Skip to content

Commit

Permalink
iter: Add option to stop at token with active session
Browse files Browse the repository at this point in the history 
The commit fd7c819 introduced a
slight backward incompatibility to the P11KitIter behavior when
iterating with P11_KIT_ITER_WITH_TOKENS: previously it stopped before
opening a token, while now it stops after that.

This adds a compatibility measure so those two are distinguishable
with an explicit flag P11_KIT_ITER_WITH_SESSIONS and a kind
P11_KIT_ITER_KIND_SESSION.

Signed-off-by: Daiki Ueno <[email protected]>
  • Loading branch information
@ueno
ueno committed Oct 19, 2023
1 parent e5f0be3 commit 8767007
Show file tree
Hide file tree
Showing 6 changed files with 28 additions and 13 deletions.
2 changes: 1 addition & 1 deletion p11-kit/add-profile.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ add_profile (const char *token_str,
goto cleanup;
}

behavior = P11_KIT_ITER_WANT_WRITABLE | P11_KIT_ITER_WITH_TOKENS | P11_KIT_ITER_WITHOUT_OBJECTS;
behavior = P11_KIT_ITER_WANT_WRITABLE | P11_KIT_ITER_WITH_SESSIONS | P11_KIT_ITER_WITHOUT_OBJECTS;
if (login) {
behavior |= P11_KIT_ITER_WITH_LOGIN;
#ifdef OS_UNIX
Expand Down
2 changes: 1 addition & 1 deletion p11-kit/delete-profile.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ delete_profile (const char *token_str,
goto cleanup;
}

behavior = P11_KIT_ITER_WANT_WRITABLE | P11_KIT_ITER_WITH_TOKENS | P11_KIT_ITER_WITHOUT_OBJECTS;
behavior = P11_KIT_ITER_WANT_WRITABLE | P11_KIT_ITER_WITH_SESSIONS | P11_KIT_ITER_WITHOUT_OBJECTS;
if (login) {
behavior |= P11_KIT_ITER_WITH_LOGIN;
#ifdef OS_UNIX
Expand Down
2 changes: 1 addition & 1 deletion p11-kit/generate-keypair.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -296,7 +296,7 @@ generate_keypair (const char *token_str,
goto cleanup;
}

behavior = P11_KIT_ITER_WANT_WRITABLE | P11_KIT_ITER_WITH_TOKENS | P11_KIT_ITER_WITHOUT_OBJECTS;
behavior = P11_KIT_ITER_WANT_WRITABLE | P11_KIT_ITER_WITH_SESSIONS | P11_KIT_ITER_WITHOUT_OBJECTS;
if (login) {
behavior |= P11_KIT_ITER_WITH_LOGIN;
#ifdef OS_UNIX
Expand Down
31 changes: 22 additions & 9 deletions p11-kit/iter.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,13 +116,16 @@ struct p11_kit_iter {
unsigned int with_tokens : 1;
unsigned int with_objects : 1;
unsigned int with_login : 1;
unsigned int with_sessions : 1;
};

/**
* P11KitIterKind:
* @P11_KIT_ITER_KIND_MODULE: The iterator is pointing to a module.
* @P11_KIT_ITER_KIND_SLOT: The iterator is pointing to a slot.
* @P11_KIT_ITER_KIND_TOKEN: The iterator is pointing to a token.
* @P11_KIT_ITER_KIND_SESSION: The iterator is pointing to a token with an
* active session.
* @P11_KIT_ITER_KIND_OBJECT: The iterator is pointing to an object.
* @P11_KIT_ITER_KIND_UNKNOWN: The iterator doesn't point to anything.
*
Expand All @@ -138,6 +141,8 @@ struct p11_kit_iter {
* @P11_KIT_ITER_WITH_MODULES: Stop at each module while iterating.
* @P11_KIT_ITER_WITH_SLOTS: Stop at each slot while iterating.
* @P11_KIT_ITER_WITH_TOKENS: Stop at each token while iterating.
* @P11_KIT_ITER_WITH_SESSIONS: Stop at each token while iterating (after
* opening a session).
* @P11_KIT_ITER_WITHOUT_OBJECTS: Ignore objects while iterating.
*
* Various flags controlling the behavior of the iterator.
Expand Down Expand Up @@ -179,6 +184,7 @@ p11_kit_iter_new (P11KitUri *uri,
iter->with_modules = !!(behavior & P11_KIT_ITER_WITH_MODULES);
iter->with_slots = !!(behavior & P11_KIT_ITER_WITH_SLOTS);
iter->with_tokens = !!(behavior & P11_KIT_ITER_WITH_TOKENS);
iter->with_sessions = !!(behavior & P11_KIT_ITER_WITH_SESSIONS);
iter->with_objects = !(behavior & P11_KIT_ITER_WITHOUT_OBJECTS);
iter->with_login = !!(behavior & P11_KIT_ITER_WITH_LOGIN);

Expand Down Expand Up @@ -597,7 +603,7 @@ move_next_session (P11KitIter *iter)
COROUTINE_RETURN (move_next_session, 1, CKR_OK);
}

if (iter->with_slots || iter->with_tokens || iter->with_objects) {
if (iter->with_slots || iter->with_tokens || iter->with_sessions || iter->with_objects) {
CK_SLOT_ID *slots;

rv = (iter->module->C_GetSlotList) (CK_TRUE, NULL, &num_slots);
Expand All @@ -618,7 +624,8 @@ move_next_session (P11KitIter *iter)
}

/* Move to the next slot, and open a session on it */
while ((iter->with_slots || iter->with_tokens || iter->with_objects) &&
while ((iter->with_slots || iter->with_tokens || iter->with_sessions ||
iter->with_objects) &&
iter->saw_slots < iter->num_slots) {
iter->slot = iter->slots[iter->saw_slots++];

Expand All @@ -636,6 +643,11 @@ move_next_session (P11KitIter *iter)
if (rv != CKR_OK || !p11_match_uri_token_info (&iter->match_token, &iter->token_info))
continue;

if (iter->with_tokens) {
iter->kind = P11_KIT_ITER_KIND_TOKEN;
COROUTINE_RETURN (move_next_session, 3, CKR_OK);
}

session_flags = CKF_SERIAL_SESSION;

/* Skip if the read/write on a read-only token */
Expand Down Expand Up @@ -664,11 +676,10 @@ move_next_session (P11KitIter *iter)
return finish_iterating (iter, rv);
}

}

if (iter->with_tokens) {
iter->kind = P11_KIT_ITER_KIND_TOKEN;
COROUTINE_RETURN (move_next_session, 3, CKR_OK);
if (iter->with_sessions) {
iter->kind = P11_KIT_ITER_KIND_SESSION;
COROUTINE_RETURN (move_next_session, 4, CKR_OK);
}
}

iter->move_next_session_state = 0;
Expand Down Expand Up @@ -717,7 +728,8 @@ p11_kit_iter_next (P11KitIter *iter)
if (iter->match_nothing)
return finish_iterating (iter, CKR_CANCEL);

if (!(iter->with_modules || iter->with_slots || iter->with_tokens || iter->with_objects))
if (!(iter->with_modules || iter->with_slots || iter->with_tokens ||
iter->with_sessions || iter->with_objects))
return finish_iterating (iter, CKR_CANCEL);

/*
Expand All @@ -742,7 +754,8 @@ p11_kit_iter_next (P11KitIter *iter)
* objects, or we are looking for modules/slots/tokens */
if ((iter->with_objects && iter->searched) ||
(!iter->with_objects &&
(iter->with_modules || iter->with_slots || iter->with_tokens))) {
(iter->with_modules || iter->with_slots || iter->with_tokens ||
iter->with_sessions))) {
/* Use iter->kind as the sentinel to detect the case where
* any match (except object) is successful in
* move_next_session() */
Expand Down
2 changes: 2 additions & 0 deletions p11-kit/iter.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ typedef enum {
P11_KIT_ITER_KIND_SLOT,
P11_KIT_ITER_KIND_TOKEN,
P11_KIT_ITER_KIND_OBJECT,
P11_KIT_ITER_KIND_SESSION,
P11_KIT_ITER_KIND_UNKNOWN = -1,
} P11KitIterKind;

Expand All @@ -74,6 +75,7 @@ typedef enum {
P11_KIT_ITER_WITH_TOKENS = 1 << 5,
P11_KIT_ITER_WITHOUT_OBJECTS = 1 << 6,
P11_KIT_ITER_WITH_LOGIN = 1 << 7,
P11_KIT_ITER_WITH_SESSIONS = 1 << 8,
} P11KitIterBehavior;

typedef CK_RV (* p11_kit_iter_callback) (P11KitIter *iter,
Expand Down
2 changes: 1 addition & 1 deletion p11-kit/list-profiles.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ list_profiles (const char *token_str,
goto cleanup;
}

behavior = P11_KIT_ITER_WITH_TOKENS | P11_KIT_ITER_WITHOUT_OBJECTS;
behavior = P11_KIT_ITER_WITH_SESSIONS | P11_KIT_ITER_WITHOUT_OBJECTS;
if (login) {
behavior |= P11_KIT_ITER_WITH_LOGIN;
#ifdef OS_UNIX
Expand Down

0 comments on commit 8767007

Please sign in to comment.