Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(659)

Unified Diff: nss/lib/softoken/sdb.c

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master
Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « nss/lib/softoken/sdb.h ('k') | nss/lib/softoken/sftkdb.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: nss/lib/softoken/sdb.c
diff --git a/nss/lib/softoken/sdb.c b/nss/lib/softoken/sdb.c
deleted file mode 100644
index 36bdcc132f05b4022a6ad3e97aca305ab609db10..0000000000000000000000000000000000000000
--- a/nss/lib/softoken/sdb.c
+++ /dev/null
@@ -1,2087 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/*
- * This file implements PKCS 11 on top of our existing security modules
- *
- * For more information about PKCS 11 See PKCS 11 Token Inteface Standard.
- * This implementation has two slots:
- * slot 1 is our generic crypto support. It does not require login.
- * It supports Public Key ops, and all they bulk ciphers and hashes.
- * It can also support Private Key ops for imported Private keys. It does
- * not have any token storage.
- * slot 2 is our private key support. It requires a login before use. It
- * can store Private Keys and Certs as token objects. Currently only private
- * keys and their associated Certificates are saved on the token.
- *
- * In this implementation, session objects are only visible to the session
- * that created or generated them.
- */
-
-#include "sdb.h"
-#include "pkcs11t.h"
-#include "seccomon.h"
-#include <sqlite3.h>
-#include "prthread.h"
-#include "prio.h"
-#include <stdio.h>
-#include "secport.h"
-#include "prmon.h"
-#include "prenv.h"
-#include "prprf.h"
-#include "prsystem.h" /* for PR_GetDirectorySeparator() */
-#include <sys/stat.h>
-#if defined(_WIN32)
-#include <io.h>
-#include <windows.h>
-#elif defined(XP_UNIX)
-#include <unistd.h>
-#endif
-
-#ifdef SQLITE_UNSAFE_THREADS
-#include "prlock.h"
-/*
- * SQLite can be compiled to be thread safe or not.
- * turn on SQLITE_UNSAFE_THREADS if the OS does not support
- * a thread safe version of sqlite.
- */
-static PRLock *sqlite_lock = NULL;
-
-#define LOCK_SQLITE() PR_Lock(sqlite_lock);
-#define UNLOCK_SQLITE() PR_Unlock(sqlite_lock);
-#else
-#define LOCK_SQLITE()
-#define UNLOCK_SQLITE()
-#endif
-
-typedef enum {
- SDB_CERT = 1,
- SDB_KEY = 2
-} sdbDataType;
-
-/*
- * defines controlling how long we wait to acquire locks.
- *
- * SDB_SQLITE_BUSY_TIMEOUT specifies how long (in milliseconds)
- * sqlite will wait on lock. If that timeout expires, sqlite will
- * return SQLITE_BUSY.
- * SDB_BUSY_RETRY_TIME specifies how many seconds the sdb_ code waits
- * after receiving a busy before retrying.
- * SDB_MAX_BUSY_RETRIES specifies how many times the sdb_ will retry on
- * a busy condition.
- *
- * SDB_SQLITE_BUSY_TIMEOUT affects all opertions, both manual
- * (prepare/step/reset/finalize) and automatic (sqlite3_exec()).
- * SDB_BUSY_RETRY_TIME and SDB_MAX_BUSY_RETRIES only affect manual operations
- *
- * total wait time for automatic operations:
- * 1 second (SDB_SQLITE_BUSY_TIMEOUT/1000).
- * total wait time for manual operations:
- * (1 second + 5 seconds) * 10 = 60 seconds.
- * (SDB_SQLITE_BUSY_TIMEOUT/1000 + SDB_BUSY_RETRY_TIME)*SDB_MAX_BUSY_RETRIES
- */
-#define SDB_SQLITE_BUSY_TIMEOUT 1000 /* milliseconds */
-#define SDB_BUSY_RETRY_TIME 5 /* seconds */
-#define SDB_MAX_BUSY_RETRIES 10
-
-/*
- * Note on use of sqlReadDB: Only one thread at a time may have an actual
- * operation going on given sqlite3 * database. An operation is defined as
- * the time from a sqlite3_prepare() until the sqlite3_finalize().
- * Multiple sqlite3 * databases can be open and have simultaneous operations
- * going. We use the sqlXactDB for all write operations. This database
- * is only opened when we first create a transaction and closed when the
- * transaction is complete. sqlReadDB is open when we first opened the database
- * and is used for all read operation. It's use is protected by a monitor. This
- * is because an operation can span the use of FindObjectsInit() through the
- * call to FindObjectsFinal(). In the intermediate time it is possible to call
- * other operations like NSC_GetAttributeValue */
-
-struct SDBPrivateStr {
- char *sqlDBName; /* invariant, path to this database */
- sqlite3 *sqlXactDB; /* access protected by dbMon, use protected
- * by the transaction. Current transaction db*/
- PRThread *sqlXactThread; /* protected by dbMon,
- * current transaction thread */
- sqlite3 *sqlReadDB; /* use protected by dbMon, value invariant */
- PRIntervalTime lastUpdateTime; /* last time the cache was updated */
- PRIntervalTime updateInterval; /* how long the cache can go before it
- * must be updated again */
- sdbDataType type; /* invariant, database type */
- char *table; /* invariant, SQL table which contains the db */
- char *cacheTable; /* invariant, SQL table cache of db */
- PRMonitor *dbMon; /* invariant, monitor to protect
- * sqlXact* fields, and use of the sqlReadDB */
-};
-
-typedef struct SDBPrivateStr SDBPrivate;
-
-/*
- * known attributes
- */
-static const CK_ATTRIBUTE_TYPE known_attributes[] = {
- CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_LABEL, CKA_APPLICATION,
- CKA_VALUE, CKA_OBJECT_ID, CKA_CERTIFICATE_TYPE, CKA_ISSUER,
- CKA_SERIAL_NUMBER, CKA_AC_ISSUER, CKA_OWNER, CKA_ATTR_TYPES, CKA_TRUSTED,
- CKA_CERTIFICATE_CATEGORY, CKA_JAVA_MIDP_SECURITY_DOMAIN, CKA_URL,
- CKA_HASH_OF_SUBJECT_PUBLIC_KEY, CKA_HASH_OF_ISSUER_PUBLIC_KEY,
- CKA_CHECK_VALUE, CKA_KEY_TYPE, CKA_SUBJECT, CKA_ID, CKA_SENSITIVE,
- CKA_ENCRYPT, CKA_DECRYPT, CKA_WRAP, CKA_UNWRAP, CKA_SIGN, CKA_SIGN_RECOVER,
- CKA_VERIFY, CKA_VERIFY_RECOVER, CKA_DERIVE, CKA_START_DATE, CKA_END_DATE,
- CKA_MODULUS, CKA_MODULUS_BITS, CKA_PUBLIC_EXPONENT, CKA_PRIVATE_EXPONENT,
- CKA_PRIME_1, CKA_PRIME_2, CKA_EXPONENT_1, CKA_EXPONENT_2, CKA_COEFFICIENT,
- CKA_PRIME, CKA_SUBPRIME, CKA_BASE, CKA_PRIME_BITS,
- CKA_SUB_PRIME_BITS, CKA_VALUE_BITS, CKA_VALUE_LEN, CKA_EXTRACTABLE,
- CKA_LOCAL, CKA_NEVER_EXTRACTABLE, CKA_ALWAYS_SENSITIVE,
- CKA_KEY_GEN_MECHANISM, CKA_MODIFIABLE, CKA_EC_PARAMS,
- CKA_EC_POINT, CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
- CKA_ALWAYS_AUTHENTICATE, CKA_WRAP_WITH_TRUSTED, CKA_WRAP_TEMPLATE,
- CKA_UNWRAP_TEMPLATE, CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT,
- CKA_HAS_RESET, CKA_PIXEL_X, CKA_PIXEL_Y, CKA_RESOLUTION, CKA_CHAR_ROWS,
- CKA_CHAR_COLUMNS, CKA_COLOR, CKA_BITS_PER_PIXEL, CKA_CHAR_SETS,
- CKA_ENCODING_METHODS, CKA_MIME_TYPES, CKA_MECHANISM_TYPE,
- CKA_REQUIRED_CMS_ATTRIBUTES, CKA_DEFAULT_CMS_ATTRIBUTES,
- CKA_SUPPORTED_CMS_ATTRIBUTES, CKA_NETSCAPE_URL, CKA_NETSCAPE_EMAIL,
- CKA_NETSCAPE_SMIME_INFO, CKA_NETSCAPE_SMIME_TIMESTAMP,
- CKA_NETSCAPE_PKCS8_SALT, CKA_NETSCAPE_PASSWORD_CHECK, CKA_NETSCAPE_EXPIRES,
- CKA_NETSCAPE_KRL, CKA_NETSCAPE_PQG_COUNTER, CKA_NETSCAPE_PQG_SEED,
- CKA_NETSCAPE_PQG_H, CKA_NETSCAPE_PQG_SEED_BITS, CKA_NETSCAPE_MODULE_SPEC,
- CKA_TRUST_DIGITAL_SIGNATURE, CKA_TRUST_NON_REPUDIATION,
- CKA_TRUST_KEY_ENCIPHERMENT, CKA_TRUST_DATA_ENCIPHERMENT,
- CKA_TRUST_KEY_AGREEMENT, CKA_TRUST_KEY_CERT_SIGN, CKA_TRUST_CRL_SIGN,
- CKA_TRUST_SERVER_AUTH, CKA_TRUST_CLIENT_AUTH, CKA_TRUST_CODE_SIGNING,
- CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_IPSEC_END_SYSTEM,
- CKA_TRUST_IPSEC_TUNNEL, CKA_TRUST_IPSEC_USER, CKA_TRUST_TIME_STAMPING,
- CKA_TRUST_STEP_UP_APPROVED, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH,
- CKA_NETSCAPE_DB, CKA_NETSCAPE_TRUST, CKA_NSS_OVERRIDE_EXTENSIONS
-};
-
-static int known_attributes_size= sizeof(known_attributes)/
- sizeof(known_attributes[0]);
-
-/* Magic for an explicit NULL. NOTE: ideally this should be
- * out of band data. Since it's not completely out of band, pick
- * a value that has no meaning to any existing PKCS #11 attributes.
