Пример #1
0
static CURLcode cert_stuff(struct connectdata *conn, int sockindex,
                           char *cert_file, char *key_file)
{
  struct SessionHandle *data = conn->data;
  CURLcode rv;

  if(cert_file) {
    rv = nss_load_cert(&conn->ssl[sockindex], cert_file, PR_FALSE);
    if(CURLE_OK != rv) {
      const PRErrorCode err = PR_GetError();
      if(!display_error(conn, err, cert_file)) {
        const char *err_name = nss_error_to_name(err);
        failf(data, "unable to load client cert: %d (%s)", err, err_name);
      }

      return rv;
    }
  }

  if(key_file || (is_file(cert_file))) {
    if(key_file)
      rv = nss_load_key(conn, sockindex, key_file);
    else
      /* In case the cert file also has the key */
      rv = nss_load_key(conn, sockindex, cert_file);
    if(CURLE_OK != rv) {
      const PRErrorCode err = PR_GetError();
      if(!display_error(conn, err, key_file)) {
        const char *err_name = nss_error_to_name(err);
        failf(data, "unable to load client key: %d (%s)", err, err_name);
      }

      return rv;
    }
  }

  return CURLE_OK;
}
Пример #2
0
void
PrintPRError(const char *aPrefix)
{
  const char *err = PR_ErrorToName(PR_GetError());
  if (err) {
    if (gDebugLevel >= DEBUG_ERRORS) {
      fprintf(stderr, "%s: %s\n", aPrefix, err);
    }
  } else {
    if (gDebugLevel >= DEBUG_ERRORS) {
      fprintf(stderr, "%s\n", aPrefix);
    }
  }
}
Пример #3
0
int pkcs11_login(pkcs11_handle_t *h, char *password)
{
  SECStatus rv;

  if (h->slot == NULL) {
    DBG("Login failed: No Slot selected");
    return -1;
  }
  rv = PK11_Authenticate(h->slot, PR_FALSE, password);
  if (rv != SECSuccess) {
    DBG1("Login failed: %s", SECU_Strerror(PR_GetError()));
  }
  return (rv == SECSuccess) ? 0 : -1;
}
int main(int argc, char **argv)
{
    PR_STDIO_INIT();
	t1 = PR_Open(NO_SUCH_FILE,  PR_RDONLY, 0666);
	if (t1 == NULL) {
		if (PR_GetError() == PR_FILE_NOT_FOUND_ERROR) {
			printf ("error code is PR_FILE_NOT_FOUND_ERROR, as expected\n");
			printf ("PASS\n");
			return 0;
		} else {
			printf ("error code is %d \n", PR_GetError());
			printf ("FAIL\n");
			return 1;
		}
	}
	printf ("File %s exists on this machine!?\n", NO_SUCH_FILE);
	if (PR_Close(t1) == PR_FAILURE) {
		printf ("cannot close file\n");
		printf ("error code is %d \n", PR_GetError());
	}
	printf ("FAIL\n");
	return 1;
}			
Пример #5
0
int main(int argc, char **argv)
{


#ifdef XP_MAC
	SetupMacPrintfLog("pr_open_re.log");
#endif
	

	
    PR_STDIO_INIT();
	err01 = PR_Open("err01.tmp", PR_CREATE_FILE | PR_RDWR, 0);
	if (err01 == NULL) 
		if (PR_GetError() == PR_NO_ACCESS_RIGHTS_ERROR) {
				printf ("error code is %d\n",PR_GetError());
				printf ("PASS\n");
			return 0;
		}
		else {
			printf ("FAIL\n");
			return 1;
		}
}			
Пример #6
0
/*
 * NSS allows you to load a specific module. If the user specified a module
 * to load, load it, otherwize select on of the standard modules from the
 * secmod.db list.
 */
int load_pkcs11_module(const char *pkcs11_module, pkcs11_handle_t **hp)
{
  pkcs11_handle_t *h = (pkcs11_handle_t *)calloc(sizeof(pkcs11_handle_t),1);
  SECMODModule *module = NULL;
#define SPEC_TEMPLATE "library=\"%s\" name=\"SmartCard\""
  char *moduleSpec = NULL;

  if (!pkcs11_module || (strcasecmp(pkcs11_module,"any module") == 0)) {
    h->is_user_module = PR_FALSE;
    h->module = NULL;
    *hp = h;
    return 0;
  }

  /* found it, use the existing module */
  module = find_module_by_library(pkcs11_module);
  if (module) {
    h->is_user_module = PR_FALSE;
    h->module = module;
    *hp = h;
    return 0;
  }

  /* specified module is not already loaded, load it now */
  moduleSpec = malloc(sizeof(SPEC_TEMPLATE) + strlen(pkcs11_module));
  if (!moduleSpec) {
    DBG1("Malloc failed when allocating module spec", strerror(errno));
    free (h);
    return -1;
  }
  sprintf(moduleSpec,SPEC_TEMPLATE, pkcs11_module);
  DBG2("loading Module explictly, moduleSpec=<%s> module=%s",
                                                moduleSpec, pkcs11_module);
  module = SECMOD_LoadUserModule(moduleSpec, NULL, 0);
  free(moduleSpec);
  if ((!module) || !module->loaded) {
    DBG1("Failed to load SmartCard software %s", SECU_Strerror(PR_GetError()));
    free (h);
    if (module) {
      SECMOD_DestroyModule(module);
    }
    return -1;
  }
  h->is_user_module = PR_TRUE;
  h->module = module;
  *hp = h;
  DBG("load module complete");
  return 0;
}
Пример #7
0
static bool
SpawnIOChild(char* const* aArgs, PRProcess** aPID,
             PRFileDesc** aFromChildFD, PRFileDesc** aToChildFD)
{
    PRFileDesc* toChildPipeRead;
    PRFileDesc* toChildPipeWrite;
    if (PR_CreatePipe(&toChildPipeRead, &toChildPipeWrite) != PR_SUCCESS)
        return false;
    PR_SetFDInheritable(toChildPipeRead, true);
    PR_SetFDInheritable(toChildPipeWrite, false);

    PRFileDesc* fromChildPipeRead;
    PRFileDesc* fromChildPipeWrite;
    if (PR_CreatePipe(&fromChildPipeRead, &fromChildPipeWrite) != PR_SUCCESS) {
        PR_Close(toChildPipeRead);
        PR_Close(toChildPipeWrite);
        return false;
    }
    PR_SetFDInheritable(fromChildPipeRead, false);
    PR_SetFDInheritable(fromChildPipeWrite, true);

    PRProcessAttr* attr = PR_NewProcessAttr();
    if (!attr) {
        PR_Close(fromChildPipeRead);
        PR_Close(fromChildPipeWrite);
        PR_Close(toChildPipeRead);
        PR_Close(toChildPipeWrite);
        return false;
    }

    PR_ProcessAttrSetStdioRedirect(attr, PR_StandardInput, toChildPipeRead);
    PR_ProcessAttrSetStdioRedirect(attr, PR_StandardOutput, fromChildPipeWrite);   

    PRProcess* process = PR_CreateProcess(aArgs[0], aArgs, nullptr, attr);
    PR_DestroyProcessAttr(attr);
    PR_Close(fromChildPipeWrite);
    PR_Close(toChildPipeRead);
    if (!process) {
        LOG(("ntlm_auth exec failure [%d]", PR_GetError()));
        PR_Close(fromChildPipeRead);
        PR_Close(toChildPipeWrite);
        return false;        
    }

    *aPID = process;
    *aFromChildFD = fromChildPipeRead;
    *aToChildFD = toChildPipeWrite;
    return true;
}
Пример #8
0
PRStatus FastFetchFile(PRFileDesc *in, PRFileDesc *out, PRUint32 size)
{
    PRInt32 nBytes;
    PRFileMap *outfMap;
    void *addr;
    char *start;
    PRUint32 rem;
    PRUint32 bytesToRead;
    PRStatus rv;
    PRInt64 sz64;

    LL_UI2L(sz64, size);
    outfMap = PR_CreateFileMap(out, sz64, PR_PROT_READWRITE);
    PR_ASSERT(outfMap);
    addr = PR_MemMap(outfMap, LL_ZERO, size);
    if (addr == (void *) -1) {
	fprintf(stderr, "cannot memory-map file: (%d, %d)\n", PR_GetError(),
		PR_GetOSError());

	PR_CloseFileMap(outfMap);
	return PR_FAILURE;
    }
    PR_ASSERT(addr != (void *) -1);
    start = (char *) addr;
    rem = size;
    while ((nBytes = DrainInputBuffer(start, rem)) > 0) {
	start += nBytes;
	rem -= nBytes;
    }
    if (nBytes < 0) {
	/* Input buffer is empty and end of stream */
	return PR_SUCCESS;
    }
    bytesToRead = (rem < FCOPY_BUFFER_SIZE) ? rem : FCOPY_BUFFER_SIZE;
    while (rem > 0 && (nBytes = PR_Read(in, start, bytesToRead)) > 0) {
	start += nBytes;
	rem -= nBytes;
        bytesToRead = (rem < FCOPY_BUFFER_SIZE) ? rem : FCOPY_BUFFER_SIZE;
    }
    if (nBytes < 0) {
	fprintf(stderr, "httpget: cannot read from socket\n");
	return PR_FAILURE;
    }
    rv = PR_MemUnmap(addr, size);
    PR_ASSERT(rv == PR_SUCCESS);
    rv = PR_CloseFileMap(outfMap);
    PR_ASSERT(rv == PR_SUCCESS);
    return PR_SUCCESS;
}
static void
_NSFC_PR_NT_CancelIo(PRFileDesc *fd)
{
#ifdef XP_WIN32
    PRErrorCode prerr = PR_GetError();
    PRInt32 oserr = PR_GetOSError();

    /* Attempt to load PR_NT_CancelIo() from the DLL that contains PR_Send() */
    static PRStatus (*pfnPR_NT_CancelIo)(PRFileDesc *fd) = NULL;
    if (pfnPR_NT_CancelIo == NULL) {
        MEMORY_BASIC_INFORMATION mbi;
        VirtualQuery(&PR_Send, &mbi, sizeof(mbi));
        pfnPR_NT_CancelIo = (PRStatus (*)(PRFileDesc *fd))GetProcAddress((HINSTANCE)mbi.AllocationBase, "PR_NT_CancelIo");
    }

    /* If we couldn't find PR_NT_CancelIo(), just use the dummy */
    if (pfnPR_NT_CancelIo == NULL)
        pfnPR_NT_CancelIo = &_NSFC_Dummy_NT_CancelIo;

    /* VB: _NSFC_PR_NT_CancelIo - calls PR_NT_CancelIo when an I/O timed out
     *     or was interrupted.
     */
    if (prerr == PR_IO_TIMEOUT_ERROR || prerr == PR_PENDING_INTERRUPT_ERROR) {
        // Need to cancel the i/o
        if (pfnPR_NT_CancelIo(fd) != PR_SUCCESS) {
            // VB: This should not happen. Assert when this happens
            // Get the error codes to make debugging a bit easier
            PRErrorCode cancelErr = PR_GetError();
            PRInt32 cancelOSErr = PR_GetOSError();
            PR_ASSERT(0);
        }
    }

    PR_SetError(prerr, oserr);
#endif
}
Пример #10
0
PR_IMPLEMENT(void) PL_FPrintError(PRFileDesc *fd, const char *msg)
{
    PRErrorCode error = PR_GetError();
    PRInt32 oserror = PR_GetOSError();
    const char *name = PR_ErrorToName(error);

    if (NULL != msg) PR_fprintf(fd, "%s: ", msg);
    if (NULL == name)
        PR_fprintf(
            fd, " (%d)OUT OF RANGE, oserror = %d\n", error, oserror);
    else
        PR_fprintf(
            fd, "%s(%d), oserror = %d\n",
            name, error, oserror);
}  /* PL_FPrintError */
Пример #11
0
/* Called when the socket is handhaking and has signaled that it
   is ready to continue. */
void
SSLSocket::handshakeContinue()
{
  assert (_state == State::Handshaking);
  if (SSL_ForceHandshake(_fd.get()) != SECSuccess) {
    PRErrorCode err = PR_GetError();
    if(PR_GetError() == PR_WOULD_BLOCK_ERROR) {
      /* Try again later */
    } else {
      /* Error while handshaking */
      close(make_nss_error(err));
    }
  } else {
    if (!is_negotiated_protocol_http2(_fd.get())) {
      close(make_mist_error(MIST_ERR_NOT_HTTP2));
    } else {
      _state = State::Open;
      if (_h.cb) {
        _h.cb(boost::system::error_code());
        _h.cb = nullptr;
      }
    }
  }
}
Пример #12
0
/* return number of sent (non-SSL) bytes */
int Curl_nss_send(struct connectdata *conn,  /* connection data */
                  int sockindex,             /* socketindex */
                  const void *mem,           /* send this data */
                  size_t len)                /* amount to write */
{
  int rc;

  rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, -1);

  if(rc < 0) {
    failf(conn->data, "SSL write: error %d", PR_GetError());
    return -1;
  }
  return rc; /* number of bytes */
}
Пример #13
0
static void
pluto_init_nss(char *confddir)
{
	char buf[100];
	snprintf(buf, sizeof(buf), "%s",confddir);
	loglog(RC_LOG_SERIOUS,"nss directory plutomain: %s",buf);
	SECStatus nss_init_status= NSS_InitReadWrite(buf);
	if (nss_init_status != SECSuccess) {
	    loglog(RC_LOG_SERIOUS, "NSS initialization failed (err %d)\n", PR_GetError());
        exit_pluto(10);
	} else {
	    libreswan_log("NSS Initialized");
	    PK11_SetPasswordFunc(getNSSPassword);
      }
}
Пример #14
0
int sxi_crypto_check_ver(struct sxi_logger *l)
{
    const char *compile_ver = NSS_VERSION;
    if (NSS_NoDB_Init("/") != SECSuccess) {
        sxi_log_msg(l, "sxi_crypto_check_ver", SX_LOG_CRIT,
                    "Failed to initialize NSS: %d", PR_GetError());
        return -1;
    }
    if(!NSS_VersionCheck(compile_ver)) {
	sxi_log_msg(l, "crypto_check_ver", SX_LOG_CRIT, "NSS library version mismatch: compiled: %s, runtime: %s", compile_ver, NSS_GetVersion());
	return -1; 
    }

    return 0;
}
Пример #15
0
void TransportLayerDtls::PacketReceived(TransportLayer* layer,
                                        const unsigned char *data,
                                        size_t len) {
  CheckThread();
  MOZ_MTLOG(ML_DEBUG, LAYER_INFO << "PacketReceived(" << len << ")");

  if (state_ != TS_CONNECTING && state_ != TS_OPEN) {
    MOZ_MTLOG(ML_DEBUG,
              LAYER_INFO << "Discarding packet in inappropriate state");
    return;
  }

  nspr_io_adapter_->PacketReceived(data, len);

  // If we're still connecting, try to handshake
  if (state_ == TS_CONNECTING) {
    Handshake();
  }

  // Now try a recv if we're open, since there might be data left
  if (state_ == TS_OPEN) {
    // nICEr uses a 9216 bytes buffer to allow support for jumbo frames
    unsigned char buf[9216];

    int32_t rv;
    // One packet might contain several DTLS packets
    do {
      rv = PR_Recv(ssl_fd_, buf, sizeof(buf), 0, PR_INTERVAL_NO_WAIT);
      if (rv > 0) {
        // We have data
        MOZ_MTLOG(ML_DEBUG, LAYER_INFO << "Read " << rv << " bytes from NSS");
        SignalPacketReceived(this, buf, rv);
      } else if (rv == 0) {
        TL_SET_STATE(TS_CLOSED);
      } else {
        int32_t err = PR_GetError();

        if (err == PR_WOULD_BLOCK_ERROR) {
          // This gets ignored
          MOZ_MTLOG(ML_DEBUG, LAYER_INFO << "Receive would have blocked");
        } else {
          MOZ_MTLOG(ML_NOTICE, LAYER_INFO << "NSS Error " << err);
          TL_SET_STATE(TS_ERROR);
        }
      }
    } while (rv > 0);
  }
}
Пример #16
0
static SECStatus nss_Init_Tokens(struct connectdata * conn)
{
  PK11SlotList *slotList;
  PK11SlotListElement *listEntry;
  SECStatus ret, status = SECSuccess;
  pphrase_arg_t *parg = NULL;

  parg = (pphrase_arg_t *) malloc(sizeof(*parg));
  parg->retryCount = 0;
  parg->data = conn->data;

  PK11_SetPasswordFunc(nss_get_password);

  slotList =
    PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_TRUE, NULL);

  for(listEntry = PK11_GetFirstSafe(slotList);
      listEntry; listEntry = listEntry->next) {
    PK11SlotInfo *slot = listEntry->slot;

    if(PK11_NeedLogin(slot) && PK11_NeedUserInit(slot)) {
      if(slot == PK11_GetInternalKeySlot()) {
        failf(conn->data, "The NSS database has not been initialized.\n");
      }
      else {
        failf(conn->data, "The token %s has not been initialized.",
              PK11_GetTokenName(slot));
      }
      PK11_FreeSlot(slot);
      continue;
    }

    ret = PK11_Authenticate(slot, PR_TRUE, parg);
    if(SECSuccess != ret) {
      if (PR_GetError() == SEC_ERROR_BAD_PASSWORD)
        infof(conn->data, "The password for token '%s' is incorrect\n",
              PK11_GetTokenName(slot));
      status = SECFailure;
      break;
    }
    parg->retryCount = 0; /* reset counter to 0 for the next token */
    PK11_FreeSlot(slot);
  }

  free(parg);

  return status;
}
PRInt64 _netlayer_method_available64(PRFileDesc *fd)
{
    PRInt64 rv = fd->lower->methods->available64(fd->lower);

    if (rv == -1 && PR_GetError() == PR_INVALID_METHOD_ERROR)
        rv = 0;

    if (rv != -1) {
        NetLayer *nl = (NetLayer *) fd->secret;
        PRInt64 sum = rv + nl->cursize - nl->pos;
        if (rv < sum)
            rv = sum;
    }

    return rv;
}
Пример #18
0
void TransportLayerDtls::Handshake() {
  TL_SET_STATE(TS_CONNECTING);

  // Clear the retransmit timer
  timer_->Cancel();

  SECStatus rv = SSL_ForceHandshake(ssl_fd_);

  if (rv == SECSuccess) {
    MOZ_MTLOG(ML_NOTICE,
              LAYER_INFO << "****** SSL handshake completed ******");
    if (!cert_ok_) {
      MOZ_MTLOG(ML_ERROR, LAYER_INFO << "Certificate check never occurred");
      TL_SET_STATE(TS_ERROR);
      return;
    }
    TL_SET_STATE(TS_OPEN);
  } else {
    int32_t err = PR_GetError();
    switch(err) {
      case SSL_ERROR_RX_MALFORMED_HANDSHAKE:
        MOZ_MTLOG(ML_ERROR, LAYER_INFO << "Malformed DTLS message; ignoring");
        // If this were TLS (and not DTLS), this would be fatal, but
        // here we're required to ignore bad messages, so fall through
      case PR_WOULD_BLOCK_ERROR:
        MOZ_MTLOG(ML_NOTICE, LAYER_INFO << "Handshake would have blocked");
        PRIntervalTime timeout;
        rv = DTLS_GetHandshakeTimeout(ssl_fd_, &timeout);
        if (rv == SECSuccess) {
          uint32_t timeout_ms = PR_IntervalToMilliseconds(timeout);

