1 /* apps/srp.c */ 2 /* 3 * Written by Peter Sylvester (peter.sylvester@edelweb.fr) for the EdelKey 4 * project and contributed to the OpenSSL project 2004. 5 */ 6 /* ==================================================================== 7 * Copyright (c) 2004 The OpenSSL Project. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * licensing@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This product includes cryptographic software written by Eric Young 55 * (eay@cryptsoft.com). This product includes software written by Tim 56 * Hudson (tjh@cryptsoft.com). 57 * 58 */ 59 #include <openssl/opensslconf.h> 60 61 #ifndef OPENSSL_NO_SRP 62 # include <stdio.h> 63 # include <stdlib.h> 64 # include <string.h> 65 # include <openssl/conf.h> 66 # include <openssl/bio.h> 67 # include <openssl/err.h> 68 # include <openssl/txt_db.h> 69 # include <openssl/buffer.h> 70 # include <openssl/srp.h> 71 72 # include "apps.h" 73 74 # undef PROG 75 # define PROG srp_main 76 77 # define BASE_SECTION "srp" 78 # define CONFIG_FILE "openssl.cnf" 79 80 # define ENV_RANDFILE "RANDFILE" 81 82 # define ENV_DATABASE "srpvfile" 83 # define ENV_DEFAULT_SRP "default_srp" 84 85 static char *srp_usage[] = { 86 "usage: srp [args] [user] \n", 87 "\n", 88 " -verbose Talk alot while doing things\n", 89 " -config file A config file\n", 90 " -name arg The particular srp definition to use\n", 91 " -srpvfile arg The srp verifier file name\n", 92 " -add add an user and srp verifier\n", 93 " -modify modify the srp verifier of an existing user\n", 94 " -delete delete user from verifier file\n", 95 " -list list user\n", 96 " -gn arg g and N values to be used for new verifier\n", 97 " -userinfo arg additional info to be set for user\n", 98 " -passin arg input file pass phrase source\n", 99 " -passout arg output file pass phrase source\n", 100 # ifndef OPENSSL_NO_ENGINE 101 " -engine e - use engine e, possibly a hardware device.\n", 102 # endif 103 NULL 104 }; 105 106 # ifdef EFENCE 107 extern int EF_PROTECT_FREE; 108 extern int EF_PROTECT_BELOW; 109 extern int EF_ALIGNMENT; 110 # endif 111 112 static CONF *conf = NULL; 113 static char *section = NULL; 114 115 # define VERBOSE if (verbose) 116 # define VVERBOSE if (verbose>1) 117 118 int MAIN(int, char **); 119 120 static int get_index(CA_DB *db, char *id, char type) 121 { 122 char **pp; 123 int i; 124 if (id == NULL) 125 return -1; 126 if (type == DB_SRP_INDEX) 127 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 128 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 129 if (pp[DB_srptype][0] == DB_SRP_INDEX 130 && !strcmp(id, pp[DB_srpid])) 131 return i; 132 } else 133 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 134 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 135 136 if (pp[DB_srptype][0] != DB_SRP_INDEX 137 && !strcmp(id, pp[DB_srpid])) 138 return i; 139 } 140 141 return -1; 142 } 143 144 static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s) 145 { 146 if (indx >= 0 && verbose) { 147 int j; 148 char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx); 149 BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]); 150 for (j = 0; j < DB_NUMBER; j++) { 151 BIO_printf(bio_err, " %d = \"%s\"\n", j, pp[j]); 152 } 153 } 154 } 155 156 static void print_index(CA_DB *db, BIO *bio, int indexindex, int verbose) 157 { 158 print_entry(db, bio, indexindex, verbose, "g N entry"); 159 } 160 161 static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose) 162 { 163 if (verbose > 0) { 164 char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex); 165 166 if (pp[DB_srptype][0] != 'I') { 167 print_entry(db, bio, userindex, verbose, "User entry"); 168 print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose, 169 "g N entry"); 170 } 171 172 } 173 } 174 175 static int update_index(CA_DB *db, BIO *bio, char **row) 176 { 177 char **irow; 178 int i; 179 180 if ((irow = 181 (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) { 182 BIO_printf(bio_err, "Memory allocation failure\n"); 183 return 0; 184 } 185 186 for (i = 0; i < DB_NUMBER; i++) { 187 irow[i] = row[i]; 188 row[i] = NULL; 189 } 190 irow[DB_NUMBER] = NULL; 191 192 if (!TXT_DB_insert(db->db, irow)) { 193 BIO_printf(bio, "failed to update srpvfile\n"); 194 BIO_printf(bio, "TXT_DB error number %ld\n", db->db->error); 195 OPENSSL_free(irow); 196 return 0; 197 } 198 return 1; 199 } 200 201 static void lookup_fail(const char *name, char *tag) 202 { 203 BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag); 204 } 205 206 static char *srp_verify_user(const char *user, const char *srp_verifier, 207 char *srp_usersalt, const char *g, const char *N, 208 const char *passin, BIO *bio, int verbose) 209 { 210 char password[1024]; 211 PW_CB_DATA cb_tmp; 212 char *verifier = NULL; 213 char *gNid = NULL; 214 215 cb_tmp.prompt_info = user; 216 cb_tmp.password = passin; 217 218 if (password_callback(password, 1024, 0, &cb_tmp) > 0) { 219 VERBOSE BIO_printf(bio, 220 "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", 221 user, srp_verifier, srp_usersalt, g, N); 222 BIO_printf(bio, "Pass %s\n", password); 223 224 if (! 225 (gNid = 226 SRP_create_verifier(user, password, &srp_usersalt, &verifier, N, 227 g))) { 228 BIO_printf(bio, "Internal error validating SRP verifier\n"); 229 } else { 230 if (strcmp(verifier, srp_verifier)) 231 gNid = NULL; 232 OPENSSL_free(verifier); 233 } 234 } 235 return gNid; 236 } 237 238 static char *srp_create_user(char *user, char **srp_verifier, 239 char **srp_usersalt, char *g, char *N, 240 char *passout, BIO *bio, int verbose) 241 { 242 char password[1024]; 243 PW_CB_DATA cb_tmp; 244 char *gNid = NULL; 245 char *salt = NULL; 246 cb_tmp.prompt_info = user; 247 cb_tmp.password = passout; 248 249 if (password_callback(password, 1024, 1, &cb_tmp) > 0) { 250 VERBOSE BIO_printf(bio, 251 "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", 252 user, g, N); 253 if (! 254 (gNid = 255 SRP_create_verifier(user, password, &salt, srp_verifier, N, 256 g))) { 257 BIO_printf(bio, "Internal error creating SRP verifier\n"); 258 } else 259 *srp_usersalt = salt; 260 VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", 261 gNid, salt, *srp_verifier); 262 263 } 264 return gNid; 265 } 266 267 int MAIN(int argc, char **argv) 268 { 269 int add_user = 0; 270 int list_user = 0; 271 int delete_user = 0; 272 int modify_user = 0; 273 char *user = NULL; 274 275 char *passargin = NULL, *passargout = NULL; 276 char *passin = NULL, *passout = NULL; 277 char *gN = NULL; 278 int gNindex = -1; 279 char **gNrow = NULL; 280 int maxgN = -1; 281 282 char *userinfo = NULL; 283 284 int badops = 0; 285 int ret = 1; 286 int errors = 0; 287 int verbose = 0; 288 int doupdatedb = 0; 289 char *configfile = NULL; 290 char *dbfile = NULL; 291 CA_DB *db = NULL; 292 char **pp; 293 int i; 294 long errorline = -1; 295 char *randfile = NULL; 296 ENGINE *e = NULL; 297 char *engine = NULL; 298 char *tofree = NULL; 299 DB_ATTR db_attr; 300 301 # ifdef EFENCE 302 EF_PROTECT_FREE = 1; 303 EF_PROTECT_BELOW = 1; 304 EF_ALIGNMENT = 0; 305 # endif 306 307 apps_startup(); 308 309 conf = NULL; 310 section = NULL; 311 312 if (bio_err == NULL) 313 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 314 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); 315 316 argc--; 317 argv++; 318 while (argc >= 1 && badops == 0) { 319 if (strcmp(*argv, "-verbose") == 0) 320 verbose++; 321 else if (strcmp(*argv, "-config") == 0) { 322 if (--argc < 1) 323 goto bad; 324 configfile = *(++argv); 325 } else if (strcmp(*argv, "-name") == 0) { 326 if (--argc < 1) 327 goto bad; 328 section = *(++argv); 329 } else if (strcmp(*argv, "-srpvfile") == 