Fixes for smart card cache. Don't do cache searches by email address,…

… since GetAttributeValue does not set that field. Handle removal correctly for item at tail of list. Don't search token after a successful cache search that returned zero hits.
sailfishos-mirror · Apr 19, 2002 · 0d82f84 · 0d82f84
1 parent 6414b7e
commit 0d82f84
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 18 deletions.
diff --git a/security/nss/lib/dev/devm.h b/security/nss/lib/dev/devm.h
@@ -171,7 +171,8 @@ nssTokenObjectCache_FindObjectsByTemplate
   CK_OBJECT_CLASS objclass,
   CK_ATTRIBUTE_PTR otemplate,
   CK_ULONG otlen,
-  PRUint32 maximumOpt
+  PRUint32 maximumOpt,
+  PRStatus *statusOpt
 );
 
 NSS_EXTERN PRStatus

diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c
@@ -488,19 +488,22 @@ find_objects_by_template
     if (token->cache && 
         nssTokenObjectCache_HaveObjectClass(token->cache, objclass)) 
     {
+	PRStatus status;
 	objects = nssTokenObjectCache_FindObjectsByTemplate(token->cache,
 	                                                    objclass,
 	                                                    obj_template,
 	                                                    otsize,
-	                                                    maximumOpt);
-	if (statusOpt) *statusOpt = PR_SUCCESS;
+	                                                    maximumOpt,
+	                                                    &status);
+	if (status == PR_SUCCESS) {
+	    if (statusOpt) *statusOpt = status;
+	    return objects;
+	}
     }
     /* Either they are not cached, or cache failed; look on token. */
-    if (!objects) {
-	objects = find_objects(token, sessionOpt, 
-	                       obj_template, otsize, 
-	                       maximumOpt, statusOpt);
-    }
+    objects = find_objects(token, sessionOpt, 
+                           obj_template, otsize, 
+                           maximumOpt, statusOpt);
     return objects;
 }
 
@@ -670,6 +673,12 @@ nssToken_FindCertificatesByNickname
     return objects;
 }
 
+/* XXX
+ * This function *does not* use the token object cache, because not even
+ * the softoken will return a value for CKA_NETSCAPE_EMAIL from a call
+ * to GetAttributes.  The softoken does allow searches with that attribute,
+ * it just won't return a value for it.
+ */
 NSS_IMPLEMENT nssCryptokiObject **
 nssToken_FindCertificatesByEmail
 (
@@ -696,9 +705,9 @@ nssToken_FindCertificatesByEmail
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
     NSS_CK_TEMPLATE_FINISH(email_template, attr, etsize);
     /* now locate the token certs matching this template */
-    objects = find_objects_by_template(token, sessionOpt,
-                                       email_template, etsize,
-                                       maximumOpt, statusOpt);
+    objects = find_objects(token, sessionOpt,
+                           email_template, etsize,
+                           maximumOpt, statusOpt);
     if (!objects) {
 	/* This is to workaround the fact that PKCS#11 doesn't specify
 	 * whether the '\0' should be included.  XXX Is that still true?
@@ -707,9 +716,9 @@ nssToken_FindCertificatesByEmail
 	 * well, its needed by the builtin token...
 	 */
 	email_template[0].ulValueLen++;
-	objects = find_objects_by_template(token, sessionOpt,
-	                                   email_template, etsize,
-	                                   maximumOpt, statusOpt);
+	objects = find_objects(token, sessionOpt,
+	                       email_template, etsize,
+	                       maximumOpt, statusOpt);
     }
     return objects;
 }

diff --git a/security/nss/lib/dev/devutil.c b/security/nss/lib/dev/devutil.c
@@ -1052,7 +1052,8 @@ nssTokenObjectCache_FindObjectsByTemplate
   CK_OBJECT_CLASS objclass,
   CK_ATTRIBUTE_PTR otemplate,
   CK_ULONG otlen,
-  PRUint32 maximumOpt
+  PRUint32 maximumOpt,
+  PRStatus *statusOpt
 )
 {
     PRStatus status = PR_FAILURE;
@@ -1093,6 +1094,9 @@ nssTokenObjectCache_FindObjectsByTemplate
     }
 finish:
     PZ_Unlock(cache->lock);
+    if (statusOpt) {
+	*statusOpt = status;
+    }
     return rvObjects;
 }
 
@@ -1301,11 +1305,11 @@ nssTokenObjectCache_RemoveObject
 	    break;
 	}
     }
-    PZ_Unlock(cache->lock);
-    if (swp && *swp == NULL) {
-	nss_ZFreeIf(swp); /* the only entry */
+    if (cache->objects[oType] && cache->objects[oType][0] == NULL) {
+	nss_ZFreeIf(cache->objects[oType]); /* no entries remaining */
 	cache->objects[oType] = NULL;
     }
+    PZ_Unlock(cache->lock);
     return PR_SUCCESS;
 }
 

diff --git a/security/nss/lib/pk11wrap/dev3hack.c b/security/nss/lib/pk11wrap/dev3hack.c
@@ -255,6 +255,9 @@ nssSlot_IsLoggedIn
   NSSSlot *slot
 )
 {
+    if (!slot->pk11slot->needLogin) {
+	return PR_TRUE;
+    }
     return PK11_IsLoggedIn(slot->pk11slot, NULL);
 }