summaryrefslogtreecommitdiff
path: root/p11-kit/Makefile.am
Commit message (Collapse)AuthorAgeFilesLines
* build: Don't hardcode module pathDaiki Ueno2019-06-181-4/+8
|
* build: Move check_PROGRAMS into subdirectoriesDaiki Ueno2019-06-181-16/+16
|
* virtual: Rename virtual-fixed.c to virtual-fixed-generated.hDaiki Ueno2019-06-181-3/+3
| | | | | Previously the generated .c file was included in another source file, which is not supported in some build systems (e.g., meson).
* proxy: Support C_WaitForSlotEvent() if CKF_DONT_BLOCK is specifiedDaiki Ueno2019-05-211-1/+6
| | | | | | | | While fully implementing C_WaitForSlotEvent() would require a separate thread to monitor events, it is straightforward to implement the function if the CKF_DONT_BLOCK flag is given. Suggested by David Ward.
* proxy: Refresh slot list on every C_GetSlotList callDaiki Ueno2019-05-161-1/+6
| | | | | | | | Previously, the proxy module calculated the slot list only once at the C_Initialize() call. That was causing a usability limitation when the user attaches HSM after starting an application. Suggested by David Ward.
* Revert "build: Explicitly link threaded test programs to libpthread"Daiki Ueno2018-08-171-4/+4
| | | | This reverts commit dc4a6eaddbb36a344cc6a9c7eb12cab9df4899b0.
* build: Explicitly link threaded test programs to libpthreadDaiki Ueno2018-08-101-4/+4
| | | | | Some test programs use pthread_create(), which glibc doesn't provide the stub. Link those programs with -lpthread.
* rpc-server: p11_kit_remote_serve_tokens: Allow exporting all modulesDaiki Ueno2018-07-161-2/+3
| | | | | This patch removes the restriction of p11_kit_remote_serve_tokens() that were not capable of serving tokens across multiple modules.
* build: Use separate p11-kit-{remote,server} executable for testingDaiki Ueno2018-07-161-0/+26
| | | | | Otherwise, the p11-kit-remote program called from p11-kit-server would load the system modules instead of the local fixtures.
* server: Enable socket activation through systemdDaiki Ueno2018-06-201-0/+22
| | | | | | | | | | | This enables socket activation of "p11-kit server" through systemd. The feature provided is essentially the same as commit a4fb2bb5 (reverted), but implemented with "p11-kit server" and libsystemd API instead of wrapping "p11-kit remote" in the unit file. Note that, while it exposes all tokens through the socket, it doesn't increase attack surface beyond the PKCS#11 binary interface provided by p11-kit-proxy.so, because the service is per-user.
* pkcs11: Exercise GNU calling convention at compile timeDaiki Ueno2018-05-281-0/+32
|
* build: Delay building mock-six.la until "make check"Daiki Ueno2018-05-251-1/+1
|
* build: Include p11-kit/test-messages.sh in distributionDaiki Ueno2018-05-251-0/+1
|
* test: Add failing test for CKR_CRYPTOKI_ALREADY_INITIALIZEDDaiki Ueno2018-03-291-1/+6
|
* test: Add test for error messagesDaiki Ueno2018-03-291-0/+2
|
* test: Add test for client-server interactionDaiki Ueno2018-02-271-0/+4
| | | | | | | The test spawns a process running the server command and connects to it through p11-kit-client.so. It's is a bit tricky that the child process requires to preload libasan.so when ASan is in in effect, to properly load a mock module.
* build: Split out generated code from p11-kit/virtual.cDaiki Ueno2018-01-311-0/+34
|
* build: Delay compilation of test-related stuffDaiki Ueno2018-01-301-6/+9
|
* proxy: Reuse the existing slot ID mapping after forkDaiki Ueno2018-01-291-0/+7
| | | | | | | While the proxy module reassigns slot IDs in C_Initialize(), some applications assume that valid slot IDs should never change across multiple calls to C_Initialize(). This patch mitigates this by preserving the slot IDs, if they are known to the proxy module.
* server: Better shell integrationDaiki Ueno2017-10-061-0/+5
| | | | | | This adds -k, -c, and -s options to the "p11-kit server" command, which allows you to terminate the server process, select which C-shell or Bourne shell command line is printed on startup, respectively.
* build: Delay building test programs until "make check"Daiki Ueno2017-05-291-2/+2
| | | | | This is to disable clang-analyzer against test programs, which can contain several false-positives.
* rpc: Load advapi32.dll on the flyDaiki Ueno2017-05-261-7/+0
|
* server: Port to WindowsDaiki Ueno2017-05-251-2/+7
| | | | Instead of a Unix domain socket on Unix, use a named pipe on Windows.
* build: Remove systemd unit files for nowDaiki Ueno2017-03-011-19/+0
| | | | | | | | | Given that the remote proxy service shall be only used by NetworkManager and not generally useful, revert commit a4fb2bb587fb1a0146cf97f039b671d3258488f9 for now. Once the necessary command that runs the proxy module is implemented in p11-kit, maybe NetworkManager itself could install those files.
* systemd: Fix location of p11-kit-remoteDaiki Ueno2017-02-271-0/+8
| | | | | The p11-kit-remote executable is now located under $libexecdir, but we should use the p11-kit command to launch the subcommand.
* rpc: Add PKCS#11 module that connects to socketDaiki Ueno2017-02-171-11/+47
| | | | | | | | | | | | | | | This patch adds a PKCS#11 module that connects to the p11-kit server exposed on the filesystem. The filename of the socket is determined in the following order: - $P11_KIT_SERVER_ADDRESS, if the envvar is available - $XDG_RUNTIME_DIR/p11-kit/pkcs11, if the envvar is available - /run/$(id -u)/p11-kit/pkcs11, if /run/$(id -u) exists - /var/run/$(id -u)/p11-kit/pkcs11, if /var/run/$(id -u) exists - ~/.cache/p11-kit/pkcs11. Note that the program loading this module may have called setuid() and secure_getenv() which we use for fetching envvars could return NULL.
* p11-kit: Add 'p11-kit server' commandNikos Mavrogiannopoulos2017-02-171-0/+14
| | | | | | | | This adds a new tool to the p11-kit command called 'server', which allows us to access a PKCS#11 module over a Unix domain socket. Internally, it is implemented as a wrapper around 'p11-kit remote'. Upon connection it executes 'p11-kit remote' in a forked process.
* filter: New virtual wrapper for access controlDaiki Ueno2017-02-081-0/+5
|
* build: Make libffi closure optionalDaiki Ueno2017-01-241-4/+1
| | | | | | | | libffi's closure support is not available on all platforms and may fail at run time if running under a stricter SELinux policy. Fallback to pre-compiled closures if it is not usable. https://bugs.freedesktop.org/show_bug.cgi?id=97611
* systemd: add per-user remoting socketLubomir Rintel2017-01-201-0/+11
| | | | | | This allows daemons outside user's session to use per-user PKCS#11 modules. Useful for letting VPN daemons or wpa_supplicant use certificates stored in user's GNOME keyring, etc.
* build: improve p11-kit-proxy symlink handlingRoman Bogorodskiy2017-01-091-1/+9
| | | | | | | | | | - Current command for creation of the p11-kit-proxy symlink uses shell brace expansion that isn't supported by all the shells (e.g. FreeBSD's /bin/sh does not support that). Replace it with the old-fashioned 'for' loop - Match extension of the source and the target, i.e. so links to so, dylib links to dylib (previously dylib linked to so) - Add an uninstall-local target to clean up the symlink
* build: Remove *.in files from EXTRA_DISTDaiki Ueno2016-11-151-2/+0
| | | | | The files created with AC_CONFIG_FILES are automatically added to the distribution.
* rpc: Send x-init-reserved to remote moduleDaiki Ueno2016-10-051-1/+6
| | | | | | | Signed-off-by: Stef Walter <stefw@redhat.com> * Fixed up indentation https://bugs.freedesktop.org/show_bug.cgi?id=80519
* Fix link of p11-kit-proxy.dylib on Mac OS XLeonardo Brondani Schenkel2016-10-031-1/+1
| | | | | | | | | However, on Mac OS X the library is named libp11-kit.dylib so in the above command the source of the link resolves to nothing, the destination becomes the source and the link to a non-existent file is created in the working directory. https://bugs.freedesktop.org/show_bug.cgi?id=98022
* remote: Run separate executable binary for 'p11-kit remote'Stef Walter2014-10-021-1/+12
| | | | | This allows security frameworks like SELinux or AppArmor to target it specifically.
* Move to non-recursive Makefile for building bins and libsStef Walter2014-08-151-74/+170
| | | | Still use recursive for documentation and translation.
* p11-kit: Add 'p11-kit remote' command for isolating modulesStef Walter2014-07-081-0/+2
| | | | | This adds a new tool to the p11-kit command called 'remote'. This is the server side of remoting a PKCS#11 module.
* rpc: Implement execution of another tool to transport PKCS#11 RPCStef Walter2014-07-081-1/+2
|
* rpc: Implement PKCS#11 messages/client/server codeStef Walter2014-07-081-0/+2
| | | | | | | | | | | | * This enables passing around bytes which represent PKCS#11 RPC calls. * Caller is responsible for connecting/disconnecting and so on. * Client side caller gets a mixin from p11_rpc_client_init() to call into, which generates callbacks with byte arrays to be transported. * Server side calls p11_rpc_server_handle() with a CK_FUNCTION_LIST_PTR on which relevant methods get called. * Doesn't yet implement the actual daemon or clients etc... https://bugs.freedesktop.org/show_bug.cgi?id=54105
* Don't try to symlink p11-proxy.so on windowsMilan Crha2014-06-201-5/+5
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=76594
* p11-kit: Rename list.c to lists.c to simplify debuggingStef Walter2013-08-281-1/+1
|
* trust: Fix the 'p11-kit extract' commandStef Walter2013-07-091-0/+1
| | | | | This is supposed to call over to 'trust extract' and wasn't working correctly.
* Fix dependency between p11-kit command and libraryStef Walter2013-06-251-1/+1
|
* Reorganize various componentsStef Walter2013-06-251-0/+20
| | | | | | | * p11-kit library and tool in the p11-kit/ subdirectory * trust module and new trust tool in trust/ subdirectory * No more tools/ subdirectory * Lots less in the common/ subdirectory
* Fix up Makefile.am files for automake 1.13 warningsStef Walter2013-05-211-1/+1
|
* Add the log-calls module config optionStef Walter2013-05-211-0/+1
| | | | | If 'log-calls = yes' is set then all the PKCS#11 modules are logged to stderr.
* Update the proxy module to use managed PKCS#11 modulesStef Walter2013-05-211-1/+1
| | | | | | | | | | Each time C_GetFunctionList is called on the proxy module, a new managed PKCS#11 set of functions is returned. These are all cleaned up when the module is unloaded. We want the proxy module to continue to work even without the highly recommended libffi. For that reason we still keep the old behavior of sharing state in the proxy module.
* p11-kit: Managed PKCS#11 module loadingStef Walter2013-05-211-2/+5
| | | | | | | | | Support a new managed style module loading for PKCS#11 modules. This allows us to better coordinate between multiple callers of the same PKCS#11 modules and provide hooks into their behavior. This meant redoing the public facing API. The old methods are now deprecated, marked and documented as such.
* Use libffi to implement mixins for managed codeStef Walter2013-05-161-1/+6
| | | | | | * This allows us to call into subclassed PKCS#11 modules as if they were plain old PKCS#11 modules * libffi is an optional dependency
* Separate library init from message codeStef Walter2013-04-031-1/+1
| | | | | | | | | | | Put library init/uninit code its into their own statically linked library so that they don't get linked into the p11-kit executable. Refactor the message code so that the library initialization can plug in its per thread message buffer. https://bugs.freedesktop.org/show_bug.cgi?id=63046