# HG changeset patch # User Sascha Wilde # Date 1396598059 -7200 # Node ID f758460ca43736b7b0bdff0057d2127aed5b8312 # Parent fa37384b86b6404135fa6700d83dbf3685059005# Parent 2fd69803d2199668117cf55e42a7855a2b9d3fb7 Merged diff -r 2fd69803d219 -r f758460ca437 cinst/mozilla.c --- a/cinst/mozilla.c Thu Apr 03 16:35:21 2014 +0200 +++ b/cinst/mozilla.c Fri Apr 04 09:54:19 2014 +0200 @@ -66,6 +66,7 @@ #ifndef _WIN32 #define CONFDIRS ".mozilla", ".thunderbird" +#define NSSSHARED ".pki/nssdb" #define TARGET_LINUX 1 #else #define CONFDIRS "Mozilla", "Thunderbird" @@ -281,10 +282,11 @@ * caller. */ static char** -get_all_profile_dirs() +get_all_nssdb_dirs() { char **mozinis, **pdirs; char **alldirs = NULL; + /* Search Mozilla/Firefox/Thunderbird profiles */ if ((mozinis = get_profile_inis()) != NULL) { for (int i=0; mozinis[i] != NULL; i++) @@ -302,6 +304,19 @@ } strv_free(mozinis); } + /* Search for NSS shared DB (used by Chrome/Chromium on GNU/Linux) */ + if (TARGET_LINUX) + { + char buf[LINEBUFLEN], *fqpath; + snprintf(buf, LINEBUFLEN, "%s/%s", + get_conf_basedir(), NSSSHARED); + if ((fqpath = port_realpath(buf)) != NULL) + { + snprintf(buf, LINEBUFLEN, "sql:%s", fqpath); + strv_append(&alldirs, buf, strlen(buf)); + free(fqpath); + } + } return alldirs; } @@ -400,6 +415,8 @@ import_cert(char *pdir, SECItem *dercert) { PK11SlotInfo *pk11slot = NULL; + CERTCertTrust *trust = NULL; + CERTCertificate *cert = NULL; bool success = false; char *cert_name = nss_cert_name(dercert); @@ -407,16 +424,25 @@ if (NSS_Initialize(pdir, "", "", "secmod.db", 0) == SECSuccess) { pk11slot = PK11_GetInternalKeySlot(); - if (PK11_ImportDERCert(pk11slot, dercert, CK_INVALID_HANDLE, - cert_name, PR_FALSE) - == SECSuccess) + cert = CERT_DecodeCertFromPackage((char *)dercert->data, + (int)dercert->len); + trust = (CERTCertTrust *)xmalloc(sizeof(CERTCertTrust)); + CERT_DecodeTrustString(trust, "C"); + if ((PK11_ImportCert(pk11slot, cert, CK_INVALID_HANDLE, + cert_name, PR_FALSE) + == SECSuccess) && + (CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, trust) + == SECSuccess)) { + success = true; } else { DEBUGPRINTF("Failed to install certificate '%s' to '%s'!\n", cert_name, pdir); } + CERT_DestroyCertificate (cert); + PORT_Free(trust); PK11_FreeSlot(pk11slot); NSS_Shutdown(); } @@ -585,36 +611,36 @@ int main () { - char **pdirs; + char **dbdirs; seciteml_t *certs_to_remove = NULL; seciteml_t *certs_to_add = NULL; - pdirs = - get_all_profile_dirs(); + dbdirs = + get_all_nssdb_dirs(); - if (pdirs != NULL) + if (dbdirs != NULL) { parse_commands(&certs_to_add, &certs_to_remove); #ifdef DEBUGOUTPUT DEBUGPRINTF("OLD List of installed certs:\n"); - for (int i=0; pdirs[i] != NULL; i++) - DEBUG_nss_list_certs(pdirs[i]); + for (int i=0; dbdirs[i] != NULL; i++) + DEBUG_nss_list_certs(dbdirs[i]); #endif - if (! apply_to_certs_and_profiles(remove_cert, &certs_to_remove, pdirs)) + if (! apply_to_certs_and_profiles(remove_cert, &certs_to_remove, dbdirs)) return_code |= WARN_MOZ_COULD_NOT_REMOVE_CERT; - if (! apply_to_certs_and_profiles(import_cert, &certs_to_add, pdirs)) + if (! apply_to_certs_and_profiles(import_cert, &certs_to_add, dbdirs)) return_code |= WARN_MOZ_COULD_NOT_ADD_CERT; #ifdef DEBUGOUTPUT DEBUGPRINTF("NEW List of installed certs:\n"); - for (int i=0; pdirs[i] != NULL; i++) - DEBUG_nss_list_certs(pdirs[i]); + for (int i=0; dbdirs[i] != NULL; i++) + DEBUG_nss_list_certs(dbdirs[i]); #endif - strv_free(pdirs); + strv_free(dbdirs); } exit(return_code); }