From 3cb710fbea245476a49af77d670fedb35bba16de Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 9 Jan 2018 22:07:17 -0500 Subject: [PATCH 1/6] Perm issues in sqlite databases show up in slightly different ways SQLite databases may return SEC_ERROR_READ_ONLY instead of SEC_ERROR_BAD_DATABASE. If a database is opened as read-write but it fails (e.g. in a read-only directory) it will try again to open it as read-only and potentially fail because it doesn't exist at all. This sets errno as ENOENT rather than the expected EACCES so treat that as a read failure as well. Related: https://pagure.io/certmonger/issue/88 --- src/certsave-n.c | 5 ++++- src/keygen-n.c | 6 +++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/src/certsave-n.c b/src/certsave-n.c index 67deb88b..a2c97000 100644 --- a/src/certsave-n.c +++ b/src/certsave-n.c @@ -128,10 +128,13 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, NSS_INIT_NOMODDB); ec = PORT_GetError(); if (ctx == NULL) { - if ((ec == SEC_ERROR_BAD_DATABASE) && readwrite) { + if ((ec == SEC_ERROR_READ_ONLY) && readwrite) { + ec = PR_NO_ACCESS_RIGHTS_ERROR; + } else if ((ec == SEC_ERROR_BAD_DATABASE) && readwrite) { switch (errno) { case EACCES: case EPERM: + case ENOENT: ec = PR_NO_ACCESS_RIGHTS_ERROR; break; default: diff --git a/src/keygen-n.c b/src/keygen-n.c index 08f00496..8078a520 100644 --- a/src/keygen-n.c +++ b/src/keygen-n.c @@ -169,10 +169,14 @@ cm_keygen_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, NSS_INIT_NOMODDB); ec = PORT_GetError(); if (ctx == NULL) { - if ((ec == SEC_ERROR_BAD_DATABASE) && readwrite) { + if ((ec == SEC_ERROR_READ_ONLY) && readwrite) { + ec = PR_NO_ACCESS_RIGHTS_ERROR; + } + else if ((ec == SEC_ERROR_BAD_DATABASE) && readwrite) { switch (errno) { case EACCES: case EPERM: + case ENOENT: ec = PR_NO_ACCESS_RIGHTS_ERROR; break; default: -- 2.15.1