223 lines
6.7 KiB
Diff
223 lines
6.7 KiB
Diff
From 0dd62395788ae566d3adef967611bce214a04435 Mon Sep 17 00:00:00 2001
|
|
From: Daiki Ueno <dueno@redhat.com>
|
|
Date: Sun, 23 Dec 2018 14:11:00 +0100
|
|
Subject: [PATCH 24/36] trust: Propagate library verbosity to module through
|
|
init_args
|
|
|
|
Previously, even when the -v option is used with the 'trust' command,
|
|
the messages from p11-kit-trust.so module were suppressed because the
|
|
verbosity setting is not propagated to the module.
|
|
---
|
|
common/message.c | 8 ++++----
|
|
p11-kit/modules.c | 29 +++++++++++++++++++++++------
|
|
p11-kit/p11-kit.h | 3 ++-
|
|
trust/enumerate.c | 11 +++++++++--
|
|
trust/module.c | 5 +++++
|
|
trust/p11-kit-trust.module | 4 ++++
|
|
6 files changed, 47 insertions(+), 13 deletions(-)
|
|
|
|
diff --git a/common/message.c b/common/message.c
|
|
index f9d4f57..e439def 100644
|
|
--- a/common/message.c
|
|
+++ b/common/message.c
|
|
@@ -58,7 +58,7 @@
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
|
|
-static bool print_messages = false;
|
|
+bool p11_print_messages = false;
|
|
|
|
#ifdef HAVE_STRERROR_L
|
|
locale_t p11_message_locale = (locale_t) 0;
|
|
@@ -148,7 +148,7 @@ p11_message (const char* msg,
|
|
buffer[length] = 0;
|
|
|
|
/* If printing is not disabled, just print out */
|
|
- if (print_messages)
|
|
+ if (p11_print_messages)
|
|
fprintf (stderr, "p11-kit: %s\n", buffer);
|
|
else
|
|
p11_debug_message (P11_DEBUG_LIB, "message: %s", buffer);
|
|
@@ -158,13 +158,13 @@ p11_message (const char* msg,
|
|
void
|
|
p11_message_quiet (void)
|
|
{
|
|
- print_messages = false;
|
|
+ p11_print_messages = false;
|
|
}
|
|
|
|
void
|
|
p11_message_loud (void)
|
|
{
|
|
- print_messages = true;
|
|
+ p11_print_messages = true;
|
|
}
|
|
|
|
const char *
|
|
diff --git a/p11-kit/modules.c b/p11-kit/modules.c
|
|
index cfc4daf..0299eda 100644
|
|
--- a/p11-kit/modules.c
|
|
+++ b/p11-kit/modules.c
|
|
@@ -306,6 +306,7 @@ free_module_unlocked (void *data)
|
|
p11_dict_free (mod->config);
|
|
free (mod->name);
|
|
free (mod->filename);
|
|
+ free (mod->init_args.pReserved);
|
|
free (mod);
|
|
}
|
|
|
|
@@ -550,10 +551,12 @@ is_module_enabled_unlocked (const char *name,
|
|
static CK_RV
|
|
take_config_and_load_module_inlock (char **name,
|
|
p11_dict **config,
|
|
- bool critical)
|
|
+ bool critical,
|
|
+ bool verbose)
|
|
{
|
|
const char *filename = NULL;
|
|
const char *remote = NULL;
|
|
+ char *init_reserved = NULL;
|
|
CK_RV rv = CKR_OK;
|
|
Module *mod;
|
|
|
|
@@ -591,7 +594,19 @@ take_config_and_load_module_inlock (char **name,
|
|
* 'x-init-reserved' setting in the config. This only works with specific
|
|
* PKCS#11 modules, and is non-standard use of that field.
