1 /* apps/srp.c */ 2 /* 3 * Written by Peter Sylvester (peter.sylvester@edelweb.fr) for the EdelKey 4 * project and contributed to the OpenSSL project 2004. 5 */ 6 /* ==================================================================== 7 * Copyright (c) 2004 The OpenSSL Project. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * licensing@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This product includes cryptographic software written by Eric Young 55 * (eay@cryptsoft.com). This product includes software written by Tim 56 * Hudson (tjh@cryptsoft.com). 57 * 58 */ 59 #include <openssl/opensslconf.h> 60 61 #ifndef OPENSSL_NO_SRP 62 # include <stdio.h> 63 # include <stdlib.h> 64 # include <string.h> 65 # include <openssl/conf.h> 66 # include <openssl/bio.h> 67 # include <openssl/err.h> 68 # include <openssl/txt_db.h> 69 # include <openssl/buffer.h> 70 # include <openssl/srp.h> 71 72 # include "apps.h" 73 74 # undef PROG 75 # define PROG srp_main 76 77 # define BASE_SECTION "srp" 78 # define CONFIG_FILE "openssl.cnf" 79 80 # define ENV_RANDFILE "RANDFILE" 81 82 # define ENV_DATABASE "srpvfile" 83 # define ENV_DEFAULT_SRP "default_srp" 84 85 static char *srp_usage[] = { 86 "usage: srp [args] [user] \n", 87 "\n", 88 " -verbose Talk alot while doing things\n", 89 " -config file A config file\n", 90 " -name arg The particular srp definition to use\n", 91 " -srpvfile arg The srp verifier file name\n", 92 " -add add an user and srp verifier\n", 93 " -modify modify the srp verifier of an existing user\n", 94 " -delete delete user from verifier file\n", 95 " -list list user\n", 96 " -gn arg g and N values to be used for new verifier\n", 97 " -userinfo arg additional info to be set for user\n", 98 " -passin arg input file pass phrase source\n", 99 " -passout arg output file pass phrase source\n", 100 # ifndef OPENSSL_NO_ENGINE 101 " -engine e - use engine e, possibly a hardware device.\n", 102 # endif 103 NULL 104 }; 105 106 # ifdef EFENCE 107 extern int EF_PROTECT_FREE; 108 extern int EF_PROTECT_BELOW; 109 extern int EF_ALIGNMENT; 110 # endif 111 112 static CONF *conf = NULL; 113 static char *section = NULL; 114 115 # define VERBOSE if (verbose) 116 # define VVERBOSE if (verbose>1) 117 118 int MAIN(int, char **); 119 120 static int get_index(CA_DB *db, char *id, char type) 121 { 122 char **pp; 123 int i; 124 if (id == NULL) 125 return -1; 126 if (type == DB_SRP_INDEX) { 127 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 128 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 129 if (pp[DB_srptype][0] == DB_SRP_INDEX 130 && !strcmp(id, pp[DB_srpid])) 131 return i; 132 } 133 } else { 134 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 135 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 136 137 if (pp[DB_srptype][0] != DB_SRP_INDEX 138 && !strcmp(id, pp[DB_srpid])) 139 return i; 140 } 141 } 142 143 return -1; 144 } 145 146 static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s) 147 { 148 if (indx >= 0 && verbose) { 149 int j; 150 char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx); 151 BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]); 152 for (j = 0; j < DB_NUMBER; j++) { 153 BIO_printf(bio_err, " %d = \"%s\"\n", j, pp[j]); 154 } 155 } 156 } 157 158 static void print_index(CA_DB *db, BIO *bio, int indexindex, int verbose) 159 { 160 print_entry(db, bio, indexindex, verbose, "g N entry"); 161 } 162 163 static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose) 164 { 165 if (verbose > 0) { 166 char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex); 167 168 if (pp[DB_srptype][0] != 'I') { 169 print_entry(db, bio, userindex, verbose, "User entry"); 170 print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose, 171 "g N entry"); 172 } 173 174 } 175 } 176 177 static int update_index(CA_DB *db, BIO *bio, char **row) 178 { 179 char **irow; 180 int i; 181 182 irow = (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1)); 183 if (irow == NULL) { 184 BIO_printf(bio_err, "Memory allocation failure\n"); 185 return 0; 186 } 187 188 for (i = 0; i < DB_NUMBER; i++) 189 irow[i] = row[i]; 190 irow[DB_NUMBER] = NULL; 191 192 if (!TXT_DB_insert(db->db, irow)) { 193 BIO_printf(bio, "failed to update srpvfile\n"); 194 BIO_printf(bio, "TXT_DB error number %ld\n", db->db->error); 195 OPENSSL_free(irow); 196 return 0; 197 } 198 return 1; 199 } 200 201 static void lookup_fail(const char *name, char *tag) 202 { 203 BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag); 204 } 205 206 static char *srp_verify_user(const char *user, const char *srp_verifier, 207 char *srp_usersalt, const char *g, const char *N, 208 const char *passin, BIO *bio, int verbose) 209 { 210 char password[1025]; 211 PW_CB_DATA cb_tmp; 212 char *verifier = NULL; 213 char *gNid = NULL; 214 int len; 215 216 cb_tmp.prompt_info = user; 217 cb_tmp.password = passin; 218 219 len = password_callback(password, sizeof(password)-1, 0, &cb_tmp); 220 if (len > 0) { 221 password[len] = 0; 222 VERBOSE BIO_printf(bio, 223 "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", 224 user, srp_verifier, srp_usersalt, g, N); 225 VVERBOSE BIO_printf(bio, "Pass %s\n", password); 226 227 if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt, 228 &verifier, N, g))) { 229 BIO_printf(bio, "Internal error validating SRP verifier\n"); 230 } else { 231 if (strcmp(verifier, srp_verifier)) 232 gNid = NULL; 233 OPENSSL_free(verifier); 234 } 235 OPENSSL_cleanse(password, len); 236 } 237 return gNid; 238 } 239 240 static char *srp_create_user(char *user, char **srp_verifier, 241 char **srp_usersalt, char *g, char *N, 242 char *passout, BIO *bio, int verbose) 243 { 244 char password[1025]; 245 PW_CB_DATA cb_tmp; 246 char *gNid = NULL; 247 char *salt = NULL; 248 int len; 249 cb_tmp.prompt_info = user; 250 cb_tmp.password = passout; 251 252 len = password_callback(password, sizeof(password)-1, 1, &cb_tmp); 253 if (len > 0) { 254 password[len] = 0; 255 VERBOSE BIO_printf(bio, 256 "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", 257 user, g, N); 258 if (!(gNid = SRP_create_verifier(user, password, &salt, 259 srp_verifier, N, g))) { 260 BIO_printf(bio, "Internal error creating SRP verifier\n"); 261 } else { 262 *srp_usersalt = salt; 263 } 264 OPENSSL_cleanse(password, len); 265 VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", 266 gNid, salt, *srp_verifier); 267 268 } 269 return gNid; 270 } 271 272 int MAIN(int argc, char **argv) 273 { 274 int add_user = 0; 275 int list_user = 0; 276 int delete_user = 0; 277 int modify_user = 0; 278 char *user = NULL; 279 280 char *passargin = NULL, *passargout = NULL; 281 char *passin = NULL, *passout = NULL; 282 char *gN = NULL; 283 int gNindex = -1; 284 char **gNrow = NULL; 285 int maxgN = -1; 286 287 char *userinfo = NULL; 288 289 int badops = 0; 290 int ret = 1; 291 int errors = 0; 292 int verbose = 0; 293 int doupdatedb = 0; 294 char *configfile = NULL; 295 char *dbfile = NULL; 296 CA_DB *db = NULL; 297 char **pp; 298 int i; 299 long errorline = -1; 300 char *randfile = NULL; 301 ENGINE *e = NULL; 302 char *engine = NULL; 303 char *tofree = NULL; 304 DB_ATTR db_attr; 305 306 # ifdef EFENCE 307 EF_PROTECT_FREE = 1; 308 EF_PROTECT_BELOW = 1; 309 EF_ALIGNMENT = 0; 310 # endif 311 312 apps_startup(); 313 314 conf = NULL; 315 section = NULL; 316 317 if (bio_err == NULL) 318 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 319 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); 320 321 argc--; 322 argv++; 323 while (argc >= 1 && badops == 0) { 324 if (strcmp(*argv, "-verbose") == 0) { 325 verbose++; 326 } else if (strcmp(*argv, "-config") == 0) { 327 if (--argc < 1) 328 goto bad; 329 configfile = *(++argv); 330 } else if (strcmp(*argv, "-name") == 0) { 331 if (--argc < 1) 332 goto bad; 333 section = *(++argv); 334 } else if (strcmp(*argv, "-srpvfile") == 0) { 335 if (--argc < 1) 336 goto bad; 337 dbfile = *(++argv); 338 } else if (strcmp(*argv, "-add") == 0) { 339 add_user = 1; 340 } else if (strcmp(*argv, "-delete") == 0) { 341 delete_user = 1; 342 } else if (strcmp(*argv, "-modify") == 0) { 343 modify_user = 1; 344 } else if (strcmp(*argv, "-list") == 0) { 345 list_user = 1; 346 } else if (strcmp(*argv, "-gn") == 0) { 347 if (--argc < 1) 348 goto bad; 349 gN = *(++argv); 350 } else if (strcmp(*argv, "-userinfo") == 0) { 351 if (--argc < 1) 352 goto bad; 353 userinfo = *(++argv); 354 } else if (strcmp(*argv, "-passin") == 0) { 355 if (--argc < 1) 356 goto bad; 357 passargin = *(++argv); 358 } else if (strcmp(*argv, "-passout") == 0) { 359 if (--argc < 1) 360 goto bad; 361 passargout = *(++argv); 362 } 363 # ifndef OPENSSL_NO_ENGINE 364 else if (strcmp(*argv, "-engine") == 0) { 365 if (--argc < 1) 366 goto bad; 367 engine = *(++argv); 368 } 369 # endif 370 371 else if (**argv == '-') { 372 bad: 373 BIO_printf(bio_err, "unknown option %s\n", *argv); 374 badops = 1; 375 break; 376 } else { 377 break; 378 } 379 380 argc--; 381 argv++; 382 } 383 384 if (dbfile && configfile) { 385 BIO_printf(bio_err, 386 "-dbfile and -configfile cannot be specified together.\n"); 387 badops = 1; 388 } 389 if (add_user + delete_user + modify_user + list_user != 1) { 390 BIO_printf(bio_err, 391 "Exactly one of the options -add, -delete, -modify -list must be specified.\n"); 392 badops = 1; 393 } 394 if (delete_user + modify_user + delete_user == 1 && argc <= 0) { 395 BIO_printf(bio_err, 396 "Need at least one user for options -add, -delete, -modify. \n"); 397 badops = 1; 398 } 399 if ((passargin || passargout) && argc != 1) { 400 BIO_printf(bio_err, 401 "-passin, -passout arguments only valid with one user.\n"); 402 badops = 1; 403 } 404 405 if (badops) { 406 for (pp = srp_usage; (*pp != NULL); pp++) 407 BIO_printf(bio_err, "%s", *pp); 408 409 BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, 410 LIST_SEPARATOR_CHAR); 411 BIO_printf(bio_err, 412 " load the file (or the files in the directory) into\n"); 413 BIO_printf(bio_err, " the random number generator\n"); 414 goto err; 415 } 416 417 ERR_load_crypto_strings(); 418 419 e = setup_engine(bio_err, engine, 0); 420 421 if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { 422 BIO_printf(bio_err, "Error getting passwords\n"); 423 goto err; 424 } 425 426 if (!dbfile) { 427 428 /*****************************************************************/ 429 tofree = NULL; 430 if (configfile == NULL) 431 configfile = getenv("OPENSSL_CONF"); 432 if (configfile == NULL) 433 configfile = getenv("SSLEAY_CONF"); 434 if (configfile == NULL) { 435 const char *s = X509_get_default_cert_area(); 436 size_t len; 437 438 # ifdef OPENSSL_SYS_VMS 439 len = strlen(s) + sizeof(CONFIG_FILE); 440 tofree = OPENSSL_malloc(len); 441 if (!tofree) { 442 BIO_printf(bio_err, "Out of memory\n"); 443 goto err; 444 } 445 strcpy(tofree, s); 446 # else 447 len = strlen(s) + sizeof(CONFIG_FILE) + 1; 448 tofree = OPENSSL_malloc(len); 449 if (!tofree) { 450 BIO_printf(bio_err, "Out of memory\n"); 451 goto err; 452 } 453 BUF_strlcpy(tofree, s, len); 454 BUF_strlcat(tofree, "/", len); 455 # endif 456 BUF_strlcat(tofree, CONFIG_FILE, len); 457 configfile = tofree; 458 } 459 460 VERBOSE BIO_printf(bio_err, "Using configuration from %s\n", 461 configfile); 462 conf = NCONF_new(NULL); 463 if (NCONF_load(conf, configfile, &errorline) <= 0) { 464 if (errorline <= 0) 465 BIO_printf(bio_err, "error loading the config file '%s'\n", 466 configfile); 467 else 468 BIO_printf(bio_err, "error on line %ld of config file '%s'\n", 469 errorline, configfile); 470 goto err; 471 } 472 if (tofree) { 473 OPENSSL_free(tofree); 474 tofree = NULL; 475 } 476 477 if (!load_config(bio_err, conf)) 478 goto err; 479 480 /* Lets get the config section we are using */ 481 if (section == NULL) { 482 VERBOSE BIO_printf(bio_err, 483 "trying to read " ENV_DEFAULT_SRP 484 " in \" BASE_SECTION \"\n"); 485 486 section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_SRP); 487 if (section == NULL) { 488 lookup_fail(BASE_SECTION, ENV_DEFAULT_SRP); 489 goto err; 490 } 491 } 492 493 if (randfile == NULL && conf) 494 randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); 495 496 VERBOSE BIO_printf(bio_err, 497 "trying to read " ENV_DATABASE 498 " in section \"%s\"\n", section); 499 500 if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) { 501 lookup_fail(section, ENV_DATABASE); 502 goto err; 503 } 504 505 } 506 if (randfile == NULL) 507 ERR_clear_error(); 508 else 509 app_RAND_load_file(randfile, bio_err, 0); 510 511 VERBOSE BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n", 512 dbfile); 513 514 db = load_index(dbfile, &db_attr); 515 if (db == NULL) 516 goto err; 517 518 /* Lets check some fields */ 519 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 520 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 521 522 if (pp[DB_srptype][0] == DB_SRP_INDEX) { 523 maxgN = i; 524 if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid])) 525 gNindex = i; 526 527 print_index(db, bio_err, i, verbose > 1); 528 } 529 } 530 531 VERBOSE BIO_printf(bio_err, "Database initialised\n"); 532 533 if (gNindex >= 0) { 534 gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex); 535 print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N"); 536 } else if (maxgN > 0 && !SRP_get_default_gN(gN)) { 537 BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN); 538 goto err; 539 } else { 540 VERBOSE BIO_printf(bio_err, "Database has no g N information.\n"); 541 gNrow = NULL; 542 } 543 544 VVERBOSE BIO_printf(bio_err, "Starting user processing\n"); 545 546 if (argc > 0) 547 user = *(argv++); 548 549 while (list_user || user) { 550 int userindex = -1; 551 if (user) 552 VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n", user); 553 if ((userindex = get_index(db, user, 'U')) >= 0) { 554 print_user(db, bio_err, userindex, (verbose > 0) || list_user); 555 } 556 557 if (list_user) { 558 if (user == NULL) { 559 BIO_printf(bio_err, "List all users\n"); 560 561 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 562 print_user(db, bio_err, i, 1); 563 } 564 list_user = 0; 565 } else if (userindex < 0) { 566 BIO_printf(bio_err, 567 "user \"%s\" does not exist, ignored. t\n", user); 568 errors++; 569 } 570 } else if (add_user) { 571 if (userindex >= 0) { 572 /* reactivation of a new user */ 573 char **row = 574 sk_OPENSSL_PSTRING_value(db->db->data, userindex); 575 BIO_printf(bio_err, "user \"%s\" reactivated.\n", user); 576 row[DB_srptype][0] = 'V'; 577 578 doupdatedb = 1; 579 } else { 580 char *row[DB_NUMBER]; 581 char *gNid; 582 row[DB_srpverifier] = NULL; 583 row[DB_srpsalt] = NULL; 584 row[DB_srpinfo] = NULL; 585 if (! 586 (gNid = 587 srp_create_user(user, &(row[DB_srpverifier]), 588 &(row[DB_srpsalt]), 589 gNrow ? gNrow[DB_srpsalt] : gN, 590 gNrow ? gNrow[DB_srpverifier] : NULL, 591 passout, bio_err, verbose))) { 592 BIO_printf(bio_err, 593 "Cannot create srp verifier for user \"%s\", operation abandoned .\n", 594 user); 595 errors++; 596 goto err; 597 } 598 row[DB_srpid] = BUF_strdup(user); 599 row[DB_srptype] = BUF_strdup("v"); 600 row[DB_srpgN] = BUF_strdup(gNid); 601 602 if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] 603 || !row[DB_srpverifier] || !row[DB_srpsalt] || (userinfo 604 && 605 (!(row 606 [DB_srpinfo] 607 = 608 BUF_strdup 609 (userinfo)))) 610 || !update_index(db, bio_err, row)) { 611 if (row[DB_srpid]) 612 OPENSSL_free(row[DB_srpid]); 613 if (row[DB_srpgN]) 614 OPENSSL_free(row[DB_srpgN]); 615 if (row[DB_srpinfo]) 616 OPENSSL_free(row[DB_srpinfo]); 617 if (row[DB_srptype]) 618 OPENSSL_free(row[DB_srptype]); 619 if (row[DB_srpverifier]) 620 OPENSSL_free(row[DB_srpverifier]); 621 if (row[DB_srpsalt]) 622 OPENSSL_free(row[DB_srpsalt]); 623 goto err; 624 } 625 doupdatedb = 1; 626 } 627 } else if (modify_user) { 628 if (userindex < 0) { 629 BIO_printf(bio_err, 630 "user \"%s\" does not exist, operation ignored.\n", 631 user); 632 errors++; 633 } else { 634 635 char **row = 636 sk_OPENSSL_PSTRING_value(db->db->data, userindex); 637 char type = row[DB_srptype][0]; 638 if (type == 'v') { 639 BIO_printf(bio_err, 640 "user \"%s\" already updated, operation ignored.\n", 641 user); 642 errors++; 643 } else { 644 char *gNid; 645 646 if (row[DB_srptype][0] == 'V') { 647 int user_gN; 648 char **irow = NULL; 649 VERBOSE BIO_printf(bio_err, 650 "Verifying password for user \"%s\"\n", 651 user); 652 if ((user_gN = 653 get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0) 654 irow = 655 (char **)sk_OPENSSL_PSTRING_value(db-> 656 db->data, 657 userindex); 658 659 if (!srp_verify_user 660 (user, row[DB_srpverifier], row[DB_srpsalt], 661 irow ? irow[DB_srpsalt] : row[DB_srpgN], 662 irow ? irow[DB_srpverifier] : NULL, passin, 663 bio_err, verbose)) { 664 BIO_printf(bio_err, 665 "Invalid password for user \"%s\", operation abandoned.\n", 666 user); 667 errors++; 668 goto err; 669 } 670 } 671 VERBOSE BIO_printf(bio_err, 672 "Password for user \"%s\" ok.\n", 673 user); 674 675 if (! 676 (gNid = 677 srp_create_user(user, &(row[DB_srpverifier]), 678 &(row[DB_srpsalt]), 679 gNrow ? gNrow[DB_srpsalt] : NULL, 680 gNrow ? gNrow[DB_srpverifier] : NULL, 681 passout, bio_err, verbose))) { 682 BIO_printf(bio_err, 683 "Cannot create srp verifier for user \"%s\", operation abandoned.\n", 684 user); 685 errors++; 686 goto err; 687 } 688 689 row[DB_srptype][0] = 'v'; 690 row[DB_srpgN] = BUF_strdup(gNid); 691 692 if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] 693 || !row[DB_srpverifier] || !row[DB_srpsalt] 694 || (userinfo 695 && (!(row[DB_srpinfo] = BUF_strdup(userinfo))))) 696 goto err; 697 698 doupdatedb = 1; 699 } 700 } 701 } else if (delete_user) { 702 if (userindex < 0) { 703 BIO_printf(bio_err, 704 "user \"%s\" does not exist, operation ignored. t\n", 705 user); 706 errors++; 707 } else { 708 char **xpp = 709 sk_OPENSSL_PSTRING_value(db->db->data, userindex); 710 BIO_printf(bio_err, "user \"%s\" revoked. t\n", user); 711 712 xpp[DB_srptype][0] = 'R'; 713 714 doupdatedb = 1; 715 } 716 } 717 if (--argc > 0) { 718 user = *(argv++); 719 } else { 720 user = NULL; 721 list_user = 0; 722 } 723 } 724 725 VERBOSE BIO_printf(bio_err, "User procession done.\n"); 726 727 if (doupdatedb) { 728 /* Lets check some fields */ 729 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 730 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 731 732 if (pp[DB_srptype][0] == 'v') { 733 pp[DB_srptype][0] = 'V'; 734 print_user(db, bio_err, i, verbose); 735 } 736 } 737 738 VERBOSE BIO_printf(bio_err, "Trying to update srpvfile.\n"); 739 if (!save_index(dbfile, "new", db)) 740 goto err; 741 742 VERBOSE BIO_printf(bio_err, "Temporary srpvfile created.\n"); 743 if (!rotate_index(dbfile, "new", "old")) 744 goto err; 745 746 VERBOSE BIO_printf(bio_err, "srpvfile updated.\n"); 747 } 748 749 ret = (errors != 0); 750 err: 751 if (errors != 0) 752 VERBOSE BIO_printf(bio_err, "User errors %d.\n", errors); 753 754 VERBOSE BIO_printf(bio_err, "SRP terminating with code %d.\n", ret); 755 if (tofree) 756 OPENSSL_free(tofree); 757 if (ret) 758 ERR_print_errors(bio_err); 759 if (randfile) 760 app_RAND_write_file(randfile, bio_err); 761 if (conf) 762 NCONF_free(conf); 763 if (db) 764 free_index(db); 765 766 release_engine(e); 767 OBJ_cleanup(); 768 apps_shutdown(); 769 OPENSSL_EXIT(ret); 770 } 771 772 #else 773 static void *dummy = &dummy; 774 #endif 775