From fa79ba174a410571af6206568877f91ccfe9aa8e Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Sep 08 2014 21:09:35 +0000 Subject: Ticket 47891 - Admin Server reconfig breaks SSL config Bug Description: The "reconfigAdminServer" function overwrites the security files which breaks SSL. Fix Description: When doing the "reconfig" operation make a backup of the security files, and restore them at the end of the operation. https://fedorahosted.org/389/ticket/47891 Reviewed by: nhosoi(Thanks!) --- diff --git a/admserv/newinst/src/AdminServer.pm.in b/admserv/newinst/src/AdminServer.pm.in index 7c7b511..a189c66 100644 --- a/admserv/newinst/src/AdminServer.pm.in +++ b/admserv/newinst/src/AdminServer.pm.in @@ -29,6 +29,10 @@ require Exporter; updateSelinuxPolicy); use File::Path; +use File::Copy; + +my $secfile_backup_dir = "/tmp/adm-sec-files." . $$; + # tempfiles use File::Temp qw(tempfile tempdir); @@ -357,6 +361,7 @@ sub registerASWithConfigDS { my @saveconffiles = qw(admserv.conf httpd.conf nss.conf console.conf); my @savesecfiles = qw(cert8.db key3.db secmod.db password.conf); +my @reconfigsavefiles = qw (httpd.conf nss.conf cert8.db key3.db secmod.db password.conf); # update other config files - these are the fields which users typically want to # change during an install or an upgrade, that also must be synced to the Apache @@ -420,14 +425,17 @@ sub updateHttpConfFiles { debug(0, "Error backing up $admConf->{configdir}/console.conf failed: $!"); } } - # backup savefiles for "remove-ds-admin.pl -a" + # backup the savefiles for "remove-ds-admin.pl -a" foreach my $savefile (@saveconffiles, @savesecfiles) { if (! -f "$admConf->{configdir}/bakup/$savefile") { - if (system ("cp -p $admConf->{configdir}/$savefile $admConf->{configdir}/bakup")) { - debug(0, "Error backing up $admConf->{configdir}/$savefile failed: $!"); + if (-e "$admConf->{configdir}/$savefile"){ + if(system ("cp -p $admConf->{configdir}/$savefile $admConf->{configdir}/bakup")) { + debug(0, "Error backing up $admConf->{configdir}/$savefile failed: $!\n"); + } } } } + return 1; } @@ -499,6 +507,42 @@ sub startAdminServer { return 1; } +sub reconfig_backup_secfiles +{ + # + # Backup the security files, because when we reconfigure the admin + # server it overwrites these files and breaks SSL. + # + my $configdir = shift; + + if ( ! -d $secfile_backup_dir){ + mkdir ($secfile_backup_dir, 0755); + } + foreach my $savefile (@reconfigsavefiles) { + if ( -e "$configdir/$savefile"){ + copy ("$configdir/$savefile", "$secfile_backup_dir/$savefile"); + debug(1, "Backing up $configdir/$savefile to $secfile_backup_dir/$savefile\n"); + if (! -e "$secfile_backup_dir/$savefile"){ + debug(0, "Backup file $secfile_backup_dir/$savefile not found, error $!\n"); + } + } + } +} + +sub reconfig_restore_secfiles +{ + # + # Restore security files + # + my $configdir = shift; + + foreach my $savefile (@reconfigsavefiles) { + move ("$secfile_backup_dir/$savefile" ,"$configdir/$savefile"); + debug(1, "Restoring $configdir/$savefile with $secfile_backup_dir/$savefile\n"); + } + rmdir ($secfile_backup_dir); +} + sub createAdminServer { my $setup = shift; my $reconfig = shift; @@ -506,6 +550,7 @@ sub createAdminServer { if ($reconfig) { $setup->msg('begin_reconfig_adminserver'); + reconfig_backup_secfiles($setup->{inf}->{admin}->{config_dir}); } else { $setup->msg('begin_create_adminserver'); } @@ -572,6 +617,11 @@ sub createAdminServer { # Update SELinux policy if needed updateSelinuxPolicy($setup, $configdir, $securitydir, $logdir, $rundir); + # Restore the security files before we start the server + if ($reconfig) { + reconfig_restore_secfiles($setup->{inf}->{admin}->{config_dir}); + } + if (!startAdminServer($setup, $configdir, $logdir, $rundir)) { return 0; }