From 5af417033e9cf532856a105a6113825a4d20bbfa Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Oct 14 2014 18:11:23 +0000
Subject: Ticket 201 - nCipher HSM cannot be configured via the console


Bug Description:  Attempting to add the HSM security module libcknfast.so
                  results in a not found error, but using modutil works.

Fix Description:  First new modules must be located in the server instance
                  security directory (symlinks work best).  The next issue
                  is that the admin server needs to use the absolute path
                  to the library in the generated modutil command.

https://fedorahosted.org/389/ticket/201

Reviewed by: nhosoi(Thanks!)

---

diff --git a/admserv/cgi-src40/security.c b/admserv/cgi-src40/security.c
index 3664d70..8575d56 100644
--- a/admserv/cgi-src40/security.c
+++ b/admserv/cgi-src40/security.c
@@ -1992,10 +1992,16 @@ static void moduleOperation(char* op) {
               install_dir,
               securitydir);
     else if (!PORT_Strcmp(filetype, "dll"))
-      PR_snprintf(cmd, sizeof(cmd), "%s -dbdir %s -add \"%s\" -libfile %s -force -nocertdb 2>&1",
+      /*
+       * Since console requires new modules to be located in the security dir,
+       * and be presented as just a filename(no path), we must append the
+       * securitydir to the filename as modutil needs the absolute path.
+       */
+      PR_snprintf(cmd, sizeof(cmd), "%s -dbdir %s -add \"%s\" -libfile %s/%s -force -nocertdb 2>&1",
               binary,
               securitydir,
               dllname,
+              securitydir,
               filename);
 
     else {