| blob | 408270bdd0965b1c96ce3d4dc97c25d7072e116e |
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2007
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 *
23 * Alternatively, the contents of this file may be used under the terms of
24 * either the GNU General Public License Version 2 or later (the "GPL"), or
25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 * in which case the provisions of the GPL or the LGPL are applicable instead
27 * of those above. If you wish to allow use of your version of this file only
28 * under the terms of either the GPL or the LGPL, and not to allow others to
29 * use your version of this file under the terms of the MPL, indicate your
30 * decision by deleting the provisions above and replace them with the notice
31 * and other provisions required by the GPL or the LGPL. If you do not delete
32 * the provisions above, a recipient may use your version of this file under
33 * the terms of any one of the MPL, the GPL or the LGPL.
34 *
35 * ***** END LICENSE BLOCK ***** */
36 /*
37 * The following code handles the storage of PKCS 11 modules used by the
38 * NSS. For the rest of NSS, only one kind of database handle exists:
39 *
40 * SFTKDBHandle
41 *
42 * There is one SFTKDBHandle for the each key database and one for each cert
43 * database. These databases are opened as associated pairs, one pair per
44 * slot. SFTKDBHandles are reference counted objects.
45 *
46 * Each SFTKDBHandle points to a low level database handle (SDB). This handle
47 * represents the underlying physical database. These objects are not
48 * reference counted, an are 'owned' by their respective SFTKDBHandles.
49 *
50 *
51 */
59 /****************************************************************
60 *
61 * Secmod database.
62 *
63 * The new secmod database is simply a text file with each of the module
64 * entries. in the following form:
65 *
66 * #
67 * # This is a comment The next line is the library to load
68 * library=libmypkcs11.so
69 * name="My PKCS#11 module"
70 * params="my library's param string"
71 * nss="NSS parameters"
72 * other="parameters for other libraries and applications"
73 *
74 * library=libmynextpk11.so
75 * name="My other PKCS#11 module"
76 */
80 {
89 size++;
90 }
95 }
101 }
103 }
107 }
109 /*
110 * Smart string cat functions. Automatically manage the memory.
111 * The first parameter is the source string. If it's null, we
112 * allocate memory for it. If it's not, we reallocate memory
113 * so the the concanenated string fits.
114 */
117 {
126 }
129 }
131 /* Same as sftkdb_DupnCat except it concatenates the full string, not a
132 * partial one */
135 {
137 }
139 /* function to free up all the memory associated with a null terminated
140 * array of module specs */
141 static SECStatus
143 {
148 }
150 }
152 }
154 #define SECMOD_STEP 10
155 static SECStatus
157 {
165 }
169 }
171 static
173 {
179 #ifdef WINDOWS
182 }
183 #endif
186 }
190 }
192 #define MAX_LINE_LENGTH 2048
193 #define SFTK_DEFAULT_INTERNAL_INIT1 "library= name=\"NSS Internal PKCS #11 Module\" parameters="
194 #define SFTK_DEFAULT_INTERNAL_INIT2 " NSS=\"Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={"
197 #ifdef XP_UNIX
198 #include <unistd.h>
199 #endif
200 /*
201 * Read all the existing modules in out of the file.
202 */
207 {
221 }
226 /* do we really want to use streams here */
230 /*
231 * the following loop takes line separated config lines and colapses
232 * the lines to a single string, escaping and quoting as necessary.
233 */
234 /* loop state variables */
242 /* remove the ending newline */
244 len--;
246 }
249 }
251 /*
252 * The PKCS #11 group standard assumes blocks of strings
253 * separated by new lines, clumped by new lines. Internally
254 * we take strings separated by spaces, so we may need to escape
255 * certain spaces.
256 */
259 /* there is no value, write out the stanza as is */
264 }
267 /* value is already quoted, just write it out */
272 }
275 /* we have an override parameter section, remember that
276 * we found this (see following comment about why this
277 * is necessary). */
280 }
281 /*
282 * The internal token always overrides it's parameter block
283 * from the passed in parameters, so wait until then end
284 * before we include the parameter block in case we need to
285 * override it. NOTE: if the parameter block is quoted with ("),
286 * this override does not happen. This allows you to override
287 * the application's parameter configuration.
288 *
289 * parameter block state is controlled by the following variables:
290 * skipParams - Bool : set to true of we have an override param
291 * block (all other blocks, either implicit or explicit are
292 * ignored).
293 * paramsValue - char * : pointer to the current param block. In
294 * the absence of overrides, paramsValue is set to the first
295 * parameter block we find. All subsequent blocks are ignored.
296 * When we find an internal token, the application passed
297 * parameters take precident.
298 */
300 /* already have parameters */
303 }
308 /* may need to quote */
313 }
321 }
323 /* check to see if it's internal? */
325 /* This should be case insensitive! reviewers make
326 * me fix it if it's not */
329 /* override the parameters */
332 }
334 }
335 }
337 }
340 }
342 /*
343 * if we are here, we have found a complete stanza. Now write out
344 * any param section we may have found.
345 */
347 /* we had an override */
353 }
356 }
359 SECStatus rv;
363 }
364 }
370 moduleCount++;
371 }
375 }
380 }
381 done:
382 /* if we couldn't open a pkcs11 database, look for the old one */
385 PRStatus status;
389 /* couldn't get the old name */
392 }
394 /* old one doesn't exist */
398 }
402 /* old one had no modules */
405 }
407 /* count the modules */
410 /* grow the moduleList if necessary */
412 SECStatus rv;
416 }
417 }
419 /* write each module out, and copy it */
424 }
427 }
429 }
431 /* done with the old module list */
434 bail:
437 }
438 }
456 }
459 loser:
460 /*
461 * cleanup
462 */
463 /* deal with trust cert db here */
467 }
471 }
473 /* This is wrong! FIXME */
477 }
481 /* update our internal module */
483 }
485 }
487 SECStatus
491 {
495 }
498 }
500 }
503 /*
504 * Delete a module from the Data Base
505 */
506 SECStatus
510 {
511 /* SHDB_FIXME implement */
525 }
529 }
535 /* do we really want to use streams here */
544 }
548 }
551 /*
552 * the following loop takes line separated config files and colapses
553 * the lines to a single string, escaping and quoting as necessary.
554 */
555 /* loop state variables */
559 /* If we are processing a block (we haven't hit a blank line yet */
561 /* skip means we are in the middle of a block we are deleting */
564 }
565 /* if we haven't found the block yet, check to see if this block
566 * matches our requirements */
572 /* yup, we don't need to save any more data, */
575 /* we don't need to collect more of this block */
577 /* we don't need to continue searching for the block */
580 }
581 /* not our match, continue to collect data in this block */
584 }
585 /* we've collected a block of data that wasn't the module we were
586 * looking for, write it out */
591 }
592 /* If we didn't just delete the this block, keep the blank line */
595 }
596 /* we are definately not in a deleted block anymore */
598 }
601 /* rename dbname2 to dbname */
605 }
609 loser:
612 }
615 }
619 }
621 }
623 /*
624 * Add a module to the Data base
625 */
626 SECStatus
630 {
637 }
639 /* can't write to a read only module */
642 }
644 /* remove the previous version if it exists */
647 /* do we really want to use streams here */
651 }
660 }
664 }
671 }
676 }
680 }
685 }
689 loser:
693 }