]>
Commit | Line | Data |
---|---|---|
edc032b5 BL |
1 | /* apps/srp.c */ |
2 | /* Written by Peter Sylvester (peter.sylvester@edelweb.fr) | |
3 | * for the EdelKey project and contributed to the OpenSSL project 2004. | |
4 | */ | |
5 | /* ==================================================================== | |
6 | * Copyright (c) 2004 The OpenSSL Project. All rights reserved. | |
7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | |
11 | * | |
12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | |
14 | * | |
15 | * 2. Redistributions in binary form must reproduce the above copyright | |
16 | * notice, this list of conditions and the following disclaimer in | |
17 | * the documentation and/or other materials provided with the | |
18 | * distribution. | |
19 | * | |
20 | * 3. All advertising materials mentioning features or use of this | |
21 | * software must display the following acknowledgment: | |
22 | * "This product includes software developed by the OpenSSL Project | |
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
24 | * | |
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
26 | * endorse or promote products derived from this software without | |
27 | * prior written permission. For written permission, please contact | |
28 | * licensing@OpenSSL.org. | |
29 | * | |
30 | * 5. Products derived from this software may not be called "OpenSSL" | |
31 | * nor may "OpenSSL" appear in their names without prior written | |
32 | * permission of the OpenSSL Project. | |
33 | * | |
34 | * 6. Redistributions of any form whatsoever must retain the following | |
35 | * acknowledgment: | |
36 | * "This product includes software developed by the OpenSSL Project | |
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
38 | * | |
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
51 | * ==================================================================== | |
52 | * | |
53 | * This product includes cryptographic software written by Eric Young | |
54 | * (eay@cryptsoft.com). This product includes software written by Tim | |
55 | * Hudson (tjh@cryptsoft.com). | |
56 | * | |
57 | */ | |
58 | #include <openssl/opensslconf.h> | |
59 | ||
60 | #ifndef OPENSSL_NO_SRP | |
61 | #include <stdio.h> | |
62 | #include <stdlib.h> | |
63 | #include <string.h> | |
64 | #include <openssl/conf.h> | |
65 | #include <openssl/bio.h> | |
66 | #include <openssl/err.h> | |
67 | #include <openssl/txt_db.h> | |
68 | #include <openssl/buffer.h> | |
69 | #include <openssl/srp.h> | |
70 | ||
71 | #include "apps.h" | |
72 | ||
73 | #undef PROG | |
74 | #define PROG srp_main | |
75 | ||
76 | #define BASE_SECTION "srp" | |
77 | #define CONFIG_FILE "openssl.cnf" | |
78 | ||
79 | #define ENV_RANDFILE "RANDFILE" | |
80 | ||
81 | #define ENV_DATABASE "srpvfile" | |
82 | #define ENV_DEFAULT_SRP "default_srp" | |
83 | ||
84 | static char *srp_usage[]={ | |
85 | "usage: srp [args] [user] \n", | |
86 | "\n", | |
87 | " -verbose Talk alot while doing things\n", | |
88 | " -config file A config file\n", | |
89 | " -name arg The particular srp definition to use\n", | |
90 | " -srpvfile arg The srp verifier file name\n", | |
91 | " -add add an user and srp verifier\n", | |
92 | " -modify modify the srp verifier of an existing user\n", | |
93 | " -delete delete user from verifier file\n", | |
94 | " -list list user\n", | |
95 | " -gn arg g and N values to be used for new verifier\n", | |
96 | " -userinfo arg additional info to be set for user\n", | |
97 | " -passin arg input file pass phrase source\n", | |
98 | " -passout arg output file pass phrase source\n", | |
99 | #ifndef OPENSSL_NO_ENGINE | |
100 | " -engine e - use engine e, possibly a hardware device.\n", | |
101 | #endif | |
102 | NULL | |
103 | }; | |
104 | ||
105 | #ifdef EFENCE | |
106 | extern int EF_PROTECT_FREE; | |
107 | extern int EF_PROTECT_BELOW; | |
108 | extern int EF_ALIGNMENT; | |
109 | #endif | |
110 | ||
111 | static CONF *conf=NULL; | |
112 | static char *section=NULL; | |
113 | ||
114 | #define VERBOSE if (verbose) | |
115 | #define VVERBOSE if (verbose>1) | |
116 | ||
117 | ||
118 | int MAIN(int, char **); | |
119 | ||
120 | static int get_index(CA_DB *db, char* id, char type) | |
121 | { | |
122 | char ** pp; | |
123 | int i; | |
124 | if (id == NULL) return -1; | |
125 | if (type == DB_SRP_INDEX) | |
126 | for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) | |
127 | { | |
128 | pp=sk_OPENSSL_PSTRING_value(db->db->data,i); | |
129 | if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id,pp[DB_srpid])) | |
130 | return i; | |
131 | } | |
132 | else for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) | |
133 | { | |
134 | pp=sk_OPENSSL_PSTRING_value(db->db->data,i); | |
135 | ||
136 | if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id,pp[DB_srpid])) | |
137 | return i; | |
138 | } | |
139 | ||
140 | return -1 ; | |
141 | } | |
142 | ||
143 | static void print_entry(CA_DB *db, BIO * bio, int index, int verbose, char * s) | |
144 | { | |
145 | if (index >= 0 && verbose) | |
146 | { | |
147 | int j; | |
148 | char **pp=sk_OPENSSL_PSTRING_value(db->db->data,index); | |
149 | BIO_printf(bio,"%s \"%s\"\n",s,pp[DB_srpid]); | |
150 | for (j = 0; j < DB_NUMBER; j++) | |
151 | { | |
152 | BIO_printf(bio_err," %d = \"%s\"\n",j,pp[j]); | |
153 | } | |
154 | } | |
155 | } | |
156 | ||
157 | static void print_index(CA_DB *db, BIO * bio, int indexindex, int verbose) | |
158 | { | |
159 | print_entry(db,bio,indexindex, verbose, "g N entry") ; | |
160 | } | |
161 | ||
162 | static void print_user(CA_DB *db, BIO * bio, int userindex, int verbose) | |
163 | { | |
164 | if (verbose > 0) | |
165 | { | |
166 | char **pp= sk_OPENSSL_PSTRING_value(db->db->data,userindex); | |
167 | ||
168 | if (pp[DB_srptype][0] != 'I') | |
169 | { | |
170 | print_entry(db,bio,userindex, verbose, "User entry"); | |
171 | print_entry(db,bio,get_index(db, pp[DB_srpgN],'I'),verbose,"g N entry") ; | |
172 | } | |
173 | ||
174 | } | |
175 | } | |
176 | ||
177 | static int update_index(CA_DB *db, BIO * bio, char ** row) | |
178 | { | |
179 | char ** irow; | |
180 | int i; | |
181 | ||
182 | if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL) | |
183 | { | |
184 | BIO_printf(bio_err,"Memory allocation failure\n"); | |
185 | return 0; | |
186 | } | |
187 | ||
188 | for (i=0; i<DB_NUMBER; i++) | |
189 | { | |
190 | irow[i]=row[i]; | |
191 | row[i]=NULL; | |
192 | } | |
193 | irow[DB_NUMBER]=NULL; | |
194 | ||
195 | if (!TXT_DB_insert(db->db,irow)) | |
196 | { | |
197 | BIO_printf(bio,"failed to update srpvfile\n"); | |
198 | BIO_printf(bio,"TXT_DB error number %ld\n",db->db->error); | |
199 | OPENSSL_free(irow); | |
200 | return 0; | |
201 | } | |
202 | return 1; | |
203 | } | |
204 | ||
205 | static void lookup_fail(const char *name, const char *tag) | |
206 | { | |
207 | BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag); | |
208 | } | |
209 | ||
