/security/nss/lib/dev/devslot.c
C | 296 lines | 209 code | 27 blank | 60 comment | 34 complexity | a8178ff6e269d456b61a0d9f39d9c9b9 MD5 | raw file
1/* ***** BEGIN LICENSE BLOCK ***** 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 3 * 4 * The contents of this file are subject to the Mozilla Public License Version 5 * 1.1 (the "License"); you may not use this file except in compliance with 6 * the License. You may obtain a copy of the License at 7 * http://www.mozilla.org/MPL/ 8 * 9 * Software distributed under the License is distributed on an "AS IS" basis, 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License 11 * for the specific language governing rights and limitations under the 12 * License. 13 * 14 * The Original Code is the Netscape security libraries. 15 * 16 * The Initial Developer of the Original Code is 17 * Netscape Communications Corporation. 18 * Portions created by the Initial Developer are Copyright (C) 1994-2000 19 * the Initial Developer. All Rights Reserved. 20 * 21 * Contributor(s): 22 * 23 * Alternatively, the contents of this file may be used under the terms of 24 * either the GNU General Public License Version 2 or later (the "GPL"), or 25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), 26 * in which case the provisions of the GPL or the LGPL are applicable instead 27 * of those above. If you wish to allow use of your version of this file only 28 * under the terms of either the GPL or the LGPL, and not to allow others to 29 * use your version of this file under the terms of the MPL, indicate your 30 * decision by deleting the provisions above and replace them with the notice 31 * and other provisions required by the GPL or the LGPL. If you do not delete 32 * the provisions above, a recipient may use your version of this file under 33 * the terms of any one of the MPL, the GPL or the LGPL. 34 * 35 * ***** END LICENSE BLOCK ***** */ 36 37#ifdef DEBUG 38static const char CVS_ID[] = "@(#) $RCSfile: devslot.c,v $ $Revision: 1.27 $ $Date: 2010/04/03 18:27:30 $"; 39#endif /* DEBUG */ 40 41#include "pkcs11.h" 42 43#ifndef DEVM_H 44#include "devm.h" 45#endif /* DEVM_H */ 46 47#ifndef CKHELPER_H 48#include "ckhelper.h" 49#endif /* CKHELPER_H */ 50 51#include "pk11pub.h" 52 53/* measured in seconds */ 54#define NSSSLOT_TOKEN_DELAY_TIME 1 55 56/* this should track global and per-transaction login information */ 57 58#define NSSSLOT_IS_FRIENDLY(slot) \ 59 (slot->base.flags & NSSSLOT_FLAGS_FRIENDLY) 60 61/* measured as interval */ 62static PRIntervalTime s_token_delay_time = 0; 63 64/* The flags needed to open a read-only session. */ 65static const CK_FLAGS s_ck_readonly_flags = CKF_SERIAL_SESSION; 66 67NSS_IMPLEMENT PRStatus 68nssSlot_Destroy ( 69 NSSSlot *slot 70) 71{ 72 if (slot) { 73 if (PR_ATOMIC_DECREMENT(&slot->base.refCount) == 0) { 74 PZ_DestroyLock(slot->base.lock); 75 return nssArena_Destroy(slot->base.arena); 76 } 77 } 78 return PR_SUCCESS; 79} 80 81void 82nssSlot_EnterMonitor(NSSSlot *slot) 83{ 84 if (slot->lock) { 85 PZ_Lock(slot->lock); 86 } 87} 88 89void 90nssSlot_ExitMonitor(NSSSlot *slot) 91{ 92 if (slot->lock) { 93 PZ_Unlock(slot->lock); 94 } 95} 96 97NSS_IMPLEMENT void 98NSSSlot_Destroy ( 99 NSSSlot *slot 100) 101{ 102 (void)nssSlot_Destroy(slot); 103} 104 105NSS_IMPLEMENT NSSSlot * 106nssSlot_AddRef ( 107 NSSSlot *slot 108) 109{ 110 PR_ATOMIC_INCREMENT(&slot->base.refCount); 111 return slot; 112} 113 114NSS_IMPLEMENT NSSUTF8 * 115nssSlot_GetName ( 116 NSSSlot *slot 117) 118{ 119 return slot->base.name; 120} 121 122NSS_IMPLEMENT NSSUTF8 * 123nssSlot_GetTokenName ( 124 NSSSlot *slot 125) 126{ 127 return nssToken_GetName(slot->token); 128} 129 130NSS_IMPLEMENT void 131nssSlot_ResetDelay ( 132 NSSSlot *slot 133) 134{ 135 slot->lastTokenPing = 0; 136} 137 138static PRBool 139within_token_delay_period(NSSSlot *slot) 140{ 141 PRIntervalTime time, lastTime; 142 /* Set the delay time for checking the token presence */ 143 if (s_token_delay_time == 0) { 144 s_token_delay_time = PR_SecondsToInterval(NSSSLOT_TOKEN_DELAY_TIME); 145 } 146 time = PR_IntervalNow(); 