16f9291ceSJung-uk Kim /*
2*b077aed3SPierre Pronchery * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
3e71b7053SJung-uk Kim * Copyright (c) 2004, EdelKey Project. All Rights Reserved.
4e71b7053SJung-uk Kim *
5*b077aed3SPierre Pronchery * Licensed under the Apache License 2.0 (the "License"). You may not use
6e71b7053SJung-uk Kim * this file except in compliance with the License. You can obtain a copy
7e71b7053SJung-uk Kim * in the file LICENSE in the source distribution or at
8e71b7053SJung-uk Kim * https://www.openssl.org/source/license.html
9e71b7053SJung-uk Kim *
10e71b7053SJung-uk Kim * Originally written by Christophe Renou and Peter Sylvester,
11e71b7053SJung-uk Kim * for the EdelKey project.
121f13597dSJung-uk Kim */
131f13597dSJung-uk Kim
14*b077aed3SPierre Pronchery /* SRP is deprecated, so we're going to have to use some deprecated APIs */
15*b077aed3SPierre Pronchery #define OPENSSL_SUPPRESS_DEPRECATED
16*b077aed3SPierre Pronchery
17e71b7053SJung-uk Kim #include <openssl/opensslconf.h>
18*b077aed3SPierre Pronchery
191f13597dSJung-uk Kim #include <stdio.h>
201f13597dSJung-uk Kim #include <stdlib.h>
211f13597dSJung-uk Kim #include <string.h>
221f13597dSJung-uk Kim #include <openssl/conf.h>
231f13597dSJung-uk Kim #include <openssl/bio.h>
241f13597dSJung-uk Kim #include <openssl/err.h>
251f13597dSJung-uk Kim #include <openssl/txt_db.h>
261f13597dSJung-uk Kim #include <openssl/buffer.h>
271f13597dSJung-uk Kim #include <openssl/srp.h>
281f13597dSJung-uk Kim #include "apps.h"
29e71b7053SJung-uk Kim #include "progs.h"
301f13597dSJung-uk Kim
311f13597dSJung-uk Kim #define BASE_SECTION "srp"
321f13597dSJung-uk Kim #define CONFIG_FILE "openssl.cnf"
331f13597dSJung-uk Kim
341f13597dSJung-uk Kim
351f13597dSJung-uk Kim #define ENV_DATABASE "srpvfile"
361f13597dSJung-uk Kim #define ENV_DEFAULT_SRP "default_srp"
371f13597dSJung-uk Kim
get_index(CA_DB * db,char * id,char type)381f13597dSJung-uk Kim static int get_index(CA_DB *db, char *id, char type)
391f13597dSJung-uk Kim {
401f13597dSJung-uk Kim char **pp;
411f13597dSJung-uk Kim int i;
426f9291ceSJung-uk Kim if (id == NULL)
436f9291ceSJung-uk Kim return -1;
4447902a71SJung-uk Kim if (type == DB_SRP_INDEX) {
456f9291ceSJung-uk Kim for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
4609286989SJung-uk Kim pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
476f9291ceSJung-uk Kim if (pp[DB_srptype][0] == DB_SRP_INDEX
48e71b7053SJung-uk Kim && strcmp(id, pp[DB_srpid]) == 0)
491f13597dSJung-uk Kim return i;
5047902a71SJung-uk Kim }
5147902a71SJung-uk Kim } else {
526f9291ceSJung-uk Kim for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
5309286989SJung-uk Kim pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
541f13597dSJung-uk Kim
556f9291ceSJung-uk Kim if (pp[DB_srptype][0] != DB_SRP_INDEX
56e71b7053SJung-uk Kim && strcmp(id, pp[DB_srpid]) == 0)
571f13597dSJung-uk Kim return i;
581f13597dSJung-uk Kim }
5947902a71SJung-uk Kim }
601f13597dSJung-uk Kim
611f13597dSJung-uk Kim return -1;
621f13597dSJung-uk Kim }
631f13597dSJung-uk Kim
print_entry(CA_DB * db,int indx,int verbose,char * s)64e71b7053SJung-uk Kim static void print_entry(CA_DB *db, int indx, int verbose, char *s)
651f13597dSJung-uk Kim {
666f9291ceSJung-uk Kim if (indx >= 0 && verbose) {
671f13597dSJung-uk Kim int j;
6809286989SJung-uk Kim char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
69e71b7053SJung-uk Kim BIO_printf(bio_err, "%s \"%s\"\n", s, pp[DB_srpid]);
706f9291ceSJung-uk Kim for (j = 0; j < DB_NUMBER; j++) {
711f13597dSJung-uk Kim BIO_printf(bio_err, " %d = \"%s\"\n", j, pp[j]);
721f13597dSJung-uk Kim }
731f13597dSJung-uk Kim }
741f13597dSJung-uk Kim }
751f13597dSJung-uk Kim
print_index(CA_DB * db,int indexindex,int verbose)76e71b7053SJung-uk Kim static void print_index(CA_DB *db, int indexindex, int verbose)
