2008-06-06 05:40:11 -07:00
|
|
|
/* ***** BEGIN LICENSE BLOCK *****
|
|
|
|
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
|
|
|
*
|
|
|
|
* The contents of this file are subject to the Mozilla Public License Version
|
|
|
|
* 1.1 (the "License"); you may not use this file except in compliance with
|
|
|
|
* the License. You may obtain a copy of the License at
|
|
|
|
* http://www.mozilla.org/MPL/
|
|
|
|
*
|
|
|
|
* Software distributed under the License is distributed on an "AS IS" basis,
|
|
|
|
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
|
|
* for the specific language governing rights and limitations under the
|
|
|
|
* License.
|
|
|
|
*
|
|
|
|
* The Original Code is the Netscape security libraries.
|
|
|
|
*
|
|
|
|
* The Initial Developer of the Original Code is
|
|
|
|
* Netscape Communications Corporation.
|
|
|
|
* Portions created by the Initial Developer are Copyright (C) 1994-2000
|
|
|
|
* the Initial Developer. All Rights Reserved.
|
|
|
|
*
|
|
|
|
* Contributor(s):
|
|
|
|
*
|
|
|
|
* Alternatively, the contents of this file may be used under the terms of
|
|
|
|
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
|
|
|
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
|
|
|
* in which case the provisions of the GPL or the LGPL are applicable instead
|
|
|
|
* of those above. If you wish to allow use of your version of this file only
|
|
|
|
* under the terms of either the GPL or the LGPL, and not to allow others to
|
|
|
|
* use your version of this file under the terms of the MPL, indicate your
|
|
|
|
* decision by deleting the provisions above and replace them with the notice
|
|
|
|
* and other provisions required by the GPL or the LGPL. If you do not delete
|
|
|
|
* the provisions above, a recipient may use your version of this file under
|
|
|
|
* the terms of any one of the MPL, the GPL or the LGPL.
|
|
|
|
*
|
|
|
|
* ***** END LICENSE BLOCK ***** */
|
|
|
|
|
|
|
|
#ifdef DEBUG
|
2010-02-07 03:54:28 -08:00
|
|
|
static const char CVS_ID[] = "@(#) $RCSfile: devslot.c,v $ $Revision: 1.26 $ $Date: 2010/01/08 02:00:58 $";
|
2008-06-06 05:40:11 -07:00
|
|
|
#endif /* DEBUG */
|
|
|
|
|
2010-02-07 03:54:28 -08:00
|
|
|
#include "pkcs11.h"
|
2008-06-06 05:40:11 -07:00
|
|
|
|
|
|
|
#ifndef DEVM_H
|
|
|
|
#include "devm.h"
|
|
|
|
#endif /* DEVM_H */
|
|
|
|
|
|
|
|
#ifndef CKHELPER_H
|
|
|
|
#include "ckhelper.h"
|
|
|
|
#endif /* CKHELPER_H */
|
|
|
|
|
2008-08-14 21:12:54 -07:00
|
|
|
#include "pk11pub.h"
|
|
|
|
|
2008-06-06 05:40:11 -07:00
|
|
|
/* measured in seconds */
|
|
|
|
#define NSSSLOT_TOKEN_DELAY_TIME 1
|
|
|
|
|
|
|
|
/* this should track global and per-transaction login information */
|
|
|
|
|
|
|
|
#define NSSSLOT_IS_FRIENDLY(slot) \
|
|
|
|
(slot->base.flags & NSSSLOT_FLAGS_FRIENDLY)
|
|
|
|
|
|
|
|
/* measured as interval */
|
|
|
|
static PRIntervalTime s_token_delay_time = 0;
|
|
|
|
|
|
|
|
/* The flags needed to open a read-only session. */
|
|
|
|
static const CK_FLAGS s_ck_readonly_flags = CKF_SERIAL_SESSION;
|
|
|
|
|
|
|
|
NSS_IMPLEMENT PRStatus
|
|
|
|
nssSlot_Destroy (
|
|
|
|
NSSSlot *slot
|
|
|
|
)
|
|
|
|
{
|
|
|
|
if (slot) {
|
|
|
|
if (PR_AtomicDecrement(&slot->base.refCount) == 0) {
|
|
|
|
PZ_DestroyLock(slot->base.lock);
|
|
|
|
return nssArena_Destroy(slot->base.arena);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return PR_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
nssSlot_EnterMonitor(NSSSlot *slot)
|
|
|
|
{
|
|
|
|
if (slot->lock) {
|
|
|
|
PZ_Lock(slot->lock);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
nssSlot_ExitMonitor(NSSSlot *slot)
|
|
|
|
{
|
|
|
|
if (slot->lock) {
|
|
|
|
PZ_Unlock(slot->lock);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
NSS_IMPLEMENT void
|
|
|
|
NSSSlot_Destroy (
|
|
|
|
NSSSlot *slot
|
|
|
|
)
|
|
|
|
{
|
|
|
|
(void)nssSlot_Destroy(slot);
|
|
|
|
}
|
|
|
|
|
|
|
|
NSS_IMPLEMENT NSSSlot *
|
|
|
|
nssSlot_AddRef (
|
|
|
|
NSSSlot *slot
|
|
|
|
)
|
|
|
|
{
|
|
|
|
PR_AtomicIncrement(&slot->base.refCount);
|
|
|
|
return slot;
|
|
|
|
}
|
|
|
|
|
|
|
|
NSS_IMPLEMENT NSSUTF8 *
|
|
|
|
nssSlot_GetName (
|
|
|
|
NSSSlot *slot
|
|
|
|
)
|
|
|
|
{
|
|
|
|
return slot->base.name;
|
|
|
|
}
|
|
|
|
|
|
|
|
NSS_IMPLEMENT NSSUTF8 *
|
|
|
|
nssSlot_GetTokenName (
|
|
|
|
NSSSlot *slot
|
|
|
|
)
|
|
|
|
{
|
|
|
|
return nssToken_GetName(slot->token);
|
|
|
|
}
|
|
|
|
|
|
|
|
NSS_IMPLEMENT void
|
|
|
|
nssSlot_ResetDelay (
|
|
|
|
NSSSlot *slot
|
|
|
|
)
|
|
|
|
{
|
|
|
|
slot->lastTokenPing = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static PRBool
|
|
|
|
within_token_delay_period(NSSSlot *slot)
|
|
|
|
{
|
|
|
|
PRIntervalTime time, lastTime;
|
|
|
|
/* Set the delay time for checking the token presence */
|
|
|
|
if (s_token_delay_time == 0) {
|
|
|
|
s_token_delay_time = PR_SecondsToInterval(NSSSLOT_TOKEN_DELAY_TIME);
|
|
|
|
}
|
|
|
|
time = PR_IntervalNow();
|
|
|
|
lastTime = slot->lastTokenPing;
|
|
|
|
if ((lastTime) && ((time - lastTime) < s_token_delay_time)) {
|
|
|
|
return PR_TRUE;
|
|
|
|
}
|
|
|
|
slot->lastTokenPing = time;
|
|
|
|
return PR_FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
NSS_IMPLEMENT PRBool
|
|
|
|
nssSlot_IsTokenPresent (
|
|
|
|
NSSSlot *slot
|
|
|
|
)
|
|
|
|
{
|
|
|
|
CK_RV ckrv;
|
|
|
|
PRStatus nssrv;
|
|
|
|
/* XXX */
|
|
|
|
nssSession *session;
|
|
|
|
CK_SLOT_INFO slotInfo;
|
|
|
|
void *epv;
|
2008-08-14 21:12:54 -07:00
|
|
|
/* permanent slots are always present unless they're disabled */
|
2008-06-06 05:40:11 -07:00
|
|
|
if (nssSlot_IsPermanent(slot)) {
|
2008-08-14 21:12:54 -07:00
|
|
|
return !PK11_IsDisabled(slot->pk11slot);
|
2008-06-06 05:40:11 -07:00
|
|
|
}
|
|
|
|
/* avoid repeated calls to check token status within set interval */
|
|
|
|
if (within_token_delay_period(slot)) {
|
2008-08-14 21:12:54 -07:00
|
|
|
return ((slot->ckFlags & CKF_TOKEN_PRESENT) != 0);
|
2008-06-06 05:40:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
/* First obtain the slot info */
|
|
|
|
epv = slot->epv;
|
|
|
|
if (!epv) {
|
|
|
|
return PR_FALSE;
|
|
|
|
}
|
|
|
|
nssSlot_EnterMonitor(slot);
|
|
|
|
ckrv = CKAPI(epv)->C_GetSlotInfo(slot->slotID, &slotInfo);
|
|
|
|
nssSlot_ExitMonitor(slot);
|
|
|
|
if (ckrv != CKR_OK) {
|
|
|
|
slot->token->base.name[0] = 0; /* XXX */
|
|
|
|
return PR_FALSE;
|
|
|
|
}
|
|
|
|
slot->ckFlags = slotInfo.flags;
|
|
|
|
/* check for the presence of the token */
|
|
|
|
if ((slot->ckFlags & CKF_TOKEN_PRESENT) == 0) {
|
|
|
|
if (!slot->token) {
|
2008-08-14 21:12:54 -07:00
|
|
|
/* token was never present */
|
2008-06-06 05:40:11 -07:00
|
|
|
return PR_FALSE;
|
|
|
|
}
|
|
|
|
session = nssToken_GetDefaultSession(slot->token);
|
2008-08-14 21:12:54 -07:00
|
|
|
if (session) {
|
|
|
|
nssSession_EnterMonitor(session);
|
|
|
|
/* token is not present */
|
|
|
|
if (session->handle != CK_INVALID_SESSION) {
|
|
|
|
/* session is valid, close and invalidate it */
|
|
|
|
CKAPI(epv)->C_CloseSession(session->handle);
|
|
|
|
session->handle = CK_INVALID_SESSION;
|
|
|
|
}
|
|
|
|
nssSession_ExitMonitor(session);
|
2008-06-06 05:40:11 -07:00
|
|
|
}
|
|
|
|
if (slot->token->base.name[0] != 0) {
|
|
|
|
/* notify the high-level cache that the token is removed */
|
|
|
|
slot->token->base.name[0] = 0; /* XXX */
|
|
|
|
nssToken_NotifyCertsNotVisible(slot->token);
|
|
|
|
}
|
|
|
|
slot->token->base.name[0] = 0; /* XXX */
|
|
|
|
/* clear the token cache */
|
|
|
|
nssToken_Remove(slot->token);
|
|
|
|
return PR_FALSE;
|
|
|
|
}
|
|
|
|
/* token is present, use the session info to determine if the card
|
|
|
|
* has been removed and reinserted.
