diff options
| author | cvs2hg <devnull@localhost> | 2002-04-25 21:24:49 +0000 |
|---|---|---|
| committer | cvs2hg <devnull@localhost> | 2002-04-25 21:24:49 +0000 |
| commit | 0b432d6e6eb50dba32d572bdcdbe3f22a8f20ad0 (patch) | |
| tree | 2351d46ed92f6e247e4e58bb78c67af583532f03 | |
| parent | fbe86e726c225b2a69862e9f1f5a2a6a04d2f4c5 (diff) | |
| download | nss-hg-ROGC_20020430_FREEZE.tar.gz | |
fixup commit for branch 'ROGC_20020430_BRANCH'ROGC_20020430_FREEZEROGC_20020430_BASE
| -rw-r--r-- | security/dbm/Makefile | 80 | ||||
| -rw-r--r-- | security/dbm/config/config.mk | 67 | ||||
| -rw-r--r-- | security/dbm/include/Makefile | 76 | ||||
| -rw-r--r-- | security/dbm/include/manifest.mn | 57 | ||||
| -rw-r--r-- | security/dbm/manifest.mn | 45 | ||||
| -rw-r--r-- | security/dbm/src/Makefile | 76 | ||||
| -rw-r--r-- | security/dbm/src/config.mk | 63 | ||||
| -rw-r--r-- | security/dbm/src/dirent.c | 348 | ||||
| -rw-r--r-- | security/dbm/src/dirent.h | 97 | ||||
| -rw-r--r-- | security/dbm/src/manifest.mn | 61 | ||||
| -rw-r--r-- | security/dbm/tests/Makefile | 69 | ||||
| -rw-r--r-- | security/nss/cmd/strsclnt/strsclnt.c | 2 | ||||
| -rw-r--r-- | security/nss/lib/dev/ckhelper.c | 2 | ||||
| -rw-r--r-- | security/nss/lib/dev/devobject.c | 1139 | ||||
| -rw-r--r-- | security/nss/lib/dev/devslot.c | 5 | ||||
| -rw-r--r-- | security/nss/lib/pk11wrap/pk11slot.c | 8 | ||||
| -rw-r--r-- | security/nss/lib/pk11wrap/secmodti.h | 1 | ||||
| -rw-r--r-- | security/nss/lib/util/secoid.c | 5 | ||||
| -rwxr-xr-x | security/nss/tests/nssdir | 2 | ||||
| -rw-r--r-- | security/nss/tests/set_environment | 13 |
20 files changed, 1154 insertions, 1062 deletions
diff --git a/security/dbm/Makefile b/security/dbm/Makefile deleted file mode 100644 index 34cd6d899..000000000 --- a/security/dbm/Makefile +++ /dev/null @@ -1,80 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - -coreconf_hack: - cd ../coreconf; gmake - gmake import - -RelEng_bld: coreconf_hack - gmake diff --git a/security/dbm/config/config.mk b/security/dbm/config/config.mk deleted file mode 100644 index 753364931..000000000 --- a/security/dbm/config/config.mk +++ /dev/null @@ -1,67 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -# -# These macros are defined by mozilla's configure script. -# We define them manually here. -# - -DEFINES += -DSTDC_HEADERS -DHAVE_STRERROR - -# -# Most platforms have snprintf, so it's simpler to list the exceptions. -# -HAVE_SNPRINTF = 1 -# -# OSF1 V4.0D doesn't have snprintf but V5.0A does. -# -ifeq ($(OS_TARGET)$(OS_RELEASE),OSF1V4.0D) -HAVE_SNPRINTF = -endif -ifdef HAVE_SNPRINTF -DEFINES += -DHAVE_SNPRINTF -endif - -ifeq (,$(filter-out IRIX Linux,$(OS_TARGET))) -DEFINES += -DHAVE_SYS_CDEFS_H -endif - -ifeq (,$(filter-out DGUX NCR ReliantUNIX SCO_SV SCOOS UNIXWARE,$(OS_TARGET))) -DEFINES += -DHAVE_SYS_BYTEORDER_H -endif - -# -# None of the platforms that we are interested in need to -# define HAVE_MEMORY_H. -# diff --git a/security/dbm/include/Makefile b/security/dbm/include/Makefile deleted file mode 100644 index ba4dd8ddf..000000000 --- a/security/dbm/include/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - - - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - diff --git a/security/dbm/include/manifest.mn b/security/dbm/include/manifest.mn deleted file mode 100644 index 886fedd98..000000000 --- a/security/dbm/include/manifest.mn +++ /dev/null @@ -1,57 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../.. - -VPATH = $(CORE_DEPTH)/../dbm/include - -MODULE = dbm - -EXPORTS = nsres.h \ - cdefs.h \ - mcom_db.h \ - ncompat.h \ - winfile.h \ - $(NULL) - -PRIVATE_EXPORTS = hsearch.h \ - page.h \ - extern.h \ - ndbm.h \ - queue.h \ - hash.h \ - mpool.h \ - search.h \ - $(NULL) - diff --git a/security/dbm/manifest.mn b/security/dbm/manifest.mn deleted file mode 100644 index 11f4f4237..000000000 --- a/security/dbm/manifest.mn +++ /dev/null @@ -1,45 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = .. - -MODULE = dbm - -IMPORTS = nspr20/v4.1.2 - -RELEASE = dbm - -DIRS = include \ - src \ - $(NULL) diff --git a/security/dbm/src/Makefile b/security/dbm/src/Makefile deleted file mode 100644 index 8fce98394..000000000 --- a/security/dbm/src/Makefile +++ /dev/null @@ -1,76 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -####################################################################### -# (1) Include initial platform-independent assignments (MANDATORY). # -####################################################################### - -include manifest.mn - -####################################################################### -# (2) Include "global" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/config.mk - -####################################################################### -# (3) Include "component" configuration information. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/dbm/config/config.mk - -####################################################################### -# (4) Include "local" platform-dependent assignments (OPTIONAL). # -####################################################################### - -include config.mk - -####################################################################### -# (5) Execute "global" rules. (OPTIONAL) # -####################################################################### - -include $(CORE_DEPTH)/coreconf/rules.mk - -####################################################################### -# (6) Execute "component" rules. (OPTIONAL) # -####################################################################### - - - -####################################################################### -# (7) Execute "local" rules. (OPTIONAL). # -####################################################################### - - - diff --git a/security/dbm/src/config.mk b/security/dbm/src/config.mk deleted file mode 100644 index 370fd75d6..000000000 --- a/security/dbm/src/config.mk +++ /dev/null @@ -1,63 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -DEFINES += -DMEMMOVE -D__DBINTERFACE_PRIVATE $(SECURITY_FLAG) - -INCLUDES += -I$(CORE_DEPTH)/../dbm/include - -# -# Currently, override TARGETS variable so that only static libraries -# are specifed as dependencies within rules.mk. -# - -TARGETS = $(LIBRARY) -SHARED_LIBRARY = -IMPORT_LIBRARY = -PURE_LIBRARY = -PROGRAM = - -ifdef SHARED_LIBRARY - ifeq (,$(filter-out WINNT WIN95 WINCE,$(OS_TARGET))) # list omits WIN16 - DLLBASE=/BASE:0x30000000 - RES=$(OBJDIR)/dbm.res - RESNAME=../include/dbm.rc - endif - ifeq ($(DLL_SUFFIX),dll) - DEFINES += -D_DLL - endif -endif - -ifeq ($(OS_TARGET),AIX) - OS_LIBS += -lc_r -endif diff --git a/security/dbm/src/dirent.c b/security/dbm/src/dirent.c deleted file mode 100644 index 001a48c5c..000000000 --- a/security/dbm/src/dirent.c +++ /dev/null @@ -1,348 +0,0 @@ -#ifdef OS2 - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <ctype.h> - -#include <dirent.h> -#include <errno.h> - -/*#ifndef __EMX__ -#include <libx.h> -#endif */ - -#define INCL_DOSFILEMGR -#define INCL_DOSERRORS -#include <os2.h> - -#if OS2 >= 2 -# define FFBUF FILEFINDBUF3 -# define Word ULONG - /* - * LS20 recommends a request count of 100, but according to the - * APAR text it does not lead to missing files, just to funny - * numbers of returned entries. - * - * LS30 HPFS386 requires a count greater than 2, or some files - * are missing (those