diff options
author | saul.edwards%sun.com <devnull@localhost> | 2003-12-11 18:41:45 +0000 |
---|---|---|
committer | saul.edwards%sun.com <devnull@localhost> | 2003-12-11 18:41:45 +0000 |
commit | 6f0c475e9afdb4882ada5731b0acd0381b540ae9 (patch) | |
tree | 669bd26d44c734294696e955fc0ec54a9a8149a7 | |
parent | 2c29c1b071d120562b4c7ceab072b35dfe529936 (diff) | |
download | nss-hg-6f0c475e9afdb4882ada5731b0acd0381b540ae9.tar.gz |
Revert the cert8 upgrade code - the changes don't affect any other fixes
between 3.3.4 and 3.3.7.
-rw-r--r-- | security/nss/lib/certdb/certdb.h | 6 | ||||
-rw-r--r-- | security/nss/lib/certdb/pcertdb.c | 259 |
2 files changed, 40 insertions, 225 deletions
diff --git a/security/nss/lib/certdb/certdb.h b/security/nss/lib/certdb/certdb.h index 7da572099..2d75ee8b5 100644 --- a/security/nss/lib/certdb/certdb.h +++ b/security/nss/lib/certdb/certdb.h @@ -41,8 +41,7 @@ */ /* version number of certificate database */ -#define CERT_DB_FILE_VERSION 8 -#define CERT_DB_V7_FILE_VERSION 7 +#define CERT_DB_FILE_VERSION 7 #ifdef USE_NS_ROOTS #define CERT_DB_CONTENT_VERSION 28 #else @@ -70,8 +69,7 @@ typedef enum { certDBEntryTypeRevocation = 4, certDBEntryTypeKeyRevocation = 5, certDBEntryTypeSMimeProfile = 6, - certDBEntryTypeContentVersion = 7, - certDBEntryTypeBlob = 8 + certDBEntryTypeContentVersion = 7 } certDBEntryType; typedef struct { diff --git a/security/nss/lib/certdb/pcertdb.c b/security/nss/lib/certdb/pcertdb.c index c7463e52b..f6601d4cb 100644 --- a/security/nss/lib/certdb/pcertdb.c +++ b/security/nss/lib/certdb/pcertdb.c @@ -238,11 +238,7 @@ ReadDBEntry(CERTCertDBHandle *handle, certDBEntryCommon *entry, goto loser; } buf = (unsigned char *)data.data; - /* version 7 uses the shame scheme, we may be using a v7 db if we - * opened the dbs readonly - */ - if ( !((buf[0] == (unsigned char)CERT_DB_FILE_VERSION) || - (buf[0] == (unsigned char)CERT_DB_V7_FILE_VERSION)) ) { + if ( buf[0] != (unsigned char)CERT_DB_FILE_VERSION ) { PORT_SetError(SEC_ERROR_BAD_DATABASE); goto loser; } @@ -449,7 +445,6 @@ DecodeDBCertEntry(certDBEntryCert *entry, SECItem *dbentry) lenoff = 3; break; case 7: - case 8: headerlen = DB_CERT_ENTRY_HEADER_LEN; lenoff = 6; break; @@ -3205,9 +3200,6 @@ RemovePermSubjectNode(CERTCertificate *cert) /* if the subject had an email record, then delete it too */ DeleteDBSMimeEntry(cert->dbhandle, subjectList->entry->emailAddr); } - if ( subjectList->entry->nickname ) { - DeleteDBNicknameEntry(cert->dbhandle, subjectList->entry->nickname); - } DestroyDBEntry((certDBEntry *)subjectList->entry); subjectList->entry = NULL; @@ -3226,12 +3218,11 @@ AddPermSubjectNode(CERTCertificate *cert, char *nickname) CERTSubjectList *subjectList; certDBEntrySubject *entry; SECItem *newCertKeys, *newKeyIDs; - int i, new_i; + int i; SECStatus rv; CERTCertificate *cmpcert; unsigned int nnlen; int ncerts; - PRBool added = PR_FALSE; subjectList = cert->subjectList; @@ -3273,32 +3264,27 @@ AddPermSubjectNode(CERTCertificate *cert, char *nickname) return(SECFailure); } - for ( i = 0, new_i = 0; i < ncerts; i++ ) { + for ( i = 0; i < ncerts; i++ ) { cmpcert = CERT_FindCertByKeyNoLocking(cert->dbhandle, &entry->certKeys[i]); PORT_Assert(cmpcert); - /* The entry has been corrupted, remove it from the list */ - if (!cmpcert) { - continue; - } if ( CERT_IsNewer(cert, cmpcert) ) { /* insert before cmpcert */ - rv = SECITEM_CopyItem(entry->common.arena, &newCertKeys[new_i], + rv = SECITEM_CopyItem(entry->common.arena, &newCertKeys[i], &cert->certKey); if ( rv != SECSuccess ) { return(SECFailure); } - rv = SECITEM_CopyItem(entry->common.arena, &newKeyIDs[new_i], + rv = SECITEM_CopyItem(entry->common.arena, &newKeyIDs[i], &cert->subjectKeyID); if ( rv != SECSuccess ) { return(SECFailure); } - new_i++; - /* copy the rest of the entries */ - for ( ; i < ncerts; i++, new_i++ ) { - newCertKeys[new_i] = entry->certKeys[i]; - newKeyIDs[new_i] = entry->keyIDs[i]; + /* copy the rest of the entry */ + for ( ; i < ncerts; i++ ) { + newCertKeys[i+1] = entry->certKeys[i]; + newKeyIDs[i+1] = entry->keyIDs[i]; } /* update certKeys and keyIDs */ @@ -3306,36 +3292,33 @@ AddPermSubjectNode(CERTCertificate *cert, char *nickname) entry->keyIDs = newKeyIDs; /* increment count */ - entry->ncerts = new_i; - added = PR_TRUE; + entry->ncerts++; break; } /* copy this cert entry */ - newCertKeys[new_i] = entry->certKeys[i]; - newKeyIDs[new_i] = entry->keyIDs[i]; - new_i++; + newCertKeys[i] = entry->certKeys[i]; + newKeyIDs[i] = entry->keyIDs[i]; } - if ( !added ) { + if ( entry->ncerts == ncerts ) { /* insert new one at end */ - rv = SECITEM_CopyItem(entry->common.arena, &newCertKeys[new_i], + rv = SECITEM_CopyItem(entry->common.arena, &newCertKeys[ncerts], &cert->certKey); if ( rv != SECSuccess ) { return(SECFailure); } - rv = SECITEM_CopyItem(entry->common.arena, &newKeyIDs[new_i], + rv = SECITEM_CopyItem(entry->common.arena, &newKeyIDs[ncerts], &cert->subjectKeyID); if ( rv != SECSuccess ) { return(SECFailure); } - new_i++; /* update certKeys and keyIDs */ entry->certKeys = newCertKeys; entry->keyIDs = newKeyIDs; /* increment count */ - entry->ncerts = new_i; + entry->ncerts++; } } else { /* need to make a new DB entry */ @@ -3374,7 +3357,6 @@ __CERT_TraversePermCertsForSubject(CERTCertDBHandle *handle, for( i = 0; i < entry->ncerts; i++ ) { cert = CERT_FindCertByKey(handle, &entry->certKeys[i]); - if (!cert) continue; rv = (* cb)(cert, cbarg); CERT_DestroyCertificate(cert); if ( rv == SECFailure ) { @@ -3623,9 +3605,14 @@ CERT_AddPermNickname(CERTCertificate *cert, char *nickname) CERT_LockDB(cert->dbhandle); + PORT_Assert(cert->nickname == NULL); PORT_Assert(cert->isperm); PORT_Assert(cert->subjectList != NULL); PORT_Assert(cert->subjectList->entry != NULL); + + if ( cert->nickname != NULL ) { + goto done; + } if ( cert->subjectList == NULL ) { goto loser; @@ -3659,6 +3646,7 @@ CERT_AddPermNickname(CERTCertificate *cert, char *nickname) } } +done: CERT_UnlockDB(cert->dbhandle); return(SECSuccess); loser: @@ -3779,144 +3767,6 @@ loser: return(NULL); } -/* forward declaration */ -static SECStatus -UpdateV7DB(CERTCertDBHandle *handle, DB *updatedb); - -/* - * version 8 uses the same schema as version 7. The only differences are - * 1) version 8 db uses the blob shim to store data entries > 32k. - * 2) version 8 db sets the db block size to 32k. - * both of these are dealt with by the handle. - */ - -static SECStatus -UpdateV8DB(CERTCertDBHandle *handle, DB *updatedb) -{ - return UpdateV7DB(handle,updatedb); -} - - -/* - * we could just blindly sequence through reading key data pairs and