Fix bug 128347 - add -string argument to pass strings to PKCS#11 modules upon addition

3 files changed, 22 insertions, 6 deletions

diff --git a/security/nss/cmd/modutil/modutil.c b/security/nss/cmd/modutil/modutil.c
index b3505f7fc..bba34e69e 100644
--- a/security/nss/cmd/modutil/modutil.c
+++ b/security/nss/cmd/modutil/modutil.c
@@ -108,6 +108,7 @@ typedef enum {
 	TEMPDIR_ARG,
 	SECMOD_ARG,
 	NOCERTDB_ARG,
+	STRING_ARG,
 
 	NUM_ARGS	/* must be last */
 } Arg;
@@ -139,7 +140,8 @@ static char *optionStrings[] = {
 	"-installdir",
 	"-tempdir",
 	"-secmod",
-	"-nocertdb"
+	"-nocertdb",
+	"-string",
 };
 
 /* Increment i if doing so would have i still be less than j.  If you
@@ -161,6 +163,7 @@ static char* tokenName = NULL;
 static char* libFile = NULL;
 static char* dbdir = NULL;
 static char* dbprefix = "";
+static char* secmodString = NULL;
 static char* mechanisms = NULL;
 static char* ciphers = NULL;
 static char* fipsArg = NULL;
@@ -470,6 +473,17 @@ parse_args(int argc, char *argv[])
 			}
 			secmodName = argv[i];
 			break;
+                case STRING_ARG:
+			if(secmodString != NULL) {
+				PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+				return DUPLICATE_OPTION_ERR;
+			}
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			secmodString = argv[i];
+			break;
 		}
 	}
 	return SUCCESS;
@@ -709,6 +723,7 @@ usage()
 "   [-ciphers CIPHER_LIST]        Enable the given ciphers on this module\n"
 "   [-mechanisms MECHANISM_LIST]  Make the module a default provider of the\n"
 "                                 given mechanisms\n"
+"   [-string CONFIG_STRING]       Pass a configuration string to this module\n"
 "-changepw TOKEN                  Change the password on the named token\n"
 "   [-pwfile FILE]                The old password is in this file\n"
 "   [-newpwfile FILE]             The new password is in this file\n"
@@ -853,7 +868,7 @@ main(int argc, char *argv[])
 	/* Execute the command */
 	switch(command) {
 	case ADD_COMMAND:
-		errcode = AddModule(moduleName, libFile, ciphers, mechanisms);
+		errcode = AddModule(moduleName, libFile, ciphers, mechanisms, secmodString);
 		break;
 	case CHANGEPW_COMMAND:
 		errcode = ChangePW(tokenName, pwFile, newpwFile);
diff --git a/security/nss/cmd/modutil/modutil.h b/security/nss/cmd/modutil/modutil.h
index 16c58fb49..89b8a204a 100644
--- a/security/nss/cmd/modutil/modutil.h
+++ b/security/nss/cmd/modutil/modutil.h
@@ -51,7 +51,7 @@
 
 Error FipsMode(char *arg);
 Error AddModule(char *moduleName, char *libFile, char *ciphers,
-	char *mechanisms);
+      char *mechanisms, char* modparms);
 Error DeleteModule(char *moduleName);
 Error ListModule(char *moduleName);
 Error ListModules();
diff --git a/security/nss/cmd/modutil/pk11.c b/security/nss/cmd/modutil/pk11.c
index 5831dde48..07c4d44a5 100644
--- a/security/nss/cmd/modutil/pk11.c
+++ b/security/nss/cmd/modutil/pk11.c
@@ -221,7 +221,7 @@ getStringFromFlags(unsigned long flags, MaskString array[], int elements)
  */
 Error
 AddModule(char *moduleName, char *libFile, char *cipherString,
-	char *mechanismString)
+	char *mechanismString, char* modparms)
 {
 	unsigned long ciphers;
 	unsigned long mechanisms;
@@ -234,9 +234,10 @@ AddModule(char *moduleName, char *libFile, char *cipherString,
 		getFlagsFromString(cipherString, cipherStrings, numCipherStrings);
 
 	status =
-		SECMOD_AddNewModule(moduleName, libFile,
+		SECMOD_AddNewModuleEx(moduleName, libFile,
 		  SECMOD_PubMechFlagstoInternal(mechanisms),
-		  SECMOD_PubCipherFlagstoInternal(ciphers) );
+		  SECMOD_PubCipherFlagstoInternal(ciphers),
+                  modparms, NULL );
 
 	if(status != SECSuccess) {
                 char* errtxt=NULL;