merge changes from NSS 3.0 branch to allow NT automated tests to work.

4 files changed, 36 insertions, 18 deletions

diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c
index 1c049a36e..907f4a68d 100644
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -100,7 +100,6 @@ GetGeneralName (PRArenaPool *arena)
     PORT_Assert (arena);
     mark = PORT_ArenaMark (arena);
     do {
-	fflush (stdin);
 	puts ("\nSelect one of the following general name type: \n");
 	puts ("\t1 - instance of other name\n\t2 - rfc822Name\n\t3 - dnsName\n");
 	puts ("\t4 - x400Address\n\t5 - directoryName\n\t6 - ediPartyName\n");
@@ -123,7 +122,6 @@ GetGeneralName (PRArenaPool *arena)
 	}
 	current->type = intValue;
 	puts ("\nEnter data:");
-	fflush (stdin);
 	fflush (stdout);
 	gets (buffer);
 	switch (current->type) {
@@ -198,7 +196,6 @@ GetString(PRArenaPool *arena, char *prompt, SECItem *value)
     value->len = 0;
     
     puts (prompt);
-    fflush (stdin);
     gets (buffer);
     if (strlen (buffer) > 0) {
 	value->data = PORT_ArenaAlloc (arena, strlen (buffer));
@@ -269,7 +266,6 @@ GetYesNo(char *prompt)
 #if 0
     char charValue;
 
-    fflush (stdin);
     puts (prompt);
     scanf ("%c", &charValue);
     if (charValue != 'y' && charValue != 'Y')
@@ -1575,7 +1571,6 @@ AddBasicConstraint(void *extHandle)
     do {
 	basicConstraint.pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT;
 	puts ("Is this a CA certificate [y/n]?");
-	fflush (stdin);
 	gets (buffer);
 	basicConstraint.isCA = (buffer[0] == 'Y' || buffer[0] == 'y') ?
                                 PR_TRUE : PR_FALSE;
@@ -1604,7 +1599,7 @@ AddBasicConstraint(void *extHandle)
 static SECItem *
 SignCert(CERTCertDBHandle *handle, 
 CERTCertificate *cert, PRBool selfsign, 
-SECKEYPrivateKey *selfsignprivkey, char *issuerNickName)
+SECKEYPrivateKey *selfsignprivkey, char *issuerNickName, void *pwarg)
 {
     SECItem der;
     SECItem *result = NULL;
@@ -1625,7 +1620,7 @@ SECKEYPrivateKey *selfsignprivkey, char *issuerNickName)
         return (SECItem *)NULL;
       }
 
-      caPrivateKey = PK11_FindKeyByAnyCert(issuer, (void *)NULL);
+      caPrivateKey = PK11_FindKeyByAnyCert(issuer, pwarg);
     if (caPrivateKey == NULL) {
 	SECU_PrintError(progName, "unable to retrieve key %s", issuerNickName);
 	return NULL;
@@ -1708,7 +1703,6 @@ AddAuthKeyID (void *extHandle)
 	    GEN_BREAK (SECFailure);
 	}
 
-	fflush (stdin);
 	rv = GetString (arena, "Enter value for the key identifier fields, enter to omit:",
 			&authKeyID->keyID);
 	if (rv != SECSuccess)
@@ -1760,7 +1754,6 @@ AddCrlDistPoint(void *extHandle)
 	    GEN_BREAK (SECFailure);
 	}   
 
-	fflush (stdin);
 	/* Get the distributionPointName fields - this field is optional */
 	puts ("Enter the type of the distribution point name:\n");
 	puts ("\t1 - Full Name\n\t2 - Relative Name\n\tOther - omit\n\t\tChoice: ");
@@ -1779,7 +1772,6 @@ AddCrlDistPoint(void *extHandle)
 		current->distPointType = intValue;
 		puts ("Enter the relative name: ");
 		fflush (stdout);
-		fflush (stdin);
 		gets (buffer);
 		/* For simplicity, use CERT_AsciiToName to converse from a string
 		   to NAME, but we only interest in the first RDN */
@@ -1846,7 +1838,6 @@ AddCrlDistPoint(void *extHandle)
     } while (1);
     
     if (rv == SECSuccess) {
-	fflush (stdin);
 	buffer[0] = 'n';
 	puts ("Is this a critical extension [y/n]? ");
 	gets (buffer);	
@@ -1868,6 +1859,7 @@ CreateCert(
 	PRFileDesc *inFile,
 	PRFileDesc *outFile, 
 	SECKEYPrivateKey *selfsignprivkey,
+	void 	*pwarg,
 	int     serialNumber, 
 	int     warpmonths,
 	int     validitylength,
@@ -1955,7 +1947,7 @@ CreateCert(
 
 	CERT_FinishExtensions(extHandle);
 
-	certDER = SignCert (handle, subjectCert, selfsign, selfsignprivkey, issuerNickName);
+	certDER = SignCert (handle, subjectCert, selfsign, selfsignprivkey, issuerNickName,pwarg);
 
 	if (certDER)
 	   PR_Write(outFile, certDER->data, certDER->len);
@@ -2141,6 +2133,11 @@ main(int argc, char **argv)
     }
 #endif
 
