//
// Will fill out the Slot_Mgr_Socket_t structure in the Anchor global data
// structure with the values passed by the pkcsslotd via a socket RPC.
int
init_socket_data() {
int socketfd;
struct sockaddr_un daemon_address;
struct stat file_info;
struct group *grp;
int n, bytes_received = 0;
Slot_Mgr_Socket_t *daemon_socket_data = NULL;
int ret = FALSE;
if (stat(SOCKET_FILE_PATH, &file_info)) {
OCK_SYSLOG(LOG_ERR, "init_socket_data: failed to find socket file, errno=%d", errno);
return FALSE;
}
grp = getgrnam("pkcs11");
if ( !grp ) {
OCK_SYSLOG(LOG_ERR, "init_socket_data: pkcs11 group does not exist, errno=%d", errno);
return FALSE;
}
if (file_info.st_uid != 0 || file_info.st_gid != grp->gr_gid) {
OCK_SYSLOG(LOG_ERR, "init_socket_data: incorrect permissions on socket file");
return FALSE;
}
if ((socketfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
OCK_SYSLOG(LOG_ERR, "init_socket_data: failed to create socket, errno=%d", errno);
return FALSE;
}
memset(&daemon_address, 0, sizeof(struct sockaddr_un));
daemon_address.sun_family = AF_UNIX;
strcpy(daemon_address.sun_path, SOCKET_FILE_PATH);
if (connect(socketfd, (struct sockaddr *) &daemon_address,
sizeof(struct sockaddr_un)) != 0) {
OCK_SYSLOG(LOG_ERR, "init_socket_data: failed to connect to slotmanager daemon, errno=%d",
errno);
goto exit;
}
// allocate data buffer
daemon_socket_data = (Slot_Mgr_Socket_t*) malloc(sizeof(*daemon_socket_data));
if (!daemon_socket_data) {
OCK_SYSLOG(LOG_ERR, "init_socket_data: failed to \
allocate %lu bytes \
for daemon data, errno=%d",
sizeof(*daemon_socket_data), errno);
goto exit;
}
//
// Will fill out the Slot_Mgr_Socket_t structure in the Anchor global data
// structure with the values passed by the pkcsslotd via a socket RPC.
int
init_socket_data() {
int socketfd;
struct sockaddr_un daemon_address;
struct stat file_info;
struct group *grp;
int bytes_received;
Slot_Mgr_Socket_t daemon_socket_data;
if (stat(SOCKET_FILE_PATH, &file_info)) {
OCK_SYSLOG(LOG_ERR, "init_socket_data: failed to find socket file, errno=%d", errno);
return FALSE;
}
grp = getgrnam("pkcs11");
if ( !grp ) {
OCK_SYSLOG(LOG_ERR, "init_socket_data: pkcs11 group does not exist, errno=%d", errno);
return FALSE;
}
if (file_info.st_uid != 0 || file_info.st_gid != grp->gr_gid) {
OCK_SYSLOG(LOG_ERR, "init_socket_data: incorrect permissions on socket file");
return FALSE;
}
if ((socketfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
OCK_SYSLOG(LOG_ERR, "init_socket_data: failed to create socket, errno=%d", errno);
return FALSE;
}
memset(&daemon_address, 0, sizeof(struct sockaddr_un));
daemon_address.sun_family = AF_UNIX;
strcpy(daemon_address.sun_path, SOCKET_FILE_PATH);
if (connect(socketfd, (struct sockaddr *) &daemon_address,
sizeof(struct sockaddr_un)) != 0) {
OCK_SYSLOG(LOG_ERR, "init_socket_data: failed to connect to slot manager daemon, errno=%d", errno);
close(socketfd);
return FALSE;
}
bytes_received = read(socketfd, &daemon_socket_data,
sizeof(daemon_socket_data));
if (bytes_received != sizeof(daemon_socket_data)) {
OCK_SYSLOG(LOG_ERR, "init_socket_data: did not recieve expected number of bytes from slot manager daemon. Expected %zd bytes, got %d bytes.",
sizeof(daemon_socket_data), bytes_received);
}
close(socketfd);
memcpy(&(Anchor->SocketDataP), &daemon_socket_data,
sizeof(Slot_Mgr_Socket_t));
return TRUE;
}
CK_RV CreateXProcLock(void)
{
CK_BYTE lockfile[PATH_MAX];
struct group *grp;
struct stat statbuf;
mode_t mode = (S_IRUSR | S_IRGRP);
if (spinxplfd == -1) {
if (token_specific.t_creatlock != NULL) {
spinxplfd = token_specific.t_creatlock();
if (spinxplfd != -1)
return CKR_OK;
else
return CKR_FUNCTION_FAILED;
}
/* create user lock file */
sprintf(lockfile, "%s/%s/LCK..%s",
LOCKDIR_PATH, SUB_DIR, SUB_DIR);
if (stat(lockfile, &statbuf) == 0)
spinxplfd = open(lockfile, O_RDONLY, mode);
else {
spinxplfd = open(lockfile, O_CREAT | O_RDONLY, mode);
if (spinxplfd != -1) {
/* umask may prevent correct mode,so set it. */
if (fchmod(spinxplfd, mode) == -1) {
OCK_SYSLOG(LOG_ERR, "fchmod(%s): %s\n",
lockfile, strerror(errno));
goto err;
}
grp = getgrnam("pkcs11");
if (grp != NULL) {
if (fchown(spinxplfd, -1, grp->gr_gid)
== -1) {
OCK_SYSLOG(LOG_ERR,
"fchown(%s): %s\n",
lockfile,
strerror(errno));
goto err;
}
} else {
OCK_SYSLOG(LOG_ERR, "getgrnam(): %s\n",
strerror(errno));
goto err;
}
}
}
if (spinxplfd == -1) {
OCK_SYSLOG(LOG_ERR, "open(%s): %s\n",
lockfile, strerror(errno));
return CKR_FUNCTION_FAILED;
}
}
return CKR_OK;
err:
if (spinxplfd != -1)
close(spinxplfd);
return CKR_FUNCTION_FAILED;
}
CK_RV
CreateXProcLock(void)
{
CK_BYTE lockfile[PATH_MAX];
struct passwd *pw = NULL;
struct stat statbuf;
mode_t mode = (S_IRUSR|S_IWUSR|S_IXUSR);
/* see if it exists */
if (spinxplfd == -1) {
/* get userid */
if ((pw = getpwuid(getuid())) == NULL) {
OCK_SYSLOG(LOG_ERR, "getpwuid(): %s\n",strerror(errno));
return CKR_FUNCTION_FAILED;
}
/* create user-specific directory */
sprintf(lockfile, "%s/%s/%s",
LOCKDIR_PATH, SUB_DIR, pw->pw_name);
/* see if it exists, otherwise mkdir will fail */
if (stat(lockfile, &statbuf) < 0) {
if (mkdir(lockfile, mode) == -1) {
OCK_SYSLOG(LOG_ERR, "mkdir(%s): %s\n",
lockfile, strerror(errno));
return CKR_FUNCTION_FAILED;
}
/* ensure correct perms on user dir */
if (chmod(lockfile, mode) == -1) {
OCK_SYSLOG(LOG_ERR, "chmod(%s): %s\n",
lockfile, strerror(errno));
return CKR_FUNCTION_FAILED;
}
}
/* create user lock file */
memset(lockfile, 0, PATH_MAX);
sprintf(lockfile, "%s/%s/%s/LCK..%s",
LOCKDIR_PATH, SUB_DIR, pw->pw_name, SUB_DIR);
spinxplfd = open(lockfile, O_CREAT|O_RDWR, mode);
if (spinxplfd == -1) {
OCK_SYSLOG(LOG_ERR, "open(%s): %s\n",
lockfile, strerror(errno));
return CKR_FUNCTION_FAILED;
} else {
/* umask may prevent correct mode, so set it. */
if (fchmod(spinxplfd, mode) == -1) {
OCK_SYSLOG(LOG_ERR, "fchmod(%s): %s\n",
lockfile, strerror(errno));
goto err;
}
}
}
return CKR_OK;
err:
if (spinxplfd != -1)
close(spinxplfd);
return CKR_FUNCTION_FAILED;
}
