diff options
| author | rcritten <> | 2011-03-02 21:12:05 +0000 |
|---|---|---|
| committer | rcritten <> | 2011-03-02 21:12:05 +0000 |
| commit | f656ffc036af239a4236f1c1fc97e32a809d470d (patch) | |
| tree | 334e7b4af59abcd246d345f2ddadb5a659c1598c /nss_pcache.c | |
| parent | 1a10bf6ecc79da62bba901758feaa134aa4d50ca (diff) | |
| download | mod_nss-f656ffc036af239a4236f1c1fc97e32a809d470d.tar.gz mod_nss-f656ffc036af239a4236f1c1fc97e32a809d470d.tar.xz mod_nss-f656ffc036af239a4236f1c1fc97e32a809d470d.zip | |
Add a semaphore lock around retrieving token PINs from the nss_pcache
pipe. Rarely requests to the pipe were getting overridden causing
that child to not enable SSL.
Fedora bug 677701
Diffstat (limited to 'nss_pcache.c')
| -rw-r--r-- | nss_pcache.c | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/nss_pcache.c b/nss_pcache.c index 3ba252e..800c0b6 100644 --- a/nss_pcache.c +++ b/nss_pcache.c @@ -21,6 +21,9 @@ #include <pk11func.h> #include <secmod.h> #include <signal.h> +#include <sys/types.h> +#include <sys/ipc.h> +#include <sys/sem.h> #include "nss_pcache.h" static char * getstr(const char * cmd, int el); @@ -70,6 +73,13 @@ struct Pk11PinStore unsigned char *crypt; }; +union semun { + int val; + struct semid_ds *buf; + unsigned short *array; + struct seminfo *__buf; +}; + /* * Node - for maintaining link list of tokens with cached PINs */ @@ -304,15 +314,19 @@ int main(int argc, char ** argv) char * tokenName; char * tokenpw; int fipsmode = 0; + int semid = 0; + union semun semarg; - if (argc < 3 || argc > 4) { + if (argc < 4 || argc > 5) { fprintf(stderr, "Usage: nss_pcache <fips on/off> <directory> <prefix>\n"); exit(1); } signal(SIGHUP, SIG_IGN); - if (!strcasecmp(argv[1], "on")) + semid = strtol(argv[1], NULL, 10); + + if (!strcasecmp(argv[2], "on")) fipsmode = 1; /* Initialize NSPR */ @@ -322,7 +336,7 @@ int main(int argc, char ** argv) PK11_ConfigurePKCS11(NULL,NULL,NULL, INTERNAL_TOKEN_NAME, NULL, NULL,NULL,NULL,8,1); /* Initialize NSS and open the certificate database read-only. */ - rv = NSS_Initialize(argv[2], argc == 4 ? argv[3] : NULL, argc == 4 ? argv[3] : NULL, "secmod.db", NSS_INIT_READONLY); + rv = NSS_Initialize(argv[3], argc == 4 ? argv[4] : NULL, argc == 5 ? argv[4] : NULL, "secmod.db", NSS_INIT_READONLY); if (rv != SECSuccess) { fprintf(stderr, "Unable to initialize NSS database: %d\n", rv); @@ -437,6 +451,11 @@ int main(int argc, char ** argv) } freeList(pinList); PR_Close(in); + /* Remove the semaphore used for locking here. This is because this + * program only goes away when Apache shuts down so we don't have to + * worry about reloads. + */ + semctl(semid, 0, IPC_RMID, semarg); return 0; } |