TESTS = $(CHECK_PROGS)
+moduledir = $(p11_module_path)
+module_LTLIBRARIES =
+
include common/Makefile.am
include p11-kit/Makefile.am
pkcs11i.h \
pkcs11x.h \
private.h \
+ client.h \
proxy.h \
rpc.h \
rpc-message.h \
<cmdsynopsis>
<command>p11-kit extract</command> ...
</cmdsynopsis>
+ <cmdsynopsis>
+ <command>p11-kit server</command> ...
+ </cmdsynopsis>
</refsynopsisdiv>
<refsect1 id="p11-kit-description">
for more information</para>
</refsect1>
+<refsect1 id="p11-kit-server">
+ <title>Server</title>
+
+ <para>Run a server process that exposes PKCS#11 module remotely.</para>
+
+<programlisting>
+$ p11-kit server /path/to/pkcs11-module.so
+$ p11-kit server pkcs11:token-uri
+</programlisting>
+
+ <para>This launches a server that exposes the given PKCS#11 module or token on a local socket. To access the socket, use <literal>p11-kit-client.so</literal> module. The server address and PID are printed as a shell-script snippet which sets the appropriate environment variable: <literal>P11_KIT_SERVER_ADDRESS</literal> and <literal>P11_KIT_SERVER_PID</literal>.</para>
+
+</refsect1>
+
<refsect1 id="p11-kit-extract-trust">
<title>Extract Trust</title>
p11-kit/uri.h \
$(NULL)
-MODULE_SRCS = \
+COMMON_SRCS = \
p11-kit/util.c \
p11-kit/conf.c p11-kit/conf.h \
p11-kit/iter.c \
p11-kit/pin.c \
p11-kit/pkcs11.h \
p11-kit/private.h \
- p11-kit/proxy.c p11-kit/proxy.h \
p11-kit/messages.c \
p11-kit/rpc-transport.c p11-kit/rpc.h \
p11-kit/rpc-message.c p11-kit/rpc-message.h \
lib_LTLIBRARIES += \
libp11-kit.la
-libp11_kit_la_CFLAGS = \
+COMMON_CFLAGS = \
-DP11_SYSTEM_CONFIG_FILE=\""$(p11_system_config_file)"\" \
-DP11_SYSTEM_CONFIG_MODULES=\""$(p11_system_config_modules)"\" \
-DP11_PACKAGE_CONFIG_MODULES=\""$(p11_package_config_modules)"\" \
$(LIBFFI_CFLAGS) \
$(NULL)
+COMMON_LIBS = \
+ libp11-common.la \
+ libp11-library.la \
+ $(LIBFFI_LIBS) \
+ $(LTLIBINTL) \
+ $(NULL)
+
+libp11_kit_la_CFLAGS = $(COMMON_CFLAGS)
+
libp11_kit_la_LDFLAGS = \
-no-undefined \
-version-info $(P11KIT_LT_RELEASE) \
-export-symbols-regex '^C_GetFunctionList|^p11_kit_'
-libp11_kit_la_SOURCES = $(MODULE_SRCS)
+libp11_kit_la_SOURCES = \
+ p11-kit/proxy.c p11-kit/proxy.h p11-kit/proxy-init.c
+ $(NULL)
libp11_kit_la_LIBADD = \
- libp11-common.la \
- libp11-library.la \
- $(LIBFFI_LIBS) \
- $(LTLIBINTL) \
+ libp11-kit-internal.la \
+ $(COMMON_LIBS) \
$(NULL)
noinst_LTLIBRARIES += \
- libp11-kit-testable.la
+ libp11-kit-internal.la \
+ libp11-kit-testable.la \
+ $(NULL)
+
+libp11_kit_internal_la_LDFLAGS = -no-undefined
+libp11_kit_internal_la_CFLAGS = $(COMMON_CFLAGS)
+libp11_kit_internal_la_SOURCES = $(COMMON_SRCS)
libp11_kit_testable_la_LDFLAGS = -no-undefined
-libp11_kit_testable_la_SOURCES = $(MODULE_SRCS)
-libp11_kit_testable_la_LIBADD = $(libp11_kit_la_LIBADD)
+libp11_kit_testable_la_SOURCES = \
+ $(libp11_kit_internal_la_SOURCES) \
+ $(libp11_kit_la_SOURCES) \
+ $(NULL)
+libp11_kit_testable_la_LIBADD = $(COMMON_LIBS)
if OS_WIN32
