michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: /* To edit this file, set TABSTOPS to 4 spaces. michael@0: * This is not the normal NSS convention. michael@0: */ michael@0: michael@0: #include "modutil.h" michael@0: #include "pk11func.h" michael@0: michael@0: /************************************************************************* michael@0: * michael@0: * F i p s M o d e michael@0: * If arg=="true", enable FIPS mode on the internal module. If arg=="false", michael@0: * disable FIPS mode on the internal module. michael@0: */ michael@0: Error michael@0: FipsMode(char *arg) michael@0: { michael@0: char *internal_name; michael@0: michael@0: if(!PORT_Strcasecmp(arg, "true")) { michael@0: if(!PK11_IsFIPS()) { michael@0: internal_name = PR_smprintf("%s", michael@0: SECMOD_GetInternalModule()->commonName); michael@0: if(SECMOD_DeleteInternalModule(internal_name) != SECSuccess) { michael@0: PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError())); michael@0: PR_smprintf_free(internal_name); michael@0: PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); michael@0: return FIPS_SWITCH_FAILED_ERR; michael@0: } michael@0: PR_smprintf_free(internal_name); michael@0: if (!PK11_IsFIPS()) { michael@0: PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); michael@0: return FIPS_SWITCH_FAILED_ERR; michael@0: } michael@0: PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]); michael@0: } else { michael@0: PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]); michael@0: return FIPS_ALREADY_ON_ERR; michael@0: } michael@0: } else if(!PORT_Strcasecmp(arg, "false")) { michael@0: if(PK11_IsFIPS()) { michael@0: internal_name = PR_smprintf("%s", michael@0: SECMOD_GetInternalModule()->commonName); michael@0: if(SECMOD_DeleteInternalModule(internal_name) != SECSuccess) { michael@0: PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError())); michael@0: PR_smprintf_free(internal_name); michael@0: PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); michael@0: return FIPS_SWITCH_FAILED_ERR; michael@0: } michael@0: PR_smprintf_free(internal_name); michael@0: if (PK11_IsFIPS()) { michael@0: PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); michael@0: return FIPS_SWITCH_FAILED_ERR; michael@0: } michael@0: PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]); michael@0: } else { michael@0: PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_OFF_ERR]); michael@0: return FIPS_ALREADY_OFF_ERR; michael@0: } michael@0: } else { michael@0: PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]); michael@0: return INVALID_FIPS_ARG; michael@0: } michael@0: michael@0: return SUCCESS; michael@0: } michael@0: michael@0: /************************************************************************* michael@0: * michael@0: * C h k F i p s M o d e michael@0: * If arg=="true", verify FIPS mode is enabled on the internal module. michael@0: * If arg=="false", verify FIPS mode is disabled on the internal module. michael@0: */ michael@0: Error michael@0: ChkFipsMode(char *arg) michael@0: { michael@0: if(!PORT_Strcasecmp(arg, "true")) { michael@0: if (PK11_IsFIPS()) { michael@0: PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]); michael@0: } else { michael@0: PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]); michael@0: return FIPS_SWITCH_FAILED_ERR; michael@0: } michael@0: michael@0: } else if(!PORT_Strcasecmp(arg, "false")) { michael@0: if(!PK11_IsFIPS()) { michael@0: PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]); michael@0: } else { michael@0: PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]); michael@0: return FIPS_SWITCH_FAILED_ERR; michael@0: } michael@0: } else { michael@0: PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]); michael@0: return INVALID_FIPS_ARG; michael@0: } michael@0: michael@0: return SUCCESS; michael@0: } michael@0: michael@0: /************************************************************************ michael@0: * Cipher and Mechanism name-bitmask translation tables michael@0: */ michael@0: michael@0: typedef struct { michael@0: const char *name; michael@0: unsigned long mask; michael@0: } MaskString; michael@0: michael@0: michael@0: static const MaskString cipherStrings[] = { michael@0: {"FORTEZZA", PUBLIC_CIPHER_FORTEZZA_FLAG} michael@0: }; michael@0: static const int numCipherStrings = michael@0: sizeof(cipherStrings) / sizeof(cipherStrings[0]); michael@0: michael@0: /* Initialized by LoadMechanismList */ michael@0: static MaskString *mechanismStrings = NULL; michael@0: static int numMechanismStrings = 0; michael@0: const static PK11DefaultArrayEntry *pk11_DefaultArray = NULL; michael@0: static int pk11_DefaultArraySize = 0; michael@0: michael@0: /* Maximum length of a colon-separated list of all the strings in an michael@0: * array. */ michael@0: #define MAX_STRING_LIST_LEN 240 /* or less */ michael@0: michael@0: michael@0: Error michael@0: LoadMechanismList(void) michael@0: { michael@0: int i; michael@0: michael@0: if (pk11_DefaultArray == NULL) { michael@0: pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize); michael@0: if (pk11_DefaultArray == NULL) { michael@0: /* should assert. This shouldn't happen */ michael@0: return UNSPECIFIED_ERR; michael@0: } michael@0: } michael@0: if (mechanismStrings != NULL) { michael@0: return SUCCESS; michael@0: } michael@0: michael@0: /* build the mechanismStrings array */ michael@0: mechanismStrings = PORT_NewArray(MaskString, pk11_DefaultArraySize); michael@0: if (mechanismStrings == NULL) { michael@0: return OUT_OF_MEM_ERR; michael@0: } michael@0: numMechanismStrings = pk11_DefaultArraySize; michael@0: for (i = 0; i < numMechanismStrings; i++) { michael@0: const char *name = pk11_DefaultArray[i].name; michael@0: unsigned long flag = pk11_DefaultArray[i].flag; michael@0: /* map new name to old */ michael@0: switch (flag) { michael@0: case SECMOD_FORTEZZA_FLAG: michael@0: name = "FORTEZZA"; michael@0: break; michael@0: case SECMOD_SHA1_FLAG: michael@0: name = "SHA1"; michael@0: break; michael@0: case SECMOD_CAMELLIA_FLAG: michael@0: name = "CAMELLIA"; michael@0: break; michael@0: case SECMOD_RANDOM_FLAG: michael@0: name = "RANDOM"; michael@0: break; michael@0: case SECMOD_FRIENDLY_FLAG: michael@0: name = "FRIENDLY"; michael@0: break; michael@0: default: michael@0: break; michael@0: } michael@0: mechanismStrings[i].name = name; michael@0: mechanismStrings[i].mask = SECMOD_InternaltoPubMechFlags(flag); michael@0: } michael@0: return SUCCESS; michael@0: } michael@0: michael@0: /************************************************************************ michael@0: * michael@0: * g e t F l a g s F r o m S t r i n g michael@0: * michael@0: * Parses a mechanism list passed on the command line and converts it michael@0: * to an unsigned long bitmask. michael@0: * string is a colon-separated string of constants michael@0: * array is an array of MaskStrings. michael@0: * elements is the number of elements in array. michael@0: */ michael@0: static unsigned long michael@0: getFlagsFromString(char *string, const MaskString array[], int elements) michael@0: { michael@0: unsigned long ret = 0; michael@0: short i = 0; michael@0: char *cp; michael@0: char *buf; michael@0: char *end; michael@0: michael@0: if(!string || !string[0]) { michael@0: return