|
|
*/
|
|
- mod->init_args.pReserved = p11_dict_get (*config, "x-init-reserved");
|
|
+ init_reserved = p11_dict_get (*config, "x-init-reserved");
|
|
+ if (init_reserved) {
|
|
+ if (verbose) {
|
|
+ init_reserved = strconcat (init_reserved, " verbose=yes", NULL);
|
|
+ } else {
|
|
+ init_reserved = strdup (init_reserved);
|
|
+ }
|
|
+ if (init_reserved == NULL) {
|
|
+ rv = CKR_HOST_MEMORY;
|
|
+ goto out;
|
|
+ }
|
|
+ }
|
|
+ mod->init_args.pReserved = init_reserved;
|
|
|
|
/* Take ownership of thes evariables */
|
|
p11_dict_free (mod->config);
|
|
@@ -607,7 +622,7 @@ out:
|
|
}
|
|
|
|
static CK_RV
|
|
-load_registered_modules_unlocked (void)
|
|
+load_registered_modules_unlocked (int flags)
|
|
{
|
|
p11_dictiter iter;
|
|
p11_dict *configs;
|
|
@@ -617,6 +632,7 @@ load_registered_modules_unlocked (void)
|
|
int mode;
|
|
CK_RV rv;
|
|
bool critical;
|
|
+ bool verbose;
|
|
|
|
if (gl.config)
|
|
return CKR_OK;
|
|
@@ -652,7 +668,8 @@ load_registered_modules_unlocked (void)
|
|
|
|
/* Is this a critical module, should abort loading of others? */
|
|
critical = _p11_conf_parse_boolean (p11_dict_get (config, "critical"), false);
|
|
- rv = take_config_and_load_module_inlock (&name, &config, critical);
|
|
+ verbose = (flags & P11_KIT_MODULE_VERBOSE) != 0;
|
|
+ rv = take_config_and_load_module_inlock (&name, &config, critical, verbose);
|
|
|
|
/*
|
|
* These variables will be cleared if ownership is transeferred
|
|
@@ -858,7 +875,7 @@ initialize_registered_inlock_reentrant (void)
|
|
if (rv != CKR_OK)
|
|
return rv;
|
|
|
|
- rv = load_registered_modules_unlocked ();
|
|
+ rv = load_registered_modules_unlocked (0);
|
|
if (rv == CKR_OK) {
|
|
p11_dict_iterate (gl.unmanaged_by_funcs, &iter);
|
|
while (rv == CKR_OK && p11_dict_next (&iter, NULL, (void **)&mod)) {
|
|
@@ -1955,7 +1972,7 @@ p11_modules_load_inlock_reentrant (int flags,
|
|
if (rv != CKR_OK)
|
|
return rv;
|
|
|
|
- rv = load_registered_modules_unlocked ();
|
|
+ rv = load_registered_modules_unlocked (flags);
|
|
if (rv != CKR_OK)
|
|
return rv;
|
|
|
|
diff --git a/p11-kit/p11-kit.h b/p11-kit/p11-kit.h
|
|
index abf618b..cc89595 100644
|
|
--- a/p11-kit/p11-kit.h
|
|
+++ b/p11-kit/p11-kit.h
|
|
@@ -57,7 +57,8 @@ enum {
|
|
P11_KIT_MODULE_UNMANAGED = 1 << 0,
|
|
P11_KIT_MODULE_CRITICAL = 1 << 1,
|
|
P11_KIT_MODULE_TRUSTED = 1 << 2,
|
|
- P11_KIT_MODULE_MASK = (1 << 3) - 1
|
|
+ P11_KIT_MODULE_VERBOSE = 1 << 3,
|
|
+ P11_KIT_MODULE_MASK = (1 << 4) - 1
|
|
};
|
|
|
|
typedef void (* p11_kit_destroyer) (void *data);
|
|
diff --git a/trust/enumerate.c b/trust/enumerate.c
|
|
index e197765..0cef089 100644
|
|
--- a/trust/enumerate.c
|
|
+++ b/trust/enumerate.c
|
|
@@ -674,6 +674,8 @@ p11_enumerate_opt_purpose (p11_enumerate *ex,
|
|
return true;
|
|
}
|
|
|
|
+extern bool p11_print_messages;
|
|
+
|
|
bool
|
|
p11_enumerate_ready (p11_enumerate *ex,
|
|
const char *def_filter)
|
|
@@ -687,8 +689,13 @@ p11_enumerate_ready (p11_enumerate *ex,
|
|
* We only "believe" the CKA_TRUSTED and CKA_X_DISTRUSTED attributes
|
|
* we get from modules explicitly marked as containing trust-policy.
|
|
*/
|
|
- if (!ex->modules)
|
|
- ex->modules = p11_kit_modules_load_and_initialize (P11_KIT_MODULE_TRUSTED);
|
|
+ if (!ex->modules) {
|
|
+ int flags = P11_KIT_MODULE_TRUSTED;
|
|
+ if (p11_print_messages)
|
|
+ flags |= P11_KIT_MODULE_VERBOSE;
|
|
+
|
|
+ ex->modules = p11_kit_modules_load_and_initialize (flags);
|
|
+ }
|
|
if (!ex->modules)
|
|
return false;
|
|
if (ex->modules[0] == NULL)
|
|
diff --git a/trust/module.c b/trust/module.c
|
|
index 24cda87..0c16a39 100644
|
|
--- a/trust/module.c
|
|
+++ b/trust/module.c
|
|
@@ -287,6 +287,11 @@ parse_argument (char *arg,
|
|
free (gl.paths);
|
|
gl.paths = value ? strdup (value) : NULL;
|
|
|
|
+ } else if (strcmp (arg, "verbose") == 0) {
|
|
+ if (strcmp (value, "yes") == 0)
|
|
+ p11_message_loud ();
|
|
+ else if (strcmp (value, "no") == 0)
|
|
+ p11_message_quiet ();
|
|
} else {
|
|
p11_message ("unrecognized module argument: %s", arg);
|
|
}
|
|
diff --git a/trust/p11-kit-trust.module b/trust/p11-kit-trust.module
|
|
index 72122c3..a2a3306 100644
|
|
--- a/trust/p11-kit-trust.module
|
|
+++ b/trust/p11-kit-trust.module
|
|
@@ -18,3 +18,7 @@ x-trust-lookup: pkcs11:library-description=PKCS%2311%20Kit%20Trust%20Module
|
|
|
|
# Prevent this module being loaded by the proxy module
|
|
disable-in: p11-kit-proxy
|
|
+
|
|
+# This will be overwritten by appending "verbose=yes", if the trust
|
|
+# command is called with the -v option.
|
|
+x-init-reserved:
|
|
--
|
|
2.19.1
|
|
|