diff --git a/common/debug.h b/common/debug.h index 920c5d82..ea92ab25 100644 --- a/common/debug.h +++ b/common/debug.h @@ -24,7 +24,6 @@ #include #endif -#ifdef __linux__ #define ANSI_RED "\x1b[31m" #define ANSI_GREEN "\x1b[32m" #define ANSI_YELLOW "\x1b[33m" @@ -32,21 +31,14 @@ #define ANSI_MAGENTA "\x1b[35m" #define ANSI_CYAN "\x1b[36m" #define ANSI_RESET "\x1b[0m" -#else -#define ANSI_RED "" -#define ANSI_GREEN "" -#define ANSI_YELLOW "" -#define ANSI_BLUE "" -#define ANSI_MAGENTA "" -#define ANSI_CYAN "" -#define ANSI_RESET "" -#endif - -#define __FILENAME__ \ - (strrchr(__FILE__, '/') ? strrchr(__FILE__, '/') + 1 : __FILE__) #ifdef _MSVC #define localtime_r(a, b) localtime_s(b, a) +#define __FILENAME__ \ + (strrchr(__FILE__, '\\') ? strrchr(__FILE__, '\\') + 1 : __FILE__) +#else +#define __FILENAME__ \ + (strrchr(__FILE__, '/') ? strrchr(__FILE__, '/') + 1 : __FILE__) #endif #define D(var, file, col, who, lev, ...) \ diff --git a/examples/p11_generate_rsa.c b/examples/p11_generate_rsa.c index 344c2739..8d554f4e 100644 --- a/examples/p11_generate_rsa.c +++ b/examples/p11_generate_rsa.c @@ -31,18 +31,27 @@ int main(int argc, char *argv[]) { exit(EXIT_FAILURE); } - CK_C_GetFunctionList fn; void *handle = dlopen(argv[1], RTLD_NOW | RTLD_GLOBAL); assert(handle != NULL); + CK_C_GetFunctionList fn; *(void **) (&fn) = dlsym(handle, "C_GetFunctionList"); assert(fn != NULL); - CK_FUNCTION_LIST_PTR p11; + CK_FUNCTION_LIST_PTR p11 = NULL; CK_RV rv = fn(&p11); assert(rv == CKR_OK); - rv = p11->C_Initialize(NULL_PTR); + char config[256] = {0}; + CK_C_INITIALIZE_ARGS initArgs = {0}; + const char *connector_url = getenv("DEFAULT_CONNECTOR_URL"); + if (connector_url) { + assert(strlen(connector_url) + strlen("connector=") < 256); + sprintf(config, "connector=%s", connector_url); + initArgs.pReserved = (void *) config; + } + + rv = p11->C_Initialize(&initArgs); assert(rv == CKR_OK); CK_SESSION_HANDLE session; diff --git a/pkcs11/tests/common.c b/pkcs11/tests/common.c index c651bebb..b8171710 100644 --- a/pkcs11/tests/common.c +++ b/pkcs11/tests/common.c @@ -42,7 +42,7 @@ CK_FUNCTION_LIST_PTR get_function_list(void *handle) { *(void **) (&fn) = dlsym(handle, "C_GetFunctionList"); assert(fn != NULL); - CK_FUNCTION_LIST_PTR p11; + CK_FUNCTION_LIST_PTR p11 = NULL; CK_RV rv = fn(&p11); assert(rv == CKR_OK); @@ -50,19 +50,17 @@ CK_FUNCTION_LIST_PTR get_function_list(void *handle) { } CK_SESSION_HANDLE open_session(CK_FUNCTION_LIST_PTR p11) { - CK_SESSION_HANDLE session; - CK_C_INITIALIZE_ARGS initArgs; - memset(&initArgs, 0, sizeof(initArgs)); - - const char *connector_url; - connector_url = getenv("DEFAULT_CONNECTOR_URL"); - if (connector_url == NULL) { - connector_url = DEFAULT_CONNECTOR_URL; + CK_SESSION_HANDLE session = 0; + CK_C_INITIALIZE_ARGS initArgs = {0}; + + char config[256] = {0}; + const char *connector_url = getenv("DEFAULT_CONNECTOR_URL"); + if (connector_url) { + assert(strlen(connector_url) + strlen("connector=") < 256); + sprintf(config, "connector=%s", connector_url); + initArgs.pReserved = (void *) config; } - char config[256]; - assert(strlen(connector_url) + strlen("connector=") < 256); - sprintf(config, "connector=%s", connector_url); - initArgs.pReserved = (void *) config; + CK_RV rv = p11->C_Initialize(&initArgs); assert(rv == CKR_OK); diff --git a/pkcs11/yubihsm_pkcs11.c b/pkcs11/yubihsm_pkcs11.c index 74514afb..b61cded9 100644 --- a/pkcs11/yubihsm_pkcs11.c +++ b/pkcs11/yubihsm_pkcs11.c @@ -39,6 +39,8 @@ #endif #ifdef _MSVC +#define S_ISLNK S_ISREG +#define S_ISREG(m) (((m) &S_IFMT) == S_IFREG) #define strtok_r strtok_s #endif @@ -112,9 +114,9 @@ CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs) { CK_C_INITIALIZE_ARGS_PTR init_args = pInitArgs; - yh_dbg_init(false, false, 0, "stderr"); + yh_dbg_init(0, 0, 0, "stderr"); - if (pInitArgs != NULL) { + if (init_args != NULL) { if ((init_args->flags & CKF_OS_LOCKING_OK) == 0 && init_args->CreateMutex == NULL && init_args->DestroyMutex == NULL && init_args->LockMutex == NULL && init_args->UnlockMutex == NULL) { @@ -163,157 +165,181 @@ CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs) { g_ctx.mutex = NULL; } - struct cmdline_parser_params params = {0}; + int argc = 1; + char *argv[128] = {"yubihsm_pkcs11"}; + char *args = 0; + + if (init_args && init_args->pReserved) { + char *str = args = strdup(init_args->pReserved); + char *save = 0; + char *part = 0; + while (argc < (int) (sizeof(argv) / sizeof(argv[0])) && + (part = strtok_r(str, " \r\n\t", &save))) { + size_t len = strlen(part) + 8; + argv[argc] = malloc(len); + snprintf(argv[argc], len, "--%s", part); + DBG_INFO("Option '%s' added from pReserved", argv[argc]); + argc++; + str = 0; + } + } + struct cmdline_parser_params params = {0}; struct gengetopt_args_info args_info = {0}; cmdline_parser_params_init(¶ms); + params.check_required = 0; - params.initialize = 1; - params.check_required = 1; + int rc = cmdline_parser_ext(argc, argv, &args_info, ¶ms); - char *tmp = ""; + for (int i = 1; i < argc; i++) { + free(argv[i]); + argv[i] = 0; + } - if (cmdline_parser(0, &tmp, &args_info) != 0) { - DBG_ERR("Unable to initialize ggo structure"); + if (rc) { + DBG_ERR("Unable to parse pReserved command line"); return CKR_FUNCTION_FAILED; } params.initialize = 0; params.override = 1; - char *args = NULL; - char *args_parsed = NULL; - - yh_connector **connector_list = NULL; - - if (init_args != NULL && init_args->pReserved != NULL) { - args = strdup(init_args->pReserved); - if (args == NULL) { - DBG_ERR("Failed copying reserved string"); + const char *opts = getenv("YUBIHSM_PKCS11_OPTS"); + if (opts) { + if (cmdline_parser_string_ext(opts, &args_info, argv[0], ¶ms) != 0) { + DBG_ERR("Unable to parse YUBIHSM_PKCS11_OPTS"); return CKR_FUNCTION_FAILED; } + } - char *str = args; - char *save = NULL; - char *part; - while ((part = strtok_r(str, " \r\n\t", &save))) { - str = NULL; - size_t len = args_parsed ? strlen(args_parsed) : 0; - char *new_args = realloc(args_parsed, len + strlen(part) + 4); - if (new_args) { - args_parsed = new_args; - sprintf(args_parsed + len, "--%s ", part); - } else { - DBG_ERR("Failed allocating memory for args"); - goto c_i_failure; - } + const char *conf = getenv("YUBIHSM_PKCS11_CONF"); + if (conf) { + char opt[1024]; + snprintf(opt, sizeof(opt), "--config-file=%s", conf); + if (cmdline_parser_string_ext(opt, &args_info, argv[0], ¶ms) != 0) { + DBG_ERR("Unable to parse YUBIHSM_PKCS11_CONF"); + return CKR_FUNCTION_FAILED; } + } - DBG_INFO("Now parsing supplied init args as '%s'", args_parsed); + params.override = 0; - if (cmdline_parser_string_ext(args_parsed, &args_info, - "yubihsm_pkcs11 module", ¶ms) != 0) { - DBG_ERR("Parsing of the reserved init args '%s' failed", args); - goto c_i_failure; + struct stat sb = {0}; + if (stat(args_info.config_file_arg, &sb) == 0) { + if (S_ISREG(sb.st_mode) || S_ISLNK(sb.st_mode)) { + DBG_INFO("Using config file '%s'", args_info.config_file_arg); + if (cmdline_parser_config_file(args_info.config_file_arg, &args_info, + ¶ms) != 0) { + DBG_ERR("Unable to parse configuration file '%s'", + args_info.config_file_arg); + return CKR_FUNCTION_FAILED; + } + } else { + DBG_WARN("Config file '%s' is not a regular file", + args_info.config_file_arg); } - - free(args); - args = NULL; - free(args_parsed); - args_parsed = NULL; + } else { + DBG_WARN("Couldn't stat config file '%s'", args_info.config_file_arg); } - // NOTE(thorduri): #TOCTOU - char *config_file = args_info.config_file_arg; - struct stat sb = {0}; - if (stat(config_file, &sb) == -1) { - config_file = getenv("YUBIHSM_PKCS11_CONF"); + if (!args_info.connector_given) { + if (cmdline_parser_string_ext("--connector=" YH_USB_URL_SCHEME, &args_info, + argv[0], ¶ms) != 0) { + DBG_ERR("Unable to parse default connector command line '%s'", argv[1]); + return CKR_FUNCTION_FAILED; + } } - params.override = 0; - - if (config_file != NULL && - cmdline_parser_config_file(config_file, &args_info, ¶ms) != 0) { - DBG_ERR("Unable to parse configuration file"); + if (cmdline_parser_required(&args_info, argv[0]) != 0) { + DBG_ERR("Required configuration options missing"); return CKR_FUNCTION_FAILED; } yh_dbg_init(args_info.debug_flag, args_info.dinout_flag, args_info.libdebug_flag, args_info.debug_file_arg); + DBG_INFO("Found %u configured connector(s)", args_info.connector_given); + // NOTE(adma): it's better to set the argument optional and check its presence // here - if (args_info.connector_given == 0) { - DBG_ERR("No connector defined"); - return CKR_FUNCTION_FAILED; - } - if (yh_init() != YHR_SUCCESS) { DBG_ERR("Unable to initialize libyubihsm"); return CKR_FUNCTION_FAILED; } - DBG_INFO("Found %u configured connector(s)", args_info.connector_given); + unsigned int n = 0; + char **name_list = 0; - connector_list = calloc(args_info.connector_given, sizeof(yh_connector *)); + yh_connector **connector_list = + calloc(args_info.connector_given, sizeof(yh_connector *)); if (connector_list == NULL) { DBG_ERR("Failed allocating memory"); goto c_i_failure; } - size_t n_connectors = 0; + + name_list = calloc(args_info.connector_given, sizeof(char *)); + if (name_list == NULL) { + DBG_ERR("Failed allocating memory"); + goto c_i_failure; + } + for (unsigned int i = 0; i < args_info.connector_given; i++) { - if (yh_init_connector(args_info.connector_arg[i], &connector_list[i]) != + if (yh_init_connector(args_info.connector_arg[i], &connector_list[n]) != YHR_SUCCESS) { - DBG_ERR("Failed to init connector"); - goto c_i_failure; + DBG_ERR("Failed to init connector '%s'", args_info.connector_arg[i]); + continue; } if (args_info.cacert_given) { - if (yh_set_connector_option(connector_list[i], YH_CONNECTOR_HTTPS_CA, + if (yh_set_connector_option(connector_list[n], YH_CONNECTOR_HTTPS_CA, args_info.cacert_arg) != YHR_SUCCESS) { DBG_ERR("Failed to set HTTPS CA option"); goto c_i_failure; } } if (args_info.cert_given) { - if (yh_set_connector_option(connector_list[i], YH_CONNECTOR_HTTPS_CERT, + if (yh_set_connector_option(connector_list[n], YH_CONNECTOR_HTTPS_CERT, args_info.cert_arg) != YHR_SUCCESS) { DBG_ERR("Failed to set HTTPS cert option"); goto c_i_failure; } } if (args_info.key_given) { - if (yh_set_connector_option(connector_list[i], YH_CONNECTOR_HTTPS_KEY, + if (yh_set_connector_option(connector_list[n], YH_CONNECTOR_HTTPS_KEY, args_info.key_arg) != YHR_SUCCESS) { DBG_ERR("Failed to set HTTPS key option"); goto c_i_failure; } } if (args_info.proxy_given) { - if (yh_set_connector_option(connector_list[i], YH_CONNECTOR_PROXY_SERVER, + if (yh_set_connector_option(connector_list[n], YH_CONNECTOR_PROXY_SERVER, args_info.proxy_arg) != YHR_SUCCESS) { DBG_ERR("Failed to set proxy server option"); goto c_i_failure; } } if (args_info.noproxy_given) { - if (yh_set_connector_option(connector_list[i], YH_CONNECTOR_NOPROXY, + if (yh_set_connector_option(connector_list[n], YH_CONNECTOR_NOPROXY, args_info.noproxy_arg) != YHR_SUCCESS) { DBG_ERR("Failed to set noproxy option"); goto c_i_failure; } } - if (yh_connect(connector_list[i], args_info.timeout_arg) != YHR_SUCCESS) { + if (yh_connect(connector_list[n], args_info.timeout_arg) != YHR_SUCCESS) { DBG_ERR("Failed to connect '%s'", args_info.connector_arg[i]); - continue; + yh_disconnect(connector_list[n]); } else { - n_connectors++; + name_list[n++] = args_info.connector_arg[i]; } } - if (add_connectors(&g_ctx, args_info.connector_given, args_info.connector_arg, - connector_list) == false) { + if (n == 0) { + DBG_ERR("No usable connector found"); + goto c_i_failure; + } + + if (add_connectors(&g_ctx, n, name_list, connector_list) == false) { DBG_ERR("Failed building connectors list"); goto c_i_failure; } @@ -330,10 +356,13 @@ CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs) { list_append(&g_ctx.device_pubkeys, pk); } + free(args); + cmdline_parser_free(&args_info); free(connector_list); + free(name_list); - DBG_INFO("Found %zu usable connector(s)", n_connectors); + DBG_INFO("Found %u usable connector(s)", n); DBG_INFO("Found %d configured device public key(s)", g_ctx.device_pubkeys.length); @@ -345,7 +374,6 @@ CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs) { c_i_failure: - free(args_parsed); free(args); list_iterate(&g_ctx.slots, destroy_slot_mutex); @@ -353,13 +381,14 @@ CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs) { list_destroy(&g_ctx.device_pubkeys); if (connector_list) { - for (unsigned int i = 0; i < args_info.connector_given; i++) { + for (unsigned int i = 0; i < n; i++) { yh_disconnect(connector_list[i]); } } cmdline_parser_free(&args_info); free(connector_list); + free(name_list); if (g_ctx.mutex != NULL) { g_ctx.destroy_mutex(g_ctx.mutex); @@ -441,7 +470,7 @@ CK_DEFINE_FUNCTION(CK_RV, C_GetInfo)(CK_INFO_PTR pInfo) { CK_DEFINE_FUNCTION(CK_RV, C_GetFunctionList) (CK_FUNCTION_LIST_PTR_PTR ppFunctionList) { - yh_dbg_init(false, false, 0, "stderr"); + yh_dbg_init(0, 0, 0, "stderr"); DIN; diff --git a/src/main.c b/src/main.c index de1a8c8e..6b20ff90 100644 --- a/src/main.c +++ b/src/main.c @@ -55,8 +55,6 @@ #include #include -// TODO: cheat on windows, cheat better? -#define S_ISLNK S_ISREG #else #include #include @@ -68,6 +66,7 @@ History *g_hist; #endif #ifdef _MSVC +#define S_ISLNK S_ISREG #define S_ISREG(m) (((m) &S_IFMT) == S_IFREG) #define strcasecmp _stricmp #define strncasecmp _strnicmp @@ -1854,10 +1853,9 @@ int main(int argc, char *argv[]) { g_ctx.out = stdout; cmdline_parser_params_init(¶ms); - params.initialize = 1; params.check_required = 0; - if (cmdline_parser(argc, argv, &args_info) != 0) { + if (cmdline_parser_ext(argc, argv, &args_info, ¶ms) != 0) { return EXIT_FAILURE; }