diff --git a/security/nss/lib/pk11wrap/pk11modu.c b/security/nss/lib/pk11wrap/pk11modu.c index 22c7a40feadc..ce6182392aa9 100644 --- a/security/nss/lib/pk11wrap/pk11modu.c +++ b/security/nss/lib/pk11wrap/pk11modu.c @@ -81,6 +81,14 @@ SECMODModule *SECMOD_NewModule(void) { newMod->refCount = 1; newMod->ssl[0] = 0; newMod->ssl[1] = 0; + newMod->libraryParams = NULL; + newMod->moduleDBFunc = NULL; + newMod->parent = NULL; + newMod->isCritical = PR_FALSE; + newMod->isModuleDB = PR_FALSE; + newMod->moduleDBOnly = PR_FALSE; + newMod->trustOrder = 0; + newMod->cipherOrder = 0; #ifdef PKCS11_USE_THREADS newMod->refLock = (void *)PZ_NewLock(nssILockRefLock); if (newMod->refLock == NULL) { diff --git a/security/nss/lib/pk11wrap/pk11pars.c b/security/nss/lib/pk11wrap/pk11pars.c index c885174f7be1..3e2bc3508ae5 100644 --- a/security/nss/lib/pk11wrap/pk11pars.c +++ b/security/nss/lib/pk11wrap/pk11pars.c @@ -83,6 +83,67 @@ pk11_CreateModule(char *library, char *moduleName, char *parameters, char *nss) return mod; } + +static char * +pk11_mkModuleSpec(SECMODModule * module) +{ + char *nss = NULL, *modSpec = NULL, **slotStrings = NULL; + int slotCount, i, si; + + /* allocate target slot info strings */ + slotCount = 0; + if (module->slotCount) { + for (i=0; i < module->slotCount; i++) { + if (module->slots[i]->defaultFlags !=0) { + slotCount++; + } + } + } else { + slotCount = module->slotInfoCount; + } + + slotStrings = (char **)PORT_ZAlloc(slotCount*sizeof(char *)); + if (slotStrings == NULL) { + goto loser; + } + + + /* build the slot info strings */ + if (module->slotCount) { + for (i=0, si= 0; i < module->slotCount; i++) { + if (module->slots[i]->defaultFlags) { + PORT_Assert(si < slotCount); + if (si >= slotCount) break; + slotStrings[si] = pk11_mkSlotString(module->slots[i]->slotID, + module->slots[i]->defaultFlags, + module->slots[i]->timeout, + module->slots[i]->askpw, + module->slots[i]->hasRootCerts, + module->slots[i]->hasRootTrust); + si++; + } + } + } else { + for (i=0; i < slotCount; i++) { + slotStrings[i] = pk11_mkSlotString(module->slotInfo[i].slotID, + module->slotInfo[i].defaultFlags, + module->slotInfo[i].timeout, + module->slotInfo[i].askpw, + module->slotInfo[i].hasRootCerts, + module->slotInfo[i].hasRootTrust); + } + } + + nss = pk11_mkNSS(slotStrings,slotCount,module->internal, module->isFIPS, + module->isModuleDB, module->moduleDBOnly, module->isCritical, + module->trustOrder,module->cipherOrder,module->ssl[0],module->ssl[1]); + modSpec= pk11_mkNewModuleSpec(module->dllName,module->commonName, + module->libraryParams,nss); + PORT_Free(slotStrings); + PR_smprintf_free(nss); +loser: + return (modSpec); +} char ** @@ -96,6 +157,43 @@ pk11_getModuleSpecList(SECMODModule *module) return NULL; } +SECStatus +pk11_AddPermDB(SECMODModule *module) +{ + SECMODModuleDBFunc func; + char *moduleSpec; + char **retString; + + if (module->parent == NULL) return SECFailure; + + func = (SECMODModuleDBFunc) module->parent->moduleDBFunc; + if (func) { + moduleSpec = pk11_mkModuleSpec(module); + retString = (*func)(SECMOD_MODULE_DB_FUNCTION_ADD, + module->parent->libraryParams,moduleSpec); + PORT_Free(moduleSpec); + if (retString != NULL) return SECSuccess; + } + return SECFailure; +} + +SECStatus +pk11_DeletePermDB(SECMODModule *module) +{ + SECMODModuleDBFunc func; + char **retString; + + if (module->parent == NULL) return SECFailure; + + func = (SECMODModuleDBFunc) module->parent->moduleDBFunc; + if (func) { + retString = (*func)(SECMOD_MODULE_DB_FUNCTION_DEL, + module->parent->libraryParams,module->commonName); + if (retString != NULL) return SECSuccess; + } + return SECFailure; +} + pk11_freeModuleSpecList(char **moduleSpecList) { char ** index; diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index 595bf4065dfb..535ca627ef9d 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -741,7 +741,7 @@ PK11_HandlePasswordCheck(PK11SlotInfo *slot,void *wincx) void PK11_SlotDBUpdate(PK11SlotInfo *slot) { - SECMOD_AddPermDB(slot->module); + pk11_AddPermDB(slot->module); } /* diff --git a/security/nss/lib/pk11wrap/pk11util.c b/security/nss/lib/pk11wrap/pk11util.c index 25185ff889f4..61f1cfbb2c96 100644 --- a/security/nss/lib/pk11wrap/pk11util.c +++ b/security/nss/lib/pk11wrap/pk11util.c @@ -44,6 +44,7 @@ static SECMODModuleList *modules = NULL; static SECMODModuleList *modulesDB = NULL; static SECMODModule *internalModule = NULL; +static SECMODModule *defaultDBModule = NULL; static SECMODListLock *moduleLock = NULL; extern SECStatus @@ -242,6 +243,9 @@ SECMOD_AddModuleToList(SECMODModule *newModule) { SECStatus SECMOD_AddModuleToDBOnlyList(SECMODModule *newModule) { + if (defaultDBModule == NULL) { + defaultDBModule = SECMOD_ReferenceModule(newModule); + } return secmod_AddModuleToList(&modulesDB,newModule); } @@ -351,7 +355,7 @@ SECMOD_DeleteModule(char *name, int *type) { if (rv == SECSuccess) { - SECMOD_DeletePermDB(mlp->module); + pk11_DeletePermDB(mlp->module); SECMOD_DestroyModuleListElement(mlp); } return rv; @@ -406,6 +410,8 @@ SECMOD_DeleteInternalModule(char *name) { SECMOD_ReleaseWriteLock(moduleLock); return SECFailure; } + newModule->libraryParams = + PORT_ArenaStrdup(mlp->module->arena,mlp->module->libraryParams); oldModule = internalModule; internalModule = SECMOD_ReferenceModule(newModule); SECMOD_AddModule(internalModule); @@ -436,7 +442,11 @@ SECMOD_AddModule(SECMODModule *newModule) { return rv; } - SECMOD_AddPermDB(newModule); + if (newModule->parent == NULL) { + newModule->parent = SECMOD_ReferenceModule(defaultDBModule); + } + + pk11_AddPermDB(newModule); SECMOD_AddModuleToList(newModule); return SECSuccess; @@ -538,10 +548,10 @@ SECStatus SECMOD_AddNewModule(char* moduleName, char* dllPath, } /* for each slot of this module */ /* delete and re-add module in order to save changes to the module */ - result = SECMOD_DeletePermDB(module); + result = pk11_DeletePermDB(module); if (result == SECSuccess) { - result = SECMOD_AddPermDB(module); + result = pk11_AddPermDB(module); if (result == SECSuccess) { return SECSuccess; } diff --git a/security/nss/lib/pk11wrap/secmodti.h b/security/nss/lib/pk11wrap/secmodti.h index 43d95c7509dd..622ae83626a9 100644 --- a/security/nss/lib/pk11wrap/secmodti.h +++ b/security/nss/lib/pk11wrap/secmodti.h @@ -117,6 +117,7 @@ struct PK11SlotInfoStr { char slot_name[65]; char token_name[33]; PRBool hasRootCerts; + PRBool hasRootTrust; PRBool hasRSAInfo; CK_FLAGS RSAInfoFlags; }; @@ -131,6 +132,7 @@ struct PK11PreSlotInfoStr { int askpw; /* slot specific password bits */ long timeout; /* slot specific timeout value */ char hasRootCerts; /* is this the root cert PKCS #11 module? */ + char hasRootTrust; /* is this the root cert PKCS #11 module? */ }; /* Symetric Key structure. Reference Counted */ diff --git a/security/nss/lib/softoken/pk11db.c b/security/nss/lib/softoken/pk11db.c index b468a4b6ab0d..23ce2b783987 100644 --- a/security/nss/lib/softoken/pk11db.c +++ b/security/nss/lib/softoken/pk11db.c @@ -181,11 +181,12 @@ struct secmodDataStr { unsigned char ssl[8]; unsigned char trustOrder[4]; unsigned char cipherOrder[4]; - unsigned char hasParameters; + unsigned char reserved1; unsigned char isModuleDB; unsigned char isModuleDBOnly; - unsigned char reserved; - unsigned char names[4]; /* enough space for the length fields */ + unsigned char isCritical; + unsigned char reserved[4]; + unsigned char names[6]; /* enough space for the length fields */ }; struct secmodSlotDataStr { @@ -220,94 +221,134 @@ struct secmodSlotDataStr { ( (unsigned long) (src)[2] << 8) | \ (unsigned long) (src)[3])) -#ifdef notdef /* * build a data base entry from a module */ -static SECStatus secmod_EncodeData(DBT *data, SECMODModule * module) { - secmodData *encoded; +static SECStatus secmod_EncodeData(DBT *data, char * module) { + secmodData *encoded = NULL; secmodSlotData *slot; unsigned char *dataPtr; - unsigned short len, len2 = 0,count = 0; + unsigned short len, len2 = 0, len3 = 0; + int count = 0; unsigned short offset; int dataLen, i, si; + unsigned long order; + unsigned long ssl[2]; + char *commonName = NULL , *dllName = NULL, *param = NULL, *nss = NULL; + char *slotParams, *ciphers; + PK11PreSlotInfo *slotInfo = NULL; + SECStatus rv = SECFailure; - len = PORT_Strlen(module->commonName); - if (module->dllName) { - len2 = PORT_Strlen(module->dllName); + rv = pk11_argParseModuleSpec(module,&dllName,&commonName,¶m,&nss); + if (rv != SECSuccess) return rv; + rv = SECFailure; + + if (commonName == NULL) { + /* set error */ + goto loser; } - if (module->slotCount != 0) { - for (i=0; i < module->slotCount; i++) { - if (module->slots[i]->defaultFlags != 0) { - count++; - } - } - } else { - count = module->slotInfoCount; + + len = PORT_Strlen(commonName); + if (dllName) { + len2 = PORT_Strlen(dllName); } - dataLen = sizeof(secmodData) + len + len2 + 2 + + if (param) { + len3 = PORT_Strlen(param); + } + + slotParams = pk11_argGetParamValue("slotParams",nss); + slotInfo = pk11_argParseSlotInfo(NULL,slotParams,&count); + if (slotParams) PORT_Free(slotParams); + + if (count && slotInfo == NULL) { + /* set error */ + goto loser; + } + + dataLen = sizeof(secmodData) + len + len2 + len3 + count*sizeof(secmodSlotData); - data->data = (unsigned char *) - PORT_Alloc(dataLen); + data->data = (unsigned char *) PORT_ZAlloc(dataLen); encoded = (secmodData *)data->data; dataPtr = (unsigned char *) data->data; data->size = dataLen; - if (encoded == NULL) return SECFailure; + if (encoded == NULL) { + /* set error */ + goto loser; + } encoded->major = SECMOD_DB_VERSION_MAJOR; encoded->minor = SECMOD_DB_VERSION_MINOR; - encoded->internal = (unsigned char) (module->internal ? 1 : 0); - encoded->fips = (unsigned char) (module->isFIPS ? 1 : 0); - SECMOD_PUTLONG(encoded->ssl,module->ssl[0]); - SECMOD_PUTLONG(&encoded->ssl[4],module->ssl[1]); + encoded->internal = (unsigned char) + (pk11_argHasFlag("flags","internal",nss) ? 1 : 0); + encoded->fips = (unsigned char) + (pk11_argHasFlag("flags","FIPS",nss) ? 1 : 0); + encoded->isModuleDB = (unsigned char) + (pk11_argHasFlag("flags","isModuleDB",nss) ? 1 : 0); + encoded->isModuleDBOnly = (unsigned char) + (pk11_argHasFlag("flags","isModuleDBOnly",nss) ? 1 : 0); + encoded->isCritical = (unsigned char) + (pk11_argHasFlag("flags","isCritical",nss) ? 1 : 0); + + order = pk11_argReadLong("trustOrder",nss); + SECMOD_PUTLONG(encoded->trustOrder,order); + order = pk11_argReadLong("cipherOrder",nss); + SECMOD_PUTLONG(encoded->cipherOrder,order); + + + ciphers = pk11_argGetParamValue("ciphers",nss); + pk11_argSetNewCipherFlags(&ssl[0], ciphers); + SECMOD_PUTLONG(encoded->ssl,ssl[0]); + SECMOD_PUTLONG(&encoded->ssl[4],ssl[1]); offset = (unsigned long) &(((secmodData *)0)->names[0]); SECMOD_PUTSHORT(encoded->nameStart,offset); - offset = offset +len + len2 + 4; + offset = offset + len + len2 + len3 + 3*sizeof(unsigned short); SECMOD_PUTSHORT(encoded->slotOffset,offset); - SECMOD_PUTSHORT(&dataPtr[offset],count); - slot = (secmodSlotData *)(dataPtr+offset+2); + SECMOD_PUTSHORT(&dataPtr[offset],((unsigned short)count)); + slot = (secmodSlotData *)(dataPtr+offset+sizeof(unsigned short)); + offset = 0; SECMOD_PUTSHORT(encoded->names,len); - PORT_Memcpy(&encoded->names[2],module->commonName,len); + offset += sizeof(unsigned short); + PORT_Memcpy(&encoded->names[offset],commonName,len); + offset += len; - SECMOD_PUTSHORT(&encoded->names[len+2],len2); - if (len2) PORT_Memcpy(&encoded->names[len+4],module->dllName,len2); + SECMOD_PUTSHORT(&encoded->names[offset],len2); + offset += sizeof(unsigned short); + if (len2) PORT_Memcpy(&encoded->names[offset],dllName,len2); + offset += len2; - if (module->slotCount) { - for (i=0,si=0; i < module->slotCount; i++) { - if (module->slots[i]->defaultFlags) { - SECMOD_PUTLONG(slot[si].slotID, module->slots[i]->slotID); - SECMOD_PUTLONG(slot[si].defaultFlags, - module->slots[i]->defaultFlags); - SECMOD_PUTLONG(slot[si].timeout,module->slots[i]->timeout); - slot[si].askpw = module->slots[i]->askpw; - slot[si].hasRootCerts = module->slots[i]->hasRootCerts; - PORT_Memset(slot[si].reserved, 0, sizeof(slot[si].reserved)); - si++; - } - } - } else { - for (i=0; i < module->slotInfoCount; i++) { - SECMOD_PUTLONG(slot[i].slotID, module->slotInfo[i].slotID); + SECMOD_PUTSHORT(&encoded->names[offset],len3); + offset += sizeof(unsigned short); + if (len3) PORT_Memcpy(&encoded->names[offset],param,len3); + offset += len3; + + if (count) { + for (i=0; i < count; i++) { + SECMOD_PUTLONG(slot[i].slotID, slotInfo[i].slotID); SECMOD_PUTLONG(slot[i].defaultFlags, - module->slotInfo[i].defaultFlags); - SECMOD_PUTLONG(slot[i].timeout,module->slotInfo[i].timeout); - slot[i].askpw = module->slotInfo[i].askpw; - slot[i].hasRootCerts = module->slotInfo[i].hasRootCerts; + slotInfo[i].defaultFlags); + SECMOD_PUTLONG(slot[i].timeout,slotInfo[i].timeout); + slot[i].askpw = slotInfo[i].askpw; + slot[i].hasRootCerts = slotInfo[i].hasRootCerts; PORT_Memset(slot[i].reserved, 0, sizeof(slot[i].reserved)); } } + rv = SECSuccess; - return SECSuccess; +loser: + if (commonName) PORT_Free(commonName); + if (dllName) PORT_Free(dllName); + if (param) PORT_Free(param); + if (slotInfo) PORT_Free(slotInfo); + return rv; } -#endif static void secmod_FreeData(DBT *data) @@ -337,13 +378,13 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal) unsigned short offset; PRBool isOldVersion = PR_FALSE; PRBool internal, isFIPS, isModuleDB=PR_FALSE, isModuleDBOnly=PR_FALSE; - PRBool hasParameters=PR_FALSE,extended=PR_FALSE; + PRBool extended=PR_FALSE; PRBool hasRootCerts=PR_FALSE,hasRootTrust=PR_FALSE; unsigned long trustOrder=0, cipherOrder=0; unsigned long ssl0=0, ssl1=0; - char **slotInfo = NULL; + char **slotStrings = NULL; unsigned long slotID,defaultFlags,timeout; - char *askpw,*flags,*rootFlags,*slotStrings,*nssFlags,*ciphers,*nss,*params; + char *nss,*moduleSpec; int i,slotLen; PLArenaPool *arena; @@ -371,7 +412,6 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal) (encoded->minor >= SECMOD_DB_EXT1_VERSION_MINOR)) { trustOrder = SECMOD_GETLONG(encoded->trustOrder); cipherOrder = SECMOD_GETLONG(encoded->cipherOrder); - hasParameters = (encoded->hasParameters != 0) ? PR_TRUE: PR_FALSE; isModuleDB = (encoded->isModuleDB != 0) ? PR_TRUE: PR_FALSE; isModuleDBOnly = (encoded->isModuleDBOnly != 0) ? PR_TRUE: PR_FALSE; extended = PR_TRUE; @@ -398,16 +438,18 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal) PORT_Memcpy(dllName,&names[2],len); dllName[len] = 0; } - if (!internal && hasParameters) { + if (!internal && extended) { names += len+2; len = SECMOD_GETSHORT(names); - parameters = (char*)PORT_ArenaAlloc(arena,len + 1); - if (parameters == NULL) { - PORT_FreeArena(arena,PR_TRUE); - return NULL; + if (len) { + parameters = (char*)PORT_ArenaAlloc(arena,len + 1); + if (parameters == NULL) { + PORT_FreeArena(arena,PR_TRUE); + return NULL; + } + PORT_Memcpy(parameters,&names[2],len); + parameters[len] = 0; } - PORT_Memcpy(parameters,&names[2],len); - parameters[len] = 0; } if (internal) { parameters = PORT_ArenaStrdup(arena,defParams); @@ -418,7 +460,7 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal) ssl1 = SECMOD_GETLONG(&encoded->ssl[4]); /* slotCount; */ - slotInfo = (char **)PORT_ArenaAlloc(arena, slotCount * sizeof(char *)); + slotStrings = (char **)PORT_ArenaAlloc(arena, slotCount * sizeof(char *)); for (i=0; i < (int) slotCount; i++) { slotID = SECMOD_GETLONG(slots[i].slotID); defaultFlags = SECMOD_GETLONG(slots[i].defaultFlags); @@ -426,64 +468,22 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal) defaultFlags |= internalFlags; } timeout = SECMOD_GETLONG(slots[i].timeout); - switch (slots[i].askpw) { - case 0xff: - askpw = "every"; - break; - case 1: - askpw = "timeout"; - break; - default: - askpw = "any"; - break; - } hasRootCerts = slots[i].hasRootCerts; if (hasRootCerts && !extended) { trustOrder = 20; } - flags = pk11_makeSlotFlags(arena,defaultFlags); - rootFlags = pk11_makeRootFlags(arena,hasRootCerts,hasRootTrust); - slotInfo[i] = PR_smprintf("0x%08x=[slotFlags=%s askpw=%s timeout=%d rootFlags=%s]",slotID,flags,askpw,timeout,rootFlags); + + slotStrings[i] = pk11_mkSlotString(slotID,defaultFlags, + timeout,slots[i].askpw,hasRootCerts,hasRootTrust); } - /* now let's build up the string - * first the slot infos - */ - slotLen=0; - for (i=0; i < (int)slotCount; i++) { - slotLen += strlen(slotInfo[i])+1; - } - - slotStrings = (char *)PORT_ArenaAlloc(arena,slotLen); - PORT_Memset(slotStrings,0,slotLen); - for (i=0; i < (int)slotCount; i++) { - PORT_Strcat(slotStrings,slotInfo[i]); - PORT_Strcat(slotStrings," "); - PR_smprintf_free(slotInfo[i]); - slotInfo[i]=NULL; - } - - /* - * now the NSS structure - */ - nssFlags = pk11_makeNSSFlags(arena,internal,isFIPS,isModuleDB, - isModuleDBOnly,internal); - /* for now only the internal module is critical */ - ciphers = pk11_makeCipherFlags(arena, ssl0, ssl1); - nss = PR_smprintf("NSS=\"trustOrder=%d cipherOrder=%d Flags='%s' slotParams={%s} ciphers='%s'\"",trustOrder,cipherOrder,nssFlags,slotStrings,ciphers); - - /* - * now the final spec - */ - if (hasParameters) { - params = PR_smprintf("library=\"%s\" name=\"%s\" parameters=\"%s\" NSS=\"%s\"",dllName,commonName,parameters,nss); - } else { - params = PR_smprintf("library=\"%s\" name=\"%s\" NSS=\"%s\"",dllName,commonName,nss); - } + nss = pk11_mkNSS(slotStrings, slotCount, internal, isFIPS, isModuleDB, + isModuleDBOnly, internal, trustOrder, cipherOrder, ssl0, ssl1); + moduleSpec = pk11_mkNewModuleSpec(dllName,commonName,parameters,nss); PR_smprintf_free(nss); PORT_FreeArena(arena,PR_TRUE); - return (params); + return (moduleSpec); } @@ -614,7 +614,6 @@ SECMOD_AddPermDB(char *dbname, char *module, PRBool rw) { int ret; -#ifdef notdef if (!rw) return SECFailure; /* make sure we have a db handle */ @@ -641,6 +640,5 @@ SECMOD_AddPermDB(char *dbname, char *module, PRBool rw) { done: secmod_CloseDB(pkcs11db); -#endif return rv; } diff --git a/security/nss/lib/softoken/pk11pars.h b/security/nss/lib/softoken/pk11pars.h index 35618cb64f2a..1d7d1efc5c99 100644 --- a/security/nss/lib/softoken/pk11pars.h +++ b/security/nss/lib/softoken/pk11pars.h @@ -472,8 +472,13 @@ pk11_argParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount) } /* get the data structures */ - slotInfo = - (PK11PreSlotInfo *) PORT_ArenaAlloc(arena,count*sizeof(PK11PreSlotInfo)); + if (arena) { + slotInfo = (PK11PreSlotInfo *) + PORT_ArenaAlloc(arena,count*sizeof(PK11PreSlotInfo)); + } else { + slotInfo = (PK11PreSlotInfo *) + PORT_ZAlloc(count*sizeof(PK11PreSlotInfo)); + } if (slotInfo == NULL) return NULL; for (slotIndex = slotParams, i = 0; *slotIndex && i < count ; i++) { @@ -497,12 +502,12 @@ pk11_argParseSlotInfo(PRArenaPool *arena, char *slotParams, int *retCount) } #define MAX_FLAG_SIZE sizeof("internal")+sizeof("FIPS")+sizeof("moduleDB")+\ - sizeof("moduleDBOnly") + sizeof("moduleDBOnly")+sizeof(isCritical) static char * -pk11_makeNSSFlags(PLArenaPool *arena,PRBool internal, PRBool isFIPS, +pk11_mkNSSFlags(PRBool internal, PRBool isFIPS, PRBool isModuleDB, PRBool isModuleDBOnly, PRBool isCritical) { - char *flags = (char *)PORT_ArenaAlloc(arena,MAX_FLAG_SIZE); + char *flags = (char *)PORT_ZAlloc(MAX_FLAG_SIZE); PRBool first = PR_TRUE; PORT_Memset(flags,0,MAX_FLAG_SIZE); @@ -534,8 +539,7 @@ pk11_makeNSSFlags(PLArenaPool *arena,PRBool internal, PRBool isFIPS, } static char * -pk11_makeCipherFlags(PLArenaPool *arena, unsigned long ssl0, - unsigned long ssl1) +pk11_makeCipherFlags(unsigned long ssl0, unsigned long ssl1) { char *cipher = NULL; char *ret = NULL; @@ -574,14 +578,11 @@ pk11_makeCipherFlags(PLArenaPool *arena, unsigned long ssl0, } if (cipher == NULL) cipher = PR_smprintf(""); - ret = PORT_ArenaStrdup(arena,cipher); - PR_smprintf_free(cipher); - - return ret; + return cipher; } static char * -pk11_makeSlotFlags(PLArenaPool *arena, unsigned long defaultFlags) +pk11_makeSlotFlags(unsigned long defaultFlags) { char *flags=NULL; char *ret=NULL; @@ -602,8 +603,7 @@ pk11_makeSlotFlags(PLArenaPool *arena, unsigned long defaultFlags) char *tmp; tmp = PR_smprintf("%s,%s",flags,string); PR_smprintf_free(flags); - PR_smprintf_free(string); - tmp = flags; + flags = tmp; } else { flags = PR_smprintf("%s",string); } @@ -612,19 +612,16 @@ pk11_makeSlotFlags(PLArenaPool *arena, unsigned long defaultFlags) } if (flags == NULL) flags = PR_smprintf(""); - ret = PORT_ArenaStrdup(arena,flags); - PR_smprintf_free(flags); - return ret; + return flags; } #define PK11_MAX_ROOT_FLAG_SIZE sizeof("hasRootCerts")+sizeof("hasRootTrust") static char * -pk11_makeRootFlags(PLArenaPool *arena, PRBool hasRootCerts, - PRBool hasRootTrust) +pk11_makeRootFlags(PRBool hasRootCerts, PRBool hasRootTrust) { - char *flags= (char *)PORT_ArenaAlloc(arena,PK11_MAX_ROOT_FLAG_SIZE); + char *flags= (char *)PORT_ZAlloc(PK11_MAX_ROOT_FLAG_SIZE); PRBool first = PR_TRUE; PORT_Memset(flags,0,PK11_MAX_ROOT_FLAG_SIZE); @@ -640,3 +637,85 @@ pk11_makeRootFlags(PLArenaPool *arena, PRBool hasRootCerts, return flags; } +static char * +pk11_mkSlotString(unsigned long slotID, unsigned long defaultFlags, + unsigned long timeout, unsigned char askpw_in, + unsigned char hasRootCerts, unsigned char hasRootTrust) { + char *askpw,*flags,*rootFlags,*slotString; + + switch (askpw_in) { + case 0xff: + askpw = "every"; + break; + case 1: + askpw = "timeout"; + break; + default: + askpw = "any"; + break; + } + flags = pk11_makeSlotFlags(defaultFlags); + rootFlags = pk11_makeRootFlags(hasRootCerts,hasRootTrust); + slotString = PR_smprintf("0x%08x=[slotFlags=%s askpw=%s timeout=%d rootFlags=%s]",slotID,flags,askpw,timeout,rootFlags); + PORT_Free(flags); + PORT_Free(rootFlags); + return slotString; +} + +char * +pk11_mkNSS(char **slotStrings, int slotCount, PRBool internal, PRBool isFIPS, + PRBool isModuleDB, PRBool isModuleDBOnly, PRBool isCritical, + unsigned long trustOrder, unsigned long cipherOrder, + unsigned long ssl0, unsigned long ssl1) { + int slotLen, i; + char *slotParams, *ciphers, *nss, *nssFlags; + + /* now let's build up the string + * first the slot infos + */ + slotLen=0; + for (i=0; i < (int)slotCount; i++) { + slotLen += PORT_Strlen(slotStrings[i])+1; + } + slotLen += 1; /* space for the final NULL */ + + slotParams = (char *)PORT_ZAlloc(slotLen); + PORT_Memset(slotParams,0,slotLen); + for (i=0; i < (int)slotCount; i++) { + PORT_Strcat(slotParams,slotStrings[i]); + PORT_Strcat(slotParams," "); + PR_smprintf_free(slotStrings[i]); + slotStrings[i]=NULL; + } + + /* + * now the NSS structure + */ + nssFlags = pk11_mkNSSFlags(internal,isFIPS,isModuleDB,isModuleDBOnly, + isCritical); + /* for now only the internal module is critical */ + ciphers = pk11_makeCipherFlags(ssl0, ssl1); + nss = PR_smprintf("trustOrder=%d cipherOrder=%d Flags='%s' slotParams={%s} ciphers='%s'",trustOrder,cipherOrder,nssFlags,slotParams,ciphers); + PORT_Free(nssFlags); + PR_smprintf_free(ciphers); + + return nss; +} +char * +pk11_mkNewModuleSpec(char *dllName, char *commonName, char *parameters, + char *nss) { + char *moduleSpec; + + if (dllName == NULL) dllName=""; + if (nss == NULL) nss=""; + /* + * now the final spec + */ + if (parameters) { + moduleSpec = PR_smprintf("library=\"%s\" name=\"%s\" parameters=\"%s\" NSS=\"%s\"",dllName,commonName,parameters,nss); + } else { + moduleSpec = PR_smprintf("library=\"%s\" name=\"%s\" NSS=\"%s\"",dllName,commonName,nss); + } + return (moduleSpec); +} + diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 4dc4cb6cf0fb..c7b9d725af32 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -2485,10 +2485,10 @@ NSC_ModuleDBFunc(unsigned long function,char *parameters, char *args) return SECMOD_ReadPermDB(secmod,parameters,rw); case SECMOD_MODULE_DB_FUNCTION_ADD: return (SECMOD_AddPermDB(secmod,args,rw) == SECSuccess) - ? &success: &fail; + ? &success: NULL; case SECMOD_MODULE_DB_FUNCTION_DEL: return (SECMOD_DeletePermDB(secmod,args,rw) == SECSuccess) - ? &success: &fail; + ? &success: NULL; } return NULL; }