Fix for 132461 - add better functions to load and remove modules dyna…

…mically r=relyea
sailfishos-mirror · Mar 21, 2002 · 6932ce1 · 6932ce1
1 parent f379dc6
commit 6932ce1
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 9 deletions.
diff --git a/security/nss/lib/pk11wrap/pk11pars.c b/security/nss/lib/pk11wrap/pk11pars.c
@@ -272,6 +272,9 @@ SECMOD_FreeModuleSpecList(SECMODModule *parent, char **moduleSpecList)
     return SECSuccess;
 }
 
+/* internal function that loads a PKCS#11 module but does not add it to the
+   default NSS trust domain */
+
 SECMODModule *
 SECMOD_LoadModule(char *modulespec,SECMODModule *parent, PRBool recurse)
 {
@@ -349,3 +352,43 @@ SECMOD_LoadModule(char *modulespec,SECMODModule *parent, PRBool recurse)
     }
     return module;
 }
+
+/* exported function that loads a PKCS#11 module and adds it to the default
+   NSS trust domain */
+
+SECMODModule *
+SECMOD_LoadUserModule(char *modulespec,SECMODModule *parent, PRBool recurse)
+{
+    SECStatus rv = SECSuccess;
+    SECMODModule * newmod = SECMOD_LoadModule(modulespec, parent, recurse);
+    if (newmod)
+    {
+        rv = STAN_AddModuleToDefaultTrustDomain(newmod);
+        if (SECSuccess != rv)
+        {
+            SECMOD_DestroyModule(newmod);
+            return NULL;
+        }
+    }
+    return newmod;
+}
+
+/* exported call that removes the PKCS#11 module from the default NSS trust
+   domain, call C_Finalize, and destroy the module structure */
+
+SECStatus SECMOD_UnloadUserModule(SECMODModule *mod)
+{
+    SECStatus rv = SECSuccess;
+    int atype = 0;
+    if (!mod)
+    {
+        return SECFailure;
+    }
+    rv = STAN_AddModuleToDefaultTrustDomain(mod);
+    if (SECSuccess != rv)
+    {
+        return SECFailure;
+    }
+    return SECMOD_DeleteModuleEx(NULL, mod, &atype, PR_FALSE);
+}
+
diff --git a/security/nss/lib/pk11wrap/pk11util.c b/security/nss/lib/pk11wrap/pk11util.c
@@ -224,12 +224,13 @@ PK11SlotInfo *SECMOD_LookupSlot(SECMODModuleID moduleID,CK_SLOT_ID slotID) {
     return NULL;
 }
 
-
 /*
- * find a module by name and delete it of the module list
+ * find a module by name or module pointer, and delete it off the module list
+ * optionally remove it from secmod.db
  */
+
 SECStatus
-SECMOD_DeleteModule(char *name, int *type) {
+SECMOD_DeleteModuleEx(char * name, SECMODModule *mod, int *type, PRBool permdb) {
     SECMODModuleList *mlp;
     SECMODModuleList **mlpp;
     SECStatus rv = SECFailure;
@@ -240,7 +241,8 @@ SECMOD_DeleteModule(char *name, int *type) {
     SECMOD_GetWriteLock(moduleLock);
     for(mlpp = &modules,mlp = modules; 
 				mlp != NULL; mlpp = &mlp->next, mlp = *mlpp) {
-	if (PORT_Strcmp(name,mlp->module->commonName) == 0) {
+        if ( ( name && (PORT_Strcmp(name,mlp->module->commonName) == 0) ) ||
+             mod == mlp->module ) {
 	    /* don't delete the internal module */
 	    if (!mlp->module->internal) {
 		SECMOD_RemoveList(mlpp,mlp);
@@ -256,14 +258,23 @@ SECMOD_DeleteModule(char *name, int *type) {
     }
     SECMOD_ReleaseWriteLock(moduleLock);
 
-
     if (rv == SECSuccess) {
- 	SECMOD_DeletePermDB(mlp->module);
+        if (permdb) {
+ 	    SECMOD_DeletePermDB(mlp->module);
+        }
 	SECMOD_DestroyModuleListElement(mlp);
     }
     return rv;
 }
 
+/*
+ * find a module by name and delete it of the module list
+ */
+SECStatus
+SECMOD_DeleteModule(char *name, int *type) {
+    return SECMOD_DeleteModuleEx(name, NULL, type, PR_TRUE);
+}
+
 /*
  * find a module by name and delete it of the module list
  */
@@ -329,7 +340,7 @@ SECMOD_DeleteInternalModule(char *name) {
 }
 
 SECStatus
-SECMOD_AddModule(SECMODModule *newModule) {
+SECMOD_AddModuleEx(SECMODModule *newModule, PRBool permdb) {
     SECStatus rv;
     SECMODModule *oldModule;
 
@@ -353,14 +364,21 @@ SECMOD_AddModule(SECMODModule *newModule) {
 	newModule->parent = SECMOD_ReferenceModule(defaultDBModule);
     }
 
-    SECMOD_AddPermDB(newModule);
+    if (permdb) {
+        SECMOD_AddPermDB(newModule);
+    }
     SECMOD_AddModuleToList(newModule);
 
     rv = STAN_AddModuleToDefaultTrustDomain(newModule);
 
     return rv;
 }
 
+SECStatus
+SECMOD_AddModule(SECMODModule *newModule) {
+    return SECMOD_AddModuleEx(newModule, PR_TRUE);
+}
+
 PK11SlotInfo *SECMOD_FindSlot(SECMODModule *module,char *name) {
     int i;
     char *string;

diff --git a/security/nss/lib/pk11wrap/secmod.h b/security/nss/lib/pk11wrap/secmod.h
@@ -81,8 +81,11 @@ SEC_BEGIN_PROTOS
  */
 
 /* Initialization */
-extern SECMODModule *SECMOD_LoadModule(char *moduleSpec,SECMODModule *parent,
+extern SECMODModule *SECMOD_LoadUserModule(char *moduleSpec,SECMODModule *parent,
 							PRBool recurse);
+
+SECStatus SECMOD_UnloadUserModule(SECMODModule *mod);
+
 SECMODModule * SECMOD_CreateModule(char *lib, char *name, char *param, 
 								char *nss);
 extern void SECMOD_Shutdown(void);
@@ -91,6 +94,7 @@ extern void SECMOD_Shutdown(void);
 /* Module Management */
 char **SECMOD_GetModuleSpecList(SECMODModule *module);
 SECStatus SECMOD_FreeModuleSpecList(SECMODModule *module,char **moduleSpecList);
+
 
 /* protoypes */
 extern SECMODModuleList *SECMOD_GetDefaultModuleList(void);

diff --git a/security/nss/lib/pk11wrap/secmodi.h b/security/nss/lib/pk11wrap/secmodi.h
@@ -74,6 +74,7 @@ extern SECMODModuleList *SECMOD_NewModuleListElement(void);
 extern SECMODModuleList *SECMOD_DestroyModuleListElement(SECMODModuleList *);
 extern void SECMOD_DestroyModuleList(SECMODModuleList *);
 extern SECStatus SECMOD_AddModule(SECMODModule *newModule);
+SECStatus SECMOD_DeleteModuleEx(char * name, SECMODModule *mod, int *type, PRBool permdb);
 
 extern unsigned long SECMOD_PubCipherFlagstoInternal(unsigned long publicFlags);
 extern unsigned long SECMOD_InternaltoPubCipherFlags(unsigned long internalFlags);