diff options
author | roeber%netscape.com <devnull@localhost> | 2000-05-16 01:54:46 +0000 |
---|---|---|
committer | roeber%netscape.com <devnull@localhost> | 2000-05-16 01:54:46 +0000 |
commit | 8989b2ad574b932e7a47af0e289bbafbda32f102 (patch) | |
tree | 4a0f29985c708654ffbee6ce3e9ac80dfb7af747 | |
parent | 6b9e59c07f1703acd6889fc8b43a418284afb385 (diff) | |
download | nss-hg-8989b2ad574b932e7a47af0e289bbafbda32f102.tar.gz |
Properly deregister shadow objects of session objects
-rw-r--r-- | security/nss/lib/ckfw/ckfw.h | 24 | ||||
-rw-r--r-- | security/nss/lib/ckfw/object.c | 34 | ||||
-rw-r--r-- | security/nss/lib/ckfw/session.c | 109 |
3 files changed, 166 insertions, 1 deletions
diff --git a/security/nss/lib/ckfw/ckfw.h b/security/nss/lib/ckfw/ckfw.h index baf1e1e84..2e83f8c35 100644 --- a/security/nss/lib/ckfw/ckfw.h +++ b/security/nss/lib/ckfw/ckfw.h @@ -1205,6 +1205,8 @@ nssCKFWMechanism_GetInHardware * nssCKFWSession_SetMDSession * nssCKFWSession_SetHandle * nssCKFWSession_GetHandle + * nssCKFWSession_RegisterSessionObject + * nssCKFWSession_DeregisterSessionObject * * -- module fronts -- * nssCKFWSession_GetDeviceError @@ -1374,6 +1376,28 @@ nssCKFWSession_GetHandle ); /* + * nssCKFWSession_RegisterSessionObject + * + */ +NSS_EXTERN CK_RV +nssCKFWSession_RegisterSessionObject +( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +); + +/* + * nssCKFWSession_DeregisterSessionObject + * + */ +NSS_EXTERN CK_RV +nssCKFWSession_DeregisterSessionObject +( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +); + +/* * nssCKFWSession_GetDeviceError * */ diff --git a/security/nss/lib/ckfw/object.c b/security/nss/lib/ckfw/object.c index 633209ffc..ec8dfd6d5 100644 --- a/security/nss/lib/ckfw/object.c +++ b/security/nss/lib/ckfw/object.c @@ -236,6 +236,8 @@ nssCKFWObject_Finalize NSSCKFWObject *fwObject ) { + nssCKFWHash *mdObjectHash; + #ifdef NSSDEBUG if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { return; @@ -250,6 +252,12 @@ nssCKFWObject_Finalize fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance); } + mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken); + if( (nssCKFWHash *)NULL != mdObjectHash ) { + nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject); + } + + nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject); nss_ZFreeIf(fwObject); #ifdef DEBUG @@ -269,6 +277,8 @@ nssCKFWObject_Destroy NSSCKFWObject *fwObject ) { + nssCKFWHash *mdObjectHash; + #ifdef NSSDEBUG if( CKR_OK != nssCKFWObject_verifyPointer(fwObject) ) { return; @@ -283,6 +293,12 @@ nssCKFWObject_Destroy fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance); } + mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken); + if( (nssCKFWHash *)NULL != mdObjectHash ) { + nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject); + } + + nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject); nss_ZFreeIf(fwObject); #ifdef DEBUG @@ -741,6 +757,24 @@ nssCKFWObject_SetAttribute (void)nssCKFWMutex_Unlock(fwObject->mutex); /* + * Either remove or add this to the list of session objects + */ + + if( CK_FALSE == *(CK_BBOOL *)value->data ) { + /* + * New one is a session object, except since we "stole" the fwObject, it's + * not in the list. Add it. + */ + nssCKFWSession_RegisterSessionObject(fwObject->fwSession, fwObject); + } else { + /* + * New one is a token object, except since we "stole" the fwObject, it's + * in the list. Remove it. + */ + nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject); + } + + /* * Now delete the old object. Remember the names have changed. */ nssCKFWObject_Destroy(newFwObject); diff --git a/security/nss/lib/ckfw/session.c b/security/nss/lib/ckfw/session.c index d9e39f2ab..e12c74b8b 100644 --- a/security/nss/lib/ckfw/session.c +++ b/security/nss/lib/ckfw/session.c @@ -74,6 +74,8 @@ static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; * nssCKFWSession_SetMDSession * nssCKFWSession_SetHandle * nssCKFWSession_GetHandle + * nssCKFWSession_RegisterSessionObject + * nssCKFWSession_DeegisterSessionObject * * -- module fronts -- * nssCKFWSession_GetDeviceError @@ -109,6 +111,7 @@ struct NSSCKFWSessionStr { CK_BBOOL rw; NSSCKFWFindObjects *fwFindObjects; + nssCKFWHash *sessionObjectHash; CK_SESSION_HANDLE hSession; }; @@ -209,6 +212,14 @@ nssCKFWSession_Create fwSession->fwFindObjects = (NSSCKFWFindObjects *)NULL; + fwSession->sessionObjectHash = nssCKFWHash_Create(fwSession->fwInstance, arena, pError); + if( (nssCKFWHash *)NULL == fwSession->sessionObjectHash ) { + if( CKR_OK == *pError ) { + *pError = CKR_GENERAL_ERROR; + } + goto loser; + } + #ifdef DEBUG *pError = session_add_pointer(fwSession); if( CKR_OK != *pError ) { @@ -220,12 +231,27 @@ nssCKFWSession_Create loser: if( (NSSArena *)NULL != arena ) { + if( (nssCKFWHash *)NULL != fwSession->sessionObjectHash ) { + (void)nssCKFWHash_Destroy(fwSession->sessionObjectHash); + } NSSArena_Destroy(arena); } return (NSSCKFWSession *)NULL; } +static void +nss_ckfw_session_object_destroy_iterator +( + const void *key, + void *value, + void *closure +) +{ + NSSCKFWObject *fwObject = (NSSCKFWObject *)value; + nssCKFWObject_Finalize(fwObject); +} + /* * nssCKFWSession_Destroy * @@ -238,6 +264,7 @@ nssCKFWSession_Destroy ) { CK_RV error = CKR_OK; + nssCKFWHash *sessionObjectHash; #ifdef NSSDEBUG error = nssCKFWSession_verifyPointer(fwSession); @@ -254,9 +281,17 @@ nssCKFWSession_Destroy * Invalidate session objects */ + sessionObjectHash = fwSession->sessionObjectHash; + fwSession->sessionObjectHash = (nssCKFWHash *)NULL; + + nssCKFWHash_Iterate(sessionObjectHash, + nss_ckfw_session_object_destroy_iterator, + (void *)NULL); + #ifdef DEBUG (void)session_remove_pointer(fwSession); #endif /* DEBUG */ + (void)nssCKFWHash_Destroy(sessionObjectHash); NSSArena_Destroy(fwSession->arena); return error; @@ -580,6 +615,56 @@ nssCKFWSession_GetHandle } /* + * nssCKFWSession_RegisterSessionObject + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_RegisterSessionObject +( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +) +{ + CK_RV rv = CKR_OK; + +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { + return CKR_GENERAL_ERROR; + } +#endif /* NSSDEBUG */ + + if( (nssCKFWHash *)NULL != fwSession->sessionObjectHash ) { + rv = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject); + } + + return rv; +} + +/* + * nssCKFWSession_DeregisterSessionObject + * + */ +NSS_IMPLEMENT CK_RV +nssCKFWSession_DeregisterSessionObject +( + NSSCKFWSession *fwSession, + NSSCKFWObject *fwObject +) +{ +#ifdef NSSDEBUG + if( CKR_OK != nssCKFWSession_verifyPointer(fwSession) ) { + return CKR_GENERAL_ERROR; + } +#endif /* NSSDEBUG */ + + if( (nssCKFWHash *)NULL != fwSession->sessionObjectHash ) { + nssCKFWHash_Remove(fwSession->sessionObjectHash, fwObject); + } + + return CKR_OK; +} + +/* * nssCKFWSession_GetDeviceError * */ @@ -1185,6 +1270,7 @@ nssCKFWSession_CreateObject NSSArena *arena; NSSCKMDObject *mdObject; NSSCKFWObject *fwObject; + CK_BBOOL isTokenObject; #ifdef NSSDEBUG if( (CK_RV *)NULL == pError ) { @@ -1211,7 +1297,8 @@ nssCKFWSession_CreateObject * Here would be an excellent place to sanity-check the object. */ - if( CK_TRUE == nss_attributes_form_token_object(pTemplate, ulAttributeCount) ) { + isTokenObject = nss_attributes_form_token_object(pTemplate, ulAttributeCount); + if( CK_TRUE == isTokenObject ) { /* === TOKEN OBJECT === */ if( (void *)NULL == (void *)fwSession->mdSession->CreateObject ) { @@ -1286,6 +1373,16 @@ nssCKFWSession_CreateObject return (NSSCKFWObject *)NULL; } + + if( CK_FALSE == isTokenObject ) { + if( CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, fwObject) ) { + *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject); + if( CKR_OK != *pError ) { + nssCKFWObject_Finalize(fwObject); + return (NSSCKFWObject *)NULL; + } + } + } return fwObject; } @@ -1400,6 +1497,16 @@ nssCKFWSession_CopyObject return (NSSCKFWObject *)NULL; } + if( CK_FALSE == newIsToken ) { + if( CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, rv) ) { + *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, rv, rv); + if( CKR_OK != *pError ) { + nssCKFWObject_Finalize(rv); + return (NSSCKFWObject *)NULL; + } + } + } + return rv; } else { /* use create object */ |