When a module has a relative path, load it from $libdir/pkcs11

So far we have only supported full paths to the pkcs11 modules in config
files. This change adds relative path support, so that for modules
installed under the standard $libdir/pkcs11, the config file won't have
to spell out the full path.

diff --git a/configure.ac b/configure.ac
index eb2dba078e987782edd720604dc8f45663a69d87..bc6edc88477d2b8e2cf962eea927a6ad49d39694 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -59,6 +59,11 @@ AC_ARG_WITH([system-config],
             [system_config_dir=$withval],
             [system_config_dir=$sysconfdir/pkcs11])
 
+AC_ARG_WITH([module-path],
+            [AS_HELP_STRING([--with-module-path], [Load modules with relative path names from here])],
+            [module_path=$withval],
+            [module_path=$libdir/pkcs11])
+
 # We expand these so we have concrete paths
 p11_system_config=$(eval echo $system_config_dir)
 p11_system_config_file=$(eval echo $p11_system_config/pkcs11.conf)
@@ -66,11 +71,13 @@ p11_system_config_modules=$(eval echo $p11_system_config/modules)
 p11_user_config="~/.pkcs11"
 p11_user_config_file="$p11_user_config/pkcs11.conf"
 p11_user_config_modules="$p11_user_config/modules"
+p11_module_path="$module_path"
 
 AC_DEFINE_UNQUOTED(P11_SYSTEM_CONFIG_FILE, "$p11_system_config_file", [System configuration file])
 AC_DEFINE_UNQUOTED(P11_SYSTEM_CONFIG_MODULES, "$p11_system_config_modules", [System modules configuration dir])
 AC_DEFINE_UNQUOTED(P11_USER_CONFIG_FILE, "$p11_user_config_file", [User configuration file])
 AC_DEFINE_UNQUOTED(P11_USER_CONFIG_MODULES, "$p11_user_config_modules", [User modules configuration dir])
+AC_DEFINE_UNQUOTED(P11_MODULE_PATH, "$p11_module_path", [Path to load modules with relative path names from])
 
 AC_SUBST(p11_system_config)
 AC_SUBST(p11_system_config_file)
@@ -78,6 +85,7 @@ AC_SUBST(p11_system_config_modules)
 AC_SUBST(p11_user_config)
 AC_SUBST(p11_user_config_file)
 AC_SUBST(p11_user_config_modules)
+AC_SUBST(p11_module_path)
 
 # --------------------------------------------------------------------
 # Warnings to show if using GCC
@@ -194,4 +202,5 @@ AC_MSG_NOTICE([build options:
     System Module Config Directory:  $p11_system_config_modules
     User Global Config:              $p11_user_config_file
     User Module Config Directory:    $p11_user_config_modules
+    Load relative module paths from: $p11_module_path
 ])

diff --git a/p11-kit/modules.c b/p11-kit/modules.c
index 1e2095b7838bfc4b0e7107bf4877797a68a95d45..3f1eae1b1881f7c8c64eda70b2476b71103d0ff8 100644 (file)
--- a/p11-kit/modules.c
+++ b/p11-kit/modules.c
@@ -244,6 +244,35 @@ alloc_module_unlocked (void)
        return mod;
 }
 
+static int
+is_relative_path (const char *path)
+{
+       assert (path);
+
+       return (*path != '/');
+}
+
+static char*
+build_path (const char *dir, const char *filename)
+{
+       char *path;
+       int len;
+
+       assert (dir);
+       assert (filename);
+
+       len = snprintf (NULL, 0, "%s/%s", dir, filename) + 1;
+       if (len <= 0 || len > PATH_MAX)
+               return NULL;
+
+       if (!(path = malloc (len)))
+               return NULL;
+
+       sprintf (path, "%s/%s", dir, filename);
+
+       return path;
+}
+
 static CK_RV
 dlopen_and_get_function_list (Module *mod, const char *path)
 {
@@ -312,11 +341,27 @@ load_module_from_file_unlocked (const char *path, Module **result)
        return CKR_OK;
 }
 
+static char*
+expand_module_path (const char *filename)
+{
+       char *path;
+
+       if (is_relative_path (filename)) {
+               debug ("module path is relative, loading from: %s", P11_MODULE_PATH);
+               path = build_path (P11_MODULE_PATH, filename);
+       } else {
+               path = strdup (filename);
+       }
+
+       return path;
+}
+
 static CK_RV
 take_config_and_load_module_unlocked (char **name, hashmap **config)
 {
        Module *mod, *prev;
-       const char *path;
+       const char *module_filename;
+       char *path;
        CK_RV rv;
 
        assert (name);
@@ -324,12 +369,22 @@ take_config_and_load_module_unlocked (char **name, hashmap **config)
        assert (config);
        assert (*config);
 
-       path = hash_get (*config, "module");
-       if (path == NULL) {
+       module_filename = hash_get (*config, "module");
+       if (module_filename == NULL) {
                debug ("no module path for module, skipping: %s", *name);
                return CKR_OK;
        }
 
+       path = expand_module_path (module_filename);
+       if (!path)
+               return CKR_HOST_MEMORY;
+
+       /* The hash map will take ownership of the variable */
+       if (!hash_set (*config, "module", path)) {
+               free (path);
+               return CKR_HOST_MEMORY;
+       }
+
        mod = alloc_module_unlocked ();
        if (!mod)
                return CKR_HOST_MEMORY;

diff --git a/p11-kit/p11-kit-1.pc.in b/p11-kit/p11-kit-1.pc.in
index 0f596fa8863cd29614042e0ef7435412aaafe5d7..7180497b55710c8a3393085ff72a293b2b28efc8 100644 (file)
--- a/p11-kit/p11-kit-1.pc.in
+++ b/p11-kit/p11-kit-1.pc.in
@@ -11,6 +11,7 @@ p11_system_config_modules=@p11_system_config_modules@
 p11_user_config=@p11_user_config@
 p11_user_config_file=@p11_user_config_file@
 p11_user_config_modules=@p11_user_config_modules@
+p11_module_path=@p11_module_path@
 proxy_module=@libdir@/p11-kit-proxy.so
 
 Name: p11-kit