📄 ctrlconn.c
字号:
done: /* construct HELLO_REPLY message */ SSM_DEBUG("composing Hello reply.\n"); reply.result = rv; reply.sessionID = SSMRESOURCE(ctrl)->m_id; reply.version = ctrl->m_version; reply.httpPort = SSM_GetHTTPPort(); reply.nonce.len = strlen(ctrl->m_nonce); reply.nonce.data = (unsigned char *) ctrl->m_nonce; reply.policy = SSM_GetPolicy(); reply.stringVersion = SSMVersionString; if (rv == PR_SUCCESS) { msg->type = (SECItemType) (SSM_HELLO_MESSAGE | SSM_REPLY_OK_MESSAGE); } else { msg->type = (SECItemType) (SSM_HELLO_MESSAGE | SSM_REPLY_ERR_MESSAGE); } CMT_EncodeMessage(HelloReplyTemplate, (CMTItem*)msg, &reply); return rv;}typedef struct { char* pref; /* pref key */ long id; /* cipher ID for NSS */} SSMCipherPref;/* cipher suites are listed in the order of decreasing preference in each * cipher family */SSMCipherPref SSMSSLCiphers[] = { /* SSL2 ciphers */ {"security.ssl2.rc4_128", SSL_EN_RC4_128_WITH_MD5}, {"security.ssl2.rc2_128", SSL_EN_RC2_128_CBC_WITH_MD5}, {"security.ssl2.des_ede3_192", SSL_EN_DES_192_EDE3_CBC_WITH_MD5}, {"security.ssl2.des_64", SSL_EN_DES_64_CBC_WITH_MD5}, {"security.ssl2.rc4_40", SSL_EN_RC4_128_EXPORT40_WITH_MD5}, {"security.ssl2.rc2_40", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5}, /* SSL3 ciphers */ {"security.ssl3.fortezza_fortezza_sha", SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA}, {"security.ssl3.fortezza_rc4_sha", SSL_FORTEZZA_DMS_WITH_RC4_128_SHA}, {"security.ssl3.rsa_rc4_128_md5", SSL_RSA_WITH_RC4_128_MD5}, {"security.ssl3.rsa_fips_des_ede3_sha", SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA}, {"security.ssl3.rsa_des_ede3_sha", SSL_RSA_WITH_3DES_EDE_CBC_SHA}, {"security.ssl3.rsa_fips_des_sha", SSL_RSA_FIPS_WITH_DES_CBC_SHA}, {"security.ssl3.rsa_des_sha", SSL_RSA_WITH_DES_CBC_SHA}, {"security.ssl3.rsa_1024_rc4_56_sha", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA}, {"security.ssl3.rsa_1024_des_cbc_sha", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA}, {"security.ssl3.rsa_rc4_40_md5", SSL_RSA_EXPORT_WITH_RC4_40_MD5}, {"security.ssl3.rsa_rc2_40_md5", SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5}, {"security.ssl3.fortezza_null_sha", SSL_FORTEZZA_DMS_WITH_NULL_SHA}, {"security.ssl3.rsa_null_md5", SSL_RSA_WITH_NULL_MD5}, {NULL, 0} /* end marker */};SSMCipherPref SSMSMIMECiphers[] = { /* SMIME bulk ciphers */ {"security.smime.fortezza", SMIME_FORTEZZA}, {"security.smime.des_ede3", SMIME_DES_EDE3_168}, {"security.smime.rc2_128", SMIME_RC2_CBC_128}, {"security.smime.des", SMIME_DES_CBC_56}, {"security.smime.rc2_64", SMIME_RC2_CBC_64}, {"security.smime.rc2_40", SMIME_RC2_CBC_40}, {NULL, 0} /* end marker */};static void ssm_enable_ssl_cipher_prefs(SSMControlConnection* ctrl){ int i; PRBool boolVal = PR_TRUE; for (i = 0; SSMSSLCiphers[i].pref != NULL; i++) { if ((PREF_GetBoolPref(ctrl->m_prefs, SSMSSLCiphers[i].pref, &boolVal) == PR_SUCCESS) && (boolVal == PR_FALSE)) { /* we only have to disable a cipher, not enable one, because * prefs only restrict ciphers further over the policies */ SSL_EnableCipher(SSMSSLCiphers[i].id, boolVal); } }}static void ssm_enable_smime_cipher_prefs(SSMControlConnection* ctrl){ int i; PRBool boolVal = PR_TRUE; for (i = 0; SSMSMIMECiphers[i].pref != NULL; i++) { if ((PREF_GetBoolPref(ctrl->m_prefs, SSMSMIMECiphers[i].pref, &boolVal) == PR_SUCCESS) && (boolVal == PR_FALSE)) { SECMIME_EnableCipher(SSMSMIMECiphers[i].id, boolVal); } }}static SSMStatus ssm_enable_security_prefs(SSMControlConnection* ctrl){ PRBool prefval; PRIntn ask; PRIntn timeout; PK11SlotInfo* slot = NULL; PRBool ocspOn; char *ocspURL = NULL, *ocspSigner = NULL; PR_ASSERT((ctrl != NULL) && (ctrl->m_prefs != NULL)); /* enforce the user's preferences for SSL cipher families */ if (PREF_GetBoolPref(ctrl->m_prefs, "security.enable_ssl2", &prefval) != PR_SUCCESS) { goto loser; } SSL_EnableDefault(SSL_ENABLE_SSL2, prefval); if (PREF_GetBoolPref(ctrl->m_prefs, "security.enable_ssl3", &prefval) != PR_SUCCESS) { goto loser; } SSL_EnableDefault(SSL_ENABLE_SSL3, prefval); /* set password values */ if (PREF_GetIntPref(ctrl->m_prefs, "security.ask_for_password", &ask) != PR_SUCCESS) { goto loser; } if (PREF_GetIntPref(ctrl->m_prefs, "security.password_lifetime", &timeout) != PR_SUCCESS) { goto loser; } slot = PK11_GetInternalKeySlot(); PK11_SetSlotPWValues(slot, ssm_ask_pref_to_pk11((int)ask), (int)timeout); PK11_FreeSlot(slot); /* disable any additional ciphers that might be marked in prefs */ ssm_enable_ssl_cipher_prefs(ctrl); ssm_enable_smime_cipher_prefs(ctrl); /* * Let's take care of OCSP prefs. */ if (PREF_GetBoolPref(ctrl->m_prefs, "security.OCSP.enabled", &ocspOn) != SSM_SUCCESS || !ocspOn) { CERT_DisableOCSPChecking(ctrl->m_certdb); CERT_DisableOCSPDefaultResponder(ctrl->m_certdb); } else { /* OCSP should be enabled */ CERT_EnableOCSPChecking(ctrl->m_certdb); /* Do we have a default responder set? */ if (PREF_GetBoolPref(ctrl->m_prefs, "security.OCSP.useDefaultResponder", &ocspOn) == SSM_SUCCESS && ocspOn) { /* First let's make sure the default URL and * signer have been set. */ PREF_GetStringPref(ctrl->m_prefs, "security.OCSP.URL", &ocspURL); PREF_GetStringPref(ctrl->m_prefs, "security.OCSP.signingCA", &ocspSigner); if (ocspURL != NULL && ocspSigner != NULL) { CERT_SetOCSPDefaultResponder(ctrl->m_certdb, ocspURL, ocspSigner); CERT_EnableOCSPDefaultResponder(ctrl->m_certdb); } } } return PR_SUCCESS;loser: return PR_FAILURE;}SSMStatus SSMControlConnection_ProcessPrefs(SSMControlConnection* ctrl, SECItem* msg){ SSMStatus rv = PR_SUCCESS; SetPrefListMessage request; SingleNumMessage reply; int i; PRBool boolval; PRIntn intval; SSM_DEBUG("Preferences were passed in from the plugin.\n"); /* decode the message */ if (CMT_DecodeMessage(SetPrefListMessageTemplate, &request, (CMTItem*)msg) != CMTSuccess) { goto loser; } for (i = 0; i < request.length; i++) { if (request.list[i].key == NULL) { /* misconfigured pref item: look at the next */ continue; } switch (request.list[i].type) { case STRING_PREF: /* string type */ rv = PREF_SetStringPref(ctrl->m_prefs, request.list[i].key, request.list[i].value); break; case BOOL_PREF: /* boolean type */ if (PL_strcmp(request.list[i].value, "true") == 0) { boolval = PR_TRUE; } else if (PL_strcmp(request.list[i].value, "false") == 0) { boolval = PR_FALSE; } else { /* misconfigured */ break; } rv = PREF_SetBoolPref(ctrl->m_prefs, request.list[i].key, boolval); break; case INT_PREF: /* integer type */ intval = atoi(request.list[i].value); rv = PREF_SetIntPref(ctrl->m_prefs, request.list[i].key, intval); break; default: SSM_DEBUG("We do not understand the pref type.\n"); break; } } /* prefs are all stored: now take action to apply prefs */ rv = ssm_enable_security_prefs(ctrl); rv = PR_SUCCESS;loser: reply.value = rv; msg->type =(SECItemType) (SSM_REPLY_OK_MESSAGE | SSM_PREF_ACTION); CMT_EncodeMessage(SingleNumMessageTemplate, (CMTItem*)msg, &reply); return rv;} SSMStatusSSMControlConnection_ProcessDataRequest(SSMControlConnection * ctrl, SECItem * msg){ SSMInfoSSL infoSSL; SSMInfoP7Encode infoP7Encode; SSMInfoP7Decode infoP7Decode; SSMHashInitializer infoHash; SSMDataConnection *datac; void *createArg; SSMResourceType connType = SSM_RESTYPE_NULL; SSMStatus rv = PR_SUCCESS; SSMResourceID dataRID = 0; PRInt32 msgtype = msg->type & SSM_SUBTYPE_MASK; DataConnectionReply reply; switch (msgtype) { case SSM_SSL_CONNECTION: { SSLDataConnectionRequest request; SSM_DEBUG("... specifically, an SSL data request.\n"); /* Decode the SSL request message */ if (CMT_DecodeMessage(SSLDataConnectionRequestTemplate, &request, (CMTItem*)msg) != CMTSuccess) { goto loser; } (void) memset(&infoSSL, 0, sizeof(SSMInfoSSL)); infoSSL.flags = request.flags; infoSSL.port = request.port; infoSSL.hostIP = request.hostIP; infoSSL.hostName = request.hostName; infoSSL.forceHandshake = request.forceHandshake; infoSSL.clientContext = request.clientContext; msg->data = NULL; /* fill in the control connection... */ infoSSL.parent = ctrl; connType = SSM_RESTYPE_SSL_DATA_CONNECTION; createArg = &infoSSL; } break; case SSM_PKCS7DECODE_STREAM: { SingleItemMessage request; SSM_DEBUG("PKCS7 Decode Request.\n"); if (CMT_DecodeMessage(SingleItemMessageTemplate, &request, (CMTItem*)msg) != CMTSuccess) { goto loser; } connType = SSM_RESTYPE_PKCS7_DECODE_CONNECTION; infoP7Decode.ctrl = ctrl; infoP7Decode.clientContext = request.item; createArg = &infoP7Decode; } break; case SSM_TLS_CONNECTION: { TLSDataConnectionRequest request; SSM_DEBUG("... specifically, an TLS data request.\n"); /* decode the TLS request message */ if (CMT_DecodeMessage(TLSDataConnectionRequestTemplate, &request, (CMTItem*)msg) != CMTSuccess) { goto loser; } (void)memset(&infoSSL, 0, sizeof(SSMInfoSSL)); /* notify that this is a TLS connection, not a regular SSL * connection */ infoSSL.isTLS = PR_TRUE; infoSSL.port = request.port; infoSSL.hostIP = request.hostIP; infoSSL.hostName = request.hostName; msg->data = NULL; /* fill in the control connection... */ infoSSL.parent = ctrl; connType = SSM_RESTYPE_SSL_DATA_CONNECTION; createArg = &infoSSL; } break; case SSM_PKCS7ENCODE_STREAM: { PKCS7DataConnectionRequest request; SSM_DEBUG("... specifically, a PKCS#7 Encode request.\n"); if (CMT_DecodeMessage(PKCS7DataConnectionRequestTemplate, &request, (CMTItem*)msg) != CMTSuccess) { goto loser; } infoP7Encode.ciRID = request.resID; connType = SSM_RESTYPE_PKCS7_ENCODE_CONNECTION; infoP7Encode.ctrl = ctrl; infoP7Encode.clientContext = request.clientContext; createArg = &infoP7Encode; } break; case SSM_HASH_STREAM: { SingleNumMessage request; connType = SSM_RESTYPE_HASH_CONNECTION; infoHash.m_parent = ctrl; if (CMT_DecodeMessage(SingleNumMessageTemplate, &request, (CMTItem*)msg) != CMTSuccess) { goto loser; } infoHash.m_hashtype = (HASH_HashType) request.value; msg->data = NULL; createArg = &infoHash; } break; default: SSM_DEBUG("Unknown data connection type (%lx).\n", (msg->type & SSM_SUBTYPE_MASK)); } if (connType != SSM_RESTYPE_NULL) { /* ... then create the data connection */ SSM_DEBUG("Firing up data connection.\n"); rv = SSM_CreateResource(connType, createArg, ctrl, &dataRID, (SSMResource **) &datac); if ((rv != PR_SUCCESS) || (!datac)) { goto loser; } } else { rv = (SSMStatus) SSM_ERR_BAD_RESOURCE_TYPE; goto loser; } /* compose reply message */ SSM_DEBUG("Composing reply.\n"); msg->type = (SECItemType) (SSM_DATA_CONNECTION | msgtype | SSM_REPLY_OK_MESSAGE); reply.result = rv; reply.connID = dataRID; reply.port = ctrl->m_dataPort; if (CMT_EncodeMessage(DataConnectionReplyTemplate, (CMTItem*)msg, &reply) != CMTSuccess) { goto loser; } if (rv != PR_SUCCESS) goto loser; goto done; loser: if (msg->data) { PR_Free(msg->data); msg->data = NULL; } if (rv == PR_SUCCESS) rv = PR_FAILURE; reply.result = PR_GetError(); reply.connID = 0; reply.port = 0; CMT_EncodeMessage(DataConnectionReplyTemplate, (CMTItem*)msg, &reply); done: return rv;}SSMStatusSSMControlConnection_ProcessDupResourceRequest(SSMControlConnection * ctrl, SECItem * msg){ SSMResourceID objID; SSMResource *obj = NULL; SSMStatus rv = PR_SUCCESS; SingleNumMessage request; DupResourceReply reply; SSM_DEBUG("Got a Duplicate Resource request.\n"); /* parse message and get resource/field ID */ if (CMT_DecodeMessage(SingleNumMessageTemplate, &request, (CMTItem*)msg) != CMTSuccess) { goto loser; } objID = request.value; /* ### mwelch Should free this here, instead of in the actual message parsing code. (4/13/99) */ msg->data = NULL; SSM_DEBUG("Rsrc ID %ld.\n", objID); rv = SSMControlConnection_GetResource(ctrl, objID, &obj);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -