Two fixes from Bob Relyea for bug 138354 : NSS_3_4_BRANCH
authorjpierre%netscape.com
Fri, 19 Apr 2002 22:26:02 +0000
branchNSS_3_4_BRANCH
changeset 3025 ef1ff130914be5473913af1f9163c2af839db5c5
parent 3017 70c9905be4085c2c2237c23705e3da544218e119
child 3029 124265454e614f96ea80eb76ed1f807a2cd66691
push idunknown
push userunknown
push dateunknown
bugs138354
Two fixes from Bob Relyea for bug 138354 : - make PK11_ListCerts authenticate to token - make PK11_CheckPassword authenticate to token
security/nss/lib/pk11wrap/pk11cert.c
security/nss/lib/pk11wrap/pk11slot.c
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@@ -1010,17 +1010,19 @@ pk11_TraverseAllSlots( SECStatus (*callb
     if (list == NULL) return SECFailure;
 
     /* look at each slot and authenticate as necessary */
     for (le = list->head ; le; le = le->next) {
 	if (!PK11_IsFriendly(le->slot)) {
              rv = PK11_Authenticate(le->slot, PR_FALSE, wincx);
              if (rv != SECSuccess) continue;
 	}
-	(*callback)(le->slot,arg);
+	if (callback) {
+	    (*callback)(le->slot,arg);
+	}
     }
 
     PK11_FreeSlotList(list);
 
     return SECSuccess;
 }
 
 struct fake_der_cb_argstr
@@ -3435,17 +3437,28 @@ PK11_ListCerts(PK11CertListType type, vo
     CERTCertList *certList = NULL;
     struct nss3_cert_cbstr pk11cb;
     struct listCertsStr listCerts;
     certList = CERT_NewCertList();
     listCerts.type = type;
     listCerts.certList = certList;
     pk11cb.callback = pk11ListCertCallback;
     pk11cb.arg = &listCerts;
-    NSSTrustDomain_TraverseCertificates(defaultTD, convert_cert, &pk11cb);
+
+    /* authenticate to the slots */
+    (void) pk11_TraverseAllSlots( NULL, NULL, pwarg);
+#ifdef notdef
+    if (type == PK11CertListUser) {
+	NSSTrustDomain_TraverseUserCertificates(defaultTD, convert_cert &pk11cb);
+    } else {
+	NSSTrustDomain_TraverseCertificates(defaultTD, convert_cert, &pk11cb);
+    }
+#else
+	NSSTrustDomain_TraverseCertificates(defaultTD, convert_cert, &pk11cb);
+#endif
     return certList;
 #endif
 }
 
 static SECItem *
 pk11_GetLowLevelKeyFromHandle(PK11SlotInfo *slot, CK_OBJECT_HANDLE handle) {
     CK_ATTRIBUTE theTemplate[] = {
 	{ CKA_ID, NULL, 0 },
--- a/security/nss/lib/pk11wrap/pk11slot.c
+++ b/security/nss/lib/pk11wrap/pk11slot.c
@@ -668,16 +668,24 @@ pk11_CheckPassword(PK11SlotInfo *slot,ch
     case CKR_PIN_INCORRECT:
 	PORT_SetError(SEC_ERROR_BAD_PASSWORD);
 	rv = SECWouldBlock; /* everything else is ok, only the pin is bad */
 	break;
     default:
 	PORT_SetError(PK11_MapError(crv));
 	rv = SECFailure; /* some failure we can't fix by retrying */
     }
+    if (rv == SECSuccess) {
+	rv = pk11_CheckVerifyTest(slot);
+	if (rv == SECSuccess && slot->nssToken && !PK11_IsFriendly(slot)) {
+	    /* notify stan about the login if certs are not public readable */
+	    nssToken_LoadCerts(slot->nssToken);
+	    nssToken_UpdateTrustForCerts(slot->nssToken);
+	}
+    }
     return rv;
 }
 
 /*
  * Check the user's password. Logout before hand to make sure that
  * we are really checking the password.
  */
 SECStatus
@@ -710,16 +718,24 @@ PK11_CheckUserPassword(PK11SlotInfo *slo
     case CKR_PIN_INCORRECT:
 	PORT_SetError(SEC_ERROR_BAD_PASSWORD);
 	rv = SECWouldBlock; /* everything else is ok, only the pin is bad */
 	break;
     default:
 	PORT_SetError(PK11_MapError(crv));
 	rv = SECFailure; /* some failure we can't fix by retrying */
     }
+    if (rv == SECSuccess) {
+	rv = pk11_CheckVerifyTest(slot);
+	if (rv == SECSuccess && slot->nssToken && !PK11_IsFriendly(slot)) {
+	    /* notify stan about the login if certs are not public readable */
+	    nssToken_LoadCerts(slot->nssToken);
+	    nssToken_UpdateTrustForCerts(slot->nssToken);
+	}
+    }
     return rv;
 }
 
 SECStatus
 PK11_Logout(PK11SlotInfo *slot)
 {
     CK_RV crv;