Error RawAddModule(char *dbmodulespec, char *modulespec) { SECMODModule *module; SECMODModule *dbmodule; dbmodule = SECMOD_LoadModule(dbmodulespec,NULL,PR_TRUE); if (dbmodule == NULL) { /* handle error */ return NO_SUCH_MODULE_ERR; } module = SECMOD_LoadModule(modulespec,dbmodule,PR_FALSE); if (module == NULL) { /* handle error */ return NO_SUCH_MODULE_ERR; } if( SECMOD_UpdateModule(module) != SECSuccess ) { PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], modulespec); return UPDATE_MOD_FAILED_ERR; } return SUCCESS; }
/* installs the PKCS11 module & update registry */ SECStatus SECMOD_AddNewModuleEx(const char* moduleName, const char* dllPath, unsigned long defaultMechanismFlags, unsigned long cipherEnableFlags, char* modparms, char* nssparms) { SECMODModule *module; SECStatus result = SECFailure; int s,i; PK11SlotInfo* slot; PR_SetErrorText(0, NULL); if (!moduleLock) { PORT_SetError(SEC_ERROR_NOT_INITIALIZED); return result; } module = SECMOD_CreateModule(dllPath, moduleName, modparms, nssparms); if (module == NULL) { return result; } if (module->dllName != NULL) { if (module->dllName[0] != 0) { result = SECMOD_AddModule(module); if (result == SECSuccess) { /* turn on SSL cipher enable flags */ module->ssl[0] = cipherEnableFlags; SECMOD_GetReadLock(moduleLock); /* check each slot to turn on appropriate mechanisms */ for (s = 0; s < module->slotCount; s++) { slot = (module->slots)[s]; /* for each possible mechanism */ for (i=0; i < num_pk11_default_mechanisms; i++) { /* we are told to turn it on by default ? */ PRBool add = (PK11_DefaultArray[i].flag & defaultMechanismFlags) ? PR_TRUE: PR_FALSE; result = PK11_UpdateSlotAttribute(slot, &(PK11_DefaultArray[i]), add); } /* for each mechanism */ /* disable each slot if the defaultFlags say so */ if (defaultMechanismFlags & PK11_DISABLE_FLAG) { PK11_UserDisableSlot(slot); } } /* for each slot of this module */ SECMOD_ReleaseReadLock(moduleLock); /* delete and re-add module in order to save changes * to the module */ result = SECMOD_UpdateModule(module); } } } SECMOD_DestroyModule(module); return result; }
/************************************************************************ * * U n s e t D e f a u l t M o d u l e */ Error UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms) { SECMODModule *module = NULL; PK11SlotInfo *slot; int s, i; unsigned long mechFlags = getFlagsFromString(mechanisms, mechanismStrings, numMechanismStrings); PRBool found = PR_FALSE; Error rv; mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags); module = SECMOD_FindModule(moduleName); if (!module) { PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName); rv = NO_SUCH_MODULE_ERR; goto loser; } for (s = 0; s < module->slotCount; s++) { slot = module->slots[s]; if ((slotName != NULL) && !((strcmp(PK11_GetSlotName(slot), slotName) == 0) || (strcmp(PK11_GetTokenName(slot), slotName) == 0))) { /* we are only interested in changing the one slot */ continue; } for (i = 0; i < pk11_DefaultArraySize; i++) { if (pk11_DefaultArray[i].flag & mechFlags) { PK11_UpdateSlotAttribute(slot, &(pk11_DefaultArray[i]), PR_FALSE); } } } if (slotName && !found) { PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName); rv = NO_SUCH_SLOT_ERR; goto loser; } /* Delete and re-add module to save changes */ if (SECMOD_UpdateModule(module) != SECSuccess) { PR_fprintf(PR_STDERR, errStrings[UNDEFAULT_FAILED_ERR], moduleName); rv = UNDEFAULT_FAILED_ERR; goto loser; } PR_fprintf(PR_STDOUT, msgStrings[UNDEFAULT_SUCCESS_MSG]); rv = SUCCESS; loser: if (module) { SECMOD_DestroyModule(module); } return rv; }
void PK11_SlotDBUpdate(PK11SlotInfo *slot) { SECMOD_UpdateModule(slot->module); }
/*********************************************************************** * * E n a b l e M o d u l e * * If enable==PR_TRUE, enables the module or slot. * If enable==PR_FALSE, disables the module or slot. * moduleName is the name of the module. * slotName is the name of the slot. It is optional. */ Error EnableModule(char *moduleName, char *slotName, PRBool enable) { int i; SECMODModule *module = NULL; PK11SlotInfo *slot = NULL; PRBool found = PR_FALSE; Error rv; module = SECMOD_FindModule(moduleName); if (!module) { PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName); rv = NO_SUCH_MODULE_ERR; goto loser; } for (i = 0; i < module->slotCount; i++) { slot = module->slots[i]; if (slotName && strcmp(PK11_GetSlotName(slot), slotName)) { /* Not the right slot */ continue; } if (enable) { if (!PK11_UserEnableSlot(slot)) { PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR], "enable", PK11_GetSlotName(slot)); rv = ENABLE_FAILED_ERR; goto loser; } else { found = PR_TRUE; PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG], PK11_GetSlotName(slot), "enabled"); } } else { if (!PK11_UserDisableSlot(slot)) { PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR], "disable", PK11_GetSlotName(slot)); rv = ENABLE_FAILED_ERR; goto loser; } else { found = PR_TRUE; PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG], PK11_GetSlotName(slot), "disabled"); } } } if (slotName && !found) { PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName); rv = NO_SUCH_SLOT_ERR; goto loser; } /* Delete and re-add module to save changes */ if (SECMOD_UpdateModule(module) != SECSuccess) { PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], moduleName); rv = UPDATE_MOD_FAILED_ERR; goto loser; } rv = SUCCESS; loser: if (module) { SECMOD_DestroyModule(module); } return rv; }
/************************************************************************* * * S e t D e f a u l t M o d u l e * */ Error SetDefaultModule(char *moduleName, char *slotName, char *mechanisms) { SECMODModule *module = NULL; PK11SlotInfo *slot; int s, i; unsigned long mechFlags = getFlagsFromString(mechanisms, mechanismStrings, numMechanismStrings); PRBool found = PR_FALSE; Error errcode = UNSPECIFIED_ERR; if (pk11_DefaultArray == NULL) { pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize); if (pk11_DefaultArray == NULL) { /* should assert. This shouldn't happen */ goto loser; } } mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags); module = SECMOD_FindModule(moduleName); if(!module) { PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName); errcode = NO_SUCH_MODULE_ERR; goto loser; } /* Go through each slot */ for(s=0; s < module->slotCount; s++) { slot = module->slots[s]; if ((slotName != NULL) && !((strcmp(PK11_GetSlotName(slot),slotName) == 0) || (strcmp(PK11_GetTokenName(slot),slotName) == 0)) ) { /* we are only interested in changing the one slot */ continue; } found = PR_TRUE; /* Go through each mechanism */ for(i=0; i < pk11_DefaultArraySize; i++) { if(pk11_DefaultArray[i].flag & mechFlags) { /* Enable this default mechanism */ PK11_UpdateSlotAttribute(slot, &(pk11_DefaultArray[i]), PR_TRUE); } } } if (slotName && !found) { PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName); errcode = NO_SUCH_SLOT_ERR; goto loser; } /* Delete and re-add module to save changes */ if( SECMOD_UpdateModule(module) != SECSuccess ) { PR_fprintf(PR_STDERR, errStrings[DEFAULT_FAILED_ERR], moduleName); errcode = DEFAULT_FAILED_ERR; goto loser; } PR_fprintf(PR_STDOUT, msgStrings[DEFAULT_SUCCESS_MSG]); errcode = SUCCESS; loser: if (module) { SECMOD_DestroyModule(module); } return errcode; }