diff options
author | Stef Walter <stef@thewalter.net> | 2014-06-24 13:34:20 +0200 |
---|---|---|
committer | Stef Walter <stef@thewalter.net> | 2014-07-08 08:59:18 +0200 |
commit | 17ea60eaf9d1b4eab9546d6dfc7e7afe83779f91 (patch) | |
tree | e0b68748d1262820b8943d7c86ee27b87d313a32 | |
parent | d4289fbe420e19882d94827bd82a667a0132fccf (diff) |
p11-kit: Cleanup and add documentation for 'remote' option
https://bugs.freedesktop.org/show_bug.cgi?id=54105
-rw-r--r-- | doc/manual/p11-kit.xml | 15 | ||||
-rw-r--r-- | doc/manual/pkcs11.conf.xml | 13 | ||||
-rw-r--r-- | p11-kit/rpc-transport.c | 57 | ||||
-rw-r--r-- | p11-kit/tests/test-transport.c | 2 |
4 files changed, 59 insertions, 28 deletions
diff --git a/doc/manual/p11-kit.xml b/doc/manual/p11-kit.xml index bc618f9..be3f982 100644 --- a/doc/manual/p11-kit.xml +++ b/doc/manual/p11-kit.xml @@ -93,6 +93,21 @@ $ p11-kit list-modules for more information</para> </refsect1> +<refsect1 id="p11-kit-remote"> + <title>Remote</title> + + <para>Run a PKCS#11 module remotely.</para> + +<programlisting> +$ p11-kit remote /path/to/pkcs11-module.so +</programlisting> + + <para>This is not meant to be run directly from a terminal. But rather in a + <option>remote</option> option in a + <citerefentry><refentrytitle>pkcs11.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> + file.</para> +</refsect1> + <refsect1 id="p11-kit-bugs"> <title>Bugs</title> <para> diff --git a/doc/manual/pkcs11.conf.xml b/doc/manual/pkcs11.conf.xml index 0b61b6f..2617677 100644 --- a/doc/manual/pkcs11.conf.xml +++ b/doc/manual/pkcs11.conf.xml @@ -155,6 +155,19 @@ x-custom : text </listitem> </varlistentry> <varlistentry> + <term><option>remote:</option></term> + <listitem> + <para>Instead of loading the PKCS#11 module locally, run the module + remotely.</para> + <para>Specify a command to run, prefixed with <literal>|</literal> a pipe. + The command must speak the p11-kit remoting protocol on its standard in + and standard out. For example:</para> +<programlisting> +remote: |ssh user@remote p11-kit remote /path/to/module.so +</programlisting> + </listitem> + </varlistentry> + <varlistentry> <term><option>trust-policy:</option></term> <listitem> <para>Set to <literal>yes</literal> to use use this module as a source diff --git a/p11-kit/rpc-transport.c b/p11-kit/rpc-transport.c index 0ff82d8..8c3fb0c 100644 --- a/p11-kit/rpc-transport.c +++ b/p11-kit/rpc-transport.c @@ -542,14 +542,16 @@ struct _p11_rpc_transport { }; static void -on_rpc_disconnect (p11_rpc_client_vtable *vtable, - void *init_reserved) +rpc_transport_disconnect (p11_rpc_client_vtable *vtable, + void *init_reserved) { p11_rpc_transport *rpc = (p11_rpc_transport *)vtable; - if (rpc->socket) + if (rpc->socket) { + rpc_socket_close (rpc->socket); rpc_socket_unref (rpc->socket); - rpc->socket = NULL; + rpc->socket = NULL; + } } static bool @@ -573,9 +575,9 @@ rpc_transport_uninit (p11_rpc_transport *rpc) } static CK_RV -on_rpc_transport (p11_rpc_client_vtable *vtable, - p11_buffer *request, - p11_buffer *response) +rpc_transport_buffer (p11_rpc_client_vtable *vtable, + p11_buffer *request, + p11_buffer *response) { p11_rpc_transport *rpc = (p11_rpc_transport *)vtable; CK_RV rv = CKR_OK; @@ -632,7 +634,7 @@ typedef struct { } rpc_exec; static void -wait_or_terminate (pid_t pid) +rpc_exec_wait_or_terminate (pid_t pid) { bool terminated = false; int status; @@ -672,8 +674,8 @@ wait_or_terminate (pid_t pid) } static void -on_rpc_exec_disconnect (p11_rpc_client_vtable *vtable, - void *fini_reserved) +rpc_exec_disconnect (p11_rpc_client_vtable *vtable, + void *fini_reserved) { rpc_exec *rex = (rpc_exec *)vtable; @@ -681,11 +683,11 @@ on_rpc_exec_disconnect (p11_rpc_client_vtable *vtable, rpc_socket_close (rex->base.socket); if (rex->pid) - wait_or_terminate (rex->pid); + rpc_exec_wait_or_terminate (rex->pid); rex->pid = 0; /* Do the common disconnect stuff */ - on_rpc_disconnect (vtable, fini_reserved); + rpc_transport_disconnect (vtable, fini_reserved); } static int @@ -699,8 +701,8 @@ set_cloexec_on_fd (void *data, } static CK_RV -on_rpc_exec_connect (p11_rpc_client_vtable *vtable, - void *init_reserved) +rpc_exec_connect (p11_rpc_client_vtable *vtable, + void *init_reserved) { rpc_exec *rex = (rpc_exec *)vtable; pid_t pid; @@ -761,7 +763,7 @@ static void rpc_exec_free (void *data) { rpc_exec *rex = data; - on_rpc_exec_disconnect (data, NULL); + rpc_exec_disconnect (data, NULL); rpc_transport_uninit (&rex->base); p11_array_free (rex->argv); free (rex); @@ -797,9 +799,9 @@ rpc_exec_init (const char *remote, p11_array_push (argv, NULL); rex->argv = argv; - rex->base.vtable.connect = on_rpc_exec_connect; - rex->base.vtable.disconnect = on_rpc_exec_disconnect; - rex->base.vtable.transport = on_rpc_transport; + rex->base.vtable.connect = rpc_exec_connect; + rex->base.vtable.disconnect = rpc_exec_disconnect; + rex->base.vtable.transport = rpc_transport_buffer; rpc_transport_init (&rex->base, name, rpc_exec_free); p11_debug ("initialized rpc exec: %s", remote); @@ -813,24 +815,25 @@ p11_rpc_transport_new (p11_virtual *virt, const char *remote, const char *name) { - p11_rpc_transport *rpc; + p11_rpc_transport *rpc = NULL; return_val_if_fail (virt != NULL, NULL); return_val_if_fail (remote != NULL, NULL); return_val_if_fail (name != NULL, NULL); -#ifdef OS_UNIX - /* For now we assume it's all a command line */ - rpc = rpc_exec_init (remote, name); - -#else /* !OS_WIN32 */ - rpc = NULL; +#ifdef OS_WIN32 p11_message ("Windows not yet supported for remote"); + return NULL; +#endif -#endif /* OS_WIN32 */ + /* This is a command we can execute */ + if (remote[0] == '|') { + rpc = rpc_exec_init (remote + 1, name); - if (!rpc) + } else { + p11_message ("remote not supported: %s", remote); return NULL; + } if (!p11_rpc_client_init (virt, &rpc->vtable)) return_val_if_reached (NULL); diff --git a/p11-kit/tests/test-transport.c b/p11-kit/tests/test-transport.c index 6ae6072..4656d34 100644 --- a/p11-kit/tests/test-transport.c +++ b/p11-kit/tests/test-transport.c @@ -68,7 +68,7 @@ setup_remote (void *unused) test.user_config = p11_path_build (test.directory, "pkcs11.conf", NULL); p11_test_file_write (NULL, test.user_config, data, strlen (data)); - data = "remote: " BUILDDIR "/../p11-kit remote " BUILDDIR "/.libs/mock-two.so\n"; + data = "remote: |" BUILDDIR "/../p11-kit remote " BUILDDIR "/.libs/mock-two.so\n"; p11_test_file_write (test.user_modules, "remote.module", data, strlen (data)); p11_config_user_modules = test.user_modules; |