Blame SOURCES/pki-core-rhel-7-9-rhcs-9-7-bu-6.0.patch

bdfa3c
From 54a1664ddd7b6b2a8b2a0c7f0eec403507c246c1 Mon Sep 17 00:00:00 2001
bdfa3c
From: Jack Magne <jmagne@test.host.com>
bdfa3c
Date: Thu, 15 Apr 2021 18:42:31 -0400
bdfa3c
Subject: [PATCH 1/2] pkispawn fails against 389-ds 1.4.3.19 #3458 (#3465)
bdfa3c
bdfa3c
    Add suggested patch from stanislavlevin to solve this issue.
bdfa3c
    Also add f34 to the ipa tests,this time really add the tests.
bdfa3c
    Upon further review, back out of f34 tests until the infractructure
bdfa3c
    supports it.
bdfa3c
bdfa3c
    Also hardcode tomcat app setting in spec file for the moment to
bdfa3c
    avoid possible glitches on certain platform.
bdfa3c
bdfa3c
    Co-authored-by: Jack Magne <jmagne@localhost.localdomain>
bdfa3c
bdfa3c
(cherry picked from commit 9e1ef2557403d1a5117858322af0ae7fc1f4fd44)
bdfa3c
---
bdfa3c
 .../src/com/netscape/cmscore/apps/CMSEngine.java     | 20 +++++++++-----------
bdfa3c
 1 file changed, 9 insertions(+), 11 deletions(-)
bdfa3c
bdfa3c
diff --git a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java
bdfa3c
index 08e6f8d..db341d5 100644
bdfa3c
--- a/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java
bdfa3c
+++ b/base/server/cmscore/src/com/netscape/cmscore/apps/CMSEngine.java
bdfa3c
@@ -287,9 +287,8 @@ public class CMSEngine implements ICMSEngine {
bdfa3c
 
bdfa3c
     private static final int PW_OK =0;
bdfa3c
     private static final int PW_BAD_SETUP = 1;
bdfa3c
-    private static final int PW_INVALID_PASSWORD = 2;
bdfa3c
+    private static final int PW_INVALID_CREDENTIALS = 2;
bdfa3c
     private static final int PW_CANNOT_CONNECT = 3;
bdfa3c
-    private static final int PW_NO_USER = 4;
bdfa3c
     private static final int PW_MAX_ATTEMPTS = 3;
bdfa3c
 
bdfa3c
 
bdfa3c
@@ -365,7 +364,7 @@ public class CMSEngine implements ICMSEngine {
bdfa3c
 
bdfa3c
         for (String tag : tags) {
bdfa3c
             int iteration = 0;
bdfa3c
-            int result = PW_INVALID_PASSWORD;
bdfa3c
+            int result = PW_INVALID_CREDENTIALS;
bdfa3c
             String binddn;
bdfa3c
             String authType;
bdfa3c
             LdapConnInfo connInfo = null;
bdfa3c
@@ -450,10 +449,10 @@ public class CMSEngine implements ICMSEngine {
bdfa3c
                 String passwd = mPasswordStore.getPassword(tag, iteration);
bdfa3c
                 result = testLDAPConnection(tag, connInfo, binddn, passwd);
bdfa3c
                 iteration++;
bdfa3c
-            } while ((result == PW_INVALID_PASSWORD) && (iteration < PW_MAX_ATTEMPTS));
bdfa3c
+            } while ((result == PW_INVALID_CREDENTIALS) && (iteration < PW_MAX_ATTEMPTS));
bdfa3c
 
bdfa3c
             if (result != PW_OK) {
bdfa3c
-                if ((result == PW_NO_USER) && (tag.equals("replicationdb"))) {
bdfa3c
+                if ((result == PW_INVALID_CREDENTIALS) && (tag.equals("replicationdb"))) {
bdfa3c
                     System.out.println(
bdfa3c
                         "CMSEngine: init(): password test execution failed for replicationdb" +
bdfa3c
                         "with NO_SUCH_USER.  This may not be a latest instance.  Ignoring ..");
bdfa3c
@@ -473,8 +472,10 @@ public class CMSEngine implements ICMSEngine {
bdfa3c
     public int testLDAPConnection(String name, LdapConnInfo info, String binddn, String pwd) {
bdfa3c
         int ret = PW_OK;
bdfa3c
 
bdfa3c
-        if (StringUtils.isEmpty(pwd))
bdfa3c
-            return PW_INVALID_PASSWORD;
bdfa3c
+        if (StringUtils.isEmpty(pwd)) {
bdfa3c
+            return PW_INVALID_CREDENTIALS;
bdfa3c
+        }
bdfa3c
+
bdfa3c
 
bdfa3c
         String host = info.getHost();
bdfa3c
         int port = info.getPort();
bdfa3c
@@ -488,12 +489,9 @@ public class CMSEngine implements ICMSEngine {
bdfa3c
         } catch (LDAPException e) {
bdfa3c
             switch (e.getLDAPResultCode()) {
bdfa3c
             case LDAPException.NO_SUCH_OBJECT:
bdfa3c
-                System.out.println("testLDAPConnection: The specified user " + binddn + " does not exist");
bdfa3c
-                ret = PW_NO_USER;
bdfa3c
-                break;
bdfa3c
             case LDAPException.INVALID_CREDENTIALS:
bdfa3c
                 System.out.println("testLDAPConnection: Invalid Password");
bdfa3c
-                ret = PW_INVALID_PASSWORD;
bdfa3c
+                ret = PW_INVALID_CREDENTIALS;
bdfa3c
                 break;
bdfa3c
             default:
bdfa3c
                 System.out.println("testLDAPConnection: Unable to connect to " + name + ": " + e);
bdfa3c
-- 
bdfa3c
1.8.3.1
bdfa3c
bdfa3c
bdfa3c
From d511e7f255350881333b14ba9b68a879335abddc Mon Sep 17 00:00:00 2001
bdfa3c
From: Christina Fu <cfu@redhat.com>
bdfa3c
Date: Wed, 21 Apr 2021 17:32:42 -0700
bdfa3c
Subject: [PATCH 2/2] bug1949656 CRMF requests with non-SKID extensions
bdfa3c
bdfa3c
This patch address the issue where if a CRMF request bears any extension
bdfa3c
other than SKID then it fails to process.
bdfa3c
bdfa3c
fixes https://bugzilla.redhat.com/show_bug.cgi?id=1949656
bdfa3c
bdfa3c
(cherry picked from commit fe133f9affcde7b56fe69bf0c7daef6930749e74)
bdfa3c
---
bdfa3c
 base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java | 2 +-
bdfa3c
 1 file changed, 1 insertion(+), 1 deletion(-)
bdfa3c
bdfa3c
diff --git a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java
bdfa3c
index f9903c6..b7fdb9e 100644
bdfa3c
--- a/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java
bdfa3c
+++ b/base/server/cms/src/com/netscape/cms/profile/common/EnrollProfile.java
bdfa3c
@@ -2286,7 +2286,7 @@ public abstract class EnrollProfile extends BasicProfile
bdfa3c
                         ext = new SubjectKeyIdentifierExtension(false,
bdfa3c
                                 jssext.getExtnValue().toByteArray());
bdfa3c
                     } else {
bdfa3c
-                        new Extension(oid, isCritical, extValue);
bdfa3c
+                        ext = new Extension(oid, isCritical, extValue);
bdfa3c
                     }
bdfa3c
 
bdfa3c
                     extensions.parseExtension(ext);
bdfa3c
-- 
bdfa3c
1.8.3.1
bdfa3c