The Tor Browser: comparison security/nss/cmd/modutil/modutil.c

--1:000000000000
+:e66a5a55ff07
+/* This Source Code Form is subject to the terms of the Mozilla Public
+* License, v. 2.0. If a copy of the MPL was not distributed with this
+* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* To edit this file, set TABSTOPS to 4 spaces.
+* This is not the normal NSS convention.
+*/
+#include "modutil.h"
+#include "install.h"
+#include <plstr.h>
+#include "certdb.h" /* for CERT_DB_FILE_VERSION */
+#include "nss.h"
+static void install_error(char *message);
+static char* PR_fgets(char *buf, int size, PRFileDesc *file);
+static char *progName;
+/* This enum must be kept in sync with the commandNames list */
+typedef enum {
+	NO_COMMAND,
+	ADD_COMMAND,
+	CHANGEPW_COMMAND,
+	CREATE_COMMAND,
+	DEFAULT_COMMAND,
+	DELETE_COMMAND,
+	DISABLE_COMMAND,
+	ENABLE_COMMAND,
+	FIPS_COMMAND,
+	JAR_COMMAND,
+	LIST_COMMAND,
+	RAW_LIST_COMMAND,
+	RAW_ADD_COMMAND,
+	CHKFIPS_COMMAND,
+	UNDEFAULT_COMMAND
+} Command;
+/* This list must be kept in sync with the Command enum */
+static char *commandNames[] = {
+	"(no command)",
+	"-add",
+	"-changepw",
+	"-create",
+	"-default",
+	"-delete",
+	"-disable",
+	"-enable",
+	"-fips",
+	"-jar",
+	"-list",
+	"-rawlist",
+	"-rawadd",
+	"-chkfips",
+	"-undefault"
+};
+/* this enum must be kept in sync with the optionStrings list */
+typedef enum {
+	ADD_ARG=0,
+	RAW_ADD_ARG,
+	CHANGEPW_ARG,
+	CIPHERS_ARG,
+	CREATE_ARG,
+	DBDIR_ARG,
+	DBPREFIX_ARG,
+	DEFAULT_ARG,
+	DELETE_ARG,
+	DISABLE_ARG,
+	ENABLE_ARG,
+	FIPS_ARG,
+	FORCE_ARG,
+	JAR_ARG,
+	LIBFILE_ARG,
+	LIST_ARG,
+	RAW_LIST_ARG,
+	MECHANISMS_ARG,
+	NEWPWFILE_ARG,
+	PWFILE_ARG,
+	SLOT_ARG,
+	UNDEFAULT_ARG,
+	INSTALLDIR_ARG,
+	TEMPDIR_ARG,
+	SECMOD_ARG,
+	NOCERTDB_ARG,
+	STRING_ARG,
+	CHKFIPS_ARG,
+	NUM_ARGS	/* must be last */
+} Arg;
+/* This list must be kept in sync with the Arg enum */
+static char *optionStrings[] = {
+	"-add",
+	"-rawadd",
+	"-changepw",
+	"-ciphers",
+	"-create",
+	"-dbdir",
+	"-dbprefix",
+	"-default",
+	"-delete",
+	"-disable",
+	"-enable",
+	"-fips",
+	"-force",
+	"-jar",
+	"-libfile",
+	"-list",
+	"-rawlist",
+	"-mechanisms",
+	"-newpwfile",
+	"-pwfile",
+	"-slot",
+	"-undefault",
+	"-installdir",
+	"-tempdir",
+	"-secmod",
+	"-nocertdb",
+	"-string",
+	"-chkfips",
+};
+/* Increment i if doing so would have i still be less than j.  If you
+are able to do this, return 0.  Otherwise return 1. */
+#define TRY_INC(i,j)  ( ((i+1)<j) ? (++i, 0) : 1 )
+/********************************************************************
+*
+* file-wide variables obtained from the command line
+*/
+static Command command = NO_COMMAND;
+static char* pwFile = NULL;
+static char* newpwFile = NULL;
+static char* moduleName = NULL;
+static char* moduleSpec = NULL;
+static char* slotName = NULL;
+static char* secmodName = NULL;
+static char* tokenName = NULL;
+static char* libFile = NULL;
+static char* dbdir = NULL;
+static char* dbprefix = "";
+static char* secmodString = NULL;
+static char* mechanisms = NULL;
+static char* ciphers = NULL;
+static char* fipsArg = NULL;
+static char* jarFile = NULL;
+static char* installDir = NULL;
+static char* tempDir = NULL;
+static short force = 0;
+static PRBool nocertdb = PR_FALSE;
+/*******************************************************************
+*
+* p a r s e _ a r g s
+*/
+static Error
+parse_args(int argc, char *argv[])
+{
+	int i;
+	char *arg;
+	int optionType;
+	/* Loop over all arguments */
+	for(i=1; i < argc; i++) {
+		arg = argv[i];
+		/* Make sure this is an option and not some floating argument */
