summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaiki Ueno <dueno@redhat.com>2018-12-23 14:11:00 +0100
committerDaiki Ueno <ueno@gnu.org>2019-01-04 15:12:04 +0100
commit0dd62395788ae566d3adef967611bce214a04435 (patch)
tree4181770abf1ebf40ebeb2a58fad7a468912a434b
parent95faa51a23fc416e718dbd740adfce31f642530b (diff)
trust: Propagate library verbosity to module through init_args
Previously, even when the -v option is used with the 'trust' command, the messages from p11-kit-trust.so module were suppressed because the verbosity setting is not propagated to the module.
-rw-r--r--common/message.c8
-rw-r--r--p11-kit/modules.c29
-rw-r--r--p11-kit/p11-kit.h3
-rw-r--r--trust/enumerate.c11
-rw-r--r--trust/module.c5
-rw-r--r--trust/p11-kit-trust.module4
6 files changed, 47 insertions, 13 deletions
diff --git a/common/message.c b/common/message.c
index f9d4f57..e439def 100644
--- a/common/message.c
+++ b/common/message.c
@@ -58,7 +58,7 @@
#include <stdio.h>
#include <string.h>
-static bool print_messages = false;
+bool p11_print_messages = false;
#ifdef HAVE_STRERROR_L
locale_t p11_message_locale = (locale_t) 0;
@@ -148,7 +148,7 @@ p11_message (const char* msg,
buffer[length] = 0;
/* If printing is not disabled, just print out */
- if (print_messages)
+ if (p11_print_messages)
fprintf (stderr, "p11-kit: %s\n", buffer);
else
p11_debug_message (P11_DEBUG_LIB, "message: %s", buffer);
@@ -158,13 +158,13 @@ p11_message (const char* msg,
void
p11_message_quiet (void)
{
- print_messages = false;
+ p11_print_messages = false;
}
void
p11_message_loud (void)
{
- print_messages = true;
+ p11_print_messages = true;
}
const char *
diff --git a/p11-kit/modules.c b/p11-kit/modules.c
index cfc4daf..0299eda 100644
--- a/p11-kit/modules.c
+++ b/p11-kit/modules.c
@@ -306,6 +306,7 @@ free_module_unlocked (void *data)
p11_dict_free (mod->config);
free (mod->name);
free (mod->filename);
+ free (mod->init_args.pReserved);
free (mod);
}
@@ -550,10 +551,12 @@ is_module_enabled_unlocked (const char *name,
static CK_RV
take_config_and_load_module_inlock (char **name,
p11_dict **config,
- bool critical)
+ bool critical,
+ bool verbose)
{
const char *filename = NULL;
const char *remote = NULL;
+ char *init_reserved = NULL;
CK_RV rv = CKR_OK;
Module *mod;
@@ -591,7 +594,19 @@ take_config_and_load_module_inlock (char **name,
* 'x-init-reserved' setting in the config. This only works with specific
* PKCS#11 modules, and is non-standard use of that field.
