Back to index

lightning-sunbird  0.9+nobinonly
Classes | Defines | Functions | Variables
pk11.c File Reference
#include "modutil.h"
#include "pk11func.h"

Go to the source code of this file.

Classes

struct  MaskString

Defines

#define MAX_STRING_LIST_LEN   240 /* or less */
#define PAD   " "

Functions

Error FipsMode (char *arg)
Error ChkFipsMode (char *arg)
static unsigned long getFlagsFromString (char *string, const MaskString array[], int elements)
static char * getStringFromFlags (unsigned long flags, const MaskString array[], int elements)
Error AddModule (char *moduleName, char *libFile, char *cipherString, char *mechanismString, char *modparms)
Error DeleteModule (char *moduleName)
Error RawListModule (char *modulespec)
Error RawAddModule (char *dbmodulespec, char *modulespec)
static void printModule (SECMODModule *module, int *count)
Error ListModules ()
Error ListModule (char *moduleName)
Error ChangePW (char *tokenName, char *pwFile, char *newpwFile)
Error EnableModule (char *moduleName, char *slotName, PRBool enable)
Error SetDefaultModule (char *moduleName, char *slotName, char *mechanisms)
Error UnsetDefaultModule (char *moduleName, char *slotName, char *mechanisms)

Variables

static PK11DefaultArrayEntry * pk11_DefaultArray = NULL
static int pk11_DefaultArraySize = 0
static const MaskString mechanismStrings []
static const int numMechanismStrings
static const MaskString cipherStrings []
static const int numCipherStrings
static char * disableReasonStr []
static int numDisableReasonStr

Class Documentation

struct MaskString

Definition at line 143 of file pk11.c.

Class Members
const unsigned long mask
const char * name

Define Documentation

#define MAX_STRING_LIST_LEN   240 /* or less */

Definition at line 179 of file pk11.c.

#define PAD   " "

Function Documentation

Error AddModule ( char *  moduleName,
char *  libFile,
char *  cipherString,
char *  mechanismString,
char *  modparms 
)

Definition at line 272 of file pk11.c.

{
    unsigned long ciphers;
    unsigned long mechanisms;
    SECStatus status;

    mechanisms =
       getFlagsFromString(mechanismString, mechanismStrings,
                        numMechanismStrings);
    ciphers =
       getFlagsFromString(cipherString, cipherStrings, numCipherStrings);

    status =
       SECMOD_AddNewModuleEx(moduleName, libFile,
                SECMOD_PubMechFlagstoInternal(mechanisms),
                SECMOD_PubCipherFlagstoInternal(ciphers),
                modparms, NULL );

    if(status != SECSuccess) {
       char* errtxt=NULL;
       PRInt32 copied = 0;
       if (PR_GetErrorTextLength()) {
           errtxt = PR_Malloc(PR_GetErrorTextLength());
           copied = PR_GetErrorText(errtxt);
       }
       if (copied && errtxt) {
           PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_STATUS_ERR], 
                     moduleName, errtxt);
           PR_Free(errtxt);
       } else {
           PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_ERR], 
                     moduleName);
       }
       return ADD_MODULE_FAILED_ERR;
    } else {
       PR_fprintf(PR_STDOUT, msgStrings[ADD_MODULE_SUCCESS_MSG], moduleName);
       return SUCCESS;
    }
}
Error ChangePW ( char *  tokenName,
char *  pwFile,
char *  newpwFile 
)

Definition at line 666 of file pk11.c.

{
    char *oldpw=NULL, *newpw=NULL, *newpw2=NULL;
    PK11SlotInfo *slot;
    Error ret=UNSPECIFIED_ERR;
    PRBool matching;

    slot = PK11_FindSlotByName(tokenName);
    if(!slot) {
       PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], tokenName);
       return NO_SUCH_TOKEN_ERR;
    }

    PK11_SetPasswordFunc(SECU_GetModulePassword);

