/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
 * The following code handles the storage of PKCS 11 modules used by the
 * NSS. For the rest of NSS, only one kind of database handle exists:
 *
 *     SFTKDBHandle
 *
 * There is one SFTKDBHandle for each key database and one for each cert
 * database. These databases are opened as associated pairs, one pair per
 * slot. SFTKDBHandles are reference counted objects.
 *
 * Each SFTKDBHandle points to a low level database handle (SDB). This handle
 * represents the underlying physical database. These objects are not
 * reference counted, and are 'owned' by their respective SFTKDBHandles.
 */

#include "prprf.h"
#include "prsystem.h"
#include "secport.h"
#include "utilpars.h"
#include "secerr.h"

#if defined(_WIN32)
#include <io.h>
#include <windows.h>
#endif
#ifdef XP_UNIX
#include <unistd.h>
#endif

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>

#if defined(_WIN32)
#define os_fdopen _fdopen
#define os_truncate_open_flags _O_CREAT | _O_RDWR | _O_TRUNC
#define os_append_open_flags _O_CREAT | _O_RDWR | _O_APPEND
#define os_open_permissions_type int
#define os_open_permissions_default _S_IREAD | _S_IWRITE
#define os_stat_type struct _stat

/*
 * Convert a UTF8 string to Unicode wide character
 */
LPWSTR
_NSSUTIL_UTF8ToWide(const char *buf)
{
    DWORD size;
    LPWSTR wide;

    if (!buf) {
        return NULL;
    }

    size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, NULL, 0);
    if (size == 0) {
        return NULL;
    }
    wide = PORT_Alloc(sizeof(WCHAR) * size);
    if (!wide) {
        return NULL;
    }
    size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, wide, size);
    if (size == 0) {
        PORT_Free(wide);
        return NULL;
    }
    return wide;
}

static int
os_open(const char *filename, int oflag, int pmode)
{
    int fd;

    if (!filename) {
        return -1;
    }

    wchar_t *filenameWide = _NSSUTIL_UTF8ToWide(filename);
    if (!filenameWide) {
        return -1;
    }
    fd = _wopen(filenameWide, oflag, pmode);
    PORT_Free(filenameWide);

    return fd;
}

static int
os_stat(const char *path, os_stat_type *buffer)
{
    int result;

    if (!path) {
        return -1;
    }

    wchar_t *pathWide = _NSSUTIL_UTF8ToWide(path);
    if (!pathWide) {
        return -1;
    }
    result = _wstat(pathWide, buffer);
    PORT_Free(pathWide);

    return result;
}

static FILE *
os_fopen(const char *filename, const char *mode)
{
    FILE *fp;

    if (!filename || !mode) {
        return NULL;
    }

    wchar_t *filenameWide = _NSSUTIL_UTF8ToWide(filename);
    if (!filenameWide) {
        return NULL;
    }
    wchar_t *modeWide = _NSSUTIL_UTF8ToWide(mode);
    if (!modeWide) {
        PORT_Free(filenameWide);
        return NULL;
    }
    fp = _wfopen(filenameWide, modeWide);
    PORT_Free(filenameWide);
    PORT_Free(modeWide);

    return fp;
}

PRStatus
_NSSUTIL_Access(const char *path, PRAccessHow how)
{
    int result;

    if (!path) {
        return PR_FAILURE;
    }

    int mode;
    switch (how) {
        case PR_ACCESS_WRITE_OK:
            mode = 2;
            break;
        case PR_ACCESS_READ_OK:
            mode = 4;
            break;
        case PR_ACCESS_EXISTS:
            mode = 0;
            break;
        default:
            return PR_FAILURE;
    }

    wchar_t *pathWide = _NSSUTIL_UTF8ToWide(path);
    if (!pathWide) {
        return PR_FAILURE;
    }
    result = _waccess(pathWide, mode);
    PORT_Free(pathWide);

    return result < 0 ? PR_FAILURE : PR_SUCCESS;
}

static PRStatus
nssutil_Delete(const char *name)
{
    BOOL result;

    if (!name) {
        return PR_FAILURE;
    }

    wchar_t *nameWide = _NSSUTIL_UTF8ToWide(name);
    if (!nameWide) {
        return PR_FAILURE;
    }
    result = DeleteFileW(nameWide);
    PORT_Free(nameWide);

    return result ? PR_SUCCESS : PR_FAILURE;
}

static PRStatus
nssutil_Rename(const char *from, const char *to)
{
    BOOL result;

    if (!from || !to) {
        return PR_FAILURE;
    }

    wchar_t *fromWide = _NSSUTIL_UTF8ToWide(from);
    if (!fromWide) {
        return PR_FAILURE;
    }
    wchar_t *toWide = _NSSUTIL_UTF8ToWide(to);
    if (!toWide) {
        PORT_Free(fromWide);
        return PR_FAILURE;
    }
    result = MoveFileW(fromWide, toWide);
    PORT_Free(fromWide);
    PORT_Free(toWide);

    return result ? PR_SUCCESS : PR_FAILURE;
}
#else
#define os_fopen fopen
#define os_open open
#define os_fdopen fdopen
#define os_stat stat
#define os_truncate_open_flags O_CREAT | O_RDWR | O_TRUNC
#define os_append_open_flags O_CREAT | O_RDWR | O_APPEND
#define os_open_permissions_type mode_t
#define os_open_permissions_default 0600
#define os_stat_type struct stat
#define nssutil_Delete PR_Delete
#define nssutil_Rename PR_Rename
#endif

/****************************************************************
 *
 * Secmod database.
 *
 * The new secmod database is simply a text file with each of the module
 * entries in the following form:
 *
 * #
 * # This is a comment The next line is the library to load
 * library=libmypkcs11.so
 * name="My PKCS#11 module"
 * params="my library's param string"
 * nss="NSS parameters"
 * other="parameters for other libraries and applications"
 *
 * library=libmynextpk11.so
 * name="My other PKCS#11 module"
 */

/*
 * Smart string cat functions. Automatically manage the memory.
 * The first parameter is the destination string. If it's null, we
 * allocate memory for it. If it's not, we reallocate memory
 * so the the concanenated string fits.
 */
static char *
nssutil_DupnCat(char *baseString, const char *str, int str_len)
{
    int baseStringLen = baseString ? PORT_Strlen(baseString) : 0;
    int len = baseStringLen + 1;
    char *newString;

    len += str_len;
    newString = (char *)PORT_Realloc(baseString, len);
    if (newString == NULL) {
        PORT_Free(baseString);
        return NULL;
    }
    PORT_Memcpy(&newString[baseStringLen], str, str_len);
    newString[len - 1] = 0;
    return newString;
}

/* Same as nssutil_DupnCat except it concatenates the full string, not a
 * partial one */
static char *
nssutil_DupCat(char *baseString, const char *str)
{
    return nssutil_DupnCat(baseString, str, PORT_Strlen(str));
}

/* function to free up all the memory associated with a null terminated
 * array of module specs */
static SECStatus
nssutil_releaseSpecList(char **moduleSpecList)
{
    if (moduleSpecList) {
        char **index;
        for (index = moduleSpecList; *index; index++) {
            PORT_Free(*index);
        }
        PORT_Free(moduleSpecList);
    }
    return SECSuccess;
}

#define SECMOD_STEP 10
static SECStatus
nssutil_growList(char ***pModuleList, int *useCount, int last)
{
    char **newModuleList;

    *useCount += SECMOD_STEP;
    newModuleList = (char **)PORT_Realloc(*pModuleList,
                                          *useCount * sizeof(char *));
    if (newModuleList == NULL) {
        return SECFailure;
    }
    PORT_Memset(&newModuleList[last], 0, sizeof(char *) * SECMOD_STEP);
    *pModuleList = newModuleList;
    return SECSuccess;
}

static char *
_NSSUTIL_GetOldSecmodName(const char *dbname, const char *filename)
{
    char *file = NULL;
    char *dirPath = PORT_Strdup(dbname);
    char *sep;

    sep = PORT_Strrchr(dirPath, *NSSUTIL_PATH_SEPARATOR);
#ifdef _WIN32
    if (!sep) {
        /* utilparst.h defines NSSUTIL_PATH_SEPARATOR as "/" for all
         * platforms. */
        sep = PORT_Strrchr(dirPath, '\\');
    }
#endif
    if (sep) {
        *sep = 0;
        file = PR_smprintf("%s" NSSUTIL_PATH_SEPARATOR "%s", dirPath, filename);
    } else {
        file = PR_smprintf("%s", filename);
    }
    PORT_Free(dirPath);
    return file;
}

static SECStatus nssutil_AddSecmodDBEntry(const char *appName,
                                          const char *filename,
                                          const char *dbname,
                                          const char *module, PRBool rw);

enum lfopen_mode { lfopen_truncate,
                   lfopen_append };

FILE *
lfopen(const char *name, enum lfopen_mode om, os_open_permissions_type open_perms)
{
    int fd;
    FILE *file;

    fd = os_open(name,
                 (om == lfopen_truncate) ? os_truncate_open_flags : os_append_open_flags,
                 open_perms);
    if (fd < 0) {
        return NULL;
    }
    file = os_fdopen(fd, (om == lfopen_truncate) ? "w+" : "a+");
    if (!file) {
        close(fd);
    }
    /* file inherits fd */
    return file;
}

#define MAX_LINE_LENGTH 2048

/*
 * Read all the existing modules in out of the file.
 */
static char **
nssutil_ReadSecmodDB(const char *appName,
                     const char *filename, const char *dbname,
                     char *params, PRBool rw)
{
    FILE *fd = NULL;
    char **moduleList = NULL;
    int moduleCount = 1;
    int useCount = SECMOD_STEP;
    char line[MAX_LINE_LENGTH];
    PRBool internal = PR_FALSE;
    PRBool skipParams = PR_FALSE;
    char *moduleString = NULL;
    char *paramsValue = NULL;
    PRBool failed = PR_TRUE;

    moduleList = (char **)PORT_ZAlloc(useCount * sizeof(char *));
    if (moduleList == NULL)
        return NULL;

    if (dbname == NULL) {
        goto return_default;
    }

    /* do we really want to use streams here */
    fd = os_fopen(dbname, "r");
    if (fd == NULL)
        goto done;

    /*
     * the following loop takes line separated config lines and collapses
     * the lines to a single string, escaping and quoting as necessary.
     */
    /* loop state variables */
    moduleString = NULL;   /* current concatenated string */
    internal = PR_FALSE;   /* is this an internal module */
    skipParams = PR_FALSE; /* did we find an override parameter block*/
    paramsValue = NULL;    /* the current parameter block value */
    do {
        int len;

        if (fgets(line, sizeof(line), fd) == NULL) {
            goto endloop;
        }

        /* remove the ending newline */
        len = PORT_Strlen(line);
        if (len && line[len - 1] == '\n') {
            len--;
            line[len] = 0;
        }
        if (*line == '#') {
            continue;
        }
        if (*line != 0) {
            /*
             * The PKCS #11 group standard assumes blocks of strings
             * separated by new lines, clumped by new lines. Internally
             * we take strings separated by spaces, so we may need to escape
             * certain spaces.
             */
            char *value = PORT_Strchr(line, '=');

            /* there is no value, write out the stanza as is */
            if (value == NULL || value[1] == 0) {
                if (moduleString) {
                    moduleString = nssutil_DupnCat(moduleString, " ", 1);
                    if (moduleString == NULL)
                        goto loser;
                }
                moduleString = nssutil_DupCat(moduleString, line);
                if (moduleString == NULL)
                    goto loser;
                /* value is already quoted, just write it out */
            } else if (value[1] == '"') {
                if (moduleString) {
                    moduleString = nssutil_DupnCat(moduleString, " ", 1);
                    if (moduleString == NULL)
                        goto loser;
                }
                moduleString = nssutil_DupCat(moduleString, line);
                if (moduleString == NULL)
                    goto loser;
                /* we have an override parameter section, remember that
                 * we found this (see following comment about why this
                 * is necessary). */
                if (PORT_Strncasecmp(line, "parameters", 10) == 0) {
                    skipParams = PR_TRUE;
                }
                /*
                 * The internal token always overrides it's parameter block
                 * from the passed in parameters, so wait until then end
                 * before we include the parameter block in case we need to
                 * override it. NOTE: if the parameter block is quoted with ("),
                 * this override does not happen. This allows you to override
                 * the application's parameter configuration.
                 *
                 * parameter block state is controlled by the following variables:
                 *  skipParams - Bool : set to true of we have an override param
                 *    block (all other blocks, either implicit or explicit are
                 *    ignored).
                 *  paramsValue - char * : pointer to the current param block. In
                 *    the absence of overrides, paramsValue is set to the first
                 *    parameter block we find. All subsequent blocks are ignored.
                 *    When we find an internal token, the application passed
                 *    parameters take precident.
                 */
            } else if (PORT_Strncasecmp(line, "parameters", 10) == 0) {
                /* already have parameters */
                if (paramsValue) {
                    continue;
                }
                paramsValue = NSSUTIL_Quote(&value[1], '"');
                if (paramsValue == NULL)
                    goto loser;
                continue;
            } else {
                /* may need to quote */
                char *newLine;
                if (moduleString) {
                    moduleString = nssutil_DupnCat(moduleString, " ", 1);
                    if (moduleString == NULL)
                        goto loser;
                }
                moduleString = nssutil_DupnCat(moduleString, line, value - line + 1);
                if (moduleString == NULL)
                    goto loser;
                newLine = NSSUTIL_Quote(&value[1], '"');
                if (newLine == NULL)
                    goto loser;
                moduleString = nssutil_DupCat(moduleString, newLine);
                PORT_Free(newLine);
                if (moduleString == NULL)
                    goto loser;
            }

            /* check to see if it's internal? */
            if (PORT_Strncasecmp(line, "NSS=", 4) == 0) {
                /* This should be case insensitive! reviewers make
                 * me fix it if it's not */
                if (PORT_Strstr(line, "internal")) {
                    internal = PR_TRUE;
                    /* override the parameters */
                    if (paramsValue) {
                        PORT_Free(paramsValue);
                    }
                    paramsValue = NSSUTIL_Quote(params, '"');
                }
            }
            continue;
        }
        if ((moduleString == NULL) || (*moduleString == 0)) {
            continue;
        }

    endloop:
        /*
         * if we are here, we have found a complete stanza. Now write out
         * any param section we may have found.
         */
        if (paramsValue) {
            /* we had an override */
            if (!skipParams) {
                moduleString = nssutil_DupnCat(moduleString, " parameters=", 12);
                if (moduleString == NULL)
                    goto loser;
                moduleString = nssutil_DupCat(moduleString, paramsValue);
                if (moduleString == NULL)
                    goto loser;
            }
            PORT_Free(paramsValue);
            paramsValue = NULL;
        }

        if ((moduleCount + 1) >= useCount) {
            SECStatus rv;
            rv = nssutil_growList(&moduleList, &useCount, moduleCount + 1);
            if (rv != SECSuccess) {
                goto loser;
            }
        }

        if (internal) {
            moduleList[0] = moduleString;
        } else {
            moduleList[moduleCount] = moduleString;
            moduleCount++;
        }
        moduleString = NULL;
        internal = PR_FALSE;
        skipParams = PR_FALSE;
    } while (!feof(fd));

    if (moduleString) {
        PORT_Free(moduleString);
        moduleString = NULL;
    }
done:
    /* if we couldn't open a pkcs11 database, look for the old one */
    if (fd == NULL) {
        char *olddbname = _NSSUTIL_GetOldSecmodName(dbname, filename);
        PRStatus status;

        /* couldn't get the old name */
        if (!olddbname) {
            goto bail;
        }

        /* old one exists */
        status = _NSSUTIL_Access(olddbname, PR_ACCESS_EXISTS);
        if (status == PR_SUCCESS) {
            PR_smprintf_free(olddbname);
            PORT_ZFree(moduleList, useCount * sizeof(char *));
            PORT_SetError(SEC_ERROR_LEGACY_DATABASE);
            return NULL;
        }

    bail:
        if (olddbname) {
            PR_smprintf_free(olddbname);
        }
    }

return_default:

    if (!moduleList[0]) {
        char *newParams;
        moduleString = PORT_Strdup(NSSUTIL_DEFAULT_INTERNAL_INIT1);
        newParams = NSSUTIL_Quote(params, '"');
        if (newParams == NULL)
            goto loser;
        moduleString = nssutil_DupCat(moduleString, newParams);
        PORT_Free(newParams);
        if (moduleString == NULL)
            goto loser;
        moduleString = nssutil_DupCat(moduleString,
                                      NSSUTIL_DEFAULT_INTERNAL_INIT2);
        if (moduleString == NULL)
            goto loser;
        moduleString = nssutil_DupCat(moduleString,
                                      NSSUTIL_DEFAULT_SFTKN_FLAGS);
        if (moduleString == NULL)
            goto loser;
        moduleString = nssutil_DupCat(moduleString,
                                      NSSUTIL_DEFAULT_INTERNAL_INIT3);
        if (moduleString == NULL)
            goto loser;
        moduleList[0] = moduleString;
        moduleString = NULL;
    }
    failed = PR_FALSE;

loser:
    /*
     * cleanup
     */
    /* deal with trust cert db here */
    if (moduleString) {
        PORT_Free(moduleString);
        moduleString = NULL;
    }
    if (paramsValue) {
        PORT_Free(paramsValue);
        paramsValue = NULL;
    }
    if (failed || (moduleList[0] == NULL)) {
        /* This is wrong! FIXME */
        nssutil_releaseSpecList(moduleList);
        moduleList = NULL;
        failed = PR_TRUE;
    }
    if (fd != NULL) {
        fclose(fd);
    } else if (!failed && rw) {
        /* update our internal module */
        nssutil_AddSecmodDBEntry(appName, filename, dbname, moduleList[0], rw);
    }
    return moduleList;
}

static SECStatus
nssutil_ReleaseSecmodDBData(const char *appName,
                            const char *filename, const char *dbname,
                            char **moduleSpecList, PRBool rw)
{
    if (moduleSpecList) {
        nssutil_releaseSpecList(moduleSpecList);
    }
    return SECSuccess;
}

/*
 * Delete a module from the Data Base
 */
static SECStatus
nssutil_DeleteSecmodDBEntry(const char *appName,
                            const char *filename,
                            const char *dbname,
                            const char *args,
                            PRBool rw)
{
    /* SHDB_FIXME implement */
    os_stat_type stat_existing;
    os_open_permissions_type file_mode;
    FILE *fd = NULL;
    FILE *fd2 = NULL;
    char line[MAX_LINE_LENGTH];
    char *dbname2 = NULL;
    char *block = NULL;
    char *name = NULL;
    char *lib = NULL;
    int name_len = 0, lib_len = 0;
    PRBool skip = PR_FALSE;
    PRBool found = PR_FALSE;

    if (dbname == NULL) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    if (!rw) {
        PORT_SetError(SEC_ERROR_READ_ONLY);
        return SECFailure;
    }

    dbname2 = PORT_Strdup(dbname);
    if (dbname2 == NULL)
        goto loser;
    dbname2[strlen(dbname) - 1]++;

    /* get the permissions of the existing file, or use the default */
    if (!os_stat(dbname, &stat_existing)) {
        file_mode = stat_existing.st_mode;
    } else {
        file_mode = os_open_permissions_default;
    }

    /* do we really want to use streams here */
    fd = os_fopen(dbname, "r");
    if (fd == NULL)
        goto loser;

    fd2 = lfopen(dbname2, lfopen_truncate, file_mode);

    if (fd2 == NULL)
        goto loser;

    name = NSSUTIL_ArgGetParamValue("name", args);
    if (name) {
        name_len = PORT_Strlen(name);
    }
    lib = NSSUTIL_ArgGetParamValue("library", args);
    if (lib) {
        lib_len = PORT_Strlen(lib);
    }

    /*
     * the following loop takes line separated config files and collapses
     * the lines to a single string, escaping and quoting as necessary.
     */
    /* loop state variables */
    block = NULL;
    skip = PR_FALSE;
    while (fgets(line, sizeof(line), fd) != NULL) {
        /* If we are processing a block (we haven't hit a blank line yet */
        if (*line != '\n') {
            /* skip means we are in the middle of a block we are deleting */
            if (skip) {
                continue;
            }
            /* if we haven't found the block yet, check to see if this block
             * matches our requirements */
            if (!found && ((name && (PORT_Strncasecmp(line, "name=", 5) == 0) &&
                            (PORT_Strncmp(line + 5, name, name_len) == 0)) ||
                           (lib && (PORT_Strncasecmp(line, "library=", 8) == 0) &&
                            (PORT_Strncmp(line + 8, lib, lib_len) == 0)))) {

                /* yup, we don't need to save any more data, */
                PORT_Free(block);
                block = NULL;
                /* we don't need to collect more of this block */
                skip = PR_TRUE;
                /* we don't need to continue searching for the block */
                found = PR_TRUE;
                continue;
            }
            /* not our match, continue to collect data in this block */
            block = nssutil_DupCat(block, line);
            continue;
        }
        /* we've collected a block of data that wasn't the module we were
         * looking for, write it out */
        if (block) {
            fwrite(block, PORT_Strlen(block), 1, fd2);
            PORT_Free(block);
            block = NULL;
        }
        /* If we didn't just delete the this block, keep the blank line */
        if (!skip) {
            fputs(line, fd2);
        }
        /* we are definately not in a deleted block anymore */
        skip = PR_FALSE;
    }
    fclose(fd);
    fclose(fd2);
    if (found) {
        /* rename dbname2 to dbname */
        nssutil_Delete(dbname);
        nssutil_Rename(dbname2, dbname);
    } else {
        nssutil_Delete(dbname2);
    }
    PORT_Free(dbname2);
    PORT_Free(lib);
    PORT_Free(name);
    PORT_Free(block);
    return SECSuccess;

loser:
    if (fd != NULL) {
        fclose(fd);
    }
    if (fd2 != NULL) {
        fclose(fd2);
    }
    if (dbname2) {
        nssutil_Delete(dbname2);
        PORT_Free(dbname2);
    }
    PORT_Free(lib);
    PORT_Free(name);
    return SECFailure;
}

/*
 * Add a module to the Data base
 */
static SECStatus
nssutil_AddSecmodDBEntry(const char *appName,
                         const char *filename, const char *dbname,
                         const char *module, PRBool rw)
{
    os_stat_type stat_existing;
    os_open_permissions_type file_mode;
    FILE *fd = NULL;
    char *block = NULL;
    PRBool libFound = PR_FALSE;

    if (dbname == NULL) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    /* can't write to a read only module */
    if (!rw) {
        PORT_SetError(SEC_ERROR_READ_ONLY);
        return SECFailure;
    }

    /* remove the previous version if it exists */
    (void)nssutil_DeleteSecmodDBEntry(appName, filename, dbname, module, rw);

    /* get the permissions of the existing file, or use the default */
    if (!os_stat(dbname, &stat_existing)) {
        file_mode = stat_existing.st_mode;
    } else {
        file_mode = os_open_permissions_default;
    }

    fd = lfopen(dbname, lfopen_append, file_mode);
    if (fd == NULL) {
        return SECFailure;
    }
    module = NSSUTIL_ArgStrip(module);
    while (*module) {
        int count;
        char *keyEnd = PORT_Strchr(module, '=');
        char *value;

        if (PORT_Strncmp(module, "library=", 8) == 0) {
            libFound = PR_TRUE;
        }
        if (keyEnd == NULL) {
            block = nssutil_DupCat(block, module);
            break;
        }
        block = nssutil_DupnCat(block, module, keyEnd - module + 1);
        if (block == NULL) {
            goto loser;
        }
        value = NSSUTIL_ArgFetchValue(&keyEnd[1], &count);
        if (value) {
            block = nssutil_DupCat(block, NSSUTIL_ArgStrip(value));
            PORT_Free(value);
        }
        if (block == NULL) {
            goto loser;
        }
        block = nssutil_DupnCat(block, "\n", 1);
        module = keyEnd + 1 + count;
        module = NSSUTIL_ArgStrip(module);
    }
    if (block) {
        if (!libFound) {
            fprintf(fd, "library=\n");
        }
        fwrite(block, PORT_Strlen(block), 1, fd);
        fprintf(fd, "\n");
        PORT_Free(block);
        block = NULL;
    }
    fclose(fd);
    return SECSuccess;

loser:
    PORT_Free(block);
    fclose(fd);
    return SECFailure;
}

char **
NSSUTIL_DoModuleDBFunction(unsigned long function, char *parameters, void *args)
{
    char *secmod = NULL;
    char *appName = NULL;
    char *filename = NULL;
    NSSDBType dbType = NSS_DB_TYPE_NONE;
    PRBool rw;
    static char *success = "Success";
    char **rvstr = NULL;

    secmod = _NSSUTIL_GetSecmodName(parameters, &dbType, &appName,
                                    &filename, &rw);
    if ((dbType == NSS_DB_TYPE_LEGACY) ||
        (dbType == NSS_DB_TYPE_MULTIACCESS)) {
        /* we can't handle the old database, only softoken can */
        PORT_SetError(SEC_ERROR_LEGACY_DATABASE);
        rvstr = NULL;
        goto done;
    }

    switch (function) {
        case SECMOD_MODULE_DB_FUNCTION_FIND:
            rvstr = nssutil_ReadSecmodDB(appName, filename,
                                         secmod, (char *)parameters, rw);
            break;
        case SECMOD_MODULE_DB_FUNCTION_ADD:
            rvstr = (nssutil_AddSecmodDBEntry(appName, filename,
                                              secmod, (char *)args, rw) == SECSuccess)
                        ? &success
                        : NULL;
            break;
        case SECMOD_MODULE_DB_FUNCTION_DEL:
            rvstr = (nssutil_DeleteSecmodDBEntry(appName, filename,
                                                 secmod, (char *)args, rw) == SECSuccess)
                        ? &success
                        : NULL;
            break;
        case SECMOD_MODULE_DB_FUNCTION_RELEASE:
            rvstr = (nssutil_ReleaseSecmodDBData(appName, filename,
                                                 secmod, (char **)args, rw) == SECSuccess)
                        ? &success
                        : NULL;
            break;
    }
done:
    if (secmod)
        PR_smprintf_free(secmod);
    if (appName)
        PORT_Free(appName);
    if (filename)
        PORT_Free(filename);
    return rvstr;
}