diff options
| author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-08-01 19:23:07 +0000 |
|---|---|---|
| committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-08-01 19:23:07 +0000 |
| commit | 93b4046a5aad4472b7e8207fdbf8e919159c63ba (patch) | |
| tree | 226731c3e3c899d6c8992e3288983dea9f59f763 /pki/base/tps/src/engine/RA.cpp | |
| parent | 2a8fe704ef340910cc4bad36e208d9a4bd908072 (diff) | |
BZ607381: CC: TPS: auditable configuration changes for security relevant config items
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1143 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/tps/src/engine/RA.cpp')
| -rw-r--r-- | pki/base/tps/src/engine/RA.cpp | 46 |
1 files changed, 44 insertions, 2 deletions
diff --git a/pki/base/tps/src/engine/RA.cpp b/pki/base/tps/src/engine/RA.cpp index 8c44f554b..6cd880c35 100644 --- a/pki/base/tps/src/engine/RA.cpp +++ b/pki/base/tps/src/engine/RA.cpp @@ -75,6 +75,7 @@ PRLock *RA::m_verify_lock = NULL; PRLock *RA::m_auth_lock = NULL; PRLock *RA::m_debug_log_lock = NULL; PRLock *RA::m_error_log_lock = NULL; +PRLock *RA::m_config_lock = NULL; PRMonitor *RA::m_audit_log_monitor = NULL; bool RA::m_audit_enabled = false; bool RA::m_audit_signed = false; @@ -209,6 +210,11 @@ PRLock *RA::GetVerifyLock() return m_verify_lock; } +PRLock *RA::GetConfigLock() +{ + return m_config_lock; +} + void RA::do_free(char *p) { if (p != NULL) { @@ -367,6 +373,7 @@ TPS_PUBLIC int RA::Initialize(char *cfg_path, RA_Context *ctx) m_debug_log_lock = PR_NewLock(); m_audit_log_monitor = PR_NewMonitor(); m_error_log_lock = PR_NewLock(); + m_config_lock = PR_NewLock(); m_cfg = ConfigStore::CreateFromConfigFile(cfg_path); if( m_cfg == NULL ) { rc = -2; @@ -635,8 +642,9 @@ TPS_PUBLIC bool RA::match_comma_list(const char* item, char *list) { char *pList = PL_strdup(list); char *sresult = NULL; + char *lasts = NULL; - sresult = strtok(pList, ","); + sresult = PL_strtok_r(pList, ",", &lasts); while (sresult != NULL) { if (PL_strcmp(sresult, item) == 0) { if (pList != NULL) { @@ -645,7 +653,7 @@ TPS_PUBLIC bool RA::match_comma_list(const char* item, char *list) } return true; } - sresult = strtok(NULL, ","); + sresult = PL_strtok_r(NULL, ",", &lasts); } if (pList != NULL) { PR_Free(pList); @@ -655,6 +663,35 @@ TPS_PUBLIC bool RA::match_comma_list(const char* item, char *list) } /* + * return comma separated list with all instances of item removed + * must be freed by caller + */ +TPS_PUBLIC char* RA::remove_from_comma_list(const char*item, char *list) +{ + int len = PL_strlen(list); + char *pList=PL_strdup(list); + char *ret = (char *) PR_Malloc(len); + char *sresult = NULL; + char *lasts = NULL; + + + PR_snprintf(ret, len, ""); + sresult = PL_strtok_r(pList, ",", &lasts); + while (sresult != NULL) { + if (PL_strcmp(sresult, item) != 0) { + PR_snprintf(ret, len, "%s%s%s", ret, (PL_strlen(ret)>0)? "," : "", sresult); + } + sresult = PL_strtok_r(NULL, ",",&lasts); + } + if (pList != NULL) { + PR_Free(pList); + pList = NULL; + } + return ret; +} + + +/* * returns true if an audit event is valid, false if not */ bool RA::IsValidEvent(const char *auditEvent) @@ -792,6 +829,11 @@ TPS_PUBLIC int RA::Shutdown() m_error_log_lock = NULL; } + if( m_config_lock != NULL ) { + PR_DestroyLock( m_config_lock ); + m_config_lock = NULL; + } + if (m_auth_list != NULL) { for (int i=0; i<m_auth_len; i++) { if( m_auth_list[i] != NULL ) { |