diff options
author | Rob Austein <sra@hactrn.net> | 2016-11-14 18:22:15 -0500 |
---|---|---|
committer | Rob Austein <sra@hactrn.net> | 2016-11-14 18:22:15 -0500 |
commit | 2806585aad4b4910156cbaa24c8ea027c572365f (patch) | |
tree | 5a75b0dbd844ed93864a9c647484ce3fbca82ebd /rpc_server.c | |
parent | b448b28f538517556f3d35dee81dbf07d433df60 (diff) |
Tweak pkey access control to allow wheel to see keys.
The current pkey access control rules are a bit complex, because they
need to support the somewhat complex rules required by PKCS #11. This
is fine, as far as it goes, but a strict interpretation leaves
HAL_USER_NORMAL as the only user able to see many keys. This is
confusing when using the CLI, to put it mildly.
HAL_USER_WHEEL is intended for exactly this sort of thing: it's a user
ID which, by definition, can never appear in an RPC call from PKCS
to see the same keys that HAL_USER_NORMAL would.
HAL_USER_SO remains restricted per the PKCS #11 rules.
Diffstat (limited to 'rpc_server.c')
0 files changed, 0 insertions, 0 deletions