diff options
author | Stef Walter <stefw@gnome.org> | 2013-03-06 19:16:09 +0100 |
---|---|---|
committer | Stef Walter <stefw@gnome.org> | 2013-03-15 17:25:17 +0100 |
commit | 0e75a5ba8261955d4d75a38a528f79ff4edd5c21 (patch) | |
tree | e06a9dd5a59b2a92704fc23d19f21f7873d0bccc /trust/token.c | |
parent | d2128c263ea77e4f99bccc6ac46964ad419ec2d1 (diff) |
trust: Make each configured path its own token
* Each source directory or file configured into the module or passed
in as an initialization argument becomes its own token.
Previously there was one token that contained certificates from
all the configured paths.
* These tokens are clearly labeled in the token info as
to the directory or file that they represent.
* Update PKCS#11 module logic to deal with multiple tokens, validate
the slot ids and so on.
* The order in which the paths are configured will become the
order of trust priority. This is the same order in which they
are listed through 'p11-kit list-modules' and C_GetSlotList.
* Update the frob-token internal tool to only play with one path
* Adjust tests where necessary to reflect the new state of things
and add tests for modified trust module code
https://bugs.freedesktop.org/show_bug.cgi?id=61499
Diffstat (limited to 'trust/token.c')
-rw-r--r-- | trust/token.c | 64 |
1 files changed, 23 insertions, 41 deletions
diff --git a/trust/token.c b/trust/token.c index f96d865..39bca04 100644 --- a/trust/token.c +++ b/trust/token.c @@ -59,7 +59,8 @@ struct _p11_token { p11_parser *parser; p11_dict *objects; - const char *paths; + const char *path; + CK_SLOT_ID slot; int loaded; }; @@ -209,43 +210,6 @@ loader_load_path (p11_token *token, } static int -loader_load_paths (p11_token *token, - const char *paths) -{ - const char *pos; - int total = 0; - char *path; - int ret; - - p11_debug ("loading paths: %s", paths); - - while (paths) { - pos = strchr (paths, ':'); - if (pos == NULL) { - path = strdup (paths); - paths = NULL; - } else { - path = strndup (paths, pos - paths); - paths = pos + 1; - } - - return_val_if_fail (path != NULL, -1); - - if (path[0] != '\0') { - /* We don't expect this to fail except for in strange circumstances */ - ret = loader_load_path (token, path); - if (ret < 0) - return_val_if_reached (-1); - total += ret; - } - - free (path); - } - - return total; -} - -static int load_builtin_objects (p11_token *token) { CK_OBJECT_CLASS builtin = CKO_NSS_BUILTIN_ROOT_LIST; @@ -425,7 +389,7 @@ p11_token_load (p11_token *token) builtins = load_builtin_objects (token); - count = loader_load_paths (token, token->paths); + count = loader_load_path (token, token->path); return_val_if_fail (count >= 0, count); return count + builtins; @@ -449,7 +413,8 @@ p11_token_free (p11_token *token) } p11_token * -p11_token_new (const char *paths) +p11_token_new (CK_SLOT_ID slot, + const char *path) { p11_token *token; @@ -464,8 +429,25 @@ p11_token_new (const char *paths) free, p11_attrs_free); return_val_if_fail (token->objects != NULL, NULL); - token->paths = paths; + token->path = strdup (path); + return_val_if_fail (token->path != NULL, NULL); + + token->slot = slot; token->loaded = 0; return token; } + +const char * +p11_token_get_path (p11_token *token) +{ + return_val_if_fail (token != NULL, NULL); + return token->path; +} + +CK_SLOT_ID +p11_token_get_slot (p11_token *token) +{ + return_val_if_fail (token != NULL, 0); + return token->slot; +} |