| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
|
| |
|
|
|
|
|
| |
This follows the definitions in PKCS#11 v2.40:
http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.html
|
|
|
|
|
|
|
|
|
| |
Solaris doesn't like it when dlclose is referenced using a define,
resulting in a linker error looking for a symbol version. Simply
calling the function in a normal way (instead of storing its address)
solves this linking error.
The error message seen by GNU ld is:
dlclose: invalid version 7 (max 0)
|
|
|
|
| |
Solaris can retrieve this information via getpeerucred().
|
|
|
|
|
|
|
|
|
| |
As p11-kit is a library there are cases where it is not desirable
to log on stderr by default. See for example this report
https://bugzilla.redhat.com/show_bug.cgi?id=1464490
where wget prints an error due to an unconfigured pkcs11 module.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
This reverts commit 6b457ffc, which forbids the use of GNU extension
for the incompatibility of strerror_r. However, now that strerror_l
is used instead on glibc systems, it has no point to do that.
|
| |
|
|
|
|
|
| |
strerror_r is being obsolete in the next POSIX specification:
http://austingroupbugs.net/view.php?id=655
|
|
|
|
|
| |
This is to disable clang-analyzer against test programs, which can
contain several false-positives.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
This adds p11_path_{encode,decode}(), following the escaping rule
described in:
https://dbus.freedesktop.org/doc/dbus-specification.html#addresses
Although they are merely a wrapper around p11_url_{decode,encode}(),
having dedicated functions hides the implementation details.
|
| |
|
| |
|
|
|
|
|
| |
Don't append the backslash character twice to the output. It is
interpolated a few lines below, if it is really required.
|
| |
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=99600
|
|
|
|
|
| |
See also NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=1334976
and p11-kit bug https://bugs.freedesktop.org/show_bug.cgi?id=99453
|
|
|
|
|
| |
Follow-up fix for commit 4d228aa0, which forgot to clear
p11_virtual_mutex on library finalization.
|
|
|
|
|
|
|
|
|
| |
We used to provide p11_virtual_fixed_{,un}init() to only initialize a
mutex used in virtual.c. That required all the tests calling virtual
functions to call p11_virtual_fixed_{,un}init() in main().
For simplicity, move the mutex variable initialization into
p11_library_init().
|
|
|
|
|
|
|
|
|
|
|
| |
* common/compat.c: Fix "implicit declaration of function 'issetugid'"
warning. On FreeBSD, it's required to define __BSD_VISIBLE to make
issetugid(2) visible
* common/test-message.c: Fix "implicit declaration of function
'asprintf'" by including <stdio.h>
* p11-kit/test-iter.c: Fix "format '%lu' expects argument of
type 'long unsigned int', but argument 3 has type 'int'" by
changing format string to "%d"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows us to do nested locking within one thread avoiding a lockup
when remoting the p11-kit-proxy.so module:
#0 0x00007f190f35838d in __lll_lock_wait () from /lib64/libpthread.so.0
#1 0x00007f190f351e4d in pthread_mutex_lock () from /lib64/libpthread.so.0
#2 0x00007f190f98657f in C_GetFunctionList (list=0x7ffe7ec3f798) at p11-kit/proxy.c:2355
#3 0x00007f190f993cc9 in dlopen_and_get_function_list (funcs=0x7ffe7ec3f798, path=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so", mod=0x249e3d0) at p11-kit/modules.c:337
#4 load_module_from_file_inlock (name=name@entry=0x0, path=path@entry=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so", result=result@entry=0x7ffe7ec3f7e8) at p11-kit/modules.c:382
#5 0x00007f190f99587f in p11_kit_module_load (module_path=module_path@entry=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so", flags=flags@entry=0) at p11-kit/modules.c:2427
#6 0x0000000000401c4b in serve_module_from_file (file=0x7ffe7ec40926 "/usr/local/lib/p11-kit-proxy.so") at p11-kit/remote.c:105
#7 main (argc=1, argv=<optimized out>) at p11-kit/remote.c:169
The Windows NT mutex is aready recursive by default.
|
|
|
|
| |
Otherwise the file is left in builddir, after make distclean.
|
| |
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=1191209
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=1191231
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=1191231
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=92813
|
|
|
|
|
|
|
| |
This fixes issues pointed in:
https://bugzilla.redhat.com/show_bug.cgi?id=985445
except for p11-kit/conf.c:read_config_file(), which was rewritten using
mmap() and thus length calculation is no longer needed.
|
|
|
|
|
| |
The temporary directory is often mounted with nosuid, thus whatever runs
from there doesn't get AT_SECURE in auxv.
|
|
|
|
|
|
|
| |
The test case added for bug 90289 (commit c73edd00) revealed that some
of the C_Initialize() implementations do not consider the case where it
is called from the parent process and then from the child process,
without calling C_Finalize() in between.
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=92807
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=92842
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=92843
|
|
|
|
| |
We no longer use timegm()
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=92443
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
record was found
Hello, it looks like under some conditions, command trust segfaults in
expand_homedir() due to no matching password record was found:
Signed-off-by: Robert Milasan <rmilasan@suse.com>
Signed-off-by: Stef Walter <stefw@redhat.com>
* Updated path so message is printed and errno is not overwritten
https://bugs.freedesktop.org/show_bug.cgi?id=91506
|
|
|
|
| |
Signed-off-by: Michael Cronenworth <mike@cchtml.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of trying to perform actions in pthread_atfork() which
are not async-signal-safe, just increment a counter so we can
later tell if the process has forked.
Note this does not make it safe to mix threads and forking without
immediately execing. This is a far broader problem that p11-kit,
however we now do the right thing when fork+exec is used from a
thread.
https://bugs.freedesktop.org/show_bug.cgi?id=84567
|
|
|
|
|
| |
In anything security sensitive, use secure_getenv() implementation
for retrieving environment variables.
|
| |
|
|
|
|
|
|
| |
Needed to fix MinGW builds.
Signed-off-by: Michael Cronenworth <mike@cchtml.com>
|
|
|
|
|
|
|
| |
Move our internal stuff to pkcs11i.h, and install the pkcs11x.h
header containing extensions.
https://bugs.freedesktop.org/show_bug.cgi?id=83495
|
|
|
|
|
|
|
|
|
| |
CKA_PUBLIC_KEY_INFO is defined in the PKCS#11 2.40 draft, so use that
rather than defining our own.
* Fixed up by Nikos Mavrogiannopoulos <nmav@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=83495
|
|
|
|
|
|
| |
This allows us to have old/new names for a given constant.
https://bugs.freedesktop.org/show_bug.cgi?id=83495
|
|
|
|
| |
Still use recursive for documentation and translation.
|