0) { 330 if (--argc < 1) 331 goto bad; 332 dbfile = *(++argv); 333 } else if (strcmp(*argv, "-add") == 0) 334 add_user = 1; 335 else if (strcmp(*argv, "-delete") == 0) 336 delete_user = 1; 337 else if (strcmp(*argv, "-modify") == 0) 338 modify_user = 1; 339 else if (strcmp(*argv, "-list") == 0) 340 list_user = 1; 341 else if (strcmp(*argv, "-gn") == 0) { 342 if (--argc < 1) 343 goto bad; 344 gN = *(++argv); 345 } else if (strcmp(*argv, "-userinfo") == 0) { 346 if (--argc < 1) 347 goto bad; 348 userinfo = *(++argv); 349 } else if (strcmp(*argv, "-passin") == 0) { 350 if (--argc < 1) 351 goto bad; 352 passargin = *(++argv); 353 } else if (strcmp(*argv, "-passout") == 0) { 354 if (--argc < 1) 355 goto bad; 356 passargout = *(++argv); 357 } 358 # ifndef OPENSSL_NO_ENGINE 359 else if (strcmp(*argv, "-engine") == 0) { 360 if (--argc < 1) 361 goto bad; 362 engine = *(++argv); 363 } 364 # endif 365 366 else if (**argv == '-') { 367 bad: 368 BIO_printf(bio_err, "unknown option %s\n", *argv); 369 badops = 1; 370 break; 371 } else 372 break; 373 374 argc--; 375 argv++; 376 } 377 378 if (dbfile && configfile) { 379 BIO_printf(bio_err, 380 "-dbfile and -configfile cannot be specified together.\n"); 381 badops = 1; 382 } 383 if (add_user + delete_user + modify_user + list_user != 1) { 384 BIO_printf(bio_err, 385 "Exactly one of the options -add, -delete, -modify -list must be specified.\n"); 386 badops = 1; 387 } 388 if (delete_user + modify_user + delete_user == 1 && argc <= 0) { 389 BIO_printf(bio_err, 390 "Need at least one user for options -add, -delete, -modify. \n"); 391 badops = 1; 392 } 393 if ((passin || passout) && argc != 1) { 394 BIO_printf(bio_err, 395 "-passin, -passout arguments only valid with one user.\n"); 396 badops = 1; 397 } 398 399 if (badops) { 400 for (pp = srp_usage; (*pp != NULL); pp++) 401 BIO_printf(bio_err, "%s", *pp); 402 403 BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, 404 LIST_SEPARATOR_CHAR); 405 BIO_printf(bio_err, 406 " load the file (or the files in the directory) into\n"); 407 BIO_printf(bio_err, " the random number generator\n"); 408 goto err; 409 } 410 411 ERR_load_crypto_strings(); 412 413 e = setup_engine(bio_err, engine, 0); 414 415 if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { 416 BIO_printf(bio_err, "Error getting passwords\n"); 417 goto err; 418 } 419 420 if (!dbfile) { 421 422 /*****************************************************************/ 423 tofree = NULL; 424 if (configfile == NULL) 425 configfile = getenv("OPENSSL_CONF"); 426 if (configfile == NULL) 427 configfile = getenv("SSLEAY_CONF"); 428 if (configfile == NULL) { 429 const char *s = X509_get_default_cert_area(); 430 size_t len; 431 432 # ifdef OPENSSL_SYS_VMS 433 len = strlen(s) + sizeof(CONFIG_FILE); 434 tofree = OPENSSL_malloc(len); 435 if (!tofree) { 436 BIO_printf(bio_err, "Out of memory\n"); 437 goto err; 438 } 439 strcpy(tofree, s); 440 # else 441 len = strlen(s) + sizeof(CONFIG_FILE) + 1; 442 tofree = OPENSSL_malloc(len); 443 if (!tofree) { 444 BIO_printf(bio_err, "Out of memory\n"); 445 goto err; 446 } 447 BUF_strlcpy(tofree, s, len); 448 BUF_strlcat(tofree, "/", len); 449 # endif 450 BUF_strlcat(tofree, CONFIG_FILE, len); 451 configfile = tofree; 452 } 453 454 VERBOSE BIO_printf(bio_err, "Using configuration from %s\n", 455 configfile); 456 conf = NCONF_new(NULL); 457 if (NCONF_load(conf, configfile, &errorline) <= 0) { 458 if (errorline <= 0) 459 BIO_printf(bio_err, "error loading the config file '%s'\n", 460 configfile); 461 else 462 BIO_printf(bio_err, "error on line %ld of config file '%s'\n", 463 errorline, configfile); 464 goto err; 465 } 466 if (tofree) { 467 OPENSSL_free(tofree); 468 tofree = NULL; 469 } 470 471 if (!load_config(bio_err, conf)) 472 goto err; 473 474 /* Lets get the config section we are using */ 475 if (section == NULL) { 476 VERBOSE BIO_printf(bio_err, 477 "trying to read " ENV_DEFAULT_SRP 478 " in \" BASE_SECTION \"\n"); 479 480 section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_SRP); 481 if (section == NULL) { 482 lookup_fail(BASE_SECTION, ENV_DEFAULT_SRP); 483 goto err; 484 } 485 } 486 487 if (randfile == NULL && conf) 488 randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); 489 490 VERBOSE BIO_printf(bio_err, 491 "trying to read " ENV_DATABASE 492 " in section \"%s\"\n", section); 493 494 if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) { 495 lookup_fail(section, ENV_DATABASE); 496 goto err; 497 } 498 499 } 500 if (randfile == NULL) 501 ERR_clear_error(); 502 else 503 app_RAND_load_file(randfile, bio_err, 0); 504 505 VERBOSE BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n", 506 dbfile); 507 508 db = load_index(dbfile, &db_attr); 509 if (db == NULL) 510 goto err; 511 512 /* Lets check some fields */ 513 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 514 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 515 516 if (pp[DB_srptype][0] == DB_SRP_INDEX) { 517 maxgN = i; 518 if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid])) 519 gNindex = i; 520 521 print_index(db, bio_err, i, verbose > 1); 522 } 523 } 524 525 VERBOSE BIO_printf(bio_err, "Database initialised\n"); 526 527 if (gNindex >= 0) { 528 gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex); 529 print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N"); 530 } else if (maxgN > 0 && !SRP_get_default_gN(gN)) { 531 BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN); 532 goto err; 533 } else { 534 VERBOSE BIO_printf(bio_err, "Database has no g N information.\n"); 535 gNrow = NULL; 536 } 537 538 VVERBOSE BIO_printf(bio_err, "Starting user processing\n"); 539 540 if (argc > 0) 541 user = *(argv++); 542 543 while (list_user || user) { 544 int userindex = -1; 545 if (user) 546 VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n", user); 547 if ((userindex = get_index(db, user, 'U')) >= 0) { 548 print_user(db, bio_err, userindex, (verbose > 0) || list_user); 549 } 550 551 if (list_user) { 552 if (user == NULL) { 553 BIO_printf(bio_err, "List all users\n"); 554 555 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 556 print_user(db, bio_err, i, 1); 557 } 558 list_user = 0; 559 } else if (userindex < 0) { 560 BIO_printf(bio_err, 561 "user \"%s\" does not exist, ignored. t\n", user); 562 errors++; 563 } 564 } else if (add_user) { 565 if (userindex >= 0) { 566 /* reactivation of a new user */ 567 char **row = 568 sk_OPENSSL_PSTRING_value(db->db->data, userindex); 569 BIO_printf(bio_err, "user \"%s\" reactivated.\n", user); 570 row[DB_srptype][0] = 'V'; 571 572 doupdatedb = 1; 573 } else { 574 char *row[DB_NUMBER]; 575 char *gNid; 576 row[DB_srpverifier] = NULL; 577 row[DB_srpsalt] = NULL; 578 row[DB_srpinfo] = NULL; 579 if (! 580 (gNid = 581 srp_create_user(user, &(row[DB_srpverifier]), 582 &(row[DB_srpsalt]), 583 gNrow ? gNrow[DB_srpsalt] : gN, 584 gNrow ? gNrow[DB_srpverifier] : NULL, 585 passout, bio_err, verbose))) { 586 BIO_printf(bio_err, 587 "Cannot create srp verifier for user \"%s\", operation abandoned .\n", 588 user); 589 errors++; 590 goto err; 591 } 592 row[DB_srpid] = BUF_strdup(user); 593 row[DB_srptype] = BUF_strdup("v"); 594 row[DB_srpgN] = BUF_strdup(gNid); 595 596 if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] 597 || !row[DB_srpverifier] || !row[DB_srpsalt] || (userinfo 598 && 599 (!(row 600 [DB_srpinfo] 601 = 602 BUF_strdup 603 (userinfo)))) 604 || !update_index(db, bio_err, row)) { 605 if (row[DB_srpid]) 606 OPENSSL_free(row[DB_srpid]); 607 if (row[DB_srpgN]) 608 OPENSSL_free(row[DB_srpgN]); 609 if (row[DB_srpinfo]) 610 OPENSSL_free(row[DB_srpinfo]); 611 if (row[DB_srptype]) 612 OPENSSL_free(row[DB_srptype]); 613 if (row[DB_srpverifier]) 614 OPENSSL_free(row[DB_srpverifier]); 615 if (row[DB_srpsalt]) 616 OPENSSL_free(row[DB_srpsalt]); 617 goto err; 618 } 619 doupdatedb = 1; 620 } 621 } else if (modify_user) { 622 if (userindex < 0) { 623 BIO_printf(bio_err, 624 "user \"%s\" does not exist, operation ignored.\n", 625 user); 626 errors++; 627 } else { 628 629 char **row = 630 sk_OPENSSL_PSTRING_value(db->db->data, userindex); 631 char type = row[DB_srptype][0]; 632 if (type == 'v') { 633 BIO_printf(bio_err, 634 "user \"%s\" already updated, operation ignored.\n", 635 user); 636 errors++; 637 } else { 638 char *gNid; 639 640 if (row[DB_srptype][0] == 'V') { 641 int user_gN; 642 char **irow = NULL; 643 VERBOSE BIO_printf(bio_err, 644 "Verifying password for user \"%s\"\n", 645 user); 646 if ((user_gN = 647 get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0) 648 irow = 649 (char **)sk_OPENSSL_PSTRING_value(db-> 650 db->data, 651 userindex); 652 653 if (!srp_verify_user 654 (user, row[DB_srpverifier], row[DB_srpsalt], 655 irow ? irow[DB_srpsalt] : row[DB_srpgN], 656 irow ? irow[DB_srpverifier] : NULL, passin, 657 bio_err, verbose)) { 658 BIO_printf(bio_err, 659 "Invalid password for user \"%s\", operation abandoned.\n", 660 user); 661 errors++; 662 goto err; 663 } 664 } 665 VERBOSE BIO_printf(bio_err, 666 "Password for user \"%s\" ok.\n", 667 user); 668 669 if (! 670 (gNid = 671 srp_create_user(user, &(row[DB_srpverifier]), 672 &(row[DB_srpsalt]), 673 gNrow ? gNrow[DB_srpsalt] : NULL, 674 gNrow ? gNrow[DB_srpverifier] : NULL, 675 passout, bio_err, verbose))) { 676 BIO_printf(bio_err, 677 "Cannot create srp verifier for user \"%s\", operation abandoned.\n", 678 user); 679 errors++; 680 goto err; 681 } 682 683 row[DB_srptype][0] = 'v'; 684 row[DB_srpgN] = BUF_strdup(gNid); 685 686 if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] 687 || !row[DB_srpverifier] || !row[DB_srpsalt] 688 || (userinfo 689 && (!(row[DB_srpinfo] = BUF_strdup(userinfo))))) 690 goto err; 691 692 doupdatedb = 1; 693 } 694 } 695 } else if (delete_user) { 696 if (userindex < 0) { 697 BIO_printf(bio_err, 698 "user \"%s\" does not exist, operation ignored. t\n", 699 user); 700 errors++; 701 } else { 702 char **xpp = 703 sk_OPENSSL_PSTRING_value(db->db->data, userindex); 704 BIO_printf(bio_err, "user \"%s\" revoked. t\n", user); 705 706 xpp[DB_srptype][0] = 'R'; 707 708 doupdatedb = 1; 709 } 710 } 711 if (--argc > 0) 712 user = *(argv++); 713 else { 714 user = NULL; 715 list_user = 0; 716 } 717 } 718 719 VERBOSE BIO_printf(bio_err, "User procession done.\n"); 720 721 if (doupdatedb) { 722 /* Lets check some fields */ 723 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 724 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 725 726 if (pp[DB_srptype][0] == 'v') { 727 pp[DB_srptype][0] = 'V'; 728 print_user(db, bio_err, i, verbose); 729 } 730 } 731 732 VERBOSE BIO_printf(bio_err, "Trying to update srpvfile.\n"); 733 if (!save_index(dbfile, "new", db)) 734 goto err; 735 736 VERBOSE BIO_printf(bio_err, "Temporary srpvfile created.\n"); 737 if (!rotate_index(dbfile, "new", "old")) 738 goto err; 739 740 VERBOSE BIO_printf(bio_err, "srpvfile updated.\n"); 741 } 742 743 ret = (errors != 0); 744 err: 745 if (errors != 0) 746 VERBOSE BIO_printf(bio_err, "User errors %d.\n", errors); 747 748 VERBOSE BIO_printf(bio_err, "SRP terminating with code %d.\n", ret); 749 if (tofree) 750 OPENSSL_free(tofree); 751 if (ret) 752 ERR_print_errors(bio_err); 753 if (randfile) 754 app_RAND_write_file(randfile, bio_err); 755 if (conf) 756 NCONF_free(conf); 757 if (db) 758 free_index(db); 759 760 release_engine(e); 761 OBJ_cleanup(); 762 apps_shutdown(); 763 OPENSSL_EXIT(ret); 764 } 765 766 #else 767 static void *dummy = &dummy; 768 #endif 769