Rework add-profile

Signed-off-by: Zoltan Fridrich <[email protected]>
p11-glue · Sep 19, 2023 · a25f72e · a25f72e
1 parent 0862100
commit a25f72e
Showing 1 changed file with 62 additions and 51 deletions.
diff --git a/p11-kit/add-profile.c b/p11-kit/add-profile.c
@@ -44,7 +44,6 @@
 #include "tool.h"
 
 #include <assert.h>
-#include <stdbool.h>
 #include <stdlib.h>
 
 #ifdef ENABLE_NLS
@@ -58,53 +57,17 @@ int
 p11_kit_add_profile (int argc,
 		     char *argv[]);
 
-static bool
-profile_exists (CK_FUNCTION_LIST *module,
-		CK_PROFILE_ID profile)
-{
-	CK_RV rv;
-	P11KitIter *iter = NULL;
-	CK_OBJECT_CLASS klass = CKO_PROFILE;
-	CK_PROFILE_ID profile_id = CKP_INVALID_ID;
-	CK_ATTRIBUTE matching = { CKA_CLASS, &klass, sizeof (klass) };
-	CK_ATTRIBUTE attr = { CKA_PROFILE_ID, &profile_id, sizeof (profile_id) };
-	CK_FUNCTION_LIST *modules[] = { module, NULL };
-
-	iter = p11_kit_iter_new (NULL, 0);
-	if (iter == NULL) {
-		p11_message (_("failed to initialize iterator"));
-		return false;
-	}
-
-	p11_kit_iter_add_filter (iter, &matching, 1);
-	p11_kit_iter_begin (iter, modules);
-	while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
-		rv = p11_kit_iter_get_attributes (iter, &attr, 1);
-		if (rv != CKR_OK) {
-			p11_message (_("failed to retrieve attribute of an object: %s"), p11_kit_strerror (rv));
-			p11_kit_iter_free (iter);
-			return false;
-		}
-
-		if (profile_id == profile) {
-			p11_kit_iter_free (iter);
-			return true;
-		}
-	}
-	p11_kit_iter_free (iter);
-
-	return false;
-}
-
 static int
 add_profile (const char *token_str,
 	     CK_PROFILE_ID profile)
 {
 	int ret = 1;
 	CK_RV rv;
+	const char *pin = NULL;
+	CK_ULONG count = 0;
 	CK_OBJECT_HANDLE object = 0;
 	CK_SESSION_HANDLE session = 0;
-	CK_FUNCTION_LIST *prev_module = NULL;
+	CK_SLOT_ID slot = 0;
 	CK_FUNCTION_LIST *module = NULL;
 	CK_FUNCTION_LIST **modules = NULL;
 	P11KitUri *uri = NULL;
@@ -135,33 +98,81 @@ add_profile (const char *token_str,
 		goto cleanup;
 	}
 
-	iter = p11_kit_iter_new (uri, P11_KIT_ITER_WANT_WRITABLE);
+	iter = p11_kit_iter_new (uri, P11_KIT_ITER_WITH_TOKENS | P11_KIT_ITER_WITHOUT_OBJECTS);
 	if (iter == NULL) {
 		p11_message (_("failed to initialize iterator"));
 		goto cleanup;
 	}
 
 	p11_kit_iter_begin (iter, modules);
-	while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
-		module = p11_kit_iter_get_module (iter);
-		if (module == prev_module || profile_exists (module, profile)) {
-			prev_module = module;
-			continue;
-		}
+	rv = p11_kit_iter_next (iter);
+	if (rv != CKR_OK) {
+		p11_message (_("failed to find the token: %s"), p11_kit_strerror (rv));
+		goto cleanup;
+	}
 
-		session = p11_kit_iter_get_session (iter);
-		rv = module->C_CreateObject (session, template, template_len, &object);
+	module = p11_kit_iter_get_module (iter);
+	if (module == NULL) {
+		p11_message (_("failed to obtain module"));
+		goto cleanup;
+	}
+
+	slot = p11_kit_iter_get_slot (iter);
+	if (slot == 0) {
+		p11_message (_("failed to obtain slot"));
+		goto cleanup;
+	}
+
+	rv = module->C_OpenSession (slot, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session);
+	if (rv != CKR_OK) {
+		p11_message (_("failed to open session: %s"), p11_kit_strerror (rv));
+		goto cleanup;
+	}
+
+	pin = p11_kit_uri_get_pin_value (uri);
+	if (pin != NULL) {
+		rv = module->C_Login (session, CKU_USER, (unsigned char *)pin, strlen (pin));
 		if (rv != CKR_OK) {
-			p11_message (_("failed to create profile object: %s"), p11_kit_strerror (rv));
+			p11_message (_("failed to login: %s"), p11_kit_strerror (rv));
 			goto cleanup;
 		}
+	}
+
+	rv = module->C_FindObjectsInit (session, template, template_len);
+	if (rv != CKR_OK) {
+		p11_message (_("failed to initialize search for objects: %s"), p11_kit_strerror (rv));
+		goto cleanup;
+	}
+
+	rv = module->C_FindObjects (session, &object, 1, &count);
+	if (rv != CKR_OK) {
+		module->C_FindObjectsFinal (session);
+		p11_message (_("failed to search for objects: %s"), p11_kit_strerror (rv));
+		goto cleanup;
+	}
 
-		prev_module = module;
+	rv = module->C_FindObjectsFinal (session);
+	if (rv != CKR_OK) {
+		p11_message (_("failed to finalize search for objects: %s"), p11_kit_strerror (rv));
+		goto cleanup;
+	}
+
+	if (count == 0) {
+		p11_message (_("profile already exists"));
+		goto cleanup;
+	}
+
+	rv = module->C_CreateObject (session, template, template_len, &object);
+	if (rv != CKR_OK) {
+		p11_message (_("failed to create profile object: %s"), p11_kit_strerror (rv));
+		goto cleanup;
 	}
 
 	ret = 0;
 
 cleanup:
+	if (session != 0)
+		module->C_CloseSession (session);
 	p11_kit_iter_free (iter);
 	p11_kit_uri_free (uri);
 	if (modules != NULL)