| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
| |
libffi's closure support is not available on all platforms and may fail
at run time if running under a stricter SELinux policy. Fallback to
pre-compiled closures if it is not usable.
https://bugs.freedesktop.org/show_bug.cgi?id=97611
|
| |
|
|
|
|
| |
This allows daemons outside user's session to use per-user PKCS#11
modules. Useful for letting VPN daemons or wpa_supplicant use
certificates stored in user's GNOME keyring, etc.
|
| |
|
|
|
|
|
|
|
|
| |
- Current command for creation of the p11-kit-proxy symlink
uses shell brace expansion that isn't supported by all
the shells (e.g. FreeBSD's /bin/sh does not support that).
Replace it with the old-fashioned 'for' loop
- Match extension of the source and the target, i.e. so links
to so, dylib links to dylib (previously dylib linked to so)
- Add an uninstall-local target to clean up the symlink
|
| |
|
|
|
| |
The files created with AC_CONFIG_FILES are automatically added to the
distribution.
|
| |
|
|
|
|
|
| |
Signed-off-by: Stef Walter <stefw@redhat.com>
* Fixed up indentation
https://bugs.freedesktop.org/show_bug.cgi?id=80519
|
| |
|
|
|
|
|
|
|
| |
However, on Mac OS X the library is named libp11-kit.dylib so
in the above command the source of the link resolves to nothing,
the destination becomes the source and the link to a non-existent
file is created in the working directory.
https://bugs.freedesktop.org/show_bug.cgi?id=98022
|
| |
|
|
|
| |
This allows security frameworks like SELinux or AppArmor to target
it specifically.
|
| |
|
|
| |
Still use recursive for documentation and translation.
|
| |
|
|
|
| |
This adds a new tool to the p11-kit command called 'remote'. This
is the server side of remoting a PKCS#11 module.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* This enables passing around bytes which represent PKCS#11 RPC calls.
* Caller is responsible for connecting/disconnecting and so on.
* Client side caller gets a mixin from p11_rpc_client_init() to call
into, which generates callbacks with byte arrays to be transported.
* Server side calls p11_rpc_server_handle() with a CK_FUNCTION_LIST_PTR
on which relevant methods get called.
* Doesn't yet implement the actual daemon or clients etc...
https://bugs.freedesktop.org/show_bug.cgi?id=54105
|
| |
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=76594
|
| | |
|
| |
|
|
|
| |
This is supposed to call over to 'trust extract' and wasn't
working correctly.
|
| | |
|
| |
|
|
|
|
|
| |
* p11-kit library and tool in the p11-kit/ subdirectory
* trust module and new trust tool in trust/ subdirectory
* No more tools/ subdirectory
* Lots less in the common/ subdirectory
|
| | |
|
| |
|
|
|
| |
If 'log-calls = yes' is set then all the PKCS#11 modules are logged
to stderr.
|
| |
|
|
|
|
|
|
|
|
| |
Each time C_GetFunctionList is called on the proxy module, a new
managed PKCS#11 set of functions is returned. These are all cleaned
up when the module is unloaded.
We want the proxy module to continue to work even without the highly
recommended libffi. For that reason we still keep the old behavior of
sharing state in the proxy module.
|
| |
|
|
|
|
|
|
|
| |
Support a new managed style module loading for PKCS#11 modules. This
allows us to better coordinate between multiple callers of the same
PKCS#11 modules and provide hooks into their behavior.
This meant redoing the public facing API. The old methods are now
deprecated, marked and documented as such.
|
| |
|
|
|
|
| |
* This allows us to call into subclassed PKCS#11 modules as if
they were plain old PKCS#11 modules
* libffi is an optional dependency
|
| |
|
|
|
|
|
|
|
|
|
| |
Put library init/uninit code its into their own statically
linked library so that they don't get linked into the p11-kit
executable.
Refactor the message code so that the library initialization can
plug in its per thread message buffer.
https://bugs.freedesktop.org/show_bug.cgi?id=63046
|
| |
|
|
|
| |
* make memcheck: Runs basic memory checking
* make leakcheck: Also runs leak checking
|
| | |
|
| | |
|
| |
|
|
|
|
| |
This is based off the roots-store from gnome-keyring and loads
certificates from a root directory and exposes them as PKCS#11
objects.
|
| |
|
|
|
|
| |
* Try to make /etc/pkcs11/modules for administrator use
* Override the old pkg-config variables to help packages start
using the new location
|
| |
|
|
|
|
|
| |
* Allows use of them across the whole project
* Put a stub file in the p11-kit/ directory, so we can still refer
to the headers using that path, which is what it will be at
when in the installed includes directory.
|
| |
|
|
|
|
| |
* This is cleaner than building the same source files all over
the place over and over.
* Works better with code coverage.
|
| |
|
|
|
|
|
|
|
|
|
| |
Start using p11_ as our internal prefix rather than _p11_. We explicitly
export p11_kit_ so this is fine as far as visibility.
Move the threading, mutex, and module compat, dict, and array code
into the common directory too.
Take this opportunity to clean up a bit of internal API as well,
since so many lines are being touched internally.
|
| |
|
|
|
|
|
|
| |
* The windows shared libraries have the .dll extension
* This means we also need separate directories for the test module
configs on win32
https://bugzilla.gnome.org/show_bug.cgi?id=44740
|
| |
|
|
| |
* And display warning messages in the debug output
|
| |
|
|
| |
* And use them in our replacement err() and p11_kit_set_progname()
|
| |
|
|
|
| |
* And the compat stuff in the p11-kit directory merged
into util.c and util.h
|
| | |
|
| |
|
|
| |
* And put together a test for duplicate modules
|
| |
|
|
| |
* Add correct linking options for libintl
|
| |
|
|
|
|
|
|
| |
* Tests do not all yet pass, at least not on wine
* Added abstraction of some non-portable functions in compat.h/c
* Build with an argument like this for win32 support:
./autogen.sh --host=i586-mingw32msvc
* This win32 port needs more work from interested parties
|
| |
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=40985
|
| |
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=40985
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Renamed them to reduce ambiguity and to pave the way for exposing
some additional parameters.
p11_system_modules -> p11_system_config_modules
p11_user_modules -> p11_user_config_modules
configure --with-pkcs11-dir
=>
configure --with-system-config
|
| |
|
|
| |
* And also install example pkcs11.conf file.
|
| |
|
|
|
|
|
| |
* The link now points to the actual library, rather than to
another link.
https://bugzilla.redhat.com/show_bug.cgi?id=725905
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Install proxy module at its own path which is not prefixed by 'lib'
* Since the proxy module is the same as the library, and actually
needs to be loaded as the same library in memory (due to resource
tracking per process), use a symlink for proxy.
* Add a variable to the pkg-config file which shows the path
to the proxy module. ie:
$ pkg-config --variable=proxy_module p11-kit-1
https://bugzilla.redhat.com/show_bug.cgi?id=725905
|
| |
|
|
|
|
|
|
|
|
| |
* Reimplement the various bits of the hash table that were
still based on the apache apr code. Use different algorithms
for hashing, lookup and other stuff.
* Use this as an opportunity to cleanup that code and make
it more legible.
https://bugzilla.redhat.com/show_bug.cgi?id=725905
|
| |
|
|
|
|
| |
* These are callbacks that hanlde the pinfile part of a PKCS#11 URI.
* One library can register a callback that another can then call
in a thread-safe and simple fashion.
|
| |
|
|
| |
* Add p11_kit_message() function to get last message.
|
| |
|
|
|
| |
* Move configuration loading into conf.c
* Have user modules with same name merge/override modules in system.
|
