'Re: [Ecryptfs-devel] [PATCH] Fix PKCS#11 transition tree'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ecryptfs-devel
Subject:    Re: [Ecryptfs-devel] [PATCH] Fix PKCS#11 transition tree
From:       Michael Halcrow <mhalcrow () us ! ibm ! com>
Date:       2008-07-21 16:08:20
Message-ID: 20080721160820.GB6754 () halcrowt61p ! austin ! ibm ! com
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


On Thu, Jul 10, 2008 at 07:03:25PM +0300, Alon Bar-Lev wrote:
> 
> Hi!
> 
> Make the optional parameters optional. I did not discover this as it looks like the \
> transition does not remove comment lines... So I had a line with all parameters \
> commented out which was actually parsed. 
> I never understood the transition tree, so if you have more comments
> I will gladly fix.

Merged; in release 51.

> Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
> 
> ---
> 
> diff --git a/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c \
> b/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c index d201191..8f90a8e 100644
> --- a/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c
> +++ b/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c
> @@ -1034,12 +1034,25 @@ static int tf_pkcs11h_provider_private_mask(struct \
> ecryptfs_ctx *ctx, struct par  struct val_node **mnt_params, void **foo)
> {
> 	struct pkcs11h_subgraph_provider_ctx *subgraph_provider_ctx;
> -	CK_RV rv = CKR_FUNCTION_FAILED;
> 	int rc;
> 
> 	subgraph_provider_ctx = (struct pkcs11h_subgraph_provider_ctx *)(*foo);
> 	sscanf (node->val, "%x", &subgraph_provider_ctx->private_mask);
> 
> +	rc = DEFAULT_TOK;
> +	node->val = NULL;
> +out:
> +	return rc;
> +}
> +
> +static int tf_pkcs11h_provider_end(struct ecryptfs_ctx *ctx, struct param_node \
> *node, +			 struct val_node **mnt_params, void **foo)
> +{
> +	struct pkcs11h_subgraph_provider_ctx *subgraph_provider_ctx;
> +	CK_RV rv = CKR_FUNCTION_FAILED;
> +	int rc;
> +
> +	subgraph_provider_ctx = (struct pkcs11h_subgraph_provider_ctx *)(*foo);
> 
> 	if (
> 		(rv = pkcs11h_addProvider (
> @@ -1057,7 +1070,7 @@ static int tf_pkcs11h_provider_private_mask(struct \
> ecryptfs_ctx *ctx, struct par 
> 	tf_ecryptfs_pkcs11h_destroy_subgraph_provider_ctx(subgraph_provider_ctx);
> 	free(subgraph_provider_ctx);
> -	(*foo) = NULL;
> +	*foo = NULL;
> 	rc = DEFAULT_TOK;
> out:
> 	return rc;
> @@ -1224,6 +1237,7 @@ static struct param_node pkcs11h_global_param_nodes[] = {
> #define PKCS11H_PROVIER_TOK_PROT_AUTH 3
> #define PKCS11H_PROVIER_TOK_CERT_PRIVATE 4
> #define PKCS11H_PROVIER_TOK_PRIVATE_MASK 5
> +#define PKCS11H_PROVIER_TOK_END 6
> static struct param_node pkcs11h_provider_param_nodes[] = {
> 
> 	{.num_mnt_opt_names = 1,
> @@ -1237,7 +1251,7 @@ static struct param_node pkcs11h_provider_param_nodes[] = {
> 	 .flags = DISPLAY_TRANSITION_NODE_VALS | ECRYPTFS_PARAM_FLAG_ECHO_INPUT,
> 	 .num_transitions = 1,
> 	 .tl = {{.val = "name",
> -		 .pretty_val = "PKCS#11 Provider Alias",
> +		 .pretty_val = NULL,
> 		 .next_token = &pkcs11h_provider_param_nodes[PKCS11H_PROVIER_TOK_NAME],
> 		 .trans_func = tf_pkcs11h_provider}}},
> 
> @@ -1248,10 +1262,10 @@ static struct param_node pkcs11h_provider_param_nodes[] = {
> 	 .val = NULL,
> 	 .display_opts = NULL,
> 	 .default_val = NULL,
> -	 .flags = ECRYPTFS_PARAM_FLAG_ECHO_INPUT | VERIFY_VALUE,
> +	 .flags = ECRYPTFS_PARAM_FLAG_ECHO_INPUT,
> 	 .num_transitions = 1,
> 	 .tl = {{.val = "library",
> -		 .pretty_val = "PKCS#11 Library",
> +		 .pretty_val = NULL,
> 		 .next_token = &pkcs11h_provider_param_nodes[PKCS11H_PROVIER_TOK_LIBRARY],
> 		 .trans_func = tf_pkcs11h_provider_name}}},
> 
> @@ -1262,10 +1276,10 @@ static struct param_node pkcs11h_provider_param_nodes[] = {
> 	 .val = NULL,
> 	 .display_opts = NULL,
> 	 .default_val = NULL,
> -	 .flags = ECRYPTFS_PARAM_FLAG_ECHO_INPUT | VERIFY_VALUE,
> +	 .flags = ECRYPTFS_PARAM_FLAG_ECHO_INPUT,
> 	 .num_transitions = 1,
> -	 .tl = {{.val = "allow-protected-auth",
> -		 .pretty_val = "Allow Protected Authentication",
> +	 .tl = {{.val = "default",
> +		 .pretty_val = NULL,
> 		 .next_token = &pkcs11h_provider_param_nodes[PKCS11H_PROVIER_TOK_PROT_AUTH],
> 		 .trans_func = tf_pkcs11h_provider_library}}},
> 
> @@ -1276,10 +1290,10 @@ static struct param_node pkcs11h_provider_param_nodes[] = {
> 	 .val = NULL,
> 	 .display_opts = NULL,
> 	 .default_val = "1",
> -	 .flags = ECRYPTFS_PARAM_FLAG_ECHO_INPUT | VERIFY_VALUE,
> +	 .flags = ECRYPTFS_PARAM_FLAG_ECHO_INPUT  | ECRYPTFS_ALLOW_IMPLICIT_TRANSITION,
> 	 .num_transitions = 1,
> -	 .tl = {{.val = "cert-private",
> -		 .pretty_val = "Certificate is private object",
> +	 .tl = {{.val = "default",
> +		 .pretty_val = NULL,
> 		 .next_token = &pkcs11h_provider_param_nodes[PKCS11H_PROVIER_TOK_CERT_PRIVATE],
> 		 .trans_func = tf_pkcs11h_provider_prot_auth}}},
> 
> @@ -1290,10 +1304,10 @@ static struct param_node pkcs11h_provider_param_nodes[] = {
> 	 .val = NULL,
> 	 .display_opts = NULL,
> 	 .default_val = "0",
> -	 .flags = ECRYPTFS_PARAM_FLAG_ECHO_INPUT | VERIFY_VALUE,
> +	 .flags = ECRYPTFS_PARAM_FLAG_ECHO_INPUT,
> 	 .num_transitions = 1,
> -	 .tl = {{.val = "private-mask",
> -		 .pretty_val = "Private Key Mask",
> +	 .tl = {{.val = "default",
> +		 .pretty_val = NULL,
> 		 .next_token = &pkcs11h_provider_param_nodes[PKCS11H_PROVIER_TOK_PRIVATE_MASK],
> 		 .trans_func = tf_pkcs11h_provider_cert_private}}},
> 
> @@ -1304,12 +1318,26 @@ static struct param_node pkcs11h_provider_param_nodes[] = {
> 	 .val = NULL,
> 	 .display_opts = NULL,
> 	 .default_val = "0",
> -	 .flags = ECRYPTFS_PARAM_FLAG_ECHO_INPUT | VERIFY_VALUE,
> +	 .flags = ECRYPTFS_PARAM_FLAG_ECHO_INPUT,
> 	 .num_transitions = 1,
> -	 .tl = {{.val = "pkcs11-provider",
> -		 .pretty_val = "PKCS#11 Provider",
> -		 .next_token = &pkcs11h_provider_param_nodes[PKCS11H_PROVIER_TOK_PROVIDER],
> +	 .tl = {{.val = "default",
> +		 .pretty_val = NULL,
> +		 .next_token = &pkcs11h_provider_param_nodes[PKCS11H_PROVIER_TOK_END],
> 		 .trans_func = tf_pkcs11h_provider_private_mask}}},
> +
> +	{.num_mnt_opt_names = 1,
> +	 .mnt_opt_names = {"dummy"},
> +	 .prompt = "",
> +	 .val_type = VAL_STR,
> +	 .val = NULL,
> +	 .display_opts = NULL,
> +	 .default_val = "",
> +	 .flags = ECRYPTFS_PARAM_FLAG_ECHO_INPUT,
> +	 .num_transitions = 1,
> +	 .tl = {{.val = "default",
> +		 .pretty_val = NULL,
> +		 .next_token = &pkcs11h_provider_param_nodes[PKCS11H_PROVIER_TOK_PROVIDER],
> +		 .trans_func = tf_pkcs11h_provider_end}}},
> };
> 
> #define PKCS11H_KEY_TOK_TOK 0
> 
> -------------------------------------------------------------------------
> Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
> Studies have shown that voting for your favorite open source project,
> along with a healthy diet, reduces your potential for chronic lameness
> and boredom. Vote Now at http://www.sourceforge.net/community/cca08
> _______________________________________________
> eCryptfs-devel mailing list
> eCryptfs-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ecryptfs-devel


[Attachment #5 (application/pgp-signature)]

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

_______________________________________________
eCryptfs-devel mailing list
eCryptfs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ecryptfs-devel


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic