| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
The name makes it clearer what's going on. This is only used
during loading, so we can track whether a change has resulted
from the trust module or from the file storage.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Reload token data whenever a new session is opened.
* Only reload files/directories that have changed.
* Move duplicate anchor/blacklist detection logic into
the extract code. This is in line with the approach
being discussed on the mailing lists and spec document.
* New internal attribute CKA_X_ORIGIN set on all objects
so we can track where an object came from, and replace
it when reloaded.
In general this is a prerequisite for modification of objects
reload before modify is necessary to prevent multiple callers
clobbering each other's changes.
|
|
|
|
|
|
|
|
|
|
|
| |
In order to use the session we are iterating on for other tasks
such as other C_FindObject() calls, we need to make sure that
it's not in the middle of a find operation. Finish up the
complete find operation in advance of returning objects from
a session.
Make this the default mode. The previous behavior remains
as an option. Add tests.
|
|
|
|
|
| |
Checks if a wellformed path is identical to or a prefix
of another path.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
* p11-kit library and tool in the p11-kit/ subdirectory
* trust module and new trust tool in trust/ subdirectory
* No more tools/ subdirectory
* Lots less in the common/ subdirectory
|
|\ |
|
| | |
|
| |
| |
| |
| | |
Also sorta covers --help and -h usage
|
| |
| |
| |
| |
| | |
There were various bugs passing arguments, with duplicates being
passed, as well as certain arguments being skipped.t
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of looking for external commands in the path, just look
for them in our private directory.
We want to be conservative early on, and limit what sorta things
we have to maintain later. We can later remove this restriction
if a real use case presents itself.
|
| |
| |
| |
| |
| |
| | |
Although we don't actually write anything out yet, make the
various PKCS#11 functions behave properly when faced with
requests to write to token objects
|
| |
| |
| |
| |
| | |
Correctly set the CKF_TOKEN_WRITE_PROTECTED flag for paths
which we will be able to write to.
|
| |
| |
| |
| |
| | |
Gets the parent element of the path, removing the last component.
Handles trailing and duplicate path separators correctly.
|
| | |
|
| | |
|
|\ \
| |/ |
|
| | |
|
| |
| |
| |
| | |
https://bugs.freedesktop.org/show_bug.cgi?id=65401
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Track number of C_Initialize calls, and require similar number
of C_Finalize calls to finalize.
This fixes leaks/disappearing sessions in the trust module.
https://bugs.freedesktop.org/show_bug.cgi?id=65401
|
| |
| |
| |
| | |
https://bugs.freedesktop.org/show_bug.cgi?id=57714
|
| |
| |
| |
| |
| |
| |
| | |
Darwin and libtool seem confused about what shared library
extension they actually use.
https://bugs.freedesktop.org/show_bug.cgi?id=57714
|
| |
| |
| |
| | |
https://bugs.freedesktop.org/show_bug.cgi?id=57714
|
| |
| |
| |
| |
| |
| |
| | |
Darwin and libtool seem confused about what shared library
extension they actually use.
https://bugs.freedesktop.org/show_bug.cgi?id=57714
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
* Support the TAP protocol
* Much cleaner without having to carry around state
* First class support for setup/teardown
* Port the common tests
* Wait on porting other tests until we've merged outstanding code
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Keep the module ownership apart from the tracking of module
function pointers, since these are only relevant for unmanaged
modules.
* Less assumptions that each module has a raw unmanaged module
function pointer.
* More clarity in the naming of dictionaries tracking the modules.
|
| |
| |
| |
| | |
So it can be used from multiple code paths
|
| |
| |
| |
| |
| | |
Because win32 code doesn't just run on windows, wine runs
with unix style paths.
|
| | |
|
| |
| |
| |
| |
| | |
If 'log-calls = yes' is set then all the PKCS#11 modules are logged
to stderr.
|
| |
| |
| |
| |
| |
| | |
Make C_CloseAllSessions work for different callers. Track the sessions
that each caller opens and close just those when C_CloseAllSessiosn is
called.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Each time C_GetFunctionList is called on the proxy module, a new
managed PKCS#11 set of functions is returned. These are all cleaned
up when the module is unloaded.
We want the proxy module to continue to work even without the highly
recommended libffi. For that reason we still keep the old behavior of
sharing state in the proxy module.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Support a new managed style module loading for PKCS#11 modules. This
allows us to better coordinate between multiple callers of the same
PKCS#11 modules and provide hooks into their behavior.
This meant redoing the public facing API. The old methods are now
deprecated, marked and documented as such.
|
| |
| |
| |
| |
| |
| | |
* This allows us to call into subclassed PKCS#11 modules as if
they were plain old PKCS#11 modules
* libffi is an optional dependency
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
One of the flaws in PKCS#11 for our usage is that each PKCS#11 module
is not passed the pointer to the function list, ie: the vtable
Here we define a new function list vtable, where each PKCS#11 function
takes the vtable itself as the first argument. We use this new
list internally to represent subclassable PKCS#11 modules for
various features.
|
| | |
|
|/
|
|
|
|
|
| |
And cleanup our locks/locking model. There's no need to use
recursive locks, especially since we can't use them on all
platforms. In addition adjust taking of locks during initialization
so that there's no chance of deadlocking here.
|
| |
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=64378
|