I realized that once we load the modules with p11-kit there is no way back. That is, the software using p11-kit cannot guess which soname is used for operations. That doesn't matter normally, but that information is useful to figure for use in non-p11-kit compliant applications.
For example p11tool could list the actual module name of a token to use with ssh (a non-p11-kit enabled app). The attached patch adds p11_kit_module_get_filename() to address that. regards, Nikos
From f9fb634c1d22eeb9d940c0a57f0e3414c7e343e5 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos <[email protected]> Date: Fri, 10 Jul 2015 14:31:57 +0200 Subject: [PATCH] Added p11_kit_module_get_filename() That function allows to obtain the filename used by the PKCS #11 module. That is the filename used by dlopen(). Note that we don't provide p11_kit_module_for_filename() because it would have to deal with filename equivalences. --- p11-kit/modules.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ p11-kit/p11-kit.h | 1 + p11-kit/test-modules.c | 39 ++++++++++++++++++++++++++++++++++++++- 3 files changed, 87 insertions(+), 1 deletion(-) diff --git a/p11-kit/modules.c b/p11-kit/modules.c index 38c752b..e5fa7d4 100644 --- a/p11-kit/modules.c +++ b/p11-kit/modules.c @@ -146,6 +146,7 @@ typedef struct _Module { /* Registered modules */ char *name; + char *filename; p11_dict *config; bool critical; @@ -256,6 +257,7 @@ free_module_unlocked (void *data) p11_mutex_uninit (&mod->initialize_mutex); p11_dict_free (mod->config); free (mod->name); + free (mod->filename); free (mod); } @@ -524,6 +526,12 @@ take_config_and_load_module_inlock (char **name, } /* Take ownership of thes evariables */ + free (mod->filename); + if (filename) + mod->filename = strdup(filename); + else + mod->filename = NULL; + p11_dict_free (mod->config); mod->config = *config; *config = NULL; @@ -1154,6 +1162,46 @@ p11_kit_module_get_name (CK_FUNCTION_LIST *module) return name; } +/** + * p11_kit_module_get_filename: + * @module: pointer to a loaded module + * + * Get the configured name of the PKCS\#11 module. + * + * Configured modules are loaded by p11_kit_modules_load(). The module + * passed to this function can be either managed or unmanaged. Non + * configured modules will return %NULL. + * + * Use free() to release the return value when you're done with it. + * + * Returns: a newly allocated string containing the module name, or + * <code>NULL</code> if the module is not a configured module + */ +char * +p11_kit_module_get_filename (CK_FUNCTION_LIST *module) +{ + Module *mod; + char *name = NULL; + + return_val_if_fail (module != NULL, NULL); + + p11_library_init_once (); + + p11_lock (); + + p11_message_clear (); + + if (gl.modules) { + mod = module_for_functions_inlock (module); + if (mod && mod->filename) + name = strdup (mod->filename); + } + + p11_unlock (); + + return name; +} + static const char * module_get_option_inlock (Module *mod, const char *option) diff --git a/p11-kit/p11-kit.h b/p11-kit/p11-kit.h index f99f7ed..a266c35 100644 --- a/p11-kit/p11-kit.h +++ b/p11-kit/p11-kit.h @@ -78,6 +78,7 @@ void p11_kit_modules_finalize_and_release (CK_FUNCTION_LIST ** CK_FUNCTION_LIST * p11_kit_module_for_name (CK_FUNCTION_LIST **modules, const char *name); +char * p11_kit_module_get_filename (CK_FUNCTION_LIST *module); char * p11_kit_module_get_name (CK_FUNCTION_LIST *module); int p11_kit_module_get_flags (CK_FUNCTION_LIST *module); diff --git a/p11-kit/test-modules.c b/p11-kit/test-modules.c index f274502..58cf2e3 100644 --- a/p11-kit/test-modules.c +++ b/p11-kit/test-modules.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012 Red Hat Inc + * Copyright (c) 2012, 2015 Red Hat Inc * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -126,6 +126,25 @@ lookup_module_with_name (CK_FUNCTION_LIST_PTR_PTR modules, return match; } +static CK_FUNCTION_LIST_PTR +lookup_module_with_filename (CK_FUNCTION_LIST_PTR_PTR modules, + const char *name) +{ + CK_FUNCTION_LIST_PTR match = NULL; + char *module_name; + int i; + + for (i = 0; match == NULL && modules[i] != NULL; i++) { + module_name = p11_kit_module_get_filename (modules[i]); + assert_ptr_not_null (module_name); + if (strcmp (module_name, name) == 0) + match = modules[i]; + free (module_name); + } + + return match; +} + static void test_disable (void) { @@ -157,6 +176,23 @@ test_disable (void) } static void +test_filename (void) +{ + CK_FUNCTION_LIST_PTR_PTR modules; + + /* + * The module four should be present, as we don't match any prognames + * that it has disabled. + */ + + modules = initialize_and_get_modules (); +#ifndef _WIN32 + assert (lookup_module_with_filename (modules, "mock-four.so") != NULL); +#endif + finalize_and_free_modules (modules); +} + +static void test_disable_later (void) { CK_FUNCTION_LIST_PTR_PTR modules; @@ -398,6 +434,7 @@ main (int argc, { p11_library_init (); + p11_test (test_filename, "/modules/test_filename"); p11_test (test_no_duplicates, "/modules/test_no_duplicates"); p11_test (test_disable, "/modules/test_disable"); p11_test (test_disable_later, "/modules/test_disable_later"); -- 2.4.3
_______________________________________________ p11-glue mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/p11-glue