p11-kit/p11-kit-remote.socket \
p11-kit/p11-kit-remote@.service
+if !OS_WIN32
+module_LTLIBRARIES += \
+ p11-kit-client.la
+
+p11_kit_client_la_LDFLAGS = \
+ -no-undefined -module -avoid-version \
+ -version-info $(P11KIT_LT_RELEASE) \
+ -export-symbols-regex '^C_GetFunctionList' \
+ $(NULL)
+
+p11_kit_client_la_CFLAGS = $(COMMON_CFLAGS)
+
+p11_kit_client_la_SOURCES = \
+ p11-kit/client.c p11-kit/client.h p11-kit/client-init.c \
+ $(NULL)
+
+p11_kit_client_la_LIBADD = $(libp11_kit_la_LIBADD)
+endif
+
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = p11-kit/p11-kit-1.pc
--- /dev/null
+/*
+ * Copyright (c) 2011 Collabora Ltd
+ * Copyright (c) 2012 Stef Walter
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ *
+ * CONTRIBUTORS
+ * Stef Walter <stef@thewalter.net>
+ */
+
+#include "config.h"
+
+#include "client.h"
+#include "library.h"
+#include "pkcs11.h"
+
+/* p11_proxy_module_check() is defined as a weak symbol in modules.c */
+#ifndef __GNUC__
+bool p11_proxy_module_check (CK_FUNCTION_LIST_PTR module);
+
+bool
+p11_proxy_module_check (CK_FUNCTION_LIST_PTR module)
+{
+ return false;
+}
+#endif
+
+#ifdef OS_UNIX
+
+void _p11_kit_init (void);
+
+void _p11_kit_fini (void);
+
+#ifdef __GNUC__
+__attribute__((constructor))
+#endif
+void
+_p11_kit_init (void)
+{
+ p11_library_init_once ();
+}
+
+#ifdef __GNUC__
+__attribute__((destructor))
+#endif
+void
+_p11_kit_fini (void)
+{
+ p11_client_module_cleanup ();
+ p11_library_uninit ();
+}
+
+#endif /* OS_UNIX */
+
+#ifdef OS_WIN32
+
+BOOL WINAPI DllMain (HINSTANCE, DWORD, LPVOID);
+
+BOOL WINAPI
+DllMain (HINSTANCE instance,
+ DWORD reason,
+ LPVOID reserved)
+{
+ switch (reason) {
+ case DLL_PROCESS_ATTACH:
+ p11_library_init ();
+ break;
+ case DLL_THREAD_DETACH:
+ p11_library_thread_cleanup ();
+ break;
+ case DLL_PROCESS_DETACH:
+ p11_client_module_cleanup ();
+ p11_library_uninit ();
+ break;
+ default:
+ break;
+ }
+
+ return TRUE;
+}
+
+#endif /* OS_WIN32 */
--- /dev/null
+/*
+ * Copyright (C) 2016 Red Hat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Daiki Ueno
+ */
+
+#include "config.h"
+
+#include "client.h"
+#include "compat.h"
+#include "library.h"
+#include "path.h"
+#include "rpc.h"
+
+#include <pwd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+typedef struct _State {
+ p11_virtual virt;
+ p11_rpc_transport *rpc;
+ CK_FUNCTION_LIST *wrapped;
+ struct _State *next;
+} State;
+
+static State *all_instances = NULL;
+
+static CK_RV
+get_runtime_directory (char **directoryp)
+{
+ const char *envvar;
+ static const char * const bases[] = { "/run", "/var/run", NULL };
+ char prefix[13 + 1 + 20 + 6 + 1];
+ char *directory;
+ uid_t uid;
+ struct stat sb;
+ struct passwd pwbuf, *pw;
+ char buf[1024];
+ int i;
+
+ /* We can't always assume the XDG_RUNTIME_DIR envvar here,
+ * because the PKCS#11 module can be loaded by a program that
+ * calls setuid(). */
+ envvar = secure_getenv ("XDG_RUNTIME_DIR");
+
+ if (envvar != NULL && envvar[0] != '\0') {
+ directory = strdup (envvar);
+ if (!directory)
+ return CKR_HOST_MEMORY;
+
+ *directoryp = directory;
+ return CKR_OK;
+ }
+
+ uid = getuid ();
+
+ for (i = 0; bases[i] != NULL; i++) {
+ snprintf (prefix, sizeof prefix, "%s/user/%u",
+ bases[i], (unsigned int) uid);
+ if (stat (prefix, &sb) != -1 && S_ISDIR (sb.st_mode)) {
+ directory = strdup (prefix);
+ if (!directory)
+ return CKR_HOST_MEMORY;
+ *directoryp = directory;
+ return CKR_OK;
+ }
+ }
+
+ /* We can't use /run/user/<UID>, fallback to ~/.cache. */
+ if (getpwuid_r (uid, &pwbuf, buf, sizeof buf, &pw) < 0 ||
+ pw == NULL || pw->pw_dir == NULL || *pw->pw_dir != '/')
+ return CKR_GENERAL_ERROR;
+
+ if (asprintf (&directory, "%s/.cache", pw->pw_dir) < 0)
+ return CKR_HOST_MEMORY;
+ *directoryp = directory;
+ return CKR_OK;
+}
+
+static CK_RV
+get_server_address (char **addressp)
+{
+ const char *envvar;
+ char *path;
+ char *encoded;
+ char *address;
+ char *directory;
+ int ret;
+ CK_RV rv;
+
+ envvar = secure_getenv ("P11_KIT_SERVER_ADDRESS");
+ if (envvar != NULL && envvar[0] != '\0') {
+ address = strdup (envvar);
+ if (!address)
+ return CKR_HOST_MEMORY;
+ *addressp = address;
+ return CKR_OK;
+ }
+
+ rv = get_runtime_directory (&directory);
+ if (rv != CKR_OK)
+ return rv;
+
+ ret = asprintf (&path, "%s/p11-kit/pkcs11", directory);
+ free (directory);
+ if (ret < 0)
+ return CKR_HOST_MEMORY;
+
+ encoded = p11_path_encode (path);
+ free (path);
+ if (!encoded)
+ return CKR_HOST_MEMORY;
+
+ ret = asprintf (&address, "unix:path=%s", encoded);
+ free (encoded);
+ if (ret < 0)
+ return CKR_HOST_MEMORY;
+
+ *addressp = address;
+ return CKR_OK;
+}
+
+#ifdef OS_WIN32
+__declspec(dllexport)
+#endif
+CK_RV
+C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
+{
+ char *address = NULL;
+ State *state;
+ CK_FUNCTION_LIST_PTR module = NULL;
+ CK_RV rv = CKR_OK;
+
+ p11_library_init_once ();
+ p11_lock ();
+
+ rv = get_server_address (&address);
+
+ if (rv == CKR_OK) {
+ state = calloc (1, sizeof (State));
+ if (!state)
+ rv = CKR_HOST_MEMORY;
+ }
+
+ if (rv == CKR_OK) {
+ state->rpc = p11_rpc_transport_new (&state->virt,
+ address,
+ "client");
+ if (!state->rpc)
+ rv = CKR_GENERAL_ERROR;
+ }
+
+ if (rv == CKR_OK) {
+ module = p11_virtual_wrap (&state->virt, free);
+ if (!module)
+ rv = CKR_GENERAL_ERROR;
+ }
+
+ if (rv == CKR_OK) {
+ *list = module;
+ state->wrapped = module;
+ state->next = all_instances;
+ all_instances = state;
+ }
+
+ p11_unlock ();
+
+ free (address);
+
+ return rv;
+}
+
+void
+p11_client_module_cleanup (void)
+{
+ State *state, *next;
+
+ state = all_instances;
+ all_instances = NULL;
+
+ for (; state != NULL; state = next) {
+ next = state->next;
+ p11_virtual_unwrap (state->wrapped);
+ p11_rpc_transport_free (state->rpc);
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2013 Red Hat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@redhat.com>
+ */
+
+#ifndef __P11_CLIENT_H__
+#define __P11_CLIENT_H__
+
+void p11_client_module_cleanup (void);
+
+
+#endif /* __P11_CLIENT_H__ */
return mod;
}
+#ifdef __GNUC__
+bool p11_proxy_module_check (CK_FUNCTION_LIST_PTR module) __attribute__((weak));
+
+bool
+p11_proxy_module_check (CK_FUNCTION_LIST_PTR module)
+{
+ return false;
+}
+#endif
+
static CK_RV
dlopen_and_get_function_list (Module *mod,
const char *path,
--- /dev/null
+/*
+ * Copyright (c) 2011 Collabora Ltd
+ * Copyright (c) 2012 Stef Walter
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ *
+ * CONTRIBUTORS
+ * Stef Walter <stef@thewalter.net>
+ */
+
+#include "config.h"
+
+#include "library.h"
+#include "p11-kit.h"
+#include "proxy.h"
+
+#ifdef OS_UNIX
+
+void _p11_kit_init (void);
+
+void _p11_kit_fini (void);
+
+#ifdef __GNUC__
+__attribute__((constructor))
+#endif
+void
+_p11_kit_init (void)
+{
+ p11_library_init_once ();
+}
+
+#ifdef __GNUC__
+__attribute__((destructor))
+#endif
+void
+_p11_kit_fini (void)
+{
+ p11_proxy_module_cleanup ();
+ p11_library_uninit ();
+}
+
+#endif /* OS_UNIX */
+
+#ifdef OS_WIN32
+
+BOOL WINAPI DllMain (HINSTANCE, DWORD, LPVOID);
+
+BOOL WINAPI
+DllMain (HINSTANCE instance,
+ DWORD reason,
+ LPVOID reserved)
+{
+ switch (reason) {
+ case DLL_PROCESS_ATTACH:
+ p11_library_init ();
+ break;
+ case DLL_THREAD_DETACH:
+ p11_library_thread_cleanup ();
+ break;
+ case DLL_PROCESS_DETACH:
+ p11_proxy_module_cleanup ();
+ p11_library_uninit ();
+ break;
+ default:
+ break;
+ }
+
+ return TRUE;
+}
+
+#endif /* OS_WIN32 */
goto out;
}
- iter = p11_kit_iter_new (uri, P11_KIT_ITER_WANT_TOKENS);
+ iter = p11_kit_iter_new (uri, P11_KIT_ITER_WITH_TOKENS | P11_KIT_ITER_WITHOUT_OBJECTS);
p11_kit_uri_free (uri);
if (iter == NULL)
goto out;
#include "message.h"
#include "p11-kit.h"
#include "private.h"
-#include "proxy.h"
#include <assert.h>
#include <stdarg.h>
return NULL;
return p11_my_progname;
}
-
-#ifdef OS_UNIX
-
-void _p11_kit_init (void);
-
-void _p11_kit_fini (void);
-
-#ifdef __GNUC__
-__attribute__((constructor))
-#endif
-void
-_p11_kit_init (void)
-{
- p11_library_init_once ();
-}
-
-#ifdef __GNUC__
-__attribute__((destructor))
-#endif
-void
-_p11_kit_fini (void)
-{
- p11_proxy_module_cleanup ();
- p11_library_uninit ();
-}
-
-#endif /* OS_UNIX */
-
-#ifdef OS_WIN32
-
-BOOL WINAPI DllMain (HINSTANCE, DWORD, LPVOID);
-
-BOOL WINAPI
-DllMain (HINSTANCE instance,
- DWORD reason,
- LPVOID reserved)
-{
- switch (reason) {
- case DLL_PROCESS_ATTACH:
- p11_library_init ();
- break;
- case DLL_THREAD_DETACH:
- p11_library_thread_cleanup ();
- break;
- case DLL_PROCESS_DETACH:
- p11_proxy_module_cleanup ();
- p11_library_uninit ();
- break;
- default:
- break;
- }
-
- return TRUE;
-}
-
-#endif /* OS_WIN32 */
configdir = $(p11_package_config_modules)
config_DATA = trust/p11-kit-trust.module
-moduledir = $(p11_module_path)
-module_LTLIBRARIES = \
+module_LTLIBRARIES += \
p11-kit-trust.la
p11_kit_trust_la_CFLAGS = \
projects / p11-kit / commitdiff