1 | /*
|
---|
2 | * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
|
---|
3 | *
|
---|
4 | * Licensed under the OpenSSL license (the "License"). You may not use
|
---|
5 | * this file except in compliance with the License. You can obtain a copy
|
---|
6 | * in the file LICENSE in the source distribution or at
|
---|
7 | * https://www.openssl.org/source/license.html
|
---|
8 | */
|
---|
9 |
|
---|
10 | #include <openssl/opensslconf.h>
|
---|
11 | #ifdef OPENSSL_NO_SRP
|
---|
12 | NON_EMPTY_TRANSLATION_UNIT
|
---|
13 | #else
|
---|
14 |
|
---|
15 | # include <stdio.h>
|
---|
16 | # include <stdlib.h>
|
---|
17 | # include <string.h>
|
---|
18 | # include <openssl/conf.h>
|
---|
19 | # include <openssl/bio.h>
|
---|
20 | # include <openssl/err.h>
|
---|
21 | # include <openssl/txt_db.h>
|
---|
22 | # include <openssl/buffer.h>
|
---|
23 | # include <openssl/srp.h>
|
---|
24 | # include "apps.h"
|
---|
25 |
|
---|
26 | # define BASE_SECTION "srp"
|
---|
27 | # define CONFIG_FILE "openssl.cnf"
|
---|
28 |
|
---|
29 | # define ENV_RANDFILE "RANDFILE"
|
---|
30 |
|
---|
31 | # define ENV_DATABASE "srpvfile"
|
---|
32 | # define ENV_DEFAULT_SRP "default_srp"
|
---|
33 |
|
---|
34 | static int get_index(CA_DB *db, char *id, char type)
|
---|
35 | {
|
---|
36 | char **pp;
|
---|
37 | int i;
|
---|
38 | if (id == NULL)
|
---|
39 | return -1;
|
---|
40 | if (type == DB_SRP_INDEX)
|
---|
41 | for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
|
---|
42 | pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
|
---|
43 | if (pp[DB_srptype][0] == DB_SRP_INDEX
|
---|
44 | && strcmp(id, pp[DB_srpid]) == 0)
|
---|
45 | return i;
|
---|
46 | } else
|
---|
47 | for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
|
---|
48 | pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
|
---|
49 |
|
---|
50 | if (pp[DB_srptype][0] != DB_SRP_INDEX
|
---|
51 | && strcmp(id, pp[DB_srpid]) == 0)
|
---|
52 | return i;
|
---|
53 | }
|
---|
54 |
|
---|
55 | return -1;
|
---|
56 | }
|
---|
57 |
|
---|
58 | static void print_entry(CA_DB *db, int indx, int verbose, char *s)
|
---|
59 | {
|
---|
60 | if (indx >= 0 && verbose) {
|
---|
61 | int j;
|
---|
62 | char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
|
---|
63 | BIO_printf(bio_err, "%s \"%s\"\n", s, pp[DB_srpid]);
|
---|
64 | for (j = 0; j < DB_NUMBER; j++) {
|
---|
65 | BIO_printf(bio_err, " %d = \"%s\"\n", j, pp[j]);
|
---|
66 | }
|
---|
67 | }
|
---|
68 | }
|
---|
69 |
|
---|
70 | static void print_index(CA_DB *db, int indexindex, int verbose)
|
---|
71 | {
|
---|
72 | print_entry(db, indexindex, verbose, "g N entry");
|
---|
73 | }
|
---|
74 |
|
---|
75 | static void print_user(CA_DB *db, int userindex, int verbose)
|
---|
76 | {
|
---|
77 | if (verbose > 0) {
|
---|
78 | char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
|
---|
79 |
|
---|
80 | if (pp[DB_srptype][0] != 'I') {
|
---|
81 | print_entry(db, userindex, verbose, "User entry");
|
---|
82 | print_entry(db, get_index(db, pp[DB_srpgN], 'I'), verbose,
|
---|
83 | "g N entry");
|
---|
84 | }
|
---|
85 |
|
---|
86 | }
|
---|
87 | }
|
---|
88 |
|
---|
89 | static int update_index(CA_DB *db, char **row)
|
---|
90 | {
|
---|
91 | char **irow;
|
---|
92 | int i;
|
---|
93 |
|
---|
94 | irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row pointers");
|
---|
95 | for (i = 0; i < DB_NUMBER; i++) {
|
---|
96 | irow[i] = row[i];
|
---|
97 | row[i] = NULL;
|
---|
98 | }
|
---|
99 | irow[DB_NUMBER] = NULL;
|
---|
100 |
|
---|
101 | if (!TXT_DB_insert(db->db, irow)) {
|
---|
102 | BIO_printf(bio_err, "failed to update srpvfile\n");
|
---|
103 | BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
|
---|
104 | OPENSSL_free(irow);
|
---|
105 | return 0;
|
---|
106 | }
|
---|
107 | return 1;
|
---|
108 | }
|
---|
109 |
|
---|
110 | static char *lookup_conf(const CONF *conf, const char *section, const char *tag)
|
---|
111 | {
|
---|
112 | char *entry = NCONF_get_string(conf, section, tag);
|
---|
113 | if (entry == NULL)
|
---|
114 | BIO_printf(bio_err, "variable lookup failed for %s::%s\n", section, tag);
|
---|
115 | return entry;
|
---|
116 | }
|
---|
117 |
|
---|
118 | static char *srp_verify_user(const char *user, const char *srp_verifier,
|
---|
119 | char *srp_usersalt, const char *g, const char *N,
|
---|
120 | const char *passin, int verbose)
|
---|
121 | {
|
---|
122 | char password[1024];
|
---|
123 | PW_CB_DATA cb_tmp;
|
---|
124 | char *verifier = NULL;
|
---|
125 | char *gNid = NULL;
|
---|
126 |
|
---|
127 | cb_tmp.prompt_info = user;
|
---|
128 | cb_tmp.password = passin;
|
---|
129 |
|
---|
130 | if (password_callback(password, sizeof(password), 0, &cb_tmp) > 0) {
|
---|
131 | if (verbose)
|
---|
132 | BIO_printf(bio_err,
|
---|
133 | "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
|
---|
134 | user, srp_verifier, srp_usersalt, g, N);
|
---|
135 | BIO_printf(bio_err, "Pass %s\n", password);
|
---|
136 |
|
---|
137 | OPENSSL_assert(srp_usersalt != NULL);
|
---|
138 | if (!
|
---|
139 | (gNid =
|
---|
140 | SRP_create_verifier(user, password, &srp_usersalt, &verifier, N,
|
---|
141 | g))) {
|
---|
142 | BIO_printf(bio_err, "Internal error validating SRP verifier\n");
|
---|
143 | } else {
|
---|
144 | if (strcmp(verifier, srp_verifier))
|
---|
145 | gNid = NULL;
|
---|
146 | OPENSSL_free(verifier);
|
---|
147 | }
|
---|
148 | }
|
---|
149 | return gNid;
|
---|
150 | }
|
---|
151 |
|
---|
152 | static char *srp_create_user(char *user, char **srp_verifier,
|
---|
153 | char **srp_usersalt, char *g, char *N,
|
---|
154 | char *passout, int verbose)
|
---|
155 | {
|
---|
156 | char password[1024];
|
---|
157 | PW_CB_DATA cb_tmp;
|
---|
158 | char *gNid = NULL;
|
---|
159 | char *salt = NULL;
|
---|
160 | cb_tmp.prompt_info = user;
|
---|
161 | cb_tmp.password = passout;
|
---|
162 |
|
---|
163 | if (password_callback(password, sizeof(password), 1, &cb_tmp) > 0) {
|
---|
164 | if (verbose)
|
---|
165 | BIO_printf(bio_err, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
|
---|
166 | user, g, N);
|
---|
167 | if (!
