332 lines
9.0 KiB
Diff
332 lines
9.0 KiB
Diff
--- usr/lib/pkcs11/common/loadsave.c 2006-01-25 17:06:14.000000000 -0600
|
|
+++ usr/lib/pkcs11/common/loadsave.c 2006-01-25 18:02:20.000000000 -0600
|
|
@@ -320,9 +320,21 @@
|
|
void
|
|
set_perm(int file)
|
|
{
|
|
+#ifdef PER_USER_TOKEN
|
|
/* With per user data stores, we don't share the token data amongst a
|
|
* group. In fact, we want to restrict access to a single user */
|
|
fchmod(file,S_IRUSR|S_IWUSR);
|
|
+#else
|
|
+ struct group *grp;
|
|
+
|
|
+ // Set absolute permissions or rw-rw-r--
|
|
+ fchmod(file,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH);
|
|
+
|
|
+ grp = getgrnam("pkcs11"); // Obtain the group id
|
|
+ if (grp){
|
|
+ fchown(file,getuid(),grp->gr_gid); // set ownership to root, and pkcs11 group
|
|
+ }
|
|
+#endif
|
|
}
|
|
|
|
//
|
|
@@ -339,6 +351,7 @@
|
|
CK_ULONG clear_len, cipher_len;
|
|
#endif
|
|
CK_RV rc;
|
|
+#ifdef PER_USER_TOKEN
|
|
struct passwd *pw = NULL;
|
|
|
|
if ((pw = getpwuid(getuid())) == NULL){
|
|
@@ -347,6 +360,9 @@
|
|
}
|
|
|
|
sprintf((char *)fname,"%s/%s/%s",(char *)pk_dir, pw->pw_name, PK_LITE_NV);
|
|
+#else
|
|
+ sprintf((char *)fname,"%s/%s",(char *)pk_dir, PK_LITE_NV);
|
|
+#endif
|
|
|
|
rc = XProcLock( xproclock );
|
|
if (rc != CKR_OK){
|
|
@@ -440,6 +456,7 @@
|
|
#endif
|
|
CK_RV rc;
|
|
CK_BYTE fname[2048];
|
|
+#ifdef PER_USER_TOKEN
|
|
struct passwd *pw = NULL;
|
|
|
|
if ((pw = getpwuid(getuid())) == NULL){
|
|
@@ -448,6 +465,9 @@
|
|
}
|
|
|
|
sprintf((char *)fname,"%s/%s/%s",(char *)pk_dir, pw->pw_name, PK_LITE_NV);
|
|
+#else
|
|
+ sprintf((char *)fname,"%s/%s",pk_dir, PK_LITE_NV);
|
|
+#endif
|
|
|
|
rc = XProcLock( xproclock );
|
|
if (rc != CKR_OK){
|
|
@@ -507,8 +527,9 @@
|
|
CK_BYTE line[100];
|
|
CK_RV rc;
|
|
CK_BYTE fname[2048];
|
|
+#ifdef PER_USER_TOKEN
|
|
struct passwd *pw = NULL;
|
|
-
|
|
+#endif
|
|
|
|
if (object_is_private(obj) == TRUE)
|
|
rc = save_private_token_object( obj );
|
|
@@ -521,6 +542,7 @@
|
|
}
|
|
// update the index file if it exists
|
|
//
|
|
+#ifdef PER_USER_TOKEN
|
|
if ((pw = getpwuid(getuid())) == NULL){
|
|
LogError("getpwuid failed: %s", strerror(errno));
|
|
return CKR_FUNCTION_FAILED;
|
|
@@ -528,6 +550,9 @@
|
|
|
|
sprintf((char *)fname,"%s/%s/%s/%s",(char *)pk_dir, pw->pw_name,
|
|
PK_LITE_OBJ_DIR, PK_LITE_OBJ_IDX);
|
|
+#else
|
|
