// Returns true if the contents of |file| match |contents|.
static PRBool CheckFileContents(nsILocalFile *file, const char *contents)
{
nsCString nativePath;
file->GetNativePath(nativePath);
// Now read in the file contents and compare to the expected output
PRFileInfo info;
ASSERT_TRUE_RET(PR_GetFileInfo(nativePath.get(), &info) == PR_SUCCESS,
PR_FALSE);
char *buf = new char[info.size + 1];
ASSERT_TRUE_RET(buf, PR_FALSE);
PRFileDesc *fd = PR_Open(nativePath.get(), PR_RDONLY, 0);
ASSERT_TRUE_RET(fd, PR_FALSE);
ASSERT_TRUE_RET(PR_Read(fd, buf, info.size) == info.size, PR_FALSE);
PR_Close(fd);
buf[info.size] = '\0';
// Leave the file in place if the test failed
ASSERT_TRUE_RET(!strcmp(buf, contents), PR_FALSE);
PR_Delete(nativePath.get());
delete[] buf;
return PR_TRUE;
}
void RNG_FileForRNG(const char *filename)
{
PRFileDesc * file;
int nBytes;
PRFileInfo infoBuf;
unsigned char buffer[1024];
if (PR_GetFileInfo(filename, &infoBuf) != PR_SUCCESS)
return;
RNG_RandomUpdate((unsigned char*)&infoBuf, sizeof(infoBuf));
file = PR_Open(filename, PR_RDONLY, 0);
if (file != NULL) {
for (;;) {
PRInt32 bytes = PR_Read(file, buffer, sizeof buffer);
if (bytes <= 0)
break;
RNG_RandomUpdate(buffer, bytes);
totalFileBytes += bytes;
if (totalFileBytes > maxFileBytes)
break;
}
PR_Close(file);
}
nBytes = RNG_GetNoise(buffer, 20); // get up to 20 bytes
RNG_RandomUpdate(buffer, nBytes);
}
/* mkdir -p */
int
mkdir_p(char *dir, unsigned int mode)
{
PRFileInfo info;
int rval;
char sep = get_sep(dir);
rval = PR_GetFileInfo(dir, &info);
if (PR_SUCCESS == rval)
{
if (PR_FILE_DIRECTORY != info.type) /* not a directory */
{
PR_Delete(dir);
if (PR_SUCCESS != PR_MkDir(dir, mode))
{
LDAPDebug(LDAP_DEBUG_ANY, "mkdir_p %s: error %d (%s)\n",
dir, PR_GetError(),slapd_pr_strerror(PR_GetError()));
return -1;
}
}
return 0;
}
else
{
/* does not exist */
char *p, *e;
char c[2] = {0, 0};
int len = strlen(dir);
rval = 0;
e = dir + len - 1;
if (*e == sep)
{
c[1] = *e;
*e = '\0';
}
c[0] = '/';
p = strrchr(dir, sep);
if (NULL != p)
{
*p = '\0';
rval = mkdir_p(dir, mode);
*p = c[0];
}
if (c[1])
*e = c[1];
if (0 != rval)
return rval;
if (PR_SUCCESS != PR_MkDir(dir, mode))
{
LDAPDebug(LDAP_DEBUG_ANY, "mkdir_p %s: error %d (%s)\n",
dir, PR_GetError(),slapd_pr_strerror(PR_GetError()));
return -1;
}
return 0;
}
}
/***************************************************************************
*
* m a k e _ d i r s
*
* Ensure that the directory portion of the path exists. This may require
* making the directory, and its parent, and its parent's parent, etc.
*/
static int
make_dirs(char *path, int file_perms)
{
char *Path;
char *start;
char *sep;
int ret = 0;
PRFileInfo info;
if (!path) {
return 0;
}
Path = PR_Strdup(path);
start = strpbrk(Path, "/\\");
if (!start) {
return 0;
}
start++; /* start right after first slash */
/* Each time through the loop add one more directory. */
while ((sep = strpbrk(start, "/\\"))) {
*sep = '\0';
if (PR_GetFileInfo(Path, &info) != PR_SUCCESS) {
/* No such dir, we have to create it */
if (PR_MkDir(Path, dir_perms(file_perms)) != PR_SUCCESS) {
error(PK11_INSTALL_CREATE_DIR, Path);
ret = PK11_INSTALL_CREATE_DIR;
goto loser;
}
} else {
/* something exists by this name, make sure it's a directory */
if (info.type != PR_FILE_DIRECTORY) {
error(PK11_INSTALL_CREATE_DIR, Path);
ret = PK11_INSTALL_CREATE_DIR;
goto loser;
}
}
/* If this is the lowest directory level, make sure it is writeable */
if (!strpbrk(sep + 1, "/\\")) {
if (PR_Access(Path, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
error(PK11_INSTALL_DIR_NOT_WRITEABLE, Path);
ret = PK11_INSTALL_DIR_NOT_WRITEABLE;
goto loser;
}
}
start = sep + 1; /* start after the next slash */
*sep = '/';
}
loser:
PR_Free(Path);
return ret;
}
static void statPRStat(void)
{
PRFileInfo finfo;
PRInt32 index = count;
for (;index--;) {
PR_GetFileInfo(filename, &finfo);
}
}
SKERR SKIntegerList::SetFileName(const char *pszFileName,
const char *pszDefaultFileName)
{
m_bInitialized = PR_FALSE;
if(m_bOwner && m_pIntegerList)
{
delete[] (PRUint32 *)m_pIntegerList;
m_pIntegerList = NULL;
}
SKERR err = SKFile::SetFileName(pszFileName, pszDefaultFileName);
if(err != noErr)
return err;
PRFileInfo info;
if(PR_GetFileInfo(GetSharedFileName(), &info) != PR_SUCCESS)
return err_failure;
if((info.size & 0x3))
return err_failure;
PRFileDesc *f = skPR_Open(GetSharedFileName(), PR_RDONLY, 0);
if(!f)
return err_notfound;
m_bOwner = PR_TRUE;
m_iSize = info.size / 4;
m_pIntegerList = new PRUint32[m_iSize];
if(m_iSize && !m_pIntegerList)
{
PR_Close(f);
return err_memory;
}
if(PR_Read(f, (void *)m_pIntegerList, info.size) != info.size)
{
PR_Close(f);
return err_failure;
}
#if IS_BIG_ENDIAN
for(PRUint32 i = 0; i < m_iSize; ++i)
{
REVERSE_32(((PRUint32*)m_pIntegerList)[i]);
}
#endif
PR_Close(f);
qsort((void *)m_pIntegerList, m_iSize, sizeof(PRUint32), &g_sComparePRUint32);
m_bInitialized = PR_TRUE;
return noErr;
}
std::string
CommandEventHandler::isDir(std::string path)
{
// check if path exists and it is a dir
PRFileInfo info;
const char *p = path.c_str();
PRStatus success = PR_GetFileInfo(p, &info);
if (success == PR_SUCCESS && info.type == PR_FILE_DIRECTORY)
return std::string("TRUE");
return std::string("FALSE");
}
int wf_isFileDirectory(const char *filename)
{
if (!filename || !*filename)
return (0);
PRFileInfo finfo;
if (PR_GetFileInfo(filename, &finfo) == PR_FAILURE)
return (0);
return (finfo.type == PR_FILE_DIRECTORY);
}
/*
* r m _ d a s h _ r
*
* Remove a file, or a directory recursively.
*
*/
int
rm_dash_r(char *path)
{
PRDir *dir;
PRDirEntry *entry;
PRFileInfo fileinfo;
char filename[FNSIZE];
if (PR_GetFileInfo(path, &fileinfo) != PR_SUCCESS) {
/*fprintf(stderr, "Error: Unable to access %s\n", filename);*/
return -1;
}
if (fileinfo.type == PR_FILE_DIRECTORY) {
dir = PR_OpenDir(path);
if (!dir) {
PR_fprintf(errorFD, "Error: Unable to open directory %s.\n", path);
errorCount++;
return -1;
}
/* Recursively delete all entries in the directory */
while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
sprintf(filename, "%s/%s", path, entry->name);
if (rm_dash_r(filename))
return -1;
}
if (PR_CloseDir(dir) != PR_SUCCESS) {
PR_fprintf(errorFD, "Error: Could not close %s.\n", path);
errorCount++;
return -1;
}
/* Delete the directory itself */
if (PR_RmDir(path) != PR_SUCCESS) {
PR_fprintf(errorFD, "Error: Unable to delete %s\n", path);
errorCount++;
return -1;
}
} else {
if (PR_Delete(path) != PR_SUCCESS) {
PR_fprintf(errorFD, "Error: Unable to delete %s\n", path);
errorCount++;
return -1;
}
}
return 0;
}
/*
* delete the given file/directory and its sub files/directories
*/
int
ldbm_delete_dirs(char *path)
{
PRDir *dirhandle = NULL;
PRDirEntry *direntry = NULL;
char fullpath[MAXPATHLEN];
int rval = 0;
PRFileInfo info;
dirhandle = PR_OpenDir(path);
if (! dirhandle)
{
PR_Delete(path);
return 0;
}
while (NULL != (direntry =
PR_ReadDir(dirhandle, PR_SKIP_DOT | PR_SKIP_DOT_DOT)))
{
if (! direntry->name)
break;
PR_snprintf(fullpath, MAXPATHLEN, "%s/%s", path, direntry->name);
rval = PR_GetFileInfo(fullpath, &info);
if (PR_SUCCESS == rval)
{
if (PR_FILE_DIRECTORY == info.type)
rval += ldbm_delete_dirs(fullpath);
}
if (PR_FILE_DIRECTORY != info.type)
PR_Delete(fullpath);
}
PR_CloseDir(dirhandle);
/* remove the directory itself too */
rval += PR_RmDir(path);
return rval;
}
/*
/////////////////////////////////////////////////////////////////////////
// actually run the installation, copying files to and fro
*/
static Pk11Install_Error
DoInstall(JAR *jar, const char *installDir, const char *tempDir,
Pk11Install_Platform *platform, PRFileDesc *feedback, PRBool noverify)
{
Pk11Install_File *file;
Pk11Install_Error ret;
char *reldir;
char *dest;
char *modDest;
char *cp;
int i;
int status;
char *tempname, *temp;
StringList executables;
StringNode *execNode;
PRProcessAttr *attr;
PRProcess *proc;
char *argv[2];
char *envp[1];
int errcode;
ret = PK11_INSTALL_UNSPECIFIED;
reldir = NULL;
dest = NULL;
modDest = NULL;
tempname = NULL;
StringList_new(&executables);
/*
// Create Temporary directory
*/
tempname = PR_smprintf("%s/%s", tempDir, TEMPORARY_DIRECTORY_NAME);
if (PR_Access(tempname, PR_ACCESS_EXISTS) == PR_SUCCESS) {
/* Left over from previous run? Delete it. */
rm_dash_r(tempname);
}
if (PR_MkDir(tempname, 0700) != PR_SUCCESS) {
error(PK11_INSTALL_CREATE_DIR, tempname);
ret = PK11_INSTALL_CREATE_DIR;
goto loser;
}
/*
// Install all the files
*/
for (i = 0; i < platform->numFiles; i++) {
file = &platform->files[i];
if (file->relativePath) {
PRBool foundMarker = PR_FALSE;
reldir = PR_Strdup(file->relativePath);
/* Replace all the markers with the directories for which they stand */
while (1) {
if ((cp = PL_strcasestr(reldir, ROOT_MARKER))) {
/* Has a %root% marker */
*cp = '\0';
temp = PR_smprintf("%s%s%s", reldir, installDir,
cp + strlen(ROOT_MARKER));
PR_Free(reldir);
reldir = temp;
foundMarker = PR_TRUE;
} else if ((cp = PL_strcasestr(reldir, TEMP_MARKER))) {
/* Has a %temp% marker */
*cp = '\0';
temp = PR_smprintf("%s%s%s", reldir, tempname,
cp + strlen(TEMP_MARKER));
PR_Free(reldir);
reldir = temp;
foundMarker = PR_TRUE;
} else {
break;
}
}
if (!foundMarker) {
/* Has no markers...this isn't really a relative directory */
error(PK11_INSTALL_BOGUS_REL_DIR, file->relativePath);
ret = PK11_INSTALL_BOGUS_REL_DIR;
goto loser;
}
dest = reldir;
reldir = NULL;
} else if (file->absolutePath) {
dest = PR_Strdup(file->absolutePath);
}
/* Remember if this is the module file, we'll need to add it later */
if (i == platform->modFile) {
modDest = PR_Strdup(dest);
}
/* Remember is this is an executable, we'll need to run it later */
if (file->executable) {
StringList_Append(&executables, dest);
/*executables.Append(dest);*/
}
/* Make sure the directory we are targetting exists */
if (make_dirs(dest, file->permissions)) {
ret = PK11_INSTALL_CREATE_DIR;
goto loser;
}
/* Actually extract the file onto the filesystem */
if (noverify) {
status = JAR_extract(jar, (char *)file->jarPath, dest);
} else {
status = JAR_verified_extract(jar, (char *)file->jarPath, dest);
}
if (status) {
if (status >= JAR_BASE && status <= JAR_BASE_END) {
error(PK11_INSTALL_JAR_EXTRACT, file->jarPath,
JAR_get_error(status));
} else {
error(PK11_INSTALL_JAR_EXTRACT, file->jarPath,
mySECU_ErrorString(PORT_GetError()));
}
ret = PK11_INSTALL_JAR_EXTRACT;
goto loser;
}
if (feedback) {
PR_fprintf(feedback, msgStrings[INSTALLED_FILE_MSG],
file->jarPath, dest);
}
/* no NSPR command to change permissions? */
#ifdef XP_UNIX
chmod(dest, file->permissions);
#endif
/* Memory clean-up tasks */
if (reldir) {
PR_Free(reldir);
reldir = NULL;
}
if (dest) {
PR_Free(dest);
dest = NULL;
}
}
/* Make sure we found the module file */
if (!modDest) {
/* Internal problem here, since every platform is supposed to have
a module file */
error(PK11_INSTALL_NO_MOD_FILE, platform->moduleName);
ret = PK11_INSTALL_NO_MOD_FILE;
goto loser;
}
/*
// Execute any executable files
*/
{
argv[1] = NULL;
envp[0] = NULL;
for (execNode = executables.head; execNode; execNode = execNode->next) {
attr = PR_NewProcessAttr();
argv[0] = PR_Strdup(execNode->str);
/* Announce our intentions */
if (feedback) {
PR_fprintf(feedback, msgStrings[EXEC_FILE_MSG], execNode->str);
}
/* start the process */
if (!(proc = PR_CreateProcess(execNode->str, argv, envp, attr))) {
PR_Free(argv[0]);
PR_DestroyProcessAttr(attr);
error(PK11_INSTALL_EXEC_FILE, execNode->str);
ret = PK11_INSTALL_EXEC_FILE;
goto loser;
}
/* wait for it to finish */
if (PR_WaitProcess(proc, &errcode) != PR_SUCCESS) {
PR_Free(argv[0]);
PR_DestroyProcessAttr(attr);
error(PK11_INSTALL_WAIT_PROCESS, execNode->str);
ret = PK11_INSTALL_WAIT_PROCESS;
goto loser;
}
/* What happened? */
if (errcode) {
/* process returned an error */
error(PK11_INSTALL_PROC_ERROR, execNode->str, errcode);
} else if (feedback) {
/* process ran successfully */
PR_fprintf(feedback, msgStrings[EXEC_SUCCESS], execNode->str);
}
PR_Free(argv[0]);
PR_DestroyProcessAttr(attr);
}
}
/*
// Add the module
*/
status = Pk11Install_AddNewModule((char *)platform->moduleName,
(char *)modDest, platform->mechFlags, platform->cipherFlags);
if (status != SECSuccess) {
error(PK11_INSTALL_ADD_MODULE, platform->moduleName);
ret = PK11_INSTALL_ADD_MODULE;
goto loser;
}
if (feedback) {
PR_fprintf(feedback, msgStrings[INSTALLED_MODULE_MSG],
platform->moduleName);
}
if (feedback) {
PR_fprintf(feedback, msgStrings[INSTALLATION_COMPLETE_MSG]);
}
ret = PK11_INSTALL_SUCCESS;
loser:
if (reldir) {
PR_Free(reldir);
}
if (dest) {
PR_Free(dest);
}
if (modDest) {
PR_Free(modDest);
}
if (tempname) {
PRFileInfo info;
if (PR_GetFileInfo(tempname, &info) == PR_SUCCESS) {
if (info.type == PR_FILE_DIRECTORY) {
/* Recursively remove temporary directory */
if (rm_dash_r(tempname)) {
error(PK11_INSTALL_REMOVE_DIR,
tempname);
ret = PK11_INSTALL_REMOVE_DIR;
}
}
}
PR_Free(tempname);
}
StringList_delete(&executables);
return ret;
}
int
handle_connection(
PRFileDesc *tcp_sock,
PRFileDesc *model_sock,
int requestCert)
{
PRFileDesc *ssl_sock = NULL;
PRFileDesc *local_file_fd = NULL;
char *pBuf; /* unused space at end of buf */
const char *errString;
PRStatus status;
int bufRem; /* unused bytes at end of buf */
int bufDat; /* characters received in buf */
int newln = 0; /* # of consecutive newlns */
int firstTime = 1;
int reqLen;
int rv;
int numIOVs;
PRSocketOptionData opt;
PRIOVec iovs[16];
char msgBuf[160];
char buf[10240];
char fileName[513];
char *getData = NULL; /* inplace conversion */
SECItem postData;
PRBool isOcspRequest = PR_FALSE;
PRBool isPost;
postData.data = NULL;
postData.len = 0;
pBuf = buf;
bufRem = sizeof buf;
VLOG(("httpserv: handle_connection: starting"));
opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = PR_FALSE;
PR_SetSocketOption(tcp_sock, &opt);
VLOG(("httpserv: handle_connection: starting\n"));
ssl_sock = tcp_sock;
if (noDelay) {
opt.option = PR_SockOpt_NoDelay;
opt.value.no_delay = PR_TRUE;
status = PR_SetSocketOption(ssl_sock, &opt);
if (status != PR_SUCCESS) {
errWarn("PR_SetSocketOption(PR_SockOpt_NoDelay, PR_TRUE)");
if (ssl_sock) {
PR_Close(ssl_sock);
}
return SECFailure;
}
}
while (1) {
const char *post;
const char *foundStr = NULL;
const char *tmp = NULL;
newln = 0;
reqLen = 0;
rv = PR_Read(ssl_sock, pBuf, bufRem - 1);
if (rv == 0 ||
(rv < 0 && PR_END_OF_FILE_ERROR == PR_GetError())) {
if (verbose)
errWarn("HDX PR_Read hit EOF");
break;
}
if (rv < 0) {
errWarn("HDX PR_Read");
goto cleanup;
}
/* NULL termination */
pBuf[rv] = 0;
if (firstTime) {
firstTime = 0;
}
pBuf += rv;
bufRem -= rv;
bufDat = pBuf - buf;
/* Parse the input, starting at the beginning of the buffer.
* Stop when we detect two consecutive \n's (or \r\n's)
* as this signifies the end of the GET or POST portion.
* The posted data follows.
*/
while (reqLen < bufDat && newln < 2) {
int octet = buf[reqLen++];
if (octet == '\n') {
newln++;
} else if (octet != '\r') {
newln = 0;
}
}
/* came to the end of the buffer, or second newln
* If we didn't get an empty line (CRLFCRLF) then keep on reading.
*/
if (newln < 2)
continue;
/* we're at the end of the HTTP request.
* If the request is a POST, then there will be one more
* line of data.
* This parsing is a hack, but ok for SSL test purposes.
*/
post = PORT_Strstr(buf, "POST ");
if (!post || *post != 'P')
break;
postData.data = (void *)(buf + reqLen);
tmp = "content-length: ";
foundStr = PL_strcasestr(buf, tmp);
if (foundStr) {
int expectedPostLen;
int havePostLen;
expectedPostLen = atoi(foundStr + strlen(tmp));
havePostLen = bufDat - reqLen;
if (havePostLen >= expectedPostLen) {
postData.len = expectedPostLen;
break;
}
} else {
/* use legacy hack */
/* It's a post, so look for the next and final CR/LF. */
while (reqLen < bufDat && newln < 3) {
int octet = buf[reqLen++];
if (octet == '\n') {
newln++;
}
}
if (newln == 3)
break;
}
} /* read loop */
bufDat = pBuf - buf;
if (bufDat)
do { /* just close if no data */
/* Have either (a) a complete get, (b) a complete post, (c) EOF */
if (reqLen > 0) {
PRBool isGetOrPost = PR_FALSE;
unsigned skipChars = 0;
isPost = PR_FALSE;
if (!strncmp(buf, getCmd, sizeof getCmd - 1)) {
isGetOrPost = PR_TRUE;
skipChars = 4;
} else if (!strncmp(buf, "POST ", 5)) {
isGetOrPost = PR_TRUE;
isPost = PR_TRUE;
skipChars = 5;
}
if (isGetOrPost) {
char *fnBegin = buf;
char *fnEnd;
char *fnstart = NULL;
PRFileInfo info;
fnBegin += skipChars;
fnEnd = strpbrk(fnBegin, " \r\n");
if (fnEnd) {
int fnLen = fnEnd - fnBegin;
if (fnLen < sizeof fileName) {
strncpy(fileName, fnBegin, fnLen);
fileName[fnLen] = 0; /* null terminate */
fnstart = fileName;
/* strip initial / because our root is the current directory*/
while (*fnstart && *fnstart == '/')
++fnstart;
}
}
if (fnstart) {
if (!strncmp(fnstart, "ocsp", 4)) {
if (isPost) {
if (postData.data) {
isOcspRequest = PR_TRUE;
}
} else {
if (!strncmp(fnstart, "ocsp/", 5)) {
isOcspRequest = PR_TRUE;
getData = fnstart + 5;
}
}
} else {
/* try to open the file named.
