Previously, when user tried start corosync-qnetd without
initialized NSS database then generic (not very helpful
and misleading) NSS error was logged
"NSS error (-8015): The certificate/key database is in an old,
unsupported format.".
Solution is to check if it's possible to open NSS DB directory and
display (usually much more informative) result of strerror function.
Such check is called before fork, so init system can return error code
during start.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
/*
- * Copyright (c) 2015-2016 Red Hat, Inc.
+ * Copyright (c) 2015-2019 Red Hat, Inc.
*
* All rights reserved.
*
qnetd_log_set_debug(debug_log);
qnetd_log_set_priority_bump(bump_log_priority);
+ /*
+ * Check that it's possible to open NSS dir if needed
+ */
+ if (nss_sock_check_db_dir((tls_supported != TLV_TLS_UNSUPPORTED ?
+ advanced_settings.nss_db_dir : NULL)) != 0) {
+ qnetd_log_err(LOG_ERR, "Can't open NSS DB directory");
+
+ exit (1);
+ }
+
/*
* Daemonize
*/
/*
- * Copyright (c) 2015-2016 Red Hat, Inc.
+ * Copyright (c) 2015-2019 Red Hat, Inc.
*
* All rights reserved.
*
* THE POSSIBILITY OF SUCH DAMAGE.
*/
+#include <sys/types.h>
+
+#include <dirent.h>
#include <limits.h>
#include "nss-sock.h"
return (0);
}
+int
+nss_sock_check_db_dir(const char *config_dir)
+{
+ DIR *dirp;
+
+ if (config_dir == NULL) {
+ return (0);
+ }
+
+ if ((dirp = opendir(config_dir)) == NULL) {
+ return (-1);
+ }
+
+ (void)closedir(dirp);
+
+ return (0);
+}
+
/*
* Set NSS socket non-blocking
*/
/*
- * Copyright (c) 2015-2016 Red Hat, Inc.
+ * Copyright (c) 2015-2019 Red Hat, Inc.
*
* All rights reserved.
*
extern int nss_sock_init_nss(char *config_dir);
+extern int nss_sock_check_db_dir(const char *config_dir);
+
extern PRFileDesc *nss_sock_create_listen_socket(const char *hostname, uint16_t port,
PRIntn af);