[Pkg-fedora-ds-maintainers] idm-console-framework: Changes to 'master'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Fri Jul 3 05:38:29 UTC 2015
build.properties | 2
debian/changelog | 6
idm-console-framework.spec | 10 -
src/com/netscape/management/client/ace/ACIEditor.java | 2
src/com/netscape/management/client/ace/ACIManager.java | 52 +++--
src/com/netscape/management/client/console/Console.java | 8
src/com/netscape/management/client/security/CipherPreferenceDialog.java | 43 +++-
src/com/netscape/management/client/security/securityResource.properties | 2
src/com/netscape/management/client/topology/DomainNode.java | 20 --
src/com/netscape/management/client/ug/OUPage.java | 3
src/com/netscape/management/client/util/Debug.java | 92 +++++++++-
11 files changed, 188 insertions(+), 52 deletions(-)
New commits:
commit ce90d3a8a52a36f3ab9051b8dfb30fea1122e777
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Jul 3 08:32:55 2015 +0300
releasing package idm-console-framework version 1.1.14-1
diff --git a/debian/changelog b/debian/changelog
index 5734884..d8145bd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,8 @@
-idm-console-framework (1.1.14-1) UNRELEASED; urgency=medium
+idm-console-framework (1.1.14-1) unstable; urgency=medium
* New upstream release.
- -- Timo Aaltonen <tjaalton at debian.org> Fri, 03 Jul 2015 08:25:54 +0300
+ -- Timo Aaltonen <tjaalton at debian.org> Fri, 03 Jul 2015 08:32:02 +0300
idm-console-framework (1.1.9-1) unstable; urgency=medium
commit f7c0361543d3f51d9353a0ab0a37315d49809a5d
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Fri Jul 3 08:32:00 2015 +0300
update the changelog
diff --git a/debian/changelog b/debian/changelog
index 075928f..5734884 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+idm-console-framework (1.1.14-1) UNRELEASED; urgency=medium
+
+ * New upstream release.
+
+ -- Timo Aaltonen <tjaalton at debian.org> Fri, 03 Jul 2015 08:25:54 +0300
+
idm-console-framework (1.1.9-1) unstable; urgency=medium
* New upstream release.
commit ca31044ba9a1e7a37c01b55679f7dba22241963d
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Wed May 27 13:55:44 2015 -0700
Bump version to 1.1.14
diff --git a/build.properties b/build.properties
index 17af150..f06f05c 100755
--- a/build.properties
+++ b/build.properties
@@ -23,7 +23,7 @@ lang=en
console.root=.
console.version=11
-console.dotversion=1.1.13
+console.dotversion=1.1.14
console.dotgenversion=1.1
mcc.core=idm-console-mcc
diff --git a/idm-console-framework.spec b/idm-console-framework.spec
index 00d1cb6..185d773 100755
--- a/idm-console-framework.spec
+++ b/idm-console-framework.spec
@@ -1,5 +1,5 @@
%define major_version 1.1
-%define minor_version 13
+%define minor_version 14
Name: idm-console-framework
Version: %{major_version}.%{minor_version}
@@ -8,11 +8,11 @@ Summary: Identity Management Console Framework
Group: System Environment/Libraries
License: LGPLv2
-URL: http://directory.fedoraproject.org
+URL: https://directory.fedoraproject.org
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
-Source: http://port389.org/binaries/%{name}-%{version}.tar.bz2
+Source: https://port389.org/binaries/%{name}-%{version}.tar.bz2
Requires: ldapjdk
Requires: jss >= 4.2.6-35
# Urge use of OpenJDK for runtime
commit d3a54e174e9d1916124146ed146c3b98aafaa080
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Wed May 27 11:41:34 2015 -0400
Ticket 48187 - Adding an OU from console is throwing missing attribute aliasedObjectName error
Bug Description: If adding objectclass "alias" and an invalid aliasedObjectname value
is specified the console throws an invalid syntax error. However,
if you try to remove the "aliasedObjectname" attribute, and then save
the entry you get an objectclass violation because the objectclass "alias"
is not removed.
