static char *
mkCheckFileName(const char *libName)
{
int ln_len = PORT_Strlen(libName);
char *output = PORT_Alloc(ln_len+sizeof(SGN_SUFFIX));
int index = ln_len + 1 - sizeof("."SHLIB_SUFFIX);
if ((index > 0) &&
(PORT_Strncmp(&libName[index],
"."SHLIB_SUFFIX,sizeof("."SHLIB_SUFFIX)) == 0)) {
ln_len = index;
}
PORT_Memcpy(output,libName,ln_len);
PORT_Memcpy(&output[ln_len],SGN_SUFFIX,sizeof(SGN_SUFFIX));
return output;
}
// nickname_collision
// what to do when the nickname collides with one already in the db.
// Based on P12U_NicknameCollisionCallback from nss/cmd/pk12util/pk12util.c
SECItem* PR_CALLBACK
nickname_collision(SECItem *old_nick, PRBool *cancel, void *wincx)
{
char *nick = NULL;
SECItem *ret_nick = NULL;
CERTCertificate* cert = (CERTCertificate*)wincx;
if (!cancel || !cert) {
// pk12util calls this error user cancelled?
return NULL;
}
if (!old_nick)
VLOG(1) << "no nickname for cert in PKCS12 file.";
nick = CERT_MakeCANickname(cert);
if (!nick) {
return NULL;
}
if(old_nick && old_nick->data && old_nick->len &&
PORT_Strlen(nick) == old_nick->len &&
!PORT_Strncmp((char *)old_nick->data, nick, old_nick->len)) {
PORT_Free(nick);
PORT_SetError(SEC_ERROR_IO);
return NULL;
}
VLOG(1) << "using nickname " << nick;
ret_nick = PORT_ZNew(SECItem);
if(ret_nick == NULL) {
PORT_Free(nick);
return NULL;
}
ret_nick->data = (unsigned char *)nick;
ret_nick->len = PORT_Strlen(nick);
return ret_nick;
}
const char *
lg_EvaluateConfigDir(const char *configdir,char **appName)
{
if (PORT_Strncmp(configdir, MULTIACCESS, sizeof(MULTIACCESS)-1) == 0) {
char *cdir;
*appName = PORT_Strdup(configdir+sizeof(MULTIACCESS)-1);
if (*appName == NULL) {
return configdir;
}
cdir = *appName;
while (*cdir && *cdir != ':') {
cdir++;
}
if (*cdir == ':') {
*cdir = 0;
cdir++;
}
configdir = cdir;
}
return configdir;
}
char *
SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg)
{
char* phrases, *phrase;
PRFileDesc *fd;
int32_t nb;
char *pwFile = arg;
int i;
const long maxPwdFileSize = 4096;
char* tokenName = NULL;
int tokenLen = 0;
if (!pwFile)
return 0;
if (retry) {
return 0; /* no good retrying - the files contents will be the same */
}
phrases = PORT_ZAlloc(maxPwdFileSize);
if (!phrases) {
return 0; /* out of memory */
}
fd = PR_Open(pwFile, PR_RDONLY, 0);
if (!fd) {
fprintf(stderr, "No password file \"%s\" exists.\n", pwFile);
PORT_Free(phrases);
return NULL;
}
nb = PR_Read(fd, phrases, maxPwdFileSize);
PR_Close(fd);
if (nb == 0) {
fprintf(stderr,"password file contains no data\n");
PORT_Free(phrases);
return NULL;
}
if (slot) {
tokenName = PK11_GetTokenName(slot);
if (tokenName) {
tokenLen = PORT_Strlen(tokenName);
}
}
i = 0;
do
{
int startphrase = i;
int phraseLen;
/* handle the Windows EOL case */
while (phrases[i] != '\r' && phrases[i] != '\n' && i < nb) i++;
/* terminate passphrase */
phrases[i++] = '\0';
/* clean up any EOL before the start of the next passphrase */
while ( (i<nb) && (phrases[i] == '\r' || phrases[i] == '\n')) {
phrases[i++] = '\0';
}
/* now analyze the current passphrase */
phrase = &phrases[startphrase];
if (!tokenName)
break;
if (PORT_Strncmp(phrase, tokenName, tokenLen)) continue;
phraseLen = PORT_Strlen(phrase);
if (phraseLen < (tokenLen+1)) continue;
if (phrase[tokenLen] != ':') continue;
phrase = &phrase[tokenLen+1];
break;
} while (i<nb);
phrase = PORT_Strdup((char*)phrase);
PORT_Free(phrases);
return phrase;
}
/*
* Add a module to the Data base
*/
SECStatus
sftkdb_AddSecmodDB(SDBType dbType, const char *appName,
const char *filename, const char *dbname,
char *module, PRBool rw)
{
FILE *fd = NULL;
char *block = NULL;
PRBool libFound = PR_FALSE;
if (dbname == NULL) {
return SECFailure;
}
if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) {
return sftkdbCall_AddSecmodDB(appName, filename, dbname, module, rw);
}
/* can't write to a read only module */
if (!rw) {
return SECFailure;
}
/* remove the previous version if it exists */
(void) sftkdb_DeleteSecmodDB(dbType, appName, filename, dbname, module, rw);
#ifdef WINCE
fd = fopen(dbname, "a+");
#else
fd = lfopen(dbname, "a+", O_CREAT|O_RDWR|O_APPEND);
#endif
if (fd == NULL) {
return SECFailure;
}
module = sftk_argStrip(module);
while (*module) {
int count;
char *keyEnd = PORT_Strchr(module,'=');
char *value;
if (PORT_Strncmp(module, "library=", 8) == 0) {
libFound=PR_TRUE;
}
if (keyEnd == NULL) {
block = sftkdb_DupCat(block, module);
break;
}
block = sftkdb_DupnCat(block, module, keyEnd-module+1);
if (block == NULL) { goto loser; }
value = sftk_argFetchValue(&keyEnd[1], &count);
if (value) {
block = sftkdb_DupCat(block, sftk_argStrip(value));
PORT_Free(value);
}
if (block == NULL) { goto loser; }
block = sftkdb_DupnCat(block, "\n", 1);
module = keyEnd + 1 + count;
module = sftk_argStrip(module);
}
if (block) {
if (!libFound) {
fprintf(fd,"library=\n");
}
fwrite(block, PORT_Strlen(block), 1, fd);
fprintf(fd,"\n");
PORT_Free(block);
block = NULL;
}
fclose(fd);
return SECSuccess;
loser:
PORT_Free(block);
fclose(fd);
return SECFailure;
}
/*
* Delete a module from the Data Base
*/
SECStatus
sftkdb_DeleteSecmodDB(SDBType dbType, const char *appName,
const char *filename, const char *dbname,
char *args, PRBool rw)
{
/* SHDB_FIXME implement */
FILE *fd = NULL;
FILE *fd2 = NULL;
char line[MAX_LINE_LENGTH];
char *dbname2 = NULL;
char *block = NULL;
char *name = NULL;
char *lib = NULL;
int name_len, lib_len;
PRBool skip = PR_FALSE;
PRBool found = PR_FALSE;
if (dbname == NULL) {
return SECFailure;
}
if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) {
return sftkdbCall_DeleteSecmodDB(appName, filename, dbname, args, rw);
}
if (!rw) {
return SECFailure;
}
dbname2 = strdup(dbname);
if (dbname2 == NULL) goto loser;
dbname2[strlen(dbname)-1]++;
/* do we really want to use streams here */
fd = fopen(dbname, "r");
if (fd == NULL) goto loser;
#ifdef WINCE
fd2 = fopen(dbname2, "w+");
#else
fd2 = lfopen(dbname2, "w+", O_CREAT|O_RDWR|O_TRUNC);
#endif
if (fd2 == NULL) goto loser;
name = sftk_argGetParamValue("name",args);
if (name) {
name_len = PORT_Strlen(name);
}
lib = sftk_argGetParamValue("library",args);
if (lib) {
lib_len = PORT_Strlen(lib);
}
/*
* the following loop takes line separated config files and collapses
* the lines to a single string, escaping and quoting as necessary.
*/
/* loop state variables */
block = NULL;
skip = PR_FALSE;
while (fgets(line, sizeof(line), fd) != NULL) {
/* If we are processing a block (we haven't hit a blank line yet */
if (*line != '\n') {
/* skip means we are in the middle of a block we are deleting */
if (skip) {
continue;
}
/* if we haven't found the block yet, check to see if this block
* matches our requirements */
if (!found && ((name && (PORT_Strncasecmp(line,"name=",5) == 0) &&
(PORT_Strncmp(line+5,name,name_len) == 0)) ||
(lib && (PORT_Strncasecmp(line,"library=",8) == 0) &&
(PORT_Strncmp(line+8,lib,lib_len) == 0)))) {
/* yup, we don't need to save any more data, */
PORT_Free(block);
block=NULL;
/* we don't need to collect more of this block */
skip = PR_TRUE;
/* we don't need to continue searching for the block */
found =PR_TRUE;
continue;
}
/* not our match, continue to collect data in this block */
block = sftkdb_DupCat(block,line);
continue;
}
/* we've collected a block of data that wasn't the module we were
* looking for, write it out */
if (block) {
fwrite(block, PORT_Strlen(block), 1, fd2);
PORT_Free(block);
block = NULL;
}
/* If we didn't just delete the this block, keep the blank line */
if (!skip) {
fputs(line,fd2);
}
/* we are definately not in a deleted block anymore */
skip = PR_FALSE;
}
fclose(fd);
fclose(fd2);
if (found) {
/* rename dbname2 to dbname */
PR_Delete(dbname);
PR_Rename(dbname2,dbname);
} else {
PR_Delete(dbname2);
}
PORT_Free(dbname2);
PORT_Free(lib);
PORT_Free(name);
PORT_Free(block);
return SECSuccess;
loser:
if (fd != NULL) {
fclose(fd);
}
if (fd2 != NULL) {
fclose(fd2);
}
if (dbname2) {
PR_Delete(dbname2);
PORT_Free(dbname2);
}
PORT_Free(lib);
PORT_Free(name);
return SECFailure;
}
/***************************************************************************
*
* v e r i f y _ g l o b a l
*/
static int
verify_global(JAR *jar)
{
FILE *fp;
JAR_Context *ctx;
JAR_Item *it;
JAR_Digest *globaldig;
char *ext;
unsigned char *md5_digest, *sha1_digest;
unsigned int sha1_length, md5_length;
int retval = 0;
char buf[BUFSIZ];
ctx = JAR_find(jar, "*", jarTypePhy);
while (JAR_find_next(ctx, &it) >= 0) {
if (!PORT_Strncmp(it->pathname, "META-INF", 8)) {
for (ext = it->pathname; *ext; ext++)
;
while (ext > it->pathname && *ext != '.')
ext--;
if (verbosity >= 0) {
if (!PORT_Strcasecmp(ext, ".rsa")) {
PR_fprintf(outputFD, "found a RSA signature file: %s\n",
it->pathname);
}
if (!PORT_Strcasecmp(ext, ".dsa")) {
PR_fprintf(outputFD, "found a DSA signature file: %s\n",
it->pathname);
}
if (!PORT_Strcasecmp(ext, ".mf")) {
PR_fprintf(outputFD,
"found a MF master manifest file: %s\n",
it->pathname);
}
}
if (!PORT_Strcasecmp(ext, ".sf")) {
if (verbosity >= 0) {
PR_fprintf(outputFD,
"found a SF signature manifest file: %s\n",
it->pathname);
}
rm_dash_r(TMP_OUTPUT);
if (JAR_extract(jar, it->pathname, TMP_OUTPUT) < 0) {
PR_fprintf(errorFD, "%s: error extracting %s\n",
PROGRAM_NAME, it->pathname);
errorCount++;
retval = -1;
continue;
}
md5_digest = NULL;
sha1_digest = NULL;
if ((fp = fopen(TMP_OUTPUT, "rb")) != NULL) {
while (fgets(buf, BUFSIZ, fp)) {
char *s;
if (*buf == 0 || *buf == '\n' || *buf == '\r')
break;
for (s = buf; *s && *s != '\n' && *s != '\r'; s++)
;
*s = 0;
if (!PORT_Strncmp(buf, "MD5-Digest: ", 12)) {
md5_digest =
ATOB_AsciiToData(buf + 12, &md5_length);
}
if (!PORT_Strncmp(buf, "SHA1-Digest: ", 13)) {
sha1_digest =
ATOB_AsciiToData(buf + 13, &sha1_length);
}
if (!PORT_Strncmp(buf, "SHA-Digest: ", 12)) {
sha1_digest =
ATOB_AsciiToData(buf + 12, &sha1_length);
}
}
globaldig = jar->globalmeta;
if (globaldig && md5_digest && verbosity >= 0) {
PR_fprintf(outputFD,
" md5 digest on global metainfo: %s\n",
PORT_Memcmp(md5_digest, globaldig->md5, MD5_LENGTH)
? "no match"
: "match");
}
if (globaldig && sha1_digest && verbosity >= 0) {
PR_fprintf(outputFD,
" sha digest on global metainfo: %s\n",
PORT_Memcmp(sha1_digest, globaldig->sha1, SHA1_LENGTH)
? "no match"
: "match");
}
if (globaldig == NULL && verbosity >= 0) {
PR_fprintf(outputFD,
"global metadigest is not available, strange.\n");
}
PORT_Free(md5_digest);
PORT_Free(sha1_digest);
fclose(fp);
}
}
}
}
JAR_find_end(ctx);
return retval;
}
/*
* Add a module to the Data base
*/
static SECStatus
nssutil_AddSecmodDBEntry(const char *appName,
const char *filename, const char *dbname,
char *module, PRBool rw)
{
os_stat_type stat_existing;
os_open_permissions_type file_mode;
FILE *fd = NULL;
char *block = NULL;
PRBool libFound = PR_FALSE;
if (dbname == NULL) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
/* can't write to a read only module */
if (!rw) {
PORT_SetError(SEC_ERROR_READ_ONLY);
return SECFailure;
}
/* remove the previous version if it exists */
(void) nssutil_DeleteSecmodDBEntry(appName, filename, dbname, module, rw);
/* get the permissions of the existing file, or use the default */
if (!os_stat(dbname, &stat_existing)) {
file_mode = stat_existing.st_mode;
} else {
file_mode = os_open_permissions_default;
}
fd = lfopen(dbname, lfopen_append, file_mode);
if (fd == NULL) {
return SECFailure;
}
module = NSSUTIL_ArgStrip(module);
while (*module) {
int count;
char *keyEnd = PORT_Strchr(module,'=');
char *value;
if (PORT_Strncmp(module, "library=", 8) == 0) {
libFound=PR_TRUE;
}
if (keyEnd == NULL) {
block = nssutil_DupCat(block, module);
break;
}
block = nssutil_DupnCat(block, module, keyEnd-module+1);
if (block == NULL) { goto loser; }
value = NSSUTIL_ArgFetchValue(&keyEnd[1], &count);
if (value) {
block = nssutil_DupCat(block, NSSUTIL_ArgStrip(value));
PORT_Free(value);
}
if (block == NULL) { goto loser; }
block = nssutil_DupnCat(block, "\n", 1);
module = keyEnd + 1 + count;
module = NSSUTIL_ArgStrip(module);
}
if (block) {
if (!libFound) {
fprintf(fd,"library=\n");
}
fwrite(block, PORT_Strlen(block), 1, fd);
fprintf(fd,"\n");
PORT_Free(block);
block = NULL;
}
fclose(fd);
return SECSuccess;
loser:
PORT_Free(block);
fclose(fd);
return SECFailure;
}
/*
* Delete a module from the Data Base
*/
static SECStatus
nssutil_DeleteSecmodDBEntry(const char *appName,
const char *filename,
const char *dbname,
char *args,
PRBool rw)
{
/* SHDB_FIXME implement */
os_stat_type stat_existing;
os_open_permissions_type file_mode;
FILE *fd = NULL;
FILE *fd2 = NULL;
char line[MAX_LINE_LENGTH];
char *dbname2 = NULL;
char *block = NULL;
char *name = NULL;
char *lib = NULL;
int name_len = 0, lib_len = 0;
PRBool skip = PR_FALSE;
PRBool found = PR_FALSE;
if (dbname == NULL) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
if (!rw) {
PORT_SetError(SEC_ERROR_READ_ONLY);
return SECFailure;
}
dbname2 = PORT_Strdup(dbname);
if (dbname2 == NULL) goto loser;
dbname2[strlen(dbname)-1]++;
/* get the permissions of the existing file, or use the default */
if (!os_stat(dbname, &stat_existing)) {
file_mode = stat_existing.st_mode;
} else {
file_mode = os_open_permissions_default;
}
/* do we really want to use streams here */
fd = fopen(dbname, "r");
if (fd == NULL) goto loser;
fd2 = lfopen(dbname2, lfopen_truncate, file_mode);
if (fd2 == NULL) goto loser;
name = NSSUTIL_ArgGetParamValue("name",args);
if (name) {
name_len = PORT_Strlen(name);
}
lib = NSSUTIL_ArgGetParamValue("library",args);
if (lib) {
lib_len = PORT_Strlen(lib);
}
/*
* the following loop takes line separated config files and collapses
* the lines to a single string, escaping and quoting as necessary.
*/
/* loop state variables */
block = NULL;
skip = PR_FALSE;
while (fgets(line, sizeof(line), fd) != NULL) {
/* If we are processing a block (we haven't hit a blank line yet */
if (*line != '\n') {
/* skip means we are in the middle of a block we are deleting */
if (skip) {
continue;
}
/* if we haven't found the block yet, check to see if this block
* matches our requirements */
if (!found && ((name && (PORT_Strncasecmp(line,"name=",5) == 0) &&
(PORT_Strncmp(line+5,name,name_len) == 0)) ||
(lib && (PORT_Strncasecmp(line,"library=",8) == 0) &&
(PORT_Strncmp(line+8,lib,lib_len) == 0)))) {
/* yup, we don't need to save any more data, */
PORT_Free(block);
block=NULL;
/* we don't need to collect more of this block */
skip = PR_TRUE;
/* we don't need to continue searching for the block */
found =PR_TRUE;
continue;
}
/* not our match, continue to collect data in this block */
block = nssutil_DupCat(block,line);
continue;
}
/* we've collected a block of data that wasn't the module we were
* looking for, write it out */
if (block) {
fwrite(block, PORT_Strlen(block), 1, fd2);
PORT_Free(block);
block = NULL;
}
/* If we didn't just delete the this block, keep the blank line */
if (!skip) {
fputs(line,fd2);
}
/* we are definately not in a deleted block anymore */
skip = PR_FALSE;
}
fclose(fd);
fclose(fd2);
if (found) {
/* rename dbname2 to dbname */
PR_Delete(dbname);
PR_Rename(dbname2,dbname);
} else {
PR_Delete(dbname2);
}
PORT_Free(dbname2);
PORT_Free(lib);
PORT_Free(name);
PORT_Free(block);
return SECSuccess;
loser:
if (fd != NULL) {
fclose(fd);
}
if (fd2 != NULL) {
fclose(fd2);
}
if (dbname2) {
PR_Delete(dbname2);
PORT_Free(dbname2);
}
PORT_Free(lib);
PORT_Free(name);
return SECFailure;
}
char *getNSSPassword(PK11SlotInfo *slot, PRBool retry, void *arg)
{
secuPWData *pwdInfo = (secuPWData *)arg;
PRFileDesc *fd;
PRInt32 nb; /*number of bytes*/
char* password;
char* strings;
char* token=NULL;
const long maxPwdFileSize = NSSpwdfilesize;
int i, tlen=0;
if (slot) {
token = PK11_GetTokenName(slot);
if (token) {
tlen = PORT_Strlen(token);
/* openswan_log("authentication needed for token name %s with length %d",token,tlen); */
}
else {
return 0;
}
}
else {
return 0;
}
if(retry) return 0;
strings=PORT_ZAlloc(maxPwdFileSize);
if(!strings) {
openswan_log("Not able to allocate memory for reading NSS password file");
return 0;
}
if(pwdInfo->source == PW_FROMFILE) {
if(pwdInfo->data !=NULL) {
fd = PR_Open(pwdInfo->data, PR_RDONLY, 0);
if (!fd) {
PORT_Free(strings);
openswan_log("No password file \"%s\" exists.", pwdInfo->data);
return 0;
}
nb = PR_Read(fd, strings, maxPwdFileSize);
PR_Close(fd);
if (nb == 0) {
openswan_log("password file contains no data");
PORT_Free(strings);
return 0;
}
i = 0;
do
{
int start = i;
int slen;
while (strings[i] != '\r' && strings[i] != '\n' && i < nb) i++;
strings[i++] = '\0';
while ( (i<nb) && (strings[i] == '\r' || strings[i] == '\n')) {
strings[i++] = '\0';
}
password = &strings[start];
if (PORT_Strncmp(password, token, tlen)) continue;
slen = PORT_Strlen(password);
if (slen < (tlen+1)) continue;
if (password[tlen] != ':') continue;
password = &password[tlen+1];
break;
} while (i<nb);
password = PORT_Strdup((char*)password);
PORT_Free(strings);
/* openswan_log("Password passed to NSS is %s with length %d", password, PORT_Strlen(password)); */
return password;
}
else {
openswan_log("File with Password to NSS DB is not provided");
return 0;
}
}
openswan_log("nss password source is not specified as file");
return 0;
}
/*
* Add a module to the Data base
*/
static SECStatus
nssutil_AddSecmodDB(const char *appName,
const char *filename, const char *dbname,
char *module, PRBool rw)
{
FILE *fd = NULL;
char *block = NULL;
PRBool libFound = PR_FALSE;
if (dbname == NULL) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
/* can't write to a read only module */
if (!rw) {
PORT_SetError(SEC_ERROR_READ_ONLY);
return SECFailure;
}
/* remove the previous version if it exists */
(void) nssutil_DeleteSecmodDB(appName, filename,
dbname, module, rw);
fd = lfopen(dbname, "a+", O_CREAT|O_RDWR|O_APPEND);
if (fd == NULL) {
return SECFailure;
}
module = NSSUTIL_ArgStrip(module);
while (*module) {
int count;
char *keyEnd = PORT_Strchr(module,'=');
char *value;
if (PORT_Strncmp(module, "library=", 8) == 0) {
libFound=PR_TRUE;
}
if (keyEnd == NULL) {
block = nssutil_DupCat(block, module);
break;
}
block = nssutil_DupnCat(block, module, keyEnd-module+1);
if (block == NULL) { goto loser; }
value = NSSUTIL_ArgFetchValue(&keyEnd[1], &count);
if (value) {
block = nssutil_DupCat(block, NSSUTIL_ArgStrip(value));
PORT_Free(value);
}
if (block == NULL) { goto loser; }
block = nssutil_DupnCat(block, "\n", 1);
module = keyEnd + 1 + count;
module = NSSUTIL_ArgStrip(module);
}
if (block) {
if (!libFound) {
fprintf(fd,"library=\n");
}
fwrite(block, PORT_Strlen(block), 1, fd);
fprintf(fd,"\n");
PORT_Free(block);
block = NULL;
}
fclose(fd);
return SECSuccess;
loser:
PORT_Free(block);
fclose(fd);
return SECFailure;
}
