entd: Restart on token init failure

base_policy/policy-utils.js

 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 /**
  * Check the validity of the policy extension manifest.
  *
  * This function is invoked by entd before the policy is loaded in order to
  * check the validity of the extension manifest.  If this function returns
  * false, entd exits and does not restart until the next user logs in.
@@ skipping 372 matching lines @@
   return true;
 }
 
 /**
  * Check if a PKCS11 token appears to be ready for use.
  *
  * This method returns true if the given token has been initialized, both
  * PINs have been set, and neither PIN is locked.
  */
 Policy.prototype.checkToken =
-function initToken(token) {
+function checkToken(token) {
   token.refresh();
   return ((token.flags & Token.CKF_TOKEN_INITIALIZED) &&
           (token.flags & Token.CKF_USER_PIN_INITIALIZED) &&
           !(token.flags & (Token.CKF_SO_PIN_TO_BE_CHANGED ||
                            Token.CKF_USER_PIN_TO_BE_CHANGED ||
                            Token.CKF_SO_PIN_LOCKED ||
                            Token.CKF_USER_PIN_LOCKED)));
 }
 
 /**
  * Initialize a PKCS11 token.
  *
  * This performs *only* the token initialization.  Callers must also reset
  * the SO and User PINs before the token is usable.
  *
  * @param {entd.Pkcs11.Token} token The token to initialize.
  * @param {string} tokenLabel Optional.  The label to assign to the new token.
  */
 Policy.prototype.initToken =
 function initToken(token, tokenLabel) {
   if (!tokenLabel)
     tokenLabel = "Initialized by CrOS";
 
   this.start(token, 'init',
              'Initializing token: ' + tokenLabel);
 
   var sopin;
 
   token.refresh();
+
   if (token.flags & Token.CKF_SO_PIN_TO_BE_CHANGED) {
     // If the SO pin hasn't been initialized yet, then it's the one
     // assigned by opencryptoki.
     sopin = Token.DEFAULT_SO_PIN;
   } else {
     // Otherwise, it *should be* the one we assigned when we initialized it.
     sopin = Policy.PKCS11_SO_PIN;
   }
 
   try {
@@ skipping 736 matching lines @@
     userType = Session.CKU_SO;
   } else {
     return Policy.CallbackError('Invalid userType: ' + arg.userType);
   }
 
   var policy = this.policy;
   entd.setTimeout(function () {
       policy.setTokenPin(token, userType, arg.oldPin, arg.newPin);
     }, 1);
 
-  return Policy.CallbackSuccess('Resetting user pin');
+  return Policy.CallbackSuccess('Resetting so pin');
 }
 
 /**
  * Initialize a PKCS11 token.
  *
  * @param {Object} arg An object with the following properties:
  *  - 'slotId' An integer representing the slot that contains the target token.
  *
  * Initializing a PKCS11 token is an asynchronous operation.  While the
  * initialization is in progress the token state will be 'start:init'.  If the
@@ skipping 217 matching lines @@
   var cert = this.policy.certificates[util.toKey(arg.certificateId)];
   if (!cert)
     return Policy.CallbackError('Unknown certificate: ' + arg.certificateId);
 
   cert.onInstall_(/* firstInstall: */ true);
 
   return Policy.CallbackSuccess(cert.info('Installing certificate: ' +
                                           cert.label));
 }
 
+Policy.Callbacks.prototype['cb:restart'] =
+function cb_restart(arg) {
+  entd.syslog.info("Restarting by client request.");
+  // Exit code two means we haven't errored, but would like to be restarted.
+  entd.scheduleShutdown(2);
+  return Policy.CallbackSuccess('Restarting');
+}
+
 /**
  * Return an object indicating that a callback succeeded.
  */
 Policy.CallbackSuccess =
 function CallbackSuccess(data) {
   return { status: 'success', data: data };
 };
 
 /**
  * Return an object indicating that a callback encountered an error.
@@ skipping 280 matching lines @@
   return str;
 }
 
 /**
  * Detect a raw string.
  */
 util.isRawString =
 function isRawString(str) {
   return str instanceof String && str.isRaw_ == true;
 }