Bug 1390154

Summary: SECMOD_OpenUserDB will allow multiple opens of the same database. [rhel-7]
Product: Red Hat Enterprise Linux 7 Reporter: Alicja Kario <hkario>
Component: nssAssignee: Daiki Ueno <dueno>
Status: CLOSED ERRATA QA Contact: Alicja Kario <hkario>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: hkario, kengert, mreynolds, nhosoi, rrelyea, szidek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: nss-3.28.3-4.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1387811 Environment:
Last Closed: 2017-08-01 16:47:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1387811    
Bug Blocks: 1352109, 1378209, 1425841, 1425952    
Attachments:
Description Flags
Patch cleans up handling different login states when more than one token is in use
none
Add ecc defaults to nss util none

Description Alicja Kario 2016-10-31 10:38:09 UTC 
+++ This bug was initially created as a clone of Bug #1387811 +++

Description of problem:
It's not always safe to have multiple instances of the same database open in the same process. Because of this, the NSS initialization code will automatically combine multiple database opens into a single one. There is another way, however, to open databases: SECMOD_OpenUserDB().

This multiple open combined with a bug in softoken leads to the issue in the slapd in FIPS mode described in bug https://bugzilla.redhat.com/show_bug.cgi?id=1352109.
Comment 3 Kai Engert (:kaie) (inactive account) 2016-11-15 12:39:43 UTC 
RHEL 7.4 will be rebased to NSS 3.28, which contains this bugfix.
Comment 16 Bob Relyea 2017-05-05 22:59:29 UTC 
Created attachment 1276706 [details]
Patch cleans up handling different login states when more than one token is in use
Comment 18 Bob Relyea 2017-05-05 23:23:22 UTC 
Created attachment 1276709 [details]
Add ecc defaults to nss util

This patch is relative to nss/lib/util . I think this code didn't make it upstream with the rest of the ECC default code.
Comment 20 mreynolds 2017-05-09 12:02:28 UTC 
Created new bug as requested to track the new fix:

https://bugzilla.redhat.com/show_bug.cgi?id=1449195
Comment 23 errata-xmlrpc 2017-08-01 16:47:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1977