📄 new_host.c
字号:
// Once the object_map is flushed, the obj_lists (public and private) are // both just linked lists that have to be freed up... //logit("%s:%d: tokenobj publ 0x%08x priv 0x%08x",__FILE__,__LINE__,publ_token_obj_list, priv_token_obj_list); while (priv_token_obj_list) { priv_token_obj_list = dlist_remove_node(priv_token_obj_list, priv_token_obj_list); } //logit("%s:%d:1 tokenobj publ 0x%08x priv 0x%08x",__FILE__,__LINE__,publ_token_obj_list, priv_token_obj_list); while (publ_token_obj_list) { publ_token_obj_list = dlist_remove_node(publ_token_obj_list,publ_token_obj_list); } //logit("%s:%d:2 tokenobj publ 0x%08x priv 0x%08x",__FILE__,__LINE__,publ_token_obj_list, priv_token_obj_list); // Need to do something to prevent the shared memory from having the // objects loaded again.... The most likely place is in the obj_mgr file // where the object is added to shared memory (object_mgr_add_to_shm) a // query should be done to the appropriate object list....}// ----------- SAB XXX XXX XXX END#ifdef ALLLOCK #define LOCKIT pthread_mutex_lock(&native_mutex) #define LLOCK #define UNLOCKIT pthread_mutex_unlock(&native_mutex)#else#ifdef DEBLOCK #define LOCKIT #define LLOCK pthread_mutex_lock(&native_mutex) #define UNLOCKIT pthread_mutex_unlock(&native_mutex)#else #define LOCKIT #define LLOCK #define UNLOCKIT#endif#endifintAPISlot2Local(snum) CK_SLOT_ID snum;{ int i; return(token_specific.t_slot2local(snum));}#define SLT_CHECK \ CK_SLOT_ID slot_id; \ int sid1; \ \ if ( (sid1 = APISlot2Local(sid)) != -1 ){ \ slot_id = sid1; \ } else { \ return CKR_ARGUMENTS_BAD; \ }#define SESSION_HANDLE sSession.sessionh#define SLOTID APISlot2Local(sSession.slotID)#define SESS_SET \ CK_SESSION_HANDLE hSession; \\ hSession = sSession.sessionh;// More efficient long reverseCK_ULONG long_reverse( CK_ULONG x ){#ifdef _POWER // Power Architecture requires reversal to talk to adapter return ( ((0x000000FF & x)<<24) | ((0x0000FF00 & x)<<8) | ((0x00FF0000 & x)>>8) | ((0xFF000000 & x)>>24) );#else return (x); // Others don't require reversal.#endif}// verify that the mech specified is in the// mech list for this token... Common code requires this // to be addedCK_RV validate_mechanism(CK_MECHANISM_PTR pMechanism){ CK_ULONG i; for (i=0; i< mech_list_len;i++){ if ( pMechanism->mechanism == mech_list[i].mech_type){ return CKR_OK; } } st_err_log(28, __FILE__, __LINE__); return CKR_MECHANISM_INVALID;}#define VALID_MECH(p) \ if ( validate_mechanism(p) != CKR_OK){ \ rc = CKR_MECHANISM_INVALID; \ goto done; \ } \// Defines to allow NT code to work correctly#define WaitForSingleObject(x,y) pthread_mutex_lock(&(x))#define ReleaseMutex(x) pthread_mutex_unlock(&(x))//////voidinit_data_store(char *directory){ char *pkdir; if ( (pkdir = getenv("PKCS_APP_STORE")) != NULL){ pk_dir = (char *) malloc(strlen(pkdir)+1024); bzero(pk_dir,strlen(pkdir)+1024); sprintf(pk_dir,"%s/%s",pkdir,SUB_DIR); } else { pk_dir = (char *)malloc(strlen(directory)+25); bzero(pk_dir,strlen(directory)+25); sprintf(pk_dir,"%s",directory); }}#include <pwd.h> // SAB XXX XXX XXX//////In an STDLL this is called once for each card in the system//therefore the initialized only flags certain one time things//However in the case of a lightened accelerator, the cards//are all agregated together in a single token. Therefore//the correlator should be a list of device names which have//either the correct clu or the crypt light adapter...//CK_RV ST_Initialize( void **FunctionList, CK_SLOT_ID SlotNumber, char *Correlator){ int i, j; CK_RV rc = CKR_OK; char tstr[2048]; char *pkdir; struct passwd *pw,*epw; // SAB XXX XXX uid_t userid,euserid;stlogterm();stloginit(); // Check for root user or Group PKCS#11 Membershp // Only these are qllowed. userid = getuid(); euserid = geteuid(); if ( userid != 0 && euserid != 0 ) { // Root or effective Root is ok struct group *grp; char *name,*g; int rc = 0; int index = 0; gid_t gid,egid; grp = getgrnam("pkcs11"); if ( grp ) { // Check for member of group.. // SAB get login seems to not work with some instances // of application invocations (particularly when forked). So // we need to get the group informatiion. // Really need to take the uid and map it to a name. pw = getpwuid(userid); epw = getpwuid(euserid); gid = getgid(); egid = getegid(); if ( gid == grp->gr_gid || egid == grp->gr_gid){ rc = 1; } else { i = 0; while (grp->gr_mem[i]) { if (pw) { if ( strncmp(pw->pw_name, grp->gr_mem[i],strlen(pw->pw_name)) == 0 ){ rc = 1; break; } } if (epw) { if ( strncmp(epw->pw_name, grp->gr_mem[i],strlen(epw->pw_name)) == 0 ){ rc = 1; break; } } i++; } } if (rc == 0 ){ st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } } else { st_err_log(4, __FILE__, __LINE__, __FUNCTION__); return CKR_FUNCTION_FAILED; } }#if !(LINUX) // Linux we will assume that the upper level has filtered // this and we need to initialize the code // go through this only once for each application if (st_Initialized() == TRUE){ return CKR_OK; }#elif (LINUX) // assume that the upper API prevents multiple calls of initialize // since that only happens on C_Initialize and that is the // resonsibility of the upper layer.. initialized = FALSE; /// So the rest of the code works correctly#endif // If we're not already initialized, grab the mutex and do the // initialization. Check to see if another thread did so while we // were waiting... // // One of the things we do during initialization is create the mutex for // PKCS#11 operations; until we do so, we have to use the native mutex... // WaitForSingleObject( native_mutex, INFINITE );#if !(LINUX) // check for other completing this before creating mutexes... // make sure that the same process tried to to the init... // thread issues should be caught up above... if (st_Initialized() == TRUE){ st_err_log(143, __FILE__, __LINE__); goto done; }#endif // SAB need to call Fork_Initializer here // instead of at the end of the loop... // it may also need to call destroy of the following 3 mutexes.. // it may not matter... Fork_Initializer(); MY_CreateMutex( &pkcs_mutex ); MY_CreateMutex( &obj_list_mutex ); MY_CreateMutex( &sess_list_mutex ); MY_CreateMutex( &login_mutex ); if ( (debugfilepathbuffer = getenv( "CRYPTOKI_DEBUG")) != NULL) { debugon=1;#if (AIX) debugfile = 1;#endif } init_data_store(PK_DIR); // Handle global initialization issues first if we have not // been initialized. if (st_Initialized() == FALSE){#if SYSVSEM xproclock = (void *)&xprocsemid; CreateXProcLock(xproclock);#endif if ( (rc = attach_shm()) != CKR_OK) { st_err_log(144, __FILE__, __LINE__); goto done; } nv_token_data = &global_shm->nv_token_data; stloginit(); initialized = TRUE; initedpid = getpid(); SC_SetFunctionList(); // Always call the token_specific_init function.... rc = token_specific.t_init(Correlator,SlotNumber); if (rc != 0) { // Zero means success, right?!? *FunctionList = NULL; st_err_log(145, __FILE__, __LINE__); goto done; } } // SAB XXX FIXME FIXME check return code... for all these... rc = load_token_data(); if (rc != CKR_OK) { *FunctionList = NULL; st_err_log(145, __FILE__, __LINE__); goto done; } load_public_token_objects(); XProcLock( xproclock ); global_shm->publ_loaded = TRUE; XProcUnLock( xproclock ); init_slotInfo(); usage_count++; (*FunctionList) = &function_list;done: ReleaseMutex( native_mutex ); if (rc != 0) st_err_log(145, __FILE__, __LINE__); return rc;}//// What does this really have to do in this new token...// probably need to close the adapters that are opened, and// clear the other stuffCK_RV SC_Finalize( CK_SLOT_ID sid ){ CK_ULONG req_len, repl_len; CK_ULONG i; CK_RV rc, rc2; SLT_CHECK if (st_Initialized() == FALSE) { st_err_log(72, __FILE__, __LINE__); return CKR_CRYPTOKI_NOT_INITIALIZED; } rc = MY_LockMutex( &pkcs_mutex ); if (rc != CKR_OK){ st_err_log(146, __FILE__, __LINE__); return rc; } // If somebody else has taken care of things, leave... // if (st_Initialized() == FALSE) { MY_UnlockMutex( &pkcs_mutex ); // ? Somebody else has also destroyed the mutex... st_err_log(72, __FILE__, __LINE__); return CKR_CRYPTOKI_NOT_INITIALIZED; } usage_count --; if (usage_count == 0){ initialized = FALSE; } session_mgr_close_all_sessions(); object_mgr_purge_token_objects(); detach_shm(); if ( token_specific.t_final != NULL) { token_specific.t_final(); } rc = MY_UnlockMutex( &pkcs_mutex ); if (rc != CKR_OK){ st_err_log(147, __FILE__, __LINE__); return rc; } return CKR_OK;}////CK_RV SC_GetTokenInfo( CK_SLOT_ID sid, CK_TOKEN_INFO_PTR pInfo ){ CK_RV rc = CKR_OK; time_t now; SLT_CHECK LOCKIT; if (st_Initialized() == FALSE) { st_err_log(72, __FILE__, __LINE__); rc = CKR_CRYPTOKI_NOT_INITIALIZED; goto done; } if (!pInfo) { st_err_log(4, __FILE__, __LINE__, __FUNCTION__); rc = CKR_FUNCTION_FAILED; goto done; } if (slot_id > MAX_SLOT_ID) { st_err_log(2, __FILE__, __LINE__); rc = CKR_SLOT_ID_INVALID; goto done; }#ifdef PKCS64 memcpy( pInfo, &nv_token_data->token_info, sizeof(CK_TOKEN_INFO_32)); pInfo->flags = nv_token_data->token_info.flags; pInfo->ulMaxSessionCount = nv_token_data->token_info.ulMaxSessionCount; pInfo->ulSessionCount = nv_token_data->token_info.ulSessionCount; pInfo->ulMaxRwSessionCount = nv_token_data->token_info.ulMaxRwSessionCount; pInfo->ulRwSessionCount = nv_token_data->token_info.ulRwSessionCount; pInfo->ulMaxPinLen = nv_token_data->token_info.ulMaxPinLen; pInfo->ulMinPinLen = nv_token_data->token_info.ulMinPinLen; pInfo->ulTotalPublicMemory = nv_token_data->token_info.ulTotalPublicMemory; pInfo->ulFreePublicMemory = nv_token_data->token_info.ulFreePublicMemory; pInfo->ulTotalPrivateMemory = nv_token_data->token_info.ulTotalPrivateMemory; pInfo->ulFreePrivateMemory = nv_token_data->token_info.ulFreePrivateMemory; pInfo->hardwareVersion = nv_token_data->token_info.hardwareVersion; pInfo->firmwareVersion = nv_token_data->token_info.firmwareVersion;// pInfo->utcTime = nv_token_data->token_info.utcTime[16]; pInfo->flags = long_reverse(pInfo->flags); pInfo->ulMaxSessionCount = long_reverse(pInfo->ulMaxSessionCount); pInfo->ulSessionCount = long_reverse(pInfo->ulSessionCount); pInfo->ulMaxRwSessionCount = long_reverse(pInfo->ulMaxRwSessionCount); pInfo->ulRwSessionCount = long_reverse(pInfo->ulRwSessionCount); pInfo->ulMaxPinLen = long_reverse(pInfo->ulMaxPinLen); pInfo->ulMinPinLen = long_reverse(pInfo->ulMinPinLen); pInfo->ulTotalPublicMemory = long_reverse(pInfo->ulTotalPublicMemory); pInfo->ulFreePublicMemory = long_reverse(pInfo->ulFreePublicMemory); pInfo->ulTotalPrivateMemory = long_reverse(pInfo->ulTotalPrivateMemory); pInfo->ulFreePrivateMemory = long_reverse(pInfo->ulFreePrivateMemory);#else memcpy( pInfo, &nv_token_data->token_info, sizeof(CK_TOKEN_INFO) );#endif // Set the time now = time ((time_t *)NULL);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -