/* installs the PKCS11 module & update registry */
SECStatus
SECMOD_AddNewModuleEx(const char* moduleName, const char* dllPath,
unsigned long defaultMechanismFlags,
unsigned long cipherEnableFlags,
char* modparms, char* nssparms)
{
SECMODModule *module;
SECStatus result = SECFailure;
int s,i;
PK11SlotInfo* slot;
PR_SetErrorText(0, NULL);
if (!moduleLock) {
PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
return result;
}
module = SECMOD_CreateModule(dllPath, moduleName, modparms, nssparms);
if (module == NULL) {
return result;
}
if (module->dllName != NULL) {
if (module->dllName[0] != 0) {
result = SECMOD_AddModule(module);
if (result == SECSuccess) {
/* turn on SSL cipher enable flags */
module->ssl[0] = cipherEnableFlags;
SECMOD_GetReadLock(moduleLock);
/* check each slot to turn on appropriate mechanisms */
for (s = 0; s < module->slotCount; s++) {
slot = (module->slots)[s];
/* for each possible mechanism */
for (i=0; i < num_pk11_default_mechanisms; i++) {
/* we are told to turn it on by default ? */
PRBool add =
(PK11_DefaultArray[i].flag & defaultMechanismFlags) ?
PR_TRUE: PR_FALSE;
result = PK11_UpdateSlotAttribute(slot,
&(PK11_DefaultArray[i]), add);
} /* for each mechanism */
/* disable each slot if the defaultFlags say so */
if (defaultMechanismFlags & PK11_DISABLE_FLAG) {
PK11_UserDisableSlot(slot);
}
} /* for each slot of this module */
SECMOD_ReleaseReadLock(moduleLock);
/* delete and re-add module in order to save changes
* to the module */
result = SECMOD_UpdateModule(module);
}
}
}
SECMOD_DestroyModule(module);
return result;
}
/***********************************************************************
*
* E n a b l e M o d u l e
*
* If enable==PR_TRUE, enables the module or slot.
* If enable==PR_FALSE, disables the module or slot.
* moduleName is the name of the module.
* slotName is the name of the slot. It is optional.
*/
Error
EnableModule(char *moduleName, char *slotName, PRBool enable)
{
int i;
SECMODModule *module = NULL;
PK11SlotInfo *slot = NULL;
PRBool found = PR_FALSE;
Error rv;
module = SECMOD_FindModule(moduleName);
if (!module) {
PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
rv = NO_SUCH_MODULE_ERR;
goto loser;
}
for (i = 0; i < module->slotCount; i++) {
slot = module->slots[i];
if (slotName && strcmp(PK11_GetSlotName(slot), slotName)) {
/* Not the right slot */
continue;
}
if (enable) {
if (!PK11_UserEnableSlot(slot)) {
PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR],
"enable", PK11_GetSlotName(slot));
rv = ENABLE_FAILED_ERR;
goto loser;
} else {
found = PR_TRUE;
PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG],
PK11_GetSlotName(slot), "enabled");
}
} else {
if (!PK11_UserDisableSlot(slot)) {
PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR],
"disable", PK11_GetSlotName(slot));
rv = ENABLE_FAILED_ERR;
goto loser;
} else {
found = PR_TRUE;
PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG],
PK11_GetSlotName(slot), "disabled");
}
}
}
if (slotName && !found) {
PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
rv = NO_SUCH_SLOT_ERR;
goto loser;
}
/* Delete and re-add module to save changes */
if (SECMOD_UpdateModule(module) != SECSuccess) {
PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], moduleName);
rv = UPDATE_MOD_FAILED_ERR;
goto loser;
}
rv = SUCCESS;
loser:
if (module) {
SECMOD_DestroyModule(module);
}
return rv;
}
