usr/src/lib/pkcs11/pkcs11_tpm/common/sess_mgr.c

root/usr/src/lib/pkcs11/pkcs11_tpm/common/sess_mgr.c
/*
 *              Common Public License Version 0.5
 *
 *              THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF
 *              THIS COMMON PUBLIC LICENSE ("AGREEMENT"). ANY USE,
 *              REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES
 *              RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
 *
 *              1. DEFINITIONS
 *
 *              "Contribution" means:
 *                    a) in the case of the initial Contributor, the
 *                    initial code and documentation distributed under
 *                    this Agreement, and
 *
 *                    b) in the case of each subsequent Contributor:
 *                    i) changes to the Program, and
 *                    ii) additions to the Program;
 *
 *                    where such changes and/or additions to the Program
 *                    originate from and are distributed by that
 *                    particular Contributor. A Contribution 'originates'
 *                    from a Contributor if it was added to the Program
 *                    by such Contributor itself or anyone acting on such
 *                    Contributor's behalf. Contributions do not include
 *                    additions to the Program which: (i) are separate
 *                    modules of software distributed in conjunction with
 *                    the Program under their own license agreement, and
 *                    (ii) are not derivative works of the Program.
 *
 *
 *              "Contributor" means any person or entity that distributes
 *              the Program.
 *
 *              "Licensed Patents " mean patent claims licensable by a
 *              Contributor which are necessarily infringed by the use or
 *              sale of its Contribution alone or when combined with the
 *              Program.
 *
 *              "Program" means the Contributions distributed in
 *              accordance with this Agreement.
 *
 *              "Recipient" means anyone who receives the Program under
 *              this Agreement, including all Contributors.
 *
 *              2. GRANT OF RIGHTS
 *
 *                    a) Subject to the terms of this Agreement, each
 *                    Contributor hereby grants Recipient a
 *                    no - exclusive, worldwide, royalt - free copyright
 *                    license to reproduce, prepare derivative works of,
 *                    publicly display, publicly perform, distribute and
 *                    sublicense the Contribution of such Contributor, if
 *                    any, and such derivative works, in source code and
 *                    object code form.
 *
 *                    b) Subject to the terms of this Agreement, each
 *                    Contributor hereby grants Recipient a
 *                    no - exclusive, worldwide, royalt - free patent
 *                    license under Licensed Patents to make, use, sell,
 *                    offer to sell, import and otherwise transfer the
 *                    Contribution of such Contributor, if any, in source
 *                    code and object code form. This patent license
 *                    shall apply to the combination of the Contribution
 *                    and the Program if, at the time the Contribution is
 *                    added by the Contributor, such addition of the
 *                    Contribution causes such combination to be covered
 *                    by the Licensed Patents. The patent license shall
 *                    not apply to any other combinations which include
 *                    the Contribution. No hardware per se is licensed
 *                    hereunder.
 *
 *                    c) Recipient understands that although each
 *                    Contributor grants the licenses to its
 *                    Contributions set forth herein, no assurances are
 *                    provided by any Contributor that the Program does
 *                    not infringe the patent or other intellectual
 *                    property rights of any other entity. Each
 *                    Contributor disclaims any liability to Recipient
 *                    for claims brought by any other entity based on
 *                    infringement of intellectual property rights or
 *                    otherwise. As a condition to exercising the rights
 *                    and licenses granted hereunder, each Recipient
 *                    hereby assumes sole responsibility to secure any
 *                    other intellectual property rights needed, if any.
 *
 *                    For example, if a third party patent license is
 *                    required to allow Recipient to distribute the
 *                    Program, it is Recipient's responsibility to
 *                    acquire that license before distributing the
 *                    Program.
 *
 *                    d) Each Contributor represents that to its
 *                    knowledge it has sufficient copyright rights in its
 *                    Contribution, if any, to grant the copyright
 *                    license set forth in this Agreement.
 *
 *              3. REQUIREMENTS
 *
 *              A Contributor may choose to distribute the Program in
 *              object code form under its own license agreement, provided
 *              that:
 *                    a) it complies with the terms and conditions of
 *                    this Agreement; and
 *
 *                    b) its license agreement:
 *                    i) effectively disclaims on behalf of all
 *                    Contributors all warranties and conditions, express
 *                    and implied, including warranties or conditions of
 *                    title and no - infringement, and implied warranties
 *                    or conditions of merchantability and fitness for a
 *                    particular purpose;
 *
 *                    ii) effectively excludes on behalf of all
 *                    Contributors all liability for damages, including
 *                    direct, indirect, special, incidental and
 *                    consequential damages, such as lost profits;
 *
 *                    iii) states that any provisions which differ from
 *                    this Agreement are offered by that Contributor
 *                    alone and not by any other party; and
 *
 *                    iv) states that source code for the Program is
 *                    available from such Contributor, and informs
 *                    licensees how to obtain it in a reasonable manner
 *                    on or through a medium customarily used for
 *                    software exchange.
 *
 *              When the Program is made available in source code form:
 *                    a) it must be made available under this Agreement;
 *                    and
 *                    b) a copy of this Agreement must be included with
 *                    each copy of the Program.
 *
 *              Contributors may not remove or alter any copyright notices
 *              contained within the Program.
 *
 *              Each Contributor must identify itself as the originator of
 *              its Contribution, if any, in a manner that reasonably
 *              allows subsequent Recipients to identify the originator of
 *              the Contribution.
 *
 *
 *              4. COMMERCIAL DISTRIBUTION
 *
 *              Commercial distributors of software may accept certain
 *              responsibilities with respect to end users, business
 *              partners and the like. While this license is intended to
 *              facilitate the commercial use of the Program, the
 *              Contributor who includes the Program in a commercial
 *              product offering should do so in a manner which does not
 *              create potential liability for other Contributors.
 *              Therefore, if a Contributor includes the Program in a
