mirror of
https://github.com/rn10950/RetroZilla.git
synced 2024-11-14 03:30:17 +01:00
30d33aa8e8
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
966 lines
26 KiB
C
966 lines
26 KiB
C
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
/* To edit this file, set TABSTOPS to 4 spaces.
|
|
* This is not the normal NSS convention.
|
|
*/
|
|
|
|
#include "modutil.h"
|
|
#include "pk11func.h"
|
|
|
|
/*************************************************************************
|
|
*
|
|
* F i p s M o d e
|
|
* If arg=="true", enable FIPS mode on the internal module. If arg=="false",
|
|
* disable FIPS mode on the internal module.
|
|
*/
|
|
Error
|
|
FipsMode(char *arg)
|
|
{
|
|
char *internal_name;
|
|
|
|
if(!PORT_Strcasecmp(arg, "true")) {
|
|
if(!PK11_IsFIPS()) {
|
|
internal_name = PR_smprintf("%s",
|
|
SECMOD_GetInternalModule()->commonName);
|
|
if(SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
|
|
PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
|
|
PR_smprintf_free(internal_name);
|
|
PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
|
|
return FIPS_SWITCH_FAILED_ERR;
|
|
}
|
|
PR_smprintf_free(internal_name);
|
|
if (!PK11_IsFIPS()) {
|
|
PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
|
|
return FIPS_SWITCH_FAILED_ERR;
|
|
}
|
|
PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
|
|
} else {
|
|
PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]);
|
|
return FIPS_ALREADY_ON_ERR;
|
|
}
|
|
} else if(!PORT_Strcasecmp(arg, "false")) {
|
|
if(PK11_IsFIPS()) {
|
|
internal_name = PR_smprintf("%s",
|
|
SECMOD_GetInternalModule()->commonName);
|
|
if(SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
|
|
PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
|
|
PR_smprintf_free(internal_name);
|
|
PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
|
|
return FIPS_SWITCH_FAILED_ERR;
|
|
}
|
|
PR_smprintf_free(internal_name);
|
|
if (PK11_IsFIPS()) {
|
|
PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
|
|
return FIPS_SWITCH_FAILED_ERR;
|
|
}
|
|
PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]);
|
|
} else {
|
|
PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_OFF_ERR]);
|
|
return FIPS_ALREADY_OFF_ERR;
|
|
}
|
|
} else {
|
|
PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]);
|
|
return INVALID_FIPS_ARG;
|
|
}
|
|
|
|
return SUCCESS;
|
|
}
|
|
|
|
/*************************************************************************
|
|
*
|
|
* C h k F i p s M o d e
|
|
* If arg=="true", verify FIPS mode is enabled on the internal module.
|
|
* If arg=="false", verify FIPS mode is disabled on the internal module.
|
|
*/
|
|
Error
|
|
ChkFipsMode(char *arg)
|
|
{
|
|
if(!PORT_Strcasecmp(arg, "true")) {
|
|
if (PK11_IsFIPS()) {
|
|
PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
|
|
} else {
|
|
PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]);
|
|
return FIPS_SWITCH_FAILED_ERR;
|
|
}
|
|
|
|
} else if(!PORT_Strcasecmp(arg, "false")) {
|
|
if(!PK11_IsFIPS()) {
|
|
PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]);
|
|
} else {
|
|
PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
|
|
return FIPS_SWITCH_FAILED_ERR;
|
|
}
|
|
} else {
|
|
PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]);
|
|
return INVALID_FIPS_ARG;
|
|
}
|
|
|
|
return SUCCESS;
|
|
}
|
|
|
|
/************************************************************************
|
|
* Cipher and Mechanism name-bitmask translation tables
|
|
*/
|
|
|
|
typedef struct {
|
|
const char *name;
|
|
unsigned long mask;
|
|
} MaskString;
|
|
|
|
|
|
static const MaskString cipherStrings[] = {
|
|
{"FORTEZZA", PUBLIC_CIPHER_FORTEZZA_FLAG}
|
|
};
|
|
static const int numCipherStrings =
|
|
sizeof(cipherStrings) / sizeof(cipherStrings[0]);
|
|
|
|
/* Initialized by LoadMechanismList */
|
|
static MaskString *mechanismStrings = NULL;
|
|
static int numMechanismStrings = 0;
|
|
const static PK11DefaultArrayEntry *pk11_DefaultArray = NULL;
|
|
static int pk11_DefaultArraySize = 0;
|
|
|
|
/* Maximum length of a colon-separated list of all the strings in an
|
|
* array. */
|
|
#define MAX_STRING_LIST_LEN 240 /* or less */
|
|
|
|
|
|
Error
|
|
LoadMechanismList(void)
|
|
{
|
|
int i;
|
|
|
|
if (pk11_DefaultArray == NULL) {
|
|
pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize);
|
|
if (pk11_DefaultArray == NULL) {
|
|
/* should assert. This shouldn't happen */
|
|
return UNSPECIFIED_ERR;
|
|
}
|
|
}
|
|
if (mechanismStrings != NULL) {
|
|
return SUCCESS;
|
|
}
|
|
|
|
/* build the mechanismStrings array */
|
|
mechanismStrings = PORT_NewArray(MaskString, pk11_DefaultArraySize);
|
|
if (mechanismStrings == NULL) {
|
|
return OUT_OF_MEM_ERR;
|
|
}
|
|
numMechanismStrings = pk11_DefaultArraySize;
|
|
for (i = 0; i < numMechanismStrings; i++) {
|
|
const char *name = pk11_DefaultArray[i].name;
|
|
unsigned long flag = pk11_DefaultArray[i].flag;
|
|
/* map new name to old */
|
|
switch (flag) {
|
|
case SECMOD_FORTEZZA_FLAG:
|
|
name = "FORTEZZA";
|
|
break;
|
|
case SECMOD_SHA1_FLAG:
|
|
name = "SHA1";
|
|
break;
|
|
case SECMOD_CAMELLIA_FLAG:
|
|
name = "CAMELLIA";
|
|
break;
|
|
case SECMOD_RANDOM_FLAG:
|
|
name = "RANDOM";
|
|
break;
|
|
case SECMOD_FRIENDLY_FLAG:
|
|
name = "FRIENDLY";
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
mechanismStrings[i].name = name;
|
|
mechanismStrings[i].mask = SECMOD_InternaltoPubMechFlags(flag);
|
|
}
|
|
return SUCCESS;
|
|
}
|
|
|
|
/************************************************************************
|
|
*
|
|
* g e t F l a g s F r o m S t r i n g
|
|
*
|
|
* Parses a mechanism list passed on the command line and converts it
|
|
* to an unsigned long bitmask.
|
|
* string is a colon-separated string of constants
|
|
* array is an array of MaskStrings.
|
|
* elements is the number of elements in array.
|
|
*/
|
|
static unsigned long
|
|
getFlagsFromString(char *string, const MaskString array[], int elements)
|
|
{
|
|
unsigned long ret = 0;
|
|
short i = 0;
|
|
char *cp;
|
|
char *buf;
|
|
char *end;
|
|
|
|
if(!string || !string[0]) {
|
|
return ret;
|
|
}
|
|
|
|
/* Make a temporary copy of the string */
|
|
buf = PR_Malloc(strlen(string)+1);
|
|
if(!buf) {
|
|
out_of_memory();
|
|
}
|
|
strcpy(buf, string);
|
|
|
|
/* Look at each element of the list passed in */
|
|
for(cp=buf; cp && *cp; cp = (end ? end+1 : NULL) ) {
|
|
/* Look at the string up to the next colon */
|
|
end = strchr(cp, ':');
|
|
if(end) {
|
|
*end = '\0';
|
|
}
|
|
|
|
/* Find which element this is */
|
|
for(i=0; i < elements; i++) {
|
|
if( !PORT_Strcasecmp(cp, array[i].name) ) {
|
|
break;
|
|
}
|
|
}
|
|
if(i == elements) {
|
|
/* Skip a bogus string, but print a warning message */
|
|
PR_fprintf(PR_STDERR, errStrings[INVALID_CONSTANT_ERR], cp);
|
|
continue;
|
|
}
|
|
ret |= array[i].mask;
|
|
}
|
|
|
|
PR_Free(buf);
|
|
return ret;
|
|
}
|
|
|
|
/**********************************************************************
|
|
*
|
|
* g e t S t r i n g F r o m F l a g s
|
|
*
|
|
* The return string's memory is owned by this function. Copy it
|
|
* if you need it permanently or you want to change it.
|
|
*/
|
|
static char *
|
|
getStringFromFlags(unsigned long flags, const MaskString array[], int elements)
|
|
{
|
|
static char buf[MAX_STRING_LIST_LEN];
|
|
int i;
|
|
int count=0;
|
|
|
|
buf[0] = '\0';
|
|
for(i=0; i<elements; i++) {
|
|
if( flags & array[i].mask ) {
|
|
++count;
|
|
if(count!=1) {
|
|
strcat(buf, ":");
|
|
}
|
|
strcat(buf, array[i].name);
|
|
}
|
|
}
|
|
return buf;
|
|
}
|
|
|
|
/**********************************************************************
|
|
*
|
|
* A d d M o d u l e
|
|
*
|
|
* Add the named module, with the given library file, ciphers, and
|
|
* default mechanism flags
|
|
*/
|
|
Error
|
|
AddModule(char *moduleName, char *libFile, char *cipherString,
|
|
char *mechanismString, char* modparms)
|
|
{
|
|
unsigned long ciphers;
|
|
unsigned long mechanisms;
|
|
SECStatus status;
|
|
|
|
mechanisms =
|
|
getFlagsFromString(mechanismString, mechanismStrings,
|
|
numMechanismStrings);
|
|
ciphers =
|
|
getFlagsFromString(cipherString, cipherStrings, numCipherStrings);
|
|
|
|
status =
|
|
SECMOD_AddNewModuleEx(moduleName, libFile,
|
|
SECMOD_PubMechFlagstoInternal(mechanisms),
|
|
SECMOD_PubCipherFlagstoInternal(ciphers),
|
|
modparms, NULL );
|
|
|
|
if(status != SECSuccess) {
|
|
char* errtxt=NULL;
|
|
PRInt32 copied = 0;
|
|
if (PR_GetErrorTextLength()) {
|
|
errtxt = PR_Malloc(PR_GetErrorTextLength() + 1);
|
|
copied = PR_GetErrorText(errtxt);
|
|
}
|
|
if (copied && errtxt) {
|
|
PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_ERR],
|
|
moduleName, errtxt);
|
|
PR_Free(errtxt);
|
|
} else {
|
|
PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_ERR],
|
|
moduleName, SECU_Strerror(PORT_GetError()));
|
|
}
|
|
return ADD_MODULE_FAILED_ERR;
|
|
} else {
|
|
PR_fprintf(PR_STDOUT, msgStrings[ADD_MODULE_SUCCESS_MSG], moduleName);
|
|
return SUCCESS;
|
|
}
|
|
}
|
|
|
|
/***********************************************************************
|
|
*
|
|
* D e l e t e M o d u l e
|
|
*
|
|
* Deletes the named module from the database.
|
|
*/
|
|
Error
|
|
DeleteModule(char *moduleName)
|
|
{
|
|
SECStatus status;
|
|
int type;
|
|
|
|
status = SECMOD_DeleteModule(moduleName, &type);
|
|
|
|
if(status != SECSuccess) {
|
|
if(type == SECMOD_FIPS || type == SECMOD_INTERNAL) {
|
|
PR_fprintf(PR_STDERR, errStrings[DELETE_INTERNAL_ERR]);
|
|
return DELETE_INTERNAL_ERR;
|
|
} else {
|
|
PR_fprintf(PR_STDERR, errStrings[DELETE_FAILED_ERR], moduleName);
|
|
return DELETE_FAILED_ERR;
|
|
}
|
|
}
|
|
|
|
PR_fprintf(PR_STDOUT, msgStrings[DELETE_SUCCESS_MSG], moduleName);
|
|
return SUCCESS;
|
|
}
|
|
|
|
/************************************************************************
|
|
*
|
|
* R a w L i s t M o d u l e s
|
|
*
|
|
* Lists all the modules in the database, along with their slots and tokens.
|
|
*/
|
|
Error
|
|
RawListModule(char *modulespec)
|
|
{
|
|
SECMODModule *module;
|
|
char **moduleSpecList;
|
|
|
|
module = SECMOD_LoadModule(modulespec,NULL,PR_FALSE);
|
|
if (module == NULL) {
|
|
/* handle error */
|
|
return NO_SUCH_MODULE_ERR;
|
|
}
|
|
|
|
moduleSpecList = SECMOD_GetModuleSpecList(module);
|
|
if (!moduleSpecList || !moduleSpecList[0]) {
|
|
SECU_PrintError("modutil",
|
|
"no specs in secmod DB");
|
|
return NO_SUCH_MODULE_ERR;
|
|
}
|
|
|
|
for ( ;*moduleSpecList; moduleSpecList++) {
|
|
printf("%s\n\n",*moduleSpecList);
|
|
}
|
|
|
|
return SUCCESS;
|
|
}
|
|
|
|
Error
|
|
RawAddModule(char *dbmodulespec, char *modulespec)
|
|
{
|
|
SECMODModule *module;
|
|
SECMODModule *dbmodule;
|
|
|
|
|
|
dbmodule = SECMOD_LoadModule(dbmodulespec,NULL,PR_TRUE);
|
|
if (dbmodule == NULL) {
|
|
/* handle error */
|
|
return NO_SUCH_MODULE_ERR;
|
|
}
|
|
|
|
module = SECMOD_LoadModule(modulespec,dbmodule,PR_FALSE);
|
|
if (module == NULL) {
|
|
/* handle error */
|
|
return NO_SUCH_MODULE_ERR;
|
|
}
|
|
|
|
if( SECMOD_UpdateModule(module) != SECSuccess ) {
|
|
PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], modulespec);
|
|
return UPDATE_MOD_FAILED_ERR;
|
|
}
|
|
return SUCCESS;
|
|
}
|
|
|
|
static void
|
|
printModule(SECMODModule *module, int *count)
|
|
{
|
|
int slotCount = module->loaded ? module->slotCount : 0;
|
|
int i;
|
|
|
|
if ((*count)++) {
|
|
PR_fprintf(PR_STDOUT,"\n");
|
|
}
|
|
PR_fprintf(PR_STDOUT, "%3d. %s\n", *count, module->commonName);
|
|
|
|
if (module->dllName) {
|
|
PR_fprintf(PR_STDOUT, "\tlibrary name: %s\n", module->dllName);
|
|
}
|
|
|
|
if (slotCount == 0) {
|
|
PR_fprintf(PR_STDOUT,
|
|
"\t slots: There are no slots attached to this module\n");
|
|
} else {
|
|
PR_fprintf(PR_STDOUT, "\t slots: %d slot%s attached\n",
|
|
slotCount, (slotCount==1 ? "" : "s") );
|
|
}
|
|
|
|
if (module->loaded == 0) {
|
|
PR_fprintf(PR_STDOUT, "\tstatus: Not loaded\n");
|
|
} else {
|
|
PR_fprintf(PR_STDOUT, "\tstatus: loaded\n");
|
|
}
|
|
|
|
/* Print slot and token names */
|
|
for (i = 0; i < slotCount; i++) {
|
|
PK11SlotInfo *slot = module->slots[i];
|
|
|
|
PR_fprintf(PR_STDOUT, "\n");
|
|
PR_fprintf(PR_STDOUT, "\t slot: %s\n", PK11_GetSlotName(slot));
|
|
PR_fprintf(PR_STDOUT, "\ttoken: %s\n", PK11_GetTokenName(slot));
|
|
}
|
|
return;
|
|
}
|
|
|
|
/************************************************************************
|
|
*
|
|
* L i s t M o d u l e s
|
|
*
|
|
* Lists all the modules in the database, along with their slots and tokens.
|
|
*/
|
|
Error
|
|
ListModules()
|
|
{
|
|
SECMODListLock *lock;
|
|
SECMODModuleList *list;
|
|
SECMODModuleList *deadlist;
|
|
SECMODModuleList *mlp;
|
|
Error ret=UNSPECIFIED_ERR;
|
|
int count = 0;
|
|
|
|
lock = SECMOD_GetDefaultModuleListLock();
|
|
if(!lock) {
|
|
PR_fprintf(PR_STDERR, errStrings[NO_LIST_LOCK_ERR]);
|
|
return NO_LIST_LOCK_ERR;
|
|
}
|
|
|
|
SECMOD_GetReadLock(lock);
|
|
|
|
list = SECMOD_GetDefaultModuleList();
|
|
deadlist = SECMOD_GetDeadModuleList();
|
|
if (!list && !deadlist) {
|
|
PR_fprintf(PR_STDERR, errStrings[NO_MODULE_LIST_ERR]);
|
|
ret = NO_MODULE_LIST_ERR;
|
|
goto loser;
|
|
}
|
|
|
|
PR_fprintf(PR_STDOUT,
|
|
"\nListing of PKCS #11 Modules\n"
|
|
"-----------------------------------------------------------\n");
|
|
|
|
for(mlp=list; mlp != NULL; mlp = mlp->next) {
|
|
printModule(mlp->module, &count);
|
|
}
|
|
for (mlp=deadlist; mlp != NULL; mlp = mlp->next) {
|
|
printModule(mlp->module, &count);
|
|
}
|
|
|
|
|
|
PR_fprintf(PR_STDOUT,
|
|
"-----------------------------------------------------------\n");
|
|
|
|
ret = SUCCESS;
|
|
|
|
loser:
|
|
SECMOD_ReleaseReadLock(lock);
|
|
return ret;
|
|
}
|
|
|
|
/* Strings describing PK11DisableReasons */
|
|
static char *disableReasonStr[] = {
|
|
"no reason",
|
|
"user disabled",
|
|
"could not initialize token",
|
|
"could not verify token",
|
|
"token not present"
|
|
};
|
|
static int numDisableReasonStr =
|
|
sizeof(disableReasonStr) / sizeof(disableReasonStr[0]);
|
|
|
|
/***********************************************************************
|
|
*
|
|
* L i s t M o d u l e
|
|
*
|
|
* Lists detailed information about the named module.
|
|
*/
|
|
Error
|
|
ListModule(char *moduleName)
|
|
{
|
|
SECMODModule *module = NULL;
|
|
PK11SlotInfo *slot;
|
|
int slotnum;
|
|
CK_INFO modinfo;
|
|
CK_SLOT_INFO slotinfo;
|
|
CK_TOKEN_INFO tokeninfo;
|
|
char *ciphers, *mechanisms;
|
|
PK11DisableReasons reason;
|
|
Error rv = SUCCESS;
|
|
|
|
if(!moduleName) {
|
|
return SUCCESS;
|
|
}
|
|
|
|
module = SECMOD_FindModule(moduleName);
|
|
if(!module) {
|
|
PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
|
|
rv = NO_SUCH_MODULE_ERR;
|
|
goto loser;
|
|
}
|
|
|
|
if ((module->loaded) &&
|
|
(PK11_GetModInfo(module, &modinfo) != SECSuccess)) {
|
|
PR_fprintf(PR_STDERR, errStrings[MOD_INFO_ERR], moduleName);
|
|
rv = MOD_INFO_ERR;
|
|
goto loser;
|
|
}
|
|
|
|
/* Module info */
|
|
PR_fprintf(PR_STDOUT,
|
|
"\n-----------------------------------------------------------\n");
|
|
PR_fprintf(PR_STDOUT, "Name: %s\n", module->commonName);
|
|
if(module->internal || !module->dllName) {
|
|
PR_fprintf(PR_STDOUT, "Library file: **Internal ONLY module**\n");
|
|
} else {
|
|
PR_fprintf(PR_STDOUT, "Library file: %s\n", module->dllName);
|
|
}
|
|
|
|
if (module->loaded) {
|
|
PR_fprintf(PR_STDOUT, "Manufacturer: %.32s\n", modinfo.manufacturerID);
|
|
PR_fprintf(PR_STDOUT, "Description: %.32s\n", modinfo.libraryDescription);
|
|
PR_fprintf(PR_STDOUT, "PKCS #11 Version %d.%d\n",
|
|
modinfo.cryptokiVersion.major, modinfo.cryptokiVersion.minor);
|
|
PR_fprintf(PR_STDOUT, "Library Version: %d.%d\n",
|
|
modinfo.libraryVersion.major, modinfo.libraryVersion.minor);
|
|
} else {
|
|
PR_fprintf(PR_STDOUT, "* Module not loaded\n");
|
|
}
|
|
/* Get cipher and mechanism flags */
|
|
ciphers = getStringFromFlags(module->ssl[0], cipherStrings,
|
|
numCipherStrings);
|
|
if(ciphers[0] == '\0') {
|
|
ciphers = "None";
|
|
}
|
|
PR_fprintf(PR_STDOUT, "Cipher Enable Flags: %s\n", ciphers);
|
|
mechanisms = NULL;
|
|
if (module->slotCount > 0) {
|
|
mechanisms = getStringFromFlags(
|
|
PK11_GetDefaultFlags(module->slots[0]),
|
|
mechanismStrings, numMechanismStrings);
|
|
}
|
|
if ((mechanisms==NULL) || (mechanisms[0] =='\0')) {
|
|
mechanisms = "None";
|
|
}
|
|
PR_fprintf(PR_STDOUT, "Default Mechanism Flags: %s\n", mechanisms);
|
|
|
|
#define PAD " "
|
|
|
|
/* Loop over each slot */
|
|
for (slotnum=0; slotnum < module->slotCount; slotnum++) {
|
|
slot = module->slots[slotnum];
|
|
if (PK11_GetSlotInfo(slot, &slotinfo) != SECSuccess) {
|
|
PR_fprintf(PR_STDERR, errStrings[SLOT_INFO_ERR],
|
|
PK11_GetSlotName(slot));
|
|
rv = SLOT_INFO_ERR;
|
|
continue;
|
|
}
|
|
|
|
/* Slot Info */
|
|
PR_fprintf(PR_STDOUT, "\n"PAD"Slot: %s\n", PK11_GetSlotName(slot));
|
|
mechanisms = getStringFromFlags(PK11_GetDefaultFlags(slot),
|
|
mechanismStrings, numMechanismStrings);
|
|
if(mechanisms[0] =='\0') {
|
|
mechanisms = "None";
|
|
}
|
|
PR_fprintf(PR_STDOUT, PAD"Slot Mechanism Flags: %s\n", mechanisms);
|
|
PR_fprintf(PR_STDOUT, PAD"Manufacturer: %.32s\n",
|
|
slotinfo.manufacturerID);
|
|
if (PK11_IsHW(slot)) {
|
|
PR_fprintf(PR_STDOUT, PAD"Type: Hardware\n");
|
|
} else {
|
|
PR_fprintf(PR_STDOUT, PAD"Type: Software\n");
|
|
}
|
|
PR_fprintf(PR_STDOUT, PAD"Version Number: %d.%d\n",
|
|
slotinfo.hardwareVersion.major, slotinfo.hardwareVersion.minor);
|
|
PR_fprintf(PR_STDOUT, PAD"Firmware Version: %d.%d\n",
|
|
slotinfo.firmwareVersion.major, slotinfo.firmwareVersion.minor);
