From ae7ce661c1382d087ada9f6180cc685edecf333f Mon Sep 17 00:00:00 2001 From: "relyea%netscape.com" Date: Fri, 10 Oct 2003 15:26:23 +0000 Subject: [PATCH] Bug 203866. Make unloaded modules visible for administrative purposes. sr=wtc r=nelson git-svn-id: svn://10.0.0.236/trunk@147840 18797224-902f-48f8-a5cc-f745e15eee43 --- mozilla/security/nss/lib/pk11wrap/pk11pars.c | 32 ++++++----- mozilla/security/nss/lib/pk11wrap/pk11util.c | 56 ++++++++++++++++---- mozilla/security/nss/lib/pk11wrap/secmod.h | 25 +++++---- mozilla/security/nss/lib/pk11wrap/secmodi.h | 2 +- 4 files changed, 82 insertions(+), 33 deletions(-) diff --git a/mozilla/security/nss/lib/pk11wrap/pk11pars.c b/mozilla/security/nss/lib/pk11wrap/pk11pars.c index b1602f1c823..2ec1d457344 100644 --- a/mozilla/security/nss/lib/pk11wrap/pk11pars.c +++ b/mozilla/security/nss/lib/pk11wrap/pk11pars.c @@ -109,10 +109,13 @@ secmod_NewModule(void) * for 3.4 we continue to use the old SECMODModule structure */ SECMODModule * -SECMOD_CreateModule(char *library, char *moduleName, char *parameters, char *nss) +SECMOD_CreateModule(const char *library, const char *moduleName, + const char *parameters, const char *nss) { SECMODModule *mod = secmod_NewModule(); char *slotParams,*ciphers; + /* pk11pars.h still does not have const char * interfaces */ + char *nssc = (char *)nss; if (mod == NULL) return NULL; mod->commonName = PORT_ArenaStrdup(mod->arena,moduleName ? moduleName : ""); @@ -123,25 +126,25 @@ SECMOD_CreateModule(char *library, char *moduleName, char *parameters, char *nss if (parameters) { mod->libraryParams = PORT_ArenaStrdup(mod->arena,parameters); } - mod->internal = pk11_argHasFlag("flags","internal",nss); - mod->isFIPS = pk11_argHasFlag("flags","FIPS",nss); - mod->isCritical = pk11_argHasFlag("flags","critical",nss); - slotParams = pk11_argGetParamValue("slotParams",nss); + mod->internal = pk11_argHasFlag("flags","internal",nssc); + mod->isFIPS = pk11_argHasFlag("flags","FIPS",nssc); + mod->isCritical = pk11_argHasFlag("flags","critical",nssc); + slotParams = pk11_argGetParamValue("slotParams",nssc); mod->slotInfo = pk11_argParseSlotInfo(mod->arena,slotParams, &mod->slotInfoCount); if (slotParams) PORT_Free(slotParams); /* new field */ - mod->trustOrder = pk11_argReadLong("trustOrder",nss, + mod->trustOrder = pk11_argReadLong("trustOrder",nssc, PK11_DEFAULT_TRUST_ORDER,NULL); /* new field */ - mod->cipherOrder = pk11_argReadLong("cipherOrder",nss, + mod->cipherOrder = pk11_argReadLong("cipherOrder",nssc, PK11_DEFAULT_CIPHER_ORDER,NULL); /* new field */ - mod->isModuleDB = pk11_argHasFlag("flags","moduleDB",nss); - mod->moduleDBOnly = pk11_argHasFlag("flags","moduleDBOnly",nss); + mod->isModuleDB = pk11_argHasFlag("flags","moduleDB",nssc); + mod->moduleDBOnly = pk11_argHasFlag("flags","moduleDBOnly",nssc); if (mod->moduleDBOnly) mod->isModuleDB = PR_TRUE; - ciphers = pk11_argGetParamValue("ciphers",nss); + ciphers = pk11_argGetParamValue("ciphers",nssc); pk11_argSetNewCipherFlags(&mod->ssl[0],ciphers); if (ciphers) PORT_Free(ciphers); @@ -301,6 +304,12 @@ SECMOD_LoadModule(char *modulespec,SECMODModule *parent, PRBool recurse) if (moduleName) PORT_Free(moduleName); if (parameters) PORT_Free(parameters); if (nss) PORT_Free(nss); + if (!module) { + goto loser; + } + if (parent) { + module->parent = SECMOD_ReferenceModule(parent); + } /* load it */ rv = SECMOD_LoadPKCS11Module(module); @@ -333,9 +342,6 @@ SECMOD_LoadModule(char *modulespec,SECMODModule *parent, PRBool recurse) goto loser; } - if (parent) { - module->parent = SECMOD_ReferenceModule(parent); - } /* inherit the reference */ if (!module->moduleDBOnly) { diff --git a/mozilla/security/nss/lib/pk11wrap/pk11util.c b/mozilla/security/nss/lib/pk11wrap/pk11util.c index 1a32d04b93f..30c828a1d88 100644 --- a/mozilla/security/nss/lib/pk11wrap/pk11util.c +++ b/mozilla/security/nss/lib/pk11wrap/pk11util.c @@ -182,6 +182,8 @@ SECMOD_AddModuleToUnloadList(SECMODModule *newModule) { * get the list of PKCS11 modules that are available. */ SECMODModuleList *SECMOD_GetDefaultModuleList() { return modules; } +SECMODModuleList *SECMOD_GetDeadModuleList() { return modulesUnload; } +SECMODModuleList *SECMOD_GetDBModuleList() { return modulesDB; } SECMODListLock *SECMOD_GetDefaultModuleListLock() { return moduleLock; } @@ -190,7 +192,7 @@ SECMODListLock *SECMOD_GetDefaultModuleListLock() { return moduleLock; } * find a module by name, and add a reference to it. * return that module. */ -SECMODModule *SECMOD_FindModule(char *name) { +SECMODModule *SECMOD_FindModule(const char *name) { SECMODModuleList *mlp; SECMODModule *module = NULL; @@ -202,6 +204,18 @@ SECMODModule *SECMOD_FindModule(char *name) { break; } } + if (module) { + goto found; + } + for(mlp = modulesUnload; mlp != NULL; mlp = mlp->next) { + if (PORT_Strcmp(name,mlp->module->commonName) == 0) { + module = mlp->module; + SECMOD_ReferenceModule(module); + break; + } + } + +found: SECMOD_ReleaseReadLock(moduleLock); return module; @@ -256,16 +270,17 @@ PK11SlotInfo *SECMOD_LookupSlot(SECMODModuleID moduleID,CK_SLOT_ID slotID) { * optionally remove it from secmod.db. */ SECStatus -SECMOD_DeleteModuleEx(char *name, SECMODModule *mod, int *type, PRBool permdb) { +SECMOD_DeleteModuleEx(const char *name, SECMODModule *mod, + int *type, PRBool permdb) +{ SECMODModuleList *mlp; SECMODModuleList **mlpp; SECStatus rv = SECFailure; - *type = SECMOD_EXTERNAL; SECMOD_GetWriteLock(moduleLock); - for(mlpp = &modules,mlp = modules; + for (mlpp = &modules,mlp = modules; mlp != NULL; mlpp = &mlp->next, mlp = *mlpp) { if ((name && (PORT_Strcmp(name,mlp->module->commonName) == 0)) || mod == mlp->module) { @@ -282,6 +297,27 @@ SECMOD_DeleteModuleEx(char *name, SECMODModule *mod, int *type, PRBool permdb) { break; } } + if (mlp) { + goto found; + } + /* not on the internal list, check the unload list */ + for (mlpp = &modulesUnload,mlp = modulesUnload; + mlp != NULL; mlpp = &mlp->next, mlp = *mlpp) { + if ((name && (PORT_Strcmp(name,mlp->module->commonName) == 0)) || + mod == mlp->module) { + /* don't delete the internal module */ + if (!mlp->module->internal) { + SECMOD_RemoveList(mlpp,mlp); + rv = SECSuccess; + } else if (mlp->module->isFIPS) { + *type = SECMOD_FIPS; + } else { + *type = SECMOD_INTERNAL; + } + break; + } + } +found: SECMOD_ReleaseWriteLock(moduleLock); @@ -298,7 +334,7 @@ SECMOD_DeleteModuleEx(char *name, SECMODModule *mod, int *type, PRBool permdb) { * find a module by name and delete it off the module list */ SECStatus -SECMOD_DeleteModule(char *name, int *type) { +SECMOD_DeleteModule(const char *name, int *type) { return SECMOD_DeleteModuleEx(name, NULL, type, PR_TRUE); } @@ -306,7 +342,7 @@ SECMOD_DeleteModule(char *name, int *type) { * find a module by name and delete it off the module list */ SECStatus -SECMOD_DeleteInternalModule(char *name) { +SECMOD_DeleteInternalModule(const char *name) { SECMODModuleList *mlp; SECMODModuleList **mlpp; SECStatus rv = SECFailure; @@ -410,7 +446,7 @@ SECMOD_AddModule(SECMODModule *newModule) { return rv; } -PK11SlotInfo *SECMOD_FindSlot(SECMODModule *module,char *name) { +PK11SlotInfo *SECMOD_FindSlot(SECMODModule *module,const char *name) { int i; char *string; @@ -461,7 +497,7 @@ PK11_IsFIPS(void) /* combines NewModule() & AddModule */ /* give a string for the module name & the full-path for the dll, */ /* installs the PKCS11 module & update registry */ -SECStatus SECMOD_AddNewModuleEx(char* moduleName, char* dllPath, +SECStatus SECMOD_AddNewModuleEx(const char* moduleName, const char* dllPath, unsigned long defaultMechanismFlags, unsigned long cipherEnableFlags, char* modparms, @@ -473,7 +509,7 @@ SECStatus SECMOD_AddNewModuleEx(char* moduleName, char* dllPath, PR_SetErrorText(0, NULL); - module = SECMOD_CreateModule(dllPath,moduleName, modparms, nssparms); + module = SECMOD_CreateModule(dllPath, moduleName, modparms, nssparms); if (module == NULL) { return result; @@ -514,7 +550,7 @@ SECStatus SECMOD_AddNewModuleEx(char* moduleName, char* dllPath, return result; } -SECStatus SECMOD_AddNewModule(char* moduleName, char* dllPath, +SECStatus SECMOD_AddNewModule(const char* moduleName, const char* dllPath, unsigned long defaultMechanismFlags, unsigned long cipherEnableFlags) { diff --git a/mozilla/security/nss/lib/pk11wrap/secmod.h b/mozilla/security/nss/lib/pk11wrap/secmod.h index fd8037e653e..22218254bd2 100644 --- a/mozilla/security/nss/lib/pk11wrap/secmod.h +++ b/mozilla/security/nss/lib/pk11wrap/secmod.h @@ -89,8 +89,8 @@ extern SECMODModule *SECMOD_LoadUserModule(char *moduleSpec,SECMODModule *parent SECStatus SECMOD_UnloadUserModule(SECMODModule *mod); -SECMODModule * SECMOD_CreateModule(char *lib, char *name, char *param, - char *nss); +SECMODModule * SECMOD_CreateModule(const char *lib, const char *name, + const char *param, const char *nss); extern SECStatus SECMOD_Shutdown(void); void nss_DumpModuleLog(void); @@ -101,7 +101,14 @@ SECStatus SECMOD_FreeModuleSpecList(SECMODModule *module,char **moduleSpecList); /* protoypes */ -extern SECMODModuleList *SECMOD_GetDefaultModuleList(void); +/* Get a list of active PKCS #11 modules */ +extern SECMODModuleList *SECMOD_GetDefaultModuleList(void); +/* Get a list of defined but not loaded PKCS #11 modules */ +extern SECMODModuleList *SECMOD_GetDeadModuleList(void); +/* Get a list of Modules which define PKCS #11 modules to load */ +extern SECMODModuleList *SECMOD_GetDBModuleList(void); + +/* lock to protect all three module lists above */ extern SECMODListLock *SECMOD_GetDefaultModuleListLock(void); extern SECStatus SECMOD_UpdateModule(SECMODModule *module); @@ -115,14 +122,14 @@ extern void SECMOD_GetWriteLock(SECMODListLock *); extern void SECMOD_ReleaseWriteLock(SECMODListLock *); /* Operate on modules by name */ -extern SECMODModule *SECMOD_FindModule(char *name); -extern SECStatus SECMOD_DeleteModule(char *name, int *type); -extern SECStatus SECMOD_DeleteInternalModule(char *name); +extern SECMODModule *SECMOD_FindModule(const char *name); +extern SECStatus SECMOD_DeleteModule(const char *name, int *type); +extern SECStatus SECMOD_DeleteInternalModule(const char *name); extern PRBool SECMOD_CanDeleteInternalModule(void); -extern SECStatus SECMOD_AddNewModule(char* moduleName, char* dllPath, +extern SECStatus SECMOD_AddNewModule(const char* moduleName, char* dllPath, unsigned long defaultMechanismFlags, unsigned long cipherEnableFlags); -extern SECStatus SECMOD_AddNewModuleEx(char* moduleName, char* dllPath, +extern SECStatus SECMOD_AddNewModuleEx(const char* moduleName, char* dllPath, unsigned long defaultMechanismFlags, unsigned long cipherEnableFlags, char* modparms, @@ -134,7 +141,7 @@ extern SECMODModule *SECMOD_ReferenceModule(SECMODModule *module); extern void SECMOD_DestroyModule(SECMODModule *module); extern PK11SlotInfo *SECMOD_LookupSlot(SECMODModuleID module, unsigned long slotID); -extern PK11SlotInfo *SECMOD_FindSlot(SECMODModule *module,char *name); +extern PK11SlotInfo *SECMOD_FindSlot(SECMODModule *module,const char *name); /* Funtion reports true if at least one of the modules */ /* of modType has been installed */ diff --git a/mozilla/security/nss/lib/pk11wrap/secmodi.h b/mozilla/security/nss/lib/pk11wrap/secmodi.h index f7854a250df..82e9cb2c7cb 100644 --- a/mozilla/security/nss/lib/pk11wrap/secmodi.h +++ b/mozilla/security/nss/lib/pk11wrap/secmodi.h @@ -76,7 +76,7 @@ extern SECMODModuleList *SECMOD_NewModuleListElement(void); extern SECMODModuleList *SECMOD_DestroyModuleListElement(SECMODModuleList *); extern void SECMOD_DestroyModuleList(SECMODModuleList *); extern SECStatus SECMOD_AddModule(SECMODModule *newModule); -SECStatus SECMOD_DeleteModuleEx(char * name, SECMODModule *mod, int *type, PRBool permdb); +SECStatus SECMOD_DeleteModuleEx(const char * name, SECMODModule *mod, int *type, PRBool permdb); extern unsigned long SECMOD_PubCipherFlagstoInternal(unsigned long publicFlags); extern unsigned long SECMOD_InternaltoPubCipherFlags(unsigned long internalFlags);