commit 84db3078dea9ffffbaeb76ad52e72dbdc8f6c8f1

Author: Joy Latten <jmlatten@linux.vnet.ibm.com>

Date:   Wed Oct 2 16:34:40 2013 -0500

    CCA token was not importing rsa keypair correctly in v3.

    Signed-off-by: Joy Latten <jmlatten@linux.vnet.ibm.com>

diff --git a/usr/lib/pkcs11/cca_stdll/obj_mgr.c b/usr/lib/pkcs11/cca_stdll/obj_mgr.c

deleted file mode 100644

index 4c819e9..0000000

--- a/usr/lib/pkcs11/cca_stdll/obj_mgr.c

+++ /dev/null

@@ -1,2479 +0,0 @@

-/*

-             Common Public License Version 0.5

-

-             THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF

-             THIS COMMON PUBLIC LICENSE ("AGREEMENT"). ANY USE,

-             REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES

-             RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.

-

-             1. DEFINITIONS

-

-             "Contribution" means:

-                   a) in the case of the initial Contributor, the

-                   initial code and documentation distributed under

-                   this Agreement, and

-

-                   b) in the case of each subsequent Contributor:

-                   i) changes to the Program, and

-                   ii) additions to the Program;

-

-                   where such changes and/or additions to the Program

-                   originate from and are distributed by that

-                   particular Contributor. A Contribution 'originates'

-                   from a Contributor if it was added to the Program

-                   by such Contributor itself or anyone acting on such

-                   Contributor's behalf. Contributions do not include

-                   additions to the Program which: (i) are separate

-                   modules of software distributed in conjunction with

-                   the Program under their own license agreement, and

-                   (ii) are not derivative works of the Program.

-

-

-             "Contributor" means any person or entity that distributes

-             the Program.

-

-             "Licensed Patents " mean patent claims licensable by a

-             Contributor which are necessarily infringed by the use or

-             sale of its Contribution alone or when combined with the

-             Program.

-

-             "Program" means the Contributions distributed in

-             accordance with this Agreement.

-

-             "Recipient" means anyone who receives the Program under

-             this Agreement, including all Contributors.

-

-             2. GRANT OF RIGHTS

-

-                   a) Subject to the terms of this Agreement, each

-                   Contributor hereby grants Recipient a

-                   non-exclusive, worldwide, royalty-free copyright

-                   license to reproduce, prepare derivative works of,

-                   publicly display, publicly perform, distribute and

-                   sublicense the Contribution of such Contributor, if

-                   any, and such derivative works, in source code and

-                   object code form.

-

-                   b) Subject to the terms of this Agreement, each

-                   Contributor hereby grants Recipient a

-                   non-exclusive, worldwide, royalty-free patent

-                   license under Licensed Patents to make, use, sell,

-                   offer to sell, import and otherwise transfer the

-                   Contribution of such Contributor, if any, in source

-                   code and object code form. This patent license

-                   shall apply to the combination of the Contribution

-                   and the Program if, at the time the Contribution is

-                   added by the Contributor, such addition of the

-                   Contribution causes such combination to be covered

-                   by the Licensed Patents. The patent license shall

-                   not apply to any other combinations which include

-                   the Contribution. No hardware per se is licensed

-                   hereunder.

-

-                   c) Recipient understands that although each

-                   Contributor grants the licenses to its

-                   Contributions set forth herein, no assurances are

-                   provided by any Contributor that the Program does

-                   not infringe the patent or other intellectual

-                   property rights of any other entity. Each

-                   Contributor disclaims any liability to Recipient

-                   for claims brought by any other entity based on

-                   infringement of intellectual property rights or

-                   otherwise. As a condition to exercising the rights

-                   and licenses granted hereunder, each Recipient

-                   hereby assumes sole responsibility to secure any

-                   other intellectual property rights needed, if any.

-

-                   For example, if a third party patent license is

-                   required to allow Recipient to distribute the

-                   Program, it is Recipient's responsibility to

-                   acquire that license before distributing the

-                   Program.

-

-                   d) Each Contributor represents that to its

-                   knowledge it has sufficient copyright rights in its

-                   Contribution, if any, to grant the copyright

-                   license set forth in this Agreement.

-

-             3. REQUIREMENTS

-

-             A Contributor may choose to distribute the Program in

-             object code form under its own license agreement, provided

-             that:

-                   a) it complies with the terms and conditions of

-                   this Agreement; and

-

-                   b) its license agreement:

-                   i) effectively disclaims on behalf of all

-                   Contributors all warranties and conditions, express

-                   and implied, including warranties or conditions of

-                   title and non-infringement, and implied warranties

-                   or conditions of merchantability and fitness for a

-                   particular purpose;

-

-                   ii) effectively excludes on behalf of all

-                   Contributors all liability for damages, including

-                   direct, indirect, special, incidental and

-                   consequential damages, such as lost profits;

-

-                   iii) states that any provisions which differ from

-                   this Agreement are offered by that Contributor

-                   alone and not by any other party; and

-

-                   iv) states that source code for the Program is

-                   available from such Contributor, and informs

-                   licensees how to obtain it in a reasonable manner

-                   on or through a medium customarily used for

-                   software exchange.

-

-             When the Program is made available in source code form:

-                   a) it must be made available under this Agreement;

-                   and

-                   b) a copy of this Agreement must be included with

-                   each copy of the Program.

-

-             Contributors may not remove or alter any copyright notices

-             contained within the Program.

-

-             Each Contributor must identify itself as the originator of

-             its Contribution, if any, in a manner that reasonably

-             allows subsequent Recipients to identify the originator of

-             the Contribution.

-

-

-             4. COMMERCIAL DISTRIBUTION

-

-             Commercial distributors of software may accept certain

-             responsibilities with respect to end users, business

-             partners and the like. While this license is intended to

-             facilitate the commercial use of the Program, the

-             Contributor who includes the Program in a commercial

-             product offering should do so in a manner which does not

-             create potential liability for other Contributors.

-             Therefore, if a Contributor includes the Program in a

-             commercial product offering, such Contributor ("Commercial

-             Contributor") hereby agrees to defend and indemnify every

-             other Contributor ("Indemnified Contributor") against any

-             losses, damages and costs (collectively "Losses") arising

-             from claims, lawsuits and other legal actions brought by a

-             third party against the Indemnified Contributor to the

-             extent caused by the acts or omissions of such Commercial

-             Contributor in connection with its distribution of the

-             Program in a commercial product offering. The obligations

-             in this section do not apply to any claims or Losses

-             relating to any actual or alleged intellectual property

-             infringement. In order to qualify, an Indemnified

-             Contributor must: a) promptly notify the Commercial

-             Contributor in writing of such claim, and b) allow the

-             Commercial Contributor to control, and cooperate with the

-             Commercial Contributor in, the defense and any related

-             settlement negotiations. The Indemnified Contributor may

-             participate in any such claim at its own expense.

-

-

-             For example, a Contributor might include the Program in a

-             commercial product offering, Product X. That Contributor

-             is then a Commercial Contributor. If that Commercial

-             Contributor then makes performance claims, or offers

-             warranties related to Product X, those performance claims

-             and warranties are such Commercial Contributor's

-             responsibility alone. Under this section, the Commercial

-             Contributor would have to defend claims against the other

-             Contributors related to those performance claims and

-             warranties, and if a court requires any other Contributor

-             to pay any damages as a result, the Commercial Contributor

-             must pay those damages.

-

-

-             5. NO WARRANTY

-

-             EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE

-             PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT

-             WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR

-             IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR

-             CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR

-             FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely

-             responsible for determining the appropriateness of using

-             and distributing the Program and assumes all risks

-             associated with its exercise of rights under this

-             Agreement, including but not limited to the risks and

-             costs of program errors, compliance with applicable laws,

-             damage to or loss of data, programs or equipment, and

-             unavailability or interruption of operations.

-

-             6. DISCLAIMER OF LIABILITY

-             EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER

-             RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY

-             FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,

-             OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION

-             LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF

-             LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

-             (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT

-             OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE

-             OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE

-             POSSIBILITY OF SUCH DAMAGES.

-

-             7. GENERAL

-

-             If any provision of this Agreement is invalid or

-             unenforceable under applicable law, it shall not affect

-             the validity or enforceability of the remainder of the

-             terms of this Agreement, and without further action by the

-             parties hereto, such provision shall be reformed to the

-             minimum extent necessary to make such provision valid and

-             enforceable.