    /* Get old password */
    if(! PK11_NeedUserInit(slot)) {
       if(pwFile) {
           oldpw = SECU_FilePasswd(NULL, PR_FALSE, pwFile);
           if(PK11_CheckUserPassword(slot, oldpw) != SECSuccess) {
              PR_fprintf(PR_STDERR, errStrings[BAD_PW_ERR]);
              ret=BAD_PW_ERR;
              goto loser;
           }
       } else {
           for(matching=PR_FALSE; !matching; ) {
              oldpw = SECU_GetPasswordString(NULL, "Enter old password: ");
              if(PK11_CheckUserPassword(slot, oldpw) == SECSuccess) {
                  matching = PR_TRUE;
              } else {
                  PR_fprintf(PR_STDOUT, msgStrings[BAD_PW_MSG]);
              }
           }
       }
    }

    /* Get new password */
    if(newpwFile) {
       newpw = SECU_FilePasswd(NULL, PR_FALSE, newpwFile);
    } else {
       for(matching=PR_FALSE; !matching; ) {
           newpw = SECU_GetPasswordString(NULL, "Enter new password: ");
           newpw2 = SECU_GetPasswordString(NULL, "Re-enter new password: ");
           if(strcmp(newpw, newpw2)) {
              PR_fprintf(PR_STDOUT, msgStrings[PW_MATCH_MSG]);
           } else {
              matching = PR_TRUE;
           }
       }
    }

    /* Change the password */
    if(PK11_NeedUserInit(slot)) {
       if(PK11_InitPin(slot, NULL /*ssopw*/, newpw) != SECSuccess) {
           PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName);
           ret = CHANGEPW_FAILED_ERR;
           goto loser;
       }
    } else {
       if(PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) {
           PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName);
           ret = CHANGEPW_FAILED_ERR;
           goto loser;
       }
    }

    PR_fprintf(PR_STDOUT, msgStrings[CHANGEPW_SUCCESS_MSG], tokenName);
    ret = SUCCESS;

loser:
    if(oldpw) {
       memset(oldpw, 0, strlen(oldpw));
       PORT_Free(oldpw);
    }
    if(newpw) {
       memset(newpw, 0, strlen(newpw));
       PORT_Free(newpw);
    }
    if(newpw2) {
       memset(newpw2, 0, strlen(newpw2));
       PORT_Free(newpw2);
    }
    return ret;
}
Error ChkFipsMode ( char *  arg)

Definition at line 114 of file pk11.c.

{
    if(!PORT_Strcasecmp(arg, "true")) {
       if (PK11_IsFIPS()) {
           PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
       } else {
           PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]);
           return FIPS_SWITCH_FAILED_ERR;
       }

    } else if(!PORT_Strcasecmp(arg, "false")) {
       if(!PK11_IsFIPS()) {
           PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]);
       } else {
           PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
           return FIPS_SWITCH_FAILED_ERR;
       }
    } else {
       PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]);
       return INVALID_FIPS_ARG;
    }

    return SUCCESS;
}
Error DeleteModule ( char *  moduleName)

Definition at line 320 of file pk11.c.

{
    SECStatus status;
    int type;
    
    status = SECMOD_DeleteModule(moduleName, &type);

    if(status != SECSuccess) {
       if(type == SECMOD_FIPS || type == SECMOD_INTERNAL) {
           PR_fprintf(PR_STDERR, errStrings[DELETE_INTERNAL_ERR]);
           return DELETE_INTERNAL_ERR;
       } else {
           PR_fprintf(PR_STDERR, errStrings[DELETE_FAILED_ERR], moduleName);
           return DELETE_FAILED_ERR;
       }
    }

    PR_fprintf(PR_STDOUT, msgStrings[DELETE_SUCCESS_MSG], moduleName);
    return SUCCESS;
}
Error EnableModule ( char *  moduleName,
char *  slotName,
PRBool  enable 
)

Definition at line 761 of file pk11.c.

{
    int i;
    SECMODModule *module;
    PK11SlotInfo *slot = NULL;
    PRBool found = PR_FALSE;

    module = SECMOD_FindModule(moduleName);
    if(!module) {
       PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
       return NO_SUCH_MODULE_ERR;
    }

    for(i=0; i < module->slotCount; i++) {
       slot = module->slots[i];
       if(slotName && strcmp(PK11_GetSlotName(slot), slotName)) {
              /* Not the right slot */
              continue;
       }
       if(enable) {
           if(! PK11_UserEnableSlot(slot)) {
              PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR],
                  "enable", PK11_GetSlotName(slot));
              return ENABLE_FAILED_ERR;
           } else {
              found = PR_TRUE;
              PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG],
                  PK11_GetSlotName(slot), "enabled");
           }
       } else {
           if(! PK11_UserDisableSlot(slot)) {
              PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR],
                  "disable", PK11_GetSlotName(slot));
              return ENABLE_FAILED_ERR;
           } else {
              found = PR_TRUE;
              PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG],
                  PK11_GetSlotName(slot), "disabled");
           }
       }
    }

    if(slotName && !found) {
       PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
       return NO_SUCH_SLOT_ERR;
    }

    /* Delete and re-add module to save changes */
    if( SECMOD_UpdateModule(module) != SECSuccess ) {
       PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], moduleName);
       return UPDATE_MOD_FAILED_ERR;
    }

    return SUCCESS;
}
Error FipsMode ( char *  arg)

Definition at line 55 of file pk11.c.

{
    char *internal_name;

    if(!PORT_Strcasecmp(arg, "true")) {
       if(!PK11_IsFIPS()) {
           internal_name = PR_smprintf("%s",
              SECMOD_GetInternalModule()->commonName);
           if(SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
              PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
              PR_smprintf_free(internal_name);
              PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
              return FIPS_SWITCH_FAILED_ERR;
           }
           PR_smprintf_free(internal_name);
           if (!PK11_IsFIPS()) {
              PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
              return FIPS_SWITCH_FAILED_ERR;
           }
           PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
       } else {
           PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]);
           return FIPS_ALREADY_ON_ERR;
       }
    } else if(!PORT_Strcasecmp(arg, "false")) {
       if(PK11_IsFIPS()) {
           internal_name = PR_smprintf("%s",
              SECMOD_GetInternalModule()->commonName);
           if(SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
              PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
              PR_smprintf_free(internal_name);
              PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
              return FIPS_SWITCH_FAILED_ERR;
           }
           PR_smprintf_free(internal_name);
           if (PK11_IsFIPS()) {
              PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
              return FIPS_SWITCH_FAILED_ERR;
           }
           PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]);
       } else {
           PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_OFF_ERR]);
           return FIPS_ALREADY_OFF_ERR;
       }
    } else {
       PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]);
       return INVALID_FIPS_ARG;
    }

    return SUCCESS;
}
static unsigned long getFlagsFromString ( char *  string,
const MaskString  array[],
int  elements 
) [static]

Definition at line 192 of file pk11.c.

{
    unsigned long ret = 0;
    short i = 0;
    char *cp;
    char *buf;
    char *end;

    if(!string || !string[0]) {
       return ret;
    }

    /* Make a temporary copy of the string */
    buf = PR_Malloc(strlen(string)+1);
    if(!buf) {
       out_of_memory();
    }
    strcpy(buf, string);

    /* Look at each element of the list passed in */
    for(cp=buf; cp && *cp; cp = (end ? end+1 : NULL) ) {
       /* Look at the string up to the next colon */
       end = strchr(cp, ':');
       if(end) {
           *end = '\0';
       }

       /* Find which element this is */
       for(i=0; i < elements; i++) {
           if( !PORT_Strcasecmp(cp, array[i].name) ) {
              break;
           }
       }
       if(i == elements) {
           /* Skip a bogus string, but print a warning message */
           PR_fprintf(PR_STDERR, errStrings[INVALID_CONSTANT_ERR], cp);
           continue;
       }
       ret |= array[i].mask;
    }

    PR_Free(buf);
    return ret;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static char* getStringFromFlags ( unsigned long  flags,
const MaskString  array[],
int  elements 
) [static]

Definition at line 245 of file pk11.c.

{
    static char buf[MAX_STRING_LIST_LEN];
    int i;
    int count=0;

    buf[0] = '\0';
    for(i=0; i<elements; i++) {
       if( flags & array[i].mask ) {
           ++count;
           if(count!=1) {
              strcat(buf, ":");
           }
           strcat(buf, array[i].name);
       }
    }
    return buf;
}

Here is the caller graph for this function:

Error ListModule ( char *  moduleName)

Definition at line 511 of file pk11.c.

{
    SECMODModule *module;
    PK11SlotInfo *slot;
    int slotnum;
    CK_INFO modinfo;
    CK_SLOT_INFO slotinfo;
    CK_TOKEN_INFO tokeninfo;
    char *ciphers, *mechanisms;
    PK11DisableReasons reason;
    Error  rv = SUCCESS;

    if(!moduleName) {
       return SUCCESS;
    }

    module = SECMOD_FindModule(moduleName);
    if(!module) {
       PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
       return NO_SUCH_MODULE_ERR;
    }

    if ((module->loaded) && 
                     (PK11_GetModInfo(module, &modinfo) != SECSuccess)) {
       PR_fprintf(PR_STDERR, errStrings[MOD_INFO_ERR], moduleName);
       return MOD_INFO_ERR;
    }

    /* Module info */
    PR_fprintf(PR_STDOUT, 
       "\n-----------------------------------------------------------\n");
    PR_fprintf(PR_STDOUT, "Name: %s\n", module->commonName);
    if(module->internal || !module->dllName) {
       PR_fprintf(PR_STDOUT, "Library file: **Internal ONLY module**\n");
    } else {
       PR_fprintf(PR_STDOUT, "Library file: %s\n", module->dllName);
    }

    if (module->loaded) {
       PR_fprintf(PR_STDOUT, "Manufacturer: %.32s\n", modinfo.manufacturerID);
       PR_fprintf(PR_STDOUT, "Description: %.32s\n", modinfo.libraryDescription);
       PR_fprintf(PR_STDOUT, "PKCS #11 Version %d.%d\n",
       modinfo.cryptokiVersion.major, modinfo.cryptokiVersion.minor);
       PR_fprintf(PR_STDOUT, "Library Version: %d.%d\n",
       modinfo.libraryVersion.major, modinfo.libraryVersion.minor);
    } else {
       PR_fprintf(PR_STDOUT, "* Module not loaded\n");
    }
    /* Get cipher and mechanism flags */
    ciphers = getStringFromFlags(module->ssl[0], cipherStrings,
      numCipherStrings);
    if(ciphers[0] == '\0') {
       ciphers = "None";
    }
    PR_fprintf(PR_STDOUT, "Cipher Enable Flags: %s\n", ciphers);
    mechanisms = NULL;
    if (module->slotCount > 0) {
       mechanisms = getStringFromFlags(
           PK11_GetDefaultFlags(module->slots[0]),
           mechanismStrings, numMechanismStrings);
    }
    if ((mechanisms==NULL) || (mechanisms[0] =='\0')) {
       mechanisms = "None";
    }
    PR_fprintf(PR_STDOUT, "Default Mechanism Flags: %s\n", mechanisms);

#define PAD "  "

    /* Loop over each slot */
    for (slotnum=0; slotnum < module->slotCount; slotnum++) {
       slot = module->slots[slotnum];
       if (PK11_GetSlotInfo(slot, &slotinfo) != SECSuccess) {
           PR_fprintf(PR_STDERR, errStrings[SLOT_INFO_ERR],
              PK11_GetSlotName(slot));
           rv = SLOT_INFO_ERR;
           continue;
       }

       /* Slot Info */
       PR_fprintf(PR_STDOUT, "\n"PAD"Slot: %s\n", PK11_GetSlotName(slot));
       mechanisms = getStringFromFlags(PK11_GetDefaultFlags(slot),
           mechanismStrings, numMechanismStrings);
       if(mechanisms[0] =='\0') {
            mechanisms = "None";
       }
       PR_fprintf(PR_STDOUT, PAD"Slot Mechanism Flags: %s\n", mechanisms);
       PR_fprintf(PR_STDOUT, PAD"Manufacturer: %.32s\n",
           slotinfo.manufacturerID);
       if (PK11_IsHW(slot)) {
           PR_fprintf(PR_STDOUT, PAD"Type: Hardware\n");
       } else {
           PR_fprintf(PR_STDOUT, PAD"Type: Software\n");
       }
       PR_fprintf(PR_STDOUT, PAD"Version Number: %d.%d\n",
           slotinfo.hardwareVersion.major, slotinfo.hardwareVersion.minor);
       PR_fprintf(PR_STDOUT, PAD"Firmware Version: %d.%d\n",
           slotinfo.firmwareVersion.major, slotinfo.firmwareVersion.minor);
       if (PK11_IsDisabled(slot)) {
           reason  = PK11_GetDisabledReason(slot);
           if(reason < numDisableReasonStr) {
              PR_fprintf(PR_STDOUT, PAD"Status: DISABLED (%s)\n",
                disableReasonStr[reason]);
           } else {
              PR_fprintf(PR_STDOUT, PAD"Status: DISABLED\n");
           }
       } else {
           PR_fprintf(PR_STDOUT, PAD"Status: Enabled\n");
       }

       if(PK11_GetTokenInfo(slot, &tokeninfo) != SECSuccess) {
           PR_fprintf(PR_STDERR, errStrings[TOKEN_INFO_ERR],
             PK11_GetTokenName(slot));
           rv = TOKEN_INFO_ERR;
           continue;
       }

       /* Token Info */
       PR_fprintf(PR_STDOUT, PAD"Token Name: %.32s\n",
           tokeninfo.label);
       PR_fprintf(PR_STDOUT, PAD"Token Manufacturer: %.32s\n",
           tokeninfo.manufacturerID);
       PR_fprintf(PR_STDOUT, PAD"Token Model: %.16s\n", tokeninfo.model);
       PR_fprintf(PR_STDOUT, PAD"Token Serial Number: %.16s\n",
           tokeninfo.serialNumber);
       PR_fprintf(PR_STDOUT, PAD"Token Version: %d.%d\n",
           tokeninfo.hardwareVersion.major, tokeninfo.hardwareVersion.minor);
       PR_fprintf(PR_STDOUT, PAD"Token Firmware Version: %d.%d\n",
           tokeninfo.firmwareVersion.major, tokeninfo.firmwareVersion.minor);
       if(tokeninfo.flags & CKF_WRITE_PROTECTED) {
           PR_fprintf(PR_STDOUT, PAD"Access: Write Protected\n");
       } else {
           PR_fprintf(PR_STDOUT, PAD"Access: NOT Write Protected\n");
       }
       if(tokeninfo.flags & CKF_LOGIN_REQUIRED) {
           PR_fprintf(PR_STDOUT, PAD"Login Type: Login required\n");
       } else {
           PR_fprintf(PR_STDOUT, PAD
             "Login Type: Public (no login required)\n");
       }
       if(tokeninfo.flags & CKF_USER_PIN_INITIALIZED) {
           PR_fprintf(PR_STDOUT, PAD"User Pin: Initialized\n");
       } else {
           PR_fprintf(PR_STDOUT, PAD"User Pin: NOT Initialized\n");
       }
    }
    PR_fprintf(PR_STDOUT, 
       "\n-----------------------------------------------------------\n");
    return rv;
}

Definition at line 446 of file pk11.c.

{
    SECMODListLock *lock;
    SECMODModuleList *list;
    SECMODModuleList *deadlist;
    SECMODModuleList *mlp;
    Error ret=UNSPECIFIED_ERR;
    int count = 0;

    lock = SECMOD_GetDefaultModuleListLock();
    if(!lock) {
       PR_fprintf(PR_STDERR, errStrings[NO_LIST_LOCK_ERR]);
       return NO_LIST_LOCK_ERR;
    }

    SECMOD_GetReadLock(lock);

    list = SECMOD_GetDefaultModuleList();
    deadlist = SECMOD_GetDeadModuleList();
    if (!list && !deadlist) {
       PR_fprintf(PR_STDERR, errStrings[NO_MODULE_LIST_ERR]);
       ret = NO_MODULE_LIST_ERR;
       goto loser;
    }

    PR_fprintf(PR_STDOUT,
       "\nListing of PKCS #11 Modules\n"
       "-----------------------------------------------------------\n");
    
    for(mlp=list; mlp != NULL; mlp = mlp->next) {
       printModule(mlp->module, &count);
    }
    for (mlp=deadlist; mlp != NULL; mlp = mlp->next) {
       printModule(mlp->module, &count);
    }


    PR_fprintf(PR_STDOUT,
       "-----------------------------------------------------------\n");

    ret = SUCCESS;

loser:
    SECMOD_ReleaseReadLock(lock);
    return ret;
}
static void printModule ( SECMODModule *  module,
int count 
) [static]

Definition at line 400 of file pk11.c.

{
    int slotCount = module->loaded ? module->slotCount : 0;
    int i;

    if ((*count)++) {
        PR_fprintf(PR_STDOUT,"\n");
    }
        PR_fprintf(PR_STDOUT, "%3d. %s\n", *count, module->commonName);

    if (module->dllName) {
        PR_fprintf(PR_STDOUT, "\tlibrary name: %s\n", module->dllName);
    }

    if (slotCount == 0) {
        PR_fprintf(PR_STDOUT,
       "\t slots: There are no slots attached to this module\n");
    } else {
        PR_fprintf(PR_STDOUT, "\t slots: %d slot%s attached\n",
              slotCount, (slotCount==1 ? "" : "s") );
    }

    if (module->loaded == 0) {
        PR_fprintf(PR_STDOUT, "\tstatus: Not loaded\n");
    } else {
        PR_fprintf(PR_STDOUT, "\tstatus: loaded\n");
    }

    /* Print slot and token names */
    for (i = 0; i < slotCount; i++) {
        PK11SlotInfo *slot = module->slots[i];

        PR_fprintf(PR_STDOUT, "\n");
        PR_fprintf(PR_STDOUT, "\t slot: %s\n", PK11_GetSlotName(slot));
        PR_fprintf(PR_STDOUT, "\ttoken: %s\n", PK11_GetTokenName(slot));
    }
    return;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Error RawAddModule ( char *  dbmodulespec,
char *  modulespec 
)

Definition at line 374 of file pk11.c.

{
    SECMODModule *module;
    SECMODModule *dbmodule;


    dbmodule = SECMOD_LoadModule(dbmodulespec,NULL,PR_TRUE);
    if (dbmodule == NULL) {
       /* handle error */
       return NO_SUCH_MODULE_ERR;
    }

    module = SECMOD_LoadModule(modulespec,dbmodule,PR_FALSE);
    if (module == NULL) {
       /* handle error */
       return NO_SUCH_MODULE_ERR;
    }

    if( SECMOD_UpdateModule(module) != SECSuccess ) {
       PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], modulespec);
       return UPDATE_MOD_FAILED_ERR;
    }
    return SUCCESS;
}
Error RawListModule ( char *  modulespec)

Definition at line 348 of file pk11.c.

{
    SECMODModule *module;
    char **moduleSpecList;

    module = SECMOD_LoadModule(modulespec,NULL,PR_FALSE);
    if (module == NULL) {
       /* handle error */
       return NO_SUCH_MODULE_ERR;
    }

    moduleSpecList = SECMOD_GetModuleSpecList(module);
    if (!moduleSpecList || !moduleSpecList[0]) {
       SECU_PrintError("modutil",
                         "no specs in secmod DB");
       return NO_SUCH_MODULE_ERR;
    }

    for ( ;*moduleSpecList; moduleSpecList++) {
       printf("%s\n\n",*moduleSpecList);
    }

    return SUCCESS;
}
Error SetDefaultModule ( char *  moduleName,
char *  slotName,
char *  mechanisms 
)

Definition at line 823 of file pk11.c.

{
    SECMODModule *module;
    PK11SlotInfo *slot;
    int s, i;
    unsigned long mechFlags = getFlagsFromString(mechanisms, mechanismStrings,
       numMechanismStrings);
    PRBool found = PR_FALSE;
    Error errcode = UNSPECIFIED_ERR;

    if (pk11_DefaultArray == NULL) {
       pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize);
       if (pk11_DefaultArray == NULL) {
           /* should assert. This shouldn't happen */
           goto loser;
       }
    }

    mechFlags =  SECMOD_PubMechFlagstoInternal(mechFlags);

    module = SECMOD_FindModule(moduleName);
    if(!module) {
       PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
       errcode = NO_SUCH_MODULE_ERR;
       goto loser;
    }

    /* Go through each slot */
    for(s=0; s < module->slotCount; s++) {
       slot = module->slots[s];

       if ((slotName != NULL) &&
           !((strcmp(PK11_GetSlotName(slot),slotName) == 0) ||
           (strcmp(PK11_GetTokenName(slot),slotName) == 0)) ) {
           /* we are only interested in changing the one slot */
           continue;
       }

       found = PR_TRUE;

       /* Go through each mechanism */
       for(i=0; i < pk11_DefaultArraySize; i++) {
           if(pk11_DefaultArray[i].flag & mechFlags) {
              /* Enable this default mechanism */
              PK11_UpdateSlotAttribute(slot, &(pk11_DefaultArray[i]),
                  PR_TRUE);
           }
       }
    }
    if (slotName && !found) {
       PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
       errcode = NO_SUCH_SLOT_ERR;
       goto loser;
    }

    /* Delete and re-add module to save changes */
    if( SECMOD_UpdateModule(module) != SECSuccess ) {
       PR_fprintf(PR_STDERR, errStrings[DEFAULT_FAILED_ERR],
         moduleName);
       errcode = DEFAULT_FAILED_ERR;
       goto loser;
    }

    PR_fprintf(PR_STDOUT, msgStrings[DEFAULT_SUCCESS_MSG]);

    errcode = SUCCESS;
loser:
    return errcode;
}
Error UnsetDefaultModule ( char *  moduleName,
char *  slotName,
char *  mechanisms 
)

Definition at line 898 of file pk11.c.

{
    SECMODModule * module;
    PK11SlotInfo *slot;
    int s, i;
    unsigned long mechFlags = getFlagsFromString(mechanisms,
       mechanismStrings, numMechanismStrings);
    PRBool found = PR_FALSE;

    if (pk11_DefaultArray == NULL) {
       pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize);
       if (pk11_DefaultArray == NULL) {
           /* should assert. This shouldn't happen */
           return UNSPECIFIED_ERR;
       }
    }

    mechFlags =  SECMOD_PubMechFlagstoInternal(mechFlags);

    module = SECMOD_FindModule(moduleName);
    if(!module) {
       PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
       return NO_SUCH_MODULE_ERR;
    }

    for(s=0; s < module->slotCount; s++) {
       slot = module->slots[s];
       if ((slotName != NULL) &&
           !((strcmp(PK11_GetSlotName(slot),slotName) == 0) ||
           (strcmp(PK11_GetTokenName(slot),slotName) == 0)) ) {
           /* we are only interested in changing the one slot */
           continue;
       }
       for(i=0; i < pk11_DefaultArraySize ; i++) {
           if(pk11_DefaultArray[i].flag & mechFlags) {
              PK11_UpdateSlotAttribute(slot, &(pk11_DefaultArray[i]),
                  PR_FALSE);
           }
       }
    }
    if (slotName && !found) {
       PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
       return NO_SUCH_SLOT_ERR;
    }

    /* Delete and re-add module to save changes */
    if( SECMOD_UpdateModule(module) != SECSuccess ) {
       PR_fprintf(PR_STDERR, errStrings[UNDEFAULT_FAILED_ERR],
         moduleName);
       return UNDEFAULT_FAILED_ERR;
    }

    PR_fprintf(PR_STDOUT, msgStrings[UNDEFAULT_SUCCESS_MSG]);
    return SUCCESS;
}

Variable Documentation

Initial value:
 {
    {"FORTEZZA", PUBLIC_CIPHER_FORTEZZA_FLAG}
}

Definition at line 171 of file pk11.c.

char* disableReasonStr[] [static]
Initial value:
 {
    "no reason",
    "user disabled",
    "could not initialize token",
    "could not verify token",
    "token not present"
}

Definition at line 494 of file pk11.c.

Initial value:

Definition at line 148 of file pk11.c.

Initial value:
    sizeof(cipherStrings) / sizeof(cipherStrings[0])

Definition at line 174 of file pk11.c.

Initial value:
    sizeof(disableReasonStr) / sizeof(disableReasonStr[0])

Definition at line 501 of file pk11.c.

Initial value:
    sizeof(mechanismStrings) / sizeof(mechanismStrings[0])

Definition at line 168 of file pk11.c.

PK11DefaultArrayEntry* pk11_DefaultArray = NULL [static]

Definition at line 45 of file pk11.c.

int pk11_DefaultArraySize = 0 [static]

Definition at line 46 of file pk11.c.