1 /* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */

     2 

     3 /* db.c - Helper funcs for shared NSS database

     4  *

     5  * Copyright (C) 2008 Hans Petter Jansson

     6  *               2008-2010 Wolfgang Rosenauer

     7  *

     8  * This library is free software; you can redistribute it and/or

     9  * modify it under the terms of the GNU Lesser General Public

    10  * License as published by the Free Software Foundation; either

    11  * version 2 of the License, or (at your option) any later version.

    12  *

    13  * This library is distributed in the hope that it will be useful,

    14  * but WITHOUT ANY WARRANTY; without even the implied warranty of

    15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the GNU

    16  * Lesser General Public License for more details.

    17  *

    18  * You should have received a copy of the GNU Lesser General Public

    19  * License along with this library; if not, write to the

    20  * Free Software Foundation, Inc., 59 Temple Place - Suite 330,

    21  * Boston, MA 02111-1307, USA.

    22  *

    23  * Authors: Hans Petter Jansson <hpj@copyleft.no> 

    24  *          Wolfgang Rosenauer <wr@rosenauer.org> */

    25 

    26 #include <sys/types.h>

    27 #include <sys/stat.h>

    28 #include <unistd.h>

    29 #include <string.h>

    30 #include <stdlib.h>

    31 #include <stdio.h>

    32 #include <fcntl.h>

    33 

    34 #include <nspr.h>

    35 #include <nss.h>

    36 #include <pk11priv.h>

    37 #include <pk11pub.h>

    38 

    39 #include "nss-shared-helper.h"

    40 

    41 #define DEFAULT_RELATIVE_PATH ".pki/nssdb"

    42 #define DEFAULT_PATH          "/etc/pki/nssdb"

    43 

    44 typedef struct {

    45   enum {

    46     PW_NONE = 0,

    47     PW_FROMFILE = 1,

    48     PW_PLAINTEXT = 2,

    49     PW_EXTERNAL = 3

    50   } source;

    51   char *data;

    52 } secuPWData;

    53 

    54 char *

    55 nsshelp_get_user_db_path (void)

    56 {

    57   const char  *env;

    58   char        *path;

    59   struct stat  sbuf;

    60   int          result;

    61 

    62   env = getenv ("NSS_SHARED_DB_PATH");

    63   

    64   if (env && *env) {

    65     path = strdup (env);

    66   } else {

    67     /*

    68     env = getenv ("HOME");

    69     if (!env || !*env)

    70     {

    71       fprintf (stderr, "*** nss-shared-helper: Could not determine shared NSS DB path!\n");

    72       return NULL;

    73     }

    74 

    75     path = malloc (strlen (env) + 1 + strlen (DEFAULT_RELATIVE_PATH) + 1);

    76     strcpy (path, env);

    77     strcat (path, "/");

    78     strcat (path, DEFAULT_RELATIVE_PATH);

    79     */

    80     path = strdup(DEFAULT_PATH);

    81   }

    82 

    83   /* Create path if it doesn't exist */

    84 

    85   result = stat (path, &sbuf);

    86 

    87   if (result != 0)

    88   {

    89     const char *p0 = path;

    90     const char *p1;

    91 

    92     while (*p0 == '/')

    93       p0++;

    94 

    95     /* Try to create it with restrictive permissions */

    96 

    97     do

    98     {

    99       p1 = strchr (p0, '/');

   100 

   101       if (p1 == NULL)

   102         p1 = p0 + strlen (p0);

   103 

   104       if (p1 != p0)

   105       {

   106         char *path_part = strdup (path);

   107 

   108         *(path_part + (p1 - path)) = '\0';

   109         mkdir (path_part, 0700);

   110       }

   111 

   112       p0 = p1 + 1;

   113     }

   114     while (*p1 != '\0');

   115 

   116     result = stat (path, &sbuf);

   117   }

   118 

   119   if (result == 0 && S_ISDIR (sbuf.st_mode))

   120     return path;

   121 

   122   free (path);

   123   return NULL;

   124 }

   125 

   126 SECStatus

   127 nsshelp_open_db (const char *app_id, const char *old_path, PRUint32 flags)

   128 {

   129   char *new_path;

   130   char *sdb_path;

   131   struct stat sbuf;

   132   int result;

   133   SECStatus rv;

   134   PK11SlotInfo *slot;

   135   secuPWData pwdata = { PW_NONE, 0 };

   136 

   137   if (!getenv ("NSS_USE_SHARED_DB"))

   138   {

   139     fprintf (stderr, "*** nss-shared-helper: Shared database disabled (set NSS_USE_SHARED_DB to enable).\n");

   140 

   141     rv = NSS_Initialize (old_path,

   142                          "", "", "secmod.db",

   143                          flags);

   144     return rv;

   145   }

   146 

   147   new_path = nsshelp_get_user_db_path ();

   148   if (!new_path)

   149     return SECFailure;

   150 

   151   fprintf (stderr, "*** nss-shared-helper: Using shared location %s\n", new_path);

   152   sdb_path = PR_smprintf ("sql:%s", new_path);

   153 

   154   /* simple update (application does not care about the

   155    * underlying state machine). */

   156 

   157   /* STEP 1: Signal that update/merge may be needed  */

   158 

   159   rv = NSS_InitWithMerge (sdb_path,

   160                           "", "", "secmod.db",

   161                           old_path, "", "",

   162                           app_id, app_id /* prompt name */,

   163                           flags);

   164 

   165   if (rv == SECFailure)

   166   {

   167     /* Don't migrate anything */

   168 

   169     fprintf (stderr, "*** nss-shared-helper: NSS_InitWithMerge failed. Trying NSS_Initialize.\n");

   170 

   171     rv = NSS_Initialize (sdb_path,

   172                          "", "", "secmod.db",

   173                          flags);

   174     PR_smprintf_free (sdb_path);

   175 

   176     if (rv == SECFailure)

   177       fprintf (stderr, "*** nss-shared-helper: NSS_Initialize failed.\n");

   178 

   179     return rv;

   180   }

   181 

   182   slot = PK11_GetInternalKeySlot();

   183 

   184   /* Step 2: Determine if update/merge is needed. */

   185 

   186   if (PK11_IsRemovable(slot))

   187   {

   188     /* need to update/Merge the database */

   189 

   190     /* Step 3: Authenticate to the token */

   191 

   192     rv = PK11_Authenticate(slot, PR_FALSE, &pwdata);

   193     if (rv == SECSuccess)

   194     {

   195       /* just update the state machine */

   196 

   197       /* Step 4: */

   198       PK11_IsLoggedIn(slot, &pwdata);

   199       /* Step 5: */

   200       PK11_IsPresent(slot);

   201 

   202       /* Step 6: */

   203       rv = PK11_Authenticate(slot, PR_FALSE, &pwdata);

   204       if (rv != SECSuccess)

   205       {

   206         fprintf (stderr, "*** nss-shared-helper: Second auth call failed: %u.\n",

   207                  PORT_GetError ());

   208       }

   209     }

   210     else

   211     {

   212       fprintf (stderr, "*** nss-shared-helper: First auth call failed: %u.\n",

   213                PORT_GetError ());

   214     }

   215   }

   216 

   217   /* Step 7: NSS is initialized and (possibly) merged, start using it */

   218 

   219   PR_smprintf_free (sdb_path);

   220   return SECSuccess;

   221 }