summaryrefslogtreecommitdiff
path: root/p11-kit
Commit message (Collapse)AuthorAgeFilesLines
* Add the log-calls module config optionStef Walter2013-05-217-16/+2234
| | | | | If 'log-calls = yes' is set then all the PKCS#11 modules are logged to stderr.
* Manage C_CloseAllSessions function for multiple callersStef Walter2013-05-213-7/+268
| | | | | | Make C_CloseAllSessions work for different callers. Track the sessions that each caller opens and close just those when C_CloseAllSessiosn is called.
* Update the proxy module to use managed PKCS#11 modulesStef Walter2013-05-218-256/+1410
| | | | | | | | | | Each time C_GetFunctionList is called on the proxy module, a new managed PKCS#11 set of functions is returned. These are all cleaned up when the module is unloaded. We want the proxy module to continue to work even without the highly recommended libffi. For that reason we still keep the old behavior of sharing state in the proxy module.
* p11-kit: Managed PKCS#11 module loadingStef Walter2013-05-2118-364/+4355
| | | | | | | | | Support a new managed style module loading for PKCS#11 modules. This allows us to better coordinate between multiple callers of the same PKCS#11 modules and provide hooks into their behavior. This meant redoing the public facing API. The old methods are now deprecated, marked and documented as such.
* Use libffi to implement mixins for managed codeStef Walter2013-05-165-1/+3228
| | | | | | * This allows us to call into subclassed PKCS#11 modules as if they were plain old PKCS#11 modules * libffi is an optional dependency
* Implement valgrind's hellgrind checks for threading problemsStef Walter2013-05-151-1/+1
| | | | | | | And cleanup our locks/locking model. There's no need to use recursive locks, especially since we can't use them on all platforms. In addition adjust taking of locks during initialization so that there's no chance of deadlocking here.
* More compatible path munging and handling codeStef Walter2013-04-032-91/+7
| | | | | | | | | | Centralize the path handling code, so we can remove unixy assumptions and have a chance of running on Windows. The current goal is to run all the tests on Windows. Includes some code from LRN <lrn1986@gmail.com> https://bugs.freedesktop.org/show_bug.cgi?id=63062
* Separate library init from message codeStef Walter2013-04-0312-25/+29
| | | | | | | | | | | Put library init/uninit code its into their own statically linked library so that they don't get linked into the p11-kit executable. Refactor the message code so that the library initialization can plug in its per thread message buffer. https://bugs.freedesktop.org/show_bug.cgi?id=63046
* Don't use library locks from p11-kit toolStef Walter2013-04-031-0/+4
| | | | | | | The global library p11_library_mutex is for libraries to use, so don't use it from any code in common/, which is also used by the p11-kit tool https://bugs.freedesktop.org/show_bug.cgi?id=63046
* Fix build with automake 1.13Stef Walter2013-04-031-1/+1
| | | | Also remove some generated files from the po/ directory.
* Fix memory leaks reported by 'make leakcheck'Stef Walter2013-03-205-5/+7
|
* Add a bit of infrastructure for running valgrindStef Walter2013-03-201-1/+2
| | | | | * make memcheck: Runs basic memory checking * make leakcheck: Also runs leak checking
* Do not export (de)constructorAndreas Metzler2013-03-191-4/+4
| | | | | | Rename p11_kit_init and p11_kit_fini to _p11_kit_init and _p11_kit_fini respectively to stop them from being exported in the ABI. It does not seem to be necessary.
* url: Split out the URL encoding and decoding functionsStef Walter2013-03-151-108/+12
| | | | | | | We want to use these as the format for encoding binary data in our PKCS#11 attribute persistence https://bugs.freedesktop.org/show_bug.cgi?id=62156
* lexer: Make a lexer for our config file formatStef Walter2013-03-151-92/+39
| | | | | | This lexer will be used in our PKCS#11 persistence format as well. https://bugs.freedesktop.org/show_bug.cgi?id=62156
* p11-kit: New priority option and change trust-policy optionStef Walter2013-03-1511-3/+101
| | | | | | | | | | | | | | * Sort loaded modules appropriately using the 'priority' option. This allows us to have a predictable order for callers, when callers iterate through modules. * Modules default to having an 'priority' option of '0'. * If modules have the same order value, then sort by name. * The above assumes the role of ordering trust-policy sources. * Change the trust-policy option to a boolean * Some of this code will be rearranged when the managed branch is merged. https://bugs.freedesktop.org/show_bug.cgi?id=61978
* trust: Rework input path treatmentStef Walter2013-03-151-3/+0
| | | | | | | | | | | | | | | | | | | | | * Accept a single --with-trust-paths argument to ./configure which cotnains all the input paths. * The --with-system-anchors and --with-system-certificates ./configure arguments are no longer supported. Since they were only present briefly, no provision is made for backwards compatibility. * Each input file is treated as containing anchors by default unless an input certificate contains detailed trust information. * The files in each input directory are not automatically treated as anchors unless a certificate contains detailed trust information. * The files in anchors/ subdirectory of each input directory are automatically marked as anchors. * The files in the blacklist/ subdirectory of each input directory are automatically marked as blacklisted. * Update tests and move around test certificates so we can test these changes. https://bugs.freedesktop.org/show_bug.cgi?id=62327
* iter: Don't skip tokens that don't have CKF_TOKEN_INITIALIZEDStef Walter2013-03-082-37/+0
| | | | | This flag is not required to be set unless C_InitToken has been called. Many modules, like libnssckbi.so, do not set this flag.
* Remove duplicate typedefStef Walter2013-03-041-2/+2
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=60894
* Fix syntax errors in OS_WIN32 ifdefsStef Walter2013-03-032-3/+3
|
* Open files in binary mode on windowsStef Walter2013-03-032-2/+2
| | | | So that the Windows' C library doesn't munge line endings
* Use putenv() instead of setenv()Stef Walter2013-03-037-7/+7
| | | | Since older operating systems don't support setenv()
* Rename p11_module_xxx() compat functions to p11_dl_xxx()Stef Walter2013-03-031-5/+10
| | | | | | | For clarity. In addition, make p11_dl_close() able to be used as a destroyer callback. Also make p11_dl_error() return an allocated string
* Only do shared object and DLL initialization in librariesStef Walter2013-02-201-0/+54
| | | | | | Don't do library initialization on shared object load when not running in a library. We'll want to plug into this and do different things per library in the future.
* Respect destdir when creating package module config directoryAndreas Metzler2013-02-121-1/+1
|
* Fix various clang analyzer warningsStef Walter2013-02-063-3/+3
| | | | | * Add annotations to our precondition functions so that they don't make the analyzer complain
* Add public iterator API to p11-kitStef Walter2013-02-057-2/+2078
|
* Allow internal use of token and module info matchingStef Walter2013-02-052-20/+41
|
* Add basic trust moduleStef Walter2013-02-053-37/+4
| | | | | | This is based off the roots-store from gnome-keyring and loads certificates from a root directory and exposes them as PKCS#11 objects.
* Add a /usr/share/p11-kit/modules directory for package module configsStef Walter2013-02-058-10/+26
| | | | | | * Try to make /etc/pkcs11/modules for administrator use * Override the old pkg-config variables to help packages start using the new location
* Add p11_kit_be_loud() function for use in tests and toolsStef Walter2013-02-052-0/+16
| | | | This does the opposite of p11_kit_be_quiet().
* Add more mock-module implementationStef Walter2013-02-045-1243/+14
| | | | | * Move mock code into the common/ directory to be used by multiple components of p11-kit
* Add generic buffer codeStef Walter2013-02-041-56/+37
| | | | Represents a block of memory that can be added to, parsed and so on
* Use the stdbool.h C99 bool typeStef Walter2013-01-238-124/+186
| | | | | | It was getting really wild knowing whether a function returning an int would return -1 on failure or 0 or whether the int return value was actually a number etc..
* Set strict debug preconditions during testingStef Walter2013-01-096-0/+6
|
* Add common functions for manipulating CK_ATTRIBUTE arraysStef Walter2013-01-092-153/+60
|
* Move the pkcs11.h header files into common directoryStef Walter2013-01-092-1374/+42
| | | | | | | * Allows use of them across the whole project * Put a stub file in the p11-kit/ directory, so we can still refer to the headers using that path, which is what it will be at when in the installed includes directory.
* Build common code into noinst librariesStef Walter2013-01-092-28/+14
| | | | | | * This is cleaner than building the same source files all over the place over and over. * Works better with code coverage.
* Move debug and library code into the common/ subdirectoryStef Walter2013-01-0949-1852/+4586
| | | | | | | | | | | Start using p11_ as our internal prefix rather than _p11_. We explicitly export p11_kit_ so this is fine as far as visibility. Move the threading, mutex, and module compat, dict, and array code into the common directory too. Take this opportunity to clean up a bit of internal API as well, since so many lines are being touched internally.
* Fix leak when initializing the proxy modulePankaj Sharma2013-01-091-0/+2
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=58704
* Documentation fixes for PIN functionsStef Walter2013-01-091-6/+6
|
* Fix file descriptor leak in p11_kit_pin_file_callback()Pankaj Sharma2013-01-091-0/+2
| | | | | | * Close the file descriptor used to read the the pin file https://bugs.freedesktop.org/show_bug.cgi?id=58706
* Fix documentation warnings.Stef Walter2013-01-071-3/+6
| | | | | | * P11_KIT_URI_NO_MEMORY is an unexpected state, that will probably never actually be returned. But kept for API compatibility. * make distcheck doc fix
* Guarantee that the key is freed when replacedStef Walter2013-01-072-2/+11
| | | | | | | | | * When setting a key in a map that already exists, then free the old key and replace with the new one. * Fix related bug where key was not properly allocated * Add tests for this https://bugs.freedesktop.org/show_bug.cgi?id=59087
* Don't complain if we cannot access ~/.pkcs11/pkcs11.confStef Walter2012-11-142-9/+34
| | | | | | | * If a process is running under selinux it may not be able to access the home directory of the uid that it is running as. https://bugs.freedesktop.org/show_bug.cgi?id=57115
* Refuse to load the p11-kit-proxy.so as a registered moduleStef Walter2012-09-183-9/+13
| | | | | | | | | | * Since p11-kit-proxy.so is a symlink to the libp11-kit.so library we check that we are not calling into our known CK_FUNCTION_LIST for the proxy code. * Although such a configuration is invalid, detecting this directly prevents strange initialization loop issues that are hard to debug. https://bugs.freedesktop.org/show_bug.cgi?id=55052
* Don't fail initialization if last initialized module failsStef Walter2012-09-181-4/+6
| | | | | | | | | | * We weren't resetting the result code after a failure, so even though failures for critical modules didn't interrupt the initialization loop, the result still leaked to callers. * Also print an error message clearly indicating that a module failed to initialize, regardless of whether critical or not. https://bugs.freedesktop.org/show_bug.cgi?id=55051
* Change the default of 'user-config' to merge.Stef Walter2012-09-062-3/+3
| | | | | | | * This allows user configured PKCS#11 modules by default. * Admins can change this to 'none' in /etc/pkcs11/pkcs11.conf to go back to the previous behavior. * Posted to the mailing list.
* Always encode the "id" attribute in URIsDan Winship2012-07-281-10/+14
| | | | | | Per recommendation of the spec. https://bugs.freedesktop.org/show_bug.cgi?id=52606
* Use Windows thread ids instead of handles for comparisonsStef Walter2012-07-262-6/+11
| | | | | | | | | | * It seems that the HANDLE's returned from GetCurrentThread are often equal for two threads. GetCurrentThreadID doesn't have this problem. * Separate our cross platform thread_t and thread_id_t types even though on unix they're the same thing. https://bugzilla.gnome.org/show_bug.cgi?id=44740