|
---|
168 | (gNid =
|
---|
169 | SRP_create_verifier(user, password, &salt, srp_verifier, N,
|
---|
170 | g))) {
|
---|
171 | BIO_printf(bio_err, "Internal error creating SRP verifier\n");
|
---|
172 | } else
|
---|
173 | *srp_usersalt = salt;
|
---|
174 | if (verbose > 1)
|
---|
175 | BIO_printf(bio_err, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid,
|
---|
176 | salt, *srp_verifier);
|
---|
177 |
|
---|
178 | }
|
---|
179 | return gNid;
|
---|
180 | }
|
---|
181 |
|
---|
182 | typedef enum OPTION_choice {
|
---|
183 | OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
---|
184 | OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SRPVFILE, OPT_ADD,
|
---|
185 | OPT_DELETE, OPT_MODIFY, OPT_LIST, OPT_GN, OPT_USERINFO,
|
---|
186 | OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE
|
---|
187 | } OPTION_CHOICE;
|
---|
188 |
|
---|
189 | OPTIONS srp_options[] = {
|
---|
190 | {"help", OPT_HELP, '-', "Display this summary"},
|
---|
191 | {"verbose", OPT_VERBOSE, '-', "Talk a lot while doing things"},
|
---|
192 | {"config", OPT_CONFIG, '<', "A config file"},
|
---|
193 | {"name", OPT_NAME, 's', "The particular srp definition to use"},
|
---|
194 | {"srpvfile", OPT_SRPVFILE, '<', "The srp verifier file name"},
|
---|
195 | {"add", OPT_ADD, '-', "Add a user and srp verifier"},
|
---|
196 | {"modify", OPT_MODIFY, '-',
|
---|
197 | "Modify the srp verifier of an existing user"},
|
---|
198 | {"delete", OPT_DELETE, '-', "Delete user from verifier file"},
|
---|
199 | {"list", OPT_LIST, '-', "List users"},
|
---|
200 | {"gn", OPT_GN, 's', "Set g and N values to be used for new verifier"},
|
---|
201 | {"userinfo", OPT_USERINFO, 's', "Additional info to be set for user"},
|
---|
202 | {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
|
---|
203 | {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
|
---|
204 | # ifndef OPENSSL_NO_ENGINE
|
---|
205 | {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
---|
206 | # endif
|
---|
207 | {NULL}
|
---|
208 | };
|
---|
209 |
|
---|
210 | int srp_main(int argc, char **argv)
|
---|
211 | {
|
---|
212 | ENGINE *e = NULL;
|
---|
213 | CA_DB *db = NULL;
|
---|
214 | CONF *conf = NULL;
|
---|
215 | int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = 0, i;
|
---|
216 | int doupdatedb = 0, mode = OPT_ERR;
|
---|
217 | char *user = NULL, *passinarg = NULL, *passoutarg = NULL;
|
---|
218 | char *passin = NULL, *passout = NULL, *gN = NULL, *userinfo = NULL;
|
---|
219 | char *randfile = NULL, *section = NULL;
|
---|
220 | char **gNrow = NULL, *configfile = NULL;
|
---|
221 | char *srpvfile = NULL, **pp, *prog;
|
---|
222 | OPTION_CHOICE o;
|
---|
223 |
|
---|
224 | prog = opt_init(argc, argv, srp_options);
|
---|
225 | while ((o = opt_next()) != OPT_EOF) {
|
---|
226 | switch (o) {
|
---|
227 | case OPT_EOF:
|
---|
228 | case OPT_ERR:
|
---|
229 | opthelp:
|
---|
230 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
---|
231 | goto end;
|
---|
232 | case OPT_HELP:
|
---|
233 | opt_help(srp_options);
|
---|
234 | ret = 0;
|
---|
235 | goto end;
|
---|
236 | case OPT_VERBOSE:
|
---|
237 | verbose++;
|
---|
238 | break;
|
---|
239 | case OPT_CONFIG:
|
---|
240 | configfile = opt_arg();
|
---|
241 | break;
