diff options
| author | cvs2hg <devnull@localhost> | 2002-07-16 21:13:41 +0000 |
|---|---|---|
| committer | cvs2hg <devnull@localhost> | 2002-07-16 21:13:41 +0000 |
| commit | 38bd9391f039fc03595e13ad39bae20aac55f440 (patch) | |
| tree | df896ed14066c7c631f110b31f749278050a2f5b | |
| parent | a13e9d5d8b116453e52afae07796280eec2b2d32 (diff) | |
| download | nss-hg-38bd9391f039fc03595e13ad39bae20aac55f440.tar.gz | |
fixup commit for tag 'ROGC_20020802_FREEZE'ROGC_20020802_FREEZE
28 files changed, 1329 insertions, 1473 deletions
diff --git a/dbm/src/h_bigkey.c b/dbm/src/h_bigkey.c index 855f10725..53a1a00f3 100644 --- a/dbm/src/h_bigkey.c +++ b/dbm/src/h_bigkey.c @@ -364,7 +364,6 @@ __big_return( BUFHEAD *save_p; uint16 *bp, len, off, save_addr; char *tp; - int save_flags; bp = (uint16 *)bufp->page; while (bp[ndx + 1] == PARTIAL_KEY) { @@ -429,12 +428,7 @@ __big_return( return (0); } - /* pin our saved buf so that we don't lose if - * we run out of buffers */ - save_flags = save_p->flags; - save_p->flags |= BUF_PIN; val->size = collect_data(hashp, bufp, (int)len, set_current); - save_p->flags = save_flags; if (val->size == (size_t)-1) return (-1); if (save_p->addr != save_addr) { @@ -446,14 +440,9 @@ __big_return( val->data = (uint8 *)hashp->tmp_buf; return (0); } - - /* - * Count how big the total datasize is by looping through the pages. Then - * allocate a buffer and copy the data in the second loop. NOTE: Our caller - * may already have a bp which it is holding onto. The caller is - * responsible for copying that bp into our temp buffer. 'len' is how much - * space to reserve for that buffer. + * Count how big the total datasize is by recursing through the pages. Then + * allocate a buffer and copy the data as you recurse up. */ static int collect_data( @@ -462,81 +451,56 @@ collect_data( int len, int set) { register uint16 *bp; - BUFHEAD *save_bufp; - int save_flags; + register char *p; + BUFHEAD *xbp; + uint16 save_addr; int mylen, totlen; - /* - * save the input buf head because we need to walk the list twice. - * pin it to make sure it doesn't leave the buffer pool. - * This has the effect of growing the buffer pool if necessary. - */ - save_bufp = bufp; - save_flags = save_bufp->flags; - save_bufp->flags |= BUF_PIN; - - /* read the length of the buffer */ - for (totlen = len; bufp ; bufp = __get_buf(hashp, bp[bp[0]-1], bufp, 0)) { - bp = (uint16 *)bufp->page; - mylen = hashp->BSIZE - bp[1]; - - /* if mylen ever goes negative it means that the - * page is screwed up. - */ - if (mylen < 0) { - save_bufp->flags = save_flags; - return (-1); - } - totlen += mylen; - if (bp[2] == FULL_KEY_DATA) { /* End of Data */ - break; - } - } - - if (!bufp) { - save_bufp->flags = save_flags; - return (-1); - } + p = bufp->page; + bp = (uint16 *)p; + mylen = hashp->BSIZE - bp[1]; - /* allocate a temp buf */ - if (hashp->tmp_buf) - free(hashp->tmp_buf); - if ((hashp->tmp_buf = (char *)malloc((size_t)totlen)) == NULL) { - save_bufp->flags = save_flags; + /* if mylen ever goes negative it means that the + * page is screwed up. + */ + if(mylen < 0) return (-1); - } - /* copy the buffers back into temp buf */ - for (bufp = save_bufp; bufp ; - bufp = __get_buf(hashp, bp[bp[0]-1], bufp, 0)) { - bp = (uint16 *)bufp->page; - mylen = hashp->BSIZE - bp[1]; - memmove(&hashp->tmp_buf[len], (bufp->page) + bp[1], (size_t)mylen); - len += mylen; - if (bp[2] == FULL_KEY_DATA) { - break; - } - } - - /* 'clear' the pin flags */ - save_bufp->flags = save_flags; + save_addr = bufp->addr; - /* update the database cursor */ - if (set) { - hashp->cndx = 1; - if (bp[0] == 2) { /* No more buckets in chain */ - hashp->cpage = NULL; - hashp->cbucket++; - } else { - hashp->cpage = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); - if (!hashp->cpage) - return (-1); - else if (!((uint16 *)hashp->cpage->page)[0]) { - hashp->cbucket++; + if (bp[2] == FULL_KEY_DATA) { /* End of Data */ + totlen = len + mylen; + if (hashp->tmp_buf) + free(hashp->tmp_buf); + if ((hashp->tmp_buf = (char *)malloc((size_t)totlen)) == NULL) + return (-1); + if (set) { + hashp->cndx = 1; + if (bp[0] == 2) { /* No more buckets in chain */ hashp->cpage = NULL; + hashp->cbucket++; + } else { + hashp->cpage = + __get_buf(hashp, bp[bp[0] - 1], bufp, 0); + if (!hashp->cpage) + return (-1); + else if (!((uint16 *)hashp->cpage->page)[0]) { + hashp->cbucket++; + hashp->cpage = NULL; + } } } + } else { + xbp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0); + if (!xbp || ((totlen = + collect_data(hashp, xbp, len + mylen, set)) < 1)) + return (-1); + } + if (bufp->addr != save_addr) { + errno = EINVAL; /* Out of buffers. */ + return (-1); } + memmove(&hashp->tmp_buf[len], (bufp->page) + bp[1], (size_t)mylen); return (totlen); } diff --git a/dbm/src/hash.c b/dbm/src/hash.c index d984c5f30..82d6dba37 100644 --- a/dbm/src/hash.c +++ b/dbm/src/hash.c @@ -566,11 +566,9 @@ hdestroy(HTAB *hashp) #endif free(hashp->filename); } - if (hashp->tmp_buf) - free(hashp->tmp_buf); - if (hashp->tmp_key) - free(hashp->tmp_key); + free(hashp); + if (save_errno) { errno = save_errno; return (DBM_ERROR); @@ -902,7 +900,7 @@ hash_access( n = *bp++; ndx = 1; off = hashp->BSIZE; - } else if (bp[1] < REAL_KEY) { + } else if (bp[1] < REAL_KEY) { if ((ndx = __find_bigpair(hashp, rbufp, ndx, kp, (int)size)) > 0) goto found; diff --git a/dbm/src/hash_buf.c b/dbm/src/hash_buf.c index d1193de6f..7bfe01a34 100644 --- a/dbm/src/hash_buf.c +++ b/dbm/src/hash_buf.c @@ -284,12 +284,6 @@ newbuf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp) xbp->ovfl = 0; xbp = next_xbp; - /* leave pinned pages alone, we are still using - * them. */ - if (xbp->flags & BUF_PIN) { - continue; - } - /* Check that ovfl pointer is up date. */ if (IS_BUCKET(xbp->flags) || (oaddr != xbp->addr)) diff --git a/security/coreconf/AIX5.1.mk b/security/coreconf/AIX5.1.mk deleted file mode 100644 index daa999ba7..000000000 --- a/security/coreconf/AIX5.1.mk +++ /dev/null @@ -1,54 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for AIX5.1 -# - -include $(CORE_DEPTH)/coreconf/AIX.mk - - -ifeq ($(USE_64), 1) -# Next line replaced by generic name handling in arch.mk -# COMPILER_TAG = _64 - OS_CFLAGS += -DAIX_64BIT - OBJECT_MODE=64 - export OBJECT_MODE -endif -DSO_LDOPTS = -brtl -bM:SRE -bnoentry -MKSHLIB = $(LD) $(DSO_LDOPTS) -lsvld -L/usr/lpp/xlC/lib -lc -lm - -OS_LIBS += -L/usr/lpp/xlC/lib -lc -lm -ifdef MAPFILE -DSO_LDOPTS += -bexport:$(MAPFILE) -else -DSO_LDOPTS += -bexpall -endif diff --git a/security/coreconf/Darwin.mk b/security/coreconf/Darwin.mk index 59f5af8fd..6c2b93c9d 100644 --- a/security/coreconf/Darwin.mk +++ b/security/coreconf/Darwin.mk @@ -70,7 +70,5 @@ DSO_LDOPTS = -dynamiclib -compatibility_version 1 -current_version 1 -install_na MKSHLIB = $(CC) -arch $(CPU_ARCH) $(DSO_LDOPTS) DLL_SUFFIX = dylib -PROCESS_MAP_FILE = grep -v ';+' $(LIBRARY_NAME).def | grep -v ';-' | \ - sed -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,,' -e 's,^,_,' > $@ G++INCLUDES = -I/usr/include/g++ diff --git a/security/coreconf/HP-UXB.11.20.mk b/security/coreconf/HP-UXB.11.20.mk deleted file mode 100644 index a638736c5..000000000 --- a/security/coreconf/HP-UXB.11.20.mk +++ /dev/null @@ -1,55 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 2002 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# On HP-UX 10.30 and 11.x, the default implementation strategy is -# pthreads. Classic nspr and pthreads-user are also available. -# - -ifeq ($(OS_RELEASE),B.11.20) -OS_CFLAGS += -DHPUX10 -DEFAULT_IMPL_STRATEGY = _PTH -endif - -# -# To use the true pthread (kernel thread) library on 10.30 and -# 11.x, we should define _POSIX_C_SOURCE to be 199506L. -# The _REENTRANT macro is deprecated. -# - -ifdef