771f13597dSJung-uk Kim {
78e71b7053SJung-uk Kim print_entry(db, indexindex, verbose, "g N entry");
791f13597dSJung-uk Kim }
801f13597dSJung-uk Kim
print_user(CA_DB * db,int userindex,int verbose)81e71b7053SJung-uk Kim static void print_user(CA_DB *db, int userindex, int verbose)
821f13597dSJung-uk Kim {
836f9291ceSJung-uk Kim if (verbose > 0) {
8409286989SJung-uk Kim char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
851f13597dSJung-uk Kim
866f9291ceSJung-uk Kim if (pp[DB_srptype][0] != 'I') {
87e71b7053SJung-uk Kim print_entry(db, userindex, verbose, "User entry");
88e71b7053SJung-uk Kim print_entry(db, get_index(db, pp[DB_srpgN], 'I'), verbose,
896f9291ceSJung-uk Kim "g N entry");
901f13597dSJung-uk Kim }
911f13597dSJung-uk Kim
921f13597dSJung-uk Kim }
931f13597dSJung-uk Kim }
941f13597dSJung-uk Kim
update_index(CA_DB * db,char ** row)95e71b7053SJung-uk Kim static int update_index(CA_DB *db, char **row)
961f13597dSJung-uk Kim {
971f13597dSJung-uk Kim char **irow;
981f13597dSJung-uk Kim int i;
991f13597dSJung-uk Kim
100e71b7053SJung-uk Kim irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row pointers");
101ed7112f0SJung-uk Kim for (i = 0; i < DB_NUMBER; i++)
1021f13597dSJung-uk Kim irow[i] = row[i];
1031f13597dSJung-uk Kim irow[DB_NUMBER] = NULL;
1041f13597dSJung-uk Kim
1056f9291ceSJung-uk Kim if (!TXT_DB_insert(db->db, irow)) {
106e71b7053SJung-uk Kim BIO_printf(bio_err, "failed to update srpvfile\n");
107e71b7053SJung-uk Kim BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
1081f13597dSJung-uk Kim OPENSSL_free(irow);
1091f13597dSJung-uk Kim return 0;
1101f13597dSJung-uk Kim }
1111f13597dSJung-uk Kim return 1;
1121f13597dSJung-uk Kim }
1131f13597dSJung-uk Kim
lookup_conf(const CONF * conf,const char * section,const char * tag)114e71b7053SJung-uk Kim static char *lookup_conf(const CONF *conf, const char *section, const char *tag)
1151f13597dSJung-uk Kim {
116e71b7053SJung-uk Kim char *entry = NCONF_get_string(conf, section, tag);
117e71b7053SJung-uk Kim if (entry == NULL)
118e71b7053SJung-uk Kim BIO_printf(bio_err, "variable lookup failed for %s::%s\n", section, tag);
119e71b7053SJung-uk Kim return entry;
1201f13597dSJung-uk Kim }
1211f13597dSJung-uk Kim
srp_verify_user(const char * user,const char * srp_verifier,char * srp_usersalt,const char * g,const char * N,const char * passin,int verbose)1221f13597dSJung-uk Kim static char *srp_verify_user(const char *user, const char *srp_verifier,
1231f13597dSJung-uk Kim char *srp_usersalt, const char *g, const char *N,
124e71b7053SJung-uk Kim const char *passin, int verbose)
1251f13597dSJung-uk Kim {
12647902a71SJung-uk Kim char password[1025];
1271f13597dSJung-uk Kim PW_CB_DATA cb_tmp;
1281f13597dSJung-uk Kim char *verifier = NULL;
1291f13597dSJung-uk Kim char *gNid = NULL;
13047902a71SJung-uk Kim int len;
1311f13597dSJung-uk Kim
1321f13597dSJung-uk Kim cb_tmp.prompt_info = user;
1331f13597dSJung-uk Kim cb_tmp.password = passin;
1341f13597dSJung-uk Kim
13547902a71SJung-uk Kim len = password_callback(password, sizeof(password)-1, 0, &cb_tmp);
13647902a71SJung-uk Kim if (len > 0) {
13747902a71SJung-uk Kim password[len] = 0;
138e71b7053SJung-uk Kim if (verbose)
139e71b7053SJung-uk Kim BIO_printf(bio_err,
1406f9291ceSJung-uk Kim "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
1416f9291ceSJung-uk Kim user, srp_verifier, srp_usersalt, g, N);
142e71b7053SJung-uk Kim if (verbose > 1)
143e71b7053SJung-uk Kim BIO_printf(bio_err, "Pass %s\n", password);
1441f13597dSJung-uk Kim
145e71b7053SJung-uk Kim OPENSSL_assert(srp_usersalt != NULL);
146e71b7053SJung-uk Kim if ((gNid = SRP_create_verifier(user, password, &srp_usersalt,
147e71b7053SJung-uk Kim &verifier, N, g)) == NULL) {
148e71b7053SJung-uk Kim BIO_printf(bio_err, "Internal error validating SRP verifier\n");
1496f9291ceSJung-uk Kim } else {
1501f13597dSJung-uk Kim if (strcmp(verifier, srp_verifier))
1511f13597dSJung-uk Kim gNid = NULL;
1521f13597dSJung-uk Kim OPENSSL_free(verifier);
1531f13597dSJung-uk Kim }
15447902a71SJung-uk Kim OPENSSL_cleanse(password, len);
1551f13597dSJung-uk Kim }
1561f13597dSJung-uk Kim return gNid;
1571f13597dSJung-uk Kim }
1581f13597dSJung-uk Kim
srp_create_user(char * user,char ** srp_verifier,char ** srp_usersalt,char * g,char * N,char * passout,int verbose)1591f13597dSJung-uk Kim static char *srp_create_user(char *user, char **srp_verifier,
1601f13597dSJung-uk Kim char **srp_usersalt, char *g, char *N,
161e71b7053SJung-uk Kim char *passout, int verbose)
1621f13597dSJung-uk Kim {
16347902a71SJung-uk Kim char password[1025];
1641f13597dSJung-uk Kim PW_CB_DATA cb_tmp;
1651f13597dSJung-uk Kim char *gNid = NULL;
1661f13597dSJung-uk Kim char *salt = NULL;
16747902a71SJung-uk Kim int len;
1681f13597dSJung-uk Kim cb_tmp.prompt_info = user;
1691f13597dSJung-uk Kim cb_tmp.password = passout;
1701f13597dSJung-uk Kim
17147902a71SJung-uk Kim len = password_callback(password, sizeof(password)-1, 1, &cb_tmp);
17247902a71SJung-uk Kim if (len > 0) {
17347902a71SJung-uk Kim password[len] = 0;
174e71b7053SJung-uk Kim if (verbose)
175e71b7053SJung-uk Kim BIO_printf(bio_err, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
1766f9291ceSJung-uk Kim user, g, N);
177e71b7053SJung-uk Kim if ((gNid = SRP_create_verifier(user, password, &salt,
178e71b7053SJung-uk Kim srp_verifier, N, g)) == NULL) {
179e71b7053SJung-uk Kim BIO_printf(bio_err, "Internal error creating SRP verifier\n");
18047902a71SJung-uk Kim } else {
1811f13597dSJung-uk Kim *srp_usersalt = salt;
18247902a71SJung-uk Kim }
18347902a71SJung-uk Kim OPENSSL_cleanse(password, len);
184e71b7053SJung-uk Kim if (verbose > 1)
185e71b7053SJung-uk Kim BIO_printf(bio_err, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
1866f9291ceSJung-uk Kim gNid, salt, *srp_verifier);
1871f13597dSJung-uk Kim
1881f13597dSJung-uk Kim }
1891f13597dSJung-uk Kim return gNid;
1901f13597dSJung-uk Kim }
1911f13597dSJung-uk Kim
192e71b7053SJung-uk Kim typedef enum OPTION_choice {
193*b077aed3SPierre Pronchery OPT_COMMON,
194e71b7053SJung-uk Kim OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SRPVFILE, OPT_ADD,
195e71b7053SJung-uk Kim OPT_DELETE, OPT_MODIFY, OPT_LIST, OPT_GN, OPT_USERINFO,
196*b077aed3SPierre Pronchery OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE, OPT_R_ENUM, OPT_PROV_ENUM
197e71b7053SJung-uk Kim } OPTION_CHOICE;
1981f13597dSJung-uk Kim
199e71b7053SJung-uk Kim const OPTIONS srp_options[] = {
200*b077aed3SPierre Pronchery {OPT_HELP_STR, 1, '-', "Usage: %s [options] [user...]\n"},
201*b077aed3SPierre Pronchery
202*b077aed3SPierre Pronchery OPT_SECTION("General"),
203e71b7053SJung-uk Kim {"help", OPT_HELP, '-', "Display this summary"},
204e71b7053SJung-uk Kim {"verbose", OPT_VERBOSE, '-', "Talk a lot while doing things"},
205e71b7053SJung-uk Kim {"config", OPT_CONFIG, '<', "A config file"},
206e71b7053SJung-uk Kim {"name", OPT_NAME, 's', "The particular srp definition to use"},
207*b077aed3SPierre Pronchery #ifndef OPENSSL_NO_ENGINE
208*b077aed3SPierre Pronchery {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
209*b077aed3SPierre Pronchery #endif
210*b077aed3SPierre Pronchery
211*b077aed3SPierre Pronchery OPT_SECTION("Action"),
212*b077aed3SPierre Pronchery {"add", OPT_ADD, '-', "Add a user and SRP verifier"},
213*b077aed3SPierre Pronchery {"modify", OPT_MODIFY, '-', "Modify the SRP verifier of an existing user"},
214e71b7053SJung-uk Kim {"delete", OPT_DELETE, '-', "Delete user from verifier file"},
215e71b7053SJung-uk Kim {"list", OPT_LIST, '-', "List users"},
216*b077aed3SPierre Pronchery
217*b077aed3SPierre Pronchery OPT_SECTION("Configuration"),
218*b077aed3SPierre Pronchery {"srpvfile", OPT_SRPVFILE, '<', "The srp verifier file name"},
219e71b7053SJung-uk Kim {"gn", OPT_GN, 's', "Set g and N values to be used for new verifier"},
220e71b7053SJung-uk Kim {"userinfo", OPT_USERINFO, 's', "Additional info to be set for user"},
221e71b7053SJung-uk Kim {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
222e71b7053SJung-uk Kim {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
223*b077aed3SPierre Pronchery
224e71b7053SJung-uk Kim OPT_R_OPTIONS,
225*b077aed3SPierre Pronchery OPT_PROV_OPTIONS,
226*b077aed3SPierre Pronchery
227*b077aed3SPierre Pronchery OPT_PARAMETERS(),
228*b077aed3SPierre Pronchery {"user", 0, 0, "Username(s) to process (optional)"},
229e71b7053SJung-uk Kim {NULL}
230e71b7053SJung-uk Kim };
2311f13597dSJung-uk Kim
srp_main(int argc,char ** argv)232e71b7053SJung-uk Kim int srp_main(int argc, char **argv)
233e71b7053SJung-uk Kim {
234e71b7053SJung-uk Kim ENGINE *e = NULL;
235e71b7053SJung-uk Kim CA_DB *db = NULL;
236e71b7053SJung-uk Kim CONF *conf = NULL;
237e71b7053SJung-uk Kim int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = 0, i;
238e71b7053SJung-uk Kim int doupdatedb = 0, mode = OPT_ERR;
239e71b7053SJung-uk Kim char *user = NULL, *passinarg = NULL, *passoutarg = NULL;
240e71b7053SJung-uk Kim char *passin = NULL, *passout = NULL, *gN = NULL, *userinfo = NULL;
241e71b7053SJung-uk Kim char *section = NULL;
242e71b7053SJung-uk Kim char **gNrow = NULL, *configfile = NULL;
243e71b7053SJung-uk Kim char *srpvfile = NULL, **pp, *prog;
244e71b7053SJung-uk Kim OPTION_CHOICE o;
245e71b7053SJung-uk Kim
246e71b7053SJung-uk Kim prog = opt_init(argc, argv, srp_options);
247e71b7053SJung-uk Kim while ((o = opt_next()) != OPT_EOF) {
248e71b7053SJung-uk Kim switch (o) {
249e71b7053SJung-uk Kim case OPT_EOF:
250e71b7053SJung-uk Kim case OPT_ERR:
251e71b7053SJung-uk Kim opthelp:
252e71b7053SJung-uk Kim BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
253e71b7053SJung-uk Kim goto end;
254e71b7053SJung-uk Kim case OPT_HELP:
255e71b7053SJung-uk Kim opt_help(srp_options);
256e71b7053SJung-uk Kim ret = 0;
257e71b7053SJung-uk Kim goto end;
258e71b7053SJung-uk Kim case OPT_VERBOSE:
259e71b7053SJung-uk Kim verbose++;
2601f13597dSJung-uk Kim break;
261e71b7053SJung-uk Kim case OPT_CONFIG:
262e71b7053SJung-uk Kim configfile = opt_arg();
2631f13597dSJung-uk Kim break;
264e71b7053SJung-uk Kim case OPT_NAME:
265e71b7053SJung-uk Kim section = opt_arg();
266e71b7053SJung-uk Kim break;
267e71b7053SJung-uk Kim case OPT_SRPVFILE:
268e71b7053SJung-uk Kim srpvfile = opt_arg();
269e71b7053SJung-uk Kim break;
270e71b7053SJung-uk Kim case OPT_ADD:
271e71b7053SJung-uk Kim case OPT_DELETE:
272e71b7053SJung-uk Kim case OPT_MODIFY:
273e71b7053SJung-uk Kim case OPT_LIST:
274e71b7053SJung-uk Kim if (mode != OPT_ERR) {
2756f9291ceSJung-uk Kim BIO_printf(bio_err,
276e71b7053SJung-uk Kim "%s: Only one of -add/-delete/-modify/-list\n",
277e71b7053SJung-uk Kim prog);
278e71b7053SJung-uk Kim goto opthelp;
2791f13597dSJung-uk Kim }
280e71b7053SJung-uk Kim mode = o;
281e71b7053SJung-uk Kim break;
282e71b7053SJung-uk Kim case OPT_GN:
283e71b7053SJung-uk Kim gN = opt_arg();
284e71b7053SJung-uk Kim break;
285e71b7053SJung-uk Kim case OPT_USERINFO:
286e71b7053SJung-uk Kim userinfo = opt_arg();
287e71b7053SJung-uk Kim break;
288e71b7053SJung-uk Kim case OPT_PASSIN:
289e71b7053SJung-uk Kim passinarg = opt_arg();
290e71b7053SJung-uk Kim break;
291e71b7053SJung-uk Kim case OPT_PASSOUT:
292e71b7053SJung-uk Kim passoutarg = opt_arg();
293e71b7053SJung-uk Kim break;
294e71b7053SJung-uk Kim case OPT_ENGINE:
295e71b7053SJung-uk Kim e = setup_engine(opt_arg(), 0);
296e71b7053SJung-uk Kim break;
297e71b7053SJung-uk Kim case OPT_R_CASES:
298e71b7053SJung-uk Kim if (!opt_rand(o))
299e71b7053SJung-uk Kim goto end;
300e71b7053SJung-uk Kim break;
301*b077aed3SPierre Pronchery case OPT_PROV_CASES:
302*b077aed3SPierre Pronchery if (!opt_provider(o))
303*b077aed3SPierre Pronchery goto end;
304*b077aed3SPierre Pronchery break;
305e71b7053SJung-uk Kim }
306e71b7053SJung-uk Kim }
307*b077aed3SPierre Pronchery
308*b077aed3SPierre Pronchery /* Optional parameters are usernames. */
309e71b7053SJung-uk Kim argc = opt_num_rest();
310e71b7053SJung-uk Kim argv = opt_rest();
311e71b7053SJung-uk Kim
312*b077aed3SPierre Pronchery if (!app_RAND_load())
313*b077aed3SPierre Pronchery goto end;
314*b077aed3SPierre Pronchery
315e71b7053SJung-uk Kim if (srpvfile != NULL && configfile != NULL) {
316e71b7053SJung-uk Kim BIO_printf(bio_err,
317e71b7053SJung-uk Kim "-srpvfile and -configfile cannot be specified together.\n");
318e71b7053SJung-uk Kim goto end;
319e71b7053SJung-uk Kim }
320e71b7053SJung-uk Kim if (mode == OPT_ERR) {
3216f9291ceSJung-uk Kim BIO_printf(bio_err,
3226f9291ceSJung-uk Kim "Exactly one of the options -add, -delete, -modify -list must be specified.\n");
323e71b7053SJung-uk Kim goto opthelp;
3241f13597dSJung-uk Kim }
325e71b7053SJung-uk Kim if (mode == OPT_DELETE || mode == OPT_MODIFY || mode == OPT_ADD) {
326e71b7053SJung-uk Kim if (argc == 0) {
327e71b7053SJung-uk Kim BIO_printf(bio_err, "Need at least one user.\n");
328e71b7053SJung-uk Kim goto opthelp;
3291f13597dSJung-uk Kim }
330e71b7053SJung-uk Kim user = *argv++;
331e71b7053SJung-uk Kim }
332e71b7053SJung-uk Kim if ((passinarg != NULL || passoutarg != NULL) && argc != 1) {
3336f9291ceSJung-uk Kim BIO_printf(bio_err,
3346f9291ceSJung-uk Kim "-passin, -passout arguments only valid with one user.\n");
335e71b7053SJung-uk Kim goto opthelp;
3361f13597dSJung-uk Kim }
3371f13597dSJung-uk Kim
338e71b7053SJung-uk Kim if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
3391f13597dSJung-uk Kim BIO_printf(bio_err, "Error getting passwords\n");
340e71b7053SJung-uk Kim goto end;
3411f13597dSJung-uk Kim }
3421f13597dSJung-uk Kim
343e71b7053SJung-uk Kim if (srpvfile == NULL) {
3441f13597dSJung-uk Kim if (configfile == NULL)
345e71b7053SJung-uk Kim configfile = default_config_file;
3461f13597dSJung-uk Kim
347*b077aed3SPierre Pronchery conf = app_load_config_verbose(configfile, verbose);
348e71b7053SJung-uk Kim if (conf == NULL)
349e71b7053SJung-uk Kim goto end;
350e71b7053SJung-uk Kim if (configfile != default_config_file && !app_load_modules(conf))
351e71b7053SJung-uk Kim goto end;
3521f13597dSJung-uk Kim
3531f13597dSJung-uk Kim /* Lets get the config section we are using */
3546f9291ceSJung-uk Kim if (section == NULL) {
355e71b7053SJung-uk Kim if (verbose)
356e71b7053SJung-uk Kim BIO_printf(bio_err,
3576f9291ceSJung-uk Kim "trying to read " ENV_DEFAULT_SRP
358e71b7053SJung-uk Kim " in " BASE_SECTION "\n");
3591f13597dSJung-uk Kim
360e71b7053SJung-uk Kim section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_SRP);
361e71b7053SJung-uk Kim if (section == NULL)
362e71b7053SJung-uk Kim goto end;
3631f13597dSJung-uk Kim }
3641f13597dSJung-uk Kim
365e71b7053SJung-uk Kim app_RAND_load_conf(conf, BASE_SECTION);
3661f13597dSJung-uk Kim
367e71b7053SJung-uk Kim if (verbose)
368e71b7053SJung-uk Kim BIO_printf(bio_err,
369e71b7053SJung-uk Kim "trying to read " ENV_DATABASE " in section \"%s\"\n",
370e71b7053SJung-uk Kim section);
3711f13597dSJung-uk Kim
372e71b7053SJung-uk Kim srpvfile = lookup_conf(conf, section, ENV_DATABASE);
373e71b7053SJung-uk Kim if (srpvfile == NULL)
374e71b7053SJung-uk Kim goto end;
3751f13597dSJung-uk Kim }
3761f13597dSJung-uk Kim