-

-

-             If Recipient institutes patent litigation against a

-             Contributor with respect to a patent applicable to

-             software (including a cross-claim or counterclaim in a

-             lawsuit), then any patent licenses granted by that

-             Contributor to such Recipient under this Agreement shall

-             terminate as of the date such litigation is filed. In

-             addition, If Recipient institutes patent litigation

-             against any entity (including a cross-claim or

-             counterclaim in a lawsuit) alleging that the Program

-             itself (excluding combinations of the Program with other

-             software or hardware) infringes such Recipient's

-             patent(s), then such Recipient's rights granted under

-             Section 2(b) shall terminate as of the date such

-             litigation is filed.

-

-             All Recipient's rights under this Agreement shall

-             terminate if it fails to comply with any of the material

-             terms or conditions of this Agreement and does not cure

-             such failure in a reasonable period of time after becoming

-             aware of such noncompliance. If all Recipient's rights

-             under this Agreement terminate, Recipient agrees to cease

-             use and distribution of the Program as soon as reasonably

-             practicable. However, Recipient's obligations under this

-             Agreement and any licenses granted by Recipient relating

-             to the Program shall continue and survive.

-

-             Everyone is permitted to copy and distribute copies of

-             this Agreement, but in order to avoid inconsistency the

-             Agreement is copyrighted and may only be modified in the

-             following manner. The Agreement Steward reserves the right

-             to publish new versions (including revisions) of this

-             Agreement from time to time. No one other than the

-             Agreement Steward has the right to modify this Agreement.

-

-             IBM is the initial Agreement Steward. IBM may assign the

-             responsibility to serve as the Agreement Steward to a

-             suitable separate entity. Each new version of the

-             Agreement will be given a distinguishing version number.

-             The Program (including Contributions) may always be

-             distributed subject to the version of the Agreement under

-             which it was received. In addition, after a new version of

-             the Agreement is published, Contributor may elect to

-             distribute the Program (including its Contributions) under

-             the new version. Except as expressly stated in Sections

-             2(a) and 2(b) above, Recipient receives no rights or

-             licenses to the intellectual property of any Contributor

-             under this Agreement, whether expressly, by implication,

-             estoppel or otherwise. All rights in the Program not

-             expressly granted under this Agreement are reserved.

-

-

-             This Agreement is governed by the laws of the State of New

-             York and the intellectual property laws of the United

-             States of America. No party to this Agreement will bring a

-             legal action under this Agreement more than one year after

-             the cause of action arose. Each party waives its rights to

-             a jury trial in any resulting litigation.

-

-

-

-*/

-

-/* (C) COPYRIGHT International Business Machines Corp. 2001,2002          */

-

-

-// File:  obj_mgr.c

-//

-// Object manager related functions

-//

-

-#include <pthread.h>

-#include <stdlib.h>

-#include <stdio.h>

-#include <string.h>  // for memcmp() et al

-#include <strings.h>

-

-#include "pkcs11types.h"

-#include "defs.h"

-#include "cca_stdll.h"

-#include "host_defs.h"

-#include "h_extern.h"

-#include "tok_spec_struct.h"

-

-#include "../api/apiproto.h"

-

-pthread_rwlock_t obj_list_rw_mutex = PTHREAD_RWLOCK_INITIALIZER;

-

-CK_RV

-object_mgr_add( SESSION          * sess,

-                CK_ATTRIBUTE     * pTemplate,

-                CK_ULONG           ulCount,

-                CK_OBJECT_HANDLE * handle )

-{

-   OBJECT    * o = NULL;

-   CK_BBOOL    priv_obj, sess_obj;

-   CK_BBOOL    locked = FALSE;

-   CK_RV       rc;

-   unsigned long obj_handle;

-

-   if (!sess || !pTemplate || !handle){

-      OCK_LOG_ERR(ERR_FUNCTION_FAILED);

-      return CKR_FUNCTION_FAILED;

-   }

-

-   rc = MY_LockMutex( &obj_list_mutex );

-   if (rc != CKR_OK){

-      OCK_LOG_ERR(ERR_MUTEX_LOCK);

-      return rc;

-   }

-   locked = TRUE;

-

-   rc = object_create( pTemplate, ulCount, &o );

-   if (rc != CKR_OK){

-      OCK_LOG_ERR(ERR_OBJ_CREATE);

-      goto done;

-   }

-

-   if (token_specific.t_object_add != NULL) {

-      rc = token_specific.t_object_add(o);

-      if (rc != CKR_OK) {

-	 OCK_LOG_ERR(ERR_OBJ_CREATE);

-	 goto done;

-       }

-   }

-

-   // check whether session has permissions to create the object, etc

-   //

-   // Object                  R/O      R/W      R/O     R/W    R/W

-   // Type                   Public   Public    User    User   SO

-   // -------------------------------------------------------------

-   // Public session          R/W      R/W      R/W     R/W    R/W

-   // Private session                           R/W     R/W

-   // Public token            R/O      R/W      R/O     R/W    R/W

-   // Private token                             R/O     R/W

-   //

-   sess_obj = object_is_session_object( o );

-   priv_obj = object_is_private( o );

-

-   if (sess->session_info.state == CKS_RO_PUBLIC_SESSION) {

-      if (priv_obj) {

-         OCK_LOG_ERR(ERR_USER_NOT_LOGGED_IN);

-         rc = CKR_USER_NOT_LOGGED_IN;

-         goto done;

-      }

-

-      if (!sess_obj) {

-         OCK_LOG_ERR(ERR_SESSION_READ_ONLY);

-         rc = CKR_SESSION_READ_ONLY;

-         goto done;

-      }

-   }

-

-   if (sess->session_info.state == CKS_RO_USER_FUNCTIONS) {

-      if (!sess_obj) {

-         OCK_LOG_ERR(ERR_SESSION_READ_ONLY);

-         rc = CKR_SESSION_READ_ONLY;

-         goto done;

-      }

-   }

-

-   if (sess->session_info.state == CKS_RW_PUBLIC_SESSION) {

-      if (priv_obj) {

-         OCK_LOG_ERR(ERR_USER_NOT_LOGGED_IN);

-         rc = CKR_USER_NOT_LOGGED_IN;

-         goto done;

-      }

-   }

-

-   if (sess->session_info.state == CKS_RW_SO_FUNCTIONS) {

-      if (priv_obj) {

-         OCK_LOG_ERR(ERR_USER_NOT_LOGGED_IN);

-         rc = CKR_USER_NOT_LOGGED_IN;

-         goto done;

-      }

-   }

-

-   // okay, object is created and the session permissions look okay.

-   // add the object to the appropriate list and assign an object handle

-   //

-

-   if (sess_obj) {

-      o->session = sess;

-      memset( o->name, 0x00, sizeof(CK_BYTE) * 8 );

-

-      if ((obj_handle = bt_node_add(&sess_obj_btree, o)) == 0) {

-	 OCK_LOG_ERR(ERR_HOST_MEMORY);

-	 rc = CKR_HOST_MEMORY;

-	 goto done;

-      }

-   }

-   else {

-      CK_BYTE current[8];

-      CK_BYTE next[8];

-

-      // we'll be modifying nv_token_data so we should protect this part with

-      // the 'pkcs_mutex'

-      //

-      rc = XProcLock();

-      if (rc != CKR_OK){

-         OCK_LOG_ERR(ERR_PROCESS_LOCK);

-         goto done;

-      }

-      else {

-

-         // Determine if we have already reached our Max Token Objects

-         //

-         if (priv_obj) {

-            if (global_shm->num_priv_tok_obj >= MAX_TOK_OBJS) {

-               rc = CKR_HOST_MEMORY;

-               OCK_LOG_ERR(ERR_HOST_MEMORY);

-               XProcUnLock();

-               goto done;

-            }

-         }

-         else {

-            if (global_shm->num_publ_tok_obj >= MAX_TOK_OBJS) {

-               rc = CKR_HOST_MEMORY;

-               OCK_LOG_ERR(ERR_HOST_MEMORY);

-               XProcUnLock();

-               goto done;

-            }

-         }

-

-         memcpy( current, &nv_token_data->next_token_object_name, 8 );

-

-         o->session = NULL;

-         memcpy( &o->name, current, 8 );

-

-         rc = compute_next_token_obj_name( current, next );

-         if (rc != CKR_OK) {

-                 // TODO: handle error, check if rc is a valid per spec

-                XProcUnLock();

-                 goto done;

-         }

-         memcpy( &nv_token_data->next_token_object_name, next, 8 );

