aboutsummaryrefslogtreecommitdiff
path: root/rpc_server.c
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2016-11-14 18:22:15 -0500
committerRob Austein <sra@hactrn.net>2016-11-14 18:22:15 -0500
commit2806585aad4b4910156cbaa24c8ea027c572365f (patch)
tree5a75b0dbd844ed93864a9c647484ce3fbca82ebd /rpc_server.c
parentb448b28f538517556f3d35dee81dbf07d433df60 (diff)
Tweak pkey access control to allow wheel to see keys.
The current pkey access control rules are a bit complex, because they need to support the somewhat complex rules required by PKCS #11. This is fine, as far as it goes, but a strict interpretation leaves HAL_USER_NORMAL as the only user able to see many keys. This is confusing when using the CLI, to put it mildly. HAL_USER_WHEEL is intended for exactly this sort of thing: it's a user ID which, by definition, can never appear in an RPC call from PKCS to see the same keys that HAL_USER_NORMAL would. HAL_USER_SO remains restricted per the PKCS #11 rules.
Diffstat (limited to 'rpc_server.c')
0 files changed, 0 insertions, 0 deletions