/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ /* To edit this file, set TABSTOPS to 4 spaces. * This is not the normal NSS convention. */ #include "modutil.h" #include "pk11func.h" /************************************************************************* * * F i p s M o d e * If arg=="true", enable FIPS mode on the internal module. If arg=="false", * disable FIPS mode on the internal module. */ Error FipsMode(char *arg) { char *internal_name; if (!PORT_Strcasecmp(arg, "true")) { if (!PK11_IsFIPS()) { internal_name = PR_smprintf("%s", SECMOD_GetInternalModule()->commonName); if (SECMOD_DeleteInternalModule(internal_name) != SECSuccess) { PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError())); PR_smprintf_free(internal_name); PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); return FIPS_SWITCH_FAILED_ERR; } PR_smprintf_free(internal_name); if (!PK11_IsFIPS()) { PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); return FIPS_SWITCH_FAILED_ERR; } PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]); } else { PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]); return FIPS_ALREADY_ON_ERR; } } else if (!PORT_Strcasecmp(arg, "false")) { if (PK11_IsFIPS()) { internal_name = PR_smprintf("%s", SECMOD_GetInternalModule()->commonName); if (SECMOD_DeleteInternalModule(internal_name) != SECSuccess) { PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError())); PR_smprintf_free(internal_name); PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); return FIPS_SWITCH_FAILED_ERR; } PR_smprintf_free(internal_name); if (PK11_IsFIPS()) { PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); return FIPS_SWITCH_FAILED_ERR; } PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]); } else { PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_OFF_ERR]); return FIPS_ALREADY_OFF_ERR; } } else { PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]); return INVALID_FIPS_ARG; } return SUCCESS; } /************************************************************************* * * C h k F i p s M o d e * If arg=="true", verify FIPS mode is enabled on the internal module. * If arg=="false", verify FIPS mode is disabled on the internal module. */ Error ChkFipsMode(char *arg) { if (!PORT_Strcasecmp(arg, "true")) { if (PK11_IsFIPS()) { PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]); } else { PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]); return FIPS_SWITCH_FAILED_ERR; } } else if (!PORT_Strcasecmp(arg, "false")) { if (!PK11_IsFIPS()) { PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]); } else { PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]); return FIPS_SWITCH_FAILED_ERR; } } else { PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]); return INVALID_FIPS_ARG; } return SUCCESS; } /************************************************************************ * Cipher and Mechanism name-bitmask translation tables */ typedef struct { const char *name; unsigned long mask; } MaskString; static const MaskString cipherStrings[] = { { "FORTEZZA", PUBLIC_CIPHER_FORTEZZA_FLAG } }; static const int numCipherStrings = sizeof(cipherStrings) / sizeof(cipherStrings[0]); /* Initialized by LoadMechanismList */ static MaskString *mechanismStrings = NULL; static int numMechanismStrings = 0; const static PK11DefaultArrayEntry *pk11_DefaultArray = NULL; static int pk11_DefaultArraySize = 0; /* Maximum length of a colon-separated list of all the strings in an * array. */ #define MAX_STRING_LIST_LEN 240 /* or less */ Error LoadMechanismList(void) { int i; if (pk11_DefaultArray == NULL) { pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize); if (pk11_DefaultArray == NULL) { /* should assert. This shouldn't happen */ return UNSPECIFIED_ERR; } } if (mechanismStrings != NULL) { return SUCCESS; } /* build the mechanismStrings array */ mechanismStrings = PORT_NewArray(MaskString, pk11_DefaultArraySize); if (mechanismStrings == NULL) { return OUT_OF_MEM_ERR; } numMechanismStrings = pk11_DefaultArraySize; for (i = 0; i < numMechanismStrings; i++) { const char *name = pk11_DefaultArray[i].name; unsigned long flag = pk11_DefaultArray[i].flag; /* map new name to old */ switch (flag) { case SECMOD_FORTEZZA_FLAG: name = "FORTEZZA"; break; case SECMOD_SHA1_FLAG: name = "SHA1"; break; case SECMOD_CAMELLIA_FLAG: name = "CAMELLIA"; break; case SECMOD_RANDOM_FLAG: name = "RANDOM"; break; case SECMOD_FRIENDLY_FLAG: name = "FRIENDLY"; break; default: break; } mechanismStrings[i].name = name; mechanismStrings[i].mask = SECMOD_InternaltoPubMechFlags(flag); } return SUCCESS; } /************************************************************************ * * g e t F l a g s F r o m S t r i n g * * Parses a mechanism list passed on the command line and converts it * to an unsigned long bitmask. * string is a colon-separated string of constants * array is an array of MaskStrings. * elements is the number of elements in array. */ static unsigned long getFlagsFromString(char *string, const MaskString array[], int elements) { unsigned long ret = 0; short i = 0; char *cp; char *buf; char *end; if (!string || !string[0]) { return ret; } /* Make a temporary copy of the string */ buf = PR_Malloc(strlen(string) + 1); if (!buf) { out_of_memory(); } strcpy(buf, string); /* Look at each element of the list passed in */ for (cp = buf; cp && *cp; cp = (end ? end + 1 : NULL)) { /* Look at the string up to the next colon */ end = strchr(cp, ':'); if (end) { *end = '\0'; } /* Find which element this is */ for (i = 0; i < elements; i++) { if (!PORT_Strcasecmp(cp, array[i].name)) { break; } } if (i == elements) { /* Skip a bogus string, but print a warning message */ PR_fprintf(PR_STDERR, errStrings[INVALID_CONSTANT_ERR], cp); continue; } ret |= array[i].mask; } PR_Free(buf); return ret; } /********************************************************************** * * g e t S t r i n g F r o m F l a g s * * The return string's memory is owned by this function. Copy it * if you need it permanently or you want to change it. */ static char * getStringFromFlags(unsigned long flags, const MaskString array[], int elements) { static char buf[MAX_STRING_LIST_LEN]; int i; int count = 0; buf[0] = '\0'; for (i = 0; i < elements; i++) { if (flags & array[i].mask) { ++count; if (count != 1) { strcat(buf, ":"); } strcat(buf, array[i].name); } } return buf; } static PRBool IsP11KitProxyModule(SECMODModule *module) { CK_INFO modinfo; static const char p11KitManufacturerID[33] = "PKCS#11 Kit "; static const char p11KitLibraryDescription[33] = "PKCS#11 Kit Proxy Module "; if (PK11_GetModInfo(module, &modinfo) == SECSuccess && PORT_Memcmp(modinfo.manufacturerID, p11KitManufacturerID, sizeof(modinfo.manufacturerID)) == 0 && PORT_Memcmp(modinfo.libraryDescription, p11KitLibraryDescription, sizeof(modinfo.libraryDescription)) == 0) { return PR_TRUE; } return PR_FALSE; } PRBool IsP11KitEnabled(void) { SECMODListLock *lock; SECMODModuleList *mlp; PRBool found = PR_FALSE; lock = SECMOD_GetDefaultModuleListLock(); if (!lock) { PR_fprintf(PR_STDERR, errStrings[NO_LIST_LOCK_ERR]); return found; } SECMOD_GetReadLock(lock); mlp = SECMOD_GetDefaultModuleList(); for (; mlp != NULL; mlp = mlp->next) { if (IsP11KitProxyModule(mlp->module)) { found = PR_TRUE; break; } } SECMOD_ReleaseReadLock(lock); return found; } /********************************************************************** * * A d d M o d u l e * * Add the named module, with the given library file, ciphers, and * default mechanism flags */ Error AddModule(char *moduleName, char *libFile, char *cipherString, char *mechanismString, char *modparms) { unsigned long ciphers; unsigned long mechanisms; SECStatus status; mechanisms = getFlagsFromString(mechanismString, mechanismStrings, numMechanismStrings); ciphers = getFlagsFromString(cipherString, cipherStrings, numCipherStrings); status = SECMOD_AddNewModuleEx(moduleName, libFile, SECMOD_PubMechFlagstoInternal(mechanisms), SECMOD_PubCipherFlagstoInternal(ciphers), modparms, NULL); if (status != SECSuccess) { char *errtxt = NULL; PRInt32 copied = 0; if (PR_GetErrorTextLength()) { errtxt = PR_Malloc(PR_GetErrorTextLength() + 1); copied = PR_GetErrorText(errtxt); } if (copied && errtxt) { PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_ERR], moduleName, errtxt); PR_Free(errtxt); } else { PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_ERR], moduleName, SECU_Strerror(PORT_GetError())); } return ADD_MODULE_FAILED_ERR; } else { PR_fprintf(PR_STDOUT, msgStrings[ADD_MODULE_SUCCESS_MSG], moduleName); return SUCCESS; } } /*********************************************************************** * * D e l e t e M o d u l e * * Deletes the named module from the database. */ Error DeleteModule(char *moduleName) { SECStatus status; int type; status = SECMOD_DeleteModule(moduleName, &type); if (status != SECSuccess) { if (type == SECMOD_FIPS || type == SECMOD_INTERNAL) { PR_fprintf(PR_STDERR, errStrings[DELETE_INTERNAL_ERR]); return DELETE_INTERNAL_ERR; } else { PR_fprintf(PR_STDERR, errStrings[DELETE_FAILED_ERR], moduleName); return DELETE_FAILED_ERR; } } PR_fprintf(PR_STDOUT, msgStrings[DELETE_SUCCESS_MSG], moduleName); return SUCCESS; } /************************************************************************ * * R a w L i s t M o d u l e s * * Lists all the modules in the database, along with their slots and tokens. */ Error RawListModule(char *modulespec) { SECMODModule *module; char **moduleSpecList; module = SECMOD_LoadModule(modulespec, NULL, PR_FALSE); if (module == NULL) { /* handle error */ return NO_SUCH_MODULE_ERR; } moduleSpecList = SECMOD_GetModuleSpecList(module); if (!moduleSpecList || !moduleSpecList[0]) { SECU_PrintError("modutil", "no specs in secmod DB"); return NO_SUCH_MODULE_ERR; } for (; *moduleSpecList; moduleSpecList++) { printf("%s\n\n", *moduleSpecList); } return SUCCESS; } Error RawAddModule(char *dbmodulespec, char *modulespec) { SECMODModule *module; SECMODModule *dbmodule; dbmodule = SECMOD_LoadModule(dbmodulespec, NULL, PR_TRUE); if (dbmodule == NULL) { /* handle error */ return NO_SUCH_MODULE_ERR; } module = SECMOD_LoadModule(modulespec, dbmodule, PR_FALSE); if (module == NULL) { /* handle error */ return NO_SUCH_MODULE_ERR; } if (SECMOD_UpdateModule(module) != SECSuccess) { PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], modulespec); return UPDATE_MOD_FAILED_ERR; } return SUCCESS; } static void printModule(SECMODModule *module, int *count) { int slotCount = module->loaded ? module->slotCount : 0; char *modUri; int i; if ((*count)++) { PR_fprintf(PR_STDOUT, "\n"); } PR_fprintf(PR_STDOUT, "%3d. %s\n", *count, module->commonName); if (module->dllName) { PR_fprintf(PR_STDOUT, "\tlibrary name: %s\n", module->dllName); } modUri = PK11_GetModuleURI(module); if (modUri) { PR_fprintf(PR_STDOUT, "\t uri: %s\n", modUri); PORT_Free(modUri); } if (slotCount == 0) { PR_fprintf(PR_STDOUT, "\t slots: There are no slots attached to this module\n"); } else { PR_fprintf(PR_STDOUT, "\t slots: %d slot%s attached\n", slotCount, (slotCount == 1 ? "" : "s")); } if (module->loaded == 0) { PR_fprintf(PR_STDOUT, "\tstatus: Not loaded\n"); } else { PR_fprintf(PR_STDOUT, "\tstatus: loaded\n"); } /* Print slot and token names */ for (i = 0; i < slotCount; i++) { PK11SlotInfo *slot = module->slots[i]; char *tokenUri = PK11_GetTokenURI(slot); PR_fprintf(PR_STDOUT, "\n"); PR_fprintf(PR_STDOUT, "\t slot: %s\n", PK11_GetSlotName(slot)); PR_fprintf(PR_STDOUT, "\ttoken: %s\n", PK11_GetTokenName(slot)); PR_fprintf(PR_STDOUT, "\t uri: %s\n", tokenUri); PORT_Free(tokenUri); } return; } /************************************************************************ * * L i s t M o d u l e s * * Lists all the modules in the database, along with their slots and tokens. */ Error ListModules() { SECMODListLock *lock; SECMODModuleList *list; SECMODModuleList *deadlist; SECMODModuleList *mlp; Error ret = UNSPECIFIED_ERR; int count = 0; lock = SECMOD_GetDefaultModuleListLock(); if (!lock) { PR_fprintf(PR_STDERR, errStrings[NO_LIST_LOCK_ERR]); return NO_LIST_LOCK_ERR; } SECMOD_GetReadLock(lock); list = SECMOD_GetDefaultModuleList(); deadlist = SECMOD_GetDeadModuleList(); if (!list && !deadlist) { PR_fprintf(PR_STDERR, errStrings[NO_MODULE_LIST_ERR]); ret = NO_MODULE_LIST_ERR; goto loser; } PR_fprintf(PR_STDOUT, "\nListing of PKCS #11 Modules\n" "-----------------------------------------------------------\n"); for (mlp = list; mlp != NULL; mlp = mlp->next) { printModule(mlp->module, &count); } for (mlp = deadlist; mlp != NULL; mlp = mlp->next) { printModule(mlp->module, &count); } PR_fprintf(PR_STDOUT, "-----------------------------------------------------------\n"); ret = SUCCESS; loser: SECMOD_ReleaseReadLock(lock); return ret; } /* Strings describing PK11DisableReasons */ static char *disableReasonStr[] = { "no reason", "user disabled", "could not initialize token", "could not verify token", "token not present" }; static size_t numDisableReasonStr = sizeof(disableReasonStr) / sizeof(disableReasonStr[0]); /*********************************************************************** * * L i s t M o d u l e * * Lists detailed information about the named module. */ Error ListModule(char *moduleName) { SECMODModule *module = NULL; PK11SlotInfo *slot; int slotnum; CK_INFO modinfo; CK_SLOT_INFO slotinfo; CK_TOKEN_INFO tokeninfo; char *ciphers, *mechanisms; size_t reasonIdx; Error rv = SUCCESS; if (!moduleName) { return SUCCESS; } module = SECMOD_FindModule(moduleName); if (!module) { PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName); rv = NO_SUCH_MODULE_ERR; goto loser; } if ((module->loaded) && (PK11_GetModInfo(module, &modinfo) != SECSuccess)) { PR_fprintf(PR_STDERR, errStrings[MOD_INFO_ERR], moduleName); rv = MOD_INFO_ERR; goto loser; } /* Module info */ PR_fprintf(PR_STDOUT, "\n-----------------------------------------------------------\n"); PR_fprintf(PR_STDOUT, "Name: %s\n", module->commonName); if (module->internal || !module->dllName) { PR_fprintf(PR_STDOUT, "Library file: **Internal ONLY module**\n"); } else { PR_fprintf(PR_STDOUT, "Library file: %s\n", module->dllName); } if (module->loaded) { PR_fprintf(PR_STDOUT, "Manufacturer: %.32s\n", modinfo.manufacturerID); PR_fprintf(PR_STDOUT, "Description: %.32s\n", modinfo.libraryDescription); PR_fprintf(PR_STDOUT, "PKCS #11 Version %d.%d\n", modinfo.cryptokiVersion.major, modinfo.cryptokiVersion.minor); PR_fprintf(PR_STDOUT, "Library Version: %d.