// // Will fill out the Slot_Mgr_Socket_t structure in the Anchor global data // structure with the values passed by the pkcsslotd via a socket RPC. int init_socket_data() { int socketfd; struct sockaddr_un daemon_address; struct stat file_info; struct group *grp; int n, bytes_received = 0; Slot_Mgr_Socket_t *daemon_socket_data = NULL; int ret = FALSE; if (stat(SOCKET_FILE_PATH, &file_info)) { OCK_SYSLOG(LOG_ERR, "init_socket_data: failed to find socket file, errno=%d", errno); return FALSE; } grp = getgrnam("pkcs11"); if ( !grp ) { OCK_SYSLOG(LOG_ERR, "init_socket_data: pkcs11 group does not exist, errno=%d", errno); return FALSE; } if (file_info.st_uid != 0 || file_info.st_gid != grp->gr_gid) { OCK_SYSLOG(LOG_ERR, "init_socket_data: incorrect permissions on socket file"); return FALSE; } if ((socketfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) { OCK_SYSLOG(LOG_ERR, "init_socket_data: failed to create socket, errno=%d", errno); return FALSE; } memset(&daemon_address, 0, sizeof(struct sockaddr_un)); daemon_address.sun_family = AF_UNIX; strcpy(daemon_address.sun_path, SOCKET_FILE_PATH); if (connect(socketfd, (struct sockaddr *) &daemon_address, sizeof(struct sockaddr_un)) != 0) { OCK_SYSLOG(LOG_ERR, "init_socket_data: failed to connect to slotmanager daemon, errno=%d", errno); goto exit; } // allocate data buffer daemon_socket_data = (Slot_Mgr_Socket_t*) malloc(sizeof(*daemon_socket_data)); if (!daemon_socket_data) { OCK_SYSLOG(LOG_ERR, "init_socket_data: failed to \ allocate %lu bytes \ for daemon data, errno=%d", sizeof(*daemon_socket_data), errno); goto exit; }
// // Will fill out the Slot_Mgr_Socket_t structure in the Anchor global data // structure with the values passed by the pkcsslotd via a socket RPC. int init_socket_data() { int socketfd; struct sockaddr_un daemon_address; struct stat file_info; struct group *grp; int bytes_received; Slot_Mgr_Socket_t daemon_socket_data; if (stat(SOCKET_FILE_PATH, &file_info)) { OCK_SYSLOG(LOG_ERR, "init_socket_data: failed to find socket file, errno=%d", errno); return FALSE; } grp = getgrnam("pkcs11"); if ( !grp ) { OCK_SYSLOG(LOG_ERR, "init_socket_data: pkcs11 group does not exist, errno=%d", errno); return FALSE; } if (file_info.st_uid != 0 || file_info.st_gid != grp->gr_gid) { OCK_SYSLOG(LOG_ERR, "init_socket_data: incorrect permissions on socket file"); return FALSE; } if ((socketfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) { OCK_SYSLOG(LOG_ERR, "init_socket_data: failed to create socket, errno=%d", errno); return FALSE; } memset(&daemon_address, 0, sizeof(struct sockaddr_un)); daemon_address.sun_family = AF_UNIX; strcpy(daemon_address.sun_path, SOCKET_FILE_PATH); if (connect(socketfd, (struct sockaddr *) &daemon_address, sizeof(struct sockaddr_un)) != 0) { OCK_SYSLOG(LOG_ERR, "init_socket_data: failed to connect to slot manager daemon, errno=%d", errno); close(socketfd); return FALSE; } bytes_received = read(socketfd, &daemon_socket_data, sizeof(daemon_socket_data)); if (bytes_received != sizeof(daemon_socket_data)) { OCK_SYSLOG(LOG_ERR, "init_socket_data: did not recieve expected number of bytes from slot manager daemon. Expected %zd bytes, got %d bytes.", sizeof(daemon_socket_data), bytes_received); } close(socketfd); memcpy(&(Anchor->SocketDataP), &daemon_socket_data, sizeof(Slot_Mgr_Socket_t)); return TRUE; }
