obj_mgr.c

IBM的Linux上的PKCS#11实现

      case CKS_RO_USER_FUNCTIONS:
      case CKS_RW_USER_FUNCTIONS:
         object_mgr_find_build_list( sess, pTemplate, ulCount, priv_token_obj_list, FALSE );
         object_mgr_find_build_list( sess, pTemplate, ulCount, publ_token_obj_list, FALSE );
         object_mgr_find_build_list( sess, pTemplate, ulCount, sess_obj_list,  FALSE );
         break;
   }

   sess->find_active = TRUE;

   return CKR_OK;
}


//
//
CK_RV
object_mgr_find_build_list( SESSION      * sess,
                            CK_ATTRIBUTE * pTemplate,
                            CK_ULONG       ulCount,
                            DL_NODE      * obj_list,
                            CK_BBOOL       public_only )
{
   OBJECT           * obj  = NULL;
   DL_NODE          * node = NULL;
   CK_OBJECT_HANDLE   handle;
   CK_BBOOL           is_priv;
   CK_BBOOL           match;
   CK_BBOOL           hw_feature = FALSE;
   CK_RV              rc;
   CK_ATTRIBUTE     * attr;
   int		      i;

   // pTemplate == NULL is a legal condition here
   //

   if (!sess){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
      return CKR_FUNCTION_FAILED;
   }
   // it's possible that the object list is empty
   //
   if (!obj_list)
      return CKR_OK;

   // PKCS#11 v2.11 (pg. 79): "When searching using C_FindObjectsInit
   // and C_FindObjects, hardware feature objects are not returned
   // unless the CKA_CLASS attribute in the template has the value
   // CKO_HW_FEATURE." So, we check for CKO_HW_FEATURE and if its set, 
   // we'll find these objects below. - KEY
   for (i = 0; i < ulCount; i++) {
      if (pTemplate[i].type == CKA_CLASS) {
	 if (*(CK_ULONG *)pTemplate[i].pValue == CKO_HW_FEATURE) {
	    hw_feature = TRUE;
	    break;
	 }
      }
   }

   node = obj_list;
   while (node) {
      match   = FALSE;
      obj     = (OBJECT *)node->data;
      is_priv = object_is_private( obj );


      if ((is_priv == FALSE) || (public_only == FALSE)) {
         // if the user doesn't specify any template attributes then we return
         // all objects
         //
         if (pTemplate == NULL || ulCount == 0)
            match = TRUE;
         else
            match = template_compare( pTemplate, ulCount, obj->template );
      }

      // if we have a match, find the object in the map (add it if necessary)
      // then add the object to the list of found objects
      //
      if (match) {
         rc = object_mgr_find_in_map2( obj, &handle );
         if (rc != CKR_OK) {
            //st_err_log(110, __FILE__, __LINE__);
            rc = object_mgr_add_to_map( sess, obj, &handle );
            if (rc != CKR_OK){
               st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
               return CKR_FUNCTION_FAILED;
            }
         }
         if (rc == CKR_OK) {
	    // If hw_feature is false here, we need to filter out all objects
	    // that have the CKO_HW_FEATURE attribute set. - KEY
            if ((hw_feature == FALSE) && 
	        (template_attribute_find(obj->template, CKA_CLASS, &attr) == TRUE)) {
               if (*(CK_OBJECT_CLASS *)attr->pValue == CKO_HW_FEATURE)
	          goto next_loop;
	    }
	    
            sess->find_list[ sess->find_count ] = handle;
            sess->find_count++;

            if (sess->find_count >= sess->find_len) {
               sess->find_len += 15;
               sess->find_list = (CK_OBJECT_HANDLE *)realloc( sess->find_list,
                                                              sess->find_len * sizeof(CK_OBJECT_HANDLE) );
               if (!sess->find_list){
                  st_err_log(0, __FILE__, __LINE__); 
                  return CKR_HOST_MEMORY;
               }
            }
         }
      }
next_loop:
      node = node->next;
   }

   return CKR_OK;
}


//
//
CK_RV
object_mgr_find_final( SESSION *sess )
{
   if (!sess){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
      return CKR_FUNCTION_FAILED;
   }
   if (sess->find_active == FALSE){
      st_err_log(32, __FILE__, __LINE__, __FUNCTION__); 
      return CKR_OPERATION_NOT_INITIALIZED;
   }
   free( sess->find_list );
   sess->find_list   = NULL;
   sess->find_count  = 0;
   sess->find_idx    = 0;
   sess->find_active = FALSE;

   return CKR_OK;
}


//
//
CK_RV
object_mgr_get_attribute_values( SESSION           * sess,
                                 CK_OBJECT_HANDLE    handle,
                                 CK_ATTRIBUTE      * pTemplate,
                                 CK_ULONG            ulCount )
{
   OBJECT   * obj;
   CK_BBOOL   priv_obj;
   CK_BBOOL   locked = FALSE;
   CK_RV      rc;

   if (!pTemplate){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
      return CKR_FUNCTION_FAILED;
   }
   rc = MY_LockMutex( &obj_list_mutex );
   if (rc != CKR_OK){
      st_err_log(146, __FILE__, __LINE__); 
      return rc;
   }
   locked = TRUE;

   rc = object_mgr_find_in_map1( handle, &obj );
   if (rc != CKR_OK){
      st_err_log(110, __FILE__, __LINE__);
      goto done;
   }
   priv_obj = object_is_private( obj );

   if (priv_obj == TRUE) {
      if (sess->session_info.state == CKS_RO_PUBLIC_SESSION ||
          sess->session_info.state == CKS_RW_PUBLIC_SESSION)
      {
         st_err_log(57, __FILE__, __LINE__); 
         rc = CKR_USER_NOT_LOGGED_IN;
         goto done;
      }
   }

   rc = object_get_attribute_values( obj, pTemplate, ulCount );
   if (rc != CKR_OK)
         st_err_log(159, __FILE__, __LINE__); 
done:
   if (locked)
      MY_UnlockMutex( &obj_list_mutex );

   return rc;
}


//
//
CK_RV
object_mgr_get_object_size( CK_OBJECT_HANDLE   handle,
                            CK_ULONG         * size )
{
   OBJECT    * obj;
   CK_RV       rc;

   rc = MY_LockMutex( &obj_list_mutex );
   if (rc != CKR_OK){
      st_err_log(146, __FILE__, __LINE__); 
      return rc;
   }
   rc = object_mgr_find_in_map1( handle, &obj );
   if (rc != CKR_OK) {
      st_err_log(30, __FILE__, __LINE__);
      rc = CKR_OBJECT_HANDLE_INVALID;
      goto done;
   }

   *size = object_get_size( obj );

done:
   MY_UnlockMutex( &obj_list_mutex );
   return rc;
}


// object_mgr_invalidate_handle1()
//
// Returns:  TRUE  if successfully removes the node
//           FALSE if cannot remove the node (not found, etc)
//
CK_BBOOL
object_mgr_invalidate_handle1( CK_OBJECT_HANDLE handle )
{
   DL_NODE *node = NULL;

   //
   // no mutex stuff here.  the calling routine should have locked the mutex
   //

   node = object_map;

   while (node) {
      OBJECT_MAP *map = (OBJECT_MAP *)node->data;

      // I think we can do this because even token objects exist in RAM
      //
      if (map->handle == handle) {
         object_map = dlist_remove_node( object_map, node );
         free( map );

         return TRUE;
      }

      node = node->next;
   }

   return FALSE;

}


// object_mgr_invalidate_handle2()
//
// Returns:  TRUE  if successfully removes the node
//           FALSE if cannot remove the node (not found, etc)
//
CK_BBOOL
object_mgr_invalidate_handle2( OBJECT *obj )
{
   DL_NODE *node = NULL;

   if (!obj)
      return FALSE;

   //
   // no mutex stuff here.  the calling routine should have locked the mutex
   //

   node = object_map;

   while (node) {
      OBJECT_MAP *map = (OBJECT_MAP *)node->data;

      // I think we can do this because even token objects exist in RAM
      //
      if (map->ptr == obj) {
         object_map = dlist_remove_node( object_map, node );
         free( map );

         return TRUE;
      }

      node = node->next;
   }

   return FALSE;

}


// object_mgr_purge_session_objects()
//
// Args:    SESSION *
//          SESS_OBJ_TYPE:  can be ALL, PRIVATE or PUBLIC
//
// Remove all session objects owned by the specified session satisfying
// the 'type' requirements
//
CK_BBOOL
object_mgr_purge_session_objects( SESSION       * sess,
                                  SESS_OBJ_TYPE   type )
{
   DL_NODE   *node = NULL;
   DL_NODE   *next = NULL;
   OBJECT    *obj = NULL;
   CK_BBOOL   del;
   CK_RV      rc;

   if (!sess)
      return FALSE;

   rc = MY_LockMutex( &obj_list_mutex );
   if (rc != CKR_OK){
      st_err_log(146, __FILE__, __LINE__); 
      return FALSE;
   }
   node = sess_obj_list;

   while (node) {
      obj = (OBJECT *)node->data;
      del = FALSE;

      if (obj->session == sess) {
         if (type == PRIVATE) {
            if (object_is_private(obj))
               del = TRUE;
         }
         else if (type == PUBLIC) {
            if (object_is_public(obj))
               del = TRUE;
         }
         else if (type == ALL)
            del = TRUE;
      }

      if (del == TRUE) {
         CK_OBJECT_HANDLE handle;
         CK_RV            rc;

         rc = object_mgr_find_in_map2( obj, &handle );
         if (rc == CKR_OK) {
            object_mgr_invalidate_handle1( handle );
            object_free( obj );
         }
         else
            st_err_log(110, __FILE__, __LINE__);

         next = node->next;
         sess_obj_list = dlist_remove_node( sess_obj_list, node );
         node = next;
      }
      else
         node = node->next;
   }

   MY_UnlockMutex( &obj_list_mutex );

   return TRUE;
}


// this routine cleans up the list of token objects.  in general, we don't
// need to do this but when tracing memory leaks, it's best that we free everything
// that we've allocated
//
CK_BBOOL
object_mgr_purge_token_objects( )
{
   DL_NODE   *node = NULL;
   DL_NODE   *next = NULL;
   OBJECT    *obj = NULL;
   CK_RV      rc;

   rc = MY_LockMutex( &obj_list_mutex );
   if (rc != CKR_OK){
      st_err_log(146, __FILE__, __LINE__); 
      return FALSE;
   }
   node = publ_token_obj_list;
   while (publ_token_obj_list) {
      CK_OBJECT_HANDLE handle;
      CK_RV            rc;

      obj = (OBJECT *)node->data;

      rc = object_mgr_find_in_map2( obj, &handle );
      if (rc == CKR_OK){
         object_mgr_invalidate_handle1( handle );
      }
      object_free( obj );

      next = node->next;
      publ_token_obj_list = dlist_remove_node( publ_token_obj_list, node );
      node = next;
   }

   node = priv_token_obj_list;

   while (priv_token_obj_list) {
      CK_OBJECT_HANDLE handle;
      CK_RV            rc;

      obj = (OBJECT *)node->data;

      rc = object_mgr_find_in_map2( obj, &handle );
      if (rc == CKR_OK)
         object_mgr_invalidate_handle1( handle );
      else{
         st_err_log(110, __FILE__, __LINE__);
      }
      object_free( obj );

      next = node->next;
      priv_token_obj_list = dlist_remove_node( priv_token_obj_list, node );
      node = next;
   }

   MY_UnlockMutex( &obj_list_mutex );

   return TRUE;
}


CK_BBOOL
object_mgr_purge_private_token_objects( void )
{
   OBJECT   * obj  = NULL;
   DL_NODE  * node = NULL;
   DL_NODE  * next = NULL;
   CK_RV      rc;

   rc = MY_LockMutex( &obj_list_mutex );