trust: Forcibly mark "Default Trust" read-only

The "Default Trust" token is typically mounted as $datadir, which is
considered as read-only on modern OSes.

Suggestd by Kai Engert in:
https://bugzilla.redhat.com/show_bug.cgi?id=1523630

diff --git a/trust/Makefile.am b/trust/Makefile.am
index 59df75145923924fc675849cd789eabf42a4ddac..6e52c4d4bc8aba00b974293e2eac5cfc4ce095b3 100644 (file)
--- a/trust/Makefile.am
+++ b/trust/Makefile.am
@@ -46,6 +46,8 @@ module_LTLIBRARIES += \
        p11-kit-trust.la
 
 p11_kit_trust_la_CFLAGS = \
+       -DP11_DEFAULT_TRUST_PREFIX=DATA_DIR \
+       -DP11_SYSTEM_TRUST_PREFIX=SYSCONFDIR \
        $(LIBTASN1_CFLAGS)
 
 p11_kit_trust_la_LIBADD = \
@@ -70,6 +72,8 @@ libtrust_testable_la_LDFLAGS = \
 libtrust_testable_la_SOURCES = $(TRUST_SRCS)
 
 libtrust_testable_la_CFLAGS = \
+       -DP11_DEFAULT_TRUST_PREFIX=\"$(builddir)/trust/default\" \
+       -DP11_SYSTEM_TRUST_PREFIX=\"$(builddir)/trust/system\" \
        $(LIBTASN1_CFLAGS)
 
 libtrust_testable_la_LIBADD = \
@@ -125,7 +129,7 @@ asn:
 # Tests ----------------------------------------------------------------
 
 trust_CFLAGS = \
-        $(LIBTASN1_CFLAGS) \
+        $(libtrust_testable_la_CFLAGS) \
        $(NULL)
 
 trust_LIBS = \

diff --git a/trust/frob-token.c b/trust/frob-token.c
index 5d57ec194cb84ede5fd0fe4622ffe69fbae4bc7a..e0798608880d1a6fb23d86bfd94dd676d8406566 100644 (file)
--- a/trust/frob-token.c
+++ b/trust/frob-token.c
@@ -52,7 +52,7 @@ main (int argc,
                return 2;
        }
 
-       token = p11_token_new (1, argv[1], "Label");
+       token = p11_token_new (1, argv[1], "Label", P11_TOKEN_FLAG_NONE);
        count = p11_token_load (token);
 
        printf ("%d files loaded\n", count);

diff --git a/trust/module.c b/trust/module.c
index e6fb7a9062e4ba858c356e017431e7fcbed05a8a..e8b725631a99f0b4fc313784da4f58fc4d77e9ba 100644 (file)
--- a/trust/module.c
+++ b/trust/module.c
@@ -198,10 +198,11 @@ create_tokens_inlock (p11_array *tokens,
        struct {
                const char *prefix;
                const char *label;
+               int flags;
        } labels[] = {
-               { "~/", "User Trust" },
-               { DATA_DIR, "Default Trust" },
-               { SYSCONFDIR, "System Trust" },
+               { "~/", "User Trust", P11_TOKEN_FLAG_NONE },
+               { P11_DEFAULT_TRUST_PREFIX, "Default Trust", P11_TOKEN_FLAG_WRITE_PROTECTED },
+               { P11_SYSTEM_TRUST_PREFIX, "System Trust", P11_TOKEN_FLAG_NONE },
                { NULL },
        };
 
@@ -210,6 +211,7 @@ create_tokens_inlock (p11_array *tokens,
        CK_SLOT_ID slot;
        const char *path;
        const char *label;
+       int flags;
        char *alloc;
        char *remaining;
        char *base;
@@ -236,12 +238,14 @@ create_tokens_inlock (p11_array *tokens,
                        slot = BASE_SLOT_ID + tokens->num;
 
                        label = NULL;
+                       flags = P11_TOKEN_FLAG_NONE;
                        base = NULL;
 
