From 9616790b9ad4147acd5b11de11d6d79bc9ad807f Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Fri, 19 Jan 2018 15:22:16 +0100 Subject: trust: Forcibly mark "Default Trust" read-only The "Default Trust" token is typically mounted as $datadir, which is considered as read-only on modern OSes. Suggestd by Kai Engert in: https://bugzilla.redhat.com/show_bug.cgi?id=1523630 --- trust/Makefile.am | 6 ++++- trust/frob-token.c | 2 +- trust/module.c | 12 ++++++---- trust/test-module.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++-- trust/test-token.c | 10 ++++---- trust/token.c | 9 ++++++- trust/token.h | 8 ++++++- 7 files changed, 101 insertions(+), 15 deletions(-) (limited to 'trust') diff --git a/trust/Makefile.am b/trust/Makefile.am index 59df751..6e52c4d 100644 --- a/trust/Makefile.am +++ b/trust/Makefile.am @@ -46,6 +46,8 @@ module_LTLIBRARIES += \ p11-kit-trust.la p11_kit_trust_la_CFLAGS = \ + -DP11_DEFAULT_TRUST_PREFIX=DATA_DIR \ + -DP11_SYSTEM_TRUST_PREFIX=SYSCONFDIR \ $(LIBTASN1_CFLAGS) p11_kit_trust_la_LIBADD = \ @@ -70,6 +72,8 @@ libtrust_testable_la_LDFLAGS = \ libtrust_testable_la_SOURCES = $(TRUST_SRCS) libtrust_testable_la_CFLAGS = \ + -DP11_DEFAULT_TRUST_PREFIX=\"$(builddir)/trust/default\" \ + -DP11_SYSTEM_TRUST_PREFIX=\"$(builddir)/trust/system\" \ $(LIBTASN1_CFLAGS) libtrust_testable_la_LIBADD = \ @@ -125,7 +129,7 @@ asn: # Tests ---------------------------------------------------------------- trust_CFLAGS = \ - $(LIBTASN1_CFLAGS) \ + $(libtrust_testable_la_CFLAGS) \ $(NULL) trust_LIBS = \ diff --git a/trust/frob-token.c b/trust/frob-token.c index 5d57ec1..e079860 100644 --- a/trust/frob-token.c +++ b/trust/frob-token.c @@ -52,7 +52,7 @@ main (int argc, return 2; } - token = p11_token_new (1, argv[1], "Label"); + token = p11_token_new (1, argv[1], "Label", P11_TOKEN_FLAG_NONE); count = p11_token_load (token); printf ("%d files loaded\n", count); diff --git a/trust/module.c b/trust/module.c index e6fb7a9..e8b7256 100644 --- a/trust/module.c +++ b/trust/module.c @@ -198,10 +198,11 @@ create_tokens_inlock (p11_array *tokens, struct { const char *prefix; const char *label; + int flags; } labels[] = { - { "~/", "User Trust" }, - { DATA_DIR, "Default Trust" }, - { SYSCONFDIR, "System Trust" }, + { "~/", "User Trust", P11_TOKEN_FLAG_NONE }, + { P11_DEFAULT_TRUST_PREFIX, "Default Trust", P11_TOKEN_FLAG_WRITE_PROTECTED }, + { P11_SYSTEM_TRUST_PREFIX, "System Trust", P11_TOKEN_FLAG_NONE }, { NULL }, }; @@ -210,6 +211,7 @@ create_tokens_inlock (p11_array *tokens, CK_SLOT_ID slot; const char *path; const char *label; + int flags; char *alloc; char *remaining; char *base; @@ -236,12 +238,14 @@ create_tokens_inlock (p11_array *tokens, slot = BASE_SLOT_ID + tokens->num; label = NULL; + flags = P11_TOKEN_FLAG_NONE; base = NULL; /* Claim the various labels based on prefix */ for (i = 0; label == NULL && labels[i].prefix != NULL; i++) { if (strncmp (path, labels[i].prefix, strlen (labels[i].prefix)) == 0) { label = labels[i].label; + flags = labels[i].flags; labels[i].label = NULL; } } @@ -252,7 +256,7 @@ create_tokens_inlock (p11_array *tokens, return_val_if_fail (base != NULL, false); } - token = p11_token_new (slot, path, label); + token = p11_token_new (slot, path, label, flags); return_val_if_fail (token != NULL, false); if (!p11_array_push (tokens, token)) diff --git a/trust/test-module.c b/trust/test-module.c index 36fbfe4..e05ea22 100644 --- a/trust/test-module.c +++ b/trust/test-module.c @@ -315,8 +315,8 @@ test_get_token_info (void) memset (&args, 0, sizeof (args)); args.pReserved = "paths='" \ - SYSCONFDIR "/trust/input" P11_PATH_SEP \ - DATA_DIR "/trust/fixtures/blah" P11_PATH_SEP \ + P11_SYSTEM_TRUST_PREFIX "/trust/input" P11_PATH_SEP \ + P11_DEFAULT_TRUST_PREFIX "/trust/fixtures/blah" P11_PATH_SEP \ "/some/other/path/the-basename'"; args.flags = CKF_OS_LOCKING_OK; @@ -1217,6 +1217,68 @@ test_modify_and_write (void) test_check_attrs (expected, parsed->elem[0]); } +static void +test_token_write_protected (void) +{ + CK_C_INITIALIZE_ARGS args; + CK_FUNCTION_LIST *module; + CK_SLOT_ID slots[NUM_SLOTS]; + CK_TOKEN_INFO