1) Use NSPR's access function rather than building our own. NSS_BOB_SHARED
authorrrelyea%redhat.com
Tue, 16 Jan 2007 00:20:54 +0000
branchNSS_BOB_SHARED
changeset 7634 8900293fb72117c31d06637a4eddc1ca7878af5e
parent 7625 a45116ce972c540ed47b4a5afc53b3c272574d08
child 7694 46dd525486b47ab23ee47c30b93841cf36c432f7
push idunknown
push userunknown
push dateunknown
bugs1
1) Use NSPR's access function rather than building our own. 2) Automatically search use the S/MIME entries to find certs that match a given email address.
security/nss/lib/softoken/pkcs11.c
security/nss/lib/softoken/sdb.c
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@@ -3718,25 +3718,27 @@ CK_RV NSC_SetAttributeValue (CK_SESSION_
 	if (crv != CKR_OK) break;
 
     }
 
     sftk_FreeObject(object);
     return crv;
 }
 
-CK_RV
+static CK_RV
 sftk_expandSearchList(SFTKSearchResults *search, int count)
 {
     search->array_size += count;
     search->handles = (CK_OBJECT_HANDLE *)PORT_Realloc(search->handles,
 			sizeof(CK_OBJECT_HANDLE)*search->array_size);
     return search->handles ? CKR_OK : CKR_HOST_MEMORY;
 }
 
+
+
 static CK_RV
 sftk_searchDatabase(SFTKDBHandle *handle, SFTKSearchResults *search,
                         CK_ATTRIBUTE *pTemplate, CK_LONG ulCount)
 {
     CK_RV crv;
     int objectListSize = search->array_size-search->size;
     CK_OBJECT_HANDLE *array = &search->handles[search->size];
     SDBFind *find;
@@ -3753,27 +3755,127 @@ sftk_searchDatabase(SFTKDBHandle *handle
 	objectListSize -= count;
 	if (objectListSize > 0)
 	    break;
 	crv = sftk_expandSearchList(search,NSC_SEARCH_BLOCK_SIZE);
 	objectListSize = NSC_SEARCH_BLOCK_SIZE;
 	array = &search->handles[search->size];
     } while (crv == CKR_OK);
     sftkdb_FindObjectsFinal(handle, find);
+
     return crv;
 }
 
+/* softoken used to search the SMimeEntries automatically instead of
+ * doing this in pk11wrap. This code should really be up in
+ * pk11wrap so that it will work with other tokens other than softoken.
+ */
+CK_RV
+sftk_emailhack(SFTKSlot *slot, SFTKDBHandle *handle, 
+    SFTKSearchResults *search, CK_ATTRIBUTE *pTemplate, CK_LONG ulCount)
+{
+    PRBool isCert = PR_FALSE;
+    int emailIndex = -1;
+    int i, count;
+    SFTKSearchResults smime_search;
+    CK_ATTRIBUTE smime_template[2];
+    CK_OBJECT_CLASS smime_class = CKO_NETSCAPE_SMIME;
+    SFTKAttribute *attribute = NULL;
+    SFTKObject *object = NULL;
+    CK_RV crv = CKR_OK;
+
+
+    smime_search.handles = NULL; /* paranoia, some one is bound to add a goto
+				  * loser before this gets initialized */
+
+    /* see if we are looking for email certs */
+    for (i=0; i < count; i++) {
+	if (pTemplate[i].type == CKA_CLASS) {
+	   if ((pTemplate[i].ulValueLen != sizeof(CK_OBJECT_CLASS) ||
+	       (*(CK_OBJECT_CLASS *)pTemplate[i].pValue) != CKO_CERTIFICATE)) {
+		/* not a cert, skip out */
+		break;
+	   }
+	   isCert = PR_TRUE;
+	} else if (pTemplate[i].type == CKA_NETSCAPE_EMAIL) {
+	   emailIndex = i;
+	 
+	}
+	if (isCert && (emailIndex != -1)) break;
+    }
+
+    if (!isCert || (emailIndex == -1)) {
+	return CKR_OK;
+    }
+
+    /* we are doing a cert and email search, find the SMimeEntry */
+    smime_template[0].type = CKA_CLASS;
+    smime_template[0].pValue = &smime_class;
+    smime_template[0].ulValueLen = sizeof(smime_class);
+    smime_template[1] = pTemplate[emailIndex];
+
+    smime_search.handles = (CK_OBJECT_HANDLE *)
+		PORT_Alloc(sizeof(CK_OBJECT_HANDLE) * NSC_SEARCH_BLOCK_SIZE);
+    if (smime_search.handles == NULL) {
+	crv = CKR_HOST_MEMORY;
+	goto loser;
+    }
+    smime_search.index = 0;
+    smime_search.size = 0;
+    smime_search.array_size = NSC_SEARCH_BLOCK_SIZE;
+	
+    crv = sftk_searchDatabase(handle, &smime_search, smime_template, 2);
+    if (crv != CKR_OK || smime_search.size == 0) {
+	goto loser;
+    }
+
+    /* get the SMime subject */
+    object = sftk_NewTokenObject(slot, NULL, smime_search.handles[0]);
+    if (object == NULL) {
+	crv = CKR_HOST_MEMORY; /* is there any other reason for this failure? */
+	goto loser;
+    }
+    attribute = sftk_FindAttribute(object,CKA_SUBJECT);
+    if (attribute == NULL) {
+	crv = CKR_ATTRIBUTE_TYPE_INVALID;
+	goto loser;
+    }
+
+    /* now find the certs with that subject */
+    pTemplate[emailIndex] = attribute->attrib;
+    /* now add the appropriate certs to the search list */
+    crv = sftk_searchDatabase(handle, search, pTemplate, ulCount);
+    pTemplate[emailIndex] = smime_template[1]; /* restore the user's template*/
+
+loser:
+    if (attribute) {
+	sftk_FreeAttribute(attribute);
+    }
+    if (object) {
+	sftk_FreeObject(object);
+    }
+    if (smime_search.handles) {
+	PORT_Free(smime_search.handles);
+    }
+
+    return crv;
+}
+	
+
 static CK_RV
 sftk_searchTokenList(SFTKSlot *slot, SFTKSearchResults *search,
                         CK_ATTRIBUTE *pTemplate, CK_LONG ulCount,
                         PRBool *tokenOnly, PRBool isLoggedIn)
 {
     CK_RV crv;
+    CK_RV crv2;
     SFTKDBHandle *certHandle = sftk_getCertDB(slot);
     crv = sftk_searchDatabase(certHandle, search, pTemplate, ulCount);
+    crv2 = sftk_emailhack(slot, certHandle, search, pTemplate, ulCount);
+    if (crv == CKR_OK) crv2 = crv;
     sftk_freeDB(certHandle);
 
