From 7f66ac80180620a3f9a5cd80810ba83f851c0a80935de322741ca21d95db9014 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 7 Aug 2009 22:12:54 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_pkcs11?expand=0&rev=10 --- pam_pkcs11-0.6.0-ms-upn-oid.patch | 108 ------- pam_pkcs11-0.6.0-nss-autoconf.patch | 14 +- pam_pkcs11-0.6.0.tar.bz2 | 3 - pam_pkcs11-0.6.1.tar.bz2 | 3 + pam_pkcs11-implicit-declaration.patch | 70 ----- pam_pkcs11-mapfile-syntax.patch | 14 - pam_pkcs11-msnickname.patch | 35 --- pam_pkcs11-uninitialized.patch | 27 -- pam_pkcs11.changes | 9 + pam_pkcs11.spec | 18 +- secutil.h | 422 -------------------------- 11 files changed, 22 insertions(+), 701 deletions(-) delete mode 100644 pam_pkcs11-0.6.0-ms-upn-oid.patch delete mode 100644 pam_pkcs11-0.6.0.tar.bz2 create mode 100644 pam_pkcs11-0.6.1.tar.bz2 delete mode 100644 pam_pkcs11-implicit-declaration.patch delete mode 100644 pam_pkcs11-mapfile-syntax.patch delete mode 100644 pam_pkcs11-msnickname.patch delete mode 100644 pam_pkcs11-uninitialized.patch delete mode 100644 secutil.h diff --git a/pam_pkcs11-0.6.0-ms-upn-oid.patch b/pam_pkcs11-0.6.0-ms-upn-oid.patch deleted file mode 100644 index 45c872e..0000000 --- a/pam_pkcs11-0.6.0-ms-upn-oid.patch +++ /dev/null @@ -1,108 +0,0 @@ ---- pam_pkcs11-0.6.0/src/common/cert_info.c~ 2007-06-06 05:28:08.000000000 -0400 -+++ pam_pkcs11-0.6.0/src/common/cert_info.c 2007-07-18 12:48:08.000000000 -0400 -@@ -52,7 +52,7 @@ static const SECOidData kerberosPN_Entry - SECOidTag CERT_MicrosoftUPN_OID = SEC_OID_UNKNOWN; - /* { 1.3.6.1.4.1.311 } */ - static const unsigned char microsoftUPNOID[] = -- { 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37 }; /*, xxxx */ -+{ 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37, 0x14, 0x2, 0x3 }; - static const SECOidData microsoftUPN_Entry = - { TO_ITEM(microsoftUPNOID), SEC_OID_UNKNOWN, - "Microsoft Universal Priniciple", CKM_INVALID_MECHANISM, -@@ -127,6 +127,75 @@ static char **cert_info_digest(X509 *x50 - return entries; - } - -+static char ** -+cert_info_upn (X509 *x509) -+{ -+ SECItem alt_name; -+ SECStatus status; -+ PRArenaPool *arena = NULL; -+ CERTGeneralName *nameList; -+ CERTGeneralName *current; -+ SECOidTag tag; -+ static char *results[CERT_INFO_SIZE] = { NULL }; -+ int result = 0; -+ SECItem decoded; -+ -+ DBG("Looking for ALT_NAME"); -+ -+ status = CERT_FindCertExtension (x509, SEC_OID_X509_SUBJECT_ALT_NAME, &alt_name); -+ if (status != SECSuccess) { -+ DBG("Not found"); -+ goto no_upn; -+ } -+ -+ arena = PORT_NewArena (DER_DEFAULT_CHUNKSIZE); -+ if (!arena) { -+ DBG("Could not allocate arena"); -+ goto no_upn; -+ } -+ -+ nameList = current = CERT_DecodeAltNameExtension (arena, &alt_name); -+ if (!nameList) { -+ DBG("Could not decode name"); -+ goto no_upn; -+ } -+ -+ cert_fetchOID(&CERT_MicrosoftUPN_OID, µsoftUPN_Entry); -+ do { -+ if (current->type == certOtherName) { -+ tag = SECOID_FindOIDTag (¤t->name.OthName.oid); -+ DBG1("got other name with tag %#x", tag); -+ if (tag == CERT_MicrosoftUPN_OID) { -+ status = SEC_ASN1DecodeItem (arena, &decoded, -+ SEC_UTF8StringTemplate, -+ ¤t->name.OthName.name); -+ if (status == SECSuccess) { -+ results[result] = malloc (decoded.len + 1); -+ memcpy (results[result], decoded.data, decoded.len); -+ results[result][decoded.len] = '\0'; -+ DBG1("Got upn: %s", results[result]); -+ result++; -+ } else { -+ DBG("Could not decode upn..."); -+ } -+ } -+ } else { -+ DBG("not other name..."); -+ } -+ current = CERT_GetNextGeneralName (current); -+ } while (current != nameList && result < CERT_INFO_MAX_ENTRIES); -+ -+no_upn: -+ if (arena) { -+ PORT_FreeArena (arena, PR_FALSE); -+ } -+ -+ if (alt_name.data) { -+ SECITEM_FreeItem (&alt_name, PR_FALSE); -+ } -+ -+ return results; -+} - - /** - * request info on certificate -@@ -174,8 +243,7 @@ char **cert_info(X509 *x509, int type, A - break; - /* need oid tag. */ - case CERT_UPN : /* Microsoft's Universal Principal Name */ -- cert_fetchOID(&CERT_MicrosoftUPN_OID ,& microsoftUPN_Entry); -- return cert_GetNameElements(&x509->subject, CERT_MicrosoftUPN_OID); -+ return cert_info_upn (x509); - case CERT_UID : /* Certificate Unique Identifier */ - return cert_GetNameElements(&x509->subject, SEC_OID_RFC1274_UID); - break; ---- pam_pkcs11-0.6.0/src/mappers/ms_mapper.c~ 2007-07-18 12:48:41.000000000 -0400 -+++ pam_pkcs11-0.6.0/src/mappers/ms_mapper.c 2007-07-18 13:21:02.000000000 -0400 -@@ -70,7 +70,7 @@ static char *check_upn(char *str) { - return NULL; - } - if (ignoredomain) return str; -- if (!strcmp(domainname,domain)) { -+ if (strcmp(domainname,domain)) { - DBG2("Domain '%s' doesn't match UPN domain '%s'",domainname,domain); - return NULL; - } diff --git a/pam_pkcs11-0.6.0-nss-autoconf.patch b/pam_pkcs11-0.6.0-nss-autoconf.patch index 7cb33c7..faad7a6 100644 --- a/pam_pkcs11-0.6.0-nss-autoconf.patch +++ b/pam_pkcs11-0.6.0-nss-autoconf.patch @@ -1,11 +1,11 @@ ---- pam_pkcs11-0.6.0/src/pam_pkcs11/pam_config.c~ 2007-07-16 16:41:27.000000000 -0400 -+++ pam_pkcs11-0.6.0/src/pam_pkcs11/pam_config.c 2007-07-16 16:41:44.000000000 -0400 -@@ -42,7 +42,7 @@ struct configuration_st configuration = +--- pam_pkcs11-0.6.1/src/pam_pkcs11/pam_config.c ++++ pam_pkcs11-0.6.1/src/pam_pkcs11/pam_config.c +@@ -45,7 +45,7 @@ 0, /* int card_only; */ 0, /* int wait_for_card; */ "default", /* const char *pkcs11_module; */ -- "/etc/pam_pkcs11/pkcs11_module.so",/* const char *pkcs11_module_path; */ -+ NULL, /* const char *pkcs11_module_path; */ +- CONFDIR "/pkcs11_module.so",/* const char *pkcs11_module_path; */ ++ NULL, /* const char *pkcs11_module_path; */ NULL, /* screen savers */ - 0, /* int slot_num; */ - 0, /* support threads */ + NULL, /* slot_description */ + -1, /* int slot_num; */ diff --git a/pam_pkcs11-0.6.0.tar.bz2 b/pam_pkcs11-0.6.0.tar.bz2 deleted file mode 100644 index 4a3d2d0..0000000 --- a/pam_pkcs11-0.6.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7f84a68a6904a5098580a80e911ff2bba644d04df9596593253eafb75154bf5c -size 770599 diff --git a/pam_pkcs11-0.6.1.tar.bz2 b/pam_pkcs11-0.6.1.tar.bz2 new file mode 100644 index 0000000..d7f3714 --- /dev/null +++ b/pam_pkcs11-0.6.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:76425a1abf99449f7ff80f5b4387354ec7106241b5c9f30351eca5f3360eb544 +size 805737 diff --git a/pam_pkcs11-implicit-declaration.patch b/pam_pkcs11-implicit-declaration.patch deleted file mode 100644 index 4a156cb..0000000 --- a/pam_pkcs11-implicit-declaration.patch +++ /dev/null @@ -1,70 +0,0 @@ -ldap_mapper.c: In function 'ldap_get_certificate': -ldap_mapper.c:757: warning: implicit declaration of function 'd2i_X509' -ldap_mapper.c:757: warning: assignment makes pointer from