diff options
author | Daiki Ueno <dueno@redhat.com> | 2018-12-23 14:11:00 +0100 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2019-01-04 15:12:04 +0100 |
commit | 0dd62395788ae566d3adef967611bce214a04435 (patch) | |
tree | 4181770abf1ebf40ebeb2a58fad7a468912a434b | |
parent | 95faa51a23fc416e718dbd740adfce31f642530b (diff) |
trust: Propagate library verbosity to module through init_args
Previously, even when the -v option is used with the 'trust' command,
the messages from p11-kit-trust.so module were suppressed because the
verbosity setting is not propagated to the module.
-rw-r--r-- | common/message.c | 8 | ||||
-rw-r--r-- | p11-kit/modules.c | 29 | ||||
-rw-r--r-- | p11-kit/p11-kit.h | 3 | ||||
-rw-r--r-- | trust/enumerate.c | 11 | ||||
-rw-r--r-- | trust/module.c | 5 | ||||
-rw-r--r-- | trust/p11-kit-trust.module | 4 |
6 files changed, 47 insertions, 13 deletions
diff --git a/common/message.c b/common/message.c index f9d4f57..e439def 100644 --- a/common/message.c +++ b/common/message.c @@ -58,7 +58,7 @@ #include <stdio.h> #include <string.h> -static bool print_messages = false; +bool p11_print_messages = false; #ifdef HAVE_STRERROR_L locale_t p11_message_locale = (locale_t) 0; @@ -148,7 +148,7 @@ p11_message (const char* msg, buffer[length] = 0; /* If printing is not disabled, just print out */ - if (print_messages) + if (p11_print_messages) fprintf (stderr, "p11-kit: %s\n", buffer); else p11_debug_message (P11_DEBUG_LIB, "message: %s", buffer); @@ -158,13 +158,13 @@ p11_message (const char* msg, void p11_message_quiet (void) { - print_messages = false; + p11_print_messages = false; } void p11_message_loud (void) { - print_messages = true; + p11_print_messages = true; } const char * diff --git a/p11-kit/modules.c b/p11-kit/modules.c index cfc4daf..0299eda 100644 --- a/p11-kit/modules.c +++ b/p11-kit/modules.c @@ -306,6 +306,7 @@ free_module_unlocked (void *data) p11_dict_free (mod->config); free (mod->name); free (mod->filename); + free (mod->init_args.pReserved); free (mod); } @@ -550,10 +551,12 @@ is_module_enabled_unlocked (const char *name, static CK_RV take_config_and_load_module_inlock (char **name, p11_dict **config, - bool critical) + bool critical, + bool verbose) { const char *filename = NULL; const char *remote = NULL; + char *init_reserved = NULL; CK_RV rv = CKR_OK; Module *mod; @@ -591,7 +594,19 @@ take_config_and_load_module_inlock (char **name, * 'x-init-reserved' setting in the config. This only works with specific * PKCS#11 modules, and is non-standard use of that field. */ - mod->init_args.pReserved = p11_dict_get (*config, "x-init-reserved"); + init_reserved = p11_dict_get (*config, "x-init-reserved"); + if (init_reserved) { + if (verbose) { + init_reserved = strconcat (init_reserved, " verbose=yes", NULL); + } else { + init_reserved = strdup (init_reserved); + } + if (init_reserved == NULL) { + rv = CKR_HOST_MEMORY; + goto out; + } + } + mod->init_args.pReserved = init_reserved; /* Take ownership of these variables */ p11_dict_free (mod->config); @@ -607,7 +622,7 @@ out: } static CK_RV -load_registered_modules_unlocked (void) +load_registered_modules_unlocked (int flags) { p11_dictiter iter; p11_dict *configs; @@ -617,6 +632,7 @@ load_registered_modules_unlocked (void) int mode; CK_RV