certmonger/0001-Perm-issues-in-sqlite-databases-show-up-in-slightly-.patch

From 3cb710fbea245476a49af77d670fedb35bba16de Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 9 Jan 2018 22:07:17 -0500
Subject: [PATCH 1/6] Perm issues in sqlite databases show up in slightly
 different ways

SQLite databases may return SEC_ERROR_READ_ONLY instead of
SEC_ERROR_BAD_DATABASE.

If a database is opened as read-write but it fails (e.g. in a
read-only directory) it will try again to open it as read-only
and potentially fail because it doesn't exist at all. This sets
errno as ENOENT rather than the expected EACCES so treat that
as a read failure as well.

Related: https://pagure.io/certmonger/issue/88
---
 src/certsave-n.c | 5 ++++-
 src/keygen-n.c   | 6 +++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/certsave-n.c b/src/certsave-n.c
index 67deb88b..a2c97000 100644
--- a/src/certsave-n.c
+++ b/src/certsave-n.c
@@ -128,10 +128,13 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
 			      NSS_INIT_NOMODDB);
 	ec = PORT_GetError();
 	if (ctx == NULL) {
-		if ((ec == SEC_ERROR_BAD_DATABASE) && readwrite) {
+		if ((ec == SEC_ERROR_READ_ONLY) && readwrite) {
+		        ec = PR_NO_ACCESS_RIGHTS_ERROR;
+		} else if ((ec == SEC_ERROR_BAD_DATABASE) && readwrite) {
 			switch (errno) {
 			case EACCES:
 			case EPERM:
+			case ENOENT:
 				ec = PR_NO_ACCESS_RIGHTS_ERROR;
 				break;
 			default:
diff --git a/src/keygen-n.c b/src/keygen-n.c
index 08f00496..8078a520 100644
--- a/src/keygen-n.c
+++ b/src/keygen-n.c
@@ -169,10 +169,14 @@ cm_keygen_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
 			      NSS_INIT_NOMODDB);
 	ec = PORT_GetError();
 	if (ctx == NULL) {
-		if ((ec == SEC_ERROR_BAD_DATABASE) && readwrite) {
+		if ((ec == SEC_ERROR_READ_ONLY) && readwrite) {
+			ec = PR_NO_ACCESS_RIGHTS_ERROR;
+		}
+		else if ((ec == SEC_ERROR_BAD_DATABASE) && readwrite) {
 			switch (errno) {
 			case EACCES:
 			case EPERM:
+			case ENOENT:
 				ec = PR_NO_ACCESS_RIGHTS_ERROR;
 				break;
 			default:
-- 
2.15.1
Fixes for F28 switch to sqlite as the default NSS database type - Patch to fix NSS handling of keys in sqlite databases - Patches to fix tests now that sqlite is the NSS default. Also fix building in rawhide due to packaging changes - Remove BR on mktemp. It is now provided by coreutils. 2018-01-16 21:14:56 +00:00			`From 3cb710fbea245476a49af77d670fedb35bba16de Mon Sep 17 00:00:00 2001`
			`From: Rob Crittenden <rcritten@redhat.com>`
			`Date: Tue, 9 Jan 2018 22:07:17 -0500`
			`Subject: [PATCH 1/6] Perm issues in sqlite databases show up in slightly`
			`different ways`

			`SQLite databases may return SEC_ERROR_READ_ONLY instead of`
			`SEC_ERROR_BAD_DATABASE.`

			`If a database is opened as read-write but it fails (e.g. in a`
			`read-only directory) it will try again to open it as read-only`
			`and potentially fail because it doesn't exist at all. This sets`
			`errno as ENOENT rather than the expected EACCES so treat that`
			`as a read failure as well.`

			`Related: https://pagure.io/certmonger/issue/88`
			`---`
			`src/certsave-n.c \| 5 ++++-`
			`src/keygen-n.c \| 6 +++++-`
			`2 files changed, 9 insertions(+), 2 deletions(-)`

			`diff --git a/src/certsave-n.c b/src/certsave-n.c`
			`index 67deb88b..a2c97000 100644`
			`--- a/src/certsave-n.c`
			`+++ b/src/certsave-n.c`
			`@@ -128,10 +128,13 @@ cm_certsave_n_main(int fd, struct cm_store_ca ca, struct cm_store_entry entry,`
			`NSS_INIT_NOMODDB);`
			`ec = PORT_GetError();`
			`if (ctx == NULL) {`
			`- if ((ec == SEC_ERROR_BAD_DATABASE) && readwrite) {`
			`+ if ((ec == SEC_ERROR_READ_ONLY) && readwrite) {`
			`+ ec = PR_NO_ACCESS_RIGHTS_ERROR;`
			`+ } else if ((ec == SEC_ERROR_BAD_DATABASE) && readwrite) {`
			`switch (errno) {`
			`case EACCES:`
			`case EPERM:`
			`+ case ENOENT:`
			`ec = PR_NO_ACCESS_RIGHTS_ERROR;`
			`break;`
			`default:`
			`diff --git a/src/keygen-n.c b/src/keygen-n.c`
			`index 08f00496..8078a520 100644`
			`--- a/src/keygen-n.c`
			`+++ b/src/keygen-n.c`
			`@@ -169,10 +169,14 @@ cm_keygen_n_main(int fd, struct cm_store_ca ca, struct cm_store_entry entry,`
			`NSS_INIT_NOMODDB);`
			`ec = PORT_GetError();`
			`if (ctx == NULL) {`
			`- if ((ec == SEC_ERROR_BAD_DATABASE) && readwrite) {`
			`+ if ((ec == SEC_ERROR_READ_ONLY) && readwrite) {`
			`+ ec = PR_NO_ACCESS_RIGHTS_ERROR;`
			`+ }`
			`+ else if ((ec == SEC_ERROR_BAD_DATABASE) && readwrite) {`
			`switch (errno) {`
			`case EACCES:`
			`case EPERM:`
			`+ case ENOENT:`
			`ec = PR_NO_ACCESS_RIGHTS_ERROR;`
			`break;`
			`default:`
			`--`
			`2.15.1`