/* nsIEnumerator listModules (); */ NS_IMETHODIMP nsPKCS11ModuleDB::ListModules(nsIEnumerator **_retval) { nsNSSShutDownPreventionLock locker; nsresult rv = NS_OK; /* get isupports array */ nsCOMPtr<nsISupportsArray> array; rv = NS_NewISupportsArray(getter_AddRefs(array)); if (NS_FAILED(rv)) return rv; /* get the default list of modules */ SECMODModuleList *list = SECMOD_GetDefaultModuleList(); /* lock down the list for reading */ SECMODListLock *lock = SECMOD_GetDefaultModuleListLock(); SECMOD_GetReadLock(lock); while (list) { nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(list->module); array->AppendElement(module); list = list->next; } /* Get the modules in the database that didn't load */ list = SECMOD_GetDeadModuleList(); while (list) { nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(list->module); array->AppendElement(module); list = list->next; } SECMOD_ReleaseReadLock(lock); rv = array->Enumerate(_retval); return rv; }
PRBool IsP11KitEnabled(void) { SECMODListLock *lock; SECMODModuleList *mlp; PRBool found = PR_FALSE; lock = SECMOD_GetDefaultModuleListLock(); if (!lock) { PR_fprintf(PR_STDERR, errStrings[NO_LIST_LOCK_ERR]); return found; } SECMOD_GetReadLock(lock); mlp = SECMOD_GetDefaultModuleList(); for (; mlp != NULL; mlp = mlp->next) { if (IsP11KitProxyModule(mlp->module)) { found = PR_TRUE; break; } } SECMOD_ReleaseReadLock(lock); return found; }
NSS_IMPLEMENT PRStatus STAN_LoadDefaultNSS3TrustDomain ( void ) { NSSTrustDomain *td; SECMODModuleList *mlp; SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock(); int i; if (g_default_trust_domain || g_default_crypto_context) { /* Stan is already initialized or a previous shutdown failed. */ nss_SetError(NSS_ERROR_ALREADY_INITIALIZED); return PR_FAILURE; } td = NSSTrustDomain_Create(NULL, NULL, NULL, NULL); if (!td) { return PR_FAILURE; } /* * Deadlock warning: we should never acquire the moduleLock while * we hold the tokensLock. We can use the NSSRWLock Rank feature to * guarrentee this. tokensLock have a higher rank than module lock. */ td->tokenList = nssList_Create(td->arena, PR_TRUE); if (!td->tokenList) { goto loser; } SECMOD_GetReadLock(moduleLock); NSSRWLock_LockWrite(td->tokensLock); for (mlp = SECMOD_GetDefaultModuleList(); mlp != NULL; mlp=mlp->next) { for (i=0; i < mlp->module->slotCount; i++) { STAN_InitTokenForSlotInfo(td, mlp->module->slots[i]); } } td->tokens = nssList_CreateIterator(td->tokenList); NSSRWLock_UnlockWrite(td->tokensLock); SECMOD_ReleaseReadLock(moduleLock); if (!td->tokens) { goto loser; } g_default_crypto_context = NSSTrustDomain_CreateCryptoContext(td, NULL); if (!g_default_crypto_context) { goto loser; } g_default_trust_domain = td; return PR_SUCCESS; loser: NSSTrustDomain_Destroy(td); return PR_FAILURE; }
/************************************************************************ * * L i s t M o d u l e s * * Lists all the modules in the database, along with their slots and tokens. */ Error ListModules() { SECMODListLock *lock; SECMODModuleList *list; SECMODModuleList *deadlist; SECMODModuleList *mlp; Error ret=UNSPECIFIED_ERR; int count = 0; lock = SECMOD_GetDefaultModuleListLock(); if(!lock) { PR_fprintf(PR_STDERR, errStrings[NO_LIST_LOCK_ERR]); return NO_LIST_LOCK_ERR; } SECMOD_GetReadLock(lock); list = SECMOD_GetDefaultModuleList(); deadlist = SECMOD_GetDeadModuleList(); if (!list && !deadlist) { PR_fprintf(PR_STDERR, errStrings[NO_MODULE_LIST_ERR]); ret = NO_MODULE_LIST_ERR; goto loser; } PR_fprintf(PR_STDOUT, "\nListing of PKCS #11 Modules\n" "-----------------------------------------------------------\n"); for(mlp=list; mlp != NULL; mlp = mlp->next) { printModule(mlp->module, &count); } for (mlp=deadlist; mlp != NULL; mlp = mlp->next) { printModule(mlp->module, &count); } PR_fprintf(PR_STDOUT, "-----------------------------------------------------------\n"); ret = SUCCESS; loser: SECMOD_ReleaseReadLock(lock); return ret; }
