OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 /* | 4 /* |
5 * Deal with PKCS #11 Slots. | 5 * Deal with PKCS #11 Slots. |
6 */ | 6 */ |
7 #include "seccomon.h" | 7 #include "seccomon.h" |
8 #include "secmod.h" | 8 #include "secmod.h" |
9 #include "nssilock.h" | 9 #include "nssilock.h" |
10 #include "secmodi.h" | 10 #include "secmodi.h" |
(...skipping 382 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
393 slot->cert_count = 0; | 393 slot->cert_count = 0; |
394 slot->slot_name[0] = 0; | 394 slot->slot_name[0] = 0; |
395 slot->token_name[0] = 0; | 395 slot->token_name[0] = 0; |
396 PORT_Memset(slot->serial,' ',sizeof(slot->serial)); | 396 PORT_Memset(slot->serial,' ',sizeof(slot->serial)); |
397 slot->module = NULL; | 397 slot->module = NULL; |
398 slot->authTransact = 0; | 398 slot->authTransact = 0; |
399 slot->authTime = LL_ZERO; | 399 slot->authTime = LL_ZERO; |
400 slot->minPassword = 0; | 400 slot->minPassword = 0; |
401 slot->maxPassword = 0; | 401 slot->maxPassword = 0; |
402 slot->hasRootCerts = PR_FALSE; | 402 slot->hasRootCerts = PR_FALSE; |
| 403 slot->hasRootTrust = PR_FALSE; |
403 slot->nssToken = NULL; | 404 slot->nssToken = NULL; |
404 return slot; | 405 return slot; |
405 } | 406 } |
406 | 407 |
407 /* create a new reference to a slot so it doesn't go away */ | 408 /* create a new reference to a slot so it doesn't go away */ |
408 PK11SlotInfo * | 409 PK11SlotInfo * |
409 PK11_ReferenceSlot(PK11SlotInfo *slot) | 410 PK11_ReferenceSlot(PK11SlotInfo *slot) |
410 { | 411 { |
411 PR_ATOMIC_INCREMENT(&slot->refCount); | 412 PR_ATOMIC_INCREMENT(&slot->refCount); |
412 return slot; | 413 return slot; |
(...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
548 if ((!dllName) || (mlp->module->dllName && | 549 if ((!dllName) || (mlp->module->dllName && |
549 (0 == PORT_Strcmp(mlp->module->dllName, dllName)))) { | 550 (0 == PORT_Strcmp(mlp->module->dllName, dllName)))) { |
550 for (i=0; i < mlp->module->slotCount; i++) { | 551 for (i=0; i < mlp->module->slotCount; i++) { |
551 PK11SlotInfo *tmpSlot = (mlp->module->slots?mlp->module->slots[i
]:NULL); | 552 PK11SlotInfo *tmpSlot = (mlp->module->slots?mlp->module->slots[i
]:NULL); |
552 PORT_Assert(tmpSlot); | 553 PORT_Assert(tmpSlot); |
553 if (!tmpSlot) { | 554 if (!tmpSlot) { |
554 rv = SECFailure; | 555 rv = SECFailure; |
555 break; | 556 break; |
556 } | 557 } |
557 if ((PR_FALSE == presentOnly || PK11_IsPresent(tmpSlot)) && | 558 if ((PR_FALSE == presentOnly || PK11_IsPresent(tmpSlot)) && |
558 ( (!tokenName) || (tmpSlot->token_name && | 559 ( (!tokenName) || |
559 (0==PORT_Strcmp(tmpSlot->token_name, tokenName)))) && | 560 (0==PORT_Strcmp(tmpSlot->token_name, tokenName)) ) && |
560 ( (!slotName) || (tmpSlot->slot_name && | 561 ( (!slotName) || |
561 (0==PORT_Strcmp(tmpSlot->slot_name, slotName)))) ) { | 562 (0==PORT_Strcmp(tmpSlot->slot_name, slotName)) ) ) { |
562 if (tmpSlot) { | 563 if (tmpSlot) { |
563 PK11_AddSlotToList(slotList, tmpSlot, PR_TRUE); | 564 PK11_AddSlotToList(slotList, tmpSlot, PR_TRUE); |
564 slotcount++; | 565 slotcount++; |
565 } | 566 } |
566 } | 567 } |
567 } | 568 } |
568 } | 569 } |
569 } | 570 } |
570 SECMOD_ReleaseReadLock(moduleLock); | 571 SECMOD_ReleaseReadLock(moduleLock); |
571 | 572 |
(...skipping 526 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1098 * initialize a new token | 1099 * initialize a new token |
1099 * unlike initialize slot, this can be called multiple times in the lifetime | 1100 * unlike initialize slot, this can be called multiple times in the lifetime |
1100 * of NSS. It reads the information associated with a card or token, | 1101 * of NSS. It reads the information associated with a card or token, |
1101 * that is not going to change unless the card or token changes. | 1102 * that is not going to change unless the card or token changes. |
1102 */ | 1103 */ |
1103 SECStatus | 1104 SECStatus |
1104 PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts) | 1105 PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts) |
1105 { | 1106 { |
1106 CK_TOKEN_INFO tokenInfo; | 1107 CK_TOKEN_INFO tokenInfo; |
1107 CK_RV crv; | 1108 CK_RV crv; |
1108 char *tmp; | |
1109 SECStatus rv; | 1109 SECStatus rv; |
1110 PRStatus status; | 1110 PRStatus status; |
1111 | 1111 |
1112 /* set the slot flags to the current token values */ | 1112 /* set the slot flags to the current token values */ |
1113 if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot); | 1113 if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot); |
1114 crv = PK11_GETTAB(slot)->C_GetTokenInfo(slot->slotID,&tokenInfo); | 1114 crv = PK11_GETTAB(slot)->C_GetTokenInfo(slot->slotID,&tokenInfo); |
1115 if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot); | 1115 if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot); |
1116 if (crv != CKR_OK) { | 1116 if (crv != CKR_OK) { |
1117 PORT_SetError(PK11_MapError(crv)); | 1117 PORT_SetError(PK11_MapError(crv)); |
1118 return SECFailure; | 1118 return SECFailure; |
(...skipping 13 matching lines...) Expand all Loading... |
1132 slot->protectedAuthPath = | 1132 slot->protectedAuthPath = |
1133 ((tokenInfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH) | 1133 ((tokenInfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH) |
1134 ? PR_TRUE : PR_FALSE); | 1134 ? PR_TRUE : PR_FALSE); |
1135 slot->lastLoginCheck = 0; | 1135 slot->lastLoginCheck = 0; |
1136 slot->lastState = 0; | 1136 slot->lastState = 0; |
1137 /* on some platforms Active Card incorrectly sets the | 1137 /* on some platforms Active Card incorrectly sets the |
1138 * CKF_PROTECTED_AUTHENTICATION_PATH bit when it doesn't mean to. */ | 1138 * CKF_PROTECTED_AUTHENTICATION_PATH bit when it doesn't mean to. */ |
1139 if (slot->isActiveCard) { | 1139 if (slot->isActiveCard) { |
1140 slot->protectedAuthPath = PR_FALSE; | 1140 slot->protectedAuthPath = PR_FALSE; |
1141 } | 1141 } |
1142 tmp = PK11_MakeString(NULL,slot->token_name, | 1142 (void)PK11_MakeString(NULL,slot->token_name, |
1143 » » » (char *)tokenInfo.label, sizeof(tokenInfo.label)); | 1143 » » » (char *)tokenInfo.label, sizeof(tokenInfo.label)); |
1144 slot->minPassword = tokenInfo.ulMinPinLen; | 1144 slot->minPassword = tokenInfo.ulMinPinLen; |
1145 slot->maxPassword = tokenInfo.ulMaxPinLen; | 1145 slot->maxPassword = tokenInfo.ulMaxPinLen; |
1146 PORT_Memcpy(slot->serial,tokenInfo.serialNumber,sizeof(slot->serial)); | 1146 PORT_Memcpy(slot->serial,tokenInfo.serialNumber,sizeof(slot->serial)); |
1147 | 1147 |
1148 nssToken_UpdateName(slot->nssToken); | 1148 nssToken_UpdateName(slot->nssToken); |
1149 | 1149 |
1150 slot->defRWSession = (PRBool)((!slot->readOnly) && | 1150 slot->defRWSession = (PRBool)((!slot->readOnly) && |
1151 (tokenInfo.ulMaxSessionCount == 1)); | 1151 (tokenInfo.ulMaxSessionCount == 1)); |
1152 rv = PK11_ReadMechanismList(slot); | 1152 rv = PK11_ReadMechanismList(slot); |
1153 if (rv != SECSuccess) return rv; | 1153 if (rv != SECSuccess) return rv; |
(...skipping 188 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1342 * This initialization code is called on each slot a module supports when | 1342 * This initialization code is called on each slot a module supports when |
1343 * it is loaded. It does the bringup initialization. The difference between | 1343 * it is loaded. It does the bringup initialization. The difference between |
1344 * this and InitToken is Init slot does those one time initialization stuff, | 1344 * this and InitToken is Init slot does those one time initialization stuff, |
1345 * usually associated with the reader, while InitToken may get called multiple | 1345 * usually associated with the reader, while InitToken may get called multiple |
1346 * times as tokens are removed and re-inserted. | 1346 * times as tokens are removed and re-inserted. |
1347 */ | 1347 */ |
1348 void | 1348 void |
1349 PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot) | 1349 PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot) |
1350 { | 1350 { |
1351 SECStatus rv; | 1351 SECStatus rv; |
1352 char *tmp; | |
1353 CK_SLOT_INFO slotInfo; | 1352 CK_SLOT_INFO slotInfo; |
1354 | 1353 |
1355 slot->functionList = mod->functionList; | 1354 slot->functionList = mod->functionList; |
1356 slot->isInternal = mod->internal; | 1355 slot->isInternal = mod->internal; |
1357 slot->slotID = slotID; | 1356 slot->slotID = slotID; |
1358 slot->isThreadSafe = mod->isThreadSafe; | 1357 slot->isThreadSafe = mod->isThreadSafe; |
1359 slot->hasRSAInfo = PR_FALSE; | 1358 slot->hasRSAInfo = PR_FALSE; |
1360 | 1359 |
1361 if (PK11_GETTAB(slot)->C_GetSlotInfo(slotID,&slotInfo) != CKR_OK) { | 1360 if (PK11_GETTAB(slot)->C_GetSlotInfo(slotID,&slotInfo) != CKR_OK) { |
1362 slot->disabled = PR_TRUE; | 1361 slot->disabled = PR_TRUE; |
1363 slot->reason = PK11_DIS_COULD_NOT_INIT_TOKEN; | 1362 slot->reason = PK11_DIS_COULD_NOT_INIT_TOKEN; |
1364 return; | 1363 return; |
1365 } | 1364 } |
1366 | 1365 |
1367 /* test to make sure claimed mechanism work */ | 1366 /* test to make sure claimed mechanism work */ |
1368 slot->needTest = mod->internal ? PR_FALSE : PR_TRUE; | 1367 slot->needTest = mod->internal ? PR_FALSE : PR_TRUE; |
1369 slot->module = mod; /* NOTE: we don't make a reference here because | 1368 slot->module = mod; /* NOTE: we don't make a reference here because |
1370 * modules have references to their slots. This | 1369 * modules have references to their slots. This |
1371 * works because modules keep implicit references | 1370 * works because modules keep implicit references |
1372 * from their slots, and won't unload and disappear | 1371 * from their slots, and won't unload and disappear |
1373 * until all their slots have been freed */ | 1372 * until all their slots have been freed */ |
1374 tmp = PK11_MakeString(NULL,slot->slot_name, | 1373 (void)PK11_MakeString(NULL,slot->slot_name, |
1375 (char *)slotInfo.slotDescription, sizeof(slotInfo.slotDescription)); | 1374 (char *)slotInfo.slotDescription, sizeof(slotInfo.slotDescription)); |
1376 slot->isHW = (PRBool)((slotInfo.flags & CKF_HW_SLOT) == CKF_HW_SLOT); | 1375 slot->isHW = (PRBool)((slotInfo.flags & CKF_HW_SLOT) == CKF_HW_SLOT); |
1377 #define ACTIVE_CARD "ActivCard SA" | 1376 #define ACTIVE_CARD "ActivCard SA" |
1378 slot->isActiveCard = (PRBool)(PORT_Strncmp((char *)slotInfo.manufacturerID, | 1377 slot->isActiveCard = (PRBool)(PORT_Strncmp((char *)slotInfo.manufacturerID, |
1379 ACTIVE_CARD, sizeof(ACTIVE_CARD)-1) == 0); | 1378 ACTIVE_CARD, sizeof(ACTIVE_CARD)-1) == 0); |
1380 if ((slotInfo.flags & CKF_REMOVABLE_DEVICE) == 0) { | 1379 if ((slotInfo.flags & CKF_REMOVABLE_DEVICE) == 0) { |
1381 slot->isPerm = PR_TRUE; | 1380 slot->isPerm = PR_TRUE; |
1382 /* permanment slots must have the token present always */ | 1381 /* permanment slots must have the token present always */ |
1383 if ((slotInfo.flags & CKF_TOKEN_PRESENT) == 0) { | 1382 if ((slotInfo.flags & CKF_TOKEN_PRESENT) == 0) { |
1384 slot->disabled = PR_TRUE; | 1383 slot->disabled = PR_TRUE; |
(...skipping 660 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2045 PK11SlotInfo * | 2044 PK11SlotInfo * |
2046 PK11_GetBestSlotMultipleWithAttributes(CK_MECHANISM_TYPE *type, | 2045 PK11_GetBestSlotMultipleWithAttributes(CK_MECHANISM_TYPE *type, |
2047 CK_FLAGS *mechanismInfoFlags, unsigned int *keySize, | 2046 CK_FLAGS *mechanismInfoFlags, unsigned int *keySize, |
2048 unsigned int mech_count, void *wincx) | 2047 unsigned int mech_count, void *wincx) |
2049 { | 2048 { |
2050 PK11SlotList *list = NULL; | 2049 PK11SlotList *list = NULL; |
2051 PK11SlotListElement *le ; | 2050 PK11SlotListElement *le ; |
2052 PK11SlotInfo *slot = NULL; | 2051 PK11SlotInfo *slot = NULL; |
2053 PRBool freeit = PR_FALSE; | 2052 PRBool freeit = PR_FALSE; |
2054 PRBool listNeedLogin = PR_FALSE; | 2053 PRBool listNeedLogin = PR_FALSE; |
2055 int i; | 2054 unsigned int i; |
2056 SECStatus rv; | 2055 SECStatus rv; |
2057 | 2056 |
2058 list = PK11_GetSlotList(type[0]); | 2057 list = PK11_GetSlotList(type[0]); |
2059 | 2058 |
2060 if ((list == NULL) || (list->head == NULL)) { | 2059 if ((list == NULL) || (list->head == NULL)) { |
2061 /* We need to look up all the tokens for the mechanism */ | 2060 /* We need to look up all the tokens for the mechanism */ |
2062 list = PK11_GetAllTokens(type[0],PR_FALSE,PR_TRUE,wincx); | 2061 list = PK11_GetAllTokens(type[0],PR_FALSE,PR_TRUE,wincx); |
2063 freeit = PR_TRUE; | 2062 freeit = PR_TRUE; |
2064 } | 2063 } |
2065 | 2064 |
(...skipping 331 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2397 first_time_set = PR_TRUE; | 2396 first_time_set = PR_TRUE; |
2398 } | 2397 } |
2399 if ((interval-first_time) > timeout) { | 2398 if ((interval-first_time) > timeout) { |
2400 return waitForRemoval ? PK11TokenPresent : PK11TokenRemoved; | 2399 return waitForRemoval ? PK11TokenPresent : PK11TokenRemoved; |
2401 } | 2400 } |
2402 } | 2401 } |
2403 PR_Sleep(latency); | 2402 PR_Sleep(latency); |
2404 } | 2403 } |
2405 return waitForRemoval ? PK11TokenRemoved : PK11TokenPresent; | 2404 return waitForRemoval ? PK11TokenRemoved : PK11TokenPresent; |
2406 } | 2405 } |
OLD | NEW |