+ sprintf((char *)fname,"%s/%s/%s",pk_dir,PK_LITE_OBJ_DIR,PK_LITE_OBJ_IDX);
|
|
+#endif
|
|
|
|
//fp = fopen( "/tmp/TOK_OBJ/OBJ.IDX", "r" );
|
|
fp = fopen( (char *)fname, "r" );
|
|
@@ -579,6 +604,7 @@
|
|
CK_BBOOL flag = FALSE;
|
|
CK_RV rc;
|
|
CK_ULONG_32 total_len;
|
|
+#ifdef PER_USER_TOKEN
|
|
struct passwd *pw = NULL;
|
|
|
|
if ((pw = getpwuid(getuid())) == NULL){
|
|
@@ -588,6 +614,9 @@
|
|
|
|
sprintf((char *)fname,"%s/%s/%s/",(char *)pk_dir, pw->pw_name,
|
|
PK_LITE_OBJ_DIR);
|
|
+#else
|
|
+ sprintf( (char *)fname,"%s/%s/", pk_dir,PK_LITE_OBJ_DIR);
|
|
+#endif
|
|
|
|
//strcpy( fname, "/tmp/TOK_OBJ/" );
|
|
strncat( (char *)fname, (char *) obj->name, 8 );
|
|
@@ -643,6 +672,7 @@
|
|
CK_RV rc;
|
|
CK_ULONG_32 obj_data_len_32;
|
|
CK_ULONG_32 total_len;
|
|
+#ifdef PER_USER_TOKEN
|
|
struct passwd * pw = NULL;
|
|
|
|
if ((pw = getpwuid(getuid())) == NULL){
|
|
@@ -652,6 +682,9 @@
|
|
|
|
sprintf((char *)fname,"%s/%s/%s/",(char *)pk_dir, pw->pw_name,
|
|
PK_LITE_OBJ_DIR);
|
|
+#else
|
|
+ sprintf( (char *)fname,"%s/%s/", pk_dir,PK_LITE_OBJ_DIR);
|
|
+#endif
|
|
|
|
rc = object_flatten( obj, &obj_data, &obj_data_len );
|
|
obj_data_len_32 = obj_data_len;
|
|
@@ -777,6 +810,7 @@
|
|
CK_BYTE tmp[2048], fname[2048],iname[2048];
|
|
CK_BBOOL priv;
|
|
CK_ULONG_32 size;
|
|
+#ifdef PER_USER_TOKEN
|
|
struct passwd *pw = NULL;
|
|
|
|
if ((pw = getpwuid(getuid())) == NULL){
|
|
@@ -786,6 +820,9 @@
|
|
|
|
sprintf((char *)iname,"%s/%s/%s/%s",(char *)pk_dir, pw->pw_name,
|
|
PK_LITE_OBJ_DIR, PK_LITE_OBJ_IDX);
|
|
+#else
|
|
+ sprintf((char *)iname,"%s/%s/%s",pk_dir,PK_LITE_OBJ_DIR, PK_LITE_OBJ_IDX);
|
|
+#endif
|
|
|
|
//fp1 = fopen("/tmp/TOK_OBJ/OBJ.IDX", "r");
|
|
fp1 = fopen((char *)iname, "r");
|
|
@@ -798,7 +835,11 @@
|
|
tmp[ strlen((char *)tmp)-1 ] = 0;
|
|
|
|
//strcpy(fname,"/tmp/TOK_OBJ/");
|
|
+#ifdef PER_USER_TOKEN
|
|
sprintf((char *)fname,"%s/%s/%s/",pk_dir, pw->pw_name, PK_LITE_OBJ_DIR);
|
|
+#else
|
|
+ sprintf((char *)fname,"%s/%s/",pk_dir, PK_LITE_OBJ_DIR);
|
|
+#endif
|
|
strcat((char *)fname, (char *)tmp );
|
|
|
|
fp2 = fopen( (char *)fname, "r" );
|
|
@@ -849,6 +890,7 @@
|
|
CK_BBOOL priv;
|
|
CK_ULONG_32 size;
|
|
CK_RV rc;
|
|
+#ifdef PER_USER_TOKEN
|
|
struct passwd *pw = NULL;
|
|
|
|
if ((pw = getpwuid(getuid())) == NULL){
|
|
@@ -858,6 +900,9 @@
|
|
|
|
sprintf((char *)iname,"%s/%s/%s/%s",(char *)pk_dir, pw->pw_name,
|
|
PK_LITE_OBJ_DIR, PK_LITE_OBJ_IDX);
|
|
+#else
|
|
+ sprintf((char *)iname,"%s/%s/%s",pk_dir,PK_LITE_OBJ_DIR, PK_LITE_OBJ_IDX);
|
|
+#endif
|
|
|
|
//fp1 = fopen("/tmp/TOK_OBJ/OBJ.IDX", "r");
|
|
fp1 = fopen((char *)iname, "r");
|
|
@@ -870,7 +915,11 @@
|
|
tmp[ strlen((char *)tmp)-1 ] = 0;
|
|
|
|
//strcpy(fname,"/tmp/TOK_OBJ/");
|
|
+#ifdef PER_USER_TOKEN
|
|
sprintf((char *)fname,"%s/%s/%s/",pk_dir, pw->pw_name, PK_LITE_OBJ_DIR);
|
|
+#else
|
|
+ sprintf((char *)fname,"%s/%s/",pk_dir,PK_LITE_OBJ_DIR);
|
|
+#endif
|
|
strcat((char *)fname,(char *) tmp );
|
|
|
|
fp2 = fopen( (char *)fname, "r" );
|
|
@@ -1057,6 +1106,7 @@
|
|
CK_ULONG cipher_len, clear_len, hash_len;
|
|
CK_RV rc;
|
|
CK_BYTE fname[2048];
|
|
+#ifdef PER_USER_TOKEN
|
|
struct passwd * pw = NULL;
|
|
|
|
if ((pw = getpwuid(getuid())) == NULL){
|
|
@@ -1065,6 +1115,9 @@
|
|
}
|
|
|
|
sprintf((char *)fname,"%s/%s/MK_SO",(char *)pk_dir, pw->pw_name);
|
|
+#else
|
|
+ sprintf((char *)fname,"%s/MK_SO",pk_dir);
|
|
+#endif
|
|
|
|
memset( master_key, 0x0, 3*DES_KEY_SIZE );
|
|
|
|
@@ -1167,6 +1220,7 @@
|
|
CK_ULONG cipher_len, clear_len, hash_len;
|
|
CK_RV rc;
|
|
CK_BYTE fname[2048];
|
|
+#ifdef PER_USER_TOKEN
|
|
struct passwd * pw = NULL;
|
|
|
|
if ((pw = getpwuid(getuid())) == NULL){
|
|
@@ -1175,6 +1229,9 @@
|
|
}
|
|
|
|
sprintf((char *)fname,"%s/%s/MK_USER",(char *)pk_dir, pw->pw_name);
|
|
+#else
|
|
+ sprintf((char *)fname,"%s/MK_USER",pk_dir);
|
|
+#endif
|
|
|
|
memset( master_key, 0x0, 3*DES_KEY_SIZE );
|
|
|
|
@@ -1274,12 +1331,14 @@
|
|
CK_ULONG hash_len, cleartxt_len, ciphertxt_len, padded_len;
|
|
CK_RV rc;
|
|
CK_BYTE fname[2048];
|
|
+#ifdef PER_USER_TOKEN
|
|
struct passwd * pw = NULL;
|
|
|
|
if ((pw = getpwuid(getuid())) == NULL){
|
|
LogError("getpwuid failed: %s", strerror(errno));
|
|
return CKR_FUNCTION_FAILED;
|
|
}
|
|
+#endif
|
|
|
|
memcpy( mk.key, master_key, 3 * DES_KEY_SIZE);
|
|
|
|
@@ -1329,7 +1388,11 @@
|
|
//
|
|
// probably ought to ensure the permissions are correct
|
|
//
|
|
+#ifdef PER_USER_TOKEN
|
|
sprintf((char *)fname,"%s/%s/MK_SO",(char *)pk_dir, pw->pw_name);
|
|
+#else
|
|
+ sprintf((char *)fname,"%s/MK_SO",pk_dir);
|
|
+#endif
|
|
//fp = fopen( "/tmp/MK_SO", "w" );
|
|
fp = fopen( (char *)fname, "w" );
|
|
if (!fp) {
|
|
@@ -1369,12 +1432,14 @@
|
|
CK_ULONG hash_len, cleartxt_len, ciphertxt_len, padded_len;
|
|
CK_RV rc;
