diff --git a/ocki-3.5-create-missing-tpm-token-lock-directory.patch b/ocki-3.5-create-missing-tpm-token-lock-directory.patch new file mode 100644 index 0000000..37f4cb4 --- /dev/null +++ b/ocki-3.5-create-missing-tpm-token-lock-directory.patch @@ -0,0 +1,83 @@ +commit aeea198cb8ea640cd37735365ee51a03aca67036 +Author: Vineetha Pai +Date: Mon Jul 18 15:41:24 2016 -0400 + + create missing tpm lock directory from tpm stdll. + tpm token does not use common/utility function to create token lock + directory. Hence the patch to create missing lock directories was not + working on tpm token. Modified the tpm stdll code to create the token + lock directory if it is missing on the system. + Signed-off-by: Vineetha Pai + +diff --git a/usr/lib/pkcs11/tpm_stdll/tpm_specific.c b/usr/lib/pkcs11/tpm_stdll/tpm_specific.c +index e7978d3..2a20d7d 100644 +--- a/usr/lib/pkcs11/tpm_stdll/tpm_specific.c ++++ b/usr/lib/pkcs11/tpm_stdll/tpm_specific.c +@@ -44,6 +44,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -3393,10 +3394,13 @@ int + token_specific_creatlock(void) + { + CK_BYTE lockfile[PATH_MAX]; ++ CK_BYTE lockdir[PATH_MAX]; + struct passwd *pw = NULL; + struct stat statbuf; + mode_t mode = (S_IRUSR|S_IWUSR|S_IXUSR); + int lockfd; ++ int ret = -1; ++ struct group *grp; + + /* get userid */ + if ((pw = getpwuid(getuid())) == NULL) { +@@ -3404,6 +3408,45 @@ token_specific_creatlock(void) + return -1; + } + ++ /** create lock subdir for each token if it doesn't exist. ++ * The root /var/lock/opencryptoki directory should be created in slotmgr ++ * daemon **/ ++ sprintf(lockdir, "%s/%s", LOCKDIR_PATH, SUB_DIR); ++ ++ ret = stat(lockdir, &statbuf); ++ if (ret != 0 && errno == ENOENT) { ++ /* dir does not exist, try to create it */ ++ ret = mkdir(lockdir, S_IRWXU|S_IRWXG); ++ if (ret != 0) { ++ OCK_SYSLOG(LOG_ERR, ++ "Directory(%s) missing: %s\n", ++ lockdir, ++ strerror(errno)); ++ goto err; ++ } ++ grp = getgrnam("pkcs11"); ++ if (grp == NULL) { ++ fprintf(stderr, "getgrname(pkcs11): %s", ++ strerror(errno)); ++ goto err; ++ } ++ /* set ownership to euid, and pkcs11 group */ ++ if (chown(lockdir, geteuid(), grp->gr_gid) != 0) { ++ fprintf(stderr, "Failed to set owner:group \ ++ ownership\ ++ on %s directory", lockdir); ++ goto err; ++ } ++ /* mkdir does not set group permission right, so ++ ** trying explictly here again */ ++ if (chmod(lockdir, S_IRWXU|S_IRWXG) != 0){ ++ fprintf(stderr, "Failed to change \ ++ permissions\ ++ on %s directory", lockdir); ++ goto err; ++ } ++ } ++ + /* create user-specific directory */ + sprintf(lockfile, "%s/%s/%s", LOCKDIR_PATH, SUB_DIR, pw->pw_name); + diff --git a/openCryptoki.changes b/openCryptoki.changes index 192d77b..d853817 100644 --- a/openCryptoki.changes +++ b/openCryptoki.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Jul 19 17:07:16 UTC 2016 - mpost@suse.com + +- Added ocki-3.5-create-missing-tpm-token-lock-directory.patch + (bsc#989602). + ------------------------------------------------------------------- Fri Jul 8 18:06:42 UTC 2016 - mpost@suse.com diff --git a/openCryptoki.spec b/openCryptoki.spec index bcad290..d47e664 100644 --- a/openCryptoki.spec +++ b/openCryptoki.spec @@ -70,6 +70,7 @@ Patch5: ocki-3.5-downgrade-syslogerror.patch Patch6: ocki-3.5-icsf-sessionhandle-missing-fix.patch Patch7: ocki-3.5-icsf-reasoncode-2028-added.patch Patch8: ocki-3.5-added-NULLreturn-check.patch +Patch9: ocki-3.5-create-missing-tpm-token-lock-directory.patch Url: https://sourceforge.net/projects/opencryptoki/ BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -156,6 +157,7 @@ Cryptographic Accelerator (FC 4960 on pSeries). %patch6 -p1 %patch7 -p1 %patch8 -p1 +%patch9 -p1 cp %{SOURCE2} .