Fix Description: If removing aliasedObjectname, also remove the "alias" objectclass
https://fedorahosted.org/389/ticket/48187
Reviewed by: nhosoi(Thanks!)
diff --git a/src/com/netscape/management/client/ug/OUPage.java b/src/com/netscape/management/client/ug/OUPage.java
index 7cade82..2a6e52f 100644
--- a/src/com/netscape/management/client/ug/OUPage.java
+++ b/src/com/netscape/management/client/ug/OUPage.java
@@ -502,6 +502,9 @@ Observer {
}
observable.replace(_sAlias, vTmp);
} else {
+ Vector vOC = observable.get("ObjectClass");
+ vOC.removeElement(_aliasObjectClass);
+ observable.replace("ObjectClass", vOC);
observable.delete(_sAlias);
}
commit dee167cf1ce64834b5022a69a2bf3d09363d5b19
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Thu May 14 16:14:40 2015 -0700
Bump version to 1.1.13
diff --git a/build.properties b/build.properties
index a98b914..17af150 100755
--- a/build.properties
+++ b/build.properties
@@ -23,7 +23,7 @@ lang=en
console.root=.
console.version=11
-console.dotversion=1.1.12
+console.dotversion=1.1.13
console.dotgenversion=1.1
mcc.core=idm-console-mcc
diff --git a/idm-console-framework.spec b/idm-console-framework.spec
index 0d46dbc..00d1cb6 100755
--- a/idm-console-framework.spec
+++ b/idm-console-framework.spec
@@ -1,5 +1,5 @@
%define major_version 1.1
-%define minor_version 12
+%define minor_version 13
Name: idm-console-framework
Version: %{major_version}.%{minor_version}
commit 323bf2d4468e64e8a05cc0572035ff7f37de995e
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Thu May 14 15:07:57 2015 -0700
Ticket #48134 - Directory Server Admin Console: plaintext password logged in debug mode
Description: commit 2c3430cf3c0e0a3f805fc174a7971bdb0ec4bb45 had a defect.
In ConsoleInfo(fqdn, port, dn, password, suffix), ',' should have been used
for the separator, but ' ' was used, which ended up to mask the wrong place.
The bug was fixed.
https://fedorahosted.org/389/ticket/48134
Reviewed by rmeggins at redhat.com (Thank you, Rich!!)
diff --git a/src/com/netscape/management/client/topology/DomainNode.java b/src/com/netscape/management/client/topology/DomainNode.java
index 54f6134..9cc582c 100644
--- a/src/com/netscape/management/client/topology/DomainNode.java
+++ b/src/com/netscape/management/client/topology/DomainNode.java
@@ -187,17 +187,15 @@ INodeInfo {
System.err.println(e);
}
- _nodeData = new NodeData[]{ _nameNodeData =
- new NodeData("nsAdminDomainName",
- i18n("nsAdminDomainName"), getName(), true, /*7bit*/false),
- new NodeData("description", i18n("description"), description, true),
- new NodeData("LDAPHost", i18n("LDAPHost"), _LDAPHost,
- true, true), // new NodeData("LDAPPort", i18n("LDAPPort"), _LDAPPort, true),
- new NodeData("SSL", i18n("SSL"), cbSSL, true),
- new NodeData("Subtree", i18n("Subtree"), _subTree,
- true), new NodeData("BindDN", i18n("BindDN"), _bindDN,
- true), new NodeData("BindPassword", i18n("BindPassword"),
- bindPasswordField, true, true), };
+ _nodeData = new NodeData[]{
+ _nameNodeData = new NodeData("nsAdminDomainName", i18n("nsAdminDomainName"), getName(), true, /*7bit*/false),
+ new NodeData("description", i18n("description"), description, true),
+ new NodeData("LDAPHost", i18n("LDAPHost"), _LDAPHost, true, true),
+ // new NodeData("LDAPPort", i18n("LDAPPort"), _LDAPPort, true),
+ new NodeData("SSL", i18n("SSL"), cbSSL, true),
+ new NodeData("Subtree", i18n("Subtree"), _subTree, true),
+ new NodeData("BindDN", i18n("BindDN"), _bindDN, true),
+ new NodeData("BindPassword", i18n("BindPassword"), bindPasswordField, true, true)};
}
/**
diff --git a/src/com/netscape/management/client/util/Debug.java b/src/com/netscape/management/client/util/Debug.java
index a133d38..c7994dd 100644
--- a/src/com/netscape/management/client/util/Debug.java
+++ b/src/com/netscape/management/client/util/Debug.java
@@ -500,14 +500,14 @@ public class Debug {
// ... {type='userpassword', values='password'} ...
