192 lines
5.7 KiB
Diff
192 lines
5.7 KiB
Diff
|
|
# HG changeset patch
|
|
# User Daiki Ueno <dueno@redhat.com>
|
|
# Date 1505483851 -7200
|
|
# Node ID 279b257c6433f1972d49c529247e6ed2633b979f
|
|
# Parent 88b6e9707b17c6b1ba5017cbf62e70bba58c2fcd
|
|
Bug 1395495, modutil: Initialize DB with empty password on -create, r=kaie
|
|
|
|
diff --git a/cmd/modutil/error.h b/cmd/modutil/error.h
|
|
--- a/cmd/modutil/error.h
|
|
+++ b/cmd/modutil/error.h
|
|
@@ -52,16 +52,17 @@ typedef enum {
|
|
ENABLE_FAILED_ERR,
|
|
UPDATE_MOD_FAILED_ERR,
|
|
DEFAULT_FAILED_ERR,
|
|
UNDEFAULT_FAILED_ERR,
|
|
STDIN_READ_ERR,
|
|
UNSPECIFIED_ERR,
|
|
NOCERTDB_MISUSE_ERR,
|
|
NSS_INITIALIZE_FAILED_ERR,
|
|
+ INITPW_FAILED_ERR,
|
|
|
|
LAST_ERR /* must be last */
|
|
} Error;
|
|
#define SUCCESS NO_ERR
|
|
|
|
/* !!! Should move this into its own .c and un-static it. */
|
|
static char *errStrings[] = {
|
|
"Operation completed successfully.\n",
|
|
@@ -105,17 +106,18 @@ static char *errStrings[] = {
|
|
"ERROR: Slot \"%s\" not found.\n",
|
|
"ERROR: Failed to %s slot \"%s\".\n",
|
|
"ERROR: Failed to update module \"%s\".\n",
|
|
"ERROR: Failed to change defaults.\n",
|
|
"ERROR: Failed to change default.\n",
|
|
"ERROR: Unable to read from standard input.\n",
|
|
"ERROR: Unknown error occurred.\n",
|
|
"ERROR: -nocertdb option can only be used with the -jar command.\n",
|
|
- "ERROR: NSS_Initialize() failed.\n"
|
|
+ "ERROR: NSS_Initialize() failed.\n",
|
|
+ "ERROR: Unable to set initial password on the database.\n"
|
|
};
|
|
|
|
typedef enum {
|
|
FIPS_ENABLED_MSG = 0,
|
|
FIPS_DISABLED_MSG,
|
|
USING_DBDIR_MSG,
|
|
CREATING_DB_MSG,
|
|
ADD_MODULE_SUCCESS_MSG,
|
|
diff --git a/cmd/modutil/modutil.c b/cmd/modutil/modutil.c
|
|
--- a/cmd/modutil/modutil.c
|
|
+++ b/cmd/modutil/modutil.c
|
|
@@ -860,17 +860,17 @@ main(int argc, char* argv[])
|
|
switch (command) {
|
|
case ADD_COMMAND:
|
|
errcode = AddModule(moduleName, libFile, ciphers, mechanisms, secmodString);
|
|
break;
|
|
case CHANGEPW_COMMAND:
|
|
errcode = ChangePW(tokenName, pwFile, newpwFile);
|
|
break;
|
|
case CREATE_COMMAND:
|
|
- /* The work was already done in init_crypto() */
|
|
+ errcode = InitPW();
|
|
break;
|
|
case DEFAULT_COMMAND:
|
|
errcode = SetDefaultModule(moduleName, slotName, mechanisms);
|
|
break;
|
|
case DELETE_COMMAND:
|
|
errcode = DeleteModule(moduleName);
|
|
break;
|
|
case DISABLE_COMMAND:
|
|
diff --git a/cmd/modutil/modutil.h b/cmd/modutil/modutil.h
|
|
--- a/cmd/modutil/modutil.h
|
|
+++ b/cmd/modutil/modutil.h
|
|
@@ -24,16 +24,17 @@
|
|
Error LoadMechanismList(void);
|
|
Error FipsMode(char *arg);
|
|
Error ChkFipsMode(char *arg);
|
|
Error AddModule(char *moduleName, char *libFile, char *ciphers,
|
|
char *mechanisms, char *modparms);
|
|
Error DeleteModule(char *moduleName);
|
|
Error ListModule(char *moduleName);
|
|
Error ListModules();
|
|
+Error InitPW(void);
|
|
Error ChangePW(char *tokenName, char *pwFile, char *newpwFile);
|
|
Error EnableModule(char *moduleName, char *slotName, PRBool enable);
|
|
Error RawAddModule(char *dbmodulespec, char *modulespec);
|
|
Error RawListModule(char *modulespec);
|
|
Error SetDefaultModule(char *moduleName, char *slotName, char *mechanisms);
|
|
Error UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms);
|
|
void out_of_memory(void);
|
|
|
|
diff --git a/cmd/modutil/pk11.c b/cmd/modutil/pk11.c
|
|
--- a/cmd/modutil/pk11.c
|
|
+++ b/cmd/modutil/pk11.c
|
|
@@ -665,16 +665,49 @@ loser:
|
|
if (module) {
|
|
SECMOD_DestroyModule(module);
|
|
}
|
|
return rv;
|
|
}
|
|
|
|
/************************************************************************
|
|
*
|
|
+ * I n i t P W
|
|
+ */
|
|
+Error
|
|
+InitPW(void)
|
|
+{
|
|
+ PK11SlotInfo *slot;
|
|
+ Error ret = UNSPECIFIED_ERR;
|
|
+
|
|
+ slot = PK11_GetInternalKeySlot();
|
|
+ if (!slot) {
|
|
+ PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], "internal");
|
|
+ return NO_SUCH_TOKEN_ERR;
|
|
+ }
|
|
+
|
|
+ /* Set the initial password to empty */
|
|
+ if (PK11_NeedUserInit(slot)) {
|
|
+ if (PK11_InitPin(slot, NULL, "") != SECSuccess) {
|
|
+ PR_fprintf(PR_STDERR, errStrings[INITPW_FAILED_ERR]);
|
|
+ ret = INITPW_FAILED_ERR;
|
|
+ goto loser;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ ret = SUCCESS;
|
|
+
|
|
+loser:
|
|
+ PK11_FreeSlot(slot);
|
|
+
|
|
+ return ret;
|
|
+}
|
|
+
|
|
+/************************************************************************
|
|
+ *
|
|
* C h a n g e P W
|
|
*/
|
|
Error
|
|
ChangePW(char *tokenName, char *pwFile, char *newpwFile)
|
|
{
|
|
char *oldpw = NULL, *newpw = NULL, *newpw2 = NULL;
|
|
PK11SlotInfo *slot;
|
|
Error ret = UNSPECIFIED_ERR;
|
|
diff --git a/tests/tools/tools.sh b/tests/tools/tools.sh
|
|
--- a/tests/tools/tools.sh
|
|
+++ b/tests/tools/tools.sh
|
|
@@ -492,27 +492,41 @@ SIGNSCRIPT
|
|
|
|
echo "$SCRIPTNAME: Show who signed xpi ------------------------------"
|
|
echo "signtool -w nojs.xpi -d ${P_R_SIGNDIR}"
|
|
${BINDIR}/signtool -w nojs.xpi -d ${P_R_SIGNDIR}
|
|
html_msg $? 0 "Show who signed xpi (signtool -w)"
|
|
|
|
}
|
|
|
|
+tools_modutil()
|
|
+{
|
|
+ echo "$SCRIPTNAME: Test if DB created by modutil -create is initialized"
|
|
+ mkdir -p ${R_TOOLSDIR}/moddir
|
|
+ modu -create -dbdir "${R_TOOLSDIR}/moddir" 2>&1
|
|
+ ret=$?
|
|
+ ${BINDIR}/certutil -S -s 'CN=TestUser' -d "${TOOLSDIR}/moddir" -n TestUser \
|
|
+ -x -t ',,' -z "${R_NOISE_FILE}"
|
|
+ ret=$?
|
|
+ html_msg $ret 0 "Test if DB created by modutil -create is initialized"
|
|
+ check_tmpfile
|
|
+}
|
|
+
|
|
############################## tools_cleanup ###########################
|
|
# local shell function to finish this script (no exit since it might be
|
|
# sourced)
|
|
########################################################################
|
|
tools_cleanup()
|
|
{
|
|
html "</TABLE><BR>"
|
|
cd ${QADIR}
|
|
. common/cleanup.sh
|
|
}
|
|
|
|
################## main #################################################
|
|
|
|
tools_init
|
|
tools_p12
|
|
tools_sign
|
|
+tools_modutil
|
|
tools_cleanup
|
|
|
|
|
|
|