From fb8bf5a5f82e5b4f0afe72e247255f37fc0dedc8 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Mon, 5 Feb 2018 11:10:01 +0100 Subject: p11_kit_remote_serve_tokens: Read "write-protected" setting from URI --- p11-kit/rpc-server.c | 12 ++++++++++++ p11-kit/test-server.c | 30 ++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c index 6f504dc..b222e8c 100644 --- a/p11-kit/rpc-server.c +++ b/p11-kit/rpc-server.c @@ -35,6 +35,7 @@ #include "config.h" +#include "conf.h" #define P11_DEBUG_FLAG P11_DEBUG_RPC #include "debug.h" #include "filter.h" @@ -2163,6 +2164,7 @@ p11_kit_remote_serve_tokens (const char **tokens, for (i = 0; i < n_tokens; i++) { CK_TOKEN_INFO *token; + const char *write_protected; uri = p11_kit_uri_new (); if (uri == NULL) @@ -2175,6 +2177,16 @@ p11_kit_remote_serve_tokens (const char **tokens, } token = p11_kit_uri_get_token_info (uri); + + /* Reflect "write-protected" setting in the URI */ + write_protected = + p11_kit_uri_get_vendor_query (uri, "write-protected"); + if (write_protected && + _p11_conf_parse_boolean (write_protected, false)) + token->flags |= CKF_WRITE_PROTECTED; + else + token->flags &= ~CKF_WRITE_PROTECTED; + p11_filter_allow_token (filter, token); p11_kit_uri_free (uri); } diff --git a/p11-kit/test-server.c b/p11-kit/test-server.c index c6f877b..aa63cb4 100644 --- a/p11-kit/test-server.c +++ b/p11-kit/test-server.c @@ -184,6 +184,35 @@ test_open_session (void *unused) p11_kit_module_release (module); } +static void +test_open_session_write_protected (void *unused) +{ + CK_SESSION_HANDLE session; + CK_FUNCTION_LIST_PTR module; + CK_SLOT_ID slots[32]; + CK_ULONG count; + CK_RV rv; + + module = p11_kit_module_load (BUILDDIR "/.libs/p11-kit-client" SHLEXT, 0); + assert (module != NULL); + + rv = p11_kit_module_initialize (module); + assert (rv == CKR_OK); + + count = 32; + rv = module->C_GetSlotList (CK_TRUE, slots, &count); + assert (rv == CKR_OK); + assert_num_eq (1, count); + + rv = module->C_OpenSession (slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session); + assert (rv == CKR_TOKEN_WRITE_PROTECTED); + + rv = p11_kit_module_finalize (module); + assert (rv == CKR_OK); + + p11_kit_module_release (module); +} + int main (int argc, char *argv[]) @@ -194,6 +223,7 @@ main (int argc, p11_fixture (setup_server, teardown_server); p11_testx (test_initialize, (void *)"pkcs11:", "/server/initialize"); p11_testx (test_open_session, (void *)"pkcs11:", "/server/open-session"); + p11_testx (test_open_session_write_protected, (void *)"pkcs11:?write-protected=yes", "/server/open-session-write-protected"); return p11_test_run (argc, argv); } -- cgit v1.1