From e479145be9f915c5f82c2e1a0cf07b597e1e1851 Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Tue, 13 Jul 2021 20:43:26 +0200 Subject: [PATCH] Resolves: #1974365, Fix detection if pkcsslotd is still running --- ...ection_if_pkcsslotd_is_still_running.patch | 106 ++++++++++++++++++ opencryptoki.spec | 8 +- 2 files changed, 111 insertions(+), 3 deletions(-) create mode 100644 opencryptoki-3.16.0-pkcstok_migrate-detection_if_pkcsslotd_is_still_running.patch diff --git a/opencryptoki-3.16.0-pkcstok_migrate-detection_if_pkcsslotd_is_still_running.patch b/opencryptoki-3.16.0-pkcstok_migrate-detection_if_pkcsslotd_is_still_running.patch new file mode 100644 index 0000000..128ea06 --- /dev/null +++ b/opencryptoki-3.16.0-pkcstok_migrate-detection_if_pkcsslotd_is_still_running.patch @@ -0,0 +1,106 @@ +commit 5951869263b556280da53498270cf4826f779c5b +Author: Ingo Franzki +Date: Tue Jul 13 09:05:22 2021 +0200 + + pkcstok_migrate: Fix detection if pkcsslotd is still running + + Change the code to use the pid file that pkcsslotd creates, and check + if the process with the pid contained in the pid file still exists and + runs pkcsslotd. + + Signed-off-by: Ingo Franzki + +diff --git a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c +index 05081aff..a29dc8f7 100644 +--- a/usr/sbin/pkcstok_migrate/pkcstok_migrate.c ++++ b/usr/sbin/pkcstok_migrate/pkcstok_migrate.c +@@ -2474,54 +2474,53 @@ static CK_RV backup_repository(const char *data_store) + */ + static CK_BBOOL pkcsslotd_running(void) + { +- DIR *dir; + FILE *fp; +- struct dirent* ent; + char* endptr; +- char buf[PATH_MAX]; ++ long lpid; + char fname[PATH_MAX]; ++ char buf[PATH_MAX]; ++ char* first; + + TRACE_INFO("Checking if pkcsslotd is running ...\n"); +- if (!(dir = opendir("/proc"))) { +- TRACE_WARN("Cannot open /proc, i.e. cannot check if pkcsslotd is running.\n"); +- return CK_TRUE; ++ ++ fp = fopen(PID_FILE_PATH, "r"); ++ if (fp == NULL) { ++ TRACE_INFO("Pid file '%s' not existent, pkcsslotd is not running\n", ++ PID_FILE_PATH); ++ return CK_FALSE; + } + +- while ((ent = readdir(dir)) != NULL) { +- /* if endptr is not a null character, the directory is not +- * entirely numeric, so ignore it */ +- long lpid = strtol(ent->d_name, &endptr, 10); +- if (*endptr != '\0') { +- continue; +- } ++ if (fgets(buf, sizeof(buf), fp) == NULL) { ++ TRACE_WARN("Cannot read pid file '%s': %s\n", PID_FILE_PATH, ++ strerror(errno)); ++ fclose(fp); ++ return CK_FALSE; ++ } ++ fclose(fp); + +- /* try to open the cmdline file */ +- snprintf(fname, sizeof(fname), "/proc/%ld/cmdline", lpid); +- fp = fopen(fname, "r"); +- if (!fp) { +- warnx("fopen(%s) failed, errno=%s", fname, strerror(errno)); +- return CK_TRUE; +- } ++ lpid = strtol(buf, &endptr, 10); ++ if (*endptr != '\0' && *endptr != '\n') { ++ TRACE_WARN("Failed to parse pid file '%s': %s\n", PID_FILE_PATH, ++ buf); ++ return CK_FALSE; ++ } + +- /* check the first token in the file: the program pathname */ +- if (fgets(buf, sizeof(buf), fp) != NULL) { +- char* first = strtok(buf, " "); +- if (!first) { +- TRACE_WARN("Cannot read program name from %s, i.e. cannot check if pkcsslotd is running.\n", +- fname); +- return CK_TRUE; +- } +- if (strstr(first, "pkcsslotd") != NULL) { +- fclose(fp); +- closedir(dir); +- return CK_TRUE; +- } +- } ++ snprintf(fname, sizeof(fname), "/proc/%ld/cmdline", lpid); ++ fp = fopen(fname, "r"); ++ if (fp == NULL) { ++ TRACE_INFO("Stale pid file, pkcsslotd is not running\n"); ++ return CK_FALSE; ++ } ++ ++ if (fgets(buf, sizeof(buf), fp) == NULL) { ++ TRACE_INFO("Failed to read '%s'\n", fname); + fclose(fp); ++ return CK_FALSE; + } ++ fclose(fp); + +- closedir(dir); +- return CK_FALSE; ++ first = strtok(buf, " "); ++ return (first != NULL && strstr(first, "pkcsslotd") != NULL); + } + + /** diff --git a/opencryptoki.spec b/opencryptoki.spec index 2eda83a..443c3a2 100644 --- a/opencryptoki.spec +++ b/opencryptoki.spec @@ -1,7 +1,7 @@ Name: opencryptoki Summary: Implementation of the PKCS#11 (Cryptoki) specification v2.11 Version: 3.16.0 -Release: 6%{?dist} +Release: 6.1%{?dist} License: CPL URL: https://github.com/opencryptoki/opencryptoki Source0: https://github.com/opencryptoki/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz @@ -11,10 +11,8 @@ Patch0: opencryptoki-3.11.0-group.patch # bz#1373833, change tmpfiles snippets from /var/lock/* to /run/lock/* Patch1: opencryptoki-3.11.0-lockdir.patch - # PIDfile below legacy directory /var/run/ Patch2: opencryptoki-pkcsslotd-pidfile.patch - # Use --no-undefined to debug missing symbols #Patch100: %%{name}-3.2-no-undefined.patch @@ -33,6 +31,7 @@ Patch210: opencryptoki-3.16.0-d7de5092247a0efc2c397f12977a7c9925420143.patch Patch211: opencryptoki-3.16.0-1fdd0e4497b0078e73e0004e3492db647c7c458b.patch Patch212: opencryptoki-3.16.0-bf812c652c49d7e248b115d121a4f7f6568941a2.patch Patch213: opencryptoki-3.16.0-7b7d83c571ceb3050969359817d4145600f14ae8.patch +Patch214: opencryptoki-3.16.0-pkcstok_migrate-detection_if_pkcsslotd_is_still_running.patch Requires(pre): coreutils Requires: (selinux-policy >= 34.1.8-1 if selinux-policy-targeted) @@ -340,6 +339,9 @@ fi %changelog +* Tue Jul 13 2021 Than Ngo - 3.16.0-6.1 +- Resolves: #1974365, Fix detection if pkcsslotd is still running + * Fri Jun 25 2021 Than Ngo - 3.16.0-6 - Resolves: #1974693, pkcsslotd PIDfile below legacy directory /var/run/