/* installs the PKCS11 module & update registry */ SECStatus SECMOD_AddNewModuleEx(const char* moduleName, const char* dllPath, unsigned long defaultMechanismFlags, unsigned long cipherEnableFlags, char* modparms, char* nssparms) { SECMODModule *module; SECStatus result = SECFailure; int s,i; PK11SlotInfo* slot; PR_SetErrorText(0, NULL); if (!moduleLock) { PORT_SetError(SEC_ERROR_NOT_INITIALIZED); return result; } module = SECMOD_CreateModule(dllPath, moduleName, modparms, nssparms); if (module == NULL) { return result; } if (module->dllName != NULL) { if (module->dllName[0] != 0) { result = SECMOD_AddModule(module); if (result == SECSuccess) { /* turn on SSL cipher enable flags */ module->ssl[0] = cipherEnableFlags; SECMOD_GetReadLock(moduleLock); /* check each slot to turn on appropriate mechanisms */ for (s = 0; s < module->slotCount; s++) { slot = (module->slots)[s]; /* for each possible mechanism */ for (i=0; i < num_pk11_default_mechanisms; i++) { /* we are told to turn it on by default ? */ PRBool add = (PK11_DefaultArray[i].flag & defaultMechanismFlags) ? PR_TRUE: PR_FALSE; result = PK11_UpdateSlotAttribute(slot, &(PK11_DefaultArray[i]), add); } /* for each mechanism */ /* disable each slot if the defaultFlags say so */ if (defaultMechanismFlags & PK11_DISABLE_FLAG) { PK11_UserDisableSlot(slot); } } /* for each slot of this module */ SECMOD_ReleaseReadLock(moduleLock); /* delete and re-add module in order to save changes * to the module */ result = SECMOD_UpdateModule(module); } } } SECMOD_DestroyModule(module); return result; }
/*********************************************************************** * * E n a b l e M o d u l e * * If enable==PR_TRUE, enables the module or slot. * If enable==PR_FALSE, disables the module or slot. * moduleName is the name of the module. * slotName is the name of the slot. It is optional. */ Error EnableModule(char *moduleName, char *slotName, PRBool enable) { int i; SECMODModule *module = NULL; PK11SlotInfo *slot = NULL; PRBool found = PR_FALSE; Error rv; module = SECMOD_FindModule(moduleName); if (!module) { PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName); rv = NO_SUCH_MODULE_ERR; goto loser; } for (i = 0; i < module->slotCount; i++) { slot = module->slots[i]; if (slotName && strcmp(PK11_GetSlotName(slot), slotName)) { /* Not the right slot */ continue; } if (enable) { if (!PK11_UserEnableSlot(slot)) { PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR], "enable", PK11_GetSlotName(slot)); rv = ENABLE_FAILED_ERR; goto loser; } else { found = PR_TRUE; PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG], PK11_GetSlotName(slot), "enabled"); } } else { if (!PK11_UserDisableSlot(slot)) { PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR], "disable", PK11_GetSlotName(slot)); rv = ENABLE_FAILED_ERR; goto loser; } else { found = PR_TRUE; PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG], PK11_GetSlotName(slot), "disabled"); } } } if (slotName && !found) { PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName); rv = NO_SUCH_SLOT_ERR; goto loser; } /* Delete and re-add module to save changes */ if (SECMOD_UpdateModule(module) != SECSuccess) { PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], moduleName); rv = UPDATE_MOD_FAILED_ERR; goto loser; } rv = SUCCESS; loser: if (module) { SECMOD_DestroyModule(module); } return rv; }