diff options
author | Stef Walter <stef@thewalter.net> | 2014-06-24 13:24:47 +0200 |
---|---|---|
committer | Stef Walter <stef@thewalter.net> | 2014-07-08 08:57:31 +0200 |
commit | d4289fbe420e19882d94827bd82a667a0132fccf (patch) | |
tree | cd3edcfdb8c9f860445da4d3b1debe23c0c7f264 /p11-kit | |
parent | 7ec80ff13adb167705a999b7d082c76219adc909 (diff) |
p11-kit: Add 'p11-kit remote' command for isolating modules
This adds a new tool to the p11-kit command called 'remote'. This
is the server side of remoting a PKCS#11 module.
Diffstat (limited to 'p11-kit')
-rw-r--r-- | p11-kit/Makefile.am | 2 | ||||
-rw-r--r-- | p11-kit/p11-kit.c | 69 | ||||
-rw-r--r-- | p11-kit/remote.c (renamed from p11-kit/tests/frob-server.c) | 86 | ||||
-rw-r--r-- | p11-kit/remote.h | 56 | ||||
-rw-r--r-- | p11-kit/tests/Makefile.am | 3 | ||||
-rw-r--r-- | p11-kit/tests/test-transport.c | 2 |
6 files changed, 160 insertions, 58 deletions
diff --git a/p11-kit/Makefile.am b/p11-kit/Makefile.am index 88883b5..dd2716d 100644 --- a/p11-kit/Makefile.am +++ b/p11-kit/Makefile.am @@ -21,6 +21,7 @@ inc_HEADERS = \ iter.h \ p11-kit.h \ pin.h \ + remote.h \ uri.h \ $(NULL) @@ -36,6 +37,7 @@ MODULE_SRCS = \ proxy.c proxy.h \ private.h \ messages.c \ + remote.c \ rpc-transport.c rpc.h \ rpc-message.c rpc-message.h \ rpc-client.c rpc-server.c \ diff --git a/p11-kit/p11-kit.c b/p11-kit/p11-kit.c index da9d400..e115c42 100644 --- a/p11-kit/p11-kit.c +++ b/p11-kit/p11-kit.c @@ -38,6 +38,8 @@ #include "debug.h" #include "message.h" #include "path.h" +#include "p11-kit.h" +#include "remote.h" #include <assert.h> #include <ctype.h> @@ -59,8 +61,12 @@ int p11_kit_trust (int argc, int p11_kit_external (int argc, char *argv[]); +int p11_kit_remote (int argc, + char *argv[]); + static const p11_tool_command commands[] = { { "list-modules", p11_kit_list_modules, "List modules and tokens" }, + { "remote", p11_kit_remote, "Run a specific PKCS#11 module remotely" }, { P11_TOOL_FALLBACK, p11_kit_external, NULL }, { 0, } }; @@ -121,6 +127,69 @@ p11_kit_external (int argc, } int +p11_kit_remote (int argc, + char *argv[]) +{ + CK_FUNCTION_LIST *module; + int opt; + int ret; + + enum { + opt_verbose = 'v', + opt_help = 'h', + }; + + struct option options[] = { + { "verbose", no_argument, NULL, opt_verbose }, + { "help", no_argument, NULL, opt_help }, + { 0 }, + }; + + p11_tool_desc usages[] = { + { 0, "usage: p11-kit remote <module>" }, + { 0 }, + }; + + while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { + switch (opt) { + case opt_verbose: + p11_kit_be_loud (); + break; + case opt_help: + case '?': + p11_tool_usage (usages, options); + return 0; + default: + assert_not_reached (); + break; + } + } + + argc -= optind; + argv += optind; + + if (argc != 1) { + p11_message ("specify the module to remote"); + return 2; + } + + if (isatty (0)) { + p11_message ("the 'remote' tool is not meant to be run from a terminal"); + return 2; + } + + module = p11_kit_module_load (argv[0], 0); + if (module == NULL) + return 1; + + ret = p11_kit_remote_serve_module (module, 0, 1); + p11_kit_module_release (module); + + return ret; +} + + +int main (int argc, char *argv[]) { diff --git a/p11-kit/tests/frob-server.c b/p11-kit/remote.c index e0e7020..706d8b8 100644 --- a/p11-kit/tests/frob-server.c +++ b/p11-kit/remote.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Red Hat Inc. + * Copyright (C) 2014 Red Hat Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -37,8 +37,9 @@ #include "buffer.h" #include "compat.h" #include "debug.h" -#include "p11-kit.h" +#include "message.h" #include "rpc.h" +#include "remote.h" #include "virtual.h" #include <assert.h> @@ -46,77 +47,51 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <unistd.h> int -main (int argc, - char *argv[]) +p11_kit_remote_serve_module (CK_FUNCTION_LIST *module, + int in_fd, + int out_fd) { - CK_FUNCTION_LIST *funcs; - CK_C_GetFunctionList gfl; p11_rpc_status status; unsigned char version; p11_virtual virt; p11_buffer options; p11_buffer buffer; - dl_module_t dl; size_t state; + int ret = 1; int code; - CK_RV rv; - p11_debug_init (); + return_val_if_fail (module != NULL, 1); - if (argc != 2) { - fprintf (stderr, "usage: frob-server module\n"); - exit (2); - } - - dl = p11_dl_open (argv[1]); - if (dl == NULL) { - fprintf (stderr, "couldn't load module: %s: %s\n", - argv[1], p11_dl_error ()); - exit (1); - } - - gfl = p11_dl_symbol (dl, "C_GetFunctionList"); - if (!gfl) { - fprintf (stderr, "couldn't find C_GetFunctionList entry point in module: %s: %s\n", - argv[1], p11_dl_error ()); - exit (1); - } - - rv = gfl (&funcs); - if (rv != CKR_OK) { - fprintf (stderr, "call to C_GetFunctiontList failed in module: %s: %s\n", - argv[1], p11_kit_strerror (rv)); - exit (1); - } - - p11_virtual_init (&virt, &p11_virtual_base, funcs, NULL); p11_buffer_init (&options, 0); p11_buffer_init (&buffer, 0); - switch (read (0, &version, 1)) { + p11_virtual_init (&virt, &p11_virtual_base, module, NULL); + + switch (read (in_fd, &version, 1)) { case 0: status = P11_RPC_EOF; break; case 1: if (version != 0) { - fprintf (stderr, "unspported version received: %d", (int)version); - exit (1); + p11_message ("unspported version received: %d", (int)version); + goto out; } break; default: - fprintf (stderr, "couldn't read creds: %s", strerror (errno)); - exit (1); + p11_message_err (errno, "couldn't read credential byte"); + goto out; } version = 0; - switch (write (1, &version, 1)) { + switch (write (out_fd, &version, out_fd)) { case 1: break; default: - fprintf (stderr, "couldn't read creds: %s", strerror (errno)); - exit (1); + p11_message_err (errno, "couldn't write credential byte"); + goto out; } status = P11_RPC_OK; @@ -125,7 +100,7 @@ main (int argc, code = 0; do { - status = p11_rpc_transport_read (0, &state, &code, + status = p11_rpc_transport_read (in_fd, &state, &code, &options, &buffer); } while (status == P11_RPC_AGAIN); @@ -133,23 +108,24 @@ main (int argc, case P11_RPC_OK: break; case P11_RPC_EOF: + ret = 0; continue; case P11_RPC_AGAIN: assert_not_reached (); case P11_RPC_ERROR: - fprintf (stderr, "failed to read rpc message: %s\n", strerror (errno)); - exit (1); + p11_message_err (errno, "failed to read rpc message"); + goto out; } if (!p11_rpc_server_handle (&virt.funcs, &buffer, &buffer)) { - fprintf (stderr, "unexpected error handling rpc message\n"); - exit (1); + p11_message ("unexpected error handling rpc message"); + goto out; } state = 0; options.len = 0; do { - status = p11_rpc_transport_write (1, &state, code, + status = p11_rpc_transport_write (out_fd, &state, code, &options, &buffer); } while (status == P11_RPC_AGAIN); @@ -160,14 +136,16 @@ main (int argc, case P11_RPC_AGAIN: assert_not_reached (); case P11_RPC_ERROR: - fprintf (stderr, "failed to write rpc message: %s\n", strerror (errno)); - exit (1); + p11_message_err (errno, "failed to write rpc message"); + goto out; } } +out: p11_buffer_uninit (&buffer); p11_buffer_uninit (&options); - p11_dl_close (dl); - return 0; + p11_virtual_uninit (&virt); + + return ret; } diff --git a/p11-kit/remote.h b/p11-kit/remote.h new file mode 100644 index 0000000..12cbe6d --- /dev/null +++ b/p11-kit/remote.h @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2014 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter <stefw@redhat.com> + */ + +#ifndef __P11_KIT_REMOTE_H__ +#define __P11_KIT_REMOTE_H__ + +#include "p11-kit/p11-kit.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef P11_KIT_FUTURE_UNSTABLE_API + +int p11_kit_remote_serve_module (CK_FUNCTION_LIST *module, + int in_fd, + int out_fd); + +#endif + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* __P11_KIT_REMOTE_H__ */ diff --git a/p11-kit/tests/Makefile.am b/p11-kit/tests/Makefile.am index 0672d62..a7049a4 100644 --- a/p11-kit/tests/Makefile.am +++ b/p11-kit/tests/Makefile.am @@ -43,9 +43,6 @@ CHECK_PROGS += \ test-transport \ $(NULL) -noinst_PROGRAMS += \ - frob-server - endif TESTS = $(CHECK_PROGS) diff --git a/p11-kit/tests/test-transport.c b/p11-kit/tests/test-transport.c index 32ec02a..6ae6072 100644 --- a/p11-kit/tests/test-transport.c +++ b/p11-kit/tests/test-transport.c @@ -68,7 +68,7 @@ setup_remote (void *unused) test.user_config = p11_path_build (test.directory, "pkcs11.conf", NULL); p11_test_file_write (NULL, test.user_config, data, strlen (data)); - data = "remote: " BUILDDIR "/frob-server " BUILDDIR "/.libs/mock-two.so\n"; + data = "remote: " BUILDDIR "/../p11-kit remote " BUILDDIR "/.libs/mock-two.so\n"; p11_test_file_write (test.user_modules, "remote.module", data, strlen (data)); p11_config_user_modules = test.user_modules; |