summaryrefslogtreecommitdiff
path: root/security/opencryptoki/files/patch-usr-lib-api-policy.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/opencryptoki/files/patch-usr-lib-api-policy.c')
-rw-r--r--security/opencryptoki/files/patch-usr-lib-api-policy.c39
1 files changed, 39 insertions, 0 deletions
diff --git a/security/opencryptoki/files/patch-usr-lib-api-policy.c b/security/opencryptoki/files/patch-usr-lib-api-policy.c
new file mode 100644
index 000000000000..af6fca6c14aa
--- /dev/null
+++ b/security/opencryptoki/files/patch-usr-lib-api-policy.c
@@ -0,0 +1,39 @@
+--- usr/lib/api/policy.c.orig 2022-04-25 11:04:51 UTC
++++ usr/lib/api/policy.c
+@@ -1178,10 +1178,10 @@ static CK_RV policy_check_cfg_file(FILE *fp, const cha
+ struct group *grp = NULL;
+ int err;
+
+- grp = getgrnam("pkcs11");
++ grp = getgrnam(PKCS11GROUP);
+ if (!grp) {
+- TRACE_ERROR("Could not retrieve \"pkcs11\" group!");
+- OCK_SYSLOG(LOG_ERR, "POLICY: Could not retrieve \"pkcs11\" group!");
++ TRACE_ERROR("Could not retrieve \"" PKCS11GROUP "\" group!");
++ OCK_SYSLOG(LOG_ERR, "POLICY: Could not retrieve \"" PKCS11GROUP "\" group!");
+ return CKR_GENERAL_ERROR;
+ }
+ if (fstat(fileno(fp), &statbuf)) {
+@@ -1200,16 +1200,17 @@ static CK_RV policy_check_cfg_file(FILE *fp, const cha
+ return CKR_GENERAL_ERROR;
+ }
+ if (statbuf.st_gid != grp->gr_gid) {
+- TRACE_ERROR("Policy configuration file %s should have group \"pkcs11\"!\n",
++ TRACE_ERROR("Policy configuration file %s should have group \"" PKCS11GROUP "\"!\n",
+ name);
+- OCK_SYSLOG(LOG_ERR, "POLICY: Configuration file %s should have group \"pkcs11\"!\n",
++ OCK_SYSLOG(LOG_ERR, "POLICY: Configuration file %s should have group \"" PKCS11GROUP "\"!\n",
+ name);
+ return CKR_GENERAL_ERROR;
+ }
+ if ((statbuf.st_mode & ~S_IFMT) != OCK_POLICY_PERMS) {
+- TRACE_ERROR("Configuration file %s has wrong permissions!\n", name);
+- OCK_SYSLOG(LOG_ERR, "POLICY: Configuration file %s has wrong permissions!\n",
+- name);
++ TRACE_ERROR("Configuration file %s must have %04o permission (was %04o)\n",
++ name, OCK_POLICY_PERMS, (statbuf.st_mode & ~S_IFMT));
++ OCK_SYSLOG(LOG_ERR, "POLICY: Configuration file %s must have %04o permission (is %04o)\n",
++ name, OCK_POLICY_PERMS, (statbuf.st_mode & ~S_IFMT));
+ return CKR_GENERAL_ERROR;
+ }
+ return CKR_OK;
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-06 04:51:48 +0000