          MOZ_MTLOG(ML_DEBUG,
                    LAYER_INFO << "Setting DTLS timeout to " << timeout_ms);
          timer_->SetTarget(target_);
          timer_->InitWithFuncCallback(TimerCallback,
                                       this, timeout_ms,
                                       nsITimer::TYPE_ONE_SHOT);
        }
        break;
      default:
        MOZ_MTLOG(ML_ERROR, LAYER_INFO << "SSL handshake error "<< err);
        TL_SET_STATE(TS_ERROR);
        break;
    }
  }
}
Пример #19
0
void
e_msgport_put (EMsgPort *msgport, EMsg *msg)
{
	gint fd;
#ifdef HAVE_NSS
	PRFileDesc *prfd;
#endif

	g_return_if_fail (msgport != NULL);
	g_return_if_fail (msg != NULL);

	g_async_queue_lock (msgport->queue);

	msg->flags = 0;

	fd = msgport->pipe[1];
	while (fd >= 0) {
		if (E_WRITE (fd, "E", 1) > 0) {
			msg->flags |= MSG_FLAG_SYNC_WITH_PIPE;
			break;
		} else if (!E_IS_STATUS_INTR ()) {
			g_warning ("%s: Failed to write to pipe: %s",
				G_STRFUNC, g_strerror (errno));
			break;
		}
	}

#ifdef HAVE_NSS
	prfd = msgport->prpipe[1];
	while (prfd != NULL) {
		if (PR_Write (prfd, "E", 1) > 0) {
			msg->flags |= MSG_FLAG_SYNC_WITH_PR_PIPE;
			break;
		} else if (PR_GetError () != PR_PENDING_INTERRUPT_ERROR) {
			gchar *text = g_alloca (PR_GetErrorTextLength ());
			PR_GetErrorText (text);
			g_warning ("%s: Failed to write to NSPR pipe: %s",
				G_STRFUNC, text);
			break;
		}
	}
#endif

	g_async_queue_push_unlocked (msgport->queue, msg);
	g_async_queue_unlock (msgport->queue);
}
Пример #20
0
static void
msgport_sync_with_prpipe (PRFileDesc *prfd)
{
	gchar buffer[1];

	while (prfd != NULL) {
		if (PR_Read (prfd, buffer, 1) > 0)
			break;
		else if (PR_GetError () != PR_PENDING_INTERRUPT_ERROR) {
			gchar *text = g_alloca (PR_GetErrorTextLength ());
			PR_GetErrorText (text);
			g_warning ("%s: Failed to read from NSPR pipe: %s",
				G_STRFUNC, text);
			break;
		}
	}
}
Пример #21
0
PRStatus
nsSOCKSSocketInfo::ReadFromSocket(PRFileDesc *fd)
{
    int32_t rc;
    const uint8_t *end;

    if (!mAmountToRead) {
        LOGDEBUG(("socks: ReadFromSocket(), nothing to do"));
        return PR_SUCCESS;
    }

    if (!mDataIoPtr) {
        mDataIoPtr = mData + mDataLength;
        mDataLength += mAmountToRead;
    }

    end = mData + mDataLength;

    while (mDataIoPtr < end) {
        rc = PR_Read(fd, mDataIoPtr, end - mDataIoPtr);
        if (rc <= 0) {
            if (rc == 0) {
                LOGERROR(("socks: proxy server closed connection"));
                HandshakeFinished(PR_CONNECT_REFUSED_ERROR);
                return PR_FAILURE;
            } else if (PR_GetError() == PR_WOULD_BLOCK_ERROR) {
                LOGDEBUG(("socks: ReadFromSocket(), want read"));
            }
            break;
        }

        mDataIoPtr += rc;
    }

    LOGDEBUG(("socks: ReadFromSocket(), have %u bytes total",
             unsigned(mDataIoPtr - mData)));
    if (mDataIoPtr == end) {
        mDataIoPtr = nullptr;
        mAmountToRead = 0;
        mReadOffset = 0;
        return PR_SUCCESS;
    }

    return PR_FAILURE;
}
Пример #22
0
SECStatus
NSSCertDBTrustDomain::VerifyAndMaybeCacheEncodedOCSPResponse(
  const CERTCertificate* cert, CERTCertificate* issuerCert, PRTime time,
  uint16_t maxLifetimeInDays, const SECItem* encodedResponse,
  EncodedResponseSource responseSource, /*out*/ bool& expired)
{
  PRTime thisUpdate = 0;
  PRTime validThrough = 0;
  SECStatus rv = VerifyEncodedOCSPResponse(*this, cert, issuerCert, time,
                                           maxLifetimeInDays, encodedResponse,
                                           expired, &thisUpdate, &validThrough);
  PRErrorCode error = (rv == SECSuccess ? 0 : PR_GetError());
  // If a response was stapled and expired, we don't want to cache it. Return
  // early to simplify the logic here.
  if (responseSource == ResponseWasStapled && expired) {
    PR_ASSERT(rv != SECSuccess);
    return rv;
  }
  // validThrough is only trustworthy if the response successfully verifies
  // or it indicates a revoked or unknown certificate.
  // If this isn't the case, store an indication of failure (to prevent
  // repeatedly requesting a response from a failing server).
  if (rv != SECSuccess && error != SEC_ERROR_REVOKED_CERTIFICATE &&
      error != SEC_ERROR_OCSP_UNKNOWN_CERT) {
    validThrough = time + ServerFailureDelay;
  }
  if (responseSource == ResponseIsFromNetwork ||
      rv == SECSuccess ||
      error == SEC_ERROR_REVOKED_CERTIFICATE ||
      error == SEC_ERROR_OCSP_UNKNOWN_CERT) {
    PR_LOG(gCertVerifierLog, PR_LOG_DEBUG,
           ("NSSCertDBTrustDomain: caching OCSP response"));
    if (mOCSPCache.Put(cert, issuerCert, error, thisUpdate, validThrough)
          != SECSuccess) {
      return SECFailure;
    }
  }

  // If the verification failed, re-set to that original error
  // (the call to Put may have un-set it).
  if (rv != SECSuccess) {
    PR_SetError(error, 0);
  }
  return rv;
}
Пример #23
0
int
prldap_prerr2errno( void )
{
    int		oserr, i;
    PRInt32	nsprerr;

    nsprerr = PR_GetError();

    oserr = -1;		/* unknown */
    for ( i = 0; prldap_errormap[i].erm_nspr != PR_MAX_ERROR; ++i ) {
	if ( prldap_errormap[i].erm_nspr == nsprerr ) {
	    oserr = prldap_errormap[i].erm_system;
	    break;
	}
    }

    return( oserr );
}
Пример #24
0
NS_IMETHODIMP
nsPK11Token::CheckPassword(const nsACString& password, bool* _retval)
{
  NS_ENSURE_ARG_POINTER(_retval);
  SECStatus srv =
    PK11_CheckUserPassword(mSlot.get(), PromiseFlatCString(password).get());
  if (srv != SECSuccess) {
    *_retval =  false;
    PRErrorCode error = PR_GetError();
    if (error != SEC_ERROR_BAD_PASSWORD) {
      /* something really bad happened - throw an exception */
      return mozilla::psm::GetXPCOMFromNSSError(error);
    }
  } else {
    *_retval =  true;
  }
  return NS_OK;
}
Пример #25
0
void
nss_gen_err(const char *fmt, ...)
{
	va_list	ap;
	char	*text;
	int	len;

	va_start(ap, fmt);
	vfprintf(stderr, fmt, ap);
	va_end(ap);
	if ((len = PR_GetErrorTextLength()) > 0) {
		text = ac_alloc(len);
		if (PR_GetErrorText(text) > 0)
			fprintf(stderr, ": %s\n", text);
		ac_free(text);
	} else
		fprintf(stderr, ": %s.\n", nss_strerror(PR_GetError()));
}
Пример #26
0
static nsresult
ConnWrite(ipcConnectionState *s)
{
    nsresult rv = NS_OK;

    PR_Lock(s->lock);

    // write one message and then return.
    if (s->send_queue.First())
    {
        PRInt32 n = PR_Write(s->fds[SOCK].fd,
                             s->send_queue.First()->MsgBuf() + s->send_offset,
                             s->send_queue.First()->MsgLen() - s->send_offset);
        if (n <= 0)
        {
            PRErrorCode err = PR_GetError();
            if (err == PR_WOULD_BLOCK_ERROR)
            {
                // socket is full... we need to go back to polling.
            }
            else
            {
                LOG(("error writing to socket [err=%d]\n", err));
                rv = NS_ERROR_UNEXPECTED;
            }
        }
        else
        {
            s->send_offset += n;
            if (s->send_offset == s->send_queue.First()->MsgLen())
            {
                s->send_queue.DeleteFirst();
                s->send_offset = 0;

                // if the send queue is empty, then we need to stop trying to write.
                if (s->send_queue.IsEmpty())
                    s->fds[SOCK].in_flags &= ~PR_POLL_WRITE;
            }
        }
    }

    PR_Unlock(s->lock);
    return rv;
}
Пример #27
0
int nspr_nss_cleanup(void)
{
    SECStatus sret;

    /* nothing to do */
    if (nspr_nss_init_done == 0) return SECSuccess;

    sret = NSS_Shutdown();
    if (sret != SECSuccess) {
        DEBUG(SSSDBG_CRIT_FAILURE,
              "Error shutting down connection to NSS [%d]\n",
              PR_GetError());
        return EIO;
    }

    PR_Cleanup();
    nspr_nss_init_done = 0;
    return EOK;
}
Пример #28
0
/* static */
void WebCL_LibCL::unload (WebCL_LibCL* aInstance)
{
  D_METHOD_START;

  if (!(aInstance && aInstance->m_libHandle))
    return;

  if (PR_UnloadLibrary (aInstance->m_libHandle) == PR_FAILURE)
  {
    char *errText = getPRErrorText ();
    D_LOG (LOG_LEVEL_WARNING, "Failed to unload library %s: %s", aInstance->m_libName, errText);
    D_LOG (LOG_LEVEL_DEBUG, "  (prerr: %d oserr: %d)", PR_GetError(), PR_GetOSError());
    PR_FREEIF (errText);
  }
  else
  {
    D_LOG (LOG_LEVEL_DEBUG, "Unloaded library %s", aInstance->m_libName);
  }
}
NSFC_MakeDirectory(char *dirname, NSFCCache cip)
{
    NSFCFileInfo finfo;
    char *cp;
    PRStatus rv;

    /* Use the cache to remember which directories exist */
    rv = NSFC_GetFileInfo(dirname, &finfo, cip);
    if (rv == PR_SUCCESS) {

        /*
         * dirname exists - so succeed or fail depending on whether
         * it is a directory or not.
         */
        return (finfo.pr.type == PR_FILE_DIRECTORY) ? PR_SUCCESS : PR_FAILURE; 
    }

    /* Otherwise call NSFC_MakeDirectory() on the parent directory */
    cp = strrchr(dirname, '/');
    if (cp) {
        *cp = 0;
        rv = NSFC_MakeDirectory(dirname, cip);
        *cp = '/';
        if (rv == PR_FAILURE) {

            /* Failed to create the parent directory */
            return rv;
        }
    }

    /* Finally create the desired directory */
    rv = PR_MkDir(dirname, 0770);

    /* another thread may alreay created the directory if two
     * threads trying to MakeDirectory dirname at same time for
     * different files, e.g. dirname/file1, dirname/file2
     */
    if (rv == PR_FAILURE && PR_GetError() == PR_FILE_EXISTS_ERROR)
        return PR_SUCCESS;

    return rv;
}
Пример #30
0
int main(int argc, char **argv)
{
	char nameTooLong[TOO_LONG];
	int i;

	/* Generate a really long pathname */
	for (i = 0; i < TOO_LONG - 1; i++) {
		if (i % 10 == 0) {
			nameTooLong[i] = '/';
		} else {
			nameTooLong[i] = 'a';
		}
	}
	nameTooLong[TOO_LONG - 1] = 0;

#ifdef XP_MAC
	SetupMacPrintfLog("pr_open_re.log");
#endif
	
    PR_STDIO_INIT();
	t1 = PR_Open(nameTooLong, PR_RDWR, 0666);
	if (t1 == NULL) {
		if (PR_GetError() == PR_NAME_TOO_LONG_ERROR) {
            PL_PrintError("error code is");
			printf ("PASS\n");
			return 0;
		}
		else {
            PL_PrintError("error code is");
			printf ("FAIL\n");
			return 1;
		}
	}
	
		else {
			printf ("Test passed\n");
			return 0;
		}
	


}