| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/nss_util.h" | 5 #include "base/nss_util.h" |
| 6 #include "base/nss_util_internal.h" | 6 #include "base/nss_util_internal.h" |
| 7 | 7 |
| 8 #include <nss.h> | 8 #include <nss.h> |
| 9 #include <plarena.h> | 9 #include <plarena.h> |
| 10 #include <prerror.h> | 10 #include <prerror.h> |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 61 FilePath GetInitialConfigDirectory() { | 61 FilePath GetInitialConfigDirectory() { |
| 62 #if defined(OS_CHROMEOS) | 62 #if defined(OS_CHROMEOS) |
| 63 static const FilePath::CharType kReadOnlyCertDB[] = | 63 static const FilePath::CharType kReadOnlyCertDB[] = |
| 64 FILE_PATH_LITERAL("/etc/fake_root_ca/nssdb"); | 64 FILE_PATH_LITERAL("/etc/fake_root_ca/nssdb"); |
| 65 return FilePath(kReadOnlyCertDB); | 65 return FilePath(kReadOnlyCertDB); |
| 66 #else | 66 #else |
| 67 return GetDefaultConfigDirectory(); | 67 return GetDefaultConfigDirectory(); |
| 68 #endif // defined(OS_CHROMEOS) | 68 #endif // defined(OS_CHROMEOS) |
| 69 } | 69 } |
| 70 | 70 |
| 71 // This callback for NSS forwards all requests to a caller-specified |
| 72 // PK11BlockingPasswordDelegate object. |
| 73 char* PK11PasswordFunc(PK11SlotInfo* slot, PRBool retry, void* arg) { |
| 74 base::PK11BlockingPasswordDelegate* delegate = |
| 75 reinterpret_cast<base::PK11BlockingPasswordDelegate*>(arg); |
| 76 if (delegate) |
| 77 return delegate->RequestPassword(slot, retry); |
| 78 DLOG(ERROR) << "PK11 password requested with NULL arg"; |
| 79 return NULL; |
| 80 } |
| 81 |
| 71 // NSS creates a local cache of the sqlite database if it detects that the | 82 // NSS creates a local cache of the sqlite database if it detects that the |
| 72 // filesystem the database is on is much slower than the local disk. The | 83 // filesystem the database is on is much slower than the local disk. The |
| 73 // detection doesn't work with the latest versions of sqlite, such as 3.6.22 | 84 // detection doesn't work with the latest versions of sqlite, such as 3.6.22 |
| 74 // (NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=578561). So we set | 85 // (NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=578561). So we set |
| 75 // the NSS environment variable NSS_SDB_USE_CACHE to "yes" to override NSS's | 86 // the NSS environment variable NSS_SDB_USE_CACHE to "yes" to override NSS's |
| 76 // detection when database_dir is on NFS. See http://crbug.com/48585. | 87 // detection when database_dir is on NFS. See http://crbug.com/48585. |
| 77 // | 88 // |
| 78 // TODO(wtc): port this function to other USE_NSS platforms. It is defined | 89 // TODO(wtc): port this function to other USE_NSS platforms. It is defined |
| 79 // only for OS_LINUX simply because the statfs structure is OS-specific. | 90 // only for OS_LINUX simply because the statfs structure is OS-specific. |
| 80 void UseLocalCacheOfNSSDatabaseIfNFS(const FilePath& database_dir) { | 91 void UseLocalCacheOfNSSDatabaseIfNFS(const FilePath& database_dir) { |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 187 LOG(WARNING) << "Initialize NSS without a persistent database " | 198 LOG(WARNING) << "Initialize NSS without a persistent database " |
| 188 "(~/.pki/nssdb)."; | 199 "(~/.pki/nssdb)."; |
| 189 status = NSS_NoDB_Init(NULL); | 200 status = NSS_NoDB_Init(NULL); |
| 190 if (status != SECSuccess) { | 201 if (status != SECSuccess) { |
| 191 LOG(ERROR) << "Error initializing NSS without a persistent " | 202 LOG(ERROR) << "Error initializing NSS without a persistent " |
| 192 "database: NSS error code " << PR_GetError(); | 203 "database: NSS error code " << PR_GetError(); |
| 193 return; | 204 return; |
| 194 } | 205 } |
| 195 } | 206 } |
| 196 | 207 |
| 208 PK11_SetPasswordFunc(PK11PasswordFunc); |
| 209 |
| 197 // If we haven't initialized the password for the NSS databases, | 210 // If we haven't initialized the password for the NSS databases, |
| 198 // initialize an empty-string password so that we don't need to | 211 // initialize an empty-string password so that we don't need to |
| 199 // log in. | 212 // log in. |
| 200 PK11SlotInfo* slot = PK11_GetInternalKeySlot(); | 213 PK11SlotInfo* slot = PK11_GetInternalKeySlot(); |
| 201 if (slot) { | 214 if (slot) { |
| 202 // PK11_InitPin may write to the keyDB, but no other thread can use NSS | 215 // PK11_InitPin may write to the keyDB, but no other thread can use NSS |
| 203 // yet, so we don't need to lock. | 216 // yet, so we don't need to lock. |
| 204 if (PK11_NeedUserInit(slot)) | 217 if (PK11_NeedUserInit(slot)) |
| 205 PK11_InitPin(slot, NULL, NULL); | 218 PK11_InitPin(slot, NULL, NULL); |
| 206 PK11_FreeSlot(slot); | 219 PK11_FreeSlot(slot); |
| (...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 363 exploded.millisecond = prxtime.tm_usec / 1000; | 376 exploded.millisecond = prxtime.tm_usec / 1000; |
| 364 | 377 |
| 365 return Time::FromUTCExploded(exploded); | 378 return Time::FromUTCExploded(exploded); |
| 366 } | 379 } |
| 367 | 380 |
| 368 PK11SlotInfo* GetDefaultNSSKeySlot() { | 381 PK11SlotInfo* GetDefaultNSSKeySlot() { |
| 369 return Singleton<NSSInitSingleton>::get()->GetDefaultKeySlot(); | 382 return Singleton<NSSInitSingleton>::get()->GetDefaultKeySlot(); |
| 370 } | 383 } |
| 371 | 384 |
| 372 } // namespace base | 385 } // namespace base |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3186021:
DONOTLAND: Start of PK11 password dialog for Linux/NSS (Closed)
Base URL: http://src.chromium.org/git/chromium.git