make this module buildable using NSS 3.x headers; some cleanup

2001-10-08 20:19:30 +00:00 · 2001-10-08 20:19:30 +00:00 · ff98847829
--- a/security/nss/lib/dev/ckhelper.c
+++ b/security/nss/lib/dev/ckhelper.c
@ -32,20 +32,24 @@
 */

 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: ckhelper.c,v $ $Revision: 1.3 $ $Date: 2001/09/19 21:47:22 $ $Name:  $";
+static const char CVS_ID[] = "@(#) $RCSfile: ckhelper.c,v $ $Revision: 1.4 $ $Date: 2001/10/08 20:19:29 $ $Name:  $";
 #endif /* DEBUG */

 #ifndef PKIT_H
 #include "pkit.h"
 #endif /* PKIT_H */

-#ifndef DEVT_H
-#include "devt.h"
-#endif /* DEVT_H */
+#ifndef DEV_H
+#include "dev.h"
+#endif /* DEV_H */

+#ifdef NSS_3_4_CODE
+#include "pkcs11.h"
+#else
 #ifndef NSSCKEPV_H
 #include "nssckepv.h"
 #endif /* NSSCKEPV_H */
+#endif /* NSS_3_4_CODE */

 #ifndef CKHELPER_H
 #include "ckhelper.h"
@ -92,18 +96,18 @@ nssCKObject_GetAttributes
   CK_RV ckrv;
   PRStatus nssrv;
   hSession = session->handle; 
-#ifdef arena_mark_bug_fixed
   if (arenaOpt) {
-	mark = nssArenaMark(arenaOpt);
+	mark = nssArena_Mark(arenaOpt);
 	if (!mark) {
 	    goto loser;
 	}
   }
-#endif
   /* Get the storage size needed for each attribute */
+   nssSession_EnterMonitor(session);
   ckrv = CKAPI(slot)->C_GetAttributeValue(hSession,
                                           object, obj_template, count);
   if (ckrv != CKR_OK) {
+	nssSession_ExitMonitor(session);
 	/* set an error here */
 	goto loser;
   }
@ -112,31 +116,29 @@ nssCKObject_GetAttributes
 	obj_template[i].pValue = nss_ZAlloc(arenaOpt, 
 	                                    obj_template[i].ulValueLen);
 	if (!obj_template[i].pValue) {
+	    nssSession_ExitMonitor(session);
 	    goto loser;
 	}
   }
   /* Obtain the actual attribute values. */
   ckrv = CKAPI(slot)->C_GetAttributeValue(hSession,
                                           object, obj_template, count);
+   nssSession_ExitMonitor(session);
   if (ckrv != CKR_OK) {
 	/* set an error here */
 	goto loser;
   }
-#ifdef arena_mark_bug_fixed
   if (arenaOpt) {
 	nssrv = nssArena_Unmark(arenaOpt, mark);
 	if (nssrv != PR_SUCCESS) {
 	    goto loser;
 	}
   }
-#endif
   return PR_SUCCESS;
 loser:
   if (arenaOpt) {
 	/* release all arena memory allocated before the failure. */
-#ifdef arena_mark_bug_fixed
 	(void)nssArena_Release(arenaOpt, mark);
-#endif
   } else {
 	CK_ULONG j;
 	/* free each heap object that was allocated before the failure. */
@ -146,3 +148,52 @@ loser:
   }
   return PR_FAILURE;
 }
+
+NSS_IMPLEMENT PRStatus
+nssCKObject_GetAttributeItem
+(
+  CK_OBJECT_HANDLE object,
+  CK_ATTRIBUTE_TYPE attribute,
+  NSSArena *arenaOpt,
+  nssSession *session,
+  NSSSlot *slot,
+  NSSItem *rvItem
+)
+{
+    CK_ATTRIBUTE attr = { 0, NULL, 0 };
+    PRStatus nssrv;
+    attr.type = attribute;
+    nssrv = nssCKObject_GetAttributes(object, &attr, 1, 
+                                      arenaOpt, session, slot);
+    if (nssrv != PR_SUCCESS) {
+	return nssrv;
+    }
+    rvItem->data = (void *)attr.pValue;
+    rvItem->size = (PRUint32)attr.ulValueLen;
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT PRBool
+nssCKObject_IsAttributeTrue
+(
+  CK_OBJECT_HANDLE object,
+  CK_ATTRIBUTE_TYPE attribute,
+  NSSArena *arenaOpt,
+  nssSession *session,
+  NSSSlot *slot,
+  PRStatus *rvStatus
+)
+{
+    CK_ATTRIBUTE attr = { attribute, g_ck_true.data, g_ck_true.size };
+    CK_RV ckrv;
+    nssSession_EnterMonitor(session);
+    ckrv = CKAPI(slot)->C_GetAttributeValue(session->handle, object, &attr, 1);
+    nssSession_ExitMonitor(session);
+    if (ckrv != CKR_OK) {
+	*rvStatus = PR_FAILURE;
+	return PR_FALSE;
+    }
+    *rvStatus = PR_SUCCESS;
+    return (PRBool)(*((CK_BBOOL *)attr.pValue) == CK_TRUE);
+}
+
--- a/security/nss/lib/dev/ckhelper.h
+++ b/security/nss/lib/dev/ckhelper.h
@ -41,12 +41,16 @@
 #define CKHELPER_H

 #ifdef DEBUG
-static const char CKHELPER_CVS_ID[] = "@(#) $RCSfile: ckhelper.h,v $ $Revision: 1.3 $ $Date: 2001/09/19 21:47:23 $ $Name:  $";
+static const char CKHELPER_CVS_ID[] = "@(#) $RCSfile: ckhelper.h,v $ $Revision: 1.4 $ $Date: 2001/10/08 20:19:30 $ $Name:  $";
 #endif /* DEBUG */

+#ifdef NSS_3_4_CODE
+#include "pkcs11t.h"
+#else
 #ifndef NSSCKT_H
 #include "nssckt.h"
 #endif /* NSSCKT_H */
+#endif /* NSS_3_4_CODE */

 PR_BEGIN_EXTERN_C

@ -75,6 +79,21 @@ NSS_EXTERN_DATA const NSSItem g_ck_class_privkey;
    (item)->data = (void *)(attrib)->pValue;       \
    (item)->size = (PRUint32)(attrib)->ulValueLen; \

+/* NSS_CK_ATTRIBUTE_TO_UTF8(attrib, str)
+ *
+ * Convert a CK_ATTRIBUTE to a string.
+ */
+#define NSS_CK_ATTRIBUTE_TO_UTF8(attrib, str)      \
+    str = (NSSUTF8 *)((attrib)->pValue);
+
+/* NSS_CK_ITEM_TO_ATTRIBUTE(item, attrib)
+ *
+ * Convert an NSSItem to a  CK_ATTRIBUTE.
+ */
+#define NSS_CK_ITEM_TO_ATTRIBUTE(item, attrib)     \
+    (attrib)->pValue = (CK_VOID_PTR)(item)->data;  \
+    (attrib)->ulValueLen = (CK_ULONG)(item)->size; \
+
 /* Get an array of attributes from an object. */
 NSS_EXTERN PRStatus 
 nssCKObject_GetAttributes
--- a/security/nss/lib/dev/dev.h
+++ b/security/nss/lib/dev/dev.h
@ -35,16 +35,20 @@
 #define DEV_H

 #ifdef DEBUG
-static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.6 $ $Date: 2001/09/20 20:38:07 $ $Name:  $";
+static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.7 $ $Date: 2001/10/08 20:19:30 $ $Name:  $";
 #endif /* DEBUG */

 #ifndef DEVT_H
 #include "devt.h"
 #endif /* DEVT_H */

+#ifdef NSS_3_4_CODE
+#include "pkcs11t.h"
+#else
 #ifndef NSSCKT_H
 #include "nssckt.h"
 #endif /* NSSCKT_H */
+#endif /* NSS_3_4_CODE */

 #ifndef NSSPKIT_H
 #include "nsspkit.h"
@ -93,6 +97,12 @@ nssModule_Destroy
  NSSModule *mod
 );

+NSS_EXTERN NSSModule *
+nssModule_AddRef
+(
+  NSSModule *mod
+);
+
 NSS_EXTERN PRStatus
 nssModule_Load
 (
@ -124,6 +134,13 @@ nssModule_FindSlotByName
  NSSUTF8 *slotName
 );

+NSS_EXTERN NSSToken *
+nssModule_FindTokenByName
+(
+  NSSModule *mod,
+  NSSUTF8 *tokenName
+);
+
 /* This descends from NSSTrustDomain_TraverseCertificates, a questionable
 * function.  Do we want NSS to have access to this at the module level?
 */
@ -149,6 +166,12 @@ nssSlot_Destroy
  NSSSlot *slot
 );

+NSS_EXTERN NSSSlot *
+nssSlot_AddRef
+(
+  NSSSlot *slot
+);
+
 NSS_EXTERN NSSUTF8 *
 nssSlot_GetName
 (
@ -161,7 +184,7 @@ nssSlot_Login
 (
  NSSSlot *slot,
  PRBool asSO,
-  NSSCallback pwcb
+  NSSCallback *pwcb
 );
 extern const NSSError NSS_ERROR_INVALID_PASSWORD;
 extern const NSSError NSS_ERROR_USER_CANCELED;
@ -186,7 +209,7 @@ NSS_EXTERN PRStatus
 nssSlot_SetPassword
 (
  NSSSlot *slot,
-  NSSCallback pwcb
+  NSSCallback *pwcb
 );
 extern const NSSError NSS_ERROR_INVALID_PASSWORD;
 extern const NSSError NSS_ERROR_USER_CANCELED;
@ -217,40 +240,23 @@ nssToken_Destroy
  NSSToken *tok
 );

+NSS_EXTERN NSSToken *
+nssToken_AddRef
+(
+  NSSToken *tok
+);
+
 /* Given a raw attribute template, import an object 
 * (certificate, public key, private key, symmetric key)
- * Return the object as an NSS type.
 */
-NSS_EXTERN NSSCertificate *
-nssToken_ImportCertificate
+NSS_EXTERN PRStatus
+nssToken_ImportObject
 (
  NSSToken *tok,
  nssSession *sessionOpt,
-  CK_ATTRIBUTE_PTR cktemplate
-);
-
-NSS_EXTERN NSSPublicKey *
-nssToken_ImportPublicKey
-(
-  NSSToken *tok,
-  nssSession *sessionOpt,
-  CK_ATTRIBUTE_PTR cktemplate
-);
-
-NSS_EXTERN NSSPrivateKey *
-nssToken_ImportPrivateKey
-(
-  NSSToken *tok,
-  nssSession *sessionOpt,
-  CK_ATTRIBUTE_PTR cktemplate
-);
-
-NSS_EXTERN NSSSymmetricKey *
-nssToken_ImportSymmetricKey
-(
-  NSSToken *tok,
-  nssSession *sessionOpt,
-  CK_ATTRIBUTE_PTR cktemplate
+  CK_ATTRIBUTE_PTR objectTemplate,
+  CK_ULONG otsize,
+  CK_OBJECT_HANDLE_PTR phObject
 );

 NSS_EXTERN NSSPublicKey *
@ -278,6 +284,19 @@ nssToken_DeleteStoredObject
  CK_OBJECT_HANDLE object
 );

+NSS_IMPLEMENT PRStatus
+nssToken_FindCertificatesByTemplate
+(
+  NSSToken *tok,
+  nssSession *sessionOpt,
+  CK_ATTRIBUTE_PTR cktemplate,
+  CK_ULONG ctsize,
+  PRStatus (*callback)(NSSToken *t, nssSession *session,
+                       CK_OBJECT_HANDLE h, void *arg),
+  void *arg
+);
+
+#if 0
 NSS_EXTERN PRStatus
 nssToken_FindCertificatesByTemplate
 (
@ -289,6 +308,7 @@ nssToken_FindCertificatesByTemplate
  CK_ATTRIBUTE_PTR cktemplate,
  CK_ULONG ctsize
 );
+#endif

 /* again, a questionable function.  maybe some tokens allow this? */
 NSS_EXTERN PRStatus *
@ -320,6 +340,13 @@ nssSession_ExitMonitor
  nssSession *s
 );

+/* would like to inline */
+NSS_EXTERN PRBool
+nssSession_IsReadWrite
+(
+  nssSession *s
+);
+
 #ifdef DEBUG
 void nssModule_Debug(NSSModule *m);
 #endif
--- a/security/nss/lib/dev/devm.h
+++ b/security/nss/lib/dev/devm.h
@ -35,16 +35,16 @@
 #define DEVM_H

