From 0c51f30b8d00cd79ededf6d1e3f0baf98a924281 Mon Sep 17 00:00:00 2001 From: Zoltan Fridrich Date: Mon, 18 Sep 2023 14:13:05 +0200 Subject: [PATCH] Rework add-profile Signed-off-by: Zoltan Fridrich --- p11-kit/add-profile.c | 114 +++++++++++++++++++++++------------------- 1 file changed, 63 insertions(+), 51 deletions(-) diff --git a/p11-kit/add-profile.c b/p11-kit/add-profile.c index e79b2e7d..312556be 100644 --- a/p11-kit/add-profile.c +++ b/p11-kit/add-profile.c @@ -44,8 +44,8 @@ #include "tool.h" #include -#include #include +#include #ifdef ENABLE_NLS #include @@ -58,53 +58,17 @@ int p11_kit_add_profile (int argc, char *argv[]); -static bool -profile_exists (CK_FUNCTION_LIST *module, - CK_PROFILE_ID profile) -{ - CK_RV rv; - P11KitIter *iter = NULL; - CK_OBJECT_CLASS klass = CKO_PROFILE; - CK_PROFILE_ID profile_id = CKP_INVALID_ID; - CK_ATTRIBUTE matching = { CKA_CLASS, &klass, sizeof (klass) }; - CK_ATTRIBUTE attr = { CKA_PROFILE_ID, &profile_id, sizeof (profile_id) }; - CK_FUNCTION_LIST *modules[] = { module, NULL }; - - iter = p11_kit_iter_new (NULL, 0); - if (iter == NULL) { - p11_message (_("failed to initialize iterator")); - return false; - } - - p11_kit_iter_add_filter (iter, &matching, 1); - p11_kit_iter_begin (iter, modules); - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - rv = p11_kit_iter_get_attributes (iter, &attr, 1); - if (rv != CKR_OK) { - p11_message (_("failed to retrieve attribute of an object: %s"), p11_kit_strerror (rv)); - p11_kit_iter_free (iter); - return false; - } - - if (profile_id == profile) { - p11_kit_iter_free (iter); - return true; - } - } - p11_kit_iter_free (iter); - - return false; -} - static int add_profile (const char *token_str, CK_PROFILE_ID profile) { int ret = 1; CK_RV rv; + const char *pin = NULL; + CK_ULONG count = 0; CK_OBJECT_HANDLE object = 0; CK_SESSION_HANDLE session = 0; - CK_FUNCTION_LIST *prev_module = NULL; + CK_SLOT_ID slot = 0; CK_FUNCTION_LIST *module = NULL; CK_FUNCTION_LIST **modules = NULL; P11KitUri *uri = NULL; @@ -135,33 +99,81 @@ add_profile (const char *token_str, goto cleanup; } - iter = p11_kit_iter_new (uri, P11_KIT_ITER_WANT_WRITABLE); + iter = p11_kit_iter_new (uri, P11_KIT_ITER_WITH_TOKENS | P11_KIT_ITER_WITHOUT_OBJECTS); if (iter == NULL) { p11_message (_("failed to initialize iterator")); goto cleanup; } p11_kit_iter_begin (iter, modules); - while ((rv = p11_kit_iter_next (iter)) == CKR_OK) { - module = p11_kit_iter_get_module (iter); - if (module == prev_module || profile_exists (module, profile)) { - prev_module = module; - continue; - } + rv = p11_kit_iter_next (iter); + if (rv != CKR_OK) { + p11_message (_("failed to find the token: %s"), p11_kit_strerror (rv)); + goto cleanup; + } - session = p11_kit_iter_get_session (iter); - rv = module->C_CreateObject (session, template, template_len, &object); + module = p11_kit_iter_get_module (iter); + if (module == NULL) { + p11_message (_("failed to obtain module")); + goto cleanup; + } + + slot = p11_kit_iter_get_slot (iter); + if (slot == 0) { + p11_message (_("failed to obtain slot")); + goto cleanup; + } + + rv = module->C_OpenSession (slot, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session); + if (rv != CKR_OK) { + p11_message (_("failed to open session: %s"), p11_kit_strerror (rv)); + goto cleanup; + } + + pin = p11_kit_uri_get_pin_value (uri); + if (pin != NULL) { + rv = module->C_Login (session, CKU_USER, (unsigned char *)pin, strlen (pin)); if (rv != CKR_OK) { - p11_message (_("failed to create profile object: %s"), p11_kit_strerror (rv)); + p11_message (_("failed to login: %s"), p11_kit_strerror (rv)); goto cleanup; } + } + + rv = module->C_FindObjectsInit (session, template, template_len); + if (rv != CKR_OK) { + p11_message (_("failed to initialize search for objects: %s"), p11_kit_strerror (rv)); + goto cleanup; + } + + rv = module->C_FindObjects (session, &object, 1, &count); + if (rv != CKR_OK) { + module->C_FindObjectsFinal (session); + p11_message (_("failed to search for objects: %s"), p11_kit_strerror (rv)); + goto cleanup; + } - prev_module = module; + rv = module->C_FindObjectsFinal (session); + if (rv != CKR_OK) { + p11_message (_("failed to finalize search for objects: %s"), p11_kit_strerror (rv)); + goto cleanup; + } + + if (count != 0) { + p11_message (_("profile already exists")); + goto cleanup; + } + + rv = module->C_CreateObject (session, template, template_len, &object); + if (rv != CKR_OK) { + p11_message (_("failed to create profile object: %s"), p11_kit_strerror (rv)); + goto cleanup; } ret = 0; cleanup: + if (session != 0) + module->C_CloseSession (session); p11_kit_iter_free (iter); p11_kit_uri_free (uri); if (modules != NULL)