|
|
if (PK11_IsDisabled(slot)) {
|
|
reason = PK11_GetDisabledReason(slot);
|
|
if(reason < numDisableReasonStr) {
|
|
PR_fprintf(PR_STDOUT, PAD"Status: DISABLED (%s)\n",
|
|
disableReasonStr[reason]);
|
|
} else {
|
|
PR_fprintf(PR_STDOUT, PAD"Status: DISABLED\n");
|
|
}
|
|
} else {
|
|
PR_fprintf(PR_STDOUT, PAD"Status: Enabled\n");
|
|
}
|
|
|
|
if(PK11_GetTokenInfo(slot, &tokeninfo) != SECSuccess) {
|
|
PR_fprintf(PR_STDERR, errStrings[TOKEN_INFO_ERR],
|
|
PK11_GetTokenName(slot));
|
|
rv = TOKEN_INFO_ERR;
|
|
continue;
|
|
}
|
|
|
|
/* Token Info */
|
|
PR_fprintf(PR_STDOUT, PAD"Token Name: %.32s\n",
|
|
tokeninfo.label);
|
|
PR_fprintf(PR_STDOUT, PAD"Token Manufacturer: %.32s\n",
|
|
tokeninfo.manufacturerID);
|
|
PR_fprintf(PR_STDOUT, PAD"Token Model: %.16s\n", tokeninfo.model);
|
|
PR_fprintf(PR_STDOUT, PAD"Token Serial Number: %.16s\n",
|
|
tokeninfo.serialNumber);
|
|
PR_fprintf(PR_STDOUT, PAD"Token Version: %d.%d\n",
|
|
tokeninfo.hardwareVersion.major, tokeninfo.hardwareVersion.minor);
|
|
PR_fprintf(PR_STDOUT, PAD"Token Firmware Version: %d.%d\n",
|
|
tokeninfo.firmwareVersion.major, tokeninfo.firmwareVersion.minor);
|
|
if(tokeninfo.flags & CKF_WRITE_PROTECTED) {
|
|
PR_fprintf(PR_STDOUT, PAD"Access: Write Protected\n");
|
|
} else {
|
|
PR_fprintf(PR_STDOUT, PAD"Access: NOT Write Protected\n");
|
|
}
|
|
if(tokeninfo.flags & CKF_LOGIN_REQUIRED) {
|
|
PR_fprintf(PR_STDOUT, PAD"Login Type: Login required\n");
|
|
} else {
|
|
PR_fprintf(PR_STDOUT, PAD
|
|
"Login Type: Public (no login required)\n");
|
|
}
|
|
if(tokeninfo.flags & CKF_USER_PIN_INITIALIZED) {
|
|
PR_fprintf(PR_STDOUT, PAD"User Pin: Initialized\n");
|
|
} else {
|
|
PR_fprintf(PR_STDOUT, PAD"User Pin: NOT Initialized\n");
|
|
}
|
|
}
|
|
PR_fprintf(PR_STDOUT,
|
|
"\n-----------------------------------------------------------\n");
|
|
loser:
|
|
if (module) {
|
|
SECMOD_DestroyModule(module);
|
|
}
|
|
return rv;
|
|
}
|
|
|
|
/************************************************************************
|
|
*
|
|
* C h a n g e P W
|
|
*/
|
|
Error
|
|
ChangePW(char *tokenName, char *pwFile, char *newpwFile)
|
|
{
|
|
char *oldpw=NULL, *newpw=NULL, *newpw2=NULL;
|
|
PK11SlotInfo *slot;
|
|
Error ret=UNSPECIFIED_ERR;
|
|
PRBool matching;
|
|
|
|
slot = PK11_FindSlotByName(tokenName);
|
|
if(!slot) {
|
|
PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], tokenName);
|
|
return NO_SUCH_TOKEN_ERR;
|
|
}
|
|
|
|
/* Get old password */
|
|
if(! PK11_NeedUserInit(slot)) {
|
|
if(pwFile) {
|
|
oldpw = SECU_FilePasswd(NULL, PR_FALSE, pwFile);
|
|
if(PK11_CheckUserPassword(slot, oldpw) != SECSuccess) {
|
|
PR_fprintf(PR_STDERR, errStrings[BAD_PW_ERR]);
|
|
ret=BAD_PW_ERR;
|
|
goto loser;
|
|
}
|
|
} else {
|
|
for(matching=PR_FALSE; !matching; ) {
|
|
oldpw = SECU_GetPasswordString(NULL, "Enter old password: ");
|
|
if(PK11_CheckUserPassword(slot, oldpw) == SECSuccess) {
|
|
matching = PR_TRUE;
|
|
} else {
|
|
PR_fprintf(PR_STDOUT, msgStrings[BAD_PW_MSG]);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
/* Get new password */
|
|
if(newpwFile) {
|
|
newpw = SECU_FilePasswd(NULL, PR_FALSE, newpwFile);
|
|
} else {
|
|
for(matching=PR_FALSE; !matching; ) {
|
|
newpw = SECU_GetPasswordString(NULL, "Enter new password: ");
|
|
newpw2 = SECU_GetPasswordString(NULL, "Re-enter new password: ");
|
|
if(strcmp(newpw, newpw2)) {
|
|
PR_fprintf(PR_STDOUT, msgStrings[PW_MATCH_MSG]);
|
|
} else {
|
|
matching = PR_TRUE;
|
|
}
|
|
}
|
|
}
|
|
|
|
/* Change the password */
|
|
if(PK11_NeedUserInit(slot)) {
|
|
if(PK11_InitPin(slot, NULL /*ssopw*/, newpw) != SECSuccess) {
|
|
PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName);
|
|
ret = CHANGEPW_FAILED_ERR;
|
|
goto loser;
|
|
}
|
|
} else {
|
|
if(PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) {
|
|
PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName);
|
|
ret = CHANGEPW_FAILED_ERR;
|
|
goto loser;
|
|
}
|
|
}
|
|
|
|
PR_fprintf(PR_STDOUT, msgStrings[CHANGEPW_SUCCESS_MSG], tokenName);
|
|
ret = SUCCESS;
|
|
|
|
loser:
|
|
if(oldpw) {
|
|
memset(oldpw, 0, strlen(oldpw));
|
|
PORT_Free(oldpw);
|
|
}
|
|
if(newpw) {
|
|
memset(newpw, 0, strlen(newpw));
|
|
PORT_Free(newpw);
|
|
}
|
|
if(newpw2) {
|
|
memset(newpw2, 0, strlen(newpw2));
|
|
PORT_Free(newpw2);
|
|
}
|
|
PK11_FreeSlot(slot);
|
|
|
|
return ret;
|
|
}
|
|
|
|
/***********************************************************************
|
|
*
|
|
* E n a b l e M o d u l e
|
|
*
|
|
* If enable==PR_TRUE, enables the module or slot.
|
|
* If enable==PR_FALSE, disables the module or slot.
|
|
* moduleName is the name of the module.
|
|
* slotName is the name of the slot. It is optional.
|
|
*/
|
|
Error
|
|
EnableModule(char *moduleName, char *slotName, PRBool enable)
|
|
{
|
|
int i;
|
|
SECMODModule *module = NULL;
|
|
PK11SlotInfo *slot = NULL;
|
|
PRBool found = PR_FALSE;
|
|
Error rv;
|
|
|
|
module = SECMOD_FindModule(moduleName);
|
|
if(!module) {
|
|
PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
|
|
rv = NO_SUCH_MODULE_ERR;
|
|
goto loser;
|
|
}
|
|
|
|
for(i=0; i < module->slotCount; i++) {
|
|
slot = module->slots[i];
|
|
if(slotName && strcmp(PK11_GetSlotName(slot), slotName)) {
|
|
/* Not the right slot */
|
|
continue;
|
|
}
|
|
if(enable) {
|
|
if(! PK11_UserEnableSlot(slot)) {
|
|
PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR],
|
|
"enable", PK11_GetSlotName(slot));
|
|
rv = ENABLE_FAILED_ERR;
|
|
goto loser;
|
|
} else {
|
|
found = PR_TRUE;
|
|
PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG],
|
|
PK11_GetSlotName(slot), "enabled");
|
|
}
|
|
} else {
|
|
if(! PK11_UserDisableSlot(slot)) {
|
|
PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR],
|
|
"disable", PK11_GetSlotName(slot));
|
|
rv = ENABLE_FAILED_ERR;
|
|
goto loser;
|
|
} else {
|
|
found = PR_TRUE;
|
|
PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG],
|
|
PK11_GetSlotName(slot), "disabled");
|
|
}
|
|
}
|
|
}
|
|
|
|
if(slotName && !found) {
|
|
PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
|
|
rv = NO_SUCH_SLOT_ERR;
|
|
goto loser;
|
|
}
|
|
|
|
/* Delete and re-add module to save changes */
|
|
if( SECMOD_UpdateModule(module) != SECSuccess ) {
|
|
PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], moduleName);
|
|
rv = UPDATE_MOD_FAILED_ERR;
|
|
goto loser;
|
|
}
|
|
|
|
rv = SUCCESS;
|
|
loser:
|
|
if (module) {
|
|
SECMOD_DestroyModule(module);
|
|
}
|
|
return rv;
|
|
}
|
|
|
|
/*************************************************************************
|
|
*
|
|
* S e t D e f a u l t M o d u l e
|
|
*
|
|
*/
|
|
Error
|
|
SetDefaultModule(char *moduleName, char *slotName, char *mechanisms)
|
|
{
|
|
SECMODModule *module = NULL;
|
|
PK11SlotInfo *slot;
