xmlsecurity: fix init of temp NSS DB when running with uid 0

The problem is that in SecurityEnvironment_NssImpl::insertPrivateKey()
the PK11_ImportDERPrivateKeyInfoAndReturnKey() fails because
NSC_CreateObject() finds a slot->needLogin = 1.

This value is set during the first NSS_InitReadWrite() in
nsscrypto_initialize(), usually this fails, and the fallback path ends
up calling PK11_InitPin(), which sets slot->needLogin = 0, whereas
running with uid 0, the first call succeeds and PK11_InitPin() wasn't
called.

This causes test failures in CppunitTest_desktop_lib
testInsertCertificate_PEM_ODT.

Change-Id: I302ff17493f9b4d74ceae9da6831a5af87d7f622
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/133575
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>

1 files changed, 13 insertions, 8 deletions

diff --git a/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
index 75db8de5bcb5..80d4e108ac3e 100644
--- a/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
+++ b/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
@@ -405,15 +405,20 @@ bool nsscrypto_initialize(css::uno::Reference<css::uno::XComponentContext> const
             }
             return false;
         }
-        // Initialize and set empty password if needed
-        PK11SlotInfo* pSlot = PK11_GetInternalKeySlot();
-        if (pSlot)
-        {
-            if (PK11_NeedUserInit(pSlot))
-                PK11_InitPin(pSlot, nullptr, nullptr);
-            PK11_FreeSlot(pSlot);
-        }
     }
+
+    // Initialize and set empty password if needed
+    // note: it's possible that the first NSS_InitReadWrite() succeeds by
+    // creating a new DB; in this case it may also be necessary to call
+    // PK11_InitPin()
+    PK11SlotInfo* pSlot = PK11_GetInternalKeySlot();
+    if (pSlot)
+    {
+        if (PK11_NeedUserInit(pSlot))
+            PK11_InitPin(pSlot, nullptr, nullptr);
+        PK11_FreeSlot(pSlot);
+    }
+
     out_nss_init = true;
 
 #ifdef XMLSEC_CRYPTO_NSS