Resolves: #1974365, Fix detection if pkcsslotd is still running

This commit is contained in:
Than Ngo 2021-07-13 20:43:26 +02:00
parent 03d0eb1e5f
commit e479145be9
2 changed files with 111 additions and 3 deletions

View File

@ -0,0 +1,106 @@
commit 5951869263b556280da53498270cf4826f779c5b
Author: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Tue Jul 13 09:05:22 2021 +0200
pkcstok_migrate: Fix detection if pkcsslotd is still running
Change the code to use the pid file that pkcsslotd creates, and check
if the process with the pid contained in the pid file still exists and
runs pkcsslotd.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
diff --git a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
index 05081aff..a29dc8f7 100644
--- a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
+++ b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c
@@ -2474,54 +2474,53 @@ static CK_RV backup_repository(const char *data_store)
*/
static CK_BBOOL pkcsslotd_running(void)
{
- DIR *dir;
FILE *fp;
- struct dirent* ent;
char* endptr;
- char buf[PATH_MAX];
+ long lpid;
char fname[PATH_MAX];
+ char buf[PATH_MAX];
+ char* first;
TRACE_INFO("Checking if pkcsslotd is running ...\n");
- if (!(dir = opendir("/proc"))) {
- TRACE_WARN("Cannot open /proc, i.e. cannot check if pkcsslotd is running.\n");
- return CK_TRUE;
+
+ fp = fopen(PID_FILE_PATH, "r");
+ if (fp == NULL) {
+ TRACE_INFO("Pid file '%s' not existent, pkcsslotd is not running\n",
+ PID_FILE_PATH);
+ return CK_FALSE;
}
- while ((ent = readdir(dir)) != NULL) {
- /* if endptr is not a null character, the directory is not
- * entirely numeric, so ignore it */
- long lpid = strtol(ent->d_name, &endptr, 10);
- if (*endptr != '\0') {
- continue;
- }
+ if (fgets(buf, sizeof(buf), fp) == NULL) {
+ TRACE_WARN("Cannot read pid file '%s': %s\n", PID_FILE_PATH,
+ strerror(errno));
+ fclose(fp);
+ return CK_FALSE;
+ }
+ fclose(fp);
- /* try to open the cmdline file */
- snprintf(fname, sizeof(fname), "/proc/%ld/cmdline", lpid);
- fp = fopen(fname, "r");
- if (!fp) {
- warnx("fopen(%s) failed, errno=%s", fname, strerror(errno));
- return CK_TRUE;
- }
+ lpid = strtol(buf, &endptr, 10);
+ if (*endptr != '\0' && *endptr != '\n') {
+ TRACE_WARN("Failed to parse pid file '%s': %s\n", PID_FILE_PATH,
+ buf);
+ return CK_FALSE;
+ }
- /* check the first token in the file: the program pathname */
- if (fgets(buf, sizeof(buf), fp) != NULL) {
- char* first = strtok(buf, " ");
- if (!first) {
- TRACE_WARN("Cannot read program name from %s, i.e. cannot check if pkcsslotd is running.\n",
- fname);
- return CK_TRUE;
- }
- if (strstr(first, "pkcsslotd") != NULL) {
- fclose(fp);
- closedir(dir);
- return CK_TRUE;
- }
- }
+ snprintf(fname, sizeof(fname), "/proc/%ld/cmdline", lpid);
+ fp = fopen(fname, "r");
+ if (fp == NULL) {
+ TRACE_INFO("Stale pid file, pkcsslotd is not running\n");
+ return CK_FALSE;
+ }
+
+ if (fgets(buf, sizeof(buf), fp) == NULL) {
+ TRACE_INFO("Failed to read '%s'\n", fname);
fclose(fp);
+ return CK_FALSE;
}
+ fclose(fp);
- closedir(dir);
- return CK_FALSE;
+ first = strtok(buf, " ");
+ return (first != NULL && strstr(first, "pkcsslotd") != NULL);
}
/**

View File

@ -1,7 +1,7 @@
Name: opencryptoki
Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11
Version: 3.16.0
Release: 6%{?dist}
Release: 6.1%{?dist}
License: CPL
URL: https://github.com/opencryptoki/opencryptoki
Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
@ -11,10 +11,8 @@ Patch0: opencryptoki-3.11.0-group.patch
# bz#1373833, change tmpfiles snippets from /var/lock/* to /run/lock/*
Patch1: opencryptoki-3.11.0-lockdir.patch
# PIDfile below legacy directory /var/run/
Patch2: opencryptoki-pkcsslotd-pidfile.patch
# Use --no-undefined to debug missing symbols
#Patch100: %%{name}-3.2-no-undefined.patch
@ -33,6 +31,7 @@ Patch210: opencryptoki-3.16.0-d7de5092247a0efc2c397f12977a7c9925420143.patch
Patch211: opencryptoki-3.16.0-1fdd0e4497b0078e73e0004e3492db647c7c458b.patch
Patch212: opencryptoki-3.16.0-bf812c652c49d7e248b115d121a4f7f6568941a2.patch
Patch213: opencryptoki-3.16.0-7b7d83c571ceb3050969359817d4145600f14ae8.patch
Patch214: opencryptoki-3.16.0-pkcstok_migrate-detection_if_pkcsslotd_is_still_running.patch
Requires(pre): coreutils
Requires: (selinux-policy >= 34.1.8-1 if selinux-policy-targeted)
@ -340,6 +339,9 @@ fi
%changelog
* Tue Jul 13 2021 Than Ngo <than@redhat.com> - 3.16.0-6.1
- Resolves: #1974365, Fix detection if pkcsslotd is still running
* Fri Jun 25 2021 Than Ngo <than@redhat.com> - 3.16.0-6
- Resolves: #1974693, pkcsslotd PIDfile below legacy directory /var/run/