mozilla
/
mozilla-history
зеркало из https://github.com/mozilla/mozilla-history.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Fixed text file line endings. 

Modified Files: Makefile alt.c cache.c errors.c file.c manifest.mn
        ntgetpin.c pin.c pk11.c std.c svrcore.h user.c
This commit is contained in:
wtchang%redhat.com 2005-03-01 00:27:38 +00:00
Родитель fa11d7b09f
Коммит b98a2d2646
12 изменённых файлов: 2045 добавлений и 2045 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

178
security/svrcore/Makefile
Просмотреть файл

@ -1,89 +1,89 @@
#! gmake
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape svrcore library.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1996, 1997
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
# Build only static library
IMPORT_LIBRARY=
SHARED_LIBRARY=
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
all release::
@echo ---- Finished ----
coreconf_hack:
cd ../coreconf; $(MAKE) export
$(MAKE) import
RelEng_bld: coreconf_hack
$(MAKE)
#! gmake
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape svrcore library.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1996, 1997
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
# Build only static library
IMPORT_LIBRARY=
SHARED_LIBRARY=
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
all release::
@echo ---- Finished ----
coreconf_hack:
cd ../coreconf; $(MAKE) export
$(MAKE) import
RelEng_bld: coreconf_hack
$(MAKE)

254
security/svrcore/alt.c
Просмотреть файл

@ -1,127 +1,127 @@
/*
* alt.c - SVRCORE module for reading a PIN from one of two alternate
* sources.
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape svrcore library.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include <stdio.h>
#include <string.h>
#include <svrcore.h>
/* ------------------------------------------------------------ */
/*
* SVRCOREAltPinObj implementation
*/
struct SVRCOREAltPinObj
{
SVRCOREPinObj base;
SVRCOREPinObj *primary;
SVRCOREPinObj *alt;
};
static const SVRCOREPinMethods vtable;
/* ------------------------------------------------------------ */
SVRCOREError
SVRCORE_CreateAltPinObj(
SVRCOREAltPinObj **out,
SVRCOREPinObj *primary, SVRCOREPinObj *alt)
{
SVRCOREError err = SVRCORE_Success;
SVRCOREAltPinObj *obj = 0;
do {
obj = (SVRCOREAltPinObj *)malloc(sizeof (SVRCOREAltPinObj));
if (!obj) { err = SVRCORE_NoMemory_Error; break; }
obj->base.methods = &vtable;
obj->primary = primary;
obj->alt = alt;
} while(0);
if (err != SVRCORE_Success)
{
SVRCORE_DestroyAltPinObj(obj);
}
*out = obj;
return err;
}
void
SVRCORE_DestroyAltPinObj(
SVRCOREAltPinObj *obj)
{
if (!obj) return;
free(obj);
}
/* ------------------------------------------------------------ */
/*
* vtable methods
*/
static void
destroyObject(SVRCOREPinObj *obj)
{
SVRCORE_DestroyAltPinObj((SVRCOREAltPinObj*)obj);
}
static char *
getPin(SVRCOREPinObj *pinObj, const char *tokenName, PRBool retry)
{
SVRCOREAltPinObj *obj = (SVRCOREAltPinObj*)pinObj;
char *res = 0;
do {
/* Try primary first */
res = SVRCORE_GetPin(obj->primary, tokenName, retry);
if (res) break;
/* If unsucessful, try alternate source */
res = SVRCORE_GetPin(obj->alt, tokenName, retry);
} while(0);
return res;
}
/*
* VTable
*/
static const SVRCOREPinMethods vtable =
{ 0, 0, destroyObject, getPin };
/*
* alt.c - SVRCORE module for reading a PIN from one of two alternate
* sources.
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape svrcore library.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include <stdio.h>
#include <string.h>
#include <svrcore.h>
/* ------------------------------------------------------------ */
/*
* SVRCOREAltPinObj implementation
*/
struct SVRCOREAltPinObj
{
SVRCOREPinObj base;
SVRCOREPinObj *primary;
SVRCOREPinObj *alt;
};
static const SVRCOREPinMethods vtable;
/* ------------------------------------------------------------ */
SVRCOREError
SVRCORE_CreateAltPinObj(
SVRCOREAltPinObj **out,
SVRCOREPinObj *primary, SVRCOREPinObj *alt)
{
SVRCOREError err = SVRCORE_Success;
SVRCOREAltPinObj *obj = 0;
do {
obj = (SVRCOREAltPinObj *)malloc(sizeof (SVRCOREAltPinObj));
if (!obj) { err = SVRCORE_NoMemory_Error; break; }
obj->base.methods = &vtable;
obj->primary = primary;
obj->alt = alt;
} while(0);
if (err != SVRCORE_Success)
{
SVRCORE_DestroyAltPinObj(obj);
}
*out = obj;
return err;
}
void
SVRCORE_DestroyAltPinObj(
SVRCOREAltPinObj *obj)
{
if (!obj) return;
free(obj);
}
/* ------------------------------------------------------------ */
/*
* vtable methods
*/
static void
destroyObject(SVRCOREPinObj *obj)
{
SVRCORE_DestroyAltPinObj((SVRCOREAltPinObj*)obj);
}
static char *
getPin(SVRCOREPinObj *pinObj, const char *tokenName, PRBool retry)
{
SVRCOREAltPinObj *obj = (SVRCOREAltPinObj*)pinObj;
char *res = 0;
do {
/* Try primary first */
res = SVRCORE_GetPin(obj->primary, tokenName, retry);
if (res) break;
/* If unsucessful, try alternate source */
res = SVRCORE_GetPin(obj->alt, tokenName, retry);
} while(0);
return res;
}
/*
* VTable
*/
static const SVRCOREPinMethods vtable =
{ 0, 0, destroyObject, getPin };

494
security/svrcore/cache.c
Просмотреть файл

@ -1,247 +1,247 @@
/*
* cache.c - SVRCORE module for caching PIN values
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape svrcore library.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include <string.h>
#include <svrcore.h>
/* ------------------------------------------------------------ */
/*
* Node - for maintaining link list of tokens with cached PINs
*/
typedef struct Node Node;
static void freeNode(Node *node);
static void freeList(Node *list);
struct Node
{
Node *next;
char *tokenName;
SVRCOREPk11PinStore *store;
};
/* ------------------------------------------------------------ */
/*
* SVRCORECachedPinObj implementation
*/
struct SVRCORECachedPinObj
{
SVRCOREPinObj base;
SVRCOREPinObj *alt;
Node *pinList;
};
static const struct SVRCOREPinMethods vtable;
/* ------------------------------------------------------------ */
SVRCOREError
SVRCORE_CreateCachedPinObj(
SVRCORECachedPinObj **out, SVRCOREPinObj *alt)
{
SVRCOREError err = SVRCORE_Success;
SVRCORECachedPinObj *obj;
do {
obj = (SVRCORECachedPinObj*)malloc(sizeof (SVRCORECachedPinObj));
if (!obj) { err = SVRCORE_NoMemory_Error; break; }
obj->base.methods = &vtable;
obj->alt = alt;
obj->pinList = 0;
} while(0);
*out = obj;
return err;
}
void
SVRCORE_DestroyCachedPinObj(SVRCORECachedPinObj *obj)
{
if (!obj) return;
if (obj->pinList) freeList(obj->pinList);
free(obj);
}
/* ------------------------------------------------------------ */
/*
* vtable functions
*/
static void
destroyObject(SVRCOREPinObj *obj)
{
SVRCORE_DestroyCachedPinObj((SVRCORECachedPinObj*)obj);
}
static char *
getPin(SVRCOREPinObj *ctx, const char *tokenName, PRBool retry)
{
SVRCORECachedPinObj *obj = (SVRCORECachedPinObj*)ctx;
Node **link, *node;
char *pin = 0;
/*
* Look up the value in the cache. Remove the entry if this is
* a retry, or getting the stored value fails. This loop terminates
* with 'pin' set to any valid cached value.
*/
for(link = &obj->pinList;(node = *link) != NULL;link = &node->next)
{
if (strcmp(node->tokenName, tokenName) != 0) continue;
if (retry ||
SVRCORE_Pk11StoreGetPin(&pin, node->store) != SVRCORE_Success)
{
*link = node->next;
freeNode(node);
}
break;
}
/*
* Now loop, attempting to read a pin from the alternate source
* until cancelled, or a valid PIN is provided.
*/
while(!pin)
{
SVRCOREError err;
/* Call second level */
pin = SVRCORE_GetPin(obj->alt, tokenName, retry);
if (!pin) break; /* Cancel */
/* Attempt to create a Pin Storage object. This checks the
* password.
*/
do {
Node *node;
node = (Node*)malloc(sizeof (Node));
if (!node) { err = SVRCORE_NoMemory_Error; break; }
node->tokenName = 0;
node->store = 0;
do {
node->tokenName = strdup(tokenName);
if (!node->tokenName) { err = SVRCORE_NoMemory_Error; break; }
err = SVRCORE_CreatePk11PinStore(&node->store, tokenName, pin);
} while(0);
if (err) { freeNode(node); break; }
node->next = obj->pinList;
obj->pinList = node;
} while(0);
/* If node creation worked, then pin is correct */
if (err == SVRCORE_Success) break;
/* Quit on any error other than IncorrectPassword */
if (err != SVRCORE_IncorrectPassword_Error) break;
/* Password was incorrect, treat this as a retry */
retry = PR_TRUE;
}
return pin;
}
/* ------------------------------------------------------------ */
/*
* SVRCORE_CachedPinGetPin
*/
SVRCOREError
SVRCORE_CachedPinGetPin(
char **out, SVRCORECachedPinObj *obj,
const char *tokenName)
{
SVRCOREError err;
Node *node;
*out = 0;
do {
/* Find a matching PIN node */
for(node = obj->pinList;node;node = node->next)
{
if (strcmp(node->tokenName, tokenName) == 0) break;;
}
if (!node) { err = SVRCORE_NoSuchToken_Error; break; }
err = SVRCORE_Pk11StoreGetPin(out, node->store);
} while(0);
return err;
}
static const struct SVRCOREPinMethods vtable =
{ 0, 0, destroyObject, getPin };
/* ------------------------------------------------------------ */
/*
* Node implementation
*/
static void freeNode(Node *node)
{
if (!node) return;
if (node->store) SVRCORE_DestroyPk11PinStore(node->store);
if (node->tokenName) free(node->tokenName);
free(node);
}
static void freeList(Node *list)
{
Node *n;
while((n = list) != NULL)
{
list = n->next;
free(n->tokenName);
free(n);
}
}
/*
* cache.c - SVRCORE module for caching PIN values
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape svrcore library.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include <string.h>
#include <svrcore.h>
/* ------------------------------------------------------------ */
/*
* Node - for maintaining link list of tokens with cached PINs
*/
typedef struct Node Node;
static void freeNode(Node *node);
static void freeList(Node *list);
struct Node
{
Node *next;
char *tokenName;
SVRCOREPk11PinStore *store;
};
/* ------------------------------------------------------------ */
/*
* SVRCORECachedPinObj implementation
*/
struct SVRCORECachedPinObj
{
SVRCOREPinObj base;
SVRCOREPinObj *alt;
Node *pinList;
};
static const struct SVRCOREPinMethods vtable;
/* ------------------------------------------------------------ */
SVRCOREError
SVRCORE_CreateCachedPinObj(
SVRCORECachedPinObj **out, SVRCOREPinObj *alt)
{
SVRCOREError err = SVRCORE_Success;
SVRCORECachedPinObj *obj;
do {
obj = (SVRCORECachedPinObj*)malloc(sizeof (SVRCORECachedPinObj));
if (!obj) { err = SVRCORE_NoMemory_Error; break; }
obj->base.methods = &vtable;
obj->alt = alt;
obj->pinList = 0;
} while(0);
*out = obj;
return err;
}
void
SVRCORE_DestroyCachedPinObj(SVRCORECachedPinObj *obj)
{
if (!obj) return;
if (obj->pinList) freeList(obj->pinList);
free(obj);
}
/* ------------------------------------------------------------ */
/*
* vtable functions
*/
static void
destroyObject(SVRCOREPinObj *obj)
{
SVRCORE_DestroyCachedPinObj((SVRCORECachedPinObj*)obj);
}
static char *
getPin(SVRCOREPinObj *ctx, const char *tokenName, PRBool retry)
{
SVRCORECachedPinObj *obj = (SVRCORECachedPinObj*)ctx;
Node **link, *node;
char *pin = 0;
/*
* Look up the value in the cache. Remove the entry if this is
* a retry, or getting the stored value fails. This loop terminates
* with 'pin' set to any valid cached value.
*/
for(link = &obj->pinList;(node = *link) != NULL;link = &node->next)
{
if (strcmp(node->tokenName, tokenName) != 0) continue;
if (retry ||
SVRCORE_Pk11StoreGetPin(&pin, node->store) != SVRCORE_Success)
{
*link = node->next;
freeNode(node);
}
break;
}
/*
* Now loop, attempting to read a pin from the alternate source
* until cancelled, or a valid PIN is provided.
*/
while(!pin)
{
SVRCOREError err;
/* Call second level */
pin = SVRCORE_GetPin(obj->alt, tokenName, retry);
if (!pin) break; /* Cancel */
/* Attempt to create a Pin Storage object. This checks the
* password.
*/
do {
Node *node;
node = (Node*)malloc(sizeof (Node));
if (!node) { err = SVRCORE_NoMemory_Error; break; }
node->tokenName = 0;
node->store = 0;
do {
node->tokenName = strdup(tokenName);
if (!node->tokenName) { err = SVRCORE_NoMemory_Error; break; }
err = SVRCORE_CreatePk11PinStore(&node->store, tokenName, pin);
} while(0);
if (err) { freeNode(node); break; }
node->next = obj->pinList;
obj->pinList = node;
} while(0);
/* If node creation worked, then pin is correct */
if (err == SVRCORE_Success) break;
/* Quit on any error other than IncorrectPassword */
if (err != SVRCORE_IncorrectPassword_Error) break;
/* Password was incorrect, treat this as a retry */
retry = PR_TRUE;
}
return pin;
}
/* ------------------------------------------------------------ */
/*
* SVRCORE_CachedPinGetPin
*/
SVRCOREError
SVRCORE_CachedPinGetPin(
char **out, SVRCORECachedPinObj *obj,
const char *tokenName)
{
SVRCOREError err;
Node *node;
*out = 0;
do {
/* Find a matching PIN node */
for(node = obj->pinList;node;node = node->next)
{
if (strcmp(node->tokenName, tokenName) == 0) break;;
}
if (!node) { err = SVRCORE_NoSuchToken_Error; break; }
err = SVRCORE_Pk11StoreGetPin(out, node->store);
} while(0);
return err;
}
static const struct SVRCOREPinMethods vtable =
{ 0, 0, destroyObject, getPin };
/* ------------------------------------------------------------ */
/*
* Node implementation
*/
static void freeNode(Node *node)
{
if (!node) return;
if (node->store) SVRCORE_DestroyPk11PinStore(node->store);
if (node->tokenName) free(node->tokenName);
free(node);
}
static void freeList(Node *list)
{
Node *n;
while((n = list) != NULL)
{
list = n->next;
free(n->tokenName);
free(n);
}
}

96
security/svrcore/errors.c
Просмотреть файл

@ -1,48 +1,48 @@
/*
* errors.c - SVRCORE Error strings
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape svrcore library.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include <svrcore.h>
const char * const SVRCORE_Errors[] = {
"Operation completed successfully",
"Not enough memory to complete operation",
"Unspecified error",
"Token missing or unavailable",
"Incorrect password or PIN provided"
};
/*
* errors.c - SVRCORE Error strings
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape svrcore library.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include <svrcore.h>
const char * const SVRCORE_Errors[] = {
"Operation completed successfully",
"Not enough memory to complete operation",
"Unspecified error",
"Token missing or unavailable",
"Incorrect password or PIN provided"
};

504
security/svrcore/file.c
Просмотреть файл

@ -1,252 +1,252 @@
/*
* file.c - SVRCORE module for reading PIN from a file
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape svrcore library.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include <stdio.h>
#include <string.h>
#include <svrcore.h>
/* ------------------------------------------------------------ */
/*
* Node - for maintaining link list of tokens with bad PINs
*/
typedef struct Node Node;
static void freeList(Node *list);
struct Node
{
Node *next;
char *tokenName;
};
/* ------------------------------------------------------------ */
/*
* SVRCOREFilePinObj implementation
*/
struct SVRCOREFilePinObj
{
SVRCOREPinObj base;
char *filename;
PRBool disabled;
Node *badPinList;
};
static const struct SVRCOREPinMethods vtable;
/* ------------------------------------------------------------ */
SVRCOREError
SVRCORE_CreateFilePinObj(
SVRCOREFilePinObj **out,
const char *filename)
{
SVRCOREError err = SVRCORE_Success;
SVRCOREFilePinObj *obj = 0;
do {
obj = (SVRCOREFilePinObj*)malloc(sizeof (SVRCOREFilePinObj));
if (!obj) { err = SVRCORE_NoMemory_Error; break; }
obj->base.methods = &vtable;
obj->filename = 0;
obj->disabled = PR_FALSE;
obj->badPinList = 0;
obj->filename = strdup(filename);
if (!obj->filename) { err = SVRCORE_NoMemory_Error; break; }
} while(0);
if (err)
{
SVRCORE_DestroyFilePinObj(obj);
obj = 0;
}
*out = obj;
return err;
}
void
SVRCORE_DestroyFilePinObj(SVRCOREFilePinObj *obj)
{
if (!obj) return;
if (obj->filename) free(obj->filename);
if (obj->badPinList) freeList(obj->badPinList);
free(obj);
}
/* ------------------------------------------------------------ */
/*
* vtable functions
*/
static void
destroyObject(SVRCOREPinObj *obj)
{
SVRCORE_DestroyFilePinObj((SVRCOREFilePinObj*)obj);
}
static char *
getPin(SVRCOREPinObj *ctx, const char *tokenName, PRBool retry)
{
SVRCOREFilePinObj *obj = (SVRCOREFilePinObj*)ctx;
PK11SlotInfo *slot;
int is_internal_token = 0;
FILE *pinfile = 0;
char *res = 0;
/* In really bad situations, where we cannot allocate memory
* for a bad PIN list, the entire PIN object is disabled.
*/
if (obj->disabled) return 0;
/*
* If the application is retrying the PIN, the one in the file is
* probably wrong. It's important that we avoid returning this
* PIN to the caller each time, since that will result in disabling
* the token.
*/
{
Node *p;
for(p = obj->badPinList;p;p = p->next)
if (strcmp(p->tokenName, tokenName) == 0) break;
if (p) return 0;
}
/* Mark it as bad (in the hash table) so that we remember
* to never return it again.
*/
if (retry)
{
Node *ent = 0;
do {
ent = (Node *)malloc(sizeof (Node));
if (!ent) break;
ent->tokenName = strdup(tokenName);
if (!ent->tokenName)
{
free(ent);
ent = 0;
}
} while(0);
/* If adding fails, disable the whole object */
if (!ent) obj->disabled = PR_TRUE;
/* Add to list */
ent->next = obj->badPinList;
obj->badPinList = ent;
return 0;
}
slot = PK11_FindSlotByName((char *)tokenName);
if (slot) {
is_internal_token = PK11_IsInternal(slot);
PK11_FreeSlot(slot);
}
do {
char line[128];
pinfile = fopen(obj->filename, "rt");
if (!pinfile) break;
/* Read lines from the file */
while(fgets(line, sizeof line, pinfile))
{
char *pin;
char *delim;
/* Find the ":" */
delim = strchr(line, ':');
if (!delim) continue;
/* Terminate name field and skip ";" */
*delim++ = 0;
if (strcmp(line, tokenName) == 0 ||
(is_internal_token &&
(strcmp(line, "Communicator Certificate DB") == 0 ||
strcmp(line, "Internal (Software) Token") == 0)))
{
pin = delim;
delim = strchr(pin, '\n');
if (delim) *delim = 0;
res = strdup(pin);
break;
}
}
/* Clear any sensitive data */
memset(line, 0, sizeof line);
} while(0);
if (pinfile) fclose(pinfile);
return res;
}
static const struct SVRCOREPinMethods vtable =
{ 0, 0, destroyObject, getPin };
/* ------------------------------------------------------------ */
/*
* Node implementation
*/
static void freeList(Node *list)
{
Node *n;
while((n = list) != NULL)
{
list = n->next;
free(n->tokenName);
free(n);
}
}
/*
* file.c - SVRCORE module for reading PIN from a file
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape svrcore library.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include <stdio.h>
#include <string.h>
#include <svrcore.h>
/* ------------------------------------------------------------ */
/*
* Node - for maintaining link list of tokens with bad PINs
*/
typedef struct Node Node;
static void freeList(Node *list);
struct Node
{
Node *next;
char *tokenName;
};
/* ------------------------------------------------------------ */
/*
* SVRCOREFilePinObj implementation
*/
struct SVRCOREFilePinObj
{
SVRCOREPinObj base;
char *filename;
PRBool disabled;
Node *badPinList;
};
static const struct SVRCOREPinMethods vtable;
/* ------------------------------------------------------------ */
SVRCOREError
SVRCORE_CreateFilePinObj(
SVRCOREFilePinObj **out,
const char *filename)
{
SVRCOREError err = SVRCORE_Success;
SVRCOREFilePinObj *obj = 0;
do {
obj = (SVRCOREFilePinObj*)malloc(sizeof (SVRCOREFilePinObj));
if (!obj) { err = SVRCORE_NoMemory_Error; break; }
obj->base.methods = &vtable;
obj->filename = 0;
obj->disabled = PR_FALSE;
obj->badPinList = 0;
obj->filename = strdup(filename);
if (!obj->filename) { err = SVRCORE_NoMemory_Error; break; }
} while(0);
if (err)
{
SVRCORE_DestroyFilePinObj(obj);
obj = 0;
}
*out = obj;
return err;
}
void
SVRCORE_DestroyFilePinObj(SVRCOREFilePinObj *obj)
{
if (!obj) return;
if (obj->filename) free(obj->filename);
if (obj->badPinList) freeList(obj->badPinList);
free(obj);
}
/* ------------------------------------------------------------ */
/*
* vtable functions
*/
static void
destroyObject(SVRCOREPinObj *obj)
{
SVRCORE_DestroyFilePinObj((SVRCOREFilePinObj*)obj);
}
static char *
getPin(SVRCOREPinObj *ctx, const char *tokenName, PRBool retry)
{
SVRCOREFilePinObj *obj = (SVRCOREFilePinObj*)ctx;
PK11SlotInfo *slot;
int is_internal_token = 0;
FILE *pinfile = 0;
char *res = 0;
/* In really bad situations, where we cannot allocate memory
* for a bad PIN list, the entire PIN object is disabled.
*/
if (obj->disabled) return 0;
/*
* If the application is retrying the PIN, the one in the file is
* probably wrong. It's important that we avoid returning this
* PIN to the caller each time, since that will result in disabling
* the token.
*/
{
Node *p;
for(p = obj->badPinList;p;p = p->next)
if (strcmp(p->tokenName, tokenName) == 0) break;
if (p) return 0;
}
/* Mark it as bad (in the hash table) so that we remember
* to never return it again.
*/
if (retry)
{
Node *ent = 0;
do {
ent = (Node *)malloc(sizeof (Node));
if (!ent) break;
ent->tokenName = strdup(tokenName);
if (!ent->tokenName)
{
free(ent);
ent = 0;
}
} while(0);
/* If adding fails, disable the whole object */
if (!ent) obj->disabled = PR_TRUE;
/* Add to list */
ent->next = obj->badPinList;
obj->badPinList = ent;
return 0;
}
slot = PK11_FindSlotByName((char *)tokenName);
if (slot) {
is_internal_token = PK11_IsInternal(slot);
PK11_FreeSlot(slot);
}
do {
char line[128];
pinfile = fopen(obj->filename, "rt");
if (!pinfile) break;
/* Read lines from the file */
while(fgets(line, sizeof line, pinfile))
{
char *pin;
char *delim;
/* Find the ":" */
delim = strchr(line, ':');
if (!delim) continue;
/* Terminate name field and skip ";" */
*delim++ = 0;
if (strcmp(line, tokenName) == 0 ||
(is_internal_token &&
(strcmp(line, "Communicator Certificate DB") == 0 ||
strcmp(line, "Internal (Software) Token") == 0)))
{
pin = delim;
delim = strchr(pin, '\n');
if (delim) *delim = 0;
res = strdup(pin);
break;
}
}
/* Clear any sensitive data */
memset(line, 0, sizeof line);
} while(0);
if (pinfile) fclose(pinfile);
return res;
}
static const struct SVRCOREPinMethods vtable =
{ 0, 0, destroyObject, getPin };
/* ------------------------------------------------------------ */
/*
* Node implementation
*/
static void freeList(Node *list)
{
Node *n;
while((n = list) != NULL)
{
list = n->next;
free(n->tokenName);
free(n);
}
}

104
security/svrcore/manifest.mn
Просмотреть файл

@ -1,52 +1,52 @@
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape svrcore library.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1996, 1997
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CORE_DEPTH = ..
MODULE = svrcore
IMPORTS = nspr20/v4.4.1 nss/NSS_3_9_3_RTM
LIBRARY_NAME = svrcore
EXPORTS = svrcore.h
REQUIRES = nspr20 nss
CSRCS = user.c pin.c alt.c file.c errors.c pk11.c \
cache.c std.c ntgetpin.c
#
# ***** BEGIN LICENSE BLOCK *****
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
#
# The contents of this file are subject to the Mozilla Public License Version
# 1.1 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS" basis,
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
# for the specific language governing rights and limitations under the
# License.
#
# The Original Code is the Netscape svrcore library.
#
# The Initial Developer of the Original Code is
# Netscape Communications Corporation.
# Portions created by the Initial Developer are Copyright (C) 1996, 1997
# the Initial Developer. All Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the terms of
# either the GNU General Public License Version 2 or later (the "GPL"), or
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
# in which case the provisions of the GPL or the LGPL are applicable instead
# of those above. If you wish to allow use of your version of this file only
# under the terms of either the GPL or the LGPL, and not to allow others to
# use your version of this file under the terms of the MPL, indicate your
# decision by deleting the provisions above and replace them with the notice
# and other provisions required by the GPL or the LGPL. If you do not delete
# the provisions above, a recipient may use your version of this file under
# the terms of any one of the MPL, the GPL or the LGPL.
#
# ***** END LICENSE BLOCK *****
CORE_DEPTH = ..
MODULE = svrcore
IMPORTS = nspr20/v4.4.1 nss/NSS_3_9_3_RTM
LIBRARY_NAME = svrcore
EXPORTS = svrcore.h
REQUIRES = nspr20 nss
CSRCS = user.c pin.c alt.c file.c errors.c pk11.c \
cache.c std.c ntgetpin.c

336
security/svrcore/ntgetpin.c
Просмотреть файл

@ -1,168 +1,168 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape svrcore library.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1996
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/******************************************************
*
* ntgetpin.c - Prompts for the key
* database passphrase.
*
******************************************************/
#if defined( WIN32 )
#include <windows.h>
#include <nspr.h>
#include "ntresource.h"
#undef Debug
#undef OFF
#undef LITTLE_ENDIAN
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
static char password[512];
static void CenterDialog(HWND hwndParent, HWND hwndDialog)
{
RECT DialogRect;
RECT ParentRect;
POINT Point;
int nWidth;
int nHeight;
// Determine if the main window exists. This can be useful when
// the application creates the dialog box before it creates the
// main window. If it does exist, retrieve its size to center
// the dialog box with respect to the main window.
if( hwndParent != NULL )
{
GetClientRect(hwndParent, &ParentRect);
}
else
{
// if main window does not exist, center with respect to desktop
hwndParent = GetDesktopWindow();
GetWindowRect(hwndParent, &ParentRect);
}
// get the size of the dialog box
GetWindowRect(hwndDialog, &DialogRect);
// calculate height and width for MoveWindow()
nWidth = DialogRect.right - DialogRect.left;
nHeight = DialogRect.bottom - DialogRect.top;
// find center point and convert to screen coordinates
Point.x = (ParentRect.right - ParentRect.left) / 2;
Point.y = (ParentRect.bottom - ParentRect.top) / 2;
ClientToScreen(hwndParent, &Point);
// calculate new X, Y starting point
Point.x -= nWidth / 2;
Point.y -= nHeight / 2;
MoveWindow(hwndDialog, Point.x, Point.y, nWidth, nHeight, FALSE);
}
static BOOL CALLBACK PinDialogProc(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
{
switch(message)
{
case WM_INITDIALOG:
SetDlgItemText( hDlg, IDC_TOKEN_NAME, (char *)lParam);
CenterDialog(NULL, hDlg);
SendDlgItemMessage(hDlg, IDEDIT, EM_SETLIMITTEXT, sizeof(password), 0);
EnableWindow(GetDlgItem(hDlg, IDOK), FALSE);
return(FALSE);
case WM_COMMAND:
if(LOWORD(wParam) == IDEDIT)
{
if(HIWORD(wParam) == EN_CHANGE)
{
if(GetDlgItemText(hDlg, IDEDIT, password,
sizeof(password)) > 0)
{
EnableWindow(GetDlgItem(hDlg, IDOK), TRUE);
}
else
{
EnableWindow(GetDlgItem(hDlg, IDOK), FALSE);
}
}
return (FALSE);
}
else if(LOWORD(wParam) == IDOK)
{
GetDlgItemText(hDlg, IDEDIT, password, sizeof(password));
EndDialog(hDlg, IDOK);
return (TRUE);
}
else if(LOWORD(wParam) == IDCANCEL)
{
memset(password, 0, sizeof(password));
EndDialog(hDlg, IDCANCEL);
return(FALSE);
}
}
return (FALSE);
}
char*
NT_PromptForPin (const char *tokenName)
{
int iResult = 0;
iResult = DialogBoxParam( GetModuleHandle( NULL ),
MAKEINTRESOURCE(IDD_DATABASE_PASSWORD),
HWND_DESKTOP, (DLGPROC) PinDialogProc, (LPARAM)tokenName);
if( iResult == -1 )
{
iResult = GetLastError();
/*
ReportSlapdEvent( EVENTLOG_INFORMATION_TYPE,
MSG_SERVER_PASSWORD_DIALOG_FAILED, 0, NULL );
*/
return NULL;
}
/* Return no-response if the user click on cancel */
if (password[0] == 0) return 0;
return strdup(password);
}
#endif /* defined( WIN32 ) */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape svrcore library.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1996
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/******************************************************
*
* ntgetpin.c - Prompts for the key
* database passphrase.
*
******************************************************/
#if defined( WIN32 )
#include <windows.h>
#include <nspr.h>
#include "ntresource.h"
#undef Debug
#undef OFF
#undef LITTLE_ENDIAN
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
static char password[512];
static void CenterDialog(HWND hwndParent, HWND hwndDialog)
{
RECT DialogRect;
RECT ParentRect;
POINT Point;
int nWidth;
int nHeight;
// Determine if the main window exists. This can be useful when
// the application creates the dialog box before it creates the
// main window. If it does exist, retrieve its size to center
// the dialog box with respect to the main window.
if( hwndParent != NULL )
{
GetClientRect(hwndParent, &ParentRect);
}
else
{
// if main window does not exist, center with respect to desktop
hwndParent = GetDesktopWindow();
GetWindowRect(hwndParent, &ParentRect);
}
// get the size of the dialog box
GetWindowRect(hwndDialog, &DialogRect);
// calculate height and width for MoveWindow()
nWidth = DialogRect.right - DialogRect.left;
nHeight = DialogRect.bottom - DialogRect.top;
// find center point and convert to screen coordinates
Point.x = (ParentRect.right - ParentRect.left) / 2;
Point.y = (ParentRect.bottom - ParentRect.top) / 2;
ClientToScreen(hwndParent, &Point);
// calculate new X, Y starting point
Point.x -= nWidth / 2;
Point.y -= nHeight / 2;
MoveWindow(hwndDialog, Point.x, Point.y, nWidth, nHeight, FALSE);
}
static BOOL CALLBACK PinDialogProc(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
{
switch(message)
{
case WM_INITDIALOG:
SetDlgItemText( hDlg, IDC_TOKEN_NAME, (char *)lParam);
CenterDialog(NULL, hDlg);
SendDlgItemMessage(hDlg, IDEDIT, EM_SETLIMITTEXT, sizeof(password), 0);
EnableWindow(GetDlgItem(hDlg, IDOK), FALSE);
return(FALSE);
case WM_COMMAND:
if(LOWORD(wParam) == IDEDIT)
{
if(HIWORD(wParam) == EN_CHANGE)
{
if(GetDlgItemText(hDlg, IDEDIT, password,
sizeof(password)) > 0)
{
EnableWindow(GetDlgItem(hDlg, IDOK), TRUE);
}
else
{
EnableWindow(GetDlgItem(hDlg, IDOK), FALSE);
}
}
return (FALSE);
}
else if(LOWORD(wParam) == IDOK)
{
GetDlgItemText(hDlg, IDEDIT, password, sizeof(password));
EndDialog(hDlg, IDOK);
return (TRUE);
}
else if(LOWORD(wParam) == IDCANCEL)
{
memset(password, 0, sizeof(password));
EndDialog(hDlg, IDCANCEL);
return(FALSE);
}
}
return (FALSE);
}
char*
NT_PromptForPin (const char *tokenName)
{
int iResult = 0;
iResult = DialogBoxParam( GetModuleHandle( NULL ),
MAKEINTRESOURCE(IDD_DATABASE_PASSWORD),
HWND_DESKTOP, (DLGPROC) PinDialogProc, (LPARAM)tokenName);
if( iResult == -1 )
{
iResult = GetLastError();
/*
ReportSlapdEvent( EVENTLOG_INFORMATION_TYPE,
MSG_SERVER_PASSWORD_DIALOG_FAILED, 0, NULL );
*/
return NULL;
}
/* Return no-response if the user click on cancel */
if (password[0] == 0) return 0;
return strdup(password);
}
#endif /* defined( WIN32 ) */

180
security/svrcore/pin.c
Просмотреть файл

@ -1,90 +1,90 @@
/*
* pin.c - SVRCORE module implementing PK11 pin callback support
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape svrcore library.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include <svrcore.h>
#include <string.h>
#include <pk11func.h>
#include <seccomon.h>
/*
* Global state
*/
static SVRCOREPinObj *pinObj = 0;
/*
* SVRCORE_Pk11PasswordFunc
*
* DEPRECATED public interface.
*/
static char *
SVRCORE_Pk11PasswordFunc(PK11SlotInfo *slot, PRBool retry, void *ctx)
{
char *passwd;
/* If the user has not installed a cbk, then return failure (cancel) */
if (pinObj == 0) return 0;
/* Invoke the callback function, translating slot into token name */
passwd = SVRCORE_GetPin(pinObj, PK11_GetTokenName(slot), retry);
return passwd;
}
/*
* SVRCORE_RegisterPinObj
*/
void
SVRCORE_RegisterPinObj(SVRCOREPinObj *obj)
{
/* Set PK11 callback function to call back here */
PK11_SetPasswordFunc(SVRCORE_Pk11PasswordFunc);
/* Set object to use for getPin method */
pinObj = obj;
}
/*
* SVRCORE_GetRegisteredPinObj
*/
SVRCOREPinObj *
SVRCORE_GetRegisteredPinObj(void)
{
return pinObj;
}
/*
* pin.c - SVRCORE module implementing PK11 pin callback support
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape svrcore library.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include <svrcore.h>
#include <string.h>
#include <pk11func.h>
#include <seccomon.h>
/*
* Global state
*/
static SVRCOREPinObj *pinObj = 0;
/*
* SVRCORE_Pk11PasswordFunc
*
* DEPRECATED public interface.
*/
static char *
SVRCORE_Pk11PasswordFunc(PK11SlotInfo *slot, PRBool retry, void *ctx)
{
char *passwd;
/* If the user has not installed a cbk, then return failure (cancel) */
if (pinObj == 0) return 0;
/* Invoke the callback function, translating slot into token name */
passwd = SVRCORE_GetPin(pinObj, PK11_GetTokenName(slot), retry);
return passwd;
}
/*
* SVRCORE_RegisterPinObj
*/
void
SVRCORE_RegisterPinObj(SVRCOREPinObj *obj)
{
/* Set PK11 callback function to call back here */
PK11_SetPasswordFunc(SVRCORE_Pk11PasswordFunc);
/* Set object to use for getPin method */
pinObj = obj;
}
/*
* SVRCORE_GetRegisteredPinObj
*/
SVRCOREPinObj *
SVRCORE_GetRegisteredPinObj(void)
{
return pinObj;
}

618
security/svrcore/pk11.c
Просмотреть файл

@ -1,309 +1,309 @@
/*
* pk11.c - SVRCORE module for securely storing PIN using PK11
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape svrcore library.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include <svrcore.h>
#include <string.h>
#include <secitem.h>
#include <pk11func.h>
/* ------------------------------------------------------------ */
/*
* Mechanisms for doing the PIN encryption. Each of these lists
* an encryption mechanism, with setup, encode and decode routines that
* use that mechanism. The PK11PinStore looks for a mechanism
* that the token supports, and then uses it. If none is found,
* it will fail.
*/
typedef struct mech_item mech_item;
struct mech_item
{
CK_MECHANISM_TYPE type;
const char *mechName;
};
/* ------------------------------------------------------------ */
/*
* The table listing all mechanism to try
*/
#define MECH_TABLE_SIZE 4
static const mech_item table[MECH_TABLE_SIZE] = {
{ CKM_SKIPJACK_CBC64, "Skipjack CBC-64 encryption" },
{ CKM_DES3_CBC, "Triple-DES CBC encryption" },
{ CKM_CAST128_CBC, "CAST-128 CBC encryption" },
{ CKM_DES_CBC, "DES CBC encryption" }
};
static mech_item dflt_mech = { CKM_DES3_CBC, "Triple-DES CBC (default)" };
/* ------------------------------------------------------------ */
/*
* Implementation
*/
struct SVRCOREPk11PinStore
{
PK11SlotInfo *slot;
const mech_item *mech;
PK11SymKey *key;
SECItem *params;
int length;
unsigned char *crypt;
};
/* ------------------------------------------------------------ */
/*
* SVRCORE_CreatePk11PinStore
*/
SVRCOREError
SVRCORE_CreatePk11PinStore(
SVRCOREPk11PinStore **out,
const char *tokenName, const char *pin)
{
SVRCOREError err;
SVRCOREPk11PinStore *store;
do {
err = SVRCORE_Success;
store = (SVRCOREPk11PinStore*)malloc(sizeof *store);
if (store == 0) { err = SVRCORE_NoMemory_Error; break; }
/* Low-level init */
store->slot = 0;
store->key = 0;
store->params = 0;
store->crypt = 0;
/* Use the tokenName to find a PKCS11 slot */
store->slot = PK11_FindSlotByName((char *)tokenName);
if (store->slot == 0) { err = SVRCORE_NoSuchToken_Error; break; }
/* Check the password/PIN. This allows access to the token */
{
SECStatus rv = PK11_CheckUserPassword(store->slot, (char *)pin);
if (rv == SECSuccess)
;
else if (rv == SECWouldBlock)
{
err = SVRCORE_IncorrectPassword_Error;
break;
}
else
{
err = SVRCORE_System_Error;
break;
}
}
/* Find the mechanism that this token can do */
{
const mech_item *tp;
store->mech = 0;
for(tp = table;tp < &table[MECH_TABLE_SIZE];tp++)
{
if (PK11_DoesMechanism(store->slot, tp->type))
{
store->mech = tp;
break;
}
}
/* Default to a mechanism (probably on the internal token */
if (store->mech == 0)
store->mech = &dflt_mech;
}
/* Generate a key and parameters to do the encryption */
store->key = PK11_KeyGen(store->slot, store->mech->type,
0, 0, 0);
if (store->key == 0)
{
/* PR_SetError(xxx); */
err = SVRCORE_System_Error;
break;
}
store->params = PK11_GenerateNewParam(store->mech->type, store->key);
if (store->params == 0)
{
err = SVRCORE_System_Error;
break;
}
/* Compute the size of the encrypted data including necessary padding */
{
int blocksize = PK11_GetBlockSize(store->mech->type, 0);
store->length = strlen(pin)+1;
/* Compute padded size - 0 means stream cipher */
if (blocksize != 0)
{
store->length += blocksize - (store->length % blocksize);
}
store->crypt = (unsigned char *)malloc(store->length);
if (!store->crypt) { err = SVRCORE_NoMemory_Error; break; }
}
/* Encrypt */
{
unsigned char *plain;
PK11Context *ctx;
SECStatus rv;
int outLen;
plain = (unsigned char *)malloc(store->length);
if (!plain) { err = SVRCORE_NoMemory_Error; break; }
/* Pad with 0 bytes */
memset(plain, 0, store->length);
strcpy((char *)plain, pin);
ctx = PK11_CreateContextBySymKey(store->mech->type, CKA_ENCRYPT,
store->key, store->params);
if (!ctx) { err = SVRCORE_System_Error; break; }
do {
rv = PK11_CipherOp(ctx, store->crypt, &outLen, store->length,
plain, store->length);
if (rv) break;
rv = PK11_Finalize(ctx);
} while(0);
PK11_DestroyContext(ctx, PR_TRUE);
memset(plain, 0, store->length);
free(plain);
if (rv) err = SVRCORE_System_Error;
}
} while(0);
if (err)
{
SVRCORE_DestroyPk11PinStore(store);
store = 0;
}
*out = store;
return err;
}
/*
* SVRCORE_DestroyPk11PinStore
*/
void
SVRCORE_DestroyPk11PinStore(SVRCOREPk11PinStore *store)
{
if (store == 0) return;
if (store->slot)
{
PK11_FreeSlot(store->slot);
}
if (store->params)
{
SECITEM_ZfreeItem(store->params, PR_TRUE);
}
if (store->key)
{
PK11_FreeSymKey(store->key);
}
if (store->crypt)
{
memset(store->crypt, 0, store->length);
free(store->crypt);
}
free(store);
}
SVRCOREError
SVRCORE_Pk11StoreGetPin(char **out, SVRCOREPk11PinStore *store)
{
SVRCOREError err = SVRCORE_Success;
unsigned char *plain;
SECStatus rv;
PK11Context *ctx = 0;
int outLen;
do {
plain = (unsigned char *)malloc(store->length);
if (!plain) { err = SVRCORE_NoMemory_Error; break; }
ctx = PK11_CreateContextBySymKey(store->mech->type, CKA_DECRYPT,
store->key, store->params);
if (!ctx) { err = SVRCORE_System_Error; break; }
rv = PK11_CipherOp(ctx, plain, &outLen, store->length,
store->crypt, store->length);
if (rv) break;
rv = PK11_Finalize(ctx);
if (rv) break;
} while(0);
if (ctx) PK11_DestroyContext(ctx, PR_TRUE);
if (rv)
{
err = SVRCORE_System_Error;
memset(plain, 0, store->length);
free(plain);
plain = 0;
}
*out = (char *)plain;
return err;
}
const char *
SVRCORE_Pk11StoreGetMechName(const SVRCOREPk11PinStore *store)
{
return store->mech->mechName;
}
/*
* pk11.c - SVRCORE module for securely storing PIN using PK11
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape svrcore library.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include <svrcore.h>
#include <string.h>
#include <secitem.h>
#include <pk11func.h>
/* ------------------------------------------------------------ */
/*
* Mechanisms for doing the PIN encryption. Each of these lists
* an encryption mechanism, with setup, encode and decode routines that
* use that mechanism. The PK11PinStore looks for a mechanism
* that the token supports, and then uses it. If none is found,
* it will fail.
*/
typedef struct mech_item mech_item;
struct mech_item
{
CK_MECHANISM_TYPE type;
const char *mechName;
};
/* ------------------------------------------------------------ */
/*
* The table listing all mechanism to try
*/
#define MECH_TABLE_SIZE 4
static const mech_item table[MECH_TABLE_SIZE] = {
{ CKM_SKIPJACK_CBC64, "Skipjack CBC-64 encryption" },
{ CKM_DES3_CBC, "Triple-DES CBC encryption" },
{ CKM_CAST128_CBC, "CAST-128 CBC encryption" },
{ CKM_DES_CBC, "DES CBC encryption" }
};
static mech_item dflt_mech = { CKM_DES3_CBC, "Triple-DES CBC (default)" };
/* ------------------------------------------------------------ */
/*
* Implementation
*/
struct SVRCOREPk11PinStore
{
PK11SlotInfo *slot;
const mech_item *mech;
PK11SymKey *key;
SECItem *params;
int length;
unsigned char *crypt;
};
/* ------------------------------------------------------------ */
/*
* SVRCORE_CreatePk11PinStore
*/
SVRCOREError
SVRCORE_CreatePk11PinStore(
SVRCOREPk11PinStore **out,
const char *tokenName, const char *pin)
{
SVRCOREError err;
SVRCOREPk11PinStore *store;
do {
err = SVRCORE_Success;
store = (SVRCOREPk11PinStore*)malloc(sizeof *store);
if (store == 0) { err = SVRCORE_NoMemory_Error; break; }
/* Low-level init */
store->slot = 0;
store->key = 0;
store->params = 0;
store->crypt = 0;
/* Use the tokenName to find a PKCS11 slot */
store->slot = PK11_FindSlotByName((char *)tokenName);
if (store->slot == 0) { err = SVRCORE_NoSuchToken_Error; break; }
/* Check the password/PIN. This allows access to the token */
{
SECStatus rv = PK11_CheckUserPassword(store->slot, (char *)pin);
if (rv == SECSuccess)
;
else if (rv == SECWouldBlock)
{
err = SVRCORE_IncorrectPassword_Error;
break;
}
else
{
err = SVRCORE_System_Error;
break;
}
}
/* Find the mechanism that this token can do */
{
const mech_item *tp;
store->mech = 0;
for(tp = table;tp < &table[MECH_TABLE_SIZE];tp++)
{
if (PK11_DoesMechanism(store->slot, tp->type))
{
store->mech = tp;
break;
}
}
/* Default to a mechanism (probably on the internal token */
if (store->mech == 0)
store->mech = &dflt_mech;
}
/* Generate a key and parameters to do the encryption */
store->key = PK11_KeyGen(store->slot, store->mech->type,
0, 0, 0);
if (store->key == 0)
{
/* PR_SetError(xxx); */
err = SVRCORE_System_Error;
break;
}
store->params = PK11_GenerateNewParam(store->mech->type, store->key);
if (store->params == 0)
{
err = SVRCORE_System_Error;
break;
}
/* Compute the size of the encrypted data including necessary padding */
{
int blocksize = PK11_GetBlockSize(store->mech->type, 0);
store->length = strlen(pin)+1;
/* Compute padded size - 0 means stream cipher */
if (blocksize != 0)
{
store->length += blocksize - (store->length % blocksize);
}
store->crypt = (unsigned char *)malloc(store->length);
if (!store->crypt) { err = SVRCORE_NoMemory_Error; break; }
}
/* Encrypt */
{
unsigned char *plain;
PK11Context *ctx;
SECStatus rv;
int outLen;
plain = (unsigned char *)malloc(store->length);
if (!plain) { err = SVRCORE_NoMemory_Error; break; }
/* Pad with 0 bytes */
memset(plain, 0, store->length);
strcpy((char *)plain, pin);
ctx = PK11_CreateContextBySymKey(store->mech->type, CKA_ENCRYPT,
store->key, store->params);
if (!ctx) { err = SVRCORE_System_Error; break; }
do {
rv = PK11_CipherOp(ctx, store->crypt, &outLen, store->length,
plain, store->length);
if (rv) break;
rv = PK11_Finalize(ctx);
} while(0);
PK11_DestroyContext(ctx, PR_TRUE);
memset(plain, 0, store->length);
free(plain);
if (rv) err = SVRCORE_System_Error;
}
} while(0);
if (err)
{
SVRCORE_DestroyPk11PinStore(store);
store = 0;
}
*out = store;
return err;
}
/*
* SVRCORE_DestroyPk11PinStore
*/
void
SVRCORE_DestroyPk11PinStore(SVRCOREPk11PinStore *store)
{
if (store == 0) return;
if (store->slot)
{
PK11_FreeSlot(store->slot);
}
if (store->params)
{
SECITEM_ZfreeItem(store->params, PR_TRUE);
}
if (store->key)
{
PK11_FreeSymKey(store->key);
}
if (store->crypt)
{
memset(store->crypt, 0, store->length);
free(store->crypt);
}
free(store);
}
SVRCOREError
SVRCORE_Pk11StoreGetPin(char **out, SVRCOREPk11PinStore *store)
{
SVRCOREError err = SVRCORE_Success;
unsigned char *plain;
SECStatus rv;
PK11Context *ctx = 0;
int outLen;
do {
plain = (unsigned char *)malloc(store->length);
if (!plain) { err = SVRCORE_NoMemory_Error; break; }
ctx = PK11_CreateContextBySymKey(store->mech->type, CKA_DECRYPT,
store->key, store->params);
if (!ctx) { err = SVRCORE_System_Error; break; }
rv = PK11_CipherOp(ctx, plain, &outLen, store->length,
store->crypt, store->length);
if (rv) break;
rv = PK11_Finalize(ctx);
if (rv) break;
} while(0);
if (ctx) PK11_DestroyContext(ctx, PR_TRUE);
if (rv)
{
err = SVRCORE_System_Error;
memset(plain, 0, store->length);
free(plain);
plain = 0;
}
*out = (char *)plain;
return err;
}
const char *
SVRCORE_Pk11StoreGetMechName(const SVRCOREPk11PinStore *store)
{
return store->mech->mechName;
}

