rpms/nss/devel 547860.patch,NONE,1.1 nss.spec,1.134,1.135

Thu Dec 31 01:21:59 UTC 2009

Author: emaldonado

Update of /cvs/pkgs/rpms/nss/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv20150

Modified Files:
	nss.spec 
Added Files:
	547860.patch 
Log Message:
Fix nsssysinit to allow root to modify the nss system database (#547860)

547860.patch:
 nsssysinit.c |   42 ++++++++++++++++++++++++------------------
 1 file changed, 24 insertions(+), 18 deletions(-)

--- NEW FILE 547860.patch ---
diff -up nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.547860 nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c
--- nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.547860	2009-12-26 19:26:47.688694605 -0800
+++ nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c	2009-12-26 19:36:21.817699009 -0800
@@ -50,6 +50,7 @@
  */
 
 #ifdef XP_UNIX
+#include <unistd.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 
@@ -108,12 +109,18 @@ getSystemDB(void) {
    return PORT_Strdup(NSS_DEFAULT_SYSTEM);
 }
 
+static PRBool
+userCanModifySystemDB()
+{
+   return (access(NSS_DEFAULT_SYSTEM, W_OK) == 0);
+}
+
 #else
 #ifdef XP_WIN
 static char *
 getUserDB(void)
 {
-   /* use the registry to find the user's NSS_DIR. if no entry exists, creaate
+   /* use the registry to find the user's NSS_DIR. if no entry exists, create
     * one in the users Appdir location */
    return NULL;
 }
@@ -121,13 +128,21 @@ getUserDB(void)
 static char *
 getSystemDB(void)
 {
-   /* use the registry to find the system's NSS_DIR. if no entry exists, creaate
+   /* use the registry to find the system's NSS_DIR. if no entry exists, create
     * one based on the windows system data area */
    return NULL;
 }
 
+static PRBool
+userCanModifySystemDB()
+{
+   /* use the registry to find if the user has administrative privilege 
+    * to modify the system's nss database. */
+   return PR_FALSE
+}
+
 #else
-#error "Need to write getUserDB and get SystemDB functions"
+#error "Need to write getUserDB, SystemDB and userCanModifySystemDB functions"
 #endif
 #endif
 
@@ -206,7 +221,7 @@ askpw=any timeout=30 ] }  ";
 static char **
 get_list(char *filename, char *stripped_parameters)
 {
-    char **module_list = PORT_ZNewArray(char *, 5);
+    char **module_list = PORT_ZNewArray(char *, 4);
     char *userdb, *sysdb;
     int isFIPS = getFIPSMode();
     const char *nssflags = isFIPS ? nssDefaultFIPSFlags : nssDefaultFlags;
@@ -245,23 +260,14 @@ get_list(char *filename, char *stripped_
 		userdb, stripped_parameters);
 	}
 
-    if (filename && 0 /* This doesn't actually work. If we register
-			 both this and the sysdb (in either order)
-			 then only one of them actually shows up */) {
-	    module_list[next++] = PR_smprintf(
-	      "library= "
-	      "module=\"NSS database\" "
-	      "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" "
-	      "NSS=\"%sflags=internal\"",filename, filename, nssflags);
-    }
-
-    /* now the system database (always read only) */
+    /* now the system database (always read only unless it's root) */
     if (sysdb) {
-	    module_list[next++] = PR_smprintf(
+	const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
+	module_list[next++] = PR_smprintf(
 	      "library= "
 	      "module=\"NSS system database\" "
-	      "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' flags=readonly\" "
-	      "NSS=\"%sflags=internal,critical\"",sysdb, nssflags);
+	      "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
+	      "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
     }
 
     /* that was the last module */


Index: nss.spec
===================================================================
RCS file: /cvs/pkgs/rpms/nss/devel/nss.spec,v
retrieving revision 1.134
retrieving revision 1.135
diff -u -p -r1.134 -r1.135
--- nss.spec	31 Dec 2009 00:07:36 -0000	1.134
+++ nss.spec	31 Dec 2009 01:21:59 -0000	1.135
@@ -7,7 +7,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.12.5
-Release:          1%{?dist}.11
+Release:          1%{?dist}.13
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -46,6 +46,7 @@ Patch8:           nss-sysinit.patch
 Patch9:           540387.patch
 Patch10:          545779.patch
 Patch11:          546221.patch
+Patch12:          547860.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -117,6 +118,7 @@ low level services.
 %patch9 -p1 -b .540387
 %patch10 -p0 -b .545779
 %patch11 -p1 -b .546221
+%patch12 -p1 -b .547860
 
 %build
 
@@ -478,6 +480,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/ns
 
 
 %changelog
+* Sat Dec 26 2009 Elio Maldonado<emaldona at redhat.com> - 3.12.5-1.13
+- Fix nsssysinit to allow root to modify the nss system database (#547860)
+
 * Fri Dec 25 2009 Elio Maldonado<emaldona at redhat.com> - 3.12.5-1.11
 - Fix an error introduced when adapting the patch for rhbz #546211
 


