Add URI filtering by slot attributes

Signed-off-by: Simo Sorce <simo@redhat.com>

src/session.c

@@ -479,7 +479,7 @@ static CK_RV check_slot(P11PROV_CTX *ctx, P11PROV_SLOT *slot, P11PROV_URI *uri,
                         CK_MECHANISM_TYPE mechtype, bool rw)
 {
     CK_TOKEN_INFO *token;
-    CK_FLAGS slot_flags;
+    CK_SLOT_INFO *ck_slot;
     CK_SLOT_ID slotid;
     CK_RV ret;
 
@@ -488,8 +488,8 @@ static CK_RV check_slot(P11PROV_CTX *ctx, P11PROV_SLOT *slot, P11PROV_URI *uri,
     P11PROV_debug("Checking Slot id=%lu, uri=%p, mechtype=%lx, rw=%s)", slotid,
                   uri, mechtype, rw ? "true" : "false");
 
-    slot_flags = p11prov_slot_get_slot_flags(slot);
-    if ((slot_flags & CKF_TOKEN_PRESENT) == 0) {
+    ck_slot = p11prov_slot_get_slot(slot);
+    if ((ck_slot->flags & CKF_TOKEN_PRESENT) == 0) {
         return CKR_TOKEN_NOT_PRESENT;
     }
     token = p11prov_slot_get_token(slot);
@@ -500,8 +500,7 @@ static CK_RV check_slot(P11PROV_CTX *ctx, P11PROV_SLOT *slot, P11PROV_URI *uri,
         return CKR_TOKEN_WRITE_PROTECTED;
     }
     if (uri) {
-        /* skip slots that do not match */
-        ret = p11prov_uri_match_token(uri, token);
+        ret = p11prov_uri_match_token(uri, slotid, ck_slot, token);
         if (ret != CKR_OK) {
             return ret;
         }

src/slot.c

@@ -463,9 +463,9 @@ CK_SLOT_ID p11prov_slot_get_slot_id(P11PROV_SLOT *slot)
     return slot->id;
 }
 
-CK_FLAGS p11prov_slot_get_slot_flags(P11PROV_SLOT *slot)
+CK_SLOT_INFO *p11prov_slot_get_slot(P11PROV_SLOT *slot)
 {
-    return slot->slot.flags;
+    return &slot->slot;
 }
 
 CK_TOKEN_INFO *p11prov_slot_get_token(P11PROV_SLOT *slot)

src/slot.h

@@ -20,7 +20,7 @@ int p11prov_check_mechanism(P11PROV_CTX *ctx, CK_SLOT_ID id,
 CK_RV p11prov_slot_get_obj_pool(P11PROV_CTX *provctx, CK_SLOT_ID id,
                                 P11PROV_OBJ_POOL **pool);
 CK_SLOT_ID p11prov_slot_get_slot_id(P11PROV_SLOT *slot);
-CK_FLAGS p11prov_slot_get_slot_flags(P11PROV_SLOT *slot);
+CK_SLOT_INFO *p11prov_slot_get_slot(P11PROV_SLOT *slot);
 CK_TOKEN_INFO *p11prov_slot_get_token(P11PROV_SLOT *slot);
 const char *p11prov_slot_get_login_info(P11PROV_SLOT *slot);
 const char *p11prov_slot_get_bad_pin(P11PROV_SLOT *slot);

src/util.c

@@ -537,6 +537,7 @@ P11PROV_URI *p11prov_parse_uri(P11PROV_CTX *ctx, const char *uri)
 {
     struct p11prov_uri u = {
         .type = CK_UNAVAILABLE_INFORMATION,
+        .slot_id = CK_UNAVAILABLE_INFORMATION,
         .id = { .type = CKA_ID },
         .object = { .type = CKA_LABEL },
     };
@@ -829,8 +830,27 @@ char *p11prov_uri_get_pin(P11PROV_URI *uri)
     return uri->pin;
 }
 
-CK_RV p11prov_uri_match_token(P11PROV_URI *uri, CK_TOKEN_INFO *token)
+CK_RV p11prov_uri_match_token(P11PROV_URI *uri, CK_SLOT_ID slot_id,
+                              CK_SLOT_INFO *slot, CK_TOKEN_INFO *token)
 {
+    if (uri->slot_id != CK_UNAVAILABLE_INFORMATION && uri->slot_id != slot_id) {
+        return CKR_CANCEL;
+    }
+
+    if (uri->slot_description
+        && strncmp(uri->slot_description, (const char *)slot->slotDescription,
+                   64)
+               != 0) {
+        return CKR_CANCEL;
+    }
+
+    if (uri->slot_manufacturer
+        && strncmp(uri->slot_manufacturer, (const char *)slot->manufacturerID,
+                   32)
+               != 0) {
+        return CKR_CANCEL;
+    }
+
     if (uri->model
         && strncmp(uri->model, (const char *)token->model, 16) != 0) {
         return CKR_CANCEL;

src/util.h

@@ -60,7 +60,8 @@ CK_ATTRIBUTE p11prov_uri_get_id(P11PROV_URI *uri);
 CK_ATTRIBUTE p11prov_uri_get_label(P11PROV_URI *uri);
 char *p11prov_uri_get_serial(P11PROV_URI *uri);
 char *p11prov_uri_get_pin(P11PROV_URI *uri);
-CK_RV p11prov_uri_match_token(P11PROV_URI *uri, CK_TOKEN_INFO *token);
+CK_RV p11prov_uri_match_token(P11PROV_URI *uri, CK_SLOT_ID slot_id,
+                              CK_SLOT_INFO *slot, CK_TOKEN_INFO *token);
 int p11prov_get_pin(P11PROV_CTX *ctx, const char *in, char **out);
 bool cyclewait_with_timeout(uint64_t max_wait, uint64_t interval,
                             uint64_t *start_time);