*/
- mod->init_args.pReserved = p11_dict_get (*config, "x-init-reserved");
+ init_reserved = p11_dict_get (*config, "x-init-reserved");
+ if (init_reserved) {
+ if (verbose) {
+ init_reserved = strconcat (init_reserved, " verbose=yes", NULL);
+ } else {
+ init_reserved = strdup (init_reserved);
+ }
+ if (init_reserved == NULL) {
+ rv = CKR_HOST_MEMORY;
+ goto out;
+ }
+ }
+ mod->init_args.pReserved = init_reserved;
/* Take ownership of these variables */
p11_dict_free (mod->config);
@@ -607,7 +622,7 @@ out:
}
static CK_RV
-load_registered_modules_unlocked (void)
+load_registered_modules_unlocked (int flags)
{
p11_dictiter iter;
p11_dict *configs;
@@ -617,6 +632,7 @@ load_registered_modules_unlocked (void)
int mode;
CK_RV rv;
bool critical;
+ bool verbose;
if (gl.config)
return CKR_OK;
@@ -652,7 +668,8 @@ load_registered_modules_unlocked (void)
/* Is this a critical module, should abort loading of others? */
critical = _p11_conf_parse_boolean (p11_dict_get (config, "critical"), false);
- rv = take_config_and_load_module_inlock (&name, &config, critical);
+ verbose = (flags & P11_KIT_MODULE_VERBOSE) != 0;
+ rv = take_config_and_load_module_inlock (&name, &config, critical, verbose);
/*
* These variables will be cleared if ownership is transeferred
@@ -858,7 +875,7 @@ initialize_registered_inlock_reentrant (void)
if (rv != CKR_OK)
return rv;
- rv = load_registered_modules_unlocked ();
+ rv = load_registered_modules_unlocked (0);
if (rv == CKR_OK) {
p11_dict_iterate (gl.unmanaged_by_funcs, &iter);
while (rv == CKR_OK && p11_dict_next (&iter, NULL, (void **)&mod)) {
@@ -1955,7 +1972,7 @@ p11_modules_load_inlock_reentrant (int flags,
if (rv != CKR_OK)
return rv;
- rv = load_registered_modules_unlocked ();
+ rv = load_registered_modules_unlocked (flags);
if (rv != CKR_OK)
return rv;
diff --git a/p11-kit/p11-kit.h b/p11-kit/p11-kit.h
index abf618b..cc89595 100644
--- a/p11-kit/p11-kit.h
+++ b/p11-kit/p11-kit.h
@@ -57,7 +57,8 @@ enum {
P11_KIT_MODULE_UNMANAGED = 1 << 0,
P11_KIT_MODULE_CRITICAL = 1 << 1,
P11_KIT_MODULE_TRUSTED = 1 << 2,
- P11_KIT_MODULE_MASK = (1 << 3) - 1
+ P11_KIT_MODULE_VERBOSE = 1 << 3,
+ P11_KIT_MODULE_MASK = (1 << 4) - 1
};
typedef void (* p11_kit_destroyer) (void *data);
diff --git a/trust/enumerate.c b/trust/enumerate.c
index e197765..0cef089 100644
--- a/trust/enumerate.c
+++ b/trust/enumerate.c
@@ -674,6 +674,8 @@ p11_enumerate_opt_purpose (p11_enumerate *ex,
return true;
}
+extern bool p11_print_messages;
+
bool
p11_enumerate_ready (p11_enumerate *ex,
const char *def_filter)
@@ -687,8 +689,13 @@ p11_enumerate_ready (p11_enumerate *ex,
* We only "believe" the CKA_TRUSTED and CKA_X_DISTRUSTED attributes
* we get from modules explicitly marked as containing trust-policy.
*/
- if (!ex->modules)
- ex->modules = p11_kit_modules_load_and_initialize (P11_KIT_MODULE_TRUSTED);
+ if (!ex->modules) {
+ int flags = P11_KIT_MODULE_TRUSTED;
+ if (p11_print_messages)
+ flags |= P11_KIT_MODULE_VERBOSE;
+
+ ex->modules = p11_kit_modules_load_and_initialize (flags);
+ }
if (!ex->modules)
return false;
if (ex->modules[0] == NULL)
diff --git a/trust/module.c b/trust/module.c
index 24cda87..0c16a39 100644
--- a/trust/module.c
+++ b/trust/module.c
@@ -287,6 +287,11 @@ parse_argument (char *arg,
free (gl.paths);
gl.paths = value ? strdup (value) : NULL;
+ } else if (strcmp (arg, "verbose") == 0) {
+ if (strcmp (value, "yes") == 0)
+ p11_message_loud ();
+ else if (strcmp (value, "no") == 0)
+ p11_message_quiet ();
} else {
p11_message ("unrecognized module argument: %s", arg);
}
diff --git a/trust/p11-kit-trust.module b/trust/p11-kit-trust.module
index 72122c3..a2a3306 100644
--- a/trust/p11-kit-trust.module
+++ b/trust/p11-kit-trust.module
@@ -18,3 +18,7 @@ x-trust-lookup: pkcs11:library-description=PKCS%2311%20Kit%20Trust%20Module
# Prevent this module being loaded by the proxy module
disable-in: p11-kit-proxy
+
+# This will be overwritten by appending "verbose=yes", if the trust
+# command is called with the -v option.
+x-init-reserved: