OLD | NEW |
| (Empty) |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
4 /* | |
5 * The following code handles the storage of PKCS 11 modules used by the | |
6 * NSS. This file is written to abstract away how the modules are | |
7 * stored so we can decide that later. | |
8 */ | |
9 #include "secport.h" | |
10 #include "prprf.h" | |
11 #include "prenv.h" | |
12 #include "utilpars.h" | |
13 #include "utilmodt.h" | |
14 | |
15 /* | |
16 * return the expected matching quote value for the one specified | |
17 */ | |
18 PRBool NSSUTIL_ArgGetPair(char c) { | |
19 switch (c) { | |
20 case '\'': return c; | |
21 case '\"': return c; | |
22 case '<': return '>'; | |
23 case '{': return '}'; | |
24 case '[': return ']'; | |
25 case '(': return ')'; | |
26 default: break; | |
27 } | |
28 return ' '; | |
29 } | |
30 | |
31 PRBool NSSUTIL_ArgIsBlank(char c) { | |
32 return isspace((unsigned char )c); | |
33 } | |
34 | |
35 PRBool NSSUTIL_ArgIsEscape(char c) { | |
36 return c == '\\'; | |
37 } | |
38 | |
39 PRBool NSSUTIL_ArgIsQuote(char c) { | |
40 switch (c) { | |
41 case '\'': | |
42 case '\"': | |
43 case '<': | |
44 case '{': /* } end curly to keep vi bracket matching working */ | |
45 case '(': /* ) */ | |
46 case '[': /* ] */ return PR_TRUE; | |
47 default: break; | |
48 } | |
49 return PR_FALSE; | |
50 } | |
51 | |
52 const char *NSSUTIL_ArgStrip(const char *c) { | |
53 while (*c && NSSUTIL_ArgIsBlank(*c)) c++; | |
54 return c; | |
55 } | |
56 | |
57 /* | |
58 * find the end of the current tag/value pair. string should be pointing just | |
59 * after the equal sign. Handles quoted characters. | |
60 */ | |
61 const char * | |
62 NSSUTIL_ArgFindEnd(const char *string) { | |
63 char endChar = ' '; | |
64 PRBool lastEscape = PR_FALSE; | |
65 | |
66 if (NSSUTIL_ArgIsQuote(*string)) { | |
67 endChar = NSSUTIL_ArgGetPair(*string); | |
68 string++; | |
69 } | |
70 | |
71 for (;*string; string++) { | |
72 if (lastEscape) { | |
73 lastEscape = PR_FALSE; | |
74 continue; | |
75 } | |
76 if (NSSUTIL_ArgIsEscape(*string) && !lastEscape) { | |
77 lastEscape = PR_TRUE; | |
78 continue; | |
79 } | |
80 if ((endChar == ' ') && NSSUTIL_ArgIsBlank(*string)) break; | |
81 if (*string == endChar) { | |
82 break; | |
83 } | |
84 } | |
85 | |
86 return string; | |
87 } | |
88 | |
89 /* | |
90 * get the value pointed to by string. string should be pointing just beyond | |
91 * the equal sign. | |
92 */ | |
93 char * | |
94 NSSUTIL_ArgFetchValue(const char *string, int *pcount) | |
95 { | |
96 const char *end = NSSUTIL_ArgFindEnd(string); | |
97 char *retString, *copyString; | |
98 PRBool lastEscape = PR_FALSE; | |
99 int len; | |
100 | |
101 len = end - string; | |
102 if (len == 0) { | |
103 *pcount = 0; | |
104 return NULL; | |
105 } | |
106 | |
107 copyString = retString = (char *)PORT_Alloc(len+1); | |
108 | |
109 if (*end) len++; | |
110 *pcount = len; | |
111 if (retString == NULL) return NULL; | |
112 | |
113 | |
114 if (NSSUTIL_ArgIsQuote(*string)) string++; | |
115 for (; string < end; string++) { | |
116 if (NSSUTIL_ArgIsEscape(*string) && !lastEscape) { | |
117 lastEscape = PR_TRUE; | |
118 continue; | |
119 } | |
120 lastEscape = PR_FALSE; | |
121 *copyString++ = *string; | |
122 } | |
123 *copyString = 0; | |
124 return retString; | |
125 } | |
126 | |
127 /* | |
128 * point to the next parameter in string | |
129 */ | |
130 const char * | |
131 NSSUTIL_ArgSkipParameter(const char *string) | |
132 { | |
133 const char *end; | |
134 /* look for the end of the <name>= */ | |
135 for (;*string; string++) { | |
136 if (*string == '=') { string++; break; } | |
137 if (NSSUTIL_ArgIsBlank(*string)) return(string); | |
138 } | |
139 | |
140 end = NSSUTIL_ArgFindEnd(string); | |
141 if (*end) end++; | |
142 return end; | |
143 } | |
144 | |
145 /* | |
146 * get the value from that tag value pair. | |
147 */ | |
148 char * | |
149 NSSUTIL_ArgGetParamValue(const char *paramName, const char *parameters) | |
150 { | |
151 char searchValue[256]; | |
152 int paramLen = strlen(paramName); | |
153 char *returnValue = NULL; | |
154 int next; | |
155 | |
156 if ((parameters == NULL) || (*parameters == 0)) return NULL; | |
157 | |
158 PORT_Assert(paramLen+2 < sizeof(searchValue)); | |
159 | |
160 PORT_Strcpy(searchValue,paramName); | |
161 PORT_Strcat(searchValue,"="); | |
162 while (*parameters) { | |
163 if (PORT_Strncasecmp(parameters,searchValue,paramLen+1) == 0) { | |
164 parameters += paramLen+1; | |
165 returnValue = NSSUTIL_ArgFetchValue(parameters,&next); | |
