summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* trust: Make extraction and correlation of certificate info optionalStef Walter2017-01-317-19/+30
| | | | | This is so that the code can be shared by the upcoming 'trust dump' command where correlation between related objects is not desired.
* trust: Load all attributes for each object when enumeratingStef Walter2017-01-311-17/+21
| | | | | We load all known attributes for each object we're enumerating over in the 'trust list' and 'trust extract' commands.
* virtual: Make virtual-fixed internal API cleanerDaiki Ueno2017-01-254-11/+16
| | | | | Add proper inclusion guard to virtual-fixed.h and move the declarations of the (un)initialization functions there.
* test: Release transport mock moduleDaiki Ueno2017-01-251-0/+1
| | | | | To prevent leaks of fixed closures, p11_kit_module_release() needs to be called on the mock module itself.
* test: Check exhaustion of fixed closuresNikos Mavrogiannopoulos2017-01-242-5/+82
|
* build: Make libffi closure optionalDaiki Ueno2017-01-2411-156/+1662
| | | | | | | | libffi's closure support is not available on all platforms and may fail at run time if running under a stricter SELinux policy. Fallback to pre-compiled closures if it is not usable. https://bugs.freedesktop.org/show_bug.cgi?id=97611
* maint: Add .dir-locals.el file for EmacsDaiki Ueno2017-01-241-0/+1
|
* travis: Enable strict code compilationDaiki Ueno2017-01-231-1/+1
|
* Fix compiler warnings on FreeBSDRoman Bogorodskiy2017-01-233-1/+6
| | | | | | | | | | | * common/compat.c: Fix "implicit declaration of function 'issetugid'" warning. On FreeBSD, it's required to define __BSD_VISIBLE to make issetugid(2) visible * common/test-message.c: Fix "implicit declaration of function 'asprintf'" by including <stdio.h> * p11-kit/test-iter.c: Fix "format '%lu' expects argument of type 'long unsigned int', but argument 3 has type 'int'" by changing format string to "%d"
* systemd: add per-user remoting socketLubomir Rintel2017-01-205-0/+33
| | | | | | This allows daemons outside user's session to use per-user PKCS#11 modules. Useful for letting VPN daemons or wpa_supplicant use certificates stored in user's GNOME keyring, etc.
* common: use recursive pthread mutex for library lockLubomir Rintel2017-01-191-1/+1
| | | | | | | | | | | | | | | | This allows us to do nested locking within one thread avoiding a lockup when remoting the p11-kit-proxy.so module: #0 0x00007f190f35838d in __lll_lock_wait () from /lib64/libpthread.so.0 #1 0x00007f190f351e4d in pthread_mutex_lock () from /lib64/libpthread.so.0 #2 0x00007f190f98657f in C_GetFunctionList (list=0x7ffe7ec3f798) at p11-kit/proxy.c:2355 #3 0x00007f190f993cc9 in dlopen_and_get_function_list (funcs=0x7ffe7ec3f798, path=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so", mod=0x249e3d0) at p11-kit/modules.c:337 #4 load_module_from_file_inlock (name=name@entry=0x0, path=path@entry=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so", result=result@entry=0x7ffe7ec3f7e8) at p11-kit/modules.c:382 #5 0x00007f190f99587f in p11_kit_module_load (module_path=module_path@entry=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so", flags=flags@entry=0) at p11-kit/modules.c:2427 #6 0x0000000000401c4b in serve_module_from_file (file=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so") at p11-kit/remote.c:105 #7 main (argc=1, argv=<optimized out>) at p11-kit/remote.c:169 The Windows NT mutex is aready recursive by default.
* uri: Support query attributes to specify moduleDaiki Ueno2017-01-194-9/+241
| | | | | Accept and produce 'module-name' and 'module-path' query attributes defined in RFC 7512.
* uri: Avoid typecasting confusion on s390xDaiki Ueno2017-01-171-2/+4
| | | | | | | | | Like memcpy(), the 'void *' argument of p11_buffer_add() points to the memory area ordered in host's endianness. Add typecast of int->char to avoid the confusion. Reported by Andreas Metzler in: https://lists.freedesktop.org/archives/p11-glue/2017-January/000633.html
* uri: fix producing the query attributesLubomir Rintel2017-01-122-35/+48
| | | | Put the pin-* attributes where they belong: to the query part.
* uri: fix the query attribute parsingLubomir Rintel2017-01-122-14/+42
| | | | | | | | | | | | The pin-* attributes belong to the query part. We should not parse them until we see a '?' and they're separated with a '&'. This might be an important thing -- some of the query attributes may have security implications reaching outside scope of the token itself, to the host system itself. E.g. a pin-source may cause the consumer to access a file or module-path (unimplemented) execute code. The user may want to just chop the attribute part off if they want the consumer access the token and not take the security considerations into account.
* build: improve p11-kit-proxy symlink handlingRoman Bogorodskiy2017-01-091-1/+9
| | | | | | | | | | - Current command for creation of the p11-kit-proxy symlink uses shell brace expansion that isn't supported by all the shells (e.g. FreeBSD's /bin/sh does not support that). Replace it with the old-fashioned 'for' loop - Match extension of the source and the target, i.e. so links to so, dylib links to dylib (previously dylib linked to so) - Add an uninstall-local target to clean up the symlink
* Release version 0.23.3Daiki Ueno2016-12-202-3/+13
|
* doc: More tweaks for gtk-docDaiki Ueno2016-12-191-0/+7
|
* doc: Mention new API functionsDaiki Ueno2016-12-191-0/+6
|
* rpc: Fix typo flagged by lintianAndreas Metzler2016-12-151-1/+1
|
* test: Remove setgid()ed copy of frob-getenvDaiki Ueno2016-12-131-2/+1
| | | | Otherwise the file is left in builddir, after make distclean.
* test: Fix privatedir substitution in test-extractDaiki Ueno2016-12-131-0/+1
| | | | | Since $privatedir expands to "${libexecdir}/p11-kit", $libexecdir must be substituted in the script beforehand.
* pkcs11: Update CRYPTOKI_VERSION to 2.40Daiki Ueno2016-12-131-6/+3
|
* pkcs11: Add CK_RSA_PKCS_OAEP_PARAMS definitionDaiki Ueno2016-12-131-0/+20
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=1191209
* pkcs11: Add CKA_COPYABLE definitionDaiki Ueno2016-12-131-0/+1
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=1191231
* pkcs11: Add AES key wrap mechanismsDaiki Ueno2016-12-131-0/+3
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=1191231
* proxy: Remove redundant NULL checkPankaj2016-12-131-1/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=93589
* modules: Remove redundant NULL checkPankaj2016-12-131-1/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=93588
* proxy: Check return value of calloc()Pankaj2016-12-131-0/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=92815
* mock: Check return value of calloc()Pankaj2016-12-131-0/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=92813
* doc: State 'p11-kit trust' is a deprecated formDaiki Ueno2016-12-061-2/+4
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=1160783
* trust: Don't add CKA_TRUSTED to extension objectDaiki Ueno2016-12-061-2/+33
| | | | | | | While 'trust anchor' command tries to add CKA_TRUSTED attribute to any object, it is only valid for a certificate object. https://bugzilla.redhat.com/show_bug.cgi?id=1158926
* common, trust: Avoid integer overflowDaiki Ueno2016-12-064-3/+14
| | | | | | | This fixes issues pointed in: https://bugzilla.redhat.com/show_bug.cgi?id=985445 except for p11-kit/conf.c:read_config_file(), which was rewritten using mmap() and thus length calculation is no longer needed.
* move privatedir from libdir to libexecdirStanislav Brabec2016-11-301-1/+1
| | | | | | | | | | | According to the GNU Coding Standards[1], private executables should be installed to libexecdir, not libdir. Move privatedir to libexecdir. [1] https://www.gnu.org/prep/standards/ https://bugs.freedesktop.org/show_bug.cgi?id=98817
* trust: Avoid confusion in DER/PEM decodingDaiki Ueno2016-11-303-1/+115
| | | | | | | | Previously p11-kit-trust.so tried to interpret certificate as PEM format first. This could cause potential conflict if the certificate were actually in DER format and contained a PEM marker strings. https://bugs.freedesktop.org/show_bug.cgi?id=92063
* doc: Update documentation to point towards GitHubStef Walter2016-11-292-2/+5
| | | | | The p11-kit code has moved to GitHub. The documentation needs an update.
* test-conf: don't create the setuid copy in /tmpLubomir Rintel2016-11-291-1/+1
| | | | | The temporary directory is often mounted with nosuid, thus whatever runs from there doesn't get AT_SECURE in auxv.
* trust: Clarify the error message of 'extract'Daiki Ueno2016-11-281-1/+4
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=1154693
* trust: Mention anchor --remove option in helpDaiki Ueno2016-11-281-1/+2
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=1158467
* trust: Reject invalid UTF-8 inputDaiki Ueno2016-11-282-0/+8
| | | | | | | Merge changes from utf8.c in FreeBSD's libc: https://svnweb.freebsd.org/base/head/lib/libc/locale/utf8.c?revision=290494&view=markup#l196 https://bugzilla.redhat.com/show_bug.cgi?id=985449
* pkg-config: Expose p11_trust_paths variableDaiki Ueno2016-11-151-0/+1
| | | | | The variable is mentioned in the manual but wasn't exposed from the pkg-config.
* build: Remove *.in files from EXTRA_DISTDaiki Ueno2016-11-151-2/+0
| | | | | The files created with AC_CONFIG_FILES are automatically added to the distribution.
* build: Don't update po files on every make runDaiki Ueno2016-11-151-0/+37
| | | | | Update po/Makevars to the latest template and take advantage of PO_DEPENDS_ON_POT = no.
* travis: Enable GCC sanitizersDaiki Ueno2016-10-311-1/+7
|
* travis: Disable silent rulesDaiki Ueno2016-10-311-1/+1
|
* test: Remove /proxy/deinit-after-fork testDaiki Ueno2016-10-311-37/+0
| | | | | | | This test hasn't been working since the removal of the pthread_atfork() deinit code. To properly clean up, the child process needs to call C_Initialize() and C_Finalize(), and it is already tested by /proxy/initialize-child.
* test: Fix memleak in test-token cleanupDaiki Ueno2016-10-311-1/+1
| | | | | | | | | | GCC's asan spotted this: Direct leak of 338 byte(s) in 13 object(s) allocated from: #0 0x7f54f03fee20 in malloc (/lib64/libasan.so.3+0xc6e20) #1 0x445e8c in p11_path_build ../common/path.c:222 #2 0x4385bd in expand_tempdir ../common/test.c:334 #3 0x43869c in p11_test_directory ../common/test.c:361 #4 0x4033e3 in setup_temp ../trust/test-token.c:79
* modules: Reset the init count on fork()Daiki Ueno2016-10-311-0/+4
| | | | | | | | | | | | | | | Reset mod->init_count when forkid has changed. Otherwise C_Finalize does not get called. GCC's asan spotted this: Direct leak of 48 byte(s) in 1 object(s) allocated from: #0 0x7f89bc7bfe20 in malloc (/lib64/libasan.so.3+0xc6e20) #1 0x7f89bc47a1f1 in p11_dict_new ../common/dict.c:278 #2 0x7f89bc42143d in managed_C_Initialize ../p11-kit/modules.c:1477 #3 0x7f89bc464c72 in binding_C_Initialize ../p11-kit/virtual.c:121 #4 0x7f89bc1b0a51 in ffi_closure_unix64_inner (/lib64/libffi.so.6+0x5a51) #5 0x7f89bc1b0dbf in ffi_closure_unix64 (/lib64/libffi.so.6+0x5dbf) #6 0x7f89bc44f9e8 in rpc_C_Initialize ../p11-kit/rpc-server.c:691
* modules: Fix memleak when loading remote moduleDaiki Ueno2016-10-311-0/+2
| | | | | | | | | | | | Make sure to call p11_virtual_uninit() on managed module. Otherwise the associated lower_module will not be released. GCC's asan spotted this: Direct leak of 56 byte(s) in 1 object(s) allocated from: #0 0x7f6c5368dfe0 in calloc (/lib64/libasan.so.3+0xc6fe0) #1 0x4436ba in p11_rpc_client_init ../p11-kit/rpc-client.c:2082 #2 0x42c147 in p11_rpc_transport_new ../p11-kit/rpc-transport.c:850 #3 0x415d95 in setup_module_for_remote_inlock ../p11-kit/modules.c:411
* rpc: Fix memleak in rpc_socket cleanupDaiki Ueno2016-10-311-0/+1
| | | | | | | | GCC's asan spotted this: Direct leak of 120 byte(s) in 1 object(s) allocated from: #0 0x7f8d4f221fe0 in calloc (/lib64/libasan.so.3+0xc6fe0) #1 0x427f55 in rpc_socket_new ../p11-kit/rpc-transport.c:100 #2 0x42bc1b in rpc_exec_connect ../p11-kit/rpc-transport.c:767
generated by cgit v1.1 at 2025-01-07 21:37:55 +0000