210 | ||
211 | static char *srp_verify_user(const char *user, const char *srp_verifier, | |
212 | char *srp_usersalt, const char *g, | |
213 | const char * N, const char *passin, BIO *bio, | |
214 | int verbose) | |
215 | { | |
216 | char password[1024]; | |
217 | PW_CB_DATA cb_tmp; | |
218 | char *verifier = NULL; | |
219 | char *gNid = NULL; | |
220 | ||
221 | cb_tmp.prompt_info = user; | |
222 | cb_tmp.password = passin; | |
223 | ||
224 | if (password_callback(password, 1024, 0, &cb_tmp) >0) | |
225 | { | |
226 | VERBOSE BIO_printf(bio,"Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,srp_verifier,srp_usersalt,g,N); | |
227 | BIO_printf(bio,"Pass %s\n",password); | |
228 | ||
229 | OPENSSL_assert(srp_usersalt != NULL); | |
230 | if (!(gNid=SRP_create_verifier(user, password, &srp_usersalt, &verifier, | |
231 | N, g))) | |
232 | { | |
233 | BIO_printf(bio,"Internal error validating SRP verifier\n"); | |
234 | } | |
235 | else | |
236 | { | |
237 | if (strcmp(verifier, srp_verifier)) | |
238 | gNid = NULL; | |
239 | OPENSSL_free(verifier); | |
240 | } | |
241 | } | |
242 | return gNid; | |
243 | } | |
244 | ||
245 | static char *srp_create_user(char * user, char **srp_verifier, | |
246 | char **srp_usersalt,char *g, char *N, | |
247 | char *passout, BIO *bio, int verbose) | |
248 | { | |
249 | char password[1024]; | |
250 | PW_CB_DATA cb_tmp; | |
251 | char *gNid = NULL; | |
252 | char *salt = NULL; | |
253 | cb_tmp.prompt_info = user; | |
254 | cb_tmp.password = passout; | |
255 | ||
256 | if (password_callback(password,1024,1,&cb_tmp) >0) | |
257 | { | |
258 | VERBOSE BIO_printf(bio,"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,g,N); | |
259 | if (!(gNid =SRP_create_verifier(user, password, &salt, srp_verifier, N, g))) | |
260 | { | |
261 | BIO_printf(bio,"Internal error creating SRP verifier\n"); | |
262 | } | |
263 | else | |
264 | *srp_usersalt = salt; | |
265 | VVERBOSE BIO_printf(bio,"gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid,salt, *srp_verifier); | |
266 | ||
267 | } | |
268 | return gNid; | |
269 | } | |
270 | ||
271 | int MAIN(int argc, char **argv) | |
272 | { | |
273 | int add_user = 0; | |
274 | int list_user= 0; | |
275 | int delete_user= 0; | |
276 | int modify_user= 0; | |
277 | char * user = NULL; | |
278 | ||
279 | char *passargin = NULL, *passargout = NULL; | |
280 | char *passin = NULL, *passout = NULL; | |
281 | char * gN = NULL; | |
282 | int gNindex = -1; | |
283 | char ** gNrow = NULL; | |
284 | int maxgN = -1; | |
285 | ||
286 | char * userinfo = NULL; | |
287 | ||
288 | int badops=0; | |
289 | int ret=1; | |
290 | int errors=0; | |
291 | int verbose=0; | |
292 | int doupdatedb=0; | |
293 | char *configfile=NULL; | |
294 | char *dbfile=NULL; | |
295 | CA_DB *db=NULL; | |
296 | char **pp ; | |
297 | int i; | |
298 | long errorline = -1; | |
299 | char *randfile=NULL; | |
300 | #ifndef OPENSSL_NO_ENGINE | |
301 | char *engine = NULL; | |
302 | #endif | |
303 | char *tofree=NULL; | |
304 | DB_ATTR db_attr; | |
305 | ||
306 | #ifdef EFENCE | |
307 | EF_PROTECT_FREE=1; | |
308 | EF_PROTECT_BELOW=1; | |
309 | EF_ALIGNMENT=0; | |
310 | #endif | |
311 | ||
312 | apps_startup(); | |
313 | ||
314 | conf = NULL; | |
315 | section = NULL; | |
316 | ||
317 | if (bio_err == NULL) | |
318 | if ((bio_err=BIO_new(BIO_s_file())) != NULL) | |
319 | BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); | |
320 | ||
321 | argc--; | |
322 | argv++; | |
323 | while (argc >= 1 && badops == 0) | |
324 | { | |
325 | if (strcmp(*argv,"-verbose") == 0) | |
326 | verbose++; | |
327 | else if (strcmp(*argv,"-config") == 0) | |
328 | { | |
329 | if (--argc < 1) goto bad; | |
330 | configfile= *(++argv); | |
331 | } | |
332 | else if (strcmp(*argv,"-name") == 0) | |
333 | { | |
334 | if (--argc < 1) goto bad; | |
335 | section= *(++argv); | |
336 | } | |
337 | else if (strcmp(*argv,"-srpvfile") == 0) | |
338 | { | |
339 | if (--argc < 1) goto bad; | |
340 | dbfile= *(++argv); | |
341 | } | |
342 | else if (strcmp(*argv,"-add") == 0) | |
343 | add_user=1; | |
344 | else if (strcmp(*argv,"-delete") == 0) | |
345 | delete_user=1; | |
346 | else if (strcmp(*argv,"-modify") == 0) | |
347 | modify_user=1; | |
348 | else if (strcmp(*argv,"-list") == 0) | |
349 | list_user=1; | |
350 | else if (strcmp(*argv,"-gn") == 0) | |
351 | { | |
352 | if (--argc < 1) goto bad; | |
353 | gN= *(++argv); | |
354 | } | |
355 | else if (strcmp(*argv,"-userinfo") == 0) | |
356 | { | |
357 | if (--argc < 1) goto bad; | |
358 | userinfo= *(++argv); | |
359 | } | |
360 | else if (strcmp(*argv,"-passin") == 0) | |
361 | { | |
362 | if (--argc < 1) goto bad; | |
363 | passargin= *(++argv); | |
364 | } | |
365 | else if (strcmp(*argv,"-passout") == 0) | |
366 | { | |
367 | if (--argc < 1) goto bad; | |
368 | passargout= *(++argv); | |
369 | } | |
370 | #ifndef OPENSSL_NO_ENGINE | |
371 | else if (strcmp(*argv,"-engine") == 0) | |
372 | { | |
373 | if (--argc < 1) goto bad; | |
374 | engine= *(++argv); | |
375 | } | |
376 | #endif | |
377 | ||
378 | else if (**argv == '-') | |
379 | { | |
380 | bad: | |
381 | BIO_printf(bio_err,"unknown option %s\n",*argv); | |
382 | badops=1; | |
383 | break; | |
384 | } | |
385 | else | |
386 | break; | |
387 | ||
388 | argc--; | |
389 | argv++; | |
390 | } | |
391 | ||
392 | if (dbfile && configfile) | |
393 | { | |
394 | BIO_printf(bio_err,"-dbfile and -configfile cannot be specified together.\n"); | |
395 | badops = 1; | |
396 | } | |
397 | if (add_user+delete_user+modify_user+list_user != 1) | |
398 | { | |
399 | BIO_printf(bio_err,"Exactly one of the options -add, -delete, -modify -list must be specified.\n"); | |
400 | badops = 1; | |
401 | } | |
402 | if (delete_user+modify_user+delete_user== 1 && argc <= 0) | |
403 | { | |
404 | BIO_printf(bio_err,"Need at least one user for options -add, -delete, -modify. \n"); | |
405 | badops = 1; | |
406 | } | |
407 | if ((passin || passout) && argc != 1 ) | |
408 | { | |
409 | BIO_printf(bio_err,"-passin, -passout arguments only valid with one user.\n"); | |
410 | badops = 1; | |
411 | } | |
412 | ||
413 | if (badops) | |
414 | { | |
415 | for (pp=srp_usage; (*pp != NULL); pp++) | |
416 | BIO_printf(bio_err,"%s",*pp); | |
417 | ||
418 | BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); | |
419 | BIO_printf(bio_err," load the file (or the files in the directory) into\n"); | |
420 | BIO_printf(bio_err," the random number generator\n"); | |
421 | goto err; | |
422 | } | |
423 | ||
424 | ERR_load_crypto_strings(); | |
425 | ||
426 | #ifndef OPENSSL_NO_ENGINE | |
427 | setup_engine(bio_err, engine, 0); | |
428 | #endif | |
429 | ||
430 | if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) | |
431 | { | |
432 | BIO_printf(bio_err, "Error getting passwords\n"); | |
433 | goto err; | |
434 | } | |
435 | ||
436 | if (!dbfile) | |
437 | { | |
438 | ||
439 | ||