|
---|
242 | case OPT_NAME:
|
---|
243 | section = opt_arg();
|
---|
244 | break;
|
---|
245 | case OPT_SRPVFILE:
|
---|
246 | srpvfile = opt_arg();
|
---|
247 | break;
|
---|
248 | case OPT_ADD:
|
---|
249 | case OPT_DELETE:
|
---|
250 | case OPT_MODIFY:
|
---|
251 | case OPT_LIST:
|
---|
252 | if (mode != OPT_ERR) {
|
---|
253 | BIO_printf(bio_err,
|
---|
254 | "%s: Only one of -add/delete-modify/-list\n",
|
---|
255 | prog);
|
---|
256 | goto opthelp;
|
---|
257 | }
|
---|
258 | mode = o;
|
---|
259 | break;
|
---|
260 | case OPT_GN:
|
---|
261 | gN = opt_arg();
|
---|
262 | break;
|
---|
263 | case OPT_USERINFO:
|
---|
264 | userinfo = opt_arg();
|
---|
265 | break;
|
---|
266 | case OPT_PASSIN:
|
---|
267 | passinarg = opt_arg();
|
---|
268 | break;
|
---|
269 | case OPT_PASSOUT:
|
---|
270 | passoutarg = opt_arg();
|
---|
271 | break;
|
---|
272 | case OPT_ENGINE:
|
---|
273 | e = setup_engine(opt_arg(), 0);
|
---|
274 | break;
|
---|
275 | }
|
---|
276 | }
|
---|
277 | argc = opt_num_rest();
|
---|
278 | argv = opt_rest();
|
---|
279 |
|
---|
280 | if (srpvfile && configfile) {
|
---|
281 | BIO_printf(bio_err,
|
---|
282 | "-srpvfile and -configfile cannot be specified together.\n");
|
---|
283 | goto end;
|
---|
284 | }
|
---|
285 | if (mode == OPT_ERR) {
|
---|
286 | BIO_printf(bio_err,
|
---|
287 | "Exactly one of the options -add, -delete, -modify -list must be specified.\n");
|
---|
288 | goto opthelp;
|
---|
289 | }
|
---|
290 | if ((mode == OPT_DELETE || mode == OPT_MODIFY || mode == OPT_ADD)
|
---|
291 | && argc < 1) {
|
---|
292 | BIO_printf(bio_err,
|
---|
293 | "Need at least one user for options -add, -delete, -modify. \n");
|
---|
294 | goto opthelp;
|
---|
295 | }
|
---|
296 | if ((passin || passout) && argc != 1) {
|
---|
297 | BIO_printf(bio_err,
|
---|
298 | "-passin, -passout arguments only valid with one user.\n");
|
---|
299 | goto opthelp;
|
---|
300 | }
|
---|
301 |
|
---|
302 | if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
|
---|
303 | BIO_printf(bio_err, "Error getting passwords\n");
|
---|
304 | goto end;
|
---|
305 | }
|
---|
306 |
|
---|
307 | if (!srpvfile) {
|
---|
308 | if (!configfile)
|
---|
309 | configfile = default_config_file;
|
---|
310 |
|
---|
311 | if (verbose)
|
---|
312 | BIO_printf(bio_err, "Using configuration from %s\n",
|
---|
313 | configfile);
|
---|
314 | conf = app_load_config(configfile);
|
---|
315 | if (conf == NULL)
|
---|
316 | goto end;
|
---|
317 | if (configfile != default_config_file && !app_load_modules(conf))
|
---|
318 | goto end;
|
---|
319 |
|
---|
320 | /* Lets get the config section we are using */
|
---|
321 | if (section == NULL) {
|
---|
322 | if (verbose)
|
---|
323 | BIO_printf(bio_err,
|
---|
324 | "trying to read " ENV_DEFAULT_SRP
|
---|
325 | " in " BASE_SECTION "\n");
|
---|
326 |
|
---|
327 | section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_SRP);
|
---|
328 | if (section == NULL)
|
---|
329 | goto end;
|
---|
330 | }
|
---|
331 |
|
---|
332 | if (randfile == NULL)
|
---|
333 | randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
|
---|
334 |
|
---|
335 | if (verbose)
|
---|
336 | BIO_printf(bio_err,
|
---|
337 | "trying to read " ENV_DATABASE " in section \"%s\"\n",
