mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Fix 183385 - eliminate references to NSS key/cert/module files. 

The LDAP tools code no longer has any knowledge of the NSS
	file names; the certpath2keypath() function has been deleted
	and we now simply use the certdbpath as keydbpath when it is
	provided (it makes no difference in the end). But note that
	because we need to maintain backwards compatibility, the
	libssldap code used by the ldapssl_.*_init() functions still
	knows the default name of the NSS module file (secmod.db),
	and the code also relies on the fact that the suffix for the
	key and cert files is ".db" and that the first letter in the
	main part of the name is either 'c' or 'k'.
Also fixed a bug that caused the module file name specified on
	the LDAP tools command line (-m name) to be ignored.
The ldapsearch and ldapcmp tools now exit with LDAP_NO_MEMORY
	if an LDIF fragment can't be constructed.
Also fixed some issues reported by lint:
	Return values that were ignored.
	Make more functions and global variables static.
	Add /*ARGSUSED*/ and similar lint-friendly comments.
This commit is contained in:
mcs%netscape.com 2003-03-21 16:00:34 +00:00
Родитель 0f1234132d
Коммит 5de84ec0c5
10 изменённых файлов: 115 добавлений и 134 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
directory/c-sdk/ldap/clients/tools/argpin.c
Просмотреть файл

@ -52,10 +52,12 @@ static const struct SVRCOREPinMethods vtable;
*/
/*ARGSUSED*/
void echoOff(int fd)
{
}
/*ARGSUSED*/
void echoOn(int fd)
{
}

109
directory/c-sdk/ldap/clients/tools/common.c
Просмотреть файл

@ -32,7 +32,7 @@
#include "ntuserpin.h"
#endif /* LDAP_TOOL_ARGPIN */
#include <nspr.h> /* for PR_Cleanup() */
#include <nspr.h>
#include <stdlib.h>
#include <time.h> /* for time() and ctime() */
@ -51,8 +51,7 @@ static void ldaptool_debug_free( void *ptr );
#endif /* LDAPTOOL_DEBUG_MEMORY */
#if defined(NET_SSL)
static char *certpath2keypath( char *certdbpath );
static int ldaptool_setcallbacks( struct ldapssl_pkcs_fns *pfns);
static void ldaptool_setcallbacks( struct ldapssl_pkcs_fns *pfns);
static char * buildTokenCertName( const char *tokenName, const char *certName);
#ifdef FORTEZZA
static int ldaptool_fortezza_init( int exit_on_error );
@ -149,11 +148,7 @@ int ldaptool_port2 = LDAP_PORT;
int ldaptool_verbose = 0;
int ldaptool_not = 0;
FILE *ldaptool_fp = NULL;
FILE *password_fp = NULL;
char *ldaptool_progname = "";
char *ldaptool_nls_lang = NULL;
char *proxyauth_id = NULL;
int proxyauth_version = 2; /* use newer proxy control */
LDAPControl *ldaptool_request_ctrls[CONTROL_REQUESTS] = {0};
#ifdef LDAP_DEBUG
int ldaptool_dbg_lvl = 0;
@ -171,6 +166,9 @@ static int ldversion = -1; /* use default */
static int refhoplim = LDAPTOOL_DEFREFHOPLIMIT;
static int send_manage_dsait_ctrl = 0;
static int prompt_password = 0;
static FILE *password_fp = NULL;
static char *proxyauth_id = NULL;
static int proxyauth_version = 2; /* use newer proxy control */
#ifndef NO_LIBLCACHE
static char *cache_config_file = NULL;
@ -545,8 +543,8 @@ ldaptool_process_args( int argc, char **argv, char *extra_opts,
break;
case 'y': /* old (version 1) proxied authorization control */
proxyauth_version = 1;
case 'Y': /* new (version 2 ) proxied authorization control */
/*FALLTHRU*/
case 'Y': /* new (version 2 ) proxied authorization control */
proxyauth_id = strdup(optarg);
if (NULL == proxyauth_id)
{
@ -618,7 +616,11 @@ ldaptool_process_args( int argc, char **argv, char *extra_opts,
if ( NULL == ssl_certdbpath ) {
ssl_keydbpath = LDAPTOOL_DEFKEYDBPATH;
} else {
ssl_keydbpath = certpath2keypath( ssl_certdbpath );
/* The ldapssl_.*init() functions, which call NSS_Initialize(),
* don't rely on the key DB path ending in the correct filename,
* so it is OK to just pass them the cert DB path.
*/
ssl_keydbpath = ssl_certdbpath;
}
}
if ( NULL == ssl_certdbpath ) {
@ -1160,7 +1162,7 @@ ldaptool_print_extended_response( LDAP *ld, LDAPMessage *res, char *msg )
if ( ldap_parse_extended_result( ld, res, &oid, &data, 0 )
!= LDAP_SUCCESS ) {
ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
(void)ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
} else {
if ( oid != NULL ) {
if ( strcmp ( oid, LDAP_NOTICE_OF_DISCONNECTION ) == 0 ) {
@ -1204,7 +1206,7 @@ ldaptool_sasl_bind_s( LDAP *ld, const char *dn, const char *mechanism,
if (( rc = ldap_sasl_bind( ld, dn, mechanism, cred, serverctrls,
clientctrls, &msgid )) != LDAP_SUCCESS ) {
ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
(void)ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
} else {
rc = wait4result( ld, msgid, servercredp, msg );
}
@ -1242,7 +1244,7 @@ ldaptool_add_ext_s( LDAP *ld, const char *dn, LDAPMod **attrs,
if (( rc = ldap_add_ext( ld, dn, attrs, serverctrls, clientctrls, &msgid ))
!= LDAP_SUCCESS ) {
ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
(void)ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
} else {
/*
* 25-April-2000 Note: the next line used to read:
@ -1269,7 +1271,7 @@ ldaptool_modify_ext_s( LDAP *ld, const char *dn, LDAPMod **mods,
if (( rc = ldap_modify_ext( ld, dn, mods, serverctrls, clientctrls,
&msgid )) != LDAP_SUCCESS ) {
ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
(void)ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
} else {
rc = wait4result( ld, msgid, NULL, msg );
}
@ -1290,7 +1292,7 @@ ldaptool_delete_ext_s( LDAP *ld, const char *dn, LDAPControl **serverctrls,
if (( rc = ldap_delete_ext( ld, dn, serverctrls, clientctrls, &msgid ))
!= LDAP_SUCCESS ) {
ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
(void)ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
} else {
rc = wait4result( ld, msgid, NULL, msg );
}
@ -1311,7 +1313,7 @@ int ldaptool_compare_ext_s( LDAP *ld, const char *dn, const char *attrtype,
if (( rc = ldap_compare_ext( ld, dn, attrtype, bvalue, serverctrls,
clientctrls, &msgid )) != LDAP_SUCCESS ) {
ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
(void)ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
} else {
rc = wait4result( ld, msgid, NULL, msg );
}
@ -1333,7 +1335,7 @@ ldaptool_rename_s( LDAP *ld, const char *dn, const char *newrdn,
if (( rc = ldap_rename( ld, dn, newrdn, newparent, deleteoldrdn,
serverctrls, clientctrls, &msgid )) != LDAP_SUCCESS ) {
ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
(void)ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
} else {
rc = wait4result( ld, msgid, NULL, msg );
}
@ -1357,7 +1359,7 @@ wait4result( LDAP *ld, int msgid, struct berval **servercredp, char *msg )
res = NULL;
if (( rc = ldap_result( ld, msgid, 1, (struct timeval *)NULL, &res ))
== -1 ) {
ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
(void)ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
return( ldap_get_lderrno( ld, NULL, NULL ));
}
@ -1391,7 +1393,7 @@ parse_result( LDAP *ld, LDAPMessage *res, struct berval **servercredp,
if (( rc = ldap_parse_result( ld, res, &lderr, NULL, NULL, &refs,
&ctrls, 0 )) != LDAP_SUCCESS ) {
ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
(void)ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
ldap_msgfree( res );
return( rc );
}
@ -1453,7 +1455,7 @@ parse_result( LDAP *ld, LDAPMessage *res, struct berval **servercredp,
if ( servercredp != NULL && ( rc = ldap_parse_sasl_bind_result( ld, res,
servercredp, 0 )) != LDAP_SUCCESS ) {
ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
(void)ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
ldap_msgfree( res );
return( rc );
}
@ -1463,7 +1465,7 @@ parse_result( LDAP *ld, LDAPMessage *res, struct berval **servercredp,
}
if ( LDAPTOOL_RESULT_IS_AN_ERROR( lderr )) {
ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
(void)ldaptool_print_lderror( ld, msg, LDAPTOOL_CHECK4SSL_IF_APPROP );
}
if ( refs != NULL ) {
@ -1678,6 +1680,7 @@ ldaptool_parse_ctrl_arg(char *ctrl_arg, char sep,
/*
* callback function for LDAP bind credentials
*/
/*ARGSUSED*/
static int
LDAP_CALL
LDAP_CALLBACK
@ -1868,58 +1871,6 @@ ldaptool_debug_free( void *ptr )
#if defined(NET_SSL)
/*
* Derive key database path from certificate database path and return a
* malloc'd string.
*
* We just return an exact copy of "certdbpath" unless it ends in "cert.db",
* "cert5.db", or "cert7.db". In those cases we strip off everything from
* "cert" on and append "key.db", "key5.db", or "key3.db" as appropriate.
* Strangely enough cert7.db and key3.db go together.
*/
static char *
certpath2keypath( char *certdbpath )
{
char *keydbpath, *appendstr;
int len, striplen;
if ( certdbpath == NULL ) {
return( NULL );
}
if (( keydbpath = strdup( certdbpath )) == NULL ) {
perror( "strdup" );
exit( LDAP_NO_MEMORY );
}
len = strlen( keydbpath );
if ( len > 7 &&
strcasecmp( "cert.db", keydbpath + len - 7 ) == 0 ) {
striplen = 7;
appendstr = "key.db";
} else if ( len > 8 &&
strcasecmp( "cert5.db", keydbpath + len - 8 ) == 0 ) {
striplen = 8;
appendstr = "key5.db";
} else if ( len > 8 &&
strcasecmp( "cert7.db", keydbpath + len - 8 ) == 0 ) {
striplen = 8;
appendstr = "key3.db";
} else {
striplen = 0;
}
if ( striplen > 0 ) {
/*
* The following code assumes that strlen( appendstr ) < striplen!
*/
strcpy( keydbpath + len - striplen, appendstr );
}
return( keydbpath );
}
#ifdef LDAP_TOOL_PKCS11
static
char *
@ -1944,8 +1895,8 @@ buildTokenCertName( const char *tokenName, const char *certName)
static
int
/*ARGSUSED*/
static int
ldaptool_getcertpath( void *context, char **certlocp )
{
@ -1964,6 +1915,7 @@ ldaptool_getcertpath( void *context, char **certlocp )
return LDAP_SUCCESS;
}
/*ARGSUSED*/
int
ldaptool_getcertname( void *context, char **certnamep )
{
@ -1982,6 +1934,7 @@ ldaptool_getcertname( void *context, char **certnamep )
return LDAP_SUCCESS;
}
/*ARGSUSED*/
int
ldaptool_getkeypath(void *context, char **keylocp )
{
@ -2000,6 +1953,7 @@ ldaptool_getkeypath(void *context, char **keylocp )
return LDAP_SUCCESS;
}
/*ARGSUSED*/
int
ldaptool_gettokenname( void *context, char **tokennamep )
{
@ -2018,6 +1972,8 @@ ldaptool_gettokenname( void *context, char **tokennamep )
return LDAP_SUCCESS;
}
/*ARGSUSED*/
int
ldaptool_gettokenpin( void *context, const char *tokennamep, char **tokenpinp)
{
@ -2058,6 +2014,7 @@ ldaptool_gettokenpin( void *context, const char *tokennamep, char **tokenpinp)
#endif
}
/*ARGSUSED*/
int
ldaptool_getmodpath( void *context, char **modulep )
{
@ -2076,6 +2033,7 @@ ldaptool_getmodpath( void *context, char **modulep )
return LDAP_SUCCESS;
}
/*ARGSUSED*/
int
ldaptool_getdonglefilename( void *context, char **filename )
{
@ -2095,7 +2053,7 @@ ldaptool_getdonglefilename( void *context, char **filename )
return LDAP_SUCCESS;
}
static int
static void
ldaptool_setcallbacks( struct ldapssl_pkcs_fns *pfns)
{
pfns->pkcs_getcertpath = (int (*)(void *, char **))ldaptool_getcertpath;
@ -2106,7 +2064,6 @@ ldaptool_setcallbacks( struct ldapssl_pkcs_fns *pfns)
pfns->pkcs_gettokenname = (int (*)(void *, char **)) ldaptool_gettokenname;
pfns->pkcs_getdonglefilename = (int (*)(void *, char **)) ldaptool_getdonglefilename;
pfns->local_structure_id=PKCS_STRUCTURE_ID;
return LDAP_SUCCESS;
}

21
directory/c-sdk/ldap/clients/tools/ldapcmp.c
Просмотреть файл

@ -34,13 +34,13 @@ static void options_callback( int option, char *optarg );
static int docompare( LDAP *ld1, LDAP *ld2, char *base );
static int cmp2(LDAP *ld1, LDAP *ld2, LDAPMessage *e1, int findonly );
static void notfound(char *base, int dbaseno);
ATTR* get_attrs( LDAP *ld, LDAPMessage *e );
char* cmp_attrs( ATTR *a1, ATTR *a2 );
static ATTR* get_attrs( LDAP *ld, LDAPMessage *e );
static char* cmp_attrs( ATTR *a1, ATTR *a2 );
static void attr_free(ATTR *at);
#if 0 /* these functions are not used */
static void print_entry( LDAP *ld, LDAPMessage *entry, int attrsonly );
static void print_dn( LDAP *ld, LDAPMessage *entry );
static int write_ldif_value( char *type, char *value, unsigned long vallen );
static void write_ldif_value( char *type, char *value, unsigned long vallen );
#endif /* 0 */
static void
@ -212,7 +212,7 @@ docompare( LDAP *ld1, LDAP *ld2, char *base )
LDAPTOOL_CHECK4SSL_IF_APPROP ));
}
if (( rc = ldap_result2error( ld1, res, 0 )) != LDAP_SUCCESS ) {
ldaptool_print_lderror( ld1, "ldap_search",
(void)ldaptool_print_lderror( ld1, "ldap_search",
LDAPTOOL_CHECK4SSL_IF_APPROP );
}
ldap_msgfree( res );
@ -234,7 +234,7 @@ docompare( LDAP *ld1, LDAP *ld2, char *base )
LDAPTOOL_CHECK4SSL_IF_APPROP ));
}
if (( rc = ldap_result2error( ld1, res, 0 )) != LDAP_SUCCESS ) {
ldaptool_print_lderror( ld1, "ldap_search",
(void)ldaptool_print_lderror( ld1, "ldap_search",
LDAPTOOL_CHECK4SSL_IF_APPROP );
}
ldap_msgfree( res );
@ -297,7 +297,7 @@ cmp2( LDAP *ld1, LDAP *ld2, LDAPMessage *e1, int findonly)
}
ATTR*
static ATTR*
get_attrs( LDAP *ld, LDAPMessage *e )
{
char *a;
@ -334,7 +334,7 @@ get_attrs( LDAP *ld, LDAPMessage *e )
}
char*
static char*
cmp_attrs( ATTR *a1, ATTR *a2 )
{
static char result[5000];
@ -586,18 +586,17 @@ print_entry( ld, entry, attrsonly )
}
static int
static void
write_ldif_value( char *type, char *value, unsigned long vallen )
{
char *ldif;
/* ldif_type_and_value() fails only if malloc() fails. */
if (( ldif = ldif_type_and_value( type, value, (int)vallen )) == NULL ) {
return( -1 );
exit( LDAP_NO_MEMORY );
}
fputs( ldif, stdout );
free( ldif );
return( 0 );
}
#endif /* 0 */

1
directory/c-sdk/ldap/clients/tools/ldapcompare.c
Просмотреть файл

@ -131,6 +131,7 @@ main( int argc, char **argv )
return( rc );
}
/*ARGSUSED1*/
static void
options_callback( int option, char *optarg )
{

1
directory/c-sdk/ldap/clients/tools/ldapdelete.c
Просмотреть файл

@ -110,6 +110,7 @@ main( int argc, char **argv )
return( rc );
}
/*ARGSUSED1*/
static void
options_callback( int option, char *optarg )
{

3
directory/c-sdk/ldap/clients/tools/ldapmodify.c
Просмотреть файл

@ -320,7 +320,8 @@ process_ldif_rec( char *rbuf )
deleteoldrdn = 1;
use_record = force;
pmods = NULL;
dn = newrdn = newparent = NULL;
dn = newrdn = newparent = value = NULL;
modop = -1; /* invalid value */
while ( rc == 0 && ( line = ldif_getline( &rbuf )) != NULL ) {
++linenum;

23
directory/c-sdk/ldap/clients/tools/ldapsearch.c
Просмотреть файл

@ -33,7 +33,7 @@ static int dosearch( LDAP *ld, char *base, int scope, char **attrs,
static void write_string_attr_value( char *attrname, char *strval,
unsigned long opts );
#define LDAPTOOL_WRITEVALOPT_SUPPRESS_NAME 0x01
static int write_ldif_value( char *type, char *value, unsigned long vallen,
static void write_ldif_value( char *type, char *value, unsigned long vallen,
unsigned long ldifoptions );
static void print_entry( LDAP *ld, LDAPMessage *entry, int attrsonly );
static void options_callback( int option, char *optarg );
@ -701,7 +701,7 @@ dosearch( ld, base, scope, attrs, attrsonly, filtpatt, value )
parse_and_display_reference( ld, res );
} else if ( rc == LDAP_RES_EXTENDED
&& ldap_msgid( res ) == LDAP_RES_UNSOLICITED ) {
ldaptool_print_extended_response( ld, res,
(void)ldaptool_print_extended_response( ld, res,
"Unsolicited response" );
} else {
fprintf( stderr, "%s: ignoring LDAP response message"
@ -730,10 +730,10 @@ dosearch( ld, base, scope, attrs, attrsonly, filtpatt, value )
if ( ldap_parse_result( ld, res, &rc, NULL, NULL, &refs,
&ctrl_response_array, 0 ) != LDAP_SUCCESS ) {
ldaptool_print_lderror( ld, "ldap_parse_result",
(void)ldaptool_print_lderror( ld, "ldap_parse_result",
LDAPTOOL_CHECK4SSL_IF_APPROP );
} else if ( rc != LDAP_SUCCESS ) {
ldaptool_print_lderror( ld, "ldap_search",
(void)ldaptool_print_lderror( ld, "ldap_search",
LDAPTOOL_CHECK4SSL_IF_APPROP );
}
/* Parse the returned sort control */
@ -742,7 +742,7 @@ dosearch( ld, base, scope, attrs, attrsonly, filtpatt, value )
char *attribute;
if ( LDAP_SUCCESS != ldap_parse_sort_control(ld,ctrl_response_array,&result,&attribute) ) {
ldaptool_print_lderror(ld, "ldap_parse_sort_control",
(void)ldaptool_print_lderror(ld, "ldap_parse_sort_control",
LDAPTOOL_CHECK4SSL_IF_APPROP );
ldap_controls_free(ctrl_response_array);
ldap_msgfree(res);
@ -769,7 +769,7 @@ dosearch( ld, base, scope, attrs, attrsonly, filtpatt, value )
unsigned long vpos, vcount;
int vresult;
if ( LDAP_SUCCESS != ldap_parse_virtuallist_control(ld,ctrl_response_array,&vpos, &vcount,&vresult) ) {
ldaptool_print_lderror( ld, "ldap_parse_virtuallist_control",
(void)ldaptool_print_lderror( ld, "ldap_parse_virtuallist_control",
LDAPTOOL_CHECK4SSL_IF_APPROP );
ldap_controls_free(ctrl_response_array);
ldap_msgfree(res);
@ -962,7 +962,7 @@ print_entry( ld, entry, attrsonly )
}
if ( ldap_get_lderrno( ld, NULL, NULL ) != LDAP_SUCCESS ) {
ldaptool_print_lderror( ld, "ldap_first_attribute/ldap_next_attribute",
(void)ldaptool_print_lderror( ld, "ldap_first_attribute/ldap_next_attribute",
LDAPTOOL_CHECK4SSL_IF_APPROP );
}
@ -988,7 +988,7 @@ write_string_attr_value( char *attrname, char *strval, unsigned long opts )
}
static int
static void
write_ldif_value( char *type, char *value, unsigned long vallen,
unsigned long ldifoptions )
{
@ -1010,15 +1010,14 @@ write_ldif_value( char *type, char *value, unsigned long vallen,
ldifoptions |= LDIF_OPT_MINIMAL_ENCODING;
}
/* ldif_type_and_value() fails only if malloc() fails. */
if (( ldif = ldif_type_and_value_with_options( type, value, (int)vallen,
ldifoptions )) == NULL ) {
return( -1 );
exit( LDAP_NO_MEMORY );
}
fputs( ldif, stdout );
free( ldif );
return( 0 );
}
@ -1071,7 +1070,7 @@ parse_and_display_reference( LDAP *ld, LDAPMessage *ref )
char **refs;
if ( ldap_parse_reference( ld, ref, &refs, NULL, 0 ) != LDAP_SUCCESS ) {
ldaptool_print_lderror( ld, "ldap_parse_reference",
(void)ldaptool_print_lderror( ld, "ldap_parse_reference",
LDAPTOOL_CHECK4SSL_IF_APPROP );
} else if ( refs != NULL && refs[ 0 ] != NULL ) {
fputs( "Unfollowed continuation reference(s):\n", stderr );

80
directory/c-sdk/ldap/libraries/libssldap/clientinit.c
Просмотреть файл

@ -86,6 +86,11 @@ splitpath(char *string, char *dir, char *prefix, char *key) {
char *l;
int len = 0;
/* XXXmcs: This function knows more about the NSS certificate and key database
* filenames than it should. It relies on the fact that the suffix for
* these files is ".db" and that the first letter in the main part of
* the name is either 'c' or 'k'.
*/
if (string == NULL)
return (-1);
@ -128,7 +133,7 @@ splitpath(char *string, char *dir, char *prefix, char *key) {
PL_strcpy(dir, d);
}
} else {
/* neither *key[0-9].db nor *cert[0=9].db found */
/* neither *key[0-9].db nor *cert[0-9].db found */
return (-1);
}
@ -152,20 +157,28 @@ static PRStatus local_SSLPLCY_Install(void)
/*
* Note: by design, the keydbpath can actually be a certdbpath. Some
* callers rely on this behavior, e.g., the LDAP command line tools.
* This function simply does not care whether the paths end in the
* correct NSS filenames or not; the mission here is just to extract
* the base directory (which is pulled out of certdbpath) and the
* cert and key prefixes (pulled out of certdbpath and keydbpath
* respectively).
*/
static int
ldapssl_basic_init( const char *certdbpath, const char *keydbpath )
ldapssl_basic_init( const char *certdbpath, const char *keydbpath,
const char *secmoddbpath )
{
char *confDir = NULL, *certdbPrefix = NULL, *certdbName = NULL;
char *keyconfDir = NULL, *keydbPrefix = NULL, *keydbName = NULL;
char *certPath = NULL, *keyPath = NULL;
static char *secmodname = "secmod.db";
int retcode = 0;
SECStatus rc;
/* PR_Init() must to be called before everything else... */
PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
/* PR_Init() must to be called before everything else... */
PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
PR_SetConcurrency( 4 ); /* work around for NSPR 3.x I/O hangs */
PR_SetConcurrency( 4 ); /* work around for NSPR 3.x I/O hangs */
/* Get confDir, certdbPrefix and certdbName from certdbpath */
certPath = ldapssl_strdup( certdbpath );
@ -175,7 +188,7 @@ ldapssl_basic_init( const char *certdbpath, const char *keydbpath )
if (certdbPrefix) {
*certdbPrefix = '\0';
}
splitpath(certPath, confDir, certdbPrefix, certdbName);
(void)splitpath(certPath, confDir, certdbPrefix, certdbName);
/* Get keyconfDir, keydbPrefix and keydbName from keydbpath */
keyPath = ldapssl_strdup( keydbpath );
@ -185,7 +198,7 @@ ldapssl_basic_init( const char *certdbpath, const char *keydbpath )
if (keydbPrefix) {
*keydbPrefix = '\0';
}
splitpath(keyPath, keyconfDir, keydbPrefix, keydbName);
(void)splitpath(keyPath, keyconfDir, keydbPrefix, keydbName);
/* Free the variables we no longer need */
ldapssl_free((void **)&certPath);
@ -194,8 +207,16 @@ ldapssl_basic_init( const char *certdbpath, const char *keydbpath )
ldapssl_free((void **)&keydbName);
ldapssl_free((void **)&keyconfDir);
if ((rc = NSS_Initialize(confDir,certdbPrefix,keydbPrefix,
secmodname, NSS_INIT_READONLY)) != SECSuccess) {
/*
* Accept a NULL secmoddbpath (NSS_Initialize() does not; it would
* be nice if it did!)
*/
if ( NULL == secmoddbpath ) {
secmoddbpath = "secmod.db";
}
if ( NSS_Initialize(confDir,certdbPrefix,keydbPrefix,
secmoddbpath, NSS_INIT_READONLY) != SECSuccess) {
retcode = -1;
}
@ -359,12 +380,11 @@ GetDBName(const char *dbname, const char *path)
* is supported but not client authentication.
*
* If "certdbpath" is NULL or "", the default cert. db is used (typically
* ~/.netscape/cert7.db).
* ~/.netscape/cert8.db).
*
* If "certdbpath" ends with ".db" (case-insensitive compare), then
* it is assumed to be a full path to the cert. db file; otherwise,
* it is assumed to be a directory that contains a file called
* "cert7.db" or "cert.db".
* it is assumed to be a directory that contains such a file.
*
* If certdbhandle is non-NULL, it is assumed to be a pointer to a
* SECCertDBHandle structure. It is fine to pass NULL since this
@ -376,14 +396,14 @@ GetDBName(const char *dbname, const char *path)
*
* If "keydbpath" ends with ".db" (case-insensitive compare), then
* it is assumed to be a full path to the key db file; otherwise,
* it is assumed to be a directory that contains a file called
* "key3.db"
* it is assumed to be a directory that contains such a file.
*
* If certdbhandle is non-NULL< it is assumed to be a pointed to a
* SECKEYKeyDBHandle structure. It is fine to pass NULL since this
* routine will allocate one for you (SECKEY_GetDefaultDB() can be
* used to retrieve the cert db handle).
*/
/*ARGSUSED*/
int
LDAP_CALL
ldapssl_clientauth_init( const char *certdbpath, void *certdbhandle,
@ -401,7 +421,7 @@ ldapssl_clientauth_init( const char *certdbpath, void *certdbhandle,
return( 0 );
}
if ((rc = ldapssl_basic_init(certdbpath, keydbpath)) != 0) {
if ( ldapssl_basic_init(certdbpath, keydbpath, NULL) != 0) {
return (-1);
}
@ -440,12 +460,11 @@ ldapssl_clientauth_init( const char *certdbpath, void *certdbhandle,
* is supported but not client authentication.
*
* If "certdbpath" is NULL or "", the default cert. db is used (typically
* ~/.netscape/cert7.db).
* ~/.netscape/cert8.db).
*
* If "certdbpath" ends with ".db" (case-insensitive compare), then
* it is assumed to be a full path to the cert. db file; otherwise,
* it is assumed to be a directory that contains a file called
* "cert7.db" or "cert.db".
* it is assumed to be a directory that contains such a file.
*
* If certdbhandle is non-NULL, it is assumed to be a pointer to a
* SECCertDBHandle structure. It is fine to pass NULL since this
@ -457,13 +476,14 @@ ldapssl_clientauth_init( const char *certdbpath, void *certdbhandle,
*
* If "keydbpath" ends with ".db" (case-insensitive compare), then
* it is assumed to be a full path to the key db file; otherwise,
* it is assumed to be a directory that contains a file called
* "key3.db"
* it is assumed to be a directory that contains such a file.
*
* If certdbhandle is non-NULL< it is assumed to be a pointed to a
* SECKEYKeyDBHandle structure. It is fine to pass NULL since this
* routine will allocate one for you (SECKEY_GetDefaultDB() can be
* used to retrieve the cert db handle). */
* used to retrieve the cert db handle).
*/
/*ARGSUSED*/
int
LDAP_CALL
ldapssl_advclientauth_init(
@ -472,8 +492,6 @@ ldapssl_advclientauth_init(
const int needsecmoddb, const char *secmoddbpath,
const int sslstrength )
{
int rc = 0;
if ( inited ) {
return( 0 );
}
@ -482,7 +500,7 @@ ldapssl_advclientauth_init(
* LDAPDebug(LDAP_DEBUG_TRACE, "ldapssl_advclientauth_init\n",0 ,0 ,0);
*/
if ((rc = ldapssl_basic_init(certdbpath, keydbpath)) != 0) {
if ( ldapssl_basic_init(certdbpath, keydbpath, NULL) != 0) {
return (-1);
}
@ -518,7 +536,7 @@ LDAP_CALL
ldapssl_pkcs_init( const struct ldapssl_pkcs_fns *pfns )
{
char *certdbpath, *keydbpath;
char *certdbpath, *keydbpath, *secmoddbpath;
int rc;
if ( inited ) {
@ -534,11 +552,13 @@ ldapssl_pkcs_init( const struct ldapssl_pkcs_fns *pfns )
/*
* LDAPDebug(LDAP_DEBUG_TRACE, "ldapssl_pkcs_init\n",0 ,0 ,0);
*/
certdbpath = keydbpath = secmoddbpath = NULL;
pfns->pkcs_getcertpath( NULL, &certdbpath);
pfns->pkcs_getkeypath( NULL, &keydbpath);
ldapssl_basic_init(certdbpath, keydbpath);
pfns->pkcs_getmodpath( NULL, &secmoddbpath);
if ( ldapssl_basic_init(certdbpath, keydbpath, secmoddbpath) != 0 ) {
return( -1 );
}
/* this is odd */
PK11_ConfigurePKCS11(NULL, NULL, tokDes, ptokDes, NULL, NULL, NULL, NULL, 0, 0 );

4
directory/c-sdk/ldap/libraries/libssldap/errormap.c
Просмотреть файл

@ -93,7 +93,7 @@ typedef struct tuple_str tuple_str;
#include "secerr.h"
#include "sslerr.h"
const tuple_str errStrings[] = {
static const tuple_str errStrings[] = {
/* keep this list in asceding order of error numbers */
#ifdef NS_DIRECTORY
@ -113,7 +113,7 @@ const tuple_str errStrings[] = {
};
const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str);
static const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str);
/* Returns a UTF-8 encoded constant error string for "errNum".
* Returns NULL of errNum is unknown.

5
directory/c-sdk/ldap/libraries/libssldap/ldapsinit.c
Просмотреть файл

@ -471,6 +471,7 @@ ldapssl_install_routines( LDAP *ld )
}
/*ARGSUSED*/
int
LDAP_CALL
ldapssl_enable_clientauth( LDAP *ld, char *keynickname,
@ -859,7 +860,7 @@ ldapssl_AuthCertificate(void *sessionarg, PRFileDesc *fd, PRBool checkSig,
* SECFailure otherwise.
* if SECFailure is returned SSL will proceed without sending a cert.
*/
/*ARGSUSED*/
static SECStatus
get_clientauth_data( void *sessionarg, PRFileDesc *prfd,
CERTDistNames *caNames, CERTCertificate **pRetCert,
@ -920,7 +921,7 @@ get_keyandcert( LDAPSSLSessionInfo *ssip,
* This function is enable through PK11_SetPasswordFunc
* only if pkcs functions are not being used.
*/
/*ARGSUSED*/
static char *
get_keypassword( PK11SlotInfo *slot, PRBool retry, void *sessionarg )
{