Make 'provider' option to --show-pkcs11-ids optional where p11-kit is present

Trac: 490 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1418905506.21260.6.camel@infradead.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/9355 Signed-off-by: Gert Doering <gert@greenie.muc.de>
2024-09-20 12:02:28 +02:00 · 2014-12-18 12:25:06 +00:00 · 2014-12-18 12:25:06 +00:00 · a91a06cb29
commit a91a06cb29
parent 6f1d3cf062
2 changed files with 36 additions and 3 deletions
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@ -5461,11 +5461,17 @@ adapter list.
 .SS PKCS#11 Standalone Options:
 .\"*********************************************************
 .TP
-.B \-\-show-pkcs11-ids provider [cert_private]
+.B \-\-show-pkcs11-ids [provider] [cert_private]
 (Standalone)
 Show PKCS#11 token object list. Specify cert_private as 1
 if certificates are stored as private objects.

+If p11-kit is present on the system, the
+.B provider
+argument is optional; if omitted the default
+.B p11-kit-proxy.so
+module will be queried.
+
 .B \-\-verb
 option can be used BEFORE this option to produce debugging information.
 .\"*********************************************************
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@ -740,7 +740,11 @@ static const char usage_message[] =
 #ifdef ENABLE_PKCS11
  "\n"
  "PKCS#11 standalone options:\n"
-  "--show-pkcs11-ids provider [cert_private] : Show PKCS#11 available ids.\n" 
+#ifdef DEFAULT_PKCS11_MODULE
+  "--show-pkcs11-ids [provider] [cert_private] : Show PKCS#11 available ids.\n"
+#else
+  "--show-pkcs11-ids provider [cert_private] : Show PKCS#11 available ids.\n"
+#endif
  "                                            --verb option can be added *BEFORE* this.\n"
 #endif				/* ENABLE_PKCS11 */
  "\n"
@ -6930,11 +6934,34 @@ add_option (struct options *options,
 #endif /* ENABLE_SSL */
 #endif /* ENABLE_CRYPTO */
 #ifdef ENABLE_PKCS11
-  else if (streq (p[0], "show-pkcs11-ids") && p[1])
+  else if (streq (p[0], "show-pkcs11-ids"))
    {
      char *provider =  p[1];
      bool cert_private = (p[2] == NULL ? false : ( atoi (p[2]) != 0 ));

+#ifdef DEFAULT_PKCS11_MODULE
+      if (!provider)
+	provider = DEFAULT_PKCS11_MODULE;
+      else if (!p[2])
+        {
+	  char *endp = NULL;
+	  int i = strtol(provider, &endp, 10);
+
+	  if (*endp == 0)
+	    {
+	      /* There was one argument, and it was purely numeric.
+		 Interpret it as the cert_private argument */
+	      provider = DEFAULT_PKCS11_MODULE;
+	      cert_private = i;
+	    }
+        }
+#else
+      if (!provider)
+	{
+	  msg (msglevel, "--show-pkcs11-ids requires a provider parameter");
+            goto err;
+	}
+#endif
      VERIFY_PERMISSION (OPT_P_GENERAL);

      set_debug_level (options->verbosity, SDL_CONSTRAIN);