- * This value is 1) not a valid string (imbedded '\0'). 2) not a U_LONG
- * or a normal key (too short). 3) not a bool (too long). 4) not an RSA
- * public exponent (too many bits).
- */
-const unsigned char SQLITE_EXPLICIT_NULL[] = { 0xa5, 0x0, 0x5a };
-#define SQLITE_EXPLICIT_NULL_LEN 3
-
-/*
- * determine when we've completed our tasks
- */
-static int
-sdb_done(int err, int *count)
-{
- /* allow as many rows as the database wants to give */
- if (err == SQLITE_ROW) {
- *count = 0;
- return 0;
- }
- if (err != SQLITE_BUSY) {
- return 1;
- }
- /* err == SQLITE_BUSY, Dont' retry forever in this case */
- if (++(*count) >= SDB_MAX_BUSY_RETRIES) {
- return 1;
- }
- return 0;
-}
-
-/*
- * find out where sqlite stores the temp tables. We do this by replicating
- * the logic from sqlite.
- */
-#if defined(_WIN32)
-static char *
-sdb_getFallbackTempDir(void)
-{
- /* sqlite uses sqlite3_temp_directory if it is not NULL. We don't have
- * access to sqlite3_temp_directory because it is not exported from
- * sqlite3.dll. Assume sqlite3_win32_set_directory isn't called and
- * sqlite3_temp_directory is NULL.
- */
- char path[MAX_PATH];
- DWORD rv;
- size_t len;
-
- rv = GetTempPathA(MAX_PATH, path);
- if (rv > MAX_PATH || rv == 0)
- return NULL;
- len = strlen(path);
- if (len == 0)
- return NULL;
- /* The returned string ends with a backslash, for example, "C:\TEMP\". */
- if (path[len - 1] == '\\')
- path[len - 1] = '\0';
- return PORT_Strdup(path);
-}
-#elif defined(XP_UNIX)
-static char *
-sdb_getFallbackTempDir(void)
-{
- const char *azDirs[] = {
- NULL,
- NULL,
- "/var/tmp",
- "/usr/tmp",
- "/tmp",
- NULL /* List terminator */
- };
- unsigned int i;
- struct stat buf;
- const char *zDir = NULL;
-
- azDirs[0] = sqlite3_temp_directory;
- azDirs[1] = PR_GetEnvSecure("TMPDIR");
-
- for (i = 0; i < PR_ARRAY_SIZE(azDirs); i++) {
- zDir = azDirs[i];
- if (zDir == NULL) continue;
- if (stat(zDir, &buf)) continue;
- if (!S_ISDIR(buf.st_mode)) continue;
- if (access(zDir, 07)) continue;
- break;
- }
-
- if (zDir == NULL)
- return NULL;
- return PORT_Strdup(zDir);
-}
-#else
-#error "sdb_getFallbackTempDir not implemented"
-#endif
-
-#ifndef SQLITE_FCNTL_TEMPFILENAME
-/* SQLITE_FCNTL_TEMPFILENAME was added in SQLite 3.7.15 */
-#define SQLITE_FCNTL_TEMPFILENAME 16
-#endif
-
-static char *
-sdb_getTempDir(sqlite3 *sqlDB)
-{
- int sqlrv;
- char *result = NULL;
- char *tempName = NULL;
- char *foundSeparator = NULL;
-
- /* Obtain temporary filename in sqlite's directory for temporary tables */
- sqlrv = sqlite3_file_control(sqlDB, 0, SQLITE_FCNTL_TEMPFILENAME,
- (void*)&tempName);
- if (sqlrv == SQLITE_NOTFOUND) {
- /* SQLITE_FCNTL_TEMPFILENAME not implemented because we are using
- * an older SQLite. */
- return sdb_getFallbackTempDir();
- }
- if (sqlrv != SQLITE_OK) {
- return NULL;
- }
-
- /* We'll extract the temporary directory from tempName */
- foundSeparator = PORT_Strrchr(tempName, PR_GetDirectorySeparator());
- if (foundSeparator) {
- /* We shorten the temp filename string to contain only
- * the directory name (including the trailing separator).
- * We know the byte after the foundSeparator position is
- * safe to use, in the shortest scenario it contains the
- * end-of-string byte.
- * By keeping the separator at the found position, it will
- * even work if tempDir consists of the separator, only.
- * (In this case the toplevel directory will be used for
- * access speed testing). */
- ++foundSeparator;
- *foundSeparator = 0;
-
- /* Now we copy the directory name for our caller */
- result = PORT_Strdup(tempName);
- }
-
- sqlite3_free(tempName);
- return result;
-}
-
-/*
- * Map SQL_LITE errors to PKCS #11 errors as best we can.
- */
-static CK_RV
-sdb_mapSQLError(sdbDataType type, int sqlerr)
-{
- switch (sqlerr) {
- /* good matches */
- case SQLITE_OK:
- case SQLITE_DONE:
- return CKR_OK;
- case SQLITE_NOMEM:
- return CKR_HOST_MEMORY;
- case SQLITE_READONLY:
- return CKR_TOKEN_WRITE_PROTECTED;
- /* close matches */
- case SQLITE_AUTH:
- case SQLITE_PERM:
- /*return CKR_USER_NOT_LOGGED_IN; */
- case SQLITE_CANTOPEN:
- case SQLITE_NOTFOUND:
- /* NSS distiguishes between failure to open the cert and the key db */
- return type == SDB_CERT ?
- CKR_NETSCAPE_CERTDB_FAILED : CKR_NETSCAPE_KEYDB_FAILED;
- case SQLITE_IOERR:
- return CKR_DEVICE_ERROR;
- default:
- break;
- }
- return CKR_GENERAL_ERROR;
-}
-
-
-/*
- * build up database name from a directory, prefix, name, version and flags.
- */
-static char *sdb_BuildFileName(const char * directory,
- const char *prefix, const char *type,
- int version)
-{
- char *dbname = NULL;
- /* build the full dbname */
- dbname = sqlite3_mprintf("%s%c%s%s%d.db", directory,
- (int)(unsigned char)PR_GetDirectorySeparator(),
- prefix, type, version);
- return dbname;
-}
-
-
-/*
- * find out how expensive the access system call is for non-existant files
- * in the given directory. Return the number of operations done in 33 ms.
- */
-static PRUint32
-sdb_measureAccess(const char *directory)
-{
- PRUint32 i;
- PRIntervalTime time;
- PRIntervalTime delta;
- PRIntervalTime duration = PR_MillisecondsToInterval(33);
- const char *doesntExistName = "_dOeSnotExist_.db";
- char *temp, *tempStartOfFilename;
- size_t maxTempLen, maxFileNameLen, directoryLength;
-
- /* no directory, just return one */
- if (directory == NULL) {
- return 1;
- }
-
- /* our calculation assumes time is a 4 bytes == 32 bit integer */
- PORT_Assert(sizeof(time) == 4);
-
- directoryLength = strlen(directory);
-
- maxTempLen = directoryLength + strlen(doesntExistName)
- + 1 /* potential additional separator char */
- + 11 /* max chars for 32 bit int plus potential sign */
- + 1; /* zero terminator */
-
- temp = PORT_Alloc(maxTempLen);
- if (!temp) {
- return 1;
- }
-
- /* We'll copy directory into temp just once, then ensure it ends
- * with the directory separator, then remember the position after
- * the separator, and calculate the number of remaining bytes. */
-
- strcpy(temp, directory);
- if (directory[directoryLength - 1] != PR_GetDirectorySeparator()) {
- temp[directoryLength++] = PR_GetDirectorySeparator();
- }
- tempStartOfFilename = temp + directoryLength;
- maxFileNameLen = maxTempLen - directoryLength;
-
- /* measure number of Access operations that can be done in 33 milliseconds
- * (1/30'th of a second), or 10000 operations, which ever comes first.
- */
- time = PR_IntervalNow();
- for (i=0; i < 10000u; i++) {
- PRIntervalTime next;
-
- /* We'll use the variable part first in the filename string, just in
- * case it's longer than assumed, so if anything gets cut off, it
- * will be cut off from the constant part.
- * This code assumes the directory name at the beginning of
- * temp remains unchanged during our loop. */
- PR_snprintf(tempStartOfFilename, maxFileNameLen,
- ".%lu%s", (PRUint32)(time+i), doesntExistName);
- PR_Access(temp,PR_ACCESS_EXISTS);
- next = PR_IntervalNow();
- delta = next - time;
- if (delta >= duration)
- break;
- }
-
- PORT_Free(temp);
-
- /* always return 1 or greater */
- return i ? i : 1u;
-}
-
-/*
- * some file sytems are very slow to run sqlite3 on, particularly if the
- * access count is pretty high. On these filesystems is faster to create
- * a temporary database on the local filesystem and access that. This
- * code uses a temporary table to create that cache. Temp tables are
- * automatically cleared when the database handle it was created on
- * Is freed.
- */
-static const char DROP_CACHE_CMD[] = "DROP TABLE %s";
-static const char CREATE_CACHE_CMD[] =
- "CREATE TEMPORARY TABLE %s AS SELECT * FROM %s";
-static const char CREATE_ISSUER_INDEX_CMD[] =
- "CREATE INDEX issuer ON %s (a81)";
-static const char CREATE_SUBJECT_INDEX_CMD[] =
- "CREATE INDEX subject ON %s (a101)";
-static const char CREATE_LABEL_INDEX_CMD[] = "CREATE INDEX label ON %s (a3)";
-static const char CREATE_ID_INDEX_CMD[] = "CREATE INDEX ckaid ON %s (a102)";
-
-static CK_RV
-sdb_buildCache(sqlite3 *sqlDB, sdbDataType type,
- const char *cacheTable, const char *table)
-{
- char *newStr;
- int sqlerr = SQLITE_OK;
-
- newStr = sqlite3_mprintf(CREATE_CACHE_CMD, cacheTable, table);
- if (newStr == NULL) {
- return CKR_HOST_MEMORY;
- }
- sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
- sqlite3_free(newStr);
- if (sqlerr != SQLITE_OK) {
- return sdb_mapSQLError(type, sqlerr);
- }
- /* failure to create the indexes is not an issue */
- newStr = sqlite3_mprintf(CREATE_ISSUER_INDEX_CMD, cacheTable);
- if (newStr == NULL) {
- return CKR_OK;
- }
- sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
- sqlite3_free(newStr);
- newStr = sqlite3_mprintf(CREATE_SUBJECT_INDEX_CMD, cacheTable);
- if (newStr == NULL) {
- return CKR_OK;
- }
- sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
- sqlite3_free(newStr);
- newStr = sqlite3_mprintf(CREATE_LABEL_INDEX_CMD, cacheTable);
- if (newStr == NULL) {
- return CKR_OK;
- }
- sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
- sqlite3_free(newStr);
- newStr = sqlite3_mprintf(CREATE_ID_INDEX_CMD, cacheTable);
- if (newStr == NULL) {
- return CKR_OK;
- }
- sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
- sqlite3_free(newStr);
- return CKR_OK;
-}
-
-/*
- * update the cache and the data records describing it.
- * The cache is updated by dropping the temp database and recreating it.
- */
-static CK_RV
-sdb_updateCache(SDBPrivate *sdb_p)
-{
- int sqlerr = SQLITE_OK;
- CK_RV error = CKR_OK;
- char *newStr;
-
- /* drop the old table */
- newStr = sqlite3_mprintf(DROP_CACHE_CMD, sdb_p->cacheTable);
- if (newStr == NULL) {
- return CKR_HOST_MEMORY;
- }
- sqlerr = sqlite3_exec(sdb_p->sqlReadDB, newStr, NULL, 0, NULL);
- sqlite3_free(newStr);
- if ((sqlerr != SQLITE_OK) && (sqlerr != SQLITE_ERROR )) {
- /* something went wrong with the drop, don't try to refresh...
- * NOTE: SQLITE_ERROR is returned if the table doesn't exist. In
- * that case, we just continue on and try to reload it */
- return sdb_mapSQLError(sdb_p->type, sqlerr);
- }
-
-
- /* set up the new table */
- error = sdb_buildCache(sdb_p->sqlReadDB,sdb_p->type,
- sdb_p->cacheTable,sdb_p->table );
- if (error == CKR_OK) {
- /* we have a new cache! */
- sdb_p->lastUpdateTime = PR_IntervalNow();
- }
- return error;
-}
-
-/*
- * The sharing of sqlite3 handles across threads is tricky. Older versions
- * couldn't at all, but newer ones can under strict conditions. Basically
- * no 2 threads can use the same handle while another thread has an open
- * stmt running. Once the sqlite3_stmt is finalized, another thread can then
- * use the database handle.
- *
- * We use monitors to protect against trying to use a database before
- * it's sqlite3_stmt is finalized. This is preferable to the opening and
- * closing the database each operation because there is significant overhead
- * in the open and close. Also continually opening and closing the database
- * defeats the cache code as the cache table is lost on close (thus
- * requiring us to have to reinitialize the cache every operation).
- *
- * An execption to the shared handle is transations. All writes happen
- * through a transaction. When we are in a transaction, we must use the
- * same database pointer for that entire transation. In this case we save
- * the transaction database and use it for all accesses on the transaction
- * thread. Other threads use the common database.
- *
- * There can only be once active transaction on the database at a time.
- *
- * sdb_openDBLocal() provides us with a valid database handle for whatever
- * state we are in (reading or in a transaction), and acquires any locks
- * appropriate to that state. It also decides when it's time to refresh
- * the cache before we start an operation. Any database handle returned
- * just eventually be closed with sdb_closeDBLocal().
- *
- * The table returned either points to the database's physical table, or
- * to the cached shadow. Tranactions always return the physical table
- * and read operations return either the physical table or the cache
- * depending on whether or not the cache exists.
- */
-static CK_RV
-sdb_openDBLocal(SDBPrivate *sdb_p, sqlite3 **sqlDB, const char **table)
-{
- *sqlDB = NULL;
-
- PR_EnterMonitor(sdb_p->dbMon);
-
- if (table) {
- *table = sdb_p->table;
- }
-
- /* We're in a transaction, use the transaction DB */
- if ((sdb_p->sqlXactDB) && (sdb_p->sqlXactThread == PR_GetCurrentThread())) {
- *sqlDB =sdb_p->sqlXactDB;
- /* only one thread can get here, safe to unlock */
- PR_ExitMonitor(sdb_p->dbMon);
- return CKR_OK;
- }
-
- /*
- * if we are just reading from the table, we may have the table
- * cached in a temporary table (especially if it's on a shared FS).
- * In that case we want to see updates to the table, the the granularity
- * is on order of human scale, not computer scale.
- */
- if (table && sdb_p->cacheTable) {
- PRIntervalTime now = PR_IntervalNow();
- if ((now - sdb_p->lastUpdateTime) > sdb_p->updateInterval) {
- sdb_updateCache(sdb_p);
- }
- *table = sdb_p->cacheTable;
- }
-
- *sqlDB = sdb_p->sqlReadDB;
-
- /* leave holding the lock. only one thread can actually use a given
- * database connection at once */
-
- return CKR_OK;
-}
-
-/* closing the local database currenly means unlocking the monitor */
-static CK_RV
-sdb_closeDBLocal(SDBPrivate *sdb_p, sqlite3 *sqlDB)
-{
- if (sdb_p->sqlXactDB != sqlDB) {
- /* if we weren't in a transaction, we got a lock */
- PR_ExitMonitor(sdb_p->dbMon);
- }
- return CKR_OK;
-}
-
-
-/*
- * wrapper to sqlite3_open which also sets the busy_timeout
- */
-static int
-sdb_openDB(const char *name, sqlite3 **sqlDB, int flags)
-{
- int sqlerr;
- /*
- * in sqlite3 3.5.0, there is a new open call that allows us
- * to specify read only. Most new OS's are still on 3.3.x (including
- * NSS's internal version and the version shipped with Firefox).
- */
- *sqlDB = NULL;
- sqlerr = sqlite3_open(name, sqlDB);
- if (sqlerr != SQLITE_OK) {
- return sqlerr;
- }
-
- sqlerr = sqlite3_busy_timeout(*sqlDB, SDB_SQLITE_BUSY_TIMEOUT);
- if (sqlerr != SQLITE_OK) {
- sqlite3_close(*sqlDB);
- *sqlDB = NULL;
- return sqlerr;
- }
- return SQLITE_OK;
-}
-
-/* Sigh, if we created a new table since we opened the database,
- * the database handle will not see the new table, we need to close this
- * database and reopen it. Caller must be in a transaction or holding
- * the dbMon. sqlDB is changed on success. */
-static int
-sdb_reopenDBLocal(SDBPrivate *sdb_p, sqlite3 **sqlDB) {
- sqlite3 *newDB;
- int sqlerr;
-
- /* open a new database */
- sqlerr = sdb_openDB(sdb_p->sqlDBName, &newDB, SDB_RDONLY);
- if (sqlerr != SQLITE_OK) {
- return sqlerr;
- }
-
- /* if we are in a transaction, we may not be holding the monitor.
- * grab it before we update the transaction database. This is
- * safe since are using monitors. */
- PR_EnterMonitor(sdb_p->dbMon);
- /* update our view of the database */
- if (sdb_p->sqlReadDB == *sqlDB) {
- sdb_p->sqlReadDB = newDB;
- } else if (sdb_p->sqlXactDB == *sqlDB) {
- sdb_p->sqlXactDB = newDB;
- }
- PR_ExitMonitor(sdb_p->dbMon);
-
- /* close the old one */
- sqlite3_close(*sqlDB);
-
- *sqlDB = newDB;
- return SQLITE_OK;
-}
-
-struct SDBFindStr {
- sqlite3 *sqlDB;
- sqlite3_stmt *findstmt;
-};
-
-
-static const char FIND_OBJECTS_CMD[] = "SELECT ALL * FROM %s WHERE %s;";
-static const char FIND_OBJECTS_ALL_CMD[] = "SELECT ALL * FROM %s;";
-CK_RV
-sdb_FindObjectsInit(SDB *sdb, const CK_ATTRIBUTE *template, CK_ULONG count,
- SDBFind **find)
-{
- SDBPrivate *sdb_p = sdb->private;
- sqlite3 *sqlDB = NULL;
- const char *table;
- char *newStr, *findStr = NULL;
- sqlite3_stmt *findstmt = NULL;
- char *join="";
- int sqlerr = SQLITE_OK;
- CK_RV error = CKR_OK;
- unsigned int i;
-
- LOCK_SQLITE()
- *find = NULL;
- error = sdb_openDBLocal(sdb_p, &sqlDB, &table);
- if (error != CKR_OK) {
- goto loser;
- }
-
- findStr = sqlite3_mprintf("");
- for (i=0; findStr && i < count; i++) {
- newStr = sqlite3_mprintf("%s%sa%x=$DATA%d", findStr, join,
- template[i].type, i);
- join=" AND ";
- sqlite3_free(findStr);
- findStr = newStr;
- }
-
- if (findStr == NULL) {
- error = CKR_HOST_MEMORY;
- goto loser;
- }
-
- if (count == 0) {
- newStr = sqlite3_mprintf(FIND_OBJECTS_ALL_CMD, table);
- } else {
- newStr = sqlite3_mprintf(FIND_OBJECTS_CMD, table, findStr);
- }
- sqlite3_free(findStr);
- if (newStr == NULL) {
- error = CKR_HOST_MEMORY;
- goto loser;
- }
- sqlerr = sqlite3_prepare_v2(sqlDB, newStr, -1, &findstmt, NULL);
- sqlite3_free(newStr);
- for (i=0; sqlerr == SQLITE_OK && i < count; i++) {
- const void *blobData = template[i].pValue;
- unsigned int blobSize = template[i].ulValueLen;
- if (blobSize == 0) {
- blobSize = SQLITE_EXPLICIT_NULL_LEN;
- blobData = SQLITE_EXPLICIT_NULL;
- }
- sqlerr = sqlite3_bind_blob(findstmt, i+1, blobData, blobSize,
- SQLITE_TRANSIENT);
- }
- if (sqlerr == SQLITE_OK) {
- *find = PORT_New(SDBFind);
- if (*find == NULL) {
- error = CKR_HOST_MEMORY;
- goto loser;
- }
- (*find)->findstmt = findstmt;
- (*find)->sqlDB = sqlDB;
- UNLOCK_SQLITE()
- return CKR_OK;
- }
- error = sdb_mapSQLError(sdb_p->type, sqlerr);
-
-loser:
- if (findstmt) {
- sqlite3_reset(findstmt);
- sqlite3_finalize(findstmt);
- }
- if (sqlDB) {
- sdb_closeDBLocal(sdb_p, sqlDB) ;
- }
- UNLOCK_SQLITE()
- return error;
-}
-
-
-CK_RV
-sdb_FindObjects(SDB *sdb, SDBFind *sdbFind, CK_OBJECT_HANDLE *object,
- CK_ULONG arraySize, CK_ULONG *count)
-{
- SDBPrivate *sdb_p = sdb->private;
- sqlite3_stmt *stmt = sdbFind->findstmt;
- int sqlerr = SQLITE_OK;
- int retry = 0;
-
- *count = 0;
-
- if (arraySize == 0) {
- return CKR_OK;
- }
- LOCK_SQLITE()
-
- do {
- sqlerr = sqlite3_step(stmt);
- if (sqlerr == SQLITE_BUSY) {
- PR_Sleep(SDB_BUSY_RETRY_TIME);
- }
- if (sqlerr == SQLITE_ROW) {
- /* only care about the id */
- *object++= sqlite3_column_int(stmt, 0);
- arraySize--;
- (*count)++;
- }
- } while (!sdb_done(sqlerr,&retry) && (arraySize > 0));
-
- /* we only have some of the objects, there is probably more,
- * set the sqlerr to an OK value so we return CKR_OK */
- if (sqlerr == SQLITE_ROW && arraySize == 0) {
- sqlerr = SQLITE_DONE;
- }
- UNLOCK_SQLITE()
-
- return sdb_mapSQLError(sdb_p->type, sqlerr);
-}
-
-CK_RV
-sdb_FindObjectsFinal(SDB *sdb, SDBFind *sdbFind)
-{
- SDBPrivate *sdb_p = sdb->private;
- sqlite3_stmt *stmt = sdbFind->findstmt;
- sqlite3 *sqlDB = sdbFind->sqlDB;
- int sqlerr = SQLITE_OK;
-
- LOCK_SQLITE()
- if (stmt) {
- sqlite3_reset(stmt);
- sqlerr = sqlite3_finalize(stmt);
- }
- if (sqlDB) {
- sdb_closeDBLocal(sdb_p, sqlDB) ;
- }
- PORT_Free(sdbFind);
-
- UNLOCK_SQLITE()
- return sdb_mapSQLError(sdb_p->type, sqlerr);
-}
-
-static const char GET_ATTRIBUTE_CMD[] = "SELECT ALL %s FROM %s WHERE id=$ID;";
-CK_RV
-sdb_GetAttributeValueNoLock(SDB *sdb, CK_OBJECT_HANDLE object_id,
- CK_ATTRIBUTE *template, CK_ULONG count)
-{
- SDBPrivate *sdb_p = sdb->private;
- sqlite3 *sqlDB = NULL;
- sqlite3_stmt *stmt = NULL;
- char *getStr = NULL;
- char *newStr = NULL;
- const char *table = NULL;
- int sqlerr = SQLITE_OK;
- CK_RV error = CKR_OK;
- int found = 0;
- int retry = 0;
- unsigned int i;
-
-
- /* open a new db if necessary */
- error = sdb_openDBLocal(sdb_p, &sqlDB, &table);
- if (error != CKR_OK) {
- goto loser;
- }
-
- for (i=0; i < count; i++) {
- getStr = sqlite3_mprintf("a%x", template[i].type);
-
- if (getStr == NULL) {
- error = CKR_HOST_MEMORY;
- goto loser;
- }
-
- newStr = sqlite3_mprintf(GET_ATTRIBUTE_CMD, getStr, table);
- sqlite3_free(getStr);
- getStr = NULL;
- if (newStr == NULL) {
- error = CKR_HOST_MEMORY;
- goto loser;
- }
-
- sqlerr = sqlite3_prepare_v2(sqlDB, newStr, -1, &stmt, NULL);
- sqlite3_free(newStr);
- newStr = NULL;
- if (sqlerr == SQLITE_ERROR) {
- template[i].ulValueLen = -1;
- error = CKR_ATTRIBUTE_TYPE_INVALID;
- continue;
- } else if (sqlerr != SQLITE_OK) { goto loser; }
-
- sqlerr = sqlite3_bind_int(stmt, 1, object_id);
- if (sqlerr != SQLITE_OK) { goto loser; }
-
- do {
- sqlerr = sqlite3_step(stmt);
- if (sqlerr == SQLITE_BUSY) {
- PR_Sleep(SDB_BUSY_RETRY_TIME);
- }
- if (sqlerr == SQLITE_ROW) {
- unsigned int blobSize;
- const char *blobData;
-
- blobSize = sqlite3_column_bytes(stmt, 0);
- blobData = sqlite3_column_blob(stmt, 0);
- if (blobData == NULL) {
- template[i].ulValueLen = -1;
- error = CKR_ATTRIBUTE_TYPE_INVALID;
- break;
- }
- /* If the blob equals our explicit NULL value, then the
- * attribute is a NULL. */
- if ((blobSize == SQLITE_EXPLICIT_NULL_LEN) &&
- (PORT_Memcmp(blobData, SQLITE_EXPLICIT_NULL,
- SQLITE_EXPLICIT_NULL_LEN) == 0)) {
- blobSize = 0;
- }
- if (template[i].pValue) {
- if (template[i].ulValueLen < blobSize) {
- template[i].ulValueLen = -1;
- error = CKR_BUFFER_TOO_SMALL;
- break;
- }
- PORT_Memcpy(template[i].pValue, blobData, blobSize);
- }
- template[i].ulValueLen = blobSize;
- found = 1;
- }
- } while (!sdb_done(sqlerr,&retry));
- sqlite3_reset(stmt);
- sqlite3_finalize(stmt);
- stmt = NULL;
- }
-
-loser:
- /* fix up the error if necessary */
- if (error == CKR_OK) {
- error = sdb_mapSQLError(sdb_p->type, sqlerr);
- if (!found && error == CKR_OK) {
- error = CKR_OBJECT_HANDLE_INVALID;
- }
- }
-
- if (stmt) {
- sqlite3_reset(stmt);
- sqlite3_finalize(stmt);
- }
-
- /* if we had to open a new database, free it now */
- if (sqlDB) {
- sdb_closeDBLocal(sdb_p, sqlDB) ;
- }
- return error;
-}
-
-CK_RV
-sdb_GetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE object_id,
- CK_ATTRIBUTE *template, CK_ULONG count)
-{
- CK_RV crv;
-
- if (count == 0) {
- return CKR_OK;
- }
-
- LOCK_SQLITE()
- crv = sdb_GetAttributeValueNoLock(sdb, object_id, template, count);
- UNLOCK_SQLITE()
- return crv;
-}
-
-static const char SET_ATTRIBUTE_CMD[] = "UPDATE %s SET %s WHERE id=$ID;";
-CK_RV
-sdb_SetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE object_id,
- const CK_ATTRIBUTE *template, CK_ULONG count)
-{
- SDBPrivate *sdb_p = sdb->private;
- sqlite3 *sqlDB = NULL;
- sqlite3_stmt *stmt = NULL;
- char *setStr = NULL;
- char *newStr = NULL;
- int sqlerr = SQLITE_OK;
- int retry = 0;
- CK_RV error = CKR_OK;
- unsigned int i;
-
- if ((sdb->sdb_flags & SDB_RDONLY) != 0) {
- return CKR_TOKEN_WRITE_PROTECTED;
- }
-
- if (count == 0) {
- return CKR_OK;
- }
-
- LOCK_SQLITE()
- setStr = sqlite3_mprintf("");
- for (i=0; setStr && i < count; i++) {
- if (i==0) {
- sqlite3_free(setStr);
- setStr = sqlite3_mprintf("a%x=$VALUE%d",
- template[i].type, i);
- continue;
- }
- newStr = sqlite3_mprintf("%s,a%x=$VALUE%d", setStr,
- template[i].type, i);
- sqlite3_free(setStr);
- setStr = newStr;
- }
- newStr = NULL;
-
- if (setStr == NULL) {
- return CKR_HOST_MEMORY;
- }
- newStr = sqlite3_mprintf(SET_ATTRIBUTE_CMD, sdb_p->table, setStr);
- sqlite3_free(setStr);
- if (newStr == NULL) {
- UNLOCK_SQLITE()
- return CKR_HOST_MEMORY;
- }
- error = sdb_openDBLocal(sdb_p, &sqlDB, NULL);
- if (error != CKR_OK) {
- goto loser;
- }
- sqlerr = sqlite3_prepare_v2(sqlDB, newStr, -1, &stmt, NULL);
- if (sqlerr != SQLITE_OK) goto loser;
- for (i=0; i < count; i++) {
- if (template[i].ulValueLen != 0) {
- sqlerr = sqlite3_bind_blob(stmt, i+1, template[i].pValue,
- template[i].ulValueLen, SQLITE_STATIC);
- } else {
- sqlerr = sqlite3_bind_blob(stmt, i+2, SQLITE_EXPLICIT_NULL,
- SQLITE_EXPLICIT_NULL_LEN, SQLITE_STATIC);
- }
- if (sqlerr != SQLITE_OK) goto loser;
- }
- sqlerr = sqlite3_bind_int(stmt, i+1, object_id);
- if (sqlerr != SQLITE_OK) goto loser;
-
- do {
- sqlerr = sqlite3_step(stmt);
- if (sqlerr == SQLITE_BUSY) {
- PR_Sleep(SDB_BUSY_RETRY_TIME);
- }
- } while (!sdb_done(sqlerr,&retry));
-
-loser:
- if (newStr) {
- sqlite3_free(newStr);
- }
- if (error == CKR_OK) {
- error = sdb_mapSQLError(sdb_p->type, sqlerr);
- }
-
- if (stmt) {
- sqlite3_reset(stmt);
- sqlite3_finalize(stmt);
- }
-
- if (sqlDB) {
- sdb_closeDBLocal(sdb_p, sqlDB) ;
- }
-
- UNLOCK_SQLITE()
- return error;
-}
-
-/*
- * check to see if a candidate object handle already exists.
- */
-static PRBool
-sdb_objectExists(SDB *sdb, CK_OBJECT_HANDLE candidate)
-{
- CK_RV crv;
- CK_ATTRIBUTE template = { CKA_LABEL, NULL, 0 };
-
- crv = sdb_GetAttributeValueNoLock(sdb,candidate,&template, 1);
- if (crv == CKR_OBJECT_HANDLE_INVALID) {
- return PR_FALSE;
- }
- return PR_TRUE;
-}
-
-/*
- * if we're here, we are in a transaction, so it's safe
- * to examine the current state of the database
- */
-static CK_OBJECT_HANDLE
-sdb_getObjectId(SDB *sdb)
-{
- CK_OBJECT_HANDLE candidate;
- static CK_OBJECT_HANDLE next_obj = CK_INVALID_HANDLE;
- int count;
- /*
- * get an initial object handle to use
- */
- if (next_obj == CK_INVALID_HANDLE) {
- PRTime time;
- time = PR_Now();
-
- next_obj = (CK_OBJECT_HANDLE)(time & 0x3fffffffL);
- }
- candidate = next_obj++;
- /* detect that we've looped through all the handles... */
- for (count = 0; count < 0x40000000; count++, candidate = next_obj++) {
- /* mask off excess bits */
- candidate &= 0x3fffffff;
- /* if we hit zero, go to the next entry */
- if (candidate == CK_INVALID_HANDLE) {
- continue;
- }
- /* make sure we aren't already using */
- if (!sdb_objectExists(sdb, candidate)) {
- /* this one is free */
- return candidate;
- }
- }
-
- /* no handle is free, fail */
- return CK_INVALID_HANDLE;
-}
-
-static const char CREATE_CMD[] = "INSERT INTO %s (id%s) VALUES($ID%s);";
-CK_RV
-sdb_CreateObject(SDB *sdb, CK_OBJECT_HANDLE *object_id,
- const CK_ATTRIBUTE *template, CK_ULONG count)
-{
- SDBPrivate *sdb_p = sdb->private;
- sqlite3 *sqlDB = NULL;
- sqlite3_stmt *stmt = NULL;
- char *columnStr = NULL;
- char *valueStr = NULL;
- char *newStr = NULL;
- int sqlerr = SQLITE_OK;
- CK_RV error = CKR_OK;
- CK_OBJECT_HANDLE this_object = CK_INVALID_HANDLE;
- int retry = 0;
- unsigned int i;
-
- if ((sdb->sdb_flags & SDB_RDONLY) != 0) {
- return CKR_TOKEN_WRITE_PROTECTED;
- }
-
- LOCK_SQLITE()
- if ((*object_id != CK_INVALID_HANDLE) &&
- !sdb_objectExists(sdb, *object_id)) {
- this_object = *object_id;
- } else {
- this_object = sdb_getObjectId(sdb);
- }
- if (this_object == CK_INVALID_HANDLE) {
- UNLOCK_SQLITE();
- return CKR_HOST_MEMORY;
- }
- columnStr = sqlite3_mprintf("");
- valueStr = sqlite3_mprintf("");
- *object_id = this_object;
- for (i=0; columnStr && valueStr && i < count; i++) {
- newStr = sqlite3_mprintf("%s,a%x", columnStr, template[i].type);
- sqlite3_free(columnStr);
- columnStr = newStr;
- newStr = sqlite3_mprintf("%s,$VALUE%d", valueStr, i);
- sqlite3_free(valueStr);
- valueStr = newStr;
- }
- newStr = NULL;
- if ((columnStr == NULL) || (valueStr == NULL)) {
- if (columnStr) {
- sqlite3_free(columnStr);
- }
- if (valueStr) {
- sqlite3_free(valueStr);
- }
- UNLOCK_SQLITE()
- return CKR_HOST_MEMORY;
- }
- newStr = sqlite3_mprintf(CREATE_CMD, sdb_p->table, columnStr, valueStr);
- sqlite3_free(columnStr);
- sqlite3_free(valueStr);
- error = sdb_openDBLocal(sdb_p, &sqlDB, NULL);
- if (error != CKR_OK) {
- goto loser;
- }
- sqlerr = sqlite3_prepare_v2(sqlDB, newStr, -1, &stmt, NULL);
- if (sqlerr != SQLITE_OK) goto loser;
- sqlerr = sqlite3_bind_int(stmt, 1, *object_id);
- if (sqlerr != SQLITE_OK) goto loser;
- for (i=0; i < count; i++) {
- if (template[i].ulValueLen) {
- sqlerr = sqlite3_bind_blob(stmt, i+2, template[i].pValue,
- template[i].ulValueLen, SQLITE_STATIC);
- } else {
- sqlerr = sqlite3_bind_blob(stmt, i+2, SQLITE_EXPLICIT_NULL,
- SQLITE_EXPLICIT_NULL_LEN, SQLITE_STATIC);
- }
- if (sqlerr != SQLITE_OK) goto loser;
- }
-
- do {
- sqlerr = sqlite3_step(stmt);
- if (sqlerr == SQLITE_BUSY) {
- PR_Sleep(SDB_BUSY_RETRY_TIME);
- }
- } while (!sdb_done(sqlerr,&retry));
-
-loser:
- if (newStr) {
- sqlite3_free(newStr);
- }
- if (error == CKR_OK) {
- error = sdb_mapSQLError(sdb_p->type, sqlerr);
- }
-
- if (stmt) {
- sqlite3_reset(stmt);
- sqlite3_finalize(stmt);
- }
-
- if (sqlDB) {
- sdb_closeDBLocal(sdb_p, sqlDB) ;
- }
- UNLOCK_SQLITE()
-
- return error;
-}
-
-static const char DESTROY_CMD[] = "DELETE FROM %s WHERE (id=$ID);";
-CK_RV
-sdb_DestroyObject(SDB *sdb, CK_OBJECT_HANDLE object_id)
-{
- SDBPrivate *sdb_p = sdb->private;
- sqlite3 *sqlDB = NULL;
- sqlite3_stmt *stmt = NULL;
- char *newStr = NULL;
- int sqlerr = SQLITE_OK;
- CK_RV error = CKR_OK;
- int retry = 0;
-
- if ((sdb->sdb_flags & SDB_RDONLY) != 0) {
- return CKR_TOKEN_WRITE_PROTECTED;
- }
-
- LOCK_SQLITE()
- error = sdb_openDBLocal(sdb_p, &sqlDB, NULL);
- if (error != CKR_OK) {
- goto loser;
- }
- newStr = sqlite3_mprintf(DESTROY_CMD, sdb_p->table);
- if (newStr == NULL) {
- error = CKR_HOST_MEMORY;
- goto loser;
- }
- sqlerr =sqlite3_prepare_v2(sqlDB, newStr, -1, &stmt, NULL);
- sqlite3_free(newStr);
- if (sqlerr != SQLITE_OK) goto loser;
- sqlerr =sqlite3_bind_int(stmt, 1, object_id);
- if (sqlerr != SQLITE_OK) goto loser;
-
- do {
- sqlerr = sqlite3_step(stmt);
- if (sqlerr == SQLITE_BUSY) {
- PR_Sleep(SDB_BUSY_RETRY_TIME);
- }
- } while (!sdb_done(sqlerr,&retry));
-
-loser:
- if (error == CKR_OK) {
- error = sdb_mapSQLError(sdb_p->type, sqlerr);
- }
-
- if (stmt) {
- sqlite3_reset(stmt);
- sqlite3_finalize(stmt);
- }
-
- if (sqlDB) {
- sdb_closeDBLocal(sdb_p, sqlDB) ;
- }
-
- UNLOCK_SQLITE()
- return error;
-}
-
-static const char BEGIN_CMD[] = "BEGIN IMMEDIATE TRANSACTION;";
-/*
- * start a transaction.
