diff --git a/common/Makefile.am b/common/Makefile.am index 37efdc93e..da180c621 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -47,8 +47,8 @@ libp11_test_la_SOURCES = \ $(NULL) libp11_tool_la_SOURCES = \ + common/options.c common/options.h \ common/print.c common/print.h \ - common/tool.c common/tool.h \ $(NULL) if !OS_WIN32 diff --git a/common/meson.build b/common/meson.build index 027f64aa0..44892d661 100644 --- a/common/meson.build +++ b/common/meson.build @@ -52,8 +52,8 @@ if get_option('test') endif libp11_tool_sources = [ - 'print.c', - 'tool.c' + 'options.c', + 'print.c' ] if host_system != 'windows' diff --git a/common/tool.c b/common/options.c similarity index 99% rename from common/tool.c rename to common/options.c index 5bd2a956a..5b32a852c 100644 --- a/common/tool.c +++ b/common/options.c @@ -59,7 +59,7 @@ #define _(x) (x) #endif -#include "tool.h" +#include "options.h" static char short_option (int opt) diff --git a/common/tool.h b/common/options.h similarity index 96% rename from common/tool.h rename to common/options.h index 16785da4c..26c3da5ef 100644 --- a/common/tool.h +++ b/common/options.h @@ -32,8 +32,8 @@ * Author: Stef Walter */ -#ifndef P11_TOOL_H_ -#define P11_TOOL_H_ +#ifndef P11_OPTIONS_H_ +#define P11_OPTIONS_H_ #include @@ -62,4 +62,4 @@ int p11_tool_getopt (int argc, void p11_tool_usage (const p11_tool_desc *usages, const struct option *longopts); -#endif /* P11_TOOL_H_ */ +#endif /* P11_OPTIONS_H_ */ diff --git a/doc/manual/p11-kit.xml b/doc/manual/p11-kit.xml index 0787f37f2..4d78976b5 100644 --- a/doc/manual/p11-kit.xml +++ b/doc/manual/p11-kit.xml @@ -33,43 +33,43 @@ p11-kit list-modules - p11-kit list-tokens ... + p11-kit list-tokens ... - p11-kit list-objects ... + p11-kit list-objects ... - p11-kit import-object ... + p11-kit import-object ... - p11-kit export-object ... + p11-kit export-object ... - p11-kit delete-object ... + p11-kit delete-object ... - p11-kit generate-keypair ... + p11-kit generate-keypair ... - p11-kit list-profiles ... + p11-kit list-profiles ... - p11-kit add-profile ... + p11-kit add-profile ... - p11-kit delete-profile ... + p11-kit delete-profile ... - p11-kit list-mechanisms ... + p11-kit list-mechanisms ... p11-kit print-config - p11-kit extract ... + p11-kit extract ... - p11-kit server ... + p11-kit server ... @@ -117,13 +117,27 @@ $ p11-kit list-modules List all tokens available in system configured PKCS#11 modules. -$ p11-kit list-tokens [--only-uris] pkcs11:token +$ p11-kit list-tokens pkcs11:token This retrieves all tokens and displays some of their - common attributes. If is given, - only the matching token URIs are printed. + common attributes. + This subcommand takes the following options: + + + + + Print only the matching token URIs. + + + + Load only the given PKCS#11 module instead of enumerating modules installed on the system. If module_path is a relative path, the module is loaded from the default module path. This path can be determined by running: + +$ pkg-config p11-kit-1 --variable p11_module_path +/usr/lib64/pkcs11 + + @@ -132,13 +146,28 @@ $ p11-kit list-tokens [--only-uris] pkcs11:token List objects matching given PKCS#11 URI. -$ p11-kit list-objects [--login] pkcs11:object_on_token +$ p11-kit list-objects pkcs11:object_on_token This retrieves all objects that match given PKCS#11 URI and displays some of their common attributes. Storage objects also have their PKCS#11 URI displayed. + This subcommand takes the following options: + + + + + Authenticate to the token before enumerating objects. The PIN value is read from either the pin-value attribute in the URI or from the terminal. + + + + Load only the given PKCS#11 module instead of enumerating modules installed on the system. If module_path is a relative path, the module is loaded from the default module path. This path can be determined by running: + +$ pkg-config p11-kit-1 --variable p11_module_path +/usr/lib64/pkcs11 + + @@ -147,24 +176,41 @@ $ p11-kit list-objects [--login] pkcs11:object_on_token Import object into PKCS#11 token. -$ p11-kit import-object --file=file.pem [--label=label] [--login] pkcs11:token +$ p11-kit import-object --file=file.pem [--label=label] pkcs11:token Takes either an X.509 certificate or a public key in the form of a PEM file and imports it into the first token matched by given PKCS#11 URI. + The following options are required: + File containing either an X.509 certificate - or a public key in PEM format. This option is required. + or a public key in PEM format. + + + This subcommand also accepts the following options: + + Assigns label to the imported object. + + + Authenticate to the token before enumerating objects. The PIN value is read from either the pin-value attribute in the URI or from the terminal. + + + + Load only the given PKCS#11 module instead of enumerating modules installed on the system. If module_path is a relative path, the module is loaded from the default module path. This path can be determined by running: + +$ pkg-config p11-kit-1 --variable p11_module_path +/usr/lib64/pkcs11 + - @@ -173,12 +219,27 @@ $ p11-kit import-object --file=file.pem [--label=label] [--login& Export object matching PKCS#11 URI. -$ p11-kit export-object [--login] pkcs11:object_on_token +$ p11-kit export-object pkcs11:object_on_token Displays PEM formatted contents of the first object matched by given PKCS#11 URI. The matched object has to either be an X.509 certificate or a public key. + This subcommand takes the following options: + + + + + Authenticate to the token before enumerating objects. The PIN value is read from either the pin-value attribute in the URI or from the terminal. + + + + Load only the given PKCS#11 module instead of enumerating modules installed on the system. If module_path is a relative path, the module is loaded from the default module path. This path can be determined by running: + +$ pkg-config p11-kit-1 --variable p11_module_path +/usr/lib64/pkcs11 + + @@ -187,11 +248,26 @@ $ p11-kit export-object [--login] pkcs11:object_on_token Delete object matching PKCS#11 URI. -$ p11-kit delete-object [--login] pkcs11:object_on_token +$ p11-kit delete-object pkcs11:object_on_token Destroys the first object matched by given PKCS#11 URI. + This subcommand takes the following options: + + + + + Authenticate to the token before enumerating objects. The PIN value is read from either the pin-value attribute in the URI or from the terminal. + + + + Load only the given PKCS#11 module instead of enumerating modules installed on the system. If module_path is a relative path, the module is loaded from the default module path. This path can be determined by running: + +$ pkg-config p11-kit-1 --variable p11_module_path +/usr/lib64/pkcs11 + + @@ -200,19 +276,20 @@ $ p11-kit delete-object [--login] pkcs11:object_on_token Generate key-pair on a PKCS#11 token. -$ p11-kit generate-keypair --type=algorithm {--bits=n|--curve=name} [--label=label] [--login] pkcs11:token +$ p11-kit generate-keypair --type=algorithm {--bits=n|--curve=name} [--label=label] pkcs11:token Generate private-public key-pair of given type on the first token matched by given PKCS#11 URI. This command should be used together with --type option and one of --bits or --curve options. + The following options are required: + Specify the type of keys to generate. - Supported values are rsa, ecdsa and ed25519. - This option is required. + Supported values are rsa, ecdsa and ed25519. @@ -225,12 +302,27 @@ $ p11-kit generate-keypair --type=algorithm {--bits=n|--curve=name} &l Supported values are secp256r1, secp384r1, secp521r1, ed25519 and ed448. Cannot be used together with --bits option. + + + This subcommand also accepts the following options: + + Assigns label to the generated key-pair objects. + + + Authenticate to the token before enumerating objects. The PIN value is read from either the pin-value attribute in the URI or from the terminal. + + + + Load only the given PKCS#11 module instead of enumerating modules installed on the system. If module_path is a relative path, the module is loaded from the default module path. This path can be determined by running: + +$ pkg-config p11-kit-1 --variable p11_module_path +/usr/lib64/pkcs11 + - @@ -239,12 +331,27 @@ $ p11-kit generate-keypair --type=algorithm {--bits=n|--curve=name} &l List PKCS#11 profiles supported by the token. -$ p11-kit list-profiles [--login] pkcs11:token +$ p11-kit list-profiles pkcs11:token Displays profile IDs of the first token matched by given PKCS#11 URI in human-readable form. + This subcommand takes the following options: + + + + + Authenticate to the token before enumerating objects. The PIN value is read from either the pin-value attribute in the URI or from the terminal. + + + + Load only the given PKCS#11 module instead of enumerating modules installed on the system. If module_path is a relative path, the module is loaded from the default module path. This path can be determined by running: + +$ pkg-config p11-kit-1 --variable p11_module_path +/usr/lib64/pkcs11 + + @@ -253,21 +360,38 @@ $ p11-kit list-profiles [--login] pkcs11:token Add PKCS#11 profile to a token. -$ p11-kit add-profile --profile=profile [--login] pkcs11:token +$ p11-kit add-profile --profile=profile pkcs11:token Creates new profile object with given profile ID on the first token matched by given PKCS#11 URI. This command fails if the profile ID already exists on the token. + The following options are required: + Profile ID to add. Value can either - be numerical or textual. This option is required. + be numerical or textual. + This subcommand also accepts the following options: + + + + + Authenticate to the token before enumerating objects. The PIN value is read from either the pin-value attribute in the URI or from the terminal. + + + + Load only the given PKCS#11 module instead of enumerating modules installed on the system. If module_path is a relative path, the module is loaded from the default module path. This path can be determined by running: + +$ pkg-config p11-kit-1 --variable p11_module_path +/usr/lib64/pkcs11 + + @@ -276,20 +400,37 @@ $ p11-kit add-profile --profile=profile [--login] pkcs11:token Delete PKCS#11 profile from a token. -$ p11-kit delete-profile --profile=profile [--login] pkcs11:token +$ p11-kit delete-profile --profile=profile pkcs11:token Destroys all profile objects with given profile ID from the first token matched by given PKCS#11 URI. + The following options are required: + Profile ID to delete. Value can either - be numerical or textual. This option is required. + be numerical or textual. + This subcommand also accepts the following options: + + + + + Authenticate to the token before enumerating objects. The PIN value is read from either the pin-value attribute in the URI or from the terminal. + + + + Load only the given PKCS#11 module instead of enumerating modules installed on the system. If module_path is a relative path, the module is loaded from the default module path. This path can be determined by running: + +$ pkg-config p11-kit-1 --variable p11_module_path +/usr/lib64/pkcs11 + + @@ -326,7 +467,7 @@ $ p11-kit print-config Extract certificates from configured PKCS#11 modules. This operation has been moved to a separate command trust extract. - See trust1 + See trust1 for more information diff --git a/p11-kit/Makefile.am b/p11-kit/Makefile.am index f943a86ff..65638c1cd 100644 --- a/p11-kit/Makefile.am +++ b/p11-kit/Makefile.am @@ -274,6 +274,8 @@ p11_kit_p11_kit_SOURCES = \ p11-kit/lists.c \ p11-kit/p11-kit.c \ p11-kit/print-config.c \ + p11-kit/tool.c \ + p11-kit/tool.h \ $(NULL) if !OS_WIN32 diff --git a/p11-kit/add-profile.c b/p11-kit/add-profile.c index 1404af3cb..52add7434 100644 --- a/p11-kit/add-profile.c +++ b/p11-kit/add-profile.c @@ -41,13 +41,11 @@ #include "debug.h" #include "iter.h" #include "message.h" +#include "options.h" #include "tool.h" -#ifdef OS_UNIX -#include "tty.h" -#endif - #include +#include #include #include @@ -63,9 +61,8 @@ p11_kit_add_profile (int argc, char *argv[]); static int -add_profile (const char *token_str, - CK_PROFILE_ID profile, - bool login) +add_profile (p11_tool *tool, + CK_PROFILE_ID profile) { int ret = 1; CK_RV rv; @@ -73,10 +70,7 @@ add_profile (const char *token_str, CK_OBJECT_HANDLE object = 0; CK_SESSION_HANDLE session = 0; CK_FUNCTION_LIST *module = NULL; - CK_FUNCTION_LIST **modules = NULL; - P11KitUri *uri = NULL; P11KitIter *iter = NULL; - P11KitIterBehavior behavior; CK_BBOOL token = CK_TRUE; CK_OBJECT_CLASS klass = CKO_PROFILE; CK_ATTRIBUTE template[] = { @@ -86,37 +80,12 @@ add_profile (const char *token_str, }; CK_ULONG template_len = sizeof (template) / sizeof (template[0]); - uri = p11_kit_uri_new (); - if (uri == NULL) { - p11_message (_("failed to allocate memory")); - goto cleanup; - } - - if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_TOKEN, uri) != P11_KIT_URI_OK) { - p11_message (_("failed to parse URI")); - goto cleanup; - } - - modules = p11_kit_modules_load_and_initialize (0); - if (modules == NULL) { - p11_message (_("failed to load and initialize modules")); - goto cleanup; - } - - behavior = P11_KIT_ITER_WANT_WRITABLE | P11_KIT_ITER_WITH_SESSIONS | P11_KIT_ITER_WITHOUT_OBJECTS; - if (login) { - behavior |= P11_KIT_ITER_WITH_LOGIN; -#ifdef OS_UNIX - p11_kit_uri_set_pin_source (uri, "tty"); -#endif - } - iter = p11_kit_iter_new (uri, behavior); + iter = p11_tool_begin_iter (tool, P11_KIT_ITER_WANT_WRITABLE | P11_KIT_ITER_WITH_SESSIONS | P11_KIT_ITER_WITHOUT_OBJECTS); if (iter == NULL) { p11_message (_("failed to initialize iterator")); - goto cleanup; + return 1; } - p11_kit_iter_begin (iter, modules); rv = p11_kit_iter_next (iter); if (rv != CKR_OK) { if (rv == CKR_CANCEL) @@ -165,10 +134,7 @@ add_profile (const char *token_str, ret = 0; cleanup: - p11_kit_iter_free (iter); - p11_kit_uri_free (uri); - if (modules != NULL) - p11_kit_modules_finalize_and_release (modules); + p11_tool_end_iter (tool, iter); return ret; } @@ -181,6 +147,8 @@ p11_kit_add_profile (int argc, CK_ULONG profile = CKA_INVALID; p11_dict *profile_nicks = NULL; bool login = false; + p11_tool *tool = NULL; + const char *provider = NULL; enum { opt_verbose = 'v', @@ -188,6 +156,7 @@ p11_kit_add_profile (int argc, opt_help = 'h', opt_profile = 'p', opt_login = 'l', + opt_provider = CHAR_MAX + 2, }; struct option options[] = { @@ -196,6 +165,7 @@ p11_kit_add_profile (int argc, { "help", no_argument, NULL, opt_help }, { "profile", required_argument, NULL, opt_profile }, { "login", no_argument, NULL, opt_login }, + { "provider", required_argument, NULL, opt_provider }, { 0 }, }; @@ -203,6 +173,7 @@ p11_kit_add_profile (int argc, { 0, "usage: p11-kit add-profile --profile profile pkcs11:token" }, { opt_profile, "specify the profile to add" }, { opt_login, "login to the token" }, + { opt_provider, "specify the module to use" }, { 0 }, }; @@ -241,6 +212,9 @@ p11_kit_add_profile (int argc, case opt_login: login = true; break; + case opt_provider: + provider = optarg; + break; case '?': goto cleanup; default: @@ -262,19 +236,28 @@ p11_kit_add_profile (int argc, goto cleanup; } -#ifdef OS_UNIX - /* Register a fallback PIN callback that reads from terminal. - * We don't care whether the registration succeeds as it is a fallback. - */ - (void)p11_kit_pin_register_callback ("tty", p11_pin_tty_callback, NULL, NULL); -#endif + tool = p11_tool_new (); + if (!tool) { + p11_message (_("failed to allocate memory")); + goto cleanup; + } - ret = add_profile (*argv, profile, login); + if (p11_tool_set_uri (tool, *argv, P11_KIT_URI_FOR_TOKEN) != P11_KIT_URI_OK) { + p11_message (_("failed to parse URI")); + goto cleanup; + } + + if (!p11_tool_set_provider (tool, provider)) { + p11_message (_("failed to allocate memory")); + goto cleanup; + } + + p11_tool_set_login (tool, login); + + ret = add_profile (tool, profile); cleanup: -#ifdef OS_UNIX - p11_kit_pin_unregister_callback ("tty", p11_pin_tty_callback, NULL); -#endif + p11_tool_free (tool); p11_dict_free (profile_nicks); return ret; diff --git a/p11-kit/delete-object.c b/p11-kit/delete-object.c index f3b028531..a45d76017 100644 --- a/p11-kit/delete-object.c +++ b/p11-kit/delete-object.c @@ -39,13 +39,11 @@ #include "debug.h" #include "iter.h" #include "message.h" +#include "options.h" #include "tool.h" -#ifdef OS_UNIX -#include "tty.h" -#endif - #include +#include #include #ifdef ENABLE_NLS @@ -60,47 +58,18 @@ p11_kit_delete_object (int argc, char *argv[]); static int -delete_object (const char *token_str, - bool login) +delete_object (p11_tool *tool) { int ret = 1; CK_RV rv; - P11KitIterBehavior behavior; - CK_FUNCTION_LIST **modules = NULL; - P11KitUri *uri = NULL; P11KitIter *iter = NULL; - uri = p11_kit_uri_new (); - if (uri == NULL) { - p11_message (_("failed to allocate memory")); - goto cleanup; - } - - if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_OBJECT_ON_TOKEN, uri) != P11_KIT_URI_OK) { - p11_message (_("failed to parse URI")); - goto cleanup; - } - - modules = p11_kit_modules_load_and_initialize (0); - if (modules == NULL) { - p11_message (_("failed to load and initialize modules")); - goto cleanup; - } - - behavior = P11_KIT_ITER_WANT_WRITABLE; - if (login) { - behavior |= P11_KIT_ITER_WITH_LOGIN; -#ifdef OS_UNIX - p11_kit_uri_set_pin_source (uri, "tty"); -#endif - } - iter = p11_kit_iter_new (uri, behavior); + iter = p11_tool_begin_iter (tool, P11_KIT_ITER_WANT_WRITABLE); if (iter == NULL) { p11_message (_("failed to initialize iterator")); - goto cleanup; + return 1; } - p11_kit_iter_begin (iter, modules); rv = p11_kit_iter_next (iter); if (rv != CKR_OK) { if (rv == CKR_CANCEL) @@ -119,10 +88,7 @@ delete_object (const char *token_str, ret = 0; cleanup: - p11_kit_iter_free (iter); - p11_kit_uri_free (uri); - if (modules != NULL) - p11_kit_modules_finalize_and_release (modules); + p11_tool_end_iter (tool, iter); return ret; } @@ -131,14 +97,17 @@ int p11_kit_delete_object (int argc, char *argv[]) { - int opt, ret; + int opt, ret = 2; bool login = false; + p11_tool *tool = NULL; + const char *provider = NULL; enum { opt_verbose = 'v', opt_quiet = 'q', opt_help = 'h', opt_login = 'l', + opt_provider = CHAR_MAX + 2, }; struct option options[] = { @@ -146,12 +115,14 @@ p11_kit_delete_object (int argc, { "quiet", no_argument, NULL, opt_quiet }, { "help", no_argument, NULL, opt_help }, { "login", no_argument, NULL, opt_login }, + { "provider", required_argument, NULL, opt_provider }, { 0 }, }; p11_tool_desc usages[] = { { 0, "usage: p11-kit delete-object pkcs11:token" }, { opt_login, "login to the token" }, + { opt_provider, "specify the module to use" }, { 0 }, }; @@ -160,6 +131,9 @@ p11_kit_delete_object (int argc, case opt_login: login = true; break; + case opt_provider: + provider = optarg; + break; case opt_verbose: p11_kit_be_loud (); break; @@ -185,18 +159,28 @@ p11_kit_delete_object (int argc, return 2; } -#ifdef OS_UNIX - /* Register a fallback PIN callback that reads from terminal. - * We don't care whether the registration succeeds as it is a fallback. - */ - (void)p11_kit_pin_register_callback ("tty", p11_pin_tty_callback, NULL, NULL); -#endif + tool = p11_tool_new (); + if (!tool) { + p11_message (_("failed to allocate memory")); + goto cleanup; + } - ret = delete_object (*argv, login); + if (p11_tool_set_uri (tool, *argv, P11_KIT_URI_FOR_OBJECT_ON_TOKEN) != P11_KIT_URI_OK) { + p11_message (_("failed to parse URI")); + goto cleanup; + } -#ifdef OS_UNIX - p11_kit_pin_unregister_callback ("tty", p11_pin_tty_callback, NULL); -#endif + if (!p11_tool_set_provider (tool, provider)) { + p11_message (_("failed to allocate memory")); + goto cleanup; + } + + p11_tool_set_login (tool, login); + + ret = delete_object (tool); + + cleanup: + p11_tool_free (tool); return ret; } diff --git a/p11-kit/delete-profile.c b/p11-kit/delete-profile.c index 9503717ff..9ad6a31b8 100644 --- a/p11-kit/delete-profile.c +++ b/p11-kit/delete-profile.c @@ -41,13 +41,11 @@ #include "debug.h" #include "iter.h" #include "message.h" +#include "options.h" #include "tool.h" -#ifdef OS_UNIX -#include "tty.h" -#endif - #include +#include #include #include @@ -65,9 +63,8 @@ p11_kit_delete_profile (int argc, char *argv[]); static int -delete_profile (const char *token_str, - CK_PROFILE_ID profile, - bool login) +delete_profile (p11_tool *tool, + CK_PROFILE_ID profile) { int ret = 1; CK_RV rv; @@ -75,10 +72,7 @@ delete_profile (const char *token_str, CK_ULONG i, count = 0; CK_SESSION_HANDLE session = 0; CK_FUNCTION_LIST *module = NULL; - CK_FUNCTION_LIST **modules = NULL; - P11KitUri *uri = NULL; P11KitIter *iter = NULL; - P11KitIterBehavior behavior; CK_OBJECT_CLASS klass = CKO_PROFILE; CK_ATTRIBUTE template[] = { { CKA_CLASS, &klass, sizeof (klass) }, @@ -86,37 +80,12 @@ delete_profile (const char *token_str, }; CK_ULONG template_len = sizeof (template) / sizeof (template[0]); - uri = p11_kit_uri_new (); - if (uri == NULL) { - p11_message (_("failed to allocate memory")); - goto cleanup; - } - - if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_TOKEN, uri) != P11_KIT_URI_OK) { - p11_message (_("failed to parse URI")); - goto cleanup; - } - - modules = p11_kit_modules_load_and_initialize (0); - if (modules == NULL) { - p11_message (_("failed to load and initialize modules")); - goto cleanup; - } - - behavior = P11_KIT_ITER_WANT_WRITABLE | P11_KIT_ITER_WITH_SESSIONS | P11_KIT_ITER_WITHOUT_OBJECTS; - if (login) { - behavior |= P11_KIT_ITER_WITH_LOGIN; -#ifdef OS_UNIX - p11_kit_uri_set_pin_source (uri, "tty"); -#endif - } - iter = p11_kit_iter_new (uri, behavior); + iter = p11_tool_begin_iter (tool, P11_KIT_ITER_WANT_WRITABLE | P11_KIT_ITER_WITH_SESSIONS | P11_KIT_ITER_WITHOUT_OBJECTS); if (iter == NULL) { p11_message (_("failed to initialize iterator")); - goto cleanup; + return 1; } - p11_kit_iter_begin (iter, modules); rv = p11_kit_iter_next (iter); if (rv != CKR_OK) { if (rv == CKR_CANCEL) @@ -165,10 +134,7 @@ delete_profile (const char *token_str, ret = 0; cleanup: - p11_kit_iter_free (iter); - p11_kit_uri_free (uri); - if (modules != NULL) - p11_kit_modules_finalize_and_release (modules); + p11_tool_end_iter (tool, iter); return ret; } @@ -181,6 +147,8 @@ p11_kit_delete_profile (int argc, CK_ULONG profile = CKA_INVALID; p11_dict *profile_nicks = NULL; bool login = false; + p11_tool *tool = NULL; + const char *provider = NULL; enum { opt_verbose = 'v', @@ -188,6 +156,7 @@ p11_kit_delete_profile (int argc, opt_help = 'h', opt_profile = 'p', opt_login = 'l', + opt_provider = CHAR_MAX + 2, }; struct option options[] = { @@ -196,6 +165,7 @@ p11_kit_delete_profile (int argc, { "help", no_argument, NULL, opt_help }, { "profile", required_argument, NULL, opt_profile }, { "login", no_argument, NULL, opt_login }, + { "provider", required_argument, NULL, opt_provider }, { 0 }, }; @@ -203,6 +173,7 @@ p11_kit_delete_profile (int argc, { 0, "usage: p11-kit delete-profile --profile profile pkcs11:token" }, { opt_profile, "specify