diff options
| author | Rob Austein <sra@hactrn.net> | 2016-11-14 18:22:15 -0500 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2016-11-14 18:22:15 -0500 |
| commit | 2806585aad4b4910156cbaa24c8ea027c572365f (patch) | |
| tree | 5a75b0dbd844ed93864a9c647484ce3fbca82ebd | |
| parent | b448b28f538517556f3d35dee81dbf07d433df60 (diff) | |
Tweak pkey access control to allow wheel to see keys.
The current pkey access control rules are a bit complex, because they
need to support the somewhat complex rules required by PKCS #11. This
is fine, as far as it goes, but a strict interpretation leaves
HAL_USER_NORMAL as the only user able to see many keys. This is
confusing when using the CLI, to put it mildly.
HAL_USER_WHEEL is intended for exactly this sort of thing: it's a user
ID which, by definition, can never appear in an RPC call from PKCS
to see the same keys that HAL_USER_NORMAL would.
HAL_USER_SO remains restricted per the PKCS #11 rules.
| -rw-r--r-- | rpc_pkey.c | 12 |
1 files changed, 10 insertions, 2 deletions
@@ -138,13 +138,21 @@ static inline hal_pkey_slot_t *find_handle(const hal_pkey_handle_t handle) * need to refactor. */ +static inline hal_error_t check_normal_or_wheel(const hal_client_handle_t client) +{ + const hal_error_t err = hal_rpc_is_logged_in(client, HAL_USER_NORMAL); + return (err == HAL_ERROR_FORBIDDEN + ? hal_rpc_is_logged_in(client, HAL_USER_WHEEL) + : err); +} + static inline hal_error_t check_readable(const hal_client_handle_t client, const hal_key_flags_t flags) { if ((flags & HAL_KEY_FLAG_PUBLIC) != 0) return HAL_OK; - return hal_rpc_is_logged_in(client, HAL_USER_NORMAL); + return check_normal_or_wheel(client); } static inline hal_error_t check_writable(const hal_client_handle_t client, @@ -153,7 +161,7 @@ static inline hal_error_t check_writable(const hal_client_handle_t client, if ((flags & (HAL_KEY_FLAG_TOKEN | HAL_KEY_FLAG_PUBLIC)) == HAL_KEY_FLAG_PUBLIC) return HAL_OK; - return hal_rpc_is_logged_in(client, HAL_USER_NORMAL); + return check_normal_or_wheel(client); } /* |