- *
- * We need to open a new database, then store that new database into
- * the private data structure. We open the database first, then use locks
- * to protect storing the data to prevent deadlocks.
- */
-CK_RV
-sdb_Begin(SDB *sdb)
-{
- SDBPrivate *sdb_p = sdb->private;
- sqlite3 *sqlDB = NULL;
- sqlite3_stmt *stmt = NULL;
- int sqlerr = SQLITE_OK;
- CK_RV error = CKR_OK;
- int retry = 0;
-
-
- if ((sdb->sdb_flags & SDB_RDONLY) != 0) {
- return CKR_TOKEN_WRITE_PROTECTED;
- }
-
-
- LOCK_SQLITE()
-
- /* get a new version that we will use for the entire transaction */
- sqlerr = sdb_openDB(sdb_p->sqlDBName, &sqlDB, SDB_RDWR);
- if (sqlerr != SQLITE_OK) {
- goto loser;
- }
-
- sqlerr =sqlite3_prepare_v2(sqlDB, BEGIN_CMD, -1, &stmt, NULL);
-
- do {
- sqlerr = sqlite3_step(stmt);
- if (sqlerr == SQLITE_BUSY) {
- PR_Sleep(SDB_BUSY_RETRY_TIME);
- }
- } while (!sdb_done(sqlerr,&retry));
-
- if (stmt) {
- sqlite3_reset(stmt);
- sqlite3_finalize(stmt);
- }
-
-loser:
- error = sdb_mapSQLError(sdb_p->type, sqlerr);
-
- /* we are starting a new transaction,
- * and if we succeeded, then save this database for the rest of
- * our transaction */
- if (error == CKR_OK) {
- /* we hold a 'BEGIN TRANSACTION' and a sdb_p->lock. At this point
- * sdb_p->sqlXactDB MUST be null */
- PR_EnterMonitor(sdb_p->dbMon);
- PORT_Assert(sdb_p->sqlXactDB == NULL);
- sdb_p->sqlXactDB = sqlDB;
- sdb_p->sqlXactThread = PR_GetCurrentThread();
- PR_ExitMonitor(sdb_p->dbMon);
- } else {
- /* we failed to start our transaction,
- * free any databases we opened. */
- if (sqlDB) {
- sqlite3_close(sqlDB);
- }
- }
-
- UNLOCK_SQLITE()
- return error;
-}
-
-/*
- * Complete a transaction. Basically undo everything we did in begin.
- * There are 2 flavors Abort and Commit. Basically the only differerence between
- * these 2 are what the database will show. (no change in to former, change in
- * the latter).
- */
-static CK_RV
-sdb_complete(SDB *sdb, const char *cmd)
-{
- SDBPrivate *sdb_p = sdb->private;
- sqlite3 *sqlDB = NULL;
- sqlite3_stmt *stmt = NULL;
- int sqlerr = SQLITE_OK;
- CK_RV error = CKR_OK;
- int retry = 0;
-
-
- if ((sdb->sdb_flags & SDB_RDONLY) != 0) {
- return CKR_TOKEN_WRITE_PROTECTED;
- }
-
- /* We must have a transation database, or we shouldn't have arrived here */
- PR_EnterMonitor(sdb_p->dbMon);
- PORT_Assert(sdb_p->sqlXactDB);
- if (sdb_p->sqlXactDB == NULL) {
- PR_ExitMonitor(sdb_p->dbMon);
- return CKR_GENERAL_ERROR; /* shouldn't happen */
- }
- PORT_Assert( sdb_p->sqlXactThread == PR_GetCurrentThread());
- if ( sdb_p->sqlXactThread != PR_GetCurrentThread()) {
- PR_ExitMonitor(sdb_p->dbMon);
- return CKR_GENERAL_ERROR; /* shouldn't happen */
- }
- sqlDB = sdb_p->sqlXactDB;
- sdb_p->sqlXactDB = NULL; /* no one else can get to this DB,
- * safe to unlock */
- sdb_p->sqlXactThread = NULL;
- PR_ExitMonitor(sdb_p->dbMon);
-
- sqlerr =sqlite3_prepare_v2(sqlDB, cmd, -1, &stmt, NULL);
-
- do {
- sqlerr = sqlite3_step(stmt);
- if (sqlerr == SQLITE_BUSY) {
- PR_Sleep(SDB_BUSY_RETRY_TIME);
- }
- } while (!sdb_done(sqlerr,&retry));
-
- /* Pending BEGIN TRANSACTIONS Can move forward at this point. */
-
- if (stmt) {
- sqlite3_reset(stmt);
- sqlite3_finalize(stmt);
- }
-
- /* we we have a cached DB image, update it as well */
- if (sdb_p->cacheTable) {
- PR_EnterMonitor(sdb_p->dbMon);
- sdb_updateCache(sdb_p);
- PR_ExitMonitor(sdb_p->dbMon);
- }
-
- error = sdb_mapSQLError(sdb_p->type, sqlerr);
-
- /* We just finished a transaction.
- * Free the database, and remove it from the list */
- sqlite3_close(sqlDB);
-
- return error;
-}
-
-static const char COMMIT_CMD[] = "COMMIT TRANSACTION;";
-CK_RV
-sdb_Commit(SDB *sdb)
-{
- CK_RV crv;
- LOCK_SQLITE()
- crv = sdb_complete(sdb,COMMIT_CMD);
- UNLOCK_SQLITE()
- return crv;
-}
-
-static const char ROLLBACK_CMD[] = "ROLLBACK TRANSACTION;";
-CK_RV
-sdb_Abort(SDB *sdb)
-{
- CK_RV crv;
- LOCK_SQLITE()
- crv = sdb_complete(sdb,ROLLBACK_CMD);
- UNLOCK_SQLITE()
- return crv;
-}
-
-static int tableExists(sqlite3 *sqlDB, const char *tableName);
-
-static const char GET_PW_CMD[] = "SELECT ALL * FROM metaData WHERE id=$ID;";
-CK_RV
-sdb_GetMetaData(SDB *sdb, const char *id, SECItem *item1, SECItem *item2)
-{
- SDBPrivate *sdb_p = sdb->private;
- sqlite3 *sqlDB = sdb_p->sqlXactDB;
- sqlite3_stmt *stmt = NULL;
- int sqlerr = SQLITE_OK;
- CK_RV error = CKR_OK;
- int found = 0;
- int retry = 0;
-
- LOCK_SQLITE()
- error = sdb_openDBLocal(sdb_p, &sqlDB, NULL);
- if (error != CKR_OK) {
- goto loser;
- }
-
- /* handle 'test' versions of the sqlite db */
- sqlerr = sqlite3_prepare_v2(sqlDB, GET_PW_CMD, -1, &stmt, NULL);
- /* Sigh, if we created a new table since we opened the database,
- * the database handle will not see the new table, we need to close this
- * database and reopen it. This is safe because we are holding the lock
- * still. */
- if (sqlerr == SQLITE_SCHEMA) {
- sqlerr = sdb_reopenDBLocal(sdb_p, &sqlDB);
- if (sqlerr != SQLITE_OK) {
- goto loser;
- }
- sqlerr = sqlite3_prepare_v2(sqlDB, GET_PW_CMD, -1, &stmt, NULL);
- }
- if (sqlerr != SQLITE_OK) goto loser;
- sqlerr = sqlite3_bind_text(stmt, 1, id, PORT_Strlen(id), SQLITE_STATIC);
- do {
- sqlerr = sqlite3_step(stmt);
- if (sqlerr == SQLITE_BUSY) {
- PR_Sleep(SDB_BUSY_RETRY_TIME);
- }
- if (sqlerr == SQLITE_ROW) {
- const char *blobData;
- unsigned int len = item1->len;
- item1->len = sqlite3_column_bytes(stmt, 1);
- if (item1->len > len) {
- error = CKR_BUFFER_TOO_SMALL;
- continue;
- }
- blobData = sqlite3_column_blob(stmt, 1);
- PORT_Memcpy(item1->data,blobData, item1->len);
- if (item2) {
- len = item2->len;
- item2->len = sqlite3_column_bytes(stmt, 2);
- if (item2->len > len) {
- error = CKR_BUFFER_TOO_SMALL;
- continue;
- }
- blobData = sqlite3_column_blob(stmt, 2);
- PORT_Memcpy(item2->data,blobData, item2->len);
- }
- found = 1;
- }
- } while (!sdb_done(sqlerr,&retry));
-
-loser:
- /* fix up the error if necessary */
- if (error == CKR_OK) {
- error = sdb_mapSQLError(sdb_p->type, sqlerr);
- if (!found && error == CKR_OK) {
- error = CKR_OBJECT_HANDLE_INVALID;
- }
- }
-
- if (stmt) {
- sqlite3_reset(stmt);
- sqlite3_finalize(stmt);
- }
-
- if (sqlDB) {
- sdb_closeDBLocal(sdb_p, sqlDB) ;
- }
- UNLOCK_SQLITE()
-
- return error;
-}
-
-static const char PW_CREATE_TABLE_CMD[] =
- "CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);";
-static const char PW_CREATE_CMD[] =
- "INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);";
-static const char MD_CREATE_CMD[] =
- "INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);";
-CK_RV
-sdb_PutMetaData(SDB *sdb, const char *id, const SECItem *item1,
- const SECItem *item2)
-{
- SDBPrivate *sdb_p = sdb->private;
- sqlite3 *sqlDB = sdb_p->sqlXactDB;
- sqlite3_stmt *stmt = NULL;
- int sqlerr = SQLITE_OK;
- CK_RV error = CKR_OK;
- int retry = 0;
- const char *cmd = PW_CREATE_CMD;
-
- if ((sdb->sdb_flags & SDB_RDONLY) != 0) {
- return CKR_TOKEN_WRITE_PROTECTED;
- }
-
- LOCK_SQLITE()
- error = sdb_openDBLocal(sdb_p, &sqlDB, NULL);