|
---|
338 | section);
|
---|
339 |
|
---|
340 | srpvfile = lookup_conf(conf, section, ENV_DATABASE);
|
---|
341 | if (srpvfile == NULL)
|
---|
342 | goto end;
|
---|
343 | }
|
---|
344 | if (randfile == NULL)
|
---|
345 | ERR_clear_error();
|
---|
346 | else
|
---|
347 | app_RAND_load_file(randfile, 0);
|
---|
348 |
|
---|
349 | if (verbose)
|
---|
350 | BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
|
---|
351 | srpvfile);
|
---|
352 |
|
---|
353 | db = load_index(srpvfile, NULL);
|
---|
354 | if (db == NULL)
|
---|
355 | goto end;
|
---|
356 |
|
---|
357 | /* Lets check some fields */
|
---|
358 | for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
|
---|
359 | pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
|
---|
360 |
|
---|
361 | if (pp[DB_srptype][0] == DB_SRP_INDEX) {
|
---|
362 | maxgN = i;
|
---|
363 | if ((gNindex < 0) && (gN != NULL) && strcmp(gN, pp[DB_srpid]) == 0)
|
---|
364 | gNindex = i;
|
---|
365 |
|
---|
366 | print_index(db, i, verbose > 1);
|
---|
367 | }
|
---|
368 | }
|
---|
369 |
|
---|
370 | if (verbose)
|
---|
371 | BIO_printf(bio_err, "Database initialised\n");
|
---|
372 |
|
---|
373 | if (gNindex >= 0) {
|
---|
374 | gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
|
---|
375 | print_entry(db, gNindex, verbose > 1, "Default g and N");
|
---|
376 | } else if (maxgN > 0 && !SRP_get_default_gN(gN)) {
|
---|
377 | BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
|
---|
378 | goto end;
|
---|
379 | } else {
|
---|
380 | if (verbose)
|
---|
381 | BIO_printf(bio_err, "Database has no g N information.\n");
|
---|
382 | gNrow = NULL;
|
---|
383 | }
|
---|
384 |
|
---|
385 | if (verbose > 1)
|
---|
386 | BIO_printf(bio_err, "Starting user processing\n");
|
---|
387 |
|
---|
388 | if (argc > 0)
|
---|
389 | user = *(argv++);
|
---|
390 |
|
---|
391 | while (mode == OPT_LIST || user) {
|
---|
392 | int userindex = -1;
|
---|
393 |
|
---|
394 | if (user != NULL && verbose > 1)
|
---|
395 | BIO_printf(bio_err, "Processing user \"%s\"\n", user);
|
---|
396 | if ((userindex = get_index(db, user, 'U')) >= 0) {
|
---|
397 | print_user(db, userindex, (verbose > 0) || mode == OPT_LIST);
|
---|
398 | }
|
---|
399 |
|
---|
400 | if (mode == OPT_LIST) {
|
---|
401 | if (user == NULL) {
|
---|
402 | BIO_printf(bio_err, "List all users\n");
|
---|
403 |
|
---|
404 | for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
|
---|
405 | print_user(db, i, 1);
|
---|
406 | }
|
---|
407 | } else if (userindex < 0) {
|
---|
408 | BIO_printf(bio_err,
|
---|
409 | "user \"%s\" does not exist, ignored. t\n", user);
|
---|
410 | errors++;
|
---|
411 | }
|
---|
412 | } else if (mode == OPT_ADD) {
|
---|
413 | if (userindex >= 0) {
|
---|
414 | /* reactivation of a new user */
|
---|
415 | char **row =
|
---|
416 | sk_OPENSSL_PSTRING_value(db->db->data, userindex);
|
---|
417 | BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
|
---|
418 | row[DB_srptype][0] = 'V';
|
---|
419 |
|
---|
420 | doupdatedb = 1;
|
---|
421 | } else {
|
---|
422 | char *row[DB_NUMBER];
|
---|
423 | char *gNid;
|
---|
424 | row[DB_srpverifier] = NULL;
|
---|
425 | row[DB_srpsalt] = NULL;
|
---|
426 | row[DB_srpinfo] = NULL;
|
---|
427 | if (!
|
---|
428 | (gNid =
|
---|
429 | srp_create_user(user, &(row[DB_srpverifier]),
|
---|
430 | &(row[DB_srpsalt]),
|
---|
431 | gNrow ? gNrow[DB_srpsalt] : gN,
|
---|
432 | gNrow ? gNrow[DB_srpverifier] : NULL,
|
---|
433 | passout, verbose))) {
|
---|
434 | BIO_printf(bio_err,
|
---|
435 | "Cannot create srp verifier for user \"%s\", operation abandoned .\n",
|
---|
436 | user);
|
---|
437 | errors++;
|
---|
438 | goto end;
|
---|
439 | }
|
---|
440 | row[DB_srpid] = OPENSSL_strdup(user);
|
---|
441 | row[DB_srptype] = OPENSSL_strdup("v");
|
---|
442 | row[DB_srpgN] = OPENSSL_strdup(gNid);
|
---|
443 |
|
---|
444 | if ((row[DB_srpid] == NULL)
|
---|
445 | || (row[DB_srpgN] == NULL)
|
---|
446 | || (row[DB_srptype] == NULL)
|
---|
447 | || (row[DB_srpverifier] == NULL)
|
---|
448 | || (row[DB_srpsalt] == NULL)
|
---|
449 | || (userinfo
|
---|
450 | && ((row[DB_srpinfo] = OPENSSL_strdup(userinfo)) == NULL))
|
---|
451 | || !update_index(db, row)) {
|
---|
452 | OPENSSL_free(row[DB_srpid]);
|
---|
453 | OPENSSL_free(row[DB_srpgN]);
|
---|
454 | OPENSSL_free(row[DB_srpinfo]);
|
---|
455 | OPENSSL_free(row[DB_srptype]);
|
---|
456 | OPENSSL_free(row[DB_srpverifier]);
|
---|
457 | OPENSSL_free(row[DB_srpsalt]);
|
---|
458 | goto end;
|
---|
459 | }
|
---|
460 | doupdatedb = 1;
|
---|
461 | }
|
---|
462 | } else if (mode == OPT_MODIFY) {
|
---|
463 | if (userindex < 0) {
|
---|
464 | BIO_printf(bio_err,
|
---|
465 | "user \"%s\" does not exist, operation ignored.\n",
|
---|
466 | user);
|
---|
467 | errors++;
|
---|
468 | } else {
|
---|
469 |
|
---|
470 | char **row =
|
---|
471 | sk_OPENSSL_PSTRING_value(db->db->data, userindex);
|
---|
472 | char type = row[DB_srptype][0];
|
---|
473 | if (type == 'v') {
|
---|
474 | BIO_printf(bio_err,
|
---|
475 | "user \"%s\" already updated, operation ignored.\n",
|
---|
476 | user);
|
---|
477 | errors++;
|
---|
478 | } else {
|
---|
479 | char *gNid;
|
---|
480 |
|
---|
481 | if (row[DB_srptype][0] == 'V') {
|
---|
482 | int user_gN;
|
---|
483 | char **irow = NULL;
|
---|
484 | if (verbose)
|
---|
485 | BIO_printf(bio_err,
|
---|
486 | "Verifying password for user \"%s\"\n",
|
---|
487 | user);
|
---|
488 | if ((user_gN =
|
---|
489 | get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
|
---|
490 | irow =
|
---|
491 | sk_OPENSSL_PSTRING_value(db->db->data,
|
---|
492 | userindex);
|
---|
493 |
|
---|
494 | if (!srp_verify_user
|
---|
495 | (user, row[DB_srpverifier], row[DB_srpsalt],
|
---|
496 | irow ? irow[DB_srpsalt] : row[DB_srpgN],
|
---|
497 | irow ? irow[DB_srpverifier] : NULL, passin,
|
---|
498 | verbose)) {
|
---|
499 | BIO_printf(bio_err,
|
---|
500 | "Invalid password for user \"%s\", operation abandoned.\n",
|
---|
501 | user);
|
---|
502 | errors++;
|
---|
503 | goto end;
|
---|
504 | }
|
---|
505 | }
|
---|
506 | if (verbose)
|
---|
507 | BIO_printf(bio_err, "Password for user \"%s\" ok.\n",
|
---|
508 | user);
|
---|
509 |
|
---|
510 | if (!