static SECMODModule *find_module_by_library(char *pkcs11_module) { SECMODModule *module = NULL; SECMODModuleList *modList = SECMOD_GetDefaultModuleList(); /* threaded applications should also acquire the * DefaultModuleListLock */ DBG("Looking up module in list"); for ( ; modList; modList = modList->next) { char *dllName = modList->module->dllName; DBG2("modList = 0x%x next = 0x%x\n", modList, modList->next); DBG1("dllName= %s \n", dllName ? dllName : "<null>"); if (dllName && strcmp(dllName,pkcs11_module) == 0) { module = SECMOD_ReferenceModule(modList->module); break; } } return module; }
static void activate_all_drivers_async (GsdSmartcardManager *self, GCancellable *cancellable, GAsyncReadyCallback callback, gpointer user_data) { GTask *task; SECMODListLock *lock; SECMODModuleList *driver_list, *node; ActivateAllDriversOperation *operation; task = g_task_new (self, cancellable, callback, user_data); operation = g_new0 (ActivateAllDriversOperation, 1); g_task_set_task_data (task, operation, (GDestroyNotify) g_free); lock = SECMOD_GetDefaultModuleListLock (); g_assert (lock != NULL); SECMOD_GetReadLock (lock); driver_list = SECMOD_GetDefaultModuleList (); for (node = driver_list; node != NULL; node = node->next) { if (!node->module->loaded) continue; if (!SECMOD_HasRemovableSlots (node->module)) continue; if (node->module->dllName == NULL) continue; operation->pending_drivers_count++; activate_driver (self, node->module, cancellable, (GAsyncReadyCallback) on_driver_activated, task); } SECMOD_ReleaseReadLock (lock); try_to_complete_all_drivers_activation (task); }
/* Funtion reports true if module of modType is installed/configured */ PRBool SECMOD_IsModulePresent( unsigned long int pubCipherEnableFlags ) { PRBool result = PR_FALSE; SECMODModuleList *mods; if (!moduleLock) { PORT_SetError(SEC_ERROR_NOT_INITIALIZED); return result; } SECMOD_GetReadLock(moduleLock); mods = SECMOD_GetDefaultModuleList(); for ( ; mods != NULL; mods = mods->next) { if (mods->module->ssl[0] & SECMOD_PubCipherFlagstoInternal(pubCipherEnableFlags)) { result = PR_TRUE; } } SECMOD_ReleaseReadLock(moduleLock); return result; }
void PK11_LogoutAll(void) { SECMODListLock *lock = SECMOD_GetDefaultModuleListLock(); SECMODModuleList *modList = SECMOD_GetDefaultModuleList(); SECMODModuleList *mlp = NULL; int i; /* NSS is not initialized, there are not tokens to log out */ if (lock == NULL) { return; } SECMOD_GetReadLock(lock); /* find the number of entries */ for (mlp = modList; mlp != NULL; mlp = mlp->next) { for (i=0; i < mlp->module->slotCount; i++) { PK11_Logout(mlp->module->slots[i]); } } SECMOD_ReleaseReadLock(lock); }
VCardEmulError vcard_emul_init(const VCardEmulOptions *options) { SECStatus rv; PRBool ret, has_readers = PR_FALSE; VReader *vreader; VReaderEmul *vreader_emul; SECMODListLock *module_lock; SECMODModuleList *module_list; SECMODModuleList *mlp; int i; if (vcard_emul_init_called) { return VCARD_EMUL_INIT_ALREADY_INITED; } vcard_emul_init_called = 1; vreader_init(); vevent_queue_init(); if (options == NULL) { options = &default_options; } /* first initialize NSS */ if (options->nss_db) { rv = NSS_Init(options->nss_db); } else { gchar *path; #ifndef _WIN32 path = g_strdup("/etc/pki/nssdb"); #else if (g_get_system_config_dirs() == NULL || g_get_system_config_dirs()[0] == NULL) { return VCARD_EMUL_FAIL; } path = g_build_filename( g_get_system_config_dirs()[0], "pki", "nssdb", NULL); #endif rv = NSS_Init(path); g_free(path); } if (rv != SECSuccess) { return VCARD_EMUL_FAIL; } /* Set password callback function */ PK11_SetPasswordFunc(vcard_emul_get_password); /* set up soft cards emulated by software certs rather than physical cards * */ for (i = 0; i < options->vreader_count; i++) { int j; int cert_count; unsigned char **certs; int *cert_len; VCardKey **keys; PK11SlotInfo *slot; slot = PK11_FindSlotByName(options->vreader[i].name); if (slot == NULL) { continue; } vreader_emul = vreader_emul_new(slot, options->vreader[i].card_type, options->vreader[i].type_params); vreader = vreader_new(options->vreader[i].vname, vreader_emul, vreader_emul_delete); vreader_add_reader(vreader); cert_count = options->vreader[i].cert_count; ret = vcard_emul_alloc_arrays(&certs, &cert_len, &keys, options->vreader[i].cert_count); if (ret == PR_FALSE) { continue; } cert_count = 0; for (j = 0; j < options->vreader[i].cert_count; j++) { /* we should have a better way of identifying certs than by * nickname here */ CERTCertificate *cert = PK11_FindCertFromNickname( options->vreader[i].cert_name[j], NULL); if (cert == NULL) { continue; } certs[cert_count] = cert->derCert.data; cert_len[cert_count] = cert->derCert.len; keys[cert_count] = vcard_emul_make_key(slot, cert); /* this is safe because the key is still holding a cert reference */ CERT_DestroyCertificate(cert); cert_count++; } if (cert_count) { VCard *vcard = vcard_emul_make_card(vreader, certs, cert_len, keys, cert_count); vreader_insert_card(vreader, vcard); vcard_emul_init_series(vreader, vcard); /* allow insertion and removal of soft cards */ vreader_emul->saved_vcard = vcard_reference(vcard); vcard_free(vcard); vreader_free(vreader); has_readers = PR_TRUE; } g_free(certs); g_free(cert_len); g_free(keys); } /* if we aren't suppose to use hw, skip looking up hardware tokens */ if (!options->use_hw) { nss_emul_init = has_readers; return has_readers ? VCARD_EMUL_OK : VCARD_EMUL_FAIL; } /* make sure we have some PKCS #11 module loaded */ module_lock = SECMOD_GetDefaultModuleListLock(); module_list = SECMOD_GetDefaultModuleList(); SECMOD_GetReadLock(module_lock); for (mlp = module_list; mlp; mlp = mlp->next) { SECMODModule *module = mlp->module; if (module_has_removable_hw_slots(module)) { break; } } SECMOD_ReleaseReadLock(module_lock); /* now examine all the slots, finding which should be readers */ /* We should control this with options. For now we mirror out any * removable hardware slot */ default_card_type = options->hw_card_type; default_type_params = g_strdup(options->hw_type_params); SECMOD_GetReadLock(module_lock); for (mlp = module_list; mlp; mlp = mlp->next) { SECMODModule *module = mlp->module; /* Ignore the internal module */ if (module == NULL || module == SECMOD_GetInternalModule()) { continue; } for (i = 0; i < module->slotCount; i++) { PK11SlotInfo *slot = module->slots[i]; /* only map removable HW slots */ if (slot == NULL || !PK11_IsRemovable(slot) || !PK11_IsHW(slot)) { continue; } if (strcmp("E-Gate 0 0", PK11_GetSlotName(slot)) == 0) { /* * coolkey <= 1.1.0-20 emulates this reader if it can't find * any hardware readers. This causes problems, warn user of * problems. */ fprintf(stderr, "known bad coolkey version - see " "https://bugzilla.redhat.com/show_bug.cgi?id=802435\n"); continue; } vreader_emul = vreader_emul_new(slot, options->hw_card_type, options->hw_type_params); vreader = vreader_new(PK11_GetSlotName(slot), vreader_emul, vreader_emul_delete); vreader_add_reader(vreader); if (PK11_IsPresent(slot)) { VCard *vcard; vcard = vcard_emul_mirror_card(vreader); vreader_insert_card(vreader, vcard); vcard_emul_init_series(vreader, vcard); vcard_free(vcard); } } vcard_emul_new_event_thread(module); } SECMOD_ReleaseReadLock(module_lock); nss_emul_init = PR_TRUE; return VCARD_EMUL_OK; }