 *              commercial product offering, such Contributor ("Commercial
 *              Contributor") hereby agrees to defend and indemnify every
 *              other Contributor ("Indemnified Contributor") against any
 *              losses, damages and costs (collectively "Losses") arising
 *              from claims, lawsuits and other legal actions brought by a
 *              third party against the Indemnified Contributor to the
 *              extent caused by the acts or omissions of such Commercial
 *              Contributor in connection with its distribution of the
 *              Program in a commercial product offering. The obligations
 *              in this section do not apply to any claims or Losses
 *              relating to any actual or alleged intellectual property
 *              infringement. In order to qualify, an Indemnified
 *              Contributor must: a) promptly notify the Commercial
 *              Contributor in writing of such claim, and b) allow the
 *              Commercial Contributor to control, and cooperate with the
 *              Commercial Contributor in, the defense and any related
 *              settlement negotiations. The Indemnified Contributor may
 *              participate in any such claim at its own expense.
 *
 *
 *              For example, a Contributor might include the Program in a
 *              commercial product offering, Product X. That Contributor
 *              is then a Commercial Contributor. If that Commercial
 *              Contributor then makes performance claims, or offers
 *              warranties related to Product X, those performance claims
 *              and warranties are such Commercial Contributor's
 *              responsibility alone. Under this section, the Commercial
 *              Contributor would have to defend claims against the other
 *              Contributors related to those performance claims and
 *              warranties, and if a court requires any other Contributor
 *              to pay any damages as a result, the Commercial Contributor
 *              must pay those damages.
 *
 *
 *              5. NO WARRANTY
 *
 *              EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE
 *              PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT
 *              WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR
 *              IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR
 *              CONDITIONS OF TITLE, NO - INFRINGEMENT, MERCHANTABILITY OR
 *              FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely
 *              responsible for determining the appropriateness of using
 *              and distributing the Program and assumes all risks
 *              associated with its exercise of rights under this
 *              Agreement, including but not limited to the risks and
 *              costs of program errors, compliance with applicable laws,
 *              damage to or loss of data, programs or equipment, and
 *              unavailability or interruption of operations.
 *
 *              6. DISCLAIMER OF LIABILITY
 *              EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER
 *              RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY
 *              FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
 *              OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION
 *              LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF
 *              LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 *              (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 *              OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE
 *              OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE
 *              POSSIBILITY OF SUCH DAMAGES.
 *
 *              7. GENERAL
 *
 *              If any provision of this Agreement is invalid or
 *              unenforceable under applicable law, it shall not affect
 *              the validity or enforceability of the remainder of the
 *              terms of this Agreement, and without further action by the
 *              parties hereto, such provision shall be reformed to the
 *              minimum extent necessary to make such provision valid and
 *              enforceable.
 *
 *
 *              If Recipient institutes patent litigation against a
 *              Contributor with respect to a patent applicable to
 *              software (including a cros - claim or counterclaim in a
 *              lawsuit), then any patent licenses granted by that
 *              Contributor to such Recipient under this Agreement shall
 *              terminate as of the date such litigation is filed. In
 *              addition, If Recipient institutes patent litigation
 *              against any entity (including a cros - claim or
 *              counterclaim in a lawsuit) alleging that the Program
 *              itself (excluding combinations of the Program with other
 *              software or hardware) infringes such Recipient's
 *              patent(s), then such Recipient's rights granted under
 *              Section 2(b) shall terminate as of the date such
 *              litigation is filed.
 *
 *              All Recipient's rights under this Agreement shall
 *              terminate if it fails to comply with any of the material
 *              terms or conditions of this Agreement and does not cure
 *              such failure in a reasonable period of time after becoming
 *              aware of such noncompliance. If all Recipient's rights
 *              under this Agreement terminate, Recipient agrees to cease
 *              use and distribution of the Program as soon as reasonably
 *              practicable. However, Recipient's obligations under this
 *              Agreement and any licenses granted by Recipient relating
 *              to the Program shall continue and survive.
 *
 *              Everyone is permitted to copy and distribute copies of
 *              this Agreement, but in order to avoid inconsistency the
 *              Agreement is copyrighted and may only be modified in the
 *              following manner. The Agreement Steward reserves the right
 *              to publish new versions (including revisions) of this
 *              Agreement from time to time. No one other than the
 *              Agreement Steward has the right to modify this Agreement.
 *
 *              IBM is the initial Agreement Steward. IBM may assign the
 *              responsibility to serve as the Agreement Steward to a
 *              suitable separate entity. Each new version of the
 *              Agreement will be given a distinguishing version number.
 *              The Program (including Contributions) may always be
 *              distributed subject to the version of the Agreement under
 *              which it was received. In addition, after a new version of
 *              the Agreement is published, Contributor may elect to
 *              distribute the Program (including its Contributions) under
 *              the new version. Except as expressly stated in Sections
 *              2(a) and 2(b) above, Recipient receives no rights or
 *              licenses to the intellectual property of any Contributor
 *              under this Agreement, whether expressly, by implication,
 *              estoppel or otherwise. All rights in the Program not
 *              expressly granted under this Agreement are reserved.
 *
 *
 *              This Agreement is governed by the laws of the State of New
 *              York and the intellectual property laws of the United
 *              States of America. No party to this Agreement will bring a
 *              legal action under this Agreement more than one year after
 *              the cause of action arose. Each party waives its rights to
 *              a jury trial in any resulting litigation.
 *
 *
 *
 * (C) COPYRIGHT International Business Machines Corp. 2001, 2002
 */
/*
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#include "tpmtok_int.h"

