rpms/openldap
7
0
Fork 0
Code Issues Pull Requests Releases Activity

MozNSS Compat. Layer: fix PIN disclaimer not always shown

Browse Source 
- ad #1516409#c7 case 1

(cherry picked from commit 6e2bfcadc598ed202cc77e34d5bfdea3d6ed8fbe)
(orginally #1516409)

Related: #1400570
This commit is contained in:
Matúš Honěk 2018-01-31 21:47:33 +01:00
parent e6c4c72153
commit 8c29eeec6a
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
openldap-tlsmc.patch
View File

@ -1,7 +1,7 @@
MozNSS Interception Code MozNSS Interception Code
Author: Matus Honek <mhonek@redhat.com> Author: Matus Honek <mhonek@redhat.com>
Date: Tue Jan 30 17:46:02 CET 2018 Date: Wed Jan 31 21:44:47 CET 2018
diff --git a/configure.in b/configure.in diff --git a/configure.in b/configure.in
--- a/configure.in --- a/configure.in
+++ b/configure.in +++ b/configure.in
@ -642,10 +642,6 @@ new file mode 100644
+ char *token_name = NULL; + char *token_name = NULL;
+ char *pwdstr = NULL; + char *pwdstr = NULL;
+ +
+ Debug( LDAP_DEBUG_ANY,
+ "tlsmc_get_pin: INFO: Please note the extracted key file will not be protected with a PIN any more, however it will be still protected at least by file permissions.\n",
+ 0, 0, 0 );
+
+ token_name = PK11_GetTokenName( slot ); + token_name = PK11_GetTokenName( slot );
+ /* Try to get the passwords from the password file if it exists. + /* Try to get the passwords from the password file if it exists.
+ * THIS IS UNSAFE and is provided for convenience only. Without this + * THIS IS UNSAFE and is provided for convenience only. Without this
@ -653,6 +649,8 @@ new file mode 100644
+ * if using an encrypted key. + * if using an encrypted key.
+ */ + */
+ if ( filename ) { + if ( filename ) {
+ fprintf( stderr,
+ "tlsmc_get_pin: INFO: Please note the extracted key file will not be protected with a PIN any more, however it will be still protected at least by file permissions.\n");
+ pwdstr = tlsmc_get_pin_from_file( token_name, (char *)filename ); + pwdstr = tlsmc_get_pin_from_file( token_name, (char *)filename );
+ if ( retry && pwdstr != NULL ) + if ( retry && pwdstr != NULL )
+ return NULL; + return NULL;
@ -663,6 +661,8 @@ new file mode 100644
+ unsigned char phrase[200]; + unsigned char phrase[200];
+ /* Prompt for password */ + /* Prompt for password */
+ if ( isTTY ) { + if ( isTTY ) {
+ fprintf( stderr,
+ "tlsmc_get_pin: INFO: Please note the extracted key file will not be protected with a PIN any more, however it will be still protected at least by file permissions.\n");
+ fprintf( stdout, + fprintf( stdout,
+ "Please enter pin, password, or pass phrase for security token '%s': ", + "Please enter pin, password, or pass phrase for security token '%s': ",
+ token_name ? token_name : DEFAULT_TOKEN_NAME ); + token_name ? token_name : DEFAULT_TOKEN_NAME );

1
openldap.spec
View File

@ -518,6 +518,7 @@ exit 0
%changelog %changelog
* Wed Feb 7 2018 Matus Honek <mhonek@redhat.com> - 2.4.45-7 * Wed Feb 7 2018 Matus Honek <mhonek@redhat.com> - 2.4.45-7
- MozNSS Compat. Layer fixes (#1400570) - MozNSS Compat. Layer fixes (#1400570)
- fix PIN disclaimer not always shown (orig. #1516409)
- fix recursive directory deletion (orig. #1516409) - fix recursive directory deletion (orig. #1516409)
- Ensure consistency of a PEM dir before usage (orig. #1516409) - Ensure consistency of a PEM dir before usage (orig. #1516409)
+ Warn just before use of a PIN about key file extraction + Warn just before use of a PIN about key file extraction