diff options
| author | Hiroki Sato <hrs@FreeBSD.org> | 2022-05-06 17:31:40 +0900 |
|---|---|---|
| committer | Hiroki Sato <hrs@FreeBSD.org> | 2022-05-06 17:32:09 +0900 |
| commit | cd09274aa2c59b5a06508ed00bf5bded7b7b6213 (patch) | |
| tree | 9089f1274785e194391aa2e01883fa0e37af02e2 /security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c | |
| parent | package: fix inverted logic (diff) | |
security/opencryptoki: update to 3.18.0
Diffstat (limited to 'security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c')
| -rw-r--r-- | security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c | 127 |
1 files changed, 96 insertions, 31 deletions
diff --git a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c index 85029168445c..e5755ab0f517 100644 --- a/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c +++ b/security/opencryptoki/files/patch-usr-sbin-pkcsslotd-socket_server.c @@ -1,45 +1,110 @@ ---- usr/sbin/pkcsslotd/socket_server.c.orig 2018-11-16 14:53:03 UTC +--- usr/sbin/pkcsslotd/socket_server.c.orig 2022-04-25 11:04:51 UTC +++ usr/sbin/pkcsslotd/socket_server.c -@@ -19,6 +19,9 @@ - #include <sys/select.h> - #include <sys/stat.h> - #include <grp.h> -+#ifndef SOCK_NONBLOCK -+#include <fcntl.h> +@@ -18,6 +18,9 @@ + #include <stdlib.h> + #include <fcntl.h> + ++#if defined(__FreeBSD__) ++#include <sys/ucred.h> ++#endif + #include <sys/time.h> + #include <sys/socket.h> + #include <sys/un.h> +@@ -641,7 +644,11 @@ static int proc_new_conn(int socket, struct listener_i + struct proc_conn_info *conn; + struct event_info *event; + DL_NODE *list, *node; ++#if !defined(__FreeBSD__) + struct ucred ucred; ++#else ++ struct xucred ucred; +#endif + socklen_t len; + int rc = 0; - #include "log.h" - #include "slotmgr.h" -@@ -34,11 +37,23 @@ int CreateListenerSocket(void) - struct group *grp; - int socketfd; +@@ -661,21 +668,34 @@ static int proc_new_conn(int socket, struct listener_i + DbgLog(DL3, "%s: process conn: %p", __func__, conn); -+#ifdef SOCK_NONBLOCK - socketfd = socket(PF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0); + len = sizeof(ucred); ++#if !defined(__FreeBSD__) + rc = getsockopt(socket, SOL_SOCKET, SO_PEERCRED, &ucred, &len); +#else -+ socketfd = socket(PF_UNIX, SOCK_STREAM, 0); ++ rc = getsockopt(socket, 0, LOCAL_PEERCRED, &ucred, &len); +#endif - if (socketfd < 0) { - ErrLog("Failed to create listener socket, errno 0x%X.", errno); - return -1; + if (rc != 0 || len != sizeof(ucred)) { + rc = -errno; +- ErrLog("%s: failed get credentials of peer process: %s", +- strerror(-rc), __func__); ++ ErrLog("%s: failed get credentials of peer process: %s (len=%zu)", ++ __func__, strerror(-rc), len); + goto out; } -+#ifndef SOCK_NONBLOCK -+ if (fcntl(socketfd, F_SETFL, -+ fcntl(socketfd, F_GETFL) | O_NONBLOCK) < 0) { -+ ErrLog("Failed to set listener non-block, errno 0x%X.", errno); -+ close(socketfd); -+ return -1; -+ } + ++#if !defined(__FreeBSD__) + DbgLog(DL3, "%s: process pid: %u uid: %u gid: %u", __func__, + ucred.pid, ucred.uid, ucred.gid); + + conn->client_cred.real_pid = ucred.pid; + conn->client_cred.real_uid = ucred.uid; + conn->client_cred.real_gid = ucred.gid; ++#else ++ DbgLog(DL3, "%s: process pid: %u uid: %u gid: %u", __func__, ++ ucred.cr_pid, ucred.cr_uid, ucred.cr_gid); + ++ conn->client_cred.real_pid = ucred.cr_pid; ++ conn->client_cred.real_uid = ucred.cr_uid; ++ conn->client_cred.real_gid = ucred.cr_gid; +#endif - if (unlink(SOCKET_FILE_PATH) && errno != ENOENT) { - ErrLog("Failed to unlink socket file, errno 0x%X.", errno); - close(socketfd); -@@ -57,7 +72,7 @@ int CreateListenerSocket(void) ++ + /* Add currently pending events to this connection */ + node = dlist_get_first(pending_events); + while (node != NULL) { +@@ -1280,13 +1300,13 @@ static int listener_socket_create(const char *file_pat + if (bind(listener_socket, + (struct sockaddr *) &address, sizeof(struct sockaddr_un)) != 0) { + err = errno; +- ErrLog("%s: Failed to bind to socket, errno %d (%s).", __func__, err, +- strerror(err)); ++ ErrLog("%s: Failed to bind to socket, errno %d (%s): %s", __func__, err, ++ strerror(err), address.sun_path); + goto error; } // make socket file part of the pkcs11 group, and write accessable // for that group - grp = getgrnam("pkcs11"); + grp = getgrnam(PKCS11GROUP); if (!grp) { - ErrLog("Group PKCS#11 does not exist"); - DetachSocketListener(socketfd); + ErrLog("%s: Group PKCS#11 does not exist", __func__); + goto error; +@@ -1408,7 +1428,9 @@ static int listener_create(const char *file_path, + if (listener->socket < 0) + return FALSE; + ++ memset(&evt, 0, sizeof(evt)); + evt.events = EPOLLIN | EPOLLET; ++ evt.data.fd = listener->socket; + evt.data.ptr = &listener->ep_info; + rc = epoll_ctl(epoll_fd, EPOLL_CTL_ADD, listener->socket, &evt); + if (rc != 0) { +@@ -1693,8 +1715,8 @@ int socket_connection_handler(int timeout_secs) + err = errno; + if (err == EINTR) + continue; +- ErrLog("%s: epoll_wait failed, errno %d (%s).", __func__, err, +- strerror(err)); ++ ErrLog("%s: epoll_wait failed, errno %d (%s): %d", __func__, err, ++ strerror(err), epoll_fd); + return FALSE; + } + +@@ -1730,8 +1752,8 @@ int init_socket_server(int event_support_disabled) + epoll_fd = epoll_create1(0); + if (epoll_fd < 0) { + err = errno; +- ErrLog("%s: Failed to open epoll socket, errno %d (%s).", __func__, err, +- strerror(err)); ++ ErrLog("%s: Failed to open epoll socket, errno %d (%s): %d", __func__, err, ++ strerror(err), epoll_fd); + return FALSE; + } + |