StringBuilder debugStr = new StringBuilder(s);
if (s.contains("ConsoleInfo(")) {
- // ...ConsoleInfo(fqdn, port, adminDN, password, suffix) ...
+ // ...ConsoleInfo(fqdn, port, adminDN|cn=directory manager, password, suffix) ...
int start = debugStr.indexOf("ConsoleInfo(");
- start = debugStr.indexOf(" ", ++start);
- start = debugStr.indexOf(" ", ++start);
- start = debugStr.indexOf(" ", ++start);
- int end = debugStr.indexOf(" ", ++start);
+ start = debugStr.indexOf(",", ++start);
+ start = debugStr.indexOf(",", ++start);
+ start = debugStr.indexOf(",", ++start);
+ int end = debugStr.indexOf(",", ++start);
if ((start > 0) && (end > 0)) {
- debugStr.replace(start, end - 1, "***password***");
+ debugStr.replace(start + 1, end, "***password***");
}
} else if (s.contains("password=")) {
// ... username=cn=Directory Manager password=password
commit 8f3302e0ca4e7d2257266350248bf380ecea445e
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Tue May 5 16:41:56 2015 -0400
Ticket 47946 - Fix regression with original patch
Bug Description: The original patch for 47946 did not properly check if the
aci being updated was a "new" aci. It thought the aci
was unchanged, and did not add it to the server.
Fix Description: Flag the aci as new when its first created so the console
can properly check its syntax and add it.
https://fedorahosted.org/389/ticket/47946
Reviewed by: rmeggins(Thanks!)
diff --git a/src/com/netscape/management/client/ace/ACIManager.java b/src/com/netscape/management/client/ace/ACIManager.java
index bc0d938..5ed6fb9 100644
--- a/src/com/netscape/management/client/ace/ACIManager.java
+++ b/src/com/netscape/management/client/ace/ACIManager.java
@@ -330,6 +330,7 @@ public class ACIManager extends GenericDialog
if(!ace.isCancel())
{
ACI aci = new ACI(ace.getACI(), aciDN, false/*inherited*/, true/*modified*/);
+ aci.setAdded(true);
aciVector.addElement(aci);
updateACIList(aciVector);
ListSelectionModel lsm = aciList.getSelectionModel();
@@ -489,16 +490,20 @@ public class ACIManager extends GenericDialog
String origData = aci.getOrigData();
String currData = aci.getData();
- // First check that entry has actually changed
- if(!origData.equals(currData)){
- // Before we delete the old aci, make sure we can add the new aci.
- testACI(aciLdc, dn, currData);
-
- // Delete the original aci first
+ // First check that entry has actually changed, or it's a new aci.
+ if(aci.isAdded() || !origData.equals(currData)){
String aciData = aci.getOrigData();
+ LDAPModification mod;
+
+ // Test the syntax before make update the aci
+ testACI(aciLdc, dn, currData);
attr.addValue(aciData);
- LDAPModification mod = new LDAPModification(LDAPModification.DELETE, attr);
- aciLdc.modify(dn, mod);
+ if(!aci.isAdded())
+ {
+ // Delete the original aci first
+ mod = new LDAPModification(LDAPModification.DELETE, attr);
+ aciLdc.modify(dn, mod);
+ }
// Add the new/modified aci
attr.removeValue(aciData);
@@ -528,6 +533,7 @@ public class ACIManager extends GenericDialog
boolean isInherited = false;
boolean isModified = false;
boolean isDeleted = false;
+ boolean isAdded = false;
ACI(String data, String dn, boolean isInherited, boolean isModified)
{
@@ -602,12 +608,23 @@ public class ACIManager extends GenericDialog
return isDeleted;
}
+ public boolean isAdded()
+ {
+ return isAdded;
+ }
+
public void setDeleted(boolean isDeleted)
{
this.isDeleted = isDeleted;
setModified(true);
}
-
+
+ public void setAdded(boolean isAdded)
+ {
+ this.isAdded = isAdded;
+ setModified(true);
+ }
+
public String toString()
{
if(isInherited)
commit 12addf4fc8a09e57c9e9003fdfe7c4327bca398c
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Tue Apr 28 10:23:45 2015 -0700
Bump version to 1.1.12
diff --git a/build.properties b/build.properties
index 62a496e..a98b914 100755
--- a/build.properties
+++ b/build.properties
@@ -23,7 +23,7 @@ lang=en
console.root=.
