From 95064291fe13d4ed98e195946d931fe779f8a48f Mon Sep 17 00:00:00 2001
From: Joy Latten <jmlatten@linux.vnet.ibm.com>
Date: Fri, 17 Jan 2014 10:33:19 -0600
Subject: [PATCH] Problem: A regular user in pkcs11 group cannot issue pkcsconf
 -t. When shm_open() creates shared memory object, it honors umask of the
 caller. This patch ensures the shared memory has expected permissions when it
 is created.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>
Signed-off-by: Dan Horák <dan@danny.cz>
---
 usr/lib/pkcs11/common/shared_memory.c | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/usr/lib/pkcs11/common/shared_memory.c b/usr/lib/pkcs11/common/shared_memory.c
index a8710c5..bf0411d 100644
--- a/usr/lib/pkcs11/common/shared_memory.c
+++ b/usr/lib/pkcs11/common/shared_memory.c
@@ -161,12 +161,29 @@ sm_open(const char *sm_name, int mode, void **p_addr, size_t len, int force)
 		goto done;
 	}
 
-	fd = shm_open(name, O_RDWR | O_CREAT, mode);
+	/* try and open first... */
+	fd = shm_open(name, O_RDWR, mode);
 	if (fd < 0) {
-		rc = -errno;
-		SYS_ERROR(errno, "Failed to open shared memory \"%s\".\n",
-				name);
-		goto done;
+		/* maybe it needs to be created ... */
+		fd = shm_open(name, O_RDWR | O_CREAT, mode);
+		if (fd < 0) {
+			rc = -errno;
+			SYS_ERROR(errno,
+				  "Failed to open shared memory \"%s\".\n",
+				  name);
+			goto done;
+		} else {
+			/* umask may have altered permissions if we created
+			 * the shared memory in above call, so set proper
+			 * permissions just in case.
+			 */
+			if (fchmod(fd, mode) == -1) {
+				rc = -errno;
+				SYS_ERROR(errno, "fchmod(%s): %s\n",
+						name, strerror(errno));
+				goto done;
+			}
+		}
 	}
 
 	/*
-- 
1.8.1.4