166 break; | |
167 } else { | |
168 parameters = NSSUTIL_ArgSkipParameter(parameters); | |
169 } | |
170 parameters = NSSUTIL_ArgStrip(parameters); | |
171 } | |
172 return returnValue; | |
173 } | |
174 | |
175 /* | |
176 * find the next flag in the parameter list | |
177 */ | |
178 const char * | |
179 NSSUTIL_ArgNextFlag(const char *flags) | |
180 { | |
181 for (; *flags ; flags++) { | |
182 if (*flags == ',') { | |
183 flags++; | |
184 break; | |
185 } | |
186 } | |
187 return flags; | |
188 } | |
189 | |
190 /* | |
191 * return true if the flag is set in the label parameter. | |
192 */ | |
193 PRBool | |
194 NSSUTIL_ArgHasFlag(const char *label, const char *flag, const char *parameters) | |
195 { | |
196 char *flags; | |
197 const char *index; | |
198 int len = strlen(flag); | |
199 PRBool found = PR_FALSE; | |
200 | |
201 flags = NSSUTIL_ArgGetParamValue(label,parameters); | |
202 if (flags == NULL) return PR_FALSE; | |
203 | |
204 for (index=flags; *index; index=NSSUTIL_ArgNextFlag(index)) { | |
205 if (PORT_Strncasecmp(index,flag,len) == 0) { | |
206 found=PR_TRUE; | |
207 break; | |
208 } | |
209 } | |
210 PORT_Free(flags); | |
211 return found; | |
212 } | |
213 | |
214 /* | |
215 * decode a number. handle octal (leading '0'), hex (leading '0x') or decimal | |
216 */ | |
217 long | |
218 NSSUTIL_ArgDecodeNumber(const char *num) | |
219 { | |
220 int radix = 10; | |
221 unsigned long value = 0; | |
222 long retValue = 0; | |
223 int sign = 1; | |
224 int digit; | |
225 | |
226 if (num == NULL) return retValue; | |
227 | |
228 num = NSSUTIL_ArgStrip(num); | |
229 | |
230 if (*num == '-') { | |
231 sign = -1; | |
232 num++; | |
233 } | |
234 | |
235 if (*num == '0') { | |
236 radix = 8; | |
237 num++; | |
238 if ((*num == 'x') || (*num == 'X')) { | |
239 radix = 16; | |
240 num++; | |
241 } | |
242 } | |
243 | |
244 | |
245 for ( ;*num; num++ ) { | |
246 if (isdigit(*num)) { | |
247 digit = *num - '0'; | |
248 } else if ((*num >= 'a') && (*num <= 'f')) { | |
249 digit = *num - 'a' + 10; | |
250 } else if ((*num >= 'A') && (*num <= 'F')) { | |
251 digit = *num - 'A' + 10; | |
252 } else { | |
253 break; | |
254 } | |
255 if (digit >= radix) break; | |
256 value = value*radix + digit; | |
257 } | |
258 | |
259 retValue = ((int) value) * sign; | |
260 return retValue; | |
261 } | |
262 | |
263 /* | |
264 * parameters are tag value pairs. This function returns the tag or label (the | |
265 * value before the equal size. | |
266 */ | |
267 char * | |
268 NSSUTIL_ArgGetLabel(const char *inString, int *next) | |
269 { | |
270 char *name=NULL; | |
271 const char *string; | |
272 int len; | |
273 | |
274 /* look for the end of the <label>= */ | |
275 for (string = inString;*string; string++) { | |
276 if (*string == '=') { break; } | |
277 if (NSSUTIL_ArgIsBlank(*string)) break; | |
278 } | |
279 | |
280 len = string - inString; | |
281 | |
282 *next = len; | |
283 if (*string == '=') (*next) += 1; | |
284 if (len > 0) { | |
285 name = PORT_Alloc(len+1); | |
286 PORT_Strncpy(name,inString,len); | |
287 name[len] = 0; | |
288 } | |
289 return name; | |
290 } | |
291 | |
292 /* | |
293 * read an argument at a Long integer | |
294 */ | |
295 long | |
296 NSSUTIL_ArgReadLong(const char *label, const char *params, | |
297 long defValue, PRBool *isdefault) | |
298 { | |
299 char *value; | |
300 long retValue; | |
301 if (isdefault) *isdefault = PR_FALSE; | |
302 | |
303 value = NSSUTIL_ArgGetParamValue(label, params); | |
304 if (value == NULL) { | |
305 if (isdefault) *isdefault = PR_TRUE; | |
306 return defValue; | |
307 } | |
308 retValue = NSSUTIL_ArgDecodeNumber(value); | |
309 if (value) PORT_Free(value); | |
310 | |
311 return retValue; | |
312 } | |
313 | |
314 | |
315 /* | |
316 * prepare a string to be quoted with 'quote' marks. We do that by adding | |
317 * appropriate escapes. | |
318 */ | |
319 static int | |
320 nssutil_escapeQuotesSize(const char *string, char quote, PRBool addquotes) | |
321 { | |
322 int escapes = 0, size = 0; | |
323 const char *src; | |
324 | |
325 size= addquotes ? 2 : 0; | |
326 for (src=string; *src ; src++) { | |
327 if ((*src == quote) || (*src == '\\')) escapes++; | |
328 size++; | |
329 } | |
330 return size+escapes+1; | |
331 | |
332 } | |
333 | |
334 static char * | |
335 nssutil_escapeQuotes(const char *string, char quote, PRBool addquotes) | |
336 { | |
337 char *newString = 0; | |
338 int size = 0; | |
339 const char *src; | |
340 char *dest; | |
341 | |
342 size = nssutil_escapeQuotesSize(string, quote, addquotes); | |
343 | |
344 dest = newString = PORT_ZAlloc(size); | |
345 if (newString == NULL) { | |
346 return NULL; | |
347 } | |
348 | |
349 if (addquotes) *dest++=quote; | |
350 for (src=string; *src; src++,dest++) { | |
351 if ((*src == '\\') || (*src == quote)) { | |
352 *dest++ = '\\'; | |
353 } | |
354 *dest = *src; | |
355 } | |
356 if (addquotes) *dest=quote; | |
357 | |
358 return newString; | |
359 } | |
360 | |
361 int | |
362 NSSUTIL_EscapeSize(const char *string, char quote) | |
363 { | |
364 return nssutil_escapeQuotesSize(string, quote, PR_FALSE); | |
365 } | |
366 | |
367 char * | |
368 NSSUTIL_Escape(const char *string, char quote) | |
369 { | |
370 return nssutil_escapeQuotes(string, quote, PR_FALSE); | |
371 } | |
372 | |
373 | |
374 int | |
375 NSSUTIL_QuoteSize(const char *string, char quote) | |
376 { | |
377 return nssutil_escapeQuotesSize(string, quote, PR_TRUE); | |
378 } | |
379 | |
380 char * | |
381 NSSUTIL_Quote(const char *string, char quote) | |
382 { | |
383 return nssutil_escapeQuotes(string, quote, PR_TRUE); | |
384 } | |
385 | |
386 int | |
387 NSSUTIL_DoubleEscapeSize(const char *string, char quote1, char quote2) | |
388 { | |
389 int escapes = 0, size = 0; | |
390 const char *src; | |
391 for (src=string; *src ; src++) { | |
392 if (*src == '\\') escapes+=3; /* \\\\ */ | |
393 if (*src == quote1) escapes+=2; /* \\quote1 */ | |
394 if (*src == quote2) escapes++; /* \quote2 */ | |
395 size++; | |
396 } | |
397 | |
398 return escapes+size+1; | |
399 } | |
400 | |
401 char * | |
402 NSSUTIL_DoubleEscape(const char *string, char quote1, char quote2) | |
403 { | |
404 char *round1 = NULL; | |
405 char *retValue = NULL; | |
406 if (string == NULL) { | |
407 goto done; | |
408 } | |
409 round1 = nssutil_escapeQuotes(string, quote1, PR_FALSE); | |
410 if (round1) { | |
411 retValue = nssutil_escapeQuotes(round1, quote2, PR_FALSE); | |
412 PORT_Free(round1); | |
413 } | |
414 | |
415 done: | |
416 if (retValue == NULL) { | |
417 retValue = PORT_Strdup(""); | |
418 } | |
419 return retValue; | |
420 } | |
421 | |
422 | |
423 /************************************************************************ | |
424 * These functions are used in contructing strings. | |
425 * NOTE: they will always return a string, but sometimes it will return | |
426 * a specific NULL string. These strings must be freed with util_freePair. | |
427 */ | |
428 | |
429 /* string to return on error... */ | |
430 static char *nssutil_nullString = ""; | |
431 | |
432 static char * | |
433 nssutil_formatValue(PLArenaPool *arena, char *value, char quote) | |
434 { | |
435 char *vp,*vp2,*retval; | |
436 int size = 0, escapes = 0; | |
437 | |
438 for (vp=value; *vp ;vp++) { | |
439 if ((*vp == quote) || (*vp == NSSUTIL_ARG_ESCAPE)) escapes++; | |
440 size++; | |
441 } | |
442 if (arena) { | |
443 retval = PORT_ArenaZAlloc(arena,size+escapes+1); | |
444 } else { | |
445 retval = PORT_ZAlloc(size+escapes+1); | |
446 } | |
447 if (retval == NULL) return NULL; | |
448 vp2 = retval; | |
449 for (vp=value; *vp; vp++) { | |
450 if ((*vp == quote) || (*vp == NSSUTIL_ARG_ESCAPE)) | |
451 *vp2++ = NSSUTIL_ARG_ESCAPE; | |
452 *vp2++ = *vp; | |
453 } | |
454 return retval; | |
455 } | |
456 | |
457 | |
458 static PRBool nssutil_argHasChar(char *v, char c) | |
459 { | |
460 for ( ;*v; v++) { | |
461 if (*v == c) return PR_TRUE; | |
462 } | |
463 return PR_FALSE; | |
464 } | |
465 | |
466 static PRBool nssutil_argHasBlanks(char *v) | |
467 { | |
468 for ( ;*v; v++) { | |
469 if (NSSUTIL_ArgIsBlank(*v)) return PR_TRUE; | |
470 } | |
471 return PR_FALSE; | |
472 } | |
473 | |
474 static char * | |
475 nssutil_formatPair(char *name, char *value, char quote) | |
476 { | |
477 char openQuote = quote; | |
478 char closeQuote = NSSUTIL_ArgGetPair(quote); | |
479 char *newValue = NULL; | |
480 char *returnValue; | |
481 PRBool need_quote = PR_FALSE; | |
482 | |
483 if (!value || (*value == 0)) return nssutil_nullString; | |
484 | |
485 if (nssutil_argHasBlanks(value) || NSSUTIL_ArgIsQuote(value[0])) | |
486 need_quote=PR_TRUE; | |
487 | |
488 if ((need_quote && nssutil_argHasChar(value,closeQuote)) | |
489 || nssutil_argHasChar(value,NSSUTIL_ARG_ESCAPE)) { | |
490 value = newValue = nssutil_formatValue(NULL, value,quote); | |
491 if (newValue == NULL) return nssutil_nullString; | |
492 } | |
493 if (need_quote) { | |
494 returnValue = PR_smprintf("%s=%c%s%c",name,openQuote,value,closeQuote); | |
495 } else { | |
496 returnValue = PR_smprintf("%s=%s",name,value); | |
497 } | |