CK_RV CreateXProcLock(void) { CK_BYTE lockfile[PATH_MAX]; struct group *grp; struct stat statbuf; mode_t mode = (S_IRUSR | S_IRGRP); if (spinxplfd == -1) { if (token_specific.t_creatlock != NULL) { spinxplfd = token_specific.t_creatlock(); if (spinxplfd != -1) return CKR_OK; else return CKR_FUNCTION_FAILED; } /* create user lock file */ sprintf(lockfile, "%s/%s/LCK..%s", LOCKDIR_PATH, SUB_DIR, SUB_DIR); if (stat(lockfile, &statbuf) == 0) spinxplfd = open(lockfile, O_RDONLY, mode); else { spinxplfd = open(lockfile, O_CREAT | O_RDONLY, mode); if (spinxplfd != -1) { /* umask may prevent correct mode,so set it. */ if (fchmod(spinxplfd, mode) == -1) { OCK_SYSLOG(LOG_ERR, "fchmod(%s): %s\n", lockfile, strerror(errno)); goto err; } grp = getgrnam("pkcs11"); if (grp != NULL) { if (fchown(spinxplfd, -1, grp->gr_gid) == -1) { OCK_SYSLOG(LOG_ERR, "fchown(%s): %s\n", lockfile, strerror(errno)); goto err; } } else { OCK_SYSLOG(LOG_ERR, "getgrnam(): %s\n", strerror(errno)); goto err; } } } if (spinxplfd == -1) { OCK_SYSLOG(LOG_ERR, "open(%s): %s\n", lockfile, strerror(errno)); return CKR_FUNCTION_FAILED; } } return CKR_OK; err: if (spinxplfd != -1) close(spinxplfd); return CKR_FUNCTION_FAILED; }
CK_RV CreateXProcLock(void) { CK_BYTE lockfile[PATH_MAX]; struct passwd *pw = NULL; struct stat statbuf; mode_t mode = (S_IRUSR|S_IWUSR|S_IXUSR); /* see if it exists */ if (spinxplfd == -1) { /* get userid */ if ((pw = getpwuid(getuid())) == NULL) { OCK_SYSLOG(LOG_ERR, "getpwuid(): %s\n",strerror(errno)); return CKR_FUNCTION_FAILED; } /* create user-specific directory */ sprintf(lockfile, "%s/%s/%s", LOCKDIR_PATH, SUB_DIR, pw->pw_name); /* see if it exists, otherwise mkdir will fail */ if (stat(lockfile, &statbuf) < 0) { if (mkdir(lockfile, mode) == -1) { OCK_SYSLOG(LOG_ERR, "mkdir(%s): %s\n", lockfile, strerror(errno)); return CKR_FUNCTION_FAILED; } /* ensure correct perms on user dir */ if (chmod(lockfile, mode) == -1) { OCK_SYSLOG(LOG_ERR, "chmod(%s): %s\n", lockfile, strerror(errno)); return CKR_FUNCTION_FAILED; } } /* create user lock file */ memset(lockfile, 0, PATH_MAX); sprintf(lockfile, "%s/%s/%s/LCK..%s", LOCKDIR_PATH, SUB_DIR, pw->pw_name, SUB_DIR); spinxplfd = open(lockfile, O_CREAT|O_RDWR, mode); if (spinxplfd == -1) { OCK_SYSLOG(LOG_ERR, "open(%s): %s\n", lockfile, strerror(errno)); return CKR_FUNCTION_FAILED; } else { /* umask may prevent correct mode, so set it. */ if (fchmod(spinxplfd, mode) == -1) { OCK_SYSLOG(LOG_ERR, "fchmod(%s): %s\n", lockfile, strerror(errno)); goto err; } } } return CKR_OK; err: if (spinxplfd != -1) close(spinxplfd); return CKR_FUNCTION_FAILED; }