|
|
CK_BYTE fname[2048];
|
|
+#ifdef PER_USER_TOKEN
|
|
struct passwd * pw = NULL;
|
|
|
|
if ((pw = getpwuid(getuid())) == NULL){
|
|
LogError("getpwuid failed: %s", strerror(errno));
|
|
return CKR_FUNCTION_FAILED;
|
|
}
|
|
+#endif
|
|
|
|
memcpy( mk.key, master_key, 3 * DES_KEY_SIZE);
|
|
|
|
@@ -1426,7 +1491,11 @@
|
|
//
|
|
// probably ought to ensure the permissions are correct
|
|
//
|
|
+#ifdef PER_USER_TOKEN
|
|
sprintf((char *)fname,"%s/%s/MK_USER",(char *)pk_dir, pw->pw_name);
|
|
+#else
|
|
+ sprintf((char *)fname,"%s/MK_USER", pk_dir);
|
|
+#endif
|
|
//fp = fopen( "/tmp/MK_USER", "w" );
|
|
fp = fopen( (char *)fname, "w" );
|
|
if (!fp) {
|
|
@@ -1463,17 +1532,22 @@
|
|
CK_ULONG_32 size;
|
|
CK_ULONG size_64;
|
|
CK_RV rc;
|
|
+#ifdef PER_USER_TOKEN
|
|
struct passwd *pw = NULL;
|
|
|
|
if ((pw = getpwuid(getuid())) == NULL){
|
|
LogError("getpwuid failed: %s", strerror(errno));
|
|
return CKR_FUNCTION_FAILED;
|
|
}
|
|
-
|
|
+#endif
|
|
memset( (char *)fname, 0x0, sizeof(fname) );
|
|
|
|
+#ifdef PER_USER_TOKEN
|
|
sprintf((char *)fname,"%s/%s/%s/",(char *)pk_dir, pw->pw_name,
|
|
PK_LITE_OBJ_DIR);
|
|
+#else
|
|
+ sprintf((char *)fname,"%s/%s/",pk_dir, PK_LITE_OBJ_DIR);
|
|
+#endif
|
|
|
|
// strcpy(fname, "/tmp/TOK_OBJ/" );
|
|
strncat((char *)fname,(char *) obj->name, 8 );
|
|
@@ -1532,6 +1606,7 @@
|
|
FILE *fp1, *fp2;
|
|
CK_BYTE line[100];
|
|
CK_BYTE objidx[2048], idxtmp[2048],fname[2048];
|
|
+#ifdef PER_USER_TOKEN
|
|
struct passwd *pw = NULL;
|
|
|
|
if ((pw = getpwuid(getuid())) == NULL){
|
|
@@ -1543,7 +1618,10 @@
|
|
PK_LITE_OBJ_DIR, PK_LITE_OBJ_IDX);
|
|
sprintf((char *)idxtmp,"%s/%s/%s/%s",(char *)pk_dir, pw->pw_name,
|
|
PK_LITE_OBJ_DIR, "IDX.TMP");
|
|
-
|
|
+#else
|
|
+ sprintf((char *)objidx,"%s/%s/%s",pk_dir, PK_LITE_OBJ_DIR,PK_LITE_OBJ_IDX);
|
|
+ sprintf((char *)idxtmp,"%s/%s/%s",pk_dir, PK_LITE_OBJ_DIR, "IDX.TMP");
|
|
+#endif
|
|
|
|
// FIXME: on UNIX, we need to make sure these guys aren't symlinks
|
|
// before we blindly write to these files...
|
|
@@ -1600,7 +1678,11 @@
|
|
fclose(fp1);
|
|
fclose(fp2);
|
|
|
|
+#ifdef PER_USER_TOKEN
|
|
sprintf((char *)fname,"%s/%s/%s/%s",pk_dir, pw->pw_name, PK_LITE_OBJ_DIR, (char *)obj->name);
|
|
+#else
|
|
+ sprintf((char *)fname,"%s/%s/%s",pk_dir, PK_LITE_OBJ_DIR,(char *)obj->name);
|
|
+#endif
|
|
unlink((char *)fname);
|
|
return CKR_OK;
|
|
|