If htmladmin fails to connect to the server, the cgi could crash.

(cherry picked from commit 2076085457)
(cherry picked from commit 5d453d2dae)
(cherry picked from commit fcc6e05c61)
(cherry picked from commit d9a6d80350)

.gitignore

@@ -0,0 +1,19 @@
+*~
+389-admin-1.1.12.tar.bz2
+/389-admin-1.1.13.tar.bz2
+/389-admin-1.1.14.tar.bz2
+/389-admin-1.1.15.tar.bz2
+/389-admin-1.1.16.tar.bz2
+/389-admin-1.1.17.tar.bz2
+/389-admin-1.1.18.tar.bz2
+/389-admin-1.1.19.tar.bz2
+/389-admin-1.1.20.tar.bz2
+/389-admin-1.1.21.tar.bz2
+/389-admin-1.1.22.tar.bz2
+/389-admin-1.1.23.tar.bz2
+/389-admin-1.1.24.tar.bz2
+/389-admin-1.1.25.tar.bz2
+/389-admin-1.1.26.tar.bz2
+/389-admin-1.1.27.tar.bz2
+/389-admin-1.1.28.tar.bz2
+/389-admin-1.1.29.tar.bz2

389-admin-git-local.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+DATE=`date +%Y%m%d`
+VERSION=1.1.29
+PKGNAME=389-admin
+TAG=${TAG:-$PKGNAME-$VERSION}
+SRCNAME=${PKGNAME}-${VERSION}
+echo you must be in the admin server git repo to use this
+test -d .git || {
+echo bye ; exit 1
+}
+if [ -z "$1" ] ; then
+	dir=.
+else
+	dir="$1"
+fi
+git archive --prefix=$SRCNAME/ $TAG | bzip2 > $dir/$SRCNAME.tar.bz2

389-admin-git.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+DATE=`date +%Y%m%d`
+VERSION=1.1.29
+PKGNAME=389-admin
+#SRCNAME=$PKGNAME-$VERSION-$DATE
+SRCNAME=$PKGNAME-$VERSION
+TAG=${PKGNAME}-${VERSION}
+URL="http://git.fedorahosted.org/git/?p=389/admin.git;a=snapshot;h=$TAG;sf=tgz"
+
+wget -O $SRCNAME.tar.gz "$URL"
+
+echo convert tgz format to tar.bz2 format
+
+gunzip $PKGNAME-$VERSION.tar.gz
+bzip2 $PKGNAME-$VERSION.tar

