatbtn);
+ if(adminkeymenu)
+ HideItem(adminkeymenu);
+ }
+
return;
}
@@ -2386,6 +2421,12 @@
DisableItem(menu_format);
DisableItem(menu_resetpassword);
}
+
+ if(hideFormat) {
+ HideItem(formatbtn);
+ if(adminkeymenu)
+ HideItem(menu_format);
+ }
}
}
15 years, 3 months