Hi Klaus.
Add support --pkcs11user=pkcs11 and --pkcs11group=pkcs11
to configure. To support changing user/group account running
pkcsslotd.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
diff -uprN opencryptoki-2.3.2.orig/configure.in opencryptoki-2.3.2/configure.in
--- opencryptoki-2.3.2.orig/configure.in 2010-07-29 21:28:41.000000000
+0900
+++ opencryptoki-2.3.2/configure.in 2011-01-02 21:11:58.551676300 +0900
@@ -193,6 +193,21 @@ AC_ARG_WITH([xcryptolinz],
[],
[with_xcryptolinz=check])
+dnl --- check for pkcs11 user
+AC_ARG_WITH([pkcs11user],
+ AC_HELP_STRING([--with-pkcs11user[[=USER]]], [set pkcs11 user
[[pkcs11]]]),
+ [pkcs11_user=$withval],
+ [pkcs11_user=pkcs11])
+
+dnl --- check for pkcs11 group
+AC_ARG_WITH(pkcs11group,
+ AC_HELP_STRING([--with-pkcs11group[[=GROUP]]], [set pkcs11 group
[[pkcs11]]]),
+ [pkcs11_group=$withval],
+ [pkcs11_group=pkcs11])
+
+AC_SUBST(PKCS11USER, $pkcs11_user)
+AC_SUBST(PKCS11GROUP, $pkcs11_group)
+
dnl ---
dnl ---
dnl --- Now that we have all the options, let's check for a valid build
diff -uprN opencryptoki-2.3.2.orig/usr/lib/pkcs11/api/shrd_mem.c.in
opencryptoki-2.3.2/usr/lib/pkcs11/api/shrd_mem.c.in
--- opencryptoki-2.3.2.orig/usr/lib/pkcs11/api/shrd_mem.c.in 2010-07-29
21:28:41.000000000 +0900
+++ opencryptoki-2.3.2/usr/lib/pkcs11/api/shrd_mem.c.in 2011-01-02
21:13:12.586673320 +0900
@@ -353,7 +353,7 @@ attach_shared_memory() {
// SAB check for the group id here and membership here as well
- grp = getgrnam("pkcs11");
+ grp = getgrnam(PKCS11GROUP);
if ( grp ) {
int i=0;
char member=0;
diff -uprN opencryptoki-2.3.2.orig/usr/lib/pkcs11/cca_stdll/loadsave.c
opencryptoki-2.3.2/usr/lib/pkcs11/cca_stdll/loadsave.c
--- opencryptoki-2.3.2.orig/usr/lib/pkcs11/cca_stdll/loadsave.c 2010-07-29
21:28:41.000000000 +0900
+++ opencryptoki-2.3.2/usr/lib/pkcs11/cca_stdll/loadsave.c 2011-01-02
21:14:55.028672426 +0900
@@ -51,7 +51,7 @@ set_perm(int file)
// Set absolute permissions or rw-rw-r--
fchmod(file,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH);
- grp = getgrnam("pkcs11"); // Obtain the group id
+ grp = getgrnam(PKCS11GROUP); // Obtain the group id
if (grp){
fchown(file,getuid(),grp->gr_gid); // set ownership to root, and
pkcs11 group
}
diff -uprN opencryptoki-2.3.2.orig/usr/lib/pkcs11/cca_stdll/new_host.c
opencryptoki-2.3.2/usr/lib/pkcs11/cca_stdll/new_host.c
--- opencryptoki-2.3.2.orig/usr/lib/pkcs11/cca_stdll/new_host.c 2010-07-29
21:28:41.000000000 +0900
+++ opencryptoki-2.3.2/usr/lib/pkcs11/cca_stdll/new_host.c 2011-01-02
21:15:19.847672187 +0900
@@ -298,7 +298,7 @@ ST_Initialize(void **FunctionList,
struct group *grp;
int rc = 0;
gid_t gid,egid;
- grp = getgrnam("pkcs11");
+ grp = getgrnam(PKCS11GROUP);
if (grp) {
// Check for member of group..
// SAB get login seems to not work with some
diff -uprN opencryptoki-2.3.2.orig/usr/lib/pkcs11/common/loadsave.c
opencryptoki-2.3.2/usr/lib/pkcs11/common/loadsave.c
--- opencryptoki-2.3.2.orig/usr/lib/pkcs11/common/loadsave.c 2010-07-29
21:28:41.000000000 +0900
+++ opencryptoki-2.3.2/usr/lib/pkcs11/common/loadsave.c 2011-01-02
21:15:41.725673684 +0900
@@ -328,7 +328,7 @@ set_perm(int file)
// Set absolute permissions or rw-rw-r--
fchmod(file,S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH);
- grp = getgrnam("pkcs11"); // Obtain the group id
+ grp = getgrnam(PKCS11GROUP); // Obtain the group id
if (grp){
fchown(file,getuid(),grp->gr_gid); // set ownership to root, and
pkcs11 group
}
diff -uprN opencryptoki-2.3.2.orig/usr/lib/pkcs11/common/new_host.c
opencryptoki-2.3.2/usr/lib/pkcs11/common/new_host.c
--- opencryptoki-2.3.2.orig/usr/lib/pkcs11/common/new_host.c 2010-07-29
21:28:41.000000000 +0900
+++ opencryptoki-2.3.2/usr/lib/pkcs11/common/new_host.c 2011-01-02
21:16:06.748675957 +0900
@@ -576,7 +576,7 @@ ST_Initialize(void **FunctionList,
struct group *grp;
int rc = 0;
gid_t gid,egid;
- grp = getgrnam("pkcs11");
+ grp = getgrnam(PKCS11GROUP);
if (grp) {
// Check for member of group..
// SAB get login seems to not work with some
diff -uprN opencryptoki-2.3.2.orig/usr/lib/pkcs11/tpm_stdll/loadsave.c
opencryptoki-2.3.2/usr/lib/pkcs11/tpm_stdll/loadsave.c
--- opencryptoki-2.3.2.orig/usr/lib/pkcs11/tpm_stdll/loadsave.c 2010-07-29
21:28:41.000000000 +0900
+++ opencryptoki-2.3.2/usr/lib/pkcs11/tpm_stdll/loadsave.c 2011-01-02
21:17:41.491671045 +0900
@@ -339,7 +339,7 @@ set_perm(int file)
fchmod(file,S_IRUSR|S_IWUSR);
#if 0
- grp = getgrnam("pkcs11"); // Obtain the group id
+ grp = getgrnam(PKCS11GROUP); // Obtain the group id
if (grp){
fchown(file,getuid(),grp->gr_gid); // set ownership to root, and pkcs11
group
}
diff -uprN opencryptoki-2.3.2.orig/usr/lib/pkcs11/tpm_stdll/new_host.c
opencryptoki-2.3.2/usr/lib/pkcs11/tpm_stdll/new_host.c
--- opencryptoki-2.3.2.orig/usr/lib/pkcs11/tpm_stdll/new_host.c 2010-07-29
21:28:41.000000000 +0900
+++ opencryptoki-2.3.2/usr/lib/pkcs11/tpm_stdll/new_host.c 2011-01-02
21:18:02.746672482 +0900
@@ -356,7 +356,7 @@ CK_RV ST_Initialize( void **FunctionList
int rc = 0;
int index = 0;
gid_t gid,egid;
- grp = getgrnam("pkcs11");
+ grp = getgrnam(PKCS11GROUP);
if ( grp ) {
// Check for member of group..
diff -uprN opencryptoki-2.3.2.orig/usr/sbin/pkcs11_startup/Makefile.am
opencryptoki-2.3.2/usr/sbin/pkcs11_startup/Makefile.am
--- opencryptoki-2.3.2.orig/usr/sbin/pkcs11_startup/Makefile.am 2010-07-29
21:28:41.000000000 +0900
+++ opencryptoki-2.3.2/usr/sbin/pkcs11_startup/Makefile.am 2011-01-02
21:18:48.216674756 +0900
@@ -12,6 +12,8 @@ pkcs11_startup: pkcs11_startup.in
-e s...@id\@!"@ID@"!g \
-e s...@cat\@!"@CAT@"!g \
-e s...@sed\@!"@SED@"!g \
+ -e s...@pkcs11user\@!"@PKCS11USER@"!g \
+ -e s...@pkcs11group\@!"@PKCS11GROUP@"!g \
-e s...@groupadd\@!"@GROUPADD@"!g \
-e s...@usermod\@!"@USERMOD@"!g < $< > $...@-t
@CHMOD@ +x $...@-t
diff -uprN opencryptoki-2.3.2.orig/usr/sbin/pkcs11_startup/pkcs11_startup.in
opencryptoki-2.3.2/usr/sbin/pkcs11_startup/pkcs11_startup.in
--- opencryptoki-2.3.2.orig/usr/sbin/pkcs11_startup/pkcs11_startup.in
2010-07-29 21:28:41.000000000 +0900
+++ opencryptoki-2.3.2/usr/sbin/pkcs11_startup/pkcs11_startup.in
2011-01-02 21:20:32.779674866 +0900
@@ -310,16 +310,16 @@ rm -f @localstatedir@/lib/opencryptoki/p
# Create the pkcs11 group if it does not exist...
-cat /etc/group|grep pkcs11 >/dev/null 2>&1
+cat /etc/group|grep @PKCS11GROUP@ >/dev/null 2>&1
rc=$?
if [ $rc = 1 ]
then
if [ -x @GROUPADD@ ]
then
- @GROUPADD@ pkcs11 >/dev/null 2>&1
+ @GROUPADD@ @PKCS11GROUP@ >/dev/null 2>&1
else
- echo "Couldn't execute @group...@. Please add the group 'pkcs11'
manually."
+ echo "Couldn't execute @group...@. Please add the group
'@PKCS11GROUP@' manually."
fi
fi
@@ -328,9 +328,9 @@ if [ -x @USERMOD@ -a -x @ID@ ]
then
# add the pkcs group
# replace spaces by commas
- @USERMOD@ -G $( @ID@ --groups --name root | @SED@ -e 'y/ /,/'),pkcs11
root
+ @USERMOD@ -G $( @ID@ --groups --name root | @SED@ -e 'y/
/,/'),@PKCS11GROUP@ root
else
- echo "Couldn't execute @user...@. Please add root to the group 'pkcs11'
manually."
+ echo "Couldn't execute @user...@. Please add root to the group
'@PKCS11GROUP@' manually."
fi
diff -uprN opencryptoki-2.3.2.orig/usr/sbin/pkcs_slot/pkcs_slot.in
opencryptoki-2.3.2/usr/sbin/pkcs_slot/pkcs_slot.in
--- opencryptoki-2.3.2.orig/usr/sbin/pkcs_slot/pkcs_slot.in 2010-07-29
21:28:41.000000000 +0900
+++ opencryptoki-2.3.2/usr/sbin/pkcs_slot/pkcs_slot.in 2011-01-02
21:25:12.917674721 +0900
@@ -360,7 +360,7 @@ DEPTH=$2
if [ ! -d @localstatedir@/lib/opencryptoki ]
then
@MKDIR_P@ @localstatedir@/lib/opencryptoki
- @CHGRP@ pkcs11 @localstatedir@/lib/opencryptoki
+ @CHGRP@ @PKCS11GROUP@ @localstatedir@/lib/opencryptoki
@CHMOD@ -R g+rwX @localstatedir@/lib/opencryptoki
fi
@@ -372,9 +372,9 @@ then
if [ $? -ne 0 ]
then
mkdir $SOFT_DIR
- @CHGRP@ pkcs11 $SOFT_DIR
+ @CHGRP@ @PKCS11GROUP@ $SOFT_DIR
mkdir "$SOFT_DIR"/TOK_OBJ
- @CHGRP@ pkcs11 "$SOFT_DIR"/TOK_OBJ
+ @CHGRP@ @PKCS11GROUP@ "$SOFT_DIR"/TOK_OBJ
fi
SYS_SLOT="Soft"
fi
@@ -386,7 +386,7 @@ then
if [ $? -ne 0 ]
then
mkdir $TPM_DIR
- @CHGRP@ pkcs11 $TPM_DIR
+ @CHGRP@ @PKCS11GROUP@ $TPM_DIR
fi
SYS_SLOT="TPM"
fi
@@ -397,16 +397,16 @@ then
if [ $? -ne 0 ]
then
mkdir $CCA_DIR
- @CHGRP@ pkcs11 $CCA_DIR
+ @CHGRP@ @PKCS11GROUP@ $CCA_DIR
mkdir "$CCA_DIR"/TOK_OBJ
- @CHGRP@ pkcs11 "$CCA_DIR"/TOK_OBJ
+ @CHGRP@ @PKCS11GROUP@ "$CCA_DIR"/TOK_OBJ
fi
SYS_SLOT="CCA"
fi
# If we are using a shallow device, make sure that the directory
# to store token objects is available, if not create it and change
-# the ownership to the pkcs11 group
+# the ownership to the @PKCS11GROUP@ group
if [ $DEPTH = "ica" ]
@@ -415,9 +415,9 @@ then
if [ $? -ne 0 ]
then
mkdir $ICA_DIR
- @CHGRP@ pkcs11 $ICA_DIR
+ @CHGRP@ @PKCS11GROUP@ $ICA_DIR
mkdir "$ICA_DIR"/TOK_OBJ
- @CHGRP@ pkcs11 "$ICA_DIR"/TOK_OBJ
+ @CHGRP@ @PKCS11GROUP@ "$ICA_DIR"/TOK_OBJ
fi
SYS_SLOT="ICA"
fi
@@ -428,9 +428,9 @@ then
if [ $? -ne 0 ]
then
mkdir $BCOM_DIR
- @CHGRP@ pkcs11 $BCOM_DIR
+ @CHGRP@ @PKCS11GROUP@ $BCOM_DIR
mkdir "$BCOM_DIR"/TOK_OBJ
- @CHGRP@ pkcs11 "$BCOM_DIR"/TOK_OBJ
+ @CHGRP@ @PKCS11GROUP@ "$BCOM_DIR"/TOK_OBJ
fi
SYS_SLOT="BCOM"
fi
@@ -441,9 +441,9 @@ then
if [ $? -ne 0 ]
then
mkdir $AEP_DIR
- @CHGRP@ pkcs11 $AEP_DIR
+ @CHGRP@ @PKCS11GROUP@ $AEP_DIR
mkdir "$AEP_DIR"/TOK_OBJ
- @CHGRP@ pkcs11 "$AEP_DIR"/TOK_OBJ
+ @CHGRP@ @PKCS11GROUP@ "$AEP_DIR"/TOK_OBJ
fi
SYS_SLOT="AEP"
fi
@@ -454,9 +454,9 @@ then
if [ $? -ne 0 ]
then
mkdir $CR_DIR
- @CHGRP@ pkcs11 $CR_DIR
+ @CHGRP@ @PKCS11GROUP@ $CR_DIR
mkdir "$CR_DIR"/TOK_OBJ
- @CHGRP@ pkcs11 "$CR_DIR"/TOK_OBJ
+ @CHGRP@ @PKCS11GROUP@ "$CR_DIR"/TOK_OBJ
fi
SYS_SLOT="CRNT"
fi
diff -uprN opencryptoki-2.3.2.orig/usr/sbin/pkcsslotd/shmem.c
opencryptoki-2.3.2/usr/sbin/pkcsslotd/shmem.c
--- opencryptoki-2.3.2.orig/usr/sbin/pkcsslotd/shmem.c 2010-07-29
21:28:41.000000000 +0900
+++ opencryptoki-2.3.2/usr/sbin/pkcsslotd/shmem.c 2011-01-02
21:28:00.449673400 +0900
@@ -338,9 +338,9 @@ int CreateSharedMemory ( void ) {
}
// SAB Get the group information for the PKCS#11 group... fail if
// it does not exist
- grp = getgrnam("pkcs11");
+ grp = getgrnam(PKCS11GROUP);
if ( !grp ) {
- ErrLog("Group PKCS#11 does not exist ");
+ ErrLog("Group " PKCS11GROUP " does not exist ");
return FALSE; // Group does not exist... setup is wrong..
}
@@ -409,9 +409,9 @@ int CreateSharedMemory ( void ) {
int i;
char *buffer;
- grp = getgrnam("pkcs11");
+ grp = getgrnam(PKCS11GROUP);
if ( !grp ) {
- ErrLog("Group \"pkcs11\" does not exist! Please run %s/pkcs11_startup.",
+ ErrLog("Group " PKCS11GROUP " does not exist! Please run
%s/pkcs11_startup.",
SBIN_PATH);
return FALSE; // Group does not exist... setup is wrong..
}
@@ -431,7 +431,7 @@ int CreateSharedMemory ( void ) {
return FALSE;
}
if (fchown(fd, 0, grp->gr_gid) == -1) {
- ErrLog("%s: fchown(%s, root, pkcs11): %s", __FUNCTION__, MAPFILENAME,
+ ErrLog("%s: fchown(%s, root, %s): %s", __FUNCTION__, MAPFILENAME,
PKCS11GROUP,
strerror(errno));
close(fd);
return FALSE;
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Thank you.
--
Norikatsu Shigemura <[email protected]>
------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and,
should the need arise, upgrade to a full multi-node Oracle RAC database
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Opencryptoki-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