389-admin.spec

@@ -0,0 +1,529 @@
+%global pkgname   dirsrv
+# for a pre-release, define the prerel field - comment out for official release
+# % global prerel .a1
+# also need the relprefix 0. field for a pre-release - also comment out for official release
+# % global relprefix 0.
+
+%global selinux_variants strict targeted
+
+Summary:          389 Administration Server (admin)
+Name:             389-admin
+Version:          1.1.29
+Release:          %{?relprefix}1%{?prerel}%{?dist}
+License:          GPLv2 and ASL 2.0
+URL:              http://port389.org/
+Group:            System Environment/Daemons
+BuildRoot:        %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Provides:         fedora-ds-admin = %{version}-%{release}
+Obsoletes:        fedora-ds-admin < 1.1.8-1
+Obsoletes:        %{name}-selinux
+
+BuildRequires:    nspr-devel
+BuildRequires:    nss-devel
+BuildRequires:    svrcore-devel
+BuildRequires:    mozldap-devel
+BuildRequires:    cyrus-sasl-devel
+BuildRequires:    icu
+BuildRequires:    libicu-devel
+BuildRequires:    httpd-devel
+BuildRequires:    apr-devel
+BuildRequires:    mod_nss
+BuildRequires:    389-adminutil-devel
+
+# The following are needed to build the SELinux policy
+BuildRequires:    checkpolicy
+BuildRequires:    selinux-policy-devel
+BuildRequires:    /usr/share/selinux/devel/Makefile
+BuildRequires:    389-ds-base-selinux-devel
+
+Requires:         389-ds-base
+Requires:         mod_nss
+
+# this is needed for using semanage from our setup scripts
+Requires:         policycoreutils
+
+# this is needed to load and unload the policy module
+Requires(post):         policycoreutils
+Requires(preun):        policycoreutils
+Requires(postun):       policycoreutils
+
+# the following are needed for some of our scripts
+Requires:         perl-Mozilla-LDAP
+Requires:         nss-tools
+
+# for the init script
+Requires(post): /sbin/chkconfig
+Requires(preun): /sbin/chkconfig
+Requires(preun): /sbin/service
+
+Source0:          http://port389.org/sources/%{name}-%{version}%{?prerel}.tar.bz2
+# 389-admin-git.sh should be used to generate the source tarball from git
+Source1:          %{name}-git.sh
+Patch1:           selinux-policy.patch
+
+%description
+389 Administration Server is an HTTP agent that provides management features
+for 389 Directory Server.  It provides some management web apps that can
+be used through a web browser.  It provides the authentication, access control,
+and CGI utilities used by the console.
+
+%prep
+%setup -q -n %{name}-%{version}%{?prerel}
+%patch1
+
+%build
+%configure --disable-rpath --with-selinux --enable-service
+
+# Generate symbolic info for debuggers
+export XCFLAGS=$RPM_OPT_FLAGS
+
+%ifarch x86_64 ppc64 ia64 s390x sparc64
+export USE_64=1
+%endif
+
+make %{?_smp_mflags}
+
+# Build the SELinux policy module for each variant
+cd selinux-built
+cp %{_datadir}/%{pkgname}-selinux/%{pkgname}.if .
+cp %{_datadir}/%{pkgname}-selinux/%{pkgname}.te .
+for selinuxvariant in %{selinux_variants}
+do
+  make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile
+  mv %{pkgname}-admin.pp %{pkgname}-admin.pp.${selinuxvariant}
+  make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean
+done
+cd -
+
+%install
+rm -rf $RPM_BUILD_ROOT 
+
+make DESTDIR="$RPM_BUILD_ROOT" install
+
+# make console jars directory
+mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{pkgname}/html/java
+
+#remove libtool and static libs
+rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
+rm -f $RPM_BUILD_ROOT%{_libdir}/*.so
+rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
+rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/modules/*.a
+rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/modules/*.la
+
+# Install the SELinux policy
+cd selinux-built
+for selinuxvariant in %{selinux_variants}
+do
+  install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
+  install -p -m 644 %{pkgname}-admin.pp.${selinuxvariant} \
+    %{buildroot}%{_datadir}/selinux/${selinuxvariant}/%{pkgname}-admin.pp
+done
+cd -
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%pre -p <lua>
+-- save ownership/permissions on the dirs/files that rpm changes
+-- if these don't exist, the vars will be nil
+%{pkgname}admin_adminserv = posix.stat('%{_sysconfdir}/%{pkgname}/admin-serv')
+%{pkgname}admin_consoleconf = posix.stat('%{_sysconfdir}/%{pkgname}/admin-serv/console.conf')
+-- save the run level configuration, if any
+rc = os.execute('rpm --quiet -q fedora-ds-admin')
+if rc == 0 then
+    %{pkgname}admin_exists = true
+    %{pkgname}admin_savelinks = {}
+    for dir in posix.files("%{_sysconfdir}/rc.d") do
+        if string.find(dir, "rc%d.d") then
+--          print("looking in %{_sysconfdir}/rc.d/"..dir)
+            for link in posix.files("%{_sysconfdir}/rc.d/"..dir) do
+                if string.find(link, "[SK]%d%d%{pkgname}-admin") then
+                    fullname = "%{_sysconfdir}/rc.d/"..dir.."/"..link
+                    linked = posix.readlink(fullname)
+--                  print(fullname.." is linked to "..linked)
+                    %{pkgname}_savelinks[fullname] = linked
+                end
+            end
+        end
+    end
+end
+
+%post -p <lua>
+-- do the usual daemon post setup stuff
