summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* trust: Add 'trust anchor --remove' commandStef Walter2013-08-291-52/+365
| | | | Also prevent --store from storing an anchor multiple times
* trust: Add a list command to the trust toolStef Walter2013-08-294-1/+294
| | | | Lists with PKCS#11 URI's and some basic fields.
* trust: Add support for removing trust token objectsStef Walter2013-08-292-1/+185
|
* trust: Refactor enumeration of certificates to extractStef Walter2013-08-2914-543/+541
| | | | Because we want to use this same logic for listing trust
* trust: Do reload object removals inside a loading blockStef Walter2013-08-291-0/+4
| | | | | So that validation/storage logic doesn't kick in if a file was removed outside of p11-kit trust module.
* trust: Add index callback for when an object is removedStef Walter2013-08-296-9/+125
| | | | This allows a token to remove the file if desired
* trust: Prefer parsing the persist format to PEMStef Walter2013-08-281-2/+2
| | | | | This is because the persist format contains PEM, and if the PEM parser gets it first, then it'll ignore the other non PEM data.
* trust: Correctly rewrite other objects in a modifiable persist fileStef Walter2013-08-282-1/+75
| | | | | There was a bug where we were rewriting the modified object multiple times.
* Add p11-kit style typedefs for iter and uriStef Walter2013-08-282-0/+2
| | | | | In general we're slowly migrating towards the lower case style for stuctures/objects.
* iter: Add a p11_kit_iter_destroy_object() functionStef Walter2013-08-284-0/+60
| | | | Handy function since this is a common need.
* iter: Add p11_kit_iter_set_uri() functionStef Walter2013-08-284-8/+67
| | | | This is so we can set a filtering uri on the iterator after construction
* iter: Add p11_kit_iter_get_token() callStef Walter2013-08-284-4/+56
| | | | | To get the already loaded CK_TOKEN_INFO during iteration for the token that the current object is on.
* iter: Add new P11_KIT_ITER_WANT_WRITABLE iterator behaviorStef Walter2013-08-284-29/+16
| | | | | This allows us to try to get a RW session, but if not fallback to a read-only session.
* tool: Only include debug lines marked 'tool' when --verboseStef Walter2013-08-281-1/+3
| | | | | Otherwise we get all sorts of overwhelming internal debugging when someone specifies --verbose argument to a tool.
* debug: Allow debug lines longer than 512 charactersStef Walter2013-08-281-4/+3
| | | | | | Since fprintf (stderr, ...) already doesn't print atomically, we don't lose any atomicity here. If we want to print atomically this will need some further reworking anyway.
* debug: Add missing 'tool' flag to debug flagsStef Walter2013-08-281-0/+1
|
* p11-kit: Rename list.c to lists.c to simplify debuggingStef Walter2013-08-282-1/+1
|
* Avoid multiple stat() calls for same fileStef Walter2013-08-2816-69/+80
| | | | | | As a side effect we can also not use the dirent.d_type field https://bugs.freedesktop.org/show_bug.cgi?id=68525
* compat: Check return value of mmap() properlyStef Walter2013-08-281-1/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=68525
* Add --with-module-config parameter to the configure scriptPascal Ernster2013-08-161-1/+6
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=68122
* trust: Add test tool for creating BasicConstraintsStef Walter2013-08-122-0/+102
|
* test-compat calls test_getauxval which is in a UNIX defined blockMichael Cronenworth2013-07-301-0/+2
| | | | | | MinGW builds fail due to this. https://bugs.freedesktop.org/show_bug.cgi?id=67518
* do not assume dead code existence in autoconf checksAlon Bar-Lev2013-07-291-2/+2
| | | | | | | | | when compiler optimize source, it removes dead code so a linkage error in these cases are not visisble. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> https://bugs.freedesktop.org/show_bug.cgi?id=67413
* Release version 0.19.3Stef Walter2013-07-242-1/+7
|
* Make tests work on file systems with block size directoriesStef Walter2013-07-241-0/+12
| | | | | | | | | On certain file systems the size of the directory does not change when adding a file. This caused the tests to fail. Make the tests wait more than a second in certain tests to get the mtime to change. https://bugs.freedesktop.org/show_bug.cgi?id=65249
* Fix uninitialized variablesStef Walter2013-07-231-2/+2
|
* Don't use _GNU_SOURCE and fix strerror_r usageStef Walter2013-07-237-6/+83
| | | | | glibc declares strerror_r completely different if in POSIX or GNU mode. Nastiness. Stop using _GNU_SOURCE all together.
* Fix various memory leaks exposed by 'make leakcheck'Stef Walter2013-07-2311-56/+79
|
* Use simple serial automake test harnessStef Walter2013-07-2312-12/+113
| | | | | * Add a testing sanity check to see if we're catching errors * Fix a few other testing issues
* Use an automake aux directory for storing litterStef Walter2013-07-232-1/+3
|
* doc: Add identifiers to doc sections so gtk-doc doesn't autogen themStef Walter2013-07-183-10/+10
|
* Add appropriate const qualifiersStef Walter2013-07-182-2/+2
|
* Release version 0.19.2Stef Walter2013-07-182-2/+20
|
* Fix extract example in documentationStef Walter2013-07-181-1/+1
|
* Use $XDG_CONFIG_HOME/pkcs11 as default user config directoryStef Walter2013-07-181-1/+1
| | | | | | | | | By default this evaluates to ~/.config/pkcs11. This is a somewhat backwards incompatible change. However so far only advanced users have been exposed to the user p11-kit configuration. Distributors are able to revert this if necessary with a --with-user-config='~/.pkcs11' ./configure option.
* Use getpwuid_r() instead of the non-thread-sofe getpwuid()Stef Walter2013-07-181-2/+9
|
* Fix p11_kit_space_strlen() result when empty stringStef Walter2013-07-183-3/+63
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985416
* Always pass size_t varargs to p11_hash_xxx() functionsStef Walter2013-07-183-4/+6
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985421
* Don't call memdup with zero length or NULL pointerStef Walter2013-07-182-3/+8
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985433
* attrs: Check printf formatting in buffer_append_printf()Stef Walter2013-07-181-0/+5
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985497
* Avoid using the non-thread-safe strerror() functionStef Walter2013-07-1811-51/+348
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985481
* Declare static variables const where it makes senseStef Walter2013-07-187-31/+31
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985337
* Support expanding $XDG_CONFIG_HOME in user config pathsStef Walter2013-07-1811-34/+91
| | | | | | | | | | If ~/.config is specified as a prefix to a configured path, then it is expanded to the $XDG_CONFIG_HOME if that exists Add --with-user-config ./configure option to configure a different user config directory. Interpolate the right directories into documentation.
* Don't load configs from user directory when setuidStef Walter2013-07-1817-3/+423
| | | | | | | When running as setuid() or setgid() don't access the user's home directory, or use $HOME environment variables. https://bugzilla.redhat.com/show_bug.cgi?id=985014
* tools: Use $TMPDIR instead of $TEMPStef Walter2013-07-1811-96/+73
| | | | | | | | | | | | TMPDIR is a more standard environment variable for locating the temp directory on Unix. In addition since this is only used in tests, remove the code from the generic p11_path_expand() func. In general remove the possibility for forks to put $HOME or $TEMP environment variables in configured paths. This was possible due to code in p11_path_expand() but not something we supported. https://bugzilla.redhat.com/show_bug.cgi?id=985017
* Fix various issues highlighted by coverity scannerStef Walter2013-07-1810-30/+43
| | | | Among others fix possible usage of large stack allocation.
* open files with O_CLOEXEC when possibleStef Walter2013-07-184-79/+46
| | | | | | | | | | | | | This helps prevent leaked file descriptors when the library is used in a process which exec's. opendir() already uses O_CLOEXEC on platforms that support O_CLOEXEC so we don't need to make changes there. In addition read config files using p11_mmap_open() so that we get the simple benefits of O_CLOEXEC with the open() call there. https://bugzilla.redhat.com/show_bug.cgi?id=984986
* buffer: Check for unlikely integer overflowStef Walter2013-07-181-0/+6
| | | | | | | | If we see an integer overflow here something has gone horribly wrong (or malicious code is present). So treat this as unrecoverable, and fail if we're going to overflow. https://bugzilla.redhat.com/show_bug.cgi?id=985019
* Make preconditions abort unconditionally when scanning with coverityStef Walter2013-07-182-0/+9
| | | | | | | | | | | | This reflects that preconditions are invalid/unreachable on a functioning system and with valid input. We do not try to recover from such conditions. In addition teach coverity about how our test suite fails See http://p11-glue.freedesktop.org/doc/p11-kit/devel-building-style.html https://bugzilla.redhat.com/show_bug.cgi?id=985005
* iter: Document guarantees for filter matches argumetStef Walter2013-07-181-0/+4
| | | | | | | | The matches argument is always initialized to CK_TRUE when a filter is called, and it's up to filters to set it to CK_FALSE. Filters don't need to set to CK_TRUE. https://bugzilla.redhat.com/show_bug.cgi?id=985009