tor-browser

pk11util.c (52149B)

---

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* Initialize the PCKS 11 subsystem
*/
#include "seccomon.h"
#include "secmod.h"
#include "nssilock.h"
#include "secmodi.h"
#include "secmodti.h"
#include "pk11func.h"
#include "pki3hack.h"
#include "secerr.h"
#include "dev.h"
#include "dev3hack.h"
#include "utilpars.h"
#include "pkcs11uri.h"

/* these are for displaying error messages */

static SECMODModuleList *modules = NULL;
static SECMODModuleList *modulesDB = NULL;
static SECMODModuleList *modulesUnload = NULL;
static SECMODModule *internalModule = NULL;
static SECMODModule *defaultDBModule = NULL;
static SECMODModule *pendingModule = NULL;
static SECMODListLock *moduleLock = NULL;

int secmod_PrivateModuleCount = 0;

extern const PK11DefaultArrayEntry PK11_DefaultArray[];
extern const int num_pk11_default_mechanisms;

void
SECMOD_Init()
{
   /* don't initialize twice */
   if (moduleLock)
       return;

   moduleLock = SECMOD_NewListLock();
   PK11_InitSlotLists();
}

SECStatus
SECMOD_Shutdown()
{
   /* destroy the lock */
   if (moduleLock) {
       SECMOD_DestroyListLock(moduleLock);
       moduleLock = NULL;
   }
   /* free the internal module */
   if (internalModule) {
       SECMOD_DestroyModule(internalModule);
       internalModule = NULL;
   }

   /* free the default database module */
   if (defaultDBModule) {
       SECMOD_DestroyModule(defaultDBModule);
       defaultDBModule = NULL;
   }

   /* destroy the list */
   if (modules) {
       SECMOD_DestroyModuleList(modules);
       modules = NULL;
   }

   if (modulesDB) {
       SECMOD_DestroyModuleList(modulesDB);
       modulesDB = NULL;
   }

   if (modulesUnload) {
       SECMOD_DestroyModuleList(modulesUnload);
       modulesUnload = NULL;
   }

   /* make all the slots and the lists go away */
   PK11_DestroySlotLists();

   nss_DumpModuleLog();

#ifdef DEBUG
   if (PR_GetEnvSecure("NSS_STRICT_SHUTDOWN")) {
       PORT_Assert(secmod_PrivateModuleCount == 0);
   }
#endif
   if (secmod_PrivateModuleCount) {
       PORT_SetError(SEC_ERROR_BUSY);
       return SECFailure;
   }
   return SECSuccess;
}

PRBool
SECMOD_GetSystemFIPSEnabled(void)
{
   return NSS_GetSystemFIPSEnabled();
}

/*
* retrieve the internal module
*/
SECMODModule *
SECMOD_GetInternalModule(void)
{
   return internalModule;
}

SECStatus
secmod_AddModuleToList(SECMODModuleList **moduleList, SECMODModule *newModule)
{
   SECMODModuleList *mlp, *newListElement, *last = NULL;

   newListElement = SECMOD_NewModuleListElement();
   if (newListElement == NULL) {
       return SECFailure;
   }

   newListElement->module = SECMOD_ReferenceModule(newModule);

   SECMOD_GetWriteLock(moduleLock);
   /* Added it to the end (This is very inefficient, but Adding a module
    * on the fly should happen maybe 2-3 times through the life this program
    * on a given computer, and this list should be *SHORT*. */
   for (mlp = *moduleList; mlp != NULL; mlp = mlp->next) {
       last = mlp;
   }

   if (last == NULL) {
       *moduleList = newListElement;
   } else {
       SECMOD_AddList(last, newListElement, NULL);
   }
   SECMOD_ReleaseWriteLock(moduleLock);
   return SECSuccess;
}

SECStatus
SECMOD_AddModuleToList(SECMODModule *newModule)
{
   if (newModule->internal && !internalModule) {
       internalModule = SECMOD_ReferenceModule(newModule);
   }
   return secmod_AddModuleToList(&modules, newModule);
}

SECStatus
SECMOD_AddModuleToDBOnlyList(SECMODModule *newModule)
{
   if (defaultDBModule && SECMOD_GetDefaultModDBFlag(newModule)) {
       SECMOD_DestroyModule(defaultDBModule);
       defaultDBModule = SECMOD_ReferenceModule(newModule);
   } else if (defaultDBModule == NULL) {
       defaultDBModule = SECMOD_ReferenceModule(newModule);
   }
   return secmod_AddModuleToList(&modulesDB, newModule);
}

SECStatus
SECMOD_AddModuleToUnloadList(SECMODModule *newModule)
{
   return secmod_AddModuleToList(&modulesUnload, newModule);
}

/*
* get the list of PKCS11 modules that are available.
*/
SECMODModuleList *
SECMOD_GetDefaultModuleList()
{
   return modules;
}
SECMODModuleList *
SECMOD_GetDeadModuleList()
{
   return modulesUnload;
}
SECMODModuleList *
SECMOD_GetDBModuleList()
{
   return modulesDB;
}

/*
* This lock protects the global module lists.
* it also protects changes to the slot array (module->slots[]) and slot count
* (module->slotCount) in each module. It is a read/write lock with multiple
* readers or one writer. Writes are uncommon.
* Because of legacy considerations protection of the slot array and count is
* only necessary in applications if the application calls
* SECMOD_UpdateSlotList() or SECMOD_WaitForAnyTokenEvent(), though all new
* applications are encouraged to acquire this lock when reading the
* slot array information directly.
*/
SECMODListLock *
SECMOD_GetDefaultModuleListLock()
{
   return moduleLock;
}

/*
* find a module by name, and add a reference to it.
* return that module.
*/
SECMODModule *
SECMOD_FindModule(const char *name)
{
   SECMODModuleList *mlp;
   SECMODModule *module = NULL;

   if (!moduleLock) {
       PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
       return module;
   }
   SECMOD_GetReadLock(moduleLock);
   for (mlp = modules; mlp != NULL; mlp = mlp->next) {
       if (PORT_Strcmp(name, mlp->module->commonName) == 0) {
           module = mlp->module;
           SECMOD_ReferenceModule(module);
           break;
       }
   }
   if (module) {
       goto found;
   }
   for (mlp = modulesUnload; mlp != NULL; mlp = mlp->next) {
       if (PORT_Strcmp(name, mlp->module->commonName) == 0) {
           module = mlp->module;
           SECMOD_ReferenceModule(module);
           break;
       }
   }

found:
   SECMOD_ReleaseReadLock(moduleLock);

   return module;
}

/*
* find a module by ID, and add a reference to it.
* return that module.
*/
SECMODModule *
SECMOD_FindModuleByID(SECMODModuleID id)
{
   SECMODModuleList *mlp;
   SECMODModule *module = NULL;

   if (!moduleLock) {
       PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
       return module;
   }
   SECMOD_GetReadLock(moduleLock);
   for (mlp = modules; mlp != NULL; mlp = mlp->next) {
       if (id == mlp->module->moduleID) {
           module = mlp->module;
           SECMOD_ReferenceModule(module);
           break;
       }
   }
   SECMOD_ReleaseReadLock(moduleLock);
   if (module == NULL) {
       PORT_SetError(SEC_ERROR_NO_MODULE);
   }
   return module;
}