* If successful, then write it to the client.
*/
status = PR_GetFileInfo(fnstart, &info);
if (status == PR_SUCCESS &&
info.type == PR_FILE_FILE &&
info.size >= 0) {
local_file_fd = PR_Open(fnstart, PR_RDONLY, 0);
}
}
}
}
}
numIOVs = 0;
iovs[numIOVs].iov_base = (char *)outHeader;
iovs[numIOVs].iov_len = (sizeof(outHeader)) - 1;
numIOVs++;
if (isOcspRequest && caRevoInfos) {
CERTOCSPRequest *request = NULL;
PRBool failThisRequest = PR_FALSE;
PLArenaPool *arena = NULL;
if (ocspMethodsAllowed == ocspGetOnly && postData.len) {
failThisRequest = PR_TRUE;
} else if (ocspMethodsAllowed == ocspPostOnly && getData) {
failThisRequest = PR_TRUE;
} else if (ocspMethodsAllowed == ocspRandomGetFailure && getData) {
if (!(rand() % 2)) {
failThisRequest = PR_TRUE;
}
}
if (failThisRequest) {
PR_Write(ssl_sock, outBadRequestHeader, strlen(outBadRequestHeader));
break;
}
/* get is base64, post is binary.
* If we have base64, convert into the (empty) postData array.
*/
if (getData) {
if (urldecode_base64chars_inplace(getData) == SECSuccess) {
/* The code below can handle a NULL arena */
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
NSSBase64_DecodeBuffer(arena, &postData, getData, strlen(getData));
}
}
if (postData.len) {
request = CERT_DecodeOCSPRequest(&postData);
}
if (arena) {
PORT_FreeArena(arena, PR_FALSE);
}
if (!request || !request->tbsRequest ||
!request->tbsRequest->requestList ||
!request->tbsRequest->requestList[0]) {
PORT_Sprintf(msgBuf, "Cannot decode OCSP request.\r\n");
iovs[numIOVs].iov_base = msgBuf;
iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
numIOVs++;
} else {
/* TODO: support more than one request entry */
CERTOCSPCertID *reqid = request->tbsRequest->requestList[0]->reqCert;
const caRevoInfo *revoInfo = NULL;
PRBool unknown = PR_FALSE;
PRBool revoked = PR_FALSE;
PRTime nextUpdate = 0;
PRTime revoDate = 0;
PRCList *caRevoIter;
caRevoIter = &caRevoInfos->link;
do {
CERTOCSPCertID *caid;
revoInfo = (caRevoInfo *)caRevoIter;
caid = revoInfo->id;
if (SECOID_CompareAlgorithmID(&reqid->hashAlgorithm,
&caid->hashAlgorithm) == SECEqual &&
SECITEM_CompareItem(&reqid->issuerNameHash,
&caid->issuerNameHash) == SECEqual &&
SECITEM_CompareItem(&reqid->issuerKeyHash,
&caid->issuerKeyHash) == SECEqual) {
break;
}
revoInfo = NULL;
caRevoIter = PR_NEXT_LINK(caRevoIter);
} while (caRevoIter != &caRevoInfos->link);
if (!revoInfo) {
unknown = PR_TRUE;
revoInfo = caRevoInfos;
} else {
CERTCrl *crl = &revoInfo->crl->crl;
CERTCrlEntry *entry = NULL;
DER_DecodeTimeChoice(&nextUpdate, &crl->nextUpdate);
if (crl->entries) {
int iv = 0;
/* assign, not compare */
while ((entry = crl->entries[iv++])) {
if (SECITEM_CompareItem(&reqid->serialNumber,
&entry->serialNumber) == SECEqual) {
break;
}
}
}
if (entry) {
/* revoked status response */
revoked = PR_TRUE;
DER_DecodeTimeChoice(&revoDate, &entry->revocationDate);
} else {
/* else good status response */
if (!isPost && ocspMethodsAllowed == ocspGetUnknown) {
unknown = PR_TRUE;
nextUpdate = PR_Now() + (PRTime)60 * 60 * 24 * PR_USEC_PER_SEC; /*tomorrow*/
revoDate = PR_Now() - (PRTime)60 * 60 * 24 * PR_USEC_PER_SEC; /*yesterday*/
}
}
}
{
PRTime now = PR_Now();
PLArenaPool *arena = NULL;
CERTOCSPSingleResponse *sr;
CERTOCSPSingleResponse **singleResponses;
SECItem *ocspResponse;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (unknown) {
sr = CERT_CreateOCSPSingleResponseUnknown(arena, reqid, now,
&nextUpdate);
} else if (revoked) {
sr = CERT_CreateOCSPSingleResponseRevoked(arena, reqid, now,
&nextUpdate, revoDate, NULL);
} else {
sr = CERT_CreateOCSPSingleResponseGood(arena, reqid, now,
&nextUpdate);
}
/* meaning of value 2: one entry + one end marker */
singleResponses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse *, 2);
singleResponses[0] = sr;
singleResponses[1] = NULL;
ocspResponse = CERT_CreateEncodedOCSPSuccessResponse(arena,
revoInfo->cert, ocspResponderID_byName, now,
singleResponses, &pwdata);
if (!ocspResponse) {
PORT_Sprintf(msgBuf, "Failed to encode response\r\n");
iovs[numIOVs].iov_base = msgBuf;
iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
numIOVs++;
} else {
PR_Write(ssl_sock, outOcspHeader, strlen(outOcspHeader));
PR_Write(ssl_sock, ocspResponse->data, ocspResponse->len);
PORT_FreeArena(arena, PR_FALSE);
}
}
CERT_DestroyOCSPRequest(request);
break;
}
} else if (local_file_fd) {
PRInt32 bytes;
int errLen;
bytes = PR_TransmitFile(ssl_sock, local_file_fd, outHeader,
sizeof outHeader - 1,
PR_TRANSMITFILE_KEEP_OPEN,
PR_INTERVAL_NO_TIMEOUT);
if (bytes >= 0) {
bytes -= sizeof outHeader - 1;
FPRINTF(stderr,
"httpserv: PR_TransmitFile wrote %d bytes from %s\n",
bytes, fileName);
break;
}
errString = errWarn("PR_TransmitFile");
errLen = PORT_Strlen(errString);
errLen = PR_MIN(errLen, sizeof msgBuf - 1);
PORT_Memcpy(msgBuf, errString, errLen);
msgBuf[errLen] = 0;
iovs[numIOVs].iov_base = msgBuf;
iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
numIOVs++;
} else if (reqLen <= 0) { /* hit eof */
PORT_Sprintf(msgBuf, "Get or Post incomplete after %d bytes.\r\n",
bufDat);
iovs[numIOVs].iov_base = msgBuf;
iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
numIOVs++;
} else if (reqLen < bufDat) {
PORT_Sprintf(msgBuf, "Discarded %d characters.\r\n",
bufDat - reqLen);
iovs[numIOVs].iov_base = msgBuf;
iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
numIOVs++;
}
if (reqLen > 0) {
if (verbose > 1)
fwrite(buf, 1, reqLen, stdout); /* display it */
iovs[numIOVs].iov_base = buf;
iovs[numIOVs].iov_len = reqLen;
numIOVs++;
}
rv = PR_Writev(ssl_sock, iovs, numIOVs, PR_INTERVAL_NO_TIMEOUT);
if (rv < 0) {
errWarn("PR_Writev");
break;
}
} while (0);
/*
Extract just the configuration information we need for bootstrapping
purposes
1) set up error logging
2) disable syntax checking
3) load the syntax plugins
etc.
