[gnome-settings-daemon/gnome-3-20] smartcard: use NSS_InitContext instead of NSS_Initialize



commit eb381b96a88d41cc5e85f7075c776678863e0499
Author: Ray Strode <rstrode redhat com>
Date:   Tue Jun 16 09:45:46 2015 -0400

    smartcard: use NSS_InitContext instead of NSS_Initialize
    
    NSS_Initialize is a noop if called multiple times.  We
    currently call NSS_Initialize twice in gnome-settings-daemon.
    Once by NMClient and once by the smartcard plugin.  NMClient
    does it first, and it does it without initializing the secmod
    database. When the smartcard plugin tries to initialize NSS
    with the secmod database later, it's call is turned to a noop.
    
    This commit changes the smartcard plugin to use NSS_InitContext
    instead, which can properly handle being initialized multiple
    times with different configurations.  See:
    
    https://wiki.mozilla.org/NSS_Library_Init
    
    https://bugzilla.gnome.org/show_bug.cgi?id=751040

 plugins/smartcard/gsd-smartcard-manager.c |   28 ++++++++++++++++++----------
 1 files changed, 18 insertions(+), 10 deletions(-)
---
diff --git a/plugins/smartcard/gsd-smartcard-manager.c b/plugins/smartcard/gsd-smartcard-manager.c
index 5300965..31551c7 100644
--- a/plugins/smartcard/gsd-smartcard-manager.c
+++ b/plugins/smartcard/gsd-smartcard-manager.c
@@ -54,7 +54,7 @@ struct GsdSmartcardManagerPrivate
 
         GSettings *settings;
 
-        guint32 nss_is_loaded : 1;
+        NSSInitContext *nss_context;
 };
 
 #define CONF_SCHEMA "org.gnome.settings-daemon.peripherals.smartcard"
@@ -93,7 +93,14 @@ static void
 load_nss (GsdSmartcardManager *self)
 {
         GsdSmartcardManagerPrivate *priv = self->priv;
-        SECStatus status = SECSuccess;
+        NSSInitContext *context = NULL;
+
+        /* The first field in the NSSInitParameters structure
+         * is the size of the structure. NSS requires this, so
+         * that it can change the size of the structure in future
+         * versions of NSS in a detectable way
+         */
+        NSSInitParameters parameters = { sizeof (parameters), };
         static const guint32 flags = NSS_INIT_READONLY
                                    | NSS_INIT_FORCEOPEN
                                    | NSS_INIT_NOROOTINIT
@@ -105,10 +112,10 @@ load_nss (GsdSmartcardManager *self)
 
         PR_Init (PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
 
-        status = NSS_Initialize (GSD_SMARTCARD_MANAGER_NSS_DB,
-                                 "", "", SECMOD_DB, flags);
+        context = NSS_InitContext (GSD_SMARTCARD_MANAGER_NSS_DB,
+                                   "", "", SECMOD_DB, &parameters, flags);
 
-        if (status != SECSuccess) {
+        if (context == NULL) {
                 gsize error_message_size;
                 char *error_message;
 
@@ -123,13 +130,14 @@ load_nss (GsdSmartcardManager *self)
                         g_debug ("NSS security system could not be initialized - %s",
                                  error_message);
                 }
-                priv->nss_is_loaded = FALSE;
+
+                priv->nss_context = NULL;
                 return;
 
         }
 
         g_debug ("NSS database '%s' loaded", GSD_SMARTCARD_MANAGER_NSS_DB);
-        priv->nss_is_loaded = TRUE;
+        priv->nss_context = context;
 }
 
 static void
@@ -138,9 +146,9 @@ unload_nss (GsdSmartcardManager *self)
         g_debug ("attempting to unload NSS security system with database '%s'",
                  GSD_SMARTCARD_MANAGER_NSS_DB);
 
-        if (self->priv->nss_is_loaded) {
-                NSS_Shutdown ();
-                self->priv->nss_is_loaded = FALSE;
+        if (self->priv->nss_context != NULL) {
+                g_clear_pointer (&self->priv->nss_context,
+                                 NSS_ShutdownContext);
                 g_debug ("NSS database '%s' unloaded", GSD_SMARTCARD_MANAGER_NSS_DB);
         } else {
                 g_debug ("NSS database '%s' already not loaded", GSD_SMARTCARD_MANAGER_NSS_DB);


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]