console.version=11
-console.dotversion=1.1.11
+console.dotversion=1.1.12
console.dotgenversion=1.1
mcc.core=idm-console-mcc
diff --git a/idm-console-framework.spec b/idm-console-framework.spec
index 7f158f5..0d46dbc 100755
--- a/idm-console-framework.spec
+++ b/idm-console-framework.spec
@@ -1,5 +1,5 @@
%define major_version 1.1
-%define minor_version 11
+%define minor_version 12
Name: idm-console-framework
Version: %{major_version}.%{minor_version}
commit c288e1525f59c2faaad9ac141de7248fcf6a54fd
Author: Mark Reynolds <mreynolds at redhat.com>
Date: Tue Apr 28 10:37:30 2015 -0400
Ticket 47946 - Need to revise console aci syntax checking
Bug Description: Previously the console was verifying the aci syntax
by adding the aci to "aci plugin" entry. The problem
is if the target is set in the aci, then the syntax
check would fail as the aci was not written for the
aci plugin dn.
Fix Description: During the syntax check, just add the aci to the
expected target, and then delete it right away.
Ignore error 20 (type or value exists) during this
check.
https://fedorahosted.org/389/ticket/47946
Reviewed by: rmeggins(Thanks!)
diff --git a/src/com/netscape/management/client/ace/ACIEditor.java b/src/com/netscape/management/client/ace/ACIEditor.java
index 6fae13e..529ae9b 100644
--- a/src/com/netscape/management/client/ace/ACIEditor.java
+++ b/src/com/netscape/management/client/ace/ACIEditor.java
@@ -599,7 +599,7 @@ class ACIEditor extends GenericDialog
Container parent = SwingUtilities.getAncestorOfClass(JDialog.class, contentPanel);
try {
- ACIManager.testACI(aciLdc, getACI());
+ ACIManager.testACI(aciLdc, aciDN, getACI());
String title = i18n("syntaxPassedTitle");
String msg = i18n("syntaxPassedMsg");
JOptionPane.showMessageDialog(parent, msg, title, JOptionPane.INFORMATION_MESSAGE);
diff --git a/src/com/netscape/management/client/ace/ACIManager.java b/src/com/netscape/management/client/ace/ACIManager.java
index 4e51912..bc0d938 100644
--- a/src/com/netscape/management/client/ace/ACIManager.java
+++ b/src/com/netscape/management/client/ace/ACIManager.java
@@ -222,7 +222,7 @@ public class ACIManager extends GenericDialog
}
}
- public static void testACI( LDAPConnection ldc, String aci) throws LDAPException
+ public static void testACI( LDAPConnection ldc, String DN, String aci) throws LDAPException
{
// Add the aci to the ACL plugin entry to verify if its syntax is correct.
LDAPAttribute testACIAttr = new LDAPAttribute("aci");
@@ -232,17 +232,20 @@ public class ACIManager extends GenericDialog
try {
mod = new LDAPModification(LDAPModification.ADD, testACIAttr);
- ldc.modify(ACL_PLUGIN_DN, mod);
+ ldc.modify(DN, mod);
mod = new LDAPModification(LDAPModification.DELETE, testACIAttr);
- ldc.modify(ACL_PLUGIN_DN, mod);
+ ldc.modify(DN, mod);
}
catch (LDAPException e)
{
- Debug.println("Failed to add/delete aci to testing entry: mod "
- + mod.toString() + " - Error: " + e.getLDAPResultCode());
- Debug.println("Message: " + e.getLDAPErrorMessage());
- throw e;
+ // We can ignore ATTRIBUTE_OR_VALUE_EXISTS as the aci was not changed
+ if (e.getLDAPResultCode() != LDAPException.ATTRIBUTE_OR_VALUE_EXISTS){
+ Debug.println("Failed to add/delete aci to testing entry: mod "
+ + mod.toString() + " - Error: " + e.getLDAPResultCode());
+ Debug.println("Message: " + e.getLDAPErrorMessage());
+ throw e;
+ }
}
}
@@ -489,7 +492,7 @@ public class ACIManager extends GenericDialog
// First check that entry has actually changed
if(!origData.equals(currData)){
// Before we delete the old aci, make sure we can add the new aci.
- testACI(aciLdc, currData);
+ testACI(aciLdc, dn, currData);
// Delete the original aci first
String aciData = aci.getOrigData();
commit 2dd2c9aa98140dc9df556328c770a976c70021db
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Wed Apr 15 12:11:20 2015 -0700
Bump version to 1.1.11
diff --git a/build.properties b/build.properties
index e1f0fd0..62a496e 100755
--- a/build.properties
+++ b/build.properties
@@ -23,7 +23,7 @@ lang=en
console.root=.
console.version=11
-console.dotversion=1.1.10
+console.dotversion=1.1.11
console.dotgenversion=1.1
mcc.core=idm-console-mcc
diff --git a/idm-console-framework.spec b/idm-console-framework.spec
index fb62347..7f158f5 100755
--- a/idm-console-framework.spec
+++ b/idm-console-framework.spec
@@ -1,5 +1,5 @@
%define major_version 1.1
-%define minor_version 10
+%define minor_version 11
Name: idm-console-framework
Version: %{major_version}.%{minor_version}
@@ -14,13 +14,13 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
Source: http://port389.org/binaries/%{name}-%{version}.tar.bz2
Requires: ldapjdk
-Requires: jss >= 4.2
+Requires: jss >= 4.2.6-35
# Urge use of OpenJDK for runtime
Requires: java >= 1:1.6.0
BuildRequires: java-devel >= 1:1.6.0
BuildRequires: ant >= 1.6.2
BuildRequires: ldapjdk
-BuildRequires: jss >= 4.2
+BuildRequires: jss >= 4.2.6-35
%description
A Java Management Console framework used for remote server management.
commit 00baf5bee64e223f0ffed999cccaab52b8fce059
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Fri Apr 3 10:01:22 2015 -0700
Ticket #97 - 389-console should provide usage options, help, and man pages
Description: Replacing the wrong hardcoded program name "Console"
with the correct one passed from the script that launches the java
console program. "389-console", by default.
diff --git a/src/com/netscape/management/client/console/Console.java b/src/com/netscape/management/client/console/Console.java
index 680abff..5da8a11 100644
--- a/src/com/netscape/management/client/console/Console.java
+++ b/src/com/netscape/management/client/console/Console.java
@@ -1610,7 +1610,11 @@ public class Console implements CommClient {
if (opt.hasOption('h'))// help
{
- System.err.println("Syntax: Console [-a <URL>] [-l <Language Code>] [-s <SIE DN>] [-x <options>]");
+ String prog_name = System.getProperty("program.name");
+ if ((prog_name == null) || (prog_name.length() == 0)) {
+ prog_name = "389-console";
+ }
+ System.err.println("Syntax: " + prog_name + " [-a <URL>] [-l <Language Code>] [-s <SIE DN>] [-x <options>]");
System.err.println(" -a admin server base URL");
System.err.println(" -l language code (en fr gr)");
System.err.println(" -f <file> capture stderr and stdout to <file> (like Unix tee command)");
@@ -1620,7 +1624,7 @@ public class Console implements CommClient {
System.err.println(" -w password");
System.err.println(" -w - (read password from standard input)");
System.err.println(" -y password_file (read password from a file)");
- System.err.println("\nExample: Console -a https://hostname:10021 -l en");
+ System.err.println("\nExample: " + prog_name + " -a https://hostname:10021 -l en");
waitForKeyPress(); // allow the user to read the msg on Win NT
System.exit(0);
}
commit 3de36ec6fc536ea7908b5ae591da1ab7723128ab
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Wed Mar 18 11:54:26 2015 -0700
Bump version to 1.1.10
diff --git a/build.properties b/build.properties
index 005f5eb..e1f0fd0 100755
--- a/build.properties
+++ b/build.properties
@@ -23,7 +23,7 @@ lang=en
console.root=.