writing - * them back out, but some cert.db's have gotten quite large and may have some - * subtle corruption problems, so instead we cycle through the certs and - * CRL's and S/MIME profiles and rebuild our subject lists from those records. - */ -static SECStatus -UpdateV7DB(CERTCertDBHandle *handle, DB *updatedb) -{ - DBT key, data; - int ret; - CERTCertificate *cert; - PRBool isKRL = PR_FALSE; - certDBEntryType entryType; - SECItem dbEntry, dbKey; - certDBEntryRevocation crlEntry; - certDBEntryCert certEntry; - certDBEntrySMime smimeEntry; - SECStatus rv; - - ret = (* updatedb->seq)(updatedb, &key, &data, R_FIRST); - - if ( ret ) { - return(SECFailure); - } - - do { - unsigned char *dataBuf = (unsigned char *)data.data; - unsigned char *keyBuf = (unsigned char *)key.data; - dbEntry.data = &dataBuf[SEC_DB_ENTRY_HEADER_LEN]; - dbEntry.len = data.size - SEC_DB_ENTRY_HEADER_LEN; - entryType = (certDBEntryType) keyBuf[0]; - dbKey.data = &keyBuf[SEC_DB_KEY_HEADER_LEN]; - dbKey.len = key.size - SEC_DB_KEY_HEADER_LEN; - if ((dbEntry.len <= 0) || (dbKey.len <= 0)) { - continue; - } - - switch (entryType) { - /* these entries will get regenerated as we read the - * rest of the data from the database */ - case certDBEntryTypeVersion: - case certDBEntryTypeSubject: - case certDBEntryTypeContentVersion: - case certDBEntryTypeNickname: - /*default: */ - break; - - case certDBEntryTypeCert: - /* decode Entry */ - certEntry.common.version = (unsigned int)dataBuf[0]; - certEntry.common.type = entryType; - certEntry.common.flags = (unsigned int)dataBuf[2]; - certEntry.common.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (certEntry.common.arena == NULL) { - break; - } - rv = DecodeDBCertEntry(&certEntry,&dbEntry); - if (rv != SECSuccess) { - break; - } - /* should we check for existing duplicates? */ - cert = CERT_DecodeDERCertificate(&certEntry.derCert, PR_FALSE, - certEntry.nickname); - if (cert) { - AddCertToPermDB(handle, cert, certEntry.nickname, - &certEntry.trust); - CERT_DestroyCertificate(cert); - } - /* free data allocated by the decode */ - PORT_FreeArena(certEntry.common.arena, PR_FALSE); - certEntry.common.arena = NULL; - break; - - case certDBEntryTypeKeyRevocation: - isKRL = PR_TRUE; - /* fall through */ - case certDBEntryTypeRevocation: - crlEntry.common.version = (unsigned int)dataBuf[0]; - crlEntry.common.type = entryType; - crlEntry.common.flags = (unsigned int)dataBuf[2]; - crlEntry.common.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (crlEntry.common.arena == NULL) { - break; - } - rv = DecodeDBCrlEntry(&crlEntry,&dbEntry); - if (rv != SECSuccess) { - break; - } - - rv = WriteDBCrlEntry(handle, &crlEntry); - if (rv != SECSuccess) { - break; - } - /* free data allocated by the decode */ - PORT_FreeArena(crlEntry.common.arena, PR_FALSE); - crlEntry.common.arena = NULL; - break; - - case certDBEntryTypeSMimeProfile: - smimeEntry.common.version = (unsigned int)dataBuf[0]; - smimeEntry.common.type = entryType; - smimeEntry.common.flags = (unsigned int)dataBuf[2]; - smimeEntry.common.