ret; michael@0: } michael@0: michael@0: /* Make a temporary copy of the string */ michael@0: buf = PR_Malloc(strlen(string)+1); michael@0: if(!buf) { michael@0: out_of_memory(); michael@0: } michael@0: strcpy(buf, string); michael@0: michael@0: /* Look at each element of the list passed in */ michael@0: for(cp=buf; cp && *cp; cp = (end ? end+1 : NULL) ) { michael@0: /* Look at the string up to the next colon */ michael@0: end = strchr(cp, ':'); michael@0: if(end) { michael@0: *end = '\0'; michael@0: } michael@0: michael@0: /* Find which element this is */ michael@0: for(i=0; i < elements; i++) { michael@0: if( !PORT_Strcasecmp(cp, array[i].name) ) { michael@0: break; michael@0: } michael@0: } michael@0: if(i == elements) { michael@0: /* Skip a bogus string, but print a warning message */ michael@0: PR_fprintf(PR_STDERR, errStrings[INVALID_CONSTANT_ERR], cp); michael@0: continue; michael@0: } michael@0: ret |= array[i].mask; michael@0: } michael@0: michael@0: PR_Free(buf); michael@0: return ret; michael@0: } michael@0: michael@0: /********************************************************************** michael@0: * michael@0: * g e t S t r i n g F r o m F l a g s michael@0: * michael@0: * The return string's memory is owned by this function. Copy it michael@0: * if you need it permanently or you want to change it. michael@0: */ michael@0: static char * michael@0: getStringFromFlags(unsigned long flags, const MaskString array[], int elements) michael@0: { michael@0: static char buf[MAX_STRING_LIST_LEN]; michael@0: int i; michael@0: int count=0; michael@0: michael@0: buf[0] = '\0'; michael@0: for(i=0; iloaded ? module->slotCount : 0; michael@0: int i; michael@0: michael@0: if ((*count)++) { michael@0: PR_fprintf(PR_STDOUT,"\n"); michael@0: } michael@0: PR_fprintf(PR_STDOUT, "%3d. %s\n", *count, module->commonName); michael@0: michael@0: if (module->dllName) { michael@0: PR_fprintf(PR_STDOUT, "\tlibrary name: %s\n", module->dllName); michael@0: } michael@0: michael@0: if (slotCount == 0) { michael@0: PR_fprintf(PR_STDOUT, michael@0: "\t slots: There are no slots attached to this module\n"); michael@0: } else { michael@0: PR_fprintf(PR_STDOUT, "\t slots: %d slot%s attached\n", michael@0: slotCount, (slotCount==1 ? "" : "s") ); michael@0: } michael@0: michael@0: if (module->loaded == 0) { michael@0: PR_fprintf(PR_STDOUT, "\tstatus: Not loaded\n"); michael@0: } else { michael@0: PR_fprintf(PR_STDOUT, "\tstatus: loaded\n"); michael@0: } michael@0: michael@0: /* Print slot and token names */ michael@0: for (i = 0; i < slotCount; i++) { michael@0: PK11SlotInfo *slot = module->slots[i]; michael@0: michael@0: PR_fprintf(PR_STDOUT, "\n"); michael@0: PR_fprintf(PR_STDOUT, "\t slot: %s\n", PK11_GetSlotName(slot)); michael@0: PR_fprintf(PR_STDOUT, "\ttoken: %s\n", PK11_GetTokenName(slot)); michael@0: } michael@0: return; michael@0: } michael@0: michael@0: /************************************************************************ michael@0: * michael@0: * L i s t M o d u l e s michael@0: * michael@0: * Lists all the modules in the database, along with their slots and tokens. michael@0: */ michael@0: Error michael@0: ListModules() michael@0: { michael@0: SECMODListLock *lock; michael@0: SECMODModuleList *list; michael@0: SECMODModuleList *deadlist; michael@0: SECMODModuleList *mlp; michael@0: Error ret=UNSPECIFIED_ERR; michael@0: int count = 0; michael@0: michael@0: lock = SECMOD_GetDefaultModuleListLock(); michael@0: if(!lock) { michael@0: PR_fprintf(PR_STDERR, errStrings[NO_LIST_LOCK_ERR]); michael@0: return NO_LIST_LOCK_ERR; michael@0: } michael@0: michael@0: SECMOD_GetReadLock(lock); michael@0: michael@0: list = SECMOD_GetDefaultModuleList(); michael@0: deadlist = SECMOD_GetDeadModuleList(); michael@0: if (!list && !deadlist) { michael@0: PR_fprintf(PR_STDERR, errStrings[NO_MODULE_LIST_ERR]); michael@0: ret = NO_MODULE_LIST_ERR; michael@0: goto loser; michael@0: } michael@0: michael@0: PR_fprintf(PR_STDOUT, michael@0: "\nListing of PKCS #11 Modules\n" michael@0: "-----------------------------------------------------------\n"); michael@0: michael@0: for(mlp=list; mlp != NULL; mlp = mlp->next) { michael@0: printModule(mlp->module, &count); michael@0: } michael@0: for (mlp=deadlist; mlp != NULL; mlp = mlp->next) { michael@0: printModule(mlp->module, &count); michael@0: } michael@0: michael@0: michael@0: PR_fprintf(PR_STDOUT, michael@0: "-----------------------------------------------------------\n"); michael@0: michael@0: ret = SUCCESS; michael@0: michael@0: loser: michael@0: SECMOD_ReleaseReadLock(lock); michael@0: return ret; michael@0: } michael@0: michael@0: /* Strings describing PK11DisableReasons */ michael@0: static char *disableReasonStr[] = { michael@0: "no reason", michael@0: "user disabled", michael@0: "could not initialize token", michael@0: "could not verify token", michael@0: "token not present" michael@0: }; michael@0: static int numDisableReasonStr = michael@0: sizeof(disableReasonStr) / sizeof(disableReasonStr[0]); michael@0: michael@0: /*********************************************************************** michael@0: * michael@0: * L i s t M o d u l e michael@0: * michael@0: * Lists detailed information about the named module. michael@0: */ michael@0: Error michael@0: ListModule(char *moduleName) michael@0: { michael@0: SECMODModule *module = NULL; michael@0: PK11SlotInfo *slot; michael@0: int slotnum; michael@0: CK_INFO modinfo; michael@0: CK_SLOT_INFO slotinfo; michael@0: CK_TOKEN_INFO tokeninfo; michael@0: char *ciphers, *mechanisms; michael@0: PK11DisableReasons reason; michael@0: Error rv = SUCCESS; michael@0: michael@0: if(!moduleName) { michael@0: return SUCCESS; michael@0: } michael@0: michael@0: module = SECMOD_FindModule(moduleName); michael@0: if(!module) { michael@0: PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName); michael@0: rv = NO_SUCH_MODULE_ERR; michael@0: goto loser; michael@0: } michael@0: michael@0: if ((module->loaded) && michael@0: (PK11_GetModInfo(module, &modinfo) != SECSuccess)) { michael@0: PR_fprintf(PR_STDERR, errStrings[MOD_INFO_ERR], moduleName); michael@0: rv = MOD_INFO_ERR; michael@0: goto loser; michael@0: } michael@0: michael@0: /* Module info */ michael@0: PR_fprintf(PR_STDOUT, michael@0: "\n-----------------------------------------------------------\n"); michael@0: PR_fprintf(PR_STDOUT, "Name: %s\n", module->commonName); michael@0: if(module->internal || !module->dllName) { michael@0: PR_fprintf(PR_STDOUT, "Library file: **Internal ONLY module**\n"); michael@0: } else { michael@0: PR_fprintf(PR_STDOUT, "Library file: %s\n", module->dllName); michael@0: } michael@0: michael@0: if (module->loaded) { michael@0: PR_fprintf(PR_STDOUT, "Manufacturer: %.32s\n", modinfo.manufacturerID); michael@0: PR_fprintf(PR_STDOUT, "Description: %.32s\n", modinfo.libraryDescription); michael@0: PR_fprintf(PR_STDOUT, "PKCS #11 Version %d.%d\n", michael@0: modinfo.cryptokiVersion.major, modinfo.cryptokiVersion.minor); michael@0: PR_fprintf(PR_STDOUT, "Library Version: %d.