SESSION *
session_mgr_find(CK_SESSION_HANDLE handle)
{
        DL_NODE  * node   = NULL;
        SESSION  * result = NULL;
        CK_RV   rc;

        rc = pthread_mutex_lock(&sess_list_mutex);
        if (rc != CKR_OK) {
                return (NULL);
        }
        node = sess_list;

        while (node) {
                SESSION *s = (SESSION *)node->data;

                if (s->handle == handle) {
                        result = s;
                        break;
                }

                node = node->next;
        }

        (void) pthread_mutex_unlock(&sess_list_mutex);
        return (result);
}


/*
 * session_mgr_new()
 *
 * creates a new session structure and adds it to the process's list
 * of sessions
 *
 * Args:  CK_ULONG      flags : session flags              (INPUT)
 *      SESSION **      sess : new session pointer              (OUTPUT)
 *
 * Returns:  CK_RV
 */
CK_RV
session_mgr_new(CK_ULONG flags, SESSION **sess)
{
        SESSION  * new_session  = NULL;
        SESSION  * s        = NULL;
        DL_NODE  * node  = NULL;
        CK_BBOOL   user_session = FALSE;
        CK_BBOOL   so_session   = FALSE;
        CK_BBOOL   pkcs_locked  = TRUE;
        CK_BBOOL   sess_locked  = TRUE;
        CK_RV   rc;

        new_session = (SESSION *)malloc(sizeof (SESSION));
        if (! new_session) {
                rc = CKR_HOST_MEMORY;
                goto done;
        }

        (void) memset(new_session, 0x0, sizeof (SESSION));

        rc = pthread_mutex_lock(&pkcs_mutex);
        if (rc != CKR_OK) {
                return (rc);
        }
        pkcs_locked = TRUE;

        do {
                s = session_mgr_find(next_session_handle);
                if (s != NULL)
                        next_session_handle++;
                else
                        new_session->handle = next_session_handle++;
        } while (s != NULL);

        (void) pthread_mutex_unlock(&pkcs_mutex);
        pkcs_locked = FALSE;


        new_session->session_info.slotID        = 1;
        new_session->session_info.flags  = flags;
        new_session->session_info.ulDeviceError = 0;

        rc = pthread_mutex_lock(&sess_list_mutex);
        if (rc != CKR_OK) {
                return (rc);
        }
        sess_locked = TRUE;

        node = sess_list;
        while (node) {
                SESSION *s = (SESSION *)node->data;
                if (s->session_info.state == CKS_RW_SO_FUNCTIONS) {
                        so_session = TRUE;
                        break;
                }

                if ((s->session_info.state == CKS_RO_USER_FUNCTIONS) ||
                    (s->session_info.state == CKS_RW_USER_FUNCTIONS)) {
                        user_session = TRUE;
                        break;
                }

                node = node->next;
        }

        if (global_login_state == CKS_RW_SO_FUNCTIONS) {
                so_session = TRUE;
        }
        if ((global_login_state == CKS_RO_USER_FUNCTIONS) ||
            (global_login_state == CKS_RW_USER_FUNCTIONS)) {
                user_session = TRUE;
        }

        if (user_session) {
                if (new_session->session_info.flags & CKF_RW_SESSION)
                        new_session->session_info.state = CKS_RW_USER_FUNCTIONS;
                else
                        new_session->session_info.state = CKS_RO_USER_FUNCTIONS;
                } else if (so_session) {

                new_session->session_info.state = CKS_RW_SO_FUNCTIONS;
        } else {
                if (new_session->session_info.flags & CKF_RW_SESSION)
                        new_session->session_info.state = CKS_RW_PUBLIC_SESSION;
                else
                        new_session->session_info.state = CKS_RO_PUBLIC_SESSION;
        }

        sess_list = dlist_add_as_first(sess_list, new_session);
        *sess = new_session;

        done:
        if (pkcs_locked)
                (void) pthread_mutex_unlock(&pkcs_mutex);

        if (sess_locked)
                (void) pthread_mutex_unlock(&sess_list_mutex);

        if (rc != CKR_OK && new_session != NULL) {
                free(new_session);
        }
        return (rc);
}

CK_BBOOL
session_mgr_so_session_exists(void)
{
        DL_NODE *node = NULL;
        CK_RV    rc;

        rc = pthread_mutex_lock(&sess_list_mutex);
        if (rc != CKR_OK) {
                return (rc);
        }
        node = sess_list;
        while (node) {
                SESSION *s = (SESSION *)node->data;
                if (s->session_info.state == CKS_RW_SO_FUNCTIONS) {
                        rc = TRUE;
                        goto done;
                }

                node = node->next;
        }

        rc = FALSE;

done:
        (void) pthread_mutex_unlock(&sess_list_mutex);
        return (rc);
}