info; + char label[32]; + CK_ULONG count; + CK_RV rv; + int i; + + /* These are the paths passed in in setup() */ + const char *labels[] = { + "System Trust", + "Default Trust", + "the-basename", + }; + + /* This is the entry point of the trust module, linked to this test */ + rv = C_GetFunctionList (&module); + assert (rv == CKR_OK); + + memset (&args, 0, sizeof (args)); + args.pReserved = "paths='" \ + P11_SYSTEM_TRUST_PREFIX "/trust/input" P11_PATH_SEP \ + P11_DEFAULT_TRUST_PREFIX "/trust/fixtures/blah" P11_PATH_SEP \ + "/some/other/path/the-basename'"; + args.flags = CKF_OS_LOCKING_OK; + + rv = module->C_Initialize (&args); + assert (rv == CKR_OK); + + count = NUM_SLOTS; + rv = module->C_GetSlotList (CK_TRUE, slots, &count); + assert (rv == CKR_OK); + assert (count == NUM_SLOTS); + + for (i = 0; i < NUM_SLOTS; i++) { + rv = module->C_GetTokenInfo (slots[i], &info); + assert_num_eq (CKR_OK, rv); + + memset (label, ' ', sizeof (label)); + memcpy (label, labels[i], strlen (labels[i])); + assert (memcmp (info.label, label, sizeof (label)) == 0); + + switch (i) { + case 0: + assert_num_cmp (0, ==, info.flags & CKF_WRITE_PROTECTED); + break; + case 1: + assert_num_cmp (0, !=, info.flags & CKF_WRITE_PROTECTED); + break; + default: + break; + } + } + + rv = module->C_Finalize (NULL); + assert_num_eq (CKR_OK, rv); +} + int main (int argc, char *argv[]) @@ -1257,5 +1319,8 @@ main (int argc, p11_test (test_create_and_write, "/module/create-and-write"); p11_test (test_modify_and_write, "/module/modify-and-write"); + p11_fixture (NULL, NULL); + p11_test (test_token_write_protected, "/module/token-write-protected"); + return p11_test_run (argc, argv); } diff --git a/trust/test-token.c b/trust/test-token.c index 0206bc1..b2f2323 100644 --- a/trust/test-token.c +++ b/trust/test-token.c @@ -63,7 +63,7 @@ struct { static void setup (void *path) { - test.token = p11_token_new (333, path, "Label"); + test.token = p11_token_new (333, path, "Label", P11_TOKEN_FLAG_NONE); assert_ptr_not_null (test.token); test.index = p11_token_index (test.token); @@ -241,18 +241,18 @@ test_not_writable (void) #ifdef OS_UNIX if (getuid () != 0) { #endif - token = p11_token_new (333, "/", "Label"); + token = p11_token_new (333, "/", "Label", P11_TOKEN_FLAG_NONE); assert (!p11_token_is_writable (token)); p11_token_free (token); #ifdef OS_UNIX } #endif - token = p11_token_new (333, "", "Label"); + token = p11_token_new (333, "", "Label", P11_TOKEN_FLAG_NONE); assert (!p11_token_is_writable (token)); p11_token_free (token); - token = p11_token_new (333, "/non-existant", "Label"); + token = p11_token_new (333, "/non-existant", "Label", P11_TOKEN_FLAG_NONE); assert (!p11_token_is_writable (token)); p11_token_free (token); } @@ -276,7 +276,7 @@ test_writable_no_exist (void) path = p11_path_build (directory, "subdir", NULL); assert (path != NULL); - token = p11_token_new (333, path, "Label"); + token = p11_token_new (333, path, "Label", P11_TOKEN_FLAG_NONE); free (path); /* A writable directory since parent is writable */ diff --git a/trust/token.c b/trust/token.c index df6f727..4cbcc77 100644 --- a/trust/token.c +++ b/trust/token.c @@ -817,7 +817,8 @@ p11_token_free (p11_token *token) p11_token * p11_token_new (CK_SLOT_ID slot, const char *path, - const char *label) + const char *label, + int flags) { p11_token *token; @@ -859,6 +860,12 @@ p11_token_new (CK_SLOT_ID slot, token->slot = slot; + if (flags & P11_TOKEN_FLAG_WRITE_PROTECTED) { + token->checked_path = true; + token->make_directory = false; + token->is_writable = false; + } + load_builtin_objects (token); p11_debug ("token: %s: %s", token->label, token->path); diff --git a/trust/token.h b/trust/token.h index 1180b27..87641d0 100644 --- a/trust/token.h +++ b/trust/token.h @@ -40,11 +40,17 @@ #include "parser.h" #include "pkcs11.h" +enum { + P11_TOKEN_FLAG_NONE = 0, + P11_TOKEN_FLAG_WRITE_PROTECTED = 1 << 0, +}; + typedef struct _p11_token p11_token; p11_token * p11_token_new (CK_SLOT_ID slot, const char *path, - const char *label); + const char *label, + int flags); void p11_token_free (p11_token *token); -- cgit v1.1