USE_PTHREADS - OS_CFLAGS += -D_POSIX_C_SOURCE=199506L -endif - -# -# Config stuff for HP-UXB.11.x. -# -include $(CORE_DEPTH)/coreconf/HP-UXB.11.mk diff --git a/security/coreconf/HP-UXB.11.mk b/security/coreconf/HP-UXB.11.mk index 5b489014f..08463214d 100644 --- a/security/coreconf/HP-UXB.11.mk +++ b/security/coreconf/HP-UXB.11.mk @@ -41,22 +41,14 @@ endif ifndef NS_USE_GCC CCC = /opt/aCC/bin/aCC -ext ifeq ($(USE_64), 1) - ifeq ($(OS_TEST), ia64) - OS_CFLAGS += -Aa +e +p +DD64 - else - OS_CFLAGS += -Aa +e +DA2.0W +DS2.0 +DChpux - endif + OS_CFLAGS += -Aa +e +DA2.0W +DS2.0 +DChpux # Next line replaced by generic name handling in arch.mk # COMPILER_TAG = _64 else - ifeq ($(OS_TEST), ia64) - OS_CFLAGS += -Aa +e +p +DD32 + ifdef USE_HYBRID + OS_CFLAGS += -Aa +e +DA2.0 +DS2.0 else - ifdef USE_HYBRID - OS_CFLAGS += -Aa +e +DA2.0 +DS2.0 - else - OS_CFLAGS += +DAportable +DS2.0 - endif + OS_CFLAGS += +DAportable +DS2.0 endif endif else diff --git a/security/coreconf/OpenBSD.mk b/security/coreconf/OpenBSD.mk deleted file mode 100644 index 14fa73489..000000000 --- a/security/coreconf/OpenBSD.mk +++ /dev/null @@ -1,62 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -# Config stuff for OpenBSD -# - -include $(CORE_DEPTH)/coreconf/UNIX.mk - -DEFAULT_COMPILER = gcc -CC = gcc -CCC = g++ -RANLIB = ranlib - -CPU_ARCH := $(shell uname -p) -ifeq ($(CPU_ARCH),i386) -OS_REL_CFLAGS = -Di386 -CPU_ARCH = x86 -endif - -DLL_SUFFIX = so.1.0 - -OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) -ansi -Wall -pipe -DOPENBSD - -OS_LIBS = - -ARCH = openbsd - -DSO_CFLAGS = -fPIC -DPIC -DSO_LDOPTS = -shared -Wl,-soname,lib$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX) -DSO_LDFLAGS = - -MKSHLIB = $(CC) $(DSO_LDOPTS) - diff --git a/security/coreconf/config.mk b/security/coreconf/config.mk index 01b633be8..7ad0d1e16 100644 --- a/security/coreconf/config.mk +++ b/security/coreconf/config.mk @@ -58,7 +58,7 @@ endif # one for each OS release. # ####################################################################### -TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin BeOS OpenBSD +TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin BeOS ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET))) include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk diff --git a/security/coreconf/jdk.mk b/security/coreconf/jdk.mk index 8189808c8..9e0151023 100644 --- a/security/coreconf/jdk.mk +++ b/security/coreconf/jdk.mk @@ -118,7 +118,7 @@ ifeq ($(OS_ARCH), WINNT) endif # set [Sun Solaris] platforms -ifeq ($(OS_ARCH), SunOS) +ifeq ($(OS_TARGET), SunOS) JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip ifeq ($(JRE_HOME),) @@ -139,11 +139,7 @@ ifeq ($(OS_ARCH), SunOS) INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH) # (3) specify "linker" information -ifeq ($(USE_64), 1) - JAVA_CPU = $(shell uname -p)v9 -else JAVA_CPU = $(shell uname -p) -endif ifeq ($(JDK_VERSION), 1.1) JAVA_LIBDIR = lib/$(JAVA_CPU) @@ -157,11 +153,7 @@ endif JAVA_CLIBS = -lthread ifneq ($(JDK_VERSION), 1.1) -ifeq ($(USE_64), 1) - JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/server -else JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/classic -endif JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR) JAVA_LIBS += -ljvm -ljava else @@ -176,7 +168,7 @@ endif endif # set [Hewlett Packard HP-UX] platforms -ifeq ($(OS_ARCH), HP-UX) +ifeq ($(OS_TARGET), HP-UX) JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip ifeq ($(JRE_HOME),) @@ -215,7 +207,7 @@ ifeq ($(OS_ARCH), HP-UX) endif # set [Redhat Linux] platforms -ifeq ($(OS_ARCH), Linux) +ifeq ($(OS_TARGET), Linux) JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip ifeq ($(JRE_HOME),) @@ -243,11 +235,7 @@ ifeq ($(OS_ARCH), Linux) JAVA_CLIBS = JAVA_LIBS = -L$(JAVA_HOME)/$(JAVA_LIBDIR)/$(JDK_THREADING_MODEL) -lhpi - ifeq ($(JDK_VERSION), 1.4) - JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/server -ljvm - else - JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/classic -ljvm - endif + JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR)/classic -ljvm JAVA_LIBS += -L$(JAVA_HOME)/$(JAVA_LIBDIR) -ljava JAVA_LIBS += $(JAVA_CLIBS) @@ -258,7 +246,7 @@ ifeq ($(OS_ARCH), Linux) endif # set [IBM AIX] platforms -ifeq ($(OS_ARCH), AIX) +ifeq ($(OS_TARGET), AIX) JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip ifeq ($(JRE_HOME),) @@ -297,7 +285,7 @@ ifeq ($(OS_ARCH), AIX) endif # set [Digital UNIX] platforms -ifeq ($(OS_ARCH), OSF1) +ifeq ($(OS_TARGET), OSF1) JAVA_CLASSES = $(JAVA_HOME)/lib/classes.zip ifeq ($(JRE_HOME),) @@ -336,7 +324,7 @@ ifeq ($(OS_ARCH), OSF1) endif # set [Silicon Graphics IRIX] platforms -ifeq ($(OS_ARCH), IRIX) +ifeq ($(OS_TARGET), IRIX) JAVA_CLASSES = $(JAVA_HOME)/lib/dev.jar:$(JAVA_HOME)/lib/rt.jar ifeq ($(JRE_HOME),) @@ -408,9 +396,6 @@ ifeq ($(JDK_CLASSPATH_OPT),) JDK_CLASSPATH_OPT = -classpath $(JDK_CLASSPATH) endif -ifeq ($(USE_64), 1) - JDK_USE_64 = -d64 -endif endif @@ -452,7 +437,6 @@ ifeq ($(JAVA),) JAVA_FLAGS += $(JDK_DEBUG_OPT) JAVA_FLAGS += $(JDK_CLASSPATH_OPT) JAVA_FLAGS += $(JDK_JIT_OPT) - JAVA_FLAGS += $(JDK_USE_64) JAVA = $(JAVA_PROG) $(JAVA_FLAGS) endif @@ -467,7 +451,6 @@ ifeq ($(JAVAC),) JAVAC_FLAGS += $(JDK_DEBUG_OPT) JAVAC_FLAGS += $(JDK_CLASSPATH_OPT) JAVAC_FLAGS += $(JDK_CLASS_REPOSITORY_OPT) - JAVAC_FLAGS += $(JDK_USE_64) JAVAC = $(JAVAC_PROG) $(JAVAC_FLAGS) endif diff --git a/security/coreconf/rules.mk b/security/coreconf/rules.mk index c53c1ffc5..76043627a 100644 --- a/security/coreconf/rules.mk +++ b/security/coreconf/rules.mk @@ -364,11 +364,6 @@ endif ifeq ($(OS_TARGET),OpenVMS) @echo "`translate $@`" > $(@:$(DLL_SUFFIX)=vms) endif -ifeq ($(OS_TARGET),Darwin) -ifdef MAPFILE - nmedit -s $(MAPFILE) $@ -endif -endif endif endif diff --git a/security/dbm/Makefile b/security/dbm/Makefile deleted file mode 100644 index 34cd6d899..000000000 --- a/security/dbm/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -coreconf_hack: - cd ../coreconf; gmake - gmake import - -RelEng_bld: coreconf_hack - gmake diff --git a/security/dbm/config/config.mk b/security/dbm/config/config.mk deleted file mode 100644 index 753364931..000000000 --- a/security/dbm/config/config.mk +++ /dev/null @@ -1,67 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# -# These macros are defined by mozilla's configure script. -# We define them manually here. -# - -DEFINES += -DSTDC_HEADERS -DHAVE_STRERROR - -# -# Most platforms have snprintf, so it's simpler to list the exceptions. -# -HAVE_SNPRINTF = 1 -# -# OSF1 V4.0D doesn't have snprintf but V5.0A does. -# -ifeq ($(OS_TARGET)$(OS_RELEASE),OSF1V4.0D) -HAVE_SNPRINTF = -endif -ifdef HAVE_SNPRINTF -DEFINES += -DHAVE_SNPRINTF -endif - -ifeq (,$(filter-out IRIX Linux,$(OS_TARGET))) -DEFINES += -DHAVE_SYS_CDEFS_H -endif - -ifeq (,$(filter-out DGUX NCR ReliantUNIX SCO_SV SCOOS UNIXWARE,$(OS_TARGET))) -DEFINES += -DHAVE_SYS_BYTEORDER_H -endif - -# -# None of the platforms that we are interested in need to -# define HAVE_MEMORY_H. -# diff --git a/security/dbm/include/Makefile b/security/dbm/include/Makefile deleted file mode 100644 index ba4dd8ddf..000000000 --- a/security/dbm/include/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - diff --git a/security/dbm/include/manifest.mn b/security/dbm/include/manifest.mn deleted file mode 100644 index 886fedd98..000000000 --- a/security/dbm/include/manifest.mn +++ /dev/null @@ -1,57 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../.. - -VPATH = $(CORE_DEPTH)/../dbm/include - -MODULE = dbm - -EXPORTS = nsres.h \ - cdefs.h \ - mcom_db.h \ - ncompat.h \ - winfile.h \ - $(NULL) - -PRIVATE_EXPORTS = hsearch.h \ - page.h \ - extern.h \ - ndbm.h \ - queue.h \ - hash.h \ - mpool.h \ - search.h \ - $(NULL) - diff --git a/security/dbm/manifest.mn b/security/dbm/manifest.mn deleted file mode 100644 index 11f4f4237..000000000 --- a/security/dbm/manifest.mn +++ /dev/null @@ -1,45 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = .. - -MODULE = dbm - -IMPORTS = nspr20/v4.1.2 - -RELEASE = dbm - -DIRS = include \ - src \ - $(NULL) diff --git a/security/dbm/src/Makefile b/security/dbm/src/Makefile deleted file mode 100644 index 8fce98394..000000000 --- a/security/dbm/src/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/dbm/config/config.mk - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - diff --git a/security/dbm/src/config.mk b/security/dbm/src/config.mk deleted file mode 100644 index 370fd75d6..000000000 --- a/security/dbm/src/config.mk +++ /dev/null @@ -1,63 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -DEFINES += -DMEMMOVE -D__DBINTERFACE_PRIVATE $(SECURITY_FLAG) - -INCLUDES += -I$(CORE_DEPTH)/../dbm/include - -# -# Currently, override TARGETS variable so that only static libraries -# are specifed as dependencies within rules.mk. -# - -TARGETS = $(LIBRARY) -SHARED_LIBRARY = -IMPORT_LIBRARY = -PURE_LIBRARY = -PROGRAM = - -ifdef SHARED_LIBRARY - ifeq (,$(filter-out WINNT WIN95 WINCE,$(OS_TARGET))) # list omits WIN16 - DLLBASE=/BASE:0x30000000 - RES=$(OBJDIR)/dbm.res - RESNAME=../include/dbm.rc - endif - ifeq ($(DLL_SUFFIX),dll) - DEFINES += -D_DLL - endif -endif - -ifeq ($(OS_TARGET),AIX) - OS_LIBS += -lc_r -endif diff --git a/security/dbm/src/dirent.c b/security/dbm/src/dirent.c deleted file mode 100644 index 001a48c5c..000000000 --- a/security/dbm/src/dirent.c +++ /dev/null @@ -1,348 +0,0 @@ -#ifdef OS2 - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <ctype.h> - -#include <dirent.h> -#include <errno.h> - -/*#ifndef __EMX__ -#include <libx.h> -#endif */ - -#define INCL_DOSFILEMGR -#define INCL_DOSERRORS -#include <os2.h> - -#if OS2 >= 2 -# define FFBUF FILEFINDBUF3 -# define Word ULONG - /* - * LS20 recommends a request count of 100, but according to the - * APAR text it does not lead to missing files, just to funny - * numbers of returned entries. - * - * LS30 HPFS386 requires a count greater than 2, or some files - * are missing (those starting with a character less that '.'). - * - * Novell looses entries which overflow the buffer. In previous - * versions of dirent2, this could have lead to missing files - * when the average length of 100 directory entries was 40 bytes - * or more (quite unlikely for files on a Novell server). - * - * Conclusion: Make sure that the entries all fit into the buffer - * and that the buffer is large enough for more than 2 entries - * (each entry is at most 300 bytes long). And ignore the LS20 - * effect. - */ -# define Count 25 -# define BufSz (25 * (sizeof(FILEFINDBUF3)+1)) -#else -# define FFBUF FILEFINDBUF -# define Word USHORT -# define BufSz 1024 -# define Count 3 -#endif - -#if defined(__IBMC__) || defined(__IBMCPP__) - #define error(rc) _doserrno = rc, errno = EOS2ERR -#elif defined(MICROSOFT) - #define error(rc) _doserrno = rc, errno = 255 -#else - #define error(rc) errno = 255 -#endif - -struct _dirdescr { - HDIR handle; /* DosFindFirst handle */ - char fstype; /* filesystem type */ - Word count; /* valid entries in <ffbuf> */ - long number; /* absolute number of next entry */ - int index; /* relative number of next entry */ - FFBUF * next; /* pointer to next entry */ - char name[MAXPATHLEN+3]; /* directory name */ - unsigned attrmask; /* attribute mask for seekdir */ - struct dirent entry; /* buffer for directory entry */ - BYTE ffbuf[BufSz]; -}; - -/* - * Return first char of filesystem type, or 0 if unknown. - */ -static char -getFSType(const char *path) -{ - static char cache[1+26]; - char drive[3], info[512]; - Word unit, infolen; - char r; - - if (isalpha(path[0]) && path[1] == ':') { - unit = toupper(path[0]) - '@'; - path += 2; - } else { - ULONG driveMap; -#if OS2 >= 2 - if (DosQueryCurrentDisk(&unit, &driveMap)) -#else - if (DosQCurDisk(&unit, &driveMap)) -#endif - return 0; - } - - if ((path[0] == '\\' || path[0] == '/') - && (path[1] == '\\' || path[1] == '/')) - return 0; - - if (cache [unit]) - return cache [unit]; - - drive[0] = '@' + unit; - drive[1] = ':'; - drive[2] = '\0'; - infolen = sizeof info; -#if OS2 >= 2 - if (DosQueryFSAttach(drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen)) - return 0; - if (infolen >= sizeof(FSQBUFFER2)) { - FSQBUFFER2 *p = (FSQBUFFER2 *)info; - r = p->szFSDName[p->cbName]; - } else -#else - if (DosQFSAttach((PSZ)drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen, 0)) - return 0; - if (infolen >= 9) { - char *p = info + sizeof(USHORT); - p += sizeof(USHORT) + *(USHORT *)p + 1 + sizeof(USHORT); - r = *p; - } else -#endif - r = 0; - return cache [unit] = r; -} - -char * -abs_path(const char *name, char *buffer, int len) -{ - char buf[4]; - if (isalpha(name[0]) && name[1] == ':' && name[2] == '\0') { - buf[0] = name[0]; - buf[1] = name[1]; - buf[2] = '.'; - buf[3] = '\0'; - name = buf; - } -#if OS2 >= 2 - if (DosQueryPathInfo((PSZ)name, FIL_QUERYFULLNAME, buffer, len)) -#else - if (DosQPathInfo((PSZ)name, FIL_QUERYFULLNAME, (PBYTE)buffer, len, 0L)) -#endif - return NULL; - return buffer; -} - -DIR * -openxdir(const char *path, unsigned att_mask) -{ - DIR *dir; - char name[MAXPATHLEN+3]; - Word rc; - - dir = malloc(sizeof(DIR)); - if (dir == NULL) { - errno = ENOMEM; - return NULL; - } - - strncpy(name, path, MAXPATHLEN); - name[MAXPATHLEN] = '\0'; - switch (name[strlen(name)-1]) { - default: - strcat(name, "\\"); - case '\\': - case '/': - case ':': - ; - } - strcat(name, "."); - if (!abs_path(name, dir->name, MAXPATHLEN+1)) - strcpy(dir->name, name); - if (dir->name[strlen(dir->name)-1] == '\\') - strcat(dir->name, "*"); - else - strcat(dir->name, "\\*"); - - dir->fstype = getFSType(dir->name); - dir->attrmask = att_mask | A_DIR; - - dir->handle = HDIR_CREATE; - dir->count = 100; -#if OS2 >= 2 - rc = DosFindFirst(dir->name, &dir->handle, dir->attrmask, - dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD); -#else - rc = DosFindFirst((PSZ)dir->name, &dir->handle, dir->attrmask, - (PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0); -#endif - switch (rc) { - default: - free(dir); - error(rc); - return NULL; - case NO_ERROR: - case ERROR_NO_MORE_FILES: - ; - } - - dir->number = 0; - dir->index = 0; - dir->next = (FFBUF *)dir->ffbuf; - - return (DIR *)dir; -} - -DIR * -opendir(const char *pathname) -{ - return openxdir(pathname, 0); -} - -struct dirent * -readdir(DIR *dir) -{ - static int dummy_ino = 2; - - if (dir->index == dir->count) { - Word rc; - dir->count = 100; -#if OS2 >= 2 - rc = DosFindNext(dir->handle, dir->ffbuf, - sizeof dir->ffbuf, &dir->count); -#else - rc = DosFindNext(dir->handle, (PFILEFINDBUF)dir->ffbuf, - sizeof dir->ffbuf, &dir->count); -#endif - if (rc) { - error(rc); - return NULL; - } - - dir->index = 0; - dir->next = (FFBUF *)dir->ffbuf; - } - - if (dir->index == dir->count) - return NULL; - - memcpy(dir->entry.d_name, dir->next->achName, dir->next->cchName); - dir->entry.d_name[dir->next->cchName] = '\0'; - dir->entry.d_ino = dummy_ino++; - dir->entry.d_reclen = dir->next->cchName; - dir->entry.d_namlen = dir->next->cchName; - dir->entry.d_size = dir->next->cbFile; - dir->entry.d_attribute = dir->next->attrFile; - dir->entry.d_time = *(USHORT *)&dir->next->ftimeLastWrite; - dir->entry.d_date = *(USHORT *)&dir->next->fdateLastWrite; - - switch (dir->fstype) { - case 'F': /* FAT */ - case 'C': /* CDFS */ - if (dir->next->attrFile & FILE_DIRECTORY) - strupr(dir->entry.d_name); - else - strlwr(dir->entry.d_name); - } - -#if OS2 >= 2 - dir->next = (FFBUF *)((BYTE *)dir->next + dir->next->oNextEntryOffset); -#else - dir->next = (FFBUF *)((BYTE *)dir->next->achName + dir->next->cchName + 1); -#endif - ++dir->number; - ++dir->index; - - return &dir->entry; -} - -long -telldir(DIR *dir) -{ - return dir->number; -} - -void -seekdir(DIR *dir, long off) -{ - if (dir->number > off) { - char name[MAXPATHLEN+2]; - Word rc; - - DosFindClose(dir->handle); - - strcpy(name, dir->name); - strcat(name, "*"); - - dir->handle = HDIR_CREATE; - dir->count = 32767; -#if OS2 >= 2 - rc = DosFindFirst(name, &dir->handle, dir->attrmask, - dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD); -#else - rc = DosFindFirst((PSZ)name, &dir->handle, dir->attrmask, - (PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0); -#endif - switch (rc) { - default: - error(rc); - return; - case NO_ERROR: - case ERROR_NO_MORE_FILES: - ; - } - - dir->number = 0; - dir->index = 0; - dir->next = (FFBUF *)dir->ffbuf; - } - - while (dir->number < off && readdir(dir)) - ; -} - -void -closedir(DIR *dir) -{ - DosFindClose(dir->handle); - free(dir); -} - -/*****************************************************************************/ - -#ifdef TEST - -main(int argc, char **argv) -{ - int i; - DIR *dir; - struct dirent *ep; - - for (i = 1; i < argc; ++i) { - dir = opendir(argv[i]); - if (!dir) - continue; - while (ep = readdir(dir)) - if (strchr("\\/:", argv[i] [strlen(argv[i]) - 1])) - printf("%s%s\n", argv[i], ep->d_name); - else - printf("%s/%s\n", argv[i], ep->d_name); - closedir(dir); - } - - return 0; -} - -#endif - -#endif /* OS2 */ - diff --git a/security/dbm/src/dirent.h b/security/dbm/src/dirent.h deleted file mode 100644 index 07a6c0ac8..000000000 --- a/security/dbm/src/dirent.h +++ /dev/null @@ -1,97 +0,0 @@ -#ifndef __DIRENT_H__ -#define __DIRENT_H__ -/* - * @(#)msd_dir.h 1.4 87/11/06 Public Domain. - * - * A public domain implementation of BSD directory routines for - * MS-DOS. Written by Michael Rendell ({uunet,utai}michael@garfield), - * August 1897 - * - * Extended by Peter Lim (lim@mullian.oz) to overcome some MS DOS quirks - * and returns 2 more pieces of information - file size & attribute. - * Plus a little reshuffling of some #define's positions December 1987 - * - * Some modifications by Martin Junius 02-14-89 - * - * AK900712 - * AK910410 abs_path - make absolute path - * - */ - -#ifdef __EMX__ -#include <sys/param.h> -#else -#if defined(__IBMC__) || defined(__IBMCPP__) || defined(XP_W32_MSVC) -#include <stdio.h> -#ifdef MAXPATHLEN - #undef MAXPATHLEN -#endif -#define MAXPATHLEN (FILENAME_MAX*4) -#define MAXNAMLEN FILENAME_MAX - -#else -#include <param.h> -#endif -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* attribute stuff */ -#ifndef A_RONLY -# define A_RONLY 0x01 -# define A_HIDDEN 0x02 -# define A_SYSTEM 0x04 -# define A_LABEL 0x08 -# define A_DIR 0x10 -# define A_ARCHIVE 0x20 -#endif - -struct dirent { -#if defined(OS2) || defined(WIN32) /* use the layout of EMX to avoid trouble */ - int d_ino; /* Dummy */ - int d_reclen; /* Dummy, same as d_namlen */ - int d_namlen; /* length of name */ - char d_name[MAXNAMLEN + 1]; - unsigned long d_size; - unsigned short d_attribute; /* attributes (see above) */ - unsigned short d_time; /* modification time */ - unsigned short d_date; /* modification date */ -#else - char d_name[MAXNAMLEN + 1]; /* garentee null termination */ - char d_attribute; /* .. extension .. */ - unsigned long d_size; /* .. extension .. */ -#endif -}; - -typedef struct _dirdescr DIR; -/* the structs do not have to be defined here */ - -extern DIR *opendir(const char *); -extern DIR *openxdir(const char *, unsigned); -extern struct dirent *readdir(DIR *); -extern void seekdir(DIR *, long); -extern long telldir(DIR *); -extern void closedir(DIR *); -#define rewinddir(dirp) seekdir(dirp, 0L) - -extern char * abs_path(const char *name, char *buffer, int len); - -#ifndef S_IFMT -#define S_IFMT ( S_IFDIR | S_IFREG ) -#endif - -#ifndef S_ISDIR -#define S_ISDIR( m ) (((m) & S_IFMT) == S_IFDIR) -#endif - -#ifndef S_ISREG -#define S_ISREG( m ) (((m) & S_IFMT) == S_IFREG) -#endif - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/security/dbm/src/manifest.mn b/security/dbm/src/manifest.mn deleted file mode 100644 index 80f2abfd0..000000000 --- a/security/dbm/src/manifest.mn +++ /dev/null @@ -1,61 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../.. - -VPATH = $(CORE_DEPTH)/../dbm/src - -MODULE = dbm - -# -# memmove.c, snprintf.c, and strerror.c are not in CSRCS because -# the Standard C Library has memmove and strerror and DBM is not -# using snprintf. -# - -CSRCS = db.c \ - h_bigkey.c \ - h_func.c \ - h_log2.c \ - h_page.c \ - hash.c \ - hash_buf.c \ - hsearch.c \ - mktemp.c \ - ndbm.c \ - nsres.c \ - dirent.c \ - $(NULL) - -LIBRARY_NAME = dbm diff --git a/security/dbm/tests/Makefile b/security/dbm/tests/Makefile deleted file mode 100644 index fe132e19c..000000000 --- a/security/dbm/tests/Makefile +++ /dev/null @@ -1,69 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -DEPTH = ../.. -CORE_DEPTH = ../.. - -VPATH = $(CORE_DEPTH)/../dbm/tests - -MODULE = dbm - -CSRCS = lots.c - -PROGRAM = lots - -include $(DEPTH)/coreconf/config.mk - -include $(DEPTH)/dbm/config/config.mk - -ifeq (,$(filter-out WIN%,$(OS_TARGET))) -LIBDBM = ../src/$(PLATFORM)/dbm$(STATIC_LIB_SUFFIX) -else -LIBDBM = ../src/$(PLATFORM)/libdbm$(STATIC_LIB_SUFFIX) -endif - -INCLUDES += -I$(CORE_DEPTH)/../dbm/include - -LDFLAGS = $(LDOPTS) $(LIBDBM) - -include $(DEPTH)/coreconf/rules.mk - -lots.pure: lots - purify $(CC) -o lots.pure $(CFLAGS) $(OBJS) $(MYLIBS) - -crash: crash.o $(MYLIBS) - $(CC) -o crash $(CFLAGS) $^ - -crash.pure: crash.o $(MYLIBS) - purify $(CC) -o crash.pure $(CFLAGS) $^ - diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index 0d7caafe5..3b89e394e 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -695,22 +695,22 @@ ValidateCert(CERTCertDBHandle *handle, char *name, char *date, SECStatus rv; CERTCertificate *cert = NULL; int64 timeBoundary; - SECCertificateUsage usage; + SECCertUsage usage; CERTVerifyLog reallog; CERTVerifyLog *log = NULL; switch (*certUsage) { case 'C': - usage = certificateUsageSSLClient; + usage = certUsageSSLClient; break; case 'V': - usage = certificateUsageSSLServer; + usage = certUsageSSLServer; break; case 'S': - usage = certificateUsageEmailSigner; + usage = certUsageEmailSigner; break; case 'R': - usage = certificateUsageEmailRecipient; + usage = certUsageEmailRecipient; break; default: PORT_SetError (SEC_ERROR_INVALID_ARGS); @@ -747,8 +747,8 @@ ValidateCert(CERTCertDBHandle *handle, char *name, char *date, } } - rv = CERT_VerifyCertificate(handle, cert, checkSig, usage, - timeBoundary, pwdata, log, &usage); + rv = CERT_VerifyCert(handle, cert, checkSig, usage, + timeBoundary, pwdata, log); if ( log ) { if ( log->head == NULL ) { fprintf(stdout, "%s: certificate is valid\n", progName); diff --git a/security/nss/cmd/modutil/README.TXT b/security/nss/cmd/modutil/README.TXT new file mode 100644 index 000000000..279e3ebe6 --- /dev/null +++ b/security/nss/cmd/modutil/README.TXT @@ -0,0 +1,7 @@ + CRYPTOGRAPHIC MODULE UTILITY (modutil)
+ VERSION 1.0
+ ===============================================
+
+The file specification.html documentats the software.
+
+The file pk11jar.html documents the PKCS #11 JAR format.
diff --git a/security/nss/cmd/signtool/README.TXT b/security/nss/cmd/signtool/README.TXT new file mode 100644 index 000000000..db79ec992 --- /dev/null +++ b/security/nss/cmd/signtool/README.TXT @@ -0,0 +1,119 @@ + Signing Tool (signtool)
+ 1.3 Release Notes
+ ========================================
+
+Documentation is provided online at mozilla.org
+
+Problems or questions not covered by the online documentation can be
+discussed in the DevEdge Security Newsgroup.
+
+=== New Features in 1.3
+=======================
+
+The security library components have been upgraded to utilize NSS_2_7_1_RTM.
+This means that the maximum RSA keysize now supported should be 4096 bits.
+
+=== Zigbert 0.6 Support
+=======================
+This program was previously named Zigbert. The last version of zigbert
+was Zigbert 0.6. Because all the functionality of Zigbert is maintained in
+signtool 1.2, Zigbert is no longer supported. If you have problems
+using Zigbert, please upgrade to signtool 1.2.
+
+=== New Features in 1.2
+=======================
+
+Certificate Generation Improvements
+-----------------------------------
+Two new options have been added to control generation of self-signed object
+signing certificates with the -G option. The -s option takes the size (in bits)
+of the generated RSA private key. The -t option takes the name of the PKCS #11
+token on which to generate the keypair and install the certificate. Both
+options are optional. By default, the private key is 1024 bits and is generated
+on the internal software token.
+
+
+=== New Features in 1.1
+=======================
+
+File I/O
+--------
+Signtool can now read its options from a command file specified with the -f
+option on the command line. The format for the file is described in the
+documentation.
+Error messages and informational output can be redirected to an output file
+by supplying the "--outfile" option on the command line or the "outfile="
+option in the command file.
+
+New Options
+-----------
+"--norecurse" tells Signtool not to recurse into subdirectories when signing
+directories or parsing HTML with the -J option.
+"--leavearc" tells Signtool not to delete the temporary .arc directories
+produced by the -J option. This can aid debugging.
+"--verbosity" tells Signtool how much information to display. 0 is the
+default. -1 suppresses most messages, except for errors.
+
+=== Bug Fixes in 1.1
+====================
+
+-J option revamped
+------------------
+The -J option, which parses HTML files, extracts Java and Javascript code,
+and stores them in signed JAR files, has been re-implemented. Several bugs
+have been fixed:
+- CODEBASE attribute is no longer ignored
+- CLASS and SRC attributes can be be paths ("xxx/xxx/x.class") rather than
+ just filenames ("x.class").
+- LINK tags are handled correctly
+- various HTML parsing bugs fixed
+- error messages are more informative
+
+No Password on Key Database
+---------------------------
+If you had not yet set a Communicator password (which locks key3.db, the
+key database), signtool would fail with a cryptic error message whenever it
+attempted to verify the password. Now this condition is detected at the
+beginning of the program, and a more informative message is displayed.
+
+-x and -e Options
+-----------------
+Previously, only one of each of these options could be specified on the command
+line. Now arbitrarily many can be specified. For example, to sign only files
+with .class or .js extensions, the arguments "-eclass -ejs" could both be
+specified. To exclude the directories "subdir1" and "subdir2" from signing,
+the arguments "-x subdir1 -x subdir2" could both be specified.
+
+New Features in 1.0
+===================
+
+Creation of JAR files
+----------------------
+The -Z option causes signtool to output a JAR file formed by storing the
+signed archive in ZIP format. This eliminates the need to use a separate ZIP
+utility. The -c option specifies the compression level of the resulting
+JAR file.
+
+Generation of Object-Signing Certificates and Keys
+--------------------------------------------------
+The -G option will create a new, self-signed object-signing certificate
+which can be used for testing purposes. The generated certificate and
+associated public and private keys will be installed in the cert7.db and
+key3.db files in the directory specified with the -d option (unless the key
+is generated on an external token using the -t option). On Unix systems,
+if no directory is specified, the user's Netscape directory (~/.netscape)
+will be used. In addition, the certificate is output in X509 format to the
+files x509.raw and x509.cacert in the current directory. x509.cacert can
+be published on a web page and imported into browsers that visit that page.
+
+Extraction and Signing of JavaScript from HTML
+----------------------------------------------
+The -J option activates the same functionality provided by the signpages
+Perl script. It will parse a directory of html files, creating archives
+of the JavaScript called from the HTML. These archives are then signed and
+made into JAR files.
+
+Enhanced Smart Card Support
+---------------------------
+Certificates that reside on smart cards are displayed when using the -L and
+-l options.
diff --git a/security/nss/cmd/tests/Makefile b/security/nss/cmd/tests/Makefile deleted file mode 100644 index da66e20df..000000000 --- a/security/nss/cmd/tests/Makefile +++ /dev/null @@ -1,73 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### -include ../platlibs.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - -include ../platrules.mk diff --git a/security/nss/cmd/tests/manifest.mn b/security/nss/cmd/tests/manifest.mn deleted file mode 100644 index 528cc7678..000000000 --- a/security/nss/cmd/tests/manifest.mn +++ /dev/null @@ -1,50 +0,0 @@ -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../../.. - -# MODULE public and private header directories are implicitly REQUIRED. -MODULE = security - -CSRCS = vercrt.c \ - vercrtfps.c - -# The MODULE is always implicitly required. -# Listing it here in REQUIRES makes it appear twice in the cc command line. -REQUIRES = dbm seccmd - -PROGRAMS = $(CSRCS:.c=) - -TARGETS = $(PROGRAMS) - -NO_MD_RELEASE = 1 diff --git a/security/nss/lib/dev/devobject.c b/security/nss/lib/dev/devobject.c new file mode 100644 index 000000000..7818cac93 --- /dev/null +++ b/security/nss/lib/dev/devobject.c @@ -0,0 +1,1139 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; +#endif /* DEBUG */ + +#ifndef DEV_H +#include "dev.h" +#endif /* DEV_H */ + +#ifndef DEVM_H +#include "devm.h" +#endif /* DEVM_H */ + +#ifndef NSSCKEPV_H +#include "nssckepv.h" +#endif /* NSSCKEPV_H */ + +#ifndef CKHELPER_H +#include "ckhelper.h" +#endif /* CKHELPER_H */ + +#ifndef BASE_H +#include "base.h" +#endif /* BASE_H */ + +/* XXX */ +#ifndef PKI_H +#include "pki.h" +#endif /* PKI_H */ + +/* XXX */ +#ifndef NSSPKI_H +#include "nsspki.h" +#endif /* NSSPKI_H */ + +#ifdef NSS_3_4_CODE +#include "pkim.h" /* for cert decoding */ +#include "pk11func.h" /* for PK11_HasRootCerts */ +#include "pki3hack.h" /* for STAN_ForceCERTCertificateUpdate */ +#endif + +/* The number of object handles to grab during each call to C_FindObjects */ +#define OBJECT_STACK_SIZE 16 + +NSS_IMPLEMENT PRStatus +nssToken_DeleteStoredObject +( + nssCryptokiInstance *instance +) +{ + CK_RV ckrv; + PRStatus nssrv; + PRBool createdSession = PR_FALSE; + NSSToken *token = instance->token; + void *epv = token->epv; + nssSession *session = NULL; + if (nssCKObject_IsAttributeTrue(instance->handle, CKA_TOKEN, + token->defaultSession, + token->slot, &nssrv)) { + if (nssSession_IsReadWrite(token->defaultSession)) { + session = token->defaultSession; + } else { + session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE); + createdSession = PR_TRUE; + } + } + if (session == NULL) { + return PR_FAILURE; + } + nssSession_EnterMonitor(session); + ckrv = CKAPI(epv)->C_DestroyObject(session->handle, instance->handle); + nssSession_ExitMonitor(session); + if (createdSession) { + nssSession_Destroy(session); + } + if (ckrv != CKR_OK) { + return PR_FAILURE; + } + return PR_SUCCESS; +} + +static CK_OBJECT_HANDLE +import_object +( + NSSToken *tok, + nssSession *sessionOpt, + CK_ATTRIBUTE_PTR objectTemplate, + CK_ULONG otsize +) +{ + nssSession *session = NULL; + PRBool createdSession = PR_FALSE; + void *epv = tok->epv; + CK_OBJECT_HANDLE object; + CK_RV ckrv; + if (nssCKObject_IsTokenObjectTemplate(objectTemplate, otsize)) { + if (sessionOpt) { + if (!nssSession_IsReadWrite(sessionOpt)) { + return CK_INVALID_HANDLE; + } else { + session = sessionOpt; + } + } else if (nssSession_IsReadWrite(tok->defaultSession)) { + session = tok->defaultSession; + } else { + session = nssSlot_CreateSession(tok->slot, NULL, PR_TRUE); + createdSession = PR_TRUE; + } + } else { + session = (sessionOpt) ? sessionOpt : tok->defaultSession; + } + if (session == NULL) { + return CK_INVALID_HANDLE; + } + nssSession_EnterMonitor(session); + ckrv = CKAPI(epv)->C_CreateObject(session->handle, + objectTemplate, otsize, + &object); + nssSession_ExitMonitor(session); + if (createdSession) { + nssSession_Destroy(session); + } + if (ckrv != CKR_OK) { + return CK_INVALID_HANDLE; + } + return object; +} + +static CK_OBJECT_HANDLE +find_object_by_template +( + NSSToken *tok, + nssSession *sessionOpt, + CK_ATTRIBUTE_PTR cktemplate, + CK_ULONG ctsize +) +{ + CK_SESSION_HANDLE hSession; + CK_OBJECT_HANDLE rvObject = CK_INVALID_HANDLE; + CK_ULONG count = 0; + CK_RV ckrv; + void *epv = tok->epv; + nssSession *session; + session = (sessionOpt) ? sessionOpt : tok->defaultSession; + hSession = session->handle; + nssSession_EnterMonitor(session); + ckrv = CKAPI(epv)->C_FindObjectsInit(hSession, cktemplate, ctsize); + if (ckrv != CKR_OK) { + nssSession_ExitMonitor(session); + return CK_INVALID_HANDLE; + } + ckrv = CKAPI(epv)->C_FindObjects(hSession, &rvObject, 1, &count); + if (ckrv != CKR_OK) { + nssSession_ExitMonitor(session); + return CK_INVALID_HANDLE; + } + ckrv = CKAPI(epv)->C_FindObjectsFinal(hSession); + nssSession_ExitMonitor(session); + if (ckrv != CKR_OK) { + return CK_INVALID_HANDLE; + } + return rvObject; +} + +static PRStatus +traverse_objects_by_template +( + NSSToken *tok, + nssSession *sessionOpt, + CK_ATTRIBUTE_PTR obj_template, + CK_ULONG otsize, + PRStatus (*callback)(NSSToken *t, nssSession *session, + CK_OBJECT_HANDLE h, void *arg), + void *arg +) +{ + NSSSlot *slot; + PRStatus cbrv; + PRUint32 i; + CK_RV ckrv; + CK_ULONG count; + CK_OBJECT_HANDLE *objectStack; + CK_OBJECT_HANDLE startOS[OBJECT_STACK_SIZE]; + CK_SESSION_HANDLE hSession; + NSSArena *objectArena = NULL; + nssSession *session; + nssList *objectList = NULL; + int objectStackSize = OBJECT_STACK_SIZE; + void *epv = tok->epv; + slot = tok->slot; + objectStack = startOS; + session = (sessionOpt) ? sessionOpt : tok->defaultSession; + hSession = session->handle; + nssSession_EnterMonitor(session); + ckrv = CKAPI(epv)->C_FindObjectsInit(hSession, obj_template, otsize); + if (ckrv != CKR_OK) { + nssSession_ExitMonitor(session); + goto loser; + } + while (PR_TRUE) { + ckrv = CKAPI(epv)->C_FindObjects(hSession, objectStack, + objectStackSize, &count); + if (ckrv != CKR_OK) { + nssSession_ExitMonitor(session); + goto loser; + } + if (count == objectStackSize) { + if (!objectList) { + objectArena = NSSArena_Create(); + objectList = nssList_Create(objectArena, PR_FALSE); + } + nssList_Add(objectList, objectStack); + objectStackSize = objectStackSize * 2; + objectStack = nss_ZNEWARRAY(objectArena, CK_OBJECT_HANDLE, + objectStackSize); + if (objectStack == NULL) { + count =0; + break; + /* return what we can */ + } + } else { + break; + } + } + ckrv = CKAPI(epv)->C_FindObjectsFinal(hSession); + nssSession_ExitMonitor(session); + if (ckrv != CKR_OK) { + goto loser; + } + if (objectList) { + nssListIterator *objects; + CK_OBJECT_HANDLE *localStack; + objects = nssList_CreateIterator(objectList); + objectStackSize = OBJECT_STACK_SIZE; + for (localStack = (CK_OBJECT_HANDLE *)nssListIterator_Start(objects); + localStack != NULL; + localStack = (CK_OBJECT_HANDLE *)nssListIterator_Next(objects)) { + for (i=0; i< objectStackSize; i++) { + cbrv = (*callback)(tok, session, localStack[i], arg); + } + objectStackSize = objectStackSize * 2; + } + nssListIterator_Finish(objects); + nssListIterator_Destroy(objects); + } + for (i=0; i<count; i++) { + cbrv = (*callback)(tok, session, objectStack[i], arg); + } + if (objectArena) + NSSArena_Destroy(objectArena); + return PR_SUCCESS; +loser: + if (objectArena) + NSSArena_Destroy(objectArena); + return PR_FAILURE; +} + +static nssCryptokiInstance * +create_cryptoki_instance +( + NSSArena *arena, + NSSToken *t, + CK_OBJECT_HANDLE h, + PRBool isTokenObject +) +{ + PRStatus nssrv; + nssCryptokiInstance *instance; + CK_ATTRIBUTE cert_template = { CKA_LABEL, NULL, 0 }; + nssrv = nssCKObject_GetAttributes(h, &cert_template, 1, + arena, t->defaultSession, t->slot); + if (nssrv != PR_SUCCESS) { + /* a failure here indicates a device error */ + return NULL; + } + instance = nss_ZNEW(arena, nssCryptokiInstance); + if (!instance) { + return NULL; + } + instance->handle = h; + instance->token = t; + instance->isTokenObject = isTokenObject; + NSS_CK_ATTRIBUTE_TO_UTF8(&cert_template, instance->label); + return instance; +} + +#ifdef NSS_3_4_CODE +/* exposing this for the smart card cache code */ +NSS_IMPLEMENT nssCryptokiInstance * +nssCryptokiInstance_Create +( + NSSArena *arena, + NSSToken *t, + CK_OBJECT_HANDLE h, + PRBool isTokenObject +) +{ + return create_cryptoki_instance(arena, t, h, isTokenObject); +} +#endif + +static NSSCertificateType +nss_cert_type_from_ck_attrib(CK_ATTRIBUTE_PTR attrib) +{ + CK_CERTIFICATE_TYPE ckCertType; + if (!attrib->pValue) { + /* default to PKIX */ + return NSSCertificateType_PKIX; + } + ckCertType = *((CK_ULONG *)attrib->pValue); + switch (ckCertType) { + case CKC_X_509: + return NSSCertificateType_PKIX; + default: + break; + } + return NSSCertificateType_Unknown; +} + +/* Create a certificate from an object handle. */ +static NSSCertificate * +get_token_cert +( + NSSToken *token, + nssSession *sessionOpt, + CK_OBJECT_HANDLE handle +) +{ + NSSCertificate *rvCert; + NSSArena *arena; + nssSession *session; + PRStatus nssrv; + CK_ULONG template_size; + CK_ATTRIBUTE cert_template[] = { + { CKA_CERTIFICATE_TYPE, NULL, 0 }, + { CKA_ID, NULL, 0 }, + { CKA_VALUE, NULL, 0 }, + { CKA_ISSUER, NULL, 0 }, + { CKA_SERIAL_NUMBER, NULL, 0 }, + { CKA_SUBJECT, NULL, 0 }, + { CKA_NETSCAPE_EMAIL, NULL, 0 } + }; + template_size = sizeof(cert_template) / sizeof(cert_template[0]); + session = (sessionOpt) ? sessionOpt : token->defaultSession; + arena = nssArena_Create(); + if (!arena) { + return NULL; + } + rvCert = nss_ZNEW(arena, NSSCertificate); + if (!rvCert) { + NSSArena_Destroy(arena); + return NULL; + } + nssrv = nssPKIObject_Initialize(&rvCert->object, arena, + token->trustDomain, NULL); + if (nssrv != PR_SUCCESS) { + goto loser; + } + nssrv = nssCKObject_GetAttributes(handle, + cert_template, template_size, + arena, session, token->slot); + if (nssrv != PR_SUCCESS) { + goto loser; + } + rvCert->type = nss_cert_type_from_ck_attrib(&cert_template[0]); + NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[1], &rvCert->id); + NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[2], &rvCert->encoding); + NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[3], &rvCert->issuer); + NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[4], &rvCert->serial); + NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[5], &rvCert->subject); + NSS_CK_ATTRIBUTE_TO_UTF8(&cert_template[6], rvCert->email); + /* XXX this would be better accomplished by dividing attributes to + * retrieve into "required" and "optional" + */ + if (rvCert->encoding.size == 0 || + rvCert->issuer.size == 0 || + rvCert->serial.size == 0 || + rvCert->subject.size == 0) + { + /* received a bum object from the token */ + goto loser; + } +#ifdef NSS_3_4_CODE + /* nss 3.4 database doesn't associate email address with cert */ + if (!rvCert->email) { + nssDecodedCert *dc; + NSSASCII7 *email; + dc = nssCertificate_GetDecoding(rvCert); + if (dc) { + email = dc->getEmailAddress(dc); + if (email) + rvCert->email = nssUTF8_Duplicate(email, arena); + } else { + goto loser; + } + } + /* nss 3.4 must deal with tokens that do not follow the PKCS#11 + * standard and return decoded serial numbers. The easiest way to + * work around this is just to grab the serial # from the full encoding + */ + if (PR_TRUE) { + nssDecodedCert *dc; + dc = nssCertificate_GetDecoding(rvCert); + if (dc) { + PRStatus sn_stat; + sn_stat = dc->getDERSerialNumber(dc, &rvCert->serial, arena); + if (sn_stat != PR_SUCCESS) { + goto loser; + } + } else { + goto loser; + } + } +#endif + return rvCert; +loser: + nssPKIObject_Destroy(&rvCert->object); + return (NSSCertificate *)NULL; +} + +NSS_IMPLEMENT PRStatus +nssToken_ImportCertificate +( + NSSToken *tok, + nssSession *sessionOpt, + NSSCertificate *cert, + NSSUTF8 *nickname, + PRBool asTokenObject +) +{ + nssCryptokiInstance *instance; + CK_CERTIFICATE_TYPE cert_type = CKC_X_509; + CK_OBJECT_HANDLE handle; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE cert_tmpl[9]; + CK_ULONG ctsize; + NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize); + if (asTokenObject) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } else { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CERTIFICATE_TYPE, cert_type); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, &cert->id); + NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, &cert->encoding); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, &cert->issuer); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, &cert->subject); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, &cert->serial); + NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize); + /* Import the certificate onto the token */ + handle = import_object(tok, sessionOpt, cert_tmpl, ctsize); + if (handle == CK_INVALID_HANDLE) { + return PR_FAILURE; + } + instance = create_cryptoki_instance(cert->object.arena, + tok, handle, asTokenObject); + if (!instance) { + /* XXX destroy object */ + return PR_FAILURE; + } + nssList_Add(cert->object.instanceList, instance); + /* XXX Fix this! */ + nssListIterator_Destroy(cert->object.instances); + cert->object.instances = nssList_CreateIterator(cert->object.instanceList); + return PR_SUCCESS; +} + +static PRBool +compare_cert_by_encoding(void *a, void *b) +{ + NSSCertificate *c1 = (NSSCertificate *)a; + NSSCertificate *c2 = (NSSCertificate *)b; + return (nssItem_Equal(&c1->encoding, &c2->encoding, NULL)); +} + +static PRStatus +retrieve_cert(NSSToken *t, nssSession *session, CK_OBJECT_HANDLE h, void *arg) +{ + PRStatus nssrv; + PRBool found, inCache; + nssTokenCertSearch *search = (nssTokenCertSearch *)arg; + NSSCertificate *cert = NULL; + nssListIterator *instances; + nssCryptokiInstance *ci; + CK_ATTRIBUTE derValue = { CKA_VALUE, NULL, 0 }; + inCache = PR_FALSE; + if (search->cached) { + NSSCertificate csi; /* a fake cert for indexing */ + nssrv = nssCKObject_GetAttributes(h, &derValue, 1, + NULL, session, t->slot); + NSS_CK_ATTRIBUTE_TO_ITEM(&derValue, &csi.encoding); + cert = (NSSCertificate *)nssList_Get(search->cached, &csi); + nss_ZFreeIf(csi.encoding.data); + } + found = PR_FALSE; + if (cert) { + inCache = PR_TRUE; + nssCertificate_AddRef(cert); + instances = cert->object.instances; + for (ci = (nssCryptokiInstance *)nssListIterator_Start(instances); + ci != (nssCryptokiInstance *)NULL; + ci = (nssCryptokiInstance *)nssListIterator_Next(instances)) + { + /* The builtins token will not return the same handle for objects + * during the lifetime of the token. Thus, assuming the found + * object is the same as the cached object if there is already an + * instance for the token. + */ + if (ci->token == t) { + found = PR_TRUE; + break; + } + } + nssListIterator_Finish(instances); + } else { + cert = get_token_cert(t, session, h); + if (!cert) return PR_FAILURE; + } + if (!found) { + PRBool isTokenObject; + /* XXX this is incorrect if the search is over both types */ + isTokenObject = (search->searchType == nssTokenSearchType_TokenOnly) ? + PR_TRUE : PR_FALSE; + ci = create_cryptoki_instance(cert->object.arena, t, h, isTokenObject); + if (!ci) { + NSSCertificate_Destroy(cert); + return PR_FAILURE; + } + nssList_Add(cert->object.instanceList, ci); + /* XXX Fix this! */ + nssListIterator_Destroy(cert->object.instances); + cert->object.instances = nssList_CreateIterator(cert->object.instanceList); + /* The cert was already discovered. If it was made into a + * CERTCertificate, we need to update it here, because we have found + * another instance of it. This new instance may cause the slot + * and nickname fields of the cert to change. + */ + if (cert->decoding && inCache) { + (void)STAN_ForceCERTCertificateUpdate(cert); + } + } + if (!inCache) { + nssrv = (*search->callback)(cert, search->cbarg); + } else { + nssrv = PR_SUCCESS; /* cached entries already handled */ + } +#ifdef NSS_3_4_CODE + CERT_DestroyCertificate(STAN_GetCERTCertificate(cert)); +#else + NSSCertificate_Destroy(cert); +#endif + + return nssrv; +} + +/* traverse all certificates - this should only happen if the token + * has been marked as "traversable" + */ +NSS_IMPLEMENT PRStatus +nssToken_TraverseCertificates +( + NSSToken *token, + nssSession *sessionOpt, + nssTokenCertSearch *search +) +{ + PRStatus nssrv; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE cert_template[2]; + CK_ULONG ctsize; + NSS_CK_TEMPLATE_START(cert_template, attr, ctsize); + /* Set the search to token/session only if provided */ + if (search->searchType == nssTokenSearchType_SessionOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } else if (search->searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize); + if (search->cached) { + nssList_SetCompareFunction(search->cached, compare_cert_by_encoding); + } + nssrv = traverse_objects_by_template(token, sessionOpt, + cert_template, ctsize, + retrieve_cert, search); + return nssrv; +} + +NSS_IMPLEMENT PRStatus +nssToken_TraverseCertificatesBySubject +( + NSSToken *token, + nssSession *sessionOpt, + NSSDER *subject, + nssTokenCertSearch *search +) +{ + PRStatus nssrv; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE subj_template[3]; + CK_ULONG stsize; + NSS_CK_TEMPLATE_START(subj_template, attr, stsize); + /* Set the search to token/session only if provided */ + if (search->searchType == nssTokenSearchType_SessionOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } else if (search->searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject); + NSS_CK_TEMPLATE_FINISH(subj_template, attr, stsize); + if (search->cached) { + nssList_SetCompareFunction(search->cached, compare_cert_by_encoding); + } + /* now traverse the token certs matching this template */ + nssrv = traverse_objects_by_template(token, sessionOpt, + subj_template, stsize, + retrieve_cert, search); + return nssrv; +} + +NSS_IMPLEMENT PRStatus +nssToken_TraverseCertificatesByNickname +( + NSSToken *token, + nssSession *sessionOpt, + NSSUTF8 *name, + nssTokenCertSearch *search +) +{ + PRStatus nssrv; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE nick_template[3]; + CK_ULONG ntsize; + NSS_CK_TEMPLATE_START(nick_template, attr, ntsize); + NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, name); + /* Set the search to token/session only if provided */ + if (search->searchType == nssTokenSearchType_SessionOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } else if (search->searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_TEMPLATE_FINISH(nick_template, attr, ntsize); + if (search->cached) { + nssList_SetCompareFunction(search->cached, compare_cert_by_encoding); + } + /* now traverse the token certs matching this template */ + nssrv = traverse_objects_by_template(token, sessionOpt, + nick_template, ntsize, + retrieve_cert, search); + if (nssrv != PR_SUCCESS) { + return nssrv; + } + /* This is to workaround the fact that PKCS#11 doesn't specify + * whether the '\0' should be included. XXX Is that still true? + * im - this is not needed by the current softoken. However, I'm + * leaving it in until I have surveyed more tokens to see if it needed. + * well, its needed by the builtin token... + */ + nick_template[0].ulValueLen++; + nssrv = traverse_objects_by_template(token, sessionOpt, + nick_template, ntsize, + retrieve_cert, search); + return nssrv; +} + +NSS_IMPLEMENT PRStatus +nssToken_TraverseCertificatesByEmail +( + NSSToken *token, + nssSession *sessionOpt, + NSSASCII7 *email, + nssTokenCertSearch *search +) +{ + PRStatus nssrv; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE email_template[3]; + CK_ULONG etsize; + NSS_CK_TEMPLATE_START(email_template, attr, etsize); + NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NETSCAPE_EMAIL, email); + /* Set the search to token/session only if provided */ + if (search->searchType == nssTokenSearchType_SessionOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } else if (search->searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_TEMPLATE_FINISH(email_template, attr, etsize); + if (search->cached) { + nssList_SetCompareFunction(search->cached, compare_cert_by_encoding); + } + /* now traverse the token certs matching this template */ + nssrv = traverse_objects_by_template(token, sessionOpt, + email_template, etsize, + retrieve_cert, search); + if (nssrv != PR_SUCCESS) { + return nssrv; + } +#if 0 + /* This is to workaround the fact that PKCS#11 doesn't specify + * whether the '\0' should be included. XXX Is that still true? + */ + email_tmpl[0].ulValueLen--; + nssrv = traverse_objects_by_template(token, sessionOpt, + email_tmpl, etsize, + retrieve_cert, search); +#endif + return nssrv; +} + +/* XXX these next two need to create instances as needed */ + +NSS_IMPLEMENT NSSCertificate * +nssToken_FindCertificateByIssuerAndSerialNumber +( + NSSToken *token, + nssSession *sessionOpt, + NSSDER *issuer, + NSSDER *serial, + nssTokenSearchType searchType +) +{ + NSSCertificate *rvCert = NULL; + nssSession *session; + PRStatus nssrv; + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE cert_template[4]; + CK_ULONG ctsize; + NSS_CK_TEMPLATE_START(cert_template, attr, ctsize); + /* Set the search to token/session only if provided */ + if (searchType == nssTokenSearchType_SessionOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } else if (searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + /* Set the unique id */ + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, issuer); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, serial); + NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize); + /* get the object handle */ + object = find_object_by_template(token, sessionOpt, cert_template, ctsize); + if (object == CK_INVALID_HANDLE) { + return NULL; + } + session = (sessionOpt) ? sessionOpt : token->defaultSession; + rvCert = get_token_cert(token, sessionOpt, object); + if (rvCert) { + PRBool isTokenObject; + nssCryptokiInstance *instance; + isTokenObject = nssCKObject_IsAttributeTrue(object, CKA_TOKEN, + session, token->slot, + &nssrv); + instance = create_cryptoki_instance(rvCert->object.arena, + token, object, isTokenObject); + if (!instance) { + NSSCertificate_Destroy(rvCert); + return NULL; + } + nssList_Add(rvCert->object.instanceList, instance); + /* XXX Fix this! */ + nssListIterator_Destroy(rvCert->object.instances); + rvCert->object.instances = nssList_CreateIterator(rvCert->object.instanceList); + } + return rvCert; +} + +NSS_IMPLEMENT NSSCertificate * +nssToken_FindCertificateByEncodedCertificate +( + NSSToken *token, + nssSession *sessionOpt, + NSSBER *encodedCertificate, + nssTokenSearchType searchType +) +{ + NSSCertificate *rvCert = NULL; + nssSession *session; + PRStatus nssrv; + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE cert_template[3]; + CK_ULONG ctsize; + NSS_CK_TEMPLATE_START(cert_template, attr, ctsize); + /* Set the search to token/session only if provided */ + if (searchType == nssTokenSearchType_SessionOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } else if (searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encodedCertificate); + NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize); + /* get the object handle */ + object = find_object_by_template(token, sessionOpt, cert_template, ctsize); + if (object == CK_INVALID_HANDLE) { + return NULL; + } + session = (sessionOpt) ? sessionOpt : token->defaultSession; + rvCert = get_token_cert(token, sessionOpt, object); + if (rvCert) { + PRBool isTokenObject; + nssCryptokiInstance *instance; + isTokenObject = nssCKObject_IsAttributeTrue(object, CKA_TOKEN, + session, token->slot, + &nssrv); + instance = create_cryptoki_instance(rvCert->object.arena, + token, object, isTokenObject); + if (!instance) { + NSSCertificate_Destroy(rvCert); + return NULL; + } + nssList_Add(rvCert->object.instanceList, instance); + /* XXX Fix this! */ + nssListIterator_Destroy(rvCert->object.instances); + rvCert->object.instances = nssList_CreateIterator(rvCert->object.instanceList); + } + return rvCert; +} + +static void +sha1_hash(NSSItem *input, NSSItem *output) +{ + NSSAlgorithmAndParameters *ap; + NSSToken *token = STAN_GetDefaultCryptoToken(); + ap = NSSAlgorithmAndParameters_CreateSHA1Digest(NULL); + (void)nssToken_Digest(token, NULL, ap, input, output, NULL); +#ifdef NSS_3_4_CODE + PK11_FreeSlot(token->pk11slot); +#endif + nss_ZFreeIf(ap); +} + +static void +md5_hash(NSSItem *input, NSSItem *output) +{ + NSSAlgorithmAndParameters *ap; + NSSToken *token = STAN_GetDefaultCryptoToken(); + ap = NSSAlgorithmAndParameters_CreateMD5Digest(NULL); + (void)nssToken_Digest(token, NULL, ap, input, output, NULL); +#ifdef NSS_3_4_CODE + PK11_FreeSlot(token->pk11slot); +#endif + nss_ZFreeIf(ap); +} + +NSS_IMPLEMENT PRStatus +nssToken_ImportTrust +( + NSSToken *tok, + nssSession *sessionOpt, + NSSTrust *trust, + PRBool asTokenObject +) +{ + CK_OBJECT_HANDLE handle; + CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_TRUST; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE trust_tmpl[10]; + CK_ULONG tsize; + PRUint8 sha1[20]; /* this is cheating... */ + PRUint8 md5[16]; + NSSItem sha1_result, md5_result; + NSSCertificate *c = trust->certificate; + sha1_result.data = sha1; sha1_result.size = sizeof sha1; + md5_result.data = md5; md5_result.size = sizeof md5; + sha1_hash(&c->encoding, &sha1_result); + md5_hash(&c->encoding, &md5_result); + NSS_CK_TEMPLATE_START(trust_tmpl, attr, tsize); + if (asTokenObject) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } else { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } + NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, tobjc); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, &c->issuer); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, &c->serial); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, &sha1_result); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_MD5_HASH, &md5_result); + /* now set the trust values */ + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH, trust->serverAuth); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, trust->clientAuth); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, trust->codeSigning); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, + trust->emailProtection); + NSS_CK_TEMPLATE_FINISH(trust_tmpl, attr, tsize); + /* import the trust object onto the token */ + handle = import_object(tok, NULL, trust_tmpl, tsize); + if (handle != CK_INVALID_HANDLE) { + nssCryptokiInstance *instance; + instance = create_cryptoki_instance(trust->object.arena, + tok, handle, asTokenObject); + if (!instance) { + return PR_FAILURE; + } + nssList_Add(trust->object.instanceList, instance); + /* XXX Fix this! */ + nssListIterator_Destroy(trust->object.instances); + trust->object.instances = nssList_CreateIterator(trust->object.instanceList); + tok->hasNoTrust = PR_FALSE; + return PR_SUCCESS; + } + return PR_FAILURE; +} + +NSS_IMPLEMENT PRStatus +nssToken_SetTrustCache +( + NSSToken *token +) +{ + CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_TRUST; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE tobj_template[2]; + CK_ULONG tobj_size; + CK_OBJECT_HANDLE obj; + nssSession *session = token->defaultSession; + + NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size); + NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, tobjc); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size); + + obj = find_object_by_template(token, session, + tobj_template, tobj_size); + token->hasNoTrust = PR_FALSE; + if (obj == CK_INVALID_HANDLE) { + token->hasNoTrust = PR_TRUE; + } + return PR_SUCCESS; +} + +NSS_IMPLEMENT PRStatus +nssToken_SetCrlCache +( + NSSToken *token +) +{ + CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_CRL; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE tobj_template[2]; + CK_ULONG tobj_size; + CK_OBJECT_HANDLE obj; + nssSession *session = token->defaultSession; + + NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size); + NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, tobjc); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size); + + obj = find_object_by_template(token, session, + tobj_template, tobj_size); + token->hasNoCrls = PR_TRUE; + if (obj == CK_INVALID_HANDLE) { + token->hasNoCrls = PR_TRUE; + } + return PR_SUCCESS; +} + +static CK_OBJECT_HANDLE +get_cert_trust_handle +( + NSSToken *token, + nssSession *session, + NSSCertificate *c, + nssTokenSearchType searchType +) +{ + CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_TRUST; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE tobj_template[5]; + CK_ULONG tobj_size; + PRUint8 sha1[20]; /* this is cheating... */ + NSSItem sha1_result; + + if (token->hasNoTrust) { + return CK_INVALID_HANDLE; + } + sha1_result.data = sha1; sha1_result.size = sizeof sha1; + sha1_hash(&c->encoding, &sha1_result); + NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size); + if (searchType == nssTokenSearchType_SessionOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } else if (searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, tobjc); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, &sha1_result); +#ifdef NSS_3_4_CODE + if (!PK11_HasRootCerts(token->pk11slot)) { +#endif + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, &c->issuer); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER , &c->serial); +#ifdef NSS_3_4_CODE + } + /* + * we need to arrange for the built-in token to lose the bottom 2 + * attributes so that old built-in tokens will continue to work. + */ +#endif + NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size); + return find_object_by_template(token, session, + tobj_template, tobj_size); +} + +NSS_IMPLEMENT NSSTrust * +nssToken_FindTrustForCert +( + NSSToken *token, + nssSession *sessionOpt, + NSSCertificate *c, + nssTokenSearchType searchType +) +{ + PRStatus nssrv; + NSSTrust *rvTrust; + nssSession *session; + NSSArena *arena; + nssCryptokiInstance *instance; + PRBool isTokenObject; + CK_BBOOL isToken; + CK_TRUST saTrust, caTrust, epTrust, csTrust; + CK_OBJECT_HANDLE tobjID; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE trust_template[5]; + CK_ULONG trust_size; + session = (sessionOpt) ? sessionOpt : token->defaultSession; + tobjID = get_cert_trust_handle(token, session, c, searchType); + if (tobjID == CK_INVALID_HANDLE) { + return NULL; + } + /* Then use the trust object to find the trust settings */ + NSS_CK_TEMPLATE_START(trust_template, attr, trust_size); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TOKEN, isToken); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH, saTrust); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, caTrust); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, epTrust); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, csTrust); + NSS_CK_TEMPLATE_FINISH(trust_template, attr, trust_size); + nssrv = nssCKObject_GetAttributes(tobjID, + trust_template, trust_size, + NULL, session, token->slot); + if (nssrv != PR_SUCCESS) { + return NULL; + } + arena = nssArena_Create(); + if (!arena) { + return NULL; + } + rvTrust = nss_ZNEW(arena, NSSTrust); + if (!rvTrust) { + nssArena_Destroy(arena); + return NULL; + } + nssrv = nssPKIObject_Initialize(&rvTrust->object, arena, + token->trustDomain, NULL); + if (nssrv != PR_SUCCESS) { + goto loser; + } + isTokenObject = (isToken == CK_TRUE) ? PR_TRUE : PR_FALSE; + instance = create_cryptoki_instance(arena, token, tobjID, isTokenObject); + if (!instance) { + goto loser; + } + rvTrust->serverAuth = saTrust; + rvTrust->clientAuth = caTrust; + rvTrust->emailProtection = epTrust; + rvTrust->codeSigning = csTrust; + return rvTrust; +loser: + nssPKIObject_Destroy(&rvTrust->object); + return (NSSTrust *)NULL; +} + +NSS_IMPLEMENT PRBool +nssToken_HasCrls +( + NSSToken *tok +) +{ + return !tok->hasNoCrls; +} + +NSS_IMPLEMENT PRStatus +nssToken_SetHasCrls +( + NSSToken *tok +) +{ + tok->hasNoCrls = PR_FALSE; + return PR_SUCCESS; +} + +NSS_IMPLEMENT PRBool +nssToken_IsPresent +( + NSSToken *token +) +{ + return nssSlot_IsTokenPresent(token->slot); +} + |