From 0dd62395788ae566d3adef967611bce214a04435 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Sun, 23 Dec 2018 14:11:00 +0100
Subject: trust: Propagate library verbosity to module through init_args

Previously, even when the -v option is used with the 'trust' command,
the messages from p11-kit-trust.so module were suppressed because the
verbosity setting is not propagated to the module.
---
 common/message.c           |  8 ++++----
 p11-kit/modules.c          | 29 +++++++++++++++++++++++------
 p11-kit/p11-kit.h          |  3 ++-
 trust/enumerate.c          | 11 +++++++++--
 trust/module.c             |  5 +++++
 trust/p11-kit-trust.module |  4 ++++
 6 files changed, 47 insertions(+), 13 deletions(-)

diff --git a/common/message.c b/common/message.c
index f9d4f57..e439def 100644
--- a/common/message.c
+++ b/common/message.c
@@ -58,7 +58,7 @@
 #include <stdio.h>
 #include <string.h>
 
-static bool print_messages = false;
+bool p11_print_messages = false;
 
 #ifdef HAVE_STRERROR_L
 locale_t p11_message_locale = (locale_t) 0;
@@ -148,7 +148,7 @@ p11_message (const char* msg,
 	buffer[length] = 0;
 
 	/* If printing is not disabled, just print out */
-	if (print_messages)
+	if (p11_print_messages)
 		fprintf (stderr, "p11-kit: %s\n", buffer);
 	else
 		p11_debug_message (P11_DEBUG_LIB, "message: %s", buffer);
@@ -158,13 +158,13 @@ p11_message (const char* msg,
 void
 p11_message_quiet (void)
 {
-	print_messages = false;
+	p11_print_messages = false;
 }
 
 void
 p11_message_loud (void)
 {
-	print_messages = true;
+	p11_print_messages = true;
 }
 
 const char *
diff --git a/p11-kit/modules.c b/p11-kit/modules.c
index cfc4daf..0299eda 100644
--- a/p11-kit/modules.c
+++ b/p11-kit/modules.c
@@ -306,6 +306,7 @@ free_module_unlocked (void *data)
 	p11_dict_free (mod->config);
 	free (mod->name);
 	free (mod->filename);
+	free (mod->init_args.pReserved);
 	free (mod);
 }
 
@@ -550,10 +551,12 @@ is_module_enabled_unlocked (const char *name,
 static CK_RV
 take_config_and_load_module_inlock (char **name,
                                     p11_dict **config,
-                                    bool critical)
+                                    bool critical,
+                                    bool verbose)
 {
 	const char *filename = NULL;
 	const char *remote = NULL;
+	char *init_reserved = NULL;
 	CK_RV rv = CKR_OK;
 	Module *mod;
 
@@ -591,7 +594,19 @@ take_config_and_load_module_inlock (char **name,
 	 * 'x-init-reserved' setting in the config. This only works with specific
 	 * PKCS#11 modules, and is non-standard use of that field.
 	 */
-	mod->init_args.pReserved = p11_dict_get (*config, "x-init-reserved");
+	init_reserved = p11_dict_get (*config, "x-init-reserved");
+	if (init_reserved) {
+		if (verbose) {
+			init_reserved = strconcat (init_reserved, " verbose=yes", NULL);
+		} else {
+			init_reserved = strdup (init_reserved);
+		}
+		if (init_reserved == NULL) {
+			rv = CKR_HOST_MEMORY;
+			goto out;
+		}
+	}
+	mod->init_args.pReserved = init_reserved;
 
 	/* Take ownership of these variables */
 	p11_dict_free (mod->config);
@@ -607,7 +622,7 @@ out:
 }
 
 static CK_RV
-load_registered_modules_unlocked (void)
+load_registered_modules_unlocked (int flags)
 {
 	p11_dictiter iter;
 	p11_dict *configs;
@@ -617,6 +632,7 @@ load_registered_modules_unlocked (void)
 	int mode;
 	CK_RV rv;
 	bool critical;
+	bool verbose;
 
 	if (gl.config)
 		return CKR_OK;
@@ -652,7 +668,8 @@ load_registered_modules_unlocked (void)
 
 		/* Is this a critical module, should abort loading of others? */
 		critical = _p11_conf_parse_boolean (p11_dict_get (config, "critical"), false);
-		rv = take_config_and_load_module_inlock (&name, &config, critical);
+		verbose = (flags & P11_KIT_MODULE_VERBOSE) != 0;
+		rv = take_config_and_load_module_inlock (&name, &config, critical, verbose);
 
 		/*
 		 * These variables will be cleared if ownership is transeferred
@@ -858,7 +875,7 @@ initialize_registered_inlock_reentrant (void)
 	if (rv != CKR_OK)
 		return rv;
 
-	rv = load_registered_modules_unlocked ();
+	rv = load_registered_modules_unlocked (0);
 	if (rv == CKR_OK) {
 		p11_dict_iterate (gl.unmanaged_by_funcs, &iter);
 		while (rv == CKR_OK && p11_dict_next (&iter, NULL, (void **)&mod)) {
@@ -1955,7 +1972,7 @@ p11_modules_load_inlock_reentrant (int flags,
 	if (rv != CKR_OK)
 		return rv;
 
-	rv = load_registered_modules_unlocked ();
+	rv = load_registered_modules_unlocked (flags);
 	if (rv != CKR_OK)
 		return rv;
 
diff --git a/p11-kit/p11-kit.h b/p11-kit/p11-kit.h
index abf618b..cc89595 100644
--- a/p11-kit/p11-kit.h
+++ b/p11-kit/p11-kit.h
@@ -57,7 +57,8 @@ enum {
 	P11_KIT_MODULE_UNMANAGED = 1 << 0,
 	P11_KIT_MODULE_CRITICAL = 1 << 1,
 	P11_KIT_MODULE_TRUSTED = 1 << 2,
-	P11_KIT_MODULE_MASK = (1 << 3) - 1
+	P11_KIT_MODULE_VERBOSE = 1 << 3,
+	P11_KIT_MODULE_MASK = (1 << 4) - 1
 };
 
 typedef void        (* p11_kit_destroyer)                   (void *data);
diff --git a/trust/enumerate.c b/trust/enumerate.c
index e197765..0cef089 100644
--- a/trust/enumerate.c
+++ b/trust/enumerate.c
@@ -674,6 +674,8 @@ p11_enumerate_opt_purpose (p11_enumerate *ex,
 	return true;
 }
 
+extern bool p11_print_messages;
+
 bool
 p11_enumerate_ready (p11_enumerate *ex,
                      const char *def_filter)
@@ -687,8 +689,13 @@ p11_enumerate_ready (p11_enumerate *ex,
 	 * We only "believe" the CKA_TRUSTED and CKA_X_DISTRUSTED attributes
 	 * we get from modules explicitly marked as containing trust-policy.
 	 */
-	if (!ex->modules)
-		ex->modules = p11_kit_modules_load_and_initialize (P11_KIT_MODULE_TRUSTED);
+	if (!ex->modules) {
+		int flags = P11_KIT_MODULE_TRUSTED;
+		if (p11_print_messages)
+			flags |= P11_KIT_MODULE_VERBOSE;
+
+		ex->modules = p11_kit_modules_load_and_initialize (flags);
+	}
 	if (!ex->modules)
 		return false;
 	if (ex->modules[0] == NULL)
diff --git a/trust/module.c b/trust/module.c
index 24cda87..0c16a39 100644
--- a/trust/module.c
+++ b/trust/module.c
@@ -287,6 +287,11 @@ parse_argument (char *arg,
 		free (gl.paths);
 		gl.paths = value ? strdup (value) : NULL;
 
+	} else if (strcmp (arg, "verbose") == 0) {
+		if (strcmp (value, "yes") == 0)
+			p11_message_loud ();
+		else if (strcmp (value, "no") == 0)
+			p11_message_quiet ();
 	} else {
 		p11_message ("unrecognized module argument: %s", arg);
 	}
diff --git a/trust/p11-kit-trust.module b/trust/p11-kit-trust.module
index 72122c3..a2a3306 100644
--- a/trust/p11-kit-trust.module
+++ b/trust/p11-kit-trust.module
@@ -18,3 +18,7 @@ x-trust-lookup: pkcs11:library-description=PKCS%2311%20Kit%20Trust%20Module
 
 # Prevent this module being loaded by the proxy module
 disable-in: p11-kit-proxy
+
+# This will be overwritten by appending "verbose=yes", if the trust
+# command is called with the -v option.
+x-init-reserved:
-- 
cgit v1.1