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - rv = DecodeDBSMimeEntry(&smimeEntry,&dbEntry,(char *)dbKey.data); - /* decode entry */ - WriteDBSMimeEntry(handle, &smimeEntry); - PORT_FreeArena(smimeEntry.common.arena, PR_FALSE); - smimeEntry.common.arena = NULL; - break; - } - } while ( (* updatedb->seq)(updatedb, &key, &data, R_NEXT) == 0 ); - - (* updatedb->close)(updatedb); - - /* a database update is a good time to go back and verify the integrity of - * the keys and certs */ - return(SECSuccess); -} - /* * NOTE - Version 6 DB did not go out to the real world in a release, * so we can remove this function in a later release. @@ -4404,7 +4254,7 @@ SEC_OpenPermCertDB(CERTCertDBHandle *handle, PRBool readOnly, /* * first open the permanent file based database. */ - handle->permCertDB = dbsopen( certdbname, openflags, 0600, DB_HASH, 0 ); + handle->permCertDB = dbopen( certdbname, openflags, 0600, DB_HASH, 0 ); /* check for correct version number */ if ( handle->permCertDB ) { @@ -4427,34 +4277,14 @@ SEC_OpenPermCertDB(CERTCertDBHandle *handle, PRBool readOnly, /* if first open fails, try to create a new DB */ if ( handle->permCertDB == NULL ) { + /* don't create if readonly */ if ( readOnly ) { - /* if opening read-only and cert8.db does not exist, - * use cert7.db - */ - tmpname = (* namecb)(cbarg, 7); /* get v7 db name */ - if (!tmpname) { - goto loser; - } - handle->permCertDB = dbopen(tmpname, O_RDONLY, 0600, DB_HASH, 0); - PORT_Free(tmpname); - if (!handle->permCertDB) { - goto loser; - } - versionEntry = ReadDBVersionEntry(handle); - if ( versionEntry == NULL ) { - /* no version number */ - goto loser; - } else if ( versionEntry->common.version != 7 ) { - DestroyDBEntry((certDBEntry *)versionEntry); - goto loser; - } - PORT_Free(certdbname); - return SECSuccess; + goto loser; } - /* create a new database */ - handle->permCertDB = dbsopen(certdbname, - O_RDWR | O_CREAT | O_TRUNC, - 0600, DB_HASH, 0); + + handle->permCertDB = dbopen(certdbname, + O_RDWR | O_CREAT | O_TRUNC, + 0600, DB_HASH, 0); /* if create fails then we lose */ if ( handle->permCertDB == 0 ) { @@ -4473,22 +4303,7 @@ SEC_OpenPermCertDB(CERTCertDBHandle *handle, PRBool readOnly, if ( rv != SECSuccess ) { goto loser; } -#if 0 /* in this 3.3.4.x version, we want to avoid upgrading 7 to 8 */ - /* try to upgrade old db here */ - tmpname = (* namecb)(cbarg, 7); /* get v7 db name */ - if ( tmpname ) { - updatedb = dbopen( tmpname, O_RDONLY, 0600, DB_HASH, 0 ); - PORT_Free(tmpname); - if ( updatedb ) { - rv = UpdateV7DB(handle, updatedb); - if ( rv != SECSuccess ) { - goto loser; - } - updated = PR_TRUE; - goto update_finished; - } - } -#endif + /* try to upgrade old db here */ tmpname = (* namecb)(cbarg, 6); /* get v6 db name */ if ( tmpname ) { @@ -4536,7 +4351,6 @@ SEC_OpenPermCertDB(CERTCertDBHandle *handle, PRBool readOnly, } } } -update_finished: /* initialize the database with our well known certificates * or in the case of update, just fall down to CERT_AddNewCerts() @@ -4587,7 +4401,14 @@ DeletePermCert(CERTCertificate *cert) if ( rv != SECSuccess ) { ret = SECFailure; } - + + if ( cert->nickname ) { + rv = DeleteDBNicknameEntry(cert->dbhandle, cert->nickname); + if ( rv != SECSuccess ) { + ret = SECFailure; + } + } + rv = RemovePermSubjectNode(cert); return(ret); @@ -4865,10 +4686,6 @@ __CERT_ClosePermCertDB(CERTCertDBHandle *handle) certdb_Close( handle->permCertDB ); handle->permCertDB = 0; } - if (handle->dbMon) { - PZ_DestroyMonitor(handle->dbMon); - handle->dbMon = NULL; - } } return; } |