+		if(arg[0] != '-') {
+			PR_fprintf(PR_STDERR, errStrings[UNEXPECTED_ARG_ERR], argv[i]);
+			return UNEXPECTED_ARG_ERR;
+		}
+		/* Find which option this is */
+		for(optionType=0; optionType < NUM_ARGS; optionType++) {
+			if(! strcmp(arg, optionStrings[optionType])) {
+				break;
+			}
+		}
+		/* Deal with this specific option */
+		switch(optionType) {
+		case NUM_ARGS:
+		default:
+			PR_fprintf(PR_STDERR, errStrings[UNKNOWN_OPTION_ERR], arg);
+			return UNKNOWN_OPTION_ERR;
+			break;
+		case ADD_ARG:
+			if(command != NO_COMMAND) {
+				PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+				return MULTIPLE_COMMAND_ERR;
+			}
+			command = ADD_COMMAND;
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			moduleName = argv[i];
+			break;
+		case CHANGEPW_ARG:
+			if(command != NO_COMMAND) {
+				PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+				return MULTIPLE_COMMAND_ERR;
+			}
+			command = CHANGEPW_COMMAND;
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			tokenName = argv[i];
+			break;
+		case CIPHERS_ARG:
+			if(ciphers != NULL) {
+				PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+				return DUPLICATE_OPTION_ERR;
+			}
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			ciphers = argv[i];
+			break;
+		case CREATE_ARG:
+			if(command != NO_COMMAND) {
+				PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+				return MULTIPLE_COMMAND_ERR;
+			}
+			command = CREATE_COMMAND;
+			break;
+		case DBDIR_ARG:
+			if(dbdir != NULL) {
+				PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+				return DUPLICATE_OPTION_ERR;
+			}
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			dbdir = argv[i];
+			break;
+		case DBPREFIX_ARG:
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			dbprefix = argv[i];
+			break;
+		case UNDEFAULT_ARG:
+		case DEFAULT_ARG:
+			if(command != NO_COMMAND) {
+				PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+				return MULTIPLE_COMMAND_ERR;
+			}
+			if(optionType == DEFAULT_ARG) {
+				command = DEFAULT_COMMAND;
+			} else {
+				command = UNDEFAULT_COMMAND;
+			}
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			moduleName = argv[i];
+			break;
+		case DELETE_ARG:
+			if(command != NO_COMMAND) {
+				PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+				return MULTIPLE_COMMAND_ERR;
+			}
+			command = DELETE_COMMAND;
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			moduleName = argv[i];
+			break;
+		case DISABLE_ARG:
+			if(command != NO_COMMAND) {
+				PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+				return MULTIPLE_COMMAND_ERR;
+			}
+			command = DISABLE_COMMAND;
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			moduleName = argv[i];
+			break;
+		case ENABLE_ARG:
+			if(command != NO_COMMAND) {
+				PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+				return MULTIPLE_COMMAND_ERR;
+			}
+			command = ENABLE_COMMAND;
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			moduleName = argv[i];
+			break;
+		case FIPS_ARG:
+			if(command != NO_COMMAND) {
+				PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+				return MULTIPLE_COMMAND_ERR;
+			}
+			command = FIPS_COMMAND;
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			fipsArg = argv[i];
+			break;
+		case CHKFIPS_ARG:
+			if(command != NO_COMMAND) {
+				PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+				return MULTIPLE_COMMAND_ERR;
+			}
+			command = CHKFIPS_COMMAND;
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			fipsArg = argv[i];
+			break;
+		case FORCE_ARG:
+			force = 1;
+			break;
+		case NOCERTDB_ARG:
+			nocertdb = PR_TRUE;
+			break;
+		case INSTALLDIR_ARG:
+			if(installDir != NULL) {
+				PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+				return DUPLICATE_OPTION_ERR;
+			}
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			installDir = argv[i];
+			break;
+		case TEMPDIR_ARG:
+			if(tempDir != NULL) {
+				PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+				return DUPLICATE_OPTION_ERR;
+			}
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			tempDir = argv[i];
+			break;
+		case JAR_ARG:
+			if(command != NO_COMMAND) {
+				PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+				return MULTIPLE_COMMAND_ERR;
+			}
+			command = JAR_COMMAND;
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			jarFile = argv[i];
+			break;
+		case LIBFILE_ARG:
+			if(libFile != NULL) {
+				PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+				return DUPLICATE_OPTION_ERR;
+			}
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			libFile = argv[i];
+			break;
+		case LIST_ARG:
+			if(command != NO_COMMAND) {
+				PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+				return MULTIPLE_COMMAND_ERR;
+			}
+			command = LIST_COMMAND;
+			/* This option may or may not have an argument */
+			if( (i+1 < argc) && (argv[i+1][0] != '-') ) {
+				moduleName = argv[++i];
+			}
+			break;
+		case RAW_LIST_ARG:
+			if(command != NO_COMMAND) {
+				PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+				return MULTIPLE_COMMAND_ERR;
+			}
+			command = RAW_LIST_COMMAND;
+			/* This option may or may not have an argument */
+			if( (i+1 < argc) && (argv[i+1][0] != '-') ) {
+				moduleName = argv[++i];
+			}
+			break;
+		case RAW_ADD_ARG:
+			if(command != NO_COMMAND) {
+				PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+				return MULTIPLE_COMMAND_ERR;
+			}
+			command = RAW_ADD_COMMAND;
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			moduleSpec = argv[i];
+			break;
+		case MECHANISMS_ARG:
+			if(mechanisms != NULL) {
+				PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+				return DUPLICATE_OPTION_ERR;
+			}
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			mechanisms = argv[i];
+			break;
+		case NEWPWFILE_ARG:
+			if(newpwFile != NULL) {
+				PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+				return DUPLICATE_OPTION_ERR;
+			}
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			newpwFile = argv[i];
+			break;
+		case PWFILE_ARG:
+			if(pwFile != NULL) {
+				PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+				return DUPLICATE_OPTION_ERR;
+			}
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			pwFile = argv[i];
+			break;
+		case SLOT_ARG:
+			if(slotName != NULL) {
+				PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+				return DUPLICATE_OPTION_ERR;
+			}
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			slotName = argv[i];
+			break;
+		case SECMOD_ARG:
+			if(secmodName != NULL) {
+				PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+				return DUPLICATE_OPTION_ERR;
+			}
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			secmodName = argv[i];
+			break;
+		case STRING_ARG:
+			if(secmodString != NULL) {
+				PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+				return DUPLICATE_OPTION_ERR;
+			}
+			if(TRY_INC(i, argc)) {
+				PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+				return OPTION_NEEDS_ARG_ERR;
+			}
+			secmodString = argv[i];
+			break;
+		}
+	}
+	return SUCCESS;
+}
+/************************************************************************
+*
+* v e r i f y _ p a r a m s
+*/
+static Error
+verify_params()
+{
+	switch(command) {
+	case ADD_COMMAND:
+		if(libFile == NULL) {
+			PR_fprintf(PR_STDERR, errStrings[MISSING_PARAM_ERR],
+				commandNames[ADD_COMMAND], optionStrings[LIBFILE_ARG]);
+			return MISSING_PARAM_ERR;
+		}
+		break;
+	case CHANGEPW_COMMAND:
+		break;
+	case CREATE_COMMAND:
+		break;
+	case DELETE_COMMAND:
+		break;
+	case DISABLE_COMMAND:
+		break;
+	case ENABLE_COMMAND:
+		break;
+	case FIPS_COMMAND:
+	case CHKFIPS_COMMAND:
+		if(PL_strcasecmp(fipsArg, "true") &&
+			PL_strcasecmp(fipsArg, "false")) {
+			PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]);
+			return INVALID_FIPS_ARG;
+		}
+		break;
+	case JAR_COMMAND:
+		if(installDir == NULL) {
+			PR_fprintf(PR_STDERR, errStrings[MISSING_PARAM_ERR],
+				commandNames[JAR_COMMAND], optionStrings[INSTALLDIR_ARG]);
+			return MISSING_PARAM_ERR;
+		}
+		break;
+	case LIST_COMMAND:
+	case RAW_LIST_COMMAND:
+		break;
+	case RAW_ADD_COMMAND:
+		break;
+	case UNDEFAULT_COMMAND:
+	case DEFAULT_COMMAND:
+		if(mechanisms == NULL) {
+			PR_fprintf(PR_STDERR, errStrings[MISSING_PARAM_ERR],
+				commandNames[command], optionStrings[MECHANISMS_ARG]);
+			return MISSING_PARAM_ERR;
+		}
+		break;
+	default:
+		/* Ignore this here */
+		break;
+	}
+	return SUCCESS;
+}
+/********************************************************************
+*
+* i n i t _ c r y p t o
+*
+* Does crypto initialization that all commands will require.
+* If -nocertdb option is specified, don't open key or cert db (we don't
+* need them if we aren't going to be verifying signatures).  This is
+* because serverland doesn't always have cert and key database files
+* available.
+*
+* This function is ill advised. Names and locations of databases are
+* private to NSS proper. Such functions only confuse other users.
+*
+*/
+static Error
+check_crypto(PRBool create, PRBool readOnly)
+{
+	char *dir;
+	char *moddbname=NULL;
+	Error retval;
+	static const char multiaccess[] = { "multiaccess:" };
+	dir = SECU_ConfigDirectory(dbdir); /* dir is never NULL */
+	if (dir[0] == '\0') {
+		PR_fprintf(PR_STDERR, errStrings[NO_DBDIR_ERR]);
+		retval=NO_DBDIR_ERR;
+		goto loser;
+	}
+	if (strncmp(dir, multiaccess, sizeof multiaccess - 1) == 0) {
+		/* won't attempt to handle the multiaccess case. */
+		return SUCCESS;
+	}
+#ifdef notdef
+	/* Make sure db directory exists and is readable */
+	if(PR_Access(dir, PR_ACCESS_EXISTS) != PR_SUCCESS) {
+		PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dir);
+		retval = DIR_DOESNT_EXIST_ERR;
+		goto loser;
+	} else if(PR_Access(dir, PR_ACCESS_READ_OK) != PR_SUCCESS) {
+		PR_fprintf(PR_STDERR, errStrings[DIR_NOT_READABLE_ERR], dir);
+		retval = DIR_NOT_READABLE_ERR;
+		goto loser;
+	}
+	if (secmodName == NULL) {
+		secmodName = "secmod.db";
+	}
+	moddbname = PR_smprintf("%s/%s", dir, secmodName);
+	if (!moddbname)
+	    return OUT_OF_MEM_ERR;
+	/* Check for the proper permissions on databases */
+	if(create) {
+		/* Make sure dbs don't already exist, and the directory is
+			writeable */
+		if(PR_Access(moddbname, PR_ACCESS_EXISTS)==PR_SUCCESS) {
+			PR_fprintf(PR_STDERR, errStrings[FILE_ALREADY_EXISTS_ERR],
+			           moddbname);
+			retval=FILE_ALREADY_EXISTS_ERR;
+			goto loser;
+		} else
+		if(PR_Access(dir, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
+			PR_fprintf(PR_STDERR, errStrings[DIR_NOT_WRITEABLE_ERR], dir);
+			retval=DIR_NOT_WRITEABLE_ERR;
+			goto loser;
+		}
+	} else {
+		/* Make sure dbs are readable and writeable */
+		if(PR_Access(moddbname, PR_ACCESS_READ_OK) != PR_SUCCESS) {