the profile to delete" }, { opt_login, "login to the token" }, + { opt_provider, "specify the module to use" }, { 0 }, }; @@ -241,6 +212,9 @@ p11_kit_delete_profile (int argc, case opt_login: login = true; break; + case opt_provider: + provider = optarg; + break; case '?': goto cleanup; default: @@ -262,19 +236,28 @@ p11_kit_delete_profile (int argc, goto cleanup; } -#ifdef OS_UNIX - /* Register a fallback PIN callback that reads from terminal. - * We don't care whether the registration succeeds as it is a fallback. - */ - (void)p11_kit_pin_register_callback ("tty", p11_pin_tty_callback, NULL, NULL); -#endif + tool = p11_tool_new (); + if (!tool) { + p11_message (_("failed to allocate memory")); + goto cleanup; + } - ret = delete_profile (*argv, profile, login); + if (p11_tool_set_uri (tool, *argv, P11_KIT_URI_FOR_TOKEN) != P11_KIT_URI_OK) { + p11_message (_("failed to parse URI")); + goto cleanup; + } + + if (!p11_tool_set_provider (tool, provider)) { + p11_message (_("failed to allocate memory")); + goto cleanup; + } + + p11_tool_set_login (tool, login); + + ret = delete_profile (tool, profile); cleanup: -#ifdef OS_UNIX - p11_kit_pin_unregister_callback ("tty", p11_pin_tty_callback, NULL); -#endif + p11_tool_free (tool); p11_dict_free (profile_nicks); return ret; diff --git a/p11-kit/export-object.c b/p11-kit/export-object.c index 28d7f82c8..ca61b7a76 100644 --- a/p11-kit/export-object.c +++ b/p11-kit/export-object.c @@ -44,12 +44,9 @@ #include "iter.h" #include "message.h" #include "pem.h" +#include "options.h" #include "tool.h" -#ifdef OS_UNIX -#include "tty.h" -#endif - #ifdef WITH_ASN1 #include "asn1.h" #include "oid.h" @@ -428,15 +425,11 @@ export_certificate (P11KitIter *iter, } static int -export_object (const char *token_str, - bool login) +export_object (p11_tool *tool) { int ret = 1; CK_RV rv; - CK_FUNCTION_LIST **modules = NULL; - P11KitUri *uri = NULL; P11KitIter *iter = NULL; - P11KitIterBehavior behavior; CK_OBJECT_CLASS klass; CK_ATTRIBUTE attr = { CKA_CLASS, &klass, sizeof (klass) }; p11_buffer buf; @@ -444,37 +437,12 @@ export_object (const char *token_str, if (!p11_buffer_init (&buf, 0)) return_val_if_reached (1); - uri = p11_kit_uri_new (); - if (uri == NULL) { - p11_message (_("failed to allocate memory")); - goto cleanup; - } - - if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_OBJECT_ON_TOKEN, uri) != P11_KIT_URI_OK) { - p11_message (_("failed to parse URI")); - goto cleanup; - } - - modules = p11_kit_modules_load_and_initialize (0); - if (modules == NULL) { - p11_message (_("failed to load and initialize modules")); - goto cleanup; - } - - behavior = 0; - if (login) { - behavior |= P11_KIT_ITER_WITH_LOGIN; -#ifdef OS_UNIX - p11_kit_uri_set_pin_source (uri, "tty"); -#endif - } - iter = p11_kit_iter_new (uri, behavior); + iter = p11_tool_begin_iter (tool, 0); if (iter == NULL) { p11_message (_("failed to initialize iterator")); - goto cleanup; + return 1; } - p11_kit_iter_begin (iter, modules); rv = p11_kit_iter_next (iter); if (rv != CKR_OK) { if (rv == CKR_CANCEL) @@ -513,10 +481,7 @@ export_object (const char *token_str, cleanup: p11_buffer_uninit (&buf); - p11_kit_iter_free (iter); - p11_kit_uri_free (uri); - if (modules != NULL) - p11_kit_modules_finalize_and_release (modules); + p11_tool_end_iter (tool, iter); return ret; } @@ -525,14 +490,17 @@ int p11_kit_export_object (int argc, char *argv[]) { - int opt, ret; + int opt, ret = 2; bool login = false; + p11_tool *tool = NULL; + const char *provider = NULL; enum { opt_verbose = 'v', opt_quiet = 'q', opt_help = 'h', opt_login = 'l', + opt_provider = CHAR_MAX + 2, }; struct option options[] = { @@ -540,12 +508,14 @@ p11_kit_export_object (int argc, { "quiet", no_argument, NULL, opt_quiet }, { "help", no_argument, NULL, opt_help }, { "login", no_argument, NULL, opt_login }, + { "provider", required_argument, NULL, opt_provider }, { 0 }, }; p11_tool_desc usages[] = { { 0, "usage: p11-kit export-object pkcs11:token" }, { opt_login, "login to the token" }, + { opt_provider, "specify the module to use" }, { 0 }, }; @@ -563,6 +533,9 @@ p11_kit_export_object (int argc, case opt_login: login = true; break; + case opt_provider: + provider = optarg; + break; case '?': return 2; default: @@ -579,18 +552,28 @@ p11_kit_export_object (int argc, return 2; } -#ifdef OS_UNIX - /* Register a fallback PIN callback that reads from terminal. - * We don't care whether the registration succeeds as it is a fallback. - */ - (void)p11_kit_pin_register_callback ("tty", p11_pin_tty_callback, NULL, NULL); -#endif + tool = p11_tool_new (); + if (!tool) { + p11_message (_("failed to allocate memory")); + goto cleanup; + } + + if (p11_tool_set_uri (tool, *argv, P11_KIT_URI_FOR_OBJECT_ON_TOKEN) != P11_KIT_URI_OK) { + p11_message (_("failed to parse URI")); + goto cleanup; + } + + if (!p11_tool_set_provider (tool, provider)) { + p11_message (_("failed to allocate memory")); + goto cleanup; + } - ret = export_object (*argv, login); + p11_tool_set_login (tool, login); -#ifdef OS_UNIX - p11_kit_pin_unregister_callback ("tty", p11_pin_tty_callback, NULL); -#endif + ret = export_object (tool); + + cleanup: + p11_tool_free (tool); return ret; } diff --git a/p11-kit/generate-keypair.c b/p11-kit/generate-keypair.c index 695103d1d..bcb94fa01 100644 --- a/p11-kit/generate-keypair.c +++ b/p11-kit/generate-keypair.c @@ -41,17 +41,15 @@ #include "debug.h" #include "iter.h" #include "message.h" +#include "options.h" #include "tool.h" -#ifdef OS_UNIX -#include "tty.h" -#endif - #ifdef P11_KIT_TESTABLE #include "mock.h" #endif #include +#include #include #include #include @@ -254,20 +252,16 @@ get_templates (const char *label, } static int -generate_keypair (const char *token_str, +generate_keypair (p11_tool *tool, const char *label, CK_MECHANISM mechanism, CK_ULONG bits, const uint8_t *ec_params, - size_t ec_params_len, - bool login) + size_t ec_params_len) { int ret = 1; CK_RV rv; - P11KitUri *uri = NULL; P11KitIter *iter = NULL; - P11KitIterBehavior behavior; - CK_FUNCTION_LIST **modules = NULL; CK_FUNCTION_LIST *module = NULL; CK_SESSION_HANDLE session = 0; CK_ATTRIBUTE *pubkey = NULL, *privkey = NULL; @@ -276,40 +270,15 @@ generate_keypair (const char *token_str, if (!get_templates (label, mechanism.mechanism, bits, ec_params, ec_params_len, &pubkey, &privkey)) { p11_message (_("failed to create key templates")); - goto cleanup; - } - - uri = p11_kit_uri_new (); - if (uri == NULL) { - p11_message (_("failed to allocate memory")); - goto cleanup; - } - - if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_TOKEN, uri) != P11_KIT_URI_OK) { - p11_message (_("failed to parse URI")); - goto cleanup; - } - - modules = p11_kit_modules_load_and_initialize (0); - if (modules == NULL) { - p11_message (_("failed to load and initialize modules")); - goto cleanup; + return 1; } - behavior = P11_KIT_ITER_WANT_WRITABLE | P11_KIT_ITER_WITH_SESSIONS | P11_KIT_ITER_WITHOUT_OBJECTS; - if (login) { - behavior |= P11_KIT_ITER_WITH_LOGIN; -#ifdef OS_UNIX - p11_kit_uri_set_pin_source (uri, "tty"); -#endif - } - iter = p11_kit_iter_new (uri, behavior); + iter = p11_tool_begin_iter (tool, P11_KIT_ITER_WANT_WRITABLE | P11_KIT_ITER_WITH_SESSIONS | P11_KIT_ITER_WITHOUT_OBJECTS); if (iter == NULL) { p11_message (_("failed to initialize iterator")); - goto cleanup; + return 1; } - p11_kit_iter_begin (iter, modules); rv = p11_kit_iter_next (iter); if (rv != CKR_OK) { if (rv == CKR_CANCEL) @@ -339,10 +308,7 @@ generate_keypair (const char *token_str, cleanup: p11_attrs_free (pubkey); p11_attrs_free (privkey); - p11_kit_iter_free (iter); - p11_kit_uri_free (uri); - if (modules != NULL) - p11_kit_modules_finalize_and_release (modules); + p11_tool_end_iter (tool, iter); return ret; } @@ -351,13 +317,15 @@ int p11_kit_generate_keypair (int argc, char *argv[]) { - int opt, ret; + int opt, ret = 2; char *label = NULL; CK_ULONG bits = 0; const uint8_t *ec_params = NULL; size_t ec_params_len = 0; CK_MECHANISM mechanism = { CKA_INVALID, NULL_PTR, 0 }; bool login = false; + p11_tool *tool = NULL; + const char *provider = NULL; enum { opt_verbose = 'v', @@ -368,6 +336,7 @@ p11_kit_generate_keypair (int argc, opt_bits = 'b', opt_curve = 'c', opt_login = 'l', + opt_provider = CHAR_MAX + 2, }; struct option options[] = { @@ -379,6 +348,7 @@ p11_kit_generate_keypair (int argc, { "bits", required_argument, NULL, opt_bits }, { "curve", required_argument, NULL, opt_curve }, { "login", no_argument, NULL, opt_login }, + { "provider", required_argument, NULL, opt_provider }, { 0 }, }; @@ -390,6 +360,7 @@ p11_kit_generate_keypair (int argc, { opt_bits, "number of bits for key generation" }, { opt_curve, "name of the curve for key generation" }, { opt_login, "login to the token" }, + { opt_provider, "specify the module to use" }, { 0 }, }; @@ -422,6 +393,9 @@ p11_kit_generate_keypair (int argc, case opt_login: login = true; break; + case opt_provider: + provider = optarg; + break; case opt_verbose: p11_kit_be_loud (); break; @@ -450,18 +424,28 @@ p11_kit_generate_keypair (int argc, if (!check_args (mechanism.mechanism, bits, ec_params)) return 2; -#ifdef OS_UNIX - /* Register a fallback PIN callback that reads from terminal. - * We don't care whether the registration succeeds as it is a fallback. - */ - (void)p11_kit_pin_register_callback ("tty", p11_pin_tty_callback, NULL, NULL); -#endif + tool = p11_tool_new (); + if (!tool) { + p11_message (_("failed to allocate memory")); + goto cleanup; + } + + if (p11_tool_set_uri (tool, *argv, P11_KIT_URI_FOR_TOKEN) != P11_KIT_URI_OK) { + p11_message (_("failed to parse URI")); + goto cleanup; + } + + if (!p11_tool_set_provider (tool, provider)) { + p11_message (_("failed to allocate memory")); + goto cleanup; + } - ret = generate_keypair (*argv, label, mechanism, bits, ec_params, ec_params_len, login); + p11_tool_set_login (tool, login); -#ifdef OS_UNIX - p11_kit_pin_unregister_callback ("tty", p11_pin_tty_callback, NULL); -#endif + ret = generate_keypair (tool, label, mechanism, bits, ec_params, ec_params_len); + + cleanup: + p11_tool_free (tool); return ret; } diff --git a/p11-kit/import-object.c b/p11-kit/import-object.c index fb47b9644..28cb964a6 100644 --- a/p11-kit/import-object.c +++ b/p11-kit/import-object.c @@ -43,12 +43,9 @@ #include "iter.h" #include "message.h" #include "pem.h" +#include "options.h" #include "tool.h" -#ifdef OS_UNIX -#include "tty.h" -#endif - #ifdef WITH_ASN1 #include "asn1.h" #include "oid.h" @@ -423,10 +420,9 @@ import_pem (const char *type, } static int -import_object (const char *token_str, +import_object (p11_tool *tool, const char *file, - const char *label, - bool login) + const char *label) { int ret = 1; void *data = NULL; @@ -434,44 +430,15 @@ import_object (const char *token_str, unsigned n_parsed = 0; CK_RV rv; p11_mmap *mmap = NULL; - P11KitUri *uri = NULL; P11KitIter *iter = NULL; - P11KitIterBehavior behavior; - CK_FUNCTION_LIST **modules = NULL; import_data user_data = { false, NULL, NULL, 0, label }; - uri = p11_kit_uri_new (); - if (uri == NULL) { - p11_message (_("failed to allocate memory")); - goto cleanup; - } - - if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_TOKEN, uri) != P11_KIT_URI_OK) { - p11_message (_("failed to parse URI")); - goto cleanup; - } - - modules = p11_kit_modules_load_and_initialize (0); - if (modules == NULL) { - p11_message (_("failed to load and initialize modules")); - goto cleanup; - } - - behavior = P11_KIT_ITER_WANT_WRITABLE | P11_KIT_ITER_WITH_SESSIONS | P11_KIT_ITER_WITHOUT_OBJECTS; - if (login) { - behavior |= P11_KIT_ITER_WITH_LOGIN; -#ifdef OS_UNIX - p11_kit_uri_set_pin_source (uri, "tty"); -#endif - } - - iter = p11_kit_iter_new (uri, behavior); + iter = p11_tool_begin_iter (tool, P11_KIT_ITER_WANT_WRITABLE | P11_KIT_ITER_WITH_SESSIONS | P11_KIT_ITER_WITHOUT_OBJECTS); if (iter == NULL) { p11_message (_("failed to initialize iterator")); - goto cleanup; + return 1; } - p11_kit_iter_begin (iter, modules); rv = p11_kit_iter_next (iter); if (rv != CKR_OK) { if (rv == CKR_CANCEL) @@ -509,13 +476,10 @@ import_object (const char *token_str, ret = 0; cleanup: - p11_kit_iter_free (iter); - p11_kit_uri_free (uri); + p11_tool_end_iter (tool, iter); p11_dict_free (user_data.defs); if (mmap != NULL) p11_mmap_close (mmap); - if (modules != NULL) - p11_kit_modules_finalize_and_release (modules); return ret; } @@ -524,10 +488,12 @@ int p11_kit_import_object (int argc, char *argv[]) { - int opt, ret; + int opt, ret = 2; char *label = NULL; char *file = NULL; bool login = false; + p11_tool *tool = NULL; + const char *provider = NULL; enum { opt_verbose = 'v', @@ -536,6 +502,7 @@ p11_kit_import_object (int argc, opt_label = 'L', opt_file = 'f', opt_login = 'l', + opt_provider = CHAR_MAX + 2, }; struct option options[] = { @@ -545,6 +512,7 @@ p11_kit_import_object (int argc, { "label", required_argument, NULL, opt_label }, { "file", required_argument, NULL, opt_file }, { "login", no_argument, NULL, opt_login }, + { "provider", required_argument, NULL, opt_provider }, { 0 }, }; @@ -554,6 +522,7 @@ p11_kit_import_object (int argc, { opt_label, "label to be associated with imported object" }, { opt_file, "object data to import" }, { opt_login, "login to the token" }, + { opt_provider, "specify the module to use" }, { 0 }, }; @@ -568,6 +537,9 @@ p11_kit_import_object (int argc, case opt_login: login = true; break; + case opt_provider: + provider = optarg; + break; case opt_verbose: p11_kit_be_loud (); break; @@ -598,18 +570,28 @@ p11_kit_import_object (int argc, return 2; } -#ifdef OS_UNIX - /* Register a fallback PIN callback that reads from terminal. - * We don't care whether the registration succeeds as it is a fallback. - */ - (void)p11_kit_pin_register_callback ("tty", p11_pin_tty_callback, NULL, NULL); -#endif + tool = p11_tool_new (); + if (!tool) { + p11_message (_("failed to allocate memory")); + goto cleanup; + } + + if (p11_tool_set_uri (tool, *argv, P11_KIT_URI_FOR_TOKEN) != P11_KIT_URI_OK) { + p11_message (_("failed to parse URI")); + goto cleanup; + } + + if (!p11_tool_set_provider (tool, provider)) { + p11_message (_("failed to allocate memory")); + goto cleanup; + } - ret = import_object (*argv, file, label, login); + p11_tool_set_login (tool, login); -#ifdef OS_UNIX - p11_kit_pin_unregister_callback ("tty", p11_pin_tty_callback, NULL); -#endif + ret = import_object (tool, file, label); + + cleanup: + p11_tool_free (tool); return ret; } diff --git a/p11-kit/list-mechanisms.c b/p11-kit/list-mechanisms.c index 7586c39da..1c0cdd667 100644 --- a/p11-kit/list-mechanisms.c +++ b/p11-kit/list-mechanisms.c @@ -43,10 +43,12 @@ #include "message.h" #include "pkcs11.h" #include "print.h" +#include "options.h" #include "tool.h" #include "uri.h" #include +#include #include #include @@ -120,12 +122,10 @@ print_mechanism_with_info (CK_MECHANISM_TYPE mechanism, } static int -list_mechanisms (const char *token_str) +list_mechanisms (p11_tool *tool) { int ret = 1; - CK_FUNCTION_LIST **modules = NULL; CK_FUNCTION_LIST *module = NULL; - P11KitUri *uri = NULL; P11KitIter *iter = NULL; CK_SESSION_HANDLE session = 0; CK_SLOT_ID slot = 0; @@ -138,31 +138,14 @@ list_mechanisms (const char *token_str) p11_list_printer printer; CK_RV rv; - uri = p11_kit_uri_new (); - if (uri == NULL) { - p11_message (_("failed to allocate memory")); - goto cleanup; - } - - if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_TOKEN, uri) != P11_KIT_URI_OK) { - p11_message (_("failed to parse URI")); - goto cleanup; - } - - modules = p11_kit_modules_load_and_initialize (0); - if (modules == NULL) { - p11_message (_("failed to load and initialize modules")); - goto cleanup; - } + p11_list_printer_init (&printer, stdout, 0); - iter = p11_kit_iter_new (uri, P11_KIT_ITER_WITH_LOGIN | P11_KIT_ITER_WITH_TOKENS | P11_KIT_ITER_WITHOUT_OBJECTS); + iter = p11_tool_begin_iter (tool, P11_KIT_ITER_WITH_LOGIN | P11_KIT_ITER_WITH_TOKENS | P11_KIT_ITER_WITHOUT_OBJECTS); if (iter == NULL) { p11_debug ("failed to initialize iterator"); - goto cleanup; + return 1; } - p11_list_printer_init (&printer, stdout, 0); - p11_kit_iter_begin (iter, modules); rv = p11_kit_iter_next (iter); if (rv != CKR_OK) { if (rv == CKR_CANCEL) @@ -221,10 +204,7 @@ list_mechanisms (const char *token_str) module->C_CloseSession (session); if (mechanisms) free (mechanisms); - p11_kit_iter_free (iter); - p11_kit_uri_free (uri); - if (modules != NULL) - p11_kit_modules_finalize_and_release (modules); + p11_tool_end_iter (tool, iter); return ret; } @@ -233,28 +213,36 @@ int p11_kit_list_mechanisms (int argc, char *argv[]) { - int opt; + int opt, ret = 2; + p11_tool *tool = NULL; + const char *provider = NULL; enum { opt_verbose = 'v', opt_quiet = 'q', opt_help = 'h', + opt_provider = CHAR_MAX + 2, }; struct option options[] = { { "verbose", no_argument, NULL, opt_verbose }, { "quiet", no_argument, NULL, opt_quiet }, { "help", no_argument, NULL, opt_help }, + { "provider", required_argument, NULL, opt_provider }, { 0 }, }; p11_tool_desc usages[] = { { 0, "usage: p11-kit list-mechanisms pkcs11:token" }, + { opt_provider, "specify the module to use" }, { 0 }, }; while ((opt = p11_tool_getopt (argc, argv, options)) != -1) { switch (opt) { + case opt_provider: + provider = optarg; + break; case opt_verbose: p11_kit_be_loud (); break; @@ -280,5 +268,25 @@ p11_kit_list_mechanisms (int argc, return 2; } - return list_mechanisms (*argv); + tool = p11_tool_new (); + if (!tool) { + p11_message (_("failed to allocate memory")); + goto cleanup; + } + + if (p11_tool_set_uri (tool, *argv, P11_KIT_URI_FOR_TOKEN) != P11_KIT_URI_OK) { + p11_message (_("failed to parse URI")); + goto cleanup; + } + + if (!p11_tool_set_provider (tool, provider)) { + p11_message (_("failed to allocate memory")); + goto cleanup; + } + + ret = list_mechanisms (tool); + cleanup: + p11_tool_free (tool); + + return ret; } diff --git a/p11-kit/list-objects.c b/p11-kit/list-objects.c index 125d6bec2..977f736e7 100644 --- a/p11-kit/list-objects.c +++ b/p11-kit/list-objects.c @@ -44,15 +44,13 @@ #include "iter.h" #include "message.h" #include "print.h" +#include "options.h" #include "tool.h" -#ifdef OS_UNIX -#include "tty.h" -#endif - #include "uri.h" #include +#include #include #include @@ -350,75 +348,43 @@ print_object (p11_list_printer *printer, } static int -list_objects (const char *token_str, - bool login) +list_objects (p11_tool *tool) { - int ret = 1; size_t i; - CK_FUNCTION_LIST **modules = NULL; - P11KitUri *uri = NULL; P11KitIter *iter = NULL; - P11KitIterBehavior behavior; p11_list_printer printer; - uri = p11_kit_uri_new (); - if (uri == NULL) { - p11_message (_("failed to allocate memory")); - goto cleanup; - } - - if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_OBJECT_ON_TOKEN, uri) != P11_KIT_URI_OK) { - p11_message (_("failed to parse URI")); - goto cleanup; - } - - modules = p11_kit_modules_load_and_initialize (0); - if (modules == NULL) { - p11_message (_("failed to load and initialize modules")); - goto cleanup; - } + p11_list_printer_init (&printer, stdout, 0); - behavior = 0; - if (login) { - behavior |= P11_KIT_ITER_WITH_LOGIN; -#ifdef OS_UNIX - p11_kit_uri_set_pin_source (uri, "tty"); -#endif - } - iter = p11_kit_iter_new (uri, behavior); + iter = p11_tool_begin_iter (tool, 0); if (iter == NULL) { p11_message (_("failed to initialize iterator")); - goto cleanup; + return 1; } - p11_list_printer_init (&printer, stdout, 0); - p11_kit_iter_begin (iter, modules); for (i = 0; p11_kit_iter_next (iter) == CKR_OK; ++i) print_object (&printer, iter, i); - ret = 0; + p11_tool_end_iter (tool, iter); -cleanup: - p11_kit_iter_free (iter); - p11_kit_uri_free (uri); - if (modules != NULL) - p11_kit_modules_finalize_and_release (modules); - - return ret; + return 0; } int p11_kit_list_objects (int argc, char *argv[]) { - int opt, ret; + int opt, ret = 2; bool login = false; + p11_tool *tool = NULL; + const char *provider = NULL; enum { opt_verbose = 'v', opt_quiet = 'q', opt_help = 'h', opt_login = 'l', + opt_provider = CHAR_MAX + 2, }; struct option options[] = { @@ -426,12 +392,14 @@ p11_kit_list_objects (int argc, { "quiet", no_argument, NULL, opt_quiet }, { "help", no_argument, NULL, opt_help }, { "login", no_argument, NULL, opt_login }, + { "provider", required_argument, NULL, opt_provider }, { 0 }, }; p11_tool_desc usages[] = { { 0, "usage: p11-kit list-objects pkcs11:token" }, { opt_login, "login to the token" }, + { opt_provider, "specify the module to use" }, { 0 }, }; @@ -449,6 +417,9 @@ p11_kit_list_objects (int argc, case opt_login: login = true; break; + case opt_provider: + provider = optarg; + break; case '?': return 2; default: @@ -465,18 +436,28 @@ p11_kit_list_objects (int argc, return 2; } -#ifdef OS_UNIX - /* Register a fallback PIN callback that reads from terminal. - * We don't care whether the registration succeeds as it is a fallback. - */ - (void)p11_kit_pin_register_callback ("tty", p11_pin_tty_callback, NULL, NULL); -#endif + tool = p11_tool_new (); + if (!tool) { + p11_message (_("failed to allocate memory")); + goto cleanup; + } - ret = list_objects (*argv, login); + if (p11_tool_set_uri (tool, *argv, P11_KIT_URI_FOR_OBJECT_ON_TOKEN) != P11_KIT_URI_OK) { + p11_message (_("failed to parse URI")); + goto cleanup; + } -#ifdef OS_UNIX - p11_kit_pin_unregister_callback ("tty", p11_pin_tty_callback, NULL); -#endif + if (!p11_tool_set_provider (tool, provider)) { + p11_message (_("failed to allocate memory")); + goto cleanup; + } + + p11_tool_set_login (tool, login); + + ret = list_objects (tool); + + cleanup: + p11_tool_free (tool); return ret; } diff --git a/p11-kit/list-profiles.c b/p11-kit/list-profiles.c index 253a6ded2..ada319236 100644 --- a/p11-kit/list-profiles.c +++ b/p11-kit/list-profiles.c @@ -40,14 +40,13 @@ #include "debug.h" #include "iter.h" #include "message.h" +#include "options.h" #include "tool.h" -#ifdef OS_UNIX -#include "tty.h" -#endif - #include +#include #include +#include #include #ifdef ENABLE_NLS @@ -64,8 +63,7 @@ p11_kit_list_profiles (int argc, char *argv[]); static int -list_profiles (const char *token_str, - bool login) +list_profiles (p11_tool *tool) { int ret = 1; CK_RV rv; @@ -74,46 +72,18 @@ list_profiles (const char *token_str, CK_ULONG i, count = 0; CK_SESSION_HANDLE session = 0; CK_FUNCTION_LIST *module = NULL; - CK_FUNCTION_LIST **modules = NULL; - P11KitUri *uri = NULL; P11KitIter *iter = NULL; - P11KitIterBehavior behavior; CK_PROFILE_ID profile_id = CKP_INVALID_ID; CK_OBJECT_CLASS klass = CKO_PROFILE; CK_ATTRIBUTE template = { CKA_CLASS, &klass, sizeof (klass) }; CK_ATTRIBUTE attr = { CKA_PROFILE_ID, &profile_id, sizeof (profile_id) }; - uri = p11_kit_uri_new (); - if (uri == NULL) { - p11_message (_("failed to allocate memory")); - goto cleanup; - } - - if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_TOKEN, uri) != P11_KIT_URI_OK) { - p11_message (_("failed to parse URI")); - goto cleanup; - } - - modules = p11_kit_modules_load_and_initialize (0); - if (modules == NULL) { - p11_message (_("failed to load and initialize modules")); - goto cleanup; - } - - behavior = P11_KIT_ITER_WITH_SESSIONS | P11_KIT_ITER_WITHOUT_OBJECTS; - if (login) { - behavior |= P11_KIT_ITER_WITH_LOGIN; -#ifdef OS_UNIX - p11_kit_uri_set_pin_source (uri, "tty"); -#endif - } - iter = p11_kit_iter_new (uri, behavior); + iter = p11_tool_begin_iter (tool, P11_KIT_ITER_WITH_SESSIONS | P11_KIT_ITER_WITHOUT_OBJECTS); if (iter == NULL) { p11_message (_("failed to initialize iterator")); - goto cleanup; + return 1; } - p11_kit_iter_begin (iter, modules); rv = p11_kit_iter_next (iter); if (rv != CKR_OK) { if (rv == CKR_CANCEL) @@ -169,10 +139,7 @@ list_profiles (const char *token_str, ret = 0; cleanup: - p11_kit_iter_free (iter); - p11_kit_uri_free (uri); - if (modules != NULL) - p11_kit_modules_finalize_and_release (modules); + p11_tool_end_iter (tool, iter); return ret; } @@ -181,14 +148,17 @@ int p11_kit_list_profiles (int argc, char *argv[]) { - int opt, ret; + int opt, ret = 2; bool login = false; + p11_tool *tool = NULL; + const char *provider = NULL; enum { opt_verbose = 'v', opt_quiet = 'q', opt_help = 'h', opt_login = 'l', + opt_provider = CHAR_MAX + 2, }; struct option options[] = { @@ -196,12 +166,14 @@ p11_kit_list_profiles (int argc, { "quiet", no_argument, NULL, opt_quiet }, { "help", no_argument, NULL, opt_help }, { "login", no_argument, NULL, opt_login }, + { "provider", required_argument, NULL, opt_provider }, { 0 }, }; p11_tool_desc usages[] = { { 0, "usage: p11-kit list-profiles pkcs11:token" }, { opt_login, "login to the token" }, + { opt_provider, "specify the module to use" }, { 0 }, }; @@ -219,6 +191,9 @@ p11_kit_list_profiles (int argc, case opt_login: login = true; break; + case opt_provider: + provider = optarg; + break; case '?': return 2; default: @@ -235,18 +210,28 @@ p11_kit_list_profiles (int argc, return 2; } -#ifdef OS_UNIX - /* Register a fallback PIN callback that reads from terminal. - * We don't care whether the registration succeeds as it is a fallback. - */ - (void)p11_kit_pin_register_callback ("tty", p11_pin_tty_callback, NULL, NULL); -#endif + tool = p11_tool_new (); + if (!tool) { + p11_message (_("failed to allocate memory")); + goto cleanup; + } - ret = list_profiles (*argv, login); + if (p11_tool_set_uri (tool, *argv, P11_KIT_URI_FOR_TOKEN) != P11_KIT_URI_OK) { + p11_message (_("failed to parse URI")); + goto cleanup; + } -#ifdef OS_UNIX - p11_kit_pin_unregister_callback ("tty", p11_pin_tty_callback, NULL); -#endif + if (!p11_tool_set_provider (tool, provider)) { + p11_message (_("failed to allocate memory")); + goto cleanup; + } + + p11_tool_set_login (tool, login); + + ret = list_profiles (tool); + + cleanup: + p11_tool_free (tool); return ret; } diff --git a/p11-kit/list-tokens.c b/p11-kit/list-tokens.c index a91019458..ab68cbdcf 100644 --- a/p11-kit/list-tokens.c +++ b/p11-kit/list-tokens.c @@ -39,6 +39,7 @@ #include "iter.h" #include "message.h" #include "print.h" +#include "options.h" #include "tool.h" #include @@ -62,42 +63,21 @@ int p11_kit_list_tokens (int argc, char *argv[]); static int -list_tokens (const char *token_str, +list_tokens (p11_tool *tool, bool only_uris) { - int ret = 1; - CK_FUNCTION_LIST **modules = NULL; - P11KitUri *uri = NULL; P11KitIter *iter = NULL; p11_list_printer printer; p11_list_printer_init (&printer, stdout, 0); - uri = p11_kit_uri_new (); - if (uri == NULL) { - p11_message (_("failed to allocate memory")); - goto cleanup; - } - - if (p11_kit_uri_parse (token_str, P11_KIT_URI_FOR_TOKEN, uri) != P11_KIT_URI_OK) { - p11_message (_("failed to parse URI")); - goto cleanup; - } - - modules = p11_kit_modules_load_and_initialize (0); - if (modules == NULL) { - p11_message (_("failed to load and initialize modules")); - goto cleanup; - } - - iter = p11_kit_iter_new (uri, P11_KIT_ITER_WITH_TOKENS | - P11_KIT_ITER_WITHOUT_OBJECTS); + iter = p11_tool_begin_iter (tool, P11_KIT_ITER_WITH_TOKENS | + P11_KIT_ITER_WITHOUT_OBJECTS); if (iter == NULL) { p11_debug ("failed to initialize iterator"); - goto cleanup; + return 1; } - p11_kit_iter_begin (iter, modules); while (p11_kit_iter_next (iter) == CKR_OK) { CK_TOKEN_INFO *info = p11_kit_iter_get_token (iter); char *value; @@ -117,35 +97,33 @@ list_tokens (const char *token_str, } } - ret = 0; + p11_tool_end_iter (tool, iter); -cleanup: - p11_kit_iter_free (iter); - p11_kit_uri_free (uri); - if (modules != NULL) - p11_kit_modules_finalize_and_release (modules); - - return ret; + return 0; } int p11_kit_list_tokens (int argc, char *argv[]) { - int opt; + int opt, ret = 2; bool only_uris = false; + p11_tool *tool = NULL; + const char *provider = NULL; enum { opt_verbose = 'v', opt_quiet = 'q', opt_help = 'h', opt_only_urls = CHAR_MAX + 1, + opt_provider = CHAR_MAX + 2, }; struct option options[] = { { "verbose", no_argument, NULL, opt_verbose }, { "quiet", no_argument, NULL, opt_quiet }, { "only-uris", no_argument, NULL, opt_only_urls }, + { "provider", required_argument, NULL, opt_provider }, { "help", no_argument, NULL, opt_help }, { 0 }, }; @@ -155,6 +133,7 @@ p11_kit_list_tokens (int argc, { opt_verbose, "show verbose debug output", }, { opt_quiet, "suppress command output", }, { opt_only_urls, "only print token URIs", }, + { opt_provider, "specify the module to use" }, { 0 }, }; @@ -173,6 +152,10 @@ p11_kit_list_tokens (int argc, only_uris = true; break; + case opt_provider: + provider = optarg; + break; + case opt_help: p11_tool_usage (usages, options); return 0; @@ -192,5 +175,25 @@ p11_kit_list_tokens (int argc, return 2; } - return list_tokens (*argv, only_uris); + tool = p11_tool_new (); + if (!tool) { + p11_message (_("failed to allocate memory")); + goto cleanup; + } + + if (p11_tool_set_uri (tool, *argv, P11_KIT_URI_FOR_TOKEN) != P11_KIT_URI_OK) { + p11_message (_("failed to parse URI")); + goto cleanup; + } + + if (!p11_tool_set_provider (tool, provider)) { + p11_message (_("failed to allocate memory")); + goto cleanup; + } + + ret = list_tokens (tool, only_uris); + cleanup: + p11_tool_free (tool); + + return ret; } diff --git a/p11-kit/lists.c b/p11-kit/lists.c index 007bb0f12..595ad4c2c 100644 --- a/p11-kit/lists.c +++ b/p11-kit/lists.c @@ -50,7 +50,7 @@ #include "message.h" #include "p11-kit.h" #include "print.h" -#include "tool.h" +#include "options.h" #include "uri.h" #ifdef ENABLE_NLS diff --git a/p11-kit/meson.build b/p11-kit/meson.build index c7a47f5a0..d3e151b7b 100644 --- a/p11-kit/meson.build +++ b/p11-kit/meson.build @@ -222,7 +222,8 @@ p11_kit_sources = [ 'list-tokens.c', 'lists.c', 'p11-kit.c', - 'print-config.c' + 'print-config.c', + 'tool.c' ] if host_system != 'windows' diff --git a/p11-kit/p11-kit.c b/p11-kit/p11-kit.c index a53d175d9..2b44d6cb0 100644 --- a/p11-kit/p11-kit.c +++ b/p11-kit/p11-kit.c @@ -57,7 +57,7 @@ #endif #define N_(x) (x) -#include "tool.h" +#include "options.h" int p11_kit_list_modules (int argc, char *argv[]); diff --git a/p11-kit/print-config.c b/p11-kit/print-config.c index 29daf3871..89daba1c2 100644 --- a/p11-kit/print-config.c +++ b/p11-kit/print-config.c @@ -39,7 +39,7 @@ #include "conf.h" #include "debug.h" #include "message.h" -#include "tool.h" +#include "options.h" #include #include diff --git a/p11-kit/remote.c b/p11-kit/remote.c index c3f017d5f..17c899c33 100644 --- a/p11-kit/remote.c +++ b/p11-kit/remote.c @@ -40,7 +40,7 @@ #include "message.h" #include "p11-kit.h" #include "remote.h" -#include "tool.h" +#include "options.h" #include #include diff --git a/p11-kit/server.c b/p11-kit/server.c index 886278fcf..bbf07600a 100644 --- a/p11-kit/server.c +++ b/p11-kit/server.c @@ -40,7 +40,7 @@ #include "path.h" #include "p11-kit.h" #include "remote.h" -#include "tool.h" +#include "options.h" #include #include diff --git a/p11-kit/test-list-tokens.sh b/p11-kit/test-list-tokens.sh index f933792e4..6d7ae27e6 100755 --- a/p11-kit/test-list-tokens.sh +++ b/p11-kit/test-list-tokens.sh @@ -26,6 +26,7 @@ usage: p11-kit list-tokens [--only-uris] pkcs11:token -v, --verbose show verbose debug output -q, --quiet suppress command output --only-uris only print token URIs + --provider=<...