CK_BBOOL
session_mgr_user_session_exists(void)
{
        DL_NODE *node = NULL;
        CK_RV    rc;

        rc = pthread_mutex_lock(&sess_list_mutex);
        if (rc != CKR_OK) {
                return (rc);
        }
        node = sess_list;
        while (node) {
                SESSION *s = (SESSION *)node->data;
                if ((s->session_info.state == CKS_RO_USER_FUNCTIONS) ||
                    (s->session_info.state == CKS_RW_USER_FUNCTIONS)) {
                        rc = TRUE;
                        goto done;
                }

                node = node->next;
        }

        rc = FALSE;

done:
        (void) pthread_mutex_unlock(&sess_list_mutex);
        return (rc);
}

CK_BBOOL
session_mgr_public_session_exists(void)
{
        DL_NODE *node = NULL;
        CK_RV    rc;

        rc = pthread_mutex_lock(&sess_list_mutex);
        if (rc != CKR_OK) {
                return (rc);
        }
        node = sess_list;
        while (node) {
                SESSION *s = (SESSION *)node->data;
                if ((s->session_info.state == CKS_RO_PUBLIC_SESSION) ||
                    (s->session_info.state == CKS_RW_PUBLIC_SESSION)) {
                        rc = TRUE;
                        goto done;
                }

                node = node->next;
        }

        rc = FALSE;

done:
        (void) pthread_mutex_unlock(&sess_list_mutex);
        return (rc);
}

CK_BBOOL
session_mgr_readonly_exists(void)
{
        DL_NODE *node = NULL;
        CK_RV    rc;

        rc = pthread_mutex_lock(&sess_list_mutex);
        if (rc != CKR_OK) {
                return (rc);
        }
        node = sess_list;
        while (node) {
                SESSION *s = (SESSION *)node->data;
                if ((s->session_info.flags & CKF_RW_SESSION) == 0) {
                        rc = TRUE;
                        goto done;
                }

                node = node->next;
        }

        rc = FALSE;

done:
        (void) pthread_mutex_unlock(&sess_list_mutex);
        return (rc);
}

CK_RV
session_mgr_close_session(SESSION *sess)
{
        DL_NODE  * node = NULL;
        CK_RV   rc = CKR_OK;

        if (! sess)
                return (FALSE);
        rc = pthread_mutex_lock(&sess_list_mutex);
        if (rc != CKR_OK) {
                return (CKR_FUNCTION_FAILED);
        }
        node = dlist_find(sess_list, sess);
        if (! node) {
                rc = CKR_FUNCTION_FAILED;
                goto done;
        }

        (void) object_mgr_purge_session_objects(sess, ALL);

        if (sess->find_list)
                free(sess->find_list);

        if (sess->encr_ctx.context)
                free(sess->encr_ctx.context);

        if (sess->encr_ctx.mech.pParameter)
                free(sess->encr_ctx.mech.pParameter);

        if (sess->decr_ctx.context)
                free(sess->decr_ctx.context);

        if (sess->decr_ctx.mech.pParameter)
                free(sess->decr_ctx.mech.pParameter);

        if (sess->digest_ctx.context.ref)
                free(sess->digest_ctx.context.ref);

        if (sess->digest_ctx.mech.pParameter)
                free(sess->digest_ctx.mech.pParameter);

        if (sess->sign_ctx.context)
                free(sess->sign_ctx.context);

        if (sess->sign_ctx.mech.pParameter)
                free(sess->sign_ctx.mech.pParameter);

        if (sess->verify_ctx.context)
                free(sess->verify_ctx.context);

        if (sess->verify_ctx.mech.pParameter)
                free(sess->verify_ctx.mech.pParameter);

        if (sess->hContext)
                (void) Tspi_Context_Close(sess->hContext);

        free(sess);

        sess_list = dlist_remove_node(sess_list, node);

        if (sess_list == NULL) {
                TSS_HCONTEXT hContext;
                if (open_tss_context(&hContext) == 0) {
                        (void) object_mgr_purge_private_token_objects(hContext);
                        (void) Tspi_Context_Close(hContext);
                }

                global_login_state = 0;

                (void) pthread_mutex_lock(&obj_list_mutex);
                (void) object_mgr_purge_map((SESSION *)0xFFFF, PRIVATE);
                (void) pthread_mutex_unlock(&obj_list_mutex);
        }

        done:
        (void) pthread_mutex_unlock(&sess_list_mutex);
        return (rc);
}

// session_mgr_close_all_sessions()
//
// removes all sessions from the specified process
//
CK_RV
session_mgr_close_all_sessions(void)
{
        CK_RV   rc = CKR_OK;

        rc = pthread_mutex_lock(&sess_list_mutex);
        if (rc != CKR_OK) {
                return (CKR_FUNCTION_FAILED);
        }
        while (sess_list) {
                SESSION *sess = (SESSION *)sess_list->data;

                (void) object_mgr_purge_session_objects(sess, ALL);

                if (sess->find_list)
                        free(sess->find_list);

                if (sess->encr_ctx.context)
                        free(sess->encr_ctx.context);

                if (sess->encr_ctx.mech.pParameter)
                        free(sess->encr_ctx.mech.pParameter);

                if (sess->decr_ctx.context)
                        free(sess->decr_ctx.context);

                if (sess->decr_ctx.mech.pParameter)
                        free(sess->decr_ctx.mech.pParameter);

                if (sess->digest_ctx.context.ref)
                        free(sess->digest_ctx.context.ref);

                if (sess->digest_ctx.mech.pParameter)
                        free(sess->digest_ctx.mech.pParameter);

                if (sess->sign_ctx.context)
                        free(sess->sign_ctx.context);

                if (sess->sign_ctx.mech.pParameter)
                        free(sess->sign_ctx.mech.pParameter);

                if (sess->verify_ctx.context)
                        free(sess->verify_ctx.context);

                if (sess->verify_ctx.mech.pParameter)
                        free(sess->verify_ctx.mech.pParameter);

                if (sess->hContext)
                        (void) Tspi_Context_Close(sess->hContext);

                free(sess);

                sess_list = dlist_remove_node(sess_list, sess_list);
        }

        (void) pthread_mutex_unlock(&sess_list_mutex);
        return (CKR_OK);
}

// session_mgr_login_all()
//
// changes the login status of all sessions in the token
//
// Arg:  CK_USER_TYPE  user_type : USER or SO
//
CK_RV
session_mgr_login_all(CK_USER_TYPE user_type) {
        DL_NODE  * node = NULL;
        CK_RV   rc = CKR_OK;

        rc = pthread_mutex_lock(&sess_list_mutex);
        if (rc != CKR_OK) {
                return (CKR_FUNCTION_FAILED);
        }
        node = sess_list;
        while (node) {
                SESSION *s = (SESSION *)node->data;

                if (s->session_info.flags & CKF_RW_SESSION) {
                        if (user_type == CKU_USER)
                                s->session_info.state = CKS_RW_USER_FUNCTIONS;
                        else
                                s->session_info.state = CKS_RW_SO_FUNCTIONS;
                } else {
                        if (user_type == CKU_USER)
                                s->session_info.state = CKS_RO_USER_FUNCTIONS;
                }

                global_login_state = s->session_info.state;
                node = node->next;
        }

        (void) pthread_mutex_unlock(&sess_list_mutex);
        return (CKR_OK);
}

CK_RV
session_mgr_logout_all(void) {
        DL_NODE  * node = NULL;
        SESSION  * s    = NULL;
        CK_RV   rc   = CKR_OK;

        rc = pthread_mutex_lock(&sess_list_mutex);
        if (rc != CKR_OK) {
                return (CKR_FUNCTION_FAILED);
        }
        node = sess_list;
        while (node) {
                s = (SESSION *)node->data;

                (void) object_mgr_purge_session_objects(s, PRIVATE);

                if (s->session_info.flags & CKF_RW_SESSION)
                        s->session_info.state = CKS_RW_PUBLIC_SESSION;
                else
                        s->session_info.state = CKS_RO_PUBLIC_SESSION;

                global_login_state = s->session_info.state; // SAB

                node = node->next;
        }

        (void) pthread_mutex_unlock(&sess_list_mutex);
        return (CKR_OK);
}

CK_RV
session_mgr_get_op_state(SESSION   *sess,
        CK_BBOOL   length_only,
        CK_BYTE   *data,
        CK_ULONG  *data_len) {
        OP_STATE_DATA  *op_data = NULL;
        CK_ULONG        op_data_len = 0;
        CK_ULONG        offset;
        void            *dptr = data;

        if (! sess) {
                return (CKR_FUNCTION_FAILED);
        }

        if (sess->find_active == TRUE) {
                return (CKR_STATE_UNSAVEABLE);
        }
        if (sess->encr_ctx.active == TRUE) {
                if (op_data != NULL) {
                        return (CKR_STATE_UNSAVEABLE);
                }
                op_data_len = sizeof (OP_STATE_DATA)    +
                    sizeof (ENCR_DECR_CONTEXT)  +
                    sess->encr_ctx.context_len +
                    sess->encr_ctx.mech.ulParameterLen;

                if (length_only == FALSE) {
                        op_data = (OP_STATE_DATA *)dptr;

                        op_data->data_len = op_data_len -
                            sizeof (OP_STATE_DATA);
                        op_data->session_state = sess->session_info.state;
                        op_data->active_operation = STATE_ENCR;

                        offset = sizeof (OP_STATE_DATA);

                        (void) (void) memcpy((CK_BYTE *)op_data + offset,
                        &sess->encr_ctx,
                        sizeof (ENCR_DECR_CONTEXT));

                        offset += sizeof (ENCR_DECR_CONTEXT);

                        if (sess->encr_ctx.context_len != 0) {
                                (void) memcpy((CK_BYTE *)op_data + offset,
                                sess->encr_ctx.context,
                                sess->encr_ctx.context_len);

                                offset += sess->encr_ctx.context_len;
                        }

                        if (sess->encr_ctx.mech.ulParameterLen != 0) {
                                (void) memcpy((CK_BYTE *)op_data + offset,
                                sess->encr_ctx.mech.pParameter,
                                sess->encr_ctx.mech.ulParameterLen);
                        }
                }
        }

        if (sess->decr_ctx.active == TRUE) {
                if (op_data != NULL) {
                        return (CKR_STATE_UNSAVEABLE);
                }
                op_data_len = sizeof (OP_STATE_DATA)    +
                    sizeof (ENCR_DECR_CONTEXT)  +
                    sess->decr_ctx.context_len +
                    sess->decr_ctx.mech.ulParameterLen;

                if (length_only == FALSE) {
                        op_data = (OP_STATE_DATA *)dptr;

                        op_data->data_len = op_data_len -
                            sizeof (OP_STATE_DATA);
                        op_data->session_state    = sess->session_info.state;
                        op_data->active_operation = STATE_DECR;

                        offset = sizeof (OP_STATE_DATA);

                        (void) memcpy((CK_BYTE *)op_data + offset,
                        &sess->decr_ctx,
                        sizeof (ENCR_DECR_CONTEXT));

                        offset += sizeof (ENCR_DECR_CONTEXT);

                        if (sess->decr_ctx.context_len != 0) {
                                (void) memcpy((CK_BYTE *)op_data + offset,
                                sess->decr_ctx.context,
                                sess->decr_ctx.context_len);

                                offset += sess->decr_ctx.context_len;
                        }

                        if (sess->decr_ctx.mech.ulParameterLen != 0) {
                                (void) memcpy((CK_BYTE *)op_data + offset,
                                sess->decr_ctx.mech.pParameter,
                                sess->decr_ctx.mech.ulParameterLen);
                        }
                }
        }

        if (sess->digest_ctx.active == TRUE) {
                if (op_data != NULL) {
                        return (CKR_STATE_UNSAVEABLE);
                }
                op_data_len = sizeof (OP_STATE_DATA) +
                    sizeof (DIGEST_CONTEXT) +
                    sess->digest_ctx.context_len +
                    sess->digest_ctx.mech.ulParameterLen;

                if (length_only == FALSE) {
                        op_data = (OP_STATE_DATA *)dptr;

                        op_data->data_len = op_data_len -
                            sizeof (OP_STATE_DATA);
                        op_data->session_state    = sess->session_info.state;
                        op_data->active_operation = STATE_DIGEST;

                        offset = sizeof (OP_STATE_DATA);

                        (void) memcpy((CK_BYTE *)op_data + offset,
                            &sess->digest_ctx, sizeof (DIGEST_CONTEXT));

                        offset += sizeof (DIGEST_CONTEXT);

                        if (sess->digest_ctx.context_len != 0) {
                                (void) memcpy((CK_BYTE *)op_data + offset,
                                    sess->digest_ctx.context.ref,
                                    sess->digest_ctx.context_len);

                                offset += sess->digest_ctx.context_len;
                        }

                        if (sess->digest_ctx.mech.ulParameterLen != 0) {
                                (void) memcpy((CK_BYTE *)op_data + offset,
                                    sess->digest_ctx.mech.pParameter,
                                    sess->digest_ctx.mech.ulParameterLen);
                        }
                }
        }

        if (sess->sign_ctx.active == TRUE) {
                if (op_data != NULL) {
                        return (CKR_STATE_UNSAVEABLE);
                }
                op_data_len = sizeof (OP_STATE_DATA) +
                    sizeof (SIGN_VERIFY_CONTEXT) +
                    sess->sign_ctx.context_len +
                    sess->sign_ctx.mech.ulParameterLen;

                if (length_only == FALSE) {
                        op_data = (OP_STATE_DATA *)dptr;

                        op_data->data_len = op_data_len -
                            sizeof (OP_STATE_DATA);
                        op_data->session_state    = sess->session_info.state;
                        op_data->active_operation = STATE_SIGN;

                        offset = sizeof (OP_STATE_DATA);

                        (void) memcpy((CK_BYTE *)op_data + offset,
                            &sess->sign_ctx, sizeof (SIGN_VERIFY_CONTEXT));

                        offset += sizeof (SIGN_VERIFY_CONTEXT);

                        if (sess->sign_ctx.context_len != 0) {
                                (void) memcpy((CK_BYTE *)op_data + offset,
                                    sess->sign_ctx.context,
                                    sess->sign_ctx.context_len);

                                offset += sess->sign_ctx.context_len;
                        }

                        if (sess->sign_ctx.mech.ulParameterLen != 0) {
                                (void) memcpy((CK_BYTE *)op_data + offset,
                                    sess->sign_ctx.mech.pParameter,
                                    sess->sign_ctx.mech.ulParameterLen);
                        }
                }
        }

        if (sess->verify_ctx.active == TRUE) {
                if (op_data != NULL) {
                        return (CKR_STATE_UNSAVEABLE);
                }
                op_data_len = sizeof (OP_STATE_DATA)    +
                    sizeof (SIGN_VERIFY_CONTEXT)  +
                    sess->verify_ctx.context_len +
                    sess->verify_ctx.mech.ulParameterLen;

                if (length_only == FALSE) {
                        op_data = (OP_STATE_DATA *)dptr;

                        op_data->data_len = op_data_len -
                            sizeof (OP_STATE_DATA);
                        op_data->session_state    = sess->session_info.state;
                        op_data->active_operation = STATE_SIGN;

                        offset = sizeof (OP_STATE_DATA);

                        (void) memcpy((CK_BYTE *)op_data + offset,
                            &sess->verify_ctx, sizeof (SIGN_VERIFY_CONTEXT));

                        offset += sizeof (SIGN_VERIFY_CONTEXT);

                        if (sess->verify_ctx.context_len != 0) {
                                (void) memcpy((CK_BYTE *)op_data + offset,
                                    sess->verify_ctx.context,
                                    sess->verify_ctx.context_len);

                                offset += sess->verify_ctx.context_len;
                        }

                        if (sess->verify_ctx.mech.ulParameterLen != 0) {
                                (void) memcpy((CK_BYTE *)op_data + offset,
                                    sess->verify_ctx.mech.pParameter,
                                    sess->verify_ctx.mech.ulParameterLen);
                        }
                }
        }

        *data_len = op_data_len;
        return (CKR_OK);
}

CK_RV
session_mgr_set_op_state(
        SESSION *sess,
        CK_OBJECT_HANDLE encr_key,
        CK_OBJECT_HANDLE auth_key,
        CK_BYTE *data)
{
        OP_STATE_DATA  *op_data = NULL;
        CK_BYTE *mech_param = NULL;
        CK_BYTE *context  = NULL;
        CK_BYTE *ptr1   = NULL;
        CK_BYTE *ptr2   = NULL;
        CK_BYTE *ptr3   = NULL;
        CK_ULONG len;
        void    *dptr = data;

        if (! sess || ! data) {
                return (CKR_FUNCTION_FAILED);
        }
        op_data = (OP_STATE_DATA *)dptr;

        if (sess->session_info.state != op_data->session_state) {
                return (CKR_SAVED_STATE_INVALID);
        }
        switch (op_data->active_operation) {
                case STATE_ENCR:
                case STATE_DECR:
                {
                        void *cptr = data + sizeof (OP_STATE_DATA);
                        ENCR_DECR_CONTEXT *ctx = (ENCR_DECR_CONTEXT *)cptr;

                        len = sizeof (ENCR_DECR_CONTEXT) +
                            ctx->context_len + ctx->mech.ulParameterLen;
                        if (len != op_data->data_len) {
                                return (CKR_SAVED_STATE_INVALID);
                        }
                        if (auth_key != 0) {
                                return (CKR_KEY_NOT_NEEDED);
                        }
                        if (encr_key == 0) {
                                return (CKR_KEY_NEEDED);
                        }
                        ptr1 = (CK_BYTE *)ctx;
                        ptr2 = ptr1 + sizeof (ENCR_DECR_CONTEXT);
                        ptr3 = ptr2 + ctx->context_len;

                        if (ctx->context_len) {
                                context = (CK_BYTE *)malloc(ctx->context_len);
                                if (! context) {
                                        return (CKR_HOST_MEMORY);
                                }
                                (void) memcpy(context, ptr2, ctx->context_len);
                        }

                        if (ctx->mech.ulParameterLen) {
                                mech_param = (CK_BYTE *)malloc(
                                    ctx->mech.ulParameterLen);
                                if (! mech_param) {
                                        if (context)
                                                free(context);
                                        return (CKR_HOST_MEMORY);
                                }
                                (void) memcpy(mech_param, ptr3,
                                    ctx->mech.ulParameterLen);
                        }
                }
                break;

                case STATE_SIGN:
                case STATE_VERIFY:
                {
                        void *cptr = data + sizeof (OP_STATE_DATA);
                        SIGN_VERIFY_CONTEXT *ctx = (SIGN_VERIFY_CONTEXT *)cptr;

                        len = sizeof (SIGN_VERIFY_CONTEXT) +
                            ctx->context_len + ctx->mech.ulParameterLen;
                        if (len != op_data->data_len) {
                                return (CKR_SAVED_STATE_INVALID);
                        }
                        if (auth_key == 0) {
                                return (CKR_KEY_NEEDED);
                        }
                        if (encr_key != 0) {
                                return (CKR_KEY_NOT_NEEDED);
                        }
                        ptr1 = (CK_BYTE *)ctx;
                        ptr2 = ptr1 + sizeof (SIGN_VERIFY_CONTEXT);
                        ptr3 = ptr2 + ctx->context_len;

                        if (ctx->context_len) {
                                context = (CK_BYTE *)malloc(ctx->context_len);
                                if (! context) {
                                        return (CKR_HOST_MEMORY);
                                }
                                (void) memcpy(context, ptr2, ctx->context_len);
                        }

                        if (ctx->mech.ulParameterLen) {
                                mech_param = (CK_BYTE *)malloc(
                                    ctx->mech.ulParameterLen);
                                if (! mech_param) {
                                        if (context)
                                                free(context);
                                        return (CKR_HOST_MEMORY);
                                }
                                (void) memcpy(mech_param, ptr3,
                                    ctx->mech.ulParameterLen);
                        }
                }
                break;

                case STATE_DIGEST:
                {
                        void *cptr = data + sizeof (OP_STATE_DATA);
                        DIGEST_CONTEXT *ctx = (DIGEST_CONTEXT *)cptr;

                        len = sizeof (DIGEST_CONTEXT) +
                            ctx->context_len + ctx->mech.ulParameterLen;
                        if (len != op_data->data_len) {
                                return (CKR_SAVED_STATE_INVALID);
                        }
                        if (auth_key != 0) {
                                return (CKR_KEY_NOT_NEEDED);
                        }
                        if (encr_key != 0) {
                                return (CKR_KEY_NOT_NEEDED);
                        }
                        ptr1 = (CK_BYTE *)ctx;
                        ptr2 = ptr1 + sizeof (DIGEST_CONTEXT);
                        ptr3 = ptr2 + ctx->context_len;

