The Tor Browser / file revision

security/nss/cmd/dbtest/dbtest.c@b8a032363ba2

security/nss/cmd/dbtest/dbtest.c

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

     1 /* This Source Code Form is subject to the terms of the Mozilla Public

     2  * License, v. 2.0. If a copy of the MPL was not distributed with this

     3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

     4 

     5 /*

     6 ** dbtest.c

     7 **

     8 ** QA test for cert and key databases, especially to open

     9 ** database readonly (NSS_INIT_READONLY) and force initializations

    10 ** even if the databases cannot be opened (NSS_INIT_FORCEOPEN)

    11 **

    12 */

    13 #include <stdio.h>

    14 #include <string.h>

    15 

    16 #if defined(WIN32)

    17 #include "fcntl.h"

    18 #include "io.h"

    19 #endif

    20 

    21 #include "secutil.h"

    22 #include "pk11pub.h"

    23 

    24 #if defined(XP_UNIX)

    25 #include <unistd.h>

    26 #endif

    27 

    28 #include "nspr.h"

    29 #include "prtypes.h"

    30 #include "certdb.h"

    31 #include "nss.h"

    32 #include "../modutil/modutil.h"

    33 

    34 #include "plgetopt.h"

    35 

    36 static char *progName;

    37 

    38 char *dbDir  =  NULL;

    39 

    40 static char *dbName[]={"secmod.db", "cert8.db", "key3.db"}; 

    41 static char* dbprefix = "";

    42 static char* secmodName = "secmod.db";

    43 static char* userPassword = "";

    44 PRBool verbose;

    45 

    46 static char *

    47 getPassword(PK11SlotInfo *slot, PRBool retry, void *arg)

    48 {

    49     int *success = (int *)arg;

    50 

    51     if (retry) {

    52 	*success = 0;

    53 	return NULL;

    54     }

    55 

    56     *success = 1;

    57      return PORT_Strdup(userPassword);

    58 }

    59 

    60 

    61 static void Usage(const char *progName)

    62 {

    63     printf("Usage:  %s [-r] [-f] [-i] [-d dbdir ] \n",

    64          progName);

    65     printf("%-20s open database readonly (NSS_INIT_READONLY)\n", "-r");

    66     printf("%-20s Continue to force initializations even if the\n", "-f");

    67     printf("%-20s databases cannot be opened (NSS_INIT_FORCEOPEN)\n", " ");

    68     printf("%-20s Try to initialize the database\n", "-i");

    69     printf("%-20s Supply a password with which to initialize the db\n", "-p");

    70     printf("%-20s Directory with cert database (default is .\n",

    71           "-d certdir");

    72     exit(1);

    73 }

    74 

    75 int main(int argc, char **argv)

    76 {

    77     PLOptState *optstate;

    78     PLOptStatus optstatus;

    79 

    80     PRUint32 flags = 0;

    81     Error ret;

    82     SECStatus rv;

    83     char * dbString = NULL;

    84     PRBool doInitTest = PR_FALSE;

    85     int i;

    86 

    87     progName = strrchr(argv[0], '/');

    88     if (!progName)

    89         progName = strrchr(argv[0], '\\');

    90     progName = progName ? progName+1 : argv[0];

    91 

    92     optstate = PL_CreateOptState(argc, argv, "rfip:d:h");

    93 

    94     while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {

    95         switch (optstate->option) {

    96           case 'h':

    97           default : Usage(progName);                    break;

    98 

    99           case 'r': flags |= NSS_INIT_READONLY;         break;

   100 

   101           case 'f': flags |= NSS_INIT_FORCEOPEN;        break;

   102 

   103 	  case 'i': doInitTest = PR_TRUE;		break;

   104 

   105 	  case 'p':

   106 		userPassword = PORT_Strdup(optstate->value);

   107 		break;

   108 

   109           case 'd':

   110                 dbDir = PORT_Strdup(optstate->value);

   111                 break;

   112 

   113         }

   114     }

   115     if (optstatus == PL_OPT_BAD)

   116         Usage(progName);

   117 

   118     if (!dbDir) {

   119         dbDir = SECU_DefaultSSLDir(); /* Look in $SSL_DIR */

   120     }

   121     dbDir = SECU_ConfigDirectory(dbDir);

   122     PR_fprintf(PR_STDERR, "dbdir selected is %s\n\n", dbDir);

   123 

   124     if( dbDir[0] == '\0') {

   125         PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dbDir);

   126         ret= DIR_DOESNT_EXIST_ERR;

   127         goto loser;

   128     }

   129 

   130 

   131     PR_Init( PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);

   132 

   133     /* get the status of the directory and databases and output message */

   134     if(PR_Access(dbDir, PR_ACCESS_EXISTS) != PR_SUCCESS) {

   135         PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dbDir);

   136     } else if(PR_Access(dbDir, PR_ACCESS_READ_OK) != PR_SUCCESS) {

   137         PR_fprintf(PR_STDERR, errStrings[DIR_NOT_READABLE_ERR], dbDir);

   138     } else {

   139         if( !( flags & NSS_INIT_READONLY ) &&

   140                 PR_Access(dbDir, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {

   141             PR_fprintf(PR_STDERR, errStrings[DIR_NOT_WRITEABLE_ERR], dbDir);

   142         }

   143 	if (!doInitTest) {

   144             for (i=0;i<3;i++) {

   145         	dbString=PR_smprintf("%s/%s",dbDir,dbName[i]);

   146         	PR_fprintf(PR_STDOUT, "database checked is %s\n",dbString);

   147         	if(PR_Access(dbString, PR_ACCESS_EXISTS) != PR_SUCCESS) {

   148                     PR_fprintf(PR_STDERR, errStrings[FILE_DOESNT_EXIST_ERR], 

   149                                       dbString);

   150         	} else if(PR_Access(dbString, PR_ACCESS_READ_OK) != PR_SUCCESS) {

   151                     PR_fprintf(PR_STDERR, errStrings[FILE_NOT_READABLE_ERR], 

   152                                       dbString);

   153         	} else if( !( flags & NSS_INIT_READONLY ) &&

   154                        PR_Access(dbString, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {

   155                     PR_fprintf(PR_STDERR, errStrings[FILE_NOT_WRITEABLE_ERR], 

   156                                       dbString);

   157         	}

   158 	    }

   159         } 

   160     }

   161 

   162 

   163     rv = NSS_Initialize(SECU_ConfigDirectory(dbDir), dbprefix, dbprefix,

   164                    secmodName, flags);

   165     if (rv != SECSuccess) {

   166         SECU_PrintPRandOSError(progName);

   167         ret=NSS_INITIALIZE_FAILED_ERR;

   168     } else {

   169         ret=SUCCESS;

   170 	if (doInitTest) {

   171 	    PK11SlotInfo * slot = PK11_GetInternalKeySlot();

   172 	    SECStatus rv;

   173 	    int passwordSuccess = 0;

   174 	    int type = CKM_DES3_CBC;

   175 	    SECItem keyid = { 0, NULL, 0 };

   176 	    unsigned char keyIdData[] = { 0xff, 0xfe };

   177 	    PK11SymKey *key = NULL;

   178 

   179 	    keyid.data = keyIdData;

   180 	    keyid.len = sizeof(keyIdData);

   181 

   182 	    PK11_SetPasswordFunc(getPassword);

   183 	    rv = PK11_InitPin(slot, (char *)NULL, userPassword);

   184 	    if (rv != SECSuccess) {

   185 		PR_fprintf(PR_STDERR, "Failed to Init DB: %s\n", 

   186 					SECU_Strerror(PORT_GetError()));

   187 		ret = CHANGEPW_FAILED_ERR;

   188 	    }

   189 	    if (*userPassword && !PK11_IsLoggedIn(slot, &passwordSuccess)) {

   190                 PR_fprintf(PR_STDERR, "New DB did not log in after init\n");

   191 		ret = AUTHENTICATION_FAILED_ERR;

   192 	    }

   193 	    /* generate a symetric key */

   194 	    key = PK11_TokenKeyGen(slot, type, NULL, 0, &keyid,

   195 				    PR_TRUE, &passwordSuccess);

   196 

   197 	    if (!key) {

   198 		PR_fprintf(PR_STDERR, "Could not generated symetric key: %s\n",

   199 				SECU_Strerror(PORT_GetError()));

   200 		exit (UNSPECIFIED_ERR);

   201 	    }

   202 	    PK11_FreeSymKey(key);

   203 	    PK11_Logout(slot);

   204 

   205 	    PK11_Authenticate(slot, PR_TRUE, &passwordSuccess);

   206 

   207 	    if (*userPassword && !passwordSuccess) {

   208 		PR_fprintf(PR_STDERR, "New DB Did not initalize\n");

   209 		ret = AUTHENTICATION_FAILED_ERR;

   210 	    }

   211 	    key = PK11_FindFixedKey(slot, type, &keyid, &passwordSuccess);

   212 

   213 	    if (!key) {

   214 		PR_fprintf(PR_STDERR, "Could not find generated key: %s\n",

   215 				SECU_Strerror(PORT_GetError()));

   216 		ret = UNSPECIFIED_ERR;

   217 	    } else {

   218 		PK11_FreeSymKey(key);

   219 	    }

   220  	    PK11_FreeSlot(slot);

   221 	}

   222 	     

   223         if (NSS_Shutdown() != SECSuccess) {

   224 	    PR_fprintf(PR_STDERR, "Could not find generated key: %s\n",

   225 				SECU_Strerror(PORT_GetError()));

   226             exit(1);

   227         }

   228     }

   229 

   230 loser:

   231     return ret;

   232 }

   233

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial