rpms/certmonger
7
0
Fork 0
Code Issues Pull Requests Releases Activity
e27a720d62
certmonger/0001-Perm-issues-in-sqlite-databases-show-up-in-slightly-.patch
Rob Crittenden 6155daa274 Fixes for F28 switch to sqlite as the default NSS database type 
- Patch to fix NSS handling of keys in sqlite databases
- Patches to fix tests now that sqlite is the NSS default.

Also fix building in rawhide due to packaging changes

- Remove BR on mktemp. It is now provided by coreutils.
2018-01-16 16:14:56 -05:00

64 lines
2.0 KiB
Diff
Raw Blame History

From 3cb710fbea245476a49af77d670fedb35bba16de Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 9 Jan 2018 22:07:17 -0500
Subject: [PATCH 1/6] Perm issues in sqlite databases show up in slightly
different ways
SQLite databases may return SEC_ERROR_READ_ONLY instead of
SEC_ERROR_BAD_DATABASE.
If a database is opened as read-write but it fails (e.g. in a
read-only directory) it will try again to open it as read-only
and potentially fail because it doesn't exist at all. This sets
errno as ENOENT rather than the expected EACCES so treat that
as a read failure as well.
Related: https://pagure.io/certmonger/issue/88
---
src/certsave-n.c | 5 ++++-
src/keygen-n.c | 6 +++++-
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/certsave-n.c b/src/certsave-n.c
index 67deb88b..a2c97000 100644
--- a/src/certsave-n.c
+++ b/src/certsave-n.c
@@ -128,10 +128,13 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
NSS_INIT_NOMODDB);
ec = PORT_GetError();
if (ctx == NULL) {
- if ((ec == SEC_ERROR_BAD_DATABASE) && readwrite) {
+ if ((ec == SEC_ERROR_READ_ONLY) && readwrite) {
+ ec = PR_NO_ACCESS_RIGHTS_ERROR;
+ } else if ((ec == SEC_ERROR_BAD_DATABASE) && readwrite) {
switch (errno) {
case EACCES:
case EPERM:
+ case ENOENT:
ec = PR_NO_ACCESS_RIGHTS_ERROR;
break;
default:
diff --git a/src/keygen-n.c b/src/keygen-n.c
index 08f00496..8078a520 100644
--- a/src/keygen-n.c
+++ b/src/keygen-n.c
@@ -169,10 +169,14 @@ cm_keygen_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
NSS_INIT_NOMODDB);
ec = PORT_GetError();
if (ctx == NULL) {
- if ((ec == SEC_ERROR_BAD_DATABASE) && readwrite) {
+ if ((ec == SEC_ERROR_READ_ONLY) && readwrite) {
+ ec = PR_NO_ACCESS_RIGHTS_ERROR;
+ }
+ else if ((ec == SEC_ERROR_BAD_DATABASE) && readwrite) {
switch (errno) {
case EACCES:
case EPERM:
+ case ENOENT:
ec = PR_NO_ACCESS_RIGHTS_ERROR;
break;
default:
--
2.15.1
Reference in New Issue View Git Blame Copy Permalink