Merge pull request #566 from nomis/umask

Add "objectstore.umask" configuration option for file/directory creation

Author: halderen

configure.ac

@@ -167,6 +167,11 @@ AC_DEFINE_UNQUOTED(
 	["$softhsmtokendir"],
 	[The default location of the token directory]
 )
+AC_DEFINE_UNQUOTED(
+	[DEFAULT_UMASK],
+	[0077],
+	[The default file mode creation mask]
+)
 AC_DEFINE_UNQUOTED(
 	[DEFAULT_OBJECTSTORE_BACKEND],
 	["file"],

src/bin/util/softhsm2-util.cpp

@@ -548,8 +548,9 @@ bool deleteToken(char* serial, char* token)
 	bool rv = true;
 	std::string basedir = Configuration::i()->getString("directories.tokendir", DEFAULT_TOKENDIR);
 	std::string tokendir;
+	int umask = Configuration::i()->getInt("objectstore.umask", DEFAULT_UMASK);
 
-	rv = findTokenDirectory(basedir, tokendir, serial, token);
+	rv = findTokenDirectory(basedir, tokendir, umask, serial, token);
 
 	if (rv)
 	{
@@ -634,7 +635,7 @@ void finalizeSoftHSM()
 }
 
 // Find the token directory
-bool findTokenDirectory(std::string basedir, std::string& tokendir, char* serial, char* label)
+bool findTokenDirectory(std::string basedir, std::string& tokendir, int umask, char* serial, char* label)
 {
 	if (serial == NULL && label == NULL)
 	{
@@ -693,7 +694,7 @@ bool findTokenDirectory(std::string basedir, std::string& tokendir, char* serial
 		memset(paddedTokenLabel, ' ', sizeof(paddedTokenLabel));
 
 		// Create a token instance
-		ObjectStoreToken* token = ObjectStoreToken::accessToken(basedir, *i);
+		ObjectStoreToken* token = ObjectStoreToken::accessToken(basedir, *i, umask);
 
 		if (!token->isValid())
 		{

src/bin/util/softhsm2-util.h

@@ -43,7 +43,7 @@ void usage();
 bool checkSetup();
 int initToken(CK_SLOT_ID slotID, char* label, char* soPIN, char* userPIN);
 bool deleteToken(char* serial, char* token);
-bool findTokenDirectory(std::string basedir, std::string& tokendir, char* serial, char* label);
+bool findTokenDirectory(std::string basedir, std::string& tokendir, int umask, char* serial, char* label);
 bool rmdir(std::string path);
 bool rm(std::string path);
 int showSlots();

src/lib/SoftHSM.cpp

@@ -545,7 +545,8 @@ CK_RV SoftHSM::C_Initialize(CK_VOID_PTR pInitArgs)
 	sessionObjectStore = new SessionObjectStore();
 
 	// Load the object store
-	objectStore = new ObjectStore(Configuration::i()->getString("directories.tokendir", DEFAULT_TOKENDIR));
+	objectStore = new ObjectStore(Configuration::i()->getString("directories.tokendir", DEFAULT_TOKENDIR),
+		Configuration::i()->getInt("objectstore.umask", DEFAULT_UMASK));
 	if (!objectStore->isValid())
 	{
 		WARNING_MSG("Could not load the object store");

src/lib/common/Configuration.cpp

@@ -46,6 +46,7 @@ std::auto_ptr<Configuration> Configuration::instance(NULL);
 const struct config Configuration::valid_config[] = {
 	{ "directories.tokendir",	CONFIG_TYPE_STRING },
 	{ "objectstore.backend",	CONFIG_TYPE_STRING },
+	{ "objectstore.umask",		CONFIG_TYPE_INT_OCTAL },
 	{ "log.level",			CONFIG_TYPE_STRING },
 	{ "slots.removable",		CONFIG_TYPE_BOOL },
 	{ "slots.mechanisms",		CONFIG_TYPE_STRING },
@@ -107,7 +108,14 @@ int Configuration::getInt(std::string key, int ifEmpty /* = 0 */)
 	}
 	else
 	{
-		WARNING_MSG("Missing %s in configuration. Using default value: %i", key.c_str(), ifEmpty);
+		if (getType(key) == CONFIG_TYPE_INT_OCTAL)
+		{
+			WARNING_MSG("Missing %s in configuration. Using default value: 0%o", key.c_str(), ifEmpty);
+		}
+		else
+		{
+			WARNING_MSG("Missing %s in configuration. Using default value: %i", key.c_str(), ifEmpty);
+		}
 		return ifEmpty;
 	}
 }

