p11-kit: Cleanup and add documentation for 'remote' option

author Stef Walter <stef@thewalter.net>

Tue, 24 Jun 2014 11:34:20 +0000 (13:34 +0200)

committer Stef Walter <stef@thewalter.net>

Tue, 8 Jul 2014 06:59:18 +0000 (08:59 +0200)
author Stef Walter <stef@thewalter.net>
Tue, 24 Jun 2014 11:34:20 +0000 (13:34 +0200)
committer Stef Walter <stef@thewalter.net>
Tue, 8 Jul 2014 06:59:18 +0000 (08:59 +0200)
diff --git a/doc/manual/p11-kit.xml b/doc/manual/p11-kit.xml

index bc618f9d88d6b479f30a39ddc8c7233c223c566a..be3f982dc68b659e1cf3e907fc91f2217a2bce48 100644 (file)
--- a/doc/manual/p11-kit.xml
+++ b/doc/manual/p11-kit.xml
@@ -93,6 +93,21 @@ $ p11-kit list-modules
         for more information</para>
  </refsect1>
  
+<refsect1 id="p11-kit-remote">
+       <title>Remote</title>
+
+       <para>Run a PKCS#11 module remotely.</para>
+
+<programlisting>
+$ p11-kit remote /path/to/pkcs11-module.so
+</programlisting>
+
+       <para>This is not meant to be run directly from a terminal. But rather in a
+       <option>remote</option> option in a
+       <citerefentry><refentrytitle>pkcs11.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+       file.</para>
+</refsect1>
+
  <refsect1 id="p11-kit-bugs">
    <title>Bugs</title>
    <para>
diff --git a/doc/manual/pkcs11.conf.xml b/doc/manual/pkcs11.conf.xml

index 0b61b6f5a5ec8b26bddb6b5e43fcc3c74cce48a0..26176778626daeff202c556ea0074b7e10ea585f 100644 (file)
--- a/doc/manual/pkcs11.conf.xml
+++ b/doc/manual/pkcs11.conf.xml
@@ -154,6 +154,19 @@ x-custom : text
                         alphabetically.</para>
                 </listitem>
         </varlistentry>
+       <varlistentry>
+               <term><option>remote:</option></term>
+               <listitem>
+                       <para>Instead of loading the PKCS#11 module locally, run the module
+                       remotely.</para>
+                       <para>Specify a command to run, prefixed with <literal>|</literal> a pipe.
+                       The command must speak the p11-kit remoting protocol on its standard in
+                       and standard out. For example:</para>
+<programlisting>
+remote: |ssh user@remote p11-kit remote /path/to/module.so
+</programlisting>
+               </listitem>
+       </varlistentry>
         <varlistentry>
                 <term><option>trust-policy:</option></term>
                 <listitem>
diff --git a/p11-kit/rpc-transport.c b/p11-kit/rpc-transport.c

index 0ff82d8fe617829d73f96bc3c123cde91d847f8c..8c3fb0c2a97e29d4fa528e54b68886395c6ec077 100644 (file)
--- a/p11-kit/rpc-transport.c
+++ b/p11-kit/rpc-transport.c
@@ -542,14 +542,16 @@ struct _p11_rpc_transport {
  };
  
  static void
-on_rpc_disconnect (p11_rpc_client_vtable *vtable,
-                   void *init_reserved)
+rpc_transport_disconnect (p11_rpc_client_vtable *vtable,
+                          void *init_reserved)
  {
         p11_rpc_transport *rpc = (p11_rpc_transport *)vtable;
  
-       if (rpc->socket)
+       if (rpc->socket) {
+               rpc_socket_close (rpc->socket);
                 rpc_socket_unref (rpc->socket);
-       rpc->socket = NULL;
+               rpc->socket = NULL;
+       }
  }
  
  static bool
@@ -573,9 +575,9 @@ rpc_transport_uninit (p11_rpc_transport *rpc)
  }
  
  static CK_RV
-on_rpc_transport (p11_rpc_client_vtable *vtable,
-                  p11_buffer *request,
-                  p11_buffer *response)
+rpc_transport_buffer (p11_rpc_client_vtable *vtable,
+                      p11_buffer *request,
+                      p11_buffer *response)
  {
         p11_rpc_transport *rpc = (p11_rpc_transport *)vtable;
         CK_RV rv = CKR_OK;
@@ -632,7 +634,7 @@ typedef struct {
  } rpc_exec;
  
  static void
-wait_or_terminate (pid_t pid)
+rpc_exec_wait_or_terminate (pid_t pid)
  {
         bool terminated = false;
         int status;
@@ -672,8 +674,8 @@ wait_or_terminate (pid_t pid)
  }
  
  static void
-on_rpc_exec_disconnect (p11_rpc_client_vtable *vtable,
-                        void *fini_reserved)
+rpc_exec_disconnect (p11_rpc_client_vtable *vtable,
+                     void *fini_reserved)
  {
         rpc_exec *rex = (rpc_exec *)vtable;
  
@@ -681,11 +683,11 @@ on_rpc_exec_disconnect (p11_rpc_client_vtable *vtable,
                 rpc_socket_close (rex->base.socket);
  
         if (rex->pid)
-               wait_or_terminate (rex->pid);
+               rpc_exec_wait_or_terminate (rex->pid);
         rex->pid = 0;
  
         /* Do the common disconnect stuff */
-       on_rpc_disconnect (vtable, fini_reserved);
+       rpc_transport_disconnect (vtable, fini_reserved);
  }
  
  static int
@@ -699,8 +701,8 @@ set_cloexec_on_fd (void *data,
  }
  
  static CK_RV
-on_rpc_exec_connect (p11_rpc_client_vtable *vtable,
-                     void *init_reserved)
+rpc_exec_connect (p11_rpc_client_vtable *vtable,
+                  void *init_reserved)
  {
         rpc_exec *rex = (rpc_exec *)vtable;
         pid_t pid;
@@ -761,7 +763,7 @@ static void
  rpc_exec_free (void *data)
  {
         rpc_exec *rex = data;
-       on_rpc_exec_disconnect (data, NULL);
+       rpc_exec_disconnect (data, NULL);
         rpc_transport_uninit (&rex->base);
         p11_array_free (rex->argv);
         free (rex);
@@ -797,9 +799,9 @@ rpc_exec_init (const char *remote,
         p11_array_push (argv, NULL);
         rex->argv = argv;
  
-       rex->base.vtable.connect = on_rpc_exec_connect;
-       rex->base.vtable.disconnect = on_rpc_exec_disconnect;
-       rex->base.vtable.transport = on_rpc_transport;
+       rex->base.vtable.connect = rpc_exec_connect;
+       rex->base.vtable.disconnect = rpc_exec_disconnect;
+       rex->base.vtable.transport = rpc_transport_buffer;
         rpc_transport_init (&rex->base, name, rpc_exec_free);
  
         p11_debug ("initialized rpc exec: %s", remote);
@@ -813,24 +815,25 @@ p11_rpc_transport_new (p11_virtual *virt,
                         const char *remote,
                         const char *name)
  {
-       p11_rpc_transport *rpc;
+       p11_rpc_transport *rpc = NULL;
  
         return_val_if_fail (virt != NULL, NULL);
         return_val_if_fail (remote != NULL, NULL);
         return_val_if_fail (name != NULL, NULL);
  
-#ifdef OS_UNIX
-       /* For now we assume it's all a command line */
-       rpc = rpc_exec_init (remote, name);
-
-#else /* !OS_WIN32 */
-       rpc = NULL;
+#ifdef OS_WIN32
         p11_message ("Windows not yet supported for remote");
+       return NULL;
+#endif
  
-#endif /* OS_WIN32 */
+       /* This is a command we can execute */
+       if (remote[0] == '|') {
+               rpc = rpc_exec_init (remote + 1, name);
  
-       if (!rpc)
+       } else {
+               p11_message ("remote not supported: %s", remote);
                 return NULL;
+       }
  
         if (!p11_rpc_client_init (virt, &rpc->vtable))
                 return_val_if_reached (NULL);
diff --git a/p11-kit/tests/test-transport.c b/p11-kit/tests/test-transport.c

index 6ae607246109e15a49d4caa89be97b85e2f15483..4656d349485760b387d2652f3cccee6382341627 100644 (file)
--- a/p11-kit/tests/test-transport.c
+++ b/p11-kit/tests/test-transport.c
@@ -68,7 +68,7 @@ setup_remote (void *unused)
         test.user_config = p11_path_build (test.directory, "pkcs11.conf", NULL);
         p11_test_file_write (NULL, test.user_config, data, strlen (data));
  
-       data = "remote: " BUILDDIR "/../p11-kit remote " BUILDDIR "/.libs/mock-two.so\n";
+       data = "remote: |" BUILDDIR "/../p11-kit remote " BUILDDIR "/.libs/mock-two.so\n";
         p11_test_file_write (test.user_modules, "remote.module", data, strlen (data));
  
         p11_config_user_modules = test.user_modules;
author	Stef Walter <stef@thewalter.net>
	Tue, 24 Jun 2014 11:34:20 +0000 (13:34 +0200)
committer	Stef Walter <stef@thewalter.net>
	Tue, 8 Jul 2014 06:59:18 +0000 (08:59 +0200)
doc/manual/p11-kit.xml		patch \| blob \| history
doc/manual/pkcs11.conf.xml		patch \| blob \| history
p11-kit/rpc-transport.c		patch \| blob \| history
p11-kit/tests/test-transport.c		patch \| blob \| history