logind: implement maintenance time

[thirdparty/systemd.git] / src / shared / pkcs11-util.h

diff --git a/src/shared/pkcs11-util.h b/src/shared/pkcs11-util.h
index f8195d7a369a0175e294d12b9c734520d54c09d2..000a127c97d2e3321d03a920a7cb87ba95d9e6ed 100644 (file)
--- a/src/shared/pkcs11-util.h
+++ b/src/shared/pkcs11-util.h
@@ -1,6 +1,10 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 #pragma once
 
+#if HAVE_OPENSSL
+#  include <openssl/evp.h>
+#  include <openssl/x509.h>
+#endif
 #include <stdbool.h>
 
 #if HAVE_P11KIT
@@ -8,33 +12,53 @@
 #  include <p11-kit/uri.h>
 #endif
 
+#include "ask-password-api.h"
+#include "dlfcn-util.h"
 #include "macro.h"
-#include "openssl-util.h"
 #include "time-util.h"
 
 bool pkcs11_uri_valid(const char *uri);
 
 #if HAVE_P11KIT
+extern DLSYM_PROTOTYPE(p11_kit_module_get_name);
+extern DLSYM_PROTOTYPE(p11_kit_modules_finalize_and_release);
+extern DLSYM_PROTOTYPE(p11_kit_modules_load_and_initialize);
+extern DLSYM_PROTOTYPE(p11_kit_strerror);
+extern DLSYM_PROTOTYPE(p11_kit_uri_format);
+extern DLSYM_PROTOTYPE(p11_kit_uri_free);
+extern DLSYM_PROTOTYPE(p11_kit_uri_get_attributes);
+extern DLSYM_PROTOTYPE(p11_kit_uri_get_attribute);
+extern DLSYM_PROTOTYPE(p11_kit_uri_set_attribute);
+extern DLSYM_PROTOTYPE(p11_kit_uri_get_module_info);
+extern DLSYM_PROTOTYPE(p11_kit_uri_get_slot_info);
+extern DLSYM_PROTOTYPE(p11_kit_uri_get_token_info);
+extern DLSYM_PROTOTYPE(p11_kit_uri_match_token_info);
+extern DLSYM_PROTOTYPE(p11_kit_uri_message);
+extern DLSYM_PROTOTYPE(p11_kit_uri_new);
+extern DLSYM_PROTOTYPE(p11_kit_uri_parse);
+
 int uri_from_string(const char *p, P11KitUri **ret);
 
 P11KitUri *uri_from_module_info(const CK_INFO *info);
 P11KitUri *uri_from_slot_info(const CK_SLOT_INFO *slot_info);
 P11KitUri *uri_from_token_info(const CK_TOKEN_INFO *token_info);
 
-DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(P11KitUri*, p11_kit_uri_free, NULL);
-DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(CK_FUNCTION_LIST**, p11_kit_modules_finalize_and_release, NULL);
+DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(P11KitUri*, sym_p11_kit_uri_free, NULL);
+DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(CK_FUNCTION_LIST**, sym_p11_kit_modules_finalize_and_release, NULL);
 
 CK_RV pkcs11_get_slot_list_malloc(CK_FUNCTION_LIST *m, CK_SLOT_ID **ret_slotids, CK_ULONG *ret_n_slotids);
 
-char *pkcs11_token_label(const CK_TOKEN_INFO *token_info);
-char *pkcs11_token_manufacturer_id(const CK_TOKEN_INFO *token_info);
-char *pkcs11_token_model(const CK_TOKEN_INFO *token_info);
+char* pkcs11_token_label(const CK_TOKEN_INFO *token_info);
+char* pkcs11_token_manufacturer_id(const CK_TOKEN_INFO *token_info);
+char* pkcs11_token_model(const CK_TOKEN_INFO *token_info);
 
 int pkcs11_token_login_by_pin(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, const CK_TOKEN_INFO *token_info, const char *token_label, const void *pin, size_t pin_size);
-int pkcs11_token_login(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_TOKEN_INFO *token_info, const char *friendly_name, const char *icon_name, const char *key_name, const char *credential_name, usec_t until, bool headless, char **ret_used_pin);
+int pkcs11_token_login(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_SLOT_ID slotid, const CK_TOKEN_INFO *token_info, const char *friendly_name, const char *icon_name, const char *key_name, const char *credential_name, usec_t until, AskPasswordFlags ask_password_flags, char **ret_used_pin);
 
+int pkcs11_token_find_related_object(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE prototype, CK_OBJECT_CLASS class, CK_OBJECT_HANDLE *ret_object);
 int pkcs11_token_find_x509_certificate(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, P11KitUri *search_uri, CK_OBJECT_HANDLE *ret_object);
 #if HAVE_OPENSSL
+int pkcs11_token_read_public_key(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, EVP_PKEY **ret_pkey);
 int pkcs11_token_read_x509_certificate(CK_FUNCTION_LIST *m, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, X509 **ret_cert);
 #endif
 
@@ -47,7 +71,7 @@ typedef int (*pkcs11_find_token_callback_t)(CK_FUNCTION_LIST *m, CK_SESSION_HAND
 int pkcs11_find_token(const char *pkcs11_uri, pkcs11_find_token_callback_t callback, void *userdata);
 
 #if HAVE_OPENSSL
-int pkcs11_acquire_certificate(const char *uri, const char *askpw_friendly_name, const char *askpw_icon_name, X509 **ret_cert, char **ret_pin_used);
+int pkcs11_acquire_public_key(const char *uri, const char *askpw_friendly_name, const char *askpw_icon, const char *askpw_credential, AskPasswordFlags askpw_flags, EVP_PKEY **ret_pkey, char **ret_pin_used);
 #endif
 
 typedef struct {
@@ -58,7 +82,8 @@ typedef struct {
         void *decrypted_key;
         size_t decrypted_key_size;
         bool free_encrypted_key;
-        bool headless;
+        const char *askpw_credential;
+        AskPasswordFlags askpw_flags;
 } pkcs11_crypt_device_callback_data;
 
 void pkcs11_crypt_device_callback_data_release(pkcs11_crypt_device_callback_data *data);
@@ -72,12 +97,21 @@ int pkcs11_crypt_device_callback(
                 P11KitUri *uri,
                 void *userdata);
 
+int dlopen_p11kit(void);
+
+#else
+
+static inline int dlopen_p11kit(void) {
+        return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "p11kit support is not compiled in.");
+}
+
 #endif
 
 typedef struct {
         const char *friendly_name;
         usec_t until;
-        bool headless;
+        const char *askpw_credential;
+        AskPasswordFlags askpw_flags;
 } systemd_pkcs11_plugin_params;
 
 int pkcs11_list_tokens(void);