📄 ctrlconn.c
字号:
*/static char *ssm_certdb_name_cb(void *arg, int dbVersion){ const char *configdir = (const char*)arg; const char *dbver; switch (dbVersion) { case 7: dbver = "7"; break; case 6: dbver = "6"; break; case 5: dbver = "5"; break; case 4: default: dbver = ""; break; }#ifdef XP_MAC return PR_smprintf("%s:Certificates%s", configdir, dbver);#else return PR_smprintf("%s/cert%s.db", configdir, dbver);#endif}static char *ssm_keydb_name_cb(void *arg, int dbVersion){ const char *configdir = (const char*)arg; const char *dbver; switch (dbVersion) { case 3: dbver = "3"; break; case 2: default: dbver = ""; break; }#ifdef XP_MAC return PR_smprintf("%s:Key Database%s", configdir, dbver);#else return PR_smprintf("%s/key%s.db", configdir, dbver);#endif}SECStatusssm_OpenCertDB(const char * configdir,SSMControlConnection *ctrl){ CERTCertDBHandle *certdb; SECStatus status = SECFailure;#ifdef ALLOW_STANDALONE PRBool readonly = standalone;#else PRBool readonly = PR_FALSE;#endif /* We should not be doing this! */ if (0) { certdb = CERT_GetDefaultCertDB(); if (certdb) { return SECSuccess; } } certdb = PORT_ZNew(CERTCertDBHandle); if (certdb == NULL) { goto loser; } status = CERT_OpenCertDB(certdb, readonly, ssm_certdb_name_cb, (void*)configdir); if (status == SECSuccess) { CERT_SetDefaultCertDB(certdb); ctrl->m_certdb = certdb; } else { PR_Free(certdb); ctrl->m_certdb = NULL; }loser: return status;}SECStatusssm_OpenKeyDB(const char * configdir, SSMControlConnection *ctrl){ SECKEYKeyDBHandle *keydb;#ifdef ALLOW_STANDALONE PRBool readonly = standalone;#else PRBool readonly = PR_FALSE;#endif /* we should not be doing this! */ if (0) { keydb = SECKEY_GetDefaultKeyDB(); if (keydb) { return SECSuccess; } } keydb = SECKEY_OpenKeyDB(readonly, ssm_keydb_name_cb, (void*)configdir); if (keydb == NULL) { ctrl->m_keydb = NULL; return SECFailure; } SECKEY_SetDefaultKeyDB(keydb); ctrl->m_keydb = keydb; return SECSuccess;}SECStatusssm_OpenSecModDB(const char * configdir){ static char *secmodname; if (secmodname) { return SECSuccess; }#ifdef XP_UNIX secmodname = PR_smprintf("%s/secmodule.db", configdir);#elif defined(XP_MAC) secmodname = PR_smprintf("%s:Security Modules", configdir);#else secmodname = PR_smprintf("%s/secmod.db", configdir);#endif if (secmodname == NULL) { return SECFailure; } SECMOD_init(secmodname); return SECSuccess;}voidssm_ShutdownNSS(SSMControlConnection *ctrl){ if (ctrl->m_certdb != NULL) { CERT_ClosePermCertDB(ctrl->m_certdb); } if (ctrl->m_keydb != NULL) { SECKEY_CloseKeyDB(ctrl->m_keydb); }}SSMPolicyTypeSSM_ConvertSVRPlcyToSSMPolicy(PRInt32 policy){ SSMPolicyType retVal; switch (policy) { case SVRPLCYDomestic: retVal = ssmDomestic; break; case SVRPLCYExport: retVal = ssmExport; break; case SVRPLCYFrance: retVal = ssmFrance; break; default: retVal = ssmUnknownPolicy; } return retVal;}voidSSM_SetP12Export(void){ SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1); SEC_PKCS12EnableCipher(PKCS12_RC4_128, 0); SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_40, 1); SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_128, 0); SEC_PKCS12EnableCipher(PKCS12_DES_56, 0); SEC_PKCS12EnableCipher(PKCS12_DES_EDE3_168, 0);}voidSSM_SetSMIMEExport(void){ SECMIME_EnableCipher(SMIME_RC2_CBC_40, 1);#if 0 SECMIME_EnableCipher(SMIME_RC2_CBC_64, 0); SECMIME_EnableCipher(SMIME_RC2_CBC_128, 0); SECMIME_EnableCipher(SMIME_RC5PAD_64_16_40, 1); SECMIME_EnableCipher(SMIME_RC5PAD_64_16_64, 0); SECMIME_EnableCipher(SMIME_RC5PAD_64_16_128, 0); SECMIME_EnableCipher(SMIME_DES_CBC_56, 0); SECMIME_EnableCipher(SMIME_DES_EDE3_168, 0); SECMIME_EnableCipher(SMIME_FORTEZZA, 0);#endif SECMIME_EnableCipher(CIPHER_FAMILYID_MASK, 0);}SECStatusSSM_InitNSS(char* certpath, SSMControlConnection *ctrl, PRInt32 policy){ SECStatus status; SECStatus rv = SECFailure; SSMPolicyType reqPolicy; PR_EnterMonitor(policySetLock); reqPolicy = SSM_ConvertSVRPlcyToSSMPolicy(policy); if (policySet) { SSM_DEBUG("We got another hello request. If this is for " "a different user then the first, bad things may happen\n"); if (reqPolicy != policyType) { SSM_DEBUG("Got a hello request with different policy type " "than has already been established. " "Refusing connection\n"); rv = SECFailure; goto loser; } } else if (policyType != reqPolicy) { SSM_DEBUG("Initial hello message has different policy type than " "the server. Setting policy to Export\n"); NSS_SetExportPolicy(); SSM_SetP12Export(); SSM_SetSMIMEExport(); policyType = ssmExport; } SSM_DEBUG("First time initializing NSS.\n"); /* REMOVED CALL */; RNG_SystemInfoForRNG(); status = ssm_OpenCertDB(certpath, ctrl); if (status != SECSuccess) { goto loser; } status = ssm_OpenKeyDB(certpath, ctrl); if (status != SECSuccess) { goto loser; } status = ssm_OpenSecModDB(certpath); if (status != SECSuccess) { goto loser; } ctrl->m_pkcs11Init = PR_TRUE; rv = SECSuccess; PORT_SetUCS2_ASCIIConversionFunction(SSM_UCS2_ASCIIConversion); PORT_SetUCS2_UTF8ConversionFunction(SSM_UCS2_UTF8Conversion); policySet = PR_TRUE; /* set default policy strings */ CERT_SetCAPolicyStringCallback(SSM_GetCAPolicyString, ctrl);loser: if (rv != SECSuccess) { ssm_ShutdownNSS(ctrl); } PR_ExitMonitor(policySetLock); return rv;}/* End the section of code copied and modified from NSS_Init*/static int ssm_ask_pref_to_pk11(int asktype){ switch (asktype) { case 1: return -1; case 2: return 1; } return 0;}#ifdef XP_MACextern "C"{ OSErr ConvertMacPathToUnixPath(const char *macPath, char **unixPath);}#endif/* Set up profile and password information. */SSMStatusSSMControlConnection_SetupNSS(SSMControlConnection *ctrl, PRInt32 policy){ SSMStatus rv = PR_SUCCESS; SECStatus srv = SECSuccess; PRFileInfo info;#ifdef XP_MAC char *unixPath;#endif /* check the profile directory */#ifdef XP_UNIX /* we expect a non-empty string here: bail if we don't have one */ if ((PR_GetFileInfo(ctrl->m_dirRoot, &info) != PR_SUCCESS) || (info.type != PR_FILE_DIRECTORY)) { SSM_DEBUG("Cannot find a profile in %s.\n", ctrl->m_dirRoot); goto loser; }#elif defined(XP_MAC) /* we expect a path that is already Macified. */ ConvertMacPathToUnixPath(ctrl->m_dirRoot, &unixPath); if (!unixPath) goto loser; if (unixPath[0] != '\0') { /* profile directory was supplied: check to make sure it exists */ if ((PR_GetFileInfo(unixPath, &info) != PR_SUCCESS) || (info.type != PR_FILE_DIRECTORY)) { SSM_DEBUG("Cannot find a profile in %s.\n", ctrl->m_dirRoot); goto loser; } } else goto loser; /* for now */ /* ### mwelch - we're leaking unixPath for now */#else if (ctrl->m_dirRoot[0] != '\0') { /* profile directory was supplied: check to make sure it exists */ if ((PR_GetFileInfo(ctrl->m_dirRoot, &info) != PR_SUCCESS) || (info.type != PR_FILE_DIRECTORY)) { SSM_DEBUG("Cannot find a profile in %s.\n", ctrl->m_dirRoot); goto loser; } } else { /* profile directory was not supplied: get the "default" directory */ if (ctrl->m_profileName[0] == '\0') { /* this is (almost always) a 3rd party application on win32 that * wants to use a "default" profile * set it to "Default" and hope for the best */ ctrl->m_profileName = PL_strdup("Default"); } ctrl->m_dirRoot = SSM_PROF_GetProfileDirectory(ctrl); if (ctrl->m_dirRoot == NULL) { goto loser; } }#endif /* Do the libsec initialization */ if (gUserDir != NULL) {#ifndef WIN32 if (strcmp(ctrl->m_dirRoot, gUserDir) != 0) { goto loser; } #else if (STRNCASECMP(ctrl->m_dirRoot, gUserDir, strlen(gUserDir))) { goto loser; }#endif /* * This is the best way to get the current key and cert dbs. * When NSS fully supports multiple profiles, we'll have to do * away with this call. */ ctrl->m_certdb = CERT_GetDefaultCertDB(); ctrl->m_keydb = SECKEY_GetDefaultKeyDB(); } else { gUserDir = strdup(ctrl->m_dirRoot); /* * We only want to initialize NSS once. */ srv = SSM_InitNSS(ctrl->m_dirRoot, ctrl, policy); if (srv != SECSuccess) { goto loser; } }#ifdef ALLOW_STANDALONE if (standalone) { /* Set password callback to be a function which uses a preset password. Very insecure, which is why this is set in debug code only. */ PK11_SetPasswordFunc(SSM_StandaloneGetPasswdCallback); PK11_SetVerifyPasswordFunc(SSM_StandaloneVerifyPasswdCallback); } else {#endif /* set passwd callback */ PK11_SetPasswordFunc(SSM_GetPasswdCallback); /* verify passwd */ PK11_SetVerifyPasswordFunc(SSM_VerifyPasswdCallback);#ifdef ALLOW_STANDALONE }#endif goto done; loser: /* Gather the error from wherever it came */ if (rv == PR_SUCCESS) rv = (srv == SECSuccess) ? PR_SUCCESS : PR_FAILURE; if (rv == PR_SUCCESS) rv = PR_FAILURE; done: return rv;}SSMStatus SSMControlConnection_ProcessHello(SSMControlConnection *ctrl, SECItem *msg){ SSMStatus rv = PR_SUCCESS; HelloRequest request; HelloReply reply; /* parse client info and store it in the connection object */#ifdef NSM_PROTOCOL_STRICT /* we should only ever get one hello request */ PR_ASSERT(ctrl->m_profileName == NULL);#endif if (CMT_DecodeMessage(HelloRequestTemplate, &request, (CMTItem*)msg) != CMTSuccess) { goto loser; } /* allow earlier client libs to try to talk to us, but not later ones */ if (request.version > ctrl->m_version) { goto loser; } ctrl->m_doesUI = request.doesUI; ctrl->m_profileName = request.profile; if (request.profileDir == NULL) { /* it may be an empty string but it should not be NULL */ goto loser; } ctrl->m_dirRoot = request.profileDir; SSM_DEBUG("Selected profile directory <%s>.\n", ctrl->m_dirRoot); msg->data = NULL; rv = SSMControlConnection_SetupNSS(ctrl, request.policy); goto done; loser: if (rv == PR_SUCCESS) rv = PR_FAILURE;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -