From 894e5b9a64c2edaea6f1a1ef089015a1920169df Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Jan 20 2015 21:27:44 +0000
Subject: Ticket 47891 - Admin Server reconfig breaks SSL config


Description:
1) Use mkdtemp to reduce the risk to disclose the sec file backup
   location that is in the same file system as the original files
   exist.
2) reconfig_backup_secfiles and reconfig_restore_secfiles expect
   the admin config dir, e.g., "/etc/dirsrv/admin-serv" or the dir
   specified by the environment variable.
3) Update (--update) did not call reconfig_restore_secfiles in which
   restores and delete the backup dir.
4) If creating or accessing the sec backup dir fails, it issues a
   fatal error and quits the reconfiguration.

https://fedorahosted.org/389/ticket/47891

Reviewed by rmeggins@redhat.com (Thank you, Rich!!)

---

diff --git a/admserv/newinst/src/AdminServer.pm.in b/admserv/newinst/src/AdminServer.pm.in
index a189c66..0c98a6e 100644
--- a/admserv/newinst/src/AdminServer.pm.in
+++ b/admserv/newinst/src/AdminServer.pm.in
@@ -30,8 +30,11 @@ require Exporter;
 
 use File::Path;
 use File::Copy;
+use File::Basename;
+use File::Temp;
 
-my $secfile_backup_dir = "/tmp/adm-sec-files." . $$;
+my $template_backup_dir = "tmpdirXXXX";
+my $secfile_backup_dir = "";
 
 # tempfiles
 use File::Temp qw(tempfile tempdir);
@@ -515,8 +518,12 @@ sub reconfig_backup_secfiles
     #
     my $configdir = shift;
 
+    my $dirname = dirname $configdir;
+    my $my_template_backup_dir = $dirname . "/" . $template_backup_dir;
+    $secfile_backup_dir = mkdtemp($my_template_backup_dir);
     if ( ! -d $secfile_backup_dir){
-        mkdir ($secfile_backup_dir, 0755);
+        $setup->msg($FATAL, 'error_creating_secfile_backup', $secfile_backup_dir, $!);
+        return 0;
     }
     foreach my $savefile (@reconfigsavefiles) {
         if ( -e "$configdir/$savefile"){
@@ -527,6 +534,7 @@ sub reconfig_backup_secfiles
             }
         }
     }
+    return 1;
 }
 
 sub reconfig_restore_secfiles
@@ -536,11 +544,16 @@ sub reconfig_restore_secfiles
     #
     my $configdir = shift;
 
+    if ( ! -d $secfile_backup_dir){
+        $setup->msg($FATAL, 'error_accessing_secfile_backup', $secfile_backup_dir);
+        return 0;
+    }
     foreach my $savefile (@reconfigsavefiles) {
         move ("$secfile_backup_dir/$savefile" ,"$configdir/$savefile");
         debug(1, "Restoring $configdir/$savefile with $secfile_backup_dir/$savefile\n");
     }
     rmdir ($secfile_backup_dir);
+    return 1;
 }
 
 sub createAdminServer {
@@ -548,13 +561,6 @@ sub createAdminServer {
     my $reconfig = shift;
     # setup has inf, res, and log
 
-    if ($reconfig) {
-        $setup->msg('begin_reconfig_adminserver');
-        reconfig_backup_secfiles($setup->{inf}->{admin}->{config_dir});
-    } else {
-        $setup->msg('begin_create_adminserver');
-    }
-
     if (!setDefaults($setup)) {
         return 0;
     }
@@ -578,6 +584,15 @@ sub createAdminServer {
         $ENV{ADMSERV_PID_DIR} ||
         "@piddir@";
 
+    if ($reconfig) {
+        $setup->msg('begin_reconfig_adminserver');
+        if (!reconfig_backup_secfiles($configdir)) {
+            return 0;
+        }
+    } else {
+        $setup->msg('begin_create_adminserver');
+    }
+
     # if we're just doing the update, just register and return
     if ($setup->{update}) {
         if (!registerASWithConfigDS($setup, $configdir)) {
@@ -587,6 +602,13 @@ sub createAdminServer {
         # Update SELinux policy if needed
         updateSelinuxPolicy($setup, $configdir, $securitydir, $logdir, $rundir);
 
+        # Restore the security files before we start the server
+        if ($reconfig) {
+            if (!reconfig_restore_secfiles($configdir)) {
+                return 0;
+            }
+        }
+
         return 1;
     }
 
@@ -619,7 +641,9 @@ sub createAdminServer {
     
     # Restore the security files before we start the server
     if ($reconfig) {
-        reconfig_restore_secfiles($setup->{inf}->{admin}->{config_dir});
+        if (!reconfig_restore_secfiles($configdir)) {
+            return 0;
+        }
     }
 
     if (!startAdminServer($setup, $configdir, $logdir, $rundir)) {
diff --git a/admserv/newinst/src/setup-ds-admin.res.in b/admserv/newinst/src/setup-ds-admin.res.in
index e83d045..b03bc0c 100644
--- a/admserv/newinst/src/setup-ds-admin.res.in
+++ b/admserv/newinst/src/setup-ds-admin.res.in
@@ -161,3 +161,5 @@ error_removing_port_label = Error: could not remove selinux label from port '%s'
 error_product_already_exists = Error: the product %s already exists.\
 If you want to delete this entry and force the conversion of the older\
 product, run this program again with the --force option.\n\n
+error_creating_secfile_backup = Could not create temporary directory %s to backup security files.  Error: %s\n
+error_accessing_secfile_backup = Could not access temporary directory %s to restore security files.\n