+			PR_fprintf(PR_STDERR, errStrings[FILE_NOT_READABLE_ERR], moddbname);
+			retval=FILE_NOT_READABLE_ERR;
+			goto loser;
+		}
+		/* Check for write access if we'll be making changes */
+		if( !readOnly ) {
+			if(PR_Access(moddbname, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
+				PR_fprintf(PR_STDERR, errStrings[FILE_NOT_WRITEABLE_ERR],
+							moddbname);
+				retval=FILE_NOT_WRITEABLE_ERR;
+				goto loser;
+			}
+		}
+		PR_fprintf(PR_STDOUT, msgStrings[USING_DBDIR_MSG],
+		  SECU_ConfigDirectory(NULL));
+	}
+#endif
+	retval=SUCCESS;
+loser:
+	if (moddbname) {
+		PR_Free(moddbname);
+	}
+	return retval;
+}
+static Error
+init_crypto(PRBool create, PRBool readOnly)
+{
+	PRUint32  flags = 0;
+	SECStatus rv;
+	Error     retval;
+	/* Open/create key database */
+	if (readOnly) flags |= NSS_INIT_READONLY;
+	if (nocertdb) flags |= NSS_INIT_NOCERTDB;
+	rv = NSS_Initialize(SECU_ConfigDirectory(NULL), dbprefix, dbprefix,
+		       secmodName, flags);
+	if (rv != SECSuccess) {
+		SECU_PrintPRandOSError(progName);
+		retval=NSS_INITIALIZE_FAILED_ERR;
+	} else
+		retval=SUCCESS;
+	return retval;
+}
+/*************************************************************************
+*
+* u s a g e
+*/
+static void
+usage()
+{
+	PR_fprintf(PR_STDOUT,
+"\nNetscape Cryptographic Module Utility\n"
+"Usage: modutil [command] [options]\n\n"
+"                            COMMANDS\n"
+"---------------------------------------------------------------------------\n"
+"-add MODULE_NAME                 Add the named module to the module database\n"
+"   -libfile LIBRARY_FILE         The name of the file (.so or .dll)\n"
+"                                 containing the implementation of PKCS #11\n"
+"   [-ciphers CIPHER_LIST]        Enable the given ciphers on this module\n"
+"   [-mechanisms MECHANISM_LIST]  Make the module a default provider of the\n"
+"                                 given mechanisms\n"
+"   [-string CONFIG_STRING]       Pass a configuration string to this module\n"
+"-changepw TOKEN                  Change the password on the named token\n"
+"   [-pwfile FILE]                The old password is in this file\n"
+"   [-newpwfile FILE]             The new password is in this file\n"
+"-chkfips [ true | false ]        If true, verify  FIPS mode.  If false,\n"
+"                                 verify not FIPS mode\n"
+"-create                          Create a new set of security databases\n"
+"-default MODULE                  Make the given module a default provider\n"
+"   -mechanisms MECHANISM_LIST    of the given mechanisms\n"
+"   [-slot SLOT]                  limit change to only the given slot\n"
+"-delete MODULE                   Remove the named module from the module\n"
+"                                 database\n"
+"-disable MODULE                  Disable the named module\n"
+"   [-slot SLOT]                  Disable only the named slot on the module\n"
+"-enable MODULE                   Enable the named module\n"
+"   [-slot SLOT]                  Enable only the named slot on the module\n"
+"-fips [ true | false ]           If true, enable FIPS mode.  If false,\n"
+"                                 disable FIPS mode\n"
+"-force                           Do not run interactively\n"
+"-jar JARFILE                     Install a PKCS #11 module from the given\n"
+"                                 JAR file in the PKCS #11 JAR format\n"
+"   -installdir DIR               Use DIR as the root directory of the\n"
+"                                 installation\n"
+"   [-tempdir DIR]                Use DIR as the temporary installation\n"