console.version=11
-console.dotversion=1.1.9
+console.dotversion=1.1.10
console.dotgenversion=1.1
mcc.core=idm-console-mcc
diff --git a/idm-console-framework.spec b/idm-console-framework.spec
index ee1db2b..fb62347 100755
--- a/idm-console-framework.spec
+++ b/idm-console-framework.spec
@@ -1,5 +1,5 @@
%define major_version 1.1
-%define minor_version 9
+%define minor_version 10
Name: idm-console-framework
Version: %{major_version}.%{minor_version}
commit 2c3430cf3c0e0a3f805fc174a7971bdb0ec4bb45
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Tue Mar 17 13:58:03 2015 -0700
Ticket #48134 - Directory Server Admin Console: plaintext password logged in debug mode
Description: '389-console -D INTEGER' dumps the debug info onto the
screen, which includes clear text passwords. This patch masks them.
Sample output:
DSAdmin.initialize(): _removed=false info=ConsoleInfo(fqdn, 636, adminURL, ***password***, o=NetscapeRoot)
CHANGE PWD TO ***password***
CommManager> New CommRecord (https://fqdn:port/admin-serv/commands/change-sie-password?***password***)
https://fwdn:port/[7:0] accept> https://fwdn:port/admin-serv/commands/change-sie-password?***password***
https://fwdn:port/[7:0] send> /admin-serv/commands/change-sie-password?***password***
https://fwdn:port/admin-serv/commands/change-sie-password?***password*** 0
attributes={userpassword=***password***
DSUtil.getNewAuthentication: new credentials are <cn=Directory Manager> <***password***>
https://fedorahosted.org/389/ticket/48134
Reviewed by rmeggins at redhat.com (Thank you, Rich!!)
diff --git a/src/com/netscape/management/client/util/Debug.java b/src/com/netscape/management/client/util/Debug.java
index e3d0e0c..a133d38 100644
--- a/src/com/netscape/management/client/util/Debug.java
+++ b/src/com/netscape/management/client/util/Debug.java
@@ -486,7 +486,97 @@ public class Debug {
if (_showFlags != 0) {
System.err.println(getEntryPrefix(level) + s);
} else {
- System.err.println(s);
+ // Don't show password even in the debug print
+ // supported patterns
+ // ...ConsoleInfo(fqdn, port, adminDN, password, suffix) ...
+ // ... username=cn=Directory Manager password=password
+ // CHANGE PWD TO new_password
+ // ...change-sie-password?new_password)
+ // ...change-sie-password?new_password
+ // ...change-sie-password?new_password 0
+ // ...new credentials are <cn=Directory Manager> <password>
+ // ... {type='userPassword', values='new_password'} for ...
+ // ... {type='nsslapd-rootpw', values='new_password'}} to ...
+ // ... {type='userpassword', values='password'} ...
+ StringBuilder debugStr = new StringBuilder(s);
+ if (s.contains("ConsoleInfo(")) {
+ // ...ConsoleInfo(fqdn, port, adminDN, password, suffix) ...
