diff options
Diffstat (limited to 'security/nss/lib/dev/devslot.c')
-rw-r--r-- | security/nss/lib/dev/devslot.c | 296 |
1 files changed, 296 insertions, 0 deletions
diff --git a/security/nss/lib/dev/devslot.c b/security/nss/lib/dev/devslot.c new file mode 100644 index 000000000..4ba45bfc2 --- /dev/null +++ b/security/nss/lib/dev/devslot.c @@ -0,0 +1,296 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; +#endif /* DEBUG */ + +#ifndef NSSCKEPV_H +#include "nssckepv.h" +#endif /* NSSCKEPV_H */ + +#ifndef DEVM_H +#include "devm.h" +#endif /* DEVM_H */ + +#ifndef CKHELPER_H +#include "ckhelper.h" +#endif /* CKHELPER_H */ + +#include "pk11pub.h" + +/* measured in seconds */ +#define NSSSLOT_TOKEN_DELAY_TIME 1 + +/* this should track global and per-transaction login information */ + +#define NSSSLOT_IS_FRIENDLY(slot) \ + (slot->base.flags & NSSSLOT_FLAGS_FRIENDLY) + +/* measured as interval */ +static PRIntervalTime s_token_delay_time = 0; + +/* The flags needed to open a read-only session. */ +static const CK_FLAGS s_ck_readonly_flags = CKF_SERIAL_SESSION; + +NSS_IMPLEMENT PRStatus +nssSlot_Destroy ( + NSSSlot *slot +) +{ + if (slot) { + if (PR_AtomicDecrement(&slot->base.refCount) == 0) { + PZ_DestroyLock(slot->base.lock); + return nssArena_Destroy(slot->base.arena); + } + } + return PR_SUCCESS; +} + +void +nssSlot_EnterMonitor(NSSSlot *slot) +{ + if (slot->lock) { + PZ_Lock(slot->lock); + } +} + +void +nssSlot_ExitMonitor(NSSSlot *slot) +{ + if (slot->lock) { + PZ_Unlock(slot->lock); + } +} + +NSS_IMPLEMENT void +NSSSlot_Destroy ( + NSSSlot *slot +) +{ + (void)nssSlot_Destroy(slot); +} + +NSS_IMPLEMENT NSSSlot * +nssSlot_AddRef ( + NSSSlot *slot +) +{ + PR_AtomicIncrement(&slot->base.refCount); + return slot; +} + +NSS_IMPLEMENT NSSUTF8 * +nssSlot_GetName ( + NSSSlot *slot +) +{ + return slot->base.name; +} + +NSS_IMPLEMENT NSSUTF8 * +nssSlot_GetTokenName ( + NSSSlot *slot +) +{ + return nssToken_GetName(slot->token); +} + +NSS_IMPLEMENT void +nssSlot_ResetDelay ( + NSSSlot *slot +) +{ + slot->lastTokenPing = 0; +} + +static PRBool +within_token_delay_period(NSSSlot *slot) +{ + PRIntervalTime time, lastTime; + /* Set the delay time for checking the token presence */ + if (s_token_delay_time == 0) { + s_token_delay_time = PR_SecondsToInterval(NSSSLOT_TOKEN_DELAY_TIME); + } + time = PR_IntervalNow(); + lastTime = slot->lastTokenPing; + if ((lastTime) && ((time - lastTime) < s_token_delay_time)) { + return PR_TRUE; + } + slot->lastTokenPing = time; + return PR_FALSE; +} + +NSS_IMPLEMENT PRBool +nssSlot_IsTokenPresent ( + NSSSlot *slot +) +{ + CK_RV ckrv; + PRStatus nssrv; + /* XXX */ + nssSession *session; + CK_SLOT_INFO slotInfo; + void *epv; + /* permanent slots are always present unless they're disabled */ + if (nssSlot_IsPermanent(slot)) { + return !PK11_IsDisabled(slot->pk11slot); + } + /* avoid repeated calls to check token status within set interval */ + if (within_token_delay_period(slot)) { + return ((slot->ckFlags & CKF_TOKEN_PRESENT) != 0); + } + + /* First obtain the slot info */ + epv = slot->epv; + if (!epv) { + return PR_FALSE; + } + nssSlot_EnterMonitor(slot); + ckrv = CKAPI(epv)->C_GetSlotInfo(slot->slotID, &slotInfo); + nssSlot_ExitMonitor(slot); + if (ckrv != CKR_OK) { + slot->token->base.name[0] = 0; /* XXX */ + return PR_FALSE; + } + slot->ckFlags = slotInfo.flags; + /* check for the presence of the token */ + if ((slot->ckFlags & CKF_TOKEN_PRESENT) == 0) { + if (!slot->token) { + /* token was never present */ + return PR_FALSE; + } + session = nssToken_GetDefaultSession(slot->token); + if (session) { + nssSession_EnterMonitor(session); + /* token is not present */ + if (session->handle != CK_INVALID_SESSION) { + /* session is valid, close and invalidate it */ + CKAPI(epv)->C_CloseSession(session->handle); + session->handle = CK_INVALID_SESSION; + } + nssSession_ExitMonitor(session); + } + if (slot->token->base.name[0] != 0) { + /* notify the high-level cache that the token is removed */ + slot->token->base.name[0] = 0; /* XXX */ + nssToken_NotifyCertsNotVisible(slot->token); + } + slot->token->base.name[0] = 0; /* XXX */ + /* clear the token cache */ + nssToken_Remove(slot->token); + return PR_FALSE; + } + /* token is present, use the session info to determine if the card + * has been removed and reinserted. + */ + session = nssToken_GetDefaultSession(slot->token); + if (session) { + nssSession_EnterMonitor(session); + if (session->handle != CK_INVALID_SESSION) { + CK_SESSION_INFO sessionInfo; + ckrv = CKAPI(epv)->C_GetSessionInfo(session->handle, &sessionInfo); + if (ckrv != CKR_OK) { + /* session is screwy, close and invalidate it */ + CKAPI(epv)->C_CloseSession(session->handle); + session->handle = CK_INVALID_SESSION; + } + } + nssSession_ExitMonitor(session); + /* token not removed, finished */ + if (session->handle != CK_INVALID_SESSION) + return PR_TRUE; + } + /* the token has been removed, and reinserted, or the slot contains + * a token it doesn't recognize. invalidate all the old + * information we had on this token, if we can't refresh, clear + * the present flag */ + nssToken_NotifyCertsNotVisible(slot->token); + nssToken_Remove(slot->token); + /* token has been removed, need to refresh with new session */ + nssrv = nssSlot_Refresh(slot); + if (nssrv != PR_SUCCESS) { + slot->token->base.name[0] = 0; /* XXX */ + slot->ckFlags &= ~CKF_TOKEN_PRESENT; + return PR_FALSE; + } + return PR_TRUE; +} + +NSS_IMPLEMENT void * +nssSlot_GetCryptokiEPV ( + NSSSlot *slot +) +{ + return slot->epv; +} + +NSS_IMPLEMENT NSSToken * +nssSlot_GetToken ( + NSSSlot *slot +) +{ + if (nssSlot_IsTokenPresent(slot)) { + return nssToken_AddRef(slot->token); + } + return (NSSToken *)NULL; +} + +NSS_IMPLEMENT PRStatus +nssSession_EnterMonitor ( + nssSession *s +) +{ + if (s->lock) PZ_Lock(s->lock); + return PR_SUCCESS; +} + +NSS_IMPLEMENT PRStatus +nssSession_ExitMonitor ( + nssSession *s +) +{ + return (s->lock) ? PZ_Unlock(s->lock) : PR_SUCCESS; +} + +NSS_EXTERN PRBool +nssSession_IsReadWrite ( + nssSession *s +) +{ + return s->isRW; +} + |