Blame SOURCES/nss-modutil-skip-changepw-fips.patch
|
 |
744490 |
# HG changeset patch
|
|
|
744490 |
# User Daiki Ueno <dueno@redhat.com>
|
|
|
744490 |
# Date 1523546409 -7200
|
|
|
744490 |
# Thu Apr 12 17:20:09 2018 +0200
|
|
|
744490 |
# Node ID 919e116728f29263c17ec31716ac2bd04c10e9ca
|
|
|
744490 |
# Parent 2eefd697d661efb82a77c84d893e6fbceefdf458
|
|
|
744490 |
Bug 1453408, modutil -changepw fails in FIPS mode if password is an empty string
|
|
|
744490 |
|
|
|
744490 |
diff --git a/cmd/modutil/pk11.c b/cmd/modutil/pk11.c
|
|
|
744490 |
--- a/cmd/modutil/pk11.c
|
|
|
744490 |
+++ b/cmd/modutil/pk11.c
|
|
|
744490 |
@@ -764,6 +764,10 @@ ChangePW(char *tokenName, char *pwFile,
|
|
|
744490 |
ret = CHANGEPW_FAILED_ERR;
|
|
|
744490 |
goto loser;
|
|
|
744490 |
}
|
|
|
744490 |
+ } else if (PK11_IsFIPS() && *newpw == '\0' && PK11_CheckUserPassword(slot, newpw) == SECSuccess) {
|
|
|
744490 |
+ /* Workaround to suppress harmless error in FIPS mode:
|
|
|
744490 |
+ * When explicitly setting empty password while the old
|
|
|
744490 |
+ * password is also empty, skip */
|
|
|
744490 |
} else {
|
|
|
744490 |
if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) {
|
|
|
744490 |
PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName);
|