From 1e4fbdcfa4a861098e503d0ffb5e125351f681fc Mon Sep 17 00:00:00 2001 From: "relyea%netscape.com" Date: Fri, 5 Apr 2002 09:17:51 +0000 Subject: [PATCH] Multi-access database changes. --- security/nss/lib/softoken/cdbhdl.h | 17 +- security/nss/lib/softoken/dbinit.c | 74 ++++++++- security/nss/lib/softoken/keydb.c | 224 ++------------------------ security/nss/lib/softoken/lowkeyi.h | 6 +- security/nss/lib/softoken/manifest.mn | 10 +- security/nss/lib/softoken/pcert.h | 1 + security/nss/lib/softoken/pcertdb.c | 36 +++-- security/nss/lib/softoken/pk11db.c | 69 +++++--- security/nss/lib/softoken/pkcs11.c | 26 +-- security/nss/lib/softoken/pkcs11i.h | 18 ++- security/nss/lib/softoken/pkcs11n.h | 6 +- security/nss/lib/softoken/softokn.rc | 14 +- 12 files changed, 226 insertions(+), 275 deletions(-) diff --git a/security/nss/lib/softoken/cdbhdl.h b/security/nss/lib/softoken/cdbhdl.h index 66f8e3fa6b22..55b3fc1a533c 100644 --- a/security/nss/lib/softoken/cdbhdl.h +++ b/security/nss/lib/softoken/cdbhdl.h @@ -34,7 +34,7 @@ * cdbhdl.h - certificate database handle * private to the certdb module * - * $Id: cdbhdl.h,v 1.2 2001/11/08 00:15:30 relyea%netscape.com Exp $ + * $Id: cdbhdl.h,v 1.3 2002/04/05 09:17:49 relyea%netscape.com Exp $ */ #ifndef _CDBHDL_H_ #define _CDBHDL_H_ @@ -51,4 +51,19 @@ struct NSSLOWCERTCertDBHandleStr { PZMonitor *dbMon; }; +#ifdef DBM_USING_NSPR +#define NO_RDONLY PR_RDONLY +#define NO_RDWR PR_RDWR +#define NO_CREATE (PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE) +#else +#define NO_RDONLY O_RDONLY +#define NO_RDWR O_RDWR +#define NO_CREATE (O_RDWR | O_CREAT | O_TRUNC) +#endif + +typedef DB * (*rdbfunc)(const char *appName, const char *prefix, + const char *type, int flags); + +DB * rdbopen(const char *appName, const char *prefix, + const char *type, int flags); #endif diff --git a/security/nss/lib/softoken/dbinit.c b/security/nss/lib/softoken/dbinit.c index 1c627c163a29..ae4ec7ab8188 100644 --- a/security/nss/lib/softoken/dbinit.c +++ b/security/nss/lib/softoken/dbinit.c @@ -32,7 +32,7 @@ * may use your version of this file under either the MPL or the * GPL. * - # $Id: dbinit.c,v 1.8 2001/12/07 01:36:17 relyea%netscape.com Exp $ + # $Id: dbinit.c,v 1.9 2002/04/05 09:17:49 relyea%netscape.com Exp $ */ #include @@ -102,6 +102,29 @@ pk11_keydb_name_cb(void *arg, int dbVersion) #define CKR_CERTDB_FAILED CKR_DEVICE_ERROR #define CKR_KEYDB_FAILED CKR_DEVICE_ERROR +const char * +pk11_EvaluateConfigDir(const char *configdir,char **appName) +{ + if (PORT_Strncmp(configdir, MULTIACCESS, sizeof(MULTIACCESS)-1) == 0) { + char *cdir; + + *appName = PORT_Strdup(configdir+sizeof(MULTIACCESS)-1); + if (*appName == NULL) { + return configdir; + } + cdir = *appName; + while (*cdir && *cdir != ':') { + cdir++; + } + if (*cdir == ':') { + *cdir = 0; + cdir++; + } + configdir = cdir; + } + return configdir; +} + static CK_RV pk11_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly, NSSLOWCERTCertDBHandle **certdbPtr) @@ -110,11 +133,14 @@ pk11_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly, CK_RV crv = CKR_CERTDB_FAILED; SECStatus rv; char * name = NULL; + char * appName = NULL; if (prefix == NULL) { prefix = ""; } + configdir = pk11_EvaluateConfigDir(configdir, &appName); + name = PR_smprintf("%s" PATH_SEPARATOR "%s",configdir,prefix); if (name == NULL) goto loser; @@ -123,7 +149,7 @@ pk11_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly, goto loser; /* fix when we get the DB in */ - rv = nsslowcert_OpenCertDB(certdb, readOnly, + rv = nsslowcert_OpenCertDB(certdb, readOnly, appName, prefix, pk11_certdb_name_cb, (void *)name, PR_FALSE); if (rv == SECSuccess) { crv = CKR_OK; @@ -133,6 +159,7 @@ pk11_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly, loser: if (certdb) PR_Free(certdb); if (name) PORT_Free(name); + if (appName) PORT_Free(appName); return crv; } @@ -142,15 +169,20 @@ pk11_OpenKeyDB(const char * configdir, const char *prefix, PRBool readOnly, { NSSLOWKEYDBHandle *keydb; char * name = NULL; + char * appName = NULL; if (prefix == NULL) { prefix = ""; } + configdir = pk11_EvaluateConfigDir(configdir, &appName); + name = PR_smprintf("%s" PATH_SEPARATOR "%s",configdir,prefix); if (name == NULL) return SECFailure; - keydb = nsslowkey_OpenKeyDB(readOnly, pk11_keydb_name_cb, (void *)name); + keydb = nsslowkey_OpenKeyDB(readOnly, appName, prefix, + pk11_keydb_name_cb, (void *)name); PORT_Free(name); + if (appName) PORT_Free(appName); if (keydb == NULL) return CKR_KEYDB_FAILED; *keydbPtr = keydb; @@ -222,3 +254,39 @@ pk11_DBShutdown(NSSLOWCERTCertDBHandle *certHandle, keyHandle= NULL; } } + +static rdbfunc pk11_rdbfunc; + +/* NOTE: SHLIB_SUFFIX is defined on the command line */ +#define RDBLIB "rdb."SHLIB_SUFFIX + +DB * rdbopen(const char *appName, const char *prefix, + const char *type, int flags) +{ + PRLibrary *lib; + DB *db; + + if (pk11_rdbfunc) { + db = (*pk11_rdbfunc)(appName,prefix,type,flags); + return db; + } + + /* + * try to open the library. + */ + lib = PR_LoadLibrary(RDBLIB); + + if (!lib) { + return NULL; + } + + /* get the entry point */ + pk11_rdbfunc = (rdbfunc) PR_FindSymbol(lib,"rdbopen"); + if (pk11_rdbfunc) { + return (*pk11_rdbfunc)(appName,prefix,type,flags); + } + + /* couldn't find the entry point, unload the library and fail */ + PR_UnloadLibrary(lib); + return NULL; +} diff --git a/security/nss/lib/softoken/keydb.c b/security/nss/lib/softoken/keydb.c index 13cbf0475fa2..935f0823ee9a 100644 --- a/security/nss/lib/softoken/keydb.c +++ b/security/nss/lib/softoken/keydb.c @@ -32,7 +32,7 @@ * * Private Key Database code * - * $Id: keydb.c,v 1.14 2002/04/05 03:33:42 nelsonb%netscape.com Exp $ + * $Id: keydb.c,v 1.15 2002/04/05 09:17:49 relyea%netscape.com Exp $ */ #include "lowkeyi.h" @@ -47,6 +47,7 @@ #include "mcom_db.h" #include "lowpbe.h" #include "secerr.h" +#include "cdbhdl.h" #include "keydbi.h" @@ -531,13 +532,6 @@ keyDBFilenameCallback(void *arg, int dbVersion) return(PORT_Strdup((char *)arg)); } -NSSLOWKEYDBHandle * -nsslowkey_OpenKeyDBFilename(char *dbname, PRBool readOnly) -{ - return(nsslowkey_OpenKeyDB(readOnly, keyDBFilenameCallback, - (void *)dbname)); -} - static SECStatus ChangeKeyDBPasswordAlg(NSSLOWKEYDBHandle *handle, SECItem *oldpwitem, SECItem *newpwitem, @@ -577,148 +571,12 @@ nsslowkey_version(DB *db) return 255; } - if ( ret == 1 ) { + if ( ret >= 1 ) { return 0; } return *( (unsigned char *)versionData.data); } -#ifdef NSS_USE_KEY4_DB -nsslowkey_UpdateKey3DBPass1(NSSLOWKEYDBHandle *handle) -{ - SECStatus rv; - DBT checkKey; - DBT checkData; - DBT saltKey; - DBT saltData; - DBT key; - DBT data; - DBT newKey; - unsigned char buf[SHA1_LENGTH]; - unsigned char version; - SECItem *rc4key = NULL; - NSSLOWKEYDBKey *dbkey = NULL; - SECItem *oldSalt = NULL; - int ret; - SECItem checkitem; - - if ( handle->updatedb == NULL ) { - return(SECSuccess); - } - - /* - * check the version record - */ - version = nsslowkey_version(handle->updatedb); - if (version != 3) { - goto done; - } - - saltKey.data = SALT_STRING; - saltKey.size = sizeof(SALT_STRING) - 1; - - ret = (* handle->updatedb->get)(handle->updatedb, &saltKey, &saltData, 0); - if ( ret ) { - /* no salt in old db, so it is corrupted */ - goto done; - } - - oldSalt = decodeKeyDBGlobalSalt(&saltData); - if ( oldSalt == NULL ) { - /* bad salt in old db, so it is corrupted */ - goto done; - } - - /* - * look for a pw check entry - */ - checkKey.data = KEYDB_PW_CHECK_STRING; - checkKey.size = KEYDB_PW_CHECK_LEN; - - ret = (* handle->updatedb->get)(handle->updatedb, &checkKey, - &checkData, 0 ); - if (ret) { - checkKey.data = KEYDB_FAKE_PW_CHECK_STRING; - checkKey.size = KEYDB_FAKE_PW_CHECK_LEN; - ret = (* handle->updatedb->get)(handle->updatedb, &checkKey, - &checkData, 0 ); - if (ret) { - goto done; - } - } - - /* put global salt into the new database now */ - ret = (* handle->db->put)( handle->db, &saltKey, &saltData, 0); - if ( ret ) { - goto done; - } - - if (checkKey.size == KEYDB_PW_CHECK_LEN) { - dbkey = decode_dbkey(&checkData, 3); - if ( dbkey == NULL ) { - goto done; - } - rv = put_dbkey(handle, &checkKey, dbkey, PR_FALSE); - ret = (rv != SECSuccess); - } else { - ret = (* handle->db->put)(handle->db, &checkKey, &checkData, 0); - } - if ( ret ) { - goto done; - } - - /* now traverse the database */ - ret = (* handle->updatedb->seq)(handle->updatedb, &key, &data, R_FIRST); - if ( ret ) { - goto done; - } - - do { - - /* skip version record */ - if ( data.size > 1 ) { - /* skip salt */ - if ( key.size == ( sizeof(SALT_STRING) - 1 ) ) { - if ( PORT_Memcmp(key.data, SALT_STRING, key.size) == 0 ) { - continue; - } - } - /* skip pw check entry */ - if ( key.size == checkKey.size ) { - if ( PORT_Memcmp(key.data, checkKey.data, key.size) == 0 ) { - continue; - } - } - dbkey = decode_dbkey(&data, 3); - if ( dbkey == NULL ) { - continue; - } - SHA1_HashBuf(buf,key.data,key.size); - newKey.data = buf; - newKey.size = SHA1_LENGTH; - - rv = put_dbkey(handle, &newKey, dbkey, PR_FALSE); - - sec_destroy_dbkey(dbkey); - - } - } while ( (* handle->updatedb->seq)(handle->updatedb, &key, &data, - R_NEXT) == 0 ); - -done: - /* sync the database */ - ret = (* handle->db->sync)(handle->db, 0); - - (* handle->updatedb->close)(handle->updatedb); - handle->updatedb = NULL; - - if ( oldSalt ) { - SECITEM_FreeItem(oldSalt, PR_TRUE); - } - return(SECSuccess); -} -#endif - static PRBool seckey_HasAServerKey(DB *db) { @@ -958,18 +816,9 @@ done: return(SECSuccess); } -#ifdef DBM_USING_NSPR -#define NO_RDONLY PR_RDONLY -#define NO_RDWR PR_RDWR -#define NO_CREATE (PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE) -#else -#define NO_RDONLY O_RDONLY -#define NO_RDWR O_RDWR -#define NO_CREATE (O_RDWR | O_CREAT | O_TRUNC) -#endif - NSSLOWKEYDBHandle * -nsslowkey_OpenKeyDB(PRBool readOnly, NSSLOWKEYDBNameFunc namecb, void *cbarg) +nsslowkey_OpenKeyDB(PRBool readOnly, const char *appName, const char *prefix, + NSSLOWKEYDBNameFunc namecb, void *cbarg) { NSSLOWKEYDBHandle *handle; int ret; @@ -993,8 +842,12 @@ nsslowkey_OpenKeyDB(PRBool readOnly, NSSLOWKEYDBNameFunc namecb, void *cbarg) handle->dbname = PORT_Strdup(dbname); handle->readOnly = readOnly; - - handle->db = dbopen( dbname, openflags, 0600, DB_HASH, 0 ); + + if (appName) { + handle->db = rdbopen( appName, prefix, "key", openflags); + } else { + handle->db = dbopen( dbname, openflags, 0600, DB_HASH, 0 ); + } /* check for correct version number */ if (handle->db != NULL) { @@ -1013,39 +866,18 @@ nsslowkey_OpenKeyDB(PRBool readOnly, NSSLOWKEYDBNameFunc namecb, void *cbarg) } newdb: - + /* if first open fails, try to create a new DB */ if ( handle->db == NULL ) { -#ifdef NSS_USE_KEY4_DB - char *dbname3 = (*namecb)(cbarg, 3); - - if ( readOnly ) { - if (dbname3 == NULL) { - goto loser; - } - handle->db = dbopen( dbname3, NO_RDONLY, 0600, DB_HASH, 0 ); - PORT_Free(handle->dbname); - handle->dbname = dbname3; - dbname3 = NULL; - if (handle->db == NULL) { - goto loser; - } - handle->version = nsslowkey_version(handle->db); - if (handle->version != 3) { - /* bogus version number record, reset the database */ - (* handle->db->close)( handle->db ); - handle->db = NULL; - goto loser; - } - goto done; - } -#else if ( readOnly ) { goto loser; } -#endif - handle->db = dbopen( dbname, NO_CREATE, 0600, DB_HASH, 0 ); + if (appName) { + handle->db = rdbopen( appName, prefix, "key", NO_CREATE); + } else { + handle->db = dbopen( dbname, NO_CREATE, 0600, DB_HASH, 0 ); + } PORT_Free( dbname ); dbname = NULL; @@ -1059,22 +891,6 @@ newdb: if ( rv != SECSuccess ) { goto loser; } - -#ifdef NSS_USE_KEY4_DB - handle->updatedb = dbopen( dbname3, NO_RDONLY, 0600, DB_HASH, 0 ); - PORT_Free(dbname3); - dbname3 = NULL; - if (handle->updatedb) { - /* - * copy the key data, all the real work happens in pass2 - */ - rv = nsslowkey_UpdateKey3DBPass1(handle); - if ( rv == SECSuccess ) { - updated = PR_TRUE; - } - goto skip_v2_db; - } -#endif /* NSS_USE_KEY4_DB */ /* * try to update from v2 db */ @@ -1099,9 +915,6 @@ newdb: } -#ifdef NSS_USE_KEY4_DB -skip_v2_db: -#endif /* we are using the old salt if we updated from an old db */ if ( ! updated ) { rv = makeGlobalSalt(handle); @@ -1117,9 +930,6 @@ skip_v2_db: } } -#ifdef NSS_USE_KEY4_DB -done: -#endif handle->global_salt = GetKeyDBGlobalSalt(handle); if ( dbname ) PORT_Free( dbname ); diff --git a/security/nss/lib/softoken/lowkeyi.h b/security/nss/lib/softoken/lowkeyi.h index 045e0cfef4e6..3b3fb4529f21 100644 --- a/security/nss/lib/softoken/lowkeyi.h +++ b/security/nss/lib/softoken/lowkeyi.h @@ -32,7 +32,7 @@ * * key.h - public data structures and prototypes for the private key library * - * $Id: lowkeyi.h,v 1.5 2002/02/21 22:41:38 ian.mcgreer%sun.com Exp $ + * $Id: lowkeyi.h,v 1.6 2002/04/05 09:17:50 relyea%netscape.com Exp $ */ #ifndef _LOWKEYI_H_ @@ -66,11 +66,11 @@ typedef char * (* NSSLOWKEYDBNameFunc)(void *arg, int dbVersion); ** Open a key database. */ extern NSSLOWKEYDBHandle *nsslowkey_OpenKeyDB(PRBool readOnly, + const char *domain, + const char *prefix, NSSLOWKEYDBNameFunc namecb, void *cbarg); -extern NSSLOWKEYDBHandle *nsslowkey_OpenKeyDBFilename(char *filename, - PRBool readOnly); /* * Clear out all the keys in the existing database diff --git a/security/nss/lib/softoken/manifest.mn b/security/nss/lib/softoken/manifest.mn index 59da34782736..1649cd0f102c 100644 --- a/security/nss/lib/softoken/manifest.mn +++ b/security/nss/lib/softoken/manifest.mn @@ -40,15 +40,7 @@ LIBRARY_NAME = softokn LIBRARY_VERSION = 3 MAPFILE = $(OBJDIR)/softokn.def -# -# turn this on to get key4 generation and use. -# -# key4.db is properly indexed so we don't have to do db traversals to find keys. -# turning on key4.db will automatically upgrade to key4 on startup if we open -# the directory R/W and key4.db doesn't exist. If we open the directory up -# R/O it opens and used the old key3.db without any update at all. -# -#DEFINES += -DNSS_USE_KEY4_DB +DEFINES += -DSHLIB_SUFFIX=\"${DLL_SUFFIX}\" EXPORTS = \ diff --git a/security/nss/lib/softoken/pcert.h b/security/nss/lib/softoken/pcert.h index d7e48004e21d..c1d9b31281d4 100644 --- a/security/nss/lib/softoken/pcert.h +++ b/security/nss/lib/softoken/pcert.h @@ -139,6 +139,7 @@ nsslowcert_DestroyDBEntry(certDBEntry *entry); SECStatus nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly, + const char *domain, const char *prefix, NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile); void diff --git a/security/nss/lib/softoken/pcertdb.c b/security/nss/lib/softoken/pcertdb.c index 25225e825eef..2b1fb5eb384d 100644 --- a/security/nss/lib/softoken/pcertdb.c +++ b/security/nss/lib/softoken/pcertdb.c @@ -34,7 +34,7 @@ /* * Permanent Certificate database handling code * - * $Id: pcertdb.c,v 1.14 2002/04/05 03:33:42 nelsonb%netscape.com Exp $ + * $Id: pcertdb.c,v 1.15 2002/04/05 09:17:50 relyea%netscape.com Exp $ */ #include "prtime.h" @@ -541,7 +541,7 @@ static SECStatus DecodeDBCertEntry(certDBEntryCert *entry, SECItem *dbentry) { unsigned int nnlen; - int headerlen; + unsigned int headerlen; int lenoff; /* allow updates of old versions of the database */ @@ -2602,6 +2602,7 @@ ReadDBVersionEntry(NSSLOWCERTCertDBHandle *handle) certDBEntryVersion *entry; SECItem dbkey; SECItem dbentry; + SECStatus rv; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if ( arena == NULL ) { @@ -2633,7 +2634,10 @@ ReadDBVersionEntry(NSSLOWCERTCertDBHandle *handle) PORT_Memcpy(&dbkey.data[SEC_DB_KEY_HEADER_LEN], SEC_DB_VERSION_KEY, SEC_DB_VERSION_KEY_LEN); - ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena); + rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena); + if (rv != SECSuccess) { + goto loser; + } PORT_FreeArena(tmparena, PR_FALSE); return(entry); @@ -2758,11 +2762,11 @@ AddPermSubjectNode(certDBEntrySubject *entry, NSSLOWCERTCertificate *cert, char *nickname) { SECItem *newCertKeys, *newKeyIDs; - int i; + unsigned int i; SECStatus rv; NSSLOWCERTCertificate *cmpcert; unsigned int nnlen; - int ncerts; + unsigned int ncerts; PORT_Assert(entry); @@ -2860,7 +2864,7 @@ nsslowcert_TraversePermCertsForSubject(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTCertCallback cb, void *cbarg) { certDBEntrySubject *entry; - int i; + unsigned int i; NSSLOWCERTCertificate *cert; SECStatus rv = SECSuccess; @@ -3551,7 +3555,8 @@ nsslowcert_CertNicknameConflict(char *nickname, SECItem *derSubject, */ static SECStatus nsslowcert_OpenPermCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly, - NSSLOWCERTDBNameFunc namecb, void *cbarg) + const char *appName, const char *prefix, + NSSLOWCERTDBNameFunc namecb, void *cbarg) { SECStatus rv; int openflags; @@ -3572,7 +3577,11 @@ nsslowcert_OpenPermCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly, /* * first open the permanent file based database. */ - handle->permCertDB = dbopen( certdbname, openflags, 0600, DB_HASH, 0 ); + if (appName) { + handle->permCertDB = rdbopen( appName, prefix, "cert", openflags); + } else { + handle->permCertDB = dbopen( certdbname, openflags, 0600, DB_HASH, 0 ); + } /* check for correct version number */ if ( handle->permCertDB ) { @@ -3593,7 +3602,6 @@ nsslowcert_OpenPermCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly, } } - /* if first open fails, try to create a new DB */ if ( handle->permCertDB == NULL ) { @@ -3602,7 +3610,11 @@ nsslowcert_OpenPermCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly, goto loser; } - handle->permCertDB = dbopen(certdbname, NO_CREATE, 0600, DB_HASH, 0); + if (appName) { + handle->permCertDB=rdbopen( appName, prefix, "cert", NO_CREATE); + } else { + handle->permCertDB=dbopen(certdbname, NO_CREATE, 0600, DB_HASH, 0); + } /* if create fails then we lose */ if ( handle->permCertDB == 0 ) { @@ -4049,6 +4061,7 @@ done: */ SECStatus nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly, + const char *appName, const char *prefix, NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile) { int