440 | /*****************************************************************/ | |
441 | tofree=NULL; | |
442 | if (configfile == NULL) configfile = getenv("OPENSSL_CONF"); | |
443 | if (configfile == NULL) configfile = getenv("SSLEAY_CONF"); | |
444 | if (configfile == NULL) | |
445 | { | |
446 | const char *s=X509_get_default_cert_area(); | |
447 | size_t len; | |
448 | ||
449 | #ifdef OPENSSL_SYS_VMS | |
450 | len = strlen(s)+sizeof(CONFIG_FILE); | |
451 | tofree=OPENSSL_malloc(len); | |
452 | strcpy(tofree,s); | |
453 | #else | |
454 | len = strlen(s)+sizeof(CONFIG_FILE)+1; | |
455 | tofree=OPENSSL_malloc(len); | |
456 | BUF_strlcpy(tofree,s,len); | |
457 | BUF_strlcat(tofree,"/",len); | |
458 | #endif | |
459 | BUF_strlcat(tofree,CONFIG_FILE,len); | |
460 | configfile=tofree; | |
461 | } | |
462 | ||
463 | VERBOSE BIO_printf(bio_err,"Using configuration from %s\n",configfile); | |
464 | conf = NCONF_new(NULL); | |
465 | if (NCONF_load(conf,configfile,&errorline) <= 0) | |
466 | { | |
467 | if (errorline <= 0) | |
468 | BIO_printf(bio_err,"error loading the config file '%s'\n", | |
469 | configfile); | |
470 | else | |
471 | BIO_printf(bio_err,"error on line %ld of config file '%s'\n" | |
472 | ,errorline,configfile); | |
473 | goto err; | |
474 | } | |
475 | if(tofree) | |
476 | { | |
477 | OPENSSL_free(tofree); | |
478 | tofree = NULL; | |
479 | } | |
480 | ||
481 | if (!load_config(bio_err, conf)) | |
482 | goto err; | |
483 | ||
484 | /* Lets get the config section we are using */ | |
485 | if (section == NULL) | |
486 | { | |
487 | VERBOSE BIO_printf(bio_err,"trying to read " ENV_DEFAULT_SRP " in \" BASE_SECTION \"\n"); | |
488 | ||
489 | section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_SRP); | |
490 | if (section == NULL) | |
491 | { | |
492 | lookup_fail(BASE_SECTION,ENV_DEFAULT_SRP); | |
493 | goto err; | |
494 | } | |
495 | } | |
496 | ||
497 | if (randfile == NULL && conf) | |
498 | randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); | |
499 | ||
500 | ||
501 | VERBOSE BIO_printf(bio_err,"trying to read " ENV_DATABASE " in section \"%s\"\n",section); | |
502 | ||
503 | if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL) | |
504 | { | |
505 | lookup_fail(section,ENV_DATABASE); | |
506 | goto err; | |
507 | } | |
508 | ||
509 | } | |
510 | if (randfile == NULL) | |
511 | ERR_clear_error(); | |
512 | else | |
513 | app_RAND_load_file(randfile, bio_err, 0); | |
514 | ||
515 | VERBOSE BIO_printf(bio_err,"Trying to read SRP verifier file \"%s\"\n",dbfile); | |
516 | ||
517 | db = load_index(dbfile, &db_attr); | |
518 | if (db == NULL) goto err; | |
519 | ||
520 | /* Lets check some fields */ | |
521 | for (i=0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) | |
522 | { | |
523 | pp=sk_OPENSSL_PSTRING_value(db->db->data, i); | |
524 | ||
525 | if (pp[DB_srptype][0] == DB_SRP_INDEX) | |
526 | { | |
527 | maxgN = i; | |
528 | if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid])) | |
529 | gNindex = i; | |
530 | ||
531 | print_index(db, bio_err, i, verbose > 1) ; | |
532 | } | |
533 | } | |
534 | ||
535 | VERBOSE BIO_printf(bio_err,"Database initialised\n"); | |
536 | ||
537 | if (gNindex >= 0) | |
538 | { | |
539 | gNrow=sk_OPENSSL_PSTRING_value(db->db->data,gNindex); | |
540 | print_entry(db,bio_err,gNindex,verbose>1,"Default g and N") ; | |
541 | } | |
542 | else if (maxgN > 0 && !SRP_get_default_gN(gN)) | |
543 | { | |
544 | BIO_printf(bio_err,"No g and N value for index \"%s\"\n",gN); | |
545 | goto err; | |
546 | } | |
547 | else | |
548 | { | |
549 | VERBOSE BIO_printf(bio_err,"Database has no g N information.\n"); | |
550 | gNrow = NULL; | |
551 | } | |
552 | ||
553 | ||
554 | VVERBOSE BIO_printf(bio_err,"Starting user processing\n"); | |
555 | ||
556 | if (argc > 0) | |
557 | user = *(argv++) ; | |
558 | ||
559 | while (list_user || user) | |
560 | { | |
561 | int userindex = -1; | |
562 | if (user) | |
563 | VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n",user); | |
564 | if ((userindex = get_index(db, user, 'U')) >= 0) | |
565 | { | |
566 | print_user(db,bio_err,userindex,(verbose > 0) || list_user) ; | |
567 | } | |
568 | ||
569 | if (list_user) | |
570 | { | |
571 | if (user == NULL) | |
572 | { | |
573 | BIO_printf(bio_err,"List all users\n"); | |
574 | ||
575 | for (i=0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) | |
576 | { | |
577 | print_user(db,bio_err,i,1) ; | |
578 | } | |
579 | list_user = 0; | |
580 | } | |
581 | else if (userindex < 0) | |
582 | { | |
583 | BIO_printf(bio_err, "user \"%s\" does not exist, ignored. t\n", | |
584 | user); | |
585 | errors++; | |
586 | } | |
587 | } | |
588 | else if (add_user) | |
589 | { | |
590 | if (userindex >= 0) | |
591 | { | |
592 | /* reactivation of a new user */ | |
593 | char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex); | |
594 | BIO_printf(bio_err,"user \"%s\" reactivated.\n", user); | |
595 | row[DB_srptype][0] = 'V' ; | |
596 | ||
597 | doupdatedb = 1; | |
598 | } | |
599 | else | |
600 | { | |
601 | char *row[DB_NUMBER] ; char * gNid; | |
602 | row[DB_srpverifier] = NULL; | |
603 | row[DB_srpsalt] = NULL; | |
604 | row[DB_srpinfo] = NULL; | |
605 | if (!(gNid = srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:gN,gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose))) | |
606 | { | |
607 | BIO_printf(bio_err,"Cannot create srp verifier for user \"%s\", operation abandoned .\n",user); | |
608 | errors++ ; | |
609 | goto err; | |
610 | } | |
611 | row[DB_srpid] = BUF_strdup(user); | |
612 | row[DB_srptype] = BUF_strdup("v"); | |
613 | row[DB_srpgN] = BUF_strdup(gNid); | |
614 | ||
615 | if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] || | |
616 | (userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))) || | |
617 | !update_index(db, bio_err, row)) | |
618 | { | |
619 | if (row[DB_srpid]) OPENSSL_free(row[DB_srpid]); | |
620 | if (row[DB_srpgN]) OPENSSL_free(row[DB_srpgN]); | |
621 | if (row[DB_srpinfo]) OPENSSL_free(row[DB_srpinfo]); | |
622 | if (row[DB_srptype]) OPENSSL_free(row[DB_srptype]); | |
623 | if (row[DB_srpverifier]) OPENSSL_free(row[DB_srpverifier]); | |
624 | if (row[DB_srpsalt]) OPENSSL_free(row[DB_srpsalt]); | |
625 | goto err; | |
626 | } | |
627 | doupdatedb = 1; | |
628 | } | |
629 | } | |
630 | else if (modify_user) | |
631 | { | |
632 | if (userindex<0) | |
633 | { | |
634 | BIO_printf(bio_err,"user \"%s\" does not exist, operation ignored.\n",user); | |
635 | errors++ ; | |
636 | } | |
637 | else | |
638 | { | |
639 | ||
640 | char **row=sk_OPENSSL_PSTRING_value(db->db->data, userindex); | |
641 | char type = row[DB_srptype][0] ; | |
642 | if (type == 'v') | |
643 | { | |
644 | BIO_printf(bio_err,"user \"%s\" already updated, operation ignored.\n",user); | |
645 | errors++ ; | |
646 | } | |
647 | else | |
648 | { | |
649 | char * gNid ; | |
650 | ||
651 | if (row[DB_srptype][0] == 'V') | |
652 | { | |
653 | int user_gN ; | |
654 | char ** irow = NULL; | |
655 | VERBOSE BIO_printf(bio_err,"Verifying password for user \"%s\"\n",user); | |
656 | if ( (user_gN = get_index(db, row[DB_srpgN],DB_SRP_INDEX)) >= 0) | |
657 | irow = sk_OPENSSL_PSTRING_value(db->db->data, | |
658 | userindex); | |
659 | ||
660 | if (!srp_verify_user(user,row[DB_srpverifier], row[DB_srpsalt],irow?irow[DB_srpsalt]:row[DB_srpgN], irow?irow[DB_srpverifier]:NULL, passin, bio_err,verbose)) | |
661 | { | |
662 | BIO_printf(bio_err,"Invalid password for user \"%s\", operation abandoned.\n",user); | |
663 | errors++ ; | |
664 | goto err; | |
665 | } | |
666 | } | |
667 | VERBOSE BIO_printf(bio_err,"Password for user \"%s\" ok.\n",user); | |
668 | ||
669 | if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL, gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose))) | |
670 | { | |
671 | BIO_printf(bio_err, | |
672 | "Cannot create srp verifier for user " | |
673 | "\"%s\", operation abandonned .\n", | |
674 | user); | |
675 | errors++; | |
676 | goto err; | |
677 | } | |
678 | ||
679 | row[DB_srptype][0] = 'v'; | |
680 | row[DB_srpgN] = BUF_strdup(gNid); | |
681 | ||
682 | if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] || | |
683 | (userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo))))) | |
684 | goto err; | |
685 | ||
686 | doupdatedb = 1; | |
687 | } | |
688 | } | |
689 | } | |
690 | else if (delete_user) | |
691 | { | |
692 | if (userindex < 0) | |
693 | { | |
694 | BIO_printf(bio_err, "user \"%s\" does not exist, operation ignored. t\n", user); | |
695 | errors++; | |
696 | } | |
697 | else | |
698 | { | |
699 | char ** pp = sk_OPENSSL_PSTRING_value(db->db->data,userindex); | |
700 | BIO_printf(bio_err,"user \"%s\" revoked. t\n",user); | |
701 | ||
702 | pp[DB_srptype][0] = 'R' ; | |
703 | ||
704 | doupdatedb = 1; | |
705 | } | |
706 | } | |
707 | if (--argc > 0) | |
708 | user = *(argv++) ; | |
709 | else | |
710 | { | |
711 | user = NULL; | |
712 | list_user = 0; | |
713 | } | |
714 | } | |
715 | ||
716 | VERBOSE BIO_printf(bio_err,"User procession done.\n"); | |
717 | ||
718 | ||
719 | if (doupdatedb) | |
720 | { | |
721 | /* Lets check some fields */ | |
722 | for (i=0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) | |
723 | { | |
724 | pp=sk_OPENSSL_PSTRING_value(db->db->data,i); | |
725 | ||
726 | if (pp[DB_srptype][0] == 'v') | |
727 | { | |
728 | pp[DB_srptype][0] = 'V'; | |
729 | print_user(db,bio_err,i,verbose) ; | |
730 | } | |
731 | } | |
732 | ||
733 | VERBOSE BIO_printf(bio_err,"Trying to update srpvfile.\n"); | |
734 | if (!save_index(dbfile,"new",db)) goto err; | |
735 | ||
736 | VERBOSE BIO_printf(bio_err,"Temporary srpvfile created.\n"); | |
737 | if (!rotate_index(dbfile,"new","old")) goto err; | |
738 | ||
739 | VERBOSE BIO_printf(bio_err,"srpvfile updated.\n"); | |
740 | } | |
741 | ||
742 | ret = (errors != 0); | |
743 | err: | |
744 | if (errors != 0) | |
745 | VERBOSE BIO_printf(bio_err,"User errors %d.\n",errors); | |
746 | ||
747 | VERBOSE BIO_printf(bio_err,"SRP terminating with code %d.\n",ret); | |
748 | if(tofree) | |
749 | OPENSSL_free(tofree); | |
750 | if (ret) ERR_print_errors(bio_err); | |
751 | if (randfile) app_RAND_write_file(randfile, bio_err); | |
752 | if (conf) NCONF_free(conf); | |
753 | if (db) free_index(db); | |
754 | ||
755 | OBJ_cleanup(); | |
756 | apps_shutdown(); | |
757 | OPENSSL_EXIT(ret); | |
758 | } | |
759 | ||
760 | ||
761 | ||
762 | #endif | |
763 |