--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nss-shared-helper/db.c	Fri Jul 09 09:55:01 2010 +0200
@@ -0,0 +1,221 @@
+/* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+
+/* db.c - Helper funcs for shared NSS database
+ *
+ * Copyright (C) 2008 Hans Petter Jansson
+ *               2008-2010 Wolfgang Rosenauer
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *
+ * Authors: Hans Petter Jansson <hpj@copyleft.no> 
+ *          Wolfgang Rosenauer <wr@rosenauer.org> */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <fcntl.h>
+
+#include <nspr.h>
+#include <nss.h>
+#include <pk11priv.h>
+#include <pk11pub.h>
+
+#include "nss-shared-helper.h"
+
+#define DEFAULT_RELATIVE_PATH ".pki/nssdb"
+#define DEFAULT_PATH          "/etc/pki/nssdb"
+
+typedef struct {
+  enum {
+    PW_NONE = 0,
+    PW_FROMFILE = 1,
+    PW_PLAINTEXT = 2,
+    PW_EXTERNAL = 3
+  } source;
+  char *data;
+} secuPWData;
+
+char *
+nsshelp_get_user_db_path (void)
+{
+  const char  *env;
+  char        *path;
+  struct stat  sbuf;
+  int          result;
+
+  env = getenv ("NSS_SHARED_DB_PATH");
+  
+  if (env && *env) {
+    path = strdup (env);
+  } else {
+    /*
+    env = getenv ("HOME");
+    if (!env || !*env)
+    {
+      fprintf (stderr, "*** nss-shared-helper: Could not determine shared NSS DB path!\n");
+      return NULL;
+    }
+
+    path = malloc (strlen (env) + 1 + strlen (DEFAULT_RELATIVE_PATH) + 1);
+    strcpy (path, env);
+    strcat (path, "/");
+    strcat (path, DEFAULT_RELATIVE_PATH);
+    */
+    path = strdup(DEFAULT_PATH);
+  }
+
+  /* Create path if it doesn't exist */
+
+  result = stat (path, &sbuf);
+
+  if (result != 0)
+  {
+    const char *p0 = path;
+    const char *p1;
+
+    while (*p0 == '/')
+      p0++;
+
+    /* Try to create it with restrictive permissions */
+
+    do
+    {
+      p1 = strchr (p0, '/');
+
+      if (p1 == NULL)
+        p1 = p0 + strlen (p0);
+
+      if (p1 != p0)
+      {
+        char *path_part = strdup (path);
+
+        *(path_part + (p1 - path)) = '\0';
+        mkdir (path_part, 0700);
+      }
+
+      p0 = p1 + 1;
+    }
+    while (*p1 != '\0');
+
+    result = stat (path, &sbuf);
+  }
+
+  if (result == 0 && S_ISDIR (sbuf.st_mode))
+    return path;
+
+  free (path);
+  return NULL;
+}
+
+SECStatus
+nsshelp_open_db (const char *app_id, const char *old_path, PRUint32 flags)
+{
+  char *new_path;
+  char *sdb_path;
+  struct stat sbuf;
+  int result;
+  SECStatus rv;
+  PK11SlotInfo *slot;
+  secuPWData pwdata = { PW_NONE, 0 };
+
+  if (!getenv ("NSS_USE_SHARED_DB"))
+  {
+    fprintf (stderr, "*** nss-shared-helper: Shared database disabled (set NSS_USE_SHARED_DB to enable).\n");
+
+    rv = NSS_Initialize (old_path,
+                         "", "", "secmod.db",
+                         flags);
+    return rv;
+  }
+
+  new_path = nsshelp_get_user_db_path ();
+  if (!new_path)
+    return SECFailure;
+
+  fprintf (stderr, "*** nss-shared-helper: Using shared location %s\n", new_path);
+  sdb_path = PR_smprintf ("sql:%s", new_path);
+
+  /* simple update (application does not care about the
+   * underlying state machine). */
+
+  /* STEP 1: Signal that update/merge may be needed  */
+
+  rv = NSS_InitWithMerge (sdb_path,
+                          "", "", "secmod.db",
+                          old_path, "", "",
+                          app_id, app_id /* prompt name */,
+                          flags);
+
+  if (rv == SECFailure)
+  {
+    /* Don't migrate anything */
+
+    fprintf (stderr, "*** nss-shared-helper: NSS_InitWithMerge failed. Trying NSS_Initialize.\n");
+
+    rv = NSS_Initialize (sdb_path,
+                         "", "", "secmod.db",
+                         flags);
+    PR_smprintf_free (sdb_path);
+
+    if (rv == SECFailure)
+      fprintf (stderr, "*** nss-shared-helper: NSS_Initialize failed.\n");
+
+    return rv;
+  }
+
+  slot = PK11_GetInternalKeySlot();
+
+  /* Step 2: Determine if update/merge is needed. */
+
+  if (PK11_IsRemovable(slot))
+  {
+    /* need to update/Merge the database */
+
+    /* Step 3: Authenticate to the token */
+
+    rv = PK11_Authenticate(slot, PR_FALSE, &pwdata);
+    if (rv == SECSuccess)
+    {
+      /* just update the state machine */
+
+      /* Step 4: */
+      PK11_IsLoggedIn(slot, &pwdata);
+      /* Step 5: */
+      PK11_IsPresent(slot);
+
+      /* Step 6: */
+      rv = PK11_Authenticate(slot, PR_FALSE, &pwdata);
+      if (rv != SECSuccess)
+      {
+        fprintf (stderr, "*** nss-shared-helper: Second auth call failed: %u.\n",
+                 PORT_GetError ());
+      }
+    }
+    else
+    {
+      fprintf (stderr, "*** nss-shared-helper: First auth call failed: %u.\n",
+               PORT_GetError ());
+    }
+  }
+
+  /* Step 7: NSS is initialized and (possibly) merged, start using it */
+
+  PR_smprintf_free (sdb_path);
+  return SECSuccess;
+}