bug 217538: shared database support... changes to cmd.

cmd changes are as follows:
1) fix a bug in blapitest.c
2) enable certutil to change the password on a database on the command line.
3) remove the explicit tests for cert and key databases in modutil and signtool.

security/nss/cmd/bltest/blapitest.c

@@ -264,7 +264,7 @@ atob(SECItem *ascii, SECItem *binary, PRArenaPool *arena)
     binary->len = 0;
     it.item = binary;
     it.arena = arena;
-    len = (strcmp(&ascii->data[ascii->len-2],"\r\n")) ? 
+    len = (strncmp(&ascii->data[ascii->len-2],"\r\n",2)) ? 
            ascii->len : ascii->len-2;
     cx = NSSBase64Decoder_Create(get_binary, &it);
     status = NSSBase64Decoder_Update(cx, (const char *)ascii->data, len);

security/nss/cmd/certutil/certutil.c

@@ -1523,7 +1523,8 @@ enum {
     opt_RW,
     opt_Exponent,
     opt_NoiseFile,
-    opt_Hash
+    opt_Hash,
+    opt_NewPasswordFile
 };
 
 static int 
@@ -1623,7 +1624,8 @@ secuCommandFlag certutil_options[] =
 	{ /* opt_RW                  */  'X', PR_FALSE, 0, PR_FALSE },
 	{ /* opt_Exponent            */  'y', PR_TRUE,  0, PR_FALSE },
 	{ /* opt_NoiseFile           */  'z', PR_TRUE,  0, PR_FALSE },
-	{ /* opt_Hash                */  'Z', PR_TRUE,  0, PR_FALSE }
+	{ /* opt_Hash                */  'Z', PR_TRUE,  0, PR_FALSE },
+	{ /* opt_NewPasswordFile     */  '@', PR_TRUE,  0, PR_FALSE }
 };
 
 
@@ -1996,7 +1998,8 @@ secuCommandFlag certutil_options[] =
 
     /*  If creating new database, initialize the password.  */
     if (certutil.commands[cmd_NewDBs].activated) {
-	SECU_ChangePW(slot, 0, certutil.options[opt_PasswordFile].arg);
+	SECU_ChangePW2(slot, 0, 0, certutil.options[opt_PasswordFile].arg,
+				certutil.options[opt_NewPasswordFile].arg);
     }
 
     /* The following 8 options are mutually exclusive with all others. */
@@ -2037,13 +2040,21 @@ secuCommandFlag certutil_options[] =
     }
     /*  Modify trust attribute for cert (-M)  */
     if (certutil.commands[cmd_ModifyCertTrust].activated) {
+	if (PK11_IsFIPS() || !PK11_IsFriendly(slot)) {
+	    rv = PK11_Authenticate(slot, PR_TRUE, &pwdata);
+	    if (rv != SECSuccess) {
+		SECU_PrintError(progName, "could not authenticate to token or database");
+		goto shutdown;
+	    }
+	}
 	rv = ChangeTrustAttributes(certHandle, name, 
 	                           certutil.options[opt_Trust].arg);
 	goto shutdown;
     }
     /*  Change key db password (-W) (future - change pw to slot?)  */
     if (certutil.commands[cmd_ChangePassword].activated) {
-	rv = SECU_ChangePW(slot, 0, certutil.options[opt_PasswordFile].arg);
+	rv = SECU_ChangePW2(slot, 0, 0, certutil.options[opt_PasswordFile].arg,
+				certutil.options[opt_NewPasswordFile].arg);
 	goto shutdown;
     }
     /*  Reset the a token */

security/nss/cmd/lib/secutil.c

@@ -362,22 +362,40 @@ secu_InitSlotPassword(PK11SlotInfo *slot, PRBool retry, void *arg)
 
 SECStatus
 SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile)
+{
+    return SECU_ChangePW2(slot, passwd, 0, pwFile, 0);
+}
+
+SECStatus
+SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass,
+			char *oldPwFile, char *newPwFile)
 {
     SECStatus rv;
     secuPWData pwdata, newpwdata;
     char *oldpw = NULL, *newpw = NULL;
 
-    if (passwd) {
+    if (oldPass) {
 	pwdata.source = PW_PLAINTEXT;
-	pwdata.data = passwd;
+	pwdata.data = oldPass;
-    } else if (pwFile) {
+    } else if (oldPwFile) {
 	pwdata.source = PW_FROMFILE;
-	pwdata.data = pwFile;
+	pwdata.data = oldPwFile;
     } else {
 	pwdata.source = PW_NONE;
 	pwdata.data = NULL;
     }
 
+    if (newPass) {
+	newpwdata.source = PW_PLAINTEXT;
+	newpwdata.data = newPass;
+    } else if (newPwFile) {
+	newpwdata.source = PW_FROMFILE;
+	newpwdata.data = newPwFile;
+    } else {
+	newpwdata.source = PW_NONE;
+	newpwdata.data = NULL;
+    }
+
     if (PK11_NeedUserInit(slot)) {
 	newpw = secu_InitSlotPassword(slot, PR_FALSE, &pwdata);
 	rv = PK11_InitPin(slot, (char*)NULL, newpw);
@@ -402,9 +420,6 @@ SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile)
 	PORT_Free(oldpw);
     }
 
-    newpwdata.source = PW_NONE;
-    newpwdata.data = NULL;
-
     newpw = secu_InitSlotPassword(slot, PR_FALSE, &newpwdata);
 
     if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) {

security/nss/cmd/lib/secutil.h

@@ -92,6 +92,16 @@ typedef struct {
 */
 SECStatus SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile);
 
+/*
+** Change a password on a token, or initialize a token with a password
+** if it does not already have one.
+** In this function, you can specify both the old and new passwords
+** as either a string or file. NOTE: any you don't specify will
+** be prompted for
+*/
+SECStatus SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass,
+                        char *oldPwFile, char *newPwFile);
+
 /*  These were stolen from the old sec.h... */
 /*
 ** Check a password for legitimacy. Passwords must be at least 8

security/nss/cmd/modutil/modutil.c

@@ -581,6 +581,10 @@ verify_params()
  * need them if we aren't going to be verifying signatures).  This is
  * because serverland doesn't always have cert and key database files
  * available.
+ *
+ * This function is ill advised. Names and locations of databases are
+ * private to NSS proper. Such functions only confuse other users.
+ *
  */
 static Error
 check_crypto(PRBool create, PRBool readOnly)
@@ -600,7 +604,7 @@ check_crypto(PRBool create, PRBool readOnly)
 		/* won't attempt to handle the multiaccess case. */
 		return SUCCESS;
 	}
-
+#ifdef notdef
 	/* Make sure db directory exists and is readable */
 	if(PR_Access(dir, PR_ACCESS_EXISTS) != PR_SUCCESS) {
 		PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dir);
@@ -655,6 +659,7 @@ check_crypto(PRBool create, PRBool readOnly)
 		PR_fprintf(PR_STDOUT, msgStrings[USING_DBDIR_MSG],
 		  SECU_ConfigDirectory(NULL));
 	}
+#endif
 	retval=SUCCESS;
 loser:
 	if (moddbname) {

security/nss/cmd/platlibs.mk

@@ -72,6 +72,11 @@ endif
 endif
 endif
 
+SQLITE=$(DIST)/lib/$(LIB_PREFIX)sqlite.$(LIB_SUFFIX)
+ifdef NSS_USE_SYSTEM_SQLITE
+	SQLITE=-lsqlite3
+endif
+
 
 ifdef USE_STATIC_LIBS
 
@@ -116,12 +121,13 @@ EXTRA_LIBS += \
 	$(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX) \
 	$(CRYPTOLIB) \
-	$(DIST)/lib/$(LIB_PREFIX)secutil.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)nssutil.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
 	$(PKIXLIB) \
 	$(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \
+	$(SQLITE) \
 	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \
 	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \
 	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \
@@ -178,7 +184,7 @@ EXTRA_LIBS += \
 	$(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
 	$(CRYPTOLIB) \
-	$(DIST)/lib/$(LIB_PREFIX)secutil.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)nssutil.$(LIB_SUFFIX) \
 	$(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \
 	$(PKIXLIB) \
 	$(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
@@ -198,6 +204,7 @@ EXTRA_SHARED_LIBS += \
 	$(NULL)
 else
 EXTRA_SHARED_LIBS += \
+	$(SQLITE) \
 	-L$(NSPR_LIB_DIR) \
 	-lplc4 \
 	-lplds4 \
@@ -268,6 +275,7 @@ EXTRA_SHARED_LIBS += \
 	-lssl3 \
 	-lsmime3 \
 	-lnss3 \
+	-lnssutil \
 	-L$(NSPR_LIB_DIR) \
 	-lplc4 \
 	-lplds4 \

security/nss/cmd/signtool/util.c

@@ -314,6 +314,9 @@ VerifyCertDir(char *dir, char *keyName)
     if (strncmp(dir, "multiaccess:", sizeof("multiaccess:") - 1) == 0) {
 	return;
     }
+    /* this function is truly evil. Tools and applications should not have
+     * any knowledge of actual cert databases! */
+    return;
 
     /* This code is really broken because it makes underlying assumptions about
    * how the NSS profile directory is laid out, but these names can change