[thirdparty/openssl.git] / apps / srp.c

/* apps/srp.c */
/* Written by Peter Sylvester (peter.sylvester@edelweb.fr)  
 * for the EdelKey project and contributed to the OpenSSL project 2004.
 */
/* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer. 
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */
#include <openssl/opensslconf.h>

#ifndef OPENSSL_NO_SRP
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/conf.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/txt_db.h>
#include <openssl/buffer.h>
#include <openssl/srp.h>

#include "apps.h"

#undef PROG
#define PROG srp_main

#define BASE_SECTION	"srp"
#define CONFIG_FILE "openssl.cnf"

#define ENV_RANDFILE		"RANDFILE"

#define ENV_DATABASE		"srpvfile"
#define ENV_DEFAULT_SRP		"default_srp"

static char *srp_usage[]={
"usage: srp [args] [user] \n",
"\n",
" -verbose        Talk alot while doing things\n",
" -config file    A config file\n",
" -name arg       The particular srp definition to use\n",
" -srpvfile arg   The srp verifier file name\n",
" -add            add an user and srp verifier\n",
" -modify         modify the srp verifier of an existing user\n",
" -delete         delete user from verifier file\n",
" -list           list user\n",
" -gn arg         g and N values to be used for new verifier\n",
" -userinfo arg   additional info to be set for user\n",
" -passin arg     input file pass phrase source\n",
" -passout arg    output file pass phrase source\n",
#ifndef OPENSSL_NO_ENGINE
" -engine e         - use engine e, possibly a hardware device.\n",
#endif
NULL
};

#ifdef EFENCE
extern int EF_PROTECT_FREE;
extern int EF_PROTECT_BELOW;
extern int EF_ALIGNMENT;
#endif

static CONF *conf=NULL;
static char *section=NULL;

#define VERBOSE if (verbose) 
#define VVERBOSE if (verbose>1) 


int MAIN(int, char **);

static int get_index(CA_DB *db, char* id, char type)
	{
	char ** pp;
	int i;
	if (id == NULL) return -1;
	if (type == DB_SRP_INDEX) 
	for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
		{
		pp=sk_OPENSSL_PSTRING_value(db->db->data,i);
		if (pp[DB_srptype][0] == DB_SRP_INDEX  && !strcmp(id,pp[DB_srpid])) 
			return i;
		}
	else for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
		{
		pp=sk_OPENSSL_PSTRING_value(db->db->data,i);

		if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id,pp[DB_srpid])) 
			return i;
		}

	return -1 ; 
	}

static void print_entry(CA_DB *db, BIO * bio, int index, int verbose, char * s)
	{
	if (index >= 0 && verbose)
		{
		int j;
		char **pp=sk_OPENSSL_PSTRING_value(db->db->data,index);
		BIO_printf(bio,"%s \"%s\"\n",s,pp[DB_srpid]);
		for (j = 0; j < DB_NUMBER; j++)
			{
			BIO_printf(bio_err,"  %d = \"%s\"\n",j,pp[j]);
			}
		}
	}

static void print_index(CA_DB *db, BIO * bio, int indexindex, int verbose)
	{
	print_entry(db,bio,indexindex, verbose, "g N entry") ;
	}

static void print_user(CA_DB *db, BIO * bio, int userindex, int verbose)
	{
	if (verbose > 0)
		{
		char **pp= sk_OPENSSL_PSTRING_value(db->db->data,userindex);

		if (pp[DB_srptype][0] != 'I')
			{
			print_entry(db,bio,userindex, verbose, "User entry");
			print_entry(db,bio,get_index(db, pp[DB_srpgN],'I'),verbose,"g N entry") ;
			}

		}
	}

static int update_index(CA_DB *db, BIO * bio, char ** row)
	{
	char ** irow;
	int i;

	if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
		{
		BIO_printf(bio_err,"Memory allocation failure\n");
		return 0;
		}

	for (i=0; i<DB_NUMBER; i++)
		{
		irow[i]=row[i];
		row[i]=NULL;
		}
	irow[DB_NUMBER]=NULL;

	if (!TXT_DB_insert(db->db,irow))
		{
		BIO_printf(bio,"failed to update srpvfile\n");
		BIO_printf(bio,"TXT_DB error number %ld\n",db->db->error);
		OPENSSL_free(irow);
		return 0;
		}
	return 1;
	}

static void lookup_fail(const char *name, const char *tag)
	{
	BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
	}


static char *srp_verify_user(const char *user, const char *srp_verifier,
							 char *srp_usersalt, const char *g,
							 const char * N, const char *passin, BIO *bio,
							 int verbose)
	{
 	char password[1024];
	PW_CB_DATA cb_tmp;
	char *verifier = NULL;
	char *gNid = NULL;

	cb_tmp.prompt_info = user;
	cb_tmp.password = passin;

 	if (password_callback(password, 1024, 0, &cb_tmp) >0)
		{
		VERBOSE BIO_printf(bio,"Validating\n   user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,srp_verifier,srp_usersalt,g,N);
		BIO_printf(bio,"Pass %s\n",password);

		OPENSSL_assert(srp_usersalt != NULL);
		if (!(gNid=SRP_create_verifier(user, password, &srp_usersalt, &verifier,
									   N, g)))
			{
			BIO_printf(bio,"Internal error validating SRP verifier\n");
			}
		else
			{
			if (strcmp(verifier, srp_verifier))
				gNid = NULL;
			OPENSSL_free(verifier);
			}
		}
	return gNid;
	}

static char *srp_create_user(char * user, char **srp_verifier,
							 char **srp_usersalt,char *g, char *N,
							 char *passout, BIO *bio, int verbose)
	{
 	char password[1024];
        PW_CB_DATA cb_tmp;
	char *gNid = NULL;
	char *salt = NULL;
        cb_tmp.prompt_info = user;
        cb_tmp.password = passout;

	if (password_callback(password,1024,1,&cb_tmp) >0)
		{
		VERBOSE BIO_printf(bio,"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,g,N);
		if (!(gNid =SRP_create_verifier(user, password, &salt, srp_verifier, N, g)))
			{
			BIO_printf(bio,"Internal error creating SRP verifier\n");
			}
		else 
			*srp_usersalt = salt;
		VVERBOSE BIO_printf(bio,"gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid,salt, *srp_verifier);

		}
	return gNid;
	}

int MAIN(int argc, char **argv)
	{
	int add_user = 0;
	int list_user= 0;
	int delete_user= 0;
	int modify_user= 0;
	char * user = NULL;

	char *passargin = NULL, *passargout = NULL;
	char *passin = NULL, *passout = NULL;
        char * gN = NULL;
	int gNindex = -1;
	char ** gNrow = NULL;
	int maxgN = -1;

	char * userinfo = NULL;

	int badops=0;
	int ret=1;
	int errors=0;
	int verbose=0;
	int doupdatedb=0;
	char *configfile=NULL;
	char *dbfile=NULL;
	CA_DB *db=NULL;
	char **pp ;
	int i;
	long errorline = -1;
	char *randfile=NULL;
#ifndef OPENSSL_NO_ENGINE
	char *engine = NULL;
#endif
	char *tofree=NULL;
	DB_ATTR db_attr;

#ifdef EFENCE
EF_PROTECT_FREE=1;
EF_PROTECT_BELOW=1;
EF_ALIGNMENT=0;
#endif

	apps_startup();

	conf = NULL;
	section = NULL;

	if (bio_err == NULL)
		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

	argc--;
	argv++;
	while (argc >= 1 && badops == 0)
		{
		if	(strcmp(*argv,"-verbose") == 0)
			verbose++;
		else if	(strcmp(*argv,"-config") == 0)
			{
			if (--argc < 1) goto bad;
			configfile= *(++argv);
			}
		else if (strcmp(*argv,"-name") == 0)
			{
			if (--argc < 1) goto bad;
			section= *(++argv);
			}
		else if	(strcmp(*argv,"-srpvfile") == 0)
			{
			if (--argc < 1) goto bad;
			dbfile= *(++argv);
			}
		else if (strcmp(*argv,"-add") == 0)
			add_user=1;
		else if (strcmp(*argv,"-delete") == 0)
			delete_user=1;
		else if (strcmp(*argv,"-modify") == 0)
			modify_user=1;
		else if (strcmp(*argv,"-list") == 0)
			list_user=1;
		else if (strcmp(*argv,"-gn") == 0)
			{
			if (--argc < 1) goto bad;
			gN= *(++argv);
			}
		else if (strcmp(*argv,"-userinfo") == 0)
			{
			if (--argc < 1) goto bad;
			userinfo= *(++argv);
			}
		else if (strcmp(*argv,"-passin") == 0)
			{
			if (--argc < 1) goto bad;
			passargin= *(++argv);
			}
		else if (strcmp(*argv,"-passout") == 0)
			{
			if (--argc < 1) goto bad;
			passargout= *(++argv);
			}
#ifndef OPENSSL_NO_ENGINE
		else if (strcmp(*argv,"-engine") == 0)
			{
			if (--argc < 1) goto bad;
			engine= *(++argv);
			}
#endif

		else if (**argv == '-')
			{
bad:
			BIO_printf(bio_err,"unknown option %s\n",*argv);
			badops=1;
			break;
			}
		else 
			break;
	
		argc--;
		argv++;
		}

	if (dbfile && configfile)
		{
		BIO_printf(bio_err,"-dbfile and -configfile cannot be specified together.\n");
		badops = 1;
		}
	if (add_user+delete_user+modify_user+list_user != 1)
		{
		BIO_printf(bio_err,"Exactly one of the options -add, -delete, -modify -list must be specified.\n");
		badops = 1;
		}
	if (delete_user+modify_user+delete_user== 1 && argc <= 0)
		{
		BIO_printf(bio_err,"Need at least one user for options -add, -delete, -modify. \n");
		badops = 1;
		}
	if ((passin || passout) && argc != 1 )
		{
		BIO_printf(bio_err,"-passin, -passout arguments only valid with one user.\n");
		badops = 1;
		}

	if (badops)
		{
		for (pp=srp_usage; (*pp != NULL); pp++)
			BIO_printf(bio_err,"%s",*pp);

		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
		BIO_printf(bio_err,"                 the random number generator\n");
		goto err;
		}

	ERR_load_crypto_strings();

#ifndef OPENSSL_NO_ENGINE
	setup_engine(bio_err, engine, 0);
#endif

	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout))
		{
		BIO_printf(bio_err, "Error getting passwords\n");
		goto err;
		}

        if (!dbfile)
		{


	/*****************************************************************/
		tofree=NULL;
		if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
		if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
		if (configfile == NULL)
			{
			const char *s=X509_get_default_cert_area();
			size_t len;

#ifdef OPENSSL_SYS_VMS
			len = strlen(s)+sizeof(CONFIG_FILE);
			tofree=OPENSSL_malloc(len);
			strcpy(tofree,s);
#else
			len = strlen(s)+sizeof(CONFIG_FILE)+1;
			tofree=OPENSSL_malloc(len);
			BUF_strlcpy(tofree,s,len);
			BUF_strlcat(tofree,"/",len);
#endif
			BUF_strlcat(tofree,CONFIG_FILE,len);
			configfile=tofree;
			}

		VERBOSE BIO_printf(bio_err,"Using configuration from %s\n",configfile);
		conf = NCONF_new(NULL);
		if (NCONF_load(conf,configfile,&errorline) <= 0)
			{
			if (errorline <= 0)
				BIO_printf(bio_err,"error loading the config file '%s'\n",
					configfile);
			else
				BIO_printf(bio_err,"error on line %ld of config file '%s'\n"
					,errorline,configfile);
			goto err;
			}
		if(tofree)
			{
			OPENSSL_free(tofree);
			tofree = NULL;
			}

		if (!load_config(bio_err, conf))
			goto err;

	/* Lets get the config section we are using */
		if (section == NULL)
			{
			VERBOSE BIO_printf(bio_err,"trying to read " ENV_DEFAULT_SRP " in \" BASE_SECTION \"\n");

			section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_SRP);
			if (section == NULL)
				{
				lookup_fail(BASE_SECTION,ENV_DEFAULT_SRP);
				goto err;
				}
			}
         
		if (randfile == NULL && conf)
	        	randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");

	
		VERBOSE BIO_printf(bio_err,"trying to read " ENV_DATABASE " in section \"%s\"\n",section);

		if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
			{
			lookup_fail(section,ENV_DATABASE);
			goto err;
			}

        	}
	if (randfile == NULL)
		ERR_clear_error();
       	else 
		app_RAND_load_file(randfile, bio_err, 0);

	VERBOSE BIO_printf(bio_err,"Trying to read SRP verifier file \"%s\"\n",dbfile);

	db = load_index(dbfile, &db_attr);
	if (db == NULL) goto err;

	/* Lets check some fields */
	for (i=0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
		{
		pp=sk_OPENSSL_PSTRING_value(db->db->data, i);
	
		if (pp[DB_srptype][0] == DB_SRP_INDEX)
			{
			maxgN = i;
			if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid]))
				gNindex = i;

			print_index(db, bio_err, i, verbose > 1) ;
			}
		}
	
	VERBOSE BIO_printf(bio_err,"Database initialised\n");

	if (gNindex >= 0)
		{
		gNrow=sk_OPENSSL_PSTRING_value(db->db->data,gNindex);
		print_entry(db,bio_err,gNindex,verbose>1,"Default g and N") ;
		}
	else if (maxgN > 0 && !SRP_get_default_gN(gN))
		{
		BIO_printf(bio_err,"No g and N value for index \"%s\"\n",gN);
		goto err;
		}
	else
		{
		VERBOSE BIO_printf(bio_err,"Database has no g N information.\n");
		gNrow = NULL;
		}
	

	VVERBOSE BIO_printf(bio_err,"Starting user processing\n");

	if (argc > 0)
		user = *(argv++) ;

	while (list_user || user)
		{
		int userindex = -1;
		if (user) 
			VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n",user);
		if ((userindex = get_index(db, user, 'U')) >= 0)
			{
			print_user(db,bio_err,userindex,(verbose > 0) || list_user) ;
			}
		
		if (list_user)
			{
			if (user == NULL)
				{
				BIO_printf(bio_err,"List all users\n");

				for (i=0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
					{
					print_user(db,bio_err,i,1) ;
					}
				list_user = 0;
				}
			else if (userindex < 0)
				{
				BIO_printf(bio_err, "user \"%s\" does not exist, ignored. t\n",
						   user);
				errors++;
				}
			}
		else if (add_user)
			{
			if (userindex >= 0)
				{
				/* reactivation of a new user */
				char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
				BIO_printf(bio_err,"user \"%s\" reactivated.\n", user);
				row[DB_srptype][0] = 'V' ;

				doupdatedb = 1;
				}
			else
				{
				char *row[DB_NUMBER] ; char * gNid;
				row[DB_srpverifier] = NULL;
				row[DB_srpsalt] = NULL;
				row[DB_srpinfo] = NULL;
				if (!(gNid = srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:gN,gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
					{
						BIO_printf(bio_err,"Cannot create srp verifier for user \"%s\", operation abandoned .\n",user);
						errors++ ;
						goto err;
					}
				row[DB_srpid] = BUF_strdup(user);
				row[DB_srptype] = BUF_strdup("v");
				row[DB_srpgN] = BUF_strdup(gNid);

				if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
					(userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))) || 
					!update_index(db, bio_err, row))
					{
					if (row[DB_srpid]) OPENSSL_free(row[DB_srpid]);
					if (row[DB_srpgN]) OPENSSL_free(row[DB_srpgN]);
					if (row[DB_srpinfo]) OPENSSL_free(row[DB_srpinfo]);
					if (row[DB_srptype]) OPENSSL_free(row[DB_srptype]);
					if (row[DB_srpverifier]) OPENSSL_free(row[DB_srpverifier]);
					if (row[DB_srpsalt]) OPENSSL_free(row[DB_srpsalt]);
					goto err;
					}
				doupdatedb = 1;
				}
			}
		else if (modify_user)
			{
			if (userindex<0)
				{
				BIO_printf(bio_err,"user \"%s\" does not exist, operation ignored.\n",user);
				errors++ ;
				}
			else
				{

				char **row=sk_OPENSSL_PSTRING_value(db->db->data, userindex);
				char type = row[DB_srptype][0] ;
				if (type == 'v')
					{
					BIO_printf(bio_err,"user \"%s\" already updated, operation ignored.\n",user);
					errors++ ;
					}
				else
					{
					char * gNid ;

					if (row[DB_srptype][0] == 'V')
						{
						int user_gN ;
						char ** irow = NULL;
						VERBOSE BIO_printf(bio_err,"Verifying password for user \"%s\"\n",user);
						if ( (user_gN = get_index(db, row[DB_srpgN],DB_SRP_INDEX)) >= 0)
							irow = sk_OPENSSL_PSTRING_value(db->db->data,
															userindex);

 						if (!srp_verify_user(user,row[DB_srpverifier], row[DB_srpsalt],irow?irow[DB_srpsalt]:row[DB_srpgN], irow?irow[DB_srpverifier]:NULL, passin, bio_err,verbose))
							{
							BIO_printf(bio_err,"Invalid password for user \"%s\", operation abandoned.\n",user);
							errors++ ;
							goto err;
							}
						} 
					VERBOSE BIO_printf(bio_err,"Password for user \"%s\" ok.\n",user);

					if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL, gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
						{
							BIO_printf(bio_err,
									   "Cannot create srp verifier for user "
									   "\"%s\", operation abandonned .\n",
									   user);
							errors++;
							goto err;
						}

					row[DB_srptype][0] = 'v';
					row[DB_srpgN] = BUF_strdup(gNid);
 
					if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
						(userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))))  
						goto err;

					doupdatedb = 1;
					}
				}
			}
		else if (delete_user)
			{
			if (userindex < 0)
				{
				BIO_printf(bio_err, "user \"%s\" does not exist, operation ignored. t\n", user);
				errors++;
				}
			else
				{
				char ** pp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
				BIO_printf(bio_err,"user \"%s\" revoked. t\n",user);

				pp[DB_srptype][0] = 'R' ;
				
				doupdatedb = 1;
				}
			}
		if (--argc > 0)
			user = *(argv++) ;
		else
			{
			user = NULL;
			list_user = 0;
			}
		}

	VERBOSE BIO_printf(bio_err,"User procession done.\n");


	if (doupdatedb)
		{
		/* Lets check some fields */
		for (i=0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
			{
			pp=sk_OPENSSL_PSTRING_value(db->db->data,i);
	
			if (pp[DB_srptype][0] == 'v')
				{
				pp[DB_srptype][0] = 'V';
				print_user(db,bio_err,i,verbose) ;
				}
			}

		VERBOSE BIO_printf(bio_err,"Trying to update srpvfile.\n");
		if (!save_index(dbfile,"new",db)) goto err;
				
		VERBOSE BIO_printf(bio_err,"Temporary srpvfile created.\n");
		if (!rotate_index(dbfile,"new","old")) goto err;

		VERBOSE BIO_printf(bio_err,"srpvfile updated.\n");
		}

	ret = (errors != 0);
err:
	if (errors != 0)
	VERBOSE BIO_printf(bio_err,"User errors %d.\n",errors);

	VERBOSE BIO_printf(bio_err,"SRP terminating with code %d.\n",ret);
	if(tofree)
		OPENSSL_free(tofree);
	if (ret) ERR_print_errors(bio_err);
	if (randfile) app_RAND_write_file(randfile, bio_err);
	if (conf) NCONF_free(conf);
	if (db) free_index(db);