src/lib/common/Configuration.h

@@ -43,6 +43,7 @@ enum
 	CONFIG_TYPE_UNSUPPORTED,
 	CONFIG_TYPE_STRING,
 	CONFIG_TYPE_INT,
+	CONFIG_TYPE_INT_OCTAL,
 	CONFIG_TYPE_BOOL
 };
 

src/lib/common/SimpleConfigLoader.cpp

@@ -155,6 +155,9 @@ bool SimpleConfigLoader::loadConfiguration()
 			case CONFIG_TYPE_INT:
 				Configuration::i()->setInt(stringName, atoi(stringValue.c_str()));
 				break;
+			case CONFIG_TYPE_INT_OCTAL:
+				Configuration::i()->setInt(stringName, strtol(stringValue.c_str(), NULL, 8));
+				break;
 			case CONFIG_TYPE_BOOL:
 				bool boolValue;
 				if (string2bool(stringValue, &boolValue))

src/lib/common/softhsm2.conf.5.in

@@ -46,6 +46,16 @@ objectstore.backend = file
 .fi
 .RE
 .LP
+.SH OBJECTSTORE.UMASK
+The file mode creation mask used by SoftHSM when creating files or directories. This value is in octal.
+This is applied in addition to the process umask and cannot override it.
+.LP
+.RS
+.nf
+objectstore.umask = 0077
+.fi
+.RE
+.LP
 .SH LOG.LEVEL
 The log level which can be set to ERROR, WARNING, INFO or DEBUG.
 .LP

src/lib/common/softhsm2.conf.in

@@ -2,6 +2,7 @@
 
 directories.tokendir = @softhsmtokendir@
 objectstore.backend = file
+objectstore.umask = 0077
 
 # ERROR, WARNING, INFO, DEBUG
 log.level = ERROR

src/lib/object_store/DB.cpp

@@ -704,7 +704,7 @@ bool DB::Result::nextRow()
  * Connection
  **************************/
 
-DB::Connection *DB::Connection::Create(const std::string &dbdir, const std::string &dbname)
+DB::Connection *DB::Connection::Create(const std::string &dbdir, const std::string &dbname, int umask)
 {
 	if (dbdir.length() == 0) {
 		DB::logError("Connection::Create: database directory parameter dbdir is empty");
@@ -716,13 +716,14 @@ DB::Connection *DB::Connection::Create(const std::string &dbdir, const std::stri
 		return NULL;
 	}
 
-	return new Connection(dbdir,dbname);
+	return new Connection(dbdir, dbname, umask);
 }
 
-DB::Connection::Connection(const std::string &dbdir, const std::string &dbname)
+DB::Connection::Connection(const std::string &dbdir, const std::string &dbname, int umask)
 	: _dbdir(dbdir)
 	, _dbpath(dbdir + OS_PATHSEP + dbname)
 	, _db(NULL)
+	, _umask(umask)
 {
 }
 
@@ -815,7 +816,7 @@ bool DB::Connection::connect(const char *
 							 )
 {
 	// Create and set file permissions if the DB does not exist.
-	int fd = open(_dbpath.c_str(), O_CREAT, S_IRUSR | S_IWUSR);
+	int fd = open(_dbpath.c_str(), O_CREAT, (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH) & ~_umask);
 	if (fd == -1)
 	{
 		DB::logError("Could not open database: %s (errno %i)",