Bug 1395495, modutil: Initialize DB with empty password on -create, r=kaie
authorDaiki Ueno <dueno@redhat.com>
Fri, 15 Sep 2017 15:57:31 +0200
changeset 13593 279b257c6433f1972d49c529247e6ed2633b979f
parent 13592 88b6e9707b17c6b1ba5017cbf62e70bba58c2fcd
child 13594 70109a01ce53328b511aaa6c839593a3282cb725
push id2378
push userkaie@kuix.de
push dateMon, 18 Sep 2017 13:30:39 +0000
reviewerskaie
bugs1395495
Bug 1395495, modutil: Initialize DB with empty password on -create, r=kaie
cmd/modutil/error.h
cmd/modutil/modutil.c
cmd/modutil/modutil.h
cmd/modutil/pk11.c
tests/tools/tools.sh
--- a/cmd/modutil/error.h
+++ b/cmd/modutil/error.h
@@ -52,16 +52,17 @@ typedef enum {
     ENABLE_FAILED_ERR,
     UPDATE_MOD_FAILED_ERR,
     DEFAULT_FAILED_ERR,
     UNDEFAULT_FAILED_ERR,
     STDIN_READ_ERR,
     UNSPECIFIED_ERR,
     NOCERTDB_MISUSE_ERR,
     NSS_INITIALIZE_FAILED_ERR,
+    INITPW_FAILED_ERR,
 
     LAST_ERR /* must be last */
 } Error;
 #define SUCCESS NO_ERR
 
 /* !!! Should move this into its own .c and un-static it. */
 static char *errStrings[] = {
     "Operation completed successfully.\n",
@@ -105,17 +106,18 @@ static char *errStrings[] = {
     "ERROR: Slot \"%s\" not found.\n",
     "ERROR: Failed to %s slot \"%s\".\n",
     "ERROR: Failed to update module \"%s\".\n",
     "ERROR: Failed to change defaults.\n",
     "ERROR: Failed to change default.\n",
     "ERROR: Unable to read from standard input.\n",
     "ERROR: Unknown error occurred.\n",
     "ERROR: -nocertdb option can only be used with the -jar command.\n",
-    "ERROR: NSS_Initialize() failed.\n"
+    "ERROR: NSS_Initialize() failed.\n",
+    "ERROR: Unable to set initial password on the database.\n"
 };
 
 typedef enum {
     FIPS_ENABLED_MSG = 0,
     FIPS_DISABLED_MSG,
     USING_DBDIR_MSG,
     CREATING_DB_MSG,
     ADD_MODULE_SUCCESS_MSG,
--- a/cmd/modutil/modutil.c
+++ b/cmd/modutil/modutil.c
@@ -860,17 +860,17 @@ main(int argc, char* argv[])
     switch (command) {
         case ADD_COMMAND:
             errcode = AddModule(moduleName, libFile, ciphers, mechanisms, secmodString);
             break;
         case CHANGEPW_COMMAND:
             errcode = ChangePW(tokenName, pwFile, newpwFile);
             break;
         case CREATE_COMMAND:
-            /* The work was already done in init_crypto() */
+            errcode = InitPW();
             break;
         case DEFAULT_COMMAND:
             errcode = SetDefaultModule(moduleName, slotName, mechanisms);
             break;
         case DELETE_COMMAND:
             errcode = DeleteModule(moduleName);
             break;
         case DISABLE_COMMAND:
--- a/cmd/modutil/modutil.h
+++ b/cmd/modutil/modutil.h
@@ -24,16 +24,17 @@
 Error LoadMechanismList(void);
 Error FipsMode(char *arg);
 Error ChkFipsMode(char *arg);
 Error AddModule(char *moduleName, char *libFile, char *ciphers,
                 char *mechanisms, char *modparms);
 Error DeleteModule(char *moduleName);
 Error ListModule(char *moduleName);
 Error ListModules();
+Error InitPW(void);
 Error ChangePW(char *tokenName, char *pwFile, char *newpwFile);
 Error EnableModule(char *moduleName, char *slotName, PRBool enable);
 Error RawAddModule(char *dbmodulespec, char *modulespec);
 Error RawListModule(char *modulespec);
 Error SetDefaultModule(char *moduleName, char *slotName, char *mechanisms);
 Error UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms);
 void out_of_memory(void);
 
--- a/cmd/modutil/pk11.c
+++ b/cmd/modutil/pk11.c
@@ -665,16 +665,49 @@ loser:
     if (module) {
         SECMOD_DestroyModule(module);
     }
     return rv;
 }
 
 /************************************************************************
  *
+ * I n i t P W
+ */
+Error
+InitPW(void)
+{
+    PK11SlotInfo *slot;
+    Error ret = UNSPECIFIED_ERR;
+
+    slot = PK11_GetInternalKeySlot();
+    if (!slot) {
+        PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], "internal");
+        return NO_SUCH_TOKEN_ERR;
+    }
+
+    /* Set the initial password to empty */
+    if (PK11_NeedUserInit(slot)) {
+        if (PK11_InitPin(slot, NULL, "") != SECSuccess) {
+            PR_fprintf(PR_STDERR, errStrings[INITPW_FAILED_ERR]);
+            ret = INITPW_FAILED_ERR;
+            goto loser;
+        }
+    }
+
+    ret = SUCCESS;
+
+loser:
+    PK11_FreeSlot(slot);
+
+    return ret;
+}
+
+/************************************************************************
+ *
  * C h a n g e P W
  */
 Error
 ChangePW(char *tokenName, char *pwFile, char *newpwFile)
 {
     char *oldpw = NULL, *newpw = NULL, *newpw2 = NULL;
     PK11SlotInfo *slot;
     Error ret = UNSPECIFIED_ERR;
--- a/tests/tools/tools.sh
+++ b/tests/tools/tools.sh
@@ -492,27 +492,41 @@ SIGNSCRIPT
 
   echo "$SCRIPTNAME: Show who signed xpi ------------------------------"
   echo "signtool -w nojs.xpi -d ${P_R_SIGNDIR}"
   ${BINDIR}/signtool -w nojs.xpi -d ${P_R_SIGNDIR}
   html_msg $? 0 "Show who signed xpi (signtool -w)"
 
 }
 
+tools_modutil()
+{
+  echo "$SCRIPTNAME: Test if DB created by modutil -create is initialized"
+  mkdir -p ${R_TOOLSDIR}/moddir
+  modu -create -dbdir "${R_TOOLSDIR}/moddir" 2>&1
+  ret=$?
+  ${BINDIR}/certutil -S -s 'CN=TestUser' -d "${TOOLSDIR}/moddir" -n TestUser \
+	   -x -t ',,' -z "${R_NOISE_FILE}"
+  ret=$?
+  html_msg $ret 0 "Test if DB created by modutil -create is initialized"
+  check_tmpfile
+}
+
 ############################## tools_cleanup ###########################
 # local shell function to finish this script (no exit since it might be 
 # sourced)
 ########################################################################
 tools_cleanup()
 {
   html "</TABLE><BR>"
   cd ${QADIR}
   . common/cleanup.sh
 }
 
 ################## main #################################################
 
 tools_init
 tools_p12
 tools_sign
+tools_modutil
 tools_cleanup