remote: Run separate executable binary for 'p11-kit remote'

This allows security frameworks like SELinux or AppArmor to target it specifically.
author: Stef Walter <stefw@redhat.com> 2014-10-01 17:34:02 +0200
committer: Stef Walter <stefw@redhat.com> 2014-10-02 11:44:02 +0200
commit: a3b1e1c2f2c8c1f14293d8158b6dfeb2a6560908 (patch)
tree: 0f24ca1420aca2c6171bd6bea9d71d22bc996236 /p11-kit/rpc-server.c
parent: 76f230ced6e9ca2a598988bc00b7b971208e8f64 (diff)
download: p11-kit-a3b1e1c2f2c8c1f14293d8158b6dfeb2a6560908.tar.gz
1 files changed, 101 insertions, 0 deletions
diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c
index b8288c9..a2562e9 100644
--- a/p11-kit/rpc-server.c
+++ b/p11-kit/rpc-server.c
@@ -41,6 +41,7 @@
 #include "library.h"
 #include "private.h"
 #include "message.h"
+#include "remote.h"
 #include "rpc.h"
 #include "rpc-message.h"
 
@@ -1901,3 +1902,103 @@ p11_rpc_server_handle (CK_X_FUNCTION_LIST *self,
 	p11_rpc_message_clear (&msg);
 	return true;
 }
+
+int
+p11_kit_remote_serve_module (CK_FUNCTION_LIST *module,
+                             int in_fd,
+                             int out_fd)
+{
+	p11_rpc_status status;
+	unsigned char version;
+	p11_virtual virt;
+	p11_buffer options;
+	p11_buffer buffer;
+	size_t state;
+	int ret = 1;
+	int code;
+
+	return_val_if_fail (module != NULL, 1);
+
+	p11_buffer_init (&options, 0);
+	p11_buffer_init (&buffer, 0);
+
+	p11_virtual_init (&virt, &p11_virtual_base, module, NULL);
+
+	switch (read (in_fd, &version, 1)) {
+	case 0:
+		goto out;
+	case 1:
+		if (version != 0) {
+			p11_message ("unspported version received: %d", (int)version);
+			goto out;
+		}
+		break;
+	default:
+		p11_message_err (errno, "couldn't read credential byte");
+		goto out;
+	}
+
+	version = 0;
+	switch (write (out_fd, &version, out_fd)) {
+	case 1:
+		break;
+	default:
+		p11_message_err (errno, "couldn't write credential byte");
+		goto out;
+	}
+
+	status = P11_RPC_OK;
+	while (status == P11_RPC_OK) {
+		state = 0;
+		code = 0;
+
+		do {
+			status = p11_rpc_transport_read (in_fd, &state, &code,
+			                                 &options, &buffer);
+		} while (status == P11_RPC_AGAIN);
+
+		switch (status) {
+		case P11_RPC_OK:
+			break;
+		case P11_RPC_EOF:
+			ret = 0;
+			continue;
+		case P11_RPC_AGAIN:
+			assert_not_reached ();
+		case P11_RPC_ERROR:
+			p11_message_err (errno, "failed to read rpc message");
+			goto out;
+		}
+
+		if (!p11_rpc_server_handle (&virt.funcs, &buffer, &buffer)) {
+			p11_message ("unexpected error handling rpc message");
+			goto out;
+		}
+
+		state = 0;
+		options.len = 0;
+		do {
+			status = p11_rpc_transport_write (out_fd, &state, code,
+			                                  &options, &buffer);
+		} while (status == P11_RPC_AGAIN);
+
+		switch (status) {
+		case P11_RPC_OK:
+			break;
+		case P11_RPC_EOF:
+		case P11_RPC_AGAIN:
+			assert_not_reached ();
+		case P11_RPC_ERROR:
+			p11_message_err (errno, "failed to write rpc message");
+			goto out;
+		}
+	}
+
+out:
+	p11_buffer_uninit (&buffer);
+	p11_buffer_uninit (&options);
+
+	p11_virtual_uninit (&virt);
+
+	return ret;
+}
author	Stef Walter <stefw@redhat.com>	2014-10-01 17:34:02 +0200
committer	Stef Walter <stefw@redhat.com>	2014-10-02 11:44:02 +0200
commit	a3b1e1c2f2c8c1f14293d8158b6dfeb2a6560908 (patch)
tree	0f24ca1420aca2c6171bd6bea9d71d22bc996236 /p11-kit/rpc-server.c
parent	76f230ced6e9ca2a598988bc00b7b971208e8f64 (diff)
download	p11-kit-a3b1e1c2f2c8c1f14293d8158b6dfeb2a6560908.tar.gz