tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

nssdefaults.c (6868B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 #ifdef _CRTDBG_MAP_ALLOC
      6 #include <stdlib.h>
      7 #include <crtdbg.h>
      8 #endif
      9 
     10 #include "nspr.h"
     11 #include "nss.h"
     12 #include "pk11func.h"
     13 #include "secutil.h"
     14 #include "secmod.h"
     15 #include "utilpars.h"
     16 
     17 static char *progName;
     18 
     19 #define ERR_USAGE 2
     20 #define ERR_UNKNOWN_DB_TYPE 3
     21 #define ERR_UNKNOWN_POLICY 4
     22 #define ERR_GET_POLICY_FAIL 5
     23 #define ERR_UNKNOWN_OPTION 6
     24 #define ERR_GET_OPTION_FAIL 7
     25 #define ERR_INIT_FAILED -1
     26 #define ERR_NO_COMMANDS_FOUND -2
     27 
     28 static void
     29 Usage()
     30 {
     31    PR_fprintf(PR_STDERR,
     32               "Usage:	 %s [-d certdir] [-P dbprefix] [--dbtype] [-p policy] [-o option] [--system-fips] [-x][-a]\n",
     33               progName);
     34    exit(ERR_USAGE);
     35 }
     36 
     37 enum {
     38    opt_CertDir = 0,
     39    opt_DBPrefix,
     40    opt_DBType,
     41    opt_Policy,
     42    opt_Option,
     43    opt_SystemFips,
     44    opt_Fips,
     45    opt_Hex,
     46    opt_All,
     47 };
     48 
     49 static secuCommandFlag nssdefault_options[] = {
     50    { /* opt_CertDir        */ 'd', PR_TRUE, 0, PR_FALSE },
     51    { /* opt_DBPrefix       */ 'P', PR_TRUE, 0, PR_FALSE },
     52    { /* opt_DBType         */ 'b', PR_FALSE, 0, PR_FALSE, "dbtype" },
     53    { /* opt_Policy         */ 'p', PR_TRUE, 0, PR_FALSE },
     54    { /* opt_Option         */ 'o', PR_TRUE, 0, PR_FALSE },
     55    { /* opt_SystemFips     */ 's', PR_FALSE, 0, PR_FALSE, "system-fips" },
     56    { /* opt_Fips           */ 'f', PR_FALSE, 0, PR_FALSE, "fips" },
     57    { /* opt_Hex            */ 'x', PR_FALSE, 0, PR_FALSE },
     58    { /* opt_All            */ 'a', PR_FALSE, 0, PR_FALSE },
     59 };
     60 
     61 void
     62 dump_Raw(char *label, CK_ATTRIBUTE *attr)
     63 {
     64    int i;
     65    unsigned char *value = (unsigned char *)attr->pValue;
     66    printf("0x");
     67    for (i = 0; i < attr->ulValueLen; i++) {
     68        printf("%02x", value[i]);
     69    }
     70    printf("<%s>\n", label);
     71 }
     72 
     73 char *DBTypeName[] = { "None", "sql", "extern", "dbm", "multiaccess" };
     74 
     75 int
     76 print_DBType(NSSDBType dbType, PRBool phex)
     77 {
     78    printf("Default DBType: ");
     79    if (phex) {
     80        printf("0x%x\n", dbType);
     81        return 0;
     82    }
     83    if (dbType >= PR_ARRAY_SIZE(DBTypeName)) {
     84        printf("unknown(%d)\n", dbType);
     85        return ERR_UNKNOWN_DB_TYPE;
     86    }
     87    printf("%s\n", DBTypeName[dbType]);
     88    return 0;
     89 }
     90 
     91 int
     92 print_Bool(const char *label, PRBool val, PRBool phex)
     93 {
     94    if (phex) {
     95        printf("%s0x%x\n", label, val);
     96        return 0;
     97    }
     98    printf("%s%s\n", label, val ? "true" : "false");
     99    return 0;
    100 }
    101 
    102 int
    103 print_Policy(const char *policy, PRBool phex, PRBool all)
    104 {
    105    SECOidTag oid = SECMOD_PolicyStringToOid(policy, "any");
    106    PRUint32 flags;
    107    const char *comma = "";
    108    int i;
    109    SECStatus rv;
    110 
    111    printf("Policy %s: ", policy);
    112    if (oid == SEC_OID_UNKNOWN) {
    113        printf("unknown policy\n");
    114        return ERR_UNKNOWN_POLICY;
    115    }
    116    rv = NSS_GetAlgorithmPolicy(oid, &flags);
    117    if (rv != SECSuccess) {
    118        SECU_PrintPRandOSError("policy failed");
    119        return ERR_GET_POLICY_FAIL;
    120    }
    121    if (phex) {
    122        printf("0x%04x\n", flags);
    123        return 0;
    124    }
    125    if (flags == 0) {
    126        printf("none\n");
    127        return 0;
    128    }
    129    for (i = 0; i < sizeof(flags) * PR_BITS_PER_BYTE; i++) {
    130        PRUint32 flag = (1 << i);
    131        const char *value;
    132        if ((flags & flag) == 0) {
    133            continue;
    134        }
    135        value = SECMOD_FlagsToPolicyString(flag, PR_TRUE);
    136        if (value != NULL) {
    137            printf("%s%s", comma, value);
    138            comma = ",";
    139            continue;
    140        }
    141        if (all) {
    142            printf("%sUnused(%04x)", comma, flag);
    143            comma = ",";
    144            continue;
    145        }
    146    }
    147    printf("\n");
    148    return 0;
    149 }
    150 
    151 int
    152 print_Option(const char *optionString, PRBool phex)
    153 {
    154    PRInt32 option = SECMOD_PolicyStringToOpt(optionString);
    155    PRInt32 value;
    156    SECStatus rv;
    157 
    158    printf("Option %s: ", optionString);
    159    if (option == 0) {
    160        printf("unknown option\n");
    161        return ERR_UNKNOWN_OPTION;
    162    }
    163 
    164    rv = NSS_OptionGet(option, &value);
    165    if (rv != SECSuccess) {
    166        SECU_PrintPRandOSError("get option failed");
    167        return ERR_GET_OPTION_FAIL;
    168    }
    169    if (phex) {
    170        printf("0x%04x\n", value);
    171    } else {
    172        printf("%d\n", value);
    173    }
    174    return 0;
    175 }
    176 
    177 int
    178 main(int argc, char **argv)
    179 {
    180    char *dbprefix = "";
    181    char *nssdir = NULL;
    182    SECStatus rv;
    183    secuCommand nssdefault;
    184    int local_errno = ERR_NO_COMMANDS_FOUND;
    185    PRBool phex, all;
    186 
    187    nssdefault.numCommands = 0;
    188    nssdefault.commands = 0;
    189    nssdefault.numOptions = PR_ARRAY_SIZE(nssdefault_options);
    190    nssdefault.options = nssdefault_options;
    191 
    192 #ifdef _CRTDBG_MAP_ALLOC
    193    _CrtSetDbgFlag(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_LEAK_CHECK_DF);
    194 #endif
    195 
    196    progName = strrchr(argv[0], '/');
    197    progName = progName ? progName + 1 : argv[0];
    198 
    199    rv = SECU_ParseCommandLine(argc, argv, progName, &nssdefault);
    200 
    201    if (rv != SECSuccess) {
    202        Usage();
    203    }
    204 
    205    phex = nssdefault.options[opt_Hex].activated;
    206    all = nssdefault.options[opt_All].activated;
    207 
    208    if (nssdefault.options[opt_CertDir].activated) {
    209        nssdir = nssdefault.options[opt_CertDir].arg;
    210    }
    211    if (nssdefault.options[opt_DBPrefix].activated) {
    212        dbprefix = nssdefault.options[opt_DBPrefix].arg;
    213    }
    214 
    215    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
    216    if (nssdir == NULL) {
    217        rv = NSS_NoDB_Init("");
    218    } else {
    219        rv = NSS_Initialize(nssdir, dbprefix, dbprefix, "secmod.db", 0);
    220    }
    221    if (rv != SECSuccess) {
    222        SECU_PrintPRandOSError(progName);
    223        local_errno = ERR_INIT_FAILED;
    224        goto done;
    225    }
    226    /* prints the default db type */
    227    if (nssdefault.options[opt_DBType].activated) {
    228        char *appName = NULL;
    229        NSSDBType dbType = NSS_DB_TYPE_NONE;
    230        _NSSUTIL_EvaluateConfigDir(nssdir, &dbType, &appName);
    231        if (appName) {
    232            PORT_Free(appName);
    233        }
    234        local_errno = print_DBType(dbType, phex);
    235    }
    236    if (nssdefault.options[opt_SystemFips].activated) {
    237        local_errno = print_Bool("System FIPS: ", NSS_GetSystemFIPSEnabled(),
    238                                 phex);
    239    }
    240    if (nssdefault.options[opt_Fips].activated) {
    241        local_errno = print_Bool("FIPS: ", PK11_IsFIPS(), phex);
    242    }
    243    if (nssdefault.options[opt_Policy].activated) {
    244        local_errno = print_Policy(nssdefault.options[opt_Policy].arg,
    245                                   phex, all);
    246    }
    247    if (nssdefault.options[opt_Option].activated) {
    248        local_errno = print_Option(nssdefault.options[opt_Option].arg, phex);
    249    }
    250    if (local_errno == ERR_NO_COMMANDS_FOUND) {
    251        printf("no data request made\n");
    252    }
    253 
    254 done:
    255    if (NSS_Shutdown() != SECSuccess) {
    256        local_errno = 1;
    257    }
    258    PL_ArenaFinish();
    259    PR_Cleanup();
    260    return local_errno;
    261 }