sess_mgr.c

IBM的Linux上的PKCS#11实现

done:
   if (pkcs_locked)
      MY_UnlockMutex( &pkcs_mutex );

   if (sess_locked)
      MY_UnlockMutex( &sess_list_mutex );

   if (rc != CKR_OK && new_session != NULL){
      st_err_log(147, __FILE__, __LINE__); 
      free( new_session );
   }
   return rc;
}


// session_mgr_so_session_exists()
//
// determines whether a RW_SO session exists for the specified process
//
// Returns:  TRUE or FALSE
//
CK_BBOOL
session_mgr_so_session_exists( void )
{
   DL_NODE *node = NULL;
   CK_RV    rc;

   rc = MY_LockMutex( &sess_list_mutex );
   if (rc != CKR_OK){
      st_err_log(146, __FILE__, __LINE__); 
      return rc;
   }
   node = sess_list;
   while (node) {
      SESSION *s = (SESSION *)node->data;
      if (s->session_info.state == CKS_RW_SO_FUNCTIONS) {
         rc = TRUE;
         goto done;
      }

      node = node->next;
   }

   rc = FALSE;

done:
   MY_UnlockMutex( &sess_list_mutex );
   return rc;
}


// session_mgr_user_session_exists()
//
// determines whether a USER session exists for the specified process
//
// Returns:  TRUE or FALSE
//
CK_BBOOL
session_mgr_user_session_exists( void )
{
   DL_NODE *node = NULL;
   CK_RV    rc;

   rc = MY_LockMutex( &sess_list_mutex );
   if (rc != CKR_OK){
      st_err_log(146, __FILE__, __LINE__); 
      return rc;
   }
   node = sess_list;
   while (node) {
      SESSION *s = (SESSION *)node->data;
      if ((s->session_info.state == CKS_RO_USER_FUNCTIONS) ||
          (s->session_info.state == CKS_RW_USER_FUNCTIONS))
      {
         rc = TRUE;
         goto done;
      }

      node = node->next;
   }

   rc = FALSE;

done:
   MY_UnlockMutex( &sess_list_mutex );
   return rc;
}


// session_mgr_public_session_exists()
//
// determines whether a PUBLIC session exists for the specified process
//
// Returns:  TRUE or FALSE
//
CK_BBOOL
session_mgr_public_session_exists( void )
{
   DL_NODE *node = NULL;
   CK_RV    rc;

   rc = MY_LockMutex( &sess_list_mutex );
   if (rc != CKR_OK){
      st_err_log(146, __FILE__, __LINE__); 
      return rc;
   }
   node = sess_list;
   while (node) {
      SESSION *s = (SESSION *)node->data;
      if ((s->session_info.state == CKS_RO_PUBLIC_SESSION) ||
          (s->session_info.state == CKS_RW_PUBLIC_SESSION))
      {
          rc = TRUE;
          goto done;
      }

      node = node->next;
   }

   rc = FALSE;

done:
   MY_UnlockMutex( &sess_list_mutex );
   return rc;
}


// session_mgr_readonly_exists()
//
// determines whether the specified process owns any read-only sessions.  this is useful
// because the SO cannot log in if a read-only session exists.
//
CK_BBOOL
session_mgr_readonly_exists( void )
{
   DL_NODE *node = NULL;
   CK_RV    rc;

   rc = MY_LockMutex( &sess_list_mutex );
   if (rc != CKR_OK){
      st_err_log(146, __FILE__, __LINE__); 
      return rc;
   }
   node = sess_list;
   while (node) {
      SESSION *s = (SESSION *)node->data;
      if ((s->session_info.flags & CKF_RW_SESSION) == 0) {
         rc = TRUE;
         goto done;
      }

      node = node->next;
   }

   rc = FALSE;

done:
   MY_UnlockMutex( &sess_list_mutex );
   return rc;
}


// session_mgr_close_session()
//
// removes the specified session from the process' session list
//
// Args:   PROCESS *    proc  :  parent process
//         SESSION * session  :  session to remove
//
// Returns:  TRUE on success else FALSE
//
CK_RV
session_mgr_close_session( SESSION *sess )
{
   DL_NODE  * node = NULL;
   CK_RV      rc = CKR_OK;

   if (!sess)
      return FALSE;

   rc = MY_LockMutex( &sess_list_mutex );
   if (rc != CKR_OK){
      st_err_log(146, __FILE__, __LINE__); 
      return CKR_FUNCTION_FAILED;
   }
   node = dlist_find( sess_list, sess );
   if (!node) {
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
      rc = CKR_FUNCTION_FAILED;
      goto done;
   }

   object_mgr_purge_session_objects( sess, ALL );

   if (sess->find_list)
      free( sess->find_list );

   if (sess->encr_ctx.context)
      free( sess->encr_ctx.context );

   if (sess->encr_ctx.mech.pParameter)
      free( sess->encr_ctx.mech.pParameter );

   if (sess->decr_ctx.context)
      free( sess->decr_ctx.context );

   if (sess->decr_ctx.mech.pParameter)
      free( sess->decr_ctx.mech.pParameter );

   if (sess->digest_ctx.context)
      free( sess->digest_ctx.context );

   if (sess->digest_ctx.mech.pParameter)
      free( sess->digest_ctx.mech.pParameter );

   if (sess->sign_ctx.context)
      free( sess->sign_ctx.context );

   if (sess->sign_ctx.mech.pParameter)
      free( sess->sign_ctx.mech.pParameter );

   if (sess->verify_ctx.context)
      free( sess->verify_ctx.context );

   if (sess->verify_ctx.mech.pParameter)
      free( sess->verify_ctx.mech.pParameter );

   free( sess );

   sess_list = dlist_remove_node( sess_list, node );

   // XXX XXX  Not having this is a problem
   //  for IHS.  The spec states that there is an implicit logout
   //  when the last session is closed.  Cannonicaly this is what other
   //  implementaitons do.  however on linux for some reason IHS can't seem 
   //  to keep the session open, which means that they go through the login
   //  path EVERY time, which of course causes a reload of the private 
   //  objects EVERY time.   If we are logged out, we MUST purge the private
   //  objects from this process..  
   //
   if (sess_list == NULL) {
	// SAB  XXX  if all sessions are closed.  Is this effectivly logging out
	   object_mgr_purge_private_token_objects();
   
		global_login_state = 0;
      // The objects really need to be purged .. but this impacts the
      // performance under linux.   So we need to make sure that the 
      // login state is valid.    I don't really like this.
    	MY_LockMutex( &obj_list_mutex );
   	object_mgr_purge_map((SESSION *)0xFFFF, PRIVATE);
     	MY_UnlockMutex( &obj_list_mutex );
   }

done:
   MY_UnlockMutex( &sess_list_mutex );
   return rc;
}


// session_mgr_close_all_sessions()
//
// removes all sessions from the specified process
//
CK_RV
session_mgr_close_all_sessions( void )
{
   CK_RV   rc = CKR_OK;

   rc = MY_LockMutex( &sess_list_mutex );
   if (rc != CKR_OK){
      st_err_log(146, __FILE__, __LINE__); 
      return CKR_FUNCTION_FAILED;
   }
   while (sess_list) {
      SESSION *sess = (SESSION *)sess_list->data;

      object_mgr_purge_session_objects( sess, ALL );

      if (sess->find_list)
         free( sess->find_list );

      if (sess->encr_ctx.context)
         free( sess->encr_ctx.context );

      if (sess->encr_ctx.mech.pParameter)
         free( sess->encr_ctx.mech.pParameter);

      if (sess->decr_ctx.context)
         free( sess->decr_ctx.context );

      if (sess->decr_ctx.mech.pParameter)
         free( sess->decr_ctx.mech.pParameter);

      if (sess->digest_ctx.context)
         free( sess->digest_ctx.context );

      if (sess->digest_ctx.mech.pParameter)
         free( sess->digest_ctx.mech.pParameter);

      if (sess->sign_ctx.context)
         free( sess->sign_ctx.context );

      if (sess->sign_ctx.mech.pParameter)
         free( sess->sign_ctx.mech.pParameter);

      if (sess->verify_ctx.context)
         free( sess->verify_ctx.context );

      if (sess->verify_ctx.mech.pParameter)
         free( sess->verify_ctx.mech.pParameter);

      free( sess );

      sess_list = dlist_remove_node( sess_list, sess_list );
   }

   MY_UnlockMutex( &sess_list_mutex );
   return CKR_OK;
}


// session_mgr_login_all()
//
// changes the login status of all sessions in the token
//
// Arg:  CK_USER_TYPE  user_type : USER or SO
//
CK_RV
session_mgr_login_all( CK_USER_TYPE user_type )
{
   DL_NODE  * node = NULL;
   CK_RV      rc = CKR_OK;

   rc = MY_LockMutex( &sess_list_mutex );
   if (rc != CKR_OK){
      st_err_log(146, __FILE__, __LINE__); 
      return CKR_FUNCTION_FAILED;
   }
   node = sess_list;
   while (node) {
      SESSION *s = (SESSION *)node->data;

      if (s->session_info.flags & CKF_RW_SESSION) {
         if (user_type == CKU_USER)
            s->session_info.state = CKS_RW_USER_FUNCTIONS;
         else
            s->session_info.state = CKS_RW_SO_FUNCTIONS;
      }
      else {
         if (user_type == CKU_USER)
            s->session_info.state = CKS_RO_USER_FUNCTIONS;
      }

      global_login_state = s->session_info.state; // SAB 
      node = node->next;
   }

   MY_UnlockMutex( &sess_list_mutex );
   return CKR_OK;
}


// session_mgr_logout_all()
//
// changes the login status of all sessions in the token
//
CK_RV
session_mgr_logout_all( void )
{
   DL_NODE  * node = NULL;
   SESSION  * s    = NULL;
   CK_RV      rc   = CKR_OK;

   rc = MY_LockMutex( &sess_list_mutex );
   if (rc != CKR_OK){
      st_err_log(146, __FILE__, __LINE__); 
      return CKR_FUNCTION_FAILED;
   }
   node = sess_list;
   while (node) {
      s = (SESSION *)node->data;

      // all sessions get logged out so destroy any private objects
      // public objects are left alone
      //
      object_mgr_purge_session_objects( s, PRIVATE );

      if (s->session_info.flags & CKF_RW_SESSION)
         s->session_info.state = CKS_RW_PUBLIC_SESSION;
      else
         s->session_info.state = CKS_RO_PUBLIC_SESSION;

      global_login_state = s->session_info.state; // SAB 

      node = node->next;
   }

   MY_UnlockMutex( &sess_list_mutex );
   return CKR_OK;
}


//
//
CK_RV
session_mgr_get_op_state( SESSION   *sess,
                          CK_BBOOL   length_only,
                          CK_BYTE   *data,
                          CK_ULONG  *data_len )
{
   OP_STATE_DATA  *op_data = NULL;
   CK_ULONG        op_data_len;
   CK_ULONG        offset;

   if (!sess){
      st_err_log(4, __FILE__, __LINE__, __FUNCTION__); 
      return CKR_FUNCTION_FAILED;
   }

   // ensure that at least one operation is active
   //
   if (sess->find_active == TRUE){
      st_err_log(71, __FILE__, __LINE__); 
      return CKR_STATE_UNSAVEABLE;
   }
   if (sess->encr_ctx.active == TRUE) {
      if (op_data != NULL){
         st_err_log(71, __FILE__, __LINE__); 
         return CKR_STATE_UNSAVEABLE;
      }
      op_data_len = sizeof(OP_STATE_DATA)      +
                    sizeof(ENCR_DECR_CONTEXT)  +
                    sess->encr_ctx.context_len +
                    sess->encr_ctx.mech.ulParameterLen;

      if (length_only == FALSE) {
         op_data = (OP_STATE_DATA *)data;

         op_data->data_len         = op_data_len - sizeof(OP_STATE_DATA);
         op_data->session_state    = sess->session_info.state;
         op_data->active_operation = STATE_ENCR;

         offset = sizeof(OP_STATE_DATA);

         memcpy( (CK_BYTE *)op_data + offset,
                 &sess->encr_ctx,
                 sizeof(ENCR_DECR_CONTEXT) );

         offset += sizeof(ENCR_DECR_CONTEXT);

         if (sess->encr_ctx.context_len != 0) {
            memcpy( (CK_BYTE *)op_data + offset,
                    sess->encr_ctx.context,
                    sess->encr_ctx.context_len );

            offset += sess->encr_ctx.context_len;
         }

         if (sess->encr_ctx.mech.ulParameterLen != 0) {
            memcpy( (CK_BYTE *)op_data + offset,
                    sess->encr_ctx.mech.pParameter,
                    sess->encr_ctx.mech.ulParameterLen );
         }
      }
   }