     if (crv == CKR_OK && isLoggedIn) {
 	SFTKDBHandle *keyHandle = sftk_getKeyDB(slot);
     	crv = sftk_searchDatabase(keyHandle, search, pTemplate, ulCount);
     	sftk_freeDB(keyHandle);
     }
     return crv;
--- a/security/nss/lib/softoken/sdb.c
+++ b/security/nss/lib/softoken/sdb.c
@@ -690,17 +690,16 @@ sdb_DestroyObject(SDB *sdb, CK_OBJECT_HA
     int sqlerr = SQLITE_OK;
     CK_RV error = CKR_OK;
     int retry = 0;
 
     if (sdb->sdb_flags == SDB_RDONLY) {
 	return CKR_TOKEN_WRITE_PROTECTED;
     }
 
-printf("DESTROY OBJECT CALLED for %x\n", object_id);
     error = sdb_openDB(sdb_p->sqlDBName, sdb_p->type, &sqlDB, sdb_p);
     if (error != CKR_OK) {
 	goto loser;
     }
     newStr =  sqlite3_mprintf(DESTROY_CMD, sdb_p->table);
     if (newStr == NULL) {
 	error = CKR_HOST_MEMORY;
 	goto loser;
@@ -994,30 +993,16 @@ static int tableExists(sqlite3 *sqlDB, c
  * initialize a single database
  */
 #define INIT_CMD  \
  "CREATE TABLE %s (id PRIMARY KEY UNIQUE ON CONFLICT ABORT%s)"
 #define ALTER_CMD  \
  "ALTER TABLE %s ADD COLUMN a%x"
 
 
-int 
-sdb_fileExists(char *dbname)
-{
-   PRFileInfo info;
-   PRStatus ret;
-
-   ret = PR_GetFileInfo(dbname, &info);
-   if (ret == PR_SUCCESS) {
-	return (info.type == PR_FILE_FILE);
-   }
-   return 0;
-
-}
-
 CK_RV 
 sdb_init(char *dbname, char *table, sdbDataType type, int *inUpdate,
 	 int *needUpdate, int flags, SDB **pSdb)
 {
     int i;
     char *initStr = NULL;
     char *newStr;
     int inTransaction = 0;
@@ -1028,17 +1013,17 @@ sdb_init(char *dbname, char *table, sdbD
     CK_RV error = CKR_OK;
 
     *pSdb = NULL;
 
     /* sqlite3 doesn't have a flag to specify that we want to 
      * open the database read only. If the db doesn't exist,
      * sqlite3 will always create it.
      */
-    if ((flags == SDB_RDONLY) && !sdb_fileExists(dbname)) {
+    if ((flags == SDB_RDONLY) && PR_Access(dbname, PR_ACCESS_EXISTS)) {
 	error = sdb_mapSQLError(type, SQLITE_CANTOPEN);
 	goto loser;
     }
 
     error = sdb_openDB(dbname, type, &sqlDB, NULL);
     if (error != CKR_OK) {
 	goto loser;
     }
@@ -1164,21 +1149,18 @@ s_open(const char *directory, int cert_v
     int inUpdate, needUpdate;
 
     *certdb = NULL;
     *keydb = NULL;
 
     /*
      * open the cert data base
      */
-printf("directory = %s\n", directory);
-printf("CERTDB = %s\n", cert);
-printf("KEYDB = %s\n", key);
     if (certdb) {
-/* initialize Certificate database */
+	/* initialize Certificate database */
 	error = sdb_init(cert, "nssPublic", SDB_CERT, &inUpdate,
 			 &needUpdate, flags, certdb);
 	if (error != CKR_OK) {
 	    goto loser;
 	}
     }
 
     /*