diff options
| author | julien.pierre.boogz%sun.com <devnull@localhost> | 2008-02-26 01:12:26 +0000 |
|---|---|---|
| committer | julien.pierre.boogz%sun.com <devnull@localhost> | 2008-02-26 01:12:26 +0000 |
| commit | 4b48f4cf40e4d0866880415caf43439bb4ca534c (patch) | |
| tree | 0015ec9d0be4393a440720d6e1da02d0e81fbdba | |
| parent | 71e311fddd7f45fa1a9c28c6b4c7831d3bd32228 (diff) | |
| download | nss-hg-4b48f4cf40e4d0866880415caf43439bb4ca534c.tar.gz | |
Fix for bug 416067 . certutil doesn't report token authentication failure . r=nelson,rrelyea
| -rw-r--r-- | security/nss/cmd/certutil/certutil.c | 43 |
1 files changed, 34 insertions, 9 deletions
diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index c4fd5662f..eeb132fed 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -358,7 +358,8 @@ AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts, if (PK11_IsFIPS() || !PK11_IsInternal(slot)) { rv = PK11_Authenticate(slot, PR_TRUE, pwdata); if (rv != SECSuccess) { - SECU_PrintError(progName, "could not authenticate to token or database"); + SECU_PrintError(progName, "could not authenticate to token %s.", + PK11_GetTokenName(slot)); GEN_BREAK(SECFailure); } } @@ -637,8 +638,14 @@ listCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot, CERTCertListNode *node; /* List certs on a non-internal slot. */ - if (!PK11_IsFriendly(slot) && PK11_NeedLogin(slot)) - PK11_Authenticate(slot, PR_TRUE, pwarg); + if (!PK11_IsFriendly(slot) && PK11_NeedLogin(slot)) { + SECStatus newrv = PK11_Authenticate(slot, PR_TRUE, pwarg); + if (newrv != SECSuccess) { + SECU_PrintError(progName, "could not authenticate to token %s.", + PK11_GetTokenName(slot)); + return SECFailure; + } + } if (name) { CERTCertificate *the_cert; the_cert = CERT_FindCertByNicknameOrEmailAddr(handle, name); @@ -944,8 +951,14 @@ ListKeysInSlot(PK11SlotInfo *slot, const char *nickName, KeyType keyType, SECKEYPrivateKeyListNode *node; int count = 0; - if (PK11_NeedLogin(slot)) - PK11_Authenticate(slot, PR_TRUE, pwarg); + if (PK11_NeedLogin(slot)) { + SECStatus rv = PK11_Authenticate(slot, PR_TRUE, pwarg); + if (rv != SECSuccess) { + SECU_PrintError(progName, "could not authenticate to token %s.", + PK11_GetTokenName(slot)); + return SECFailure; + } + } if (nickName && nickName[0]) list = PK11_ListPrivKeysInSlot(slot, (char *)nickName, pwarg); @@ -1036,8 +1049,14 @@ DeleteKey(char *nickname, secuPWData *pwdata) PK11SlotInfo *slot; slot = PK11_GetInternalKeySlot(); - if (PK11_NeedLogin(slot)) - PK11_Authenticate(slot, PR_TRUE, pwdata); + if (PK11_NeedLogin(slot)) { + SECStatus rv = PK11_Authenticate(slot, PR_TRUE, pwdata); + if (rv != SECSuccess) { + SECU_PrintError(progName, "could not authenticate to token %s.", + PK11_GetTokenName(slot)); + return SECFailure; + } + } cert = PK11_FindCertFromNickname(nickname, pwdata); if (!cert) { PK11_FreeSlot(slot); @@ -3009,8 +3028,14 @@ secuCommandFlag certutil_options[] = if (certutil.commands[cmd_CheckCertValidity].activated) { /* XXX temporary hack for fips - must log in to get priv key */ if (certutil.options[opt_VerifySig].activated) { - if (slot && PK11_NeedLogin(slot)) - PK11_Authenticate(slot, PR_TRUE, &pwdata); + if (slot && PK11_NeedLogin(slot)) { + SECStatus newrv = PK11_Authenticate(slot, PR_TRUE, &pwdata); + if (newrv != SECSuccess) { + SECU_PrintError(progName, "could not authenticate to token %s.", + PK11_GetTokenName(slot)); + goto shutdown; + } + } } rv = ValidateCert(certHandle, name, certutil.options[opt_ValidityTime].arg, |