/* parse a single slot specific parameter */ static void nssutil_argDecodeSingleSlotInfo(char *name, char *params, struct NSSUTILPreSlotInfoStr *slotInfo) { char *askpw; slotInfo->slotID = NSSUTIL_ArgDecodeNumber(name); slotInfo->defaultFlags = NSSUTIL_ArgParseSlotFlags("slotFlags", params); slotInfo->timeout = NSSUTIL_ArgReadLong("timeout", params, 0, NULL); askpw = NSSUTIL_ArgGetParamValue("askpw", params); slotInfo->askpw = 0; if (askpw) { if (PORT_Strcasecmp(askpw, "every") == 0) { slotInfo->askpw = -1; } else if (PORT_Strcasecmp(askpw, "timeout") == 0) { slotInfo->askpw = 1; } PORT_Free(askpw); slotInfo->defaultFlags |= PK11_OWN_PW_DEFAULTS; } slotInfo->hasRootCerts = NSSUTIL_ArgHasFlag("rootFlags", "hasRootCerts", params); slotInfo->hasRootTrust = NSSUTIL_ArgHasFlag("rootFlags", "hasRootTrust", params); }
static void sftk_parseTokenFlags(char *tmp, sftk_token_parameters *parsed) { parsed->readOnly = NSSUTIL_ArgHasFlag("flags", "readOnly", tmp); parsed->noCertDB = NSSUTIL_ArgHasFlag("flags", "noCertDB", tmp); parsed->noKeyDB = NSSUTIL_ArgHasFlag("flags", "noKeyDB", tmp); parsed->forceOpen = NSSUTIL_ArgHasFlag("flags", "forceOpen", tmp); parsed->pwRequired = NSSUTIL_ArgHasFlag("flags", "passwordRequired", tmp); parsed->optimizeSpace = NSSUTIL_ArgHasFlag("flags", "optimizeSpace", tmp); return; }
static void sftk_parseFlags(char *tmp, sftk_parameters *parsed) { parsed->noModDB = NSSUTIL_ArgHasFlag("flags", "noModDB", tmp); parsed->readOnly = NSSUTIL_ArgHasFlag("flags", "readOnly", tmp); /* keep legacy interface working */ parsed->noCertDB = NSSUTIL_ArgHasFlag("flags", "noCertDB", tmp); parsed->forceOpen = NSSUTIL_ArgHasFlag("flags", "forceOpen", tmp); parsed->pwRequired = NSSUTIL_ArgHasFlag("flags", "passwordRequired", tmp); parsed->optimizeSpace = NSSUTIL_ArgHasFlag("flags", "optimizeSpace", tmp); return; }
/* * for 3.4 we continue to use the old SECMODModule structure */ SECMODModule * SECMOD_CreateModuleEx(const char *library, const char *moduleName, const char *parameters, const char *nss, const char *config) { SECMODModule *mod; SECStatus rv; char *slotParams,*ciphers; /* pk11pars.h still does not have const char * interfaces */ char *nssc = (char *)nss; char *configc = NULL; if (config) { configc = PORT_Strdup(config); /* no const */ } rv = applyCryptoPolicy(configc); if (configc) PORT_Free(configc); /* do not load the module if policy parsing fails */ if (rv != SECSuccess) { return NULL; } mod = secmod_NewModule(); if (mod == NULL) return NULL; mod->commonName = PORT_ArenaStrdup(mod->arena,moduleName ? moduleName : ""); if (library) { mod->dllName = PORT_ArenaStrdup(mod->arena,library); } /* new field */ if (parameters) { mod->libraryParams = PORT_ArenaStrdup(mod->arena,parameters); } mod->internal = NSSUTIL_ArgHasFlag("flags","internal",nssc); mod->isFIPS = NSSUTIL_ArgHasFlag("flags","FIPS",nssc); mod->isCritical = NSSUTIL_ArgHasFlag("flags","critical",nssc); slotParams = NSSUTIL_ArgGetParamValue("slotParams",nssc); mod->slotInfo = NSSUTIL_ArgParseSlotInfo(mod->arena,slotParams, &mod->slotInfoCount); if (slotParams) PORT_Free(slotParams); /* new field */ mod->trustOrder = NSSUTIL_ArgReadLong("trustOrder",nssc, NSSUTIL_DEFAULT_TRUST_ORDER,NULL); /* new field */ mod->cipherOrder = NSSUTIL_ArgReadLong("cipherOrder",nssc, NSSUTIL_DEFAULT_CIPHER_ORDER,NULL); /* new field */ mod->isModuleDB = NSSUTIL_ArgHasFlag("flags","moduleDB",nssc); mod->moduleDBOnly = NSSUTIL_ArgHasFlag("flags","moduleDBOnly",nssc); if (mod->moduleDBOnly) mod->isModuleDB = PR_TRUE; /* we need more bits, but we also want to preserve binary compatibility * so we overload the isModuleDB PRBool with additional flags. * These flags are only valid if mod->isModuleDB is already set. * NOTE: this depends on the fact that PRBool is at least a char on * all platforms. These flags are only valid if moduleDB is set, so * code checking if (mod->isModuleDB) will continue to work correctly. */ if (mod->isModuleDB) { char flags = SECMOD_FLAG_MODULE_DB_IS_MODULE_DB; if (NSSUTIL_ArgHasFlag("flags","skipFirst",nssc)) { flags |= SECMOD_FLAG_MODULE_DB_SKIP_FIRST; } if (NSSUTIL_ArgHasFlag("flags","defaultModDB",nssc)) { flags |= SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB; } /* additional moduleDB flags could be added here in the future */ mod->isModuleDB = (PRBool) flags; } if (mod->internal) { char flags = SECMOD_FLAG_INTERNAL_IS_INTERNAL; if (NSSUTIL_ArgHasFlag("flags", "internalKeySlot", nssc)) { flags |= SECMOD_FLAG_INTERNAL_KEY_SLOT; } mod->internal = (PRBool) flags; } ciphers = NSSUTIL_ArgGetParamValue("ciphers",nssc); NSSUTIL_ArgParseCipherFlags(&mod->ssl[0],ciphers); if (ciphers) PORT_Free(ciphers); secmod_PrivateModuleCount++; return mod; }