*/
int
slapd_bootstrap_config(const char *configdir)
{
char configfile[MAXPATHLEN+1];
PRFileInfo prfinfo;
int rc = 0; /* Fail */
int done = 0;
PRInt32 nr = 0;
PRFileDesc *prfd = 0;
char *buf = 0;
char *lastp = 0;
char *entrystr = 0;
if (NULL == configdir) {
slapi_log_error(SLAPI_LOG_FATAL,
"startup", "Passed null config directory\n");
return rc; /* Fail */
}
PR_snprintf(configfile, sizeof(configfile), "%s/%s", configdir,
CONFIG_FILENAME);
if ( (rc = PR_GetFileInfo( configfile, &prfinfo )) != PR_SUCCESS )
{
/* the "real" file does not exist; see if there is a tmpfile */
char tmpfile[MAXPATHLEN+1];
slapi_log_error(SLAPI_LOG_FATAL, "config",
"The configuration file %s does not exist\n", configfile);
PR_snprintf(tmpfile, sizeof(tmpfile), "%s/%s.tmp", configdir,
CONFIG_FILENAME);
if ( PR_GetFileInfo( tmpfile, &prfinfo ) == PR_SUCCESS ) {
rc = PR_Rename(tmpfile, configfile);
if (rc == PR_SUCCESS) {
slapi_log_error(SLAPI_LOG_FATAL, "config",
"The configuration file %s was restored from backup %s\n",
configfile, tmpfile);
} else {
slapi_log_error(SLAPI_LOG_FATAL, "config",
"The configuration file %s was not restored from backup %s, error %d\n",
configfile, tmpfile, rc);
return rc; /* Fail */
}
} else {
slapi_log_error(SLAPI_LOG_FATAL, "config",
"The backup configuration file %s does not exist, either.\n",
tmpfile);
return rc; /* Fail */
}
}
if ( (rc = PR_GetFileInfo( configfile, &prfinfo )) != PR_SUCCESS )
{
PRErrorCode prerr = PR_GetError();
slapi_log_error(SLAPI_LOG_FATAL, "config", "The given config file %s could not be accessed, " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n",
configfile, prerr, slapd_pr_strerror(prerr));
return rc;
}
else if (( prfd = PR_Open( configfile, PR_RDONLY,
SLAPD_DEFAULT_FILE_MODE )) == NULL )
{
PRErrorCode prerr = PR_GetError();
slapi_log_error(SLAPI_LOG_FATAL, "config", "The given config file %s could not be opened for reading, " SLAPI_COMPONENT_NAME_NSPR " error %d (%s)\n",
configfile, prerr, slapd_pr_strerror(prerr));
return rc; /* Fail */
}
else
{
/* read the entire file into core */
buf = slapi_ch_malloc( prfinfo.size + 1 );
if (( nr = slapi_read_buffer( prfd, buf, prfinfo.size )) < 0 )
{
slapi_log_error(SLAPI_LOG_FATAL, "config", "Could only read %d of %d bytes from config file %s\n",
nr, prfinfo.size, configfile);
rc = 0; /* Fail */
done= 1;
}
(void)PR_Close(prfd);
buf[ nr ] = '\0';
if(!done)
{
char workpath[MAXPATHLEN+1];
char loglevel[BUFSIZ];
char maxdescriptors[BUFSIZ];
char val[BUFSIZ];
char _localuser[BUFSIZ];
char logenabled[BUFSIZ];
char schemacheck[BUFSIZ];
char syntaxcheck[BUFSIZ];
char syntaxlogging[BUFSIZ];
char plugintracking[BUFSIZ];
char dn_validate_strict[BUFSIZ];
Slapi_DN plug_dn;
workpath[0] = loglevel[0] = maxdescriptors[0] = '\0';
val[0] = logenabled[0] = schemacheck[0] = syntaxcheck[0] = '\0';
syntaxlogging[0] = _localuser[0] = '\0';
plugintracking [0] = dn_validate_strict[0] = '\0';
/* Convert LDIF to entry structures */
slapi_sdn_init_ndn_byref(&plug_dn, PLUGIN_BASE_DN);
while ((entrystr = dse_read_next_entry(buf, &lastp)) != NULL)
{
char errorbuf[BUFSIZ];
/*
* XXXmcs: it would be better to also pass
* SLAPI_STR2ENTRY_REMOVEDUPVALS in the flags, but
* duplicate value checking requires that the syntax
* and schema subsystems be initialized... and they
* are not yet.
*/
Slapi_Entry *e = slapi_str2entry(entrystr,
SLAPI_STR2ENTRY_NOT_WELL_FORMED_LDIF);
if (e == NULL)
{
LDAPDebug(LDAP_DEBUG_ANY, "The entry [%s] in the configfile %s was empty or could not be parsed\n",
entrystr, configfile, 0);
continue;
}
/* increase file descriptors */
#if !defined(_WIN32) && !defined(AIX)
if (!maxdescriptors[0] &&
entry_has_attr_and_value(e, CONFIG_MAXDESCRIPTORS_ATTRIBUTE,
maxdescriptors, sizeof(maxdescriptors)))
{
if (config_set_maxdescriptors(
CONFIG_MAXDESCRIPTORS_ATTRIBUTE,
maxdescriptors, errorbuf, CONFIG_APPLY)
!= LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_MAXDESCRIPTORS_ATTRIBUTE, errorbuf);
}
}
#endif /* !defined(_WIN32) && !defined(AIX) */
/* see if we need to enable error logging */
if (!logenabled[0] &&
entry_has_attr_and_value(e,
CONFIG_ERRORLOG_LOGGING_ENABLED_ATTRIBUTE,
logenabled, sizeof(logenabled)))
{
if (log_set_logging(
CONFIG_ERRORLOG_LOGGING_ENABLED_ATTRIBUTE,
logenabled, SLAPD_ERROR_LOG, errorbuf, CONFIG_APPLY)
!= LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_ERRORLOG_LOGGING_ENABLED_ATTRIBUTE, errorbuf);
}
}
#ifndef _WIN32
/* set the local user name; needed to set up error log */
if (!_localuser[0] &&
entry_has_attr_and_value(e, CONFIG_LOCALUSER_ATTRIBUTE,
_localuser, sizeof(_localuser)))
{
if (config_set_localuser(CONFIG_LOCALUSER_ATTRIBUTE,
_localuser, errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s. \n", configfile,
CONFIG_LOCALUSER_ATTRIBUTE, errorbuf);
}
}
#endif
/* set the log file name */
workpath[0] = '\0';
if (!workpath[0] &&
entry_has_attr_and_value(e, CONFIG_ERRORLOG_ATTRIBUTE,
workpath, sizeof(workpath)))
{
if (config_set_errorlog(CONFIG_ERRORLOG_ATTRIBUTE,
workpath, errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s. \n", configfile,
CONFIG_ERRORLOG_ATTRIBUTE, errorbuf);
}
}
/* set the error log level */
if (!loglevel[0] &&
entry_has_attr_and_value(e, CONFIG_LOGLEVEL_ATTRIBUTE,
loglevel, sizeof(loglevel)))
{
if (should_detach || !config_get_errorlog_level())
{ /* -d wasn't on command line */
if (config_set_errorlog_level(CONFIG_LOGLEVEL_ATTRIBUTE,
loglevel, errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s. \n", configfile,
CONFIG_LOGLEVEL_ATTRIBUTE, errorbuf);
}
}
else
{
LDAPDebug(LDAP_DEBUG_ANY,
"%s: ignoring %s (since -d %d was given on "
"the command line)\n",
CONFIG_LOGLEVEL_ATTRIBUTE, loglevel,
config_get_errorlog_level());
}
}
/* set the cert dir; needed in slapd_nss_init */
workpath[0] = '\0';
if (entry_has_attr_and_value(e, CONFIG_CERTDIR_ATTRIBUTE,
workpath, sizeof(workpath)))
{
if (config_set_certdir(CONFIG_CERTDIR_ATTRIBUTE,
workpath, errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s. \n", configfile,
CONFIG_CERTDIR_ATTRIBUTE, errorbuf);
}
}
/* set the sasl path; needed in main */
workpath[0] = '\0';
if (entry_has_attr_and_value(e, CONFIG_SASLPATH_ATTRIBUTE,
workpath, sizeof(workpath)))
{
if (config_set_saslpath(CONFIG_SASLPATH_ATTRIBUTE,
workpath, errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s. \n", configfile,
CONFIG_SASLPATH_ATTRIBUTE, errorbuf);
}
}
#if defined(ENABLE_LDAPI)
/* set the ldapi file path; needed in main */
workpath[0] = '\0';
if (entry_has_attr_and_value(e, CONFIG_LDAPI_FILENAME_ATTRIBUTE,
workpath, sizeof(workpath)))
{
if (config_set_ldapi_filename(CONFIG_LDAPI_FILENAME_ATTRIBUTE,
workpath, errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s. \n", configfile,
CONFIG_LDAPI_FILENAME_ATTRIBUTE, errorbuf);
}
}
/* set the ldapi switch; needed in main */
workpath[0] = '\0';
if (entry_has_attr_and_value(e, CONFIG_LDAPI_SWITCH_ATTRIBUTE,
workpath, sizeof(workpath)))
{
if (config_set_ldapi_switch(CONFIG_LDAPI_SWITCH_ATTRIBUTE,
workpath, errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s. \n", configfile,
CONFIG_LDAPI_SWITCH_ATTRIBUTE, errorbuf);
}
}
#endif
/* see if the entry is a child of the plugin base dn */
if (slapi_sdn_isparent(&plug_dn,
slapi_entry_get_sdn_const(e)))
{
if (entry_has_attr_and_value(e, "objectclass",
"nsSlapdPlugin", 0) &&
(entry_has_attr_and_value(e, ATTR_PLUGIN_TYPE,
"syntax", 0) ||
entry_has_attr_and_value(e, ATTR_PLUGIN_TYPE,
"matchingrule", 0)))
{
/* add the syntax/matching scheme rule plugin */
if (plugin_setup(e, 0, 0, 1))
{
LDAPDebug(LDAP_DEBUG_ANY, "The plugin entry [%s] in the configfile %s was invalid\n", slapi_entry_get_dn(e), configfile, 0);
rc = 0;
slapi_sdn_done(&plug_dn);
goto bail;
}
}
}
/* see if the entry is a grand child of the plugin base dn */
if (slapi_sdn_isgrandparent(&plug_dn,
slapi_entry_get_sdn_const(e)))
{
if (entry_has_attr_and_value(e, "objectclass",
"nsSlapdPlugin", 0) &&
( entry_has_attr_and_value(e, ATTR_PLUGIN_TYPE,
"pwdstoragescheme", 0) ||
entry_has_attr_and_value(e, ATTR_PLUGIN_TYPE,
"reverpwdstoragescheme", 0) ) )
{
/* add the pwd storage scheme rule plugin */
if (plugin_setup(e, 0, 0, 1))
{
LDAPDebug(LDAP_DEBUG_ANY, "The plugin entry [%s] in the configfile %s was invalid\n", slapi_entry_get_dn(e), configfile, 0);
rc = 0;
slapi_sdn_done(&plug_dn);
goto bail;
}
}
}
/* see if we need to disable schema checking */
if (!schemacheck[0] &&
entry_has_attr_and_value(e, CONFIG_SCHEMACHECK_ATTRIBUTE,
schemacheck, sizeof(schemacheck)))
{
if (config_set_schemacheck(CONFIG_SCHEMACHECK_ATTRIBUTE,
schemacheck, errorbuf, CONFIG_APPLY)
!= LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_SCHEMACHECK_ATTRIBUTE, errorbuf);
}
}
/* see if we need to enable plugin binddn tracking */
if (!plugintracking[0] &&
entry_has_attr_and_value(e, CONFIG_PLUGIN_BINDDN_TRACKING_ATTRIBUTE,
plugintracking, sizeof(plugintracking)))
{
if (config_set_plugin_tracking(CONFIG_PLUGIN_BINDDN_TRACKING_ATTRIBUTE,
plugintracking, errorbuf, CONFIG_APPLY)
!= LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_PLUGIN_BINDDN_TRACKING_ATTRIBUTE, errorbuf);
}
}
/* see if we need to enable syntax checking */
if (!syntaxcheck[0] &&
entry_has_attr_and_value(e, CONFIG_SYNTAXCHECK_ATTRIBUTE,
syntaxcheck, sizeof(syntaxcheck)))
{
if (config_set_syntaxcheck(CONFIG_SYNTAXCHECK_ATTRIBUTE,
syntaxcheck, errorbuf, CONFIG_APPLY)
!= LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_SYNTAXCHECK_ATTRIBUTE, errorbuf);
}
}
/* see if we need to enable syntax warnings */
if (!syntaxlogging[0] &&
entry_has_attr_and_value(e, CONFIG_SYNTAXLOGGING_ATTRIBUTE,
syntaxlogging, sizeof(syntaxlogging)))
{
if (config_set_syntaxlogging(CONFIG_SYNTAXLOGGING_ATTRIBUTE,
syntaxlogging, errorbuf, CONFIG_APPLY)
!= LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_SYNTAXLOGGING_ATTRIBUTE, errorbuf);
}
}
/* see if we need to enable strict dn validation */
if (!dn_validate_strict[0] &&
entry_has_attr_and_value(e, CONFIG_DN_VALIDATE_STRICT_ATTRIBUTE,
dn_validate_strict, sizeof(dn_validate_strict)))
{
if (config_set_dn_validate_strict(CONFIG_DN_VALIDATE_STRICT_ATTRIBUTE,
dn_validate_strict, errorbuf, CONFIG_APPLY)
!= LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_DN_VALIDATE_STRICT_ATTRIBUTE, errorbuf);
}
}
/* see if we need to expect quoted schema values */
if (entry_has_attr_and_value(e, CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE,
val, sizeof(val)))
{
if (config_set_enquote_sup_oc(
CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, val, errorbuf,
CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_ENQUOTE_SUP_OC_ATTRIBUTE, errorbuf);
}
val[0] = 0;
}
/* see if we need to maintain case in AT and OC names */
if (entry_has_attr_and_value(e,
CONFIG_RETURN_EXACT_CASE_ATTRIBUTE, val, sizeof(val)))
{
if (config_set_return_exact_case(
CONFIG_RETURN_EXACT_CASE_ATTRIBUTE, val,
errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_RETURN_EXACT_CASE_ATTRIBUTE, errorbuf);
}
val[0] = 0;
}
/* see if we should allow attr. name exceptions, e.g. '_'s */
if (entry_has_attr_and_value(e,
CONFIG_ATTRIBUTE_NAME_EXCEPTION_ATTRIBUTE,
val, sizeof(val)))
{
if (config_set_attrname_exceptions(
CONFIG_ATTRIBUTE_NAME_EXCEPTION_ATTRIBUTE, val,
errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_ATTRIBUTE_NAME_EXCEPTION_ATTRIBUTE,
errorbuf);
}
val[0] = 0;
}
/* see if we need to maintain schema compatibility with 4.x */
if (entry_has_attr_and_value(e,
CONFIG_DS4_COMPATIBLE_SCHEMA_ATTRIBUTE, val, sizeof(val)))
{
if (config_set_ds4_compatible_schema(
CONFIG_DS4_COMPATIBLE_SCHEMA_ATTRIBUTE, val,
errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_DS4_COMPATIBLE_SCHEMA_ATTRIBUTE,
errorbuf);
}
val[0] = 0;
}
/* see if we need to allow trailing spaces in OC and AT names */
if (entry_has_attr_and_value(e,
CONFIG_SCHEMA_IGNORE_TRAILING_SPACES, val, sizeof(val)))
{
if (config_set_schema_ignore_trailing_spaces(
CONFIG_SCHEMA_IGNORE_TRAILING_SPACES, val,
errorbuf, CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_SCHEMA_IGNORE_TRAILING_SPACES,
errorbuf);
}
val[0] = 0;
}
/* rfc1274-rewrite */
if (entry_has_attr_and_value(e,
CONFIG_REWRITE_RFC1274_ATTRIBUTE,
val, sizeof(val))) {
if (config_set_rewrite_rfc1274(
CONFIG_REWRITE_RFC1274_ATTRIBUTE, val,
errorbuf, CONFIG_APPLY) != LDAP_SUCCESS) {
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n",
configfile,
CONFIG_REWRITE_RFC1274_ATTRIBUTE,
errorbuf);
}
val[0] = 0;
}
/* what is our localhost name */
if (entry_has_attr_and_value(e, CONFIG_LOCALHOST_ATTRIBUTE,
val, sizeof(val)))
{
if (config_set_localhost(
CONFIG_LOCALHOST_ATTRIBUTE, val, errorbuf,
CONFIG_APPLY) != LDAP_SUCCESS)
{
LDAPDebug(LDAP_DEBUG_ANY, "%s: %s: %s\n", configfile,
CONFIG_LOCALHOST_ATTRIBUTE, errorbuf);
}
val[0] = 0;
}
if (e)
slapi_entry_free(e);
}
/* kexcoff: initialize rootpwstoragescheme and pw_storagescheme
* if not explicilty set in the config file
*/
if ( config_set_storagescheme() ) { /* default scheme plugin not loaded */
slapi_log_error(SLAPI_LOG_FATAL, "startup",
"The default password storage scheme SSHA could not be read or was not found in the file %s. It is mandatory.\n",
configfile);
exit (1);
}
else {
slapi_sdn_done(&plug_dn);
rc= 1; /* OK */
}
}
slapi_ch_free_string(&buf);
}
bail:
slapi_ch_free_string(&buf);
return rc;
}
int
handle_connection(
PRFileDesc *tcp_sock,
PRFileDesc *model_sock,
int requestCert
)
{
PRFileDesc * ssl_sock = NULL;
PRFileDesc * local_file_fd = NULL;
char * post;
char * pBuf; /* unused space at end of buf */
const char * errString;
PRStatus status;
int bufRem; /* unused bytes at end of buf */
int bufDat; /* characters received in buf */
int newln = 0; /* # of consecutive newlns */
int firstTime = 1;
int reqLen;
int rv;
int numIOVs;
PRSocketOptionData opt;
PRIOVec iovs[16];
char msgBuf[160];
char buf[10240];
char fileName[513];
pBuf = buf;
bufRem = sizeof buf;
VLOG(("selfserv: handle_connection: starting"));
opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = PR_FALSE;
PR_SetSocketOption(tcp_sock, &opt);
VLOG(("selfserv: handle_connection: starting\n"));
ssl_sock = tcp_sock;
if (noDelay) {
opt.option = PR_SockOpt_NoDelay;
opt.value.no_delay = PR_TRUE;
status = PR_SetSocketOption(ssl_sock, &opt);
if (status != PR_SUCCESS) {
errWarn("PR_SetSocketOption(PR_SockOpt_NoDelay, PR_TRUE)");
if (ssl_sock) {
PR_Close(ssl_sock);
}
return SECFailure;
}
}
while (1) {
newln = 0;
reqLen = 0;
rv = PR_Read(ssl_sock, pBuf, bufRem - 1);
if (rv == 0 ||
(rv < 0 && PR_END_OF_FILE_ERROR == PR_GetError())) {
if (verbose)
errWarn("HDX PR_Read hit EOF");
break;
}
if (rv < 0) {
errWarn("HDX PR_Read");
goto cleanup;
}
/* NULL termination */
pBuf[rv] = 0;
if (firstTime) {
firstTime = 0;
}
pBuf += rv;
bufRem -= rv;
bufDat = pBuf - buf;
/* Parse the input, starting at the beginning of the buffer.
* Stop when we detect two consecutive \n's (or \r\n's)
* as this signifies the end of the GET or POST portion.
* The posted data follows.
*/
while (reqLen < bufDat && newln < 2) {
int octet = buf[reqLen++];
if (octet == '\n') {
newln++;
} else if (octet != '\r') {
newln = 0;
}
}
/* came to the end of the buffer, or second newln
* If we didn't get an empty line (CRLFCRLF) then keep on reading.
*/
if (newln < 2)
continue;
/* we're at the end of the HTTP request.
* If the request is a POST, then there will be one more
* line of data.
* This parsing is a hack, but ok for SSL test purposes.
*/
post = PORT_Strstr(buf, "POST ");
if (!post || *post != 'P')
break;
/* It's a post, so look for the next and final CR/LF. */
/* We should parse content length here, but ... */
while (reqLen < bufDat && newln < 3) {
int octet = buf[reqLen++];
if (octet == '\n') {
newln++;
}
}
if (newln == 3)
break;
} /* read loop */
bufDat = pBuf - buf;
if (bufDat) do { /* just close if no data */
/* Have either (a) a complete get, (b) a complete post, (c) EOF */
if (reqLen > 0 && !strncmp(buf, getCmd, sizeof getCmd - 1)) {
char * fnBegin = buf + 4;
char * fnEnd;
PRFileInfo info;
/* try to open the file named.
* If successful, then write it to the client.
*/
fnEnd = strpbrk(fnBegin, " \r\n");
if (fnEnd) {
int fnLen = fnEnd - fnBegin;
if (fnLen < sizeof fileName) {
char *fnstart;
strncpy(fileName, fnBegin, fnLen);
fileName[fnLen] = 0; /* null terminate */
fnstart = fileName;
/* strip initial / because our root is the current directory*/
while (*fnstart && *fnstart=='/')
++fnstart;
status = PR_GetFileInfo(fnstart, &info);
if (status == PR_SUCCESS &&
info.type == PR_FILE_FILE &&
info.size >= 0 ) {
local_file_fd = PR_Open(fnstart, PR_RDONLY, 0);
}
}
}
}
numIOVs = 0;
iovs[numIOVs].iov_base = (char *)outHeader;
iovs[numIOVs].iov_len = (sizeof(outHeader)) - 1;
numIOVs++;
if (local_file_fd) {
PRInt32 bytes;
int errLen;
bytes = PR_TransmitFile(ssl_sock, local_file_fd, outHeader,
sizeof outHeader - 1,
PR_TRANSMITFILE_KEEP_OPEN,
PR_INTERVAL_NO_TIMEOUT);
if (bytes >= 0) {
bytes -= sizeof outHeader - 1;
FPRINTF(stderr,
"selfserv: PR_TransmitFile wrote %d bytes from %s\n",
bytes, fileName);
break;
}
errString = errWarn("PR_TransmitFile");
errLen = PORT_Strlen(errString);
errLen = PR_MIN(errLen, sizeof msgBuf - 1);
PORT_Memcpy(msgBuf, errString, errLen);
msgBuf[errLen] = 0;
iovs[numIOVs].iov_base = msgBuf;
iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
numIOVs++;
} else if (reqLen <= 0) { /* hit eof */
PORT_Sprintf(msgBuf, "Get or Post incomplete after %d bytes.\r\n",
bufDat);
iovs[numIOVs].iov_base = msgBuf;
iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
numIOVs++;
} else if (reqLen < bufDat) {
PORT_Sprintf(msgBuf, "Discarded %d characters.\r\n",
bufDat - reqLen);
iovs[numIOVs].iov_base = msgBuf;
iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
numIOVs++;
}
if (reqLen > 0) {
if (verbose > 1)
fwrite(buf, 1, reqLen, stdout); /* display it */
iovs[numIOVs].iov_base = buf;
iovs[numIOVs].iov_len = reqLen;
numIOVs++;
}
/* Don't add the EOF if we want to test bulk encryption */
if (!testBulk) {
iovs[numIOVs].iov_base = (char *)EOFmsg;
iovs[numIOVs].iov_len = sizeof EOFmsg - 1;
numIOVs++;
}
rv = PR_Writev(ssl_sock, iovs, numIOVs, PR_INTERVAL_NO_TIMEOUT);
if (rv < 0) {
errWarn("PR_Writev");
break;
}
} while (0);
cleanup:
if (ssl_sock) {
PR_Close(ssl_sock);
} else if (tcp_sock) {
PR_Close(tcp_sock);
}
if (local_file_fd)
PR_Close(local_file_fd);
VLOG(("selfserv: handle_connection: exiting\n"));
/* do a nice shutdown if asked. */
if (!strncmp(buf, stopCmd, sizeof stopCmd - 1)) {
VLOG(("selfserv: handle_connection: stop command"));
stop_server();
}
VLOG(("selfserv: handle_connection: exiting"));
return SECSuccess; /* success */
}
static SECStatus
handle_connection(PRFileDesc *sslSocket)
{
#if DEBUG
int countRead = 0;
#endif
PRInt32 numBytes;
char *readBuffer;
PRFileInfo info;
PRFileDesc *local_file_fd;
PRStatus prStatus;
SECStatus secStatus = SECSuccess;
/* read and send the data. */
/* Try to open the local file named.
* If successful, then write it to the server
*/
prStatus = PR_GetFileInfo(infileName, &info);
if (prStatus != PR_SUCCESS ||
info.type != PR_FILE_FILE ||
info.size < 0)
{
fprintf (stderr, "could not find input file %s\n", infileName);
return SECFailure;
}
local_file_fd = PR_Open(infileName, PR_RDONLY, 0);
if (local_file_fd == NULL)
{
fprintf (stderr, "could not open input file %s\n", infileName);
return SECFailure;
}
/* Send the file size first, so the server knows when it has the entire file. */
numBytes = PR_Write(sslSocket, & info.size, sizeof (info.size));
if (numBytes < 0)
return SECFailure;
/* Transmit the local file across the socket. */
numBytes = PR_TransmitFile(sslSocket, local_file_fd,
NULL, 0,
PR_TRANSMITFILE_KEEP_OPEN,
PR_INTERVAL_NO_TIMEOUT);
if (numBytes < 0)
return SECFailure;
#if DEBUG
/* Transmitted bytes successfully. */
fprintf(stderr, "PR_TransmitFile wrote %d bytes from %s\n",
numBytes, infileName);
#endif
PR_Close(local_file_fd);
/* read until EOF */
readBuffer = PORT_Alloc(READ_BUFFER_SIZE);
if (! readBuffer)
exitErr("Out of memory", GENERAL_ERROR);
local_file_fd = PR_Open(outfileName, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
PR_IRUSR | PR_IWUSR | PR_IRGRP | PR_IWGRP | PR_IROTH);
if (local_file_fd == NULL)
{
fprintf (stderr, "could not open output file %s\n", outfileName);
return SECFailure;
}
while (PR_TRUE)
{
numBytes = PR_Read(sslSocket, readBuffer, READ_BUFFER_SIZE);
if (numBytes == 0)
break; /* EOF */
if (numBytes < 0)
{
secStatus = SECFailure;
break;
}
#if DEBUG
countRead += numBytes;
#endif
/* Write to output file */
numBytes = PR_Write(local_file_fd, readBuffer, numBytes);
if (numBytes < 0)
{
fprintf (stderr, "could not write to %s\n", outfileName);
secStatus = SECFailure;
break;
}
#if DEBUG
fprintf(stderr, "***** Connection read %d bytes (%d total).\n",
numBytes, countRead );
readBuffer[numBytes] = '\0';
fprintf(stderr, "************\n%s\n************\n", readBuffer);
#endif
}
PR_Free(readBuffer);
PR_Close(local_file_fd);
/* Caller closes the socket. */
#if DEBUG
fprintf(stderr, "***** Connection read %d bytes total.\n", countRead);
#endif
return secStatus;
}
