summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* rpc: Avoid use-after-free when creating socket base directoryDaiki Ueno2017-05-291-1/+0
| | | | Spotted by clang-analyzer.
* rpc: Avoid calling memcmp() on NULL bufferDaiki Ueno2017-05-291-1/+3
| | | | Spotted by clang-analyzer.
* proxy: Don't call realloc() with size 0Daiki Ueno2017-05-291-9/+11
| | | | Spotted by clang-analyzer.
* build: Delay building test programs until "make check"Daiki Ueno2017-05-294-8/+7
| | | | | This is to disable clang-analyzer against test programs, which can contain several false-positives.
* travis: Enable clang-analyzerDaiki Ueno2017-05-291-1/+3
|
* server: Avoid use-after-freeDaiki Ueno2017-05-291-1/+0
| | | | | Reported by Mantas Mikulėnas in: https://bugs.freedesktop.org/show_bug.cgi?id=101212
* Release 0.23.6Daiki Ueno2017-05-262-1/+7
|
* test: Check the size of unsigned longDaiki Ueno2017-05-262-9/+11
|
* rpc: Load advapi32.dll on the flyDaiki Ueno2017-05-262-7/+91
|
* remote: Remove unnecessary declarationDaiki Ueno2017-05-261-4/+0
|
* doc: Clarify p11-kit server documentationDaiki Ueno2017-05-261-3/+5
|
* server: Port to WindowsDaiki Ueno2017-05-252-39/+511
| | | | Instead of a Unix domain socket on Unix, use a named pipe on Windows.
* rpc: New p11_kit_remote_serve_tokens functionDaiki Ueno2017-05-255-101/+248
|
* remote: Name command line options consistentlyDaiki Ueno2017-05-252-71/+116
|
* rpc: Convert mechanism parameters for portabilityDaiki Ueno2017-05-245-158/+467
| | | | This is similar to commit ba49b85e, but for mechanism parameters.
* pkcs11: Define RSA-PSS mechanism parameterDaiki Ueno2017-05-241-0/+11
|
* pkcs11: Make CK_RSA_PKCS_OAEP_PARAMS usefulDaiki Ueno2017-05-241-1/+7
|
* rpc: Fix typo in encoding CK_DATE valueDaiki Ueno2017-05-241-1/+1
|
* rpc: Factor out attribute value serializer definitionsDaiki Ueno2017-05-241-26/+25
|
* rpc: Add a comment why we call _get_attribute() twiceDaiki Ueno2017-05-241-0/+1
|
* rpc: Convert attribute value for portabilityDaiki Ueno2017-05-225-80/+827
| | | | | | | | | | | When using the RPC across multiple architectures, where data models are different, say LP64 vs ILP32, there can be unwanted truncation of attribute values. This patch converts the values into portable format for the known attributes. Co-authored-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* rpc: Return early if call_id of request is ERRORDaiki Ueno2017-05-221-1/+2
| | | | | Otherwise it will cause assertion failure in a few lines below. Spotted by amrican fuzzy lop.
* build: Add fuzzer using AFLDaiki Ueno2017-05-225-0/+142
|
* trust: Simplify the check for the magicDaiki Ueno2017-05-183-12/+17
| | | | | Instead of reusing the CKA_X_GENERATED attribute, check the file contents directly in the caller side.
* trust: Check magic comment in persist file for modifiablityDaiki Ueno2017-05-183-2/+14
| | | | | | | A persistent file written by the trust module starts with the line "# This file has been auto-generated and written by p11-kit". This can be used as a magic word to determine whether the objects read from a .p11-kit file are read-only.
* Revert "trust: Honor "modifiable" setting in persist file"Daiki Ueno2017-05-183-11/+1
| | | | | This reverts commit 8eed1e60b0921d05872e2f43eee9088cef038d7e, which broke "trust anchor --remove".
* remote: Fix typo when writing a credential byteDaiki Ueno2017-03-091-1/+1
| | | | | out_fd is not always 1 when p11_kit_remote_serve_module() is used for writing a custom server.
* correct text for --user-config optionDaniel Black2017-03-061-1/+1
|
* Release 0.23.5Daiki Ueno2017-03-022-1/+6
|
* build: Remove systemd unit files for nowDaiki Ueno2017-03-013-39/+0
| | | | | | | | | Given that the remote proxy service shall be only used by NetworkManager and not generally useful, revert commit a4fb2bb587fb1a0146cf97f039b671d3258488f9 for now. Once the necessary command that runs the proxy module is implemented in p11-kit, maybe NetworkManager itself could install those files.
