Fix for bug 423839 . Add multiple PKCS#11 token password command-line option to NSS tools. r=nelson

1 files changed, 16 insertions, 32 deletions

diff --git a/security/nss/cmd/tstclnt/tstclnt.c b/security/nss/cmd/tstclnt/tstclnt.c
index 6377c0236..24c57e787 100644
--- a/security/nss/cmd/tstclnt/tstclnt.c
+++ b/security/nss/cmd/tstclnt/tstclnt.c
@@ -38,7 +38,7 @@
 
 /*
 **
-** Sample client side test program that uses SSL and libsec
+** Sample client side test program that uses SSL and NSS
 **
 */
 
@@ -126,20 +126,7 @@ int renegotiate = 0;
 
 static char *progName;
 
-/* This exists only for the automated test suite. It allows us to
- * pass in a password on the command line. 
- */
-
-char *password = NULL;
-
-char * ownPasswd( PK11SlotInfo *slot, PRBool retry, void *arg)
-{
-	char *passwd = NULL;
-	if ( (!retry) && arg ) {
-		passwd = PL_strdup((char *)arg);
-	}
-	return passwd;
-}
+secuPWData  pwdata          = { PW_NONE, 0 };
 
 void printSecurityInfo(PRFileDesc *fd)
 {
@@ -203,7 +190,7 @@ static void Usage(const char *progName)
 {
     fprintf(stderr, 
 "Usage:  %s -h host [-p port] [-d certdir] [-n nickname] [-23BTfosvxr] \n"
-"                   [-c ciphers] [-w passwd] [-q]\n", progName);
+"                   [-c ciphers] [-w passwd] [-W pwfile] [-q]\n", progName);
     fprintf(stderr, "%-20s Hostname to connect with\n", "-h host");
     fprintf(stderr, "%-20s Port number for SSL server\n", "-p port");
     fprintf(stderr, 
@@ -523,7 +510,6 @@ int main(int argc, char **argv)
     PRSocketOptionData opt;
     PRNetAddr          addr;
     PRPollDesc         pollset[2];
-    PRBool             useCommandLinePassword = PR_FALSE;
     PRBool             pingServerFirst = PR_FALSE;
     PRBool             clientSpeaksFirst = PR_FALSE;
     PRBool             wrStarted = PR_FALSE;
@@ -548,7 +534,7 @@ int main(int argc, char **argv)
        }
     }
 
-    optstate = PL_CreateOptState(argc, argv, "23BTSfc:h:p:d:m:n:oqr:suvw:x");
+    optstate = PL_CreateOptState(argc, argv, "23BTSfc:h:p:d:m:n:oqr:suvw:xW:");
     while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 	switch (optstate->option) {
 	  case '?':
@@ -594,11 +580,16 @@ int main(int argc, char **argv)
 
 	  case 'r': renegotiate = atoi(optstate->value);	break;
 
-	  case 'w':
-		password = PORT_Strdup(optstate->value);
-		useCommandLinePassword = PR_TRUE;
+          case 'w':
+                pwdata.source = PW_PLAINTEXT;
+		pwdata.data = PORT_Strdup(optstate->value);
 		break;
 
+          case 'W':
+                pwdata.source = PW_FROMFILE;
+                pwdata.data = PORT_Strdup(optstate->value);
+                break;
+
 	  case 'x': useExportPolicy = 1; 		break;
 	}
     }
@@ -613,12 +604,7 @@ int main(int argc, char **argv)
 
     PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
 
-    /* set our password function */
-    if ( useCommandLinePassword ) {
-	PK11_SetPasswordFunc(ownPasswd);
-    } else {
-    	PK11_SetPasswordFunc(SECU_GetModulePassword);
-    }
+    PK11_SetPasswordFunc(SECU_GetModulePassword);
 
     /* open the cert DB, the key DB, and the secmod DB. */
     if (!certDir) {
@@ -843,9 +829,7 @@ int main(int argc, char **argv)
 	return 1;
     }
 
-    if (useCommandLinePassword) {
-	SSL_SetPKCS11PinArg(s, password);
-    }
+    SSL_SetPKCS11PinArg(s, &pwdata);
 
     SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle);
     if (override) {
@@ -1064,8 +1048,8 @@ int main(int argc, char **argv)
     if (nickname) {
         PORT_Free(nickname);
     }
-    if (password) {
-        PORT_Free(password);
+    if (pwdata.data) {
+        PORT_Free(pwdata.data);
     }
     PORT_Free(host);