starting with a character less that '.'). - * - * Novell looses entries which overflow the buffer. In previous - * versions of dirent2, this could have lead to missing files - * when the average length of 100 directory entries was 40 bytes - * or more (quite unlikely for files on a Novell server). - * - * Conclusion: Make sure that the entries all fit into the buffer - * and that the buffer is large enough for more than 2 entries - * (each entry is at most 300 bytes long). And ignore the LS20 - * effect. - */ -# define Count 25 -# define BufSz (25 * (sizeof(FILEFINDBUF3)+1)) -#else -# define FFBUF FILEFINDBUF -# define Word USHORT -# define BufSz 1024 -# define Count 3 -#endif - -#if defined(__IBMC__) || defined(__IBMCPP__) - #define error(rc) _doserrno = rc, errno = EOS2ERR -#elif defined(MICROSOFT) - #define error(rc) _doserrno = rc, errno = 255 -#else - #define error(rc) errno = 255 -#endif - -struct _dirdescr { - HDIR handle; /* DosFindFirst handle */ - char fstype; /* filesystem type */ - Word count; /* valid entries in <ffbuf> */ - long number; /* absolute number of next entry */ - int index; /* relative number of next entry */ - FFBUF * next; /* pointer to next entry */ - char name[MAXPATHLEN+3]; /* directory name */ - unsigned attrmask; /* attribute mask for seekdir */ - struct dirent entry; /* buffer for directory entry */ - BYTE ffbuf[BufSz]; -}; - -/* - * Return first char of filesystem type, or 0 if unknown. - */ -static char -getFSType(const char *path) -{ - static char cache[1+26]; - char drive[3], info[512]; - Word unit, infolen; - char r; - - if (isalpha(path[0]) && path[1] == ':') { - unit = toupper(path[0]) - '@'; - path += 2; - } else { - ULONG driveMap; -#if OS2 >= 2 - if (DosQueryCurrentDisk(&unit, &driveMap)) -#else - if (DosQCurDisk(&unit, &driveMap)) -#endif - return 0; - } - - if ((path[0] == '\\' || path[0] == '/') - && (path[1] == '\\' || path[1] == '/')) - return 0; - - if (cache [unit]) - return cache [unit]; - - drive[0] = '@' + unit; - drive[1] = ':'; - drive[2] = '\0'; - infolen = sizeof info; -#if OS2 >= 2 - if (DosQueryFSAttach(drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen)) - return 0; - if (infolen >= sizeof(FSQBUFFER2)) { - FSQBUFFER2 *p = (FSQBUFFER2 *)info; - r = p->szFSDName[p->cbName]; - } else -#else - if (DosQFSAttach((PSZ)drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen, 0)) - return 0; - if (infolen >= 9) { - char *p = info + sizeof(USHORT); - p += sizeof(USHORT) + *(USHORT *)p + 1 + sizeof(USHORT); - r = *p; - } else -#endif - r = 0; - return cache [unit] = r; -} - -char * -abs_path(const char *name, char *buffer, int len) -{ - char buf[4]; - if (isalpha(name[0]) && name[1] == ':' && name[2] == '\0') { - buf[0] = name[0]; - buf[1] = name[1]; - buf[2] = '.'; - buf[3] = '\0'; - name = buf; - } -#if OS2 >= 2 - if (DosQueryPathInfo((PSZ)name, FIL_QUERYFULLNAME, buffer, len)) -#else - if (DosQPathInfo((PSZ)name, FIL_QUERYFULLNAME, (PBYTE)buffer, len, 0L)) -#endif - return NULL; - return buffer; -} - -DIR * -openxdir(const char *path, unsigned att_mask) -{ - DIR *dir; - char name[MAXPATHLEN+3]; - Word rc; - - dir = malloc(sizeof(DIR)); - if (dir == NULL) { - errno = ENOMEM; - return NULL; - } - - strncpy(name, path, MAXPATHLEN); - name[MAXPATHLEN] = '\0'; - switch (name[strlen(name)-1]) { - default: - strcat(name, "\\"); - case '\\': - case '/': - case ':': - ; - } - strcat(name, "."); - if (!abs_path(name, dir->name, MAXPATHLEN+1)) - strcpy(dir->name, name); - if (dir->name[strlen(dir->name)-1] == '\\') - strcat(dir->name, "*"); - else - strcat(dir->name, "\\*"); - - dir->fstype = getFSType(dir->name); - dir->attrmask = att_mask | A_DIR; - - dir->handle = HDIR_CREATE; - dir->count = 100; -#if OS2 >= 2 - rc = DosFindFirst(dir->name, &dir->handle, dir->attrmask, - dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD); -#else - rc = DosFindFirst((PSZ)dir->name, &dir->handle, dir->attrmask, - (PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0); -#endif - switch (rc) { - default: - free(dir); - error(rc); - return NULL; - case NO_ERROR: - case ERROR_NO_MORE_FILES: - ; - } - - dir->number = 0; - dir->index = 0; - dir->next = (FFBUF *)dir->ffbuf; - - return (DIR *)dir; -} - -DIR * -opendir(const char *pathname) -{ - return openxdir(pathname, 0); -} - -struct dirent * -readdir(DIR *dir) -{ - static int dummy_ino = 2; - - if (dir->index == dir->count) { - Word rc; - dir->count = 100; -#if OS2 >= 2 - rc = DosFindNext(dir->handle, dir->ffbuf, - sizeof dir->ffbuf, &dir->count); -#else - rc = DosFindNext(dir->handle, (PFILEFINDBUF)dir->ffbuf, - sizeof dir->ffbuf, &dir->count); -#endif - if (rc) { - error(rc); - return NULL; - } - - dir->index = 0; - dir->next = (FFBUF *)dir->ffbuf; - } - - if (dir->index == dir->count) - return NULL; - - memcpy(dir->entry.d_name, dir->next->achName, dir->next->cchName); - dir->entry.d_name[dir->next->cchName] = '\0'; - dir->entry.d_ino = dummy_ino++; - dir->entry.d_reclen = dir->next->cchName; - dir->entry.d_namlen = dir->next->cchName; - dir->entry.d_size = dir->next->cbFile; - dir->entry.d_attribute = dir->next->attrFile; - dir->entry.d_time = *(USHORT *)&dir->next->ftimeLastWrite; - dir->entry.d_date = *(USHORT *)&dir->next->fdateLastWrite; - - switch (dir->fstype) { - case 'F': /* FAT */ - case 'C': /* CDFS */ - if (dir->next->attrFile & FILE_DIRECTORY) - strupr(dir->entry.d_name); - else - strlwr(dir->entry.d_name); - } - -#if OS2 >= 2 - dir->next = (FFBUF *)((BYTE *)dir->next + dir->next->oNextEntryOffset); -#else - dir->next = (FFBUF *)((BYTE *)dir->next->achName + dir->next->cchName + 1); -#endif - ++dir->number; - ++dir->index; - - return &dir->entry; -} - -long -telldir(DIR *dir) -{ - return dir->number; -} - -void -seekdir(DIR *dir, long off) -{ - if (dir->number > off) { - char name[MAXPATHLEN+2]; - Word rc; - - DosFindClose(dir->handle); - - strcpy(name, dir->name); - strcat(name, "*"); - - dir->handle = HDIR_CREATE; - dir->count = 32767; -#if OS2 >= 2 - rc = DosFindFirst(name, &dir->handle, dir->attrmask, - dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD); -#else - rc = DosFindFirst((PSZ)name, &dir->handle, dir->attrmask, - (PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0); -#endif - switch (rc) { - default: - error(rc); - return; - case NO_ERROR: - case ERROR_NO_MORE_FILES: - ; - } - - dir->number = 0; - dir->index = 0; - dir->next = (FFBUF *)dir->ffbuf; - } - - while (dir->number < off && readdir(dir)) - ; -} - -void -closedir(DIR *dir) -{ - DosFindClose(dir->handle); - free(dir); -} - -/*****************************************************************************/ - -#ifdef TEST - -main(int argc, char **argv) -{ - int i; - DIR *dir; - struct dirent *ep; - - for (i = 1; i < argc; ++i) { - dir = opendir(argv[i]); - if (!dir) - continue; - while (ep = readdir(dir)) - if (strchr("\\/:", argv[i] [strlen(argv[i]) - 1])) - printf("%s%s\n", argv[i], ep->d_name); - else - printf("%s/%s\n", argv[i], ep->d_name); - closedir(dir); - } - - return 0; -} - -#endif - -#endif /* OS2 */ - diff --git a/security/dbm/src/dirent.h b/security/dbm/src/dirent.h deleted file mode 100644 index 07a6c0ac8..000000000 --- a/security/dbm/src/dirent.h +++ /dev/null @@ -1,97 +0,0 @@ -#ifndef __DIRENT_H__ -#define __DIRENT_H__ -/* - * @(#)msd_dir.h 1.4 87/11/06 Public Domain. - * - * A public domain implementation of BSD directory