Bug 1395495, modutil: Initialize DB with empty password on -create, r…

…=kaie
sailfishos-mirror · Sep 15, 2017 · 840ed75 · 840ed75
1 parent f82b6c3
commit 840ed75
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 2 deletions.
diff --git a/cmd/modutil/error.h b/cmd/modutil/error.h
@@ -57,6 +57,7 @@ typedef enum {
     UNSPECIFIED_ERR,
     NOCERTDB_MISUSE_ERR,
     NSS_INITIALIZE_FAILED_ERR,
+    INITPW_FAILED_ERR,
 
     LAST_ERR /* must be last */
 } Error;
@@ -110,7 +111,8 @@ static char *errStrings[] = {
     "ERROR: Unable to read from standard input.\n",
     "ERROR: Unknown error occurred.\n",
     "ERROR: -nocertdb option can only be used with the -jar command.\n",
-    "ERROR: NSS_Initialize() failed.\n"
+    "ERROR: NSS_Initialize() failed.\n",
+    "ERROR: Unable to set initial password on the database.\n"
 };
 
 typedef enum {

diff --git a/cmd/modutil/modutil.c b/cmd/modutil/modutil.c
@@ -865,7 +865,7 @@ main(int argc, char* argv[])
             errcode = ChangePW(tokenName, pwFile, newpwFile);
             break;
         case CREATE_COMMAND:
-            /* The work was already done in init_crypto() */
+            errcode = InitPW();
             break;
         case DEFAULT_COMMAND:
             errcode = SetDefaultModule(moduleName, slotName, mechanisms);

diff --git a/cmd/modutil/modutil.h b/cmd/modutil/modutil.h
@@ -29,6 +29,7 @@ Error AddModule(char *moduleName, char *libFile, char *ciphers,
 Error DeleteModule(char *moduleName);
 Error ListModule(char *moduleName);
 Error ListModules();
+Error InitPW(void);
 Error ChangePW(char *tokenName, char *pwFile, char *newpwFile);
 Error EnableModule(char *moduleName, char *slotName, PRBool enable);
 Error RawAddModule(char *dbmodulespec, char *modulespec);

diff --git a/cmd/modutil/pk11.c b/cmd/modutil/pk11.c
@@ -668,6 +668,39 @@ ListModule(char *moduleName)
     return rv;
 }
 
+/************************************************************************
+ *
+ * I n i t P W
+ */
+Error
+InitPW(void)
+{
+    PK11SlotInfo *slot;
+    Error ret = UNSPECIFIED_ERR;
+
+    slot = PK11_GetInternalKeySlot();
+    if (!slot) {
+        PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], "internal");
+        return NO_SUCH_TOKEN_ERR;
+    }
+
+    /* Set the initial password to empty */
+    if (PK11_NeedUserInit(slot)) {
+        if (PK11_InitPin(slot, NULL, "") != SECSuccess) {
+            PR_fprintf(PR_STDERR, errStrings[INITPW_FAILED_ERR]);
+            ret = INITPW_FAILED_ERR;
+            goto loser;
+        }
+    }
+
+    ret = SUCCESS;
+
+loser:
+    PK11_FreeSlot(slot);
+
+    return ret;
+}
+
 /************************************************************************
  *
  * C h a n g e P W

diff --git a/tests/tools/tools.sh b/tests/tools/tools.sh
@@ -497,6 +497,19 @@ SIGNSCRIPT
 
 }
 
+tools_modutil()
+{
+  echo "$SCRIPTNAME: Test if DB created by modutil -create is initialized"
+  mkdir -p ${R_TOOLSDIR}/moddir
+  modu -create -dbdir "${R_TOOLSDIR}/moddir" 2>&1
+  ret=$?
+  ${BINDIR}/certutil -S -s 'CN=TestUser' -d "${TOOLSDIR}/moddir" -n TestUser \
+	   -x -t ',,' -z "${R_NOISE_FILE}"
+  ret=$?
+  html_msg $ret 0 "Test if DB created by modutil -create is initialized"
+  check_tmpfile
+}
+
 ############################## tools_cleanup ###########################
 # local shell function to finish this script (no exit since it might be 
 # sourced)
@@ -513,6 +526,7 @@ tools_cleanup()
 tools_init
 tools_p12
 tools_sign
+tools_modutil
 tools_cleanup