#include <stdio.h>
#include <string.h>
-static bool print_messages = false;
+bool p11_print_messages = false;
#ifdef HAVE_STRERROR_L
locale_t p11_message_locale = (locale_t) 0;
buffer[length] = 0;
/* If printing is not disabled, just print out */
- if (print_messages)
+ if (p11_print_messages)
fprintf (stderr, "p11-kit: %s\n", buffer);
else
p11_debug_message (P11_DEBUG_LIB, "message: %s", buffer);
void
p11_message_quiet (void)
{
- print_messages = false;
+ p11_print_messages = false;
}
void
p11_message_loud (void)
{
- print_messages = true;
+ p11_print_messages = true;
}
const char *
p11_dict_free (mod->config);
free (mod->name);
free (mod->filename);
+ free (mod->init_args.pReserved);
free (mod);
}
static CK_RV
take_config_and_load_module_inlock (char **name,
p11_dict **config,
- bool critical)
+ bool critical,
+ bool verbose)
{
const char *filename = NULL;
const char *remote = NULL;
+ char *init_reserved = NULL;
CK_RV rv = CKR_OK;
Module *mod;
* 'x-init-reserved' setting in the config. This only works with specific
* PKCS#11 modules, and is non-standard use of that field.
*/
- mod->init_args.pReserved = p11_dict_get (*config, "x-init-reserved");
+ init_reserved = p11_dict_get (*config, "x-init-reserved");
+ if (init_reserved) {
+ if (verbose) {
+ init_reserved = strconcat (init_reserved, " verbose=yes", NULL);
+ } else {
+ init_reserved = strdup (init_reserved);
+ }
+ if (init_reserved == NULL) {
+ rv = CKR_HOST_MEMORY;
+ goto out;
+ }
+ }
+ mod->init_args.pReserved = init_reserved;
/* Take ownership of these variables */
p11_dict_free (mod->config);
}
static CK_RV
-load_registered_modules_unlocked (void)
+load_registered_modules_unlocked (int flags)
{
p11_dictiter iter;
p11_dict *configs;
int mode;
CK_RV rv;
bool critical;
+ bool verbose;
if (gl.config)
return CKR_OK;
/* Is this a critical module, should abort loading of others? */
critical = _p11_conf_parse_boolean (p11_dict_get (config, "critical"), false);
- rv = take_config_and_load_module_inlock (&name, &config, critical);
+ verbose = (flags & P11_KIT_MODULE_VERBOSE) != 0;
+ rv = take_config_and_load_module_inlock (&name, &config, critical, verbose);
/*
* These variables will be cleared if ownership is transeferred
if (rv != CKR_OK)
return rv;
- rv = load_registered_modules_unlocked ();
+ rv = load_registered_modules_unlocked (0);
if (rv == CKR_OK) {
p11_dict_iterate (gl.unmanaged_by_funcs, &iter);
while (rv == CKR_OK && p11_dict_next (&iter, NULL, (void **)&mod)) {
if (rv != CKR_OK)
return rv;
- rv = load_registered_modules_unlocked ();
+ rv = load_registered_modules_unlocked (flags);
if (rv != CKR_OK)
return rv;
P11_KIT_MODULE_UNMANAGED = 1 << 0,
P11_KIT_MODULE_CRITICAL = 1 << 1,
P11_KIT_MODULE_TRUSTED = 1 << 2,
- P11_KIT_MODULE_MASK = (1 << 3) - 1
+ P11_KIT_MODULE_VERBOSE = 1 << 3,
+ P11_KIT_MODULE_MASK = (1 << 4) - 1
};
typedef void (* p11_kit_destroyer) (void *data);
return true;
}
+extern bool p11_print_messages;
+
bool
p11_enumerate_ready (p11_enumerate *ex,
const char *def_filter)
* We only "believe" the CKA_TRUSTED and CKA_X_DISTRUSTED attributes
* we get from modules explicitly marked as containing trust-policy.
*/
- if (!ex->modules)
- ex->modules = p11_kit_modules_load_and_initialize (P11_KIT_MODULE_TRUSTED);
+ if (!ex->modules) {
+ int flags = P11_KIT_MODULE_TRUSTED;
+ if (p11_print_messages)
+ flags |= P11_KIT_MODULE_VERBOSE;
+
+ ex->modules = p11_kit_modules_load_and_initialize (flags);
+ }
if (!ex->modules)
return false;
if (ex->modules[0] == NULL)
free (gl.paths);
gl.paths = value ? strdup (value) : NULL;
+ } else if (strcmp (arg, "verbose") == 0) {
+ if (strcmp (value, "yes") == 0)
+ p11_message_loud ();
+ else if (strcmp (value, "no") == 0)
+ p11_message_quiet ();
} else {
p11_message ("unrecognized module argument: %s", arg);
}
# Prevent this module being loaded by the proxy module
disable-in: p11-kit-proxy
+
+# This will be overwritten by appending "verbose=yes", if the trust
+# command is called with the -v option.
+x-init-reserved:
projects / p11-kit / commitdiff