зеркало из https://github.com/mozilla/gecko-dev.git
Multi-access database changes.
This commit is contained in:
Родитель
c8ab7babb2
Коммит
1e4fbdcfa4
|
@ -34,7 +34,7 @@
|
|||
* cdbhdl.h - certificate database handle
|
||||
* private to the certdb module
|
||||
*
|
||||
* $Id: cdbhdl.h,v 1.2 2001/11/08 00:15:30 relyea%netscape.com Exp $
|
||||
* $Id: cdbhdl.h,v 1.3 2002/04/05 09:17:49 relyea%netscape.com Exp $
|
||||
*/
|
||||
#ifndef _CDBHDL_H_
|
||||
#define _CDBHDL_H_
|
||||
|
@ -51,4 +51,19 @@ struct NSSLOWCERTCertDBHandleStr {
|
|||
PZMonitor *dbMon;
|
||||
};
|
||||
|
||||
#ifdef DBM_USING_NSPR
|
||||
#define NO_RDONLY PR_RDONLY
|
||||
#define NO_RDWR PR_RDWR
|
||||
#define NO_CREATE (PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE)
|
||||
#else
|
||||
#define NO_RDONLY O_RDONLY
|
||||
#define NO_RDWR O_RDWR
|
||||
#define NO_CREATE (O_RDWR | O_CREAT | O_TRUNC)
|
||||
#endif
|
||||
|
||||
typedef DB * (*rdbfunc)(const char *appName, const char *prefix,
|
||||
const char *type, int flags);
|
||||
|
||||
DB * rdbopen(const char *appName, const char *prefix,
|
||||
const char *type, int flags);
|
||||
#endif
|
||||
|
|
|
@ -32,7 +32,7 @@
|
|||
* may use your version of this file under either the MPL or the
|
||||
* GPL.
|
||||
*
|
||||
# $Id: dbinit.c,v 1.8 2001/12/07 01:36:17 relyea%netscape.com Exp $
|
||||
# $Id: dbinit.c,v 1.9 2002/04/05 09:17:49 relyea%netscape.com Exp $
|
||||
*/
|
||||
|
||||
#include <ctype.h>
|
||||
|
@ -102,6 +102,29 @@ pk11_keydb_name_cb(void *arg, int dbVersion)
|
|||
#define CKR_CERTDB_FAILED CKR_DEVICE_ERROR
|
||||
#define CKR_KEYDB_FAILED CKR_DEVICE_ERROR
|
||||
|
||||
const char *
|
||||
pk11_EvaluateConfigDir(const char *configdir,char **appName)
|
||||
{
|
||||
if (PORT_Strncmp(configdir, MULTIACCESS, sizeof(MULTIACCESS)-1) == 0) {
|
||||
char *cdir;
|
||||
|
||||
*appName = PORT_Strdup(configdir+sizeof(MULTIACCESS)-1);
|
||||
if (*appName == NULL) {
|
||||
return configdir;
|
||||
}
|
||||
cdir = *appName;
|
||||
while (*cdir && *cdir != ':') {
|
||||
cdir++;
|
||||
}
|
||||
if (*cdir == ':') {
|
||||
*cdir = 0;
|
||||
cdir++;
|
||||
}
|
||||
configdir = cdir;
|
||||
}
|
||||
return configdir;
|
||||
}
|
||||
|
||||
static CK_RV
|
||||
pk11_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly,
|
||||
NSSLOWCERTCertDBHandle **certdbPtr)
|
||||
|
@ -110,11 +133,14 @@ pk11_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly,
|
|||
CK_RV crv = CKR_CERTDB_FAILED;
|
||||
SECStatus rv;
|
||||
char * name = NULL;
|
||||
char * appName = NULL;
|
||||
|
||||
if (prefix == NULL) {
|
||||
prefix = "";
|
||||
}
|
||||
|
||||
configdir = pk11_EvaluateConfigDir(configdir, &appName);
|
||||
|
||||
name = PR_smprintf("%s" PATH_SEPARATOR "%s",configdir,prefix);
|
||||
if (name == NULL) goto loser;
|
||||
|
||||
|
@ -123,7 +149,7 @@ pk11_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly,
|
|||
goto loser;
|
||||
|
||||
/* fix when we get the DB in */
|
||||
rv = nsslowcert_OpenCertDB(certdb, readOnly,
|
||||
rv = nsslowcert_OpenCertDB(certdb, readOnly, appName, prefix,
|
||||
pk11_certdb_name_cb, (void *)name, PR_FALSE);
|
||||
if (rv == SECSuccess) {
|
||||
crv = CKR_OK;
|
||||
|
@ -133,6 +159,7 @@ pk11_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly,
|
|||
loser:
|
||||
if (certdb) PR_Free(certdb);
|
||||
if (name) PORT_Free(name);
|
||||
if (appName) PORT_Free(appName);
|
||||
return crv;
|
||||
}
|
||||
|
||||
|
@ -142,15 +169,20 @@ pk11_OpenKeyDB(const char * configdir, const char *prefix, PRBool readOnly,
|
|||
{
|
||||
NSSLOWKEYDBHandle *keydb;
|
||||
char * name = NULL;
|
||||
char * appName = NULL;
|
||||
|
||||
if (prefix == NULL) {
|
||||
prefix = "";
|
||||
}
|
||||
configdir = pk11_EvaluateConfigDir(configdir, &appName);
|
||||
|
||||
name = PR_smprintf("%s" PATH_SEPARATOR "%s",configdir,prefix);
|
||||
if (name == NULL)
|
||||
return SECFailure;
|
||||
keydb = nsslowkey_OpenKeyDB(readOnly, pk11_keydb_name_cb, (void *)name);
|
||||
keydb = nsslowkey_OpenKeyDB(readOnly, appName, prefix,
|
||||
pk11_keydb_name_cb, (void *)name);
|
||||
PORT_Free(name);
|
||||
if (appName) PORT_Free(appName);
|
||||
if (keydb == NULL)
|
||||
return CKR_KEYDB_FAILED;
|
||||
*keydbPtr = keydb;
|
||||
|
@ -222,3 +254,39 @@ pk11_DBShutdown(NSSLOWCERTCertDBHandle *certHandle,
|
|||
keyHandle= NULL;
|
||||
}
|
||||
}
|
||||
|
||||
static rdbfunc pk11_rdbfunc;
|
||||
|
||||
/* NOTE: SHLIB_SUFFIX is defined on the command line */
|
||||
#define RDBLIB "rdb."SHLIB_SUFFIX
|
||||
|
||||
DB * rdbopen(const char *appName, const char *prefix,
|
||||
const char *type, int flags)
|
||||
{
|
||||
PRLibrary *lib;
|
||||
DB *db;
|
||||
|
||||
if (pk11_rdbfunc) {
|
||||
db = (*pk11_rdbfunc)(appName,prefix,type,flags);
|
||||
return db;
|
||||
}
|
||||
|
||||
/*
|
||||
* try to open the library.