	OBJ_cleanup();
	apps_shutdown();
	OPENSSL_EXIT(ret);
	}


#endif
Commit	Line	Data
edc032b5 BL	1	/* apps/srp.c */
	2	/* Written by Peter Sylvester (peter.sylvester@edelweb.fr)
	3	* for the EdelKey project and contributed to the OpenSSL project 2004.
	4	*/
	5	/* ====================================================================
	6	* Copyright (c) 2004 The OpenSSL Project. All rights reserved.
	7	*
	8	* Redistribution and use in source and binary forms, with or without
	9	* modification, are permitted provided that the following conditions
	10	* are met:
	11	*
	12	* 1. Redistributions of source code must retain the above copyright
	13	* notice, this list of conditions and the following disclaimer.
	14	*
	15	* 2. Redistributions in binary form must reproduce the above copyright
	16	* notice, this list of conditions and the following disclaimer in
	17	* the documentation and/or other materials provided with the
	18	* distribution.
	19	*
	20	* 3. All advertising materials mentioning features or use of this
	21	* software must display the following acknowledgment:
	22	* "This product includes software developed by the OpenSSL Project
	23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	24	*
	25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	26	* endorse or promote products derived from this software without
	27	* prior written permission. For written permission, please contact
	28	* licensing@OpenSSL.org.
	29	*
	30	* 5. Products derived from this software may not be called "OpenSSL"
	31	* nor may "OpenSSL" appear in their names without prior written
	32	* permission of the OpenSSL Project.
	33	*
	34	* 6. Redistributions of any form whatsoever must retain the following
	35	* acknowledgment:
	36	* "This product includes software developed by the OpenSSL Project
	37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	38	*
	39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	50	* OF THE POSSIBILITY OF SUCH DAMAGE.
	51	* ====================================================================
	52	*
	53	* This product includes cryptographic software written by Eric Young
	54	* (eay@cryptsoft.com). This product includes software written by Tim
	55	* Hudson (tjh@cryptsoft.com).
	56	*
	57	*/
	58	#include <openssl/opensslconf.h>
	59
	60	#ifndef OPENSSL_NO_SRP
	61	#include <stdio.h>
	62	#include <stdlib.h>
	63	#include <string.h>
	64	#include <openssl/conf.h>
65	#include <openssl/bio.h>
66	#include <openssl/err.h>
67	#include <openssl/txt_db.h>
68	#include <openssl/buffer.h>
69	#include <openssl/srp.h>
70
71	#include "apps.h"
72
73	#undef PROG
74	#define PROG srp_main
75
76	#define BASE_SECTION "srp"
77	#define CONFIG_FILE "openssl.cnf"
78
79	#define ENV_RANDFILE "RANDFILE"
80
81	#define ENV_DATABASE "srpvfile"
82	#define ENV_DEFAULT_SRP "default_srp"
83
84	static char *srp_usage[]={
85	"usage: srp [args] [user] \n",
86	"\n",
87	" -verbose Talk alot while doing things\n",
88	" -config file A config file\n",
89	" -name arg The particular srp definition to use\n",
90	" -srpvfile arg The srp verifier file name\n",
91	" -add add an user and srp verifier\n",
92	" -modify modify the srp verifier of an existing user\n",
93	" -delete delete user from verifier file\n",
94	" -list list user\n",
95	" -gn arg g and N values to be used for new verifier\n",
96	" -userinfo arg additional info to be set for user\n",
97	" -passin arg input file pass phrase source\n",
98	" -passout arg output file pass phrase source\n",
99	#ifndef OPENSSL_NO_ENGINE
100	" -engine e - use engine e, possibly a hardware device.\n",
101	#endif
102	NULL
103	};
104
105	#ifdef EFENCE
106	extern int EF_PROTECT_FREE;
107	extern int EF_PROTECT_BELOW;
108	extern int EF_ALIGNMENT;
109	#endif
110
111	static CONF *conf=NULL;
112	static char *section=NULL;
113
114	#define VERBOSE if (verbose)
115	#define VVERBOSE if (verbose>1)
116
117
118	int MAIN(int, char **);
119
120	static int get_index(CA_DB db, char id, char type)
121	{
122	char ** pp;
123	int i;
124	if (id == NULL) return -1;
125	if (type == DB_SRP_INDEX)
126	for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
127	{
128	pp=sk_OPENSSL_PSTRING_value(db->db->data,i);
129	if (pp[DB_srptype][0] == DB_SRP_INDEX && !strcmp(id,pp[DB_srpid]))
130	return i;
131	}
132	else for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
133	{
134	pp=sk_OPENSSL_PSTRING_value(db->db->data,i);
135
136	if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id,pp[DB_srpid]))
137	return i;
138	}
139
140	return -1 ;
141	}
142
143	static void print_entry(CA_DB db, BIO bio, int index, int verbose, char * s)
144	{
145	if (index >= 0 && verbose)
146	{
147	int j;
148	char **pp=sk_OPENSSL_PSTRING_value(db->db->data,index);
149	BIO_printf(bio,"%s \"%s\"\n",s,pp[DB_srpid]);
150	for (j = 0; j < DB_NUMBER; j++)
151	{
152	BIO_printf(bio_err," %d = \"%s\"\n",j,pp[j]);
153	}
154	}
155	}
156
157	static void print_index(CA_DB db, BIO bio, int indexindex, int verbose)
158	{
159	print_entry(db,bio,indexindex, verbose, "g N entry") ;
160	}
161
162	static void print_user(CA_DB db, BIO bio, int userindex, int verbose)
163	{
164	if (verbose > 0)
165	{
166	char **pp= sk_OPENSSL_PSTRING_value(db->db->data,userindex);
167
168	if (pp[DB_srptype][0] != 'I')
169	{
170	print_entry(db,bio,userindex, verbose, "User entry");
171	print_entry(db,bio,get_index(db, pp[DB_srpgN],'I'),verbose,"g N entry") ;
172	}
173
174	}
175	}
176
177	static int update_index(CA_DB db, BIO bio, char ** row)
178	{
179	char ** irow;
180	int i;
181
182	if ((irow=(char *)OPENSSL_malloc(sizeof(char )*(DB_NUMBER+1))) == NULL)
183	{
184	BIO_printf(bio_err,"Memory allocation failure\n");
185	return 0;
186	}
187
188	for (i=0; i<DB_NUMBER; i++)
189	{
190	irow[i]=row[i];
191	row[i]=NULL;
192	}
193	irow[DB_NUMBER]=NULL;
194
195	if (!TXT_DB_insert(db->db,irow))
196	{
197	BIO_printf(bio,"failed to update srpvfile\n");
198	BIO_printf(bio,"TXT_DB error number %ld\n",db->db->error);
199	OPENSSL_free(irow);
200	return 0;
201	}
202	return 1;
203	}
204
205	static void lookup_fail(const char name, const char tag)
206	{
207	BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
208	}
209
210
211	static char srp_verify_user(const char user, const char *srp_verifier,
212	char srp_usersalt, const char g,
213	const char * N, const char passin, BIO bio,
214	int verbose)
215	{
216	char password[1024];
217	PW_CB_DATA cb_tmp;
218	char *verifier = NULL;
219	char *gNid = NULL;
220
221	cb_tmp.prompt_info = user;
222	cb_tmp.password = passin;
223
224	if (password_callback(password, 1024, 0, &cb_tmp) >0)
225	{
226	VERBOSE BIO_printf(bio,"Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,srp_verifier,srp_usersalt,g,N);
227	BIO_printf(bio,"Pass %s\n",password);
228
229	OPENSSL_assert(srp_usersalt != NULL);
230	if (!(gNid=SRP_create_verifier(user, password, &srp_usersalt, &verifier,
231	N, g)))
232	{
233	BIO_printf(bio,"Internal error validating SRP verifier\n");
234	}
235	else
236	{
237	if (strcmp(verifier, srp_verifier))
238	gNid = NULL;
239	OPENSSL_free(verifier);
240	}
241	}
242	return gNid;
243	}
244
245	static char srp_create_user(char user, char **srp_verifier,
246	char *srp_usersalt,char g, char *N,
247	char passout, BIO bio, int verbose)
248	{
249	char password[1024];
250	PW_CB_DATA cb_tmp;
251	char *gNid = NULL;
252	char *salt = NULL;
253	cb_tmp.prompt_info = user;
254	cb_tmp.password = passout;
255
256	if (password_callback(password,1024,1,&cb_tmp) >0)
257	{
258	VERBOSE BIO_printf(bio,"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,g,N);
259	if (!(gNid =SRP_create_verifier(user, password, &salt, srp_verifier, N, g)))
260	{
261	BIO_printf(bio,"Internal error creating SRP verifier\n");
262	}
263	else
264	*srp_usersalt = salt;
265	VVERBOSE BIO_printf(bio,"gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid,salt, *srp_verifier);
266
267	}
268	return gNid;
269	}
270
271	int MAIN(int argc, char **argv)
272	{
273	int add_user = 0;
274	int list_user= 0;
275	int delete_user= 0;
276	int modify_user= 0;
277	char * user = NULL;
278
279	char passargin = NULL, passargout = NULL;
280	char passin = NULL, passout = NULL;
281	char * gN = NULL;
282	int gNindex = -1;
283	char ** gNrow = NULL;
284	int maxgN = -1;
285
286	char * userinfo = NULL;
287
288	int badops=0;
289	int ret=1;
290	int errors=0;
291	int verbose=0;
292	int doupdatedb=0;
293	char *configfile=NULL;
294	char *dbfile=NULL;
295	CA_DB *db=NULL;
296	char **pp ;
297	int i;
298	long errorline = -1;
299	char *randfile=NULL;
300	#ifndef OPENSSL_NO_ENGINE
301	char *engine = NULL;
302	#endif
303	char *tofree=NULL;
304	DB_ATTR db_attr;
305
306	#ifdef EFENCE
307	EF_PROTECT_FREE=1;
308	EF_PROTECT_BELOW=1;
309	EF_ALIGNMENT=0;
310	#endif
311
312	apps_startup();
313
314	conf = NULL;
315	section = NULL;
316
317	if (bio_err == NULL)
318	if ((bio_err=BIO_new(BIO_s_file())) != NULL)
319	BIO_set_fp(bio_err,stderr,BIO_NOCLOSE\|BIO_FP_TEXT);
320
321	argc--;
322	argv++;
323	while (argc >= 1 && badops == 0)
324	{
325	if (strcmp(*argv,"-verbose") == 0)
326	verbose++;
327	else if (strcmp(*argv,"-config") == 0)
328	{
329	if (--argc < 1) goto bad;
330	configfile= *(++argv);
331	}
332	else if (strcmp(*argv,"-name") == 0)
333	{
334	if (--argc < 1) goto bad;
335	section= *(++argv);
336	}
337	else if (strcmp(*argv,"-srpvfile") == 0)
338	{
339	if (--argc < 1) goto bad;
340	dbfile= *(++argv);
341	}
342	else if (strcmp(*argv,"-add") == 0)
343	add_user=1;
344	else if (strcmp(*argv,"-delete") == 0)
345	delete_user=1;
346	else if (strcmp(*argv,"-modify") == 0)
347	modify_user=1;
348	else if (strcmp(*argv,"-list") == 0)
349	list_user=1;
350	else if (strcmp(*argv,"-gn") == 0)
351	{
352	if (--argc < 1) goto bad;
353	gN= *(++argv);
354	}
355	else if (strcmp(*argv,"-userinfo") == 0)
356	{
357	if (--argc < 1) goto bad;
358	userinfo= *(++argv);
359	}
360	else if (strcmp(*argv,"-passin") == 0)
361	{
362	if (--argc < 1) goto bad;
363	passargin= *(++argv);
364	}
365	else if (strcmp(*argv,"-passout") == 0)
366	{
367	if (--argc < 1) goto bad;
368	passargout= *(++argv);
369	}
370	#ifndef OPENSSL_NO_ENGINE
371	else if (strcmp(*argv,"-engine") == 0)
372	{
373	if (--argc < 1) goto bad;