/*
* find the function pointer.
*/
SECMODModule *
secmod_FindModuleByFuncPtr(void *funcPtr)
{
   SECMODModuleList *mlp;
   SECMODModule *module = NULL;

   SECMOD_GetReadLock(moduleLock);
   for (mlp = modules; mlp != NULL; mlp = mlp->next) {
       /* paranoia, shouldn't ever happen */
       if (!mlp->module) {
           continue;
       }
       if (funcPtr == mlp->module->functionList) {
           module = mlp->module;
           SECMOD_ReferenceModule(module);
           break;
       }
   }
   SECMOD_ReleaseReadLock(moduleLock);
   if (module == NULL) {
       PORT_SetError(SEC_ERROR_NO_MODULE);
   }
   return module;
}

/*
* Find the Slot based on ID and the module.
*/
PK11SlotInfo *
SECMOD_FindSlotByID(SECMODModule *module, CK_SLOT_ID slotID)
{
   int i;
   PK11SlotInfo *slot = NULL;

   if (!moduleLock) {
       PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
       return slot;
   }
   SECMOD_GetReadLock(moduleLock);
   for (i = 0; i < module->slotCount; i++) {
       PK11SlotInfo *cSlot = module->slots[i];

       if (cSlot->slotID == slotID) {
           slot = PK11_ReferenceSlot(cSlot);
           break;
       }
   }
   SECMOD_ReleaseReadLock(moduleLock);

   if (slot == NULL) {
       PORT_SetError(SEC_ERROR_NO_SLOT_SELECTED);
   }
   return slot;
}

/*
* lookup the Slot module based on it's module ID and slot ID.
*/
PK11SlotInfo *
SECMOD_LookupSlot(SECMODModuleID moduleID, CK_SLOT_ID slotID)
{
   SECMODModule *module;
   PK11SlotInfo *slot;

   module = SECMOD_FindModuleByID(moduleID);
   if (module == NULL)
       return NULL;

   slot = SECMOD_FindSlotByID(module, slotID);
   SECMOD_DestroyModule(module);
   return slot;
}

/*
* find a module by name or module pointer and delete it off the module list.
* optionally remove it from secmod.db.
*/
SECStatus
SECMOD_DeleteModuleEx(const char *name, SECMODModule *mod,
                     int *type, PRBool permdb)
{
   SECMODModuleList *mlp;
   SECMODModuleList **mlpp;
   SECStatus rv = SECFailure;

   if (!moduleLock) {
       PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
       return rv;
   }

   *type = SECMOD_EXTERNAL;

   SECMOD_GetWriteLock(moduleLock);
   for (mlpp = &modules, mlp = modules;
        mlp != NULL; mlpp = &mlp->next, mlp = *mlpp) {
       if ((name && (PORT_Strcmp(name, mlp->module->commonName) == 0)) ||
           mod == mlp->module) {
           /* don't delete the internal module */
           if (!mlp->module->internal) {
               SECMOD_RemoveList(mlpp, mlp);
               /* delete it after we release the lock */
               rv = STAN_RemoveModuleFromDefaultTrustDomain(mlp->module);
           } else if (mlp->module->isFIPS) {
               *type = SECMOD_FIPS;
           } else {
               *type = SECMOD_INTERNAL;
           }
           break;
       }
   }
   if (mlp) {
       goto found;
   }
   /* not on the internal list, check the unload list */
   for (mlpp = &modulesUnload, mlp = modulesUnload;
        mlp != NULL; mlpp = &mlp->next, mlp = *mlpp) {
       if ((name && (PORT_Strcmp(name, mlp->module->commonName) == 0)) ||
           mod == mlp->module) {
           /* don't delete the internal module */
           if (!mlp->module->internal) {
               SECMOD_RemoveList(mlpp, mlp);
               rv = SECSuccess;
           } else if (mlp->module->isFIPS) {
               *type = SECMOD_FIPS;
           } else {
               *type = SECMOD_INTERNAL;
           }
           break;
       }
   }
found:
   SECMOD_ReleaseWriteLock(moduleLock);

   if (rv == SECSuccess) {
       if (permdb) {
           SECMOD_DeletePermDB(mlp->module);
       }
       SECMOD_DestroyModuleListElement(mlp);
   }
   return rv;
}

/*
* find a module by name and delete it off the module list
*/
SECStatus
SECMOD_DeleteModule(const char *name, int *type)
{
   return SECMOD_DeleteModuleEx(name, NULL, type, PR_TRUE);
}

/*
* find a module by name and delete it off the module list
*/
SECStatus
SECMOD_DeleteInternalModule(const char *name)
{
#ifndef NSS_FIPS_DISABLED
   SECMODModuleList *mlp;
   SECMODModuleList **mlpp;
#endif
   SECStatus rv = SECFailure;

   if (SECMOD_GetSystemFIPSEnabled() || pendingModule) {
       PORT_SetError(SEC_ERROR_MODULE_STUCK);
       return rv;
   }
   if (!moduleLock) {
       PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
       return rv;
   }

#ifdef NSS_FIPS_DISABLED
   PORT_SetError(PR_OPERATION_NOT_SUPPORTED_ERROR);
   return rv;
#else
   SECMOD_GetWriteLock(moduleLock);
   for (mlpp = &modules, mlp = modules;
        mlp != NULL; mlpp = &mlp->next, mlp = *mlpp) {
       if (PORT_Strcmp(name, mlp->module->commonName) == 0) {
           /* don't delete the internal module */
           if (mlp->module->internal) {
               SECMOD_RemoveList(mlpp, mlp);
               rv = STAN_RemoveModuleFromDefaultTrustDomain(mlp->module);
           }
           break;
       }
   }
   SECMOD_ReleaseWriteLock(moduleLock);

   if (rv == SECSuccess) {
       SECMODModule *newModule, *oldModule;

       if (mlp->module->isFIPS) {
           newModule = SECMOD_CreateModule(NULL, SECMOD_INT_NAME,
                                           NULL, SECMOD_INT_FLAGS);
       } else {
           newModule = SECMOD_CreateModule(NULL, SECMOD_FIPS_NAME,
                                           NULL, SECMOD_FIPS_FLAGS);
       }
       if (newModule) {
           PK11SlotInfo *slot;
           newModule->libraryParams =
               PORT_ArenaStrdup(newModule->arena, mlp->module->libraryParams);
           /* if an explicit internal key slot has been set, reset it */
           slot = pk11_SwapInternalKeySlot(NULL);
           if (slot) {
               secmod_SetInternalKeySlotFlag(newModule, PR_TRUE);
           }
           rv = SECMOD_AddModule(newModule);
           if (rv != SECSuccess) {
               /* load failed, restore the internal key slot */
               pk11_SetInternalKeySlot(slot);
               SECMOD_DestroyModule(newModule);
               newModule = NULL;
           }
           /* free the old explicit internal key slot, we now have a new one */
           if (slot) {
               PK11_FreeSlot(slot);
           }
       }
       if (newModule == NULL) {
           SECMODModuleList *last = NULL, *mlp2;
           /* we're in pretty deep trouble if this happens...Security
            * not going to work well... try to put the old module back on
            * the list */
           SECMOD_GetWriteLock(moduleLock);
           for (mlp2 = modules; mlp2 != NULL; mlp2 = mlp->next) {
               last = mlp2;
           }

