iter: Add new P11_KIT_ITER_WANT_WRITABLE iterator behavior

This allows us to try to get a RW session, but if not fallback
to a read-only session.

diff --git a/doc/manual/p11-kit-sections.txt b/doc/manual/p11-kit-sections.txt
index 7ee3019f54a571d6a3fc3bd36e3af9cc831c73b2..2780c7fc388c0c91cac471580e42b7617db37bec 100644 (file)
--- a/doc/manual/p11-kit-sections.txt
+++ b/doc/manual/p11-kit-sections.txt
@@ -99,7 +99,6 @@ p11_kit_be_loud
 p11_kit_destroyer
 P11KitIter
 p11_kit_iter_new
-p11_kit_iter_set_session_flags
 p11_kit_iter_add_callback
 p11_kit_iter_callback
 p11_kit_iter_add_filter

diff --git a/p11-kit/iter.c b/p11-kit/iter.c
index 124d990131571988a7e16f051fdc1ca7ee37c5ba..3f26eda0a4a87d6b44f705ba3f35757d6cf5b491 100644 (file)
--- a/p11-kit/iter.c
+++ b/p11-kit/iter.c
@@ -64,7 +64,6 @@ struct p11_kit_iter {
        CK_TOKEN_INFO match_token;
        CK_ATTRIBUTE *match_attrs;
        Callback *callbacks;
-       CK_FLAGS session_flags;
 
        /* The input modules */
        p11_array *modules;
@@ -93,12 +92,15 @@ struct p11_kit_iter {
        unsigned int match_nothing : 1;
        unsigned int keep_session : 1;
        unsigned int preload_results : 1;
+       unsigned int want_writable : 1;
 };
 
 /**
  * P11KitIterBehavior:
  * @P11_KIT_ITER_BUSY_SESSIONS: Allow the iterator's sessions to be
- * in a busy state when the iterator returns an object.
+ *   in a busy state when the iterator returns an object.
+ * @P11_KIT_ITER_WANT_WRITABLE: Try to open read-write sessions when
+ *   iterating over obojects.
  *
  * Various flags controling the behavior of the iterator.
  */
@@ -135,6 +137,8 @@ p11_kit_iter_new (P11KitUri *uri,
        iter->modules = p11_array_new (NULL);
        return_val_if_fail (iter->modules != NULL, NULL);
 
+       iter->want_writable = !!(behavior & P11_KIT_ITER_WANT_WRITABLE);
+
        if (uri != NULL) {
 
                if (p11_kit_uri_any_unrecognized (uri)) {
@@ -157,30 +161,11 @@ p11_kit_iter_new (P11KitUri *uri,
                iter->match_module.libraryVersion.major = (CK_BYTE)-1;
                iter->match_module.libraryVersion.minor = (CK_BYTE)-1;
        }
-
-       iter->session_flags = CKF_SERIAL_SESSION;
        iter->preload_results = !(behavior & P11_KIT_ITER_BUSY_SESSIONS);
 
        return iter;
 }
 
-/**
- * p11_kit_iter_set_session_flags:
- * @iter: the iterator
- * @flags: set of session flags
- *
- * Set the PKCS\#11 session flags to be used when the iterator opens
- * new sessions.
- */
-void
-p11_kit_iter_set_session_flags (P11KitIter *iter,
-                                CK_FLAGS flags)
-{
-       return_if_fail (iter != NULL);
-       return_if_fail (!iter->iterating);
-       iter->session_flags = flags | CKF_SERIAL_SESSION;
-}
-
 /**
  * p11_kit_destroyer:
  * @data: data to destroy
@@ -450,6 +435,7 @@ static CK_RV
 move_next_session (P11KitIter *iter)
 {
        CK_TOKEN_INFO tinfo;
+       CK_ULONG session_flags;
        CK_ULONG num_slots;
        CK_INFO minfo;
        CK_RV rv;
@@ -497,7 +483,13 @@ move_next_session (P11KitIter *iter)
                if (rv != CKR_OK || !p11_match_uri_token_info (&iter->match_token, &tinfo))
                        continue;
 
-               rv = (iter->module->C_OpenSession) (iter->slot, iter->session_flags,
+               session_flags = CKF_SERIAL_SESSION;
+
+               /* Skip if the read/write on a read-only token */
+               if (iter->want_writable && (tinfo.flags & CKF_WRITE_PROTECTED) == 0)
+                       session_flags |= CKF_RW_SESSION;
+
+               rv = (iter->module->C_OpenSession) (iter->slot, session_flags,
                                                    NULL, NULL, &iter->session);
                if (rv != CKR_OK)
                        return finish_iterating (iter, rv);

diff --git a/p11-kit/iter.h b/p11-kit/iter.h
index d8534ec2ff675a03b355d17a0bc011c5e39a4856..17bd6f1338750f4549bf2bf245343bc52ebed81d 100644 (file)
--- a/p11-kit/iter.h
+++ b/p11-kit/iter.h
@@ -49,6 +49,7 @@ typedef struct p11_kit_iter P11KitIter;
 
 typedef enum {
        P11_KIT_ITER_BUSY_SESSIONS = 1 << 1,
+       P11_KIT_ITER_WANT_WRITABLE = 1 << 2,
 } P11KitIterBehavior;
 
 typedef CK_RV      (* p11_kit_iter_callback)                (P11KitIter *iter,
@@ -60,9 +61,6 @@ P11KitIter *          p11_kit_iter_new                      (P11KitUri *uri,
 
 void                  p11_kit_iter_free                     (P11KitIter *iter);
 
-void                  p11_kit_iter_set_session_flags        (P11KitIter *iter,
-                                                             CK_FLAGS flags);
-
 void                  p11_kit_iter_add_callback             (P11KitIter *iter,
                                                              p11_kit_iter_callback callback,
                                                              void *callback_data,

diff --git a/p11-kit/tests/test-iter.c b/p11-kit/tests/test-iter.c
index 309a0ad8465631a0c1409b87997eb8b99f4260f1..b6bf6f9346c84745472bd647586a234d00730d5c 100644 (file)
--- a/p11-kit/tests/test-iter.c
+++ b/p11-kit/tests/test-iter.c
@@ -576,9 +576,7 @@ test_session_flags (void)
 
        modules = initialize_and_get_modules ();
 
-       iter = p11_kit_iter_new (NULL, 0);
-       p11_kit_iter_set_session_flags (iter, CKF_RW_SESSION);
-
+       iter = p11_kit_iter_new (NULL, P11_KIT_ITER_WANT_WRITABLE);
        p11_kit_iter_begin (iter, modules);
 
        while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {