[Cryptech-Commits] [sw/libhal] 03/03: Tweak pkey access control to allow wheel to see keys.

git at cryptech.is git at cryptech.is
Mon Nov 14 23:30:32 UTC 2016


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch ksng
in repository sw/libhal.

commit 2806585aad4b4910156cbaa24c8ea027c572365f
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Mon Nov 14 18:22:15 2016 -0500

    Tweak pkey access control to allow wheel to see keys.
    
    The current pkey access control rules are a bit complex, because they
    need to support the somewhat complex rules required by PKCS #11.  This
    is fine, as far as it goes, but a strict interpretation leaves
    HAL_USER_NORMAL as the only user able to see many keys.  This is
    confusing when using the CLI, to put it mildly.
    
    HAL_USER_WHEEL is intended for exactly this sort of thing: it's a user
    ID which, by definition, can never appear in an RPC call from PKCS
    to see the same keys that HAL_USER_NORMAL would.
    
    HAL_USER_SO remains restricted per the PKCS #11 rules.
---
 rpc_pkey.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/rpc_pkey.c b/rpc_pkey.c
index 52b6b0e..3788f5e 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -138,13 +138,21 @@ static inline hal_pkey_slot_t *find_handle(const hal_pkey_handle_t handle)
  * need to refactor.
  */
 
+static inline hal_error_t check_normal_or_wheel(const hal_client_handle_t client)
+{
+  const hal_error_t err = hal_rpc_is_logged_in(client, HAL_USER_NORMAL);
+  return (err == HAL_ERROR_FORBIDDEN
+          ? hal_rpc_is_logged_in(client, HAL_USER_WHEEL)
+          : err);
+}
+
 static inline hal_error_t check_readable(const hal_client_handle_t client,
                                          const hal_key_flags_t flags)
 {
   if ((flags & HAL_KEY_FLAG_PUBLIC) != 0)
     return HAL_OK;
 
-  return hal_rpc_is_logged_in(client, HAL_USER_NORMAL);
+  return check_normal_or_wheel(client);
 }
 
 static inline hal_error_t check_writable(const hal_client_handle_t client,
@@ -153,7 +161,7 @@ static inline hal_error_t check_writable(const hal_client_handle_t client,
   if ((flags & (HAL_KEY_FLAG_TOKEN | HAL_KEY_FLAG_PUBLIC)) == HAL_KEY_FLAG_PUBLIC)
     return HAL_OK;
 
-  return hal_rpc_is_logged_in(client, HAL_USER_NORMAL);
+  return check_normal_or_wheel(client);
 }
 
 /*



More information about the Commits mailing list