diff options
| author | relyea%netscape.com <devnull@localhost> | 2002-02-12 01:33:41 +0000 |
|---|---|---|
| committer | relyea%netscape.com <devnull@localhost> | 2002-02-12 01:33:41 +0000 |
| commit | f857490bc949c02b83955271deeda4723fcde9d8 (patch) | |
| tree | 1381d42172433f28ddec5abf04d821d4147020ab | |
| parent | 880d16ba116784ea3a38f89f7fa52a02974a757e (diff) | |
| download | nss-hg-f857490bc949c02b83955271deeda4723fcde9d8.tar.gz | |
Load all slots into the trust domain, even if the tokens are empty.
Fix problems with the token caching code when tokens are removed.
| -rw-r--r-- | security/nss/lib/pki/pki3hack.c | 36 |
1 files changed, 21 insertions, 15 deletions
diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c index 189d7f076..af07779f0 100644 --- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -69,6 +69,7 @@ static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; #include "cert.h" #include "pk11func.h" #include "pkistore.h" +#include "secmod.h" /* if it's got more than 10 certs, it better handle traversal well */ #define NSSTOKEN_MAX_LOCAL_CERTS 10 @@ -133,6 +134,9 @@ static void cert_destructor(void *el) NSS_IMPLEMENT void nssToken_DestroyCertList(NSSToken *token) { + if (!token->certList) { + return; + } nssList_Clear(token->certList, cert_destructor); nssList_Destroy(token->certList); token->certList = NULL; @@ -174,10 +178,9 @@ nssToken_SearchCerts ) { if (!nssToken_IsPresent(token)) { - STAN_DestroyNSSToken(token); /* will free cached certs */ - } else { - return (token->certList == NULL); - } + nssToken_DestroyCertList(token); /* will free cached certs */ + } + return (PRBool) (token->certList == NULL); } NSS_IMPLEMENT PRStatus @@ -190,23 +193,24 @@ STAN_LoadDefaultNSS3TrustDomain NSSToken *token; PK11SlotList *list; PK11SlotListElement *le; + SECMODModuleList *mlp; + SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock(); + int i; + td = NSSTrustDomain_Create(NULL, NULL, NULL, NULL); if (!td) { return PR_FAILURE; } td->tokenList = nssList_Create(td->arena, PR_TRUE); - list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, NULL); - if (list) { - for (le = list->head; le; le = le->next) { - token = nssToken_CreateFromPK11SlotInfo(td, le->slot); - PK11Slot_SetNSSToken(le->slot, token); + SECMOD_GetReadLock(moduleLock); + for (mlp = SECMOD_GetDefaultModuleList(); mlp != NULL; mlp=mlp->next) { + for (i=0; i < mlp->module->slotCount; i++) { + token = nssToken_CreateFromPK11SlotInfo(td, mlp->module->slots[i]); + PK11Slot_SetNSSToken(mlp->module->slots[i], token); nssList_Add(td->tokenList, token); } - /* okay to free this, as the last reference is maintained in the - * global slot lists - */ - PK11_FreeSlotList(list); } + SECMOD_ReleaseReadLock(moduleLock); g_default_trust_domain = td; g_default_crypto_context = NSSTrustDomain_CreateCryptoContext(td, NULL); /* Cache hardware token certs with the token to make them persistent */ @@ -263,8 +267,10 @@ STAN_RemoveModuleFromDefaultTrustDomain td = STAN_GetDefaultTrustDomain(); for (i=0; i<module->slotCount; i++) { token = PK11Slot_GetNSSToken(module->slots[i]); - nssList_Remove(td->tokenList, token); - STAN_DestroyNSSToken(token); + if (token) { + nssList_Remove(td->tokenList, token); + STAN_DestroyNSSToken(token); + } } nssListIterator_Destroy(td->tokens); td->tokens = nssList_CreateIterator(td->tokenList); |