sal/qa/osl/file/osl_File.cxx | 33 ++++++++++++++++++++---
xmlsecurity/source/xmlsec/nss/nssinitializer.cxx | 21 +++++++++-----
2 files changed, 43 insertions(+), 11 deletions(-)
New commits:
commit e4184fa0b0b9b34872a0d1fbc6cca41170899a33
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Wed Apr 27 13:06:26 2022 +0200
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Fri Apr 29 13:05:47 2022 +0200
xmlsecurity: fix init of temp NSS DB when running with uid 0
The problem is that in SecurityEnvironment_NssImpl::insertPrivateKey()
the PK11_ImportDERPrivateKeyInfoAndReturnKey() fails because
NSC_CreateObject() finds a slot->needLogin = 1.
This value is set during the first NSS_InitReadWrite() in
nsscrypto_initialize(), usually this fails, and the fallback path ends
up calling PK11_InitPin(), which sets slot->needLogin = 0, whereas
running with uid 0, the first call succeeds and PK11_InitPin() wasn't
called.
This causes test failures in CppunitTest_desktop_lib
testInsertCertificate_PEM_ODT.
Change-Id: I302ff17493f9b4d74ceae9da6831a5af87d7f622
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133575
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
index 75db8de5bcb5..80d4e108ac3e 100644
--- a/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
+++ b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
@@ -405,15 +405,20 @@ bool
nsscrypto_initialize(css::uno::Reference<css::uno::XComponentContext> const
}
return false;
}
- // Initialize and set empty password if needed
- PK11SlotInfo* pSlot = PK11_GetInternalKeySlot();
- if (pSlot)
- {
- if (PK11_NeedUserInit(pSlot))
- PK11_InitPin(pSlot, nullptr, nullptr);
- PK11_FreeSlot(pSlot);
- }
}
+
+ // Initialize and set empty password if needed
+ // note: it's possible that the first NSS_InitReadWrite() succeeds by
+ // creating a new DB; in this case it may also be necessary to call
+ // PK11_InitPin()
+ PK11SlotInfo* pSlot = PK11_GetInternalKeySlot();
+ if (pSlot)
+ {
+ if (PK11_NeedUserInit(pSlot))
+ PK11_InitPin(pSlot, nullptr, nullptr);
+ PK11_FreeSlot(pSlot);
+ }
+
out_nss_init = true;
#ifdef XMLSEC_CRYPTO_NSS
commit 38258c7e1d55f23b8a73e5f1ba53d9f9fce34832
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Tue Apr 26 16:57:42 2022 +0200
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Fri Apr 29 13:05:27 2022 +0200
sal: tweak CppunitTest_sal_osl to run as uid 0
Change-Id: I280bcc522f3cd375b5f94e644b76bc5f95899324
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133574
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/sal/qa/osl/file/osl_File.cxx b/sal/qa/osl/file/osl_File.cxx
index 2eac7d1688af..718fb65423d1 100644
--- a/sal/qa/osl/file/osl_File.cxx
+++ b/sal/qa/osl/file/osl_File.cxx
@@ -1716,9 +1716,18 @@ namespace osl_FileStatus
osl::FileBase::RC nError = rItem.getFileStatus(rFileStatus);
CPPUNIT_ASSERT_EQUAL(osl::FileBase::E_None, nError);
- CPPUNIT_ASSERT_EQUAL_MESSAGE("test for getAttributes function:
ReadOnly, GrpRead, OwnRead, OthRead(UNX version) ",
+ if (geteuid() == 0) // as root, access(W_OK) may be true despite
mode
+ {
+ CPPUNIT_ASSERT_EQUAL_MESSAGE("test for getAttributes function:
(not ReadOnly,) GrpRead, OwnRead, OthRead(UNX version) ",
+
static_cast<sal_uInt64>(osl_File_Attribute_GrpRead | osl_File_Attribute_OwnRead
| osl_File_Attribute_OthRead),
+ rFileStatus.getAttributes());
+ }
+ else
+ {
+ CPPUNIT_ASSERT_EQUAL_MESSAGE("test for getAttributes function:
ReadOnly, GrpRead, OwnRead, OthRead(UNX version) ",
static_cast<sal_uInt64>(osl_File_Attribute_ReadOnly |
osl_File_Attribute_GrpRead | osl_File_Attribute_OwnRead |
osl_File_Attribute_OthRead),
rFileStatus.getAttributes());
+ }
}
#else // Windows version
void getAttributes_001()
@@ -1737,9 +1746,18 @@ namespace osl_FileStatus
osl::FileBase::RC nError = rItem.getFileStatus(rFileStatus);
CPPUNIT_ASSERT_EQUAL(osl::FileBase::E_None, nError);
- CPPUNIT_ASSERT_EQUAL_MESSAGE("test for getAttributes function:
Executable, GrpExe, OwnExe, OthExe, the result is Readonly, Executable, GrpExe,
OwnExe, OthExe, it partly not pass(Solaris version)",
+ if (geteuid() == 0) // as root, access(W_OK) may be true despite
mode
+ {
+ CPPUNIT_ASSERT_EQUAL_MESSAGE("test for getAttributes function:
Executable, GrpExe, OwnExe, OthExe, the result is (not Readonly,) Executable,
GrpExe, OwnExe, OthExe, it partly not pass(Solaris version)",
+
static_cast<sal_uInt64>(osl_File_Attribute_Executable |
osl_File_Attribute_GrpExe | osl_File_Attribute_OwnExe |
osl_File_Attribute_OthExe),
+ rFileStatus.getAttributes());
+ }
+ else
+ {
+ CPPUNIT_ASSERT_EQUAL_MESSAGE("test for getAttributes function:
Executable, GrpExe, OwnExe, OthExe, the result is Readonly, Executable, GrpExe,
OwnExe, OthExe, it partly not pass(Solaris version)",
static_cast<sal_uInt64>(osl_File_Attribute_ReadOnly |
osl_File_Attribute_Executable | osl_File_Attribute_GrpExe |
osl_File_Attribute_OwnExe | osl_File_Attribute_OthExe),
rFileStatus.getAttributes());
+ }
#endif
}
@@ -3259,9 +3277,18 @@ namespace osl_File
nError1 = rItem.getFileStatus(rFileStatus);
CPPUNIT_ASSERT_EQUAL(osl::FileBase::E_None, nError1);
- CPPUNIT_ASSERT_EQUAL_MESSAGE("test for setAttributes function: set
file attributes and get it to verify.",
+ if (geteuid() == 0) // as root, access(W_OK) may be true despite
mode
+ {
+ CPPUNIT_ASSERT_EQUAL_MESSAGE("test for setAttributes function:
set file attributes and get it to verify.",
+
static_cast<sal_uInt64>(osl_File_Attribute_GrpRead | osl_File_Attribute_OwnRead
| osl_File_Attribute_OthRead),
+ rFileStatus.getAttributes());
+ }
+ else
+ {
+ CPPUNIT_ASSERT_EQUAL_MESSAGE("test for setAttributes function:
set file attributes and get it to verify.",
static_cast<sal_uInt64>(osl_File_Attribute_ReadOnly |
osl_File_Attribute_GrpRead | osl_File_Attribute_OwnRead |
osl_File_Attribute_OthRead),
rFileStatus.getAttributes());
+ }
#else
// please see GetFileAttributes
auto nError2 = File::setAttributes(aTmpName6,
osl_File_Attribute_ReadOnly);