           if (last == NULL) {
               modules = mlp;
           } else {
               SECMOD_AddList(last, mlp, NULL);
           }
           SECMOD_ReleaseWriteLock(moduleLock);
           return SECFailure;
       }
       pendingModule = oldModule = internalModule;
       internalModule = NULL;
       SECMOD_DestroyModule(oldModule);
       SECMOD_DeletePermDB(mlp->module);
       SECMOD_DestroyModuleListElement(mlp);
       internalModule = newModule; /* adopt the module */
   }
   return rv;
#endif
}

SECStatus
SECMOD_AddModule(SECMODModule *newModule)
{
   SECStatus rv;
   SECMODModule *oldModule;

   /* Test if a module w/ the same name already exists */
   /* and return SECWouldBlock if so. */
   /* We should probably add a new return value such as */
   /* SECDublicateModule, but to minimize ripples, I'll */
   /* give SECWouldBlock a new meaning */
   if ((oldModule = SECMOD_FindModule(newModule->commonName)) != NULL) {
       SECMOD_DestroyModule(oldModule);
       return SECWouldBlock;
       /* module already exists. */
   }

   rv = secmod_LoadPKCS11Module(newModule, NULL);
   if (rv != SECSuccess) {
       return rv;
   }

   if (newModule->parent == NULL) {
       newModule->parent = SECMOD_ReferenceModule(defaultDBModule);
   }

   SECMOD_AddPermDB(newModule);
   SECMOD_AddModuleToList(newModule);

   rv = STAN_AddModuleToDefaultTrustDomain(newModule);

   return rv;
}

PK11SlotInfo *
SECMOD_FindSlot(SECMODModule *module, const char *name)
{
   int i;
   char *string;
   PK11SlotInfo *retSlot = NULL;

   if (!moduleLock) {
       PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
       return retSlot;
   }
   SECMOD_GetReadLock(moduleLock);
   for (i = 0; i < module->slotCount; i++) {
       PK11SlotInfo *slot = module->slots[i];

       if (PK11_IsPresent(slot)) {
           string = PK11_GetTokenName(slot);
       } else {
           string = PK11_GetSlotName(slot);
       }
       if (PORT_Strcmp(name, string) == 0) {
           retSlot = PK11_ReferenceSlot(slot);
           break;
       }
   }
   SECMOD_ReleaseReadLock(moduleLock);

   if (retSlot == NULL) {
       PORT_SetError(SEC_ERROR_NO_SLOT_SELECTED);
   }
   return retSlot;
}

SECStatus
PK11_GetModInfo(SECMODModule *mod, CK_INFO *info)
{
   CK_RV crv;

   if (mod->functionList == NULL)
       return SECFailure;
   crv = PK11_GETTAB(mod)->C_GetInfo(info);
   if (crv != CKR_OK) {
       PORT_SetError(PK11_MapError(crv));
   }
   return (crv == CKR_OK) ? SECSuccess : SECFailure;
}

char *
PK11_GetModuleURI(SECMODModule *mod)
{
   CK_INFO info;
   PK11URI *uri;
   char *ret = NULL;
   PK11URIAttribute attrs[3];
   size_t nattrs = 0;
   char libraryManufacturer[32 + 1], libraryDescription[32 + 1], libraryVersion[8];

   if (PK11_GetModInfo(mod, &info) == SECFailure) {
       return NULL;
   }

   PK11_MakeString(NULL, libraryManufacturer, (char *)info.manufacturerID,
                   sizeof(info.manufacturerID));
   if (*libraryManufacturer != '\0') {
       attrs[nattrs].name = PK11URI_PATTR_LIBRARY_MANUFACTURER;
       attrs[nattrs].value = libraryManufacturer;
       nattrs++;
   }

   PK11_MakeString(NULL, libraryDescription, (char *)info.libraryDescription,
                   sizeof(info.libraryDescription));
   if (*libraryDescription != '\0') {
       attrs[nattrs].name = PK11URI_PATTR_LIBRARY_DESCRIPTION;
       attrs[nattrs].value = libraryDescription;
       nattrs++;
   }

   PR_snprintf(libraryVersion, sizeof(libraryVersion), "%d.%d",
               info.libraryVersion.major, info.libraryVersion.minor);
   attrs[nattrs].name = PK11URI_PATTR_LIBRARY_VERSION;
   attrs[nattrs].value = libraryVersion;
   nattrs++;

   uri = PK11URI_CreateURI(attrs, nattrs, NULL, 0);
   if (uri == NULL) {
       PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
       return NULL;
   }

   ret = PK11URI_FormatURI(NULL, uri);
   PK11URI_DestroyURI(uri);
   if (ret == NULL) {
       PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
       return NULL;
   }

   return ret;
}

/* Determine if we have the FIP's module loaded as the default
* module to trigger other bogus FIPS requirements in PKCS #12 and
* SSL
*/
PRBool
PK11_IsFIPS(void)
{
   SECMODModule *mod = SECMOD_GetInternalModule();

   if (mod && mod->internal) {
       return mod->isFIPS;
   }

   return PR_FALSE;
}

/* combines NewModule() & AddModule */
/* give a string for the module name & the full-path for the dll, */
/* installs the PKCS11 module & update registry */
SECStatus
SECMOD_AddNewModuleEx(const char *moduleName, const char *dllPath,
                     unsigned long defaultMechanismFlags,
                     unsigned long cipherEnableFlags,
                     char *modparms, char *nssparms)
{
   SECMODModule *module;
   SECStatus result = SECFailure;
   int s, i;
   PK11SlotInfo *slot;

   PR_SetErrorText(0, NULL);
   if (!moduleLock) {
       PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
       return result;
   }

   module = SECMOD_CreateModule(dllPath, moduleName, modparms, nssparms);

   if (module == NULL) {
       return result;
   }

   if (module->dllName != NULL) {
       if (module->dllName[0] != 0) {
           result = SECMOD_AddModule(module);
           if (result == SECSuccess) {
               /* turn on SSL cipher enable flags */
               module->ssl[0] = cipherEnableFlags;

               SECMOD_GetReadLock(moduleLock);
               /* check each slot to turn on appropriate mechanisms */
               for (s = 0; s < module->slotCount; s++) {
                   slot = (module->slots)[s];
                   /* for each possible mechanism */
                   for (i = 0; i < num_pk11_default_mechanisms; i++) {
                       /* we are told to turn it on by default ? */
                       PRBool add =
                           (PK11_DefaultArray[i].flag & defaultMechanismFlags) ? PR_TRUE : PR_FALSE;
                       result = PK11_UpdateSlotAttribute(slot,
                                                         &(PK11_DefaultArray[i]), add);
                       if (result != SECSuccess) {
                           SECMOD_ReleaseReadLock(moduleLock);
                           SECMOD_DestroyModule(module);
                           return result;
                       }
                   } /* for each mechanism */
                   /* disable each slot if the defaultFlags say so */
                   if (defaultMechanismFlags & PK11_DISABLE_FLAG) {
                       PK11_UserDisableSlot(slot);
                   }
               } /* for each slot of this module */
               SECMOD_ReleaseReadLock(moduleLock);

               /* delete and re-add module in order to save changes
                * to the module */
               result = SECMOD_UpdateModule(module);
           }
       }
   }
   SECMOD_DestroyModule(module);
   return result;
}

SECStatus
SECMOD_AddNewModule(const char *moduleName, const char *dllPath,
                   unsigned long defaultMechanismFlags,
                   unsigned long cipherEnableFlags)
{
   return SECMOD_AddNewModuleEx(moduleName, dllPath, defaultMechanismFlags,
                                cipherEnableFlags,
                                NULL, NULL); /* don't pass module or nss params */
}

SECStatus
SECMOD_UpdateModule(SECMODModule *module)
{
   SECStatus result;

   result = SECMOD_DeletePermDB(module);

   if (result == SECSuccess) {
       result = SECMOD_AddPermDB(module);
   }
   return result;
}

/* Public & Internal(Security Library)  representation of
* encryption mechanism flags conversion */

/* Currently, the only difference is that internal representation
* puts RANDOM_FLAG at bit 31 (Most-significant bit), but
* public representation puts this bit at bit 28
*/
unsigned long
SECMOD_PubMechFlagstoInternal(unsigned long publicFlags)
{
   unsigned long internalFlags = publicFlags;

   if (publicFlags & PUBLIC_MECH_RANDOM_FLAG) {
       internalFlags &= ~PUBLIC_MECH_RANDOM_FLAG;
       internalFlags |= SECMOD_RANDOM_FLAG;
   }
   return internalFlags;
}

unsigned long
SECMOD_InternaltoPubMechFlags(unsigned long internalFlags)
{
   unsigned long publicFlags = internalFlags;

   if (internalFlags & SECMOD_RANDOM_FLAG) {
       publicFlags &= ~SECMOD_RANDOM_FLAG;
       publicFlags |= PUBLIC_MECH_RANDOM_FLAG;
   }
   return publicFlags;
}

/* Public & Internal(Security Library)  representation of */
/* cipher flags conversion */
/* Note: currently they are just stubs */
unsigned long
SECMOD_PubCipherFlagstoInternal(unsigned long publicFlags)
{
   return publicFlags;
}

unsigned long
SECMOD_InternaltoPubCipherFlags(unsigned long internalFlags)
{
   return internalFlags;
}

/* Funtion reports true if module of modType is installed/configured */
PRBool
SECMOD_IsModulePresent(unsigned long int pubCipherEnableFlags)
{
   PRBool result = PR_FALSE;
   SECMODModuleList *mods;

   if (!moduleLock) {
       PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
       return result;
   }
   SECMOD_GetReadLock(moduleLock);
   mods = SECMOD_GetDefaultModuleList();
   for (; mods != NULL; mods = mods->next) {
       if (mods->module->ssl[0] &
           SECMOD_PubCipherFlagstoInternal(pubCipherEnableFlags)) {
           result = PR_TRUE;
       }
   }

   SECMOD_ReleaseReadLock(moduleLock);
   return result;
}

/* create a new ModuleListElement */
SECMODModuleList *
SECMOD_NewModuleListElement(void)
{
   SECMODModuleList *newModList;

   newModList = (SECMODModuleList *)PORT_Alloc(sizeof(SECMODModuleList));
   if (newModList) {
       newModList->next = NULL;
       newModList->module = NULL;
   }
   return newModList;
}

/*
* make a new reference to a module so It doesn't go away on us
*/
SECMODModule *
SECMOD_ReferenceModule(SECMODModule *module)
{
   PZ_Lock(module->refLock);
   PORT_Assert(module->refCount > 0);

   module->refCount++;
   PZ_Unlock(module->refLock);
   return module;
}

/* destroy an existing module */
void
SECMOD_DestroyModule(SECMODModule *module)
{
   PRBool willfree = PR_FALSE;
   int slotCount;
   int i;

   PZ_Lock(module->refLock);
   if (module->refCount-- == 1) {
       willfree = PR_TRUE;
   }
   PORT_Assert(willfree || (module->refCount > 0));
   PZ_Unlock(module->refLock);

   if (!willfree) {
       return;
   }

   if (module->parent != NULL) {
       SECMODModule *parent = module->parent;
       /* paranoia, don't loop forever if the modules are looped */
       module->parent = NULL;
       SECMOD_DestroyModule(parent);
   }

   /* slots can't really disappear until our module starts freeing them,
    * so this check is safe */
   slotCount = module->slotCount;
   if (slotCount == 0) {
       SECMOD_SlotDestroyModule(module, PR_FALSE);
       return;
   }

   /* now free all out slots, when they are done, they will cause the
    * module to disappear altogether */
   for (i = 0; i < slotCount; i++) {
       if (!module->slots[i]->disabled) {
           PK11_ClearSlotList(module->slots[i]);
       }
       PK11_FreeSlot(module->slots[i]);
   }
   /* WARNING: once the last slot has been freed is it possible (even likely)
    * that module is no more... touching it now is a good way to go south */
}

/* we can only get here if we've destroyed the module, or some one has
* erroneously freed a slot that wasn't referenced. */
void
SECMOD_SlotDestroyModule(SECMODModule *module, PRBool fromSlot)
{
   PRBool willfree = PR_FALSE;
   if (fromSlot) {
       PORT_Assert(module->refCount == 0);
       PZ_Lock(module->refLock);
       if (module->slotCount-- == 1) {
           willfree = PR_TRUE;
       }
       PORT_Assert(willfree || (module->slotCount > 0));
       PZ_Unlock(module->refLock);
       if (!willfree)
           return;
   }

   if (module == pendingModule) {
       pendingModule = NULL;
   }

   if (module->loaded) {
       SECMOD_UnloadModule(module);
   }
   PZ_DestroyLock(module->refLock);
   PORT_FreeArena(module->arena, PR_FALSE);
   secmod_PrivateModuleCount--;
}

/* destroy a list element
* this destroys a single element, and returns the next element
* on the chain. It makes it easy to implement for loops to delete
* the chain. It also make deleting a single element easy */
SECMODModuleList *
SECMOD_DestroyModuleListElement(SECMODModuleList *element)
{
   SECMODModuleList *next = element->next;

   if (element->module) {
       SECMOD_DestroyModule(element->module);
       element->module = NULL;
   }
   PORT_Free(element);
   return next;
}

/*
* Destroy an entire module list
*/
void
SECMOD_DestroyModuleList(SECMODModuleList *list)
{
   SECMODModuleList *lp;

   for (lp = list; lp != NULL; lp = SECMOD_DestroyModuleListElement(lp))
       ;
}

PRBool
SECMOD_CanDeleteInternalModule(void)
{
#ifdef NSS_FIPS_DISABLED
   return PR_FALSE;
#else
   return (PRBool)((pendingModule == NULL) && !SECMOD_GetSystemFIPSEnabled());
#endif
}

/*
* check to see if the module has added new slots. PKCS 11 v2.20 allows for
* modules to add new slots, but never remove them. Slots cannot be added
* between a call to C_GetSlotLlist(Flag, NULL, &count) and the subsequent
* C_GetSlotList(flag, &data, &count) so that the array doesn't accidently
* grow on the caller. It is permissible for the slots to increase between
* successive calls with NULL to get the size.
*
* Caller must not hold a module list read lock.
*/
SECStatus
SECMOD_UpdateSlotList(SECMODModule *mod)
{
   CK_RV crv;
   CK_ULONG count;
   CK_ULONG i, oldCount;
   PRBool freeRef = PR_FALSE;
   void *mark = NULL;
   CK_ULONG *slotIDs = NULL;
   PK11SlotInfo **newSlots = NULL;
   PK11SlotInfo **oldSlots = NULL;

   if (!moduleLock) {
       PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
       return SECFailure;
   }

   /* C_GetSlotList is not a session function, make sure
    * calls are serialized */
   PZ_Lock(mod->refLock);
   freeRef = PR_TRUE;
   /* see if the number of slots have changed */
   crv = PK11_GETTAB(mod)->C_GetSlotList(PR_FALSE, NULL, &count);
   if (crv != CKR_OK) {
       PORT_SetError(PK11_MapError(crv));
       goto loser;
   }
   /* nothing new, blow out early, we want this function to be quick
    * and cheap in the normal case  */
   if (count == mod->slotCount) {
       PZ_Unlock(mod->refLock);
       return SECSuccess;
   }
   if (count < (CK_ULONG)mod->slotCount) {
       /* shouldn't happen with a properly functioning PKCS #11 module */
       PORT_SetError(SEC_ERROR_INCOMPATIBLE_PKCS11);
       goto loser;
   }

   /* get the new slot list */
   slotIDs = PORT_NewArray(CK_SLOT_ID, count);
   if (slotIDs == NULL) {
       goto loser;
   }

   crv = PK11_GETTAB(mod)->C_GetSlotList(PR_FALSE, slotIDs, &count);
   if (crv != CKR_OK) {
       PORT_SetError(PK11_MapError(crv));
       goto loser;
   }
   freeRef = PR_FALSE;
   PZ_Unlock(mod->refLock);
   mark = PORT_ArenaMark(mod->arena);
   if (mark == NULL) {
       goto loser;
   }
   newSlots = PORT_ArenaZNewArray(mod->arena, PK11SlotInfo *, count);

   /* walk down the new slot ID list returned from the module. We keep
    * the old slots which match a returned ID, and we initialize the new
    * slots. */
   for (i = 0; i < count; i++) {
       PK11SlotInfo *slot = SECMOD_FindSlotByID(mod, slotIDs[i]);

       if (!slot) {
           /* we have a new slot create a new slot data structure */
           slot = PK11_NewSlotInfo(mod);
           if (!slot) {
               goto loser;
           }
           PK11_InitSlot(mod, slotIDs[i], slot);
           STAN_InitTokenForSlotInfo(NULL, slot);
       }
       newSlots[i] = slot;
   }
   STAN_ResetTokenInterator(NULL);
   PORT_Free(slotIDs);
   slotIDs = NULL;
   PORT_ArenaUnmark(mod->arena, mark);

   /* until this point we're still using the old slot list. Now we update
    * module slot list. We update the slots (array) first then the count,
    * since we've already guarrenteed that count has increased (just in case
    * someone is looking at the slots field of  module without holding the
    * moduleLock */
   SECMOD_GetWriteLock(moduleLock);
   oldCount = mod->slotCount;
   oldSlots = mod->slots;
   mod->slots = newSlots; /* typical arena 'leak'... old mod->slots is
                           * allocated out of the module arena and won't
                           * be freed until the module is freed */
   mod->slotCount = count;
   SECMOD_ReleaseWriteLock(moduleLock);
   /* free our old references before forgetting about oldSlot*/
   for (i = 0; i < oldCount; i++) {
       PK11_FreeSlot(oldSlots[i]);
   }
   return SECSuccess;

loser:
   if (freeRef) {
       PZ_Unlock(mod->refLock);
   }
   if (slotIDs) {
       PORT_Free(slotIDs);
   }
   /* free all the slots we allocated. newSlots are part of the
    * mod arena. NOTE: the newSlots array contain both new and old
    * slots, but we kept a reference to the old slots when we built the new
    * array, so we need to free all the slots in newSlots array. */
   if (newSlots) {
       for (i = 0; i < count; i++) {
           if (newSlots[i] == NULL) {
               break; /* hit the last one */
           }
           PK11_FreeSlot(newSlots[i]);
       }
   }
   /* must come after freeing newSlots */
   if (mark) {
       PORT_ArenaRelease(mod->arena, mark);
   }
   return SECFailure;
}

/*
* this handles modules that do not support C_WaitForSlotEvent().
* The internal flags are stored. Note that C_WaitForSlotEvent() does not
* have a timeout, so we don't have one for handleWaitForSlotEvent() either.
*/
PK11SlotInfo *
secmod_HandleWaitForSlotEvent(SECMODModule *mod, unsigned long flags,
                             PRIntervalTime latency)
{
   PRBool removableSlotsFound = PR_FALSE;
   int i;
   int error = SEC_ERROR_NO_EVENT;

   if (!moduleLock) {
       PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
       return NULL;
   }
   PZ_Lock(mod->refLock);
   if (mod->evControlMask & SECMOD_END_WAIT) {
       mod->evControlMask &= ~SECMOD_END_WAIT;
       PZ_Unlock(mod->refLock);
       PORT_SetError(SEC_ERROR_NO_EVENT);
       return NULL;
   }
   mod->evControlMask |= SECMOD_WAIT_SIMULATED_EVENT;
   while (mod->evControlMask & SECMOD_WAIT_SIMULATED_EVENT) {
       PZ_Unlock(mod->refLock);
       /* now is a good time to see if new slots have been added */
       SECMOD_UpdateSlotList(mod);

       /* loop through all the slots on a module */
       SECMOD_GetReadLock(moduleLock);
       for (i = 0; i < mod->slotCount; i++) {
           PK11SlotInfo *slot = mod->slots[i];
           PRUint16 series;
           PRBool present;

           /* perm modules do not change */
           if (slot->isPerm) {
               continue;
           }
           removableSlotsFound = PR_TRUE;
           /* simulate the PKCS #11 module flags. are the flags different
            * from the last time we called? */
           series = slot->series;
           present = PK11_IsPresent(slot);
           if ((slot->flagSeries != series) || (slot->flagState != present)) {
               slot->flagState = present;
               slot->flagSeries = series;
               SECMOD_ReleaseReadLock(moduleLock);
               PZ_Lock(mod->refLock);
               mod->evControlMask &= ~SECMOD_END_WAIT;
               PZ_Unlock(mod->refLock);
               return PK11_ReferenceSlot(slot);
           }
       }
       SECMOD_ReleaseReadLock(moduleLock);
       /* if everything was perm modules, don't lock up forever */
       if ((mod->slotCount != 0) && !removableSlotsFound) {
           error = SEC_ERROR_NO_SLOT_SELECTED;
           PZ_Lock(mod->refLock);
           break;
       }
       if (flags & CKF_DONT_BLOCK) {
           PZ_Lock(mod->refLock);
           break;
       }
       PR_Sleep(latency);
       PZ_Lock(mod->refLock);
   }
   mod->evControlMask &= ~SECMOD_END_WAIT;
   PZ_Unlock(mod->refLock);
   PORT_SetError(error);
   return NULL;
}

/*
* this function waits for a token event on any slot of a given module
* This function should not be called from more than one thread of the
* same process (though other threads can make other library calls
* on this module while this call is blocked).
*/
PK11SlotInfo *
SECMOD_WaitForAnyTokenEvent(SECMODModule *mod, unsigned long flags,
                           PRIntervalTime latency)
{
   CK_SLOT_ID id;
   CK_RV crv;
   PK11SlotInfo *slot;

   if (!pk11_getFinalizeModulesOption() ||
       ((mod->cryptokiVersion.major == 2) &&
        (mod->cryptokiVersion.minor < 1))) {
       /* if we are sharing the module with other software in our
        * address space, we can't reliably use C_WaitForSlotEvent(),
        * and if the module is version 2.0, C_WaitForSlotEvent() doesn't
        * exist */
       return secmod_HandleWaitForSlotEvent(mod, flags, latency);
   }
   /* first the the PKCS #11 call */
   PZ_Lock(mod->refLock);
   if (mod->evControlMask & SECMOD_END_WAIT) {
       goto end_wait;
   }
   mod->evControlMask |= SECMOD_WAIT_PKCS11_EVENT;
   PZ_Unlock(mod->refLock);
   crv = PK11_GETTAB(mod)->C_WaitForSlotEvent(flags, &id, NULL);
   PZ_Lock(mod->refLock);
   mod->evControlMask &= ~SECMOD_WAIT_PKCS11_EVENT;
   /* if we are in end wait, short circuit now, don't even risk
    * going into secmod_HandleWaitForSlotEvent */
   if (mod->evControlMask & SECMOD_END_WAIT) {
       goto end_wait;
   }
   PZ_Unlock(mod->refLock);
   if (crv == CKR_FUNCTION_NOT_SUPPORTED) {
       /* module doesn't support that call, simulate it */
       return secmod_HandleWaitForSlotEvent(mod, flags, latency);
   }
   if (crv != CKR_OK) {
       /* we can get this error if finalize was called while we were
        * still running. This is the only way to force a C_WaitForSlotEvent()
        * to return in PKCS #11. In this case, just return that there
        * was no event. */
       if (crv == CKR_CRYPTOKI_NOT_INITIALIZED) {
           PORT_SetError(SEC_ERROR_NO_EVENT);
       } else {
           PORT_SetError(PK11_MapError(crv));
       }
       return NULL;
   }
   slot = SECMOD_FindSlotByID(mod, id);
   if (slot == NULL) {
       /* possibly a new slot that was added? */
       SECMOD_UpdateSlotList(mod);
       slot = SECMOD_FindSlotByID(mod, id);
   }
   /* if we are in the delay period for the "isPresent" call, reset
    * the delay since we know things have probably changed... */
   if (slot) {
       NSSToken *nssToken = PK11Slot_GetNSSToken(slot);
       if (nssToken) {
           if (nssToken->slot) {
               nssSlot_ResetDelay(nssToken->slot);
           }
           (void)nssToken_Destroy(nssToken);
       }
   }
   return slot;

/* must be called with the lock on. */
end_wait:
   mod->evControlMask &= ~SECMOD_END_WAIT;
   PZ_Unlock(mod->refLock);
   PORT_SetError(SEC_ERROR_NO_EVENT);
   return NULL;
}

/*
* This function "wakes up" WaitForAnyTokenEvent. It's a pretty drastic
* function, possibly bringing down the pkcs #11 module in question. This
* should be OK because 1) it does reinitialize, and 2) it should only be
* called when we are on our way to tear the whole system down anyway.
*/
SECStatus
SECMOD_CancelWait(SECMODModule *mod)
{
   unsigned long controlMask;
   SECStatus rv = SECSuccess;
   CK_RV crv;

   PZ_Lock(mod->refLock);
   mod->evControlMask |= SECMOD_END_WAIT;
   controlMask = mod->evControlMask;
   if (controlMask & SECMOD_WAIT_PKCS11_EVENT) {
       if (!pk11_getFinalizeModulesOption()) {
           /* can't get here unless pk11_getFinalizeModulesOption is set */
           PORT_Assert(0);
           PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
           rv = SECFailure;
           goto loser;
       }
       /* NOTE: this call will drop all transient keys, in progress
        * operations, and any authentication. This is the only documented
        * way to get WaitForSlotEvent to return. Also note: for non-thread
        * safe tokens, we need to hold the module lock, this is not yet at
        * system shutdown/startup time, so we need to protect these calls */
       crv = PK11_GETTAB(mod)->C_Finalize(NULL);
       /* ok, we slammed the module down, now we need to reinit it in case
        * we intend to use it again */
       if (CKR_OK == crv) {
           PRBool alreadyLoaded;
           secmod_ModuleInit(mod, NULL, &alreadyLoaded);
       } else {
           /* Finalized failed for some reason,  notify the application
            * so maybe it has a prayer of recovering... */
           PORT_SetError(PK11_MapError(crv));
           rv = SECFailure;
       }
   } else if (controlMask & SECMOD_WAIT_SIMULATED_EVENT) {
       mod->evControlMask &= ~SECMOD_WAIT_SIMULATED_EVENT;
       /* Simulated events will eventually timeout
        * and wake up in the loop */
   }
loser:
   PZ_Unlock(mod->refLock);
   return rv;
}

/*
* check to see if the module has removable slots that we may need to
* watch for.
*/
PRBool
SECMOD_HasRemovableSlots(SECMODModule *mod)
{
   PRBool ret = PR_FALSE;
   if (!moduleLock) {
       PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
       return ret;
   }
   SECMOD_GetReadLock(moduleLock);
   ret = SECMOD_LockedModuleHasRemovableSlots(mod);
   SECMOD_ReleaseReadLock(moduleLock);
   return ret;
}

PRBool
SECMOD_LockedModuleHasRemovableSlots(SECMODModule *mod)
{
   int i;
   PRBool ret;
   if (mod->slotCount == 0) {
       return PR_TRUE;
   }

   ret = PR_FALSE;
   for (i = 0; i < mod->slotCount; i++) {
       PK11SlotInfo *slot = mod->slots[i];
       /* perm modules are not inserted or removed */
       if (slot->isPerm) {
           continue;
       }
       ret = PR_TRUE;
       break;
   }
   return ret;
}

/*
* helper function to actually create and destroy user defined slots
*/
static SECStatus
secmod_UserDBOp(PK11SlotInfo *slot, CK_OBJECT_CLASS objClass,
               const char *sendSpec)
{
   CK_OBJECT_HANDLE dummy;
   CK_ATTRIBUTE template[2];
   CK_ATTRIBUTE *attrs = template;
   CK_RV crv;

   PK11_SETATTRS(attrs, CKA_CLASS, &objClass, sizeof(objClass));
   attrs++;
   PK11_SETATTRS(attrs, CKA_NSS_MODULE_SPEC, (unsigned char *)sendSpec,
                 strlen(sendSpec) + 1);
   attrs++;

   PORT_Assert(attrs - template <= 2);

   PK11_EnterSlotMonitor(slot);
   crv = PK11_CreateNewObject(slot, slot->session,
                              template, attrs - template, PR_FALSE, &dummy);
   PK11_ExitSlotMonitor(slot);

   if (crv != CKR_OK) {
       PORT_SetError(PK11_MapError(crv));
       return SECFailure;
   }
   return SECMOD_UpdateSlotList(slot->module);
}

/*
* return true if the selected slot ID is not present or doesn't exist
*/
static PRBool
secmod_SlotIsEmpty(SECMODModule *mod, CK_SLOT_ID slotID)
{
   PK11SlotInfo *slot = SECMOD_LookupSlot(mod->moduleID, slotID);
   if (slot) {
       PRBool present = PK11_IsPresent(slot);
       PK11_FreeSlot(slot);
       if (present) {
           return PR_FALSE;
       }
   }
   /* it doesn't exist or isn't present, it's available */
   return PR_TRUE;
}

/*
* Find an unused slot id in module.
*/
static CK_SLOT_ID
secmod_FindFreeSlot(SECMODModule *mod)
{
   CK_SLOT_ID i, minSlotID, maxSlotID;

   /* look for a free slot id on the internal module */
   if (mod->internal && mod->isFIPS) {
       minSlotID = SFTK_MIN_FIPS_USER_SLOT_ID;
       maxSlotID = SFTK_MAX_FIPS_USER_SLOT_ID;
   } else {
       minSlotID = SFTK_MIN_USER_SLOT_ID;
       maxSlotID = SFTK_MAX_USER_SLOT_ID;
   }
   for (i = minSlotID; i < maxSlotID; i++) {
       if (secmod_SlotIsEmpty(mod, i)) {
           return i;
       }
   }
   PORT_SetError(SEC_ERROR_NO_SLOT_SELECTED);
   return (CK_SLOT_ID)-1;
}

/*
* Attempt to open a new slot.
*
* This works the same os OpenUserDB except it can be called against
* any module that understands the softoken protocol for opening new
* slots, not just the softoken itself. If the selected module does not
* understand the protocol, C_CreateObject will fail with
* CKR_INVALID_ATTRIBUTE, and SECMOD_OpenNewSlot will return NULL and set
* SEC_ERROR_BAD_DATA.
*
* NewSlots can be closed with SECMOD_CloseUserDB();
*
* Modulespec is module dependent.
*/
PK11SlotInfo *
SECMOD_OpenNewSlot(SECMODModule *mod, const char *moduleSpec)
{
   CK_SLOT_ID slotID = 0;
   PK11SlotInfo *slot;
   char *escSpec;
   char *sendSpec;
   SECStatus rv;

   slotID = secmod_FindFreeSlot(mod);
   if (slotID == (CK_SLOT_ID)-1) {
       return NULL;
   }

   if (mod->slotCount == 0) {
       return NULL;
   }

   /* just grab the first slot in the module, any present slot should work */
   slot = PK11_ReferenceSlot(mod->slots[0]);
   if (slot == NULL) {
       return NULL;
   }

   /* we've found the slot, now build the moduleSpec */
   escSpec = NSSUTIL_DoubleEscape(moduleSpec, '>', ']');
   if (escSpec == NULL) {
       PK11_FreeSlot(slot);
       return NULL;
   }
   sendSpec = PR_smprintf("tokens=[0x%x=<%s>]", slotID, escSpec);
   PORT_Free(escSpec);

   if (sendSpec == NULL) {
       /* PR_smprintf does not set SEC_ERROR_NO_MEMORY on failure. */
       PK11_FreeSlot(slot);
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       return NULL;
   }
   rv = secmod_UserDBOp(slot, CKO_NSS_NEWSLOT, sendSpec);
   PR_smprintf_free(sendSpec);
   PK11_FreeSlot(slot);
   if (rv != SECSuccess) {
       return NULL;
   }

   slot = SECMOD_FindSlotByID(mod, slotID);
   if (slot) {
       /* if we are in the delay period for the "isPresent" call, reset
        * the delay since we know things have probably changed... */
       NSSToken *nssToken = PK11Slot_GetNSSToken(slot);
       if (nssToken) {
           if (nssToken->slot) {
               nssSlot_ResetDelay(nssToken->slot);
           }
           (void)nssToken_Destroy(nssToken);
       }
       /* force the slot info structures to properly reset */
       (void)PK11_IsPresent(slot);
   }
   return slot;
}