+    if (certutil.options[opt_PasswordFile].arg) {
+	pwdata.source = PW_FROMFILE;
+	pwdata.data = certutil.options[opt_PasswordFile].arg;
+    }
+
     if (certutil.options[opt_CertDir].activated)
 	SECU_ConfigDirectory(certutil.options[opt_CertDir].arg);
 
@@ -2534,7 +2531,7 @@ main(int argc, char **argv)
          certutil.commands[cmd_CreateNewCert].activated) {
 	rv = CreateCert(certHandle, 
 	                certutil.options[opt_IssuerName].arg,
-	                inFile, outFile, privkey, 
+	                inFile, outFile, privkey, &pwdata,
 	                serialNumber, warpmonths, validitylength,
 	                certutil.options[opt_SelfSign].activated,
 	                certutil.options[opt_AddKeyUsageExt].activated,
diff --git a/security/nss/cmd/lib/secpwd.c b/security/nss/cmd/lib/secpwd.c
index c235c3ffa..b2edcaed2 100644
--- a/security/nss/cmd/lib/secpwd.c
+++ b/security/nss/cmd/lib/secpwd.c
@@ -155,6 +155,10 @@ static int quiet_fgets (char *buf, int length, FILE *input)
   /* fflush (input); */
   memset (buf, 0, length);
 
+  if (input != stdin) {
+     return fgets(buf,length,input);
+  }
+
   while (1)
     {
     c = getch();
diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c
index 880503659..cb2112bdf 100644
--- a/security/nss/cmd/lib/secutil.c
+++ b/security/nss/cmd/lib/secutil.c
@@ -255,6 +255,8 @@ SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg)
     nb = PR_Read(fd, phrase, sizeof(phrase));
   
     PR_Close(fd);
+    /* handle the Windows EOL case */
+    if ((nb > 2) && (phrase[nb-2] == '\r') ) nb--;
     if (phrase[nb-1] == '\n') {
 	phrase[nb-1] = '\0';
 	if (nb == 0) {
@@ -309,11 +311,15 @@ secu_InitSlotPassword(PK11SlotInfo *slot, PRBool retry, void *arg)
 
     if (pwdata->source == PW_NONE) {
 	/* open terminal */
+#ifdef _WINDOWS
+	input = stdin;
+#else
 	input = fopen(consoleName, "r");
 	if (input == NULL) {
 	    PR_fprintf(PR_STDERR, "Error opening input terminal for read\n");
 	    return NULL;
 	}
+#endif
 
 	/* we have no password, so initialize database with one */
 	PR_fprintf(PR_STDERR, 
@@ -393,9 +399,16 @@ SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile)
     for (;;) {
 	oldpw = SECU_GetModulePassword(slot, PR_FALSE, &pwdata);
 
-	if (PK11_CheckUserPassword(slot, oldpw) != SECSuccess)
-	    PR_fprintf(PR_STDERR, "Invalid password.  Try again.\n");
-	else
+	if (PK11_CheckUserPassword(slot, oldpw) != SECSuccess) {
+	    if (pwdata.source == PW_NONE) {
+		PR_fprintf(PR_STDERR, "Invalid password.  Try again.\n");
+	    } else {
+		PR_fprintf(PR_STDERR, "Invalid password.\n");
+		PORT_Memset(oldpw, 0, PL_strlen(oldpw));
+		PORT_Free(oldpw);
+		return SECFailure;
+	    }
+	} else
 	    break;
 
 	PORT_Free(oldpw);
@@ -578,11 +591,15 @@ SECU_ChangeKeyDBPassword(SECKEYKeyDBHandle *handle)
     oldpwitem = secu_GetZeroLengthPassword(handle);
 
     /* open terminal */
+#ifdef _WINDOWS
+    input = stdin;
+#else
     input = fopen(consoleName, "r");
     if (input == NULL) {
 	fprintf(stderr, "Error opening input terminal\n");
 	return SECFailure;
     }
+#endif
 
     output = fopen(consoleName, "w");
     if (output == NULL) {
@@ -667,7 +684,7 @@ SECU_ChangeKeyDBPassword(SECKEYKeyDBHandle *handle)
     SECITEM_ZfreeItem(newpwitem, PR_TRUE);
     SECITEM_ZfreeItem(oldpwitem, PR_TRUE);
 
-    fclose(input);
+    if (input != stdin) fclose(input);
     fclose(output);
 
     if (failed) {
diff --git a/security/nss/cmd/selfserv/selfserv.c b/security/nss/cmd/selfserv/selfserv.c
index 37fdedf38..f5fb03312 100644
--- a/security/nss/cmd/selfserv/selfserv.c
+++ b/security/nss/cmd/selfserv/selfserv.c
@@ -894,7 +894,7 @@ send_answer:
 		break;
 	    }
 	} else {
-	    fwrite(buf, 1, i, stdout);	/* display it */
+	    /* fwrite(buf, 1, i, stdout);	/* display it */
 	    rv = PR_Write(ssl_sock, buf, i);
 	    if (rv < 0) {
 		errWarn("PR_Write");