|
||||
*/
|
||||
lib = PR_LoadLibrary(RDBLIB);
|
||||
|
||||
if (!lib) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* get the entry point */
|
||||
pk11_rdbfunc = (rdbfunc) PR_FindSymbol(lib,"rdbopen");
|
||||
if (pk11_rdbfunc) {
|
||||
return (*pk11_rdbfunc)(appName,prefix,type,flags);
|
||||
}
|
||||
|
||||
/* couldn't find the entry point, unload the library and fail */
|
||||
PR_UnloadLibrary(lib);
|
||||
return NULL;
|
||||
}
|
||||
|
|
|
@ -32,7 +32,7 @@
|
|||
*
|
||||
* Private Key Database code
|
||||
*
|
||||
* $Id: keydb.c,v 1.14 2002/04/05 03:33:42 nelsonb%netscape.com Exp $
|
||||
* $Id: keydb.c,v 1.15 2002/04/05 09:17:49 relyea%netscape.com Exp $
|
||||
*/
|
||||
|
||||
#include "lowkeyi.h"
|
||||
|
@ -47,6 +47,7 @@
|
|||
#include "mcom_db.h"
|
||||
#include "lowpbe.h"
|
||||
#include "secerr.h"
|
||||
#include "cdbhdl.h"
|
||||
|
||||
#include "keydbi.h"
|
||||
|
||||
|
@ -531,13 +532,6 @@ keyDBFilenameCallback(void *arg, int dbVersion)
|
|||
return(PORT_Strdup((char *)arg));
|
||||
}
|
||||
|
||||
NSSLOWKEYDBHandle *
|
||||
nsslowkey_OpenKeyDBFilename(char *dbname, PRBool readOnly)
|
||||
{
|
||||
return(nsslowkey_OpenKeyDB(readOnly, keyDBFilenameCallback,
|
||||
(void *)dbname));
|
||||
}
|
||||
|
||||
static SECStatus
|
||||
ChangeKeyDBPasswordAlg(NSSLOWKEYDBHandle *handle,
|
||||
SECItem *oldpwitem, SECItem *newpwitem,
|
||||
|
@ -577,148 +571,12 @@ nsslowkey_version(DB *db)
|
|||
return 255;
|
||||
}
|
||||
|
||||
if ( ret == 1 ) {
|
||||
if ( ret >= 1 ) {
|
||||
return 0;
|
||||
}
|
||||
return *( (unsigned char *)versionData.data);
|
||||
}
|
||||
|
||||
#ifdef NSS_USE_KEY4_DB
|
||||
nsslowkey_UpdateKey3DBPass1(NSSLOWKEYDBHandle *handle)
|
||||
{
|
||||
SECStatus rv;
|
||||
DBT checkKey;
|
||||
DBT checkData;
|
||||
DBT saltKey;
|
||||
DBT saltData;
|
||||
DBT key;
|
||||
DBT data;
|
||||
DBT newKey;
|
||||
unsigned char buf[SHA1_LENGTH];
|
||||
unsigned char version;
|
||||
SECItem *rc4key = NULL;
|
||||
NSSLOWKEYDBKey *dbkey = NULL;
|
||||
SECItem *oldSalt = NULL;
|
||||
int ret;
|
||||
SECItem checkitem;
|
||||
|
||||
if ( handle->updatedb == NULL ) {
|
||||
return(SECSuccess);
|
||||
}
|
||||
|
||||
/*
|
||||
* check the version record
|
||||
*/
|
||||
version = nsslowkey_version(handle->updatedb);
|
||||
if (version != 3) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
saltKey.data = SALT_STRING;
|
||||
saltKey.size = sizeof(SALT_STRING) - 1;
|
||||
|
||||
ret = (* handle->updatedb->get)(handle->updatedb, &saltKey, &saltData, 0);
|
||||
if ( ret ) {
|
||||
/* no salt in old db, so it is corrupted */
|
||||
goto done;
|
||||
}
|
||||
|
||||
oldSalt = decodeKeyDBGlobalSalt(&saltData);
|
||||
if ( oldSalt == NULL ) {
|
||||
/* bad salt in old db, so it is corrupted */
|
||||
goto done;
|
||||
}
|
||||
|
||||
/*
|
||||
* look for a pw check entry
|
||||
*/
|
||||
checkKey.data = KEYDB_PW_CHECK_STRING;
|
||||
checkKey.size = KEYDB_PW_CHECK_LEN;
|
||||
|
||||
ret = (* handle->updatedb->get)(handle->updatedb, &checkKey,
|
||||
&checkData, 0 );
|
||||
if (ret) {
|
||||
checkKey.data = KEYDB_FAKE_PW_CHECK_STRING;
|
||||
checkKey.size = KEYDB_FAKE_PW_CHECK_LEN;
|
||||
ret = (* handle->updatedb->get)(handle->updatedb, &checkKey,
|
||||
&checkData, 0 );
|
||||
if (ret) {
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
/* put global salt into the new database now */
|
||||
ret = (* handle->db->put)( handle->db, &saltKey, &saltData, 0);
|
||||
if ( ret ) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (checkKey.size == KEYDB_PW_CHECK_LEN) {
|
||||
dbkey = decode_dbkey(&checkData, 3);
|
||||
if ( dbkey == NULL ) {
|
||||
goto done;
|
||||
}
|
||||
rv = put_dbkey(handle, &checkKey, dbkey, PR_FALSE);
|
||||
ret = (rv != SECSuccess);
|
||||
} else {
|
||||
ret = (* handle->db->put)(handle->db, &checkKey, &checkData, 0);
|
||||
}
|
||||
if ( ret ) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* now traverse the database */
|
||||
ret = (* handle->updatedb->seq)(handle->updatedb, &key, &data, R_FIRST);
|
||||
if ( ret ) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
do {
|
||||
|
||||
/* skip version record */
|
||||
if ( data.size > 1 ) {
|
||||
/* skip salt */
|
||||
if ( key.size == ( sizeof(SALT_STRING) - 1 ) ) {
|
||||
if ( PORT_Memcmp(key.data, SALT_STRING, key.size) == 0 ) {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
/* skip pw check entry */
|
||||
if ( key.size == checkKey.size ) {
|
||||
if ( PORT_Memcmp(key.data, checkKey.data, key.size) == 0 ) {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
dbkey = decode_dbkey(&data, 3);
|
||||
if ( dbkey == NULL ) {
|
||||
continue;
|
||||
}
|
||||
SHA1_HashBuf(buf,key.data,key.size);
|
||||
newKey.data = buf;
|
||||
newKey.size = SHA1_LENGTH;
|
||||
|
||||
rv = put_dbkey(handle, &newKey, dbkey, PR_FALSE);
|
||||
|
||||
sec_destroy_dbkey(dbkey);
|
||||
|
||||
}
|
||||
} while ( (* handle->updatedb->seq)(handle->updatedb, &key, &data,
|
||||
R_NEXT) == 0 );
|
||||
|
||||
done:
|
||||
/* sync the database */
|
||||
ret = (* handle->db->sync)(handle->db, 0);
|
||||
|
||||
(* handle->updatedb->close)(handle->updatedb);
|
||||
handle->updatedb = NULL;
|
||||
|
||||
if ( oldSalt ) {
|
||||
SECITEM_FreeItem(oldSalt, PR_TRUE);
|
||||
}
|
||||
return(SECSuccess);
|
||||
}
|
||||
#endif
|
||||
|
||||
static PRBool
|
||||
seckey_HasAServerKey(DB *db)
|
||||
{
|
||||
|
@ -958,18 +816,9 @@ done:
|
|||
return(SECSuccess);
|
||||
}
|
||||
|
||||
#ifdef DBM_USING_NSPR
|
||||
#define NO_RDONLY PR_RDONLY
|
||||
#define NO_RDWR PR_RDWR
|
||||
#define NO_CREATE (PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE)
|
||||
#else
|
||||
#define NO_RDONLY O_RDONLY
|
||||
#define NO_RDWR O_RDWR
|
||||
#define NO_CREATE (O_RDWR | O_CREAT | O_TRUNC)
|
||||
#endif
|
||||
|
||||
NSSLOWKEYDBHandle *
|
||||
nsslowkey_OpenKeyDB(PRBool readOnly, NSSLOWKEYDBNameFunc namecb, void *cbarg)
|
||||
nsslowkey_OpenKeyDB(PRBool readOnly, const char *appName, const char *prefix,
|
||||
NSSLOWKEYDBNameFunc namecb, void *cbarg)
|
||||
{
|
||||
NSSLOWKEYDBHandle *handle;
|
||||
int ret;
|
||||
|
@ -993,8 +842,12 @@ nsslowkey_OpenKeyDB(PRBool readOnly, NSSLOWKEYDBNameFunc namecb, void *cbarg)
|
|||
|
||||
handle->dbname = PORT_Strdup(dbname);
|
||||
handle->readOnly = readOnly;
|
||||
|
||||
handle->db = dbopen( dbname, openflags, 0600, DB_HASH, 0 );
|
||||
|
||||
if (appName) {
|
||||
handle->db = rdbopen( appName, prefix, "key", openflags);
|
||||
} else {
|
||||
handle->db = dbopen( dbname, openflags, 0600, DB_HASH, 0 );