|
---|
511 | (gNid =
|
---|
512 | srp_create_user(user, &(row[DB_srpverifier]),
|
---|
513 | &(row[DB_srpsalt]),
|
---|
514 | gNrow ? gNrow[DB_srpsalt] : NULL,
|
---|
515 | gNrow ? gNrow[DB_srpverifier] : NULL,
|
---|
516 | passout, verbose))) {
|
---|
517 | BIO_printf(bio_err,
|
---|
518 | "Cannot create srp verifier for user \"%s\", operation abandoned.\n",
|
---|
519 | user);
|
---|
520 | errors++;
|
---|
521 | goto end;
|
---|
522 | }
|
---|
523 |
|
---|
524 | row[DB_srptype][0] = 'v';
|
---|
525 | row[DB_srpgN] = OPENSSL_strdup(gNid);
|
---|
526 |
|
---|
527 | if (row[DB_srpid] == NULL
|
---|
528 | || row[DB_srpgN] == NULL
|
---|
529 | || row[DB_srptype] == NULL
|
---|
530 | || row[DB_srpverifier] == NULL
|
---|
531 | || row[DB_srpsalt] == NULL
|
---|
532 | || (userinfo
|
---|
533 | && ((row[DB_srpinfo] = OPENSSL_strdup(userinfo))
|
---|
534 | == NULL)))
|
---|
535 | goto end;
|
---|
536 |
|
---|
537 | doupdatedb = 1;
|
---|
538 | }
|
---|
539 | }
|
---|
540 | } else if (mode == OPT_DELETE) {
|
---|
541 | if (userindex < 0) {
|
---|
542 | BIO_printf(bio_err,
|
---|
543 | "user \"%s\" does not exist, operation ignored. t\n",
|
---|
544 | user);
|
---|
545 | errors++;
|
---|
546 | } else {
|
---|
547 | char **xpp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
|
---|
548 |
|
---|
549 | BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
|
---|
550 | xpp[DB_srptype][0] = 'R';
|
---|
551 | doupdatedb = 1;
|
---|
552 | }
|
---|
553 | }
|
---|
554 | if (--argc > 0)
|
---|
555 | user = *(argv++);
|
---|
556 | else {
|
---|
557 | user = NULL;
|
---|
558 | }
|
---|
559 | }
|
---|
560 |
|
---|
561 | if (verbose)
|
---|
562 | BIO_printf(bio_err, "User procession done.\n");
|
---|
563 |
|
---|
564 | if (doupdatedb) {
|
---|
565 | /* Lets check some fields */
|
---|
566 | for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
|
---|
567 | pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
|
---|
568 |
|
---|
569 | if (pp[DB_srptype][0] == 'v') {
|
---|
570 | pp[DB_srptype][0] = 'V';
|
---|
571 | print_user(db, i, verbose);
|
---|
572 | }
|
---|
573 | }
|
---|
574 |
|
---|
575 | if (verbose)
|
---|
576 | BIO_printf(bio_err, "Trying to update srpvfile.\n");
|
---|
577 | if (!save_index(srpvfile, "new", db))
|
---|
578 | goto end;
|
---|
579 |
|
---|
580 | if (verbose)
|
---|
581 | BIO_printf(bio_err, "Temporary srpvfile created.\n");
|
---|
582 | if (!rotate_index(srpvfile, "new", "old"))
|
---|
583 | goto end;
|
---|
584 |
|
---|
585 | if (verbose)
|
---|
586 | BIO_printf(bio_err, "srpvfile updated.\n");
|
---|
587 | }
|
---|
588 |
|
---|
589 | ret = (errors != 0);
|
---|
590 | end:
|
---|
591 | if (errors != 0)
|
---|
592 | if (verbose)
|
---|
593 | BIO_printf(bio_err, "User errors %d.\n", errors);
|
---|
594 |
|
---|
595 | if (verbose)
|
---|
596 | BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
|
---|
597 |
|
---|
598 | OPENSSL_free(passin);
|
---|
599 | OPENSSL_free(passout);
|
---|
600 | if (ret)
|
---|
601 | ERR_print_errors(bio_err);
|
---|
602 | if (randfile)
|
---|
603 | app_RAND_write_file(randfile);
|
---|
604 | NCONF_free(conf);
|
---|
605 | free_index(db);
|
---|
606 | release_engine(e);
|
---|
607 | return (ret);
|
---|
608 | }
|
---|
609 | #endif
|
---|