From 0684cd7b7f815b411ea5041c021f92ca5ef42606 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Wed, 11 Jan 2017 09:32:19 +0100 Subject: rpc: Add PKCS#11 module that connects to socket This patch adds a PKCS#11 module that connects to the p11-kit server exposed on the filesystem. The filename of the socket is determined in the following order: - $P11_KIT_SERVER_ADDRESS, if the envvar is available - $XDG_RUNTIME_DIR/p11-kit/pkcs11, if the envvar is available - /run/$(id -u)/p11-kit/pkcs11, if /run/$(id -u) exists - /var/run/$(id -u)/p11-kit/pkcs11, if /var/run/$(id -u) exists - ~/.cache/p11-kit/pkcs11. Note that the program loading this module may have called setuid() and secure_getenv() which we use for fetching envvars could return NULL. --- doc/manual/Makefile.am | 1 + doc/manual/p11-kit.xml | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) (limited to 'doc/manual') diff --git a/doc/manual/Makefile.am b/doc/manual/Makefile.am index 7108977..a3c6b66 100644 --- a/doc/manual/Makefile.am +++ b/doc/manual/Makefile.am @@ -60,6 +60,7 @@ IGNORE_HFILES= \ pkcs11i.h \ pkcs11x.h \ private.h \ + client.h \ proxy.h \ rpc.h \ rpc-message.h \ diff --git a/doc/manual/p11-kit.xml b/doc/manual/p11-kit.xml index 223df62..0c813b8 100644 --- a/doc/manual/p11-kit.xml +++ b/doc/manual/p11-kit.xml @@ -35,6 +35,9 @@ p11-kit extract ... + + p11-kit server ... + @@ -85,6 +88,20 @@ $ p11-kit list-modules for more information + + Server + + Run a server process that exposes PKCS#11 module remotely. + + +$ p11-kit server /path/to/pkcs11-module.so +$ p11-kit server pkcs11:token-uri + + + This launches a server that exposes the given PKCS#11 module or token on a local socket. To access the socket, use p11-kit-client.so module. The server address and PID are printed as a shell-script snippet which sets the appropriate environment variable: P11_KIT_SERVER_ADDRESS and P11_KIT_SERVER_PID. + + + Extract Trust -- cgit v1.1