summaryrefslogtreecommitdiff
path: root/trust/module.c
Commit message (Collapse)AuthorAgeFilesLines
* trust: Ignore unreadable content in anchorsDaiki Ueno2019-02-181-2/+1
| | | | | | | | | This amends eb503f3a1467f21a5ecc9ae84ae23b216afc102f. Instead of failing C_FindObjectsInit, treat any errors internally and accumulates the successfully loaded certificates. Reported by Andrej Kvasnica in: https://bugzilla.redhat.com/show_bug.cgi?id=1675441
* trust: Fail if trust anchors are not loaded from a fileDaiki Ueno2019-01-041-3/+8
| | | | | If the trust path is a file, treat parse error as fatal and abort the C_FindObjectsInit call.
* trust: Propagate library verbosity to module through init_argsDaiki Ueno2019-01-041-0/+5
| | | | | | Previously, even when the -v option is used with the 'trust' command, the messages from p11-kit-trust.so module were suppressed because the verbosity setting is not propagated to the module.
* build: Check return value of p11_dict_setDaiki Ueno2018-10-171-1/+2
|
* trust: Factor out module initialization into separate fileDaiki Ueno2018-08-281-54/+0
| | | | | This prevents double call to p11_library_init() in test-module.c, once from the ELF constructor, and secondly from the test itself.
* common, p11-kit, trust: Use pthread_once only when necessaryDaiki Ueno2018-08-101-1/+1
| | | | | | If the ELF constructor is usable, we don't really need the once-init function because it is guaranteed that the code runs only once in the constructor.
* trust: Clarify C_Login behavior that returns an errorDaiki Ueno2018-07-191-0/+11
|
* trust: Don't null terminate PKCS #11 string fieldsDaiki Ueno2018-05-071-6/+6
|
* trust: Forcibly mark "Default Trust" read-onlyDaiki Ueno2018-02-051-4/+8
| | | | | | | | The "Default Trust" token is typically mounted as $datadir, which is considered as read-only on modern OSes. Suggestd by Kai Engert in: https://bugzilla.redhat.com/show_bug.cgi?id=1523630
* trust: Filter out duplicate extensionsDaiki Ueno2018-01-311-3/+39
| | | | | | | | | | | | The trust policy module keeps all the objects in the database, while PKIX doesn't allow multiple extensions identified by the same OID can be attached to a certificate. Add a check to C_FindObjects to exclude any duplicates and only return the first matching object. It would be better if the module rejects such duplicates when loading, but it would make startup slower. https://bugzilla.redhat.com/show_bug.cgi?id=1141241
* makefile: Rename DATADIR to not conflict with Win32 defineMichael Cronenworth2014-10-051-1/+1
| | | | Signed-off-by: Michael Cronenworth <mike@cchtml.com>
* trust: More appropriate rv when non-modifiable object deletedStef Walter2013-09-051-1/+1
| | | | | This will change once the spec has a specific attribute and code to signify deletability.
* Declare static variables const where it makes senseStef Walter2013-07-181-2/+2
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985337
* trust: Support token directory paths in user's home directoryStef Walter2013-07-081-0/+1
|
* trust: Initial support for writing out token objectsStef Walter2013-07-031-5/+13
| | | | | * The objects are written out in the p11-kit persist format * Parser marks files in p11-kit persist format as modifiable
* trust: Implement reloading of token dataStef Walter2013-07-031-1/+4
| | | | | | | | | | | | | | | * Reload token data whenever a new session is opened. * Only reload files/directories that have changed. * Move duplicate anchor/blacklist detection logic into the extract code. This is in line with the approach being discussed on the mailing lists and spec document. * New internal attribute CKA_X_ORIGIN set on all objects so we can track where an object came from, and replace it when reloaded. In general this is a prerequisite for modification of objects reload before modify is necessary to prevent multiple callers clobbering each other's changes.
* trust: Writable module PKCS#11 token functionsStef Walter2013-06-171-21/+67
| | | | | | Although we don't actually write anything out yet, make the various PKCS#11 functions behave properly when faced with requests to write to token objects
* trust: Correctly reflect the CK_TOKEN_INFO writability flagsStef Walter2013-06-141-1/+4
| | | | | Correctly set the CKF_TOKEN_WRITE_PROTECTED flag for paths which we will be able to write to.
* Merge branch 'stable'Stef Walter2013-06-051-5/+25
|\
| * trust: Fix crash when C_Initialize args are NULLStef Walter2013-06-051-1/+4
| | | | | | | | https://bugs.freedesktop.org/show_bug.cgi?id=65401
| * trust: Fix reinitialization of trust moduleStef Walter2013-06-051-4/+21
| | | | | | | | | | | | | | | | | | Track number of C_Initialize calls, and require similar number of C_Finalize calls to finalize. This fixes leaks/disappearing sessions in the trust module. https://bugs.freedesktop.org/show_bug.cgi?id=65401
* | Pull the argv parsing code into its own fileStef Walter2013-05-211-74/+4
|/ | | | So it can be used from multiple code paths
* trust: Fix logic for matching invalid NSS serial numbersStef Walter2013-04-031-47/+73
| | | | | | | | Sometimes NSS queries for trust objects using invalid serial numbers that do not have their DER decoding. We fixed this earlier, but want to make sure there are no corner cases, accidentally not matching serial numbers that happen to start with the same bytes as a DER TLV would.
