summaryrefslogtreecommitdiff
path: root/p11-kit
Commit message (Collapse)AuthorAgeFilesLines
* test: Fix failure on 32-bit big endian platformDaiki Ueno2017-07-141-14/+15
| | | | | | | | | | The value given to p11_rpc_buffer_add_ulong_value() must be a pointer of CK_ULONG. Similarly, the value returned from p11_rpc_buffer_get_ulong_value() must be converted to CK_ULONG before comparison. Reported by Andreas Metzler in: https://lists.freedesktop.org/archives/p11-glue/2017-July/000665.html
* conf: Introduce P11_KIT_NO_USER_CONFIGColin Walters2017-07-101-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | | Currently `ca-certificates.spec` in Fedora ends up doing in `%post`: ``` /usr/bin/p11-kit extract --format=openssl-bundle --filter=certificates --overwrite --comment $DEST/openssl/ca-bundle.trust.crt ``` etc. And due to this bit of code in p11-kit, we end up looking for the home directory for configuration. In this case, `/root`. It's categorically wrong to do this; the root user is distinct from "the system". This issue is equivalent to one I fixed in Pango: https://git.gnome.org/browse/pango/commit/?id=aecbe27c1b08f517c0e05f03308d3ac55cef490c Fast forward to today, and the reason I'm making this change is I'm working on `rpm-ostree ex container`, which builds containers as *non-root* (like gnome-continuous does, but now with RPMs), keeping the invoking uid. And this bug causes the `ca-certificates` `%post` to fail because it's trying to look for my uid 1000 which doesn't exist in the target rootfs' password database. Again, there's no reason to be looking for a home directory for system triggers, regadless of UID, so once this patch lands, I'll update `ca-certificates` to use it, and traditional RPM `%post` will stop looking in `/root` too.
* debug: Add p11_debug_err to prevent use of strerrorDaiki Ueno2017-06-121-1/+1
|
* rpc: Avoid use-after-free when creating socket base directoryDaiki Ueno2017-05-291-1/+0
| | | | Spotted by clang-analyzer.
* rpc: Avoid calling memcmp() on NULL bufferDaiki Ueno2017-05-291-1/+3
| | | | Spotted by clang-analyzer.
* proxy: Don't call realloc() with size 0Daiki Ueno2017-05-291-9/+11
| | | | Spotted by clang-analyzer.
* build: Delay building test programs until "make check"Daiki Ueno2017-05-291-2/+2
| | | | | This is to disable clang-analyzer against test programs, which can contain several false-positives.
* server: Avoid use-after-freeDaiki Ueno2017-05-291-1/+0
| | | | | Reported by Mantas Mikulėnas in: https://bugs.freedesktop.org/show_bug.cgi?id=101212
* test: Check the size of unsigned longDaiki Ueno2017-05-261-9/+9
|
* rpc: Load advapi32.dll on the flyDaiki Ueno2017-05-262-7/+91
|
* remote: Remove unnecessary declarationDaiki Ueno2017-05-261-4/+0
|
* server: Port to WindowsDaiki Ueno2017-05-252-39/+511
| | | | Instead of a Unix domain socket on Unix, use a named pipe on Windows.
* rpc: New p11_kit_remote_serve_tokens functionDaiki Ueno2017-05-254-101/+247
|
* remote: Name command line options consistentlyDaiki Ueno2017-05-252-71/+116
|
* rpc: Convert mechanism parameters for portabilityDaiki Ueno2017-05-245-158/+467
| | | | This is similar to commit ba49b85e, but for mechanism parameters.
* rpc: Fix typo in encoding CK_DATE valueDaiki Ueno2017-05-241-1/+1
|
* rpc: Factor out attribute value serializer definitionsDaiki Ueno2017-05-241-26/+25
|
* rpc: Add a comment why we call _get_attribute() twiceDaiki Ueno2017-05-241-0/+1
|
* rpc: Convert attribute value for portabilityDaiki Ueno2017-05-225-80/+827
| | | | | | | | | | | When using the RPC across multiple architectures, where data models are different, say LP64 vs ILP32, there can be unwanted truncation of attribute values. This patch converts the values into portable format for the known attributes. Co-authored-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* rpc: Return early if call_id of request is ERRORDaiki Ueno2017-05-221-1/+2
| | | | | Otherwise it will cause assertion failure in a few lines below. Spotted by amrican fuzzy lop.
* remote: Fix typo when writing a credential byteDaiki Ueno2017-03-091-1/+1
| | | | | out_fd is not always 1 when p11_kit_remote_serve_module() is used for writing a custom server.
* build: Remove systemd unit files for nowDaiki Ueno2017-03-013-39/+0
| | | | | | | | | Given that the remote proxy service shall be only used by NetworkManager and not generally useful, revert commit a4fb2bb587fb1a0146cf97f039b671d3258488f9 for now. Once the necessary command that runs the proxy module is implemented in p11-kit, maybe NetworkManager itself could install those files.
* systemd: Fix location of p11-kit-remoteDaiki Ueno2017-02-272-1/+9
| | | | | The p11-kit-remote executable is now located under $libexecdir, but we should use the p11-kit command to launch the subcommand.
* build: add missing includes for FreeBSDRoman Bogorodskiy2017-02-241-0/+1
| | | | Include signal.h for kill(2) and SIGKILL on FreeBSD.
* uri: Support vendor query attributesDaiki Ueno2017-02-213-2/+144
| | | | | | | | If an unknown attribute is present in the query part of the PKCS#11 URI, the parser treated it as unrecognized and subsequent matches failed. Instead, keep track of such attributes and provide a set of API to deal with them.
* rpc: Make it less verbose about connection failureDaiki Ueno2017-02-211-1/+1
| | | | | The connection failure here is not fatal. Use p11_debug() instead of p11_message().
* rpc: Try $XDG_CACHE_HOME before ~/.cacheMantas Mikulėnas2017-02-211-0/+11
| | | | | This is unset on most systems, but might as well follow the Base Directory spec properly.
* rpc: Add PKCS#11 module that connects to socketDaiki Ueno2017-02-178-69/+521
| | | | | | | | | | | | | | | This patch adds a PKCS#11 module that connects to the p11-kit server exposed on the filesystem. The filename of the socket is determined in the following order: - $P11_KIT_SERVER_ADDRESS, if the envvar is available - $XDG_RUNTIME_DIR/p11-kit/pkcs11, if the envvar is available - /run/$(id -u)/p11-kit/pkcs11, if /run/$(id -u) exists - /var/run/$(id -u)/p11-kit/pkcs11, if /var/run/$(id -u) exists - ~/.cache/p11-kit/pkcs11. Note that the program loading this module may have called setuid() and secure_getenv() which we use for fetching envvars could return NULL.
* remote: Add API to serve a tokenDaiki Ueno2017-02-172-0/+42
|
* remote, server: Recognize PKCS#11 URIDaiki Ueno2017-02-171-8/+69
|
* p11-kit: Add 'p11-kit server' commandNikos Mavrogiannopoulos2017-02-172-0/+592
| | | | | | | | This adds a new tool to the p11-kit command called 'server', which allows us to access a PKCS#11 module over a Unix domain socket. Internally, it is implemented as a wrapper around 'p11-kit remote'. Upon connection it executes 'p11-kit remote' in a forked process.
* rpc: New rpc_unix transport based on Unix socketNikos Mavrogiannopoulos2017-02-162-0/+207
|
* test: Fix modules test for WindowsDaiki Ueno2017-02-162-4/+4
| | | | | Synchronize the fixture module to the non-Unix one and enable "/modules/test_filename".
* rpc: Port exec transport to WindowsDaiki Ueno2017-02-161-30/+245
| | | | | | | On Windows, use _spawnv() to create a subprocess and two unidirectional pipe created with _pipe() to communicate with it. If we can assume WinSock, it might be simpler to use a socketpair() replacement from: https://github.com/ncm/selectable-socketpair.
* build: Adjust executable/module names for WindowsDaiki Ueno2017-02-162-3/+8
| | | | Append EXEEXT or SHLEXT to the filename if needed.
* build: Avoid undefined reference to rpc_exec_initDaiki Ueno2017-02-161-2/+3
|
* virtual: Move mutex into p11_library_init()Daiki Ueno2017-02-143-30/+5
| | | | | | | | | We used to provide p11_virtual_fixed_{,un}init() to only initialize a mutex used in virtual.c. That required all the tests calling virtual functions to call p11_virtual_fixed_{,un}init() in main(). For simplicity, move the mutex variable initialization into p11_library_init().
* filter: New virtual wrapper for access controlDaiki Ueno2017-02-084-0/+623
|
* iter: Enable iteration over slots/tokens/modulesDaiki Ueno2017-02-083-27/+295
| | | | | | | | | While PKCS#11 URI can identify slots/tokens/modules, P11KitIter is only capable of iterating over objects. This patch adds new behaviors to P11KitIter to support iterations over slots/tokens/modules, using the C coroutine trick as described in: http://www.chiark.greenend.org.uk/~sgtatham/coroutines.html
* uri: Relax pin-* parsing for compatibilityDaiki Ueno2017-02-021-5/+26
| | | | | | | | | | | | While 'pin-source' and 'pin-value' are defined as query atttribute, they were defined as path attribute in earlier drafts, and some implementations still stick to it. For backward compatibility, accept those in path attributes when parsing (but not when formatting). Reported by Andreas Metzler in: https://lists.freedesktop.org/archives/p11-glue/2017-January/000637.html
* virtual: Make virtual-fixed internal API cleanerDaiki Ueno2017-01-254-11/+16
| | | | | Add proper inclusion guard to virtual-fixed.h and move the declarations of the (un)initialization functions there.
* test: Release transport mock moduleDaiki Ueno2017-01-251-0/+1
| | | | | To prevent leaks of fixed closures, p11_kit_module_release() needs to be called on the mock module itself.
* test: Check exhaustion of fixed closuresNikos Mavrogiannopoulos2017-01-242-5/+82
|
* build: Make libffi closure optionalDaiki Ueno2017-01-249-145/+1661
| | | | | | | | libffi's closure support is not available on all platforms and may fail at run time if running under a stricter SELinux policy. Fallback to pre-compiled closures if it is not usable. https://bugs.freedesktop.org/show_bug.cgi?id=97611
* Fix compiler warnings on FreeBSDRoman Bogorodskiy2017-01-231-1/+1
| | | | | | | | | | | * common/compat.c: Fix "implicit declaration of function 'issetugid'" warning. On FreeBSD, it's required to define __BSD_VISIBLE to make issetugid(2) visible * common/test-message.c: Fix "implicit declaration of function 'asprintf'" by including <stdio.h> * p11-kit/test-iter.c: Fix "format '%lu' expects argument of type 'long unsigned int', but argument 3 has type 'int'" by changing format string to "%d"
* systemd: add per-user remoting socketLubomir Rintel2017-01-203-0/+31
| | | | | | This allows daemons outside user's session to use per-user PKCS#11 modules. Useful for letting VPN daemons or wpa_supplicant use certificates stored in user's GNOME keyring, etc.
* uri: Support query attributes to specify moduleDaiki Ueno2017-01-193-9/+237
| | | | | Accept and produce 'module-name' and 'module-path' query attributes defined in RFC 7512.
* uri: Avoid typecasting confusion on s390xDaiki Ueno2017-01-171-2/+4
| | | | | | | | | Like memcpy(), the 'void *' argument of p11_buffer_add() points to the memory area ordered in host's endianness. Add typecast of int->char to avoid the confusion. Reported by Andreas Metzler in: https://lists.freedesktop.org/archives/p11-glue/2017-January/000633.html
* uri: fix producing the query attributesLubomir Rintel2017-01-122-35/+48
| | | | Put the pin-* attributes where they belong: to the query part.
* uri: fix the query attribute parsingLubomir Rintel2017-01-122-14/+42
| | | | | | | | | | | | The pin-* attributes belong to the query part. We should not parse them until we see a '?' and they're separated with a '&'. This might be an important thing -- some of the query attributes may have security implications reaching outside scope of the token itself, to the host system itself. E.g. a pin-source may cause the consumer to access a file or module-path (unimplemented) execute code. The user may want to just chop the attribute part off if they want the consumer access the token and not take the security considerations into account.