|
||||
}
|
||||
|
||||
/* check for correct version number */
|
||||
if (handle->db != NULL) {
|
||||
|
@ -1013,39 +866,18 @@ nsslowkey_OpenKeyDB(PRBool readOnly, NSSLOWKEYDBNameFunc namecb, void *cbarg)
|
|||
}
|
||||
|
||||
newdb:
|
||||
|
||||
|
||||
/* if first open fails, try to create a new DB */
|
||||
if ( handle->db == NULL ) {
|
||||
#ifdef NSS_USE_KEY4_DB
|
||||
char *dbname3 = (*namecb)(cbarg, 3);
|
||||
|
||||
if ( readOnly ) {
|
||||
if (dbname3 == NULL) {
|
||||
goto loser;
|
||||
}
|
||||
handle->db = dbopen( dbname3, NO_RDONLY, 0600, DB_HASH, 0 );
|
||||
PORT_Free(handle->dbname);
|
||||
handle->dbname = dbname3;
|
||||
dbname3 = NULL;
|
||||
if (handle->db == NULL) {
|
||||
goto loser;
|
||||
}
|
||||
handle->version = nsslowkey_version(handle->db);
|
||||
if (handle->version != 3) {
|
||||
/* bogus version number record, reset the database */
|
||||
(* handle->db->close)( handle->db );
|
||||
handle->db = NULL;
|
||||
goto loser;
|
||||
}
|
||||
goto done;
|
||||
}
|
||||
#else
|
||||
if ( readOnly ) {
|
||||
goto loser;
|
||||
}
|
||||
#endif
|
||||
|
||||
handle->db = dbopen( dbname, NO_CREATE, 0600, DB_HASH, 0 );
|
||||
if (appName) {
|
||||
handle->db = rdbopen( appName, prefix, "key", NO_CREATE);
|
||||
} else {
|
||||
handle->db = dbopen( dbname, NO_CREATE, 0600, DB_HASH, 0 );
|
||||
}
|
||||
|
||||
PORT_Free( dbname );
|
||||
dbname = NULL;
|
||||
|
@ -1059,22 +891,6 @@ newdb:
|
|||
if ( rv != SECSuccess ) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
#ifdef NSS_USE_KEY4_DB
|
||||
handle->updatedb = dbopen( dbname3, NO_RDONLY, 0600, DB_HASH, 0 );
|
||||
PORT_Free(dbname3);
|
||||
dbname3 = NULL;
|
||||
if (handle->updatedb) {
|
||||
/*
|
||||
* copy the key data, all the real work happens in pass2
|
||||
*/
|
||||
rv = nsslowkey_UpdateKey3DBPass1(handle);
|
||||
if ( rv == SECSuccess ) {
|
||||
updated = PR_TRUE;
|
||||
}
|
||||
goto skip_v2_db;
|
||||
}
|
||||
#endif /* NSS_USE_KEY4_DB */
|
||||
/*
|
||||
* try to update from v2 db
|
||||
*/
|
||||
|
@ -1099,9 +915,6 @@ newdb:
|
|||
|
||||
}
|
||||
|
||||
#ifdef NSS_USE_KEY4_DB
|
||||
skip_v2_db:
|
||||
#endif
|
||||
/* we are using the old salt if we updated from an old db */
|
||||
if ( ! updated ) {
|
||||
rv = makeGlobalSalt(handle);
|
||||
|
@ -1117,9 +930,6 @@ skip_v2_db:
|
|||
}
|
||||
}
|
||||
|
||||
#ifdef NSS_USE_KEY4_DB
|
||||
done:
|
||||
#endif
|
||||
handle->global_salt = GetKeyDBGlobalSalt(handle);
|
||||
if ( dbname )
|
||||
PORT_Free( dbname );
|
||||
|
|
|
@ -32,7 +32,7 @@
|
|||
*
|
||||
* key.h - public data structures and prototypes for the private key library
|
||||
*
|
||||
* $Id: lowkeyi.h,v 1.5 2002/02/21 22:41:38 ian.mcgreer%sun.com Exp $
|
||||
* $Id: lowkeyi.h,v 1.6 2002/04/05 09:17:50 relyea%netscape.com Exp $
|
||||
*/
|
||||
|
||||
#ifndef _LOWKEYI_H_
|
||||
|
@ -66,11 +66,11 @@ typedef char * (* NSSLOWKEYDBNameFunc)(void *arg, int dbVersion);
|
|||
** Open a key database.
|
||||
*/
|
||||
extern NSSLOWKEYDBHandle *nsslowkey_OpenKeyDB(PRBool readOnly,
|
||||
const char *domain,
|
||||
const char *prefix,
|
||||
NSSLOWKEYDBNameFunc namecb,
|
||||
void *cbarg);
|
||||
|
||||
extern NSSLOWKEYDBHandle *nsslowkey_OpenKeyDBFilename(char *filename,
|
||||
PRBool readOnly);