498 if (returnValue == NULL) returnValue = nssutil_nullString; | |
499 | |
500 if (newValue) PORT_Free(newValue); | |
501 | |
502 return returnValue; | |
503 } | |
504 | |
505 static char *nssutil_formatIntPair(char *name, unsigned long value, | |
506 unsigned long def) | |
507 { | |
508 char *returnValue; | |
509 | |
510 if (value == def) return nssutil_nullString; | |
511 | |
512 returnValue = PR_smprintf("%s=%d",name,value); | |
513 | |
514 return returnValue; | |
515 } | |
516 | |
517 static void | |
518 nssutil_freePair(char *pair) | |
519 { | |
520 if (pair && pair != nssutil_nullString) { | |
521 PR_smprintf_free(pair); | |
522 } | |
523 } | |
524 | |
525 | |
526 /************************************************************************ | |
527 * Parse the Slot specific parameters in the NSS params. | |
528 */ | |
529 | |
530 struct nssutilArgSlotFlagTable { | |
531 char *name; | |
532 int len; | |
533 unsigned long value; | |
534 }; | |
535 | |
536 #define NSSUTIL_ARG_ENTRY(arg,flag) \ | |
537 { #arg , sizeof(#arg)-1, flag } | |
538 static struct nssutilArgSlotFlagTable nssutil_argSlotFlagTable[] = { | |
539 NSSUTIL_ARG_ENTRY(RSA,SECMOD_RSA_FLAG), | |
540 NSSUTIL_ARG_ENTRY(DSA,SECMOD_RSA_FLAG), | |
541 NSSUTIL_ARG_ENTRY(RC2,SECMOD_RC4_FLAG), | |
542 NSSUTIL_ARG_ENTRY(RC4,SECMOD_RC2_FLAG), | |
543 NSSUTIL_ARG_ENTRY(DES,SECMOD_DES_FLAG), | |
544 NSSUTIL_ARG_ENTRY(DH,SECMOD_DH_FLAG), | |
545 NSSUTIL_ARG_ENTRY(FORTEZZA,SECMOD_FORTEZZA_FLAG), | |
546 NSSUTIL_ARG_ENTRY(RC5,SECMOD_RC5_FLAG), | |
547 NSSUTIL_ARG_ENTRY(SHA1,SECMOD_SHA1_FLAG), | |
548 NSSUTIL_ARG_ENTRY(SHA256,SECMOD_SHA256_FLAG), | |
549 NSSUTIL_ARG_ENTRY(SHA512,SECMOD_SHA512_FLAG), | |
550 NSSUTIL_ARG_ENTRY(MD5,SECMOD_MD5_FLAG), | |
551 NSSUTIL_ARG_ENTRY(MD2,SECMOD_MD2_FLAG), | |
552 NSSUTIL_ARG_ENTRY(SSL,SECMOD_SSL_FLAG), | |
553 NSSUTIL_ARG_ENTRY(TLS,SECMOD_TLS_FLAG), | |
554 NSSUTIL_ARG_ENTRY(AES,SECMOD_AES_FLAG), | |
555 NSSUTIL_ARG_ENTRY(Camellia,SECMOD_CAMELLIA_FLAG), | |
556 NSSUTIL_ARG_ENTRY(SEED,SECMOD_SEED_FLAG), | |
557 NSSUTIL_ARG_ENTRY(PublicCerts,SECMOD_FRIENDLY_FLAG), | |
558 NSSUTIL_ARG_ENTRY(RANDOM,SECMOD_RANDOM_FLAG), | |
559 NSSUTIL_ARG_ENTRY(Disable, SECMOD_DISABLE_FLAG), | |
560 }; | |
561 | |
562 static int nssutil_argSlotFlagTableSize = | |
563 sizeof(nssutil_argSlotFlagTable)/sizeof(nssutil_argSlotFlagTable[0]); | |
564 | |
565 | |
566 /* turn the slot flags into a bit mask */ | |
567 unsigned long | |
568 NSSUTIL_ArgParseSlotFlags(const char *label, const char *params) | |
569 { | |
570 char *flags; | |
571 const char *index; | |
572 unsigned long retValue = 0; | |
573 int i; | |
574 PRBool all = PR_FALSE; | |
575 | |
576 flags = NSSUTIL_ArgGetParamValue(label,params); | |
577 if (flags == NULL) return 0; | |
578 | |
579 if (PORT_Strcasecmp(flags,"all") == 0) all = PR_TRUE; | |
580 | |
581 for (index=flags; *index; index=NSSUTIL_ArgNextFlag(index)) { | |
582 for (i=0; i < nssutil_argSlotFlagTableSize; i++) { | |
583 if (all || | |
584 (PORT_Strncasecmp(index, nssutil_argSlotFlagTable[i].name, | |
585 nssutil_argSlotFlagTable[i].len) == 0)) { | |
586 retValue |= nssutil_argSlotFlagTable[i].value; | |
587 } | |
588 } | |
589 } | |
590 PORT_Free(flags); | |
591 return retValue; | |
592 } | |
593 | |
594 | |
595 /* parse a single slot specific parameter */ | |
596 static void | |
597 nssutil_argDecodeSingleSlotInfo(char *name, char *params, | |
598 struct NSSUTILPreSlotInfoStr *slotInfo) | |
599 { | |
600 char *askpw; | |
601 | |
602 slotInfo->slotID=NSSUTIL_ArgDecodeNumber(name); | |
603 slotInfo->defaultFlags=NSSUTIL_ArgParseSlotFlags("slotFlags",params); | |
604 slotInfo->timeout=NSSUTIL_ArgReadLong("timeout",params, 0, NULL); | |
605 | |
606 askpw = NSSUTIL_ArgGetParamValue("askpw",params); | |
607 slotInfo->askpw = 0; | |
608 | |
609 if (askpw) { | |
610 if (PORT_Strcasecmp(askpw,"every") == 0) { | |
611 slotInfo->askpw = -1; | |
612 } else if (PORT_Strcasecmp(askpw,"timeout") == 0) { | |
613 slotInfo->askpw = 1; | |
614 } | |
615 PORT_Free(askpw); | |
616 slotInfo->defaultFlags |= PK11_OWN_PW_DEFAULTS; | |
617 } | |
618 slotInfo->hasRootCerts = NSSUTIL_ArgHasFlag("rootFlags", "hasRootCerts", | |
619 params); | |
620 slotInfo->hasRootTrust = NSSUTIL_ArgHasFlag("rootFlags", "hasRootTrust", | |
621 params); | |
622 } | |
623 | |
624 /* parse all the slot specific parameters. */ | |
625 struct NSSUTILPreSlotInfoStr * | |
626 NSSUTIL_ArgParseSlotInfo(PLArenaPool *arena, const char *slotParams, | |
627 int *retCount) | |
628 { | |
629 const char *slotIndex; | |
630 struct NSSUTILPreSlotInfoStr *slotInfo = NULL; | |
631 int i=0,count = 0,next; | |
632 | |
633 *retCount = 0; | |
634 if ((slotParams == NULL) || (*slotParams == 0)) return NULL; | |
635 | |
636 /* first count the number of slots */ | |
637 for (slotIndex = NSSUTIL_ArgStrip(slotParams); *slotIndex; | |
638 slotIndex = NSSUTIL_ArgStrip(NSSUTIL_ArgSkipParameter(slotIndex))) { | |
639 count++; | |
640 } | |
641 | |
642 /* get the data structures */ | |
643 if (arena) { | |
644 slotInfo = PORT_ArenaZNewArray(arena, | |
645 struct NSSUTILPreSlotInfoStr, count); | |
646 } else { | |
647 slotInfo = PORT_ZNewArray(struct NSSUTILPreSlotInfoStr, count); | |
648 } | |
649 if (slotInfo == NULL) return NULL; | |
650 | |
651 for (slotIndex = NSSUTIL_ArgStrip(slotParams), i = 0; | |
652 *slotIndex && i < count ; ) { | |
653 char *name; | |
654 name = NSSUTIL_ArgGetLabel(slotIndex,&next); | |
655 slotIndex += next; | |
656 | |
657 if (!NSSUTIL_ArgIsBlank(*slotIndex)) { | |
658 char *args = NSSUTIL_ArgFetchValue(slotIndex,&next); | |
659 slotIndex += next; | |
660 if (args) { | |
661 nssutil_argDecodeSingleSlotInfo(name,args,&slotInfo[i]); | |
662 i++; | |
663 PORT_Free(args); | |
664 } | |
665 } | |
666 if (name) PORT_Free(name); | |
667 slotIndex = NSSUTIL_ArgStrip(slotIndex); | |
668 } | |
669 *retCount = i; | |
670 return slotInfo; | |
671 } | |
672 | |
673 /************************************************************************ | |
674 * make a new slot specific parameter | |
675 */ | |
676 /* first make the slot flags */ | |
677 static char * | |
678 nssutil_mkSlotFlags(unsigned long defaultFlags) | |
679 { | |
680 char *flags=NULL; | |
681 unsigned int i; | |
682 int j; | |
683 | |
684 for (i=0; i < sizeof(defaultFlags)*8; i++) { | |
685 if (defaultFlags & (1UL <<i)) { | |
686 char *string = NULL; | |
687 | |
688 for (j=0; j < nssutil_argSlotFlagTableSize; j++) { | |
689 if (nssutil_argSlotFlagTable[j].value == ( 1UL << i )) { | |
690 string = nssutil_argSlotFlagTable[j].name; | |
691 break; | |
692 } | |
693 } | |
694 if (string) { | |
695 if (flags) { | |
696 char *tmp; | |
697 tmp = PR_smprintf("%s,%s",flags,string); | |
698 PR_smprintf_free(flags); | |
699 flags = tmp; | |
700 } else { | |
701 flags = PR_smprintf("%s",string); | |
702 } | |
703 } | |
704 } | |
705 } | |
706 | |
707 return flags; | |
708 } | |
709 | |
710 /* now make the root flags */ | |
711 #define NSSUTIL_MAX_ROOT_FLAG_SIZE sizeof("hasRootCerts")+sizeof("hasRootTrust"
) | |
712 static char * | |
713 nssutil_mkRootFlags(PRBool hasRootCerts, PRBool hasRootTrust) | |
714 { | |
715 char *flags= (char *)PORT_ZAlloc(NSSUTIL_MAX_ROOT_FLAG_SIZE); | |
716 PRBool first = PR_TRUE; | |
717 | |
718 PORT_Memset(flags,0,NSSUTIL_MAX_ROOT_FLAG_SIZE); | |
719 if (hasRootCerts) { | |
720 PORT_Strcat(flags,"hasRootCerts"); | |
721 first = PR_FALSE; | |
722 } | |
723 if (hasRootTrust) { | |
724 if (!first) PORT_Strcat(flags,","); | |
725 PORT_Strcat(flags,"hasRootTrust"); | |
726 first = PR_FALSE; | |
727 } | |
728 return flags; | |
729 } | |
730 | |
731 /* now make a full slot string */ | |
732 char * | |
733 NSSUTIL_MkSlotString(unsigned long slotID, unsigned long defaultFlags, | |
734 unsigned long timeout, unsigned char askpw_in, | |
735 PRBool hasRootCerts, PRBool hasRootTrust) { | |
736 char *askpw,*flags,*rootFlags,*slotString; | |
737 char *flagPair,*rootFlagsPair; | |
738 | |
739 switch (askpw_in) { | |
740 case 0xff: | |
741 askpw = "every"; | |
742 break; | |
743 case 1: | |
744 askpw = "timeout"; | |
745 break; | |
746 default: | |
747 askpw = "any"; | |
748 break; | |
749 } | |
750 flags = nssutil_mkSlotFlags(defaultFlags); | |
751 rootFlags = nssutil_mkRootFlags(hasRootCerts,hasRootTrust); | |
752 flagPair = nssutil_formatPair("slotFlags",flags,'\''); | |
753 rootFlagsPair = nssutil_formatPair("rootFlags",rootFlags,'\''); | |
754 if (flags) PR_smprintf_free(flags); | |
755 if (rootFlags) PORT_Free(rootFlags); | |
756 if (defaultFlags & PK11_OWN_PW_DEFAULTS) { | |
757 slotString = PR_smprintf("0x%08lx=[%s askpw=%s timeout=%d %s]", | |
758 (PRUint32)slotID,flagPair,askpw,timeout, | |
759 rootFlagsPair); | |
760 } else { | |
761 slotString = PR_smprintf("0x%08lx=[%s %s]", | |
762 (PRUint32)slotID,flagPair,rootFlagsPair); | |
763 } | |
764 nssutil_freePair(flagPair); | |
765 nssutil_freePair(rootFlagsPair); | |
766 return slotString; | |
767 } | |
768 | |
769 | |
770 /************************************************************************ | |
771 * Parse Full module specs into: library, commonName, module parameters, | |