> specify the module to use EOF if "$abs_top_builddir"/p11-kit/p11-kit-testable list-tokens -q 2>&1 > list.out; then assert_fail "p11-kit list-tokens succeeded without token URI" @@ -79,4 +80,30 @@ EOF fi } -run test_list_tokens_without_uri test_list_tokens test_list_tokens_only_uris +test_list_tokens_provider() { + cat > list.exp < list.out; then + assert_fail "unable to run: p11-kit list-tokens --provider" + fi + + : ${DIFF=diff} + if ! ${DIFF} list.exp list.out > list.diff; then + sed 's/^/# /' list.diff + assert_fail "output contains incorrect result" + fi +} + +run test_list_tokens_without_uri test_list_tokens test_list_tokens_only_uris test_list_tokens_provider diff --git a/p11-kit/tool.c b/p11-kit/tool.c new file mode 100644 index 000000000..cfc302a8b --- /dev/null +++ b/p11-kit/tool.c @@ -0,0 +1,197 @@ +/* + * Copyright (c) 2023, Red Hat Inc. + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Daiki Ueno + */ + +#include "config.h" + +#include "tool.h" + +#include "debug.h" +#include +#include + +#ifdef OS_UNIX +#include "tty.h" +#endif + +struct p11_tool { + P11KitUri *uri; + bool login; + char *provider; + CK_FUNCTION_LIST **modules; +}; + +p11_tool * +p11_tool_new (void) +{ + return calloc (1, sizeof (p11_tool)); +} + +void +p11_tool_free (p11_tool *tool) +{ + if (!tool) + return; + p11_kit_uri_free (tool->uri); + if (tool->modules) + p11_kit_modules_finalize_and_release (tool->modules); + +#ifdef OS_UNIX + if (tool->login) + p11_kit_pin_unregister_callback ("tty", p11_pin_tty_callback, NULL); +#endif + + free (tool->provider); + free (tool); +} + +P11KitUriResult +p11_tool_set_uri (p11_tool *tool, + const char *string, + P11KitUriType type) +{ + P11KitUri *uri; + P11KitUriResult res; + + uri = p11_kit_uri_new (); + if (!uri) + return P11_KIT_URI_NO_MEMORY; + + res = p11_kit_uri_parse (string, type, uri); + if (res == P11_KIT_URI_OK) { + tool->uri = uri; + uri = NULL; + } + + p11_kit_uri_free (uri); + return res; +} + +void +p11_tool_set_login (p11_tool *tool, + bool login) +{ + tool->login = login; + +#ifdef OS_UNIX + /* Register a fallback PIN callback that reads from terminal. + * We don't care whether the registration succeeds as it is a fallback. + */ + if (tool->login) + (void)p11_kit_pin_register_callback ("tty", p11_pin_tty_callback, NULL, NULL); + else + p11_kit_pin_unregister_callback ("tty", p11_pin_tty_callback, NULL); +#endif +} + +bool +p11_tool_set_provider (p11_tool *tool, + const char *provider) +{ + free (tool->provider); + + if (provider) { + tool->provider = strdup (provider); + return tool->provider != NULL; + } else { + tool->provider = NULL; + return true; + } +} + +P11KitIter * +p11_tool_begin_iter (p11_tool *tool, + P11KitIterBehavior behavior) +{ + P11KitIter *iter = NULL; + + return_val_if_fail (tool, NULL); + + /* Iteration is already in progress */ + return_val_if_fail (!tool->modules, NULL); + + if (tool->provider) { + CK_FUNCTION_LIST **modules; + + modules = calloc (2, sizeof (CK_FUNCTION_LIST *)); + return_val_if_fail (modules, NULL); + + modules[0] = p11_kit_module_load (tool->provider, 0); + if (!modules[0]) { + free (modules); + return NULL; + } + + if (p11_kit_module_initialize (modules[0]) != CKR_OK) { + p11_kit_module_release (modules[0]); + free (modules); + return NULL; + } + + tool->modules = modules; + } else { + tool->modules = p11_kit_modules_load_and_initialize (0); + } + + if (!tool->modules) + return NULL; + + if (tool->login) { + behavior |= P11_KIT_ITER_WITH_LOGIN; +#ifdef OS_UNIX + p11_kit_uri_set_pin_source (tool->uri, "tty"); +#endif + } + + iter = p11_kit_iter_new (tool->uri, behavior); + if (!iter) + return NULL; + + p11_kit_iter_begin (iter, tool->modules); + + return iter; +} + +void +p11_tool_end_iter (p11_tool *tool, + P11KitIter *iter) +{ + /* No iteration has started yet */ + p11_kit_iter_free (iter); + + return_if_fail (tool->modules); + p11_kit_modules_finalize_and_release (tool->modules); + tool->modules = NULL; +} diff --git a/p11-kit/tool.h b/p11-kit/tool.h new file mode 100644 index 000000000..1817c34d4 --- /dev/null +++ b/p11-kit/tool.h @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2023, Red Hat Inc. + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Daiki Ueno + */ + +#ifndef P11_KIT_TOOL_H +#define P11_KIT_TOOL_H + +#include "compat.h" +#include "iter.h" +#include "pkcs11.h" +#include "uri.h" + +typedef struct p11_tool p11_tool; + +p11_tool *p11_tool_new (void); +void p11_tool_free (p11_tool *tool); +P11KitUriResult p11_tool_set_uri (p11_tool *tool, + const char *string, + P11KitUriType type); +void p11_tool_set_login (p11_tool *tool, + bool login); +bool p11_tool_set_provider + (p11_tool *tool, + const char *provider); +P11KitIter *p11_tool_begin_iter (p11_tool *tool, + P11KitIterBehavior behavior); +void p11_tool_end_iter (p11_tool *tool, + P11KitIter *iter); + +#endif /* P11_KIT_TOOL_H */ diff --git a/po/POTFILES.in b/po/POTFILES.in index fbe25c757..e64ef4586 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -1,6 +1,6 @@ # List of source files which contain translatable strings. +common/options.c common/persist.c -common/tool.c p11-kit/add-profile.c p11-kit/conf.c p11-kit/delete-object.c diff --git a/subprojects/pkcs11-json b/subprojects/pkcs11-json index f973d0f6a..404c02325 160000 --- a/subprojects/pkcs11-json +++ b/subprojects/pkcs11-json @@ -1 +1 @@ -Subproject commit f973d0f6acebbe7ab2f4ab027b5adb32b97a758a +Subproject commit 404c0232523d1cb0d219b25210d8ebbfde3486c7 diff --git a/trust/anchor.c b/trust/anchor.c index 76bcce0db..6d6c788ba 100644 --- a/trust/anchor.c +++ b/trust/anchor.c @@ -43,7 +43,7 @@ #include "extract.h" #include "message.h" #include "parser.h" -#include "tool.h" +#include "options.h" #include "pkcs11x.h" #include "p11-kit/iter.h" diff --git a/trust/check-format.c b/trust/check-format.c index 049bfc241..d74b3c663 100644 --- a/trust/check-format.c +++ b/trust/check-format.c @@ -41,7 +41,7 @@ #include "message.h" #include "persist.h" #include "print.h" -#include "tool.h" +#include "options.h" #include #include diff --git a/trust/dump.c b/trust/dump.c index 678fc5048..fd3f9e719 100644 --- a/trust/dump.c +++ b/trust/dump.c @@ -42,7 +42,7 @@ #include "enumerate.h" #include "message.h" #include "persist.h" -#include "tool.h" +#include "options.h" #include "url.h" #include "p11-kit/iter.h" diff --git a/trust/extract.c b/trust/extract.c index 10125f464..d87baafe2 100644 --- a/trust/extract.c +++ b/trust/extract.c @@ -43,7 +43,7 @@ #include "path.h" #include "pkcs11x.h" #include "save.h" -#include "tool.h" +#include "options.h" #include "digest.h" #include "p11-kit/iter.h" diff --git a/trust/list.c b/trust/list.c index 224437715..b8c0933ea 100644 --- a/trust/list.c +++ b/trust/list.c @@ -44,7 +44,7 @@ #include "message.h" #include "pkcs11x.h" #include "print.h" -#include "tool.h" +#include "options.h" #include "url.h" #include "p11-kit/iter.h" diff --git a/trust/trust.c b/trust/trust.c index edb5b5db7..3cff7fc8e 100644 --- a/trust/trust.c +++ b/trust/trust.c @@ -45,7 +45,7 @@ #include "debug.h" #include "message.h" #include "path.h" -#include "tool.h" +#include "options.h" #include #include