+ int start = debugStr.indexOf("ConsoleInfo(");
+ start = debugStr.indexOf(" ", ++start);
+ start = debugStr.indexOf(" ", ++start);
+ start = debugStr.indexOf(" ", ++start);
+ int end = debugStr.indexOf(" ", ++start);
+ if ((start > 0) && (end > 0)) {
+ debugStr.replace(start, end - 1, "***password***");
+ }
+ } else if (s.contains("password=")) {
+ // ... username=cn=Directory Manager password=password
+ int start = debugStr.indexOf("password=");
+ start += 9;
+ int end = debugStr.length();
+ if ((start > 0) && (end > 0)) {
+ debugStr.replace(start, end, "***password***");
+ }
+ } else if (s.contains("CHANGE PWD TO")) {
+ // CHANGE PWD TO new_password
+ int start = debugStr.indexOf("TO");
+ start = debugStr.indexOf(" ", ++start);
+ int end = debugStr.length();
+ if ((start > 0) && (end > 0)) {
+ debugStr.replace(++start, end, "***password***");
+ }
+ } else if (s.contains("change-sie-password?")) {
+ // ...change-sie-password?new_password)
+ // ...change-sie-password?new_password 0
+ // ...change-sie-password?new_password
+ int start = debugStr.indexOf("change-sie-password?");
+ start += 20;
+ int end = debugStr.indexOf(")", start);
+ if ((start > 0) && (end > 0)) {
+ debugStr.replace(start, end, "***password***");
+ } else {
+ end = debugStr.indexOf("0", start);
+ if ((start > 0) && (end > 0)) {
+ end -= 1;
+ debugStr.replace(start, end, "***password***");
+ } else {
+ end = debugStr.length();
+ if (start > 0) {
+ debugStr.replace(start, end, "***password***");
+ }
+ }
+ }
+ } else if (s.contains("new credentials are <")) {
+ // ...new credentials are <cn=Directory Manager> <password>
+ int start = debugStr.indexOf("new credentials are <");
+ start += 21;
+ start = debugStr.indexOf("<", ++start);
+ int end = debugStr.indexOf(">", ++start);
+ if ((start > 0) && (end > 0)) {
+ debugStr.replace(start, end, "***password***");
+ }
+ } else if (s.contains("type='userpassword',") ||
+ s.contains("type='userPassword',")) {
+ // ... {type='userPassword', values='new_password'} for ...
+ // ... {type='userpassword', values='password'} ...
+ int start = debugStr.indexOf("type='user");
+ start += 20;
+ start = debugStr.indexOf("'", start);
+ int end = debugStr.indexOf("'", ++start);
+ if ((start > 0) && (end > 0)) {
+ debugStr.replace(start, end, "***password***");
+ }
+ } else if (s.contains("type='nsslapd-rootpw',")) {
+ // ... {type='nsslapd-rootpw', values='new_password'}} to ...
+ int start = debugStr.indexOf("type='nsslapd-rootpw',");
+ start += 22;
+ start = debugStr.indexOf("'", start);
+ int end = debugStr.indexOf("'", ++start);
+ if ((start > 0) && (end > 0)) {
+ debugStr.replace(start, end, "***password***");
+ }
+ }
+ System.err.println(debugStr);
}
if (_fPrintCallStack) {
commit 2c8b2e62820a73ebf57a3ac71b4d18eb9eb5a935
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Thu Mar 12 14:22:23 2015 -0700
Ticket #48130 - Add "+all" and "-TLS_RSA_WITH_AES_128_GCM_SHA256" to Console Cipher Preference for TLS
Description: Console needs to adjust the cipher settings in nsSSL3Ciphers
(cn=encryption,cn=config) to the server side's SSL updates.
https://fedorahosted.org/389/ticket/48130
Reviewed by rmeggins at redhat.com (Thank you, Rich!!)
diff --git a/idm-console-framework.spec b/idm-console-framework.spec
index 317cb96..ee1db2b 100755
--- a/idm-console-framework.spec
+++ b/idm-console-framework.spec
@@ -1,5 +1,5 @@
%define major_version 1.1
-%define minor_version 7
+%define minor_version 9
Name: idm-console-framework
Version: %{major_version}.%{minor_version}
diff --git a/src/com/netscape/management/client/security/CipherPreferenceDialog.java b/src/com/netscape/management/client/security/CipherPreferenceDialog.java
index bcea776..bf26afc 100644
--- a/src/com/netscape/management/client/security/CipherPreferenceDialog.java
+++ b/src/com/netscape/management/client/security/CipherPreferenceDialog.java
