Make the following functions open the databases Readonly:

ListCerts PrintHelp ListKeys ListModules CheckCertValidity Version Add an option (-X) to restore the old behaviour of openning the Databases R/W
author: relyea%netscape.com <devnull@localhost> 2002-02-01 02:26:40 +0000
committer: relyea%netscape.com <devnull@localhost> 2002-02-01 02:26:40 +0000
commit: f43f8fac02cae60bf98c8d105f84f0a715ebe17b (patch)
tree: 37400244b2e19652d1331192242a64664ba76d6f
parent: 9279f92078fe6b6246f36accf2842a8dc40b2eef (diff)
download: nss-hg-f43f8fac02cae60bf98c8d105f84f0a715ebe17b.tar.gz
1 files changed, 27 insertions, 5 deletions
diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c
index 7687fad11..ffbfe8e2f 100644
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -1108,14 +1108,15 @@ Usage(char *progName)
 	"\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
     FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|rsa|all]\n", 
 	progName);
-    FPS "\t\t [-f pwfile] [-d certdir] [-P dbprefix]\n");
-    FPS "\t%s -L [-n cert-name] [-d certdir] [-P dbprefix] [-r] [-a]\n", progName);
+    FPS "\t\t [-f pwfile] [-X] [-d certdir] [-P dbprefix]\n");
+    FPS "\t%s -L [-n cert-name] [-X] [-d certdir] [-P dbprefix] [-r] [-a]\n", progName);
     FPS "\t%s -M -n cert-name -t trustargs [-d certdir] [-P dbprefix]\n",
 	progName);
     FPS "\t%s -R -s subj -o cert-request-file [-d certdir] [-P dbprefix] [-p phone] [-a]\n"
 	"\t\t [-k key-type] [-h token-name] [-f pwfile] [-g key-size]\n",
 	progName);
-    FPS "\t%s -V -n cert-name -u usage [-b time] [-e] [-d certdir] [-P dbprefix]\n",
+    FPS "\t%s -V -n cert-name -u usage [-b time] [-e] \n",
+	"\t\t[-X] [-d certdir] [-P dbprefix]\n",
 	progName);
     FPS "\t%s -S -n cert-name -s subj [-c issuer-name | -x]  -t trustargs\n"
 	"\t\t [-k key-type] [-h token-name] [-g key-size]\n"
@@ -1123,7 +1124,7 @@ Usage(char *progName)
 	"\t\t [-f pwfile] [-d certdir] [-P dbprefix]\n"
         "\t\t [-p phone] [-1] [-2] [-3] [-4] [-5] [-6]\n",
 	progName);
-    FPS "\t%s -U [-d certdir] [-P dbprefix]\n", progName);
+    FPS "\t%s -U [-X] [-d certdir] [-P dbprefix]\n", progName);
     exit(1);
 }
 
@@ -1234,6 +1235,9 @@ static void LongUsage(char *progName)
         "   -d moddir");
     FPS "%-20s Cert & Key database prefix\n",
 	"   -P dbprefix");
+    FPS "%-20s force the database to open R/W\n",
+	"   -X");
+    FPS "\n");
 
     FPS "%-15s List all keys\n", /*, or print out a single named key\n",*/
         "-K");
@@ -1248,6 +1252,8 @@ static void LongUsage(char *progName)
 	"   -d keydir");
     FPS "%-20s Cert & Key database prefix\n",
 	"   -P dbprefix");
+    FPS "%-20s force the database to open R/W\n",
+	"   -X");
     FPS "\n");
 
     FPS "%-15s List all certs, or print out a single named cert\n",
@@ -1258,6 +1264,8 @@ static void LongUsage(char *progName)
 	"   -d certdir");
     FPS "%-20s Cert & Key database prefix\n",
 	"   -P dbprefix");
+    FPS "%-20s force the database to open R/W\n",
+	"   -X");
     FPS "%-20s For single cert, print binary DER encoding\n",
 	"   -r");
     FPS "%-20s For single cert, print ASCII encoding (RFC1113)\n",
@@ -1334,6 +1342,8 @@ static void LongUsage(char *progName)
 	"   -d certdir");
     FPS "%-20s Cert & Key database prefix\n",
 	"   -P dbprefix");
+    FPS "%-20s force the database to open R/W\n",
+	"   -X");
     FPS "\n");
 
     FPS "%-15s Make a certificate and add to database\n",
@@ -2211,6 +2221,7 @@ enum {
     opt_Validity,
     opt_OffsetMonths,
     opt_SelfSign,
+    opt_RW,
     opt_Exponent,
     opt_NoiseFile
 };
@@ -2272,6 +2283,7 @@ static secuCommandFlag certutil_options[] =
 	{ /* opt_Validity            */  'v', PR_TRUE,  0, PR_FALSE },
 	{ /* opt_OffsetMonths        */  'w', PR_TRUE,  0, PR_FALSE },
 	{ /* opt_SelfSign            */  'x', PR_FALSE, 0, PR_FALSE },
+	{ /* opt_RW                  */  'X', PR_FALSE, 0, PR_FALSE },
 	{ /* opt_Exponent            */  'y', PR_TRUE,  0, PR_FALSE },
 	{ /* opt_NoiseFile           */  'z', PR_TRUE,  0, PR_FALSE }
 };
@@ -2300,6 +2312,7 @@ main(int argc, char **argv)
     int         commandsEntered = 0;
     char        commandToRun    = '\0';
     secuPWData  pwdata          = { PW_NONE, 0 };
+    PRBool 	readOnly	= PR_FALSE;
 
     SECKEYPrivateKey *privkey;
     SECKEYPublicKey *pubkey = NULL;
@@ -2450,6 +2463,15 @@ main(int argc, char **argv)
 	Usage(progName);
     }
 
+    if (certutil.commands[cmd_ListCerts].activated ||
+         certutil.commands[cmd_PrintHelp].activated ||
+         certutil.commands[cmd_ListKeys].activated ||
+         certutil.commands[cmd_ListModules].activated ||
+         certutil.commands[cmd_CheckCertValidity].activated ||
+         certutil.commands[cmd_Version].activated ) {
+	readOnly = !certutil.options[opt_RW].activated;
+    }
+
     /*  -A, -D, -F, -M, -S, -V, and all require -n  */
     if ((certutil.commands[cmd_AddCert].activated ||
          certutil.commands[cmd_DeleteCert].activated ||
@@ -2608,7 +2630,7 @@ main(int argc, char **argv)
     /*  Initialize NSPR and NSS.  */
     PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
     rv = NSS_Initialize(SECU_ConfigDirectory(NULL), certPrefix, certPrefix,
-                        "secmod.db", 0);
+                        "secmod.db", readOnly ? NSS_INIT_READONLY: 0);
     if (rv != SECSuccess) {
 	SECU_PrintPRandOSError(progName);
 	rv = SECFailure;
author	relyea%netscape.com <devnull@localhost>	2002-02-01 02:26:40 +0000
committer	relyea%netscape.com <devnull@localhost>	2002-02-01 02:26:40 +0000
commit	f43f8fac02cae60bf98c8d105f84f0a715ebe17b (patch)
tree	37400244b2e19652d1331192242a64664ba76d6f
parent	9279f92078fe6b6246f36accf2842a8dc40b2eef (diff)
download	nss-hg-f43f8fac02cae60bf98c8d105f84f0a715ebe17b.tar.gz