diff options
| author | ian.mcgreer%sun.com <devnull@localhost> | 2002-09-12 20:19:22 +0000 |
|---|---|---|
| committer | ian.mcgreer%sun.com <devnull@localhost> | 2002-09-12 20:19:22 +0000 |
| commit | 5a19485d572d047cd3ce11f96116b1262753e01e (patch) | |
| tree | 82093f6d868fdbcf20b76ad44acf4ca9e0a58be6 /security/nss/cmd | |
| parent | cdb8c3d216f9e9146cb4b84cad687b0f585b21a7 (diff) | |
| download | nss-hg-5a19485d572d047cd3ce11f96116b1262753e01e.tar.gz | |
builtin help for commands
fix some bugs in password checking/changing
Diffstat (limited to 'security/nss/cmd')
| -rw-r--r-- | security/nss/cmd/cmdlib/cmdline.c | 60 | ||||
| -rw-r--r-- | security/nss/cmd/cmdlib/cmdpasswd.c | 104 | ||||
| -rw-r--r-- | security/nss/cmd/cmdlib/cmdutil.h | 15 | ||||
| -rw-r--r-- | security/nss/cmd/pkiutil/pkiutil.c | 124 |
4 files changed, 170 insertions, 133 deletions
diff --git a/security/nss/cmd/cmdlib/cmdline.c b/security/nss/cmd/cmdlib/cmdline.c index b82da8997..e7c79bda6 100644 --- a/security/nss/cmd/cmdlib/cmdline.c +++ b/security/nss/cmd/cmdlib/cmdline.c @@ -82,7 +82,7 @@ print_ps_indent(cmdPrintState *ps) PR_fprintf(ps->file, "\n"); ps->linepos = 0; } - for (j=0; j<=ps->indent; j++) PR_fprintf(ps->file, " "); + for (j=0; j<ps->indent; j++) PR_fprintf(ps->file, " "); ps->linepos = ps->indent; } @@ -346,7 +346,7 @@ next_flag: } void -CMD_LongUsage(char *progName, cmdCommand *cmd, cmdUsageCallback usage) +CMD_LongUsage(char *progName, cmdCommand *cmd) { int i, j; PRBool oneCommand = PR_FALSE; @@ -355,11 +355,11 @@ CMD_LongUsage(char *progName, cmdCommand *cmd, cmdUsageCallback usage) nprintf(&ps, "\n%s: ", progName); /* prints app-specific header */ ps.indent = strlen(progName) + 4; - usage(&ps, 0, PR_FALSE, PR_TRUE, PR_FALSE); + nprintf(&ps, "%s\n", cmd->description); for (i=0; i<cmd->ncmd; i++) if (cmd->cmd[i].on) oneCommand = PR_TRUE; for (i=0; i<cmd->ncmd; i++) { if ((oneCommand && cmd->cmd[i].on) || !oneCommand) { - ps.indent = 0; + ps.indent = 1; print_ps_indent(&ps); if (cmd->cmd[i].c != 0) { nprintf(&ps, "-%c, ", cmd->cmd[i].c); @@ -368,7 +368,7 @@ CMD_LongUsage(char *progName, cmdCommand *cmd, cmdUsageCallback usage) nprintf(&ps, "--%-20s ", cmd->cmd[i].s); } ps.indent += 20; - usage(&ps, i, PR_TRUE, PR_FALSE, PR_FALSE); + nprintf(&ps, "%s\n", cmd->cmd[i].help); for (j=0; j<cmd->nopt; j++) { if (cmd->cmd[i].req[ZERO] & CMDBIT(j)) { ps.indent = 0; @@ -381,7 +381,7 @@ CMD_LongUsage(char *progName, cmdCommand *cmd, cmdUsageCallback usage) nprintf(&ps, "--%-20s ", cmd->opt[j].s); } ps.indent += 29; - usage(&ps, j, PR_FALSE, PR_FALSE, PR_FALSE); + nprintf(&ps, "%s", cmd->optHelp[j]); } } for (j=0; j<cmd->nopt; j++) { @@ -396,7 +396,7 @@ CMD_LongUsage(char *progName, cmdCommand *cmd, cmdUsageCallback usage) nprintf(&ps, "--%-20s ", cmd->opt[j].s); } ps.indent += 29; - usage(&ps, j, PR_FALSE, PR_FALSE, PR_FALSE); + nprintf(&ps, "%s", cmd->optHelp[j]); } } } @@ -404,8 +404,6 @@ CMD_LongUsage(char *progName, cmdCommand *cmd, cmdUsageCallback usage) } ps.indent = 0; nprintf(&ps, "\n* - required flag for command\n\n"); - /* prints app-specific footer */ - usage(&ps, 0, PR_FALSE, PR_FALSE, PR_TRUE); /*nprintf(&ps, "\n\n");*/ exit(1); } @@ -485,28 +483,50 @@ void CMD_InteractiveUsage(char *progName, cmdCommand *cmd) { int i, j; - PRBool first; cmdPrintState ps; + int