Commit 924a1415 authored by Daiki Ueno's avatar Daiki Ueno

Bug 1507760, modutil: print warning when adding module while p11-kit is enabled, r=rrelyea

parent 3b1ea335
......@@ -131,6 +131,7 @@ typedef enum {
UNDEFAULT_SUCCESS_MSG,
BROWSER_RUNNING_MSG,
ABORTING_MSG,
P11_KIT_ENABLED_MSG,
LAST_MSG /* must be last */
} Message;
......
......@@ -138,7 +138,11 @@ char* msgStrings[] = {
"\ncorruption of your security databases. If the browser is currently running,"
"\nyou should exit browser before continuing this operation. Type "
"\n'q <enter>' to abort, or <enter> to continue: ",
"\nAborting...\n"
"\nAborting...\n",
"\nWARNING: Manually adding a module while p11-kit is enabled could cause"
"\nduplicate module registration in your security database. It is suggested "
"\nto configure the module through p11-kit configuration file instead.\n"
"\nType 'q <enter>' to abort, or <enter> to continue: "
};
/* Increment i if doing so would have i still be less than j. If you
......@@ -856,6 +860,28 @@ main(int argc, char* argv[])
goto loser;
}
/* Warn if we are adding a module while p11-kit is enabled in the
* database. */
if ((command == ADD_COMMAND || command == RAW_ADD_COMMAND) &&
IsP11KitEnabled()) {
char* response;
PR_fprintf(PR_STDOUT, msgStrings[P11_KIT_ENABLED_MSG]);
if (!PR_fgets(stdinbuf, STDINBUF_SIZE, PR_STDIN)) {
PR_fprintf(PR_STDERR, errStrings[STDIN_READ_ERR]);
errcode = STDIN_READ_ERR;
goto loser;
}
if ((response = strtok(stdinbuf, " \r\n\t"))) {
if (!PL_strcasecmp(response, "q")) {
PR_fprintf(PR_STDOUT, msgStrings[ABORTING_MSG]);
errcode = SUCCESS;
goto loser;
}
}
PR_fprintf(PR_STDOUT, "\n");
}
/* Execute the command */
switch (command) {
case ADD_COMMAND:
......
......@@ -36,6 +36,7 @@ Error RawAddModule(char *dbmodulespec, char *modulespec);
Error RawListModule(char *modulespec);
Error SetDefaultModule(char *moduleName, char *slotName, char *mechanisms);
Error UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms);
PRBool IsP11KitEnabled(void);
void out_of_memory(void);
#endif /*MODUTIL_H*/
......@@ -259,6 +259,55 @@ getStringFromFlags(unsigned long flags, const MaskString array[], int elements)
return buf;
}
static PRBool
IsP11KitProxyModule(SECMODModule *module)
{
CK_INFO modinfo;
static const char p11KitManufacturerID[33] =
"PKCS#11 Kit ";
static const char p11KitLibraryDescription[33] =
"PKCS#11 Kit Proxy Module ";
if (PK11_GetModInfo(module, &modinfo) == SECSuccess &&
PORT_Memcmp(modinfo.manufacturerID,
p11KitManufacturerID,
sizeof(modinfo.manufacturerID)) == 0 &&
PORT_Memcmp(modinfo.libraryDescription,
p11KitLibraryDescription,
sizeof(modinfo.libraryDescription)) == 0) {
return PR_TRUE;
}
return PR_FALSE;
}
PRBool
IsP11KitEnabled(void)
{
SECMODListLock *lock;
SECMODModuleList *mlp;
PRBool found = PR_FALSE;
lock = SECMOD_GetDefaultModuleListLock();
if (!lock) {
PR_fprintf(PR_STDERR, errStrings[NO_LIST_LOCK_ERR]);
return found;
}
SECMOD_GetReadLock(lock);
mlp = SECMOD_GetDefaultModuleList();
for (; mlp != NULL; mlp = mlp->next) {
if (IsP11KitProxyModule(mlp->module)) {
found = PR_TRUE;
break;
}
}
SECMOD_ReleaseReadLock(lock);
return found;
}
/**********************************************************************
*
* A d d M o d u l e
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment