diff options
Diffstat (limited to 'nss/cmd/dbck/dbck.c')
-rw-r--r-- | nss/cmd/dbck/dbck.c | 1235 |
1 files changed, 616 insertions, 619 deletions
diff --git a/nss/cmd/dbck/dbck.c b/nss/cmd/dbck/dbck.c index 31e1150..6791a0d 100644 --- a/nss/cmd/dbck/dbck.c +++ b/nss/cmd/dbck/dbck.c @@ -30,45 +30,44 @@ static void *NoNickname; static void *NoSMime; typedef enum { -/* 0*/ NoSubjectForCert = 0, -/* 1*/ SubjectHasNoKeyForCert, -/* 2*/ NoNicknameOrSMimeForSubject, -/* 3*/ WrongNicknameForSubject, -/* 4*/ NoNicknameEntry, -/* 5*/ WrongSMimeForSubject, -/* 6*/ NoSMimeEntry, -/* 7*/ NoSubjectForNickname, -/* 8*/ NoSubjectForSMime, -/* 9*/ NicknameAndSMimeEntries, + /* 0*/ NoSubjectForCert = 0, + /* 1*/ SubjectHasNoKeyForCert, + /* 2*/ NoNicknameOrSMimeForSubject, + /* 3*/ WrongNicknameForSubject, + /* 4*/ NoNicknameEntry, + /* 5*/ WrongSMimeForSubject, + /* 6*/ NoSMimeEntry, + /* 7*/ NoSubjectForNickname, + /* 8*/ NoSubjectForSMime, + /* 9*/ NicknameAndSMimeEntries, NUM_ERROR_TYPES } dbErrorType; static char *dbErrorString[NUM_ERROR_TYPES] = { -/* 0*/ "<CERT ENTRY>\nDid not find a subject entry for this certificate.", -/* 1*/ "<SUBJECT ENTRY>\nSubject has certKey which is not in db.", -/* 2*/ "<SUBJECT ENTRY>\nSubject does not have a nickname or email address.", -/* 3*/ "<SUBJECT ENTRY>\nUsing this subject's nickname, found a nickname entry for a different subject.", -/* 4*/ "<SUBJECT ENTRY>\nDid not find a nickname entry for this subject.", -/* 5*/ "<SUBJECT ENTRY>\nUsing this subject's email, found an S/MIME entry for a different subject.", -/* 6*/ "<SUBJECT ENTRY>\nDid not find an S/MIME entry for this subject.", -/* 7*/ "<NICKNAME ENTRY>\nDid not find a subject entry for this nickname.", -/* 8*/ "<S/MIME ENTRY>\nDid not find a subject entry for this S/MIME profile.", + /* 0*/ "<CERT ENTRY>\nDid not find a subject entry for this certificate.", + /* 1*/ "<SUBJECT ENTRY>\nSubject has certKey which is not in db.", + /* 2*/ "<SUBJECT ENTRY>\nSubject does not have a nickname or email address.", + /* 3*/ "<SUBJECT ENTRY>\nUsing this subject's nickname, found a nickname entry for a different subject.", + /* 4*/ "<SUBJECT ENTRY>\nDid not find a nickname entry for this subject.", + /* 5*/ "<SUBJECT ENTRY>\nUsing this subject's email, found an S/MIME entry for a different subject.", + /* 6*/ "<SUBJECT ENTRY>\nDid not find an S/MIME entry for this subject.", + /* 7*/ "<NICKNAME ENTRY>\nDid not find a subject entry for this nickname.", + /* 8*/ "<S/MIME ENTRY>\nDid not find a subject entry for this S/MIME profile.", }; static char *errResult[NUM_ERROR_TYPES] = { - "Certificate entries that had no subject entry.", - "Subject entries with no corresponding Certificate entries.", + "Certificate entries that had no subject entry.", + "Subject entries with no corresponding Certificate entries.", "Subject entries that had no nickname or S/MIME entries.", "Redundant nicknames (subjects with the same nickname).", "Subject entries that had no nickname entry.", "Redundant email addresses (subjects with the same email address).", "Subject entries that had no S/MIME entry.", - "Nickname entries that had no subject entry.", + "Nickname entries that had no subject entry.", "S/MIME entries that had no subject entry.", "Subject entries with BOTH nickname and S/MIME entries." }; - enum { GOBOTH = 0, GORIGHT, @@ -89,7 +88,7 @@ struct certDBEntryListNodeStr { certDBEntry entry; void *appData; }; -typedef struct certDBEntryListNodeStr certDBEntryListNode; +typedef struct certDBEntryListNodeStr certDBEntryListNode; /* * A list node for a cert db entry. The index is a unique identifier @@ -98,7 +97,7 @@ typedef struct certDBEntryListNodeStr certDBEntryListNode; * single handle to a subject entry. * This structure is pointed to by certDBEntryListNode->appData. */ -typedef struct +typedef struct { PLArenaPool *arena; int index; @@ -142,16 +141,16 @@ typedef struct #define LISTNODE_CAST(node) \ ((certDBEntryListNode *)(node)) -static void +static void Usage(char *progName) { -#define FPS fprintf(stderr, +#define FPS fprintf(stderr, FPS "Type %s -H for more detailed descriptions\n", progName); - FPS "Usage: %s -D [-d certdir] [-m] [-v [-f dumpfile]]\n", - progName); + FPS "Usage: %s -D [-d certdir] [-m] [-v [-f dumpfile]]\n", + progName); #ifdef DORECOVER - FPS " %s -R -o newdbname [-d certdir] [-aprsx] [-v [-f dumpfile]]\n", - progName); + FPS " %s -R -o newdbname [-d certdir] [-aprsx] [-v [-f dumpfile]]\n", + progName); #endif exit(-1); } @@ -160,20 +159,20 @@ static void LongUsage(char *progName) { FPS "%-15s Display this help message.\n", - "-H"); + "-H"); FPS "%-15s Dump analysis. No changes will be made to the database.\n", - "-D"); + "-D"); FPS "%-15s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); + " -d certdir"); FPS "%-15s Put database graph in ./mailfile (default is stdout).\n", - " -m"); + " -m"); FPS "%-15s Verbose mode. Dumps the entire contents of your cert8.db.\n", - " -v"); + " -v"); FPS "%-15s File to dump verbose output into. (default is stdout)\n", - " -f dumpfile"); + " -f dumpfile"); #ifdef DORECOVER FPS "%-15s Repair the database. The program will look for broken\n", - "-R"); + "-R"); FPS "%-15s dependencies between subject entries and certificates,\n", ""); FPS "%-15s between nickname entries and subjects, and between SMIME\n", @@ -183,31 +182,31 @@ LongUsage(char *progName) FPS "%-15s removed, any missing entries will be created.\n", ""); FPS "%-15s File to store new database in (default is new_cert8.db)\n", - " -o newdbname"); + " -o newdbname"); FPS "%-15s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); + " -d certdir"); FPS "%-15s Prompt before removing any certificates.\n", " -p"); FPS "%-15s Keep all possible certificates. Only remove certificates\n", - " -a"); + " -a"); FPS "%-15s which prevent creation of a consistent database. Thus any\n", - ""); + ""); FPS "%-15s expired or redundant entries will be kept.\n", - ""); + ""); FPS "%-15s Keep redundant nickname/email entries. It is possible\n", - " -r"); + " -r"); FPS "%-15s only one such entry will be usable.\n", - ""); + ""); FPS "%-15s Don't require an S/MIME profile in order to keep an S/MIME\n", - " -s"); + " -s"); FPS "%-15s cert. An empty profile will be created.\n", - ""); + ""); FPS "%-15s Keep expired certificates.\n", - " -x"); + " -x"); FPS "%-15s Verbose mode - report all activity while recovering db.\n", - " -v"); + " -v"); FPS "%-15s File to dump verbose output into.\n", - " -f dumpfile"); + " -f dumpfile"); FPS "\n"); #endif exit(-1); @@ -225,16 +224,15 @@ printHexString(PRFileDesc *out, SECItem *hexval) { unsigned int i; for (i = 0; i < hexval->len; i++) { - if (i != hexval->len - 1) { - PR_fprintf(out, "%02x:", hexval->data[i]); - } else { - PR_fprintf(out, "%02x", hexval->data[i]); - } + if (i != hexval->len - 1) { + PR_fprintf(out, "%02x:", hexval->data[i]); + } else { + PR_fprintf(out, "%02x", hexval->data[i]); + } } PR_fprintf(out, "\n"); } - SECStatus dumpCertificate(CERTCertificate *cert, int num, PRFileDesc *outfile) { @@ -244,30 +242,30 @@ dumpCertificate(CERTCertificate *cert, int num, PRFileDesc *outfile) (SEC_GET_TRUST_FLAGS(trust, trustEmail) & CERTDB_USER) || (SEC_GET_TRUST_FLAGS(trust, trustObjectSigning) & CERTDB_USER); if (num >= 0) { - PR_fprintf(outfile, "Certificate: %3d\n", num); + PR_fprintf(outfile, "Certificate: %3d\n", num); } else { - PR_fprintf(outfile, "Certificate:\n"); + PR_fprintf(outfile, "Certificate:\n"); } PR_fprintf(outfile, "----------------\n"); if (userCert) - PR_fprintf(outfile, "(User Cert)\n"); + PR_fprintf(outfile, "(User Cert)\n"); PR_fprintf(outfile, "## SUBJECT: %s\n", cert->subjectName); PR_fprintf(outfile, "## ISSUER: %s\n", cert->issuerName); PR_fprintf(outfile, "## SERIAL NUMBER: "); printHexString(outfile, &cert->serialNumber); - { /* XXX should be separate function. */ - PRTime timeBefore, timeAfter; - PRExplodedTime beforePrintable, afterPrintable; - char *beforestr, *afterstr; - DER_DecodeTimeChoice(&timeBefore, &cert->validity.notBefore); - DER_DecodeTimeChoice(&timeAfter, &cert->validity.notAfter); - PR_ExplodeTime(timeBefore, PR_GMTParameters, &beforePrintable); - PR_ExplodeTime(timeAfter, PR_GMTParameters, &afterPrintable); - beforestr = PORT_Alloc(100); - afterstr = PORT_Alloc(100); - PR_FormatTime(beforestr, 100, "%a %b %d %H:%M:%S %Y", &beforePrintable); - PR_FormatTime(afterstr, 100, "%a %b %d %H:%M:%S %Y", &afterPrintable); - PR_fprintf(outfile, "## VALIDITY: %s to %s\n", beforestr, afterstr); + { /* XXX should be separate function. */ + PRTime timeBefore, timeAfter; + PRExplodedTime beforePrintable, afterPrintable; + char *beforestr, *afterstr; + DER_DecodeTimeChoice(&timeBefore, &cert->validity.notBefore); + DER_DecodeTimeChoice(&timeAfter, &cert->validity.notAfter); + PR_ExplodeTime(timeBefore, PR_GMTParameters, &beforePrintable); + PR_ExplodeTime(timeAfter, PR_GMTParameters, &afterPrintable); + beforestr = PORT_Alloc(100); + afterstr = PORT_Alloc(100); + PR_FormatTime(beforestr, 100, "%a %b %d %H:%M:%S %Y", &beforePrintable); + PR_FormatTime(afterstr, 100, "%a %b %d %H:%M:%S %Y", &afterPrintable); + PR_fprintf(outfile, "## VALIDITY: %s to %s\n", beforestr, afterstr); } PR_fprintf(outfile, "\n"); return SECSuccess; @@ -279,15 +277,15 @@ dumpCertEntry(certDBEntryCert *entry, int num, PRFileDesc *outfile) #if 0 NSSLOWCERTCertificate *cert; /* should we check for existing duplicates? */ - cert = nsslowcert_DecodeDERCertificate(&entry->cert.derCert, - entry->cert.nickname); + cert = nsslowcert_DecodeDERCertificate(&entry->cert.derCert, + entry->cert.nickname); #else CERTCertificate *cert; cert = CERT_DecodeDERCertificate(&entry->derCert, PR_FALSE, NULL); #endif if (!cert) { - fprintf(stderr, "Failed to decode certificate.\n"); - return SECFailure; + fprintf(stderr, "Failed to decode certificate.\n"); + return SECFailure; } cert->trust = (CERTCertTrust *)&entry->trust; dumpCertificate(cert, num, outfile); @@ -304,16 +302,16 @@ dumpSubjectEntry(certDBEntrySubject *entry, int num, PRFileDesc *outfile) PR_fprintf(outfile, "------------\n"); PR_fprintf(outfile, "## %s\n", subjectName); if (entry->nickname) - PR_fprintf(outfile, "## Subject nickname: %s\n", entry->nickname); + PR_fprintf(outfile, "## Subject nickname: %s\n", entry->nickname); if (entry->emailAddrs) { - unsigned int n; - for (n = 0; n < entry->nemailAddrs && entry->emailAddrs[n]; ++n) { - char * emailAddr = entry->emailAddrs[n]; - if (emailAddr[0]) { - PR_fprintf(outfile, "## Subject email address: %s\n", - emailAddr); - } - } + unsigned int n; + for (n = 0; n < entry->nemailAddrs && entry->emailAddrs[n]; ++n) { + char *emailAddr = entry->emailAddrs[n]; + if (emailAddr[0]) { + PR_fprintf(outfile, "## Subject email address: %s\n", + emailAddr); + } + } } PR_fprintf(outfile, "## This subject has %d cert(s).\n", entry->ncerts); PR_fprintf(outfile, "\n"); @@ -345,8 +343,8 @@ dumpSMimeEntry(certDBEntrySMime *entry, int num, PRFileDesc *outfile) SECU_PrintAny(stdout, &entry->smimeOptions, "## OPTIONS ", 0); fflush(stdout); if (entry->optionsDate.len && entry->optionsDate.data) - PR_fprintf(outfile, "## TIMESTAMP: %.*s\n", - entry->optionsDate.len, entry->optionsDate.data); + PR_fprintf(outfile, "## TIMESTAMP: %.*s\n", + entry->optionsDate.len, entry->optionsDate.data); #endif PR_fprintf(outfile, "\n"); return SECSuccess; @@ -368,42 +366,42 @@ mapCertEntries(certDBArray *dbArray) /* Arena for decoded entries */ tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (tmparena == NULL) { - PORT_SetError(SEC_ERROR_NO_MEMORY); - return SECFailure; + PORT_SetError(SEC_ERROR_NO_MEMORY); + return SECFailure; } - /* Iterate over cert entries and map them to subject entries. + /* Iterate over cert entries and map them to subject entries. * NOTE: mapSubjectEntries must be called first to alloc memory * for array of subject->cert map. */ - for (cElem = PR_LIST_HEAD(&dbArray->certs.link); + for (cElem = PR_LIST_HEAD(&dbArray->certs.link); cElem != &dbArray->certs.link; cElem = PR_NEXT_LINK(cElem)) { - certNode = LISTNODE_CAST(cElem); - certEntry = (certDBEntryCert *)&certNode->entry; - map = (certDBEntryMap *)certNode->appData; - CERT_NameFromDERCert(&certEntry->derCert, &derSubject); - CERT_KeyFromDERCert(tmparena, &certEntry->derCert, &certKey); - /* Loop over found subjects for cert's DN. */ - for (sElem = PR_LIST_HEAD(&dbArray->subjects.link); - sElem != &dbArray->subjects.link; sElem = PR_NEXT_LINK(sElem)) { - subjNode = LISTNODE_CAST(sElem); - subjectEntry = (certDBEntrySubject *)&subjNode->entry; - if (SECITEM_ItemsAreEqual(&derSubject, &subjectEntry->derSubject)) { - unsigned int i; - /* Found matching subject name, create link. */ - map->pSubject = subjNode; - /* Make sure subject entry has cert's key. */ - for (i=0; i<subjectEntry->ncerts; i++) { - if (SECITEM_ItemsAreEqual(&certKey, - &subjectEntry->certKeys[i])) { - /* Found matching cert key. */ - smap = (certDBSubjectEntryMap *)subjNode->appData; - smap->pCerts[i] = certNode; - break; - } - } - } - } + certNode = LISTNODE_CAST(cElem); + certEntry = (certDBEntryCert *)&certNode->entry; + map = (certDBEntryMap *)certNode->appData; + CERT_NameFromDERCert(&certEntry->derCert, &derSubject); + CERT_KeyFromDERCert(tmparena, &certEntry->derCert, &certKey); + /* Loop over found subjects for cert's DN. */ + for (sElem = PR_LIST_HEAD(&dbArray->subjects.link); + sElem != &dbArray->subjects.link; sElem = PR_NEXT_LINK(sElem)) { + subjNode = LISTNODE_CAST(sElem); + subjectEntry = (certDBEntrySubject *)&subjNode->entry; + if (SECITEM_ItemsAreEqual(&derSubject, &subjectEntry->derSubject)) { + unsigned int i; + /* Found matching subject name, create link. */ + map->pSubject = subjNode; + /* Make sure subject entry has cert's key. */ + for (i = 0; i < subjectEntry->ncerts; i++) { + if (SECITEM_ItemsAreEqual(&certKey, + &subjectEntry->certKeys[i])) { + /* Found matching cert key. */ + smap = (certDBSubjectEntryMap *)subjNode->appData; + smap->pCerts[i] = certNode; + break; + } + } + } + } } PORT_FreeArena(tmparena, PR_FALSE); return SECSuccess; @@ -419,84 +417,85 @@ mapSubjectEntries(certDBArray *dbArray) for (sElem = PR_LIST_HEAD(&dbArray->subjects.link); sElem != &dbArray->subjects.link; sElem = PR_NEXT_LINK(sElem)) { - /* Iterate over subject entries and map subjects to nickname - * and smime entries. The cert<->subject map will be handled - * by a subsequent call to mapCertEntries. - */ - subjNode = LISTNODE_CAST(sElem); - subjectEntry = (certDBEntrySubject *)&subjNode->entry; - subjMap = (certDBSubjectEntryMap *)subjNode->appData; - /* need to alloc memory here for array of matching certs. */ - subjMap->pCerts = PORT_ArenaAlloc(subjMap->arena, - subjectEntry->ncerts*sizeof(int)); - subjMap->numCerts = subjectEntry->ncerts; - subjMap->pNickname = NoNickname; - subjMap->pSMime = NoSMime; - - if (subjectEntry->nickname) { - /* Subject should have a nickname entry, so create a link. */ - PRCList *nElem; - for (nElem = PR_LIST_HEAD(&dbArray->nicknames.link); - nElem != &dbArray->nicknames.link; - nElem = PR_NEXT_LINK(nElem)) { - certDBEntryListNode *nickNode; - certDBEntryNickname *nicknameEntry; - /* Look for subject's nickname in nickname entries. */ - nickNode = LISTNODE_CAST(nElem); - nicknameEntry = (certDBEntryNickname *)&nickNode->entry; - if (PL_strcmp(subjectEntry->nickname, - nicknameEntry->nickname) == 0) { - /* Found a nickname entry for subject's nickname. */ - if (SECITEM_ItemsAreEqual(&subjectEntry->derSubject, - &nicknameEntry->subjectName)) { - certDBEntryMap *nickMap; - nickMap = (certDBEntryMap *)nickNode->appData; - /* Nickname and subject match. */ - subjMap->pNickname = nickNode; - nickMap->pSubject = subjNode; - } else if (subjMap->pNickname == NoNickname) { - /* Nickname entry found is for diff. subject. */ - subjMap->pNickname = WrongEntry; - } - } - } - } - if (subjectEntry->emailAddrs) { - unsigned int n; - for (n = 0; n < subjectEntry->nemailAddrs && - subjectEntry->emailAddrs[n]; ++n) { - char * emailAddr = subjectEntry->emailAddrs[n]; - if (emailAddr[0]) { - PRCList *mElem; - /* Subject should have an smime entry, so create a link. */ - for (mElem = PR_LIST_HEAD(&dbArray->smime.link); - mElem != &dbArray->smime.link; - mElem = PR_NEXT_LINK(mElem)) { - certDBEntryListNode *smimeNode; - certDBEntrySMime *smimeEntry; - /* Look for subject's email in S/MIME entries. */ - smimeNode = LISTNODE_CAST(mElem); - smimeEntry = (certDBEntrySMime *)&smimeNode->entry; - if (PL_strcmp(emailAddr, - smimeEntry->emailAddr) == 0) { - /* Found a S/MIME entry for subject's email. */ - if (SECITEM_ItemsAreEqual( - &subjectEntry->derSubject, - &smimeEntry->subjectName)) { - certDBEntryMap *smimeMap; - /* S/MIME entry and subject match. */ - subjMap->pSMime = smimeNode; - smimeMap = (certDBEntryMap *)smimeNode->appData; - smimeMap->pSubject = subjNode; - } else if (subjMap->pSMime == NoSMime) { - /* S/MIME entry found is for diff. subject. */ - subjMap->pSMime = WrongEntry; - } - } - } /* end for */ - } /* endif (emailAddr[0]) */ - } /* end for */ - } /* endif (subjectEntry->emailAddrs) */ + /* Iterate over subject entries and map subjects to nickname + * and smime entries. The cert<->subject map will be handled + * by a subsequent call to mapCertEntries. + */ + subjNode = LISTNODE_CAST(sElem); + subjectEntry = (certDBEntrySubject *)&subjNode->entry; + subjMap = (certDBSubjectEntryMap *)subjNode->appData; + /* need to alloc memory here for array of matching certs. */ + subjMap->pCerts = PORT_ArenaAlloc(subjMap->arena, + subjectEntry->ncerts * sizeof(int)); + subjMap->numCerts = subjectEntry->ncerts; + subjMap->pNickname = NoNickname; + subjMap->pSMime = NoSMime; + + if (subjectEntry->nickname) { + /* Subject should have a nickname entry, so create a link. */ + PRCList *nElem; + for (nElem = PR_LIST_HEAD(&dbArray->nicknames.link); + nElem != &dbArray->nicknames.link; + nElem = PR_NEXT_LINK(nElem)) { + certDBEntryListNode *nickNode; + certDBEntryNickname *nicknameEntry; + /* Look for subject's nickname in nickname entries. */ + nickNode = LISTNODE_CAST(nElem); + nicknameEntry = (certDBEntryNickname *)&nickNode->entry; + if (PL_strcmp(subjectEntry->nickname, + nicknameEntry->nickname) == 0) { + /* Found a nickname entry for subject's nickname. */ + if (SECITEM_ItemsAreEqual(&subjectEntry->derSubject, + &nicknameEntry->subjectName)) { + certDBEntryMap *nickMap; + nickMap = (certDBEntryMap *)nickNode->appData; + /* Nickname and subject match. */ + subjMap->pNickname = nickNode; + nickMap->pSubject = subjNode; + } else if (subjMap->pNickname == NoNickname) { + /* Nickname entry found is for diff. subject. */ + subjMap->pNickname = WrongEntry; + } + } + } + } + if (subjectEntry->emailAddrs) { + unsigned int n; + for (n = 0; n < subjectEntry->nemailAddrs && + subjectEntry->emailAddrs[n]; + ++n) { + char *emailAddr = subjectEntry->emailAddrs[n]; + if (emailAddr[0]) { + PRCList *mElem; + /* Subject should have an smime entry, so create a link. */ + for (mElem = PR_LIST_HEAD(&dbArray->smime.link); + mElem != &dbArray->smime.link; + mElem = PR_NEXT_LINK(mElem)) { + certDBEntryListNode *smimeNode; + certDBEntrySMime *smimeEntry; + /* Look for subject's email in S/MIME entries. */ + smimeNode = LISTNODE_CAST(mElem); + smimeEntry = (certDBEntrySMime *)&smimeNode->entry; + if (PL_strcmp(emailAddr, + smimeEntry->emailAddr) == 0) { + /* Found a S/MIME entry for subject's email. */ + if (SECITEM_ItemsAreEqual( + &subjectEntry->derSubject, + &smimeEntry->subjectName)) { + certDBEntryMap *smimeMap; + /* S/MIME entry and subject match. */ + subjMap->pSMime = smimeNode; + smimeMap = (certDBEntryMap *)smimeNode->appData; + smimeMap->pSubject = subjNode; + } else if (subjMap->pSMime == NoSMime) { + /* S/MIME entry found is for diff. subject. */ + subjMap->pSMime = WrongEntry; + } + } + } /* end for */ + } /* endif (emailAddr[0]) */ + } /* end for */ + } /* endif (subjectEntry->emailAddrs) */ } return SECSuccess; } @@ -505,11 +504,11 @@ void printnode(dbDebugInfo *info, const char *str, int num) { if (!info->dograph) - return; + return; if (num < 0) { - PR_fprintf(info->graphfile, str); + PR_fprintf(info->graphfile, str); } else { - PR_fprintf(info->graphfile, str, num); + PR_fprintf(info->graphfile, str, num); } } @@ -517,33 +516,33 @@ PRBool map_handle_is_ok(dbDebugInfo *info, void *mapPtr, int indent) { if (mapPtr == NULL) { - if (indent > 0) - printnode(info, " ", -1); - if (indent >= 0) - printnode(info, "******************* ", -1); - return PR_FALSE; + if (indent > 0) + printnode(info, " ", -1); + if (indent >= 0) + printnode(info, "******************* ", -1); + return PR_FALSE; } else if (mapPtr == WrongEntry) { - if (indent > 0) - printnode(info, " ", -1); - if (indent >= 0) - printnode(info, "??????????????????? ", -1); - return PR_FALSE; + if (indent > 0) + printnode(info, " ", -1); + if (indent >= 0) + printnode(info, "??????????????????? ", -1); + return PR_FALSE; } else { - return PR_TRUE; + return PR_TRUE; } } /* these call each other */ -void print_smime_graph(dbDebugInfo *info, certDBEntryMap *smimeMap, +void print_smime_graph(dbDebugInfo *info, certDBEntryMap *smimeMap, int direction); -void print_nickname_graph(dbDebugInfo *info, certDBEntryMap *nickMap, +void print_nickname_graph(dbDebugInfo *info, certDBEntryMap *nickMap, int direction); -void print_subject_graph(dbDebugInfo *info, certDBSubjectEntryMap *subjMap, +void print_subject_graph(dbDebugInfo *info, certDBSubjectEntryMap *subjMap, int direction, int optindex, int opttype); -void print_cert_graph(dbDebugInfo *info, certDBEntryMap *certMap, +void print_cert_graph(dbDebugInfo *info, certDBEntryMap *certMap, int direction); -/* Given an smime entry, print its unique identifier. If GOLEFT is +/* Given an smime entry, print its unique identifier. If GOLEFT is * specified, print the cert<-subject<-smime map, else just print * the smime entry. */ @@ -553,22 +552,22 @@ print_smime_graph(dbDebugInfo *info, certDBEntryMap *smimeMap, int direction) certDBSubjectEntryMap *subjMap; certDBEntryListNode *subjNode; if (direction == GOLEFT) { - /* Need to output subject and cert first, see print_subject_graph */ - subjNode = smimeMap->pSubject; - if (map_handle_is_ok(info, (void *)subjNode, 1)) { - subjMap = (certDBSubjectEntryMap *)subjNode->appData; - print_subject_graph(info, subjMap, GOLEFT, - smimeMap->index, certDBEntryTypeSMimeProfile); - } else { - printnode(info, "<---- S/MIME %5d ", smimeMap->index); - info->dbErrors[NoSubjectForSMime]++; - } + /* Need to output subject and cert first, see print_subject_graph */ + subjNode = smimeMap->pSubject; + if (map_handle_is_ok(info, (void *)subjNode, 1)) { + subjMap = (certDBSubjectEntryMap *)subjNode->appData; + print_subject_graph(info, subjMap, GOLEFT, + smimeMap->index, certDBEntryTypeSMimeProfile); + } else { + printnode(info, "<---- S/MIME %5d ", smimeMap->index); + info->dbErrors[NoSubjectForSMime]++; + } } else { - printnode(info, "S/MIME %5d ", smimeMap->index); + printnode(info, "S/MIME %5d ", smimeMap->index); } } -/* Given a nickname entry, print its unique identifier. If GOLEFT is +/* Given a nickname entry, print its unique identifier. If GOLEFT is * specified, print the cert<-subject<-nickname map, else just print * the nickname entry. */ @@ -578,18 +577,18 @@ print_nickname_graph(dbDebugInfo *info, certDBEntryMap *nickMap, int direction) certDBSubjectEntryMap *subjMap; certDBEntryListNode *subjNode; if (direction == GOLEFT) { - /* Need to output subject and cert first, see print_subject_graph */ - subjNode = nickMap->pSubject; - if (map_handle_is_ok(info, (void *)subjNode, 1)) { - subjMap = (certDBSubjectEntryMap *)subjNode->appData; - print_subject_graph(info, subjMap, GOLEFT, - nickMap->index, certDBEntryTypeNickname); - } else { - printnode(info, "<---- Nickname %5d ", nickMap->index); - info->dbErrors[NoSubjectForNickname]++; - } + /* Need to output subject and cert first, see print_subject_graph */ + subjNode = nickMap->pSubject; + if (map_handle_is_ok(info, (void *)subjNode, 1)) { + subjMap = (certDBSubjectEntryMap *)subjNode->appData; + print_subject_graph(info, subjMap, GOLEFT, + nickMap->index, certDBEntryTypeNickname); + } else { + printnode(info, "<---- Nickname %5d ", nickMap->index); + info->dbErrors[NoSubjectForNickname]++; + } } else { - printnode(info, "Nickname %5d ", nickMap->index); + printnode(info, "Nickname %5d ", nickMap->index); } } @@ -598,7 +597,7 @@ print_nickname_graph(dbDebugInfo *info, certDBEntryMap *nickMap, int direction) * print the list of certs that it points to. */ void -print_subject_graph(dbDebugInfo *info, certDBSubjectEntryMap *subjMap, +print_subject_graph(dbDebugInfo *info, certDBSubjectEntryMap *subjMap, int direction, int optindex, int opttype) { certDBEntryMap *map; @@ -619,70 +618,70 @@ print_subject_graph(dbDebugInfo *info, certDBSubjectEntryMap *subjMap, * than one may expect. */ if (direction == GOLEFT || direction == GOBOTH) { - /* In this case, nothing should be output until the first cert is - * located and output (cert 3 in the above example). - */ - if (subjMap->numCerts == 0 || subjMap->pCerts == NULL) - /* XXX uh-oh */ - return; - /* get the first cert and dump it. */ - node = subjMap->pCerts[0]; - if (map_handle_is_ok(info, (void *)node, 0)) { - map = (certDBEntryMap *)node->appData; - /* going left here stops. */ - print_cert_graph(info, map, GOLEFT); - } else { - info->dbErrors[SubjectHasNoKeyForCert]++; - } - /* Now it is safe to output the subject id. */ - if (direction == GOLEFT) - printnode(info, "Subject %5d <---- ", subjMap->index); - else /* direction == GOBOTH */ - printnode(info, "Subject %5d ----> ", subjMap->index); + /* In this case, nothing should be output until the first cert is + * located and output (cert 3 in the above example). + */ + if (subjMap->numCerts == 0 || subjMap->pCerts == NULL) + /* XXX uh-oh */ + return; + /* get the first cert and dump it. */ + node = subjMap->pCerts[0]; + if (map_handle_is_ok(info, (void *)node, 0)) { + map = (certDBEntryMap *)node->appData; + /* going left here stops. */ + print_cert_graph(info, map, GOLEFT); + } else { + info->dbErrors[SubjectHasNoKeyForCert]++; + } + /* Now it is safe to output the subject id. */ + if (direction == GOLEFT) + printnode(info, "Subject %5d <---- ", subjMap->index); + else /* direction == GOBOTH */ + printnode(info, "Subject %5d ----> ", subjMap->index); } - if (direction == GORIGHT || direction == GOBOTH) { - /* Okay, now output the nickname|smime for this subject. */ - if (direction != GOBOTH) /* handled above */ - printnode(info, "Subject %5d ----> ", subjMap->index); - if (subjMap->pNickname) { - node = subjMap->pNickname; - if (map_handle_is_ok(info, (void *)node, 0)) { - map = (certDBEntryMap *)node->appData; - /* going right here stops. */ - print_nickname_graph(info, map, GORIGHT); - } - } - if (subjMap->pSMime) { - node = subjMap->pSMime; - if (map_handle_is_ok(info, (void *)node, 0)) { - map = (certDBEntryMap *)node->appData; - /* going right here stops. */ - print_smime_graph(info, map, GORIGHT); - } - } - if (!subjMap->pNickname && !subjMap->pSMime) { - printnode(info, "******************* ", -1); - info->dbErrors[NoNicknameOrSMimeForSubject]++; - } - if (subjMap->pNickname && subjMap->pSMime) { - info->dbErrors[NicknameAndSMimeEntries]++; - } + if (direction == GORIGHT || direction == GOBOTH) { + /* Okay, now output the nickname|smime for this subject. */ + if (direction != GOBOTH) /* handled above */ + printnode(info, "Subject %5d ----> ", subjMap->index); + if (subjMap->pNickname) { + node = subjMap->pNickname; + if (map_handle_is_ok(info, (void *)node, 0)) { + map = (certDBEntryMap *)node->appData; + /* going right here stops. */ + print_nickname_graph(info, map, GORIGHT); + } + } + if (subjMap->pSMime) { + node = subjMap->pSMime; + if (map_handle_is_ok(info, (void *)node, 0)) { + map = (certDBEntryMap *)node->appData; + /* going right here stops. */ + print_smime_graph(info, map, GORIGHT); + } + } + if (!subjMap->pNickname && !subjMap->pSMime) { + printnode(info, "******************* ", -1); + info->dbErrors[NoNicknameOrSMimeForSubject]++; + } + if (subjMap->pNickname && subjMap->pSMime) { + info->dbErrors[NicknameAndSMimeEntries]++; + } } if (direction != GORIGHT) { /* going right has only one cert */ - if (opttype == certDBEntryTypeNickname) - printnode(info, "Nickname %5d ", optindex); - else if (opttype == certDBEntryTypeSMimeProfile) - printnode(info, "S/MIME %5d ", optindex); - for (i=1 /* 1st one already done */; i<subjMap->numCerts; i++) { - printnode(info, "\n", -1); /* start a new line */ - node = subjMap->pCerts[i]; - if (map_handle_is_ok(info, (void *)node, 0)) { - map = (certDBEntryMap *)node->appData; - /* going left here stops. */ - print_cert_graph(info, map, GOLEFT); - printnode(info, "/", -1); - } - } + if (opttype == certDBEntryTypeNickname) + printnode(info, "Nickname %5d ", optindex); + else if (opttype == certDBEntryTypeSMimeProfile) + printnode(info, "S/MIME %5d ", optindex); + for (i = 1 /* 1st one already done */; i < subjMap->numCerts; i++) { + printnode(info, "\n", -1); /* start a new line */ + node = subjMap->pCerts[i]; + if (map_handle_is_ok(info, (void *)node, 0)) { + map = (certDBEntryMap *)node->appData; + /* going left here stops. */ + print_cert_graph(info, map, GOLEFT); + printnode(info, "/", -1); + } + } } } @@ -696,18 +695,18 @@ print_cert_graph(dbDebugInfo *info, certDBEntryMap *certMap, int direction) certDBSubjectEntryMap *subjMap; certDBEntryListNode *subjNode; if (direction == GOLEFT) { - printnode(info, "Cert %5d <---- ", certMap->index); - /* only want cert entry, terminate here. */ - return; + printnode(info, "Cert %5d <---- ", certMap->index); + /* only want cert entry, terminate here. */ + return; } /* Keep going right then. */ printnode(info, "Cert %5d ----> ", certMap->index); subjNode = certMap->pSubject; if (map_handle_is_ok(info, (void *)subjNode, 0)) { - subjMap = (certDBSubjectEntryMap *)subjNode->appData; - print_subject_graph(info, subjMap, GORIGHT, -1, -1); + subjMap = (certDBSubjectEntryMap *)subjNode->appData; + print_subject_graph(info, subjMap, GORIGHT, -1, -1); } else { - info->dbErrors[NoSubjectForCert]++; + info->dbErrors[NoSubjectForCert]++; } } @@ -734,45 +733,46 @@ computeDBGraph(certDBArray *dbArray, dbDebugInfo *info) /* Print cert graph. */ for (cElem = PR_LIST_HEAD(&dbArray->certs.link); cElem != &dbArray->certs.link; cElem = PR_NEXT_LINK(cElem)) { - /* Print graph of everything to right of cert entry. */ - node = LISTNODE_CAST(cElem); - map = (certDBEntryMap *)node->appData; - print_cert_graph(info, map, GORIGHT); - printnode(info, "\n", -1); + /* Print graph of everything to right of cert entry. */ + node = LISTNODE_CAST(cElem); + map = (certDBEntryMap *)node->appData; + print_cert_graph(info, map, GORIGHT); + printnode(info, "\n", -1); } printnode(info, "\n", -1); /* Print subject graph. */ for (sElem = PR_LIST_HEAD(&dbArray->subjects.link); sElem != &dbArray->subjects.link; sElem = PR_NEXT_LINK(sElem)) { - /* Print graph of everything to both sides of subject entry. */ - node = LISTNODE_CAST(sElem); - subjMap = (certDBSubjectEntryMap *)node->appData; - print_subject_graph(info, subjMap, GOBOTH, -1, -1); - printnode(info, "\n", -1); + /* Print graph of everything to both sides of subject entry. */ + node = LISTNODE_CAST(sElem); + subjMap = (certDBSubjectEntryMap *)node->appData; + print_subject_graph(info, subjMap, GOBOTH, -1, -1); + printnode(info, "\n", -1); } printnode(info, "\n", -1); /* Print nickname graph. */ for (nElem = PR_LIST_HEAD(&dbArray->nicknames.link); nElem != &dbArray->nicknames.link; nElem = PR_NEXT_LINK(nElem)) { - /* Print graph of everything to left of nickname entry. */ - node = LISTNODE_CAST(nElem); - map = (certDBEntryMap *)node->appData; - print_nickname_graph(info, map, GOLEFT); - printnode(info, "\n", -1); + /* Print graph of everything to left of nickname entry. */ + node = LISTNODE_CAST(nElem); + map = (certDBEntryMap *)node->appData; + print_nickname_graph(info, map, GOLEFT); + printnode(info, "\n", -1); } printnode(info, "\n", -1); /* Print smime graph. */ for (mElem = PR_LIST_HEAD(&dbArray->smime.link); mElem != &dbArray->smime.link; mElem = PR_NEXT_LINK(mElem)) { - /* Print graph of everything to left of smime entry. */ - node = LISTNODE_CAST(mElem); - if (node == NULL) break; - map = (certDBEntryMap *)node->appData; - print_smime_graph(info, map, GOLEFT); - printnode(info, "\n", -1); + /* Print graph of everything to left of smime entry. */ + node = LISTNODE_CAST(mElem); + if (node == NULL) + break; + map = (certDBEntryMap *)node->appData; + print_smime_graph(info, map, GOLEFT); + printnode(info, "\n", -1); } printnode(info, "\n", -1); @@ -795,129 +795,127 @@ verboseOutput(certDBArray *dbArray, dbDebugInfo *info) /* List certs */ for (elem = PR_LIST_HEAD(&dbArray->certs.link); elem != &dbArray->certs.link; elem = PR_NEXT_LINK(elem)) { - node = LISTNODE_CAST(elem); - map = (certDBEntryMap *)node->appData; - dumpCertEntry((certDBEntryCert*)&node->entry, map->index, info->out); - /* walk the cert handle to it's subject entry */ - if (map_handle_is_ok(info, map->pSubject, -1)) { - smap = (certDBSubjectEntryMap *)map->pSubject->appData; - ref = smap->index; - PR_fprintf(info->out, "-->(subject %d)\n\n\n", ref); - } else { - PR_fprintf(info->out, "-->(MISSING SUBJECT ENTRY)\n\n\n"); - } + node = LISTNODE_CAST(elem); + map = (certDBEntryMap *)node->appData; + dumpCertEntry((certDBEntryCert *)&node->entry, map->index, info->out); + /* walk the cert handle to it's subject entry */ + if (map_handle_is_ok(info, map->pSubject, -1)) { + smap = (certDBSubjectEntryMap *)map->pSubject->appData; + ref = smap->index; + PR_fprintf(info->out, "-->(subject %d)\n\n\n", ref); + } else { + PR_fprintf(info->out, "-->(MISSING SUBJECT ENTRY)\n\n\n"); + } } /* List subjects */ for (elem = PR_LIST_HEAD(&dbArray->subjects.link); elem != &dbArray->subjects.link; elem = PR_NEXT_LINK(elem)) { - int refs = 0; - node = LISTNODE_CAST(elem); - subjectEntry = (certDBEntrySubject *)&node->entry; - smap = (certDBSubjectEntryMap *)node->appData; - dumpSubjectEntry(subjectEntry, smap->index, info->out); - /* iterate over subject's certs */ - for (i=0; i<smap->numCerts; i++) { - /* walk each subject handle to it's cert entries */ - if (map_handle_is_ok(info, smap->pCerts[i], -1)) { - ref = ((certDBEntryMap *)smap->pCerts[i]->appData)->index; - PR_fprintf(info->out, "-->(%d. certificate %d)\n", i, ref); - } else { - PR_fprintf(info->out, "-->(%d. MISSING CERT ENTRY)\n", i); - } - } - if (subjectEntry->nickname) { - ++refs; - /* walk each subject handle to it's nickname entry */ - if (map_handle_is_ok(info, smap->pNickname, -1)) { - ref = ((certDBEntryMap *)smap->pNickname->appData)->index; - PR_fprintf(info->out, "-->(nickname %d)\n", ref); - } else { - PR_fprintf(info->out, "-->(MISSING NICKNAME ENTRY)\n"); - } - } - if (subjectEntry->nemailAddrs && - subjectEntry->emailAddrs && - subjectEntry->emailAddrs[0] && - subjectEntry->emailAddrs[0][0]) { - ++refs; - /* walk each subject handle to it's smime entry */ - if (map_handle_is_ok(info, smap->pSMime, -1)) { - ref = ((certDBEntryMap *)smap->pSMime->appData)->index; - PR_fprintf(info->out, "-->(s/mime %d)\n", ref); - } else { - PR_fprintf(info->out, "-->(MISSING S/MIME ENTRY)\n"); - } - } - if (!refs) { - PR_fprintf(info->out, "-->(NO NICKNAME+S/MIME ENTRY)\n"); - } - PR_fprintf(info->out, "\n\n"); + int refs = 0; + node = LISTNODE_CAST(elem); + subjectEntry = (certDBEntrySubject *)&node->entry; + smap = (certDBSubjectEntryMap *)node->appData; + dumpSubjectEntry(subjectEntry, smap->index, info->out); + /* iterate over subject's certs */ + for (i = 0; i < smap->numCerts; i++) { + /* walk each subject handle to it's cert entries */ + if (map_handle_is_ok(info, smap->pCerts[i], -1)) { + ref = ((certDBEntryMap *)smap->pCerts[i]->appData)->index; + PR_fprintf(info->out, "-->(%d. certificate %d)\n", i, ref); + } else { + PR_fprintf(info->out, "-->(%d. MISSING CERT ENTRY)\n", i); + } + } + if (subjectEntry->nickname) { + ++refs; + /* walk each subject handle to it's nickname entry */ + if (map_handle_is_ok(info, smap->pNickname, -1)) { + ref = ((certDBEntryMap *)smap->pNickname->appData)->index; + PR_fprintf(info->out, "-->(nickname %d)\n", ref); + } else { + PR_fprintf(info->out, "-->(MISSING NICKNAME ENTRY)\n"); + } + } + if (subjectEntry->nemailAddrs && + subjectEntry->emailAddrs && + subjectEntry->emailAddrs[0] && + subjectEntry->emailAddrs[0][0]) { + ++refs; + /* walk each subject handle to it's smime entry */ + if (map_handle_is_ok(info, smap->pSMime, -1)) { + ref = ((certDBEntryMap *)smap->pSMime->appData)->index; + PR_fprintf(info->out, "-->(s/mime %d)\n", ref); + } else { + PR_fprintf(info->out, "-->(MISSING S/MIME ENTRY)\n"); + } + } + if (!refs) { + PR_fprintf(info->out, "-->(NO NICKNAME+S/MIME ENTRY)\n"); + } + PR_fprintf(info->out, "\n\n"); } for (elem = PR_LIST_HEAD(&dbArray->nicknames.link); elem != &dbArray->nicknames.link; elem = PR_NEXT_LINK(elem)) { - node = LISTNODE_CAST(elem); - map = (certDBEntryMap *)node->appData; - dumpNicknameEntry((certDBEntryNickname*)&node->entry, map->index, - info->out); - if (map_handle_is_ok(info, map->pSubject, -1)) { - ref = ((certDBEntryMap *)map->pSubject->appData)->index; - PR_fprintf(info->out, "-->(subject %d)\n\n\n", ref); - } else { - PR_fprintf(info->out, "-->(MISSING SUBJECT ENTRY)\n\n\n"); - } + node = LISTNODE_CAST(elem); + map = (certDBEntryMap *)node->appData; + dumpNicknameEntry((certDBEntryNickname *)&node->entry, map->index, + info->out); + if (map_handle_is_ok(info, map->pSubject, -1)) { + ref = ((certDBEntryMap *)map->pSubject->appData)->index; + PR_fprintf(info->out, "-->(subject %d)\n\n\n", ref); + } else { + PR_fprintf(info->out, "-->(MISSING SUBJECT ENTRY)\n\n\n"); + } } for (elem = PR_LIST_HEAD(&dbArray->smime.link); elem != &dbArray->smime.link; elem = PR_NEXT_LINK(elem)) { - node = LISTNODE_CAST(elem); - map = (certDBEntryMap *)node->appData; - dumpSMimeEntry((certDBEntrySMime*)&node->entry, map->index, info->out); - if (map_handle_is_ok(info, map->pSubject, -1)) { - ref = ((certDBEntryMap *)map->pSubject->appData)->index; - PR_fprintf(info->out, "-->(subject %d)\n\n\n", ref); - } else { - PR_fprintf(info->out, "-->(MISSING SUBJECT ENTRY)\n\n\n"); - } + node = LISTNODE_CAST(elem); + map = (certDBEntryMap *)node->appData; + dumpSMimeEntry((certDBEntrySMime *)&node->entry, map->index, info->out); + if (map_handle_is_ok(info, map->pSubject, -1)) { + ref = ((certDBEntryMap *)map->pSubject->appData)->index; + PR_fprintf(info->out, "-->(subject %d)\n\n\n", ref); + } else { + PR_fprintf(info->out, "-->(MISSING SUBJECT ENTRY)\n\n\n"); + } } PR_fprintf(info->out, "\n\n"); } - /* A callback function, intended to be called from nsslowcert_TraverseDBEntries * Builds a PRCList of DB entries of the specified type. */ -SECStatus -SEC_GetCertDBEntryList(SECItem *dbdata, SECItem *dbkey, +SECStatus +SEC_GetCertDBEntryList(SECItem *dbdata, SECItem *dbkey, certDBEntryType entryType, void *pdata) { - certDBEntry * entry; - certDBEntryListNode * node; - PRCList * list = (PRCList *)pdata; + certDBEntry *entry; + certDBEntryListNode *node; + PRCList *list = (PRCList *)pdata; if (!dbdata || !dbkey || !pdata || !dbdata->data || !dbkey->data) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } entry = nsslowcert_DecodeAnyDBEntry(dbdata, dbkey, entryType, NULL); if (!entry) { - return SECSuccess; /* skip it */ + return SECSuccess; /* skip it */ } node = PORT_ArenaZNew(entry->common.arena, certDBEntryListNode); if (!node) { - /* DestroyDBEntry(entry); */ - PLArenaPool *arena = entry->common.arena; - PORT_Memset(&entry->common, 0, sizeof entry->common); - PORT_FreeArena(arena, PR_FALSE); - return SECFailure; + /* DestroyDBEntry(entry); */ + PLArenaPool *arena = entry->common.arena; + PORT_Memset(&entry->common, 0, sizeof entry->common); + PORT_FreeArena(arena, PR_FALSE); + return SECFailure; } - node->entry = *entry; /* crude but effective. */ + node->entry = *entry; /* crude but effective. */ PR_INIT_CLIST(&node->link); PR_INSERT_BEFORE(&node->link, list); return SECSuccess; } - int -fillDBEntryArray(NSSLOWCERTCertDBHandle *handle, certDBEntryType type, +fillDBEntryArray(NSSLOWCERTCertDBHandle *handle, certDBEntryType type, certDBEntryListNode *list) { PRCList *elem; @@ -934,27 +932,27 @@ fillDBEntryArray(NSSLOWCERTCertDBHandle *handle, certDBEntryType type, /* Collect all of the cert db entries for this type into a list. */ nsslowcert_TraverseDBEntries(handle, type, SEC_GetCertDBEntryList, list); - for (elem = PR_LIST_HEAD(&list->link); + for (elem = PR_LIST_HEAD(&list->link); elem != &list->link; elem = PR_NEXT_LINK(elem)) { - /* Iterate over the entries and ... */ - node = (certDBEntryListNode *)elem; - if (type != certDBEntryTypeSubject) { - arena = PORT_NewArena(sizeof(*mnode)); - mnode = PORT_ArenaZNew(arena, certDBEntryMap); - mnode->arena = arena; - /* ... assign a unique index number to each node, and ... */ - mnode->index = count; - /* ... set the map pointer for the node. */ - node->appData = (void *)mnode; - } else { - /* allocate some room for the cert pointers also */ - arena = PORT_NewArena(sizeof(*smnode) + 20*sizeof(void *)); - smnode = PORT_ArenaZNew(arena, certDBSubjectEntryMap); - smnode->arena = arena; - smnode->index = count; - node->appData = (void *)smnode; - } - count++; + /* Iterate over the entries and ... */ + node = (certDBEntryListNode *)elem; + if (type != certDBEntryTypeSubject) { + arena = PORT_NewArena(sizeof(*mnode)); + mnode = PORT_ArenaZNew(arena, certDBEntryMap); + mnode->arena = arena; + /* ... assign a unique index number to each node, and ... */ + mnode->index = count; + /* ... set the map pointer for the node. */ + node->appData = (void *)mnode; + } else { + /* allocate some room for the cert pointers also */ + arena = PORT_NewArena(sizeof(*smnode) + 20 * sizeof(void *)); + smnode = PORT_ArenaZNew(arena, certDBSubjectEntryMap); + smnode->arena = arena; + smnode->index = count; + node->appData = (void *)smnode; + } + count++; } return count; } @@ -966,20 +964,20 @@ freeDBEntryList(PRCList *list) certDBEntryListNode *node; certDBEntryMap *map; - for (elem = PR_LIST_HEAD(list); elem != list;) { - next = PR_NEXT_LINK(elem); - node = (certDBEntryListNode *)elem; - map = (certDBEntryMap *)node->appData; - PR_REMOVE_LINK(&node->link); - PORT_FreeArena(map->arena, PR_TRUE); - PORT_FreeArena(node->entry.common.arena, PR_TRUE); - elem = next; + for (elem = PR_LIST_HEAD(list); elem != list;) { + next = PR_NEXT_LINK(elem); + node = (certDBEntryListNode *)elem; + map = (certDBEntryMap *)node->appData; + PR_REMOVE_LINK(&node->link); + PORT_FreeArena(map->arena, PR_TRUE); + PORT_FreeArena(node->entry.common.arena, PR_TRUE); + elem = next; } } void -DBCK_DebugDB(NSSLOWCERTCertDBHandle *handle, PRFileDesc *out, - PRFileDesc *mailfile) +DBCK_DebugDB(NSSLOWCERTCertDBHandle *handle, PRFileDesc *out, + PRFileDesc *mailfile) { int i, nCertsFound, nSubjFound, nErr; int nCerts, nSubjects, nSubjCerts, nNicknames, nSMime, nRevocation; @@ -992,20 +990,20 @@ DBCK_DebugDB(NSSLOWCERTCertDBHandle *handle, PRFileDesc *out, PORT_Memset(&info, 0, sizeof(info)); info.verbose = (PRBool)(out != NULL); info.dograph = info.verbose; - info.out = (out) ? out : PR_STDOUT; + info.out = (out) ? out : PR_STDOUT; info.graphfile = mailfile ? mailfile : PR_STDOUT; /* Fill the array structure with cert/subject/nickname/smime entries. */ - dbArray.numCerts = fillDBEntryArray(handle, certDBEntryTypeCert, - &dbArray.certs); - dbArray.numSubjects = fillDBEntryArray(handle, certDBEntryTypeSubject, - &dbArray.subjects); - dbArray.numNicknames = fillDBEntryArray(handle, certDBEntryTypeNickname, + dbArray.numCerts = fillDBEntryArray(handle, certDBEntryTypeCert, + &dbArray.certs); + dbArray.numSubjects = fillDBEntryArray(handle, certDBEntryTypeSubject, + &dbArray.subjects); + dbArray.numNicknames = fillDBEntryArray(handle, certDBEntryTypeNickname, &dbArray.nicknames); - dbArray.numSMime = fillDBEntryArray(handle, certDBEntryTypeSMimeProfile, - &dbArray.smime); - dbArray.numRevocation= fillDBEntryArray(handle, certDBEntryTypeRevocation, - &dbArray.revocation); + dbArray.numSMime = fillDBEntryArray(handle, certDBEntryTypeSMimeProfile, + &dbArray.smime); + dbArray.numRevocation = fillDBEntryArray(handle, certDBEntryTypeRevocation, + &dbArray.revocation); /* Compute the map between the database entries. */ mapSubjectEntries(&dbArray); @@ -1013,22 +1011,22 @@ DBCK_DebugDB(NSSLOWCERTCertDBHandle *handle, PRFileDesc *out, computeDBGraph(&dbArray, &info); /* Store the totals for later reference. */ - nCerts = dbArray.numCerts; - nSubjects = dbArray.numSubjects; + nCerts = dbArray.numCerts; + nSubjects = dbArray.numSubjects; nNicknames = dbArray.numNicknames; - nSMime = dbArray.numSMime; - nRevocation= dbArray.numRevocation; + nSMime = dbArray.numSMime; + nRevocation = dbArray.numRevocation; nSubjCerts = 0; for (elem = PR_LIST_HEAD(&dbArray.subjects.link); elem != &dbArray.subjects.link; elem = PR_NEXT_LINK(elem)) { - certDBSubjectEntryMap *smap; - smap = (certDBSubjectEntryMap *)LISTNODE_CAST(elem)->appData; - nSubjCerts += smap->numCerts; + certDBSubjectEntryMap *smap; + smap = (certDBSubjectEntryMap *)LISTNODE_CAST(elem)->appData; + nSubjCerts += smap->numCerts; } if (info.verbose) { - /* Dump the database contents. */ - verboseOutput(&dbArray, &info); + /* Dump the database contents. */ + verboseOutput(&dbArray, &info); } freeDBEntryList(&dbArray.certs.link); @@ -1039,71 +1037,71 @@ DBCK_DebugDB(NSSLOWCERTCertDBHandle *handle, PRFileDesc *out, PR_fprintf(info.out, "\n"); PR_fprintf(info.out, "Database statistics:\n"); - PR_fprintf(info.out, "N0: Found %4d Certificate entries.\n", - nCerts); - PR_fprintf(info.out, "N1: Found %4d Subject entries (unique DN's).\n", - nSubjects); - PR_fprintf(info.out, "N2: Found %4d Cert keys within Subject entries.\n", - nSubjCerts); - PR_fprintf(info.out, "N3: Found %4d Nickname entries.\n", - nNicknames); - PR_fprintf(info.out, "N4: Found %4d S/MIME entries.\n", - nSMime); - PR_fprintf(info.out, "N5: Found %4d CRL entries.\n", - nRevocation); + PR_fprintf(info.out, "N0: Found %4d Certificate entries.\n", + nCerts); + PR_fprintf(info.out, "N1: Found %4d Subject entries (unique DN's).\n", + nSubjects); + PR_fprintf(info.out, "N2: Found %4d Cert keys within Subject entries.\n", + nSubjCerts); + PR_fprintf(info.out, "N3: Found %4d Nickname entries.\n", + nNicknames); + PR_fprintf(info.out, "N4: Found %4d S/MIME entries.\n", + nSMime); + PR_fprintf(info.out, "N5: Found %4d CRL entries.\n", + nRevocation); PR_fprintf(info.out, "\n"); nErr = 0; - for (i=0; i < NUM_ERROR_TYPES; i++) { - PR_fprintf(info.out, "E%d: Found %4d %s\n", - i, info.dbErrors[i], errResult[i]); - nErr += info.dbErrors[i]; + for (i = 0; i < NUM_ERROR_TYPES; i++) { + PR_fprintf(info.out, "E%d: Found %4d %s\n", + i, info.dbErrors[i], errResult[i]); + nErr += info.dbErrors[i]; } - PR_fprintf(info.out, "--------------\n Found %4d errors in database.\n", + PR_fprintf(info.out, "--------------\n Found %4d errors in database.\n", nErr); PR_fprintf(info.out, "\nCertificates:\n"); - PR_fprintf(info.out, "N0 == N2 + E%d + E%d\n", NoSubjectForCert, - SubjectHasNoKeyForCert); + PR_fprintf(info.out, "N0 == N2 + E%d + E%d\n", NoSubjectForCert, + SubjectHasNoKeyForCert); nCertsFound = nSubjCerts + info.dbErrors[NoSubjectForCert] + info.dbErrors[SubjectHasNoKeyForCert]; c = (nCertsFound == nCerts) ? '=' : '!'; - PR_fprintf(info.out, "%d %c= %d + %d + %d\n", nCerts, c, nSubjCerts, - info.dbErrors[NoSubjectForCert], - info.dbErrors[SubjectHasNoKeyForCert]); + PR_fprintf(info.out, "%d %c= %d + %d + %d\n", nCerts, c, nSubjCerts, + info.dbErrors[NoSubjectForCert], + info.dbErrors[SubjectHasNoKeyForCert]); PR_fprintf(info.out, "\nSubjects:\n"); - PR_fprintf(info.out, - "N1 == N3 + N4 + E%d + E%d + E%d + E%d + E%d - E%d - E%d - E%d\n", - NoNicknameOrSMimeForSubject, - WrongNicknameForSubject, - NoNicknameEntry, - WrongSMimeForSubject, - NoSMimeEntry, - NoSubjectForNickname, - NoSubjectForSMime, - NicknameAndSMimeEntries); - nSubjFound = nNicknames + nSMime + + PR_fprintf(info.out, + "N1 == N3 + N4 + E%d + E%d + E%d + E%d + E%d - E%d - E%d - E%d\n", + NoNicknameOrSMimeForSubject, + WrongNicknameForSubject, + NoNicknameEntry, + WrongSMimeForSubject, + NoSMimeEntry, + NoSubjectForNickname, + NoSubjectForSMime, + NicknameAndSMimeEntries); + nSubjFound = nNicknames + nSMime + info.dbErrors[NoNicknameOrSMimeForSubject] + - info.dbErrors[WrongNicknameForSubject] + - info.dbErrors[NoNicknameEntry] + - info.dbErrors[WrongSMimeForSubject] + + info.dbErrors[WrongNicknameForSubject] + + info.dbErrors[NoNicknameEntry] + + info.dbErrors[WrongSMimeForSubject] + info.dbErrors[NoSMimeEntry] - - info.dbErrors[NoSubjectForNickname] - - info.dbErrors[NoSubjectForSMime] - - info.dbErrors[NicknameAndSMimeEntries]; + info.dbErrors[NoSubjectForNickname] - + info.dbErrors[NoSubjectForSMime] - + info.dbErrors[NicknameAndSMimeEntries]; c = (nSubjFound == nSubjects) ? '=' : '!'; - PR_fprintf(info.out, - "%2d %c= %2d + %2d + %2d + %2d + %2d + %2d + %2d - %2d - %2d - %2d\n", - nSubjects, c, nNicknames, nSMime, - info.dbErrors[NoNicknameOrSMimeForSubject], - info.dbErrors[WrongNicknameForSubject], - info.dbErrors[NoNicknameEntry], - info.dbErrors[WrongSMimeForSubject], - info.dbErrors[NoSMimeEntry], - info.dbErrors[NoSubjectForNickname], - info.dbErrors[NoSubjectForSMime], - info.dbErrors[NicknameAndSMimeEntries]); + PR_fprintf(info.out, + "%2d %c= %2d + %2d + %2d + %2d + %2d + %2d + %2d - %2d - %2d - %2d\n", + nSubjects, c, nNicknames, nSMime, + info.dbErrors[NoNicknameOrSMimeForSubject], + info.dbErrors[WrongNicknameForSubject], + info.dbErrors[NoNicknameEntry], + info.dbErrors[WrongSMimeForSubject], + info.dbErrors[NoSMimeEntry], + info.dbErrors[NoSubjectForNickname], + info.dbErrors[NoSubjectForSMime], + info.dbErrors[NicknameAndSMimeEntries]); PR_fprintf(info.out, "\n"); } @@ -1132,26 +1130,26 @@ enum { }; static secuCommandFlag dbck_commands[] = -{ - { /* cmd_Debug, */ 'D', PR_FALSE, 0, PR_FALSE }, - { /* cmd_LongUsage,*/ 'H', PR_FALSE, 0, PR_FALSE }, - { /* cmd_Recover, */ 'R', PR_FALSE, 0, PR_FALSE } -}; + { + { /* cmd_Debug, */ 'D', PR_FALSE, 0, PR_FALSE }, + { /* cmd_LongUsage,*/ 'H', PR_FALSE, 0, PR_FALSE }, + { /* cmd_Recover, */ 'R', PR_FALSE, 0, PR_FALSE } + }; static secuCommandFlag dbck_options[] = -{ - { /* opt_KeepAll, */ 'a', PR_FALSE, 0, PR_FALSE }, - { /* opt_CertDir, */ 'd', PR_TRUE, 0, PR_FALSE }, - { /* opt_Dumpfile, */ 'f', PR_TRUE, 0, PR_FALSE }, - { /* opt_InputDB, */ 'i', PR_TRUE, 0, PR_FALSE }, - { /* opt_OutputDB, */ 'o', PR_TRUE, 0, PR_FALSE }, - { /* opt_Mailfile, */ 'm', PR_FALSE, 0, PR_FALSE }, - { /* opt_Prompt, */ 'p', PR_FALSE, 0, PR_FALSE }, - { /* opt_KeepRedundant, */ 'r', PR_FALSE, 0, PR_FALSE }, - { /* opt_KeepNoSMimeProfile,*/ 's', PR_FALSE, 0, PR_FALSE }, - { /* opt_Verbose, */ 'v', PR_FALSE, 0, PR_FALSE }, - { /* opt_KeepExpired, */ 'x', PR_FALSE, 0, PR_FALSE } -}; + { + { /* opt_KeepAll, */ 'a', PR_FALSE, 0, PR_FALSE }, + { /* opt_CertDir, */ 'd', PR_TRUE, 0, PR_FALSE }, + { /* opt_Dumpfile, */ 'f', PR_TRUE, 0, PR_FALSE }, + { /* opt_InputDB, */ 'i', PR_TRUE, 0, PR_FALSE }, + { /* opt_OutputDB, */ 'o', PR_TRUE, 0, PR_FALSE }, + { /* opt_Mailfile, */ 'm', PR_FALSE, 0, PR_FALSE }, + { /* opt_Prompt, */ 'p', PR_FALSE, 0, PR_FALSE }, + { /* opt_KeepRedundant, */ 'r', PR_FALSE, 0, PR_FALSE }, + { /* opt_KeepNoSMimeProfile,*/ 's', PR_FALSE, 0, PR_FALSE }, + { /* opt_Verbose, */ 'v', PR_FALSE, 0, PR_FALSE }, + { /* opt_KeepExpired, */ 'x', PR_FALSE, 0, PR_FALSE } + }; #define CERT_DB_FMT "%s/cert%s.db" @@ -1164,36 +1162,35 @@ dbck_certdb_name_cb(void *arg, int dbVersion) char *dbname = NULL; switch (dbVersion) { - case 8: - dbver = "8"; - break; - case 7: - dbver = "7"; - break; - case 6: - dbver = "6"; - break; - case 5: - dbver = "5"; - break; - case 4: - default: - dbver = ""; - break; + case 8: + dbver = "8"; + break; + case 7: + dbver = "7"; + break; + case 6: + dbver = "6"; + break; + case 5: + dbver = "5"; + break; + case 4: + default: + dbver = ""; + break; } /* make sure we return something allocated with PORT_ so we have properly * matched frees at the end */ smpname = PR_smprintf(CERT_DB_FMT, configdir, dbver); if (smpname) { - dbname = PORT_Strdup(smpname); - PR_smprintf_free(smpname); + dbname = PORT_Strdup(smpname); + PR_smprintf_free(smpname); } return dbname; } - -int +int main(int argc, char **argv) { NSSLOWCERTCertDBHandle *certHandle; @@ -1201,12 +1198,12 @@ main(int argc, char **argv) PRFileDesc *mailfile = NULL; PRFileDesc *dumpfile = NULL; - char * pathname = 0; - char * fullname = 0; - char * newdbname = 0; + char *pathname = 0; + char *fullname = 0; + char *newdbname = 0; PRBool removeExpired, requireProfile, singleEntry; - SECStatus rv; + SECStatus rv; secuCommand dbck; dbck.numCommands = sizeof(dbck_commands) / sizeof(secuCommandFlag); @@ -1215,63 +1212,63 @@ main(int argc, char **argv) dbck.options = dbck_options; progName = strrchr(argv[0], '/'); - progName = progName ? progName+1 : argv[0]; + progName = progName ? progName + 1 : argv[0]; rv = SECU_ParseCommandLine(argc, argv, progName, &dbck); if (rv != SECSuccess) - Usage(progName); + Usage(progName); if (dbck.commands[cmd_LongUsage].activated) - LongUsage(progName); + LongUsage(progName); if (!dbck.commands[cmd_Debug].activated && !dbck.commands[cmd_Recover].activated) { - PR_fprintf(PR_STDERR, "Please specify -H, -D or -R.\n"); - Usage(progName); + PR_fprintf(PR_STDERR, "Please specify -H, -D or -R.\n"); + Usage(progName); } removeExpired = !(dbck.options[opt_KeepAll].activated || dbck.options[opt_KeepExpired].activated); requireProfile = !(dbck.options[opt_KeepAll].activated || - dbck.options[opt_KeepNoSMimeProfile].activated); + dbck.options[opt_KeepNoSMimeProfile].activated); singleEntry = !(dbck.options[opt_KeepAll].activated || dbck.options[opt_KeepRedundant].activated); if (dbck.options[opt_OutputDB].activated) { - newdbname = PL_strdup(dbck.options[opt_OutputDB].arg); + newdbname = PL_strdup(dbck.options[opt_OutputDB].arg); } else { - newdbname = PL_strdup("new_cert8.db"); + newdbname = PL_strdup("new_cert8.db"); } /* Create a generic graph of the database. */ if (dbck.options[opt_Mailfile].activated) { - mailfile = PR_Open("./mailfile", PR_RDWR | PR_CREATE_FILE, 00660); - if (!mailfile) { - fprintf(stderr, "Unable to create mailfile.\n"); - return -1; - } + mailfile = PR_Open("./mailfile", PR_RDWR | PR_CREATE_FILE, 00660); + if (!mailfile) { + fprintf(stderr, "Unable to create mailfile.\n"); + return -1; + } } /* Dump all debugging info while running. */ if (dbck.options[opt_Verbose].activated) { - if (dbck.options[opt_Dumpfile].activated) { - dumpfile = PR_Open(dbck.options[opt_Dumpfile].arg, - PR_RDWR | PR_CREATE_FILE, 00660); - if (!dumpfile) { - fprintf(stderr, "Unable to create dumpfile.\n"); - return -1; - } - } else { - dumpfile = PR_STDOUT; - } + if (dbck.options[opt_Dumpfile].activated) { + dumpfile = PR_Open(dbck.options[opt_Dumpfile].arg, + PR_RDWR | PR_CREATE_FILE, 00660); + if (!dumpfile) { + fprintf(stderr, "Unable to create dumpfile.\n"); + return -1; + } + } else { + dumpfile = PR_STDOUT; + } } /* Set the cert database directory. */ if (dbck.options[opt_CertDir].activated) { - SECU_ConfigDirectory(dbck.options[opt_CertDir].arg); + SECU_ConfigDirectory(dbck.options[opt_CertDir].arg); } pathname = SECU_ConfigDirectory(NULL); @@ -1279,75 +1276,75 @@ main(int argc, char **argv) PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); rv = NSS_NoDB_Init(pathname); if (rv != SECSuccess) { - fprintf(stderr, "NSS_NoDB_Init failed\n"); - return -1; + fprintf(stderr, "NSS_NoDB_Init failed\n"); + return -1; } certHandle = PORT_ZNew(NSSLOWCERTCertDBHandle); if (!certHandle) { - SECU_PrintError(progName, "unable to get database handle"); - return -1; + SECU_PrintError(progName, "unable to get database handle"); + return -1; } certHandle->ref = 1; #ifdef NOTYET /* Open the possibly corrupt database. */ if (dbck.options[opt_InputDB].activated) { - PRFileInfo fileInfo; - fullname = PR_smprintf("%s/%s", pathname, - dbck.options[opt_InputDB].arg); - if (PR_GetFileInfo(fullname, &fileInfo) != PR_SUCCESS) { - fprintf(stderr, "Unable to read file \"%s\".\n", fullname); - return -1; - } - rv = CERT_OpenCertDBFilename(certHandle, fullname, PR_TRUE); - } else + PRFileInfo fileInfo; + fullname = PR_smprintf("%s/%s", pathname, + dbck.options[opt_InputDB].arg); + if (PR_GetFileInfo(fullname, &fileInfo) != PR_SUCCESS) { + fprintf(stderr, "Unable to read file \"%s\".\n", fullname); + return -1; + } + rv = CERT_OpenCertDBFilename(certHandle, fullname, PR_TRUE); + } else #endif { - /* Use the default. */ +/* Use the default. */ #ifdef NOTYET - fullname = SECU_CertDBNameCallback(NULL, CERT_DB_FILE_VERSION); - if (PR_GetFileInfo(fullname, &fileInfo) != PR_SUCCESS) { - fprintf(stderr, "Unable to read file \"%s\".\n", fullname); - return -1; - } + fullname = SECU_CertDBNameCallback(NULL, CERT_DB_FILE_VERSION); + if (PR_GetFileInfo(fullname, &fileInfo) != PR_SUCCESS) { + fprintf(stderr, "Unable to read file \"%s\".\n", fullname); + return -1; + } #endif - rv = nsslowcert_OpenCertDB(certHandle, - PR_TRUE, /* readOnly */ - NULL, /* rdb appName */ - "", /* rdb prefix */ - dbck_certdb_name_cb, /* namecb */ - pathname, /* configDir */ - PR_FALSE); /* volatile */ + rv = nsslowcert_OpenCertDB(certHandle, + PR_TRUE, /* readOnly */ + NULL, /* rdb appName */ + "", /* rdb prefix */ + dbck_certdb_name_cb, /* namecb */ + pathname, /* configDir */ + PR_FALSE); /* volatile */ } if (rv) { - SECU_PrintError(progName, "unable to open cert database"); - return -1; + SECU_PrintError(progName, "unable to open cert database"); + return -1; } if (dbck.commands[cmd_Debug].activated) { - DBCK_DebugDB(certHandle, dumpfile, mailfile); - return 0; + DBCK_DebugDB(certHandle, dumpfile, mailfile); + return 0; } #ifdef DORECOVER if (dbck.commands[cmd_Recover].activated) { - DBCK_ReconstructDBFromCerts(certHandle, newdbname, - dumpfile, removeExpired, - requireProfile, singleEntry, - dbck.options[opt_Prompt].activated); - return 0; + DBCK_ReconstructDBFromCerts(certHandle, newdbname, + dumpfile, removeExpired, + requireProfile, singleEntry, + dbck.options[opt_Prompt].activated); + return 0; } #endif if (mailfile) - PR_Close(mailfile); + PR_Close(mailfile); if (dumpfile) - PR_Close(dumpfile); + PR_Close(dumpfile); if (certHandle) { - nsslowcert_ClosePermCertDB(certHandle); - PORT_Free(certHandle); + nsslowcert_ClosePermCertDB(certHandle); + PORT_Free(certHandle); } return -1; } |