Index: base/common/src/com/netscape/cms/authentication/TokenAuthentication.java =================================================================== --- base/common/src/com/netscape/cms/authentication/TokenAuthentication.java (revision 2619) +++ base/common/src/com/netscape/cms/authentication/TokenAuthentication.java (working copy) @@ -140,8 +140,14 @@ String sessionId = (String)authCred.get(CRED_SESSION_ID); String givenHost = (String)authCred.get("clientHost"); - String authAdminHost = sconfig.getString("securitydomain.adminhost"); - String authEEHost = sconfig.getString("securitydomain.eehost"); + String authAdminHost = sconfig.getString("securitydomain.adminhost",""); + if( authAdminHost.isEmpty() ) { + authAdminHost = sconfig.getString("securitydomain.host"); + } + String authEEHost = sconfig.getString("securitydomain.eehost",""); + if( authEEHost.isEmpty() ) { + authEEHost = sconfig.getString("securitydomain.host"); + } int authAdminPort = sconfig.getInteger("securitydomain.httpsadminport"); int authEEPort = sconfig.getInteger("securitydomain.httpseeport"); String authAdminURL = "/ca/admin/ca/tokenAuthenticate"; Index: base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java =================================================================== --- base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java (revision 2619) +++ base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java (working copy) @@ -986,20 +986,23 @@ // is using an IP Port Separation Schema: Vector v_hostname = parser.getValuesFromContainer( nodeList.item(i), - "AdminHost" ); + "AdminHost", + true ); if ( v_hostname.isEmpty()) { // No, the Security Domain is using a Port Separation Schema v_hostname = parser.getValuesFromContainer( - nodeList.item(i), "Host" ); + nodeList.item(i), "Host", true ); } Vector v_https_admin_port = parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); + "SecureAdminPort", + true ); Vector v_domain_mgr = parser.getValuesFromContainer( nodeList.item(i), - "DomainManager" ); + "DomainManager", + true ); if( v_hostname.elementAt( 0 ).equals( hostname ) && v_https_admin_port.elementAt( 0 ).equals( Integer.toString(httpsadminport) ) ) { @@ -1064,38 +1067,44 @@ CMS.debug("Len " + len); for (int i = 0; i < len; i++) { Vector v_clone = parser.getValuesFromContainer(nodeList.item(i), - "Clone"); + "Clone", true); String clone = (String)v_clone.elementAt(0); if (clone.equalsIgnoreCase("true")) continue; Vector v_name = parser.getValuesFromContainer(nodeList.item(i), - "SubsystemName"); + "SubsystemName", true); // First, check to see if the Security Domain // is using an IP Port Separation Schema: Vector v_host = null; if( portType.equals( "UnSecurePort" ) ) { v_host = parser.getValuesFromContainer( nodeList.item(i), - "EEHost" ); + "EEHost", + true ); } else if( portType.equals( "SecureAgentPort" ) ) { v_host = parser.getValuesFromContainer( nodeList.item(i), - "AgentHost" ); + "AgentHost", + true ); } else if( portType.equals( "SecurePort" ) ) { v_host = parser.getValuesFromContainer( nodeList.item(i), - "EEHost" ); + "EEHost", + true ); } else if( portType.equals( "SecureAdminPort" ) ) { v_host = parser.getValuesFromContainer( nodeList.item(i), - "AdminHost" ); + "AdminHost", + true ); } else if( portType.equals( "SecureEEClientAuthPort" ) ) { v_host = parser.getValuesFromContainer( nodeList.item(i), - "EEClientAuthHost" ); + "EEClientAuthHost", + true ); } if (v_host.isEmpty()) { // No, the Security Domain is using a Port Separation Schema v_host = parser.getValuesFromContainer( nodeList.item(i), - "Host" ); + "Host", + true ); } Vector v_port = parser.getValuesFromContainer(nodeList.item(i), - portType); + portType, true); v.addElement( v_name.elementAt(0) + " - https://" @@ -1161,41 +1170,47 @@ CMS.debug("Len " + len); for (int i = 0; i < len; i++) { Vector v_name = parser.getValuesFromContainer(nodeList.item(i), - "SubsystemName"); + "SubsystemName", true); // First, check to see if the Security Domain // is using an IP Port Separation Schema: Vector v_host = null; if( portType.equals( "UnSecurePort" ) ) { v_host = parser.getValuesFromContainer( nodeList.item(i), - "EEHost" ); + "EEHost", + true ); } else if( portType.equals( "SecureAgentPort" ) ) { v_host = parser.getValuesFromContainer( nodeList.item(i), - "AgentHost" ); + "AgentHost", + true ); } else if( portType.equals( "SecurePort" ) ) { v_host = parser.getValuesFromContainer( nodeList.item(i), - "EEHost" ); + "EEHost", + true ); } else if( portType.equals( "SecureAdminPort" ) ) { v_host = parser.getValuesFromContainer( nodeList.item(i), - "AdminHost" ); + "AdminHost", + true ); } else if( portType.equals( "SecureEEClientAuthPort" ) ) { v_host = parser.getValuesFromContainer( nodeList.item(i), - "EEClientAuthHost" ); + "EEClientAuthHost", + true ); } if (v_host.isEmpty()) { // No, the Security Domain is using a Port Separation Schema v_host = parser.getValuesFromContainer( nodeList.item(i), - "Host" ); + "Host", + true ); } Vector v_port = parser.getValuesFromContainer(nodeList.item(i), - portType); + portType, true); Vector v_admin_host = parser.getValuesFromContainer( nodeList.item(i), - "AdminHost"); + "AdminHost", true); if (v_admin_host.isEmpty()) { v_admin_host = v_host; } Vector v_admin_port = parser.getValuesFromContainer(nodeList.item(i), - "SecureAdminPort"); + "SecureAdminPort", true); if( ( v_admin_host.elementAt( 0 ).equals( hostname ) ) && ( v_admin_port.elementAt( 0 ).equals( @@ -1252,20 +1267,23 @@ // is using an IP Port Separation Schema: Vector v_hostname = parser.getValuesFromContainer( nodeList.item(i), - "EEHost" ); + "EEHost", + true ); if ( v_hostname.isEmpty()) { // No, the Security Domain is using a Port Separation Schema v_hostname = parser.getValuesFromContainer( - nodeList.item(i), "Host" ); + nodeList.item(i), "Host", true ); } Vector v_https_ee_port = parser.getValuesFromContainer( nodeList.item(i), - "SecurePort" ); + "SecurePort", + true ); Vector v_https_admin_port = parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); + "SecureAdminPort", + true ); if( v_hostname.elementAt( 0 ).equals( hostname ) && v_https_ee_port.elementAt( 0 ).equals( https_ee_port ) ) { @@ -1311,14 +1329,16 @@ // is using an IP Port Separation Schema: Vector v_hostname = parser.getValuesFromContainer( nodeList.item(i), - "EEHost" ); + "EEHost", + true ); Vector v_https_admin_host = parser.getValuesFromContainer( nodeList.item(i), - "AdminHost" ); + "AdminHost", + true ); if (v_hostname.isEmpty()) { // No, the Security Domain is using a Port Separation Schema v_hostname = parser.getValuesFromContainer( - nodeList.item(i), "Host" ); + nodeList.item(i), "Host", true ); } if (v_https_admin_host.isEmpty()) { // No, the Security Domain is using a Port Separation Schema @@ -1327,7 +1347,8 @@ Vector v_https_ee_port = parser.getValuesFromContainer( nodeList.item(i), - "SecurePort" ); + "SecurePort", + true ); if( v_hostname.elementAt( 0 ).equals( hostname ) && v_https_ee_port.elementAt( 0 ).equals( https_ee_port ) ) { @@ -1375,24 +1396,30 @@ for( int i = 0; i < len; i++ ) { Vector v_admin_port = parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); + "SecureAdminPort", + true ); Vector v_port = null; if( portType.equals( "UnSecurePort" ) ) { v_port = parser.getValuesFromContainer( nodeList.item(i), - "UnSecurePort" ); + "UnSecurePort", + true ); } else if( portType.equals( "SecureAgentPort" ) ) { v_port = parser.getValuesFromContainer( nodeList.item(i), - "SecureAgentPort" ); + "SecureAgentPort", + true ); } else if( portType.equals( "SecurePort" ) ) { v_port = parser.getValuesFromContainer( nodeList.item(i), - "SecurePort" ); + "SecurePort", + true ); } else if( portType.equals( "SecureAdminPort" ) ) { v_port = parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); + "SecureAdminPort", + true ); } else if( portType.equals( "SecureEEClientAuthPort" ) ) { v_port = parser.getValuesFromContainer( nodeList.item(i), - "SecureEEClientAuthPort" ); + "SecureEEClientAuthPort", + true ); } if( ( v_port != null ) && @@ -1441,33 +1468,41 @@ for( int i = 0; i < len; i++ ) { Vector v_admin_host = parser.getValuesFromContainer( nodeList.item(i), - "AdminHost" ); + "AdminHost", + true ); if(v_admin_host.isEmpty()) { v_admin_host = parser.getValuesFromContainer( nodeList.item(i), - "Host" ); + "Host", + true ); } Vector v_admin_port = parser.getValuesFromContainer( nodeList.item(i), - "SecureAdminPort" ); + "SecureAdminPort", + true ); Vector v_host = null; if( hostType.equals( "Host" ) ) { v_host = parser.getValuesFromContainer( nodeList.item(i), - "Host" ); + "Host", + true ); } else if( hostType.equals( "AgentHost" ) ) { v_host = parser.getValuesFromContainer( nodeList.item(i), - "AgentHost" ); + "AgentHost", + true ); } else if( hostType.equals( "EEHost" ) ) { v_host = parser.getValuesFromContainer( nodeList.item(i), - "EEHost" ); + "EEHost", + true ); } else if( hostType.equals( "AdminHost" ) ) { v_host = parser.getValuesFromContainer( nodeList.item(i), - "AdminHost" ); + "AdminHost", + true ); } else if( hostType.equals( "EEClientAuthHost" ) ) { v_host = parser.getValuesFromContainer( nodeList.item(i), - "EEClientAuthHost" ); + "EEClientAuthHost", + true ); } if( ( v_admin_host.elementAt( 0 ).equals( hostname ) ) && Index: base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java =================================================================== --- base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java (revision 2619) +++ base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java (working copy) @@ -107,6 +107,34 @@ return status; } + private void add_attributes(String dn, LDAPModificationSet attrs) + throws LDAPException, Exception { + ILdapConnFactory connFactory = null; + LDAPConnection conn = null; + IConfigStore cs = CMS.getConfigStore(); + try { + CMS.debug("UpdateDomainXML: add_attributes - " + + "establishing ldap connection to DN '" + dn + "'"); + IConfigStore ldapConfig = cs.getSubStore("internaldb"); + connFactory = CMS.getLdapBoundConnFactory(); + connFactory.init(ldapConfig); + conn = connFactory.getConn(); + conn.modify(dn, attrs); + } finally { + try { + if ((conn != null) && (connFactory!= null)) { + CMS.debug("UpdateDomainXML: add_attributes - " + + "releasing ldap connection to DN '" + dn + "'"); + connFactory.returnConn(conn); + } + } catch (Exception e) { + CMS.debug("UpdateDomainXML: add_attributes - " + + "error releasing ldap connection to DN '" + + dn + "' - Exception " + e.toString()); + } + } + } + private String remove_attribute(String dn, LDAPModification mod) { CMS.debug("UpdateDomainXML: remove_attribute: starting dn: " + dn); String status = SUCCESS; @@ -127,6 +155,7 @@ CMS.debug("Failed to modify entry" + e.toString()); } } catch (Exception e) { + status = FAILED; CMS.debug("Failed to modify entry" + e.toString()); } finally { try { @@ -350,18 +379,6 @@ if ((eecaport != null) && (!eecaport.equals(""))) { attrs.add(new LDAPAttribute("SecureEEClientAuthPort", eecaport)); } - if ((agenthost != null) && (!agenthost.equals(""))) { - attrs.add(new LDAPAttribute("AgentHost", agenthost)); - } - if ((eehost != null) && (!eehost.equals(""))) { - attrs.add(new LDAPAttribute("EEHost", eehost)); - } - if ((adminhost != null) && (!adminhost.equals(""))) { - attrs.add(new LDAPAttribute("AdminHost", adminhost)); - } - if ((eecahost != null) && (!eecahost.equals(""))) { - attrs.add(new LDAPAttribute("EEClientAuthHost", eecahost)); - } if ((domainmgr != null) && (!domainmgr.equals(""))) { attrs.add(new LDAPAttribute("DomainManager", domainmgr.toUpperCase())); } @@ -422,7 +439,73 @@ } } } else { - status = add_to_ldap(entry, dn); + status = add_to_ldap(entry, dn); + + if (status.equals(SUCCESS)) { + CMS.debug("UpdateDomainXML: " + + "Successfully added PKI Security Domain " + + "attributes to DN '" + dn + "'"); + + // Attempt to modify this LDAP entry by + // trying to add IP Port Separation attributes + LDAPModificationSet mods = null; + mods = new LDAPModificationSet(); + if ((agenthost != null) && (!agenthost.equals(""))) { + mods.add(LDAPModification.ADD, + new LDAPAttribute("AgentHost", agenthost)); + } + if ((eehost != null) && (!eehost.equals(""))) { + mods.add(LDAPModification.ADD, + new LDAPAttribute("EEHost", eehost)); + } + if ((adminhost != null) && (!adminhost.equals(""))) { + mods.add(LDAPModification.ADD, + new LDAPAttribute("AdminHost", adminhost)); + } + if ((eecahost != null) && (!eecahost.equals(""))) { + mods.add(LDAPModification.ADD, + new LDAPAttribute("EEClientAuthHost", + eecahost)); + } + + try { + if (mods.size() > 0) { + add_attributes(dn, mods); + CMS.debug("UpdateDomainXML: " + + "Successfully added " + + "IP Port Separation Security Domain " + + "attributes to DN '" + dn + "'"); + } + } catch (LDAPException e) { + int errorCode = e.getLDAPResultCode(); + if ((errorCode == LDAPException.NO_SUCH_ATTRIBUTE) || + (errorCode == LDAPException.OBJECT_CLASS_VIOLATION)) + { + // ignore this type of error + CMS.debug("UpdateDomainXML: " + + "Unable to add " + + "IP Port Separation Security Domain " + + "attributes to DN '" + dn + + "' (server contains old schema)"); + } else { + e.printStackTrace(); + CMS.debug("UpdateDomainXML: " + + "LDAPException - Failed to add " + + "IP Port Separation Security Domain " + + "attributes to DN '" + dn + "' - " + + e.toString()); + status = FAILED; + } + } catch (Exception e) { + e.printStackTrace(); + CMS.debug("UpdateDomainXML: " + + "Exception - Failed to add " + + "IP Port Separation Security Domain " + + "attributes to DN '" + dn + "' - " + + e.toString()); + status = FAILED; + } + } } } else { @@ -447,9 +530,9 @@ for (int i = 0; i < len; i++) { Node nn = (Node) nodeList.item(i); - Vector v_name = parser.getValuesFromContainer(nn, "SubsystemName"); - Vector v_host = parser.getValuesFromContainer(nn, "Host"); - Vector v_adminport = parser.getValuesFromContainer(nn, "SecureAdminPort"); + Vector v_name = parser.getValuesFromContainer(nn, "SubsystemName", true); + Vector v_host = parser.getValuesFromContainer(nn, "Host", true); + Vector v_adminport = parser.getValuesFromContainer(nn, "SecureAdminPort", true); if ((v_name.elementAt(0).equals(name)) && (v_host.elementAt(0).equals(host)) && (v_adminport.elementAt(0).equals(adminsport))) { Node parent = nn.getParentNode(); Index: base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java =================================================================== --- base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java (revision 2619) +++ base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java (working copy) @@ -151,8 +151,17 @@ CMS.debug("Retrieving config name=" + name); value = config.getString(name); CMS.debug("Retrieving config value=" + value); - if (value.equals("localhost")) + if (value.equals("localhost")) { value = config.getString("adminMachineName", ""); + if( value.isEmpty()) { + value = config.getString("machineName", ""); + if( value.isEmpty()) { + CMS.debug("GetConfigEntries process: " + + "WARNING - sending empty string for " + + name); + } + } + } } catch (Exception ee) { if (name.equals("internaldb.ldapauth.password")) { value = getLDAPPassword(); Index: base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java =================================================================== --- base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java (revision 2619) +++ base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java (working copy) @@ -763,8 +763,6 @@ String cstype = config.getString("preop.subsystem.select", ""); if (cstype.equals("clone")) { CMS.debug("NamePanel: clone configuration detected"); - // still need to handle SSL certificate - configCertWithTag(request, response, context, "sslserver"); String url = getURL(request, config); if (url != null && !url.equals("External CA")) { // preop.ca.url and admin port are required for setting KRA connector @@ -778,6 +776,9 @@ } updateCloneConfig(config); + + // still need to handle SSL certificate + configCertWithTag(request, response, context, "sslserver"); CMS.debug("NamePanel: clone configuration done"); return; } Index: base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java =================================================================== --- base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java (revision 2619) +++ base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java (working copy) @@ -291,6 +291,11 @@ } catch (Exception e) { } + if (hostname == null || hostname.length() == 0) { + cs.putString("preop.database.errorString", "Host is empty string"); + throw new IOException("Host is empty string"); + } + if (select.equals("clone")) { String masterhost = ""; String masterport = ""; @@ -302,26 +307,19 @@ } catch (Exception e) { } - //get the real host name - String realhostname = ""; if (hostname.equals("localhost")) { - try { - realhostname = cs.getString("adminMachineName", ""); - } catch (Exception ee) { - } + cs.putString("preop.database.errorString", + "Use FQDN instead of localhost"); + throw new IOException("Use FQDN instead of localhost"); } - if (masterhost.equals(realhostname) && masterport.equals(portStr)) + + if (masterhost.equals(hostname) && masterport.equals(portStr)) throw new IOException("Master and clone must not share the same internal database"); if (!masterbasedn.equals(basedn)) throw new IOException("Master and clone should have the same base DN"); } - if (hostname == null || hostname.length() == 0) { - cs.putString("preop.database.errorString", "Host is empty string"); - throw new IOException("Host is empty string"); - } - if (portStr != null && portStr.length() > 0) { int port = -1; Index: base/util/src/com/netscape/cmsutil/xml/XMLObject.java =================================================================== --- base/util/src/com/netscape/cmsutil/xml/XMLObject.java (revision 2619) +++ base/util/src/com/netscape/cmsutil/xml/XMLObject.java (working copy) @@ -122,12 +122,17 @@ } public Vector getValuesFromContainer(Node container, String tagname) { + return getValuesFromContainer(container, tagname, false); + } + + public Vector getValuesFromContainer(Node container, String tagname, boolean ignoreCase) { Vector v = new Vector(); NodeList c = container.getChildNodes(); int len = c.getLength(); for (int i=0; i 0) { Node grandchild = grandchildren.item(0);