summaryrefslogtreecommitdiff
path: root/p11-kit
Commit message (Collapse)AuthorAgeFilesLines
* Don't load configs from user directory when setuidStef Walter2013-07-186-2/+144
| | | | | | | When running as setuid() or setgid() don't access the user's home directory, or use $HOME environment variables. https://bugzilla.redhat.com/show_bug.cgi?id=985014
* Fix various issues highlighted by coverity scannerStef Walter2013-07-183-6/+15
| | | | Among others fix possible usage of large stack allocation.
* open files with O_CLOEXEC when possibleStef Walter2013-07-182-76/+27
| | | | | | | | | | | | | This helps prevent leaked file descriptors when the library is used in a process which exec's. opendir() already uses O_CLOEXEC on platforms that support O_CLOEXEC so we don't need to make changes there. In addition read config files using p11_mmap_open() so that we get the simple benefits of O_CLOEXEC with the open() call there. https://bugzilla.redhat.com/show_bug.cgi?id=984986
* iter: Document guarantees for filter matches argumetStef Walter2013-07-181-0/+4
| | | | | | | | The matches argument is always initialized to CK_TRUE when a filter is called, and it's up to filters to set it to CK_FALSE. Filters don't need to set to CK_TRUE. https://bugzilla.redhat.com/show_bug.cgi?id=985009
* Remove erroneous comments about readdir() and thread-safetyStef Walter2013-07-171-1/+0
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=984989
* Build with -fno-common to catch definition problemsStef Walter2013-07-101-2/+2
| | | | | | Fix some global variables not declared as extern https://bugs.freedesktop.org/show_bug.cgi?id=66015
* Various documentation tweaks and fixes for warningsStef Walter2013-07-101-0/+8
|
* trust: Fix the 'p11-kit extract' commandStef Walter2013-07-092-2/+21
| | | | | This is supposed to call over to 'trust extract' and wasn't working correctly.
* p11-kit: Add P11_KIT_MODULE_TRUSTED flagStef Walter2013-07-045-19/+86
| | | | | A new flag to pass to p11_kit_modules_load() and related functions which limits loaded modules to ones with "trust-policy: yes".
* iter: Add iteration mode where session is not busyStef Walter2013-07-033-45/+132
| | | | | | | | | | | In order to use the session we are iterating on for other tasks such as other C_FindObject() calls, we need to make sure that it's not in the middle of a find operation. Finish up the complete find operation in advance of returning objects from a session. Make this the default mode. The previous behavior remains as an option. Add tests.
* Fix dependency between p11-kit command and libraryStef Walter2013-06-251-1/+1
|
* Reorganize various componentsStef Walter2013-06-253-0/+415
| | | | | | | * p11-kit library and tool in the p11-kit/ subdirectory * trust module and new trust tool in trust/ subdirectory * No more tools/ subdirectory * Lots less in the common/ subdirectory
* url: Encode directly to a bufferStef Walter2013-05-271-13/+19
|
* Mark p11_kit_message() as a stable functionStef Walter2013-05-211-2/+2
|
* Fix building of applications using CRYPTOKI_GNU styleStef Walter2013-05-211-1/+3
|
* Bump the version for deprecated function documentationStef Walter2013-05-211-9/+9
|
* Fix up Makefile.am files for automake 1.13 warningsStef Walter2013-05-212-2/+2
|
* Our own unit testing frameworkStef Walter2013-05-2114-1729/+1572
| | | | | | | | * Support the TAP protocol * Much cleaner without having to carry around state * First class support for setup/teardown * Port the common tests * Wait on porting other tests until we've merged outstanding code
* Further reorganization of the core module trackingStef Walter2013-05-211-188/+161
| | | | | | | | | * Keep the module ownership apart from the tracking of module function pointers, since these are only relevant for unmanaged modules. * Less assumptions that each module has a raw unmanaged module function pointer. * More clarity in the naming of dictionaries tracking the modules.
* Add the log-calls module config optionStef Walter2013-05-217-16/+2234
| | | | | If 'log-calls = yes' is set then all the PKCS#11 modules are logged to stderr.
* Manage C_CloseAllSessions function for multiple callersStef Walter2013-05-213-7/+268
| | | | | | Make C_CloseAllSessions work for different callers. Track the sessions that each caller opens and close just those when C_CloseAllSessiosn is called.
* Update the proxy module to use managed PKCS#11 modulesStef Walter2013-05-218-256/+1410
| | | | | | | | | | Each time C_GetFunctionList is called on the proxy module, a new managed PKCS#11 set of functions is returned. These are all cleaned up when the module is unloaded. We want the proxy module to continue to work even without the highly recommended libffi. For that reason we still keep the old behavior of sharing state in the proxy module.
* p11-kit: Managed PKCS#11 module loadingStef Walter2013-05-2118-364/+4355
| | | | | | | | | Support a new managed style module loading for PKCS#11 modules. This allows us to better coordinate between multiple callers of the same PKCS#11 modules and provide hooks into their behavior. This meant redoing the public facing API. The old methods are now deprecated, marked and documented as such.
* Use libffi to implement mixins for managed codeStef Walter2013-05-165-1/+3228
| | | | | | * This allows us to call into subclassed PKCS#11 modules as if they were plain old PKCS#11 modules * libffi is an optional dependency
* Implement valgrind's hellgrind checks for threading problemsStef Walter2013-05-151-1/+1
| | | | | | | And cleanup our locks/locking model. There's no need to use recursive locks, especially since we can't use them on all platforms. In addition adjust taking of locks during initialization so that there's no chance of deadlocking here.
* More compatible path munging and handling codeStef Walter2013-04-032-91/+7
| | | | | | | | | | Centralize the path handling code, so we can remove unixy assumptions and have a chance of running on Windows. The current goal is to run all the tests on Windows. Includes some code from LRN <lrn1986@gmail.com> https://bugs.freedesktop.org/show_bug.cgi?id=63062
* Separate library init from message codeStef Walter2013-04-0312-25/+29
| | | | | | | | | | | Put library init/uninit code its into their own statically linked library so that they don't get linked into the p11-kit executable. Refactor the message code so that the library initialization can plug in its per thread message buffer. https://bugs.freedesktop.org/show_bug.cgi?id=63046
* Don't use library locks from p11-kit toolStef Walter2013-04-031-0/+4
| | | | | | | The global library p11_library_mutex is for libraries to use, so don't use it from any code in common/, which is also used by the p11-kit tool https://bugs.freedesktop.org/show_bug.cgi?id=63046
* Fix build with automake 1.13Stef Walter2013-04-031-1/+1
| | | | Also remove some generated files from the po/ directory.
* Fix memory leaks reported by 'make leakcheck'Stef Walter2013-03-205-5/+7
|
* Add a bit of infrastructure for running valgrindStef Walter2013-03-201-1/+2
| | | | | * make memcheck: Runs basic memory checking * make leakcheck: Also runs leak checking
* Do not export (de)constructorAndreas Metzler2013-03-191-4/+4
| | | | | | Rename p11_kit_init and p11_kit_fini to _p11_kit_init and _p11_kit_fini respectively to stop them from being exported in the ABI. It does not seem to be necessary.
* url: Split out the URL encoding and decoding functionsStef Walter2013-03-151-108/+12
| | | | | | | We want to use these as the format for encoding binary data in our PKCS#11 attribute persistence https://bugs.freedesktop.org/show_bug.cgi?id=62156
* lexer: Make a lexer for our config file formatStef Walter2013-03-151-92/+39
| | | | | | This lexer will be used in our PKCS#11 persistence format as well. https://bugs.freedesktop.org/show_bug.cgi?id=62156
* p11-kit: New priority option and change trust-policy optionStef Walter2013-03-1511-3/+101
| | | | | | | | | | | | | | * Sort loaded modules appropriately using the 'priority' option. This allows us to have a predictable order for callers, when callers iterate through modules. * Modules default to having an 'priority' option of '0'. * If modules have the same order value, then sort by name. * The above assumes the role of ordering trust-policy sources. * Change the trust-policy option to a boolean * Some of this code will be rearranged when the managed branch is merged. https://bugs.freedesktop.org/show_bug.cgi?id=61978
* trust: Rework input path treatmentStef Walter2013-03-151-3/+0
| | | | | | | | | | | | | | | | | | | | | * Accept a single --with-trust-paths argument to ./configure which cotnains all the input paths. * The --with-system-anchors and --with-system-certificates ./configure arguments are no longer supported. Since they were only present briefly, no provision is made for backwards compatibility. * Each input file is treated as containing anchors by default unless an input certificate contains detailed trust information. * The files in each input directory are not automatically treated as anchors unless a certificate contains detailed trust information. * The files in anchors/ subdirectory of each input directory are automatically marked as anchors. * The files in the blacklist/ subdirectory of each input directory are automatically marked as blacklisted. * Update tests and move around test certificates so we can test these changes. https://bugs.freedesktop.org/show_bug.cgi?id=62327
* iter: Don't skip tokens that don't have CKF_TOKEN_INITIALIZEDStef Walter2013-03-082-37/+0
| | | | | This flag is not required to be set unless C_InitToken has been called. Many modules, like libnssckbi.so, do not set this flag.
* Remove duplicate typedefStef Walter2013-03-041-2/+2
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=60894
* Fix syntax errors in OS_WIN32 ifdefsStef Walter2013-03-032-3/+3
|
* Open files in binary mode on windowsStef Walter2013-03-032-2/+2
| | | | So that the Windows' C library doesn't munge line endings
* Use putenv() instead of setenv()Stef Walter2013-03-037-7/+7
| | | | Since older operating systems don't support setenv()
* Rename p11_module_xxx() compat functions to p11_dl_xxx()Stef Walter2013-03-031-5/+10
| | | | | | | For clarity. In addition, make p11_dl_close() able to be used as a destroyer callback. Also make p11_dl_error() return an allocated string
* Only do shared object and DLL initialization in librariesStef Walter2013-02-201-0/+54
| | | | | | Don't do library initialization on shared object load when not running in a library. We'll want to plug into this and do different things per library in the future.
* Respect destdir when creating package module config directoryAndreas Metzler2013-02-121-1/+1
|
* Fix various clang analyzer warningsStef Walter2013-02-063-3/+3
| | | | | * Add annotations to our precondition functions so that they don't make the analyzer complain
* Add public iterator API to p11-kitStef Walter2013-02-057-2/+2078
|
* Allow internal use of token and module info matchingStef Walter2013-02-052-20/+41
|
* Add basic trust moduleStef Walter2013-02-053-37/+4
| | | | | | This is based off the roots-store from gnome-keyring and loads certificates from a root directory and exposes them as PKCS#11 objects.
* Add a /usr/share/p11-kit/modules directory for package module configsStef Walter2013-02-058-10/+26
| | | | | | * Try to make /etc/pkcs11/modules for administrator use * Override the old pkg-config variables to help packages start using the new location
* Add p11_kit_be_loud() function for use in tests and toolsStef Walter2013-02-052-0/+16
| | | | This does the opposite of p11_kit_be_quiet().