370
security/svrcore/std.c
Просмотреть файл

@ -1,185 +1,185 @@
/*
* std.c - StandardSVRCORE module for reading a PIN
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape svrcore library.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include <stdio.h>
#include <string.h>
#include <svrcore.h>
/* ------------------------------------------------------------ */
/*
* SVRCOREStdPinObj implementation
*/
struct SVRCOREStdPinObj
{
SVRCOREPinObj base;
SVRCORECachedPinObj *cache;
SVRCOREAltPinObj *alt;
SVRCOREFilePinObj *file;
SVRCOREUserPinObj *user;
SVRCOREPinObj *top;
};
static const SVRCOREPinMethods vtable;
/* ------------------------------------------------------------ */
SVRCOREError
SVRCORE_CreateStdPinObj(
SVRCOREStdPinObj **out,
const char *filename, PRBool cachePINs)
{
SVRCOREError err = SVRCORE_Success;
SVRCOREStdPinObj *obj = 0;
do {
SVRCOREPinObj *top;
obj = (SVRCOREStdPinObj *)malloc(sizeof (SVRCOREStdPinObj));
if (!obj) { err = SVRCORE_NoMemory_Error; break; }
obj->base.methods = &vtable;
obj->cache = 0;
obj->alt = 0;
obj->file = 0;
obj->user = 0;
err = SVRCORE_CreateUserPinObj(&obj->user);
if (err) break;
top = (SVRCOREPinObj*)obj->user;
/* If filename is provided, splice it into the chain */
if (filename)
{
err = SVRCORE_CreateFilePinObj(&obj->file, filename);
if (err) break;
err = SVRCORE_CreateAltPinObj(&obj->alt,
(SVRCOREPinObj*)obj->file, top);
if (err) break;
top = (SVRCOREPinObj*)obj->alt;
}
/* Create cache object if requested */
if (cachePINs)
{
err = SVRCORE_CreateCachedPinObj(&obj->cache, top);
if (err) break;
top = (SVRCOREPinObj*)obj->cache;
}
obj->top = top;
} while(0);
if (err != SVRCORE_Success)
{
SVRCORE_DestroyStdPinObj(obj);
}
*out = obj;
return err;
}
void
SVRCORE_DestroyStdPinObj(
SVRCOREStdPinObj *obj)
{
if (!obj) return;
if (obj->user) SVRCORE_DestroyUserPinObj(obj->user);
if (obj->file) SVRCORE_DestroyFilePinObj(obj->file);
if (obj->alt) SVRCORE_DestroyAltPinObj(obj->alt);
if (obj->cache) SVRCORE_DestroyCachedPinObj(obj->cache);
free(obj);
}
/* ------------------------------------------------------------ */
void
SVRCORE_SetStdPinInteractive(SVRCOREStdPinObj *obj, PRBool i)
{
SVRCORE_SetUserPinInteractive(obj->user, i);
}
/* ------------------------------------------------------------ */
/*
* SVRCORE_StdPinGetPin
*/
SVRCOREError
SVRCORE_StdPinGetPin(char **pin, SVRCOREStdPinObj *obj,
const char *tokenName)
{
/* Make sure caching is turned on */
if (!obj->cache)
{
*pin = 0;
return SVRCORE_NoSuchToken_Error;
}
return SVRCORE_CachedPinGetPin(pin, obj->cache, tokenName);
}
/* ------------------------------------------------------------ */
/*
* vtable methods
*/
static void
destroyObject(SVRCOREPinObj *obj)
{
SVRCORE_DestroyStdPinObj((SVRCOREStdPinObj*)obj);
}
static char *
getPin(SVRCOREPinObj *pinObj, const char *tokenName, PRBool retry)
{
SVRCOREStdPinObj *obj = (SVRCOREStdPinObj*)pinObj;
/* Just forward call to the top level handler */
return SVRCORE_GetPin(obj->top, tokenName, retry);
}
/*
* VTable
*/
static const SVRCOREPinMethods vtable =
{ 0, 0, destroyObject, getPin };
/*
* std.c - StandardSVRCORE module for reading a PIN
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape svrcore library.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include <stdio.h>
#include <string.h>
#include <svrcore.h>
/* ------------------------------------------------------------ */
/*
* SVRCOREStdPinObj implementation
*/
struct SVRCOREStdPinObj
{
SVRCOREPinObj base;
SVRCORECachedPinObj *cache;
SVRCOREAltPinObj *alt;
SVRCOREFilePinObj *file;
SVRCOREUserPinObj *user;
SVRCOREPinObj *top;
};
static const SVRCOREPinMethods vtable;
/* ------------------------------------------------------------ */
SVRCOREError
SVRCORE_CreateStdPinObj(
SVRCOREStdPinObj **out,
const char *filename, PRBool cachePINs)
{
SVRCOREError err = SVRCORE_Success;
SVRCOREStdPinObj *obj = 0;
do {
SVRCOREPinObj *top;
obj = (SVRCOREStdPinObj *)malloc(sizeof (SVRCOREStdPinObj));
if (!obj) { err = SVRCORE_NoMemory_Error; break; }
obj->base.methods = &vtable;
obj->cache = 0;
obj->alt = 0;
obj->file = 0;
obj->user = 0;
err = SVRCORE_CreateUserPinObj(&obj->user);
if (err) break;
top = (SVRCOREPinObj*)obj->user;
/* If filename is provided, splice it into the chain */
if (filename)
{
err = SVRCORE_CreateFilePinObj(&obj->file, filename);
if (err) break;
err = SVRCORE_CreateAltPinObj(&obj->alt,
(SVRCOREPinObj*)obj->file, top);
if (err) break;
top = (SVRCOREPinObj*)obj->alt;
}
/* Create cache object if requested */
if (cachePINs)
{
err = SVRCORE_CreateCachedPinObj(&obj->cache, top);
if (err) break;
top = (SVRCOREPinObj*)obj->cache;
}
obj->top = top;
} while(0);
if (err != SVRCORE_Success)
{
SVRCORE_DestroyStdPinObj(obj);
}
*out = obj;
return err;
}
void
SVRCORE_DestroyStdPinObj(
SVRCOREStdPinObj *obj)
{
if (!obj) return;
if (obj->user) SVRCORE_DestroyUserPinObj(obj->user);
if (obj->file) SVRCORE_DestroyFilePinObj(obj->file);
if (obj->alt) SVRCORE_DestroyAltPinObj(obj->alt);
if (obj->cache) SVRCORE_DestroyCachedPinObj(obj->cache);
free(obj);
}
/* ------------------------------------------------------------ */
void
SVRCORE_SetStdPinInteractive(SVRCOREStdPinObj *obj, PRBool i)
{
SVRCORE_SetUserPinInteractive(obj->user, i);
}
/* ------------------------------------------------------------ */
/*
* SVRCORE_StdPinGetPin
*/
SVRCOREError
SVRCORE_StdPinGetPin(char **pin, SVRCOREStdPinObj *obj,
const char *tokenName)
{
/* Make sure caching is turned on */
if (!obj->cache)
{
*pin = 0;
return SVRCORE_NoSuchToken_Error;
}
return SVRCORE_CachedPinGetPin(pin, obj->cache, tokenName);
}
/* ------------------------------------------------------------ */
/*
* vtable methods
*/
static void
destroyObject(SVRCOREPinObj *obj)
{
SVRCORE_DestroyStdPinObj((SVRCOREStdPinObj*)obj);
}
static char *
getPin(SVRCOREPinObj *pinObj, const char *tokenName, PRBool retry)
{
SVRCOREStdPinObj *obj = (SVRCOREStdPinObj*)pinObj;
/* Just forward call to the top level handler */
return SVRCORE_GetPin(obj->top, tokenName, retry);
}
/*
* VTable
*/
static const SVRCOREPinMethods vtable =
{ 0, 0, destroyObject, getPin };

554
security/svrcore/svrcore.h
Просмотреть файл

@ -1,277 +1,277 @@
/*
* Interface to policy configuration for export-control modules
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape svrcore library.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifndef __SVRCORE_H_
#define __SVRCORE_H_
#include <prtypes.h>
#include <seccomon.h>
#include <pk11func.h>
PR_BEGIN_EXTERN_C
/* ------------------------------------------------------------ */
/*
* SVRCOREError - error values generated by components in the
* SVRCORE module.
*/
enum SVRCOREError
{
SVRCORE_Success = 0,
SVRCORE_NoMemory_Error = 1,
SVRCORE_System_Error = 2,
SVRCORE_NoSuchToken_Error = 3,
SVRCORE_IncorrectPassword_Error = 4,
SVRCORE_MaximumErrorValue = 4
};
typedef enum SVRCOREError SVRCOREError;
/* ------------------------------------------------------------ */
/*
* PIN Object - provides an interface to get the PIN for
* a PKCS11 token.
*
* Methods:
* destroyObj - delete the object
* getPin - retrieve the PIN for the token with name "tokenName". The
* retry flag is set if this request is a retry due to an incorrect
* PIN. Implementations should not return a "cached" copy in this case,
* since it will result in multiple fails, and will disable some tokens.
* The memory allocated for the returned string must be on the system
* heap. It will be released using "free"
*/
typedef struct SVRCOREPinObj SVRCOREPinObj;
typedef struct SVRCOREPinMethods SVRCOREPinMethods;
struct SVRCOREPinMethods
{
void *(*reserved0)(SVRCOREPinObj *, void *);
void (*reserved1)(SVRCOREPinObj *);
void (*destroyObj)(SVRCOREPinObj* obj);
char *(*getPin)(SVRCOREPinObj *obj, const char *tokenName, PRBool retryFlag);
};
struct SVRCOREPinObj
{
const SVRCOREPinMethods *methods;
};
/*
* Methods on SVRCOREPinObj
*/
/* char *SVRCORE_GetPin(SVRCOREPinObj *, char *tokenName, PRBool retry) */
#define SVRCORE_GetPin(obj, name, retry) \
(obj)->methods->getPin(obj, name, retry)
/* void SVRCORE_DestroyPinObj(SVRCOREPinObj *) */
#define SVRCORE_DestroyPinObj(obj) \
(obj)->methods->destroyObj(obj)
/* ------------------------------------------------------------ */
/*
* SVRCORE_RegisterPinObj - registers the PIN handling object with the
* PK11 module.
*
* The PIN object's getPin method will be called when the NSS layer
* requires a password/PIN for a token. The caller may provide NULL
* as the pin object, in which case, no password callbacks will be invoked.
* This may be used to unregister the object prior to deleting it.
*/
void
SVRCORE_RegisterPinObj(SVRCOREPinObj *obj);
/*
* SVRCORE_GetRegisteredPinObj - get the currently registered Pin object
* (if any)
*
* Return a pointer to the currently register Pin object. If none has been
* registered, NULL is returned.
*/
SVRCOREPinObj *
SVRCORE_GetRegisteredPinObj(void);
/* ------------------------------------------------------------ */
/*
* SVRCOREStdPinObj - implementation of SVRCOREPinObj that
* provides the standard handling for servers. This includes
* optional file lookup, and optional caching
*
* SVRCORE_SetStdPinInteractive - allows the application to declare
* that input via the terminal is no longer possible (set interactive
* to PR_FALSE). See the corresponding routine for UserPinObj
*
* SVRCORE_StdPinGetPin - get a (securely) cached PIN value. Returns
* SVRCORE_NoSuchToken_Error if the object is not set up for caching.
*/
typedef struct SVRCOREStdPinObj SVRCOREStdPinObj;
SVRCOREError
SVRCORE_CreateStdPinObj(SVRCOREStdPinObj **out,
const char *filename, PRBool cachePINs);
void
SVRCORE_SetStdPinInteractive(SVRCOREStdPinObj *obj, PRBool interactive);
SVRCOREError
SVRCORE_StdPinGetPin(char **pin, SVRCOREStdPinObj *obj,
const char *tokenName);
void
SVRCORE_DestroyStdPinObj(SVRCOREStdPinObj *obj);
/* ------------------------------------------------------------ */
/*
* SVRCOREUserPinObj - implementation of SVRCOREPinObj that
* requests the PIN on the terminal.
*
* SVRCORE_SetUserPinInteractive - allows the application to declare
* that input via the terminal is no longer possible (set interactive
* to PR_FALSE). When this is the case, the object returns NULL (no
* PIN available)
*/
typedef struct SVRCOREUserPinObj SVRCOREUserPinObj;
SVRCOREError
SVRCORE_CreateUserPinObj(SVRCOREUserPinObj **out);
void
SVRCORE_SetUserPinInteractive(SVRCOREUserPinObj *obj, PRBool interactive);
void
SVRCORE_DestroyUserPinObj(SVRCOREUserPinObj *obj);
/* ------------------------------------------------------------ */
/*
* SVRCOREAltPinObj - allows cascading of PinObj. For example, an
* application can first check a file (FilePinObj) and then the terminal
* (UserPinObj). The primary object is called first then, if no PIN is
* available, the alternate object is called.
*
* This object does not claim ownership of the PinObjs. The application
* must delete them (after deleting the AltPinObj).
*/
typedef struct SVRCOREAltPinObj SVRCOREAltPinObj;
SVRCOREError
SVRCORE_CreateAltPinObj(
SVRCOREAltPinObj **out,
SVRCOREPinObj *primary, SVRCOREPinObj *alt);
void SVRCORE_DestroyAltPinObj(SVRCOREAltPinObj *obj);
/* ------------------------------------------------------------ */
/*
* SVRCOREFilePinObj - implements reading PINs from a file. The
* name of the file is provided in the constructor.
*/
typedef struct SVRCOREFilePinObj SVRCOREFilePinObj;
SVRCOREError
SVRCORE_CreateFilePinObj(
SVRCOREFilePinObj **out,
const char *filename);
void
SVRCORE_DestroyFilePinObj(SVRCOREFilePinObj *obj);
/* ------------------------------------------------------------ */
/*
* SVRCORECachedPinObj - implementation of SVRCOREPinObj that
* caches the PIN in a secure way.
*
* SVRCORE_CachedPinGetPin - allows the application to retrieve
* the stored pin. The application should free the value useing free()
* after clearing the memory.
*/
typedef struct SVRCORECachedPinObj SVRCORECachedPinObj;
SVRCOREError
SVRCORE_CreateCachedPinObj(SVRCORECachedPinObj **out, SVRCOREPinObj *alt);
SVRCOREError
SVRCORE_CachedPinGetPin(char **pin, SVRCORECachedPinObj *obj,
const char *tokenName);
void
SVRCORE_DestroyCachedPinObj(SVRCORECachedPinObj *obj);
/* ------------------------------------------------------------ */
/*
* Implements SVRCORESecurePinStore interface
*/
typedef struct SVRCOREPk11PinStore SVRCOREPk11PinStore;
/*
* SVRCORE_GetPk11PinStoreError
*/
SECStatus SVRCORE_Pk11StoreGetError(const SVRCOREPk11PinStore *store);
/* Experimental */
const char *SVRCORE_Pk11StoreGetMechName(const SVRCOREPk11PinStore *store);
/*
* SVRCORE_CreatePk11PinStore
* Args:
* None
* Errors:
* SVRCORE_Success
* SVRCORE_NoMemory_Error
* SVRCORE_NoSuchToken_Error
* SVRCORE_System_Error
* SVRCORE_IncorrectPassword_Error
*/
SVRCOREError
SVRCORE_CreatePk11PinStore(
SVRCOREPk11PinStore **out, /* Output */
const char *tokenName,
const char *pin);
SVRCOREError
SVRCORE_Pk11StoreGetPin(
char **out, /* Output */
SVRCOREPk11PinStore *store);
void
SVRCORE_DestroyPk11PinStore(
SVRCOREPk11PinStore *store);
PR_END_EXTERN_C
#endif
/*
* Interface to policy configuration for export-control modules
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape svrcore library.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifndef __SVRCORE_H_
#define __SVRCORE_H_
#include <prtypes.h>
#include <seccomon.h>
#include <pk11func.h>
PR_BEGIN_EXTERN_C
/* ------------------------------------------------------------ */
/*
* SVRCOREError - error values generated by components in the
* SVRCORE module.
*/
enum SVRCOREError
{
SVRCORE_Success = 0,
SVRCORE_NoMemory_Error = 1,
SVRCORE_System_Error = 2,
SVRCORE_NoSuchToken_Error = 3,
SVRCORE_IncorrectPassword_Error = 4,
SVRCORE_MaximumErrorValue = 4
};
typedef enum SVRCOREError SVRCOREError;
/* ------------------------------------------------------------ */
/*
* PIN Object - provides an interface to get the PIN for
* a PKCS11 token.
*
* Methods:
* destroyObj - delete the object
* getPin - retrieve the PIN for the token with name "tokenName". The
* retry flag is set if this request is a retry due to an incorrect
* PIN. Implementations should not return a "cached" copy in this case,
* since it will result in multiple fails, and will disable some tokens.
* The memory allocated for the returned string must be on the system
* heap. It will be released using "free"
*/
typedef struct SVRCOREPinObj SVRCOREPinObj;
typedef struct SVRCOREPinMethods SVRCOREPinMethods;
struct SVRCOREPinMethods
{
void *(*reserved0)(SVRCOREPinObj *, void *);
void (*reserved1)(SVRCOREPinObj *);
void (*destroyObj)(SVRCOREPinObj* obj);
char *(*getPin)(SVRCOREPinObj *obj, const char *tokenName, PRBool retryFlag);
};
struct SVRCOREPinObj
{
const SVRCOREPinMethods *methods;
};
/*
* Methods on SVRCOREPinObj
*/
/* char *SVRCORE_GetPin(SVRCOREPinObj *, char *tokenName, PRBool retry) */
#define SVRCORE_GetPin(obj, name, retry) \
(obj)->methods->getPin(obj, name, retry)
/* void SVRCORE_DestroyPinObj(SVRCOREPinObj *) */
#define SVRCORE_DestroyPinObj(obj) \
(obj)->methods->destroyObj(obj)
/* ------------------------------------------------------------ */
/*
* SVRCORE_RegisterPinObj - registers the PIN handling object with the
* PK11 module.
*
* The PIN object's getPin method will be called when the NSS layer
* requires a password/PIN for a token. The caller may provide NULL
* as the pin object, in which case, no password callbacks will be invoked.
* This may be used to unregister the object prior to deleting it.
*/
void
SVRCORE_RegisterPinObj(SVRCOREPinObj *obj);
/*
* SVRCORE_GetRegisteredPinObj - get the currently registered Pin object
* (if any)
*
* Return a pointer to the currently register Pin object. If none has been
* registered, NULL is returned.
*/
SVRCOREPinObj *
SVRCORE_GetRegisteredPinObj(void);
/* ------------------------------------------------------------ */
/*
* SVRCOREStdPinObj - implementation of SVRCOREPinObj that
* provides the standard handling for servers. This includes
* optional file lookup, and optional caching
*
* SVRCORE_SetStdPinInteractive - allows the application to declare
* that input via the terminal is no longer possible (set interactive
* to PR_FALSE). See the corresponding routine for UserPinObj
*
* SVRCORE_StdPinGetPin - get a (securely) cached PIN value. Returns
* SVRCORE_NoSuchToken_Error if the object is not set up for caching.
*/
typedef struct SVRCOREStdPinObj SVRCOREStdPinObj;
SVRCOREError
SVRCORE_CreateStdPinObj(SVRCOREStdPinObj **out,
const char *filename, PRBool cachePINs);
void
SVRCORE_SetStdPinInteractive(SVRCOREStdPinObj *obj, PRBool interactive);
SVRCOREError
SVRCORE_StdPinGetPin(char **pin, SVRCOREStdPinObj *obj,
const char *tokenName);
void
SVRCORE_DestroyStdPinObj(SVRCOREStdPinObj *obj);
/* ------------------------------------------------------------ */
/*
* SVRCOREUserPinObj - implementation of SVRCOREPinObj that
* requests the PIN on the terminal.
*
* SVRCORE_SetUserPinInteractive - allows the application to declare
* that input via the terminal is no longer possible (set interactive
* to PR_FALSE). When this is the case, the object returns NULL (no
* PIN available)
*/
typedef struct SVRCOREUserPinObj SVRCOREUserPinObj;
SVRCOREError
SVRCORE_CreateUserPinObj(SVRCOREUserPinObj **out);
void
SVRCORE_SetUserPinInteractive(SVRCOREUserPinObj *obj, PRBool interactive);
void
SVRCORE_DestroyUserPinObj(SVRCOREUserPinObj *obj);
/* ------------------------------------------------------------ */
/*
* SVRCOREAltPinObj - allows cascading of PinObj. For example, an
* application can first check a file (FilePinObj) and then the terminal
* (UserPinObj). The primary object is called first then, if no PIN is
* available, the alternate object is called.
*
* This object does not claim ownership of the PinObjs. The application
* must delete them (after deleting the AltPinObj).
*/
typedef struct SVRCOREAltPinObj SVRCOREAltPinObj;
SVRCOREError
SVRCORE_CreateAltPinObj(
SVRCOREAltPinObj **out,
SVRCOREPinObj *primary, SVRCOREPinObj *alt);
void SVRCORE_DestroyAltPinObj(SVRCOREAltPinObj *obj);
/* ------------------------------------------------------------ */
/*
* SVRCOREFilePinObj - implements reading PINs from a file. The
* name of the file is provided in the constructor.
*/
typedef struct SVRCOREFilePinObj SVRCOREFilePinObj;
SVRCOREError
SVRCORE_CreateFilePinObj(
SVRCOREFilePinObj **out,
const char *filename);
void
SVRCORE_DestroyFilePinObj(SVRCOREFilePinObj *obj);
/* ------------------------------------------------------------ */
/*
* SVRCORECachedPinObj - implementation of SVRCOREPinObj that
* caches the PIN in a secure way.
*
* SVRCORE_CachedPinGetPin - allows the application to retrieve
* the stored pin. The application should free the value useing free()
* after clearing the memory.
*/
typedef struct SVRCORECachedPinObj SVRCORECachedPinObj;
SVRCOREError
SVRCORE_CreateCachedPinObj(SVRCORECachedPinObj **out, SVRCOREPinObj *alt);
SVRCOREError
SVRCORE_CachedPinGetPin(char **pin, SVRCORECachedPinObj *obj,
const char *tokenName);
void
SVRCORE_DestroyCachedPinObj(SVRCORECachedPinObj *obj);
/* ------------------------------------------------------------ */
/*
* Implements SVRCORESecurePinStore interface
*/
typedef struct SVRCOREPk11PinStore SVRCOREPk11PinStore;
/*
* SVRCORE_GetPk11PinStoreError
*/
SECStatus SVRCORE_Pk11StoreGetError(const SVRCOREPk11PinStore *store);
/* Experimental */
const char *SVRCORE_Pk11StoreGetMechName(const SVRCOREPk11PinStore *store);
/*
* SVRCORE_CreatePk11PinStore
* Args:
* None
* Errors:
* SVRCORE_Success
* SVRCORE_NoMemory_Error
* SVRCORE_NoSuchToken_Error
* SVRCORE_System_Error
* SVRCORE_IncorrectPassword_Error
*/
SVRCOREError
SVRCORE_CreatePk11PinStore(
SVRCOREPk11PinStore **out, /* Output */
const char *tokenName,
const char *pin);
SVRCOREError
SVRCORE_Pk11StoreGetPin(
char **out, /* Output */
SVRCOREPk11PinStore *store);
void
SVRCORE_DestroyPk11PinStore(
SVRCOREPk11PinStore *store);
PR_END_EXTERN_C
#endif

402
security/svrcore/user.c
Просмотреть файл

@ -1,201 +1,201 @@
/*
* tty.c - SVRCORE module for reading PIN from the terminal
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape svrcore library.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include <stdio.h>
#include <string.h>
#include <svrcore.h>
#ifdef WIN32
#include <windows.h>
#endif /* WIN32 */
/* ------------------------------------------------------------ */
/* I18N */
static const char retryWarning[] =
"Warning: Incorrect PIN may result in disabling the token";
static const char prompt[] = "Enter PIN for";
static const char nt_retryWarning[] =
"Warning: You entered an incorrect PIN. Incorrect PIN may result in disabling the token";
struct SVRCOREUserPinObj
{
SVRCOREPinObj base;
PRBool interactive;
};
static const struct SVRCOREPinMethods vtable;
#ifdef WIN32
extern char* NT_PromptForPin(const char *tokenName);
#endif
/* ------------------------------------------------------------ */
/*
* Support routines for changing terminal modes on UNIX
*/
#ifdef XP_UNIX
#include <termios.h>
#include <unistd.h>
static void echoOff(int fd)
{
if (isatty(fd)) {
struct termios tio;
tcgetattr(fd, &tio);
tio.c_lflag &= ~ECHO;
tcsetattr(fd, TCSAFLUSH, &tio);
}
}
static void echoOn(int fd)
{
if (isatty(fd)) {
struct termios tio;
tcgetattr(fd, &tio);
tio.c_lflag |= ECHO;
tcsetattr(fd, TCSAFLUSH, &tio);
}
}
#endif
/* ------------------------------------------------------------ */
SVRCOREError
SVRCORE_CreateUserPinObj(SVRCOREUserPinObj **out)
{
SVRCOREError err = 0;
SVRCOREUserPinObj *obj = 0;
do {
obj = (SVRCOREUserPinObj*)malloc(sizeof (SVRCOREUserPinObj));
if (!obj) { err = 1; break; }
obj->base.methods = &vtable;
obj->interactive = PR_TRUE;
} while(0);
if (err)
{
SVRCORE_DestroyUserPinObj(obj);
obj = 0;
}
*out = obj;
return err;
}
void
SVRCORE_DestroyUserPinObj(SVRCOREUserPinObj *obj)
{
if (obj) free(obj);
}
void
SVRCORE_SetUserPinInteractive(SVRCOREUserPinObj *obj, PRBool i)
{
obj->interactive = i;
}
static void destroyObject(SVRCOREPinObj *obj)
{
SVRCORE_DestroyUserPinObj((SVRCOREUserPinObj*)obj);
}
static char *getPin(SVRCOREPinObj *obj, const char *tokenName, PRBool retry)
{
SVRCOREUserPinObj *tty = (SVRCOREUserPinObj*)obj;
char line[128];
char *res;
/* If the program is not interactive then return no result */
if (!tty->interactive) return 0;
#ifdef WIN32
if (retry) {
MessageBox(GetDesktopWindow(), nt_retryWarning,
"Netscape Server", MB_ICONEXCLAMATION | MB_OK);
}
return NT_PromptForPin(tokenName);
#else
if (retry)
fprintf(stdout, "%s\n", retryWarning);
echoOff(fileno(stdin));
/***
Please Note: the following printf statement was changed from fprintf(stdout,...) because
of an odd problem with the Linux build. The issue is that libc.so has a symbol for stdout
and libstdc++.so which we also reference has a symbol for stdout. Normally the libc.so version
of stdout is resolved first and writing to stdout is no problem. Unfortunately something happens
on Linux which allows the "other" stdout from libstdc++.so to get referenced so that when a call
to fprintf(stdout,...) is made the new stdout which has never been initialized get's written
to causing a sigsegv. At this point we can not easily remove libstdc++.so from the dependencies
because other code which slapd uses happens to be C++ code which causes the reference of
libstdc++.so .
It was determined that the quickest way to resolve the issue for now was to change the fprintf
calls to printf thereby fixing the crashes on a temp basis. Using printf seems to work because
it references stdout internally which means it will use the one from libc.so .
***/
printf("%s %s: ", prompt, tokenName);
fflush(stdout);
/* Read input */
res = fgets(line, sizeof line, stdin);
echoOn(fileno(stdin));
printf("\n");
if (!res) return 0;
/* Find and kill the newline */
if ((res = strchr(line, '\n')) != NULL) *res = 0;
/* Return no-response if user typed an empty line */
if (line[0] == 0) return 0;
return strdup(line);
#endif /* WIN32 */
}
/*
* VTable
*/
static const SVRCOREPinMethods vtable =
{ 0, 0, destroyObject, getPin };
/*
* tty.c - SVRCORE module for reading PIN from the terminal
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape svrcore library.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1998
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include <stdio.h>
#include <string.h>
#include <svrcore.h>
#ifdef WIN32
#include <windows.h>
#endif /* WIN32 */
/* ------------------------------------------------------------ */
/* I18N */
static const char retryWarning[] =
"Warning: Incorrect PIN may result in disabling the token";
static const char prompt[] = "Enter PIN for";
static const char nt_retryWarning[] =
"Warning: You entered an incorrect PIN. Incorrect PIN may result in disabling the token";
struct SVRCOREUserPinObj
{
SVRCOREPinObj base;
PRBool interactive;
};
static const struct SVRCOREPinMethods vtable;
#ifdef WIN32
extern char* NT_PromptForPin(const char *tokenName);
#endif
/* ------------------------------------------------------------ */
/*
* Support routines for changing terminal modes on UNIX
*/
#ifdef XP_UNIX
#include <termios.h>
#include <unistd.h>
static void echoOff(int fd)
{
if (isatty(fd)) {
struct termios tio;
tcgetattr(fd, &tio);
tio.c_lflag &= ~ECHO;
tcsetattr(fd, TCSAFLUSH, &tio);
}
}
static void echoOn(int fd)
{
if (isatty(fd)) {
struct termios tio;
tcgetattr(fd, &tio);
tio.c_lflag |= ECHO;
tcsetattr(fd, TCSAFLUSH, &tio);
}
}
#endif
/* ------------------------------------------------------------ */
SVRCOREError
SVRCORE_CreateUserPinObj(SVRCOREUserPinObj **out)
{
SVRCOREError err = 0;
SVRCOREUserPinObj *obj = 0;
do {
obj = (SVRCOREUserPinObj*)malloc(sizeof (SVRCOREUserPinObj));
if (!obj) { err = 1; break; }
obj->base.methods = &vtable;
obj->interactive = PR_TRUE;
} while(0);
if (err)
{
SVRCORE_DestroyUserPinObj(obj);
obj = 0;
}
*out = obj;
return err;
}
void
SVRCORE_DestroyUserPinObj(SVRCOREUserPinObj *obj)
{
if (obj) free(obj);
}
void
SVRCORE_SetUserPinInteractive(SVRCOREUserPinObj *obj, PRBool i)
{
obj->interactive = i;
}
static void destroyObject(SVRCOREPinObj *obj)
{
SVRCORE_DestroyUserPinObj((SVRCOREUserPinObj*)obj);
}
static char *getPin(SVRCOREPinObj *obj, const char *tokenName, PRBool retry)
{
SVRCOREUserPinObj *tty = (SVRCOREUserPinObj*)obj;
char line[128];
char *res;
/* If the program is not interactive then return no result */
if (!tty->interactive) return 0;
#ifdef WIN32
if (retry) {
MessageBox(GetDesktopWindow(), nt_retryWarning,
"Netscape Server", MB_ICONEXCLAMATION | MB_OK);
}
return NT_PromptForPin(tokenName);
#else
if (retry)
fprintf(stdout, "%s\n", retryWarning);
echoOff(fileno(stdin));
/***
Please Note: the following printf statement was changed from fprintf(stdout,...) because
of an odd problem with the Linux build. The issue is that libc.so has a symbol for stdout
and libstdc++.so which we also reference has a symbol for stdout. Normally the libc.so version
of stdout is resolved first and writing to stdout is no problem. Unfortunately something happens
on Linux which allows the "other" stdout from libstdc++.so to get referenced so that when a call
to fprintf(stdout,...) is made the new stdout which has never been initialized get's written
to causing a sigsegv. At this point we can not easily remove libstdc++.so from the dependencies
because other code which slapd uses happens to be C++ code which causes the reference of
libstdc++.so .
It was determined that the quickest way to resolve the issue for now was to change the fprintf
calls to printf thereby fixing the crashes on a temp basis. Using printf seems to work because
it references stdout internally which means it will use the one from libc.so .
***/
printf("%s %s: ", prompt, tokenName);
fflush(stdout);
/* Read input */
res = fgets(line, sizeof line, stdin);
echoOn(fileno(stdin));
printf("\n");
if (!res) return 0;
/* Find and kill the newline */
if ((res = strchr(line, '\n')) != NULL) *res = 0;
/* Return no-response if user typed an empty line */
if (line[0] == 0) return 0;
return strdup(line);
#endif /* WIN32 */
}
/*
* VTable
*/
static const SVRCOREPinMethods vtable =
{ 0, 0, destroyObject, getPin };