File ocki-3.1_06_0002-Fix-failure-when-confname-is-not-given-use-default-e.patch of Package openCryptoki.1904
From 401de8a8b5131c8dea1eade85c00e248198dc916 Mon Sep 17 00:00:00 2001
From: Harald Freudenberger <freude@linux.vnet.ibm.com>
Date: Wed, 2 Apr 2014 12:05:12 -0500
Subject: [PATCH 2/6] Fix failure when confname is not given, use default
ep11tok.conf instead.
Slight rework on the way how the ep11 token config file is found:
If env has no OCK_EP11_TOKEN_DIR
if confname is not null, try to use it
if this fails, try ock default config dir + confname
if this fails, try ock default config dir + ep11tok.conf
if OCK_EP11_TOKEN_DIR given then
if confname is not null, try OCK_EP11_TOKEN_DIR + confname
if this fails, try OCK_EP11_TOKEN_DIR + ep11tok.conf
if still unsuccessful then token init will fail.
Signed-off-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
---
usr/lib/pkcs11/ep11_stdll/ep11_specific.c | 85 +++++++++++++++++++------------
1 file changed, 52 insertions(+), 33 deletions(-)
diff --git a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c
index 4e3703b..0eea8c9 100644
--- a/usr/lib/pkcs11/ep11_stdll/ep11_specific.c
+++ b/usr/lib/pkcs11/ep11_stdll/ep11_specific.c
@@ -993,6 +993,7 @@ static const char* ep11_get_ckm(CK_ULONG mechanism)
static CK_RV h_opaque_2_blob(CK_OBJECT_HANDLE handle,
CK_BYTE **blob, size_t *blob_len);
+#define EP11_DEFAULT_CFG_FILE "ep11tok.conf"
#define EP11_CFG_FILE_SIZE 4096
/* error rc for reading the adapter config file */
@@ -1271,6 +1272,13 @@ CK_RV token_specific_init(char *Correlator, CK_SLOT_ID SlotNumber, char *conf_na
}
}
EP11TOK_LOG(1,"init running");
+
+ /* read ep11 specific config file with user specified adapter/domain pairs, loglevel, ... */
+ rc = read_adapter_config_file(conf_name);
+ if (rc != CKR_OK) {
+ EP11TOK_ELOG(1,"ep11 config file error rc=0x%lx", rc);
+ return CKR_GENERAL_ERROR;
+ }
/* wrap key name */
memset(wrap_key_name, 0, sizeof(wrap_key_name));
@@ -1297,14 +1305,7 @@ CK_RV token_specific_init(char *Correlator, CK_SLOT_ID SlotNumber, char *conf_na
return CKR_DEVICE_ERROR;
}
#endif
-
- /* user specified adapter/domain pairs the token is supposed to use */
- rc = read_adapter_config_file(conf_name);
- if (rc != CKR_OK) {
- EP11TOK_ELOG(1,"adapter config file error rc=0x%lx", rc);
- return CKR_GENERAL_ERROR;
- }
-
+
/* print mechanismlist to log file */
rc = print_mechanism();
if (rc != CKR_OK) {
@@ -3753,40 +3754,57 @@ static int read_adapter_config_file(const char* conf_name)
if (ep11_initialized) {
return 0;
}
-
+
memset(fname,0,PATH_MAX);
-
- if (!conf_name) {
- /* no conf_name was given, should not happen */
- EP11TOK_ELOG(1,"no conf_name argument found");
- return APQN_FILE_INV_1;
- }
/* via envrionment variable it is possible to overwrite the
- * config file given in the opencryptoki.conf. Then we use
- * $OCK_EP11_TOKEN_DIR/ock_ep11_token.conf.
+ * directory where the ep11 token config file is searched.
*/
if (conf_dir) {
- snprintf(fname, sizeof(fname), "%s/%s", conf_dir, conf_name);
- ap_fp = fopen(fname,"r");
- }
-
- /* if there was no environment variable or fopen failed, use the
- * default given from opencryptoki.conf via conf_name argument.