@@ -56,6 +56,7 @@ public class CipherPreferenceDialog extends AbstractDialog {
/*property string */
String aes, rc2, rc4, des, tripleDes, fips, none, v2, v3, tls, export, enabledTitle;
+ String aesGcm, cipherAll;
String sha, md5, fortezza, cipherLabel, bits, msgAlgo, version, title;
@@ -106,6 +107,10 @@ public class CipherPreferenceDialog extends AbstractDialog {
public final static String TLS_RSA_WITH_AES_256_CBC_SHA_AUX = "tls_rsa_aes_256_sha";
public final static String TLS_RSA_WITH_AES_256_CBC_SHA = "rsa_aes_256_sha";
+ /**TLS - TLS_RSA_WITH_AES_128_GCM_SHA256 */
+ public final static String TLS_RSA_WITH_AES_128_GCM_SHA256 = "TLS_RSA_WITH_AES_128_GCM_SHA256";
+ public final static String CIPHERALL = "all";
+
// domestic ssl3 cipher
/**SSL3 Domestic - DES with 56 bit encryption and SHA message authentication*/
public final static String RSA_DES_SHA = "rsa_des_sha";
@@ -253,21 +258,21 @@ public class CipherPreferenceDialog extends AbstractDialog {
public String _sslVersion;
public boolean _export;
public CipherEntry(String cipher,
- boolean enabled,
- String cipherLabel,
- int bits,
- String messageAlgo,
- String sslVersion) {
+ boolean enabled,
+ String cipherLabel,
+ int bits,
+ String messageAlgo,
+ String sslVersion) {
this(cipher, enabled, cipherLabel, bits, messageAlgo, sslVersion, false);
}
public CipherEntry(String cipher,
- boolean enabled,
- String cipherLabel,
- int bits,
- String messageAlgo,
- String sslVersion,
- boolean export) {
+ boolean enabled,
+ String cipherLabel,
+ int bits,
+ String messageAlgo,
+ String sslVersion,
+ boolean export) {
this._cipher = cipher;
this._enabled = new JCheckBox("", enabled);
this._cipherLabel = cipherLabel;
@@ -379,6 +384,9 @@ public class CipherPreferenceDialog extends AbstractDialog {
version = resource.getString("CipherPreferenceDialog", "sslV");
title = resource.getString("CipherPreferenceDialog", "title");
enabledTitle = resource.getString("CipherPreferenceDialog", "enabledTitle");
+
+ aesGcm = resource.getString("CipherPreferenceDialog", "aesgcm");
+ cipherAll = resource.getString("CipherPreferenceDialog", "all");
}
/**
@@ -612,10 +620,14 @@ public class CipherPreferenceDialog extends AbstractDialog {
cipherEntry = new CipherEntry(cipher, true, aes, 256, sha, SSL_V3, false);
} else if (cipher.equals(TLS_RSA_WITH_AES_256_CBC_SHA_AUX)) {
cipherEntry = new CipherEntry(cipher, true, aes, 256, sha, SSL_V3, false);
- } else {
- Debug.println("CipherPreferenceDialog.createCipherEntry(): " +
- "Unknown TLSv1 cipher: " + cipher);
- }
+ } else if (cipher.equals(TLS_RSA_WITH_AES_128_GCM_SHA256)) {
+ cipherEntry = new CipherEntry(cipher, true, aesGcm, 128, sha, SSL_V3, false);
+ } else if (cipher.equals(CIPHERALL)) {
+ cipherEntry = new CipherEntry(cipher, true, cipherAll, 128, sha, SSL_V3, false);
+ } else {
+ Debug.println("CipherPreferenceDialog.createCipherEntry(): " +
+ "Unknown TLSv1 cipher: " + cipher);
+ }
}
if (cipherEntry != null) {
@@ -754,6 +766,7 @@ public class CipherPreferenceDialog extends AbstractDialog {
}
if ((TLSCipherList != null) && (TLSCipherList.length()>0)) {
+ Debug.println("CipherPreferenceDialog.CipherPreferenceDialog(): " + "TLSCipherList: " + TLSCipherList);
tabbedPane.addTab(tls, new SSLCipherPref(SSL_TLS, TLSCipherList));
}
diff --git a/src/com/netscape/management/client/security/securityResource.properties b/src/com/netscape/management/client/security/securityResource.properties
index a6dfd22..b5c9f15 100644
--- a/src/com/netscape/management/client/security/securityResource.properties
+++ b/src/com/netscape/management/client/security/securityResource.properties
@@ -152,6 +152,8 @@ CipherPreferenceDialog-v2Help=admin
CipherPreferenceDialog-v3Help=admin
CipherPreferenceDialog-tlsHelp=admin
+CipherPreferenceDialog-all=ALL
+CipherPreferenceDialog-aesgcm=AES-GCM
# Edit trust dialog
EditTrustDialog-title=Edit Trust:
More information about the Pkg-fedora-ds-maintainers
mailing list