rv; @@ -4058,7 +4071,8 @@ nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly, handle->dbMon = PZ_NewMonitor(nssILockCertDB); PORT_Assert(handle->dbMon != NULL); - rv = nsslowcert_OpenPermCertDB(handle, readOnly, namecb, cbarg); + rv = nsslowcert_OpenPermCertDB(handle, readOnly, appName, prefix, + namecb, cbarg); if ( rv ) { goto loser; } diff --git a/security/nss/lib/softoken/pk11db.c b/security/nss/lib/softoken/pk11db.c index 794b8384d1a4..6d0211cc598e 100644 --- a/security/nss/lib/softoken/pk11db.c +++ b/security/nss/lib/softoken/pk11db.c @@ -39,6 +39,7 @@ #include "pk11pars.h" #include "pkcs11i.h" #include "mcom_db.h" +#include "cdbhdl.h" #define FREE_CLEAR(p) if (p) { PORT_Free(p); p = NULL; } @@ -247,13 +248,14 @@ secmod_freeParams(pk11_parameters *params) char * -secmod_getSecmodName(char *param, PRBool *rw) +secmod_getSecmodName(char *param, char **appName, char **filename,PRBool *rw) { int next; char *configdir = NULL; char *secmodName = NULL; char *value = NULL; char *save_params = param; + char *lconfigdir; param = pk11_argStrip(param); @@ -268,13 +270,15 @@ secmod_getSecmodName(char *param, PRBool *rw) pk11_argHasFlag("flags","noModDB",save_params)) *rw = PR_FALSE; if (!secmodName || *secmodName == '\0') secmodName = PORT_Strdup(SECMOD_DB); + *filename = secmodName; - if (configdir) { + lconfigdir = pk11_EvaluateConfigDir(configdir, appName); + + if (lconfigdir) { value = PR_smprintf("%s" PATH_SEPARATOR "%s",configdir,secmodName); } else { - value = PORT_Strdup(secmodName); + value = PR_smprintf("%s",secmodName); } - PORT_Free(secmodName); if (configdir) PORT_Free(configdir); return value; } @@ -631,22 +635,26 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal) } -#ifdef DBM_USING_NSPR -#define NO_RDONLY PR_RDONLY -#define NO_RDWR PR_RDWR -#define NO_CREATE (PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE) -#else -#define NO_RDONLY O_RDONLY -#define NO_RDWR O_RDWR -#define NO_CREATE (O_RDWR | O_CREAT | O_TRUNC) -#endif - static DB * -secmod_OpenDB(char *dbName, PRBool readOnly) +secmod_OpenDB(const char *appName, + const char *filename, const char *dbName, PRBool readOnly) { DB *pkcs11db = NULL; - + + + if (appName) { + char *secname = PORT_Strdup(filename); + int len = strlen(secname); + + if (len >= 3 && PORT_Strcmp(&secname[len-3],".db") == 0) { + secname[len-3] = 0; + } + pkcs11db=rdbopen(appName, "", secname, readOnly ? NO_RDONLY:NO_CREATE); + PORT_Free(secname); + return pkcs11db; + } + /* I'm sure we should do more checks here sometime... */ pkcs11db = dbopen(dbName, readOnly ? NO_RDONLY : NO_RDWR, 0600, DB_HASH, 0); @@ -702,7 +710,8 @@ secmod_addEscape(const char *string, char quote) * Read all the existing modules in */ char ** -secmod_ReadPermDB(char *dbname, char *params, PRBool rw) +secmod_ReadPermDB(const char *appName, const char *filename, + const char *dbname, char *params, PRBool rw) { DBT key,data; int ret; @@ -714,7 +723,7 @@ secmod_ReadPermDB(char *dbname, char *params, PRBool rw) moduleList = (char **) PORT_ZAlloc(useCount*sizeof(char **)); if (moduleList == NULL) return NULL; - pkcs11db = secmod_OpenDB(dbname,PR_TRUE); + pkcs11db = secmod_OpenDB(appName,filename,dbname,PR_TRUE); if (pkcs11db == NULL) goto done; /* read and parse the file or data base */ @@ -756,16 +765,29 @@ done: if (pkcs11db) { secmod_CloseDB(pkcs11db); } else { - secmod_AddPermDB(dbname,moduleList[0], rw) ; + secmod_AddPermDB(appName,filename,dbname,moduleList[0], rw) ; } return moduleList; } +SECStatus +secmod_ReleasePermDBData(const char *appName, const char *filename, + const char *dbname, char **moduleSpecList, PRBool rw) +{ + char **index; + for(index = moduleSpecList; *index; index++) { + PR_smprintf_free(*index); + } + PORT_Free(moduleSpecList); + return SECSuccess; +} + /* * Delete a module from the Data Base */ SECStatus -secmod_DeletePermDB(char *dbname, char *args, PRBool rw) +secmod_DeletePermDB(const char *appName, const char *filename, + const char *dbname, char *args, PRBool rw) { DBT key; SECStatus rv = SECFailure; @@ -775,7 +797,7 @@ secmod_DeletePermDB(char *dbname, char *args, PRBool rw) if (!rw) return SECFailure; /* make sure we have a db handle */ - pkcs11db = secmod_OpenDB(dbname,PR_FALSE); + pkcs11db = secmod_OpenDB(appName,filename,dbname,PR_FALSE); if (pkcs11db == NULL) { return SECFailure; } @@ -800,7 +822,8 @@ done: * Add a module to the Data base */ SECStatus -secmod_AddPermDB(char *dbname, char *module, PRBool rw) +secmod_AddPermDB(const char *appName, const char *filename, + const char *dbname, char *module, PRBool rw) { DBT key,data; SECStatus rv = SECFailure; @@ -811,7 +834,7 @@ secmod_AddPermDB(char *dbname, char *module, PRBool rw) if (!rw) return SECFailure; /* make sure we have a db handle */ - pkcs11db = secmod_OpenDB(dbname,PR_FALSE); + pkcs11db = secmod_OpenDB(appName,filename,dbname,PR_FALSE); if (pkcs11db == NULL) { return SECFailure; } diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 3775d257d9d5..77912da0baa5 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -2257,29 +2257,37 @@ pk11_DestroySlotData(PK11Slot *slot) * handle the SECMOD.db */ char ** -NSC_ModuleDBFunc(unsigned long function,char *parameters, char *args) +NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args) { - char *secmod; + char *secmod = NULL; + char *appName = NULL; + char *filename = NULL; PRBool rw; static char *success="Success"; char **rvstr = NULL; - secmod = secmod_getSecmodName(parameters,&rw); + secmod = secmod_getSecmodName(parameters,&appName,&filename, &rw); switch (function) { case SECMOD_MODULE_DB_FUNCTION_FIND: - rvstr = secmod_ReadPermDB(secmod,parameters,rw); + rvstr = secmod_ReadPermDB(appName,filename,secmod,(char *)parameters,rw); break; case SECMOD_MODULE_DB_FUNCTION_ADD: - rvstr = (secmod_AddPermDB(secmod,args,rw) == SECSuccess) - ? &success: NULL; + rvstr = (secmod_AddPermDB(appName,filename,secmod,(char *)args,rw) + == SECSuccess) ? &success: NULL; break; case SECMOD_MODULE_DB_FUNCTION_DEL: - rvstr = (secmod_DeletePermDB(secmod,args,rw) == SECSuccess) - ? &success: NULL; + rvstr = (secmod_DeletePermDB(appName,filename,secmod,(char *)args,rw) + == SECSuccess) ? &success: NULL; + break; + case SECMOD_MODULE_DB_FUNCTION_RELEASE: + rvstr = (secmod_ReleasePermDBData(appName,filename,secmod, + (char **)args,rw) == SECSuccess) ? &success: NULL; break; } if (secmod) PR_smprintf_free(secmod); + if (appName) PORT_Free(appName); + if (filename) PORT_Free(filename); return rvstr; } @@ -2425,6 +2433,7 @@ CK_RV NSC_GetInfo(CK_INFO_PTR pInfo) return CKR_OK; } + /* NSC_GetSlotList obtains a list of slots in the system. */ CK_RV NSC_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) @@ -3213,7 +3222,6 @@ CK_RV NSC_CopyObject(CK_SESSION_HANDLE hSession, if (crv != CKR_OK) { pk11_FreeObject(destObject); pk11_FreeSession(session); - return crv; } crv = pk11_handleObject(destObject,session); diff --git a/security/nss/lib/softoken/pkcs11i.h b/security/nss/lib/softoken/pkcs11i.h index 391f2f152671..d909eaae7e69 100644 --- a/security/nss/lib/softoken/pkcs11i.h +++ b/security/nss/lib/softoken/pkcs11i.h @@ -113,6 +113,8 @@ #endif #define MAX_KEY_LEN 256 +#define MULTIACCESS "multiaccess:" + /* * LOG2_BUCKETS_PER_SESSION_LOCK must be a prime number. * With SESSION_HASH_SIZE=1024, LOG2 can be 9, 5, 1, or 0. @@ -594,10 +596,16 @@ extern PRBool pk11_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type); extern CK_RV secmod_parseParameters(char *param, pk11_parameters *parsed, PRBool isFIPS); extern void secmod_freeParams(pk11_parameters *params); -extern char *secmod_getSecmodName(char *params, PRBool *rw); -extern char ** secmod_ReadPermDB(char *dbname, char *params, PRBool rw); -extern SECStatus secmod_DeletePermDB(char *dbname,char *args, PRBool rw); -extern SECStatus secmod_AddPermDB(char *dbname, char *module, PRBool rw); +extern char *secmod_getSecmodName(char *params, char **domain, + char **filename, PRBool *rw); +extern char ** secmod_ReadPermDB(const char *domain, const char *filename, + const char *dbname, char *params, PRBool rw); +extern SECStatus secmod_DeletePermDB(const char *domain, const char *filename, + const char *dbname, char *args, PRBool rw); +extern SECStatus secmod_AddPermDB(const char *domain, const char *filename, + const char *dbname, char *module, PRBool rw); +extern SECStatus secmod_ReleasePermDBData(const char *domain, + const char *filename, const char *dbname, char **specList, PRBool rw); /* * OK there are now lots of options here, lets go through them all: * @@ -623,6 +631,8 @@ CK_RV pk11_DBInit(const char *configdir, const char *certPrefix, void pk11_DBShutdown(NSSLOWCERTCertDBHandle *certHandle, NSSLOWKEYDBHandle *keyHandle); +const char *pk11_EvaluateConfigDir(const char *configdir, char **domain); + /* * narrow objects */ diff --git a/security/nss/lib/softoken/pkcs11n.h b/security/nss/lib/softoken/pkcs11n.h index 565e7a90f1c9..9017287934e5 100644 --- a/security/nss/lib/softoken/pkcs11n.h +++ b/security/nss/lib/softoken/pkcs11n.h @@ -36,7 +36,7 @@ #define _PKCS11N_H_ #ifdef DEBUG -static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.3 $ $Date: 2002/03/02 00:52:04 $ $Name: $"; +static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.4 $ $Date: 2002/04/05 09:17:51 $ $Name: $"; #endif /* DEBUG */ /* @@ -213,11 +213,13 @@ typedef CK_ULONG CK_TRUST; * The function 'ADD' takes a PKCS #11 initialization string and stores it. * The function 'DEL' takes a 'name= library=' value and deletes the associated * string. + * The function 'RELEASE' frees the array returned by 'FIND' */ #define SECMOD_MODULE_DB_FUNCTION_FIND 0 #define SECMOD_MODULE_DB_FUNCTION_ADD 1 #define SECMOD_MODULE_DB_FUNCTION_DEL 2 +#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3 typedef char ** (PR_CALLBACK *SECMODModuleDBFunc)(unsigned long function, - char *parameters, char *moduleSpec); + char *parameters, void *moduleSpec); #endif /* _PKCS11N_H_ */ diff --git a/security/nss/lib/softoken/softokn.rc b/security/nss/lib/softoken/softokn.rc index 8c4c6f7c62d8..a6477ed12757 100644 --- a/security/nss/lib/softoken/softokn.rc +++ b/security/nss/lib/softoken/softokn.rc @@ -34,13 +34,21 @@ #include "nss.h" #include -#define MY_LIBNAME "softokn" +#define MY_LIBNAME "softoken" #ifdef MOZ_CLIENT -#define MY_FILEDESCRIPTION "NSS Builtin Crypto PKCS #11 Library for Clients" +#define CLIENTS " for Clients" #else -#define MY_FILEDESCRIPTION "NSS Builtin Crypto PKCS #11 Library" +#define CLIENTS "" #endif +#ifdef REMOTE_DBM +#define DBM " with Shared Database" +#else +#define DBM "" +#endif + +#define MY_FILEDESCRIPTION "NSS PKCS #11 Library" CLIENTS DBM + #define STRINGIZE(x) #x #define STRINGIZE2(x) STRINGIZE(x) #define NSS_VMAJOR_STR STRINGIZE2(NSS_VMAJOR)