obj_mgr.c

IBM的Linux上的PKCS#11实现

         memcpy( &nv_token_data->next_token_object_name, next, 8 );

         save_token_object( o );

         // add the object identifier to the shared memory segment
         //
         object_mgr_add_to_shm( o );

         XProcUnLock( xproclock );

         // save_token_data has to lock the mutex itself because it's used elsewhere
         //
         save_token_data();
      }

      // now, store the object in the appropriate local token object list
      //
      if (priv_obj)
         priv_token_obj_list = dlist_add_as_last( priv_token_obj_list, o );
      else
         publ_token_obj_list = dlist_add_as_last( publ_token_obj_list, o );
   }

   rc = object_mgr_add_to_map( sess, o, handle );
   if (rc != CKR_OK) {
      DL_NODE *node = NULL;

      st_err_log(157, __FILE__, __LINE__); 
      // this is messy but we need to remove the object from whatever
      // list we just added it to
      //
      if (sess_obj) {
         node = dlist_find( sess_obj_list, o );
         if (node)
            sess_obj_list = dlist_remove_node( sess_obj_list, node );
      }
      else {
         // we'll want to delete the token object file too!
         //
         delete_token_object( o );

         if (priv_obj) {
            node = dlist_find( priv_token_obj_list, o );
            if (node)
               priv_token_obj_list = dlist_remove_node( priv_token_obj_list, node );
         }
         else {
            node = dlist_find( publ_token_obj_list, o );
            if (node)
               publ_token_obj_list = dlist_remove_node( publ_token_obj_list, node );
         }

         rc = XProcLock( xproclock );
         if (rc != CKR_OK){
            st_err_log(150, __FILE__, __LINE__); 
            goto done;
         }
         object_mgr_del_from_shm( o );

         XProcUnLock( xproclock );
      }
   }


done:
   if (locked)
      MY_UnlockMutex( &obj_list_mutex );

   if ((rc != CKR_OK) && (o != NULL))
      object_free( o );

   return rc;
}


// object_mgr_add_to_map()
//
CK_RV
object_mgr_add_to_map( SESSION          * sess,
                       OBJECT           * obj,
                       CK_OBJECT_HANDLE * handle )
{
   OBJECT_MAP  *map_node = NULL;

   if (!sess || !obj || !handle){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
      return CKR_FUNCTION_FAILED;
   }
   //
   // this guy doesn't lock a mutex because it's calling routines should have
   // already locked it
   //

   map_node = (OBJECT_MAP *)malloc(sizeof(OBJECT_MAP));
   if (!map_node){
      st_err_log(0, __FILE__, __LINE__); 
      return CKR_HOST_MEMORY;
   }
   map_node->handle   = next_object_handle++;
   map_node->session  = sess;
   map_node->ptr      = obj;

   if (obj->session != NULL)
      map_node->is_session_obj = TRUE;
   else
      map_node->is_session_obj = FALSE;

   // add the new map entry to the list
   //
   object_map = dlist_add_as_first( object_map, map_node );

   *handle = map_node->handle;
   return CKR_OK;
}


// object_mgr_copy()
//
// algorithm:
//    1) find the old object
//    2) get the template from the old object
//    3) merge in the new object's template
//    4) perform class-specific sanity checks
//
CK_RV
object_mgr_copy( SESSION          * sess,
                 CK_ATTRIBUTE     * pTemplate,
                 CK_ULONG           ulCount,
                 CK_OBJECT_HANDLE   old_handle,
                 CK_OBJECT_HANDLE * new_handle )
{
   OBJECT     *old_obj = NULL;
   OBJECT     *new_obj = NULL;
   CK_BBOOL    priv_obj;
   CK_BBOOL    sess_obj;
   CK_BBOOL    locked = FALSE;
   CK_RV       rc;

   if (!sess || !pTemplate || !new_handle){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
      return CKR_FUNCTION_FAILED;
   }

   rc = MY_LockMutex( &obj_list_mutex );
   if (rc != CKR_OK){
      st_err_log(146, __FILE__, __LINE__); 
      return rc;
   }
   locked = TRUE;

   rc = object_mgr_find_in_map1( old_handle, &old_obj );
   if (rc != CKR_OK){
      st_err_log(110, __FILE__, __LINE__);
      goto done;
   }
   rc = object_copy( pTemplate, ulCount, old_obj, &new_obj );
   if (rc != CKR_OK){
      st_err_log(158, __FILE__, __LINE__);
      goto done;
   }

   // check whether session has permissions to create the object, etc
   //
   // Object                  R/O      R/W      R/O     R/W    R/W
   // Type                   Public   Public    User    User   SO
   // -------------------------------------------------------------
   // Public session          R/W      R/W      R/W     R/W    R/W
   // Private session                           R/W     R/W
   // Public token            R/O      R/W      R/O     R/W    R/W
   // Private token                             R/O     R/W
   //
   sess_obj = object_is_session_object( new_obj );
   priv_obj = object_is_private( new_obj );

   if (sess->session_info.state == CKS_RO_PUBLIC_SESSION) {
      if (priv_obj) {
         st_err_log(57, __FILE__, __LINE__); 
         rc = CKR_USER_NOT_LOGGED_IN;
         goto done;
      }

      if (!sess_obj) {
         st_err_log(42, __FILE__, __LINE__); 
         rc = CKR_SESSION_READ_ONLY;
         goto done;
      }
   }

   if (sess->session_info.state == CKS_RO_USER_FUNCTIONS) {
      if (!sess_obj) {
         st_err_log(42, __FILE__, __LINE__); 
         rc = CKR_SESSION_READ_ONLY;
         goto done;
      }
   }

   if (sess->session_info.state == CKS_RW_PUBLIC_SESSION) {
      if (priv_obj) {
         st_err_log(57, __FILE__, __LINE__); 
         rc = CKR_USER_NOT_LOGGED_IN;
         goto done;
      }
   }

   if (sess->session_info.state == CKS_RW_SO_FUNCTIONS) {
      if (priv_obj) {
         st_err_log(57, __FILE__, __LINE__); 
         rc = CKR_USER_NOT_LOGGED_IN;
         goto done;
      }
   }

   // okay, object is created and the session permissions look okay.
   // add the object to the appropriate list and assign an object handle
   //

   if (sess_obj) {
      new_obj->session = sess;
      memset( &new_obj->name, 0x00, sizeof(CK_BYTE) * 8 );

      sess_obj_list = dlist_add_as_first( sess_obj_list, new_obj );
   }
   else {
      CK_BYTE current[8];
      CK_BYTE next[8];

      // we'll be modifying nv_token_data so we should protect this part
      // with 'pkcs_mutex'
      //
      rc = XProcLock( xproclock );
      if (rc != CKR_OK){
         st_err_log(150, __FILE__, __LINE__); 
         goto done;
      }
      else {

         // Determine if we have already reached our Max Token Objects
         //
         if (priv_obj) {
            if (global_shm->num_priv_tok_obj >= MAX_TOK_OBJS) {
               XProcUnLock(xproclock);
               st_err_log(1, __FILE__, __LINE__); 
               rc = CKR_HOST_MEMORY;
               goto done;
            }
         }
         else {
            if (global_shm->num_publ_tok_obj >= MAX_TOK_OBJS) {
               XProcUnLock(xproclock);
               st_err_log(1, __FILE__, __LINE__); 
               rc = CKR_HOST_MEMORY;
               goto done;
            }
         }
         memcpy( current, &nv_token_data->next_token_object_name, 8 );

         new_obj->session = NULL;
         memcpy( &new_obj->name, current, 8 );

         compute_next_token_obj_name( current, next );
         memcpy( &nv_token_data->next_token_object_name, next, 8 );

         save_token_object( new_obj );

         // add the object identifier to the shared memory segment
         //
         object_mgr_add_to_shm( new_obj );

         XProcUnLock( xproclock );

         save_token_data();
      }

      // now, store the object in the token object list in RAM for speed
      //
      if (priv_obj)
         priv_token_obj_list = dlist_add_as_last( priv_token_obj_list, new_obj );
      else
         publ_token_obj_list = dlist_add_as_last( publ_token_obj_list, new_obj );
   }

   rc = object_mgr_add_to_map( sess, new_obj, new_handle );
   if (rc != CKR_OK) {
      DL_NODE *node = NULL;
      
      st_err_log(157, __FILE__, __LINE__); 