                        if (ctx->context_len) {
                                context = (CK_BYTE *)malloc(ctx->context_len);
                                if (! context) {
                                        return (CKR_HOST_MEMORY);
                                }
                                (void) memcpy(context, ptr2, ctx->context_len);
                        }

                        if (ctx->mech.ulParameterLen) {
                                mech_param = (CK_BYTE *)malloc(
                                    ctx->mech.ulParameterLen);
                                if (! mech_param) {
                                        if (context)
                                                free(context);
                                        return (CKR_HOST_MEMORY);
                                }
                                (void) memcpy(mech_param, ptr3,
                                    ctx->mech.ulParameterLen);
                        }
                }
                break;

                default:
                return (CKR_SAVED_STATE_INVALID);
        }


        if (sess->encr_ctx.active)
                (void) encr_mgr_cleanup(&sess->encr_ctx);

        if (sess->decr_ctx.active)
                (void) decr_mgr_cleanup(&sess->decr_ctx);

        if (sess->digest_ctx.active)
                (void) digest_mgr_cleanup(&sess->digest_ctx);

        if (sess->sign_ctx.active)
                (void) sign_mgr_cleanup(&sess->sign_ctx);

        if (sess->verify_ctx.active)
                (void) verify_mgr_cleanup(&sess->verify_ctx);

        switch (op_data->active_operation) {
                case STATE_ENCR:
                (void) memcpy(&sess->encr_ctx, ptr1,
                    sizeof (ENCR_DECR_CONTEXT));

                sess->encr_ctx.key      = encr_key;
                sess->encr_ctx.context  = context;
                sess->encr_ctx.mech.pParameter = mech_param;
                break;

                case STATE_DECR:
                (void) memcpy(&sess->decr_ctx, ptr1,
                    sizeof (ENCR_DECR_CONTEXT));

                sess->decr_ctx.key = encr_key;
                sess->decr_ctx.context = context;
                sess->decr_ctx.mech.pParameter = mech_param;
                break;

                case STATE_SIGN:
                (void) memcpy(&sess->sign_ctx, ptr1,
                    sizeof (SIGN_VERIFY_CONTEXT));

                sess->sign_ctx.key      = auth_key;
                sess->sign_ctx.context  = context;
                sess->sign_ctx.mech.pParameter = mech_param;
                break;

                case STATE_VERIFY:
                (void) memcpy(&sess->verify_ctx, ptr1,
                    sizeof (SIGN_VERIFY_CONTEXT));

                sess->verify_ctx.key = auth_key;
                sess->verify_ctx.context = context;
                sess->verify_ctx.mech.pParameter = mech_param;
                break;

                case STATE_DIGEST:
                (void) memcpy(&sess->digest_ctx, ptr1,
                    sizeof (DIGEST_CONTEXT));

                sess->digest_ctx.context.ref = context;
                sess->digest_ctx.mech.pParameter = mech_param;
                break;
        }

        return (CKR_OK);
}

CK_BBOOL
pin_expired(CK_SESSION_INFO *si, CK_FLAGS flags)
{
        // If this is an SO session
        if ((flags & CKF_SO_PIN_TO_BE_CHANGED) &&
            (si->state == CKS_RW_SO_FUNCTIONS))
                return (TRUE);
        return ((flags & CKF_USER_PIN_TO_BE_CHANGED) &&
            ((si->state == CKS_RO_USER_FUNCTIONS) ||
            (si->state == CKS_RW_USER_FUNCTIONS)));
}

CK_BBOOL
pin_locked(CK_SESSION_INFO *si, CK_FLAGS flags) {
        // If this is an SO session
        if ((flags & CKF_SO_PIN_LOCKED) &&
            (si->state == CKS_RW_SO_FUNCTIONS))
                return (TRUE);

        return ((flags & CKF_USER_PIN_LOCKED) &&
            ((si->state == CKS_RO_USER_FUNCTIONS) ||
            (si->state == CKS_RW_USER_FUNCTIONS)));
}

void
set_login_flags(CK_USER_TYPE userType, CK_FLAGS *flags) {
        if (userType == CKU_USER) {
                if (*flags & CKF_USER_PIN_FINAL_TRY) {
                        *flags |= CKF_USER_PIN_LOCKED;
                        *flags &= ~(CKF_USER_PIN_FINAL_TRY);
                } else if (*flags & CKF_USER_PIN_COUNT_LOW) {
                        *flags |= CKF_USER_PIN_FINAL_TRY;
                        *flags &= ~(CKF_USER_PIN_COUNT_LOW);
                } else {
                        *flags |= CKF_USER_PIN_COUNT_LOW;
                }
        } else {
                if (*flags & CKF_SO_PIN_FINAL_TRY) {
                        *flags |= CKF_SO_PIN_LOCKED;
                        *flags &= ~(CKF_SO_PIN_FINAL_TRY);
                } else if (*flags & CKF_SO_PIN_COUNT_LOW) {
                        *flags |= CKF_SO_PIN_FINAL_TRY;
                        *flags &= ~(CKF_SO_PIN_COUNT_LOW);
                } else {
                        *flags |= CKF_SO_PIN_COUNT_LOW;
                }
        }
}
Illumos