- if (error != CKR_OK) {
- goto loser;
- }
-
- if (!tableExists(sqlDB, "metaData")) {
- sqlerr = sqlite3_exec(sqlDB, PW_CREATE_TABLE_CMD, NULL, 0, NULL);
- if (sqlerr != SQLITE_OK) goto loser;
- }
- if (item2 == NULL) {
- cmd = MD_CREATE_CMD;
- }
- sqlerr = sqlite3_prepare_v2(sqlDB, cmd, -1, &stmt, NULL);
- if (sqlerr != SQLITE_OK) goto loser;
- sqlerr = sqlite3_bind_text(stmt, 1, id, PORT_Strlen(id), SQLITE_STATIC);
- if (sqlerr != SQLITE_OK) goto loser;
- sqlerr = sqlite3_bind_blob(stmt, 2, item1->data, item1->len, SQLITE_STATIC);
- if (sqlerr != SQLITE_OK) goto loser;
- if (item2) {
- sqlerr = sqlite3_bind_blob(stmt, 3, item2->data,
- item2->len, SQLITE_STATIC);
- if (sqlerr != SQLITE_OK) goto loser;
- }
-
- do {
- sqlerr = sqlite3_step(stmt);
- if (sqlerr == SQLITE_BUSY) {
- PR_Sleep(SDB_BUSY_RETRY_TIME);
- }
- } while (!sdb_done(sqlerr,&retry));
-
-loser:
- /* fix up the error if necessary */
- if (error == CKR_OK) {
- error = sdb_mapSQLError(sdb_p->type, sqlerr);
- }
-
- if (stmt) {
- sqlite3_reset(stmt);
- sqlite3_finalize(stmt);
- }
-
- if (sqlDB) {
- sdb_closeDBLocal(sdb_p, sqlDB) ;
- }
- UNLOCK_SQLITE()
-
- return error;
-}
-
-static const char RESET_CMD[] = "DROP TABLE IF EXISTS %s;";
-CK_RV
-sdb_Reset(SDB *sdb)
-{
- SDBPrivate *sdb_p = sdb->private;
- sqlite3 *sqlDB = NULL;
- char *newStr;
- int sqlerr = SQLITE_OK;
- CK_RV error = CKR_OK;
-
- /* only Key databases can be reset */
- if (sdb_p->type != SDB_KEY) {
- return CKR_OBJECT_HANDLE_INVALID;
- }
-
- LOCK_SQLITE()
- error = sdb_openDBLocal(sdb_p, &sqlDB, NULL);
- if (error != CKR_OK) {
- goto loser;
- }
-
- /* delete the key table */
- newStr = sqlite3_mprintf(RESET_CMD, sdb_p->table);
- if (newStr == NULL) {
- error = CKR_HOST_MEMORY;
- goto loser;
- }
- sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
- sqlite3_free(newStr);
-
- if (sqlerr != SQLITE_OK) goto loser;
-
- /* delete the password entry table */
- sqlerr = sqlite3_exec(sqlDB, "DROP TABLE IF EXISTS metaData;",
- NULL, 0, NULL);
-
-loser:
- /* fix up the error if necessary */
- if (error == CKR_OK) {
- error = sdb_mapSQLError(sdb_p->type, sqlerr);
- }
-
- if (sqlDB) {
- sdb_closeDBLocal(sdb_p, sqlDB) ;
- }
-
- UNLOCK_SQLITE()
- return error;
-}
-
-
-CK_RV
-sdb_Close(SDB *sdb)
-{
- SDBPrivate *sdb_p = sdb->private;
- int sqlerr = SQLITE_OK;
- sdbDataType type = sdb_p->type;
-
- sqlerr = sqlite3_close(sdb_p->sqlReadDB);
- PORT_Free(sdb_p->sqlDBName);
- if (sdb_p->cacheTable) {
- sqlite3_free(sdb_p->cacheTable);
- }
- if (sdb_p->dbMon) {
- PR_DestroyMonitor(sdb_p->dbMon);
- }
- free(sdb_p);
- free(sdb);
- return sdb_mapSQLError(type, sqlerr);
-}
-
-
-/*
- * functions to support open
- */
-
-static const char CHECK_TABLE_CMD[] = "SELECT ALL * FROM %s LIMIT 0;";
-/* return 1 if sqlDB contains table 'tableName */
-static int tableExists(sqlite3 *sqlDB, const char *tableName)
-{
- char * cmd = sqlite3_mprintf(CHECK_TABLE_CMD, tableName);
- int sqlerr = SQLITE_OK;
-
- if (cmd == NULL) {
- return 0;
- }
-
- sqlerr = sqlite3_exec(sqlDB, cmd, NULL, 0, 0);
- sqlite3_free(cmd);
-
- return (sqlerr == SQLITE_OK) ? 1 : 0;
-}
-
-void sdb_SetForkState(PRBool forked)
-{
- /* XXXright now this is a no-op. The global fork state in the softokn3
- * shared library is already taken care of at the PKCS#11 level.
- * If and when we add fork state to the sqlite shared library and extern
- * interface, we will need to set it and reset it from here */
-}
-
-/*
- * initialize a single database
- */
-static const char INIT_CMD[] =
- "CREATE TABLE %s (id PRIMARY KEY UNIQUE ON CONFLICT ABORT%s)";
-
-CK_RV
-sdb_init(char *dbname, char *table, sdbDataType type, int *inUpdate,
- int *newInit, int flags, PRUint32 accessOps, SDB **pSdb)
-{
- int i;
- char *initStr = NULL;
- char *newStr;
- int inTransaction = 0;
- SDB *sdb = NULL;
- SDBPrivate *sdb_p = NULL;
- sqlite3 *sqlDB = NULL;
- int sqlerr = SQLITE_OK;
- CK_RV error = CKR_OK;
- char *cacheTable = NULL;
- PRIntervalTime now = 0;
- char *env;
- PRBool enableCache = PR_FALSE;
- PRBool create;
-
- *pSdb = NULL;
- *inUpdate = 0;
-
- /* sqlite3 doesn't have a flag to specify that we want to
- * open the database read only. If the db doesn't exist,
- * sqlite3 will always create it.
- */
- LOCK_SQLITE();
- create = (PR_Access(dbname, PR_ACCESS_EXISTS) != PR_SUCCESS);
- if ((flags == SDB_RDONLY) && create) {
- error = sdb_mapSQLError(type, SQLITE_CANTOPEN);
- goto loser;
- }
- sqlerr = sdb_openDB(dbname, &sqlDB, flags);
- if (sqlerr != SQLITE_OK) {
- error = sdb_mapSQLError(type, sqlerr);
- goto loser;
- }
- /* sql created the file, but it doesn't set appropriate modes for
- * a database */
- if (create) {
- /* NO NSPR call for this? :( */
- chmod (dbname, 0600);
- }
-
- if (flags != SDB_RDONLY) {
- sqlerr = sqlite3_exec(sqlDB, BEGIN_CMD, NULL, 0, NULL);
- if (sqlerr != SQLITE_OK) {
- error = sdb_mapSQLError(type, sqlerr);
- goto loser;
- }
- inTransaction = 1;
- }
- if (!tableExists(sqlDB,table)) {
- *newInit = 1;
- if (flags != SDB_CREATE) {
- error = sdb_mapSQLError(type, SQLITE_CANTOPEN);
- goto loser;
- }
- initStr = sqlite3_mprintf("");
- for (i=0; initStr && i < known_attributes_size; i++) {
- newStr = sqlite3_mprintf("%s, a%x",initStr, known_attributes[i]);
- sqlite3_free(initStr);
- initStr = newStr;
- }
- if (initStr == NULL) {
- error = CKR_HOST_MEMORY;
- goto loser;
- }
-
- newStr = sqlite3_mprintf(INIT_CMD, table, initStr);
- sqlite3_free(initStr);
- if (newStr == NULL) {
- error = CKR_HOST_MEMORY;
- goto loser;
- }
- sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
- sqlite3_free(newStr);
- if (sqlerr != SQLITE_OK) {
- error = sdb_mapSQLError(type, sqlerr);
- goto loser;
- }
-
- newStr = sqlite3_mprintf(CREATE_ISSUER_INDEX_CMD, table);
- if (newStr == NULL) {
- error = CKR_HOST_MEMORY;
- goto loser;
- }
- sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
- sqlite3_free(newStr);
- if (sqlerr != SQLITE_OK) {
- error = sdb_mapSQLError(type, sqlerr);
- goto loser;
- }
-
- newStr = sqlite3_mprintf(CREATE_SUBJECT_INDEX_CMD, table);
- if (newStr == NULL) {
- error = CKR_HOST_MEMORY;
- goto loser;
- }
- sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
- sqlite3_free(newStr);
- if (sqlerr != SQLITE_OK) {
- error = sdb_mapSQLError(type, sqlerr);
- goto loser;
- }
-
- newStr = sqlite3_mprintf(CREATE_LABEL_INDEX_CMD, table);
- if (newStr == NULL) {
- error = CKR_HOST_MEMORY;
- goto loser;
- }
- sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
- sqlite3_free(newStr);
- if (sqlerr != SQLITE_OK) {
- error = sdb_mapSQLError(type, sqlerr);
- goto loser;
- }
-
- newStr = sqlite3_mprintf(CREATE_ID_INDEX_CMD, table);
- if (newStr == NULL) {
- error = CKR_HOST_MEMORY;
- goto loser;
- }
- sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
- sqlite3_free(newStr);
- if (sqlerr != SQLITE_OK) {
- error = sdb_mapSQLError(type, sqlerr);
- goto loser;
- }
- }
- /*
- * detect the case where we have created the database, but have
- * not yet updated it.
