summaryrefslogtreecommitdiff
path: root/trust
diff options
context:
space:
mode:
authorDaiki Ueno <dueno@redhat.com>2018-01-19 15:22:16 +0100
committerDaiki Ueno <ueno@gnu.org>2018-02-05 10:49:35 +0100
commit9616790b9ad4147acd5b11de11d6d79bc9ad807f (patch)
tree01041110e78ded2799fc4e26607ba21a618ca5d2 /trust
parent49d2ededb64197702a8708cb4a453497bc7eaecd (diff)
trust: Forcibly mark "Default Trust" read-only
The "Default Trust" token is typically mounted as $datadir, which is considered as read-only on modern OSes. Suggestd by Kai Engert in: https://bugzilla.redhat.com/show_bug.cgi?id=1523630
Diffstat (limited to 'trust')
-rw-r--r--trust/Makefile.am6
-rw-r--r--trust/frob-token.c2
-rw-r--r--trust/module.c12
-rw-r--r--trust/test-module.c69
-rw-r--r--trust/test-token.c10
-rw-r--r--trust/token.c9
-rw-r--r--trust/token.h8
7 files changed, 101 insertions, 15 deletions
diff --git a/trust/Makefile.am b/trust/Makefile.am
index 59df751..6e52c4d 100644
--- a/trust/Makefile.am
+++ b/trust/Makefile.am
@@ -46,6 +46,8 @@ module_LTLIBRARIES += \
p11-kit-trust.la
p11_kit_trust_la_CFLAGS = \
+ -DP11_DEFAULT_TRUST_PREFIX=DATA_DIR \
+ -DP11_SYSTEM_TRUST_PREFIX=SYSCONFDIR \
$(LIBTASN1_CFLAGS)
p11_kit_trust_la_LIBADD = \
@@ -70,6 +72,8 @@ libtrust_testable_la_LDFLAGS = \
libtrust_testable_la_SOURCES = $(TRUST_SRCS)
libtrust_testable_la_CFLAGS = \
+ -DP11_DEFAULT_TRUST_PREFIX=\"$(builddir)/trust/default\" \
+ -DP11_SYSTEM_TRUST_PREFIX=\"$(builddir)/trust/system\" \
$(LIBTASN1_CFLAGS)
libtrust_testable_la_LIBADD = \
@@ -125,7 +129,7 @@ asn:
# Tests ----------------------------------------------------------------
trust_CFLAGS = \
- $(LIBTASN1_CFLAGS) \
+ $(libtrust_testable_la_CFLAGS) \
$(NULL)
trust_LIBS = \
diff --git a/trust/frob-token.c b/trust/frob-token.c
index 5d57ec1..e079860 100644
--- a/trust/frob-token.c
+++ b/trust/frob-token.c
@@ -52,7 +52,7 @@ main (int argc,
return 2;
}
- token = p11_token_new (1, argv[1], "Label");
+ token = p11_token_new (1, argv[1], "Label", P11_TOKEN_FLAG_NONE);
count = p11_token_load (token);
printf ("%d files loaded\n", count);
diff --git a/trust/module.c b/trust/module.c
index e6fb7a9..e8b7256 100644
--- a/trust/module.c
+++ b/trust/module.c
@@ -198,10 +198,11 @@ create_tokens_inlock (p11_array *tokens,
struct {
const char *prefix;
const char *label;
+ int flags;
} labels[] = {
- { "~/", "User Trust" },
- { DATA_DIR, "Default Trust" },
- { SYSCONFDIR, "System Trust" },
+ { "~/", "User Trust", P11_TOKEN_FLAG_NONE },
+ { P11_DEFAULT_TRUST_PREFIX, "Default Trust", P11_TOKEN_FLAG_WRITE_PROTECTED },
+ { P11_SYSTEM_TRUST_PREFIX, "System Trust", P11_TOKEN_FLAG_NONE },
{ NULL },
};
@@ -210,6 +211,7 @@ create_tokens_inlock (p11_array *tokens,
CK_SLOT_ID slot;
const char *path;
const char *label;
+ int flags;
char *alloc;
char *remaining;
char *base;
@@ -236,12 +238,14 @@ create_tokens_inlock (p11_array *tokens,
slot = BASE_SLOT_ID + tokens->num;
label = NULL;
+ flags = P11_TOKEN_FLAG_NONE;
base = NULL;
/* Claim the various labels based on prefix */
for (i = 0; label == NULL && labels[i].prefix != NULL; i++) {
if (strncmp (path, labels[i].prefix, strlen (labels[i].prefix)) == 0) {
label = labels[i].label;
+ flags = labels[i].flags;
labels[i].label = NULL;
}
}
@@ -252,7 +256,7 @@ create_tokens_inlock (p11_array *tokens,
return_val_if_fail (base != NULL, false);
}
- token = p11_token_new (slot, path, label);
+ token = p11_token_new (slot, path, label, flags);
return_val_if_fail (token != NULL, false);
if (!p11_array_push (tokens, token))
diff --git a/trust/test-module.c b/trust/test-module.c
index 36fbfe4..e05ea22 100644
--- a/trust/test-module.c
+++ b/trust/test-module.c
@@ -315,8 +315,8 @@ test_get_token_info (void)
memset (&args, 0, sizeof (args));
args.pReserved = "paths='" \
- SYSCONFDIR "/trust/input" P11_PATH_SEP \
- DATA_DIR "/trust/fixtures/blah" P11_PATH_SEP \
+ P11_SYSTEM_TRUST_PREFIX "/trust/input" P11_PATH_SEP \
+ P11_DEFAULT_TRUST_PREFIX "/trust/fixtures/blah" P11_PATH_SEP \
"/some/other/path/the-basename'";
args.flags = CKF_OS_LOCKING_OK;
@@ -1217,6 +1217,68 @@ test_modify_and_write (void)
test_check_attrs (expected, parsed->elem[0]);
}
+static void
+test_token_write_protected (void)
+{
+ CK_C_INITIALIZE_ARGS args;
+ CK_FUNCTION_LIST *module;
+ CK_SLOT_ID slots[NUM_SLOTS];
+ CK_TOKEN_INFO info;
+ char label[32];
+ CK_ULONG count;
+ CK_RV rv;
+ int i;
+
+ /* These are the paths passed in in setup() */
+ const char *labels[] = {
+ "System Trust",
+ "Default Trust",
+ "the-basename",
+ };
+
+ /* This is the entry point of the trust module, linked to this test */
+ rv = C_GetFunctionList (&module);
+ assert (rv == CKR_OK);
+
+ memset (&args, 0, sizeof (args));
+ args.pReserved = "paths='" \
+ P11_SYSTEM_TRUST_PREFIX "/trust/input" P11_PATH_SEP \
+ P11_DEFAULT_TRUST_PREFIX "/trust/fixtures/blah" P11_PATH_SEP \
+ "/some/other/path/the-basename'";
+ args.flags = CKF_OS_LOCKING_OK;
+
+ rv = module->C_Initialize (&args);
+ assert (rv == CKR_OK);
+
+ count = NUM_SLOTS;
+ rv = module->C_GetSlotList (CK_TRUE, slots, &count);
+ assert (rv == CKR_OK);
+ assert (count == NUM_SLOTS);
+
+ for (i = 0; i < NUM_SLOTS; i++) {
+ rv = module->C_GetTokenInfo (slots[i], &info);
+ assert_num_eq (CKR_OK, rv);
+
+ memset (label, ' ', sizeof (label));
+ memcpy (label, labels[i], strlen (labels[i]));
+ assert (memcmp (info.label, label, sizeof (label)) == 0);
+
+ switch (i) {
+ case 0:
+ assert_num_cmp (0, ==, info.flags & CKF_WRITE_PROTECTED);
+ break;
+ case 1:
+ assert_num_cmp (0, !=, info.flags & CKF_WRITE_PROTECTED);
+ break;
+ default:
+ break;
+ }
+ }
+
+ rv = module->C_Finalize (NULL);
+ assert_num_eq (CKR_OK, rv);
+}
+
int
main (int argc,
char *argv[])
@@ -1257,5 +1319,8 @@ main (int argc,
p11_test (test_create_and_write, "/module/create-and-write");
p11_test (test_modify_and_write, "/module/modify-and-write");
+ p11_fixture (NULL, NULL);
+ p11_test (test_token_write_protected, "/module/token-write-protected");
+
return p11_test_run (argc, argv);
}
diff --git a/trust/test-token.c b/trust/test-token.c
index 0206bc1..b2f2323 100644
--- a/trust/test-token.c
+++ b/trust/test-token.c
@@ -63,7 +63,7 @@ struct {
static void
setup (void *path)
{
- test.token = p11_token_new (333, path, "Label");
+ test.token = p11_token_new (333, path, "Label", P11_TOKEN_FLAG_NONE);
assert_ptr_not_null (test.token);
test.index = p11_token_index (test.token);
@@ -241,18 +241,18 @@ test_not_writable (void)
#ifdef OS_UNIX
if (getuid () != 0) {
#endif
- token = p11_token_new (333, "/", "Label");
+ token = p11_token_new (333, "/", "Label", P11_TOKEN_FLAG_NONE);
assert (!p11_token_is_writable (token));
p11_token_free (token);
#ifdef OS_UNIX
}
#endif
- token = p11_token_new (333, "", "Label");
+ token = p11_token_new (333, "", "Label", P11_TOKEN_FLAG_NONE);
assert (!p11_token_is_writable (token));
p11_token_free (token);
- token = p11_token_new (333, "/non-existant", "Label");
+ token = p11_token_new (333, "/non-existant", "Label", P11_TOKEN_FLAG_NONE);
assert (!p11_token_is_writable (token));
p11_token_free (token);
}
@@ -276,7 +276,7 @@ test_writable_no_exist (void)
path = p11_path_build (directory, "subdir", NULL);
assert (path != NULL);
- token = p11_token_new (333, path, "Label");
+ token = p11_token_new (333, path, "Label", P11_TOKEN_FLAG_NONE);
free (path);
/* A writable directory since parent is writable */
diff --git a/trust/token.c b/trust/token.c
index df6f727..4cbcc77 100644
--- a/trust/token.c
+++ b/trust/token.c
@@ -817,7 +817,8 @@ p11_token_free (p11_token *token)
p11_token *
p11_token_new (CK_SLOT_ID slot,
const char *path,
- const char *label)
+ const char *label,
+ int flags)
{
p11_token *token;
@@ -859,6 +860,12 @@ p11_token_new (CK_SLOT_ID slot,
token->slot = slot;
+ if (flags & P11_TOKEN_FLAG_WRITE_PROTECTED) {
+ token->checked_path = true;
+ token->make_directory = false;
+ token->is_writable = false;
+ }
+
load_builtin_objects (token);
p11_debug ("token: %s: %s", token->label, token->path);
diff --git a/trust/token.h b/trust/token.h
index 1180b27..87641d0 100644
--- a/trust/token.h
+++ b/trust/token.h
@@ -40,11 +40,17 @@
#include "parser.h"
#include "pkcs11.h"
+enum {
+ P11_TOKEN_FLAG_NONE = 0,
+ P11_TOKEN_FLAG_WRITE_PROTECTED = 1 << 0,
+};
+
typedef struct _p11_token p11_token;
p11_token * p11_token_new (CK_SLOT_ID slot,
const char *path,
- const char *label);
+ const char *label,
+ int flags);
void p11_token_free (p11_token *token);