 #ifdef DEBUG
-static const char DEVM_CVS_ID[] = "@(#) $RCSfile: devm.h,v $ $Revision: 1.1 $ $Date: 2001/09/13 22:06:09 $ $Name:  $";
+static const char DEVM_CVS_ID[] = "@(#) $RCSfile: devm.h,v $ $Revision: 1.2 $ $Date: 2001/10/08 20:19:30 $ $Name:  $";
 #endif /* DEBUG */

+#ifdef NSS_3_4_CODE
+#include "pkcs11t.h"
+#else
 #ifndef NSSCKT_H
 #include "nssckt.h"
 #endif /* NSSCKT_H */
-
-#ifndef DEVM_H
-#include "devm.h"
-#endif /* DEVM_H */
+#endif /* NSS_3_4_CODE */

 #ifndef BASE_H
 #include "base.h"
--- a/security/nss/lib/dev/devt.h
+++ b/security/nss/lib/dev/devt.h
@ -35,7 +35,7 @@
 #define DEVT_H

 #ifdef DEBUG
-static const char DEVT_CVS_ID[] = "@(#) $RCSfile: devt.h,v $ $Revision: 1.3 $ $Date: 2001/09/19 19:08:29 $ $Name:  $";
+static const char DEVT_CVS_ID[] = "@(#) $RCSfile: devt.h,v $ $Revision: 1.4 $ $Date: 2001/10/08 20:19:30 $ $Name:  $";
 #endif /* DEBUG */

 /*
@ -48,9 +48,13 @@ static const char DEVT_CVS_ID[] = "@(#) $RCSfile: devt.h,v $ $Revision: 1.3 $ $D
 #include "nssbaset.h"
 #endif /* NSSBASET_H */

+#ifdef NSS_3_4_CODE
+#include "pkcs11t.h"
+#else
 #ifndef NSSCKT_H
 #include "nssckt.h"
 #endif /* NSSCKT_H */
+#endif /* NSS_3_4_CODE */

 PR_BEGIN_EXTERN_C

@ -126,6 +130,7 @@ struct nssSessionStr
    PZLock *lock;
    CK_SESSION_HANDLE handle;
    NSSSlot *slot;
+    PRBool isRW;
 };

 PR_END_EXTERN_C
--- a/security/nss/lib/dev/module.c
+++ b/security/nss/lib/dev/module.c
@ -32,7 +32,7 @@
 */

 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: module.c,v $ $Revision: 1.4 $ $Date: 2001/09/20 20:38:07 $ $Name:  $";
+static const char CVS_ID[] = "@(#) $RCSfile: module.c,v $ $Revision: 1.5 $ $Date: 2001/10/08 20:19:30 $ $Name:  $";
 #endif /* DEBUG */

 #ifndef DEV_H
@ -43,9 +43,13 @@ static const char CVS_ID[] = "@(#) $RCSfile: module.c,v $ $Revision: 1.4 $ $Date
 #include "devm.h"
 #endif /* DEVM_H */

+#ifdef NSS_3_4_CODE
+#include "pkcs11.h"
+#else
 #ifndef NSSCKEPV_H
 #include "nssckepv.h"
 #endif /* NSSCKEPV_H */
+#endif /* NSS_3_4_CODE */

 #ifndef CKHELPER_H
 #include "ckhelper.h"
@ -178,12 +182,10 @@ module_load_slots(NSSModule *mod)
 	goto loser;
    }
    /* Alloc memory for the array of slots, in the module's arena */
-#ifdef arena_mark_bug_fixed
    mark = nssArena_Mark(mod->arena);
    if (!mark) {
 	return PR_FAILURE;
    }
-#endif
    slots = nss_ZNEWARRAY(mod->arena, NSSSlot *, ulNumSlots);
    if (!slots) {
 	goto loser;
@ -193,21 +195,17 @@ module_load_slots(NSSModule *mod)
 	slots[i] = nssSlot_Create(mod->arena, slotIDs[i], mod);
    }
    nss_ZFreeIf(slotIDs);
-#ifdef arena_mark_bug_fixed
    nssrv = nssArena_Unmark(mod->arena, mark);
    if (nssrv != PR_SUCCESS) {
 	goto loser;
    }
-#endif
    mod->slots = slots;
    mod->numSlots = ulNumSlots;
    return PR_SUCCESS;
 loser:
-#ifdef arena_mark_bug_fixed
    if (mark) {
 	nssArena_Release(mod->arena, mark);
    }
-#endif
    nss_ZFreeIf(slotIDs);
    return PR_FAILURE;
 }
@ -234,6 +232,16 @@ nssModule_Destroy
    return PR_SUCCESS;
 }