- */
- if (!ap_fp) {
- snprintf(fname, sizeof(fname), "%s/%s", OCK_CONFDIR, conf_name);
- ap_fp = fopen(fname,"r");
+ if (conf_name && strlen(conf_name) > 0) {
+ /* extract filename part from conf_name */
+ for (i=strlen(conf_name)-1; i >= 0 && conf_name[i] != '/'; i--);
+ if (i < strlen(conf_name)-1) {
+ snprintf(fname, sizeof(fname), "%s/%s", conf_dir, conf_name+i+1);
+ fname[sizeof(fname)-1] = '\0';
+ ap_fp = fopen(fname,"r");
+ EP11TOK_LOG(2,"fopen('%s') failed with errno %d", fname, errno);
+ }
+ }
+ if (!ap_fp) {
+ snprintf(fname, sizeof(fname), "%s/%s", conf_dir, EP11_DEFAULT_CFG_FILE);
+ fname[sizeof(fname)-1] = '\0';
+ ap_fp = fopen(fname,"r");
+ EP11TOK_LOG(2,"fopen('%s') failed with errno %d", fname, errno);
+ }
+ } else {
+ if (conf_name && strlen(conf_name) > 0) {
+ strncpy(fname, conf_name, sizeof(fname));
+ fname[sizeof(fname)-1] = '\0';
+ ap_fp = fopen(fname,"r");
+ if (!ap_fp) {
+ EP11TOK_LOG(2,"fopen('%s') failed with errno %d", fname, errno);
+ snprintf(fname, sizeof(fname), "%s/%s", OCK_CONFDIR, conf_name);
+ fname[sizeof(fname)-1] = '\0';
+ ap_fp = fopen(fname,"r");
+ if (!ap_fp) EP11TOK_LOG(2,"fopen('%s') failed with errno %d", fname, errno);
+ }
+ } else {
+ snprintf(fname, sizeof(fname), "%s/%s", OCK_CONFDIR, EP11_DEFAULT_CFG_FILE);
+ fname[sizeof(fname)-1] = '\0';
+ ap_fp = fopen(fname,"r");
+ if (!ap_fp) EP11TOK_LOG(2,"fopen('%s') failed with errno %d", fname, errno);
+ }
}
-
+
/* now we should really have an open ep11 token config file */
if (!ap_fp) {
EP11TOK_ELOG(1,"no valid EP 11 config file found");
return APQN_FILE_INV_2;
}
-
+
EP11TOK_LOG(2,"EP 11 token config file is '%s'", fname);
-
+
/* read config file line by line,
* ignore empty and # and copy rest into file buf
*/
@@ -3811,13 +3829,13 @@ static int read_adapter_config_file(const char* conf_name)
}
ep11_targets.length = 0;
-
+
for (i=0,j=0,str=filebuf; rc == 0; str=NULL) {
/* strtok tokenizes the string,
* delimiters are newline and whitespace.
*/
token = strtok(str, "\n\t ");
-
+
if (i == 0) {
/* expecting APQN_WHITELIST or APQN_BLACKLIST
* or APQN_ANY or LOGLEVEL or eof.
@@ -3906,7 +3924,8 @@ static int read_adapter_config_file(const char* conf_name)
/* do some checks: */
if (rc == 0) {
if ( !(whitemode || blackmode || anymode)) {
- EP11TOK_ELOG(1,"At least one APQN mode needs to be present in configfile: APQN_WHITEMODE or APQN_BLACKMODE or APQN_ANY");
+ EP11TOK_ELOG(1,"At least one APQN mode needs to be present in configfile:"
+ " APQN_WHITEMODE or APQN_BLACKMODE or APQN_ANY");
rc = APQN_FILE_NO_APQN_MODE;
} else if (whitemode || blackmode) {
/* at least one APQN needs to be defined */
--
1.7.12.4
