int get_slot_protected_authentication_path(pkcs11_handle_t *h)
{
if (h->slot == NULL) {
DBG("Login failed: No Slot selected");
return -1;
}
return PK11_ProtectedAuthenticationPath(h->slot);
}
char *
SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg)
{
#if(0)
char prompt[255];
#endif
secuPWData *pwdata = (secuPWData *)arg;
secuPWData pwnull = { PW_NONE, 0 };
secuPWData pwxtrn = { PW_EXTERNAL, "external" };
char *pw;
if (pwdata == NULL)
pwdata = &pwnull;
if (PK11_ProtectedAuthenticationPath(slot)) {
pwdata = &pwxtrn;
}
if (retry && pwdata->source != PW_NONE) {
PR_fprintf(PR_STDERR, "Incorrect password/PIN entered.\n");
return NULL;
}
switch (pwdata->source) {
#if(0)
case PW_NONE:
sprintf(prompt, "Enter Password or Pin for \"%s\":",
PK11_GetTokenName(slot));
return SECU_GetPasswordString(NULL, prompt);
#endif
case PW_FROMFILE:
/* Instead of opening and closing the file every time, get the pw
* once, then keep it in memory (duh).
*/
pw = SECU_FilePasswd(slot, retry, pwdata->data);
pwdata->source = PW_PLAINTEXT;
pwdata->data = PL_strdup(pw);
/* it's already been dup'ed */
return pw;
#if(0)
case PW_EXTERNAL:
sprintf(prompt,
"Press Enter, then enter PIN for \"%s\" on external device.\n",
PK11_GetTokenName(slot));
(void) SECU_GetPasswordString(NULL, prompt);
/* Fall Through */
#endif
case PW_PLAINTEXT:
return PL_strdup(pwdata->data);
default:
break;
}
PR_fprintf(PR_STDERR, "Password check failed: No password found.\n");
return NULL;
}
static char *GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg)
{
secuPWData *pwdata = (secuPWData *)arg;
secuPWData pwnull = { PW_NONE, 0 };
secuPWData pwxtrn = { PW_EXTERNAL, "external" };
char *pw;
if (pwdata == NULL)
pwdata = &pwnull;
if (PK11_ProtectedAuthenticationPath(slot))
pwdata = &pwxtrn;
if (retry && pwdata->source != PW_NONE) {
fprintf(stderr, "%s: Incorrect password/PIN entered.\n", me);
return NULL;
}
switch (pwdata->source) {
case PW_FROMFILE:
/* Instead of opening and closing the file every time, get the pw
* once, then keep it in memory (duh).
*/
pw = GetFilePasswd(slot, retry, pwdata->data);
pwdata->source = PW_PLAINTEXT;
pwdata->data = strdup(pw);
/* it's already been dup'ed */
return pw;
case PW_PLAINTEXT:
return strdup(pwdata->data);
default: /* cases PW_NONE and PW_EXTERNAL not supported */
fprintf(stderr,
"%s: Unknown or unsupported case in GetModulePassword\n",
me);
break;
}
fprintf(stderr, "%s: Password check failed: No password found.\n",
me);
return NULL;
}
char* PR_CALLBACK
PK11PasswordPrompt(PK11SlotInfo* slot, PRBool retry, void* arg) {
nsNSSShutDownPreventionLock locker;
nsresult rv = NS_OK;
PRUnichar *password = nsnull;
PRBool value = PR_FALSE;
nsIInterfaceRequestor *ir = static_cast<nsIInterfaceRequestor*>(arg);
nsCOMPtr<nsIPrompt> proxyPrompt;
/* TODO: Retry should generate a different dialog message */
/*
if (retry)
return nsnull;
*/
if (!ir)
{
nsCOMPtr<nsIWindowWatcher> wwatch(do_GetService(NS_WINDOWWATCHER_CONTRACTID));
if (!wwatch)
return nsnull;
nsCOMPtr<nsIPrompt> prompter;
wwatch->GetNewPrompter(0, getter_AddRefs(prompter));
if (!prompter)
return nsnull;
NS_GetProxyForObject(NS_PROXY_TO_MAIN_THREAD,
NS_GET_IID(nsIPrompt),
prompter, NS_PROXY_SYNC,
getter_AddRefs(proxyPrompt));
if (!proxyPrompt)
return nsnull;
}
else
{
// The interface requestor object may not be safe, so
// proxy the call to get the nsIPrompt.
nsCOMPtr<nsIInterfaceRequestor> proxiedCallbacks;
NS_GetProxyForObject(NS_PROXY_TO_MAIN_THREAD,
NS_GET_IID(nsIInterfaceRequestor),
ir,
NS_PROXY_SYNC,
getter_AddRefs(proxiedCallbacks));
// Get the desired interface
nsCOMPtr<nsIPrompt> prompt(do_GetInterface(proxiedCallbacks));
if (!prompt) {
NS_ASSERTION(PR_FALSE, "callbacks does not implement nsIPrompt");
return nsnull;
}
// Finally, get a proxy for the nsIPrompt
NS_GetProxyForObject(NS_PROXY_TO_MAIN_THREAD,
NS_GET_IID(nsIPrompt),
prompt,
NS_PROXY_SYNC,
getter_AddRefs(proxyPrompt));
}
if (PK11_ProtectedAuthenticationPath(slot))
return ShowProtectedAuthPrompt(slot, ir);
nsAutoString promptString;
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
if (NS_FAILED(rv))
return nsnull;
const PRUnichar* formatStrings[1] = { ToNewUnicode(NS_ConvertUTF8toUTF16(PK11_GetTokenName(slot))) };
rv = nssComponent->PIPBundleFormatStringFromName("CertPassPrompt",
formatStrings, 1,
promptString);
nsMemory::Free(const_cast<PRUnichar*>(formatStrings[0]));
if (NS_FAILED(rv))
return nsnull;
{
nsPSMUITracker tracker;
if (tracker.isUIForbidden()) {
rv = NS_ERROR_NOT_AVAILABLE;
}
else {
rv = proxyPrompt->PromptPassword(nsnull, promptString.get(),
&password, nsnull, nsnull, &value);
}
}
if (NS_SUCCEEDED(rv) && value) {
char* str = ToNewUTF8String(nsDependentString(password));
NS_Free(password);
return str;
}
return nsnull;
}