772 * and NSS specifi parameters. | |
773 */ | |
774 SECStatus | |
775 NSSUTIL_ArgParseModuleSpecEx(const char *modulespec, char **lib, char **mod, | |
776 char **parameters, char **nss, | |
777 char **config) | |
778 { | |
779 int next; | |
780 modulespec = NSSUTIL_ArgStrip(modulespec); | |
781 | |
782 *lib = *mod = *parameters = *nss = *config = 0; | |
783 | |
784 while (*modulespec) { | |
785 NSSUTIL_HANDLE_STRING_ARG(modulespec,*lib,"library=",;) | |
786 NSSUTIL_HANDLE_STRING_ARG(modulespec,*mod,"name=",;) | |
787 NSSUTIL_HANDLE_STRING_ARG(modulespec,*parameters,"parameters=",;) | |
788 NSSUTIL_HANDLE_STRING_ARG(modulespec,*nss,"nss=",;) | |
789 NSSUTIL_HANDLE_STRING_ARG(modulespec,*config,"config=",;) | |
790 NSSUTIL_HANDLE_FINAL_ARG(modulespec) | |
791 } | |
792 return SECSuccess; | |
793 } | |
794 | |
795 /************************************************************************ | |
796 * Parse Full module specs into: library, commonName, module parameters, | |
797 * and NSS specifi parameters. | |
798 */ | |
799 SECStatus | |
800 NSSUTIL_ArgParseModuleSpec(const char *modulespec, char **lib, char **mod, | |
801 char **parameters, char **nss) | |
802 { | |
803 int next; | |
804 modulespec = NSSUTIL_ArgStrip(modulespec); | |
805 | |
806 *lib = *mod = *parameters = *nss = 0; | |
807 | |
808 while (*modulespec) { | |
809 NSSUTIL_HANDLE_STRING_ARG(modulespec,*lib,"library=",;) | |
810 NSSUTIL_HANDLE_STRING_ARG(modulespec,*mod,"name=",;) | |
811 NSSUTIL_HANDLE_STRING_ARG(modulespec,*parameters,"parameters=",;) | |
812 NSSUTIL_HANDLE_STRING_ARG(modulespec,*nss,"nss=",;) | |
813 NSSUTIL_HANDLE_FINAL_ARG(modulespec) | |
814 } | |
815 return SECSuccess; | |
816 } | |
817 | |
818 /************************************************************************ | |
819 * make a new module spec from it's components */ | |
820 char * | |
821 NSSUTIL_MkModuleSpecEx(char *dllName, char *commonName, char *parameters, | |
822 char *NSS, | |
823 char *config) | |
824 { | |
825 char *moduleSpec; | |
826 char *lib,*name,*param,*nss,*conf; | |
827 | |
828 /* | |
829 * now the final spec | |
830 */ | |
831 lib = nssutil_formatPair("library",dllName,'\"'); | |
832 name = nssutil_formatPair("name",commonName,'\"'); | |
833 param = nssutil_formatPair("parameters",parameters,'\"'); | |
834 nss = nssutil_formatPair("NSS",NSS,'\"'); | |
835 if (config) { | |
836 conf = nssutil_formatPair("config",config,'\"'); | |
837 moduleSpec = PR_smprintf("%s %s %s %s %s", lib,name,param,nss,conf); | |
838 nssutil_freePair(conf); | |
839 } else { | |
840 moduleSpec = PR_smprintf("%s %s %s %s", lib,name,param,nss); | |
841 } | |
842 nssutil_freePair(lib); | |
843 nssutil_freePair(name); | |
844 nssutil_freePair(param); | |
845 nssutil_freePair(nss); | |
846 return (moduleSpec); | |
847 } | |
848 | |
849 /************************************************************************ | |
850 * make a new module spec from it's components */ | |
851 char * | |
852 NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters, | |
853 char *NSS) | |
854 { | |
855 return NSSUTIL_MkModuleSpecEx(dllName, commonName, parameters, NSS, NULL); | |
856 } | |
857 | |
858 | |
859 #define NSSUTIL_ARG_FORTEZZA_FLAG "FORTEZZA" | |
860 /****************************************************************************** | |
861 * Parse the cipher flags from the NSS parameter | |
862 */ | |
863 void | |
864 NSSUTIL_ArgParseCipherFlags(unsigned long *newCiphers, const char *cipherList) | |
865 { | |
866 newCiphers[0] = newCiphers[1] = 0; | |
867 if ((cipherList == NULL) || (*cipherList == 0)) return; | |
868 | |
869 for (;*cipherList; cipherList=NSSUTIL_ArgNextFlag(cipherList)) { | |
870 if (PORT_Strncasecmp(cipherList,NSSUTIL_ARG_FORTEZZA_FLAG, | |
871 sizeof(NSSUTIL_ARG_FORTEZZA_FLAG)-1) == 0) { | |
872 newCiphers[0] |= SECMOD_FORTEZZA_FLAG; | |
873 } | |
874 | |
875 /* add additional flags here as necessary */ | |
876 /* direct bit mapping escape */ | |
877 if (*cipherList == 0) { | |
878 if (cipherList[1] == 'l') { | |
879 newCiphers[1] |= atoi(&cipherList[2]); | |
880 } else { | |
881 newCiphers[0] |= atoi(&cipherList[2]); | |
882 } | |
883 } | |
884 } | |
885 } | |
886 | |
887 | |
888 /********************************************************************* | |
889 * make NSS parameter... | |
890 */ | |
891 /* First make NSS specific flags */ | |
892 #define MAX_FLAG_SIZE sizeof("internal")+sizeof("FIPS")+sizeof("moduleDB")+\ | |
893 sizeof("moduleDBOnly")+sizeof("critical") | |
894 static char * | |
895 nssutil_mkNSSFlags(PRBool internal, PRBool isFIPS, | |
896 PRBool isModuleDB, PRBool isModuleDBOnly, PRBool isCritical) | |
897 { | |
898 char *flags = (char *)PORT_ZAlloc(MAX_FLAG_SIZE); | |
899 PRBool first = PR_TRUE; | |
900 | |
901 PORT_Memset(flags,0,MAX_FLAG_SIZE); | |
902 if (internal) { | |
903 PORT_Strcat(flags,"internal"); | |
904 first = PR_FALSE; | |
905 } | |
906 if (isFIPS) { | |
907 if (!first) PORT_Strcat(flags,","); | |
908 PORT_Strcat(flags,"FIPS"); | |
909 first = PR_FALSE; | |
910 } | |
911 if (isModuleDB) { | |
912 if (!first) PORT_Strcat(flags,","); | |
913 PORT_Strcat(flags,"moduleDB"); | |
914 first = PR_FALSE; | |
915 } | |
916 if (isModuleDBOnly) { | |
917 if (!first) PORT_Strcat(flags,","); | |
918 PORT_Strcat(flags,"moduleDBOnly"); | |
919 first = PR_FALSE; | |
920 } | |
921 if (isCritical) { | |
922 if (!first) PORT_Strcat(flags,","); | |
923 PORT_Strcat(flags,"critical"); | |
924 first = PR_FALSE; | |
925 } | |
926 return flags; | |
927 } | |
928 | |
929 | |
930 /* construct the NSS cipher flags */ | |
931 static char * | |
932 nssutil_mkCipherFlags(unsigned long ssl0, unsigned long ssl1) | |
933 { | |
934 char *cipher = NULL; | |
935 unsigned int i; | |
936 | |
937 for (i=0; i < sizeof(ssl0)*8; i++) { | |
938 if (ssl0 & (1UL <<i)) { | |
939 char *string; | |
940 if ((1UL <<i) == SECMOD_FORTEZZA_FLAG) { | |
941 string = PR_smprintf("%s",NSSUTIL_ARG_FORTEZZA_FLAG); | |
942 } else { | |
943 string = PR_smprintf("0h0x%08lx", 1UL <<i); | |
944 } | |
945 if (cipher) { | |
946 char *tmp; | |
947 tmp = PR_smprintf("%s,%s",cipher,string); | |
948 PR_smprintf_free(cipher); | |
949 PR_smprintf_free(string); | |
950 cipher = tmp; | |
951 } else { | |
952 cipher = string; | |
953 } | |
954 } | |
955 } | |
956 for (i=0; i < sizeof(ssl0)*8; i++) { | |
957 if (ssl1 & (1UL <<i)) { | |
958 if (cipher) { | |
959 char *tmp; | |
960 tmp = PR_smprintf("%s,0l0x%08lx",cipher, 1UL <<i); | |
961 PR_smprintf_free(cipher); | |
962 cipher = tmp; | |
963 } else { | |
964 cipher = PR_smprintf("0l0x%08lx", 1UL <<i); | |
965 } | |
966 } | |
967 } | |
968 | |
969 return cipher; | |
970 } | |
971 | |
972 /* Assemble a full NSS string. */ | |
973 char * | |
974 NSSUTIL_MkNSSString(char **slotStrings, int slotCount, PRBool internal, | |
975 PRBool isFIPS, PRBool isModuleDB, PRBool isModuleDBOnly, | |
976 PRBool isCritical, unsigned long trustOrder, | |
977 unsigned long cipherOrder, unsigned long ssl0, unsigned long ssl1) | |
978 { | |
979 int slotLen, i; | |
980 char *slotParams, *ciphers, *nss, *nssFlags; | |
981 const char *tmp; | |
982 char *trustOrderPair,*cipherOrderPair,*slotPair,*cipherPair,*flagPair; | |
983 | |
984 | |
985 /* now let's build up the string | |
986 * first the slot infos | |
987 */ | |
988 slotLen=0; | |
989 for (i=0; i < (int)slotCount; i++) { | |
990 slotLen += PORT_Strlen(slotStrings[i])+1; | |
991 } | |
992 slotLen += 1; /* space for the final NULL */ | |
993 | |
994 slotParams = (char *)PORT_ZAlloc(slotLen); | |
995 PORT_Memset(slotParams,0,slotLen); | |
996 for (i=0; i < (int)slotCount; i++) { | |
997 PORT_Strcat(slotParams,slotStrings[i]); | |
998 PORT_Strcat(slotParams," "); | |
999 PR_smprintf_free(slotStrings[i]); | |
1000 slotStrings[i]=NULL; | |
1001 } | |
1002 | |
1003 /* | |
1004 * now the NSS structure | |
1005 */ | |
1006 nssFlags = nssutil_mkNSSFlags(internal,isFIPS,isModuleDB,isModuleDBOnly, | |
1007 isCritical); | |
1008 /* for now only the internal module is critical */ | |
1009 ciphers = nssutil_mkCipherFlags(ssl0, ssl1); | |
1010 | |
1011 trustOrderPair = nssutil_formatIntPair("trustOrder",trustOrder, | |
1012 NSSUTIL_DEFAULT_TRUST_ORDER); | |
1013 cipherOrderPair = nssutil_formatIntPair("cipherOrder",cipherOrder, | |
1014 NSSUTIL_DEFAULT_CIPHER_ORDER); | |
1015 slotPair=nssutil_formatPair("slotParams",slotParams,'{'); /* } */ | |
1016 if (slotParams) PORT_Free(slotParams); | |
1017 cipherPair=nssutil_formatPair("ciphers",ciphers,'\''); | |
1018 if (ciphers) PR_smprintf_free(ciphers); | |
1019 flagPair=nssutil_formatPair("Flags",nssFlags,'\''); | |
1020 if (nssFlags) PORT_Free(nssFlags); | |
1021 nss = PR_smprintf("%s %s %s %s %s",trustOrderPair, | |
1022 cipherOrderPair,slotPair,cipherPair,flagPair); | |
1023 nssutil_freePair(trustOrderPair); | |
1024 nssutil_freePair(cipherOrderPair); | |
1025 nssutil_freePair(slotPair); | |
1026 nssutil_freePair(cipherPair); | |
1027 nssutil_freePair(flagPair); | |
1028 tmp = NSSUTIL_ArgStrip(nss); | |
1029 if (*tmp == '\0') { | |
1030 PR_smprintf_free(nss); | |
1031 nss = NULL; | |
1032 } | |
1033 return nss; | |
1034 } | |
1035 | |
1036 /***************************************************************************** | |
1037 * | |
1038 * Private calls for use by softoken and utilmod.c | |
1039 */ | |
1040 | |
1041 #define SQLDB "sql:" | |
1042 #define EXTERNDB "extern:" | |
1043 #define LEGACY "dbm:" | |
1044 #define MULTIACCESS "multiaccess:" | |
1045 #define SECMOD_DB "secmod.db" | |
1046 const char * | |
1047 _NSSUTIL_EvaluateConfigDir(const char *configdir, | |
1048 NSSDBType *pdbType, char **appName) | |
1049 { | |
1050 NSSDBType dbType; | |
1051 *appName = NULL; | |
1052 /* force the default */ | |
1053 #ifdef NSS_DISABLE_DBM | |
1054 dbType = NSS_DB_TYPE_SQL; | |
1055 #else | |
1056 dbType = NSS_DB_TYPE_LEGACY; | |
1057 #endif | |
1058 if (PORT_Strncmp(configdir, MULTIACCESS, sizeof(MULTIACCESS)-1) == 0) { | |
1059 char *cdir; | |
1060 dbType = NSS_DB_TYPE_MULTIACCESS; | |
1061 | |
1062 *appName = PORT_Strdup(configdir+sizeof(MULTIACCESS)-1); | |
1063 if (*appName == NULL) { | |
1064 return configdir; | |
1065 } | |
1066 cdir = *appName; | |
1067 while (*cdir && *cdir != ':') { | |
1068 cdir++; | |
1069 } | |
1070 if (*cdir == ':') { | |
1071 *cdir = 0; | |
1072 cdir++; | |
1073 } | |
1074 configdir = cdir; | |
1075 } else if (PORT_Strncmp(configdir, SQLDB, sizeof(SQLDB)-1) == 0) { | |
1076 dbType = NSS_DB_TYPE_SQL; | |
1077 configdir = configdir + sizeof(SQLDB) -1; | |
1078 } else if (PORT_Strncmp(configdir, EXTERNDB, sizeof(EXTERNDB)-1) == 0) { | |
1079 dbType = NSS_DB_TYPE_EXTERN; | |
1080 configdir = configdir + sizeof(EXTERNDB) -1; | |
1081 } else if (PORT_Strncmp(configdir, LEGACY, sizeof(LEGACY)-1) == 0) { | |
1082 dbType = NSS_DB_TYPE_LEGACY; | |
1083 configdir = configdir + sizeof(LEGACY) -1; | |
1084 } else { | |
1085 /* look up the default from the environment */ | |
1086 char *defaultType = PR_GetEnvSecure("NSS_DEFAULT_DB_TYPE"); | |
1087 if (defaultType != NULL) { | |
1088 if (PORT_Strncmp(defaultType, SQLDB, sizeof(SQLDB)-2) == 0) { | |
1089 dbType = NSS_DB_TYPE_SQL; | |
1090 } else if (PORT_Strncmp(defaultType,EXTERNDB,sizeof(EXTERNDB)-2)==0)
{ | |
1091 dbType = NSS_DB_TYPE_EXTERN; | |
1092 } else if (PORT_Strncmp(defaultType, LEGACY, sizeof(LEGACY)-2) == 0)
{ | |
1093 dbType = NSS_DB_TYPE_LEGACY; | |
1094 } | |
1095 } | |
1096 } | |
1097 /* if the caller has already set a type, don't change it */ | |
1098 if (*pdbType == NSS_DB_TYPE_NONE) { | |
1099 *pdbType = dbType; | |
1100 } | |
1101 return configdir; | |
1102 } | |
1103 | |
1104 char * | |
1105 _NSSUTIL_GetSecmodName(const char *param, NSSDBType *dbType, char **appName, | |
1106 char **filename, PRBool *rw) | |
1107 { | |
1108 int next; | |
1109 char *configdir = NULL; | |
1110 char *secmodName = NULL; | |
1111 char *value = NULL; | |
1112 const char *save_params = param; | |
1113 const char *lconfigdir; | |
1114 PRBool noModDB = PR_FALSE; | |
1115 param = NSSUTIL_ArgStrip(param); | |
1116 | |
1117 while (*param) { | |
1118 NSSUTIL_HANDLE_STRING_ARG(param,configdir,"configDir=",;) | |
1119 NSSUTIL_HANDLE_STRING_ARG(param,secmodName,"secmod=",;) | |
1120 NSSUTIL_HANDLE_FINAL_ARG(param) | |
1121 } | |
1122 | |
1123 *rw = PR_TRUE; | |
1124 if (NSSUTIL_ArgHasFlag("flags","readOnly",save_params)) { | |
1125 *rw = PR_FALSE; | |
1126 } | |
1127 | |
1128 if (!secmodName || *secmodName == '\0') { | |
1129 if (secmodName) PORT_Free(secmodName); | |
1130 secmodName = PORT_Strdup(SECMOD_DB); | |
1131 } | |
1132 | |
1133 *filename = secmodName; | |
1134 lconfigdir = _NSSUTIL_EvaluateConfigDir(configdir, dbType, appName); | |
1135 | |
1136 if (NSSUTIL_ArgHasFlag("flags","noModDB",save_params)) { | |
1137 /* there isn't a module db, don't load the legacy support */ | |
1138 noModDB = PR_TRUE; | |
1139 *dbType = NSS_DB_TYPE_SQL; | |
1140 PORT_Free(*filename); | |
1141 *filename = NULL; | |
1142 *rw = PR_FALSE; | |
1143 } | |
1144 | |
1145 /* only use the renamed secmod for legacy databases */ | |
1146 if ((*dbType != NSS_DB_TYPE_LEGACY) && | |
1147 (*dbType != NSS_DB_TYPE_MULTIACCESS)) { | |
1148 secmodName="pkcs11.txt"; | |
1149 } | |
1150 | |
1151 if (noModDB) { | |
1152 value = NULL; | |
1153 } else if (lconfigdir && lconfigdir[0] != '\0') { | |
1154 value = PR_smprintf("%s" NSSUTIL_PATH_SEPARATOR "%s", | |
1155 lconfigdir,secmodName); | |
1156 } else { | |
1157 value = PR_smprintf("%s",secmodName); | |
1158 } | |
1159 if (configdir) PORT_Free(configdir); | |
1160 return value; | |
1161 } | |
1162 | |
1163 | |
OLD | NEW |