diff options
author | relyea%netscape.com <devnull@localhost> | 2002-05-16 20:39:04 +0000 |
---|---|---|
committer | relyea%netscape.com <devnull@localhost> | 2002-05-16 20:39:04 +0000 |
commit | e7af8ef836847217305e46546159b92bfb2110d0 (patch) | |
tree | 33d589305bdf1eed3f22478ddcbc07e97eac8bf9 /security | |
parent | b3329979a8575b209f419ce80dc1cd4ba1c96eb5 (diff) | |
parent | 0f24161cf809b4145434649b2b63bdb4c47c499a (diff) | |
download | nss-hg-e7af8ef836847217305e46546159b92bfb2110d0.tar.gz |
Add Transactions (still need to add transactions on database upgrade).
Make trust objects their own objects to reduce a couple of unnecessary cert decodes.
Diffstat (limited to 'security')
-rw-r--r-- | security/dbm/Makefile | 80 | ||||
-rw-r--r-- | security/dbm/config/config.mk | 67 | ||||
-rw-r--r-- | security/dbm/include/Makefile | 76 | ||||
-rw-r--r-- | security/dbm/include/manifest.mn | 57 | ||||
-rw-r--r-- | security/dbm/manifest.mn | 45 | ||||
-rw-r--r-- | security/dbm/src/Makefile | 76 | ||||
-rw-r--r-- | security/dbm/src/config.mk | 63 | ||||
-rw-r--r-- | security/dbm/src/dirent.c | 348 | ||||
-rw-r--r-- | security/dbm/src/dirent.h | 97 | ||||
-rw-r--r-- | security/dbm/src/manifest.mn | 61 | ||||
-rw-r--r-- | security/dbm/tests/Makefile | 69 | ||||
-rw-r--r-- | security/nss/lib/softoken/cdbhdl.h | 2 | ||||
-rw-r--r-- | security/nss/lib/softoken/dbinit.c | 36 | ||||
-rw-r--r-- | security/nss/lib/softoken/keydb.c | 12 | ||||
-rw-r--r-- | security/nss/lib/softoken/pcert.h | 23 | ||||
-rw-r--r-- | security/nss/lib/softoken/pcertdb.c | 237 | ||||
-rw-r--r-- | security/nss/lib/softoken/pcertt.h | 12 | ||||
-rw-r--r-- | security/nss/lib/softoken/pkcs11.c | 18 | ||||
-rw-r--r-- | security/nss/lib/softoken/pkcs11u.c | 87 |
19 files changed, 1426 insertions, 40 deletions
diff --git a/security/dbm/Makefile b/security/dbm/Makefile new file mode 100644 index 000000000..34cd6d899 --- /dev/null +++ b/security/dbm/Makefile @@ -0,0 +1,80 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + + + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +coreconf_hack: + cd ../coreconf; gmake + gmake import + +RelEng_bld: coreconf_hack + gmake diff --git a/security/dbm/config/config.mk b/security/dbm/config/config.mk new file mode 100644 index 000000000..753364931 --- /dev/null +++ b/security/dbm/config/config.mk @@ -0,0 +1,67 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +# +# These macros are defined by mozilla's configure script. +# We define them manually here. +# + +DEFINES += -DSTDC_HEADERS -DHAVE_STRERROR + +# +# Most platforms have snprintf, so it's simpler to list the exceptions. +# +HAVE_SNPRINTF = 1 +# +# OSF1 V4.0D doesn't have snprintf but V5.0A does. +# +ifeq ($(OS_TARGET)$(OS_RELEASE),OSF1V4.0D) +HAVE_SNPRINTF = +endif +ifdef HAVE_SNPRINTF +DEFINES += -DHAVE_SNPRINTF +endif + +ifeq (,$(filter-out IRIX Linux,$(OS_TARGET))) +DEFINES += -DHAVE_SYS_CDEFS_H +endif + +ifeq (,$(filter-out DGUX NCR ReliantUNIX SCO_SV SCOOS UNIXWARE,$(OS_TARGET))) +DEFINES += -DHAVE_SYS_BYTEORDER_H +endif + +# +# None of the platforms that we are interested in need to +# define HAVE_MEMORY_H. +# diff --git a/security/dbm/include/Makefile b/security/dbm/include/Makefile new file mode 100644 index 000000000..ba4dd8ddf --- /dev/null +++ b/security/dbm/include/Makefile @@ -0,0 +1,76 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + + + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + + + diff --git a/security/dbm/include/manifest.mn b/security/dbm/include/manifest.mn new file mode 100644 index 000000000..886fedd98 --- /dev/null +++ b/security/dbm/include/manifest.mn @@ -0,0 +1,57 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +CORE_DEPTH = ../.. + +VPATH = $(CORE_DEPTH)/../dbm/include + +MODULE = dbm + +EXPORTS = nsres.h \ + cdefs.h \ + mcom_db.h \ + ncompat.h \ + winfile.h \ + $(NULL) + +PRIVATE_EXPORTS = hsearch.h \ + page.h \ + extern.h \ + ndbm.h \ + queue.h \ + hash.h \ + mpool.h \ + search.h \ + $(NULL) + diff --git a/security/dbm/manifest.mn b/security/dbm/manifest.mn new file mode 100644 index 000000000..11f4f4237 --- /dev/null +++ b/security/dbm/manifest.mn @@ -0,0 +1,45 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +CORE_DEPTH = .. + +MODULE = dbm + +IMPORTS = nspr20/v4.1.2 + +RELEASE = dbm + +DIRS = include \ + src \ + $(NULL) diff --git a/security/dbm/src/Makefile b/security/dbm/src/Makefile new file mode 100644 index 000000000..8fce98394 --- /dev/null +++ b/security/dbm/src/Makefile @@ -0,0 +1,76 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/dbm/config/config.mk + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include config.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + + + diff --git a/security/dbm/src/config.mk b/security/dbm/src/config.mk new file mode 100644 index 000000000..370fd75d6 --- /dev/null +++ b/security/dbm/src/config.mk @@ -0,0 +1,63 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +DEFINES += -DMEMMOVE -D__DBINTERFACE_PRIVATE $(SECURITY_FLAG) + +INCLUDES += -I$(CORE_DEPTH)/../dbm/include + +# +# Currently, override TARGETS variable so that only static libraries +# are specifed as dependencies within rules.mk. +# + +TARGETS = $(LIBRARY) +SHARED_LIBRARY = +IMPORT_LIBRARY = +PURE_LIBRARY = +PROGRAM = + +ifdef SHARED_LIBRARY + ifeq (,$(filter-out WINNT WIN95 WINCE,$(OS_TARGET))) # list omits WIN16 + DLLBASE=/BASE:0x30000000 + RES=$(OBJDIR)/dbm.res + RESNAME=../include/dbm.rc + endif + ifeq ($(DLL_SUFFIX),dll) + DEFINES += -D_DLL + endif +endif + +ifeq ($(OS_TARGET),AIX) + OS_LIBS += -lc_r +endif diff --git a/security/dbm/src/dirent.c b/security/dbm/src/dirent.c new file mode 100644 index 000000000..001a48c5c --- /dev/null +++ b/security/dbm/src/dirent.c @@ -0,0 +1,348 @@ +#ifdef OS2 + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> + +#include <dirent.h> +#include <errno.h> + +/*#ifndef __EMX__ +#include <libx.h> +#endif */ + +#define INCL_DOSFILEMGR +#define INCL_DOSERRORS +#include <os2.h> + +#if OS2 >= 2 +# define FFBUF FILEFINDBUF3 +# define Word ULONG + /* + * LS20 recommends a request count of 100, but according to the + * APAR text it does not lead to missing files, just to funny + * numbers of returned entries. + * + * LS30 HPFS386 requires a count greater than 2, or some files + * are missing (those starting with a character less that '.'). + * + * Novell looses entries which overflow the buffer. In previous + * versions of dirent2, this could have lead to missing files + * when the average length of 100 directory entries was 40 bytes + * or more (quite unlikely for files on a Novell server). + * + * Conclusion: Make sure that the entries all fit into the buffer + * and that the buffer is large enough for more than 2 entries + * (each entry is at most 300 bytes long). And ignore the LS20 + * effect. + */ +# define Count 25 +# define BufSz (25 * (sizeof(FILEFINDBUF3)+1)) +#else +# define FFBUF FILEFINDBUF +# define Word USHORT +# define BufSz 1024 +# define Count 3 +#endif + +#if defined(__IBMC__) || defined(__IBMCPP__) + #define error(rc) _doserrno = rc, errno = EOS2ERR +#elif defined(MICROSOFT) + #define error(rc) _doserrno = rc, errno = 255 +#else + #define error(rc) errno = 255 +#endif + +struct _dirdescr { + HDIR handle; /* DosFindFirst handle */ + char fstype; /* filesystem type */ + Word count; /* valid entries in <ffbuf> */ + long number; /* absolute number of next entry */ + int index; /* relative number of next entry */ + FFBUF * next; /* pointer to next entry */ + char name[MAXPATHLEN+3]; /* directory name */ + unsigned attrmask; /* attribute mask for seekdir */ + struct dirent entry; /* buffer for directory entry */ + BYTE ffbuf[BufSz]; +}; + +/* + * Return first char of filesystem type, or 0 if unknown. + */ +static char +getFSType(const char *path) +{ + static char cache[1+26]; + char drive[3], info[512]; + Word unit, infolen; + char r; + + if (isalpha(path[0]) && path[1] == ':') { + unit = toupper(path[0]) - '@'; + path += 2; + } else { + ULONG driveMap; +#if OS2 >= 2 + if (DosQueryCurrentDisk(&unit, &driveMap)) +#else + if (DosQCurDisk(&unit, &driveMap)) +#endif + return 0; + } + + if ((path[0] == '\\' || path[0] == '/') + && (path[1] == '\\' || path[1] == '/')) + return 0; + + if (cache [unit]) + return cache [unit]; + + drive[0] = '@' + unit; + drive[1] = ':'; + drive[2] = '\0'; + infolen = sizeof info; +#if OS2 >= 2 + if (DosQueryFSAttach(drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen)) + return 0; + if (infolen >= sizeof(FSQBUFFER2)) { + FSQBUFFER2 *p = (FSQBUFFER2 *)info; + r = p->szFSDName[p->cbName]; + } else +#else + if (DosQFSAttach((PSZ)drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen, 0)) + return 0; + if (infolen >= 9) { + char *p = info + sizeof(USHORT); + p += sizeof(USHORT) + *(USHORT *)p + 1 + sizeof(USHORT); + r = *p; + } else +#endif + r = 0; + return cache [unit] = r; +} + +char * +abs_path(const char *name, char *buffer, int len) +{ + char buf[4]; + if (isalpha(name[0]) && name[1] == ':' && name[2] == '\0') { + buf[0] = name[0]; + buf[1] = name[1]; + buf[2] = '.'; + buf[3] = '\0'; + name = buf; + } +#if OS2 >= 2 + if (DosQueryPathInfo((PSZ)name, FIL_QUERYFULLNAME, buffer, len)) +#else + if (DosQPathInfo((PSZ)name, FIL_QUERYFULLNAME, (PBYTE)buffer, len, 0L)) +#endif + return NULL; + return buffer; +} + +DIR * +openxdir(const char *path, unsigned att_mask) +{ + DIR *dir; + char name[MAXPATHLEN+3]; + Word rc; + + dir = malloc(sizeof(DIR)); + if (dir == NULL) { + errno = ENOMEM; + return NULL; + } + + strncpy(name, path, MAXPATHLEN); + name[MAXPATHLEN] = '\0'; + switch (name[strlen(name)-1]) { + default: + strcat(name, "\\"); + case '\\': + case '/': + case ':': + ; + } + strcat(name, "."); + if (!abs_path(name, dir->name, MAXPATHLEN+1)) + strcpy(dir->name, name); + if (dir->name[strlen(dir->name)-1] == '\\') + strcat(dir->name, "*"); + else + strcat(dir->name, "\\*"); + + dir->fstype = getFSType(dir->name); + dir->attrmask = att_mask | A_DIR; + + dir->handle = HDIR_CREATE; + dir->count = 100; +#if OS2 >= 2 + rc = DosFindFirst(dir->name, &dir->handle, dir->attrmask, + dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD); +#else + rc = DosFindFirst((PSZ)dir->name, &dir->handle, dir->attrmask, + (PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0); +#endif + switch (rc) { + default: + free(dir); + error(rc); + return NULL; + case NO_ERROR: + case ERROR_NO_MORE_FILES: + ; + } + + dir->number = 0; + dir->index = 0; + dir->next = (FFBUF *)dir->ffbuf; + + return (DIR *)dir; +} + +DIR * +opendir(const char *pathname) +{ + return openxdir(pathname, 0); +} + +struct dirent * +readdir(DIR *dir) +{ + static int dummy_ino = 2; + + if (dir->index == dir->count) { + Word rc; + dir->count = 100; +#if OS2 >= 2 + rc = DosFindNext(dir->handle, dir->ffbuf, + sizeof dir->ffbuf, &dir->count); +#else + rc = DosFindNext(dir->handle, (PFILEFINDBUF)dir->ffbuf, + sizeof dir->ffbuf, &dir->count); +#endif + if (rc) { + error(rc); + return NULL; + } + + dir->index = 0; + dir->next = (FFBUF *)dir->ffbuf; + } + + if (dir->index == dir->count) + return NULL; + + memcpy(dir->entry.d_name, dir->next->achName, dir->next->cchName); + dir->entry.d_name[dir->next->cchName] = '\0'; + dir->entry.d_ino = dummy_ino++; + dir->entry.d_reclen = dir->next->cchName; + dir->entry.d_namlen = dir->next->cchName; + dir->entry.d_size = dir->next->cbFile; + dir->entry.d_attribute = dir->next->attrFile; + dir->entry.d_time = *(USHORT *)&dir->next->ftimeLastWrite; + dir->entry.d_date = *(USHORT *)&dir->next->fdateLastWrite; + + switch (dir->fstype) { + case 'F': /* FAT */ + case 'C': /* CDFS */ + if (dir->next->attrFile & FILE_DIRECTORY) + strupr(dir->entry.d_name); + else + strlwr(dir->entry.d_name); + } + +#if OS2 >= 2 + dir->next = (FFBUF *)((BYTE *)dir->next + dir->next->oNextEntryOffset); +#else + dir->next = (FFBUF *)((BYTE *)dir->next->achName + dir->next->cchName + 1); +#endif + ++dir->number; + ++dir->index; + + return &dir->entry; +} + +long +telldir(DIR *dir) +{ + return dir->number; +} + +void +seekdir(DIR *dir, long off) +{ + if (dir->number > off) { + char name[MAXPATHLEN+2]; + Word rc; + + DosFindClose(dir->handle); + + strcpy(name, dir->name); + strcat(name, "*"); + + dir->handle = HDIR_CREATE; + dir->count = 32767; +#if OS2 >= 2 + rc = DosFindFirst(name, &dir->handle, dir->attrmask, + dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD); +#else + rc = DosFindFirst((PSZ)name, &dir->handle, dir->attrmask, + (PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0); +#endif + switch (rc) { + default: + error(rc); + return; + case NO_ERROR: + case ERROR_NO_MORE_FILES: + ; + } + + dir->number = 0; + dir->index = 0; + dir->next = (FFBUF *)dir->ffbuf; + } + + while (dir->number < off && readdir(dir)) + ; +} + +void +closedir(DIR *dir) +{ + DosFindClose(dir->handle); + free(dir); +} + +/*****************************************************************************/ + +#ifdef TEST + +main(int argc, char **argv) +{ + int i; + DIR *dir; + struct dirent *ep; + + for (i = 1; i < argc; ++i) { + dir = opendir(argv[i]); + if (!dir) + continue; + while (ep = readdir(dir)) + if (strchr("\\/:", argv[i] [strlen(argv[i]) - 1])) + printf("%s%s\n", argv[i], ep->d_name); + else + printf("%s/%s\n", argv[i], ep->d_name); + closedir(dir); + } + + return 0; +} + +#endif + +#endif /* OS2 */ + diff --git a/security/dbm/src/dirent.h b/security/dbm/src/dirent.h new file mode 100644 index 000000000..07a6c0ac8 --- /dev/null +++ b/security/dbm/src/dirent.h @@ -0,0 +1,97 @@ +#ifndef __DIRENT_H__ +#define __DIRENT_H__ +/* + * @(#)msd_dir.h 1.4 87/11/06 Public Domain. + * + * A public domain implementation of BSD directory routines for + * MS-DOS. Written by Michael Rendell ({uunet,utai}michael@garfield), + * August 1897 + * + * Extended by Peter Lim (lim@mullian.oz) to overcome some MS DOS quirks + * and returns 2 more pieces of information - file size & attribute. + * Plus a little reshuffling of some #define's positions December 1987 + * + * Some modifications by Martin Junius 02-14-89 + * + * AK900712 + * AK910410 abs_path - make absolute path + * + */ + +#ifdef __EMX__ +#include <sys/param.h> +#else +#if defined(__IBMC__) || defined(__IBMCPP__) || defined(XP_W32_MSVC) +#include <stdio.h> +#ifdef MAXPATHLEN + #undef MAXPATHLEN +#endif +#define MAXPATHLEN (FILENAME_MAX*4) +#define MAXNAMLEN FILENAME_MAX + +#else +#include <param.h> +#endif +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* attribute stuff */ +#ifndef A_RONLY +# define A_RONLY 0x01 +# define A_HIDDEN 0x02 +# define A_SYSTEM 0x04 +# define A_LABEL 0x08 +# define A_DIR 0x10 +# define A_ARCHIVE 0x20 +#endif + +struct dirent { +#if defined(OS2) || defined(WIN32) /* use the layout of EMX to avoid trouble */ + int d_ino; /* Dummy */ + int d_reclen; /* Dummy, same as d_namlen */ + int d_namlen; /* length of name */ + char d_name[MAXNAMLEN + 1]; + unsigned long d_size; + unsigned short d_attribute; /* attributes (see above) */ + unsigned short d_time; /* modification time */ + unsigned short d_date; /* modification date */ +#else + char d_name[MAXNAMLEN + 1]; /* garentee null termination */ + char d_attribute; /* .. extension .. */ + unsigned long d_size; /* .. extension .. */ +#endif +}; + +typedef struct _dirdescr DIR; +/* the structs do not have to be defined here */ + +extern DIR *opendir(const char *); +extern DIR *openxdir(const char *, unsigned); +extern struct dirent *readdir(DIR *); +extern void seekdir(DIR *, long); +extern long telldir(DIR *); +extern void closedir(DIR *); +#define rewinddir(dirp) seekdir(dirp, 0L) + +extern char * abs_path(const char *name, char *buffer, int len); + +#ifndef S_IFMT +#define S_IFMT ( S_IFDIR | S_IFREG ) +#endif + +#ifndef S_ISDIR +#define S_ISDIR( m ) (((m) & S_IFMT) == S_IFDIR) +#endif + +#ifndef S_ISREG +#define S_ISREG( m ) (((m) & S_IFMT) == S_IFREG) +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/security/dbm/src/manifest.mn b/security/dbm/src/manifest.mn new file mode 100644 index 000000000..80f2abfd0 --- /dev/null +++ b/security/dbm/src/manifest.mn @@ -0,0 +1,61 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +CORE_DEPTH = ../.. + +VPATH = $(CORE_DEPTH)/../dbm/src + +MODULE = dbm + +# +# memmove.c, snprintf.c, and strerror.c are not in CSRCS because +# the Standard C Library has memmove and strerror and DBM is not +# using snprintf. +# + +CSRCS = db.c \ + h_bigkey.c \ + h_func.c \ + h_log2.c \ + h_page.c \ + hash.c \ + hash_buf.c \ + hsearch.c \ + mktemp.c \ + ndbm.c \ + nsres.c \ + dirent.c \ + $(NULL) + +LIBRARY_NAME = dbm diff --git a/security/dbm/tests/Makefile b/security/dbm/tests/Makefile new file mode 100644 index 000000000..fe132e19c --- /dev/null +++ b/security/dbm/tests/Makefile @@ -0,0 +1,69 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# +DEPTH = ../.. +CORE_DEPTH = ../.. + +VPATH = $(CORE_DEPTH)/../dbm/tests + +MODULE = dbm + +CSRCS = lots.c + +PROGRAM = lots + +include $(DEPTH)/coreconf/config.mk + +include $(DEPTH)/dbm/config/config.mk + +ifeq (,$(filter-out WIN%,$(OS_TARGET))) +LIBDBM = ../src/$(PLATFORM)/dbm$(STATIC_LIB_SUFFIX) +else +LIBDBM = ../src/$(PLATFORM)/libdbm$(STATIC_LIB_SUFFIX) +endif + +INCLUDES += -I$(CORE_DEPTH)/../dbm/include + +LDFLAGS = $(LDOPTS) $(LIBDBM) + +include $(DEPTH)/coreconf/rules.mk + +lots.pure: lots + purify $(CC) -o lots.pure $(CFLAGS) $(OBJS) $(MYLIBS) + +crash: crash.o $(MYLIBS) + $(CC) -o crash $(CFLAGS) $^ + +crash.pure: crash.o $(MYLIBS) + purify $(CC) -o crash.pure $(CFLAGS) $^ + diff --git a/security/nss/lib/softoken/cdbhdl.h b/security/nss/lib/softoken/cdbhdl.h index f52712422..ba2f9fa7c 100644 --- a/security/nss/lib/softoken/cdbhdl.h +++ b/security/nss/lib/softoken/cdbhdl.h @@ -68,4 +68,6 @@ DB * rdbopen(const char *appName, const char *prefix, const char *type, int flags); SECStatus db_Copy(DB *dest,DB *src); +int db_BeginTransaction(DB *db); +int db_FinishTransaction(DB *db, PRBool abort); #endif diff --git a/security/nss/lib/softoken/dbinit.c b/security/nss/lib/softoken/dbinit.c index 87098dc0a..115a581ad 100644 --- a/security/nss/lib/softoken/dbinit.c +++ b/security/nss/lib/softoken/dbinit.c @@ -256,6 +256,7 @@ pk11_DBShutdown(NSSLOWCERTCertDBHandle *certHandle, } static rdbfunc pk11_rdbfunc; +static void *pk11_tnx; /* NOTE: SHLIB_SUFFIX is defined on the command line */ #define RDBLIB "rdb."SHLIB_SUFFIX @@ -283,7 +284,8 @@ DB * rdbopen(const char *appName, const char *prefix, /* get the entry point */ pk11_rdbfunc = (rdbfunc) PR_FindSymbol(lib,"rdbopen"); if (pk11_rdbfunc) { - return (*pk11_rdbfunc)(appName,prefix,type,flags); + db = (*pk11_rdbfunc)(appName,prefix,type,flags); + return db; } /* couldn't find the entry point, unload the library and fail */ @@ -291,6 +293,38 @@ DB * rdbopen(const char *appName, const char *prefix, return NULL; } +struct RDBStr { + DB db; + int (*xactstart)(DB *db); + int (*xactdone)(DB *db, PRBool abort); +}; + +#define DB_RDB ((DBTYPE) 0xff) + +int +db_BeginTransaction(DB *db) +{ + RDB *rdb = (RDB *)db; + if (db->type != DB_RDB) { + return 0; + } + + return rdb->xactstart(db); +} + +int +db_FinishTransaction(DB *db, PRBool abort) +{ + RDB *rdb = (RDB *)db; + if (db->type != DB_RDB) { + return 0; + } + + return rdb->xactdone(db, abort); +} + + + SECStatus db_Copy(DB *dest,DB *src) { diff --git a/security/nss/lib/softoken/keydb.c