+os.execute('/sbin/chkconfig --add %{pkgname}-admin')
+os.execute('/sbin/ldconfig')
+-- restore permissions if upgrading
+if %{pkgname}admin_adminserv then
+    posix.chmod('%{_sysconfdir}/%{pkgname}/admin-serv', %{pkgname}admin_adminserv.mode)
+    posix.chown('%{_sysconfdir}/%{pkgname}/admin-serv', %{pkgname}admin_adminserv.uid, %{pkgname}admin_adminserv.gid)
+end
+if %{pkgname}admin_consoleconf then
+    posix.chmod('%{_sysconfdir}/%{pkgname}/admin-serv/console.conf', %{pkgname}admin_consoleconf.mode)
+    posix.chown('%{_sysconfdir}/%{pkgname}/admin-serv/console.conf', %{pkgname}admin_consoleconf.uid, %{pkgname}admin_consoleconf.gid)
+end
+-- load the selinux policy module
+variants = "%{selinux_variants}"
+for selinuxvariant in string.gfind(variants, "%a+") do
+  os.execute('semodule -s '..selinuxvariant..' -i %{_datadir}/selinux/'..selinuxvariant..'/%{pkgname}-admin.pp > /dev/null 2>&1')
+end
+-- label the files installed by this package
+os.execute('fixfiles -R %{name} restore > /dev/null 2>&1')
+
+%preun
+if [ $1 = 0 ]; then
+        /sbin/service %{pkgname}-admin stop >/dev/null 2>&1 || :
+        /sbin/chkconfig --del %{pkgname}-admin
+        for selinuxvariant in %{selinux_variants}
+        do
+          semodule -s ${selinuxvariant} -r %{pkgname}-admin 2>/dev/null || :
+        done
+fi
+
+%postun
+/sbin/ldconfig
+if [ "$1" -ge "1" ]; then # Upgrade
+for selinuxvariant in %{selinux_variants}
+do
+  semodule -s ${selinuxvariant} -i %{_datadir}/selinux/${selinuxvariant}/%{pkgname}-admin.pp 2>/dev/null || :
+done
+fi
+
+%posttrans -p <lua>
+-- if we saved the run level configuration in %pre, restore it now
+-- we can get rid of this code once Fedora 11 becomes obsolete
+if %{pkgname}admin_savelinks then
+    for fullpath,link in pairs(%{pkgname}admin_savelinks) do
+        posix.symlink(link,fullpath)
+--        print("posttrans - restored run level "..fullpath.." to "..link)
+    end
+end
+if %{pkgname}admin_exists then
+    os.execute('/sbin/service %{pkgname}-admin start >/dev/null 2>&1')
+end
+
+
+%files
+%defattr(-,root,root,-)
+%doc LICENSE
+%dir %{_sysconfdir}/%{pkgname}/admin-serv
+%config(noreplace)%{_sysconfdir}/%{pkgname}/admin-serv/*.conf
+%{_datadir}/%{pkgname}
+%{_datadir}/selinux/*/%{pkgname}-admin.pp
+%{_sysconfdir}/rc.d/init.d/%{pkgname}-admin
+%config(noreplace)%{_sysconfdir}/sysconfig/%{pkgname}-admin
+%{_sbindir}/*
+%{_libdir}/*.so.*
+%{_libdir}/%{pkgname}
+%{_mandir}/man8/*
+
+%changelog
+* Tue Mar 27 2012 Rich Megginson <rmeggins@redhat.com> - 1.1.29-1
+- 4ec23c0 If htmladmin fails to connect to the server, the cgi could crash.
+
+* Thu Mar 22 2012 Rich Megginson <rmeggins@redhat.com> - 1.1.28-1
+- Ticket #307 - htmladmin keeps segfaulting
+- Ticket #286 - compilation fixes for 'format-security'
+
+* Fri Feb  3 2012 Rich Megginson <rmeggins@redhat.com> - 1.1.27-1
+- Ticket #281 - TLS not working with latest openldap
+- Ticket #161 - Review and address latest Coverity issues
+
+* Wed Jan 25 2012 Rich Megginson <rmeggins@redhat.com> - 1.1.26-1
+- Bug 767823 - selinux: need to allow admin server to connect to ldap port
+
+* Fri Oct 28 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.25-1
+- Bug 740959 - 389-console put CA certificates into wrong database
+
+* Wed Sep 21 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.24-1
+- Bug 695741 - Providing native systemd file
+
+* Thu Aug 11 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.23-1
+- Bug 730079 - Update SELinux policy during upgrades
+
+* Thu Aug 11 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.22-1
+- Bug 724808 - startup CGIs write temp file to /
+- add man pages for ds_removal and ds_unregister
+- fixes for the makeUpgradeTar.sh script
+
+* Tue Aug  2 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.21-1
+- Bug 476925 - Admin Server: Do not allow 8-bit passwords for the admin user
+
+* Tue Jul  5 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.20-1
+- Bug 719056 - migrate-ds-admin.pl needs to update SELinux policy
+- Bug 718285 - AdminServer should use "service" command instead of start/stop/restart scripts
+- Bug 718079 - Perl errors when running migrate-ds-admin.pl
+- Bug 713000 - Migration stops if old admin server cannot be stopped
+- added tests for the security cgi
+- fix typo in NSS_Shutdown warning message
+- better NSS error handling - reduce memory leaks
+- Bug 710372 - Not able to open the Manage Certificate from DS-console
+
+* Tue Jun 28 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.19-1
+- look for separate openldap ldif library
+
+* Tue Jun 21 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.18-1
+- skip rebranding current brand
+- support for skins
+
+* Fri May 13 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.17-1
+- 1.1.17
+- support "in-place" upgrade and rebranding from Red Hat to 389
+- many fixes for coverity issues
+
+* Tue Mar 29 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.16-1
+- 389-admin-1.1.16
+- Bug 476925 - Admin Server: Do not allow 8-bit passwords for the admin user
+- Bug 614690 - Don't use exec to call genrb
+- Bug 158926 - Unable to install CA certificate when using
+-     hardware token ( LunaSA )
+- Bug 211296 - Clean up all HTML pages (Admin Express, Repl Monitor, etc)
+
+* Wed Feb 23 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.15-1
+- 1.1.15 release - git tag 389-admin-1.1.15
+- Bug 493424 - remove unneeded modules for admin server apache config
+- Bug 618897 - Wrong permissions when creating instance from Console
+- Bug 672468 - Don't use empty path elements in LD_LIBRARY_PATH
+- Bug 245278 - Changing to a password with a single quote does not work
+- Bug 604881 - admin server log files have incorrect permissions/ownerships
+- Bug 387981 - plain files can be chosen on the Restore Directory dialog
+- Bug 668950 - Add posix group support to Console
+- Bug 618858 - move start-ds-admin env file into main admin server config path
+- Bug 616260 - libds-admin-serv linking fails due to unresolved link-time depe
+ndencies
+- start-ds-admin.in -- replaced "return 1" with "exit 1"
+- Bug 151705 - Need to update Console Cipher Preferences with new ciphers
+- Bug 470576 - Migration could do addition checks before commiting actions
+
+* Wed Jan  5 2011 Rich Megginson <rmeggins@redhat.com> - 1.1.14-1
+- 1.1.14 release
+- Bug 664671 - Admin server segfault when full SSL access (http+ldap+console) 
+required
+- Bug 638511 - dirsrv-admin crashes at startup with SELinux enabled
+
+* Tue Nov 23 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.13-1
+- This is the final 1.1.13 release
+- git tag 389-admin-1.1.13
+- Bug 656441 - Missing library path entry causes LD_PRELOAD error
+- setup-ds-admin.pl -u exits with ServerAdminID and as_uid related error
+
+* Fri Nov 19 2010 Nathan Kinder <nkinder@redhat.com> - 1.1.12-1
+- This is the final 1.1.12 release
+- git tag 389-admin-1.1.12
+
+* Tue Oct 26 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.12-0.2.a2
+- fix mozldap build breakage
+
+* Tue Sep 28 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.12-0.1.a1
+- This is the 1.1.12 alpha 1 release - with openldap support
+
+* Thu Aug 26 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-1
+- This is the final 1.1.11 release
+
+* Wed Aug  4 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-0.6.rc2
+- 1.1.11.rc2 release
+- git tag 389-admin-1.1.11.rc2
+- Bug 594745 - Get rid of dirsrv_lib_t label
+
+* Wed Jun  9 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-0.5.rc1
+- 1.1.11.rc1 release
+
+* Wed May 26 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11-0.4.a4
+- 1.1.11.a4 release
+
+* Tue Apr  7 2010 Nathan Kinder <nkinder@redhat.com> - 1.1.11-0.3.a3
+- 1.1.11.a3 release
+- Bug 570912 - dirsrv-admin SELinux module fails to install
+- Change parsing of start-slapd for instance name
+- Bug 574233 - Updated requirements for selinux policy
+- Moved selinux subpackage into base package
+
+* Fri Feb 26 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.11.a2-0.2
+- the 1.1.11.a2 release
+- Bug 460162 - FedoraDS "with-FHS" installs init.d StartupScript in wrong location
+- Bug 460209 - Correct configure help message
+- Bug 560827 - Admin Server: DistinguishName validation fails
+- Make check for threaded httpd work with Apache 2.0
+
+* Thu Jan 21 2010 Nathan Kinder <nkinder@redhat.com> - 1.1.11.a1-0.1
+- the 1.1.11.a1 release
+- added SELinux subpackage
+
+* Wed Jan 20 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.10-1
+- the 1.1.10 release
+- allow server to run unconfined if not built with selinux support
+
+* Thu Jan 14 2010 Rich Megginson <rmeggins@redhat.com> - 1.1.10.a3-0.3
+- the 1.1.10.a3 release
+- make sure we can find ICU genrb on all platforms
+
+* Fri Dec 18 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.10.a2-0.2
+- the 1.1.10.a2 release
+- fix problem with genrb path on F-12 and later
+
+* Thu Oct  8 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.10.a1-1
+- the 1.1.10.a1 release
+
+* Mon Sep 14 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.9-1
+- the 1.1.9 release
+
+* Tue Aug 25 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.8-6
+- rewrite perm/owner preservation code to use lua
+
+* Wed Aug 12 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.8-5
+- final rebuild for 1.1.8 release
+
+* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.8-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Tue Jul 21 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.8-3
+- bump rev for final rebuild
+
+* Tue Jul 21 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.8-2
+- change adminutil to 389-adminutil
+
+* Thu Jun 18 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.8-1
+- bump version to 1.1.8
+- change license to GPLv2 + ASL 2.0
+- changed files that were incorrectly licensed as GPLv2+ to plain GPLv2
+
+* Wed May 13 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.7-5
+- rename to 389
+
+* Thu Apr  9 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.7-4
+- Resolves: bug 493424
+- Description: dirsrv-admin initscript looks for nonexistent library
+- Added patch to remove those modules from the httpd.conf
+
+* Wed Apr  8 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.7-3
+- Resolves: bug 494980
+- Description: setup-ds-admin.pl -u and silent setup complain about ServerIpAddress
+- CVS tag FedoraDirSrvAdmin_1_1_7_RC3 FedoraDirSrvAdmin_1_1_7_RC3_20090408
+
+* Fri Apr  3 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.7-2
+- Resolves: bug 493989
+- Description: Admin Server: valgrind invalid read in security.c when installing CRL
+
+* Tue Mar 31 2009 Rich Megginson <rmeggins@redhat.com> - 1.1.7-1
+- this is the 1.1.7 release
+- added man pages for setup, migration, remove commands
+- better error handling for command line utilities
+- fixed remove from console
+- added remove-ds-admin.pl
+- added pre and post sections in order to preserve the permissions and ownerships
+- CVS tag FedoraDirSrvAdmin_1_1_7_RC1 FedoraDirSrvAdmin_1_1_7_RC1_20090331
+
+* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Mon Sep 15 2008 Rich Megginson <rmeggins@redhat.com> - 1.1.6-2
+- patch for bug 451702 not required anymore - in upstream now
+
+* Wed Jul  2 2008 Rich Megginson <rmeggins@redhat.com> - 1.1.6-1
+- add patch for bug 451702
+- The 1.1.6 release
+
+* Fri Jun  6 2008 Rich Megginson <rmeggins@redhat.com> - 1.1.5-1
+- Resolves: Bug 448366
+- genrb no longer supports -p option
+
+* Tue Apr 15 2008 Rich Megginson <rmeggins@redhat.com> - 1.1.4-1
+- Resolves: Bug 437301
+- Directory Server: shell command injection in CGI replication monitor
+- Fix: rewrite the perl script to ignore all input parameters - replmon.conf
+- file will have to be hard coded to be in the admin-serv directory
+- Resolves: Bug 437320
+- Directory Server: unrestricted access to CGI scripts
+- Fix: remove script alias for /bin/admin/admin/bin/
+
+* Wed Jan  9 2008 Rich Megginson <rmeggins@redhat.com> - 1.1.2-1
+- Fix issues associated with Fedora pkg review bug 249548
+
+* Tue Dec 11 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.1-1
+- this is the final GA candidate
+
+* Tue Nov  6 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.16
+- fix several beta blocker issues
+
+* Mon Oct 15 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.15
+- fix bogus dist macro
+- change mozldap6 to mozldap
+
+* Thu Oct 11 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.14
+- make admin server work with SELinux enabled
+- fix wording errors in setup
+
+* Mon Oct  8 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.13
+- added /etc/sysconfig/dirsrv-admin the file that allows you to set
+- the environment used to start up the admin server (e.g. keytab, ulimit, etc.)
+- the initscript and admin start script use this file now
+- This version also has a fix to print the correct error message if the admin
+- server cannot be contacted during setup or migration.
+
+* Thu Sep 27 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.12
+- fix a couple of migration issues, including the rpath $libdir problem
+- allow ds_remove from console to remove instances
+
+* Wed Sep 19 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.11
+- one line fix to fix of 295001 - console.conf clobbered
+
+* Tue Sep 18 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.10
+- fixed migration issue bugzilla 295001 - console.conf clobbered
+
+* Fri Sep 14 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.9
+- fix several more migration problems
+
+* Fri Sep 14 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.8
+- fix migration - servers are started as they are migrated now
+
+* Tue Aug 21 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.7
+- Fix the with-fhs-opt configure flag
+
+* Fri Aug 17 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.6
+- remove curses
+- make mod_admserv link against sasl
+- add the usual .m4 files to mod_admserv instead of having all of
+- the component logic in configure.in
+
+* Thu Aug 16 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.5
+- incorporate Noriko's migration fix
+
+* Wed Aug 15 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.4
+- address several migration issues
+
+* Mon Aug 13 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.3
+- there is no devel package, so remove unused .so files
+
+* Mon Aug 13 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.2
+- forgot to tag the modules
+
+* Fri Aug 10 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-1.1
+- get rid of cvsdate
+- use pkgname of dirsrv for filesystem path naming
+- get rid of devel package
+- simplify files section
+
+* Fri Aug 10 2007 Noriko Hosoi <nhosoi@redhat.com> - 1.1.0-0.3.20070810
+- updated to latest sources
+- upgraded the mozldap6 version to 6.0.4
+
+* Wed Aug  8 2007 Noriko Hosoi <nhosoi@redhat.com> - 1.1.0-0.2.20070808
+- updated to latest sources -- bug fixes in the setup scripts
+
+* Mon Aug  6 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-0.1.20070806
+- updated to latest sources
+
+* Thu Aug  2 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-0.4.20070802
+- There are no files in bindir anymore
+
+* Thu Aug  2 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-0.3.20070802
+- forgot to prepend build root to java dir creation
+
+* Thu Aug  2 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-0.2.20070802
+- forgot to add mod_admserv and mod_restartd to source
+
+* Thu Aug  2 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-0.1.20070802
+- updated to latest sources - fix build breakage
+- add console jars dir under html
+
+* Mon Jul 23 2007 Rich Megginson <rmeggins@redhat.com> - 1.1.0-0.1.20070725
+- Initial version based on fedora-ds-base.spec

dead.package

@@ -1 +0,0 @@
-Retiring 389-admin as its been replaced by Cockpit UI plugin

selinux-policy.patch

@@ -0,0 +1,31 @@
+--- selinux/dirsrv-admin.if	2010-01-20 10:39:35.765329723 -0800
++++ selinux/dirsrv-admin.if	2010-01-20 11:15:09.351304364 -0800
+@@ -25,7 +25,6 @@
+ 
+ 	files_exec_usr_files(httpd_t)
+ 	files_manage_generic_tmp_files(httpd_t)
+-	userdom_rw_user_tmp_files(httpd_t)
+ 	corenet_tcp_connect_generic_port(httpd_t)
+ 
+ 	# Strict policy
+@@ -81,7 +80,7 @@
+ 
+ 	# Allow dirsrv to interact with CGIs
+ 	allow dirsrv_t httpd_dirsrvadmin_script_t:unix_stream_socket { read write };
+-	allow dirsrv_t dirsrvadmin_tmp_t:file write;
++	allow dirsrv_t httpd_dirsrvadmin_script_rw_t:file write;
+ 
+ 	# Allow dirsrv domain to interact with httpd
+ 	allow dirsrv_t httpd_t:fifo_file { write read };
+--- selinux/dirsrv-admin.te	2009-10-22 14:27:21.228545844 -0700
++++ selinux/dirsrv-admin.te	2009-10-22 14:27:36.348546152 -0700
+@@ -113,9 +113,6 @@
+ # The CGI scripts must be able to manage dirsrv-admin
+ dirsrvadmin_run_exec(httpd_dirsrvadmin_script_t)
+ dirsrvadmin_manage_config(httpd_dirsrvadmin_script_t)
+-manage_files_pattern(httpd_dirsrvadmin_script_t, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
+-manage_dirs_pattern(httpd_dirsrvadmin_script_t, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
+-files_tmp_filetrans(httpd_dirsrvadmin_script_t, dirsrvadmin_tmp_t, { file dir })
+ 
+ # The CGI scripts must be able to manage the dirsrv
+ dirsrv_domtrans(httpd_dirsrvadmin_script_t)

sources

@@ -0,0 +1 @@
+4bda83e9f5644e0bd25fdf7b6ce9e5ee  389-admin-1.1.29.tar.bz2