File ocki-3.5-create-missing-tpm-token-lock-director... of Package openCryptoki

Overview Repositories Revisions Requests Users Attributes Meta

File ocki-3.5-create-missing-tpm-token-lock-directory.patch of Package openCryptoki

commit aeea198cb8ea640cd37735365ee51a03aca67036
Author: Vineetha Pai <vpishar@us.ibm.com>
Date:   Mon Jul 18 15:41:24 2016 -0400

create missing tpm lock directory from tpm stdll.
    tpm token does not use common/utility function to create token lock
    directory. Hence the patch to create missing lock directories was not
    working on tpm token. Modified the tpm stdll code to create the token
    lock directory if it is missing on the system.
    Signed-off-by: Vineetha Pai <vpishar@us.ibm.com>

diff --git a/usr/lib/pkcs11/tpm_stdll/tpm_specific.c b/usr/lib/pkcs11/tpm_stdll/tpm_specific.c
index e7978d3..2a20d7d 100644
--- a/usr/lib/pkcs11/tpm_stdll/tpm_specific.c
+++ b/usr/lib/pkcs11/tpm_stdll/tpm_specific.c
@@ -44,6 +44,7 @@
 #include <errno.h>
 #include <pwd.h>
 #include <syslog.h>
+#include <grp.h>
 
 #include <openssl/des.h>
 #include <openssl/rand.h>
@@ -3393,10 +3394,13 @@ int
 token_specific_creatlock(void)
 {
 	CK_BYTE lockfile[PATH_MAX];
+	CK_BYTE lockdir[PATH_MAX];
 	struct passwd *pw = NULL;
 	struct stat statbuf;
 	mode_t mode = (S_IRUSR|S_IWUSR|S_IXUSR);
 	int lockfd;
+	int ret = -1;
+	struct group *grp;
 
 	/* get userid */
 	if ((pw = getpwuid(getuid())) == NULL) {
@@ -3404,6 +3408,45 @@ token_specific_creatlock(void)
 		return -1;
 	}
 
+	/** create lock subdir for each token if it doesn't exist.
+	 * The root /var/lock/opencryptoki directory should be created in slotmgr
+	 * daemon **/
+	sprintf(lockdir, "%s/%s", LOCKDIR_PATH, SUB_DIR);
+
+	ret = stat(lockdir, &statbuf);
+	if (ret != 0 && errno == ENOENT) {
+		/* dir does not exist, try to create it */
+		ret  = mkdir(lockdir, S_IRWXU|S_IRWXG);
+		if (ret != 0) {
+			OCK_SYSLOG(LOG_ERR,
+					"Directory(%s) missing: %s\n",
+					lockdir,
+					strerror(errno));
+			goto err;
+		}
+		grp = getgrnam("pkcs11");
+		if (grp == NULL) {
+			fprintf(stderr, "getgrname(pkcs11): %s",
+					strerror(errno));
+			goto err;
+		}
+		/* set ownership to euid, and pkcs11 group */
+		if (chown(lockdir, geteuid(), grp->gr_gid) != 0) {
+			fprintf(stderr, "Failed to set owner:group \
+					ownership\
+					on %s directory", lockdir);
+			goto err;
+		}
+		/* mkdir does not set group permission right, so
+		 ** trying explictly here again */
+		if (chmod(lockdir, S_IRWXU|S_IRWXG) != 0){
+			fprintf(stderr, "Failed to change \
+					permissions\
+					on %s directory", lockdir);
+			goto err;
+		}
+	}
+
 	/* create user-specific directory */
 	sprintf(lockfile, "%s/%s/%s", LOCKDIR_PATH, SUB_DIR, pw->pw_name);

Places

File ocki-3.5-create-missing-tpm-token-lock-directory.patch of Package openCryptoki

Places