| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a PKCS#11 module that connects to the p11-kit server
exposed on the filesystem. The filename of the socket is determined in
the following order:
- $P11_KIT_SERVER_ADDRESS, if the envvar is available
- $XDG_RUNTIME_DIR/p11-kit/pkcs11, if the envvar is available
- /run/$(id -u)/p11-kit/pkcs11, if /run/$(id -u) exists
- /var/run/$(id -u)/p11-kit/pkcs11, if /var/run/$(id -u) exists
- ~/.cache/p11-kit/pkcs11.
Note that the program loading this module may have called setuid() and
secure_getenv() which we use for fetching envvars could return NULL.
|
| |
|
|
|
|
|
|
| |
libffi's closure support is not available on all platforms and may fail
at run time if running under a stricter SELinux policy. Fallback to
pre-compiled closures if it is not usable.
https://bugs.freedesktop.org/show_bug.cgi?id=97611
|
| |
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=93588
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reset mod->init_count when forkid has changed. Otherwise C_Finalize
does not get called.
GCC's asan spotted this:
Direct leak of 48 byte(s) in 1 object(s) allocated from:
#0 0x7f89bc7bfe20 in malloc (/lib64/libasan.so.3+0xc6e20)
#1 0x7f89bc47a1f1 in p11_dict_new ../common/dict.c:278
#2 0x7f89bc42143d in managed_C_Initialize ../p11-kit/modules.c:1477
#3 0x7f89bc464c72 in binding_C_Initialize ../p11-kit/virtual.c:121
#4 0x7f89bc1b0a51 in ffi_closure_unix64_inner (/lib64/libffi.so.6+0x5a51)
#5 0x7f89bc1b0dbf in ffi_closure_unix64 (/lib64/libffi.so.6+0x5dbf)
#6 0x7f89bc44f9e8 in rpc_C_Initialize ../p11-kit/rpc-server.c:691
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Make sure to call p11_virtual_uninit() on managed module. Otherwise the
associated lower_module will not be released.
GCC's asan spotted this:
Direct leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x7f6c5368dfe0 in calloc (/lib64/libasan.so.3+0xc6fe0)
#1 0x4436ba in p11_rpc_client_init ../p11-kit/rpc-client.c:2082
#2 0x42c147 in p11_rpc_transport_new ../p11-kit/rpc-transport.c:850
#3 0x415d95 in setup_module_for_remote_inlock ../p11-kit/modules.c:411
|
| |
|
|
|
|
|
| |
Signed-off-by: Stef Walter <stefw@redhat.com>
* Fixed up indentation
https://bugs.freedesktop.org/show_bug.cgi?id=80519
|
| |
|
|
|
|
|
| |
The test case added for bug 90289 (commit c73edd00) revealed that some
of the C_Initialize() implementations do not consider the case where it
is called from the parent process and then from the child process,
without calling C_Finalize() in between.
|
| | |
|
| |
|
|
|
|
|
|
| |
p11_kit_module_load() hands on the module_path argument to
load_module_from_file_inlock() which accepts relative paths, prepending
P11_MODULE_PATH. Update API documentation accordingly.
https://lists.freedesktop.org/archives/p11-glue/2016-February/000587.html
|
| |
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=93587
|
| |
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=92532
|
| |
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=92551
|
| |
|
|
|
|
|
|
|
|
|
| |
That function allows to obtain the filename used by the PKCS #11
module. That is the filename used by dlopen().
Note that we don't provide p11_kit_module_for_filename() because
it would have to deal with filename equivalences.
Signed-off-by: Stef Walter <stefw@redhat.com>
* Fixed up whitespace
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of trying to perform actions in pthread_atfork() which
are not async-signal-safe, just increment a counter so we can
later tell if the process has forked.
Note this does not make it safe to mix threads and forking without
immediately execing. This is a far broader problem that p11-kit,
however we now do the right thing when fork+exec is used from a
thread.
https://bugs.freedesktop.org/show_bug.cgi?id=84567
|
| |
|
|
|
|
| |
This option was not completed in time, and as implemented suffers
from limitations that the module is not really completely isolated
as it still runs under the same user id as the calling process.
|
| | |
|
| | |
|
| |
|
|
|
| |
When we hadn't forked, but were just not initialized, still return
CKR_CRYPTOKI_NOT_INITIALIZED from managed modules.
|
| |
|
|
|
|
| |
When C_Finalize is called in the wrong process, it's often because
of a caller unaware of forking. This is a painful area of PKCS#11,
but at least for C_Finalize, lets not complain loudly about it.
|
| |
|
|
|
|
|
| |
This sets 'remote' appropriately to run the module in a separate
process.
https://bugs.freedesktop.org/show_bug.cgi?id=80472
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Correctly allow reinitialization when a process forks.
We don't yet implement checks on all entry points of a managed
module, but this allows callers to call C_Initialize again
after forking, as outlined by the PKCS#11 v2 spec.
|
| |
|
|
|
|
|
|
| |
This fixes the function call p11_kit_module_initialize() to
correctly rearrange the modules array when initializing a module
fails.
Also fixes p11_kit_modules_load_and_initialize()
|
| | |
|
| |
|
|
|
| |
A new flag to pass to p11_kit_modules_load() and related functions
which limits loaded modules to ones with "trust-policy: yes".