|
|
|
|
*/
|
|
|
|
session = nssToken_GetDefaultSession(slot->token);
|
2008-08-14 21:12:54 -07:00
|
|
|
if (session) {
|
2009-01-20 19:43:31 -08:00
|
|
|
PRBool isPresent = PR_FALSE;
|
2008-08-14 21:12:54 -07:00
|
|
|
nssSession_EnterMonitor(session);
|
|
|
|
if (session->handle != CK_INVALID_SESSION) {
|
|
|
|
CK_SESSION_INFO sessionInfo;
|
|
|
|
ckrv = CKAPI(epv)->C_GetSessionInfo(session->handle, &sessionInfo);
|
|
|
|
if (ckrv != CKR_OK) {
|
|
|
|
/* session is screwy, close and invalidate it */
|
|
|
|
CKAPI(epv)->C_CloseSession(session->handle);
|
|
|
|
session->handle = CK_INVALID_SESSION;
|
|
|
|
}
|
2008-06-06 05:40:11 -07:00
|
|
|
}
|
2009-01-20 19:43:31 -08:00
|
|
|
isPresent = session->handle != CK_INVALID_SESSION;
|
2008-08-14 21:12:54 -07:00
|
|
|
nssSession_ExitMonitor(session);
|
|
|
|
/* token not removed, finished */
|
2009-01-20 19:43:31 -08:00
|
|
|
if (isPresent)
|
2008-08-14 21:12:54 -07:00
|
|
|
return PR_TRUE;
|
|
|
|
}
|
|
|
|
/* the token has been removed, and reinserted, or the slot contains
|
|
|
|
* a token it doesn't recognize. invalidate all the old
|
|
|
|
* information we had on this token, if we can't refresh, clear
|
|
|
|
* the present flag */
|
|
|
|
nssToken_NotifyCertsNotVisible(slot->token);
|
|
|
|
nssToken_Remove(slot->token);
|
|
|
|
/* token has been removed, need to refresh with new session */
|
|
|
|
nssrv = nssSlot_Refresh(slot);
|
|
|
|
if (nssrv != PR_SUCCESS) {
|
|
|
|
slot->token->base.name[0] = 0; /* XXX */
|
|
|
|
slot->ckFlags &= ~CKF_TOKEN_PRESENT;
|
|
|
|
return PR_FALSE;
|
2008-06-06 05:40:11 -07:00
|
|
|
}
|
2008-08-14 21:12:54 -07:00
|
|
|
return PR_TRUE;
|
2008-06-06 05:40:11 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
NSS_IMPLEMENT void *
|
|
|
|
nssSlot_GetCryptokiEPV (
|
|
|
|
NSSSlot *slot
|
|
|
|
)
|
|
|
|
{
|
|
|
|
return slot->epv;
|
|
|
|
}
|
|
|
|
|
|
|
|
NSS_IMPLEMENT NSSToken *
|
|
|
|
nssSlot_GetToken (
|
|
|
|
NSSSlot *slot
|
|
|
|
)
|
|
|
|
{
|
|
|
|
if (nssSlot_IsTokenPresent(slot)) {
|
|
|
|
return nssToken_AddRef(slot->token);
|
|
|
|
}
|
|
|
|
return (NSSToken *)NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
NSS_IMPLEMENT PRStatus
|
|
|
|
nssSession_EnterMonitor (
|
|
|
|
nssSession *s
|
|
|
|
)
|
|
|
|
{
|
|
|
|
if (s->lock) PZ_Lock(s->lock);
|
|
|
|
return PR_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
NSS_IMPLEMENT PRStatus
|
|
|
|
nssSession_ExitMonitor (
|
|
|
|
nssSession *s
|
|
|
|
)
|
|
|
|
{
|
|
|
|
return (s->lock) ? PZ_Unlock(s->lock) : PR_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
NSS_EXTERN PRBool
|
|
|
|
nssSession_IsReadWrite (
|
|
|
|
nssSession *s
|
|
|
|
)
|
|
|
|
{
|
|
|
|
return s->isRW;
|
|
|
|
}
|
|
|
|
|