* More compatible path munging and handling codeStef Walter2013-04-031-2/+3
| | | | | | | | | | Centralize the path handling code, so we can remove unixy assumptions and have a chance of running on Windows. The current goal is to run all the tests on Windows. Includes some code from LRN <lrn1986@gmail.com> https://bugs.freedesktop.org/show_bug.cgi?id=63062
* Separate library init from message codeStef Walter2013-04-031-0/+1
| | | | | | | | | | | Put library init/uninit code its into their own statically linked library so that they don't get linked into the p11-kit executable. Refactor the message code so that the library initialization can plug in its per thread message buffer. https://bugs.freedesktop.org/show_bug.cgi?id=63046
* Don't complain when applications call C_Logout or C_LoginStef Walter2013-03-281-2/+30
| | | | | | | Some callers erroneously call our C_Logout function, like NSS. So return appropriate error codes in these cases. https://bugs.freedesktop.org/show_bug.cgi?id=62874
* Fix memory leaks reported by 'make leakcheck'Stef Walter2013-03-201-2/+3
|
* trust: Use descriptive labels for tokensStef Walter2013-03-191-13/+50
| | | | | | | | Try to determine which one is the system trust input token, and which one is the default token by using datadir and sysconfdir respectively. https://bugs.freedesktop.org/show_bug.cgi?id=62534
* trust: Don't use POSIX or GNU basename()Stef Walter2013-03-191-2/+3
| | | | | | Both are nasty. Do our own, and test it a bit https://bugs.freedesktop.org/show_bug.cgi?id=62479
* trust: Provide better debugging of trust module functionsStef Walter2013-03-181-5/+15
| | | | | Make C_FindObjects() and C_GetAttributeValue() functions dump the attributes that they're dealing with when in debug mode.
* trust: Handle incorrectly encoded CKA_SERIAL_NUMBER lookupsStef Walter2013-03-181-0/+47
| | | | | | | | Handle lookups for trust objects (by NSS) which expect CKA_SERIAL_NUMBER attributes without appropriate DER encoding. In addition allow creation of NSS trust objects as PKCS#11 session objects, so that we can test this behavior.
* trust: Refactor to include concept of the indexStef Walter2013-03-151-50/+61
| | | | | | | | | | * The index holds PKCS#11 objects whether for the token or for the session. * The index provides hook for a builder to expand or validate objects being added to the index. * In addition theres a change hook so that a builder can maintain state between objects, such as the compat NSS trust objects. https://bugs.freedesktop.org/show_bug.cgi?id=62329
* trust: Make each configured path its own tokenStef Walter2013-03-151-53/+149
| | | | | | | | | | | | | | | | | | | * Each source directory or file configured into the module or passed in as an initialization argument becomes its own token. Previously there was one token that contained certificates from all the configured paths. * These tokens are clearly labeled in the token info as to the directory or file that they represent. * Update PKCS#11 module logic to deal with multiple tokens, validate the slot ids and so on. * The order in which the paths are configured will become the order of trust priority. This is the same order in which they are listed through 'p11-kit list-modules' and C_GetSlotList. * Update the frob-token internal tool to only play with one path * Adjust tests where necessary to reflect the new state of things and add tests for modified trust module code https://bugs.freedesktop.org/show_bug.cgi?id=61499
* trust: Rework input path treatmentStef Walter2013-03-151-14/+7
| | | | | | | | | | | | | | | | | | | | | * Accept a single --with-trust-paths argument to ./configure which cotnains all the input paths. * The --with-system-anchors and --with-system-certificates ./configure arguments are no longer supported. Since they were only present briefly, no provision is made for backwards compatibility. * Each input file is treated as containing anchors by default unless an input certificate contains detailed trust information. * The files in each input directory are not automatically treated as anchors unless a certificate contains detailed trust information. * The files in anchors/ subdirectory of each input directory are automatically marked as anchors. * The files in the blacklist/ subdirectory of each input directory are automatically marked as blacklisted. * Update tests and move around test certificates so we can test these changes. https://bugs.freedesktop.org/show_bug.cgi?id=62327
* Fix syntax errors in OS_WIN32 ifdefsStef Walter2013-03-031-2/+4
|
* Only do shared object and DLL initialization in librariesStef Walter2013-02-201-0/+55
| | | | | | Don't do library initialization on shared object load when not running in a library. We'll want to plug into this and do different things per library in the future.
* Add basic trust moduleStef Walter2013-02-051-0/+1517
This is based off the roots-store from gnome-keyring and loads certificates from a root directory and exposes them as PKCS#11 objects.