377e71b7053SJung-uk Kim if (verbose)
378e71b7053SJung-uk Kim BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
379e71b7053SJung-uk Kim srpvfile);
3801f13597dSJung-uk Kim
381e71b7053SJung-uk Kim db = load_index(srpvfile, NULL);
382*b077aed3SPierre Pronchery if (db == NULL) {
383*b077aed3SPierre Pronchery BIO_printf(bio_err, "Problem with index file: %s (could not load/parse file)\n", srpvfile);
384e71b7053SJung-uk Kim goto end;
385*b077aed3SPierre Pronchery }
3861f13597dSJung-uk Kim
3871f13597dSJung-uk Kim /* Lets check some fields */
3886f9291ceSJung-uk Kim for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
38909286989SJung-uk Kim pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
3901f13597dSJung-uk Kim
3916f9291ceSJung-uk Kim if (pp[DB_srptype][0] == DB_SRP_INDEX) {
3921f13597dSJung-uk Kim maxgN = i;
393e71b7053SJung-uk Kim if ((gNindex < 0) && (gN != NULL) && strcmp(gN, pp[DB_srpid]) == 0)
3941f13597dSJung-uk Kim gNindex = i;
3951f13597dSJung-uk Kim
396e71b7053SJung-uk Kim print_index(db, i, verbose > 1);
3971f13597dSJung-uk Kim }
3981f13597dSJung-uk Kim }
3991f13597dSJung-uk Kim
400e71b7053SJung-uk Kim if (verbose)
401e71b7053SJung-uk Kim BIO_printf(bio_err, "Database initialised\n");
4021f13597dSJung-uk Kim
4036f9291ceSJung-uk Kim if (gNindex >= 0) {
40409286989SJung-uk Kim gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
405e71b7053SJung-uk Kim print_entry(db, gNindex, verbose > 1, "Default g and N");
4066f9291ceSJung-uk Kim } else if (maxgN > 0 && !SRP_get_default_gN(gN)) {
4071f13597dSJung-uk Kim BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
408e71b7053SJung-uk Kim goto end;
4096f9291ceSJung-uk Kim } else {
410e71b7053SJung-uk Kim if (verbose)
411e71b7053SJung-uk Kim BIO_printf(bio_err, "Database has no g N information.\n");
4121f13597dSJung-uk Kim gNrow = NULL;
4131f13597dSJung-uk Kim }
4141f13597dSJung-uk Kim
415e71b7053SJung-uk Kim if (verbose > 1)
416e71b7053SJung-uk Kim BIO_printf(bio_err, "Starting user processing\n");
4171f13597dSJung-uk Kim
418e71b7053SJung-uk Kim while (mode == OPT_LIST || user != NULL) {
4191f13597dSJung-uk Kim int userindex = -1;
4201f13597dSJung-uk Kim
421e71b7053SJung-uk Kim if (user != NULL && verbose > 1)
422e71b7053SJung-uk Kim BIO_printf(bio_err, "Processing user \"%s\"\n", user);
423e71b7053SJung-uk Kim if ((userindex = get_index(db, user, 'U')) >= 0)
424e71b7053SJung-uk Kim print_user(db, userindex, (verbose > 0) || mode == OPT_LIST);
425e71b7053SJung-uk Kim
426e71b7053SJung-uk Kim if (mode == OPT_LIST) {
4276f9291ceSJung-uk Kim if (user == NULL) {
4281f13597dSJung-uk Kim BIO_printf(bio_err, "List all users\n");
4291f13597dSJung-uk Kim
430e71b7053SJung-uk Kim for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
431e71b7053SJung-uk Kim print_user(db, i, 1);
4326f9291ceSJung-uk Kim } else if (userindex < 0) {
4336f9291ceSJung-uk Kim BIO_printf(bio_err,
4346f9291ceSJung-uk Kim "user \"%s\" does not exist, ignored. t\n", user);
4351f13597dSJung-uk Kim errors++;
4361f13597dSJung-uk Kim }
437e71b7053SJung-uk Kim } else if (mode == OPT_ADD) {
4386f9291ceSJung-uk Kim if (userindex >= 0) {
4391f13597dSJung-uk Kim /* reactivation of a new user */
4406f9291ceSJung-uk Kim char **row =
4416f9291ceSJung-uk Kim sk_OPENSSL_PSTRING_value(db->db->data, userindex);
4421f13597dSJung-uk Kim BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
4431f13597dSJung-uk Kim row[DB_srptype][0] = 'V';
4441f13597dSJung-uk Kim
4451f13597dSJung-uk Kim doupdatedb = 1;
4466f9291ceSJung-uk Kim } else {
4476f9291ceSJung-uk Kim char *row[DB_NUMBER];
4486f9291ceSJung-uk Kim char *gNid;
4491f13597dSJung-uk Kim row[DB_srpverifier] = NULL;
4501f13597dSJung-uk Kim row[DB_srpsalt] = NULL;
4511f13597dSJung-uk Kim row[DB_srpinfo] = NULL;
4526f9291ceSJung-uk Kim if (!
4536f9291ceSJung-uk Kim (gNid =
4546f9291ceSJung-uk Kim srp_create_user(user, &(row[DB_srpverifier]),
4556f9291ceSJung-uk Kim &(row[DB_srpsalt]),
4566f9291ceSJung-uk Kim gNrow ? gNrow[DB_srpsalt] : gN,
4576f9291ceSJung-uk Kim gNrow ? gNrow[DB_srpverifier] : NULL,
458e71b7053SJung-uk Kim passout, verbose))) {
4596f9291ceSJung-uk Kim BIO_printf(bio_err,
4606f9291ceSJung-uk Kim "Cannot create srp verifier for user \"%s\", operation abandoned .\n",
4616f9291ceSJung-uk Kim user);
4621f13597dSJung-uk Kim errors++;
463e71b7053SJung-uk Kim goto end;
4641f13597dSJung-uk Kim }
465e71b7053SJung-uk Kim row[DB_srpid] = OPENSSL_strdup(user);
466e71b7053SJung-uk Kim row[DB_srptype] = OPENSSL_strdup("v");
467e71b7053SJung-uk Kim row[DB_srpgN] = OPENSSL_strdup(gNid);
4681f13597dSJung-uk Kim
469e71b7053SJung-uk Kim if ((row[DB_srpid] == NULL)
470e71b7053SJung-uk Kim || (row[DB_srpgN] == NULL)
471e71b7053SJung-uk Kim || (row[DB_srptype] == NULL)
472e71b7053SJung-uk Kim || (row[DB_srpverifier] == NULL)
473e71b7053SJung-uk Kim || (row[DB_srpsalt] == NULL)
474e71b7053SJung-uk Kim || (userinfo
475e71b7053SJung-uk Kim && ((row[DB_srpinfo] = OPENSSL_strdup(userinfo)) == NULL))
476e71b7053SJung-uk Kim || !update_index(db, row)) {
4776f9291ceSJung-uk Kim OPENSSL_free(row[DB_srpid]);
4786f9291ceSJung-uk Kim OPENSSL_free(row[DB_srpgN]);
4796f9291ceSJung-uk Kim OPENSSL_free(row[DB_srpinfo]);
4806f9291ceSJung-uk Kim OPENSSL_free(row[DB_srptype]);
4816f9291ceSJung-uk Kim OPENSSL_free(row[DB_srpverifier]);
4826f9291ceSJung-uk Kim OPENSSL_free(row[DB_srpsalt]);
483e71b7053SJung-uk Kim goto end;
4841f13597dSJung-uk Kim }
4851f13597dSJung-uk Kim doupdatedb = 1;
4861f13597dSJung-uk Kim }
487e71b7053SJung-uk Kim } else if (mode == OPT_MODIFY) {
4886f9291ceSJung-uk Kim if (userindex < 0) {
4896f9291ceSJung-uk Kim BIO_printf(bio_err,
4906f9291ceSJung-uk Kim "user \"%s\" does not exist, operation ignored.\n",
4916f9291ceSJung-uk Kim user);
4921f13597dSJung-uk Kim errors++;
4936f9291ceSJung-uk Kim } else {
4941f13597dSJung-uk Kim
4956f9291ceSJung-uk Kim char **row =
4966f9291ceSJung-uk Kim sk_OPENSSL_PSTRING_value(db->db->data, userindex);
4971f13597dSJung-uk Kim char type = row[DB_srptype][0];
4986f9291ceSJung-uk Kim if (type == 'v') {
4996f9291ceSJung-uk Kim BIO_printf(bio_err,
5006f9291ceSJung-uk Kim "user \"%s\" already updated, operation ignored.\n",
5016f9291ceSJung-uk Kim user);
5021f13597dSJung-uk Kim errors++;
5036f9291ceSJung-uk Kim } else {
5041f13597dSJung-uk Kim char *gNid;
5051f13597dSJung-uk Kim
5066f9291ceSJung-uk Kim if (row[DB_srptype][0] == 'V') {
5071f13597dSJung-uk Kim int user_gN;
5081f13597dSJung-uk Kim char **irow = NULL;
509e71b7053SJung-uk Kim if (verbose)
510e71b7053SJung-uk Kim BIO_printf(bio_err,
5116f9291ceSJung-uk Kim "Verifying password for user \"%s\"\n",
5126f9291ceSJung-uk Kim user);
5136f9291ceSJung-uk Kim if ((user_gN =
5146f9291ceSJung-uk Kim get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
5156f9291ceSJung-uk Kim irow =
516e71b7053SJung-uk Kim sk_OPENSSL_PSTRING_value(db->db->data,
5176f9291ceSJung-uk Kim userindex);
5181f13597dSJung-uk Kim
5196f9291ceSJung-uk Kim if (!srp_verify_user
5206f9291ceSJung-uk Kim (user, row[DB_srpverifier], row[DB_srpsalt],
5216f9291ceSJung-uk Kim irow ? irow[DB_srpsalt] : row[DB_srpgN],
5226f9291ceSJung-uk Kim irow ? irow[DB_srpverifier] : NULL, passin,
523e71b7053SJung-uk Kim verbose)) {
5246f9291ceSJung-uk Kim BIO_printf(bio_err,
5256f9291ceSJung-uk Kim "Invalid password for user \"%s\", operation abandoned.\n",
5266f9291ceSJung-uk Kim user);
5271f13597dSJung-uk Kim errors++;
528e71b7053SJung-uk Kim goto end;
5291f13597dSJung-uk Kim }
5301f13597dSJung-uk Kim }
531e71b7053SJung-uk Kim if (verbose)
532e71b7053SJung-uk Kim BIO_printf(bio_err, "Password for user \"%s\" ok.\n",
5336f9291ceSJung-uk Kim user);
5341f13597dSJung-uk Kim
5356f9291ceSJung-uk Kim if (!