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* Keep the module ownership apart from the tracking of module
function pointers, since these are only relevant for unmanaged
modules.
* Less assumptions that each module has a raw unmanaged module
function pointer.
* More clarity in the naming of dictionaries tracking the modules.
|
| |
|
|
|
| |
If 'log-calls = yes' is set then all the PKCS#11 modules are logged
to stderr.
|
| |
|
|
|
|
| |
Make C_CloseAllSessions work for different callers. Track the sessions
that each caller opens and close just those when C_CloseAllSessiosn is
called.
|
| |
|
|
|
|
|
|
|
|
| |
Each time C_GetFunctionList is called on the proxy module, a new
managed PKCS#11 set of functions is returned. These are all cleaned
up when the module is unloaded.
We want the proxy module to continue to work even without the highly
recommended libffi. For that reason we still keep the old behavior of
sharing state in the proxy module.
|
| |
|
|
|
|
|
|
|
| |
Support a new managed style module loading for PKCS#11 modules. This
allows us to better coordinate between multiple callers of the same
PKCS#11 modules and provide hooks into their behavior.
This meant redoing the public facing API. The old methods are now
deprecated, marked and documented as such.
|
| |
|
|
|
|
|
| |
And cleanup our locks/locking model. There's no need to use
recursive locks, especially since we can't use them on all
platforms. In addition adjust taking of locks during initialization
so that there's no chance of deadlocking here.
|
| |
|
|
|
|
|
|
|
|
| |
Centralize the path handling code, so we can remove unixy assumptions
and have a chance of running on Windows. The current goal is to run
all the tests on Windows.
Includes some code from LRN <lrn1986@gmail.com>
https://bugs.freedesktop.org/show_bug.cgi?id=63062
|
| |
|
|
|
|
|
|
|
|
|
| |
Put library init/uninit code its into their own statically
linked library so that they don't get linked into the p11-kit
executable.
Refactor the message code so that the library initialization can
plug in its per thread message buffer.
https://bugs.freedesktop.org/show_bug.cgi?id=63046
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Sort loaded modules appropriately using the 'priority' option. This
allows us to have a predictable order for callers, when callers
iterate through modules.
* Modules default to having an 'priority' option of '0'.
* If modules have the same order value, then sort by name.
* The above assumes the role of ordering trust-policy sources.
* Change the trust-policy option to a boolean
* Some of this code will be rearranged when the managed branch
is merged.
https://bugs.freedesktop.org/show_bug.cgi?id=61978
|
| |
|
|
|
|
|
| |
For clarity. In addition, make p11_dl_close() able to be used
as a destroyer callback.
Also make p11_dl_error() return an allocated string
|
| |
|
|
|
|
| |
* Try to make /etc/pkcs11/modules for administrator use
* Override the old pkg-config variables to help packages start
using the new location
|
| |
|
|
|
|
| |
It was getting really wild knowing whether a function returning
an int would return -1 on failure or 0 or whether the int return
value was actually a number etc..
|
| |
|
|
|
|
|
|
|
|
|
| |
Start using p11_ as our internal prefix rather than _p11_. We explicitly
export p11_kit_ so this is fine as far as visibility.
Move the threading, mutex, and module compat, dict, and array code
into the common directory too.
Take this opportunity to clean up a bit of internal API as well,
since so many lines are being touched internally.
|
| |
|
|
|
|
|
|
|
| |
* When setting a key in a map that already exists, then free
the old key and replace with the new one.
* Fix related bug where key was not properly allocated
* Add tests for this
https://bugs.freedesktop.org/show_bug.cgi?id=59087
|
| |
|
|
|
|
|
|
|
|
| |
* Since p11-kit-proxy.so is a symlink to the libp11-kit.so library
we check that we are not calling into our known CK_FUNCTION_LIST
for the proxy code.
* Although such a configuration is invalid, detecting this directly
prevents strange initialization loop issues that are hard to debug.
https://bugs.freedesktop.org/show_bug.cgi?id=55052
|
| |
|
|
|
|
|
|
|
|
| |
* We weren't resetting the result code after a failure,
so even though failures for critical modules didn't interrupt
the initialization loop, the result still leaked to callers.
* Also print an error message clearly indicating that a module
failed to initialize, regardless of whether critical or not.
https://bugs.freedesktop.org/show_bug.cgi?id=55051
|
| |
|
|
|
|
|
|
|
|
| |
* It seems that the HANDLE's returned from GetCurrentThread
are often equal for two threads. GetCurrentThreadID doesn't
have this problem.
* Separate our cross platform thread_t and thread_id_t types
even though on unix they're the same thing.
https://bugzilla.gnome.org/show_bug.cgi?id=44740
|
| | |
|
| |
|
|
|
| |
* Ignore failure when initializing registered modules when
'critical' is not set on a module.
|
| |
|
|
|
|
| |
* We don't try to guarantee completely robust and problem
free behavior in cases where the caller or process isn't
behaving. We consider these to be outside of our control.
|
| |
|
|
|
| |
* Add macros GNUC_PRINTF and GNUC_NULL_TERMINATED to check
correct printf and NULL terminated style varargs
|
| | |
|
| | |
|