                        /* Claim the various labels based on prefix */
                        for (i = 0; label == NULL && labels[i].prefix != NULL; i++) {
                                if (strncmp (path, labels[i].prefix, strlen (labels[i].prefix)) == 0) {
                                        label = labels[i].label;
+                                       flags = labels[i].flags;
                                        labels[i].label = NULL;
                                }
                        }
@@ -252,7 +256,7 @@ create_tokens_inlock (p11_array *tokens,
                                return_val_if_fail (base != NULL, false);
                        }
 
-                       token = p11_token_new (slot, path, label);
+                       token = p11_token_new (slot, path, label, flags);
                        return_val_if_fail (token != NULL, false);
 
                        if (!p11_array_push (tokens, token))

diff --git a/trust/test-module.c b/trust/test-module.c
index 36fbfe4ef32f9dc2a81c1698908b87a85f9e5eae..e05ea227589a2241a5b1555c1b885c91561dc823 100644 (file)
--- a/trust/test-module.c
+++ b/trust/test-module.c
@@ -315,8 +315,8 @@ test_get_token_info (void)
 
        memset (&args, 0, sizeof (args));
        args.pReserved = "paths='" \
-               SYSCONFDIR "/trust/input" P11_PATH_SEP \
-               DATA_DIR "/trust/fixtures/blah" P11_PATH_SEP \
+               P11_SYSTEM_TRUST_PREFIX "/trust/input" P11_PATH_SEP \
+               P11_DEFAULT_TRUST_PREFIX "/trust/fixtures/blah" P11_PATH_SEP \
                "/some/other/path/the-basename'";
        args.flags = CKF_OS_LOCKING_OK;
 
@@ -1217,6 +1217,68 @@ test_modify_and_write (void)
        test_check_attrs (expected, parsed->elem[0]);
 }
 
+static void
+test_token_write_protected (void)
+{
+       CK_C_INITIALIZE_ARGS args;
+       CK_FUNCTION_LIST *module;
+       CK_SLOT_ID slots[NUM_SLOTS];
+       CK_TOKEN_INFO info;
+       char label[32];
+       CK_ULONG count;
+       CK_RV rv;
+       int i;
+
+       /* These are the paths passed in in setup() */
+       const char *labels[] = {
+               "System Trust",
+               "Default Trust",
+               "the-basename",
+       };
+
+       /* This is the entry point of the trust module, linked to this test */
+       rv = C_GetFunctionList (&module);
+       assert (rv == CKR_OK);
+
+       memset (&args, 0, sizeof (args));
+       args.pReserved = "paths='" \
+               P11_SYSTEM_TRUST_PREFIX "/trust/input" P11_PATH_SEP \
+               P11_DEFAULT_TRUST_PREFIX "/trust/fixtures/blah" P11_PATH_SEP \
+               "/some/other/path/the-basename'";
+       args.flags = CKF_OS_LOCKING_OK;
+
+       rv = module->C_Initialize (&args);
+       assert (rv == CKR_OK);
+
+       count = NUM_SLOTS;
+       rv = module->C_GetSlotList (CK_TRUE, slots, &count);
+       assert (rv == CKR_OK);
+       assert (count == NUM_SLOTS);
+
+       for (i = 0; i < NUM_SLOTS; i++) {
+               rv = module->C_GetTokenInfo (slots[i], &info);
+               assert_num_eq (CKR_OK, rv);
+
+               memset (label, ' ', sizeof (label));
+               memcpy (label, labels[i], strlen (labels[i]));
+               assert (memcmp (info.label, label, sizeof (label)) == 0);
+
+               switch (i) {
+               case 0:
+                       assert_num_cmp (0, ==, info.flags & CKF_WRITE_PROTECTED);
+                       break;
+               case 1:
+                       assert_num_cmp (0, !=, info.flags & CKF_WRITE_PROTECTED);
+                       break;
+               default:
+                       break;
+               }
+       }
+
+       rv = module->C_Finalize (NULL);
+       assert_num_eq (CKR_OK, rv);
+}
+
 int
 main (int argc,
       char *argv[])
@@ -1257,5 +1319,8 @@ main (int argc,
        p11_test (test_create_and_write, "/module/create-and-write");
        p11_test (test_modify_and_write, "/module/modify-and-write");
 
+       p11_fixture (NULL, NULL);
+       p11_test (test_token_write_protected, "/module/token-write-protected");
+
        return p11_test_run (argc, argv);
 }

diff --git a/trust/test-token.c b/trust/test-token.c
index 0206bc179739db6d5a12e83ad2db46d273c9cd08..b2f2323bc29a8ca871cf64434ceaabac8b779329 100644 (file)
--- a/trust/test-token.c
+++ b/trust/test-token.c
@@ -63,7 +63,7 @@ struct {
 static void
 setup (void *path)
 {
-       test.token = p11_token_new (333, path, "Label");
+       test.token = p11_token_new (333, path, "Label", P11_TOKEN_FLAG_NONE);
        assert_ptr_not_null (test.token);
 
        test.index = p11_token_index (test.token);
@@ -241,18 +241,18 @@ test_not_writable (void)
 #ifdef OS_UNIX
        if (getuid () != 0) {
 #endif
-               token = p11_token_new (333, "/", "Label");
+               token = p11_token_new (333, "/", "Label", P11_TOKEN_FLAG_NONE);
                assert (!p11_token_is_writable (token));
                p11_token_free (token);
 #ifdef OS_UNIX
        }
 #endif
 
-       token = p11_token_new (333, "", "Label");
+       token = p11_token_new (333, "", "Label", P11_TOKEN_FLAG_NONE);
        assert (!p11_token_is_writable (token));
        p11_token_free (token);
 
-       token = p11_token_new (333, "/non-existant", "Label");
+       token = p11_token_new (333, "/non-existant", "Label", P11_TOKEN_FLAG_NONE);
        assert (!p11_token_is_writable (token));
        p11_token_free (token);
 }
@@ -276,7 +276,7 @@ test_writable_no_exist (void)
        path = p11_path_build (directory, "subdir", NULL);
        assert (path != NULL);
 
-       token = p11_token_new (333, path, "Label");
+       token = p11_token_new (333, path, "Label", P11_TOKEN_FLAG_NONE);
        free (path);
 
        /* A writable directory since parent is writable */

diff --git a/trust/token.c b/trust/token.c
index df6f7271377d4671cd4d3b3f055b692be6003e54..4cbcc77844a7a804a020000d127a41ec7bde3495 100644 (file)
--- a/trust/token.c
+++ b/trust/token.c
@@ -817,7 +817,8 @@ p11_token_free (p11_token *token)
 p11_token *
 p11_token_new (CK_SLOT_ID slot,
                const char *path,
-               const char *label)
+               const char *label,
+               int flags)
 {
        p11_token *token;
 
@@ -859,6 +860,12 @@ p11_token_new (CK_SLOT_ID slot,
 
        token->slot = slot;
 
+       if (flags & P11_TOKEN_FLAG_WRITE_PROTECTED) {
+               token->checked_path = true;
+               token->make_directory = false;
+               token->is_writable = false;
+       }
+
        load_builtin_objects (token);
 
        p11_debug ("token: %s: %s", token->label, token->path);

diff --git a/trust/token.h b/trust/token.h
index 1180b27f7faaf59915f883f9dd8e17bbf19fc8d5..87641d0d8769fda60d16b134079de5c49585603a 100644 (file)
--- a/trust/token.h
+++ b/trust/token.h
@@ -40,11 +40,17 @@
 #include "parser.h"
 #include "pkcs11.h"
 
+enum {
+       P11_TOKEN_FLAG_NONE = 0,
+       P11_TOKEN_FLAG_WRITE_PROTECTED = 1 << 0,
+};
+
 typedef struct _p11_token p11_token;
 
 p11_token *     p11_token_new         (CK_SLOT_ID slot,
                                        const char *path,
-                                       const char *label);
+                                       const char *label,
+                                       int flags);
 
 void            p11_token_free        (p11_token *token);