|
||||
|
||||
/*
|
||||
* Clear out all the keys in the existing database
|
||||
|
|
|
@ -40,15 +40,7 @@ LIBRARY_NAME = softokn
|
|||
LIBRARY_VERSION = 3
|
||||
MAPFILE = $(OBJDIR)/softokn.def
|
||||
|
||||
#
|
||||
# turn this on to get key4 generation and use.
|
||||
#
|
||||
# key4.db is properly indexed so we don't have to do db traversals to find keys.
|
||||
# turning on key4.db will automatically upgrade to key4 on startup if we open
|
||||
# the directory R/W and key4.db doesn't exist. If we open the directory up
|
||||
# R/O it opens and used the old key3.db without any update at all.
|
||||
#
|
||||
#DEFINES += -DNSS_USE_KEY4_DB
|
||||
DEFINES += -DSHLIB_SUFFIX=\"${DLL_SUFFIX}\"
|
||||
|
||||
|
||||
EXPORTS = \
|
||||
|
|
|
@ -139,6 +139,7 @@ nsslowcert_DestroyDBEntry(certDBEntry *entry);
|
|||
|
||||
SECStatus
|
||||
nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
|
||||
const char *domain, const char *prefix,
|
||||
NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile);
|
||||
|
||||
void
|
||||
|
|
|
@ -34,7 +34,7 @@
|
|||
/*
|
||||
* Permanent Certificate database handling code
|
||||
*
|
||||
* $Id: pcertdb.c,v 1.14 2002/04/05 03:33:42 nelsonb%netscape.com Exp $
|
||||
* $Id: pcertdb.c,v 1.15 2002/04/05 09:17:50 relyea%netscape.com Exp $
|
||||
*/
|
||||
#include "prtime.h"
|
||||
|
||||
|
@ -541,7 +541,7 @@ static SECStatus
|
|||
DecodeDBCertEntry(certDBEntryCert *entry, SECItem *dbentry)
|
||||
{
|
||||
unsigned int nnlen;
|
||||
int headerlen;
|
||||
unsigned int headerlen;
|
||||
int lenoff;
|
||||
|
||||
/* allow updates of old versions of the database */
|
||||
|
@ -2602,6 +2602,7 @@ ReadDBVersionEntry(NSSLOWCERTCertDBHandle *handle)
|
|||
certDBEntryVersion *entry;
|
||||
SECItem dbkey;
|
||||
SECItem dbentry;
|
||||
SECStatus rv;
|
||||
|
||||
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
||||
if ( arena == NULL ) {
|
||||
|
@ -2633,7 +2634,10 @@ ReadDBVersionEntry(NSSLOWCERTCertDBHandle *handle)
|
|||
PORT_Memcpy(&dbkey.data[SEC_DB_KEY_HEADER_LEN], SEC_DB_VERSION_KEY,
|
||||
SEC_DB_VERSION_KEY_LEN);
|
||||
|
||||
ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena);
|
||||
rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena);
|
||||
if (rv != SECSuccess) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
PORT_FreeArena(tmparena, PR_FALSE);
|
||||
return(entry);
|
||||
|
@ -2758,11 +2762,11 @@ AddPermSubjectNode(certDBEntrySubject *entry, NSSLOWCERTCertificate *cert,
|
|||
char *nickname)
|
||||
{
|
||||
SECItem *newCertKeys, *newKeyIDs;
|
||||
int i;
|
||||
unsigned int i;
|
||||
SECStatus rv;
|
||||
NSSLOWCERTCertificate *cmpcert;
|
||||
unsigned int nnlen;
|
||||
int ncerts;
|
||||
unsigned int ncerts;
|
||||
|
||||
|
||||
PORT_Assert(entry);
|
||||
|
@ -2860,7 +2864,7 @@ nsslowcert_TraversePermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
|
|||
NSSLOWCERTCertCallback cb, void *cbarg)
|
||||
{
|
||||
certDBEntrySubject *entry;
|
||||
int i;
|
||||
unsigned int i;
|
||||
NSSLOWCERTCertificate *cert;
|
||||
SECStatus rv = SECSuccess;
|
||||
|
||||
|
@ -3551,7 +3555,8 @@ nsslowcert_CertNicknameConflict(char *nickname, SECItem *derSubject,
|
|||
*/
|
||||
static SECStatus
|
||||
nsslowcert_OpenPermCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
|
||||
NSSLOWCERTDBNameFunc namecb, void *cbarg)
|
||||
const char *appName, const char *prefix,
|
||||
NSSLOWCERTDBNameFunc namecb, void *cbarg)
|
||||
{
|
||||
SECStatus rv;
|
||||
int openflags;
|
||||
|
@ -3572,7 +3577,11 @@ nsslowcert_OpenPermCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
|
|||
/*
|
||||
* first open the permanent file based database.