5366f9291ceSJung-uk Kim (gNid =
5376f9291ceSJung-uk Kim srp_create_user(user, &(row[DB_srpverifier]),
5386f9291ceSJung-uk Kim &(row[DB_srpsalt]),
5396f9291ceSJung-uk Kim gNrow ? gNrow[DB_srpsalt] : NULL,
5406f9291ceSJung-uk Kim gNrow ? gNrow[DB_srpverifier] : NULL,
541e71b7053SJung-uk Kim passout, verbose))) {
5426f9291ceSJung-uk Kim BIO_printf(bio_err,
5436f9291ceSJung-uk Kim "Cannot create srp verifier for user \"%s\", operation abandoned.\n",
5446f9291ceSJung-uk Kim user);
5451f13597dSJung-uk Kim errors++;
546e71b7053SJung-uk Kim goto end;
5471f13597dSJung-uk Kim }
5481f13597dSJung-uk Kim
5491f13597dSJung-uk Kim row[DB_srptype][0] = 'v';
550e71b7053SJung-uk Kim row[DB_srpgN] = OPENSSL_strdup(gNid);
5511f13597dSJung-uk Kim
552e71b7053SJung-uk Kim if (row[DB_srpid] == NULL
553e71b7053SJung-uk Kim || row[DB_srpgN] == NULL
554e71b7053SJung-uk Kim || row[DB_srptype] == NULL
555e71b7053SJung-uk Kim || row[DB_srpverifier] == NULL
556e71b7053SJung-uk Kim || row[DB_srpsalt] == NULL
5576f9291ceSJung-uk Kim || (userinfo
558e71b7053SJung-uk Kim && ((row[DB_srpinfo] = OPENSSL_strdup(userinfo))
559e71b7053SJung-uk Kim == NULL)))
560e71b7053SJung-uk Kim goto end;
5611f13597dSJung-uk Kim
5621f13597dSJung-uk Kim doupdatedb = 1;
5631f13597dSJung-uk Kim }
5641f13597dSJung-uk Kim }
565e71b7053SJung-uk Kim } else if (mode == OPT_DELETE) {
5666f9291ceSJung-uk Kim if (userindex < 0) {
5676f9291ceSJung-uk Kim BIO_printf(bio_err,
5686f9291ceSJung-uk Kim "user \"%s\" does not exist, operation ignored. t\n",
5696f9291ceSJung-uk Kim user);
5701f13597dSJung-uk Kim errors++;
5716f9291ceSJung-uk Kim } else {
572e71b7053SJung-uk Kim char **xpp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
573e71b7053SJung-uk Kim
5741f13597dSJung-uk Kim BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
5751f13597dSJung-uk Kim xpp[DB_srptype][0] = 'R';
5761f13597dSJung-uk Kim doupdatedb = 1;
5771f13597dSJung-uk Kim }
5781f13597dSJung-uk Kim }
579e71b7053SJung-uk Kim user = *argv++;
580e71b7053SJung-uk Kim if (user == NULL) {
581e71b7053SJung-uk Kim /* no more processing in any mode if no users left */
582e71b7053SJung-uk Kim break;
5831f13597dSJung-uk Kim }
5841f13597dSJung-uk Kim }
5851f13597dSJung-uk Kim
586e71b7053SJung-uk Kim if (verbose)
587e71b7053SJung-uk Kim BIO_printf(bio_err, "User procession done.\n");
5881f13597dSJung-uk Kim
5896f9291ceSJung-uk Kim if (doupdatedb) {
5901f13597dSJung-uk Kim /* Lets check some fields */
5916f9291ceSJung-uk Kim for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
59209286989SJung-uk Kim pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
5931f13597dSJung-uk Kim
5946f9291ceSJung-uk Kim if (pp[DB_srptype][0] == 'v') {
5951f13597dSJung-uk Kim pp[DB_srptype][0] = 'V';
596e71b7053SJung-uk Kim print_user(db, i, verbose);
5971f13597dSJung-uk Kim }
5981f13597dSJung-uk Kim }
5991f13597dSJung-uk Kim
600e71b7053SJung-uk Kim if (verbose)
601e71b7053SJung-uk Kim BIO_printf(bio_err, "Trying to update srpvfile.\n");
602e71b7053SJung-uk Kim if (!save_index(srpvfile, "new", db))
603e71b7053SJung-uk Kim goto end;
6041f13597dSJung-uk Kim
605e71b7053SJung-uk Kim if (verbose)
606e71b7053SJung-uk Kim BIO_printf(bio_err, "Temporary srpvfile created.\n");
607e71b7053SJung-uk Kim if (!rotate_index(srpvfile, "new", "old"))
608e71b7053SJung-uk Kim goto end;
6091f13597dSJung-uk Kim
610e71b7053SJung-uk Kim if (verbose)
611e71b7053SJung-uk Kim BIO_printf(bio_err, "srpvfile updated.\n");
6121f13597dSJung-uk Kim }
6131f13597dSJung-uk Kim
6141f13597dSJung-uk Kim ret = (errors != 0);
615e71b7053SJung-uk Kim end:
6161f13597dSJung-uk Kim if (errors != 0)
617e71b7053SJung-uk Kim if (verbose)
618e71b7053SJung-uk Kim BIO_printf(bio_err, "User errors %d.\n", errors);
6191f13597dSJung-uk Kim
620e71b7053SJung-uk Kim if (verbose)
621e71b7053SJung-uk Kim BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
622e71b7053SJung-uk Kim
623e71b7053SJung-uk Kim OPENSSL_free(passin);
624e71b7053SJung-uk Kim OPENSSL_free(passout);
6256f9291ceSJung-uk Kim if (ret)
6266f9291ceSJung-uk Kim ERR_print_errors(bio_err);
6276f9291ceSJung-uk Kim NCONF_free(conf);
6286f9291ceSJung-uk Kim free_index(db);
6296cf8931aSJung-uk Kim release_engine(e);
630e71b7053SJung-uk Kim return ret;
6311f13597dSJung-uk Kim }
632