rv; bool critical; + bool verbose; if (gl.config) return CKR_OK; @@ -652,7 +668,8 @@ load_registered_modules_unlocked (void) /* Is this a critical module, should abort loading of others? */ critical = _p11_conf_parse_boolean (p11_dict_get (config, "critical"), false); - rv = take_config_and_load_module_inlock (&name, &config, critical); + verbose = (flags & P11_KIT_MODULE_VERBOSE) != 0; + rv = take_config_and_load_module_inlock (&name, &config, critical, verbose); /* * These variables will be cleared if ownership is transeferred @@ -858,7 +875,7 @@ initialize_registered_inlock_reentrant (void) if (rv != CKR_OK) return rv; - rv = load_registered_modules_unlocked (); + rv = load_registered_modules_unlocked (0); if (rv == CKR_OK) { p11_dict_iterate (gl.unmanaged_by_funcs, &iter); while (rv == CKR_OK && p11_dict_next (&iter, NULL, (void **)&mod)) { @@ -1955,7 +1972,7 @@ p11_modules_load_inlock_reentrant (int flags, if (rv != CKR_OK) return rv; - rv = load_registered_modules_unlocked (); + rv = load_registered_modules_unlocked (flags); if (rv != CKR_OK) return rv; diff --git a/p11-kit/p11-kit.h b/p11-kit/p11-kit.h index abf618b..cc89595 100644 --- a/p11-kit/p11-kit.h +++ b/p11-kit/p11-kit.h @@ -57,7 +57,8 @@ enum { P11_KIT_MODULE_UNMANAGED = 1 << 0, P11_KIT_MODULE_CRITICAL = 1 << 1, P11_KIT_MODULE_TRUSTED = 1 << 2, - P11_KIT_MODULE_MASK = (1 << 3) - 1 + P11_KIT_MODULE_VERBOSE = 1 << 3, + P11_KIT_MODULE_MASK = (1 << 4) - 1 }; typedef void (* p11_kit_destroyer) (void *data); diff --git a/trust/enumerate.c b/trust/enumerate.c index e197765..0cef089 100644 --- a/trust/enumerate.c +++ b/trust/enumerate.c @@ -674,6 +674,8 @@ p11_enumerate_opt_purpose (p11_enumerate *ex, return true; } +extern bool p11_print_messages; + bool p11_enumerate_ready (p11_enumerate *ex, const char *def_filter) @@ -687,8 +689,13 @@ p11_enumerate_ready (p11_enumerate *ex, * We only "believe" the CKA_TRUSTED and CKA_X_DISTRUSTED attributes * we get from modules explicitly marked as containing trust-policy. */ - if (!ex->modules) - ex->modules = p11_kit_modules_load_and_initialize (P11_KIT_MODULE_TRUSTED); + if (!ex->modules) { + int flags = P11_KIT_MODULE_TRUSTED; + if (p11_print_messages) + flags |= P11_KIT_MODULE_VERBOSE; + + ex->modules = p11_kit_modules_load_and_initialize (flags); + } if (!ex->modules) return false; if (ex->modules[0] == NULL) diff --git a/trust/module.c b/trust/module.c index 24cda87..0c16a39 100644 --- a/trust/module.c +++ b/trust/module.c @@ -287,6 +287,11 @@ parse_argument (char *arg, free (gl.paths); gl.paths = value ? strdup (value) : NULL; + } else if (strcmp (arg, "verbose") == 0) { + if (strcmp (value, "yes") == 0) + p11_message_loud (); + else if (strcmp (value, "no") == 0) + p11_message_quiet (); } else { p11_message ("unrecognized module argument: %s", arg); } diff --git a/trust/p11-kit-trust.module b/trust/p11-kit-trust.module index 72122c3..a2a3306 100644 --- a/trust/p11-kit-trust.module +++ b/trust/p11-kit-trust.module @@ -18,3 +18,7 @@ x-trust-lookup: pkcs11:library-description=PKCS%2311%20Kit%20Trust%20Module # Prevent this module being loaded by the proxy module disable-in: p11-kit-proxy + +# This will be overwritten by appending "verbose=yes", if the trust +# command is called with the -v option. +x-init-reserved: |