147 lastTime = slot->lastTokenPing; 148 if ((lastTime) && ((time - lastTime) < s_token_delay_time)) { 149 return PR_TRUE; 150 } 151 slot->lastTokenPing = time; 152 return PR_FALSE; 153} 154 155NSS_IMPLEMENT PRBool 156nssSlot_IsTokenPresent ( 157 NSSSlot *slot 158) 159{ 160 CK_RV ckrv; 161 PRStatus nssrv; 162 /* XXX */ 163 nssSession *session; 164 CK_SLOT_INFO slotInfo; 165 void *epv; 166 /* permanent slots are always present unless they're disabled */ 167 if (nssSlot_IsPermanent(slot)) { 168 return !PK11_IsDisabled(slot->pk11slot); 169 } 170 /* avoid repeated calls to check token status within set interval */ 171 if (within_token_delay_period(slot)) { 172 return ((slot->ckFlags & CKF_TOKEN_PRESENT) != 0); 173 } 174 175 /* First obtain the slot info */ 176 epv = slot->epv; 177 if (!epv) { 178 return PR_FALSE; 179 } 180 nssSlot_EnterMonitor(slot); 181 ckrv = CKAPI(epv)->C_GetSlotInfo(slot->slotID, &slotInfo); 182 nssSlot_ExitMonitor(slot); 183 if (ckrv != CKR_OK) { 184 slot->token->base.name[0] = 0; /* XXX */ 185 return PR_FALSE; 186 } 187 slot->ckFlags = slotInfo.flags; 188 /* check for the presence of the token */ 189 if ((slot->ckFlags & CKF_TOKEN_PRESENT) == 0) { 190 if (!slot->token) { 191 /* token was never present */ 192 return PR_FALSE; 193 } 194 session = nssToken_GetDefaultSession(slot->token); 195 if (session) { 196 nssSession_EnterMonitor(session); 197 /* token is not present */ 198 if (session->handle != CK_INVALID_SESSION) { 199 /* session is valid, close and invalidate it */ 200 CKAPI(epv)->C_CloseSession(session->handle); 201 session->handle = CK_INVALID_SESSION; 202 } 203 nssSession_ExitMonitor(session); 204 } 205 if (slot->token->base.name[0] != 0) { 206 /* notify the high-level cache that the token is removed */ 207 slot->token->base.name[0] = 0; /* XXX */ 208 nssToken_NotifyCertsNotVisible(slot->token); 209 } 210 slot->token->base.name[0] = 0; /* XXX */ 211 /* clear the token cache */ 212 nssToken_Remove(slot->token); 213 return PR_FALSE; 214 } 215 /* token is present, use the session info to determine if the card 216 * has been removed and reinserted. 217 */ 218 session = nssToken_GetDefaultSession(slot->token); 219 if (session) { 220 PRBool isPresent = PR_FALSE; 221 nssSession_EnterMonitor(session); 222 if (session->handle != CK_INVALID_SESSION) { 223 CK_SESSION_INFO sessionInfo; 224 ckrv = CKAPI(epv)->C_GetSessionInfo(session->handle, &sessionInfo); 225 if (ckrv != CKR_OK) { 226 /* session is screwy, close and invalidate it */ 227 CKAPI(epv)->C_CloseSession(session->handle); 228 session->handle = CK_INVALID_SESSION; 229 } 230 } 231 isPresent = session->handle != CK_INVALID_SESSION; 232 nssSession_ExitMonitor(session); 233 /* token not removed, finished */ 234 if (isPresent) 235 return PR_TRUE; 236 } 237 /* the token has been removed, and reinserted, or the slot contains 238 * a token it doesn't recognize. invalidate all the old 239 * information we had on this token, if we can't refresh, clear 240 * the present flag */ 241 nssToken_NotifyCertsNotVisible(slot->token); 242 nssToken_Remove(slot->token); 243 /* token has been removed, need to refresh with new session */ 244 nssrv = nssSlot_Refresh(slot); 245 if (nssrv != PR_SUCCESS) { 246 slot->token->base.name[0] = 0; /* XXX */ 247 slot->ckFlags &= ~CKF_TOKEN_PRESENT; 248 return PR_FALSE; 249 } 250 return PR_TRUE; 251} 252 253NSS_IMPLEMENT void * 254nssSlot_GetCryptokiEPV ( 255 NSSSlot *slot 256) 257{ 258 return slot->epv; 259} 260 261NSS_IMPLEMENT NSSToken * 262nssSlot_GetToken ( 263 NSSSlot *slot 264) 265{ 266 if (nssSlot_IsTokenPresent(slot)) { 267 return nssToken_AddRef(slot->token); 268 } 269 return (NSSToken *)NULL; 270} 271 272NSS_IMPLEMENT PRStatus 273nssSession_EnterMonitor ( 274 nssSession *s 275) 276{ 277 if (s->lock) PZ_Lock(s->lock); 278 return PR_SUCCESS; 279} 280 281NSS_IMPLEMENT PRStatus 282nssSession_ExitMonitor ( 283 nssSession *s 284) 285{ 286 return (s->lock) ? PZ_Unlock(s->lock) : PR_SUCCESS; 287} 288 289NSS_EXTERN PRBool 290nssSession_IsReadWrite ( 291 nssSession *s 292) 293{ 294 return s->isRW; 295} 296