DNSSEC: add ipapk11helper module

Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417

Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>

.gitignore

@@ -70,6 +70,7 @@ freeipa2-dev-doc
 /ipapython/version.py
 !/ipapython/Makefile
 !/ipapython/py_default_encoding/Makefile
+!/ipapython/ipap11helper/Makefile
 
 /ipaplatform/setup.py
 /ipaplatform/tasks.py

freeipa.spec.in

@@ -831,10 +831,12 @@ fi
 %dir %{python_sitelib}/ipaplatform
 %{python_sitelib}/ipaplatform/*
 %attr(0644,root,root) %{python_sitearch}/default_encoding_utf8.so
+%attr(0644,root,root) %{python_sitearch}/_ipap11helper.so
 %{python_sitelib}/ipapython-*.egg-info
 %{python_sitelib}/freeipa-*.egg-info
 %{python_sitelib}/ipaplatform-*.egg-info
 %{python_sitearch}/python_default_encoding-*.egg-info
+%{python_sitearch}/_ipap11helper-*.egg-info
 %dir %attr(0755,root,root) %{_sysconfdir}/ipa/
 %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
 %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt

ipapython/Makefile

@@ -3,7 +3,7 @@ PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/ipa
 CONFIGDIR ?= $(DESTDIR)/etc/ipa
 TESTS = $(wildcard test/*.py)
 
-SUBDIRS = py_default_encoding
+SUBDIRS = py_default_encoding ipap11helper
 
 all:
 	@for subdir in $(SUBDIRS); do \

ipapython/ipap11helper/Makefile

@@ -0,0 +1,20 @@
+PYTHONLIBDIR ?= $(shell  python2 -c "from distutils.sysconfig import *; print get_python_lib()")
+PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/ipa
+CONFIGDIR ?= $(DESTDIR)/etc/ipa
+
+all:
+	python2 setup.py build
+
+install:
+	if [ "$(DESTDIR)" = "" ]; then \
+		python2 setup.py install; \
+	else \
+		python2 setup.py install --root $(DESTDIR); \
+	fi
+
+clean:
+	rm -rf build
+
+distclean: clean
+
+maintainer-clean: distclean

ipapython/ipap11helper/library.c

@@ -0,0 +1,86 @@
+/*
+ * Copyright (C) 2014  FreeIPA Contributors see COPYING for license
+ *
+ * This code is based on PKCS#11 code from SoftHSM project:
+ * https://github.com/opendnssec/SoftHSMv2/
+ * Original license follows:
+ */
+/*
+ * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation)
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ library.c
+
+ Support function for handling PKCS#11 libraries
+ *****************************************************************************/
+
+#include "library.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <dlfcn.h>
+
+// Load the PKCS#11 library
+CK_C_GetFunctionList loadLibrary(char* module, void** moduleHandle)
+{
+	CK_C_GetFunctionList pGetFunctionList = NULL;
+
+	void* pDynLib = NULL;
+
+	// Load PKCS #11 library
+	if (module)
+	{
+		pDynLib = dlopen(module, RTLD_NOW | RTLD_LOCAL);
+	}
+	/*
+	else
+	{
+		pDynLib = dlopen(DEFAULT_PKCS11_LIB, RTLD_NOW | RTLD_LOCAL);
+	}
+	*/
+
+	if (pDynLib == NULL)
+	{
+		// Failed to load the PKCS #11 library
+		return NULL;
+	}
+
+	// Retrieve the entry point for C_GetFunctionList
+	pGetFunctionList = (CK_C_GetFunctionList) dlsym(pDynLib, "C_GetFunctionList");
+
+	// Store the handle so we can dlclose it later
+	*moduleHandle = pDynLib;
+
+	return pGetFunctionList;
+}
+
+void unloadLibrary(void* moduleHandle)
+{
+	if (moduleHandle)
+	{
+		dlclose(moduleHandle);
+	}
+}

ipapython/ipap11helper/library.h

@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2014  FreeIPA Contributors see COPYING for license
+ *
+ * This code is based on PKCS#11 code from SoftHSM project:
+ * https://github.com/opendnssec/SoftHSMv2/
+ * Original license follows:
+ */
+/*
+ * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation)
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ library.h
+
+ Support function for handling PKCS#11 libraries
+ *****************************************************************************/
+
+#ifndef _SOFTHSM_V2_BIN_LIBRARY_H
+#define _SOFTHSM_V2_BIN_LIBRARY_H
+
+#include <p11-kit/pkcs11.h>
+
+CK_C_GetFunctionList loadLibrary(char* module, void** moduleHandle);
+void unloadLibrary(void* moduleHandle);
+
+#endif // !_SOFTHSM_V2_BIN_LIBRARY_H

ipapython/ipap11helper/setup.py

@@ -0,0 +1,44 @@
+#!/usr/bin/python
+#
+# Copyright (C) 2014  FreeIPA Contributors see COPYING for license
+#
+
+from distutils.core import setup, Extension
+from distutils.sysconfig import get_python_inc
+import sys
+import os
+
+python_header = os.path.join(get_python_inc(plat_specific=0), 'Python.h')
+if not os.path.exists(python_header):
+    sys.exit("Cannot find Python development packages that provide Python.h")
+
+module = Extension('_ipap11helper',
+                   define_macros = [],
+                   include_dirs = [],
+                   libraries = ['dl', 'crypto', 'p11-kit'],
+                   library_dirs = [],
+                   extra_compile_args = [
+                       '-std=c99',
+                       '-I/usr/include/p11-kit-1',
+                       '-ggdb3',
+                       '-O2',
+                       '-W',
+                       '-pedantic',
+                       '-Wall',
+                       '-Wno-unused-parameter',
+                       '-Wbad-function-cast',
+                       '-Wextra',
+                   ],
+                   sources = ['p11helper.c', 'library.c'])
+
+setup(name='_ipap11helper',
+      version='0.1',
+      description='FreeIPA pkcs11 helper',
+      author='Martin Basti, Petr Spacek',
+      author_email='mbasti@redhat.com, pspacek@redhat.com',
+      license='GPLv2+',
+      url='http://www.freeipa.org',
+      long_description="""
+      FreeIPA pkcs11 key manipulation utils.
+""",
+      ext_modules = [module])