diff options
author | Daiki Ueno <dueno@redhat.com> | 2017-01-11 09:32:19 +0100 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2017-02-17 10:25:55 +0100 |
commit | 0684cd7b7f815b411ea5041c021f92ca5ef42606 (patch) | |
tree | ffb7006ea208c5574441d51ac82edec115474460 /doc/manual | |
parent | c28ff652e5d6c6ddff513716e22064e0e17a58d3 (diff) |
rpc: Add PKCS#11 module that connects to socket
This patch adds a PKCS#11 module that connects to the p11-kit server
exposed on the filesystem. The filename of the socket is determined in
the following order:
- $P11_KIT_SERVER_ADDRESS, if the envvar is available
- $XDG_RUNTIME_DIR/p11-kit/pkcs11, if the envvar is available
- /run/$(id -u)/p11-kit/pkcs11, if /run/$(id -u) exists
- /var/run/$(id -u)/p11-kit/pkcs11, if /var/run/$(id -u) exists
- ~/.cache/p11-kit/pkcs11.
Note that the program loading this module may have called setuid() and
secure_getenv() which we use for fetching envvars could return NULL.
Diffstat (limited to 'doc/manual')
-rw-r--r-- | doc/manual/Makefile.am | 1 | ||||
-rw-r--r-- | doc/manual/p11-kit.xml | 17 |
2 files changed, 18 insertions, 0 deletions
diff --git a/doc/manual/Makefile.am b/doc/manual/Makefile.am index 7108977..a3c6b66 100644 --- a/doc/manual/Makefile.am +++ b/doc/manual/Makefile.am @@ -60,6 +60,7 @@ IGNORE_HFILES= \ pkcs11i.h \ pkcs11x.h \ private.h \ + client.h \ proxy.h \ rpc.h \ rpc-message.h \ diff --git a/doc/manual/p11-kit.xml b/doc/manual/p11-kit.xml index 223df62..0c813b8 100644 --- a/doc/manual/p11-kit.xml +++ b/doc/manual/p11-kit.xml @@ -35,6 +35,9 @@ <cmdsynopsis> <command>p11-kit extract</command> ... </cmdsynopsis> + <cmdsynopsis> + <command>p11-kit server</command> ... + </cmdsynopsis> </refsynopsisdiv> <refsect1 id="p11-kit-description"> @@ -85,6 +88,20 @@ $ p11-kit list-modules for more information</para> </refsect1> +<refsect1 id="p11-kit-server"> + <title>Server</title> + + <para>Run a server process that exposes PKCS#11 module remotely.</para> + +<programlisting> +$ p11-kit server /path/to/pkcs11-module.so +$ p11-kit server pkcs11:token-uri +</programlisting> + + <para>This launches a server that exposes the given PKCS#11 module or token on a local socket. To access the socket, use <literal>p11-kit-client.so</literal> module. The server address and PID are printed as a shell-script snippet which sets the appropriate environment variable: <literal>P11_KIT_SERVER_ADDRESS</literal> and <literal>P11_KIT_SERVER_PID</literal>.</para> + +</refsect1> + <refsect1 id="p11-kit-extract-trust"> <title>Extract Trust</title> |