+NSS_IMPLEMENT NSSModule *
+nssModule_AddRef
+(
+  NSSModule *mod
+)
+{
+    ++mod->refCount;
+    return mod;
+}
+
 NSS_IMPLEMENT PRStatus
 nssModule_Load
 (
@ -311,6 +319,48 @@ nssModule_Unload
    return nssrv;
 }

+NSS_IMPLEMENT NSSSlot *
+nssModule_FindSlotByName
+(
+  NSSModule *mod,
+  NSSUTF8 *slotName
+)
+{
+    PRUint32 i;
+    PRStatus nssrv;
+    for (i=0; i<mod->numSlots; i++) {
+	if (nssUTF8_Equal(mod->slots[i]->name, slotName, &nssrv)) {
+	    return nssSlot_AddRef(mod->slots[i]);
+	}
+	if (nssrv != PR_SUCCESS) {
+	    break;
+	}
+    }
+    return (NSSSlot *)NULL;
+}
+
+NSS_EXTERN NSSToken *
+nssModule_FindTokenByName
+(
+  NSSModule *mod,
+  NSSUTF8 *tokenName
+)
+{
+    PRUint32 i;
+    PRStatus nssrv;
+    NSSToken *tok;
+    for (i=0; i<mod->numSlots; i++) {
+	tok = mod->slots[i]->token;
+	if (nssUTF8_Equal(tok->name, tokenName, &nssrv)) {
+	    return nssToken_AddRef(tok);
+	}
+	if (nssrv != PR_SUCCESS) {
+	    break;
+	}
+    }
+    return (NSSToken *)NULL;
+}
+
 NSS_IMPLEMENT PRStatus *
 nssModule_TraverseCertificates
 (
--- a/security/nss/lib/dev/slot.c
+++ b/security/nss/lib/dev/slot.c
@ -32,7 +32,7 @@
 */

 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: slot.c,v $ $Revision: 1.7 $ $Date: 2001/09/20 20:38:08 $ $Name:  $";
+static const char CVS_ID[] = "@(#) $RCSfile: slot.c,v $ $Revision: 1.8 $ $Date: 2001/10/08 20:19:30 $ $Name:  $";
 #endif /* DEBUG */

 #ifndef DEV_H
@ -43,9 +43,13 @@ static const char CVS_ID[] = "@(#) $RCSfile: slot.c,v $ $Revision: 1.7 $ $Date:
 #include "devm.h"
 #endif /* DEVM_H */

+#ifdef NSS_3_4_CODE
+#include "pkcs11.h"
+#else
 #ifndef NSSCKEPV_H
 #include "nssckepv.h"
 #endif /* NSSCKEPV_H */
+#endif /* NSS_3_4_CODE */

 #ifndef CKHELPER_H
 #include "ckhelper.h"
@ -93,12 +97,10 @@ nssSlot_Create
    CK_RV ckrv;
    if (arenaOpt) {
 	arena = arenaOpt;
-#ifdef arena_mark_bug_fixed
 	mark = nssArena_Mark(arena);
 	if (!mark) {
-	    return PR_FAILURE;
+	    return (NSSSlot *)NULL;
 	}
-#endif
 	newArena = PR_FALSE;
    } else {
 	arena = NSSArena_Create();
@ -148,22 +150,18 @@ nssSlot_Create
 	}
    }
    rvSlot->token = token;
-#ifdef arena_mark_bug_fixed
    nssrv = nssArena_Unmark(arena, mark);
    if (nssrv != PR_SUCCESS) {
 	goto loser;
    }
-#endif
    return rvSlot;
 loser:
    if (newArena) {
 	nssArena_Destroy(arena);
    } else {
-#ifdef arena_mark_bug_fixed
 	if (mark) {
 	    nssArena_Release(arena, mark);
 	}
-#endif
    }
    /* everything was created in the arena, nothing to see here, move along */
    return (NSSSlot *)NULL;
@ -182,6 +180,16 @@ nssSlot_Destroy
    return PR_SUCCESS;
 }

+NSS_IMPLEMENT NSSSlot *
+nssSlot_AddRef
+(
+  NSSSlot *slot
+)
+{
+    ++slot->refCount;
+    return slot;
+}
+
 NSS_IMPLEMENT NSSUTF8 *
 nssSlot_GetName
 (
@ -197,7 +205,7 @@ nssSlot_GetName

 static PRStatus
 nssslot_login(NSSSlot *slot, nssSession *session, 
-              CK_USER_TYPE userType, NSSCallback pwcb)
+              CK_USER_TYPE userType, NSSCallback *pwcb)
 {
    PRStatus nssrv;
    PRUint32 attempts;
@ -205,7 +213,7 @@ nssslot_login(NSSSlot *slot, nssSession *session,
    NSSUTF8 *password = NULL;
    CK_ULONG pwLen;
    CK_RV ckrv;
-    if (!pwcb.getPW) {
+    if (!pwcb->getPW) {
 	/* set error INVALID_ARG */
 	return PR_FAILURE;
    }
@ -213,7 +221,7 @@ nssslot_login(NSSSlot *slot, nssSession *session,
    nssrv = PR_FAILURE;
    attempts = 0;
    while (keepTrying) {
-	nssrv = pwcb.getPW(slot->name, &attempts, pwcb.arg, &password);
+	nssrv = pwcb->getPW(slot->name, &attempts, pwcb->arg, &password);
 	if (nssrv != PR_SUCCESS) {
 	    nss_SetError(NSS_ERROR_USER_CANCELED);
 	    break;
@ -251,19 +259,19 @@ nssslot_login(NSSSlot *slot, nssSession *session,
 }

 static PRStatus
-nssslot_init_password(NSSSlot *slot, nssSession *rwSession, NSSCallback pwcb)
+nssslot_init_password(NSSSlot *slot, nssSession *rwSession, NSSCallback *pwcb)
 {
    NSSUTF8 *userPW = NULL;
    NSSUTF8 *ssoPW = NULL;
    PRStatus nssrv;
    CK_ULONG userPWLen, ssoPWLen;
    CK_RV ckrv;
-    if (!pwcb.getInitPW) {
+    if (!pwcb->getInitPW) {
 	/* set error INVALID_ARG */
 	return PR_FAILURE;
    }
    /* Get the SO and user passwords */
-    nssrv = pwcb.getInitPW(slot->name, pwcb.arg, &ssoPW, &userPW);
+    nssrv = pwcb->getInitPW(slot->name, pwcb->arg, &ssoPW, &userPW);
    if (nssrv != PR_SUCCESS) goto loser;
    userPWLen = (CK_ULONG)nssUTF8_Length(userPW, &nssrv); 
    if (nssrv != PR_SUCCESS) goto loser;
@ -293,7 +301,7 @@ loser:
 }

 static PRStatus
-nssslot_change_password(NSSSlot *slot, nssSession *rwSession, NSSCallback pwcb)
+nssslot_change_password(NSSSlot *slot, nssSession *rwSession, NSSCallback *pwcb)
 {
    NSSUTF8 *userPW = NULL;
    NSSUTF8 *newPW = NULL;
@ -302,13 +310,13 @@ nssslot_change_password(NSSSlot *slot, nssSession *rwSession, NSSCallback pwcb)
    PRBool keepTrying = PR_TRUE;
    CK_ULONG userPWLen, newPWLen;
    CK_RV ckrv;
-    if (!pwcb.getNewPW) {
+    if (!pwcb->getNewPW) {
 	/* set error INVALID_ARG */
 	return PR_FAILURE;
    }
    attempts = 0;
    while (keepTrying) {
-	nssrv = pwcb.getNewPW(slot->name, &attempts, pwcb.arg, 
+	nssrv = pwcb->getNewPW(slot->name, &attempts, pwcb->arg, 
 	                       &userPW, &newPW);
 	if (nssrv != PR_SUCCESS) {
 	    nss_SetError(NSS_ERROR_USER_CANCELED);
@ -354,7 +362,7 @@ nssSlot_Login
 (
  NSSSlot *slot,
  PRBool asSO,
-  NSSCallback pwcb
+  NSSCallback *pwcb
 )
 {
    PRBool needsLogin, needsInit;
@ -406,7 +414,7 @@ NSS_IMPLEMENT PRStatus
 nssSlot_SetPassword
 (
  NSSSlot *slot,
-  NSSCallback pwcb
+  NSSCallback *pwcb
 )
 {
    PRStatus nssrv;
@ -469,6 +477,7 @@ nssSlot_CreateSession
    }
    rvSession->handle = session;
    rvSession->slot = slot;
+    rvSession->isRW = readWrite;
    return rvSession;
 }

@ -508,3 +517,12 @@ nssSession_ExitMonitor
    return (s->lock) ? PZ_Unlock(s->lock) : PR_SUCCESS;
 }

+NSS_EXTERN PRBool
+nssSession_IsReadWrite
+(
+  nssSession *s
+)
+{
+    return s->isRW;
+}
+
--- a/security/nss/lib/dev/token.c
+++ b/security/nss/lib/dev/token.c
@ -32,7 +32,7 @@
 */

 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: token.c,v $ $Revision: 1.6 $ $Date: 2001/09/20 20:38:08 $ $Name:  $";
+static const char CVS_ID[] = "@(#) $RCSfile: token.c,v $ $Revision: 1.7 $ $Date: 2001/10/08 20:19:30 $ $Name:  $";
 #endif /* DEBUG */

 #ifndef DEV_H
@ -43,9 +43,13 @@ static const char CVS_ID[] = "@(#) $RCSfile: token.c,v $ $Revision: 1.6 $ $Date:
 #include "devm.h"
 #endif /* DEVM_H */

+#ifdef NSS_3_4_CODE
+#include "pkcs11.h"
+#else
 #ifndef NSSCKEPV_H
 #include "nssckepv.h"
 #endif /* NSSCKEPV_H */
+#endif /* NSS_3_4_CODE */

 #ifndef NSSPKI_H
 #include "nsspki.h"
@ -81,17 +85,16 @@ nssToken_Create
    NSSUTF8 *tokenName = NULL;
    PRUint32 length;
    PRBool newArena;
+    PRBool readWrite;
    PRStatus nssrv;
    CK_TOKEN_INFO tokenInfo;
    CK_RV ckrv;
    if (arenaOpt) {
 	arena = arenaOpt;
-#ifdef arena_mark_bug_fixed
 	mark = nssArena_Mark(arena);
 	if (!mark) {
-	    return PR_FAILURE;
+	    return (NSSToken *)NULL;
 	}
-#endif
 	newArena = PR_FALSE;
    } else {
 	arena = NSSArena_Create();
@ -120,7 +123,13 @@ nssToken_Create
 	}
    }
    /* Open a default session handle for the token. */
-    session = nssSlot_CreateSession(parent, arena, PR_FALSE);
+    if (tokenInfo.ulMaxSessionCount == 1) {
+	/* if the token can only handle one session, it must be RW. */
+	readWrite = PR_TRUE;
+    } else {
+	readWrite = PR_FALSE;
+    }
+    session = nssSlot_CreateSession(parent, arena, readWrite);
    if (session == NULL) {
 	goto loser;
    }
@ -137,12 +146,10 @@ nssToken_Create
    rvToken->name = tokenName;
    rvToken->ckFlags = tokenInfo.flags;
    rvToken->defaultSession = session;
-#ifdef arena_mark_bug_fixed
    nssrv = nssArena_Unmark(arena, mark);
    if (nssrv != PR_SUCCESS) {
 	goto loser;
    }
-#endif
    return rvToken;
 loser:
    if (session) {
@ -151,11 +158,9 @@ loser:
    if (newArena) {
 	nssArena_Destroy(arena);
    } else {
-#ifdef arena_mark_bug_fixed
 	if (mark) {
 	    nssArena_Release(arena, mark);
 	}
-#endif
    }
    return (NSSToken *)NULL;
 }
@ -175,6 +180,60 @@ nssToken_Destroy
    return PR_SUCCESS;
 }

+NSS_IMPLEMENT NSSToken *
+nssToken_AddRef
+(
+  NSSToken *tok
+)
+{
+    ++tok->refCount;
+    return tok;
+}
+
+NSS_IMPLEMENT PRStatus
+nssToken_DeleteStoredObject
+(
+  NSSToken *tok,
+  nssSession *sessionOpt,
+  CK_OBJECT_HANDLE object
+)
+{
+    nssSession *session;
+    CK_RV ckrv;
+    session = (sessionOpt) ? sessionOpt : tok->defaultSession;
+    nssSession_EnterMonitor(session);
+    ckrv = CKAPI(tok->slot)->C_DestroyObject(session->handle, object);
+    nssSession_ExitMonitor(session);
+    if (ckrv != CKR_OK) {
+	return PR_FAILURE;
+    }
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT PRStatus
+nssToken_ImportObject
+(
+  NSSToken *tok,
+  nssSession *sessionOpt,
+  CK_ATTRIBUTE_PTR objectTemplate,
+  CK_ULONG otsize,
+  CK_OBJECT_HANDLE_PTR phObject
+)
+{
+    nssSession *session;
+    CK_RV ckrv;
+    session = (sessionOpt) ? sessionOpt : tok->defaultSession;
+    nssSession_EnterMonitor(session);
+    ckrv = CKAPI(tok->slot)->C_CreateObject(session->handle, 
+                                            objectTemplate, otsize,
+                                            phObject);
+    nssSession_ExitMonitor(session);
+    if (ckrv != CKR_OK) {
+	return PR_FAILURE;
+    }
+    return PR_SUCCESS;
+}
+
 /* This is only used by the Traverse function.  If we ditch traversal,
 * ditch this.
 */
@ -230,7 +289,8 @@ collect_certs_callback(NSSToken *t, nssSession *session,
    if (!cert) {
 	goto loser;
    }
-    nssList_AddElement(ca->list, (void *)cert);
+    /* addref */
+    nssList_Add(ca->list, (void *)cert);
    if (ca->maximum > 0 && nssList_Count(ca->list) >= ca->maximum) {
 	/* signal the end of collection) */
 	nss_SetError(NSS_ERROR_MAXIMUM_FOUND);
@ -319,6 +379,37 @@ nssToken_TraverseCertificates
    return rvstack;
 }

+NSS_IMPLEMENT PRStatus
+nssToken_FindCertificatesByTemplate
+(
+  NSSToken *tok,
+  nssSession *sessionOpt,
+  CK_ATTRIBUTE_PTR cktemplate,
+  CK_ULONG ctsize,
+  PRStatus (*callback)(NSSToken *t, nssSession *session,
+                       CK_OBJECT_HANDLE h, void *arg),
+  void *arg
+)
+{
+    PRStatus *rvstack;
+    nssSession *session;
+    session = (sessionOpt) ? sessionOpt : tok->defaultSession;
+    nssSession_EnterMonitor(session);
+    /* this isn't really traversal, it's find by template ... */
+    rvstack = nsstoken_TraverseObjects(tok, session, 
+                                       cktemplate, ctsize, 
+                                       callback, arg);
+    nssSession_ExitMonitor(session);
+    if (rvstack) {
+	/* examine the errors */
+	goto loser;
+    }
+    return PR_SUCCESS;
+loser:
+    return PR_FAILURE;
+}
+
+#if 0
 NSS_IMPLEMENT PRStatus
 nssToken_FindCertificatesByTemplate
 (
@ -332,15 +423,14 @@ nssToken_FindCertificatesByTemplate
 )
 {
    PRStatus *rvstack;
-    PRStatus nssrv;
    nssSession *session;
-    PRUint32 count;
    struct collect_arg_str collectArgs;
    session = (sessionOpt) ? sessionOpt : tok->defaultSession;
    collectArgs.arena = arenaOpt;
    collectArgs.list = certList;
    collectArgs.maximum = maximumOpt;
    nssSession_EnterMonitor(session);
+    /* this isn't really traversal, it's find by template ... */
    rvstack = nsstoken_TraverseObjects(tok, session, cktemplate, ctsize,
                                       collect_certs_callback,
                                       (void *)&collectArgs);
@ -353,4 +443,5 @@ nssToken_FindCertificatesByTemplate
 loser:
    return PR_FAILURE;
 }
+#endif