andre@3: /* This Source Code Form is subject to the terms of the Mozilla Public andre@3: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@3: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@3: /* andre@3: * The following code handles the storage of PKCS 11 modules used by the andre@3: * NSS. This file is written to abstract away how the modules are andre@3: * stored so we can deside that later. andre@3: */ andre@3: andre@3: #include "lgdb.h" andre@3: #include "mcom_db.h" andre@3: #include "secerr.h" andre@3: #include "utilpars.h" andre@3: andre@3: #define FREE_CLEAR(p) if (p) { PORT_Free(p); p = NULL; } andre@3: andre@3: /* Construct a database key for a given module */ andre@3: static SECStatus lgdb_MakeKey(DBT *key, char * module) { andre@3: int len = 0; andre@3: char *commonName; andre@3: andre@3: commonName = NSSUTIL_ArgGetParamValue("name",module); andre@3: if (commonName == NULL) { andre@3: commonName = NSSUTIL_ArgGetParamValue("library",module); andre@3: } andre@3: if (commonName == NULL) return SECFailure; andre@3: len = PORT_Strlen(commonName); andre@3: key->data = commonName; andre@3: key->size = len; andre@3: return SECSuccess; andre@3: } andre@3: andre@3: /* free out constructed database key */ andre@3: static void andre@3: lgdb_FreeKey(DBT *key) andre@3: { andre@3: if (key->data) { andre@3: PORT_Free(key->data); andre@3: } andre@3: key->data = NULL; andre@3: key->size = 0; andre@3: } andre@3: andre@3: typedef struct lgdbDataStr lgdbData; andre@3: typedef struct lgdbSlotDataStr lgdbSlotData; andre@3: struct lgdbDataStr { andre@3: unsigned char major; andre@3: unsigned char minor; andre@3: unsigned char nameStart[2]; andre@3: unsigned char slotOffset[2]; andre@3: unsigned char internal; andre@3: unsigned char fips; andre@3: unsigned char ssl[8]; andre@3: unsigned char trustOrder[4]; andre@3: unsigned char cipherOrder[4]; andre@3: unsigned char reserved1; andre@3: unsigned char isModuleDB; andre@3: unsigned char isModuleDBOnly; andre@3: unsigned char isCritical; andre@3: unsigned char reserved[4]; andre@3: unsigned char names[6]; /* enough space for the length fields */ andre@3: }; andre@3: andre@3: struct lgdbSlotDataStr { andre@3: unsigned char slotID[4]; andre@3: unsigned char defaultFlags[4]; andre@3: unsigned char timeout[4]; andre@3: unsigned char askpw; andre@3: unsigned char hasRootCerts; andre@3: unsigned char reserved[18]; /* this makes it a round 32 bytes */ andre@3: }; andre@3: andre@3: #define LGDB_DB_VERSION_MAJOR 0 andre@3: #define LGDB_DB_VERSION_MINOR 6 andre@3: #define LGDB_DB_EXT1_VERSION_MAJOR 0 andre@3: #define LGDB_DB_EXT1_VERSION_MINOR 6 andre@3: #define LGDB_DB_NOUI_VERSION_MAJOR 0 andre@3: #define LGDB_DB_NOUI_VERSION_MINOR 4 andre@3: andre@3: #define LGDB_PUTSHORT(dest,src) \ andre@3: (dest)[1] = (unsigned char) ((src)&0xff); \ andre@3: (dest)[0] = (unsigned char) (((src) >> 8) & 0xff); andre@3: #define LGDB_PUTLONG(dest,src) \ andre@3: (dest)[3] = (unsigned char) ((src)&0xff); \ andre@3: (dest)[2] = (unsigned char) (((src) >> 8) & 0xff); \ andre@3: (dest)[1] = (unsigned char) (((src) >> 16) & 0xff); \ andre@3: (dest)[0] = (unsigned char) (((src) >> 24) & 0xff); andre@3: #define LGDB_GETSHORT(src) \ andre@3: ((unsigned short) (((src)[0] << 8) | (src)[1])) andre@3: #define LGDB_GETLONG(src) \ andre@3: ((unsigned long) (( (unsigned long) (src)[0] << 24) | \ andre@3: ( (unsigned long) (src)[1] << 16) | \ andre@3: ( (unsigned long) (src)[2] << 8) | \ andre@3: (unsigned long) (src)[3])) andre@3: andre@3: /* andre@3: * build a data base entry from a module andre@3: */ andre@3: static SECStatus andre@3: lgdb_EncodeData(DBT *data, char * module) andre@3: { andre@3: lgdbData *encoded = NULL; andre@3: lgdbSlotData *slot; andre@3: unsigned char *dataPtr; andre@3: unsigned short len, len2 = 0, len3 = 0; andre@3: int count = 0; andre@3: unsigned short offset; andre@3: int dataLen, i; andre@3: unsigned long order; andre@3: unsigned long ssl[2]; andre@3: char *commonName = NULL , *dllName = NULL, *param = NULL, *nss = NULL; andre@3: char *slotParams, *ciphers; andre@3: struct NSSUTILPreSlotInfoStr *slotInfo = NULL; andre@3: SECStatus rv = SECFailure; andre@3: andre@3: rv = NSSUTIL_ArgParseModuleSpec(module,&dllName,&commonName,¶m,&nss); andre@3: if (rv != SECSuccess) return rv; andre@3: rv = SECFailure; andre@3: andre@3: if (commonName == NULL) { andre@3: /* set error */ andre@3: goto loser; andre@3: } andre@3: andre@3: len = PORT_Strlen(commonName); andre@3: if (dllName) { andre@3: len2 = PORT_Strlen(dllName); andre@3: } andre@3: if (param) { andre@3: len3 = PORT_Strlen(param); andre@3: } andre@3: andre@3: slotParams = NSSUTIL_ArgGetParamValue("slotParams",nss); andre@3: slotInfo = NSSUTIL_ArgParseSlotInfo(NULL,slotParams,&count); andre@3: if (slotParams) PORT_Free(slotParams); andre@3: andre@3: if (count && slotInfo == NULL) { andre@3: /* set error */ andre@3: goto loser; andre@3: } andre@3: andre@3: dataLen = sizeof(lgdbData) + len + len2 + len3 + sizeof(unsigned short) + andre@3: count*sizeof(lgdbSlotData); andre@3: andre@3: data->data = (unsigned char *) PORT_ZAlloc(dataLen); andre@3: encoded = (lgdbData *)data->data; andre@3: dataPtr = (unsigned char *) data->data; andre@3: data->size = dataLen; andre@3: andre@3: if (encoded == NULL) { andre@3: /* set error */ andre@3: goto loser; andre@3: } andre@3: andre@3: encoded->major = LGDB_DB_VERSION_MAJOR; andre@3: encoded->minor = LGDB_DB_VERSION_MINOR; andre@3: encoded->internal = (unsigned char) andre@3: (NSSUTIL_ArgHasFlag("flags","internal",nss) ? 1 : 0); andre@3: encoded->fips = (unsigned char) andre@3: (NSSUTIL_ArgHasFlag("flags","FIPS",nss) ? 1 : 0); andre@3: encoded->isModuleDB = (unsigned char) andre@3: (NSSUTIL_ArgHasFlag("flags","isModuleDB",nss) ? 1 : 0); andre@3: encoded->isModuleDBOnly = (unsigned char) andre@3: (NSSUTIL_ArgHasFlag("flags","isModuleDBOnly",nss) ? 1 : 0); andre@3: encoded->isCritical = (unsigned char) andre@3: (NSSUTIL_ArgHasFlag("flags","critical",nss) ? 1 : 0); andre@3: andre@3: order = NSSUTIL_ArgReadLong("trustOrder", nss, andre@3: NSSUTIL_DEFAULT_TRUST_ORDER, NULL); andre@3: LGDB_PUTLONG(encoded->trustOrder,order); andre@3: order = NSSUTIL_ArgReadLong("cipherOrder", nss, andre@3: NSSUTIL_DEFAULT_CIPHER_ORDER, NULL); andre@3: LGDB_PUTLONG(encoded->cipherOrder,order); andre@3: andre@3: andre@3: ciphers = NSSUTIL_ArgGetParamValue("ciphers",nss); andre@3: NSSUTIL_ArgParseCipherFlags(&ssl[0], ciphers); andre@3: LGDB_PUTLONG(encoded->ssl,ssl[0]); andre@3: LGDB_PUTLONG(&encoded->ssl[4],ssl[1]); andre@3: if (ciphers) PORT_Free(ciphers); andre@3: andre@3: offset = (unsigned short) offsetof(lgdbData, names); andre@3: LGDB_PUTSHORT(encoded->nameStart,offset); andre@3: offset = offset + len + len2 + len3 + 3*sizeof(unsigned short); andre@3: LGDB_PUTSHORT(encoded->slotOffset,offset); andre@3: andre@3: andre@3: LGDB_PUTSHORT(&dataPtr[offset],((unsigned short)count)); andre@3: slot = (lgdbSlotData *)(dataPtr+offset+sizeof(unsigned short)); andre@3: andre@3: offset = 0; andre@3: LGDB_PUTSHORT(encoded->names,len); andre@3: offset += sizeof(unsigned short); andre@3: PORT_Memcpy(&encoded->names[offset],commonName,len); andre@3: offset += len; andre@3: andre@3: andre@3: LGDB_PUTSHORT(&encoded->names[offset],len2); andre@3: offset += sizeof(unsigned short); andre@3: if (len2) PORT_Memcpy(&encoded->names[offset],dllName,len2); andre@3: offset += len2; andre@3: andre@3: LGDB_PUTSHORT(&encoded->names[offset],len3); andre@3: offset += sizeof(unsigned short); andre@3: if (len3) PORT_Memcpy(&encoded->names[offset],param,len3); andre@3: offset += len3; andre@3: andre@3: if (count) { andre@3: for (i=0; i < count; i++) { andre@3: LGDB_PUTLONG(slot[i].slotID, slotInfo[i].slotID); andre@3: LGDB_PUTLONG(slot[i].defaultFlags, andre@3: slotInfo[i].defaultFlags); andre@3: LGDB_PUTLONG(slot[i].timeout,slotInfo[i].timeout); andre@3: slot[i].askpw = slotInfo[i].askpw; andre@3: slot[i].hasRootCerts = slotInfo[i].hasRootCerts; andre@3: PORT_Memset(slot[i].reserved, 0, sizeof(slot[i].reserved)); andre@3: } andre@3: } andre@3: rv = SECSuccess; andre@3: andre@3: loser: andre@3: if (commonName) PORT_Free(commonName); andre@3: if (dllName) PORT_Free(dllName); andre@3: if (param) PORT_Free(param); andre@3: if (slotInfo) PORT_Free(slotInfo); andre@3: if (nss) PORT_Free(nss); andre@3: return rv; andre@3: andre@3: } andre@3: andre@3: static void andre@3: lgdb_FreeData(DBT *data) andre@3: { andre@3: if (data->data) { andre@3: PORT_Free(data->data); andre@3: } andre@3: } andre@3: andre@3: static void andre@3: lgdb_FreeSlotStrings(char **slotStrings, int count) andre@3: { andre@3: int i; andre@3: andre@3: for (i=0; i < count; i++) { andre@3: if (slotStrings[i]) { andre@3: PR_smprintf_free(slotStrings[i]); andre@3: slotStrings[i] = NULL; andre@3: } andre@3: } andre@3: } andre@3: andre@3: /* andre@3: * build a module from the data base entry. andre@3: */ andre@3: static char * andre@3: lgdb_DecodeData(char *defParams, DBT *data, PRBool *retInternal) andre@3: { andre@3: lgdbData *encoded; andre@3: lgdbSlotData *slots; andre@3: PLArenaPool *arena; andre@3: char *commonName = NULL; andre@3: char *dllName = NULL; andre@3: char *parameters = NULL; andre@3: char *nss; andre@3: char *moduleSpec; andre@3: char **slotStrings = NULL; andre@3: unsigned char *names; andre@3: unsigned long slotCount; andre@3: unsigned long ssl0 =0; andre@3: unsigned long ssl1 =0; andre@3: unsigned long slotID; andre@3: unsigned long defaultFlags; andre@3: unsigned long timeout; andre@3: unsigned long trustOrder = NSSUTIL_DEFAULT_TRUST_ORDER; andre@3: unsigned long cipherOrder = NSSUTIL_DEFAULT_CIPHER_ORDER; andre@3: unsigned short len; andre@3: unsigned short namesOffset = 0; /* start of the names block */ andre@3: unsigned long namesRunningOffset; /* offset to name we are andre@3: * currently processing */ andre@3: unsigned short slotOffset; andre@3: PRBool isOldVersion = PR_FALSE; andre@3: PRBool internal; andre@3: PRBool isFIPS; andre@3: PRBool isModuleDB =PR_FALSE; andre@3: PRBool isModuleDBOnly =PR_FALSE; andre@3: PRBool extended =PR_FALSE; andre@3: int i; andre@3: andre@3: andre@3: arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); andre@3: if (arena == NULL) andre@3: return NULL; andre@3: andre@3: #define CHECK_SIZE(x) \ andre@3: if ((unsigned int) data->size < (unsigned int)(x)) goto db_loser andre@3: andre@3: /* ------------------------------------------------------------- andre@3: ** Process the buffer header, which is the lgdbData struct. andre@3: ** It may be an old or new version. Check the length for each. andre@3: */ andre@3: andre@3: CHECK_SIZE( offsetof(lgdbData, trustOrder[0]) ); andre@3: andre@3: encoded = (lgdbData *)data->data; andre@3: andre@3: internal = (encoded->internal != 0) ? PR_TRUE: PR_FALSE; andre@3: isFIPS = (encoded->fips != 0) ? PR_TRUE: PR_FALSE; andre@3: andre@3: if (retInternal) andre@3: *retInternal = internal; andre@3: if (internal) { andre@3: parameters = PORT_ArenaStrdup(arena,defParams); andre@3: if (parameters == NULL) andre@3: goto loser; andre@3: } andre@3: if (internal && (encoded->major == LGDB_DB_NOUI_VERSION_MAJOR) && andre@3: (encoded->minor <= LGDB_DB_NOUI_VERSION_MINOR)) { andre@3: isOldVersion = PR_TRUE; andre@3: } andre@3: if ((encoded->major == LGDB_DB_EXT1_VERSION_MAJOR) && andre@3: (encoded->minor >= LGDB_DB_EXT1_VERSION_MINOR)) { andre@3: CHECK_SIZE( sizeof(lgdbData)); andre@3: trustOrder = LGDB_GETLONG(encoded->trustOrder); andre@3: cipherOrder = LGDB_GETLONG(encoded->cipherOrder); andre@3: isModuleDB = (encoded->isModuleDB != 0) ? PR_TRUE: PR_FALSE; andre@3: isModuleDBOnly = (encoded->isModuleDBOnly != 0) ? PR_TRUE: PR_FALSE; andre@3: extended = PR_TRUE; andre@3: } andre@3: if (internal && !extended) { andre@3: trustOrder = 0; andre@3: cipherOrder = 100; andre@3: } andre@3: /* decode SSL cipher enable flags */ andre@3: ssl0 = LGDB_GETLONG(encoded->ssl); andre@3: ssl1 = LGDB_GETLONG(encoded->ssl + 4); andre@3: andre@3: slotOffset = LGDB_GETSHORT(encoded->slotOffset); andre@3: namesOffset = LGDB_GETSHORT(encoded->nameStart); andre@3: andre@3: andre@3: /*-------------------------------------------------------------- andre@3: ** Now process the variable length set of names. andre@3: ** The names have this structure: andre@3: ** struct { andre@3: ** BYTE commonNameLen[ 2 ]; andre@3: ** BYTE commonName [ commonNameLen ]; andre@3: ** BTTE libNameLen [ 2 ]; andre@3: ** BYTE libName [ libNameLen ]; andre@3: ** If it is "extended" it also has these members: andre@3: ** BYTE initStringLen[ 2 ]; andre@3: ** BYTE initString [ initStringLen ]; andre@3: ** } andre@3: */ andre@3: andre@3: namesRunningOffset = namesOffset; andre@3: /* copy the module's common name */ andre@3: CHECK_SIZE( namesRunningOffset + 2); andre@3: names = (unsigned char *)data->data; andre@3: len = LGDB_GETSHORT(names+namesRunningOffset); andre@3: andre@3: CHECK_SIZE( namesRunningOffset + 2 + len); andre@3: commonName = (char*)PORT_ArenaAlloc(arena,len+1); andre@3: if (commonName == NULL) andre@3: goto loser; andre@3: PORT_Memcpy(commonName, names + namesRunningOffset + 2, len); andre@3: commonName[len] = 0; andre@3: namesRunningOffset += len + 2; andre@3: andre@3: /* copy the module's shared library file name. */ andre@3: CHECK_SIZE( namesRunningOffset + 2); andre@3: len = LGDB_GETSHORT(names + namesRunningOffset); andre@3: if (len) { andre@3: CHECK_SIZE( namesRunningOffset + 2 + len); andre@3: dllName = (char*)PORT_ArenaAlloc(arena,len + 1); andre@3: if (dllName == NULL) andre@3: goto loser; andre@3: PORT_Memcpy(dllName, names + namesRunningOffset + 2, len); andre@3: dllName[len] = 0; andre@3: } andre@3: namesRunningOffset += len + 2; andre@3: andre@3: /* copy the module's initialization string, if present. */ andre@3: if (!internal && extended) { andre@3: CHECK_SIZE( namesRunningOffset + 2); andre@3: len = LGDB_GETSHORT(names+namesRunningOffset); andre@3: if (len) { andre@3: CHECK_SIZE( namesRunningOffset + 2 + len ); andre@3: parameters = (char*)PORT_ArenaAlloc(arena,len + 1); andre@3: if (parameters == NULL) andre@3: goto loser; andre@3: PORT_Memcpy(parameters,names + namesRunningOffset + 2, len); andre@3: parameters[len] = 0; andre@3: } andre@3: namesRunningOffset += len + 2; andre@3: } andre@3: andre@3: /* andre@3: * Consistency check: Make sure the slot and names blocks don't andre@3: * overlap. These blocks can occur in any order, so this check is made andre@3: * in 2 parts. First we check the case where the slot block starts andre@3: * after the name block. Later, when we have the slot block length, andre@3: * we check the case where slot block starts before the name block. andre@3: * NOTE: in most cases any overlap will likely be detected by invalid andre@3: * data read from the blocks, but it's better to find out sooner andre@3: * than later. andre@3: */ andre@3: if (slotOffset >= namesOffset) { /* slot block starts after name block */ andre@3: if (slotOffset < namesRunningOffset) { andre@3: goto db_loser; andre@3: } andre@3: } andre@3: andre@3: /* ------------------------------------------------------------------ andre@3: ** Part 3, process the slot table. andre@3: ** This part has this structure: andre@3: ** struct { andre@3: ** BYTE slotCount [ 2 ]; andre@3: ** lgdbSlotData [ slotCount ]; andre@3: ** { andre@3: */ andre@3: andre@3: CHECK_SIZE( slotOffset + 2 ); andre@3: slotCount = LGDB_GETSHORT((unsigned char *)data->data + slotOffset); andre@3: andre@3: /* andre@3: * Consistency check: Part 2. We now have the slot block length, we can andre@3: * check the case where the slotblock procedes the name block. andre@3: */ andre@3: if (slotOffset < namesOffset) { /* slot block starts before name block */ andre@3: if (namesOffset < slotOffset + 2 + slotCount*sizeof(lgdbSlotData)) { andre@3: goto db_loser; andre@3: } andre@3: } andre@3: andre@3: CHECK_SIZE( (slotOffset + 2 + slotCount * sizeof(lgdbSlotData))); andre@3: slots = (lgdbSlotData *) ((unsigned char *)data->data + slotOffset + 2); andre@3: andre@3: /* slotCount; */ andre@3: slotStrings = (char **)PORT_ArenaZAlloc(arena, slotCount * sizeof(char *)); andre@3: if (slotStrings == NULL) andre@3: goto loser; andre@3: for (i=0; i < (int) slotCount; i++, slots++) { andre@3: PRBool hasRootCerts =PR_FALSE; andre@3: PRBool hasRootTrust =PR_FALSE; andre@3: slotID = LGDB_GETLONG(slots->slotID); andre@3: defaultFlags = LGDB_GETLONG(slots->defaultFlags); andre@3: timeout = LGDB_GETLONG(slots->timeout); andre@3: hasRootCerts = slots->hasRootCerts; andre@3: if (isOldVersion && internal && (slotID != 2)) { andre@3: unsigned long internalFlags= andre@3: NSSUTIL_ArgParseSlotFlags("slotFlags", andre@3: NSSUTIL_DEFAULT_SFTKN_FLAGS); andre@3: defaultFlags |= internalFlags; andre@3: } andre@3: if (hasRootCerts && !extended) { andre@3: trustOrder = 100; andre@3: } andre@3: andre@3: slotStrings[i] = NSSUTIL_MkSlotString(slotID, defaultFlags, timeout, andre@3: (unsigned char)slots->askpw, andre@3: hasRootCerts, hasRootTrust); andre@3: if (slotStrings[i] == NULL) { andre@3: lgdb_FreeSlotStrings(slotStrings,i); andre@3: goto loser; andre@3: } andre@3: } andre@3: andre@3: nss = NSSUTIL_MkNSSString(slotStrings, slotCount, internal, isFIPS, andre@3: isModuleDB, isModuleDBOnly, internal, trustOrder, andre@3: cipherOrder, ssl0, ssl1); andre@3: lgdb_FreeSlotStrings(slotStrings,slotCount); andre@3: /* it's permissible (and normal) for nss to be NULL. it simply means andre@3: * there are no NSS specific parameters in the database */ andre@3: moduleSpec = NSSUTIL_MkModuleSpec(dllName,commonName,parameters,nss); andre@3: PR_smprintf_free(nss); andre@3: PORT_FreeArena(arena,PR_TRUE); andre@3: return moduleSpec; andre@3: andre@3: db_loser: andre@3: PORT_SetError(SEC_ERROR_BAD_DATABASE); andre@3: loser: andre@3: PORT_FreeArena(arena,PR_TRUE); andre@3: return NULL; andre@3: } andre@3: andre@3: static DB * andre@3: lgdb_OpenDB(const char *appName, const char *filename, const char *dbName, andre@3: PRBool readOnly, PRBool update) andre@3: { andre@3: DB *pkcs11db = NULL; andre@3: andre@3: andre@3: if (appName) { andre@3: char *secname = PORT_Strdup(filename); andre@3: int len = strlen(secname); andre@3: int status = RDB_FAIL; andre@3: andre@3: if (len >= 3 && PORT_Strcmp(&secname[len-3],".db") == 0) { andre@3: secname[len-3] = 0; andre@3: } andre@3: pkcs11db= andre@3: rdbopen(appName, "", secname, readOnly ? NO_RDONLY:NO_RDWR, NULL); andre@3: if (update && !pkcs11db) { andre@3: DB *updatedb; andre@3: andre@3: pkcs11db = rdbopen(appName, "", secname, NO_CREATE, &status); andre@3: if (!pkcs11db) { andre@3: if (status == RDB_RETRY) { andre@3: pkcs11db= rdbopen(appName, "", secname, andre@3: readOnly ? NO_RDONLY:NO_RDWR, NULL); andre@3: } andre@3: PORT_Free(secname); andre@3: return pkcs11db; andre@3: } andre@3: updatedb = dbopen(dbName, NO_RDONLY, 0600, DB_HASH, 0); andre@3: if (updatedb) { andre@3: db_Copy(pkcs11db,updatedb); andre@3: (*updatedb->close)(updatedb); andre@3: } else { andre@3: (*pkcs11db->close)(pkcs11db); andre@3: PORT_Free(secname); andre@3: return NULL; andre@3: } andre@3: } andre@3: PORT_Free(secname); andre@3: return pkcs11db; andre@3: } andre@3: andre@3: /* I'm sure we should do more checks here sometime... */ andre@3: pkcs11db = dbopen(dbName, readOnly ? NO_RDONLY : NO_RDWR, 0600, DB_HASH, 0); andre@3: andre@3: /* didn't exist? create it */ andre@3: if (pkcs11db == NULL) { andre@3: if (readOnly) andre@3: return NULL; andre@3: andre@3: pkcs11db = dbopen( dbName, NO_CREATE, 0600, DB_HASH, 0 ); andre@3: if (pkcs11db) andre@3: (* pkcs11db->sync)(pkcs11db, 0); andre@3: } andre@3: return pkcs11db; andre@3: } andre@3: andre@3: static void andre@3: lgdb_CloseDB(DB *pkcs11db) andre@3: { andre@3: (*pkcs11db->close)(pkcs11db); andre@3: } andre@3: andre@3: andre@3: SECStatus legacy_AddSecmodDB(const char *appName, const char *filename, andre@3: const char *dbname, char *module, PRBool rw); andre@3: andre@3: #define LGDB_STEP 10 andre@3: /* andre@3: * Read all the existing modules in andre@3: */ andre@3: char ** andre@3: legacy_ReadSecmodDB(const char *appName, const char *filename, andre@3: const char *dbname, char *params, PRBool rw) andre@3: { andre@3: DBT key,data; andre@3: int ret; andre@3: DB *pkcs11db = NULL; andre@3: char **moduleList = NULL, **newModuleList = NULL; andre@3: int moduleCount = 1; andre@3: int useCount = LGDB_STEP; andre@3: andre@3: moduleList = (char **) PORT_ZAlloc(useCount*sizeof(char **)); andre@3: if (moduleList == NULL) return NULL; andre@3: andre@3: pkcs11db = lgdb_OpenDB(appName,filename,dbname,PR_TRUE,rw); andre@3: if (pkcs11db == NULL) goto done; andre@3: andre@3: /* read and parse the file or data base */ andre@3: ret = (*pkcs11db->seq)(pkcs11db, &key, &data, R_FIRST); andre@3: if (ret) goto done; andre@3: andre@3: andre@3: do { andre@3: char *moduleString; andre@3: PRBool internal = PR_FALSE; andre@3: if ((moduleCount+1) >= useCount) { andre@3: useCount += LGDB_STEP; andre@3: newModuleList = andre@3: (char **)PORT_Realloc(moduleList,useCount*sizeof(char *)); andre@3: if (newModuleList == NULL) goto done; andre@3: moduleList = newModuleList; andre@3: PORT_Memset(&moduleList[moduleCount+1],0, andre@3: sizeof(char *)*LGDB_STEP); andre@3: } andre@3: moduleString = lgdb_DecodeData(params,&data,&internal); andre@3: if (internal) { andre@3: moduleList[0] = moduleString; andre@3: } else { andre@3: moduleList[moduleCount] = moduleString; andre@3: moduleCount++; andre@3: } andre@3: } while ( (*pkcs11db->seq)(pkcs11db, &key, &data, R_NEXT) == 0); andre@3: andre@3: done: andre@3: if (!moduleList[0]) { andre@3: char * newparams = NSSUTIL_Quote(params,'"'); andre@3: if (newparams) { andre@3: moduleList[0] = PR_smprintf( andre@3: NSSUTIL_DEFAULT_INTERNAL_INIT1 "%s" andre@3: NSSUTIL_DEFAULT_INTERNAL_INIT2 "%s" andre@3: NSSUTIL_DEFAULT_INTERNAL_INIT3, andre@3: newparams, NSSUTIL_DEFAULT_SFTKN_FLAGS); andre@3: PORT_Free(newparams); andre@3: } andre@3: } andre@3: /* deal with trust cert db here */ andre@3: andre@3: if (pkcs11db) { andre@3: lgdb_CloseDB(pkcs11db); andre@3: } else if (moduleList[0] && rw) { andre@3: legacy_AddSecmodDB(appName,filename,dbname,moduleList[0], rw) ; andre@3: } andre@3: if (!moduleList[0]) { andre@3: PORT_Free(moduleList); andre@3: moduleList = NULL; andre@3: } andre@3: return moduleList; andre@3: } andre@3: andre@3: SECStatus andre@3: legacy_ReleaseSecmodDBData(const char *appName, const char *filename, andre@3: const char *dbname, char **moduleSpecList, PRBool rw) andre@3: { andre@3: if (moduleSpecList) { andre@3: char **index; andre@3: for(index = moduleSpecList; *index; index++) { andre@3: PR_smprintf_free(*index); andre@3: } andre@3: PORT_Free(moduleSpecList); andre@3: } andre@3: return SECSuccess; andre@3: } andre@3: andre@3: /* andre@3: * Delete a module from the Data Base andre@3: */ andre@3: SECStatus andre@3: legacy_DeleteSecmodDB(const char *appName, const char *filename, andre@3: const char *dbname, char *args, PRBool rw) andre@3: { andre@3: DBT key; andre@3: SECStatus rv = SECFailure; andre@3: DB *pkcs11db = NULL; andre@3: int ret; andre@3: andre@3: if (!rw) return SECFailure; andre@3: andre@3: /* make sure we have a db handle */ andre@3: pkcs11db = lgdb_OpenDB(appName,filename,dbname,PR_FALSE,PR_FALSE); andre@3: if (pkcs11db == NULL) { andre@3: return SECFailure; andre@3: } andre@3: andre@3: rv = lgdb_MakeKey(&key,args); andre@3: if (rv != SECSuccess) goto done; andre@3: rv = SECFailure; andre@3: ret = (*pkcs11db->del)(pkcs11db, &key, 0); andre@3: lgdb_FreeKey(&key); andre@3: if (ret != 0) goto done; andre@3: andre@3: andre@3: ret = (*pkcs11db->sync)(pkcs11db, 0); andre@3: if (ret == 0) rv = SECSuccess; andre@3: andre@3: done: andre@3: lgdb_CloseDB(pkcs11db); andre@3: return rv; andre@3: } andre@3: andre@3: /* andre@3: * Add a module to the Data base andre@3: */ andre@3: SECStatus andre@3: legacy_AddSecmodDB(const char *appName, const char *filename, andre@3: const char *dbname, char *module, PRBool rw) andre@3: { andre@3: DBT key,data; andre@3: SECStatus rv = SECFailure; andre@3: DB *pkcs11db = NULL; andre@3: int ret; andre@3: andre@3: andre@3: if (!rw) return SECFailure; andre@3: andre@3: /* make sure we have a db handle */ andre@3: pkcs11db = lgdb_OpenDB(appName,filename,dbname,PR_FALSE,PR_FALSE); andre@3: if (pkcs11db == NULL) { andre@3: return SECFailure; andre@3: } andre@3: andre@3: rv = lgdb_MakeKey(&key,module); andre@3: if (rv != SECSuccess) goto done; andre@3: rv = lgdb_EncodeData(&data,module); andre@3: if (rv != SECSuccess) { andre@3: lgdb_FreeKey(&key); andre@3: goto done; andre@3: } andre@3: rv = SECFailure; andre@3: ret = (*pkcs11db->put)(pkcs11db, &key, &data, 0); andre@3: lgdb_FreeKey(&key); andre@3: lgdb_FreeData(&data); andre@3: if (ret != 0) goto done; andre@3: andre@3: ret = (*pkcs11db->sync)(pkcs11db, 0); andre@3: if (ret == 0) rv = SECSuccess; andre@3: andre@3: done: andre@3: lgdb_CloseDB(pkcs11db); andre@3: return rv; andre@3: }