forked from pool/openCryptoki
Marcus Meissner
ad9b7480fa
Latest patch from IBM. OBS-URL: https://build.opensuse.org/request/show/412843 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=38
84 lines
2.5 KiB
Diff
84 lines
2.5 KiB
Diff
commit aeea198cb8ea640cd37735365ee51a03aca67036
|
|
Author: Vineetha Pai <vpishar@us.ibm.com>
|
|
Date: Mon Jul 18 15:41:24 2016 -0400
|
|
|
|
create missing tpm lock directory from tpm stdll.
|
|
tpm token does not use common/utility function to create token lock
|
|
directory. Hence the patch to create missing lock directories was not
|
|
working on tpm token. Modified the tpm stdll code to create the token
|
|
lock directory if it is missing on the system.
|
|
Signed-off-by: Vineetha Pai <vpishar@us.ibm.com>
|
|
|
|
diff --git a/usr/lib/pkcs11/tpm_stdll/tpm_specific.c b/usr/lib/pkcs11/tpm_stdll/tpm_specific.c
|
|
index e7978d3..2a20d7d 100644
|
|
--- a/usr/lib/pkcs11/tpm_stdll/tpm_specific.c
|
|
+++ b/usr/lib/pkcs11/tpm_stdll/tpm_specific.c
|
|
@@ -44,6 +44,7 @@
|
|
#include <errno.h>
|
|
#include <pwd.h>
|
|
#include <syslog.h>
|
|
+#include <grp.h>
|
|
|
|
#include <openssl/des.h>
|
|
#include <openssl/rand.h>
|
|
@@ -3393,10 +3394,13 @@ int
|
|
token_specific_creatlock(void)
|
|
{
|
|
CK_BYTE lockfile[PATH_MAX];
|
|
+ CK_BYTE lockdir[PATH_MAX];
|
|
struct passwd *pw = NULL;
|
|
struct stat statbuf;
|
|
mode_t mode = (S_IRUSR|S_IWUSR|S_IXUSR);
|
|
int lockfd;
|
|
+ int ret = -1;
|
|
+ struct group *grp;
|
|
|
|
/* get userid */
|
|
if ((pw = getpwuid(getuid())) == NULL) {
|
|
@@ -3404,6 +3408,45 @@ token_specific_creatlock(void)
|
|
return -1;
|
|
}
|
|
|
|
+ /** create lock subdir for each token if it doesn't exist.
|
|
+ * The root /var/lock/opencryptoki directory should be created in slotmgr
|
|
+ * daemon **/
|
|
+ sprintf(lockdir, "%s/%s", LOCKDIR_PATH, SUB_DIR);
|
|
+
|
|
+ ret = stat(lockdir, &statbuf);
|
|
+ if (ret != 0 && errno == ENOENT) {
|
|
+ /* dir does not exist, try to create it */
|
|
+ ret = mkdir(lockdir, S_IRWXU|S_IRWXG);
|
|
+ if (ret != 0) {
|
|
+ OCK_SYSLOG(LOG_ERR,
|
|
+ "Directory(%s) missing: %s\n",
|
|
+ lockdir,
|
|
+ strerror(errno));
|
|
+ goto err;
|
|
+ }
|
|
+ grp = getgrnam("pkcs11");
|
|
+ if (grp == NULL) {
|
|
+ fprintf(stderr, "getgrname(pkcs11): %s",
|
|
+ strerror(errno));
|
|
+ goto err;
|
|
+ }
|
|
+ /* set ownership to euid, and pkcs11 group */
|
|
+ if (chown(lockdir, geteuid(), grp->gr_gid) != 0) {
|
|
+ fprintf(stderr, "Failed to set owner:group \
|
|
+ ownership\
|
|
+ on %s directory", lockdir);
|
|
+ goto err;
|
|
+ }
|
|
+ /* mkdir does not set group permission right, so
|
|
+ ** trying explictly here again */
|
|
+ if (chmod(lockdir, S_IRWXU|S_IRWXG) != 0){
|
|
+ fprintf(stderr, "Failed to change \
|
|
+ permissions\
|
|
+ on %s directory", lockdir);
|
|
+ goto err;
|
|
+ }
|
|
+ }
|
|
+
|
|
/* create user-specific directory */
|
|
sprintf(lockfile, "%s/%s/%s", LOCKDIR_PATH, SUB_DIR, pw->pw_name);
|
|
|