%d\n", modinfo.libraryVersion.major, modinfo.libraryVersion.minor); } else { PR_fprintf(PR_STDOUT, "* Module not loaded\n"); } /* Get cipher and mechanism flags */ ciphers = getStringFromFlags(module->ssl[0], cipherStrings, numCipherStrings); if (ciphers[0] == '\0') { ciphers = "None"; } PR_fprintf(PR_STDOUT, "Cipher Enable Flags: %s\n", ciphers); mechanisms = NULL; if (module->slotCount > 0) { mechanisms = getStringFromFlags( PK11_GetDefaultFlags(module->slots[0]), mechanismStrings, numMechanismStrings); } if ((mechanisms == NULL) || (mechanisms[0] == '\0')) { mechanisms = "None"; } PR_fprintf(PR_STDOUT, "Default Mechanism Flags: %s\n", mechanisms); #define PAD " " /* Loop over each slot */ for (slotnum = 0; slotnum < module->slotCount; slotnum++) { slot = module->slots[slotnum]; if (PK11_GetSlotInfo(slot, &slotinfo) != SECSuccess) { PR_fprintf(PR_STDERR, errStrings[SLOT_INFO_ERR], PK11_GetSlotName(slot)); rv = SLOT_INFO_ERR; continue; } /* Slot Info */ PR_fprintf(PR_STDOUT, "\n" PAD "Slot: %s\n", PK11_GetSlotName(slot)); mechanisms = getStringFromFlags(PK11_GetDefaultFlags(slot), mechanismStrings, numMechanismStrings); if (mechanisms[0] == '\0') { mechanisms = "None"; } PR_fprintf(PR_STDOUT, PAD "Slot Mechanism Flags: %s\n", mechanisms); PR_fprintf(PR_STDOUT, PAD "Manufacturer: %.32s\n", slotinfo.manufacturerID); if (PK11_IsHW(slot)) { PR_fprintf(PR_STDOUT, PAD "Type: Hardware\n"); } else { PR_fprintf(PR_STDOUT, PAD "Type: Software\n"); } PR_fprintf(PR_STDOUT, PAD "Version Number: %d.%d\n", slotinfo.hardwareVersion.major, slotinfo.hardwareVersion.minor); PR_fprintf(PR_STDOUT, PAD "Firmware Version: %d.%d\n", slotinfo.firmwareVersion.major, slotinfo.firmwareVersion.minor); if (PK11_IsDisabled(slot)) { reasonIdx = PK11_GetDisabledReason(slot); if (reasonIdx < numDisableReasonStr) { PR_fprintf(PR_STDOUT, PAD "Status: DISABLED (%s)\n", disableReasonStr[reasonIdx]); } else { PR_fprintf(PR_STDOUT, PAD "Status: DISABLED\n"); } } else { PR_fprintf(PR_STDOUT, PAD "Status: Enabled\n"); } if (PK11_GetTokenInfo(slot, &tokeninfo) != SECSuccess) { PR_fprintf(PR_STDERR, errStrings[TOKEN_INFO_ERR], PK11_GetTokenName(slot)); rv = TOKEN_INFO_ERR; continue; } /* Token Info */ PR_fprintf(PR_STDOUT, PAD "Token Name: %.32s\n", tokeninfo.label); PR_fprintf(PR_STDOUT, PAD "Token Manufacturer: %.32s\n", tokeninfo.manufacturerID); PR_fprintf(PR_STDOUT, PAD "Token Model: %.16s\n", tokeninfo.model); PR_fprintf(PR_STDOUT, PAD "Token Serial Number: %.16s\n", tokeninfo.serialNumber); PR_fprintf(PR_STDOUT, PAD "Token Version: %d.%d\n", tokeninfo.hardwareVersion.major, tokeninfo.hardwareVersion.minor); PR_fprintf(PR_STDOUT, PAD "Token Firmware Version: %d.%d\n", tokeninfo.firmwareVersion.major, tokeninfo.firmwareVersion.minor); if (tokeninfo.flags & CKF_WRITE_PROTECTED) { PR_fprintf(PR_STDOUT, PAD "Access: Write Protected\n"); } else { PR_fprintf(PR_STDOUT, PAD "Access: NOT Write Protected\n"); } if (tokeninfo.flags & CKF_LOGIN_REQUIRED) { PR_fprintf(PR_STDOUT, PAD "Login Type: Login required\n"); } else { PR_fprintf(PR_STDOUT, PAD "Login Type: Public (no login required)\n"); } if (tokeninfo.flags & CKF_USER_PIN_INITIALIZED) { PR_fprintf(PR_STDOUT, PAD "User Pin: Initialized\n"); } else { PR_fprintf(PR_STDOUT, PAD "User Pin: NOT Initialized\n"); } } PR_fprintf(PR_STDOUT, "\n-----------------------------------------------------------\n"); loser: if (module) { SECMOD_DestroyModule(module); } return rv; } /************************************************************************ * * I n i t P W */ Error InitPW(void) { PK11SlotInfo *slot; Error ret = UNSPECIFIED_ERR; slot = PK11_GetInternalKeySlot(); if (!slot) { PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], "internal"); return NO_SUCH_TOKEN_ERR; } /* Set the initial password to empty */ if (PK11_NeedUserInit(slot)) { if (PK11_InitPin(slot, NULL, "") != SECSuccess) { PR_fprintf(PR_STDERR, errStrings[INITPW_FAILED_ERR]); ret = INITPW_FAILED_ERR; goto loser; } } ret = SUCCESS; loser: PK11_FreeSlot(slot); return ret; } /************************************************************************ * * C h a n g e P W */ Error ChangePW(char *tokenName, char *pwFile, char *newpwFile) { char *oldpw = NULL, *newpw = NULL, *newpw2 = NULL; PK11SlotInfo *slot; Error ret = UNSPECIFIED_ERR; PRBool matching; slot = PK11_FindSlotByName(tokenName); if (!slot) { PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], tokenName); return NO_SUCH_TOKEN_ERR; } /* Get old password */ if (!PK11_NeedUserInit(slot)) { if (pwFile) { oldpw = SECU_FilePasswd(NULL, PR_FALSE, pwFile); if (PK11_CheckUserPassword(slot, oldpw) != SECSuccess) { PR_fprintf(PR_STDERR, errStrings[BAD_PW_ERR]); ret = BAD_PW_ERR; goto loser; } } else if (PK11_NeedLogin(slot)) { for (matching = PR_FALSE; !matching;) { oldpw = SECU_GetPasswordString(NULL, "Enter old password: "); if (PK11_CheckUserPassword(slot, oldpw) == SECSuccess) { matching = PR_TRUE; } else { PR_fprintf(PR_STDOUT, msgStrings[BAD_PW_MSG]); } } } } /* Get new password */ if (newpwFile) { newpw = SECU_FilePasswd(NULL, PR_FALSE, newpwFile); } else { for (matching = PR_FALSE; !matching;) { newpw = SECU_GetPasswordString(NULL, "Enter new password: "); newpw2 = SECU_GetPasswordString(NULL, "Re-enter new password: "); if (strcmp(newpw, newpw2)) { PR_fprintf(PR_STDOUT, msgStrings[PW_MATCH_MSG]); PORT_ZFree(newpw, strlen(newpw)); PORT_ZFree(newpw2, strlen(newpw2)); } else { matching = PR_TRUE; } } } /* Change the password */ if (PK11_NeedUserInit(slot)) { if (PK11_InitPin(slot, NULL /*ssopw*/, newpw) != SECSuccess) { PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName); ret = CHANGEPW_FAILED_ERR; goto loser; } } else { if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) { PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName); ret = CHANGEPW_FAILED_ERR; goto loser; } } PR_fprintf(PR_STDOUT, msgStrings[CHANGEPW_SUCCESS_MSG], tokenName); ret = SUCCESS; loser: if (oldpw) { PORT_ZFree(oldpw, strlen(oldpw)); } if (newpw) { PORT_ZFree(newpw, strlen(newpw)); } if (newpw2) { PORT_ZFree(newpw2, strlen(newpw2)); } PK11_FreeSlot(slot); return ret; } /*********************************************************************** * * E n a b l e M o d u l e * * If enable==PR_TRUE, enables the module or slot. * If enable==PR_FALSE, disables the module or slot. * moduleName is the name of the module. * slotName is the name of the slot. It is optional. */ Error EnableModule(char *moduleName, char *slotName, PRBool enable) { int i; SECMODModule *module = NULL; PK11SlotInfo *slot = NULL; PRBool found = PR_FALSE; Error rv; module = SECMOD_FindModule(moduleName); if (!module) { PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName); rv = NO_SUCH_MODULE_ERR; goto loser; } for (i = 0; i < module->slotCount; i++) { slot = module->slots[i]; if (slotName && strcmp(PK11_GetSlotName(slot), slotName)) { /* Not the right slot */ continue; } if (enable) { if (!PK11_UserEnableSlot(slot)) { PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR], "enable", PK11_GetSlotName(slot)); rv = ENABLE_FAILED_ERR; goto loser; } else { found = PR_TRUE; PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG], PK11_GetSlotName(slot), "enabled"); } } else { if (!PK11_UserDisableSlot(slot)) { PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR], "disable", PK11_GetSlotName(slot)); rv = ENABLE_FAILED_ERR; goto loser; } else { found = PR_TRUE; PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG], PK11_GetSlotName(slot), "disabled"); } } } if (slotName && !found) { PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName); rv = NO_SUCH_SLOT_ERR; goto loser; } /* Delete and re-add module to save changes */ if (SECMOD_UpdateModule(module) != SECSuccess) { PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], moduleName); rv = UPDATE_MOD_FAILED_ERR; goto loser; } rv = SUCCESS; loser: if (module) { SECMOD_DestroyModule(module); } return rv; } /************************************************************************* * * S e t D e f a u l t M o d u l e * */ Error SetDefaultModule(char *moduleName, char *slotName, char *mechanisms) { SECMODModule *module = NULL; PK11SlotInfo *slot; int s, i; unsigned long mechFlags = getFlagsFromString(mechanisms, mechanismStrings, numMechanismStrings); PRBool found = PR_FALSE; Error errcode = UNSPECIFIED_ERR; mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags); module = SECMOD_FindModule(moduleName); if (!module) { PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName); errcode = NO_SUCH_MODULE_ERR; goto loser; } /* Go through each slot */ for (s = 0; s < module->slotCount; s++) { slot = module->slots[s]; if ((slotName != NULL) && !((strcmp(PK11_GetSlotName(slot), slotName) == 0) || (strcmp(PK11_GetTokenName(slot), slotName) == 0))) { /* we are only interested in changing the one slot */ continue; } found = PR_TRUE; /* Go through each mechanism */ for (i = 0; i < pk11_DefaultArraySize; i++) { if (pk11_DefaultArray[i].flag & mechFlags) { /* Enable this default mechanism */ PK11_UpdateSlotAttribute(slot, &(pk11_DefaultArray[i]), PR_TRUE); } } } if (slotName && !found) { PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName); errcode = NO_SUCH_SLOT_ERR; goto loser; } /* Delete and re-add module to save changes */ if (SECMOD_UpdateModule(module) != SECSuccess) { PR_fprintf(PR_STDERR, errStrings[DEFAULT_FAILED_ERR], moduleName); errcode = DEFAULT_FAILED_ERR; goto loser; } PR_fprintf(PR_STDOUT, msgStrings[DEFAULT_SUCCESS_MSG]); errcode = SUCCESS; loser: if (module) { SECMOD_DestroyModule(module); } return errcode; } /************************************************************************ * * U n s e t D e f a u l t M o d u l e */ Error UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms) { SECMODModule *module = NULL; PK11SlotInfo *slot; int s, i; unsigned long mechFlags = getFlagsFromString(mechanisms, mechanismStrings, numMechanismStrings); PRBool found = PR_FALSE; Error rv; mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags); module = SECMOD_FindModule(moduleName); if (!module) { PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName); rv = NO_SUCH_MODULE_ERR; goto loser; } for (s = 0; s < module->slotCount; s++) { slot = module->slots[s]; if ((slotName != NULL) && !((strcmp(PK11_GetSlotName(slot), slotName) == 0) || (strcmp(PK11_GetTokenName(slot), slotName) == 0))) { /* we are only interested in changing the one slot */ continue; } for (i = 0; i < pk11_DefaultArraySize; i++) { if (pk11_DefaultArray[i].flag & mechFlags) { PK11_UpdateSlotAttribute(slot, &(pk11_DefaultArray[i]), PR_FALSE); } } } if (slotName && !found) { PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName); rv = NO_SUCH_SLOT_ERR; goto loser; } /* Delete and re-add module to save changes */ if (SECMOD_UpdateModule(module) != SECSuccess) { PR_fprintf(PR_STDERR, errStrings[UNDEFAULT_FAILED_ERR], moduleName); rv = UNDEFAULT_FAILED_ERR; goto loser; } PR_fprintf(PR_STDOUT, msgStrings[UNDEFAULT_SUCCESS_MSG]); rv = SUCCESS; loser: if (module) { SECMOD_DestroyModule(module); } return rv; }