From 8c29eeec6a07699a7d611b7b5b0a17c1758f2d05 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C3=BA=C5=A1=20Hon=C4=9Bk?= <mhonek@redhat.com>
Date: Wed, 31 Jan 2018 21:47:33 +0100
Subject: [PATCH] MozNSS Compat. Layer: fix PIN disclaimer not always shown

- ad #1516409#c7 case 1

(cherry picked from commit 6e2bfcadc598ed202cc77e34d5bfdea3d6ed8fbe)
(orginally #1516409)

Related: #1400570
---
 openldap-tlsmc.patch | 10 +++++-----
 openldap.spec        |  1 +
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/openldap-tlsmc.patch b/openldap-tlsmc.patch
index b05847a..dc5ce33 100644
--- a/openldap-tlsmc.patch
+++ b/openldap-tlsmc.patch
@@ -1,7 +1,7 @@
 MozNSS Interception Code
 
 Author: Matus Honek <mhonek@redhat.com>
-Date: Tue Jan 30 17:46:02 CET 2018
+Date: Wed Jan 31 21:44:47 CET 2018
 diff --git a/configure.in b/configure.in
 --- a/configure.in
 +++ b/configure.in
@@ -642,10 +642,6 @@ new file mode 100644
 +	char *token_name = NULL;
 +	char *pwdstr = NULL;
 +
-+	Debug( LDAP_DEBUG_ANY,
-+	       "tlsmc_get_pin: INFO: Please note the extracted key file will not be protected with a PIN any more, however it will be still protected at least by file permissions.\n",
-+	       0, 0, 0 );
-+
 +	token_name = PK11_GetTokenName( slot );
 +	/* Try to get the passwords from the password file if it exists.
 +	 * THIS IS UNSAFE and is provided for convenience only. Without this
@@ -653,6 +649,8 @@ new file mode 100644
 +	 * if using an encrypted key.
 +	 */
 +	if ( filename ) {
++		fprintf( stderr,
++		         "tlsmc_get_pin: INFO: Please note the extracted key file will not be protected with a PIN any more, however it will be still protected at least by file permissions.\n");
 +		pwdstr = tlsmc_get_pin_from_file( token_name, (char *)filename );
 +		if ( retry && pwdstr != NULL )
 +			return NULL;
@@ -663,6 +661,8 @@ new file mode 100644
 +		unsigned char phrase[200];
 +		/* Prompt for password */
 +		if ( isTTY ) {
++			fprintf( stderr,
++			         "tlsmc_get_pin: INFO: Please note the extracted key file will not be protected with a PIN any more, however it will be still protected at least by file permissions.\n");
 +			fprintf( stdout,
 +				 "Please enter pin, password, or pass phrase for security token '%s': ",
 +				 token_name ? token_name : DEFAULT_TOKEN_NAME );
diff --git a/openldap.spec b/openldap.spec
index 1de9d70..449b06f 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -518,6 +518,7 @@ exit 0
 %changelog
 * Wed Feb  7 2018 Matus Honek <mhonek@redhat.com> - 2.4.45-7
 - MozNSS Compat. Layer fixes (#1400570)
+  - fix PIN disclaimer not always shown (orig. #1516409)
   - fix recursive directory deletion (orig. #1516409)
   - Ensure consistency of a PEM dir before usage (orig. #1516409)
     + Warn just before use of a PIN about key file extraction