|
|
int s, i;
|
|
unsigned long mechFlags = getFlagsFromString(mechanisms, mechanismStrings,
|
|
numMechanismStrings);
|
|
PRBool found = PR_FALSE;
|
|
Error errcode = UNSPECIFIED_ERR;
|
|
|
|
mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags);
|
|
|
|
module = SECMOD_FindModule(moduleName);
|
|
if(!module) {
|
|
PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
|
|
errcode = NO_SUCH_MODULE_ERR;
|
|
goto loser;
|
|
}
|
|
|
|
/* Go through each slot */
|
|
for(s=0; s < module->slotCount; s++) {
|
|
slot = module->slots[s];
|
|
|
|
if ((slotName != NULL) &&
|
|
!((strcmp(PK11_GetSlotName(slot),slotName) == 0) ||
|
|
(strcmp(PK11_GetTokenName(slot),slotName) == 0)) ) {
|
|
/* we are only interested in changing the one slot */
|
|
continue;
|
|
}
|
|
|
|
found = PR_TRUE;
|
|
|
|
/* Go through each mechanism */
|
|
for(i=0; i < pk11_DefaultArraySize; i++) {
|
|
if(pk11_DefaultArray[i].flag & mechFlags) {
|
|
/* Enable this default mechanism */
|
|
PK11_UpdateSlotAttribute(slot, &(pk11_DefaultArray[i]),
|
|
PR_TRUE);
|
|
}
|
|
}
|
|
}
|
|
if (slotName && !found) {
|
|
PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
|
|
errcode = NO_SUCH_SLOT_ERR;
|
|
goto loser;
|
|
}
|
|
|
|
/* Delete and re-add module to save changes */
|
|
if( SECMOD_UpdateModule(module) != SECSuccess ) {
|
|
PR_fprintf(PR_STDERR, errStrings[DEFAULT_FAILED_ERR],
|
|
moduleName);
|
|
errcode = DEFAULT_FAILED_ERR;
|
|
goto loser;
|
|
}
|
|
|
|
PR_fprintf(PR_STDOUT, msgStrings[DEFAULT_SUCCESS_MSG]);
|
|
|
|
errcode = SUCCESS;
|
|
loser:
|
|
if (module) {
|
|
SECMOD_DestroyModule(module);
|
|
}
|
|
return errcode;
|
|
}
|
|
|
|
/************************************************************************
|
|
*
|
|
* U n s e t D e f a u l t M o d u l e
|
|
*/
|
|
Error
|
|
UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms)
|
|
{
|
|
SECMODModule * module = NULL;
|
|
PK11SlotInfo *slot;
|
|
int s, i;
|
|
unsigned long mechFlags = getFlagsFromString(mechanisms,
|
|
mechanismStrings, numMechanismStrings);
|
|
PRBool found = PR_FALSE;
|
|
Error rv;
|
|
|
|
mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags);
|
|
|
|
module = SECMOD_FindModule(moduleName);
|
|
if(!module) {
|
|
PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
|
|
rv = NO_SUCH_MODULE_ERR;
|
|
goto loser;
|
|
}
|
|
|
|
for(s=0; s < module->slotCount; s++) {
|
|
slot = module->slots[s];
|
|
if ((slotName != NULL) &&
|
|
!((strcmp(PK11_GetSlotName(slot),slotName) == 0) ||
|
|
(strcmp(PK11_GetTokenName(slot),slotName) == 0)) ) {
|
|
/* we are only interested in changing the one slot */
|
|
continue;
|
|
}
|
|
for(i=0; i < pk11_DefaultArraySize ; i++) {
|
|
if(pk11_DefaultArray[i].flag & mechFlags) {
|
|
PK11_UpdateSlotAttribute(slot, &(pk11_DefaultArray[i]),
|
|
PR_FALSE);
|
|
}
|
|
}
|
|
}
|
|
if (slotName && !found) {
|
|
PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
|
|
rv = NO_SUCH_SLOT_ERR;
|
|
goto loser;
|
|
}
|
|
|
|
/* Delete and re-add module to save changes */
|
|
if( SECMOD_UpdateModule(module) != SECSuccess ) {
|
|
PR_fprintf(PR_STDERR, errStrings[UNDEFAULT_FAILED_ERR],
|
|
moduleName);
|
|
rv = UNDEFAULT_FAILED_ERR;
|
|
goto loser;
|
|
}
|
|
|
|
PR_fprintf(PR_STDOUT, msgStrings[UNDEFAULT_SUCCESS_MSG]);
|
|
rv = SUCCESS;
|
|
loser:
|
|
if (module) {
|
|
SECMOD_DestroyModule(module);
|
|
}
|
|
return rv;
|
|
}
|