integer without a cast -ldap_mapper.c: In function 'ldap_mapper_match_user': -ldap_mapper.c:871: warning: implicit declaration of function 'X509_cmp' -error.c: In function 'set_error': -error.c:34: warning: implicit declaration of function 'vsnprintf' -cert_vfy.c: In function 'verify_certificate': -cert_vfy.c:36: warning: implicit declaration of function 'SECU_Strerror' -cert_vfy.c:36: warning: implicit declaration of function 'PR_GetError' -cert_vfy.c: In function 'verify_signature': -cert_vfy.c:59: warning: implicit declaration of function 'SEC_GetSignatureAlgorithmOidTag' -cert_vfy.c:63: warning: implicit declaration of function 'VFY_VerifyData' -cert_vfy.c:67: warning: implicit declaration of function 'SECKEY_DestroyPublicKey' -pkcs11_eventmgr.c: In function 'thats_all_folks': -pkcs11_eventmgr.c:93: warning: implicit declaration of function 'NSS_Shutdown' -pkcs11_eventmgr.c: In function 'main': -pkcs11_eventmgr.c:379: warning: implicit declaration of function 'NSS_Init' -pkcs11_eventmgr.c:382: warning: implicit declaration of function 'NSS_NoDB_Init' -pkcs11_eventmgr.c:421: warning: statement with no effect -pkcs11_eventmgr.c:463: warning: implicit declaration of function 'PK11_GetSlotID' -pkcs11_eventmgr.c:466: warning: implicit declaration of function 'PK11_IsPresent' -pkcs11_eventmgr.c:467: warning: implicit declaration of function 'PK11_GetSlotSeries' -pkcs11_eventmgr.c:493: warning: implicit declaration of function 'PK11_FreeSlot' -================================================================================ ---- src/common/cert_vfy.c -+++ src/common/cert_vfy.c -@@ -18,8 +18,10 @@ - #include "cert_vfy.h" - - #ifdef HAVE_NSS -- -+#include -+#include - #include "cert.h" -+#include "secutil.h" - - int verify_certificate(X509 * x509, cert_policy *policy) - { ---- src/common/error.c -+++ src/common/error.c -@@ -17,6 +17,7 @@ - - #include "error.h" - #include -+#include - - #define __ERROR_C_ - ---- src/mappers/ldap_mapper.c -+++ src/mappers/ldap_mapper.c -@@ -36,6 +36,7 @@ - - #include - #include -+#include - - #include "../common/cert_st.h" - #include "../common/debug.h" ---- src/tools/pkcs11_eventmgr.c -+++ src/tools/pkcs11_eventmgr.c -@@ -32,6 +32,8 @@ - - #ifdef HAVE_NSS - #include -+#include -+#include - #endif - - #define DEF_POLLING 1 /* 1 second timeout */ diff --git a/pam_pkcs11-mapfile-syntax.patch b/pam_pkcs11-mapfile-syntax.patch deleted file mode 100644 index fc49067..0000000 --- a/pam_pkcs11-mapfile-syntax.patch +++ /dev/null @@ -1,14 +0,0 @@ -https://bugzilla.novell.com/show_bug.cgi?id=293026 -http://www.opensc-project.org/opensc/ticket/154 -================================================================================ ---- etc/pam_pkcs11.conf.example -+++ etc/pam_pkcs11.conf.example -@@ -131,7 +131,7 @@ - # Use one of "cn" , "subject" , "kpn" , "email" , "upn" or "uid" - cert_item = cn; - # Define mapfile if needed, else select "none" -- mapfile = file:///etc/pam_pkcs11/generic_mapping -+ mapfile = file:///etc/pam_pkcs11/generic_mapping; - # Decide if use getpwent() to map login - use_getpwent = false; - } diff --git a/pam_pkcs11-msnickname.patch b/pam_pkcs11-msnickname.patch deleted file mode 100644 index dadbd79..0000000 --- a/pam_pkcs11-msnickname.patch +++ /dev/null @@ -1,35 +0,0 @@ ---- pam_pkcs11-0.5.3/src/mappers/ms_mapper.c~ 2005-09-12 05:12:55.000000000 -0400 -+++ pam_pkcs11-0.5.3/src/mappers/ms_mapper.c 2007-01-17 14:27:52.000000000 -0500 -@@ -52,6 +52,7 @@ - static int ignorecase = 0; - static int ignoredomain =0; - static const char *domainname=""; -+static const char *domainnickname=""; - static int debug =0; - - /* check syntax and domain match on provided string */ -@@ -73,6 +74,16 @@ - DBG2("Domain '%s' doesn't match UPN domain '%s'",domainname,domain); - return NULL; - } -+ if (domainnickname && domainnickname[0]) { -+ char *tmp; -+ size_t tmp_len; -+ DBG1("Adding domain nick name '%s'",domainnickname); -+ tmp_len = strlen (str) + strlen (domainnickname) + 2; -+ tmp = malloc (tmp_len); -+ snprintf (tmp, tmp_len, "%s\\%s", domainnickname, str); -+ free (str); -+ str = tmp; -+ } - return str; - } - -@@ -179,6 +190,7 @@ - ignorecase = scconf_get_bool(blk,"ignorecase",ignorecase); - ignoredomain = scconf_get_bool(blk,"ignoredomain",ignoredomain); - domainname = scconf_get_str(blk,"domainname",domainname); -+ domainnickname = scconf_get_str(blk,"domainnickname",domainnickname); - } else { - DBG1("No block declaration for mapper '%s'",mapper_name); - } diff --git a/pam_pkcs11-uninitialized.patch b/pam_pkcs11-uninitialized.patch deleted file mode 100644 index abda8b7..0000000 --- a/pam_pkcs11-uninitialized.patch +++ /dev/null @@ -1,27 +0,0 @@ -pkcs11_lib.c:289: warning: 'i' is used uninitialized in this function -================================================================================ ---- src/common/pkcs11_lib.c -+++ src/common/pkcs11_lib.c -@@ -283,14 +283,15 @@ - return 0; - } - } -- } -+ } else { - /* we're configured for a specific module and token, see if it's present */ -- slot_num--; -- if (slot_num >= 0 && slot_num < module->slotCount && module->slots && -- module->slots[i] && PK11_IsPresent(module->slots[i])) { -- h->slot = PK11_ReferenceSlot(module->slots[i]); -- *slotID = PK11_GetSlotID(h->slot); -- return 0; -+ slot_num--; -+ if (slot_num >= 0 && slot_num < module->slotCount && module->slots && -+ module->slots[slot_num] && PK11_IsPresent(module->slots[slot_num])) { -+ h->slot = PK11_ReferenceSlot(module->slots[slot_num]); -+ *slotID = PK11_GetSlotID(h->slot); -+ return 0; -+ } - } - return -1; - } diff --git a/pam_pkcs11.changes b/pam_pkcs11.changes index 17ecb27..fe7f643 100644 --- a/pam_pkcs11.changes +++ b/pam_pkcs11.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Wed Aug 5 15:55:31 CEST 2009 - sbrabec@suse.cz + +- Updated to version 0.6.1: + * Added functions to API. + * Fixes from openSUSE packages upstreamed. + * Minor fixes. + * Translaton updates. + ------------------------------------------------------------------- Thu Jun 25 12:41:19 CEST 2009 - sbrabec@suse.cz diff --git a/pam_pkcs11.spec b/pam_pkcs11.spec index 7f1a067..67c423e 100644 --- a/pam_pkcs11.spec +++ b/pam_pkcs11.spec @@ -1,5 +1,5 @@ # -# spec file for package pam_pkcs11 (Version 0.6.0) +# spec file for package pam_pkcs11 (Version 0.6.1) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -19,22 +19,16 @@ Name: pam_pkcs11 -Version: 0.6.0 -Release: 140 +Version: 0.6.1 +Release: 1 Url: http://www.opensc-project.org/pam_pkcs11/ Group: Productivity/Security License: LGPL v2.1 or later Summary: PKCS #11 PAM Module Source: %{name}-%{version}.tar.bz2 Source1: pam_pkcs11-common-auth-smartcard.pam -Source2: secutil.h -Patch: %{name}-mapfile-syntax.patch Patch1: %{name}-0.5.3-nss-conf.patch -Patch2: %{name}-0.6.0-ms-upn-oid.patch Patch3: %{name}-0.6.0-nss-autoconf.patch -Patch4: %{name}-msnickname.patch -Patch5: %{name}-implicit-declaration.patch -Patch6: %{name}-uninitialized.patch BuildRequires: curl-devel libopenssl-devel libxslt mozilla-nss-devel openldap2-devel openssl-devel pam-devel pcsc-lite-devel pkg-config BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -71,15 +65,9 @@ Authors: %prep %setup -q -%patch %patch1 -p1 -%patch2 -p1 %patch3 -p1 -%patch4 -p1 -%patch5 -%patch6 cp -a %{S:1} common-auth-smartcard -cp -a %{S:2} src/common/ %build # LDAP_DEPRECATED required for for ldap_simple_bind_s(), ldap_search_s(), ldap_unbind_s() diff --git a/secutil.h b/secutil.h deleted file mode 100644 index 512d8e2..0000000 --- a/secutil.h +++ /dev/null @@ -1,422 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 1994-2000 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ -#ifndef _SEC_UTIL_H_ -#define _SEC_UTIL_H_ - -#include "seccomon.h" -#include "secitem.h" -#include "prerror.h" -#include "base64.h" -#include "key.h" -#include "secpkcs7.h" -#include "secasn1.h" -#include "secder.h" -#include - -#define SEC_CT_PRIVATE_KEY "private-key" -#define SEC_CT_PUBLIC_KEY "public-key" -#define SEC_CT_CERTIFICATE "certificate" -#define SEC_CT_CERTIFICATE_REQUEST "certificate-request" -#define SEC_CT_PKCS7 "pkcs7" -#define SEC_CT_CRL "crl" - -#define NS_CERTREQ_HEADER "-----BEGIN NEW CERTIFICATE REQUEST-----" -#define NS_CERTREQ_TRAILER "-----END NEW CERTIFICATE REQUEST-----" - -#define NS_CERT_HEADER "-----BEGIN CERTIFICATE-----" -#define NS_CERT_TRAILER "-----END CERTIFICATE-----" - -#define NS_CRL_HEADER "-----BEGIN CRL-----" -#define NS_CRL_TRAILER "-----END CRL-----" - -/* From libsec/pcertdb.c --- it's not declared in sec.h */ -extern SECStatus SEC_AddPermCertificate(CERTCertDBHandle *handle, - SECItem *derCert, char *nickname, CERTCertTrust *trust); - - -#ifdef SECUTIL_NEW -typedef int (*SECU_PPFunc)(PRFileDesc *out, SECItem *item, - char *msg, int level); -#else -typedef int (*SECU_PPFunc)(FILE *out, SECItem *item, char *msg, int level); -#endif - -typedef struct { - enum { - PW_NONE = 0, - PW_FROMFILE = 1, - PW_PLAINTEXT = 2, - PW_EXTERNAL = 3 - } source; - char *data; -} secuPWData; - -/* -** Change a password on a token, or initialize a token with a password -** if it does not already have one. -** Use passwd to send the password in plaintext, pwFile to specify a -** file containing the password, or NULL for both to prompt the user. -*/ -SECStatus SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile); - -/* These were stolen from the old sec.h... */ -/* -** Check a password for legitimacy. Passwords must be at least 8 -** characters long and contain one non-alphabetic. Return DSTrue if the -** password is ok, DSFalse otherwise. -*/ -extern PRBool SEC_CheckPassword(char *password); - -/* -** Blind check of a password. Complement to SEC_CheckPassword which -** ignores length and content type, just retuning DSTrue is the password -** exists, DSFalse if NULL -*/ -extern PRBool SEC_BlindCheckPassword(char *password); - -/* -** Get a password. -** First prompt with "msg" on "out", then read the password from "in". -** The password is then checked using "chkpw". -*/ -extern char *SEC_GetPassword(FILE *in, FILE *out, char *msg, - PRBool (*chkpw)(char *)); - -char *SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg); - -char *SECU_GetPasswordString(void *arg, char *prompt); - -/* -** Write a dongle password. -** Uses MD5 to hash constant system data (hostname, etc.), and then -** creates RC4 key to encrypt a password "pw" into a file "fd". -*/ -extern SECStatus SEC_WriteDongleFile(int fd, char *pw); - -/* -** Get a dongle password. -** Uses MD5 to hash constant system data (hostname, etc.), and then -** creates RC4 key to decrypt and return a password from file "fd". -*/ -extern char *SEC_ReadDongleFile(int fd); - - -/* End stolen headers */ - -/* Just sticks the two strings together with a / if needed */ -char *SECU_AppendFilenameToDir(char *dir, char *filename); - -/* Returns result of getenv("SSL_DIR") or NULL */ -extern char *SECU_DefaultSSLDir(void); - -/* -** Should be called once during initialization to set the default -** directory for looking for cert.db, key.db, and cert-nameidx.db files -** Removes trailing '/' in 'base' -** If 'base' is NULL, defaults to set to .netscape in home directory. -*/ -extern char *SECU_ConfigDirectory(const char* base); - -/* -** Basic callback function for SSL_GetClientAuthDataHook -*/ -extern int -SECU_GetClientAuthData(void *arg, PRFileDesc *fd, - struct CERTDistNamesStr *caNames, - struct CERTCertificateStr **pRetCert, - struct SECKEYPrivateKeyStr **pRetKey); - -/* print out an error message */ -extern void SECU_PrintError(char *progName, char *msg, ...); - -/* print out a system error message */ -extern void SECU_PrintSystemError(char *progName, char *msg, ...); - -/* Return informative error string */ -extern const char * SECU_Strerror(PRErrorCode errNum); - -/* print information about cert verification failure */ -extern void -SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle, - CERTCertificate *cert, PRBool checksig, - SECCertificateUsage certUsage, void *pinArg, PRBool verbose); - -/* Read the contents of a file into a SECItem */ -extern SECStatus SECU_FileToItem(SECItem *dst, PRFileDesc *src); -extern SECStatus SECU_TextFileToItem(SECItem *dst, PRFileDesc *src); - -/* Read in a DER from a file, may be ascii */ -extern SECStatus -SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii); - -/* Indent based on "level" */ -extern void SECU_Indent(FILE *out, int level); - -/* Print integer value and hex */ -extern void SECU_PrintInteger(FILE *out, SECItem *i, char *m, int level); - -/* Print ObjectIdentifier symbolically */ -extern SECOidTag SECU_PrintObjectID(FILE *out, SECItem *oid, char *m, int level); - -/* Print AlgorithmIdentifier symbolically */ -extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m, - int level); - -/* Print SECItem as hex */ -extern void SECU_PrintAsHex(FILE *out, SECItem *i, const char *m, int level); - -/* dump a buffer in hex and ASCII */ -extern void SECU_PrintBuf(FILE *out, const char *msg, const void *vp, int len); - -/* - * Format and print the UTC Time "t". If the tag message "m" is not NULL, - * do indent formatting based on "level" and add a newline afterward; - * otherwise just print the formatted time string only. - */ -extern void SECU_PrintUTCTime(FILE *out, SECItem *t, char *m, int level); - -/* - * Format and print the Generalized Time "t". If the tag message "m" - * is not NULL, * do indent formatting based on "level" and add a newline - * afterward; otherwise just print the formatted time string only. - */ -extern void SECU_PrintGeneralizedTime(FILE *out, SECItem *t, char *m, - int level); - -/* - * Format and print the UTC or Generalized Time "t". If the tag message - * "m" is not NULL, do indent formatting based on "level" and add a newline - * afterward; otherwise just print the formatted time string only. - */ -extern void SECU_PrintTimeChoice(FILE *out, SECItem *t, char *m, int level); - -/* callback for listing certs through pkcs11 */ -extern SECStatus SECU_PrintCertNickname(CERTCertListNode* cert, void *data); - -/* Dump all certificate nicknames in a database */ -extern SECStatus -SECU_PrintCertificateNames(CERTCertDBHandle *handle, PRFileDesc* out, - PRBool sortByName, PRBool sortByTrust); - -/* See if nickname already in database. Return 1 true, 0 false, -1 error */ -int SECU_CheckCertNameExists(CERTCertDBHandle *handle, char *nickname); - -/* Dump contents of cert req */ -extern int SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, - int level); - -/* Dump contents of certificate */ -extern int SECU_PrintCertificate(FILE *out, SECItem *der, char *m, int level); - -/* print trust flags on a cert */ -extern void SECU_PrintTrustFlags(FILE *out, CERTCertTrust *trust, char *m, int level); - -/* Dump contents of public key */ -extern int SECU_PrintPublicKey(FILE *out, SECItem *der, char *m, int level); - -#ifdef HAVE_EPV_TEMPLATE -/* Dump contents of private key */ -extern int SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level); -#endif - -/* Print the MD5 and SHA1 fingerprints of a cert */ -extern int SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m, - int level); - -/* Pretty-print any PKCS7 thing */ -extern int SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m, - int level); - -/* Init PKCS11 stuff */ -extern SECStatus SECU_PKCS11Init(PRBool readOnly); - -/* Dump contents of signed data */ -extern int SECU_PrintSignedData(FILE *out, SECItem *der, char *m, int level, - SECU_PPFunc inner); - -extern int SECU_PrintCrl(FILE *out, SECItem *der, char *m, int level); - -extern void -SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level); - -extern void SECU_PrintString(FILE *out, SECItem *si, char *m, int level); -extern void SECU_PrintAny(FILE *out, SECItem *i, char *m, int level); - -extern void SECU_PrintPolicy(FILE *out, SECItem *value, char *msg, int level); -extern void SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value, - char *msg, int level); - -extern void SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions, - char *msg, int level); - -extern void SECU_PrintName(FILE *out, CERTName *name, char *msg, int level); - -#ifdef SECU_GetPassword -/* Convert a High public Key to a Low public Key */ -extern SECKEYLowPublicKey *SECU_ConvHighToLow(SECKEYPublicKey *pubHighKey); -#endif - -extern char *SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg); - -extern SECStatus DER_PrettyPrint(FILE *out, SECItem *it, PRBool raw); -extern void SEC_Init(void); - -extern char *SECU_SECModDBName(void); - -extern void SECU_PrintPRandOSError(char *progName); - -extern SECStatus SECU_RegisterDynamicOids(void); - -/* Identifies hash algorithm tag by its string representation. */ -extern SECOidTag SECU_StringToSignatureAlgTag(const char *alg); - -/* Store CRL in output file or pk11 db. Also - * encodes with base64 and exports to file if ascii flag is set - * and file is not NULL. */ -extern SECStatus SECU_StoreCRL(PK11SlotInfo *slot, SECItem *derCrl, - PRFileDesc *outFile, int ascii, char *url); - - -/* -** DER sign a single block of data using private key encryption and the -** MD5 hashing algorithm. This routine first computes a digital signature -** using SEC_SignData, then wraps it with an CERTSignedData and then der -** encodes the result. -** "arena" is the memory arena to use to allocate data from -** "sd" returned CERTSignedData -** "result" the final der encoded data (memory is allocated) -** "buf" the input data to sign -** "len" the amount of data to sign -** "pk" the private key to encrypt with -*/ -extern SECStatus SECU_DerSignDataCRL(PRArenaPool *arena, CERTSignedData *sd, - unsigned char *buf, int len, - SECKEYPrivateKey *pk, SECOidTag algID); - -typedef enum { - noKeyFound = 1, - noSignatureMatch = 2, - failToEncode = 3, - failToSign = 4, - noMem = 5 -} SignAndEncodeFuncExitStat; - -extern SECStatus -SECU_SignAndEncodeCRL(CERTCertificate *issuer, CERTSignedCrl *signCrl, - SECOidTag hashAlgTag, SignAndEncodeFuncExitStat *resCode); - -extern SECStatus -SECU_CopyCRL(PRArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl); - -/* -** Finds the crl Authority Key Id extension. Returns NULL if no such extension -** was found. -*/ -CERTAuthKeyID * -SECU_FindCRLAuthKeyIDExten (PRArenaPool *arena, CERTSignedCrl *crl); - -/* - * Find the issuer of a crl. Cert usage should be checked before signing a crl. - */ -CERTCertificate * -SECU_FindCrlIssuer(CERTCertDBHandle *dbHandle, SECItem* subject, - CERTAuthKeyID* id, PRTime validTime); - - -/* call back function used in encoding of an extension. Called from - * SECU_EncodeAndAddExtensionValue */ -typedef SECStatus (* EXTEN_EXT_VALUE_ENCODER) (PRArenaPool *extHandleArena, - void *value, SECItem *encodedValue); - -/* Encodes and adds extensions to the CRL or CRL entries. */ -SECStatus -SECU_EncodeAndAddExtensionValue(PRArenaPool *arena, void *extHandle, - void *value, PRBool criticality, int extenType, - EXTEN_EXT_VALUE_ENCODER EncodeValueFn); - - -/* - * - * Utilities for parsing security tools command lines - * - */ - -/* A single command flag */ -typedef struct { - char flag; - PRBool needsArg; - char *arg; - PRBool activated; -} secuCommandFlag; - -/* A full array of command/option flags */ -typedef struct -{ - int numCommands; - int numOptions; - - secuCommandFlag *commands; - secuCommandFlag *options; -} secuCommand; - -/* fill the "arg" and "activated" fields for each flag */ -SECStatus -SECU_ParseCommandLine(int argc, char **argv, char *progName, secuCommand *cmd); -char * -SECU_GetOptionArg(secuCommand *cmd, int optionNum); - -/* - * - * Error messaging - * - */ - -/* Return informative error string */ -char *SECU_ErrorString(int16 err); - -/* Return informative error string. Does not call XP_GetString */ -char *SECU_ErrorStringRaw(int16 err); - -void printflags(char *trusts, unsigned int flags); - -#ifndef XP_UNIX -extern int ffs(unsigned int i); -#endif - -#include "secerr.h" -#include "sslerr.h" - -#endif /* _SEC_UTIL_H_ */