giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pkcs15init: when deleting file by path, try to get 'DELETE' authentication of the file itself ... 

then 'DELETE' authentication of parent


git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5033 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
vtarasov 2011-01-03 09:45:51 +00:00
parent 4fbe008623
commit df92ba1684
1 changed files with 33 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
src/pkcs15init/pkcs15-lib.c
View File

@ -508,34 +508,43 @@ int
sc_pkcs15init_delete_by_path(struct sc_profile *profile, sc_pkcs15init_delete_by_path(struct sc_profile *profile,
struct sc_pkcs15_card *p15card, const struct sc_path *file_path) struct sc_pkcs15_card *p15card, const struct sc_path *file_path)
{ {
struct sc_file *parent, *file; struct sc_context *ctx = p15card->card->ctx;
struct sc_file *parent = NULL, *file = NULL;
struct sc_path path; struct sc_path path;
int r; int rv;
if (file_path->len >= 2) { SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL);
/* Select the parent DF */ sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "trying to delete '%s'", sc_print_path(file_path));
path = *file_path;
path.len -= 2;
r = sc_select_file(p15card->card, &path, &parent);
if (r < 0)
return r;
r = sc_pkcs15init_authenticate(profile, p15card, parent, SC_AC_OP_DELETE); /* For some cards, to delete file should be satisfied the 'DELETE' ACL of the file itself,
sc_file_free(parent); * for the others the 'DELETE' ACL of parent.
if (r < 0) * Let's start from the file's 'DELETE' ACL.
return r; *
} * FIXME: will it be better to introduce the ACLs 'DELETE-CHILD' and 'DELETE-ITSELF',
* or dedicated card flag ?
*/
/* Select the file itself */ /* Select the file itself */
path = *file_path; path = *file_path;
r = sc_select_file(p15card->card, &path, &file); rv = sc_select_file(p15card->card, &path, &file);
if (r < 0) SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "cannot select file to delete");
return r;
r = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_ERASE); rv = sc_pkcs15init_authenticate(profile, p15card, file, SC_AC_OP_DELETE);
sc_file_free(file); sc_file_free(file);
if (r < 0)
return r; if (rv == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED) {
if (file_path->len >= 2) {
/* Select the parent DF */
path.len -= 2;
rv = sc_select_file(p15card->card, &path, &parent);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "Cannot select parent");
rv = sc_pkcs15init_authenticate(profile, p15card, parent, SC_AC_OP_DELETE);
sc_file_free(parent);
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "parent 'DELETE' authentication failed");
}
}
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "'DELETE' authentication failed");
memset(&path, 0, sizeof(path)); memset(&path, 0, sizeof(path));
path.type = SC_PATH_TYPE_FILE_ID; path.type = SC_PATH_TYPE_FILE_ID;
@ -543,8 +552,8 @@ sc_pkcs15init_delete_by_path(struct sc_profile *profile,
path.value[1] = file_path->value[file_path->len - 1]; path.value[1] = file_path->value[file_path->len - 1];
path.len = 2; path.len = 2;
r = sc_delete_file(p15card->card, &path); rv = sc_delete_file(p15card->card, &path);
return r; SC_FUNC_RETURN(ctx, SC_LOG_DEBUG_NORMAL, rv);
} }