-

-         rc = save_token_object( o );

-         if (rc != CKR_OK) {

-                 // TODO: handle error, check if rc is a valid per spec

-                XProcUnLock();

-                goto done;

-         }

-

-         // add the object identifier to the shared memory segment

-         //

-         object_mgr_add_to_shm( o );

-

-         XProcUnLock();

-

-         // save_token_data has to lock the mutex itself because it's used elsewhere

-         //

-         rc = save_token_data();

-         if (rc != CKR_OK) {

-                 // TODO: handle error, check if rc is a valid per spec

-                XProcUnLock();

-                goto done;

-         }

-

-      }

-

-      // now, store the object in the appropriate btree

-      //

-      if (priv_obj)

-         obj_handle = bt_node_add(&priv_token_obj_btree, o);

-      else

-         obj_handle = bt_node_add(&publ_token_obj_btree, o);

-

-      if (!obj_handle) {

-	 OCK_LOG_ERR(ERR_HOST_MEMORY);

-	 rc = CKR_HOST_MEMORY;

-	 goto done;

-      }

-   }

-

-   rc = object_mgr_add_to_map( sess, o, obj_handle, handle );

-   if (rc != CKR_OK) {

-      // we need to remove the object from whatever btree we just added it to

-      if (sess_obj) {

-	 // put the binary tree node which holds o on the free list, but pass NULL here, so that

-	 // o (the binary tree node's value pointer) isn't touched. It is free'd below

-	 bt_node_free(&sess_obj_btree, obj_handle, NULL);

-      }

-      else {

-         // we'll want to delete the token object file too!

-         //

-         delete_token_object( o );

-

-         if (priv_obj) {

-	    // put the binary tree node which holds o on the free list, but pass NULL here, so that

-	    // o (the binary tree node's value pointer) isn't touched. It is free'd below

-	    bt_node_free(&priv_token_obj_btree, obj_handle, NULL);

-         }

-         else {

-	    // put the binary tree node which holds o on the free list, but pass NULL here, so that

-	    // o (the binary tree node's value pointer) isn't touched. It is free'd below

-	    bt_node_free(&publ_token_obj_btree, obj_handle, NULL);

-         }

-

-         rc = XProcLock();

-         if (rc != CKR_OK){

-            OCK_LOG_ERR(ERR_PROCESS_LOCK);

-            goto done;

-         }

-         object_mgr_del_from_shm( o );

-

-         XProcUnLock();

-      }

-   }

-

-

-done:

-   if (locked)

-      MY_UnlockMutex( &obj_list_mutex );

-

-   if ((rc != CKR_OK) && (o != NULL))

-      object_free( o );

-

-   return rc;

-}

-

-

-// object_mgr_add_to_map()

-//

-CK_RV

-object_mgr_add_to_map( SESSION          * sess,

-                       OBJECT           * obj,

-		       unsigned long      obj_handle,

-                       CK_OBJECT_HANDLE * map_handle )

-{

-   OBJECT_MAP  *map_node = NULL;

-

-   if (!sess || !obj || !map_handle){

-      OCK_LOG_ERR(ERR_FUNCTION_FAILED);

-      return CKR_FUNCTION_FAILED;

-   }

-   //

-   // this guy doesn't lock a mutex because it's calling routines should have

-   // already locked it

-   //

-

-   map_node = (OBJECT_MAP *)malloc(sizeof(OBJECT_MAP));

-   if (!map_node){

-      OCK_LOG_ERR(ERR_HOST_MEMORY);

-      return CKR_HOST_MEMORY;

-   }

-   map_node->session  = sess;

-

-   if (obj->session != NULL)

-      map_node->is_session_obj = TRUE;

-   else

-      map_node->is_session_obj = FALSE;

-

-   map_node->is_private = object_is_private( obj );

-

-   // add the new map entry to the list

-   if (pthread_rwlock_wrlock(&obj_list_rw_mutex)) {

-      free(map_node);

-      OCK_LOG_ERR(ERR_FUNCTION_FAILED);

-      return CKR_FUNCTION_FAILED;

-   }

-

-   // map_node->obj_handle will store the index of the btree node in one of these lists:

-   // publ_token_obj_btree - for public token object

-   // priv_token_obj_btree - for private token objects

-   // sess_obj_btree - for session objects

-   //

-   // *map_handle, the application's CK_OBJECT_HANDLE, will then be the index of the btree node

-   // in the object_map_btree

-   //

-   map_node->obj_handle = obj_handle;

-   *map_handle = bt_node_add(&object_map_btree, map_node);

-

-   pthread_rwlock_unlock(&obj_list_rw_mutex);

-

-   if (*map_handle == 0) {

-      free(map_node);

-      OCK_LOG_ERR(ERR_HOST_MEMORY);

-      return CKR_HOST_MEMORY;

-   }

-   obj->map_handle = *map_handle;

-

-   return CKR_OK;

-}

-

-

-// object_mgr_copy()

-//

-// algorithm:

-//    1) find the old object

-//    2) get the template from the old object

-//    3) merge in the new object's template

-//    4) perform class-specific sanity checks

-//

-CK_RV

-object_mgr_copy( SESSION          * sess,

-                 CK_ATTRIBUTE     * pTemplate,

-                 CK_ULONG           ulCount,

-                 CK_OBJECT_HANDLE   old_handle,

-                 CK_OBJECT_HANDLE * new_handle )

-{

-   OBJECT     *old_obj = NULL;

-   OBJECT     *new_obj = NULL;

-   CK_BBOOL    priv_obj;

-   CK_BBOOL    sess_obj;

-   CK_BBOOL    locked = FALSE;

-   CK_RV       rc;

-   unsigned long obj_handle;

-

-   if (!sess || !pTemplate || !new_handle){

-      OCK_LOG_ERR(ERR_FUNCTION_FAILED);

-      return CKR_FUNCTION_FAILED;

-   }

-

-   rc = MY_LockMutex( &obj_list_mutex );

-   if (rc != CKR_OK){

-      OCK_LOG_ERR(ERR_MUTEX_LOCK);

-      return rc;

-   }

-   locked = TRUE;

-

-   rc = object_mgr_find_in_map1( old_handle, &old_obj );

-   if (rc != CKR_OK){

-      OCK_LOG_ERR(ERR_OBJMGR_FIND_MAP);

-      goto done;

-   }

-   rc = object_copy( pTemplate, ulCount, old_obj, &new_obj );

-   if (rc != CKR_OK){

-      OCK_LOG_ERR(ERR_OBJ_COPY);

-      goto done;

-   }

-

-   // check whether session has permissions to create the object, etc

-   //

-   // Object                  R/O      R/W      R/O     R/W    R/W

-   // Type                   Public   Public    User    User   SO

-   // -------------------------------------------------------------

-   // Public session          R/W      R/W      R/W     R/W    R/W

-   // Private session                           R/W     R/W

-   // Public token            R/O      R/W      R/O     R/W    R/W

-   // Private token                             R/O     R/W

-   //

-   sess_obj = object_is_session_object( new_obj );

-   priv_obj = object_is_private( new_obj );

-

-   if (sess->session_info.state == CKS_RO_PUBLIC_SESSION) {

-      if (priv_obj) {

-         OCK_LOG_ERR(ERR_USER_NOT_LOGGED_IN);

-         rc = CKR_USER_NOT_LOGGED_IN;

-         goto done;

-      }

-

-      if (!sess_obj) {

-         OCK_LOG_ERR(ERR_SESSION_READ_ONLY);

-         rc = CKR_SESSION_READ_ONLY;

-         goto done;

-      }

-   }

-

-   if (sess->session_info.state == CKS_RO_USER_FUNCTIONS) {

-      if (!sess_obj) {

-         OCK_LOG_ERR(ERR_SESSION_READ_ONLY);

-         rc = CKR_SESSION_READ_ONLY;

-         goto done;

-      }

-   }

-

-   if (sess->session_info.state == CKS_RW_PUBLIC_SESSION) {

-      if (priv_obj) {

-         OCK_LOG_ERR(ERR_USER_NOT_LOGGED_IN);

-         rc = CKR_USER_NOT_LOGGED_IN;

-         goto done;

-      }

-   }

-

-   if (sess->session_info.state == CKS_RW_SO_FUNCTIONS) {

-      if (priv_obj) {

-         OCK_LOG_ERR(ERR_USER_NOT_LOGGED_IN);

-         rc = CKR_USER_NOT_LOGGED_IN;

-         goto done;