SHA256
1
0
forked from pool/openCryptoki
openCryptoki/openCryptoki-per_user.patch

332 lines
9.0 KiB
Diff

--- usr/lib/pkcs11/common/loadsave.c 2006-01-25 17:06:14.000000000 -0600
+++ usr/lib/pkcs11/common/loadsave.c 2006-01-25 18:02:20.000000000 -0600
@@ -320,9 +320,21 @@
void
set_perm(int file)
{
+#ifdef PER_USER_TOKEN
/* With per user data stores, we don't share the token data amongst a
* group. In fact, we want to restrict access to a single user */
fchmod(file,S_IRUSR|S_IWUSR);
+#else
+ struct group *grp;
+
+ // Set absolute permissions or rw-rw-r--
+ fchmod(file,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH);
+
+ grp = getgrnam("pkcs11"); // Obtain the group id
+ if (grp){
+ fchown(file,getuid(),grp->gr_gid); // set ownership to root, and pkcs11 group
+ }
+#endif
}
//
@@ -339,6 +351,7 @@
CK_ULONG clear_len, cipher_len;
#endif
CK_RV rc;
+#ifdef PER_USER_TOKEN
struct passwd *pw = NULL;
if ((pw = getpwuid(getuid())) == NULL){
@@ -347,6 +360,9 @@
}
sprintf((char *)fname,"%s/%s/%s",(char *)pk_dir, pw->pw_name, PK_LITE_NV);
+#else
+ sprintf((char *)fname,"%s/%s",(char *)pk_dir, PK_LITE_NV);
+#endif
rc = XProcLock( xproclock );
if (rc != CKR_OK){
@@ -440,6 +456,7 @@
#endif
CK_RV rc;
CK_BYTE fname[2048];
+#ifdef PER_USER_TOKEN
struct passwd *pw = NULL;
if ((pw = getpwuid(getuid())) == NULL){
@@ -448,6 +465,9 @@
}
sprintf((char *)fname,"%s/%s/%s",(char *)pk_dir, pw->pw_name, PK_LITE_NV);
+#else
+ sprintf((char *)fname,"%s/%s",pk_dir, PK_LITE_NV);
+#endif
rc = XProcLock( xproclock );
if (rc != CKR_OK){
@@ -507,8 +527,9 @@
CK_BYTE line[100];
CK_RV rc;
CK_BYTE fname[2048];
+#ifdef PER_USER_TOKEN
struct passwd *pw = NULL;
-
+#endif
if (object_is_private(obj) == TRUE)
rc = save_private_token_object( obj );
@@ -521,6 +542,7 @@
}
// update the index file if it exists
//
+#ifdef PER_USER_TOKEN
if ((pw = getpwuid(getuid())) == NULL){
LogError("getpwuid failed: %s", strerror(errno));
return CKR_FUNCTION_FAILED;
@@ -528,6 +550,9 @@
sprintf((char *)fname,"%s/%s/%s/%s",(char *)pk_dir, pw->pw_name,
PK_LITE_OBJ_DIR, PK_LITE_OBJ_IDX);
+#else
+ sprintf((char *)fname,"%s/%s/%s",pk_dir,PK_LITE_OBJ_DIR,PK_LITE_OBJ_IDX);
+#endif
//fp = fopen( "/tmp/TOK_OBJ/OBJ.IDX", "r" );
fp = fopen( (char *)fname, "r" );
@@ -579,6 +604,7 @@
CK_BBOOL flag = FALSE;
CK_RV rc;
CK_ULONG_32 total_len;
+#ifdef PER_USER_TOKEN
struct passwd *pw = NULL;
if ((pw = getpwuid(getuid())) == NULL){
@@ -588,6 +614,9 @@
sprintf((char *)fname,"%s/%s/%s/",(char *)pk_dir, pw->pw_name,
PK_LITE_OBJ_DIR);
+#else
+ sprintf( (char *)fname,"%s/%s/", pk_dir,PK_LITE_OBJ_DIR);
+#endif
//strcpy( fname, "/tmp/TOK_OBJ/" );
strncat( (char *)fname, (char *) obj->name, 8 );
@@ -643,6 +672,7 @@
CK_RV rc;
CK_ULONG_32 obj_data_len_32;
CK_ULONG_32 total_len;
+#ifdef PER_USER_TOKEN
struct passwd * pw = NULL;
if ((pw = getpwuid(getuid())) == NULL){
@@ -652,6 +682,9 @@
sprintf((char *)fname,"%s/%s/%s/",(char *)pk_dir, pw->pw_name,
PK_LITE_OBJ_DIR);
+#else
+ sprintf( (char *)fname,"%s/%s/", pk_dir,PK_LITE_OBJ_DIR);
+#endif
rc = object_flatten( obj, &obj_data, &obj_data_len );
obj_data_len_32 = obj_data_len;
@@ -777,6 +810,7 @@
CK_BYTE tmp[2048], fname[2048],iname[2048];
CK_BBOOL priv;
CK_ULONG_32 size;
+#ifdef PER_USER_TOKEN
struct passwd *pw = NULL;
if ((pw = getpwuid(getuid())) == NULL){
@@ -786,6 +820,9 @@
sprintf((char *)iname,"%s/%s/%s/%s",(char *)pk_dir, pw->pw_name,
PK_LITE_OBJ_DIR, PK_LITE_OBJ_IDX);
+#else
+ sprintf((char *)iname,"%s/%s/%s",pk_dir,PK_LITE_OBJ_DIR, PK_LITE_OBJ_IDX);
+#endif
//fp1 = fopen("/tmp/TOK_OBJ/OBJ.IDX", "r");
fp1 = fopen((char *)iname, "r");
@@ -798,7 +835,11 @@
tmp[ strlen((char *)tmp)-1 ] = 0;
//strcpy(fname,"/tmp/TOK_OBJ/");
+#ifdef PER_USER_TOKEN
sprintf((char *)fname,"%s/%s/%s/",pk_dir, pw->pw_name, PK_LITE_OBJ_DIR);
+#else
+ sprintf((char *)fname,"%s/%s/",pk_dir, PK_LITE_OBJ_DIR);
+#endif
strcat((char *)fname, (char *)tmp );
fp2 = fopen( (char *)fname, "r" );
@@ -849,6 +890,7 @@
CK_BBOOL priv;
CK_ULONG_32 size;
CK_RV rc;
+#ifdef PER_USER_TOKEN
struct passwd *pw = NULL;
if ((pw = getpwuid(getuid())) == NULL){
@@ -858,6 +900,9 @@
sprintf((char *)iname,"%s/%s/%s/%s",(char *)pk_dir, pw->pw_name,
PK_LITE_OBJ_DIR, PK_LITE_OBJ_IDX);
+#else
+ sprintf((char *)iname,"%s/%s/%s",pk_dir,PK_LITE_OBJ_DIR, PK_LITE_OBJ_IDX);
+#endif
//fp1 = fopen("/tmp/TOK_OBJ/OBJ.IDX", "r");
fp1 = fopen((char *)iname, "r");
@@ -870,7 +915,11 @@
tmp[ strlen((char *)tmp)-1 ] = 0;
//strcpy(fname,"/tmp/TOK_OBJ/");
+#ifdef PER_USER_TOKEN
sprintf((char *)fname,"%s/%s/%s/",pk_dir, pw->pw_name, PK_LITE_OBJ_DIR);
+#else
+ sprintf((char *)fname,"%s/%s/",pk_dir,PK_LITE_OBJ_DIR);
+#endif
strcat((char *)fname,(char *) tmp );
fp2 = fopen( (char *)fname, "r" );
@@ -1057,6 +1106,7 @@
CK_ULONG cipher_len, clear_len, hash_len;
CK_RV rc;
CK_BYTE fname[2048];
+#ifdef PER_USER_TOKEN
struct passwd * pw = NULL;
if ((pw = getpwuid(getuid())) == NULL){
@@ -1065,6 +1115,9 @@
}
sprintf((char *)fname,"%s/%s/MK_SO",(char *)pk_dir, pw->pw_name);
+#else
+ sprintf((char *)fname,"%s/MK_SO",pk_dir);
+#endif
memset( master_key, 0x0, 3*DES_KEY_SIZE );
@@ -1167,6 +1220,7 @@
CK_ULONG cipher_len, clear_len, hash_len;
CK_RV rc;
CK_BYTE fname[2048];
+#ifdef PER_USER_TOKEN
struct passwd * pw = NULL;
if ((pw = getpwuid(getuid())) == NULL){
@@ -1175,6 +1229,9 @@
}
sprintf((char *)fname,"%s/%s/MK_USER",(char *)pk_dir, pw->pw_name);
+#else
+ sprintf((char *)fname,"%s/MK_USER",pk_dir);
+#endif
memset( master_key, 0x0, 3*DES_KEY_SIZE );
@@ -1274,12 +1331,14 @@
CK_ULONG hash_len, cleartxt_len, ciphertxt_len, padded_len;
CK_RV rc;
CK_BYTE fname[2048];
+#ifdef PER_USER_TOKEN
struct passwd * pw = NULL;
if ((pw = getpwuid(getuid())) == NULL){
LogError("getpwuid failed: %s", strerror(errno));
return CKR_FUNCTION_FAILED;
}
+#endif
memcpy( mk.key, master_key, 3 * DES_KEY_SIZE);
@@ -1329,7 +1388,11 @@
//
// probably ought to ensure the permissions are correct
//
+#ifdef PER_USER_TOKEN
sprintf((char *)fname,"%s/%s/MK_SO",(char *)pk_dir, pw->pw_name);
+#else
+ sprintf((char *)fname,"%s/MK_SO",pk_dir);
+#endif
//fp = fopen( "/tmp/MK_SO", "w" );
fp = fopen( (char *)fname, "w" );
if (!fp) {
@@ -1369,12 +1432,14 @@
CK_ULONG hash_len, cleartxt_len, ciphertxt_len, padded_len;
CK_RV rc;
CK_BYTE fname[2048];
+#ifdef PER_USER_TOKEN
struct passwd * pw = NULL;
if ((pw = getpwuid(getuid())) == NULL){
LogError("getpwuid failed: %s", strerror(errno));
return CKR_FUNCTION_FAILED;
}
+#endif
memcpy( mk.key, master_key, 3 * DES_KEY_SIZE);
@@ -1426,7 +1491,11 @@
//
// probably ought to ensure the permissions are correct
//
+#ifdef PER_USER_TOKEN
sprintf((char *)fname,"%s/%s/MK_USER",(char *)pk_dir, pw->pw_name);
+#else
+ sprintf((char *)fname,"%s/MK_USER", pk_dir);
+#endif
//fp = fopen( "/tmp/MK_USER", "w" );
fp = fopen( (char *)fname, "w" );
if (!fp) {
@@ -1463,17 +1532,22 @@
CK_ULONG_32 size;
CK_ULONG size_64;
CK_RV rc;
+#ifdef PER_USER_TOKEN
struct passwd *pw = NULL;
if ((pw = getpwuid(getuid())) == NULL){
LogError("getpwuid failed: %s", strerror(errno));
return CKR_FUNCTION_FAILED;
}
-
+#endif
memset( (char *)fname, 0x0, sizeof(fname) );
+#ifdef PER_USER_TOKEN
sprintf((char *)fname,"%s/%s/%s/",(char *)pk_dir, pw->pw_name,
PK_LITE_OBJ_DIR);
+#else
+ sprintf((char *)fname,"%s/%s/",pk_dir, PK_LITE_OBJ_DIR);
+#endif
// strcpy(fname, "/tmp/TOK_OBJ/" );
strncat((char *)fname,(char *) obj->name, 8 );
@@ -1532,6 +1606,7 @@
FILE *fp1, *fp2;
CK_BYTE line[100];
CK_BYTE objidx[2048], idxtmp[2048],fname[2048];
+#ifdef PER_USER_TOKEN
struct passwd *pw = NULL;
if ((pw = getpwuid(getuid())) == NULL){
@@ -1543,7 +1618,10 @@
PK_LITE_OBJ_DIR, PK_LITE_OBJ_IDX);
sprintf((char *)idxtmp,"%s/%s/%s/%s",(char *)pk_dir, pw->pw_name,
PK_LITE_OBJ_DIR, "IDX.TMP");
-
+#else
+ sprintf((char *)objidx,"%s/%s/%s",pk_dir, PK_LITE_OBJ_DIR,PK_LITE_OBJ_IDX);
+ sprintf((char *)idxtmp,"%s/%s/%s",pk_dir, PK_LITE_OBJ_DIR, "IDX.TMP");
+#endif
// FIXME: on UNIX, we need to make sure these guys aren't symlinks
// before we blindly write to these files...
@@ -1600,7 +1678,11 @@
fclose(fp1);
fclose(fp2);
+#ifdef PER_USER_TOKEN
sprintf((char *)fname,"%s/%s/%s/%s",pk_dir, pw->pw_name, PK_LITE_OBJ_DIR, (char *)obj->name);
+#else
+ sprintf((char *)fname,"%s/%s/%s",pk_dir, PK_LITE_OBJ_DIR,(char *)obj->name);
+#endif
unlink((char *)fname);
return CKR_OK;