+"                                 directory. If not specified, the current\n"
+"                                 directory is used\n"
+"-list [MODULE]                   Lists information about the specified module\n"
+"                                 or about all modules if none is specified\n"
+"-rawadd MODULESPEC               Add module spec string to secmod DB\n"
+"-rawlist [MODULE]                Display module spec(s) for one or all\n"
+"                                 loadable modules\n"
+"-undefault MODULE                The given module is NOT a default provider\n"
+"   -mechanisms MECHANISM_LIST    of the listed mechanisms\n"
+"   [-slot SLOT]                  limit change to only the given slot\n"
+"---------------------------------------------------------------------------\n"
+"\n"
+"                             OPTIONS\n"
+"---------------------------------------------------------------------------\n"
+"-dbdir DIR                       Directory DIR contains the security databases\n"
+"-dbprefix prefix                 Prefix for the security databases\n"
+"-nocertdb                        Do not load certificate or key databases. No\n"
+"                                 verification will be performed on JAR files.\n"
+"-secmod secmodName               Name of the security modules file\n"
+"---------------------------------------------------------------------------\n"
+"\n"
+"Mechanism lists are colon-separated.  The following mechanisms are recognized:\n"
+"RSA, DSA, DH, RC2, RC4, RC5, AES, CAMELLIA, DES, MD2, MD5, SHA1, SHA256, SHA512,\n"
+"SSL, TLS, RANDOM, and FRIENDLY\n"
+"\n"
+"Cipher lists are colon-separated.  The following ciphers are recognized:\n"
+"\n"
+"\nQuestions or bug reports should be sent to modutil-support@netscape.com.\n"
+);
+}
+/*************************************************************************
+*
+* m a i n
+*/
+int
+main(int argc, char *argv[])
+{
+	int errcode = SUCCESS;
+	PRBool createdb, readOnly;
+#define STDINBUF_SIZE 80
+	char stdinbuf[STDINBUF_SIZE];
+	progName = strrchr(argv[0], '/');
+	progName = progName ? progName+1 : argv[0];
+	PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
+	if(parse_args(argc, argv) != SUCCESS) {
+		usage();
+		errcode = INVALID_USAGE_ERR;
+		goto loser;
+	}
+	if(verify_params() != SUCCESS) {
+		usage();
+		errcode = INVALID_USAGE_ERR;
+		goto loser;
+	}
+	if(command==NO_COMMAND) {
+		PR_fprintf(PR_STDERR, errStrings[NO_COMMAND_ERR]);
+		usage();
+		errcode = INVALID_USAGE_ERR;
+		goto loser;
+	}
+	/* Set up crypto stuff */
+	createdb = command==CREATE_COMMAND;
+	readOnly = ((command == LIST_COMMAND) ||
+	            (command == CHKFIPS_COMMAND) ||
+	            (command == RAW_LIST_COMMAND));
+	/* Make sure browser is not running if we're writing to a database */
+	/* Do this before initializing crypto */
+	if(!readOnly && !force) {
+		char *response;
+		PR_fprintf(PR_STDOUT, msgStrings[BROWSER_RUNNING_MSG]);
+		if( ! PR_fgets(stdinbuf, STDINBUF_SIZE, PR_STDIN)) {
+			PR_fprintf(PR_STDERR, errStrings[STDIN_READ_ERR]);
+			errcode = STDIN_READ_ERR;
+			goto loser;
+		}
+		if( (response=strtok(stdinbuf, " \r\n\t")) ) {
+			if(!PL_strcasecmp(response, "q")) {
+				PR_fprintf(PR_STDOUT, msgStrings[ABORTING_MSG]);
+				errcode = SUCCESS;
+				goto loser;
+			}
+		}
+		PR_fprintf(PR_STDOUT, "\n");
+	}
+	errcode = check_crypto(createdb, readOnly);
+	if( errcode != SUCCESS) {
+		goto loser;
+	}
+	if ((command == RAW_LIST_COMMAND) || (command == RAW_ADD_COMMAND)) {
+		if(!moduleName) {
+			char *readOnlyStr, *noCertDBStr, *sep;
