rpms / 389-ds-base

Clone
Source Code
GIT

Blame SOURCES/0061-Ticket-47596-attrcrypt-fails-to-find-unlocked-key.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8-beta-stream-1.4 c8-stream-1.4 c8s-stream-1.4 c8s-stream-ds c9 c9-beta
  1.   3e8a65d85804f994442e69f31356b70310316a53
  2.   SOURCES
  3.   0061-Ticket-47596-attrcrypt-fails-to-find-unlocked-key.patch
Blob History Raw
cc3dff 
From 13dee95761221c2849523acf3276242416a7a01a Mon Sep 17 00:00:00 2001
cc3dff 
From: Rich Megginson <rmeggins@redhat.com>
cc3dff 
Date: Tue, 26 Nov 2013 08:14:07 -0700
cc3dff 
Subject: [PATCH 61/65] Ticket #47596 attrcrypt fails to find unlocked key
cc3dff
cc3dff 
https://fedorahosted.org/389/ticket/47596
cc3dff 
Reviewed by: nkinder (Thanks!)
cc3dff 
Branch: 389-ds-base-1.3.1
cc3dff 
Fix Description: Additional fix to the previous fix.  As it turns out, the
cc3dff 
function PK11_IsLoggedIn() only returns true if the slot has been unlocked
cc3dff 
with a pin or password.  If the slot does not need a login at all, because
cc3dff 
the cert/key db has no password, PK11_IsLoggedIn will return false.  The code
cc3dff 
must check for PK11_NeedLogin too.
cc3dff 
Platforms tested: RHEL6 x86_64
cc3dff 
Flag Day: no
cc3dff 
Doc impact: no
cc3dff 
(cherry picked from commit e66c4cecc47eff659a72a51c1e1722fb41c1dfbc)
cc3dff 
(cherry picked from commit f608a943745e51fe4b5dbfb18bada2e2d13e0d6a)
cc3dff 
(cherry picked from commit 5d2a20b4881d5374a9088ed1504b2d7e753976bb)
cc3dff 
---
cc3dff 
 ldap/servers/slapd/ssl.c | 2 +-
cc3dff 
 1 file changed, 1 insertion(+), 1 deletion(-)
cc3dff
cc3dff 
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
cc3dff 
index 8b80acb..61809aa 100644
cc3dff 
--- a/ldap/servers/slapd/ssl.c
cc3dff 
+++ b/ldap/servers/slapd/ssl.c
cc3dff 
@@ -1602,7 +1602,7 @@ slapd_get_unlocked_key_for_cert(CERTCertificate *cert, void *pin_arg)
cc3dff 
 			slapi_log_error(SLAPI_LOG_TRACE, "slapd_get_unlocked_key_for_cert",
cc3dff 
 					"Missing slot for slot list element for certificate [%s]\n",
cc3dff 
 					certsubject);
cc3dff 
-		} else if (PK11_IsLoggedIn(slot, pin_arg)) {
cc3dff 
+		} else if (!PK11_NeedLogin(slot) || PK11_IsLoggedIn(slot, pin_arg)) {
cc3dff 
 			key = PK11_FindKeyByDERCert(slot, cert, pin_arg);
cc3dff 
 			slapi_log_error(SLAPI_LOG_TRACE, "slapd_get_unlocked_key_for_cert",
cc3dff 
 					"Found unlocked slot [%s] token [%s] for certificate [%s]\n",
cc3dff 
--
cc3dff 
1.8.1.4
cc3dff

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation