| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
| |
When we hadn't forked, but were just not initialized, still return
CKR_CRYPTOKI_NOT_INITIALIZED from managed modules.
|
|
|
|
|
|
| |
When C_Finalize is called in the wrong process, it's often because
of a caller unaware of forking. This is a painful area of PKCS#11,
but at least for C_Finalize, lets not complain loudly about it.
|
|
|
|
|
|
|
| |
This sets 'remote' appropriately to run the module in a separate
process.
https://bugs.freedesktop.org/show_bug.cgi?id=80472
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=54105
|
|
|
|
|
| |
This adds a new tool to the p11-kit command called 'remote'. This
is the server side of remoting a PKCS#11 module.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* This enables passing around bytes which represent PKCS#11 RPC calls.
* Caller is responsible for connecting/disconnecting and so on.
* Client side caller gets a mixin from p11_rpc_client_init() to call
into, which generates callbacks with byte arrays to be transported.
* Server side calls p11_rpc_server_handle() with a CK_FUNCTION_LIST_PTR
on which relevant methods get called.
* Doesn't yet implement the actual daemon or clients etc...
https://bugs.freedesktop.org/show_bug.cgi?id=54105
|
| |
|
| |
|
|
|
|
|
| |
These are useful functions for callers who want to supress all output
from p11-kit library.
|
|
|
|
|
|
|
|
| |
Correctly allow reinitialization when a process forks.
We don't yet implement checks on all entry points of a managed
module, but this allows callers to call C_Initialize again
after forking, as outlined by the PKCS#11 v2 spec.
|
|
|
|
|
|
|
|
| |
This fixes the function call p11_kit_module_initialize() to
correctly rearrange the modules array when initializing a module
fails.
Also fixes p11_kit_modules_load_and_initialize()
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=76594
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The proxy module would unload the PKCS#11 modules it was proxying
when C_Finalize() was called. However if a caller in another thread
was inside of a PKCS#11 function at the time, this would cause
a crash.
Change things around so that underlying modules are finalized during
the proxy C_Finalize() but not released/unloaded until the proxy
module itself is unloaded.
https://bugs.freedesktop.org/show_bug.cgi?id=74919
|
|
|
|
|
|
|
|
| |
We should return CKR_CRYPTOKI_NOT_INITIALIZED rather than
assert() when proxy PKCS#11 functions are called before the
module is initialized.
https://bugs.freedesktop.org/show_bug.cgi?id=74919
|
| |
|
| |
|
|
|
|
| |
A simple wrapper for C_GetAttributeValue()
|
|
|
|
|
| |
We use the FAKED_MODE environment variable as a way to detect
fakeroot.
|
| |
|
| |
|
|
|
|
|
|
| |
The actual command is 'trust extract-compat'. Make installed placeholder
script reflect this. We still support the old placeholder script
if it is present.
|
|
|
|
|
| |
In general we're slowly migrating towards the lower case style
for stuctures/objects.
|
|
|
|
| |
Handy function since this is a common need.
|
|
|
|
| |
This is so we can set a filtering uri on the iterator after construction
|
|
|
|
|
| |
To get the already loaded CK_TOKEN_INFO during iteration for the
token that the current object is on.
|
|
|
|
|
| |
This allows us to try to get a RW session, but if not fallback
to a read-only session.
|
| |
|
|
|
|
|
|
| |
As a side effect we can also not use the dirent.d_type field
https://bugs.freedesktop.org/show_bug.cgi?id=68525
|
| |
|
|
|
|
|
| |
* Add a testing sanity check to see if we're catching errors
* Fix a few other testing issues
|
| |
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=985416
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=985433
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=985481
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=985337
|
|
|
|
|
|
|
|
|
|
| |
If ~/.config is specified as a prefix to a configured path,
then it is expanded to the $XDG_CONFIG_HOME if that exists
Add --with-user-config ./configure option to configure a
different user config directory.
Interpolate the right directories into documentation.
|
|
|
|
|
|
|
| |
When running as setuid() or setgid() don't access the user's home
directory, or use $HOME environment variables.
https://bugzilla.redhat.com/show_bug.cgi?id=985014
|
|
|
|
| |
Among others fix possible usage of large stack allocation.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This helps prevent leaked file descriptors when the library is
used in a process which exec's.
opendir() already uses O_CLOEXEC on platforms that support O_CLOEXEC
so we don't need to make changes there.
In addition read config files using p11_mmap_open() so that we get
the simple benefits of O_CLOEXEC with the open() call there.
https://bugzilla.redhat.com/show_bug.cgi?id=984986
|
|
|
|
|
|
|
|
| |
The matches argument is always initialized to CK_TRUE when a filter
is called, and it's up to filters to set it to CK_FALSE. Filters
don't need to set to CK_TRUE.
https://bugzilla.redhat.com/show_bug.cgi?id=985009
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=984989
|
|
|
|
|
|
| |
Fix some global variables not declared as extern
https://bugs.freedesktop.org/show_bug.cgi?id=66015
|
| |
|
|
|
|
|
| |
This is supposed to call over to 'trust extract' and wasn't
working correctly.
|
|
|
|
|
| |
A new flag to pass to p11_kit_modules_load() and related functions
which limits loaded modules to ones with "trust-policy: yes".
|