/*
* given a module spec, find the slot in the module for it.
*/
PK11SlotInfo *
secmod_FindSlotFromModuleSpec(const char *moduleSpec, SECMODModule *module)
{
   CK_SLOT_ID slot_id = secmod_GetSlotIDFromModuleSpec(moduleSpec, module);
   if (slot_id == -1) {
       return NULL;
   }

   return SECMOD_FindSlotByID(module, slot_id);
}

/*
* Open a new database using the softoken. The caller is responsible for making
* sure the module spec is correct and usable. The caller should ask for one
* new database per call if the caller wants to get meaningful information
* about the new database.
*
* moduleSpec is the same data that you would pass to softoken at
* initialization time under the 'tokens' options. For example, if you were
* to specify tokens=<0x4=[configdir='./mybackup' tokenDescription='Backup']>
* You would specify "configdir='./mybackup' tokenDescription='Backup'" as your
* module spec here. The slot ID will be calculated for you by
* SECMOD_OpenUserDB().
*
* Typical parameters here are configdir, tokenDescription and flags.
*
* a Full list is below:
*
*
*  configDir - The location of the databases for this token. If configDir is
*         not specified, and noCertDB and noKeyDB is not specified, the load
*         will fail.
*   certPrefix - Cert prefix for this token.
*   keyPrefix - Prefix for the key database for this token. (if not specified,
*         certPrefix will be used).
*   tokenDescription - The label value for this token returned in the
*         CK_TOKEN_INFO structure with an internationalize string (UTF8).
*         This value will be truncated at 32 bytes (no NULL, partial UTF8
*         characters dropped). You should specify a user friendly name here
*         as this is the value the token will be referred to in most
*         application UI's. You should make sure tokenDescription is unique.
*   slotDescription - The slotDescription value for this token returned
*         in the CK_SLOT_INFO structure with an internationalize string
*         (UTF8). This value will be truncated at 64 bytes (no NULL, partial
*         UTF8 characters dropped). This name will not change after the
*         database is closed. It should have some number to make this unique.
*   minPWLen - minimum password length for this token.
*   flags - comma separated list of flag values, parsed case-insensitive.
*         Valid flags are:
*              readOnly - Databases should be opened read only.
*              noCertDB - Don't try to open a certificate database.
*              noKeyDB - Don't try to open a key database.
*              forceOpen - Don't fail to initialize the token if the
*                databases could not be opened.
*              passwordRequired - zero length passwords are not acceptable
*                (valid only if there is a keyDB).
*              optimizeSpace - allocate smaller hash tables and lock tables.
*                When this flag is not specified, Softoken will allocate
*                large tables to prevent lock contention.
*/
PK11SlotInfo *
SECMOD_OpenUserDB(const char *moduleSpec)
{
   SECMODModule *mod;
   SECMODConfigList *conflist = NULL;
   int count = 0;

   if (moduleSpec == NULL) {
       return NULL;
   }

   /* NOTE: unlike most PK11 function, this does not return a reference
    * to the module */
   mod = SECMOD_GetInternalModule();
   if (!mod) {
       /* shouldn't happen */
       PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
       return NULL;
   }

   /* make sure we don't open the same database twice. We only understand
    * the moduleSpec for internal databases well enough to do this, so only
    * do this in OpenUserDB */
   conflist = secmod_GetConfigList(mod->isFIPS, mod->libraryParams, &count);
   if (conflist) {
       PK11SlotInfo *slot = NULL;
       if (secmod_MatchConfigList(moduleSpec, conflist, count)) {
           slot = secmod_FindSlotFromModuleSpec(moduleSpec, mod);
       }
       secmod_FreeConfigList(conflist, count);
       if (slot) {
           return slot;
       }
   }
   return SECMOD_OpenNewSlot(mod, moduleSpec);
}

/*
* close an already opened user database. NOTE: the database must be
* in the internal token, and must be one created with SECMOD_OpenUserDB().
* Once the database is closed, the slot will remain as an empty slot
* until it's used again with SECMOD_OpenUserDB() or SECMOD_OpenNewSlot().
*/
SECStatus
SECMOD_CloseUserDB(PK11SlotInfo *slot)
{
   SECStatus rv;
   char *sendSpec;

   sendSpec = PR_smprintf("tokens=[0x%x=<>]", slot->slotID);
   if (sendSpec == NULL) {
       /* PR_smprintf does not set no memory error */
       PORT_SetError(SEC_ERROR_NO_MEMORY);
       return SECFailure;
   }
   rv = secmod_UserDBOp(slot, CKO_NSS_DELSLOT, sendSpec);
   PR_smprintf_free(sendSpec);
   /* if we are in the delay period for the "isPresent" call, reset
    * the delay since we know things have probably changed... */
   NSSToken *nssToken = PK11Slot_GetNSSToken(slot);
   if (nssToken) {
       if (nssToken->slot) {
           nssSlot_ResetDelay(nssToken->slot);
       }
       (void)nssToken_Destroy(nssToken);
       /* force the slot info structures to properly reset */
       (void)PK11_IsPresent(slot);
   }
   return rv;
}

/*
* Restart PKCS #11 modules after a fork(). See secmod.h for more information.
*/
SECStatus
SECMOD_RestartModules(PRBool force)
{
   SECMODModuleList *mlp;
   SECStatus rrv = SECSuccess;
   int lastError = 0;

   if (!moduleLock) {
       PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
       return SECFailure;
   }

   /* Only need to restart the PKCS #11 modules that were initialized */
   SECMOD_GetReadLock(moduleLock);
   for (mlp = modules; mlp != NULL; mlp = mlp->next) {
       SECMODModule *mod = mlp->module;
       CK_ULONG count;
       SECStatus rv;
       int i;

       /* If the module needs to be reset, do so */
       if (force || (PK11_GETTAB(mod)->C_GetSlotList(CK_FALSE, NULL, &count) != CKR_OK)) {
           PRBool alreadyLoaded;
           /* first call Finalize. This is not required by PKCS #11, but some
            * older modules require it, and it doesn't hurt (compliant modules
            * will return CKR_NOT_INITIALIZED */
           (void)PK11_GETTAB(mod)->C_Finalize(NULL);
           /* now initialize the module, this function reinitializes
            * a module in place, preserving existing slots (even if they
            * no longer exist) */
           rv = secmod_ModuleInit(mod, NULL, &alreadyLoaded);
           if (rv != SECSuccess) {
               /* save the last error code */
               lastError = PORT_GetError();
               rrv = rv;
               /* couldn't reinit the module, disable all its slots */
               for (i = 0; i < mod->slotCount; i++) {
                   mod->slots[i]->disabled = PR_TRUE;
                   mod->slots[i]->reason = PK11_DIS_COULD_NOT_INIT_TOKEN;
               }
               continue;
           }
           for (i = 0; i < mod->slotCount; i++) {
               /* get new token sessions, bump the series up so that
                * we refresh other old sessions. This will tell much of
                * NSS to flush cached handles it may hold as well */
               rv = PK11_InitToken(mod->slots[i], PR_TRUE);
               /* PK11_InitToken could fail if the slot isn't present.
                * If it is present, though, something is wrong and we should
                * disable the slot and let the caller know. */
               if (rv != SECSuccess && PK11_IsPresent(mod->slots[i])) {
                   /* save the last error code */
                   lastError = PORT_GetError();
                   rrv = rv;
                   /* disable the token */
                   mod->slots[i]->disabled = PR_TRUE;
                   mod->slots[i]->reason = PK11_DIS_COULD_NOT_INIT_TOKEN;
               }
           }
       }
   }
   SECMOD_ReleaseReadLock(moduleLock);

   /*
    * on multiple failures, we are only returning the lastError. The caller
    * can determine which slots are bad by calling PK11_IsDisabled().
    */
   if (rrv != SECSuccess) {
       /* restore the last error code */
       PORT_SetError(lastError);
   }

   return rrv;
}