cmdToHelp = -1; init_print_ps(&ps, PR_STDERR, 80, 0); ps.indent = 1; print_ps_to_indent(&ps); for (i=0; i<cmd->ncmd; i++) { - nprintf(&ps, "%s", cmd->cmd[i].s); - first = PR_TRUE; + if (cmd->cmd[i].on) { + cmdToHelp = i; + break; + } + } + if (cmdToHelp > 0) { + nprintf(&ps, "%s\n", cmd->cmd[cmdToHelp].help); for (j=0; j<cmd->nopt; j++) { - if (cmd->cmd[i].req[ZERO] & CMDBIT(j)) { - nprintf(&ps, " %s", cmd->opt[j].s); + if (cmd->cmd[cmdToHelp].req[ZERO] & CMDBIT(j)) { + nprintf(&ps, " %s", cmd->opt[j].s); + if (cmd->opt[j].argUse == CMDArgReq) { + nprintf(&ps, "=%s", cmd->opt[j].s); + } else if (cmd->opt[j].argUse == CMDArgOpt) { + nprintf(&ps, "(=%s)", cmd->opt[j].s); + } + nprintf(&ps, " %s\n", cmd->optHelp[j]); } } - first = PR_TRUE; for (j=0; j<cmd->nopt; j++) { - if (cmd->cmd[i].opt[ZERO] & CMDBIT(j) && - cmd->opt[j].argUse != CMDNoArg) { - nprintf(&ps, " [%s]", cmd->opt[j].s, cmd->opt[j].s); + if (cmd->cmd[cmdToHelp].opt[ZERO] & CMDBIT(j)) { + nprintf(&ps, " [%s", cmd->opt[j].s); + if (cmd->opt[j].argUse == CMDArgReq) { + nprintf(&ps, "=%s]", cmd->opt[j].s); + } else if (cmd->opt[j].argUse == CMDArgOpt) { + nprintf(&ps, "(=%s)]", cmd->opt[j].s); + } else { + nprintf(&ps, "]", cmd->opt[j].s); + } + nprintf(&ps, " %s\n", cmd->optHelp[j]); } } + goto finish; + } + for (i=0; i<cmd->ncmd; i++) { + nprintf(&ps, "%s", cmd->cmd[i].s); print_ps_indent(&ps); } +finish: ps.indent = 0; nprintf(&ps, "\n"); } @@ -549,10 +569,12 @@ read_command: if (strcmp(token, cmd->cmd[i].s) == 0) { cmdToRun = i; /*PR_fprintf(PR_STDERR, "doing command %s\n", token);*/ + cmd->cmd[i].on = PR_TRUE; + break; } } if (cmdToRun < 0) { - if (strcmp(token, "quit") == 0 || strcmp(token, "q")) { + if (strcmp(token, "quit") == 0 || strcmp(token, "q") == 0) { /* this one applies to all */ return -2; } else { diff --git a/security/nss/cmd/cmdlib/cmdpasswd.c b/security/nss/cmd/cmdlib/cmdpasswd.c index 0928016aa..49fd93dc1 100644 --- a/security/nss/cmd/cmdlib/cmdpasswd.c +++ b/security/nss/cmd/cmdlib/cmdpasswd.c @@ -336,6 +336,43 @@ secu_InitSlotPassword(PK11SlotInfo *slot, PRBool retry, void *arg) } #endif +static NSSUTF8 * +get_password_from_tty(NSSUTF8 *slotName) +{ + char prompt[255]; + sprintf(prompt, "Enter Password or Pin for \"%s\": ", slotName); + return (NSSUTF8 *)get_password_string(prompt); +} + +struct password_callback_str +{ + NSSUTF8 *pw; + PRBool allowRetry; + PRInt32 numAttempts; +}; + +static PRStatus +default_slot_password_callback +( + NSSUTF8 *slotName, + PRBool *retry, + void *arg, + NSSUTF8 **password +) +{ + struct password_callback_str *pwcbstr = arg; + *retry = PR_FALSE; + if (pwcbstr->pw) { + *password = NSSUTF8_Duplicate((NSSUTF8 *)pwcbstr->pw, NULL); + } else if (pwcbstr->numAttempts++ < 3) { /* XXX this won't work */ + *password = get_password_from_tty(slotName); + *retry = PR_TRUE; + } else { + return PR_FAILURE; + } + return PR_SUCCESS; +} + PRStatus CMD_ChangeSlotPassword(NSSSlot *slot) { @@ -343,14 +380,26 @@ CMD_ChangeSlotPassword(NSSSlot *slot) char *oldpw = NULL, *newpw1 = NULL, *newpw2 = NULL; char prompt[255]; NSSUTF8 *slotName = "foo"; + struct password_callback_str pwcb; + PRBool retry = PR_TRUE; /* need user init??? */ - /* first get old and check it in a loop??? */ - - sprintf(prompt, "Enter Password or Pin for \"%s\": ", slotName); - oldpw = (NSSUTF8 *)get_password_string(prompt); - + pwcb.pw = NULL; + pwcb.allowRetry = PR_TRUE; + pwcb.numAttempts = 0; + while (retry) { + status = default_slot_password_callback(slotName, &retry, + &pwcb, &oldpw); + if (status == PR_SUCCESS) retry = PR_FALSE; + } + + status = NSSSlot_CheckPassword(slot, oldpw); + if (status == PR_FAILURE) { + CMD_PrintError("Login failed"); + return PR_FAILURE; + } + sprintf(prompt, "Enter New Password or Pin for \"%s\": ", slotName); newpw1 = (NSSUTF8 *)get_password_string(prompt); @@ -362,42 +411,15 @@ CMD_ChangeSlotPassword(NSSSlot *slot) if (status == PR_SUCCESS) { fprintf(stdout, "Password successfully changed.\n"); } else { - fprintf(stderr, "Failed to change password.\n"); + CMD_PrintError("Failed to change password"); } } else { - fprintf(stdout, "Passwords did not match.\n"); + fprintf(stdout, "Passwords do not match.\n"); } return PR_FAILURE; } -static NSSUTF8 * -get_password_from_tty(NSSUTF8 *slotName) -{ - char prompt[255]; - sprintf(prompt, "Enter Password or Pin for \"%s\": ", slotName); - return (NSSUTF8 *)get_password_string(prompt); -} - -static PRStatus -default_slot_password_callback -( - NSSUTF8 *slotName, - PRUint32 retries, - void *arg, - NSSUTF8 **password -) -{ - if (arg) { - *password = NSSUTF8_Duplicate((NSSUTF8 *)arg, NULL); - } else if (retries < 3) { - *password = get_password_from_tty(slotName); - } else { - return PR_FAILURE; - } - return PR_SUCCESS; -} - NSSCallback * CMD_GetDefaultPasswordCallback ( @@ -406,16 +428,24 @@ CMD_GetDefaultPasswordCallback ) { NSSCallback *callback; + struct password_callback_str *pwcbstr; callback = (NSSCallback *)PR_Malloc(sizeof(NSSCallback)); + pwcbstr = (struct password_callback_str *) + PR_Malloc(sizeof(struct password_callback_str)); + callback->arg = (void *)pwcbstr; + pwcbstr->numAttempts = 0; if (callback) { callback->getInitPW = NULL; callback->getPW = default_slot_password_callback; if (passwordFile) { - callback->arg = get_password_from_file(passwordFile); + pwcbstr->pw = get_password_from_file(passwordFile); + pwcbstr->allowRetry = PR_FALSE; } else if (password) { - callback->arg = NSSUTF8_Duplicate(password, NULL); + pwcbstr->pw = NSSUTF8_Duplicate(password, NULL); + pwcbstr->allowRetry = PR_FALSE; } else { - callback->arg = (NSSUTF8 *)NULL; + pwcbstr->pw = (NSSUTF8 *)NULL; + pwcbstr->allowRetry = PR_TRUE; } } return callback; diff --git a/security/nss/cmd/cmdlib/cmdutil.h b/security/nss/cmd/cmdlib/cmdutil.h index ba3506931..bf45da921 100644 --- a/security/nss/cmd/cmdlib/cmdutil.h +++ b/security/nss/cmd/cmdlib/cmdutil.h @@ -125,8 +125,9 @@ struct cmdCommandLineArgStr { CMDArg argUse; /* flag takes an argument */ char *arg; /* argument given for flag */ PRBool on; /* flag was issued at command-line */ - int req[4]; /* required arguments for commands */ - int opt[4]; /* optional arguments for commands */ + int req[4]; /* required arguments for command */ + int opt[4]; /* optional arguments for command */ + char *help; /* help string for command */ }; struct cmdCommandLineOptStr { @@ -145,6 +146,8 @@ struct cmdCommandStr { int nopt; cmdCommandLineArg *cmd; cmdCommandLineOpt *opt; + char **optHelp; + char *description; }; typedef struct cmdCommandStr cmdCommand; @@ -152,19 +155,13 @@ typedef struct cmdCommandStr cmdCommand; int CMD_ParseCommandLine(int argc, char **argv, char *progName, cmdCommand *cmd); -typedef void -(* cmdUsageCallback)(cmdPrintState *, int, PRBool, PRBool, PRBool); - #define CMDBIT(n) (1<<n) void CMD_Usage(char *progName, cmdCommand *cmd); void -CMD_LongUsage(char *progName, cmdCommand *cmd, cmdUsageCallback use); - -void -CMD_PrintUsageString(cmdPrintState *ps, char *str); +CMD_LongUsage(char *progName, cmdCommand *cmd); int CMD_Interactive(cmdCommand *cmd); diff --git a/security/nss/cmd/pkiutil/pkiutil.c b/security/nss/cmd/pkiutil/pkiutil.c index 82642d73a..e7c9668aa 100644 --- a/security/nss/cmd/pkiutil/pkiutil.c +++ b/security/nss/cmd/pkiutil/pkiutil.c @@ -53,7 +53,6 @@ static PRStatus pkiutil_command_dispatcher(cmdCommand *, int); enum { cmd_ChangePassword = 0, cmd_Delete, - cmd_Help, cmd_Import, cmd_Interactive, cmd_List, @@ -95,6 +94,7 @@ static cmdCommandLineArg pkiutil_commands[] = CMDBIT(opt_ProfileDir), 0, 0, 0 }, + "Change the password of a token" }, { /* cmd_Delete */ 'D', "delete", @@ -109,12 +109,7 @@ static cmdCommandLineArg pkiutil_commands[] = CMDBIT(opt_TokenName), 0, 0, 0 }, - }, - { /* cmd_Help */ - '?', "help", - CMDNoArg, 0, PR_FALSE, - { 0, 0, 0, 0 }, - { 0, 0, 0, 0 }, + "Delete an object from the profile/token" }, { /* cmd_Import */ 'I', "import", @@ -133,6 +128,7 @@ static cmdCommandLineArg pkiutil_commands[] = CMDBIT(opt_Type), 0, 0, 0 }, + "Import an object into the profile/token" }, { /* cmd_Interactive */ 'D', "interactive", @@ -142,6 +138,7 @@ static cmdCommandLineArg pkiutil_commands[] = CMDBIT(opt_ProfileDir), 0, 0, 0 }, + "Use interactive mode" }, { /* cmd_List */ 'L', "list", @@ -158,6 +155,7 @@ static cmdCommandLineArg pkiutil_commands[] = CMDBIT(opt_Type), 0, 0, 0 }, + "List objects on the token" }, { /* cmd_Print */ 'P', "print", @@ -176,6 +174,7 @@ static cmdCommandLineArg pkiutil_commands[] = CMDBIT(opt_Type), 0, 0, 0 }, + "Print or dump a single object" }, { /* cmd_Validate */ 'V', "validate", @@ -190,12 +189,14 @@ static cmdCommandLineArg pkiutil_commands[] = CMDBIT(opt_Usages) | 0, 0, 0 }, + "Validate a certificate" }, { /* cmd_Version */ 0, "version", CMDNoArg, 0, PR_FALSE, { 0, 0, 0, 0 }, - { 0, 0, 0, 0 } + { 0, 0, 0, 0 }, + "Get version information" } }; @@ -217,62 +218,38 @@ static cmdCommandLineOpt pkiutil_options[] = { /* opt_Usages */ 'u', "usages", CMDArgReq }, }; -void pkiutil_usage(cmdPrintState *ps, - int num, PRBool cmd, PRBool header, PRBool footer) +static char * pkiutil_options_help[] = { -#define pusg CMD_PrintUsageString - if (header) { - pusg(ps, "utility for managing PKCS#11 objects (certs and keys)\n"); - } else if (footer) { - /* - printf("certificate trust can be:\n"); - printf(" p - valid peer, P - trusted peer (implies p)\n"); - printf(" c - valid CA\n"); - printf(" T - trusted CA to issue client certs (implies c)\n"); - printf(" C - trusted CA to issue server certs (implies c)\n"); - printf(" u - user cert\n"); - printf(" w - send warning\n"); - */ - } else if (cmd) { - switch(num) { - case cmd_Import: - pusg(ps, "Import an object onto the profile/token"); break; - case cmd_Delete: - pusg(ps, "Delete an object from the profile/token"); break; - case cmd_List: - pusg(ps, "List objects on the token (-n for single object)"); break; - case cmd_Print: - pusg(ps, "Print or dump a single object"); break; - case cmd_Version: - pusg(ps, "Report version"); break; - default: - pusg(ps, "Unrecognized command"); break; - } - } else { - switch(num) { - case opt_Ascii: - pusg(ps, "Use ascii (base-64 encoded) mode for I/O"); break; - case opt_ProfileDir: - pusg(ps, "Directory containing security databases (def: \".\")"); - break; - case opt_TokenName: - pusg(ps, "Name of PKCS#11 token to use (def: internal)"); break; - case opt_InputFile: - pusg(ps, "File for input (def: stdin)"); break; - case opt_Nickname: - pusg(ps, "Nickname of object"); break; - case opt_OutputFile: - pusg(ps, "File for output (def: stdout)"); break; - case opt_Binary: - pusg(ps, "Use raw (binary der-encoded) mode for I/O"); break; - case opt_Trust: - pusg(ps, "Trust level for certificate"); break; - case opt_Help: break; - default: - pusg(ps, "Unrecognized option"); - } - } -} + "get help for command", + "use ascii (base-64 encoded) mode for I/O", + "list the certificate path (chain)", + "directory containing security databases (default: \"./\")", + "name of PKCS#11 token to use (default: internal)", + "file for input (default: stdin)", + "print object-specific information (token instances, etc.)", + "nickname of object", + "file for output (default: stdout)", + "delete orphaned key pairs (keys not associated with a cert)", + "use raw (binary der-encoded) mode for I/O", + "trust level for certificate", + "specify type of object" + "\n certificate" + "\n public-key" + "\n private-key" + "\n all", + "specify a set of certificate usages" + "\n c - SSL client" + "\n v - SSL server" + "\n r - Email recipient" + "\n s - Email signer" + "\n o - Code signer" + "\n t - Status responder" + "\n u - SSL server with step-up" + "\n (capital letters specify CA equivalents)" +}; + +static char pkiutil_description[] = +"utility for managing PKI objects"; int main(int argc, char **argv) @@ -286,6 +263,8 @@ main(int argc, char **argv) pkiutil.nopt = pkiutil_num_options; pkiutil.cmd = pkiutil_commands; pkiutil.opt = pkiutil_options; + pkiutil.optHelp = pkiutil_options_help; + pkiutil.description = pkiutil_description; progName = strrchr(argv[0], '/'); if (!progName) { @@ -309,7 +288,7 @@ main(int argc, char **argv) #endif if (pkiutil.opt[opt_Help].on) - CMD_LongUsage(progName, &pkiutil, pkiutil_usage); + CMD_LongUsage(progName, &pkiutil); if (cmdToRun < 0) { CMD_Usage(progName, &pkiutil); @@ -331,18 +310,26 @@ main(int argc, char **argv) PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); /* XXX allow for read-only and no-db */ - NSS_InitReadWrite(profiledir); + rv = NSS_InitReadWrite(profiledir); + if (rv == PR_FAILURE) { + CMD_PrintError("Failed to initialize NSS"); + exit(1); + } /* XXX */ - NSS_EnablePKIXCertificates(); + rv = NSS_EnablePKIXCertificates(); + if (rv == PR_FAILURE) { + CMD_PrintError("Failed to load PKIX module"); + goto shutdown; + } if (cmdToRun == cmd_Interactive) { while (PR_TRUE) { cmdToRun = CMD_Interactive(&pkiutil); - if (cmdToRun == cmd_Help) { + if (cmdToRun == -1 || pkiutil.opt[opt_Help].on) { CMD_InteractiveUsage(progName, &pkiutil); continue; - } else if (cmdToRun < 0) { + } else if (cmdToRun == -2) { break; } rv = pkiutil_command_dispatcher(&pkiutil, cmdToRun); @@ -351,6 +338,7 @@ main(int argc, char **argv) rv = pkiutil_command_dispatcher(&pkiutil, cmdToRun); } +shutdown: NSS_Shutdown(); return rv; |