routines for - * MS-DOS. Written by Michael Rendell ({uunet,utai}michael@garfield), - * August 1897 - * - * Extended by Peter Lim (lim@mullian.oz) to overcome some MS DOS quirks - * and returns 2 more pieces of information - file size & attribute. - * Plus a little reshuffling of some #define's positions December 1987 - * - * Some modifications by Martin Junius 02-14-89 - * - * AK900712 - * AK910410 abs_path - make absolute path - * - */ - -#ifdef __EMX__ -#include <sys/param.h> -#else -#if defined(__IBMC__) || defined(__IBMCPP__) || defined(XP_W32_MSVC) -#include <stdio.h> -#ifdef MAXPATHLEN - #undef MAXPATHLEN -#endif -#define MAXPATHLEN (FILENAME_MAX*4) -#define MAXNAMLEN FILENAME_MAX - -#else -#include <param.h> -#endif -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* attribute stuff */ -#ifndef A_RONLY -# define A_RONLY 0x01 -# define A_HIDDEN 0x02 -# define A_SYSTEM 0x04 -# define A_LABEL 0x08 -# define A_DIR 0x10 -# define A_ARCHIVE 0x20 -#endif - -struct dirent { -#if defined(OS2) || defined(WIN32) /* use the layout of EMX to avoid trouble */ - int d_ino; /* Dummy */ - int d_reclen; /* Dummy, same as d_namlen */ - int d_namlen; /* length of name */ - char d_name[MAXNAMLEN + 1]; - unsigned long d_size; - unsigned short d_attribute; /* attributes (see above) */ - unsigned short d_time; /* modification time */ - unsigned short d_date; /* modification date */ -#else - char d_name[MAXNAMLEN + 1]; /* garentee null termination */ - char d_attribute; /* .. extension .. */ - unsigned long d_size; /* .. extension .. */ -#endif -}; - -typedef struct _dirdescr DIR; -/* the structs do not have to be defined here */ - -extern DIR *opendir(const char *); -extern DIR *openxdir(const char *, unsigned); -extern struct dirent *readdir(DIR *); -extern void seekdir(DIR *, long); -extern long telldir(DIR *); -extern void closedir(DIR *); -#define rewinddir(dirp) seekdir(dirp, 0L) - -extern char * abs_path(const char *name, char *buffer, int len); - -#ifndef S_IFMT -#define S_IFMT ( S_IFDIR | S_IFREG ) -#endif - -#ifndef S_ISDIR -#define S_ISDIR( m ) (((m) & S_IFMT) == S_IFDIR) -#endif - -#ifndef S_ISREG -#define S_ISREG( m ) (((m) & S_IFMT) == S_IFREG) -#endif - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/security/dbm/src/manifest.mn b/security/dbm/src/manifest.mn deleted file mode 100644 index 80f2abfd0..000000000 --- a/security/dbm/src/manifest.mn +++ /dev/null @@ -1,61 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# - -CORE_DEPTH = ../.. - -VPATH = $(CORE_DEPTH)/../dbm/src - -MODULE = dbm - -# -# memmove.c, snprintf.c, and strerror.c are not in CSRCS because -# the Standard C Library has memmove and strerror and DBM is not -# using snprintf. -# - -CSRCS = db.c \ - h_bigkey.c \ - h_func.c \ - h_log2.c \ - h_page.c \ - hash.c \ - hash_buf.c \ - hsearch.c \ - mktemp.c \ - ndbm.c \ - nsres.c \ - dirent.c \ - $(NULL) - -LIBRARY_NAME = dbm diff --git a/security/dbm/tests/Makefile b/security/dbm/tests/Makefile deleted file mode 100644 index fe132e19c..000000000 --- a/security/dbm/tests/Makefile +++ /dev/null @@ -1,69 +0,0 @@ -#! gmake -# -# The contents of this file are subject to the Mozilla Public -# License Version 1.1 (the "License"); you may not use this file -# except in compliance with the License. You may obtain a copy of -# the License at http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS -# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or -# implied. See the License for the specific language governing -# rights and limitations under the License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is Netscape -# Communications Corporation. Portions created by Netscape are -# Copyright (C) 1994-2000 Netscape Communications Corporation. All -# Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the -# terms of the GNU General Public License Version 2 or later (the -# "GPL"), in which case the provisions of the GPL are applicable -# instead of those above. If you wish to allow use of your -# version of this file only under the terms of the GPL and not to -# allow others to use your version of this file under the MPL, -# indicate your decision by deleting the provisions above and -# replace them with the notice and other provisions required by -# the GPL. If you do not delete the provisions above, a recipient -# may use your version of this file under either the MPL or the -# GPL. -# -DEPTH = ../.. -CORE_DEPTH = ../.. - -VPATH = $(CORE_DEPTH)/../dbm/tests - -MODULE = dbm - -CSRCS = lots.c - -PROGRAM = lots - -include $(DEPTH)/coreconf/config.mk - -include $(DEPTH)/dbm/config/config.mk - -ifeq (,$(filter-out WIN%,$(OS_TARGET))) -LIBDBM = ../src/$(PLATFORM)/dbm$(STATIC_LIB_SUFFIX) -else -LIBDBM = ../src/$(PLATFORM)/libdbm$(STATIC_LIB_SUFFIX) -endif - -INCLUDES += -I$(CORE_DEPTH)/../dbm/include - -LDFLAGS = $(LDOPTS) $(LIBDBM) - -include $(DEPTH)/coreconf/rules.mk - -lots.pure: lots - purify $(CC) -o lots.pure $(CFLAGS) $(OBJS) $(MYLIBS) - -crash: crash.o $(MYLIBS) - $(CC) -o crash $(CFLAGS) $^ - -crash.pure: crash.o $(MYLIBS) - purify $(CC) -o crash.pure $(CFLAGS) $^ - diff --git a/security/nss/cmd/strsclnt/strsclnt.c b/security/nss/cmd/strsclnt/strsclnt.c index 461ba0641..c7dafda15 100644 --- a/security/nss/cmd/strsclnt/strsclnt.c +++ b/security/nss/cmd/strsclnt/strsclnt.c @@ -295,8 +295,6 @@ printSecurityInfo(PRFileDesc *fd) fprintf(stderr, "strsclnt: issuer DN: %s\n", ip); PR_Free(ip); } - } - if (cert) { CERT_DestroyCertificate(cert); cert = NULL; } diff --git a/security/nss/lib/dev/ckhelper.c b/security/nss/lib/dev/ckhelper.c index 3e3c41ce3..26314245a 100644 --- a/security/nss/lib/dev/ckhelper.c +++ b/security/nss/lib/dev/ckhelper.c @@ -620,7 +620,7 @@ nssCryptokiCRL_GetAttributes PRUint32 i; NSS_CK_TEMPLATE_START(crl_template, attr, crl_size); - NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TOKEN, isToken); + /* NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TOKEN, isToken); */ if (encodingOpt) { NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE); } diff --git a/security/nss/lib/dev/devobject.c b/security/nss/lib/dev/devobject.c new file mode 100644 index 000000000..7818cac93 --- /dev/null +++ b/security/nss/lib/dev/devobject.c @@ -0,0 +1,1139 @@ +/* + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1994-2000 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#ifdef DEBUG +static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; +#endif /* DEBUG */ + +#ifndef DEV_H +#include "dev.h" +#endif /* DEV_H */ + +#ifndef DEVM_H +#include "devm.h" +#endif /* DEVM_H */ + +#ifndef NSSCKEPV_H +#include "nssckepv.h" +#endif /* NSSCKEPV_H */ + +#ifndef CKHELPER_H +#include "ckhelper.h" +#endif /* CKHELPER_H */ + +#ifndef BASE_H +#include "base.h" +#endif /* BASE_H */ + +/* XXX */ +#ifndef PKI_H +#include "pki.h" +#endif /* PKI_H */ + +/* XXX */ +#ifndef NSSPKI_H +#include "nsspki.h" +#endif /* NSSPKI_H */ + +#ifdef NSS_3_4_CODE +#include "pkim.h" /* for cert decoding */ +#include "pk11func.h" /* for PK11_HasRootCerts */ +#include "pki3hack.h" /* for STAN_ForceCERTCertificateUpdate */ +#endif + +/* The number of object handles to grab during each call to C_FindObjects */ +#define OBJECT_STACK_SIZE 16 + +NSS_IMPLEMENT PRStatus +nssToken_DeleteStoredObject +( + nssCryptokiInstance *instance +) +{ + CK_RV ckrv; + PRStatus nssrv; + PRBool createdSession = PR_FALSE; + NSSToken *token = instance->token; + void *epv = token->epv; + nssSession *session = NULL; + if (nssCKObject_IsAttributeTrue(instance->handle, CKA_TOKEN, + token->defaultSession, + token->slot, &nssrv)) { + if (nssSession_IsReadWrite(token->defaultSession)) { + session = token->defaultSession; + } else { + session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE); + createdSession = PR_TRUE; + } + } + if (session == NULL) { + return PR_FAILURE; + } + nssSession_EnterMonitor(session); + ckrv = CKAPI(epv)->C_DestroyObject(session->handle, instance->handle); + nssSession_ExitMonitor(session); + if (createdSession) { + nssSession_Destroy(session); + } + if (ckrv != CKR_OK) { + return PR_FAILURE; + } + return PR_SUCCESS; +} + +static CK_OBJECT_HANDLE +import_object +( + NSSToken *tok, + nssSession *sessionOpt, + CK_ATTRIBUTE_PTR objectTemplate, + CK_ULONG otsize +) +{ + nssSession *session = NULL; + PRBool createdSession = PR_FALSE; + void *epv = tok->epv; + CK_OBJECT_HANDLE object; + CK_RV ckrv; + if (nssCKObject_IsTokenObjectTemplate(objectTemplate, otsize)) { + if (sessionOpt) { + if (!nssSession_IsReadWrite(sessionOpt)) { + return CK_INVALID_HANDLE; + } else { + session = sessionOpt; + } + } else if (nssSession_IsReadWrite(tok->defaultSession)) { + session = tok->defaultSession; + } else { + session = nssSlot_CreateSession(tok->slot, NULL, PR_TRUE); + createdSession = PR_TRUE; + } + } else { + session = (sessionOpt) ? sessionOpt : tok->defaultSession; + } + if (session == NULL) { + return CK_INVALID_HANDLE; + } + nssSession_EnterMonitor(session); + ckrv = CKAPI(epv)->C_CreateObject(session->handle, + objectTemplate, otsize, + &object); + nssSession_ExitMonitor(session); + if (createdSession) { + nssSession_Destroy(session); + } + if (ckrv != CKR_OK) { + return CK_INVALID_HANDLE; + } + return object; +} + +static CK_OBJECT_HANDLE +find_object_by_template +( + NSSToken *tok, + nssSession *sessionOpt, + CK_ATTRIBUTE_PTR cktemplate, + CK_ULONG ctsize +) +{ + CK_SESSION_HANDLE hSession; + CK_OBJECT_HANDLE rvObject = CK_INVALID_HANDLE; + CK_ULONG count = 0; + CK_RV ckrv; + void *epv = tok->epv; + nssSession *session; + session = (sessionOpt) ? sessionOpt : tok->defaultSession; + hSession = session->handle; + nssSession_EnterMonitor(session); + ckrv = CKAPI(epv)->C_FindObjectsInit(hSession, cktemplate, ctsize); + if (ckrv != CKR_OK) { + nssSession_ExitMonitor(session); + return CK_INVALID_HANDLE; + } + ckrv = CKAPI(epv)->C_FindObjects(hSession, &rvObject, 1, &count); + if (ckrv != CKR_OK) { + nssSession_ExitMonitor(session); + return CK_INVALID_HANDLE; + } + ckrv = CKAPI(epv)->C_FindObjectsFinal(hSession); + nssSession_ExitMonitor(session); + if (ckrv != CKR_OK) { + return CK_INVALID_HANDLE; + } + return rvObject; +} + +static PRStatus +traverse_objects_by_template +( + NSSToken *tok, + nssSession *sessionOpt, + CK_ATTRIBUTE_PTR obj_template, + CK_ULONG otsize, + PRStatus (*callback)(NSSToken *t, nssSession *session, + CK_OBJECT_HANDLE h, void *arg), + void *arg +) +{ + NSSSlot *slot; + PRStatus cbrv; + PRUint32 i; + CK_RV ckrv; + CK_ULONG count; + CK_OBJECT_HANDLE *objectStack; + CK_OBJECT_HANDLE startOS[OBJECT_STACK_SIZE]; + CK_SESSION_HANDLE hSession; + NSSArena *objectArena = NULL; + nssSession *session; + nssList *objectList = NULL; + int objectStackSize = OBJECT_STACK_SIZE; + void *epv = tok->epv; + slot = tok->slot; + objectStack = startOS; + session = (sessionOpt) ? sessionOpt : tok->defaultSession; + hSession = session->handle; + nssSession_EnterMonitor(session); + ckrv = CKAPI(epv)->C_FindObjectsInit(hSession, obj_template, otsize); + if (ckrv != CKR_OK) { + nssSession_ExitMonitor(session); + goto loser; + } + while (PR_TRUE) { + ckrv = CKAPI(epv)->C_FindObjects(hSession, objectStack, + objectStackSize, &count); + if (ckrv != CKR_OK) { + nssSession_ExitMonitor(session); + goto loser; + } + if (count == objectStackSize) { + if (!objectList) { + objectArena = NSSArena_Create(); + objectList = nssList_Create(objectArena, PR_FALSE); + } + nssList_Add(objectList, objectStack); + objectStackSize = objectStackSize * 2; + objectStack = nss_ZNEWARRAY(objectArena, CK_OBJECT_HANDLE, + objectStackSize); + if (objectStack == NULL) { + count =0; + break; + /* return what we can */ + } + } else { + break; + } + } + ckrv = CKAPI(epv)->C_FindObjectsFinal(hSession); + nssSession_ExitMonitor(session); + if (ckrv != CKR_OK) { + goto loser; + } + if (objectList) { + nssListIterator *objects; + CK_OBJECT_HANDLE *localStack; + objects = nssList_CreateIterator(objectList); + objectStackSize = OBJECT_STACK_SIZE; + for (localStack = (CK_OBJECT_HANDLE *)nssListIterator_Start(objects); + localStack != NULL; + localStack = (CK_OBJECT_HANDLE *)nssListIterator_Next(objects)) { + for (i=0; i< objectStackSize; i++) { + cbrv = (*callback)(tok, session, localStack[i], arg); + } + objectStackSize = objectStackSize * 2; + } + nssListIterator_Finish(objects); + nssListIterator_Destroy(objects); + } + for (i=0; i<count; i++) { + cbrv = (*callback)(tok, session, objectStack[i], arg); + } + if (objectArena) + NSSArena_Destroy(objectArena); + return PR_SUCCESS; +loser: + if (objectArena) + NSSArena_Destroy(objectArena); + return PR_FAILURE; +} + +static nssCryptokiInstance * +create_cryptoki_instance +( + NSSArena *arena, + NSSToken *t, + CK_OBJECT_HANDLE h, + PRBool isTokenObject +) +{ + PRStatus nssrv; + nssCryptokiInstance *instance; + CK_ATTRIBUTE cert_template = { CKA_LABEL, NULL, 0 }; + nssrv = nssCKObject_GetAttributes(h, &cert_template, 1, + arena, t->defaultSession, t->slot); + if (nssrv != PR_SUCCESS) { + /* a failure here indicates a device error */ + return NULL; + } + instance = nss_ZNEW(arena, nssCryptokiInstance); + if (!instance) { + return NULL; + } + instance->handle = h; + instance->token = t; + instance->isTokenObject = isTokenObject; + NSS_CK_ATTRIBUTE_TO_UTF8(&cert_template, instance->label); + return instance; +} + +#ifdef NSS_3_4_CODE +/* exposing this for the smart card cache code */ +NSS_IMPLEMENT nssCryptokiInstance * +nssCryptokiInstance_Create +( + NSSArena *arena, + NSSToken *t, + CK_OBJECT_HANDLE h, + PRBool isTokenObject +) +{ + return create_cryptoki_instance(arena, t, h, isTokenObject); +} +#endif + +static NSSCertificateType +nss_cert_type_from_ck_attrib(CK_ATTRIBUTE_PTR attrib) +{ + CK_CERTIFICATE_TYPE ckCertType; + if (!attrib->pValue) { + /* default to PKIX */ + return NSSCertificateType_PKIX; + } + ckCertType = *((CK_ULONG *)attrib->pValue); + switch (ckCertType) { + case CKC_X_509: + return NSSCertificateType_PKIX; + default: + break; + } + return NSSCertificateType_Unknown; +} + +/* Create a certificate from an object handle. */ +static NSSCertificate * +get_token_cert +( + NSSToken *token, + nssSession *sessionOpt, + CK_OBJECT_HANDLE handle +) +{ + NSSCertificate *rvCert; + NSSArena *arena; + nssSession *session; + PRStatus nssrv; + CK_ULONG template_size; + CK_ATTRIBUTE cert_template[] = { + { CKA_CERTIFICATE_TYPE, NULL, 0 }, + { CKA_ID, NULL, 0 }, + { CKA_VALUE, NULL, 0 }, + { CKA_ISSUER, NULL, 0 }, + { CKA_SERIAL_NUMBER, NULL, 0 }, + { CKA_SUBJECT, NULL, 0 }, + { CKA_NETSCAPE_EMAIL, NULL, 0 } + }; + template_size = sizeof(cert_template) / sizeof(cert_template[0]); + session = (sessionOpt) ? sessionOpt : token->defaultSession; + arena = nssArena_Create(); + if (!arena) { + return NULL; + } + rvCert = nss_ZNEW(arena, NSSCertificate); + if (!rvCert) { + NSSArena_Destroy(arena); + return NULL; + } + nssrv = nssPKIObject_Initialize(&rvCert->object, arena, + token->trustDomain, NULL); + if (nssrv != PR_SUCCESS) { + goto loser; + } + nssrv = nssCKObject_GetAttributes(handle, + cert_template, template_size, + arena, session, token->slot); + if (nssrv != PR_SUCCESS) { + goto loser; + } + rvCert->type = nss_cert_type_from_ck_attrib(&cert_template[0]); + NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[1], &rvCert->id); + NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[2], &rvCert->encoding); + NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[3], &rvCert->issuer); + NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[4], &rvCert->serial); + NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[5], &rvCert->subject); + NSS_CK_ATTRIBUTE_TO_UTF8(&cert_template[6], rvCert->email); + /* XXX this would be better accomplished by dividing attributes to + * retrieve into "required" and "optional" + */ + if (rvCert->encoding.size == 0 || + rvCert->issuer.size == 0 || + rvCert->serial.size == 0 || + rvCert->subject.size == 0) + { + /* received a bum object from the token */ + goto loser; + } +#ifdef NSS_3_4_CODE + /* nss 3.4 database doesn't associate email address with cert */ + if (!rvCert->email) { + nssDecodedCert *dc; + NSSASCII7 *email; + dc = nssCertificate_GetDecoding(rvCert); + if (dc) { + email = dc->getEmailAddress(dc); + if (email) + rvCert->email = nssUTF8_Duplicate(email, arena); + } else { + goto loser; + } + } + /* nss 3.4 must deal with tokens that do not follow the PKCS#11 + * standard and return decoded serial numbers. The easiest way to + * work around this is just to grab the serial # from the full encoding + */ + if (PR_TRUE) { + nssDecodedCert *dc; + dc = nssCertificate_GetDecoding(rvCert); + if (dc) { + PRStatus sn_stat; + sn_stat = dc->getDERSerialNumber(dc, &rvCert->serial, arena); + if (sn_stat != PR_SUCCESS) { + goto loser; + } + } else { + goto loser; + } + } +#endif + return rvCert; +loser: + nssPKIObject_Destroy(&rvCert->object); + return (NSSCertificate *)NULL; +} + +NSS_IMPLEMENT PRStatus +nssToken_ImportCertificate +( + NSSToken *tok, + nssSession *sessionOpt, + NSSCertificate *cert, + NSSUTF8 *nickname, + PRBool asTokenObject +) +{ + nssCryptokiInstance *instance; + CK_CERTIFICATE_TYPE cert_type = CKC_X_509; + CK_OBJECT_HANDLE handle; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE cert_tmpl[9]; + CK_ULONG ctsize; + NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize); + if (asTokenObject) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } else { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CERTIFICATE_TYPE, cert_type); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, &cert->id); + NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, &cert->encoding); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, &cert->issuer); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, &cert->subject); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, &cert->serial); + NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize); + /* Import the certificate onto the token */ + handle = import_object(tok, sessionOpt, cert_tmpl, ctsize); + if (handle == CK_INVALID_HANDLE) { + return PR_FAILURE; + } + instance = create_cryptoki_instance(cert->object.arena, + tok, handle, asTokenObject); + if (!instance) { + /* XXX destroy object */ + return PR_FAILURE; + } + nssList_Add(cert->object.instanceList, instance); + /* XXX Fix this! */ + nssListIterator_Destroy(cert->object.instances); + cert->object.instances = nssList_CreateIterator(cert->object.instanceList); + return PR_SUCCESS; +} + +static PRBool +compare_cert_by_encoding(void *a, void *b) +{ + NSSCertificate *c1 = (NSSCertificate *)a; + NSSCertificate *c2 = (NSSCertificate *)b; + return (nssItem_Equal(&c1->encoding, &c2->encoding, NULL)); +} + +static PRStatus +retrieve_cert(NSSToken *t, nssSession *session, CK_OBJECT_HANDLE h, void *arg) +{ + PRStatus nssrv; + PRBool found, inCache; + nssTokenCertSearch *search = (nssTokenCertSearch *)arg; + NSSCertificate *cert = NULL; + nssListIterator *instances; + nssCryptokiInstance *ci; + CK_ATTRIBUTE derValue = { CKA_VALUE, NULL, 0 }; + inCache = PR_FALSE; + if (search->cached) { + NSSCertificate csi; /* a fake cert for indexing */ + nssrv = nssCKObject_GetAttributes(h, &derValue, 1, + NULL, session, t->slot); + NSS_CK_ATTRIBUTE_TO_ITEM(&derValue, &csi.encoding); + cert = (NSSCertificate *)nssList_Get(search->cached, &csi); + nss_ZFreeIf(csi.encoding.data); + } + found = PR_FALSE; + if (cert) { + inCache = PR_TRUE; + nssCertificate_AddRef(cert); + instances = cert->object.instances; + for (ci = (nssCryptokiInstance *)nssListIterator_Start(instances); + ci != (nssCryptokiInstance *)NULL; + ci = (nssCryptokiInstance *)nssListIterator_Next(instances)) + { + /* The builtins token will not return the same handle for objects + * during the lifetime of the token. Thus, assuming the found + * object is the same as the cached object if there is already an + * instance for the token. + */ + if (ci->token == t) { + found = PR_TRUE; + break; + } + } + nssListIterator_Finish(instances); + } else { + cert = get_token_cert(t, session, h); + if (!cert) return PR_FAILURE; + } + if (!found) { + PRBool isTokenObject; + /* XXX this is incorrect if the search is over both types */ + isTokenObject = (search->searchType == nssTokenSearchType_TokenOnly) ? + PR_TRUE : PR_FALSE; + ci = create_cryptoki_instance(cert->object.arena, t, h, isTokenObject); + if (!ci) { + NSSCertificate_Destroy(cert); + return PR_FAILURE; + } + nssList_Add(cert->object.instanceList, ci); + /* XXX Fix this! */ + nssListIterator_Destroy(cert->object.instances); + cert->object.instances = nssList_CreateIterator(cert->object.instanceList); + /* The cert was already discovered. If it was made into a + * CERTCertificate, we need to update it here, because we have found + * another instance of it. This new instance may cause the slot + * and nickname fields of the cert to change. + */ + if (cert->decoding && inCache) { + (void)STAN_ForceCERTCertificateUpdate(cert); + } + } + if (!inCache) { + nssrv = (*search->callback)(cert, search->cbarg); + } else { + nssrv = PR_SUCCESS; /* cached entries already handled */ + } +#ifdef NSS_3_4_CODE + CERT_DestroyCertificate(STAN_GetCERTCertificate(cert)); +#else + NSSCertificate_Destroy(cert); +#endif + + return nssrv; +} + +/* traverse all certificates - this should only happen if the token + * has been marked as "traversable" + */ +NSS_IMPLEMENT PRStatus +nssToken_TraverseCertificates +( + NSSToken *token, + nssSession *sessionOpt, + nssTokenCertSearch *search +) +{ + PRStatus nssrv; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE cert_template[2]; + CK_ULONG ctsize; + NSS_CK_TEMPLATE_START(cert_template, attr, ctsize); + /* Set the search to token/session only if provided */ + if (search->searchType == nssTokenSearchType_SessionOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } else if (search->searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize); + if (search->cached) { + nssList_SetCompareFunction(search->cached, compare_cert_by_encoding); + } + nssrv = traverse_objects_by_template(token, sessionOpt, + cert_template, ctsize, + retrieve_cert, search); + return nssrv; +} + +NSS_IMPLEMENT PRStatus +nssToken_TraverseCertificatesBySubject +( + NSSToken *token, + nssSession *sessionOpt, + NSSDER *subject, + nssTokenCertSearch *search +) +{ + PRStatus nssrv; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE subj_template[3]; + CK_ULONG stsize; + NSS_CK_TEMPLATE_START(subj_template, attr, stsize); + /* Set the search to token/session only if provided */ + if (search->searchType == nssTokenSearchType_SessionOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } else if (search->searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject); + NSS_CK_TEMPLATE_FINISH(subj_template, attr, stsize); + if (search->cached) { + nssList_SetCompareFunction(search->cached, compare_cert_by_encoding); + } + /* now traverse the token certs matching this template */ + nssrv = traverse_objects_by_template(token, sessionOpt, + subj_template, stsize, + retrieve_cert, search); + return nssrv; +} + +NSS_IMPLEMENT PRStatus +nssToken_TraverseCertificatesByNickname +( + NSSToken *token, + nssSession *sessionOpt, + NSSUTF8 *name, + nssTokenCertSearch *search +) +{ + PRStatus nssrv; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE nick_template[3]; + CK_ULONG ntsize; + NSS_CK_TEMPLATE_START(nick_template, attr, ntsize); + NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, name); + /* Set the search to token/session only if provided */ + if (search->searchType == nssTokenSearchType_SessionOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } else if (search->searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_TEMPLATE_FINISH(nick_template, attr, ntsize); + if (search->cached) { + nssList_SetCompareFunction(search->cached, compare_cert_by_encoding); + } + /* now traverse the token certs matching this template */ + nssrv = traverse_objects_by_template(token, sessionOpt, + nick_template, ntsize, + retrieve_cert, search); + if (nssrv != PR_SUCCESS) { + return nssrv; + } + /* This is to workaround the fact that PKCS#11 doesn't specify + * whether the '\0' should be included. XXX Is that still true? + * im - this is not needed by the current softoken. However, I'm + * leaving it in until I have surveyed more tokens to see if it needed. + * well, its needed by the builtin token... + */ + nick_template[0].ulValueLen++; + nssrv = traverse_objects_by_template(token, sessionOpt, + nick_template, ntsize, + retrieve_cert, search); + return nssrv; +} + +NSS_IMPLEMENT PRStatus +nssToken_TraverseCertificatesByEmail +( + NSSToken *token, + nssSession *sessionOpt, + NSSASCII7 *email, + nssTokenCertSearch *search +) +{ + PRStatus nssrv; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE email_template[3]; + CK_ULONG etsize; + NSS_CK_TEMPLATE_START(email_template, attr, etsize); + NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NETSCAPE_EMAIL, email); + /* Set the search to token/session only if provided */ + if (search->searchType == nssTokenSearchType_SessionOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } else if (search->searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_TEMPLATE_FINISH(email_template, attr, etsize); + if (search->cached) { + nssList_SetCompareFunction(search->cached, compare_cert_by_encoding); + } + /* now traverse the token certs matching this template */ + nssrv = traverse_objects_by_template(token, sessionOpt, + email_template, etsize, + retrieve_cert, search); + if (nssrv != PR_SUCCESS) { + return nssrv; + } +#if 0 + /* This is to workaround the fact that PKCS#11 doesn't specify + * whether the '\0' should be included. XXX Is that still true? + */ + email_tmpl[0].ulValueLen--; + nssrv = traverse_objects_by_template(token, sessionOpt, + email_tmpl, etsize, + retrieve_cert, search); +#endif + return nssrv; +} + +/* XXX these next two need to create instances as needed */ + +NSS_IMPLEMENT NSSCertificate * +nssToken_FindCertificateByIssuerAndSerialNumber +( + NSSToken *token, + nssSession *sessionOpt, + NSSDER *issuer, + NSSDER *serial, + nssTokenSearchType searchType +) +{ + NSSCertificate *rvCert = NULL; + nssSession *session; + PRStatus nssrv; + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE cert_template[4]; + CK_ULONG ctsize; + NSS_CK_TEMPLATE_START(cert_template, attr, ctsize); + /* Set the search to token/session only if provided */ + if (searchType == nssTokenSearchType_SessionOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } else if (searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + /* Set the unique id */ + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, issuer); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, serial); + NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize); + /* get the object handle */ + object = find_object_by_template(token, sessionOpt, cert_template, ctsize); + if (object == CK_INVALID_HANDLE) { + return NULL; + } + session = (sessionOpt) ? sessionOpt : token->defaultSession; + rvCert = get_token_cert(token, sessionOpt, object); + if (rvCert) { + PRBool isTokenObject; + nssCryptokiInstance *instance; + isTokenObject = nssCKObject_IsAttributeTrue(object, CKA_TOKEN, + session, token->slot, + &nssrv); + instance = create_cryptoki_instance(rvCert->object.arena, + token, object, isTokenObject); + if (!instance) { + NSSCertificate_Destroy(rvCert); + return NULL; + } + nssList_Add(rvCert->object.instanceList, instance); + /* XXX Fix this! */ + nssListIterator_Destroy(rvCert->object.instances); + rvCert->object.instances = nssList_CreateIterator(rvCert->object.instanceList); + } + return rvCert; +} + +NSS_IMPLEMENT NSSCertificate * +nssToken_FindCertificateByEncodedCertificate +( + NSSToken *token, + nssSession *sessionOpt, + NSSBER *encodedCertificate, + nssTokenSearchType searchType +) +{ + NSSCertificate *rvCert = NULL; + nssSession *session; + PRStatus nssrv; + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE cert_template[3]; + CK_ULONG ctsize; + NSS_CK_TEMPLATE_START(cert_template, attr, ctsize); + /* Set the search to token/session only if provided */ + if (searchType == nssTokenSearchType_SessionOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } else if (searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encodedCertificate); + NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize); + /* get the object handle */ + object = find_object_by_template(token, sessionOpt, cert_template, ctsize); + if (object == CK_INVALID_HANDLE) { + return NULL; + } + session = (sessionOpt) ? sessionOpt : token->defaultSession; + rvCert = get_token_cert(token, sessionOpt, object); + if (rvCert) { + PRBool isTokenObject; + nssCryptokiInstance *instance; + isTokenObject = nssCKObject_IsAttributeTrue(object, CKA_TOKEN, + session, token->slot, + &nssrv); + instance = create_cryptoki_instance(rvCert->object.arena, + token, object, isTokenObject); + if (!instance) { + NSSCertificate_Destroy(rvCert); + return NULL; + } + nssList_Add(rvCert->object.instanceList, instance); + /* XXX Fix this! */ + nssListIterator_Destroy(rvCert->object.instances); + rvCert->object.instances = nssList_CreateIterator(rvCert->object.instanceList); + } + return rvCert; +} + +static void +sha1_hash(NSSItem *input, NSSItem *output) +{ + NSSAlgorithmAndParameters *ap; + NSSToken *token = STAN_GetDefaultCryptoToken(); + ap = NSSAlgorithmAndParameters_CreateSHA1Digest(NULL); + (void)nssToken_Digest(token, NULL, ap, input, output, NULL); +#ifdef NSS_3_4_CODE + PK11_FreeSlot(token->pk11slot); +#endif + nss_ZFreeIf(ap); +} + +static void +md5_hash(NSSItem *input, NSSItem *output) +{ + NSSAlgorithmAndParameters *ap; + NSSToken *token = STAN_GetDefaultCryptoToken(); + ap = NSSAlgorithmAndParameters_CreateMD5Digest(NULL); + (void)nssToken_Digest(token, NULL, ap, input, output, NULL); +#ifdef NSS_3_4_CODE + PK11_FreeSlot(token->pk11slot); +#endif + nss_ZFreeIf(ap); +} + +NSS_IMPLEMENT PRStatus +nssToken_ImportTrust +( + NSSToken *tok, + nssSession *sessionOpt, + NSSTrust *trust, + PRBool asTokenObject +) +{ + CK_OBJECT_HANDLE handle; + CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_TRUST; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE trust_tmpl[10]; + CK_ULONG tsize; + PRUint8 sha1[20]; /* this is cheating... */ + PRUint8 md5[16]; + NSSItem sha1_result, md5_result; + NSSCertificate *c = trust->certificate; + sha1_result.data = sha1; sha1_result.size = sizeof sha1; + md5_result.data = md5; md5_result.size = sizeof md5; + sha1_hash(&c->encoding, &sha1_result); + md5_hash(&c->encoding, &md5_result); + NSS_CK_TEMPLATE_START(trust_tmpl, attr, tsize); + if (asTokenObject) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } else { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } + NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, tobjc); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, &c->issuer); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, &c->serial); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, &sha1_result); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_MD5_HASH, &md5_result); + /* now set the trust values */ + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH, trust->serverAuth); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, trust->clientAuth); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, trust->codeSigning); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, + trust->emailProtection); + NSS_CK_TEMPLATE_FINISH(trust_tmpl, attr, tsize); + /* import the trust object onto the token */ + handle = import_object(tok, NULL, trust_tmpl, tsize); + if (handle != CK_INVALID_HANDLE) { + nssCryptokiInstance *instance; + instance = create_cryptoki_instance(trust->object.arena, + tok, handle, asTokenObject); + if (!instance) { + return PR_FAILURE; + } + nssList_Add(trust->object.instanceList, instance); + /* XXX Fix this! */ + nssListIterator_Destroy(trust->object.instances); + trust->object.instances = nssList_CreateIterator(trust->object.instanceList); + tok->hasNoTrust = PR_FALSE; + return PR_SUCCESS; + } + return PR_FAILURE; +} + +NSS_IMPLEMENT PRStatus +nssToken_SetTrustCache +( + NSSToken *token +) +{ + CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_TRUST; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE tobj_template[2]; + CK_ULONG tobj_size; + CK_OBJECT_HANDLE obj; + nssSession *session = token->defaultSession; + + NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size); + NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, tobjc); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size); + + obj = find_object_by_template(token, session, + tobj_template, tobj_size); + token->hasNoTrust = PR_FALSE; + if (obj == CK_INVALID_HANDLE) { + token->hasNoTrust = PR_TRUE; + } + return PR_SUCCESS; +} + +NSS_IMPLEMENT PRStatus +nssToken_SetCrlCache +( + NSSToken *token +) +{ + CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_CRL; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE tobj_template[2]; + CK_ULONG tobj_size; + CK_OBJECT_HANDLE obj; + nssSession *session = token->defaultSession; + + NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size); + NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, tobjc); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size); + + obj = find_object_by_template(token, session, + tobj_template, tobj_size); + token->hasNoCrls = PR_TRUE; + if (obj == CK_INVALID_HANDLE) { + token->hasNoCrls = PR_TRUE; + } + return PR_SUCCESS; +} + +static CK_OBJECT_HANDLE +get_cert_trust_handle +( + NSSToken *token, + nssSession *session, + NSSCertificate *c, + nssTokenSearchType searchType +) +{ + CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_TRUST; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE tobj_template[5]; + CK_ULONG tobj_size; + PRUint8 sha1[20]; /* this is cheating... */ + NSSItem sha1_result; + + if (token->hasNoTrust) { + return CK_INVALID_HANDLE; + } + sha1_result.data = sha1; sha1_result.size = sizeof sha1; + sha1_hash(&c->encoding, &sha1_result); + NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size); + if (searchType == nssTokenSearchType_SessionOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); + } else if (searchType == nssTokenSearchType_TokenOnly) { + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true); + } + NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, tobjc); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, &sha1_result); +#ifdef NSS_3_4_CODE + if (!PK11_HasRootCerts(token->pk11slot)) { +#endif + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, &c->issuer); + NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER , &c->serial); +#ifdef NSS_3_4_CODE + } + /* + * we need to arrange for the built-in token to lose the bottom 2 + * attributes so that old built-in tokens will continue to work. + */ +#endif + NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size); + return find_object_by_template(token, session, + tobj_template, tobj_size); +} + +NSS_IMPLEMENT NSSTrust * +nssToken_FindTrustForCert +( + NSSToken *token, + nssSession *sessionOpt, + NSSCertificate *c, + nssTokenSearchType searchType +) +{ + PRStatus nssrv; + NSSTrust *rvTrust; + nssSession *session; + NSSArena *arena; + nssCryptokiInstance *instance; + PRBool isTokenObject; + CK_BBOOL isToken; + CK_TRUST saTrust, caTrust, epTrust, csTrust; + CK_OBJECT_HANDLE tobjID; + CK_ATTRIBUTE_PTR attr; + CK_ATTRIBUTE trust_template[5]; + CK_ULONG trust_size; + session = (sessionOpt) ? sessionOpt : token->defaultSession; + tobjID = get_cert_trust_handle(token, session, c, searchType); + if (tobjID == CK_INVALID_HANDLE) { + return NULL; + } + /* Then use the trust object to find the trust settings */ + NSS_CK_TEMPLATE_START(trust_template, attr, trust_size); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TOKEN, isToken); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH, saTrust); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, caTrust); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, epTrust); + NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, csTrust); + NSS_CK_TEMPLATE_FINISH(trust_template, attr, trust_size); + nssrv = nssCKObject_GetAttributes(tobjID, + trust_template, trust_size, + NULL, session, token->slot); + if (nssrv != PR_SUCCESS) { + return NULL; + } + arena = nssArena_Create(); + if (!arena) { + return NULL; + } + rvTrust = nss_ZNEW(arena, NSSTrust); + if (!rvTrust) { + nssArena_Destroy(arena); + return NULL; + } + nssrv = nssPKIObject_Initialize(&rvTrust->object, arena, + token->trustDomain, NULL); + if (nssrv != PR_SUCCESS) { + goto loser; + } + isTokenObject = (isToken == CK_TRUE) ? PR_TRUE : PR_FALSE; + instance = create_cryptoki_instance(arena, token, tobjID, isTokenObject); + if (!instance) { + goto loser; + } + rvTrust->serverAuth = saTrust; + rvTrust->clientAuth = caTrust; + rvTrust->emailProtection = epTrust; + rvTrust->codeSigning = csTrust; + return rvTrust; +loser: + nssPKIObject_Destroy(&rvTrust->object); + return (NSSTrust *)NULL; +} + +NSS_IMPLEMENT PRBool +nssToken_HasCrls +( + NSSToken *tok +) +{ + return !tok->hasNoCrls; +} + +NSS_IMPLEMENT PRStatus +nssToken_SetHasCrls +( + NSSToken *tok +) +{ + tok->hasNoCrls = PR_FALSE; + return PR_SUCCESS; +} + +NSS_IMPLEMENT PRBool +nssToken_IsPresent +( + NSSToken *token +) +{ + return nssSlot_IsTokenPresent(token->slot); +} + diff --git a/security/nss/lib/dev/devslot.c b/security/nss/lib/dev/devslot.c index 843a5bd4b..30f4855c3 100644 --- a/security/nss/lib/dev/devslot.c +++ b/security/nss/lib/dev/devslot.c @@ -176,17 +176,16 @@ nssSlot_Destroy NSSSlot *slot ) { +#ifdef PURE_STAN_BUILD if (slot) { PR_AtomicDecrement(&slot->base.refCount); if (slot->base.refCount == 0) { - PZ_DestroyLock(slot->base.lock); -#ifdef PURE_STAN_BUILD nssToken_Destroy(slot->token); nssModule_DestroyFromSlot(slot->module, slot); -#endif return nssArena_Destroy(slot->base.arena); } } +#endif return PR_SUCCESS; } diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index 326ef8c99..2b2af4fea 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -1709,6 +1709,11 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts) slot->protectedAuthPath = ((tokenInfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH) ? PR_TRUE : PR_FALSE); + /* on some platforms Active Card incorrectly sets the + * CKF_PROTECTED_AUTHENTICATION_PATH bit when it doesn't mean to. */ + if (slot->isActiveCard) { + slot->protectedAuthPath = PR_FALSE; + } tmp = PK11_MakeString(NULL,slot->token_name, (char *)tokenInfo.label, sizeof(tokenInfo.label)); slot->minPassword = tokenInfo.ulMinPinLen; @@ -1882,6 +1887,9 @@ PK11_InitSlot(SECMODModule *mod,CK_SLOT_ID slotID,PK11SlotInfo *slot) tmp = PK11_MakeString(NULL,slot->slot_name, (char *)slotInfo.slotDescription, sizeof(slotInfo.slotDescription)); slot->isHW = (PRBool)((slotInfo.flags & CKF_HW_SLOT) == CKF_HW_SLOT); +#define ACTIVE_CARD "ActivCard SA" + slot->isActiveCard = (PRBool)(PORT_Strncmp(slotInfo.manufacturerID, + ACTIVE_CARD, sizeof(ACTIVE_CARD)-1) == 0); if ((slotInfo.flags & CKF_REMOVABLE_DEVICE) == 0) { slot->isPerm = PR_TRUE; /* permanment slots must have the token present always */ diff --git a/security/nss/lib/pk11wrap/secmodti.h b/security/nss/lib/pk11wrap/secmodti.h index a2e81acc6..232b58c7a 100644 --- a/security/nss/lib/pk11wrap/secmodti.h +++ b/security/nss/lib/pk11wrap/secmodti.h @@ -130,6 +130,7 @@ struct PK11SlotInfoStr { PRBool hasRSAInfo; CK_FLAGS RSAInfoFlags; PRBool protectedAuthPath; + PRBool isActiveCard; /* for Stan */ NSSToken *nssToken; }; diff --git a/security/nss/lib/util/secoid.c b/security/nss/lib/util/secoid.c index 1ad0aa197..d7a74ae7a 100644 --- a/security/nss/lib/util/secoid.c +++ b/security/nss/lib/util/secoid.c @@ -61,7 +61,7 @@ #define NETSCAPE_OID 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42 #define NETSCAPE_CERT_EXT NETSCAPE_OID, 0x01 #define NETSCAPE_DATA_TYPE NETSCAPE_OID, 0x02 -/* netscape directory oid - owned by Mark Smith (mcs@netscape.com) */ +/* netscape directory oid - owned by Tim Howes(howes@netscape.com) */ #define NETSCAPE_DIRECTORY NETSCAPE_OID, 0x03 #define NETSCAPE_POLICY NETSCAPE_OID, 0x04 #define NETSCAPE_CERT_SERVER NETSCAPE_OID, 0x05 @@ -264,9 +264,6 @@ CONST_OID nsExtCertRenewalTime[] = { NETSCAPE_CERT_EXT, 0x0f }; CONST_OID nsExtAIACertRenewal[] = { NETSCAPE_CERT_EXT_AIA, 0x01 }; CONST_OID nsExtCertScopeOfUse[] = { NETSCAPE_CERT_EXT, 0x11 }; -/* Reserved Netscape (2 16 840 1 113730 1 18) = { NETSCAPE_CERT_EXT, 0x12 }; */ - -/* Netscape policy values */ CONST_OID nsKeyUsageGovtApproved[] = { NETSCAPE_POLICY, 0x01 }; /* Netscape other name types */ diff --git a/security/nss/tests/nssdir b/security/nss/tests/nssdir index 884c299f5..296872217 100755 --- a/security/nss/tests/nssdir +++ b/security/nss/tests/nssdir @@ -17,7 +17,7 @@ else if ( "$QAYEAR" == "" ) then endif -setenv NSS_VER_DIR /share/builds/mccrel3/nss/nss$NSSVER +setenv NSS_VER_DIR /share/builds/mccrel/nss/nss$NSSVER setenv NTDIST ${NSS_VER_DIR}/builds/${QAYEAR}${BUILDDATE}.1/blowfish_NT4.0_Win95/mozilla/dist setenv UXDIST ${NSS_VER_DIR}/builds/${QAYEAR}${BUILDDATE}.1/booboo_Solaris8/mozilla/dist setenv TESTSCRIPTDIR ${NSS_VER_DIR}/builds/${QAYEAR}${BUILDDATE}.1/booboo_Solaris8/mozilla/security/nss/tests diff --git a/security/nss/tests/set_environment b/security/nss/tests/set_environment index 5a3515cca..829d6c6d9 100644 --- a/security/nss/tests/set_environment +++ b/security/nss/tests/set_environment @@ -33,7 +33,6 @@ if [ "$os_name" != "Windows_95" -a \ then PATH=.:$HOME/bin:/tools/ns/bin:/bin:/usr/bin:/usr/sbin:/usr/ccs/bin:/usr/dist/local/exe:/usr/bin/X11:/usr/audio/bin:/u/sonmi/bin:$PATH JAVA_HOME="D:/i386/jdk1.2.2" - JAVA_HOME14="R:/jdk/1.4.0/WINNT" fi CVSROOT=:pserver:svbld@redcvs.red.iplanet.com:/m/src @@ -61,7 +60,6 @@ if [ "$os_name" = "HP-UX" ] then PATH=$PATH:/usr/local/bin:/opt/aCC/bin:/usr/local/bin/audio:/tools/ns/bin:/etc:/usr/contrib/bin:/usr/contrib/bin/X11:/usr/local/hpux/bin:/nfs/iapp1/hphome/bin:/etc:/u/svbld/bin/HP/perl/bin JAVA_HOME="/share/builds/components/cms_jdk/HP-UX/1.2.2.04" - JAVA_HOME14=$JAVA_HOME # JAVA_HOME="/share/builds/components/cms_jdk/HP-UX/1.3.0.00" elif [ "$os_name" = "SunOS" ] then @@ -73,12 +71,10 @@ then then #PATH=/usr/ucb:/opt/usr/local/bin:$PATH JAVA_HOME="/usr/java1.2" - JAVA_HOME14=/share/builds/components/jdk/1.4.0/SunOS_x86 PATH=".:/usr/dist/share/forte_dev_i386,v6.2/SUNWspro/bin:/opt/usr/local/perl5/bin:/opt/SUNWspro/bin:/opt/usr/local/bin:/bin:/usr/bin:/usr/sbin:/usr/ccs/bin:/usr/dist/local/exe:/usr/ccs/bin:/usr/ucb/bin:/usr/ucb:/opt/SUNWwabi/bin:/usr/local/bin:/tools/ns/bin:/etc:/tools/contrib/bin" else PATH=/usr/ucb:$PATH JAVA_HOME="/share/builds/components/jdk/1.2.2/SunOS" - JAVA_HOME14=/share/builds/components/jdk/1.4.0/SunOS64 PATH=/tools/ns/bin:$PATH:/opt/SUNWspro/bin:/usr/bin/X11:/usr/openwin/bin:/usr/openwin/demo if [ "$os_version" = "5.8" -o "$os_version" = "5.7" -o \ @@ -97,13 +93,11 @@ then PATH=$PATH:/tools/ns/bin:/usr/local/bin:/etc:/usr/bsd MANPATH=/tools/ns/man:/usr/local/man JAVA_HOME="/share/builds/components/jdk/1.2.2/IRIX" - JAVA_HOME14=$JAVA_HOME elif [ "$os_name" = "IRIX64" ] then PATH=$PATH:/tools/ns/bin:/usr/local/bin:/etc:/usr/bsd MANPATH=/tools/ns/man:/usr/local/man JAVA_HOME="/share/builds/components/jdk/1.2.2/IRIX" - JAVA_HOME14=$JAVA_HOME elif [ "$os_name" = "Linux" ] then PATH=/lib:/usr/lib:/bin:/sbin:/usr/bin:/usr/sbin:$PATH @@ -113,19 +107,16 @@ then BEFORE_CONTEXT_GREP="--before-context=10" AFTER_CONTEXT_GREP="--after-context=3" JAVA_HOME="/share/builds/components/jdk/1.2.2/Linux" - JAVA_HOME14=/share/builds/components/jdk/1.4.0/Linux elif [ "$os_name" = "AIX" ] then PATH=$PATH:/tools/contrib/bin:/usr/local/bin TERM=vt100 export TERM JAVA_HOME="/share/builds/components/cms_jdk/AIX/1.3.0" - JAVA_HOME14=$JAVA_HOME elif [ "$os_name" = "OSF1" ] then PATH=$PATH:/usr/local/bin JAVA_HOME="/share/builds/components/jdk/1.2.2/OSF1" - JAVA_HOME14=$JAVA_HOME fi if [ "$os_name" = "IRIX" ] @@ -227,8 +218,6 @@ system=`uname -n` # name of this system. JAVAC=$JAVA_HOME/bin/javac JAVA=$JAVA_HOME/bin/java -JAVAC14=$JAVA_HOME14/bin/javac -JAVA14=$JAVA_HOME14/bin/java #JAVA=$JAVA_HOME/jre/bin/java -export JAVAC JAVA JAVA_HOME JAVAC14 JAVA_HOME14 JAVA14 +export JAVAC JAVA JAVA_HOME |