- *
- * We only check the Key database because only the key database has
- * a metaData table. The metaData table is created when a password
- * is set, or in the case of update, when a password is supplied.
- * If no key database exists, then the update would have happened immediately
- * on noticing that the cert database didn't exist (see newInit set above).
- */
- if (type == SDB_KEY && !tableExists(sqlDB, "metaData")) {
- *newInit = 1;
- }
-
- /* access to network filesystems are significantly slower than local ones
- * for database operations. In those cases we need to create a cached copy
- * of the database in a temporary location on the local disk. SQLITE
- * already provides a way to create a temporary table and initialize it,
- * so we use it for the cache (see sdb_buildCache for how it's done).*/
-
- /*
- * we decide whether or not to use the cache based on the following input.
- *
- * NSS_SDB_USE_CACHE environment variable is non-existant or set to
- * anything other than "no" or "yes" ("auto", for instance).
- * This is the normal case. NSS will measure the performance of access
- * to the temp database versus the access to the users passed in
- * database location. If the temp database location is "significantly"
- * faster we will use the cache.
- *
- * NSS_SDB_USE_CACHE environment variable is set to "no": cache will not
- * be used.
- *
- * NSS_SDB_USE_CACHE environment variable is set to "yes": cache will
- * always be used.
- *
- * It is expected that most applications would use the "auto" selection,
- * the environment variable is primarily to simplify testing, and to
- * correct potential corner cases where */
-
- env = PR_GetEnvSecure("NSS_SDB_USE_CACHE");
-
- if (env && PORT_Strcasecmp(env,"no") == 0) {
- enableCache = PR_FALSE;
- } else if (env && PORT_Strcasecmp(env,"yes") == 0) {
- enableCache = PR_TRUE;
- } else {
- char *tempDir = NULL;
- PRUint32 tempOps = 0;
- /*
- * Use PR_Access to determine how expensive it
- * is to check for the existance of a local file compared to the same
- * check in the temp directory. If the temp directory is faster, cache
- * the database there. */
- tempDir = sdb_getTempDir(sqlDB);
- if (tempDir) {
- tempOps = sdb_measureAccess(tempDir);
- PORT_Free(tempDir);
-
- /* There is a cost to continually copying the database.
- * Account for that cost with the arbitrary factor of 10 */
- enableCache = (PRBool)(tempOps > accessOps * 10);
- }
- }
-
- if (enableCache) {
- /* try to set the temp store to memory.*/
- sqlite3_exec(sqlDB, "PRAGMA temp_store=MEMORY", NULL, 0, NULL);
- /* Failure to set the temp store to memory is not fatal,
- * ignore the error */
-
- cacheTable = sqlite3_mprintf("%sCache",table);
- if (cacheTable == NULL) {
- error = CKR_HOST_MEMORY;
- goto loser;
- }
- /* build the cache table */
- error = sdb_buildCache(sqlDB, type, cacheTable, table);
- if (error != CKR_OK) {
- goto loser;
- }
- /* initialize the last cache build time */
- now = PR_IntervalNow();
- }
-
- sdb = (SDB *) malloc(sizeof(SDB));
- sdb_p = (SDBPrivate *) malloc(sizeof(SDBPrivate));
-
- /* invariant fields */
- sdb_p->sqlDBName = PORT_Strdup(dbname);
- sdb_p->type = type;
- sdb_p->table = table;
- sdb_p->cacheTable = cacheTable;
- sdb_p->lastUpdateTime = now;
- /* set the cache delay time. This is how long we will wait before we
- * decide the existing cache is stale. Currently set to 10 sec */
- sdb_p->updateInterval = PR_SecondsToInterval(10);
- sdb_p->dbMon = PR_NewMonitor();
- /* these fields are protected by the lock */
- sdb_p->sqlXactDB = NULL;
- sdb_p->sqlXactThread = NULL;
- sdb->private = sdb_p;
- sdb->version = 0;
- sdb->sdb_flags = flags | SDB_HAS_META;
- sdb->app_private = NULL;
- sdb->sdb_FindObjectsInit = sdb_FindObjectsInit;
- sdb->sdb_FindObjects = sdb_FindObjects;
- sdb->sdb_FindObjectsFinal = sdb_FindObjectsFinal;
- sdb->sdb_GetAttributeValue = sdb_GetAttributeValue;
- sdb->sdb_SetAttributeValue = sdb_SetAttributeValue;
- sdb->sdb_CreateObject = sdb_CreateObject;
- sdb->sdb_DestroyObject = sdb_DestroyObject;
- sdb->sdb_GetMetaData = sdb_GetMetaData;
- sdb->sdb_PutMetaData = sdb_PutMetaData;
- sdb->sdb_Begin = sdb_Begin;
- sdb->sdb_Commit = sdb_Commit;
- sdb->sdb_Abort = sdb_Abort;
- sdb->sdb_Reset = sdb_Reset;
- sdb->sdb_Close = sdb_Close;
- sdb->sdb_SetForkState = sdb_SetForkState;
-
- if (inTransaction) {
- sqlerr = sqlite3_exec(sqlDB, COMMIT_CMD, NULL, 0, NULL);
- if (sqlerr != SQLITE_OK) {
- error = sdb_mapSQLError(sdb_p->type, sqlerr);
- goto loser;
- }
- inTransaction = 0;
- }
-
- sdb_p->sqlReadDB = sqlDB;
-
- *pSdb = sdb;
- UNLOCK_SQLITE();
- return CKR_OK;
-
-loser:
- /* lots of stuff to do */
- if (inTransaction) {
- sqlite3_exec(sqlDB, ROLLBACK_CMD, NULL, 0, NULL);
- }
- if (sdb) {
- free(sdb);
- }
- if (sdb_p) {
- free(sdb_p);
- }
- if (sqlDB) {
- sqlite3_close(sqlDB);
- }
- UNLOCK_SQLITE();
- return error;
-
-}
-
-
-/* sdbopen */
-CK_RV
-s_open(const char *directory, const char *certPrefix, const char *keyPrefix,
- int cert_version, int key_version, int flags,
- SDB **certdb, SDB **keydb, int *newInit)
-{
- char *cert = sdb_BuildFileName(directory, certPrefix,
- "cert", cert_version);
- char *key = sdb_BuildFileName(directory, keyPrefix,
- "key", key_version);
- CK_RV error = CKR_OK;
- int inUpdate;
- PRUint32 accessOps;
-
- if (certdb)
- *certdb = NULL;
- if (keydb)
- *keydb = NULL;
- *newInit = 0;
-
-#ifdef SQLITE_UNSAFE_THREADS
- if (sqlite_lock == NULL) {
- sqlite_lock = PR_NewLock();
- if (sqlite_lock == NULL) {
- error = CKR_HOST_MEMORY;
- goto loser;
- }
- }
-#endif
-
- /* how long does it take to test for a non-existant file in our working
- * directory? Allows us to test if we may be on a network file system */
- accessOps = 1;
- {
- char *env;
- env = PR_GetEnvSecure("NSS_SDB_USE_CACHE");
- /* If the environment variable is set to yes or no, sdb_init() will
- * ignore the value of accessOps, and we can skip the measuring.*/
- if (!env || ((PORT_Strcasecmp(env, "no") != 0) &&
- (PORT_Strcasecmp(env, "yes") != 0))){
- accessOps = sdb_measureAccess(directory);
- }
- }
-
- /*
- * open the cert data base
- */
- if (certdb) {
- /* initialize Certificate database */
- error = sdb_init(cert, "nssPublic", SDB_CERT, &inUpdate,
- newInit, flags, accessOps, certdb);
- if (error != CKR_OK) {
- goto loser;
- }
- }
-
- /*
- * open the key data base:
- * NOTE:if we want to implement a single database, we open
- * the same database file as the certificate here.
- *
- * cert an key db's have different tables, so they will not
- * conflict.
- */
- if (keydb) {
- /* initialize the Key database */
- error = sdb_init(key, "nssPrivate", SDB_KEY, &inUpdate,
- newInit, flags, accessOps, keydb);
- if (error != CKR_OK) {
- goto loser;
- }
- }
-
-
-loser:
- if (cert) {
- sqlite3_free(cert);
- }
- if (key) {
- sqlite3_free(key);
- }
-
- if (error != CKR_OK) {
- /* currently redundant, but could be necessary if more code is added
- * just before loser */
- if (keydb && *keydb) {
- sdb_Close(*keydb);
- }
- if (certdb && *certdb) {
- sdb_Close(*certdb);
- }
- }
-
- return error;
-}
-
-CK_RV
-s_shutdown()
-{
-#ifdef SQLITE_UNSAFE_THREADS
- if (sqlite_lock) {
- PR_DestroyLock(sqlite_lock);
- sqlite_lock = NULL;
- }
-#endif
- return CKR_OK;
-}
« no previous file with comments | « nss/lib/softoken/sdb.h ('k') | nss/lib/softoken/sftkdb.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698