summaryrefslogtreecommitdiff
path: root/p11-kit/modules.c
Commit message (Collapse)AuthorAgeFilesLines
* p11-kit: Remove the 'isolated' option for nowStef Walter2014-10-011-13/+0
| | | | | | This option was not completed in time, and as implemented suffers from limitations that the module is not really completely isolated as it still runs under the same user id as the calling process.
* p11-kit: Fix various noise/issues highlighted by clangStef Walter2014-08-111-1/+0
|
* p11-kit: Remove use after free in debug output code pathStef Walter2014-08-081-1/+1
|
* p11-kit: Tweak last commit, handle the not-forked caseStef Walter2014-08-071-1/+4
| | | | | When we hadn't forked, but were just not initialized, still return CKR_CRYPTOKI_NOT_INITIALIZED from managed modules.
* p11-kit: Don't complain about C_Finalize called in wrong processStef Walter2014-08-071-6/+13
| | | | | | When C_Finalize is called in the wrong process, it's often because of a caller unaware of forking. This is a painful area of PKCS#11, but at least for C_Finalize, lets not complain loudly about it.
* p11-kit: Add a new 'isolate' pkcs11 config optionStef Walter2014-07-081-12/+32
| | | | | | | This sets 'remote' appropriately to run the module in a separate process. https://bugs.freedesktop.org/show_bug.cgi?id=80472
* rpc: Implement execution of another tool to transport PKCS#11 RPCStef Walter2014-07-081-15/+55
|
* modules: Make config file and module configs overridable by testsStef Walter2014-07-081-4/+11
|
* p11-kit: Handle managed modules correctly when forkingStef Walter2014-07-041-5/+9
| | | | | | | | Correctly allow reinitialization when a process forks. We don't yet implement checks on all entry points of a managed module, but this allows callers to call C_Initialize again after forking, as outlined by the PKCS#11 v2 spec.
* p11-kit: Fix corrupted list when initialization of modules failStef Walter2014-06-251-0/+2
| | | | | | | | This fixes the function call p11_kit_module_initialize() to correctly rearrange the modules array when initializing a module fails. Also fixes p11_kit_modules_load_and_initialize()
* Fix various memory leaks exposed by 'make leakcheck'Stef Walter2013-07-231-0/+2
|
* p11-kit: Add P11_KIT_MODULE_TRUSTED flagStef Walter2013-07-041-17/+31
| | | | | A new flag to pass to p11_kit_modules_load() and related functions which limits loaded modules to ones with "trust-policy: yes".
* Bump the version for deprecated function documentationStef Walter2013-05-211-9/+9
|
* Further reorganization of the core module trackingStef Walter2013-05-211-188/+161
| | | | | | | | | * Keep the module ownership apart from the tracking of module function pointers, since these are only relevant for unmanaged modules. * Less assumptions that each module has a raw unmanaged module function pointer. * More clarity in the naming of dictionaries tracking the modules.
* Add the log-calls module config optionStef Walter2013-05-211-14/+30
| | | | | If 'log-calls = yes' is set then all the PKCS#11 modules are logged to stderr.
* Manage C_CloseAllSessions function for multiple callersStef Walter2013-05-211-4/+198
| | | | | | Make C_CloseAllSessions work for different callers. Track the sessions that each caller opens and close just those when C_CloseAllSessiosn is called.
* Update the proxy module to use managed PKCS#11 modulesStef Walter2013-05-211-2/+3
| | | | | | | | | | Each time C_GetFunctionList is called on the proxy module, a new managed PKCS#11 set of functions is returned. These are all cleaned up when the module is unloaded. We want the proxy module to continue to work even without the highly recommended libffi. For that reason we still keep the old behavior of sharing state in the proxy module.
* p11-kit: Managed PKCS#11 module loadingStef Walter2013-05-211-142/+1224
| | | | | | | | | Support a new managed style module loading for PKCS#11 modules. This allows us to better coordinate between multiple callers of the same PKCS#11 modules and provide hooks into their behavior. This meant redoing the public facing API. The old methods are now deprecated, marked and documented as such.
* Implement valgrind's hellgrind checks for threading problemsStef Walter2013-05-151-1/+1
| | | | | | | And cleanup our locks/locking model. There's no need to use recursive locks, especially since we can't use them on all platforms. In addition adjust taking of locks during initialization so that there's no chance of deadlocking here.
* More compatible path munging and handling codeStef Walter2013-04-031-35/+3
| | | | | | | | | | Centralize the path handling code, so we can remove unixy assumptions and have a chance of running on Windows. The current goal is to run all the tests on Windows. Includes some code from LRN <lrn1986@gmail.com> https://bugs.freedesktop.org/show_bug.cgi?id=63062
* Separate library init from message codeStef Walter2013-04-031-0/+1
| | | | | | | | | | | Put library init/uninit code its into their own statically linked library so that they don't get linked into the p11-kit executable. Refactor the message code so that the library initialization can plug in its per thread message buffer. https://bugs.freedesktop.org/show_bug.cgi?id=63046
* p11-kit: New priority option and change trust-policy optionStef Walter2013-03-151-0/+47
| | | | | | | | | | | | | | * Sort loaded modules appropriately using the 'priority' option. This allows us to have a predictable order for callers, when callers iterate through modules. * Modules default to having an 'priority' option of '0'. * If modules have the same order value, then sort by name. * The above assumes the role of ordering trust-policy sources. * Change the trust-policy option to a boolean * Some of this code will be rearranged when the managed branch is merged. https://bugs.freedesktop.org/show_bug.cgi?id=61978
* Rename p11_module_xxx() compat functions to p11_dl_xxx()Stef Walter2013-03-031-5/+10
| | | | | | | For clarity. In addition, make p11_dl_close() able to be used as a destroyer callback. Also make p11_dl_error() return an allocated string
* Add a /usr/share/p11-kit/modules directory for package module configsStef Walter2013-02-051-1/+3
| | | | | | * Try to make /etc/pkcs11/modules for administrator use * Override the old pkg-config variables to help packages start using the new location
* Use the stdbool.h C99 bool typeStef Walter2013-01-231-16/+16
| | | | | | It was getting really wild knowing whether a function returning an int would return -1 on failure or 0 or whether the int return value was actually a number etc..
* Move debug and library code into the common/ subdirectoryStef Walter2013-01-091-158/+160
| | | | | | | | | | | Start using p11_ as our internal prefix rather than _p11_. We explicitly export p11_kit_ so this is fine as far as visibility. Move the threading, mutex, and module compat, dict, and array code into the common directory too. Take this opportunity to clean up a bit of internal API as well, since so many lines are being touched internally.
* Guarantee that the key is freed when replacedStef Walter2013-01-071-1/+5
| | | | | | | | | * When setting a key in a map that already exists, then free the old key and replace with the new one. * Fix related bug where key was not properly allocated * Add tests for this https://bugs.freedesktop.org/show_bug.cgi?id=59087
* Refuse to load the p11-kit-proxy.so as a registered moduleStef Walter2012-09-181-4/+10
| | | | | | | | | | * Since p11-kit-proxy.so is a symlink to the libp11-kit.so library we check that we are not calling into our known CK_FUNCTION_LIST for the proxy code. * Although such a configuration is invalid, detecting this directly prevents strange initialization loop issues that are hard to debug. https://bugs.freedesktop.org/show_bug.cgi?id=55052
* Don't fail initialization if last initialized module failsStef Walter2012-09-181-4/+6
| | | | | | | | | | * We weren't resetting the result code after a failure, so even though failures for critical modules didn't interrupt the initialization loop, the result still leaked to callers. * Also print an error message clearly indicating that a module failed to initialize, regardless of whether critical or not. https://bugs.freedesktop.org/show_bug.cgi?id=55051
* Use Windows thread ids instead of handles for comparisonsStef Walter2012-07-261-3/+3
| | | | | | | | | | * It seems that the HANDLE's returned from GetCurrentThread are often equal for two threads. GetCurrentThreadID doesn't have this problem. * Separate our cross platform thread_t and thread_id_t types even though on unix they're the same thing. https://bugzilla.gnome.org/show_bug.cgi?id=44740
* Fix compiler warning about uninitialized variableStef Walter2012-07-241-1/+1
|
* If a module is not marked 'critical' then ignore failureStef Walter2012-06-271-3/+11
| | | | | * Ignore failure when initializing registered modules when 'critical' is not set on a module.
* Preconditions to check for input probs and out of memoryStef Walter2012-05-131-43/+42
| | | | | | * We don't try to guarantee completely robust and problem free behavior in cases where the caller or process isn't behaving. We consider these to be outside of our control.
* Use gcc extensions to check varargs during compileStef Walter2012-05-131-2/+5
| | | | | * Add macros GNUC_PRINTF and GNUC_NULL_TERMINATED to check correct printf and NULL terminated style varargs
* Add tests for enable-in and disable-inStef Walter2012-04-021-2/+2
|
* Fix crasher when a duplicate module is presentStef Walter2012-04-011-6/+7
|
* Add enable-in and disable-in options to module configStef Walter2012-04-011-1/+74
| | | | | | | | * These can be used to load certain modules in certain programs, or prevent loading in others. * Useful for a key manager like seahorse, so we can load extra modules (think NSS) that other modules shouldn't load.
* Remove automatic reinitialization of PKCS#11 after forkStef Walter2012-01-231-9/+2
| | | | | | | | | | | | | | * First of all one should only call async-signal-safe functions from the callbacks of pthread_atfork(), and so we cannot reinitialize directly. * Some modules use pthread_atfork() to detect forking and setup their internal state. If we call into them in our pthread_atfork() callback then this is inherently racy. * There was danger of endless loops and deadlocks which are caused by handlers which fork in their C_Initialize * Many processes do fork/exec, reinitializing PKCS#11 for these forks is quite resourc intensive when the child process won't use PKCS#11 at all.
* More fixes for non-static function namesStef Walter2011-10-241-31/+31
| | | | | * See previous commit * Initialize library before debug statements
* Rename non-static functions to have a _p11_xxx prefix.Stef Walter2011-10-241-55/+55
| | | | | | | * Work around issues with brain-dead linkers not respecting the libtool -export-symbol-regex argument https://bugs.freedesktop.org/show_bug.cgi?id=42020
* Initial port to win32Stef Walter2011-10-171-57/+47
| | | | | | | | * Tests do not all yet pass, at least not on wine * Added abstraction of some non-portable functions in compat.h/c * Build with an argument like this for win32 support: ./autogen.sh --host=i586-mingw32msvc * This win32 port needs more work from interested parties
* Only call C_Initialize and C_Finalize once per moduleStef Walter2011-10-101-55/+62
| | | | | | | | * Do not concurretnly call C_Initialize or C_Finalize in a module * The PKCS#11 spec indicates that mone thread should call those functions. * It's reasonable for a module to expect to only be initialized or finalized in one thread. * In particular NSS does not lock its C_Initialize or C_Finalize.
* Don't allow recursive calling of C_Initialize on a given module.Stef Walter2011-10-101-1/+8
|
* Don't use PATH_MAX unless its definedPino Toscano2011-09-301-1/+6
| | | | | | * Fixes build on GNU/Hurd https://bugs.freedesktop.org/show_bug.cgi?id=41303
* Add #include <limits.h> for PATH_MAX to fix compilation on FreeBSD.Roman Bogorodskiy2011-09-161-1/+2
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=40923
* When a module has a relative path, load it from $libdir/pkcs11Kalev Lember2011-09-141-3/+58
| | | | | | | So far we have only supported full paths to the pkcs11 modules in config files. This change adds relative path support, so that for modules installed under the standard $libdir/pkcs11, the config file won't have to spell out the full path.
* Rename pkgconfig configuration directory variablesKalev Lember2011-09-141-2/+3
| | | | | | | | | | | | Renamed them to reduce ambiguity and to pave the way for exposing some additional parameters. p11_system_modules -> p11_system_config_modules p11_user_modules -> p11_user_config_modules configure --with-pkcs11-dir => configure --with-system-config
* Don't crash if p11_kit_registered_modules() called after failed initStef Walter2011-08-301-2/+3
|
* Add 'critical' setting for modulesStef Walter2011-08-301-1/+6
| | | | | | * When a module has critical set to 'yes', and that module fails to init then it aborts the entire init process. * Defaults to 'no'
* Fix endless loop if module forks during initialization.Stef Walter2011-08-141-5/+7
| | | | | | | * If a module forks during its C_Initialize, previously our fork handler would try to initialize it again, ad nauseum. Reported by Nikos on the mailing list.
generated by cgit v1.1 at 2024-12-27 07:28:26 +0000