* systemd: Fix location of p11-kit-remoteDaiki Ueno2017-02-274-2/+11
| | | | | The p11-kit-remote executable is now located under $libexecdir, but we should use the p11-kit command to launch the subcommand.
* fixed license in unix peer fileNikos Mavrogiannopoulos2017-02-271-12/+27
|
* build: add missing includes for FreeBSDRoman Bogorodskiy2017-02-241-0/+1
| | | | Include signal.h for kill(2) and SIGKILL on FreeBSD.
* build: check for getpeereidRoman Bogorodskiy2017-02-241-0/+1
| | | | | | In common/unix-peer.c, we are checking if HAVE_GETPEEREID is defined, however, we never actually check if getpeereid() is available, so fix that by checking this function using AC_CHECK_FUNCS().
* Release 0.23.4Daiki Ueno2017-02-222-3/+20
|
* uri: Support vendor query attributesDaiki Ueno2017-02-214-2/+146
| | | | | | | | If an unknown attribute is present in the query part of the PKCS#11 URI, the parser treated it as unrecognized and subsequent matches failed. Instead, keep track of such attributes and provide a set of API to deal with them.
* rpc: Make it less verbose about connection failureDaiki Ueno2017-02-211-1/+1
| | | | | The connection failure here is not fatal. Use p11_debug() instead of p11_message().
* rpc: Try $XDG_CACHE_HOME before ~/.cacheMantas Mikulėnas2017-02-211-0/+11
| | | | | This is unset on most systems, but might as well follow the Base Directory spec properly.
* trust: Honor "modifiable" setting in persist fileDaiki Ueno2017-02-203-1/+11
| | | | | | | | | Previously, all objects read from p11-kit persist files are marked as modifiable when parsing, regardless of the explicit "modifiable: false" setting in the file. Reported by Kai Engert in: https://bugs.freedesktop.org/show_bug.cgi?id=99797
* rpc: Add PKCS#11 module that connects to socketDaiki Ueno2017-02-1712-71/+543
| | | | | | | | | | | | | | | This patch adds a PKCS#11 module that connects to the p11-kit server exposed on the filesystem. The filename of the socket is determined in the following order: - $P11_KIT_SERVER_ADDRESS, if the envvar is available - $XDG_RUNTIME_DIR/p11-kit/pkcs11, if the envvar is available - /run/$(id -u)/p11-kit/pkcs11, if /run/$(id -u) exists - /var/run/$(id -u)/p11-kit/pkcs11, if /var/run/$(id -u) exists - ~/.cache/p11-kit/pkcs11. Note that the program loading this module may have called setuid() and secure_getenv() which we use for fetching envvars could return NULL.
* remote: Add API to serve a tokenDaiki Ueno2017-02-173-0/+43
|
* remote, server: Recognize PKCS#11 URIDaiki Ueno2017-02-171-8/+69
|
* p11-kit: Add 'p11-kit server' commandNikos Mavrogiannopoulos2017-02-173-0/+595
| | | | | | | | This adds a new tool to the p11-kit command called 'server', which allows us to access a PKCS#11 module over a Unix domain socket. Internally, it is implemented as a wrapper around 'p11-kit remote'. Upon connection it executes 'p11-kit remote' in a forked process.
* common: New p11_get_upeer_id() functionNikos Mavrogiannopoulos2017-02-173-0/+132
|
* rpc: New rpc_unix transport based on Unix socketNikos Mavrogiannopoulos2017-02-162-0/+207
|
* common: Add path encoding functionsDaiki Ueno2017-02-163-0/+59
| | | | | | | | | This adds p11_path_{encode,decode}(), following the escaping rule described in: https://dbus.freedesktop.org/doc/dbus-specification.html#addresses Although they are merely a wrapper around p11_url_{decode,encode}(), having dedicated functions hides the implementation details.
* travis: Enable mingw64 cross buildDaiki Ueno2017-02-161-5/+11
|
* trust: Fix uninitialized value in anchor commandDaiki Ueno2017-02-161-1/+1
|
* library: Initialize p11_virtual_mutex for WindowsDaiki Ueno2017-02-161-0/+2
|
* test: Fix modules test for WindowsDaiki Ueno2017-02-162-4/+4
| | | | | Synchronize the fixture module to the non-Unix one and enable "/modules/test_filename".