%d\n", michael@0: modinfo.libraryVersion.major, modinfo.libraryVersion.minor); michael@0: } else { michael@0: PR_fprintf(PR_STDOUT, "* Module not loaded\n"); michael@0: } michael@0: /* Get cipher and mechanism flags */ michael@0: ciphers = getStringFromFlags(module->ssl[0], cipherStrings, michael@0: numCipherStrings); michael@0: if(ciphers[0] == '\0') { michael@0: ciphers = "None"; michael@0: } michael@0: PR_fprintf(PR_STDOUT, "Cipher Enable Flags: %s\n", ciphers); michael@0: mechanisms = NULL; michael@0: if (module->slotCount > 0) { michael@0: mechanisms = getStringFromFlags( michael@0: PK11_GetDefaultFlags(module->slots[0]), michael@0: mechanismStrings, numMechanismStrings); michael@0: } michael@0: if ((mechanisms==NULL) || (mechanisms[0] =='\0')) { michael@0: mechanisms = "None"; michael@0: } michael@0: PR_fprintf(PR_STDOUT, "Default Mechanism Flags: %s\n", mechanisms); michael@0: michael@0: #define PAD " " michael@0: michael@0: /* Loop over each slot */ michael@0: for (slotnum=0; slotnum < module->slotCount; slotnum++) { michael@0: slot = module->slots[slotnum]; michael@0: if (PK11_GetSlotInfo(slot, &slotinfo) != SECSuccess) { michael@0: PR_fprintf(PR_STDERR, errStrings[SLOT_INFO_ERR], michael@0: PK11_GetSlotName(slot)); michael@0: rv = SLOT_INFO_ERR; michael@0: continue; michael@0: } michael@0: michael@0: /* Slot Info */ michael@0: PR_fprintf(PR_STDOUT, "\n"PAD"Slot: %s\n", PK11_GetSlotName(slot)); michael@0: mechanisms = getStringFromFlags(PK11_GetDefaultFlags(slot), michael@0: mechanismStrings, numMechanismStrings); michael@0: if(mechanisms[0] =='\0') { michael@0: mechanisms = "None"; michael@0: } michael@0: PR_fprintf(PR_STDOUT, PAD"Slot Mechanism Flags: %s\n", mechanisms); michael@0: PR_fprintf(PR_STDOUT, PAD"Manufacturer: %.32s\n", michael@0: slotinfo.manufacturerID); michael@0: if (PK11_IsHW(slot)) { michael@0: PR_fprintf(PR_STDOUT, PAD"Type: Hardware\n"); michael@0: } else { michael@0: PR_fprintf(PR_STDOUT, PAD"Type: Software\n"); michael@0: } michael@0: PR_fprintf(PR_STDOUT, PAD"Version Number: %d.%d\n", michael@0: slotinfo.hardwareVersion.major, slotinfo.hardwareVersion.minor); michael@0: PR_fprintf(PR_STDOUT, PAD"Firmware Version: %d.%d\n", michael@0: slotinfo.firmwareVersion.major, slotinfo.firmwareVersion.minor); michael@0: if (PK11_IsDisabled(slot)) { michael@0: reason = PK11_GetDisabledReason(slot); michael@0: if(reason < numDisableReasonStr) { michael@0: PR_fprintf(PR_STDOUT, PAD"Status: DISABLED (%s)\n", michael@0: disableReasonStr[reason]); michael@0: } else { michael@0: PR_fprintf(PR_STDOUT, PAD"Status: DISABLED\n"); michael@0: } michael@0: } else { michael@0: PR_fprintf(PR_STDOUT, PAD"Status: Enabled\n"); michael@0: } michael@0: michael@0: if(PK11_GetTokenInfo(slot, &tokeninfo) != SECSuccess) { michael@0: PR_fprintf(PR_STDERR, errStrings[TOKEN_INFO_ERR], michael@0: PK11_GetTokenName(slot)); michael@0: rv = TOKEN_INFO_ERR; michael@0: continue; michael@0: } michael@0: michael@0: /* Token Info */ michael@0: PR_fprintf(PR_STDOUT, PAD"Token Name: %.32s\n", michael@0: tokeninfo.label); michael@0: PR_fprintf(PR_STDOUT, PAD"Token Manufacturer: %.32s\n", michael@0: tokeninfo.manufacturerID); michael@0: PR_fprintf(PR_STDOUT, PAD"Token Model: %.16s\n", tokeninfo.model); michael@0: PR_fprintf(PR_STDOUT, PAD"Token Serial Number: %.16s\n", michael@0: tokeninfo.serialNumber); michael@0: PR_fprintf(PR_STDOUT, PAD"Token Version: %d.%d\n", michael@0: tokeninfo.hardwareVersion.major, tokeninfo.hardwareVersion.minor); michael@0: PR_fprintf(PR_STDOUT, PAD"Token Firmware Version: %d.