[Opendnssec-commits] [svn.opendnssec.org/svn/dnssec] r5499 - in trunk/OpenDNSSEC: . libhsm/src/lib

rickard at opendnssec.org rickard at opendnssec.org
Wed Aug 31 10:16:13 CEST 2011


Author: rb
Date: 2011-08-31 10:16:13 +0200 (Wed, 31 Aug 2011)
New Revision: 5499

Modified:
   trunk/OpenDNSSEC/NEWS
   trunk/OpenDNSSEC/libhsm/src/lib/libhsm.c
   trunk/OpenDNSSEC/libhsm/src/lib/libhsm.h
Log:
Added hsm_check_context() to check if the associated sessions are still alive.


Modified: trunk/OpenDNSSEC/NEWS
===================================================================
--- trunk/OpenDNSSEC/NEWS	2011-08-31 06:28:04 UTC (rev 5498)
+++ trunk/OpenDNSSEC/NEWS	2011-08-31 08:16:13 UTC (rev 5499)
@@ -9,6 +9,8 @@
   shell when running "ods-ksmutil setup"
 * Enforcer/ods-ksmutil: Use TTls from kasp when generating DNSKEY and DS
   records for output.
+* libhsm: Added hsm_check_context() to check if the associated sessions are
+  still alive.
 
 Bugfixes:
 * Bugfix #246: Less confusing text for XML validation in ods-kaspcheck.

Modified: trunk/OpenDNSSEC/libhsm/src/lib/libhsm.c
===================================================================
--- trunk/OpenDNSSEC/libhsm/src/lib/libhsm.c	2011-08-31 06:28:04 UTC (rev 5498)
+++ trunk/OpenDNSSEC/libhsm/src/lib/libhsm.c	2011-08-31 08:16:13 UTC (rev 5499)
@@ -2105,6 +2105,56 @@
     return hsm_ctx_clone(_hsm_ctx);
 }
 
+int
+hsm_check_context(hsm_ctx_t *ctx)
+{
+    unsigned int i;
+    hsm_session_t *session;
+    CK_SESSION_INFO info;
+    CK_RV rv;
+    CK_SESSION_HANDLE session_handle;
+
+    if (ctx == NULL) {
+        ctx = _hsm_ctx;
+    }
+
+    for (i = 0; i < ctx->session_count; i++) {
+        session = ctx->session[i];
+        if (session == NULL) continue;
+
+        /* Get session info */
+        rv = ((CK_FUNCTION_LIST_PTR)session->module->sym)->C_GetSessionInfo(
+                                        session->session,
+                                        &info);
+        if (hsm_pkcs11_check_error(ctx, rv, "get session info")) {
+            return HSM_ERROR;
+        }
+
+        /* Check session info */
+        if (info.state != CKS_RW_USER_FUNCTIONS) {
+            hsm_ctx_set_error(ctx, HSM_ERROR, "hsm_check_context()",
+                              "Session not logged in");
+            return HSM_ERROR;
+        }
+
+        /* Try open and close a session with the token */
+        rv = ((CK_FUNCTION_LIST_PTR)session->module->sym)->C_OpenSession(info.slotID,
+                                        CKF_SERIAL_SESSION | CKF_RW_SESSION,
+                                        NULL,
+                                        NULL,
+                                        &session_handle);
+        if (hsm_pkcs11_check_error(ctx, rv, "test open session")) {
+            return HSM_ERROR;
+        }
+        rv = ((CK_FUNCTION_LIST_PTR)session->module->sym)->C_CloseSession(session_handle);
+        if (hsm_pkcs11_check_error(ctx, rv, "test close session")) {
+            return HSM_ERROR;
+        }
+    }
+
+    return HSM_OK;
+}
+
 void
 hsm_destroy_context(hsm_ctx_t *ctx)
 {

Modified: trunk/OpenDNSSEC/libhsm/src/lib/libhsm.h
===================================================================
--- trunk/OpenDNSSEC/libhsm/src/lib/libhsm.h	2011-08-31 06:28:04 UTC (rev 5498)
+++ trunk/OpenDNSSEC/libhsm/src/lib/libhsm.h	2011-08-31 08:16:13 UTC (rev 5499)
@@ -166,6 +166,18 @@
 hsm_create_context(void);
 
 
+/*! Check HSM context
+
+Check if the associated sessions are still alive.
+If they are not alive, then try re-open libhsm.
+
+\param context HSM context
+\return 0 if successful, !0 if failed
+*/
+int
+hsm_check_context(hsm_ctx_t *context);
+
+
 /*! Destroy HSM context
 
 \param context HSM context




More information about the Opendnssec-commits mailing list