374	engine= *(++argv);
375	}
376	#endif
377
378	else if (**argv == '-')
379	{
380	bad:
381	BIO_printf(bio_err,"unknown option %s\n",*argv);
382	badops=1;
383	break;
384	}
385	else
386	break;
387
388	argc--;
389	argv++;
390	}
391
392	if (dbfile && configfile)
393	{
394	BIO_printf(bio_err,"-dbfile and -configfile cannot be specified together.\n");
395	badops = 1;
396	}
397	if (add_user+delete_user+modify_user+list_user != 1)
398	{
399	BIO_printf(bio_err,"Exactly one of the options -add, -delete, -modify -list must be specified.\n");
400	badops = 1;
401	}
402	if (delete_user+modify_user+delete_user== 1 && argc <= 0)
403	{
404	BIO_printf(bio_err,"Need at least one user for options -add, -delete, -modify. \n");
405	badops = 1;
406	}
407	if ((passin \|\| passout) && argc != 1 )
408	{
409	BIO_printf(bio_err,"-passin, -passout arguments only valid with one user.\n");
410	badops = 1;
411	}
412
413	if (badops)
414	{
415	for (pp=srp_usage; (*pp != NULL); pp++)
416	BIO_printf(bio_err,"%s",*pp);
417
418	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
419	BIO_printf(bio_err," load the file (or the files in the directory) into\n");
420	BIO_printf(bio_err," the random number generator\n");
421	goto err;
422	}
423
424	ERR_load_crypto_strings();
425
426	#ifndef OPENSSL_NO_ENGINE
427	setup_engine(bio_err, engine, 0);
428	#endif
429
430	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout))
431	{
432	BIO_printf(bio_err, "Error getting passwords\n");
433	goto err;
434	}
435
436	if (!dbfile)
437	{
438
439
440	/*****************************************************************/
441	tofree=NULL;
442	if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
443	if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
444	if (configfile == NULL)
445	{
446	const char *s=X509_get_default_cert_area();
447	size_t len;
448
449	#ifdef OPENSSL_SYS_VMS
450	len = strlen(s)+sizeof(CONFIG_FILE);
451	tofree=OPENSSL_malloc(len);
452	strcpy(tofree,s);
453	#else
454	len = strlen(s)+sizeof(CONFIG_FILE)+1;
455	tofree=OPENSSL_malloc(len);
456	BUF_strlcpy(tofree,s,len);
457	BUF_strlcat(tofree,"/",len);
458	#endif
459	BUF_strlcat(tofree,CONFIG_FILE,len);
460	configfile=tofree;
461	}
462
463	VERBOSE BIO_printf(bio_err,"Using configuration from %s\n",configfile);
464	conf = NCONF_new(NULL);
465	if (NCONF_load(conf,configfile,&errorline) <= 0)
466	{
467	if (errorline <= 0)
468	BIO_printf(bio_err,"error loading the config file '%s'\n",
469	configfile);
470	else
471	BIO_printf(bio_err,"error on line %ld of config file '%s'\n"
472	,errorline,configfile);
473	goto err;
474	}
475	if(tofree)
476	{
477	OPENSSL_free(tofree);
478	tofree = NULL;
479	}
480
481	if (!load_config(bio_err, conf))
482	goto err;
483
484	/* Lets get the config section we are using */
485	if (section == NULL)
486	{
487	VERBOSE BIO_printf(bio_err,"trying to read " ENV_DEFAULT_SRP " in \" BASE_SECTION \"\n");
488
489	section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_SRP);
490	if (section == NULL)
491	{
492	lookup_fail(BASE_SECTION,ENV_DEFAULT_SRP);
493	goto err;
494	}
495	}
496
497	if (randfile == NULL && conf)
498	randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
499
500
501	VERBOSE BIO_printf(bio_err,"trying to read " ENV_DATABASE " in section \"%s\"\n",section);
502
503	if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
504	{
505	lookup_fail(section,ENV_DATABASE);
506	goto err;
507	}
508
509	}
510	if (randfile == NULL)
511	ERR_clear_error();
512	else
513	app_RAND_load_file(randfile, bio_err, 0);
514
515	VERBOSE BIO_printf(bio_err,"Trying to read SRP verifier file \"%s\"\n",dbfile);
516
517	db = load_index(dbfile, &db_attr);
518	if (db == NULL) goto err;
519
520	/* Lets check some fields */
521	for (i=0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
522	{
523	pp=sk_OPENSSL_PSTRING_value(db->db->data, i);
524
525	if (pp[DB_srptype][0] == DB_SRP_INDEX)
526	{
527	maxgN = i;
528	if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid]))
529	gNindex = i;
530
531	print_index(db, bio_err, i, verbose > 1) ;
532	}
533	}
534
535	VERBOSE BIO_printf(bio_err,"Database initialised\n");
536
537	if (gNindex >= 0)
538	{
539	gNrow=sk_OPENSSL_PSTRING_value(db->db->data,gNindex);
540	print_entry(db,bio_err,gNindex,verbose>1,"Default g and N") ;
541	}
542	else if (maxgN > 0 && !SRP_get_default_gN(gN))
543	{
544	BIO_printf(bio_err,"No g and N value for index \"%s\"\n",gN);
545	goto err;
546	}
547	else
548	{
549	VERBOSE BIO_printf(bio_err,"Database has no g N information.\n");
550	gNrow = NULL;
551	}
552
553
554	VVERBOSE BIO_printf(bio_err,"Starting user processing\n");
555
556	if (argc > 0)
557	user = *(argv++) ;
558
559	while (list_user \|\| user)
560	{
561	int userindex = -1;
562	if (user)
563	VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n",user);
564	if ((userindex = get_index(db, user, 'U')) >= 0)
565	{
566	print_user(db,bio_err,userindex,(verbose > 0) \|\| list_user) ;
567	}
568
569	if (list_user)
570	{
571	if (user == NULL)
572	{
573	BIO_printf(bio_err,"List all users\n");
574
575	for (i=0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
576	{
577	print_user(db,bio_err,i,1) ;
578	}
579	list_user = 0;
580	}
581	else if (userindex < 0)
582	{
583	BIO_printf(bio_err, "user \"%s\" does not exist, ignored. t\n",
584	user);
585	errors++;
586	}
587	}
588	else if (add_user)
589	{
590	if (userindex >= 0)
591	{
592	/* reactivation of a new user */
593	char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
594	BIO_printf(bio_err,"user \"%s\" reactivated.\n", user);
595	row[DB_srptype][0] = 'V' ;
596
597	doupdatedb = 1;
598	}
599	else
600	{
601	char row[DB_NUMBER] ; char gNid;
602	row[DB_srpverifier] = NULL;
603	row[DB_srpsalt] = NULL;
604	row[DB_srpinfo] = NULL;
605	if (!(gNid = srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:gN,gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
606	{
607	BIO_printf(bio_err,"Cannot create srp verifier for user \"%s\", operation abandoned .\n",user);
608	errors++ ;
609	goto err;
610	}
611	row[DB_srpid] = BUF_strdup(user);
612	row[DB_srptype] = BUF_strdup("v");
613	row[DB_srpgN] = BUF_strdup(gNid);
614
615	if (!row[DB_srpid] \|\| !row[DB_srpgN] \|\| !row[DB_srptype] \|\| !row[DB_srpverifier] \|\| !row[DB_srpsalt] \|\|
616	(userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))) \|\|
617	!update_index(db, bio_err, row))
618	{
619	if (row[DB_srpid]) OPENSSL_free(row[DB_srpid]);
620	if (row[DB_srpgN]) OPENSSL_free(row[DB_srpgN]);
621	if (row[DB_srpinfo]) OPENSSL_free(row[DB_srpinfo]);
622	if (row[DB_srptype]) OPENSSL_free(row[DB_srptype]);
623	if (row[DB_srpverifier]) OPENSSL_free(row[DB_srpverifier]);
624	if (row[DB_srpsalt]) OPENSSL_free(row[DB_srpsalt]);
625	goto err;
626	}
627	doupdatedb = 1;
628	}
629	}
630	else if (modify_user)
631	{
632	if (userindex<0)
633	{
634	BIO_printf(bio_err,"user \"%s\" does not exist, operation ignored.\n",user);
635	errors++ ;
636	}
637	else
638	{
639
640	char **row=sk_OPENSSL_PSTRING_value(db->db->data, userindex);
641	char type = row[DB_srptype][0] ;
642	if (type == 'v')
643	{
644	BIO_printf(bio_err,"user \"%s\" already updated, operation ignored.\n",user);
645	errors++ ;
646	}
647	else
648	{
649	char * gNid ;
650
651	if (row[DB_srptype][0] == 'V')
652	{
653	int user_gN ;
654	char ** irow = NULL;
655	VERBOSE BIO_printf(bio_err,"Verifying password for user \"%s\"\n",user);
656	if ( (user_gN = get_index(db, row[DB_srpgN],DB_SRP_INDEX)) >= 0)
657	irow = sk_OPENSSL_PSTRING_value(db->db->data,
658	userindex);
659
660	if (!srp_verify_user(user,row[DB_srpverifier], row[DB_srpsalt],irow?irow[DB_srpsalt]:row[DB_srpgN], irow?irow[DB_srpverifier]:NULL, passin, bio_err,verbose))
661	{
662	BIO_printf(bio_err,"Invalid password for user \"%s\", operation abandoned.\n",user);
663	errors++ ;
664	goto err;
665	}
666	}
667	VERBOSE BIO_printf(bio_err,"Password for user \"%s\" ok.\n",user);
668
669	if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL, gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
670	{
671	BIO_printf(bio_err,
672	"Cannot create srp verifier for user "
673	"\"%s\", operation abandonned .\n",
674	user);
675	errors++;
676	goto err;
677	}
678
679	row[DB_srptype][0] = 'v';
680	row[DB_srpgN] = BUF_strdup(gNid);
681
682	if (!row[DB_srpid] \|\| !row[DB_srpgN] \|\| !row[DB_srptype] \|\| !row[DB_srpverifier] \|\| !row[DB_srpsalt] \|\|
683	(userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))))
684	goto err;
685
686	doupdatedb = 1;
687	}
688	}
689	}
690	else if (delete_user)
691	{
692	if (userindex < 0)
693	{
694	BIO_printf(bio_err, "user \"%s\" does not exist, operation ignored. t\n", user);
695	errors++;
696	}
697	else
698	{
699	char ** pp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
700	BIO_printf(bio_err,"user \"%s\" revoked. t\n",user);
701
702	pp[DB_srptype][0] = 'R' ;
703
704	doupdatedb = 1;
705	}
706	}
707	if (--argc > 0)
708	user = *(argv++) ;
709	else
710	{
711	user = NULL;
712	list_user = 0;
713	}
714	}
715
716	VERBOSE BIO_printf(bio_err,"User procession done.\n");
717
718
719	if (doupdatedb)
720	{
721	/* Lets check some fields */
722	for (i=0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
723	{
724	pp=sk_OPENSSL_PSTRING_value(db->db->data,i);
725
726	if (pp[DB_srptype][0] == 'v')
727	{
728	pp[DB_srptype][0] = 'V';
729	print_user(db,bio_err,i,verbose) ;
730	}
731	}
732
733	VERBOSE BIO_printf(bio_err,"Trying to update srpvfile.\n");
734	if (!save_index(dbfile,"new",db)) goto err;
735
736	VERBOSE BIO_printf(bio_err,"Temporary srpvfile created.\n");
737	if (!rotate_index(dbfile,"new","old")) goto err;
738
739	VERBOSE BIO_printf(bio_err,"srpvfile updated.\n");
740	}
741
742	ret = (errors != 0);
743	err:
744	if (errors != 0)
745	VERBOSE BIO_printf(bio_err,"User errors %d.\n",errors);
746
747	VERBOSE BIO_printf(bio_err,"SRP terminating with code %d.\n",ret);
748	if(tofree)
749	OPENSSL_free(tofree);
750	if (ret) ERR_print_errors(bio_err);
751	if (randfile) app_RAND_write_file(randfile, bio_err);
752	if (conf) NCONF_free(conf);
753	if (db) free_index(db);
754
755	OBJ_cleanup();
756	apps_shutdown();
757	OPENSSL_EXIT(ret);
758	}
759
760
761
762	#endif
763