diff options
author | Daiki Ueno <dueno@redhat.com> | 2017-03-10 14:22:59 +0100 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2017-05-25 14:13:01 +0200 |
commit | 7310d92af3b0291ab627fcf3e07800cd5b2983c8 (patch) | |
tree | 71645e34b4afa0caa44a376f5fcf435c1b67f018 | |
parent | dfe606d40c33a6213b89b310df0964392fd6d64d (diff) |
remote: Name command line options consistently
-rw-r--r-- | p11-kit/remote.c | 4 | ||||
-rw-r--r-- | p11-kit/server.c | 183 |
2 files changed, 116 insertions, 71 deletions
diff --git a/p11-kit/remote.c b/p11-kit/remote.c index 37d8d5e..d524bbd 100644 --- a/p11-kit/remote.c +++ b/p11-kit/remote.c @@ -131,7 +131,7 @@ main (int argc, }; p11_tool_desc usages[] = { - { 0, "usage: p11-kit remote <module>" }, + { 0, "usage: p11-kit remote <module-or-token>" }, { 0 }, }; @@ -154,7 +154,7 @@ main (int argc, argv += optind; if (argc != 1) { - p11_message ("specify the module to remote"); + p11_message ("specify the module or token URI to remote"); return 2; } diff --git a/p11-kit/server.c b/p11-kit/server.c index c96382c..1d9f469 100644 --- a/p11-kit/server.c +++ b/p11-kit/server.c @@ -75,13 +75,13 @@ static unsigned children_avail = 0; static bool quiet = false; typedef struct { - char *module_name; + char *module_or_token; + char *socket_name; uid_t uid; gid_t gid; - char *pkcs11_address; - int pkcs11_socket; + int socket; } Server; static SIGHANDLER_T @@ -238,42 +238,47 @@ check_credentials (int fd, return true; } +static void +server_free (Server *server) +{ + if (server == NULL) + return; + if (server->module_or_token) + free (server->module_or_token); + if (server->socket_name) + free (server->socket_name); + if (server->socket >= 0) + close (server->socket); + free (server); +} + static Server * -server_new (const char *module_name, const char *socket_base, const char *socket_name, uid_t uid, gid_t gid) +server_new (const char *module_or_token, const char *socket_name) { - Server *server = calloc (1, sizeof (Server)); - char *name; + Server *server; - server->module_name = strdup (module_name); - return_val_if_fail (server->module_name != NULL, NULL); + server = calloc (1, sizeof (Server)); - server->uid = uid; - server->gid = gid; + if (server == NULL) + return NULL; - if (socket_name != NULL) - name = strdup (socket_name); - else if (asprintf (&name, "pkcs11-%d", getpid ()) < 0) - return_val_if_reached (NULL); + server->module_or_token = strdup (module_or_token); + if (server->module_or_token == NULL) { + server_free (server); + return NULL; + } - server->pkcs11_address = p11_path_build (socket_base, name, NULL); - free (name); + server->socket_name = strdup (socket_name); + if (server->socket_name == NULL) { + server_free (server); + return NULL; + } - return_val_if_fail (server->pkcs11_address != NULL, NULL); - server->pkcs11_socket = -1; + server->socket = -1; return server; } -static void -server_free (Server *server) -{ - free (server->module_name); - free (server->pkcs11_address); - if (server->pkcs11_socket >= 0) - close (server->pkcs11_socket); - free (server); -} - static int server_loop (Server *server, bool foreground, @@ -299,8 +304,8 @@ server_loop (Server *server, ocsignal (SIGTERM, handle_term); ocsignal (SIGINT, handle_term); - server->pkcs11_socket = create_socket (server->pkcs11_address, server->uid, server->gid); - if (server->pkcs11_socket == -1) + server->socket = create_socket (server->socket_name, server->uid, server->gid); + if (server->socket == -1) return 1; /* run as daemon */ @@ -321,9 +326,9 @@ server_loop (Server *server, } } - rc = listen (server->pkcs11_socket, 1024); + rc = listen (server->socket, 1024); if (rc == -1) { - p11_message_err (errno, "could not listen to socket %s", server->pkcs11_address); + p11_message_err (errno, "could not listen to socket %s", server->socket_name); return 1; } @@ -332,7 +337,7 @@ server_loop (Server *server, if (!quiet) { char *path; - path = p11_path_encode (server->pkcs11_address); + path = p11_path_encode (server->socket_name); printf ("P11_KIT_SERVER_ADDRESS=unix:path=%s\n", path); free (path); printf ("P11_KIT_SERVER_PID=%d\n", getpid ()); @@ -348,23 +353,23 @@ server_loop (Server *server, break; FD_ZERO (&rd_set); - FD_SET (server->pkcs11_socket, &rd_set); + FD_SET (server->socket, &rd_set); - ret = pselect (server->pkcs11_socket + 1, &rd_set, NULL, NULL, timeout, &emptyset); + ret = pselect (server->socket + 1, &rd_set, NULL, NULL, timeout, &emptyset); if (ret == -1 && errno == EINTR) continue; if (ret == 0 && children_avail == 0) { /* timeout */ - p11_message ("no connections to %s for %lu secs, exiting", server->pkcs11_address, timeout->tv_sec); + p11_message ("no connections to %s for %lu secs, exiting", server->socket_name, timeout->tv_sec); break; } - if (FD_ISSET (server->pkcs11_socket, &rd_set)) { + if (FD_ISSET (server->socket, &rd_set)) { sa_len = sizeof (sa); - cfd = accept (server->pkcs11_socket, (struct sockaddr *)&sa, &sa_len); + cfd = accept (server->socket, (struct sockaddr *)&sa, &sa_len); if (cfd == -1) { if (errno != EINTR) - p11_message_err (errno, "could not accept from socket %s", server->pkcs11_address); + p11_message_err (errno, "could not accept from socket %s", server->socket_name); continue; } @@ -391,11 +396,11 @@ server_loop (Server *server, fdwalk (set_cloexec_on_fd, &max_fd); /* Execute 'p11-kit remote'; this shouldn't return */ - args[1] = (char *) server->module_name; + args[1] = (char *) server->module_or_token; exec_external (2, args); errn = errno; - p11_message_err (errn, "couldn't execute 'p11-kit remote' for module '%s'", server->module_name); + p11_message_err (errn, "couldn't execute 'p11-kit remote' for module '%s'", server->module_or_token); _exit (errn); default: children_avail++; @@ -405,7 +410,7 @@ server_loop (Server *server, } } - remove (server->pkcs11_address); + remove (server->socket_name); return ret; } @@ -414,8 +419,8 @@ int main (int argc, char *argv[]) { - char *module_name; - char *socket_base; + char *module_or_token; + char *socket_base = NULL, *socket_name = NULL; uid_t uid = -1, run_as_uid = -1; gid_t gid = -1, run_as_gid = -1; int opt; @@ -423,9 +428,9 @@ main (int argc, const struct group *grp; bool foreground = false; struct timespec *timeout = NULL, ts; - const char *name = NULL; - Server *server; - int ret; + char *name = NULL; + Server *server = NULL; + int ret = 0; enum { opt_verbose = 'v', @@ -455,14 +460,14 @@ main (int argc, }; p11_tool_desc usages[] = { - { 0, "usage: p11-kit server <token> [<directory>]" }, + { 0, "usage: p11-kit server <module-or-token>" }, { opt_foreground, "run the server in foreground" }, { opt_user, "specify user who can connect to the socket" }, { opt_group, "specify group who can connect to the socket" }, { opt_run_as_user, "specify user who runs the server" }, { opt_run_as_group, "specify group who runs the server" }, { opt_timeout, "exit if no connection until the given timeout" }, - { opt_name, "specify name of the socket (default: pkcs11-<pid>" }, + { opt_name, "specify name of the socket (default: pkcs11-<pid>)" }, { 0 }, }; @@ -530,49 +535,89 @@ main (int argc, argc -= optind; argv += optind; - if (!(argc >= 1 && argc <= 2)) { + if (argc != 1) { p11_tool_usage (usages, options); return 2; } - module_name = argv[0]; - - if (argc == 2) - socket_base = argv[1]; - else { - const char *runtime_dir = secure_getenv ("XDG_RUNTIME_DIR"); - if (!runtime_dir || !runtime_dir[0]) { - p11_message_err (errno, "cannot determine runtime directory"); - return 1; - } - socket_base = p11_path_build (runtime_dir, "p11-kit", NULL); - return_val_if_fail (socket_base != NULL, 1); - mkdir (socket_base, 0700); - } + module_or_token = argv[0]; if (run_as_gid != -1) { if (setgid (run_as_gid) == -1) { p11_message_err (errno, "cannot set gid to %u", (unsigned)run_as_gid); - return 1; + ret = 1; + goto out; } if (setgroups (1, &run_as_gid) == -1) { p11_message_err (errno, "cannot setgroups to %u", (unsigned)run_as_gid); - return 1; + ret = 1; + goto out; } } if (run_as_uid != -1) { if (setuid (run_as_uid) == -1) { p11_message_err (errno, "cannot set uid to %u", (unsigned)run_as_uid); - return 1; + ret = 1; + goto out; + } + } + + if (name == NULL) { + const char *runtime_dir; + + if (asprintf (&name, "pkcs11-%d", getpid ()) < 0) { + ret = 1; + goto out; + } + + runtime_dir = secure_getenv ("XDG_RUNTIME_DIR"); + if (!runtime_dir || !runtime_dir[0]) { + p11_message_err (errno, "cannot determine runtime directory"); + ret = 1; + goto out; + } + + socket_base = p11_path_build (runtime_dir, "p11-kit", NULL); + if (socket_base == NULL) { + ret = 1; + goto out; + } + + if (mkdir (socket_base, 0700) == -1 && errno != EEXIST) { + p11_message_err (errno, "cannot create %s", socket_base); + ret = 1; + goto out; } + + socket_name = p11_path_build (socket_base, name, NULL); + free (socket_base); + free (name); + } else { + socket_name = strdup (name); + } + + server = server_new (module_or_token, socket_name); + free (socket_name); + if (server == NULL) { + ret = 1; + goto out; } - server = server_new (module_name, socket_base, name, uid, gid); + server->uid = uid; + server->gid = gid; ret = server_loop (server, foreground, timeout); + + out: server_free (server); - remove (socket_base); + + if (socket_name) + free (socket_name); + if (socket_base) { + remove (socket_base); + free (socket_base); + } return ret; } |