|
||||
*/
|
||||
handle->permCertDB = dbopen( certdbname, openflags, 0600, DB_HASH, 0 );
|
||||
if (appName) {
|
||||
handle->permCertDB = rdbopen( appName, prefix, "cert", openflags);
|
||||
} else {
|
||||
handle->permCertDB = dbopen( certdbname, openflags, 0600, DB_HASH, 0 );
|
||||
}
|
||||
|
||||
/* check for correct version number */
|
||||
if ( handle->permCertDB ) {
|
||||
|
@ -3593,7 +3602,6 @@ nsslowcert_OpenPermCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
/* if first open fails, try to create a new DB */
|
||||
if ( handle->permCertDB == NULL ) {
|
||||
|
||||
|
@ -3602,7 +3610,11 @@ nsslowcert_OpenPermCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
|
|||
goto loser;
|
||||
}
|
||||
|
||||
handle->permCertDB = dbopen(certdbname, NO_CREATE, 0600, DB_HASH, 0);
|
||||
if (appName) {
|
||||
handle->permCertDB=rdbopen( appName, prefix, "cert", NO_CREATE);
|
||||
} else {
|
||||
handle->permCertDB=dbopen(certdbname, NO_CREATE, 0600, DB_HASH, 0);
|
||||
}
|
||||
|
||||
/* if create fails then we lose */
|
||||
if ( handle->permCertDB == 0 ) {
|
||||
|
@ -4049,6 +4061,7 @@ done:
|
|||
*/
|
||||
SECStatus
|
||||
nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
|
||||
const char *appName, const char *prefix,
|
||||
NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile)
|
||||
{
|
||||
int rv;
|
||||
|
@ -4058,7 +4071,8 @@ nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
|
|||
handle->dbMon = PZ_NewMonitor(nssILockCertDB);
|
||||
PORT_Assert(handle->dbMon != NULL);
|
||||
|
||||
rv = nsslowcert_OpenPermCertDB(handle, readOnly, namecb, cbarg);
|
||||
rv = nsslowcert_OpenPermCertDB(handle, readOnly, appName, prefix,
|
||||
namecb, cbarg);
|
||||
if ( rv ) {
|
||||
goto loser;
|
||||
}
|
||||
|
|
|
@ -39,6 +39,7 @@
|
|||
#include "pk11pars.h"
|
||||
#include "pkcs11i.h"
|
||||
#include "mcom_db.h"
|
||||
#include "cdbhdl.h"
|
||||
|
||||
#define FREE_CLEAR(p) if (p) { PORT_Free(p); p = NULL; }
|
||||
|
||||
|
@ -247,13 +248,14 @@ secmod_freeParams(pk11_parameters *params)
|
|||
|
||||
|
||||
char *
|
||||
secmod_getSecmodName(char *param, PRBool *rw)
|
||||
secmod_getSecmodName(char *param, char **appName, char **filename,PRBool *rw)
|
||||
{
|
||||
int next;
|
||||
char *configdir = NULL;
|
||||
char *secmodName = NULL;
|
||||
char *value = NULL;
|
||||
char *save_params = param;
|
||||
char *lconfigdir;
|
||||
param = pk11_argStrip(param);
|
||||
|
||||
|
||||
|
@ -268,13 +270,15 @@ secmod_getSecmodName(char *param, PRBool *rw)
|
|||
pk11_argHasFlag("flags","noModDB",save_params)) *rw = PR_FALSE;
|
||||
|
||||
if (!secmodName || *secmodName == '\0') secmodName = PORT_Strdup(SECMOD_DB);
|
||||
*filename = secmodName;
|
||||
|
||||
if (configdir) {
|
||||
lconfigdir = pk11_EvaluateConfigDir(configdir, appName);
|
||||
|
||||
if (lconfigdir) {
|
||||
value = PR_smprintf("%s" PATH_SEPARATOR "%s",configdir,secmodName);
|
||||
} else {
|
||||
value = PORT_Strdup(secmodName);
|
||||
value = PR_smprintf("%s",secmodName);
|
||||
}
|
||||
PORT_Free(secmodName);
|
||||
if (configdir) PORT_Free(configdir);
|
||||
return value;
|
||||
}
|
||||
|
@ -631,22 +635,26 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal)
|
|||
}
|
||||
|
||||
|
||||
#ifdef DBM_USING_NSPR
|
||||
#define NO_RDONLY PR_RDONLY
|
||||
#define NO_RDWR PR_RDWR
|
||||
#define NO_CREATE (PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE)
|
||||
#else
|
||||
#define NO_RDONLY O_RDONLY
|
||||
#define NO_RDWR O_RDWR
|
||||
#define NO_CREATE (O_RDWR | O_CREAT | O_TRUNC)
|
||||
#endif
|
||||
|
||||
|
||||
static DB *
|
||||
secmod_OpenDB(char *dbName, PRBool readOnly)
|
||||
secmod_OpenDB(const char *appName,
|
||||
const char *filename, const char *dbName, PRBool readOnly)
|
||||
{
|
||||
DB *pkcs11db = NULL;
|
||||
|
||||
|
||||
|
||||
if (appName) {
|
||||
char *secname = PORT_Strdup(filename);
|
||||
int len = strlen(secname);
|
||||
|
||||
if (len >= 3 && PORT_Strcmp(&secname[len-3],".db") == 0) {
|
||||
secname[len-3] = 0;
|
||||
}
|
||||
pkcs11db=rdbopen(appName, "", secname, readOnly ? NO_RDONLY:NO_CREATE);
|
||||
PORT_Free(secname);
|
||||
return pkcs11db;
|
||||
}
|
||||
|
||||
/* I'm sure we should do more checks here sometime... */
|
||||
pkcs11db = dbopen(dbName, readOnly ? NO_RDONLY : NO_RDWR, 0600, DB_HASH, 0);
|
||||
|
||||
|
@ -702,7 +710,8 @@ secmod_addEscape(const char *string, char quote)
|
|||
* Read all the existing modules in
|
||||
*/
|
||||
char **
|
||||
secmod_ReadPermDB(char *dbname, char *params, PRBool rw)
|
||||
secmod_ReadPermDB(const char *appName, const char *filename,
|
||||
const char *dbname, char *params, PRBool rw)
|
||||
{
|
||||
DBT key,data;
|
||||
int ret;
|
||||
|
@ -714,7 +723,7 @@ secmod_ReadPermDB(char *dbname, char *params, PRBool rw)
|
|||
moduleList = (char **) PORT_ZAlloc(useCount*sizeof(char **));
|
||||
if (moduleList == NULL) return NULL;
|
||||
|
||||
pkcs11db = secmod_OpenDB(dbname,PR_TRUE);
|
||||
pkcs11db = secmod_OpenDB(appName,filename,dbname,PR_TRUE);
|
||||
if (pkcs11db == NULL) goto done;
|
||||
|
||||
/* read and parse the file or data base */
|
||||
|
@ -756,16 +765,29 @@ done:
|
|||
if (pkcs11db) {
|
||||
secmod_CloseDB(pkcs11db);
|
||||
} else {
|
||||
secmod_AddPermDB(dbname,moduleList[0], rw) ;
|
||||
secmod_AddPermDB(appName,filename,dbname,moduleList[0], rw) ;
|
||||
}
|
||||
return moduleList;
|
||||
}
|
||||
|
||||
SECStatus
|
||||
secmod_ReleasePermDBData(const char *appName, const char *filename,
|
||||
const char *dbname, char **moduleSpecList, PRBool rw)
|
||||
{
|
||||
char **index;
|
||||
for(index = moduleSpecList; *index; index++) {
|
||||
PR_smprintf_free(*index);
|
||||
}
|
||||
PORT_Free(moduleSpecList);
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
/*
|
||||
* Delete a module from the Data Base
|
||||
*/
|
||||
SECStatus
|
||||
secmod_DeletePermDB(char *dbname, char *args, PRBool rw)
|
||||
secmod_DeletePermDB(const char *appName, const char *filename,
|
||||
const char *dbname, char *args, PRBool rw)
|
||||
{
|
||||
DBT key;
|
||||
SECStatus rv = SECFailure;
|
||||
|
@ -775,7 +797,7 @@ secmod_DeletePermDB(char *dbname, char *args, PRBool rw)
|
|||
if (!rw) return SECFailure;
|
||||
|
||||
/* make sure we have a db handle */
|
||||
pkcs11db = secmod_OpenDB(dbname,PR_FALSE);
|
||||
pkcs11db = secmod_OpenDB(appName,filename,dbname,PR_FALSE);
|
||||
if (pkcs11db == NULL) {
|
||||
return SECFailure;
|
||||
}
|
||||
|
@ -800,7 +822,8 @@ done:
|
|||
* Add a module to the Data base
|
||||
*/
|
||||
SECStatus
|
||||
secmod_AddPermDB(char *dbname, char *module, PRBool rw)
|
||||
secmod_AddPermDB(const char *appName, const char *filename,
|
||||
const char *dbname, char *module, PRBool rw)
|
||||
{
|
||||
DBT key,data;
|
||||
SECStatus rv = SECFailure;
|
||||
|
@ -811,7 +834,7 @@ secmod_AddPermDB(char *dbname, char *module, PRBool rw)
|
|||
if (!rw) return SECFailure;
|
||||
|
||||
/* make sure we have a db handle */
|
||||
pkcs11db = secmod_OpenDB(dbname,PR_FALSE);
|
||||
pkcs11db = secmod_OpenDB(appName,filename,dbname,PR_FALSE);
|
||||
if (pkcs11db == NULL) {
|
||||
return SECFailure;
|
||||
}
|
||||
|
|
|
@ -2257,29 +2257,37 @@ pk11_DestroySlotData(PK11Slot *slot)
|
|||
* handle the SECMOD.db
|
||||
*/
|
||||
char **
|
||||
NSC_ModuleDBFunc(unsigned long function,char *parameters, char *args)
|
||||
NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args)
|
||||
{
|
||||
char *secmod;
|
||||
char *secmod = NULL;
|
||||
char *appName = NULL;
|
||||
char *filename = NULL;
|
||||
PRBool rw;
|
||||
static char *success="Success";
|
||||
char **rvstr = NULL;
|
||||
|
||||
secmod = secmod_getSecmodName(parameters,&rw);
|
||||
secmod = secmod_getSecmodName(parameters,&appName,&filename, &rw);
|
||||
|
||||
switch (function) {
|
||||
case SECMOD_MODULE_DB_FUNCTION_FIND:
|
||||
rvstr = secmod_ReadPermDB(secmod,parameters,rw);
|
||||
rvstr = secmod_ReadPermDB(appName,filename,secmod,(char *)parameters,rw);
|
||||
break;
|
||||
case SECMOD_MODULE_DB_FUNCTION_ADD:
|
||||
rvstr = (secmod_AddPermDB(secmod,args,rw) == SECSuccess)
|
||||
? &success: NULL;
|
||||
rvstr = (secmod_AddPermDB(appName,filename,secmod,(char *)args,rw)
|
||||
== SECSuccess) ? &success: NULL;
|
||||
break;
|
||||
case SECMOD_MODULE_DB_FUNCTION_DEL:
|
||||
rvstr = (secmod_DeletePermDB(secmod,args,rw) == SECSuccess)
|
||||
? &success: NULL;
|
||||
rvstr = (secmod_DeletePermDB(appName,filename,secmod,(char *)args,rw)
|
||||
== SECSuccess) ? &success: NULL;
|
||||
break;
|
||||
case SECMOD_MODULE_DB_FUNCTION_RELEASE:
|
||||
rvstr = (secmod_ReleasePermDBData(appName,filename,secmod,
|
||||
(char **)args,rw) == SECSuccess) ? &success: NULL;
|
||||
break;
|
||||
}
|
||||
if (secmod) PR_smprintf_free(secmod);
|
||||
if (appName) PORT_Free(appName);
|
||||
if (filename) PORT_Free(filename);
|
||||
return rvstr;
|
||||
}
|
||||
|
||||
|
@ -2425,6 +2433,7 @@ CK_RV NSC_GetInfo(CK_INFO_PTR pInfo)
|
|||
return CKR_OK;
|
||||
}
|
||||
|
||||
|
||||
/* NSC_GetSlotList obtains a list of slots in the system. */
|
||||
CK_RV NSC_GetSlotList(CK_BBOOL tokenPresent,
|
||||
CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount)
|
||||
|
@ -3213,7 +3222,6 @@ CK_RV NSC_CopyObject(CK_SESSION_HANDLE hSession,
|
|||
if (crv != CKR_OK) {
|
||||
pk11_FreeObject(destObject);
|
||||
pk11_FreeSession(session);
|
||||
return crv;
|
||||
}
|
||||
|
||||
crv = pk11_handleObject(destObject,session);
|
||||
|
|
|
@ -113,6 +113,8 @@
|
|||
#endif
|
||||
#define MAX_KEY_LEN 256
|
||||
|
||||
#define MULTIACCESS "multiaccess:"
|
||||
|
||||
/*
|
||||
* LOG2_BUCKETS_PER_SESSION_LOCK must be a prime number.
