diff options
| author | jpierre%netscape.com <devnull@localhost> | 2002-04-19 22:26:02 +0000 |
|---|---|---|
| committer | jpierre%netscape.com <devnull@localhost> | 2002-04-19 22:26:02 +0000 |
| commit | d235b05bddac449255f11138c09a740172bd871f (patch) | |
| tree | 52236a1275a9105ffa907f7fe97c5526ddccbb87 | |
| parent | 00149d628fbb405882d3f1d4d29c9e8a8aae1208 (diff) | |
| download | nss-hg-d235b05bddac449255f11138c09a740172bd871f.tar.gz | |
Two fixes from Bob Relyea for bug 138354 :
- make PK11_ListCerts authenticate to token
- make PK11_CheckPassword authenticate to token
| -rw-r--r-- | security/nss/lib/pk11wrap/pk11cert.c | 17 | ||||
| -rw-r--r-- | security/nss/lib/pk11wrap/pk11slot.c | 16 |
2 files changed, 31 insertions, 2 deletions
diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index 9611ff06f..60272e773 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -1015,7 +1015,9 @@ pk11_TraverseAllSlots( SECStatus (*callback)(PK11SlotInfo *,void *), rv = PK11_Authenticate(le->slot, PR_FALSE, wincx); if (rv != SECSuccess) continue; } - (*callback)(le->slot,arg); + if (callback) { + (*callback)(le->slot,arg); + } } PK11_FreeSlotList(list); @@ -3440,7 +3442,18 @@ PK11_ListCerts(PK11CertListType type, void *pwarg) listCerts.certList = certList; pk11cb.callback = pk11ListCertCallback; pk11cb.arg = &listCerts; - NSSTrustDomain_TraverseCertificates(defaultTD, convert_cert, &pk11cb); + + /* authenticate to the slots */ + (void) pk11_TraverseAllSlots( NULL, NULL, pwarg); +#ifdef notdef + if (type == PK11CertListUser) { + NSSTrustDomain_TraverseUserCertificates(defaultTD, convert_cert &pk11cb); + } else { + NSSTrustDomain_TraverseCertificates(defaultTD, convert_cert, &pk11cb); + } +#else + NSSTrustDomain_TraverseCertificates(defaultTD, convert_cert, &pk11cb); +#endif return certList; #endif } diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index cd2d29bd4..a934bc065 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -673,6 +673,14 @@ pk11_CheckPassword(PK11SlotInfo *slot,char *pw) PORT_SetError(PK11_MapError(crv)); rv = SECFailure; /* some failure we can't fix by retrying */ } + if (rv == SECSuccess) { + rv = pk11_CheckVerifyTest(slot); + if (rv == SECSuccess && slot->nssToken && !PK11_IsFriendly(slot)) { + /* notify stan about the login if certs are not public readable */ + nssToken_LoadCerts(slot->nssToken); + nssToken_UpdateTrustForCerts(slot->nssToken); + } + } return rv; } @@ -715,6 +723,14 @@ PK11_CheckUserPassword(PK11SlotInfo *slot,char *pw) PORT_SetError(PK11_MapError(crv)); rv = SECFailure; /* some failure we can't fix by retrying */ } + if (rv == SECSuccess) { + rv = pk11_CheckVerifyTest(slot); + if (rv == SECSuccess && slot->nssToken && !PK11_IsFriendly(slot)) { + /* notify stan about the login if certs are not public readable */ + nssToken_LoadCerts(slot->nssToken); + nssToken_UpdateTrustForCerts(slot->nssToken); + } + } return rv; } |