b/security/nss/lib/softoken/keydb.c index dc58a402d..17d76acb7 100644 --- a/security/nss/lib/softoken/keydb.c +++ b/security/nss/lib/softoken/keydb.c @@ -2255,6 +2255,11 @@ ChangeKeyDBPasswordAlg(NSSLOWKEYDBHandle *handle, return(SECFailure); } keylist.head = NULL; + + rv = db_BeginTransaction(handle->db); + if (rv != SECSuccess) { + goto loser; + } /* TNH - TraverseKeys should not be public, since it exposes the underlying DBT data type. */ @@ -2299,7 +2304,10 @@ ChangeKeyDBPasswordAlg(NSSLOWKEYDBHandle *handle, newkey.size = privkey->u.dh.publicValue.len; break; default: - return SECFailure; + /* should we continue here and loose the key? */ + PORT_SetError(SEC_ERROR_BAD_DATABASE); + rv = SECFailure; + goto loser; } rv = seckey_put_private_key(handle, &newkey, newpwitem, privkey, @@ -2320,6 +2328,8 @@ ChangeKeyDBPasswordAlg(NSSLOWKEYDBHandle *handle, loser: + db_FinishTransaction(handle->db,rv == SECSuccess); + /* free the arena */ if ( keylist.arena ) { PORT_FreeArena(keylist.arena, PR_FALSE); diff --git a/security/nss/lib/softoken/pcert.h b/security/nss/lib/softoken/pcert.h index c1d9b3128..aa2c6ea3b 100644 --- a/security/nss/lib/softoken/pcert.h +++ b/security/nss/lib/softoken/pcert.h @@ -49,6 +49,8 @@ SEC_BEGIN_PROTOS SECStatus nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTCertificate *cert, char *nickname, NSSLOWCERTCertTrust *trust); +SECStatus nsslowcert_AddPermNickname(NSSLOWCERTCertDBHandle *dbhandle, + NSSLOWCERTCertificate *cert, char *nickname); SECStatus nsslowcert_DeletePermCertificate(NSSLOWCERTCertificate *cert); @@ -88,6 +90,7 @@ nsslowcert_NewTempCertificate(NSSLOWCERTCertDBHandle *handle, SECItem *derCert, NSSLOWCERTCertificate * nsslowcert_DupCertificate(NSSLOWCERTCertificate *cert); void nsslowcert_DestroyCertificate(NSSLOWCERTCertificate *cert); +void nsslowcert_DestroyTrust(NSSLOWCERTTrust *Trust); /* * Lookup a certificate in the databases without locking @@ -100,6 +103,16 @@ NSSLOWCERTCertificate * nsslowcert_FindCertByKey(NSSLOWCERTCertDBHandle *handle, SECItem *certKey); /* + * Lookup trust for a certificate in the databases without locking + * "certKey" is the database key to look for + * + * XXX - this should be internal, but pkcs 11 needs to call it during a + * traversal. + */ +NSSLOWCERTTrust * +nsslowcert_FindTrustByKey(NSSLOWCERTCertDBHandle *handle, SECItem *certKey); + +/* ** Generate a certificate key from the issuer and serialnumber, then look it ** up in the database. Return the cert if found. ** "issuerAndSN" is the issuer and serial number to look for @@ -108,6 +121,14 @@ extern NSSLOWCERTCertificate * nsslowcert_FindCertByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN); /* +** Generate a certificate key from the issuer and serialnumber, then look it +** up in the database. Return the cert if found. +** "issuerAndSN" is the issuer and serial number to look for +*/ +extern NSSLOWCERTTrust * +nsslowcert_FindTrustByIssuerAndSN (NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN); + +/* ** Find a certificate in the database by a DER encoded certificate ** "derCert" is the DER encoded certificate */ @@ -189,7 +210,7 @@ nsslowcert_ChangeCertTrust(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust); PRBool -nsslowcert_hasTrust(NSSLOWCERTCertificate *cert); +nsslowcert_hasTrust(NSSLOWCERTCertTrust *trust); void nsslowcert_DestroyGlobalLocks(void); diff --git a/security/nss/lib/softoken/pcertdb.c b/security/nss/lib/softoken/pcertdb.c index bd50e00e1..4e0d6b46a 100644 --- a/security/nss/lib/softoken/pcertdb.c +++ b/security/nss/lib/softoken/pcertdb.c @@ -3749,6 +3749,7 @@ DeletePermCert(NSSLOWCERTCertificate *cert) rv = RemovePermSubjectNode(cert); + return(ret); } @@ -3761,6 +3762,11 @@ nsslowcert_DeletePermCertificate(NSSLOWCERTCertificate *cert) SECStatus rv; nsslowcert_LockDB(cert->dbhandle); + + rv = db_BeginTransaction(cert->dbhandle->permCertDB); + if ( rv != SECSuccess ) { + goto loser; + } /* delete the records from the permanent database */ rv = DeletePermCert(cert); @@ -3769,6 +3775,9 @@ nsslowcert_DeletePermCertificate(NSSLOWCERTCertificate *cert) cert->dbEntry = NULL; cert->trust = NULL; + db_FinishTransaction(cert->dbhandle->permCertDB,rv != SECSuccess); +loser: + nsslowcert_UnlockDB(cert->dbhandle); return(rv); } @@ -3848,6 +3857,22 @@ loser: return(0); } +static NSSLOWCERTTrust * +DecodeTrustEntry(NSSLOWCERTCertDBHandle *handle, certDBEntryCert *entry, SECItem *dbKey) +{ + NSSLOWCERTTrust *trust = PORT_Alloc(sizeof(NSSLOWCERTTrust)); + if (trust == NULL) { + return trust; + } + trust->dbhandle = handle; + trust->dbEntry = entry; + SECITEM_CopyItem(NULL, &trust->dbKey , dbKey); + trust->trust = &entry->trust; + trust->derCert = &entry->derCert; + + return(trust); +} + typedef struct { PermCertCallback certfunc; NSSLOWCERTCertDBHandle *handle; @@ -4043,6 +4068,11 @@ nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *dbhandle, SECStatus ret; nsslowcert_LockDB(dbhandle); + rv = db_BeginTransaction(dbhandle->permCertDB); + if (rv != SECSuccess) { + nsslowcert_UnlockDB(dbhandle); + return SECFailure; + } PORT_Assert(!cert->dbEntry); @@ -4070,6 +4100,7 @@ nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *dbhandle, ret = SECSuccess; done: + db_FinishTransaction(dbhandle->permCertDB, ret != SECSuccess); nsslowcert_UnlockDB(dbhandle); return(ret); } @@ -4148,6 +4179,12 @@ FindCertByKey(NSSLOWCERTCertDBHandle *handle, SECItem *certKey, PRBool lockdb) cert = DecodeACert(handle, entry); loser: + if (cert == NULL) { + if (entry) { + DestroyDBEntry((certDBEntry *)entry); + } + } + if ( locked ) { nsslowcert_UnlockDB(handle); } @@ -4160,6 +4197,70 @@ loser: } /* + * Lookup a certificate in the databases. + */ +static NSSLOWCERTTrust * +FindTrustByKey(NSSLOWCERTCertDBHandle *handle, SECItem *certKey, PRBool lockdb) +{ + SECItem keyitem; + DBT key; + SECStatus rv; + NSSLOWCERTTrust *trust = NULL; + PRArenaPool *arena = NULL; + certDBEntryCert *entry; + PRBool locked = PR_FALSE; + + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if ( arena == NULL ) { + goto loser; + } + + rv = EncodeDBCertKey(certKey, arena, &keyitem); + if ( rv != SECSuccess ) { + goto loser; + } + + key.data = keyitem.data; + key.size = keyitem.len; + + if ( lockdb ) { + locked = PR_TRUE; + nsslowcert_LockDB(handle); + } + + /* find in perm database */ + entry = ReadDBCertEntry(handle, certKey); + + if ( entry == NULL ) { + goto loser; + } + + if (!nsslowcert_hasTrust(&entry->trust)) { + goto loser; + } + + /* inherit entry */ + trust = DecodeTrustEntry(handle, entry, certKey); + +loser: + if (trust == NULL) { + if (entry) { + DestroyDBEntry((certDBEntry *)entry); + } + } + + if ( locked ) { + nsslowcert_UnlockDB(handle); + } + + if ( arena ) { + PORT_FreeArena(arena, PR_FALSE); + } + + return(trust); +} + +/* * Lookup a certificate in the databases without locking */ NSSLOWCERTCertificate * @@ -4169,6 +4270,15 @@ nsslowcert_FindCertByKey(NSSLOWCERTCertDBHandle *handle, SECItem *certKey) } /* + * Lookup a trust object in the databases without locking + */ +NSSLOWCERTTrust * +nsslowcert_FindTrustByKey(NSSLOWCERTCertDBHandle *handle, SECItem *certKey) +{ + return(FindTrustByKey(handle, certKey, PR_FALSE)); +} + +/* * Generate a key from an issuerAndSerialNumber, and find the * associated cert in the database. */ @@ -4251,6 +4361,94 @@ nsslowcert_FindCertByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssue } /* + * Generate a key from an issuerAndSerialNumber, and find the + * associated cert in the database. + */ +NSSLOWCERTTrust * +nsslowcert_FindTrustByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, + NSSLOWCERTIssuerAndSN *issuerAndSN) +{ + SECItem certKey; + SECItem *sn = &issuerAndSN->serialNumber; + SECItem *issuer = &issuerAndSN->derIssuer; + NSSLOWCERTTrust *trust; + int data_left = sn->len-1; + int data_len = sn->len; + int index = 0; + + /* automatically detect DER encoded serial numbers and remove the der + * encoding since the database expects unencoded data. + * if it's DER encoded, there must be at least 3 bytes, tag, len, data */ + if ((sn->len >= 3) && (sn->data[0] == 0x2)) { + /* remove the der encoding of the serial number before generating the + * key.. */ + data_left = sn->len-2; + data_len = sn->data[1]; + index = 2; + + /* extended length ? (not very likely for a serial number) */ + if (data_len & 0x80) { + int len_count = data_len & 0x7f; + + data_len = 0; + data_left -= len_count; + if (data_left > 0) { + while (len_count --) { + data_len = (data_len << 8) | sn->data[index++]; + } + } + } + /* XXX leaving any leading zeros on the serial number for backwards + * compatibility + */ + /* not a valid der, must be just an unlucky serial number value */ + if (data_len != data_left) { + data_len = sn->len; + index = 0; + } + } + + certKey.data = (unsigned char*)PORT_Alloc(sn->len + issuer->len); + certKey.len = data_len + issuer->len; + + if ( certKey.data == NULL ) { + return(0); + } + + /* first try the serial number as hand-decoded above*/ + /* copy the serialNumber */ + PORT_Memcpy(certKey.data, &sn->data[index], data_len); + + /* copy the issuer */ + PORT_Memcpy( &certKey.data[data_len],issuer->data,issuer->len); + + trust = nsslowcert_FindTrustByKey(handle, &certKey); + if (trust) { + PORT_Free(certKey.data); + return (trust); + } + + if (index == 0) { + PORT_Free(certKey.data); + return NULL; + } + + /* didn't find it, try by der encoded serial number */ + /* copy the serialNumber */ + PORT_Memcpy(certKey.data, sn->data, sn->len); + + /* copy the issuer */ + PORT_Memcpy( &certKey.data[sn->len], issuer->data, issuer->len); + certKey.len = sn->len + issuer->len; + + trust = nsslowcert_FindTrustByKey(handle, &certKey); + + PORT_Free(certKey.data); + + return(trust); +} + +/* * look for the given DER certificate in the database */ NSSLOWCERTCertificate * @@ -4330,6 +4528,22 @@ DestroyCertificate(NSSLOWCERTCertificate *cert, PRBool lockdb) } void +nsslowcert_DestroyTrust(NSSLOWCERTTrust *trust) +{ + certDBEntryCert *entry = trust->dbEntry; + + if ( entry ) { + DestroyDBEntry((certDBEntry *)entry); + } + if (trust->dbKey.data) { + PORT_Free(trust->dbKey.data); + } + PORT_Free(trust); + + return; +} + +void nsslowcert_DestroyCertificate(NSSLOWCERTCertificate *cert) { DestroyCertificate(cert, PR_TRUE); @@ -4407,6 +4621,10 @@ nsslowcert_AddCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl, certDBEntryRevocation *entry = NULL; certDBEntryType crlType = isKRL ? certDBEntryTypeKeyRevocation : certDBEntryTypeRevocation; + rv = db_BeginTransaction(handle->permCertDB); + if (rv != SECSuccess) { + return SECFailure; + } DeleteDBCrlEntry(handle, crlKey, crlType); /* Write the new entry into the data base */ @@ -4420,6 +4638,7 @@ done: if (entry) { DestroyDBEntry((certDBEntry *)entry); } + db_FinishTransaction(handle->permCertDB, rv != SECSuccess); return rv; } @@ -4430,24 +4649,26 @@ nsslowcert_DeletePermCRL(NSSLOWCERTCertDBHandle *handle, SECItem *derName, SECStatus rv; certDBEntryType crlType = isKRL ? certDBEntryTypeKeyRevocation : certDBEntryTypeRevocation; + rv = db_BeginTransaction(handle->permCertDB); + if (rv != SECSuccess) { + return SECFailure; + } rv = DeleteDBCrlEntry(handle, derName, crlType); if (rv != SECSuccess) goto done; done: + db_FinishTransaction(handle->permCertDB, rv != SECSuccess); return rv; } PRBool -nsslowcert_hasTrust(NSSLOWCERTCertificate *cert) +nsslowcert_hasTrust(NSSLOWCERTCertTrust *trust) { - NSSLOWCERTCertTrust *trust; - - if (cert->trust == NULL) { + if (trust == NULL) { return PR_FALSE; } - trust = cert->trust; return !((trust->sslFlags & CERTDB_TRUSTED_UNKNOWN) && (trust->emailFlags & CERTDB_TRUSTED_UNKNOWN) && (trust->objectSigningFlags & CERTDB_TRUSTED_UNKNOWN)); @@ -4465,6 +4686,11 @@ nsslowcert_SaveSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr, certDBEntrySMime *entry = NULL; SECStatus rv = SECFailure;; + rv = db_BeginTransaction(dbhandle->permCertDB); + if (rv != SECSuccess) { + return SECFailure; + } + /* find our existing entry */ entry = nsslowcert_ReadDBSMimeEntry(dbhandle, emailAddr); @@ -4511,6 +4737,7 @@ loser: if ( entry ) { DestroyDBEntry((certDBEntry *)entry); } + db_FinishTransaction(dbhandle->permCertDB, rv != SECSuccess); return(rv); } diff --git a/security/nss/lib/softoken/pcertt.h b/security/nss/lib/softoken/pcertt.h index 0170de389..a3c50b25c 100644 --- a/security/nss/lib/softoken/pcertt.h +++ b/security/nss/lib/softoken/pcertt.h @@ -53,6 +53,7 @@ typedef struct NSSLOWCERTCertDBHandleStr NSSLOWCERTCertDBHandle; typedef struct NSSLOWCERTCertKeyStr NSSLOWCERTCertKey; +typedef struct NSSLOWCERTTrustStr NSSLOWCERTTrust; typedef struct NSSLOWCERTCertTrustStr NSSLOWCERTCertTrust; typedef struct NSSLOWCERTCertificateStr NSSLOWCERTCertificate; typedef struct NSSLOWCERTCertificateListStr NSSLOWCERTCertificateList; @@ -107,6 +108,17 @@ struct NSSLOWCERTCertTrustStr { }; /* +** PKCS11 Trust representation +*/ +struct NSSLOWCERTTrustStr { + NSSLOWCERTCertDBHandle *dbhandle; + SECItem dbKey; /* database key for this cert */ + certDBEntryCert *dbEntry; /* database entry struct */ + NSSLOWCERTCertTrust *trust; + SECItem *derCert; /* original DER for the cert */ +}; + +/* ** An X.509 certificate object (the unsigned form) */ struct NSSLOWCERTCertificateStr { diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 639b651ae..6ab8fa7ad 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -3861,10 +3861,22 @@ pk11_searchCertsAndTrust(PK11Slot *slot, SECItem *derCert, SECItem *name, pk11_cert_collect, &certData); } else if ((issuerSN->derIssuer.data != NULL) && (issuerSN->serialNumber.data != NULL)) { - NSSLOWCERTCertificate *cert = + if (classFlags & NSC_CERT) { + NSSLOWCERTCertificate *cert = nsslowcert_FindCertByIssuerAndSN(certHandle,issuerSN); - pk11_searchSingleCert(&certData,cert); + pk11_searchSingleCert(&certData,cert); + } + if (classFlags & NSC_TRUST) { + NSSLOWCERTTrust *trust = + nsslowcert_FindTrustByIssuerAndSN(certHandle, issuerSN); + + if (trust) { + pk11_addHandle(handles, + pk11_mkHandle(slot,&trust->dbKey,PK11_TOKEN_TYPE_TRUST)); + nsslowcert_DestroyTrust(trust); + } + } } else if (email->data != NULL) { char *tmp_name = (char*)PORT_Alloc(email->len+1); certDBEntrySMime *entry = NULL; @@ -3907,7 +3919,7 @@ pk11_searchCertsAndTrust(PK11Slot *slot, SECItem *derCert, SECItem *name, pk11_addHandle(handles, pk11_mkHandle(slot,&cert->certKey,PK11_TOKEN_TYPE_CERT)); } - if ((classFlags & NSC_TRUST) && nsslowcert_hasTrust(cert)) { + if ((classFlags & NSC_TRUST) && nsslowcert_hasTrust(cert->trust)) { pk11_addHandle(handles, pk11_mkHandle(slot,&cert->certKey,PK11_TOKEN_TYPE_TRUST)); } diff --git a/security/nss/lib/softoken/pkcs11u.c b/security/nss/lib/softoken/pkcs11u.c index 5e42975e0..f700f0a2a 100644 --- a/security/nss/lib/softoken/pkcs11u.c +++ b/security/nss/lib/softoken/pkcs11u.c @@ -389,20 +389,39 @@ static NSSLOWCERTCertificate * pk11_getCert(PK11TokenObject *object) { NSSLOWCERTCertificate *cert; + CK_OBJECT_CLASS objClass = object->obj.objclass; - if ((object->obj.objclass != CKO_CERTIFICATE) && - (object->obj.objclass != CKO_NETSCAPE_TRUST)) { + if ((objClass != CKO_CERTIFICATE) && (objClass != CKO_NETSCAPE_TRUST)) { return NULL; } - if (object->obj.objectInfo) { + if (objClass == CKO_CERTIFICATE && object->obj.objectInfo) { return (NSSLOWCERTCertificate *)object->obj.objectInfo; } cert = nsslowcert_FindCertByKey(object->obj.slot->certDB,&object->dbKey); - object->obj.objectInfo = (void *)cert; - object->obj.infoFree = (PK11Free) nsslowcert_DestroyCertificate ; + if (objClass == CKO_CERTIFICATE) { + object->obj.objectInfo = (void *)cert; + object->obj.infoFree = (PK11Free) nsslowcert_DestroyCertificate ; + } return cert; } +static NSSLOWCERTTrust * +pk11_getTrust(PK11TokenObject *object) +{ + NSSLOWCERTTrust *trust; + + if (object->obj.objclass != CKO_NETSCAPE_TRUST) { + return NULL; + } + if (object->obj.objectInfo) { + return (NSSLOWCERTTrust *)object->obj.objectInfo; + } + trust = nsslowcert_FindTrustByKey(object->obj.slot->certDB,&object->dbKey); + object->obj.objectInfo = (void *)trust; + object->obj.infoFree = (PK11Free) nsslowcert_DestroyTrust ; + return trust; +} + static NSSLOWKEYPublicKey * pk11_GetPublicKey(PK11TokenObject *object) { @@ -881,10 +900,8 @@ pk11_FindSMIMEAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) static PK11Attribute * pk11_FindTrustAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) { - NSSLOWCERTCertificate *cert; + NSSLOWCERTTrust *trust; unsigned char hash[SHA1_LENGTH]; - SECItem *item; - PK11Attribute *attr; unsigned int trustFlags; switch (type) { @@ -897,38 +914,29 @@ pk11_FindTrustAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type) default: break; } - cert = pk11_getCert(object); - if (cert == NULL) { + trust = pk11_getTrust(object); + if (trust == NULL) { return NULL; } switch (type) { case CKA_CERT_SHA1_HASH: - SHA1_HashBuf(hash,cert->derCert.data,cert->derCert.len); - return pk11_NewTokenAttribute(type,hash,SHA1_LENGTH, PR_TRUE); + SHA1_HashBuf(hash,trust->derCert->data,trust->derCert->len); + return pk11_NewTokenAttribute(type, hash, SHA1_LENGTH, PR_TRUE); case CKA_CERT_MD5_HASH: - MD5_HashBuf(hash,cert->derCert.data,cert->derCert.len); - return pk11_NewTokenAttribute(type,hash,MD5_LENGTH, PR_TRUE); - case CKA_ISSUER: - return pk11_NewTokenAttribute(type,cert->derIssuer.data, - cert->derIssuer.len, PR_FALSE); - case CKA_SERIAL_NUMBER: - item = SEC_ASN1EncodeItem(NULL,NULL,cert,pk11_SerialTemplate); - if (item == NULL) break; - attr = pk11_NewTokenAttribute(type, item->data, item->len, PR_TRUE); - SECITEM_FreeItem(item,PR_TRUE); - return attr; + MD5_HashBuf(hash,trust->derCert->data,trust->derCert->len); + return pk11_NewTokenAttribute(type, hash, MD5_LENGTH, PR_TRUE); case CKA_TRUST_CLIENT_AUTH: - trustFlags = cert->trust->sslFlags & CERTDB_TRUSTED_CLIENT_CA ? - cert->trust->sslFlags | CERTDB_TRUSTED_CA : 0 ; + trustFlags = trust->trust->sslFlags & CERTDB_TRUSTED_CLIENT_CA ? + trust->trust->sslFlags | CERTDB_TRUSTED_CA : 0 ; goto trust; case CKA_TRUST_SERVER_AUTH: - trustFlags = cert->trust->sslFlags; + trustFlags = trust->trust->sslFlags; goto trust; case CKA_TRUST_EMAIL_PROTECTION: - trustFlags = cert->trust->emailFlags; + trustFlags = trust->trust->emailFlags; goto trust; case CKA_TRUST_CODE_SIGNING: - trustFlags = cert->trust->objectSigningFlags; + trustFlags = trust->trust->objectSigningFlags; trust: if (trustFlags & CERTDB_TRUSTED_CA ) { return (PK11Attribute *)&pk11_StaticTrustedDelegatorAttr; @@ -952,6 +960,28 @@ trust: default: break; } + +#ifdef notdef + switch (type) { + case CKA_ISSUER: + cert = pk11_getCertObject(object); + if (cert == NULL) break; + attr = pk11_NewTokenAttribute(type,cert->derIssuer.data, + cert->derIssuer.len, PR_FALSE); + + case CKA_SERIAL_NUMBER: + cert = pk11_getCertObject(object); + if (cert == NULL) break; + item = SEC_ASN1EncodeItem(NULL,NULL,cert,pk11_SerialTemplate); + if (item == NULL) break; + attr = pk11_NewTokenAttribute(type, item->data, item->len, PR_TRUE); + SECITEM_FreeItem(item,PR_TRUE); + } + if (cert) { + NSSLOWCERTDestroyCertificate(cert); + return attr; + } +#endif return NULL; } @@ -1180,7 +1210,6 @@ pk11_Attribute2SSecItem(PLArenaPool *arena,SECItem *item,PK11Object *object, CK_ATTRIBUTE_TYPE type) { PK11Attribute *attribute; - unsigned char *start; item->data = NULL; |