+			if (!secmodName) secmodName="secmod.db";
+			if (!dbprefix) dbprefix = "";
+			sep = ((command == RAW_LIST_COMMAND) && nocertdb) ? "," : " ";
+			readOnlyStr = (command == RAW_LIST_COMMAND) ? "readOnly" : "" ;
+			noCertDBStr = nocertdb ? "noCertDB" : "";
+			SECU_ConfigDirectory(dbdir);
+			moduleName=PR_smprintf(
+"name=\"NSS default Module DB\" parameters=\"configdir=%s certPrefix=%s "
+"keyPrefix=%s secmod=%s flags=%s%s%s\" NSS=\"flags=internal,moduleDB,"
+"moduleDBOnly,critical\"",
+			                       SECU_ConfigDirectory(NULL),dbprefix,dbprefix,
+			                       secmodName, readOnlyStr,sep, noCertDBStr);
+		}
+		if (command == RAW_LIST_COMMAND) {
+			errcode = RawListModule(moduleName);
+		} else {
+			PORT_Assert(moduleSpec);
+			errcode = RawAddModule(moduleName,moduleSpec);
+		}
+		goto loser;
+	}
+	errcode = init_crypto(createdb, readOnly);
+	if( errcode != SUCCESS) {
+		goto loser;
+	}
+	errcode = LoadMechanismList();
+	if (errcode != SUCCESS) {
+		goto loser;
+	}
+	/* Execute the command */
+	switch(command) {
+	case ADD_COMMAND:
+		errcode = AddModule(moduleName, libFile, ciphers, mechanisms, secmodString);
+		break;
+	case CHANGEPW_COMMAND:
+		errcode = ChangePW(tokenName, pwFile, newpwFile);
+		break;
+	case CREATE_COMMAND:
+		/* The work was already done in init_crypto() */
+		break;
+	case DEFAULT_COMMAND:
+		errcode = SetDefaultModule(moduleName, slotName, mechanisms);
+		break;
+	case DELETE_COMMAND:
+		errcode = DeleteModule(moduleName);
+		break;
+	case DISABLE_COMMAND:
+		errcode = EnableModule(moduleName, slotName, PR_FALSE);
+		break;
+	case ENABLE_COMMAND:
+		errcode = EnableModule(moduleName, slotName, PR_TRUE);
+		break;
+	case FIPS_COMMAND:
+		errcode = FipsMode(fipsArg);
+		break;
+	case CHKFIPS_COMMAND:
+		errcode = ChkFipsMode(fipsArg);
+		break;
+	case JAR_COMMAND:
+		Pk11Install_SetErrorHandler(install_error);
+		errcode = Pk11Install_DoInstall(jarFile, installDir, tempDir,
+		                                PR_STDOUT, force, nocertdb);
+		break;
+	case LIST_COMMAND:
+		if(moduleName) {
+			errcode = ListModule(moduleName);
+		} else {
+			errcode = ListModules();
+		}
+		break;
+	case UNDEFAULT_COMMAND:
+		errcode = UnsetDefaultModule(moduleName, slotName, mechanisms);
+		break;
+	default:
+		PR_fprintf(PR_STDERR, "This command is not supported yet.\n");
+		errcode = INVALID_USAGE_ERR;
+		break;
+	}
+	if (NSS_Shutdown() != SECSuccess) {
+		exit(1);
+	}
+loser:
+	PR_Cleanup();
+	return errcode;
+}
+/************************************************************************
+*
+* i n s t a l l _ e r r o r
+*
+* Callback function to handle errors in PK11 JAR file installation.
+*/
+static void
+install_error(char *message)
+{
+	PR_fprintf(PR_STDERR, "Install error: %s\n", message);
+}
+/*************************************************************************
+*
+* o u t _ o f _ m e m o r y
+*/
+void
+out_of_memory(void)
+{
+	PR_fprintf(PR_STDERR, errStrings[OUT_OF_MEM_ERR]);
+	exit(OUT_OF_MEM_ERR);
+}
+/**************************************************************************
+*
+* P R _ f g e t s
+*
+* fgets implemented with NSPR.
+*/
+static char*
+PR_fgets(char *buf, int size, PRFileDesc *file)
+{
+	int i;
+	int status;
+	char c;
+	i=0;
+	while(i < size-1) {
+		status = PR_Read(file, (void*) &c, 1);
+		if(status==-1) {
+			return NULL;
+		} else if(status==0) {
+			break;
+		}
+		buf[i++] = c;
+		if(c=='\n') {
+			break;
+		}
+	}
+	buf[i]='\0';
+	return buf;
+}

The Tor Browser / file comparison

comparison: security/nss/cmd/modutil/modutil.c

security/nss/cmd/modutil/modutil.c