diff options
author | Stef Walter <stefw@redhat.com> | 2014-10-01 17:34:02 +0200 |
---|---|---|
committer | Stef Walter <stefw@redhat.com> | 2014-10-02 11:44:02 +0200 |
commit | a3b1e1c2f2c8c1f14293d8158b6dfeb2a6560908 (patch) | |
tree | 0f24ca1420aca2c6171bd6bea9d71d22bc996236 /p11-kit/remote.c | |
parent | 76f230ced6e9ca2a598988bc00b7b971208e8f64 (diff) |
remote: Run separate executable binary for 'p11-kit remote'
This allows security frameworks like SELinux or AppArmor to target
it specifically.
Diffstat (limited to 'p11-kit/remote.c')
-rw-r--r-- | p11-kit/remote.c | 137 |
1 files changed, 49 insertions, 88 deletions
diff --git a/p11-kit/remote.c b/p11-kit/remote.c index 944e501..7717277 100644 --- a/p11-kit/remote.c +++ b/p11-kit/remote.c @@ -34,13 +34,12 @@ #include "config.h" -#include "buffer.h" #include "compat.h" #include "debug.h" #include "message.h" -#include "rpc.h" +#include "p11-kit.h" #include "remote.h" -#include "virtual.h" +#include "tool.h" #include <assert.h> #include <errno.h> @@ -50,101 +49,63 @@ #include <unistd.h> int -p11_kit_remote_serve_module (CK_FUNCTION_LIST *module, - int in_fd, - int out_fd) +main (int argc, + char *argv[]) { - p11_rpc_status status; - unsigned char version; - p11_virtual virt; - p11_buffer options; - p11_buffer buffer; - size_t state; - int ret = 1; - int code; - - return_val_if_fail (module != NULL, 1); - - p11_buffer_init (&options, 0); - p11_buffer_init (&buffer, 0); - - p11_virtual_init (&virt, &p11_virtual_base, module, NULL); - - switch (read (in_fd, &version, 1)) { - case 0: - goto out; - case 1: - if (version != 0) { - p11_message ("unspported version received: %d", (int)version); - goto out; - } - break; - default: - p11_message_err (errno, "couldn't read credential byte"); - goto out; - } - - version = 0; - switch (write (out_fd, &version, out_fd)) { - case 1: - break; - default: - p11_message_err (errno, "couldn't write credential byte"); - goto out; - } - - status = P11_RPC_OK; - while (status == P11_RPC_OK) { - state = 0; - code = 0; - - do { - status = p11_rpc_transport_read (in_fd, &state, &code, - &options, &buffer); - } while (status == P11_RPC_AGAIN); - - switch (status) { - case P11_RPC_OK: + CK_FUNCTION_LIST *module; + int opt; + int ret; + + enum { + opt_verbose = 'v', + opt_help = 'h', + }; + + struct option options[] = { + { "verbose", no_argument, NULL, opt_verbose }, + { "help", no_argument, NULL, opt_help }, + { 0 }, + }; + + p11_tool_desc usages[] = { + { 0, "usage: p11-kit remote <module>" }, + { 0 }, + }; + + while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { + switch (opt) { + case opt_verbose: + p11_kit_be_loud (); break; - case P11_RPC_EOF: - ret = 0; - continue; - case P11_RPC_AGAIN: + case opt_help: + case '?': + p11_tool_usage (usages, options); + return 0; + default: assert_not_reached (); - case P11_RPC_ERROR: - p11_message_err (errno, "failed to read rpc message"); - goto out; + break; } + } - if (!p11_rpc_server_handle (&virt.funcs, &buffer, &buffer)) { - p11_message ("unexpected error handling rpc message"); - goto out; - } + argc -= optind; + argv += optind; - state = 0; - options.len = 0; - do { - status = p11_rpc_transport_write (out_fd, &state, code, - &options, &buffer); - } while (status == P11_RPC_AGAIN); + if (argc != 1) { + p11_message ("specify the module to remote"); + return 2; + } - switch (status) { - case P11_RPC_OK: - break; - case P11_RPC_EOF: - case P11_RPC_AGAIN: - assert_not_reached (); - case P11_RPC_ERROR: - p11_message_err (errno, "failed to write rpc message"); - goto out; - } + if (isatty (0)) { + p11_message ("the 'remote' tool is not meant to be run from a terminal"); + return 2; } -out: - p11_buffer_uninit (&buffer); - p11_buffer_uninit (&options); + module = p11_kit_module_load (argv[0], 0); + if (module == NULL) + return 1; - p11_virtual_uninit (&virt); + ret = p11_kit_remote_serve_module (module, 0, 1); + p11_kit_module_release (module); return ret; } |