VCardEmulError vcard_emul_init(const VCardEmulOptions *options) { SECStatus rv; PRBool ret, has_readers = PR_FALSE, need_coolkey_module; VReader *vreader; VReaderEmul *vreader_emul; SECMODListLock *module_lock; SECMODModuleList *module_list; SECMODModuleList *mlp; int i; if (vcard_emul_init_called) { return VCARD_EMUL_INIT_ALREADY_INITED; } vcard_emul_init_called = 1; vreader_init(); vevent_queue_init(); if (options == NULL) { options = &default_options; } /* first initialize NSS */ if (options->nss_db) { rv = NSS_Init(options->nss_db); } else { rv = NSS_Init("sql:/etc/pki/nssdb"); } if (rv != SECSuccess) { return VCARD_EMUL_FAIL; } /* Set password callback function */ PK11_SetPasswordFunc(vcard_emul_get_password); /* set up soft cards emulated by software certs rather than physical cards * */ for (i = 0; i < options->vreader_count; i++) { int j; int cert_count; unsigned char **certs; int *cert_len; VCardKey **keys; PK11SlotInfo *slot; slot = PK11_FindSlotByName(options->vreader[i].name); if (slot == NULL) { continue; } vreader_emul = vreader_emul_new(slot, options->vreader[i].card_type, options->vreader[i].type_params); vreader = vreader_new(options->vreader[i].vname, vreader_emul, vreader_emul_delete); vreader_add_reader(vreader); cert_count = options->vreader[i].cert_count; ret = vcard_emul_alloc_arrays(&certs, &cert_len, &keys, options->vreader[i].cert_count); if (ret == PR_FALSE) { continue; } cert_count = 0; for (j = 0; j < options->vreader[i].cert_count; j++) { /* we should have a better way of identifying certs than by * nickname here */ CERTCertificate *cert = PK11_FindCertFromNickname( options->vreader[i].cert_name[j], NULL); if (cert == NULL) { continue; } certs[cert_count] = cert->derCert.data; cert_len[cert_count] = cert->derCert.len; keys[cert_count] = vcard_emul_make_key(slot, cert); /* this is safe because the key is still holding a cert reference */ CERT_DestroyCertificate(cert); cert_count++; } if (cert_count) { VCard *vcard = vcard_emul_make_card(vreader, certs, cert_len, keys, cert_count); vreader_insert_card(vreader, vcard); vcard_emul_init_series(vreader, vcard); /* allow insertion and removal of soft cards */ vreader_emul->saved_vcard = vcard_reference(vcard); vcard_free(vcard); vreader_free(vreader); has_readers = PR_TRUE; } g_free(certs); g_free(cert_len); g_free(keys); } /* if we aren't suppose to use hw, skip looking up hardware tokens */ if (!options->use_hw) { nss_emul_init = has_readers; return has_readers ? VCARD_EMUL_OK : VCARD_EMUL_FAIL; } /* make sure we have some PKCS #11 module loaded */ module_lock = SECMOD_GetDefaultModuleListLock(); module_list = SECMOD_GetDefaultModuleList(); need_coolkey_module = !has_readers; SECMOD_GetReadLock(module_lock); for (mlp = module_list; mlp; mlp = mlp->next) { SECMODModule *module = mlp->module; if (module_has_removable_hw_slots(module)) { need_coolkey_module = PR_FALSE; break; } } SECMOD_ReleaseReadLock(module_lock); if (need_coolkey_module) { SECMODModule *module; module = SECMOD_LoadUserModule( (char *)"library=libcoolkeypk11.so name=Coolkey", NULL, PR_FALSE); if (module == NULL) { return VCARD_EMUL_FAIL; } SECMOD_DestroyModule(module); /* free our reference, Module will still * be on the list. * until we destroy it */ } /* now examine all the slots, finding which should be readers */ /* We should control this with options. For now we mirror out any * removable hardware slot */ default_card_type = options->hw_card_type; default_type_params = strdup(options->hw_type_params); SECMOD_GetReadLock(module_lock); for (mlp = module_list; mlp; mlp = mlp->next) { SECMODModule *module = mlp->module; PRBool has_emul_slots = PR_FALSE; if (module == NULL) { continue; } for (i = 0; i < module->slotCount; i++) { PK11SlotInfo *slot = module->slots[i]; /* only map removable HW slots */ if (slot == NULL || !PK11_IsRemovable(slot) || !PK11_IsHW(slot)) { continue; } vreader_emul = vreader_emul_new(slot, options->hw_card_type, options->hw_type_params); vreader = vreader_new(PK11_GetSlotName(slot), vreader_emul, vreader_emul_delete); vreader_add_reader(vreader); has_readers = PR_TRUE; has_emul_slots = PR_TRUE; if (PK11_IsPresent(slot)) { VCard *vcard; vcard = vcard_emul_mirror_card(vreader); vreader_insert_card(vreader, vcard); vcard_emul_init_series(vreader, vcard); vcard_free(vcard); } } if (has_emul_slots) { vcard_emul_new_event_thread(module); } } SECMOD_ReleaseReadLock(module_lock); nss_emul_init = has_readers; return VCARD_EMUL_OK; }