      // this is messy but we need to remove the object from whatever
      // list we just added it to
      //
      if (sess_obj) {
         node = dlist_find( sess_obj_list, new_obj );
         if (node)
            sess_obj_list = dlist_remove_node( sess_obj_list, node );
      }
      else {
         // FIXME - need to destroy the token object file too
         //
         delete_token_object( new_obj );

         if (priv_obj) {
            node = dlist_find( priv_token_obj_list, new_obj );
            if (node)
               priv_token_obj_list = dlist_remove_node( priv_token_obj_list, node );
         }
         else {
            node = dlist_find( publ_token_obj_list, new_obj );
            if (node)
               publ_token_obj_list = dlist_remove_node( publ_token_obj_list, node );
         }

         rc = XProcLock( xproclock );
         if (rc != CKR_OK){
            st_err_log(150, __FILE__, __LINE__); 
            goto done;
         }
         object_mgr_del_from_shm( new_obj );

         XProcUnLock( xproclock );
      }
   }

done:
   if (locked)
      MY_UnlockMutex( &obj_list_mutex );

   if ((rc != CKR_OK) && (new_obj != NULL))
      object_free( new_obj );

   return rc;
}


// determines whether the session is allowed to create an object.  creates
// the object but doesn't add the object to any object lists or to the
// process' object map.
//
CK_RV
object_mgr_create_skel( SESSION       * sess,
                        CK_ATTRIBUTE  * pTemplate,
                        CK_ULONG        ulCount,
                        CK_ULONG        mode,
                        CK_ULONG        obj_type,
                        CK_ULONG        sub_class,
                        OBJECT       ** obj )
{
   OBJECT     *o = NULL;
   CK_RV       rc;
   CK_BBOOL    priv_obj;
   CK_BBOOL    sess_obj;

   if (!sess || !obj){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
      return CKR_FUNCTION_FAILED;
   }
   if (!pTemplate && (ulCount != 0)){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
      return CKR_FUNCTION_FAILED;
   }
   //
   // we don't need to lock mutex for this routine
   //

   rc = object_create_skel( pTemplate, ulCount,
                            mode,
                            obj_type, sub_class,
                            &o );
   if (rc != CKR_OK){
      st_err_log(89, __FILE__, __LINE__); 
      return rc;
   }
   sess_obj = object_is_session_object( o );
   priv_obj = object_is_private( o );

   if (sess->session_info.state == CKS_RO_PUBLIC_SESSION) {
      if (priv_obj) {
         object_free( o );
         st_err_log(57, __FILE__, __LINE__); 
         return CKR_USER_NOT_LOGGED_IN;
      }

      if (!sess_obj) {
         object_free( o );
         st_err_log(42, __FILE__, __LINE__); 
         return CKR_SESSION_READ_ONLY;
      }
   }

   if (sess->session_info.state == CKS_RO_USER_FUNCTIONS) {
      if (!sess_obj) {
         object_free( o );
         st_err_log(42, __FILE__, __LINE__); 
         return CKR_SESSION_READ_ONLY;
      }
   }

   if (sess->session_info.state == CKS_RW_PUBLIC_SESSION) {
      if (priv_obj) {
         object_free( o );
         st_err_log(57, __FILE__, __LINE__); 
         return CKR_USER_NOT_LOGGED_IN;
      }
   }

   if (sess->session_info.state == CKS_RW_SO_FUNCTIONS) {
      if (priv_obj) {
         object_free( o );
         st_err_log(57, __FILE__, __LINE__); 
         return CKR_USER_NOT_LOGGED_IN;
      }
   }

   *obj = o;
   return CKR_OK;
}


CK_RV
object_mgr_create_final( SESSION           * sess,
                         OBJECT            * obj,
                         CK_OBJECT_HANDLE  * handle )
{
   CK_BBOOL  sess_obj;
   CK_BBOOL  priv_obj;
   CK_BBOOL  locked = FALSE;
   CK_RV     rc;

   if (!sess || !obj || !handle){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
      return CKR_FUNCTION_FAILED;
   }
   rc = MY_LockMutex( &obj_list_mutex );
   if (rc != CKR_OK){
      st_err_log(146, __FILE__, __LINE__); 
      return rc;
   }
   locked = TRUE;

   sess_obj = object_is_session_object( obj );
   priv_obj = object_is_private( obj );

   if (sess_obj) {