|
||||
* With SESSION_HASH_SIZE=1024, LOG2 can be 9, 5, 1, or 0.
|
||||
|
@ -594,10 +596,16 @@ extern PRBool pk11_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type);
|
|||
extern CK_RV secmod_parseParameters(char *param, pk11_parameters *parsed,
|
||||
PRBool isFIPS);
|
||||
extern void secmod_freeParams(pk11_parameters *params);
|
||||
extern char *secmod_getSecmodName(char *params, PRBool *rw);
|
||||
extern char ** secmod_ReadPermDB(char *dbname, char *params, PRBool rw);
|
||||
extern SECStatus secmod_DeletePermDB(char *dbname,char *args, PRBool rw);
|
||||
extern SECStatus secmod_AddPermDB(char *dbname, char *module, PRBool rw);
|
||||
extern char *secmod_getSecmodName(char *params, char **domain,
|
||||
char **filename, PRBool *rw);
|
||||
extern char ** secmod_ReadPermDB(const char *domain, const char *filename,
|
||||
const char *dbname, char *params, PRBool rw);
|
||||
extern SECStatus secmod_DeletePermDB(const char *domain, const char *filename,
|
||||
const char *dbname, char *args, PRBool rw);
|
||||
extern SECStatus secmod_AddPermDB(const char *domain, const char *filename,
|
||||
const char *dbname, char *module, PRBool rw);
|
||||
extern SECStatus secmod_ReleasePermDBData(const char *domain,
|
||||
const char *filename, const char *dbname, char **specList, PRBool rw);
|
||||
/*
|
||||
* OK there are now lots of options here, lets go through them all:
|
||||
*
|
||||
|
@ -623,6 +631,8 @@ CK_RV pk11_DBInit(const char *configdir, const char *certPrefix,
|
|||
void pk11_DBShutdown(NSSLOWCERTCertDBHandle *certHandle,
|
||||
NSSLOWKEYDBHandle *keyHandle);
|
||||
|
||||
const char *pk11_EvaluateConfigDir(const char *configdir, char **domain);
|
||||
|
||||
/*
|
||||
* narrow objects
|
||||
*/
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
#define _PKCS11N_H_
|
||||
|
||||
#ifdef DEBUG
|
||||
static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.3 $ $Date: 2002/03/02 00:52:04 $ $Name: $";
|
||||
static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.4 $ $Date: 2002/04/05 09:17:51 $ $Name: $";
|
||||
#endif /* DEBUG */
|
||||
|
||||
/*
|
||||
|
@ -213,11 +213,13 @@ typedef CK_ULONG CK_TRUST;
|
|||
* The function 'ADD' takes a PKCS #11 initialization string and stores it.
|
||||
* The function 'DEL' takes a 'name= library=' value and deletes the associated
|
||||
* string.
|
||||
* The function 'RELEASE' frees the array returned by 'FIND'
|
||||
*/
|
||||
#define SECMOD_MODULE_DB_FUNCTION_FIND 0
|
||||
#define SECMOD_MODULE_DB_FUNCTION_ADD 1
|
||||
#define SECMOD_MODULE_DB_FUNCTION_DEL 2
|
||||
#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3
|
||||
typedef char ** (PR_CALLBACK *SECMODModuleDBFunc)(unsigned long function,
|
||||
char *parameters, char *moduleSpec);
|
||||
char *parameters, void *moduleSpec);
|
||||
|
||||
#endif /* _PKCS11N_H_ */
|
||||
|
|
|
@ -34,13 +34,21 @@
|
|||
#include "nss.h"
|
||||
#include <winver.h>
|
||||
|
||||
#define MY_LIBNAME "softokn"
|
||||
#define MY_LIBNAME "softoken"
|
||||
#ifdef MOZ_CLIENT
|
||||
#define MY_FILEDESCRIPTION "NSS Builtin Crypto PKCS #11 Library for Clients"
|
||||
#define CLIENTS " for Clients"
|
||||
#else
|
||||
#define MY_FILEDESCRIPTION "NSS Builtin Crypto PKCS #11 Library"
|
||||
#define CLIENTS ""
|
||||
#endif
|
||||
|
||||
#ifdef REMOTE_DBM
|
||||
#define DBM " with Shared Database"
|
||||
#else
|
||||
#define DBM ""
|
||||
#endif
|
||||
|
||||
#define MY_FILEDESCRIPTION "NSS PKCS #11 Library" CLIENTS DBM
|
||||
|
||||
#define STRINGIZE(x) #x
|
||||
#define STRINGIZE2(x) STRINGIZE(x)
|
||||
#define NSS_VMAJOR_STR STRINGIZE2(NSS_VMAJOR)
|
||||
|
|
Загрузка…
Ссылка в новой задаче