%d\n", michael@0: tokeninfo.firmwareVersion.major, tokeninfo.firmwareVersion.minor); michael@0: if(tokeninfo.flags & CKF_WRITE_PROTECTED) { michael@0: PR_fprintf(PR_STDOUT, PAD"Access: Write Protected\n"); michael@0: } else { michael@0: PR_fprintf(PR_STDOUT, PAD"Access: NOT Write Protected\n"); michael@0: } michael@0: if(tokeninfo.flags & CKF_LOGIN_REQUIRED) { michael@0: PR_fprintf(PR_STDOUT, PAD"Login Type: Login required\n"); michael@0: } else { michael@0: PR_fprintf(PR_STDOUT, PAD michael@0: "Login Type: Public (no login required)\n"); michael@0: } michael@0: if(tokeninfo.flags & CKF_USER_PIN_INITIALIZED) { michael@0: PR_fprintf(PR_STDOUT, PAD"User Pin: Initialized\n"); michael@0: } else { michael@0: PR_fprintf(PR_STDOUT, PAD"User Pin: NOT Initialized\n"); michael@0: } michael@0: } michael@0: PR_fprintf(PR_STDOUT, michael@0: "\n-----------------------------------------------------------\n"); michael@0: loser: michael@0: if (module) { michael@0: SECMOD_DestroyModule(module); michael@0: } michael@0: return rv; michael@0: } michael@0: michael@0: /************************************************************************ michael@0: * michael@0: * C h a n g e P W michael@0: */ michael@0: Error michael@0: ChangePW(char *tokenName, char *pwFile, char *newpwFile) michael@0: { michael@0: char *oldpw=NULL, *newpw=NULL, *newpw2=NULL; michael@0: PK11SlotInfo *slot; michael@0: Error ret=UNSPECIFIED_ERR; michael@0: PRBool matching; michael@0: michael@0: slot = PK11_FindSlotByName(tokenName); michael@0: if(!slot) { michael@0: PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], tokenName); michael@0: return NO_SUCH_TOKEN_ERR; michael@0: } michael@0: michael@0: /* Get old password */ michael@0: if(! PK11_NeedUserInit(slot)) { michael@0: if(pwFile) { michael@0: oldpw = SECU_FilePasswd(NULL, PR_FALSE, pwFile); michael@0: if(PK11_CheckUserPassword(slot, oldpw) != SECSuccess) { michael@0: PR_fprintf(PR_STDERR, errStrings[BAD_PW_ERR]); michael@0: ret=BAD_PW_ERR; michael@0: goto loser; michael@0: } michael@0: } else { michael@0: for(matching=PR_FALSE; !matching; ) { michael@0: oldpw = SECU_GetPasswordString(NULL, "Enter old password: "); michael@0: if(PK11_CheckUserPassword(slot, oldpw) == SECSuccess) { michael@0: matching = PR_TRUE; michael@0: } else { michael@0: PR_fprintf(PR_STDOUT, msgStrings[BAD_PW_MSG]); michael@0: } michael@0: } michael@0: } michael@0: } michael@0: michael@0: /* Get new password */ michael@0: if(newpwFile) { michael@0: newpw = SECU_FilePasswd(NULL, PR_FALSE, newpwFile); michael@0: } else { michael@0: for(matching=PR_FALSE; !matching; ) { michael@0: newpw = SECU_GetPasswordString(NULL, "Enter new password: "); michael@0: newpw2 = SECU_GetPasswordString(NULL, "Re-enter new password: "); michael@0: if(strcmp(newpw, newpw2)) { michael@0: PR_fprintf(PR_STDOUT, msgStrings[PW_MATCH_MSG]); michael@0: } else { michael@0: matching = PR_TRUE; michael@0: } michael@0: } michael@0: } michael@0: michael@0: /* Change the password */ michael@0: if(PK11_NeedUserInit(slot)) { michael@0: if(PK11_InitPin(slot, NULL /*ssopw*/, newpw) != SECSuccess) { michael@0: PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName); michael@0: ret = CHANGEPW_FAILED_ERR; michael@0: goto loser; michael@0: } michael@0: } else { michael@0: if(PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) { michael@0: PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName); michael@0: ret = CHANGEPW_FAILED_ERR; michael@0: goto loser; michael@0: } michael@0: } michael@0: michael@0: PR_fprintf(PR_STDOUT, msgStrings[CHANGEPW_SUCCESS_MSG], tokenName); michael@0: ret = SUCCESS; michael@0: michael@0: loser: michael@0: if(oldpw) { michael@0: memset(oldpw, 0, strlen(oldpw)); michael@0: PORT_Free(oldpw); michael@0: } michael@0: if(newpw) { michael@0: memset(newpw, 0, strlen(newpw)); michael@0: PORT_Free(newpw); michael@0: } michael@0: if(newpw2) { michael@0: memset(newpw2, 0, strlen(newpw2)); michael@0: PORT_Free(newpw2); michael@0: } michael@0: PK11_FreeSlot(slot); michael@0: michael@0: return ret; michael@0: } michael@0: michael@0: /*********************************************************************** michael@0: * michael@0: * E n a b l e M o d u l e michael@0: * michael@0: * If enable==PR_TRUE, enables the module or slot. michael@0: * If enable==PR_FALSE, disables the module or slot. michael@0: * moduleName is the name of the module. michael@0: * slotName is the name of the slot. It is optional. michael@0: */ michael@0: Error michael@0: EnableModule(char *moduleName, char *slotName, PRBool enable) michael@0: { michael@0: int i; michael@0: SECMODModule *module = NULL; michael@0: PK11SlotInfo *slot = NULL; michael@0: PRBool found = PR_FALSE; michael@0: Error rv; michael@0: michael@0: module = SECMOD_FindModule(moduleName); michael@0: if(!module) { michael@0: PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName); michael@0: rv = NO_SUCH_MODULE_ERR; michael@0: goto loser; michael@0: } michael@0: michael@0: for(i=0; i < module->slotCount; i++) { michael@0: slot = module->slots[i]; michael@0: if(slotName && strcmp(PK11_GetSlotName(slot), slotName)) { michael@0: /* Not the right slot */ michael@0: continue; michael@0: } michael@0: if(enable) { michael@0: if(! PK11_UserEnableSlot(slot)) { michael@0: PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR], michael@0: "enable", PK11_GetSlotName(slot)); michael@0: rv = ENABLE_FAILED_ERR; michael@0: goto loser; michael@0: } else { michael@0: found = PR_TRUE; michael@0: PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG], michael@0: PK11_GetSlotName(slot), "enabled"); michael@0: } michael@0: } else { michael@0: if(! PK11_UserDisableSlot(slot)) { michael@0: PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR], michael@0: "disable", PK11_GetSlotName(slot)); michael@0: rv = ENABLE_FAILED_ERR; michael@0: goto loser; michael@0: } else { michael@0: found = PR_TRUE; michael@0: PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG], michael@0: PK11_GetSlotName(slot), "disabled"); michael@0: } michael@0: } michael@0: } michael@0: michael@0: if(slotName && !found) { michael@0: PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName); michael@0: rv = NO_SUCH_SLOT_ERR; michael@0: goto loser; michael@0: } michael@0: michael@0: /* Delete and re-add module to save changes */ michael@0: if( SECMOD_UpdateModule(module) != SECSuccess ) { michael@0: PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], moduleName); michael@0: rv = UPDATE_MOD_FAILED_ERR; michael@0: goto loser; michael@0: } michael@0: michael@0: rv = SUCCESS; michael@0: loser: michael@0: if (module) { michael@0: SECMOD_DestroyModule(module); michael@0: } michael@0: return rv; michael@0: } michael@0: michael@0: /************************************************************************* michael@0: * michael@0: * S e t D e f a u l t M o d u l e michael@0: * michael@0: */ michael@0: Error michael@0: SetDefaultModule(char *moduleName, char *slotName, char *mechanisms) michael@0: { michael@0: SECMODModule *module = NULL; michael@0: PK11SlotInfo *slot; michael@0: int s, i; michael@0: unsigned long mechFlags = getFlagsFromString(mechanisms, mechanismStrings, michael@0: numMechanismStrings); michael@0: PRBool found = PR_FALSE; michael@0: Error errcode = UNSPECIFIED_ERR; michael@0: michael@0: mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags); michael@0: michael@0: module = SECMOD_FindModule(moduleName); michael@0: if(!module) { michael@0: PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName); michael@0: errcode = NO_SUCH_MODULE_ERR; michael@0: goto loser; michael@0: } michael@0: michael@0: /* Go through each slot */ michael@0: for(s=0; s < module->slotCount; s++) { michael@0: slot = module->slots[s]; michael@0: michael@0: if ((slotName != NULL) && michael@0: !((strcmp(PK11_GetSlotName(slot),slotName) == 0) || michael@0: (strcmp(PK11_GetTokenName(slot),slotName) == 0)) ) { michael@0: /* we are only interested in changing the one slot */ michael@0: continue; michael@0: } michael@0: michael@0: found = PR_TRUE; michael@0: michael@0: /* Go through each mechanism */ michael@0: for(i=0; i < pk11_DefaultArraySize; i++) { michael@0: if(pk11_DefaultArray[i].flag & mechFlags) { michael@0: /* Enable this default mechanism */ michael@0: PK11_UpdateSlotAttribute(slot, &(pk11_DefaultArray[i]), michael@0: PR_TRUE); michael@0: } michael@0: } michael@0: } michael@0: if (slotName && !found) { michael@0: PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName); michael@0: errcode = NO_SUCH_SLOT_ERR; michael@0: goto loser; michael@0: } michael@0: michael@0: /* Delete and re-add module to save changes */ michael@0: if( SECMOD_UpdateModule(module) != SECSuccess ) { michael@0: PR_fprintf(PR_STDERR, errStrings[DEFAULT_FAILED_ERR], michael@0: moduleName); michael@0: errcode = DEFAULT_FAILED_ERR; michael@0: goto loser; michael@0: } michael@0: michael@0: PR_fprintf(PR_STDOUT, msgStrings[DEFAULT_SUCCESS_MSG]); michael@0: michael@0: errcode = SUCCESS; michael@0: loser: michael@0: if (module) { michael@0: SECMOD_DestroyModule(module); michael@0: } michael@0: return errcode; michael@0: } michael@0: michael@0: /************************************************************************ michael@0: * michael@0: * U n s e t D e f a u l t M o d u l e michael@0: */ michael@0: Error michael@0: UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms) michael@0: { michael@0: SECMODModule * module = NULL; michael@0: PK11SlotInfo *slot; michael@0: int s, i; michael@0: unsigned long mechFlags = getFlagsFromString(mechanisms, michael@0: mechanismStrings, numMechanismStrings); michael@0: PRBool found = PR_FALSE; michael@0: Error rv; michael@0: michael@0: mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags); michael@0: michael@0: module = SECMOD_FindModule(moduleName); michael@0: if(!module) { michael@0: PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName); michael@0: rv = NO_SUCH_MODULE_ERR; michael@0: goto loser; michael@0: } michael@0: michael@0: for(s=0; s < module->slotCount; s++) { michael@0: slot = module->slots[s]; michael@0: if ((slotName != NULL) && michael@0: !((strcmp(PK11_GetSlotName(slot),slotName) == 0) || michael@0: (strcmp(PK11_GetTokenName(slot),slotName) == 0)) ) { michael@0: /* we are only interested in changing the one slot */ michael@0: continue; michael@0: } michael@0: for(i=0; i < pk11_DefaultArraySize ; i++) { michael@0: if(pk11_DefaultArray[i].flag & mechFlags) { michael@0: PK11_UpdateSlotAttribute(slot, &(pk11_DefaultArray[i]), michael@0: PR_FALSE); michael@0: } michael@0: } michael@0: } michael@0: if (slotName && !found) { michael@0: PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName); michael@0: rv = NO_SUCH_SLOT_ERR; michael@0: goto loser; michael@0: } michael@0: michael@0: /* Delete and re-add module to save changes */ michael@0: if( SECMOD_UpdateModule(module) != SECSuccess ) { michael@0: PR_fprintf(PR_STDERR, errStrings[UNDEFAULT_FAILED_ERR], michael@0: moduleName); michael@0: rv = UNDEFAULT_FAILED_ERR; michael@0: goto loser; michael@0: } michael@0: michael@0: PR_fprintf(PR_STDOUT, msgStrings[UNDEFAULT_SUCCESS_MSG]); michael@0: rv = SUCCESS; michael@0: loser: michael@0: if (module) { michael@0: SECMOD_DestroyModule(module); michael@0: } michael@0: return rv; michael@0: }