srp.c revision 312826
1/* apps/srp.c */ 2/* 3 * Written by Peter Sylvester (peter.sylvester@edelweb.fr) for the EdelKey 4 * project and contributed to the OpenSSL project 2004. 5 */ 6/* ==================================================================== 7 * Copyright (c) 2004 The OpenSSL Project. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * licensing@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This product includes cryptographic software written by Eric Young 55 * (eay@cryptsoft.com). This product includes software written by Tim 56 * Hudson (tjh@cryptsoft.com). 57 * 58 */ 59#include <openssl/opensslconf.h> 60 61#ifndef OPENSSL_NO_SRP 62# include <stdio.h> 63# include <stdlib.h> 64# include <string.h> 65# include <openssl/conf.h> 66# include <openssl/bio.h> 67# include <openssl/err.h> 68# include <openssl/txt_db.h> 69# include <openssl/buffer.h> 70# include <openssl/srp.h> 71 72# include "apps.h" 73 74# undef PROG 75# define PROG srp_main 76 77# define BASE_SECTION "srp" 78# define CONFIG_FILE "openssl.cnf" 79 80# define ENV_RANDFILE "RANDFILE" 81 82# define ENV_DATABASE "srpvfile" 83# define ENV_DEFAULT_SRP "default_srp" 84 85static char *srp_usage[] = { 86 "usage: srp [args] [user] \n", 87 "\n", 88 " -verbose Talk alot while doing things\n", 89 " -config file A config file\n", 90 " -name arg The particular srp definition to use\n", 91 " -srpvfile arg The srp verifier file name\n", 92 " -add add an user and srp verifier\n", 93 " -modify modify the srp verifier of an existing user\n", 94 " -delete delete user from verifier file\n", 95 " -list list user\n", 96 " -gn arg g and N values to be used for new verifier\n", 97 " -userinfo arg additional info to be set for user\n", 98 " -passin arg input file pass phrase source\n", 99 " -passout arg output file pass phrase source\n", 100# ifndef OPENSSL_NO_ENGINE 101 " -engine e - use engine e, possibly a hardware device.\n", 102# endif 103 NULL 104}; 105 106# ifdef EFENCE 107extern int EF_PROTECT_FREE; 108extern int EF_PROTECT_BELOW; 109extern int EF_ALIGNMENT; 110# endif 111 112static CONF *conf = NULL; 113static char *section = NULL; 114 115# define VERBOSE if (verbose) 116# define VVERBOSE if (verbose>1) 117 118int MAIN(int, char **); 119 120static int get_index(CA_DB *db, char *id, char type) 121{ 122 char **pp; 123 int i; 124 if (id == NULL) 125 return -1; 126 if (type == DB_SRP_INDEX) 127 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 128 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 129 if (pp[DB_srptype][0] == DB_SRP_INDEX 130 && !strcmp(id, pp[DB_srpid])) 131 return i; 132 } else 133 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 134 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 135 136 if (pp[DB_srptype][0] != DB_SRP_INDEX 137 && !strcmp(id, pp[DB_srpid])) 138 return i; 139 } 140 141 return -1; 142} 143 144static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s) 145{ 146 if (indx >= 0 && verbose) { 147 int j; 148 char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx); 149 BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]); 150 for (j = 0; j < DB_NUMBER; j++) { 151 BIO_printf(bio_err, " %d = \"%s\"\n", j, pp[j]); 152 } 153 } 154} 155 156static void print_index(CA_DB *db, BIO *bio, int indexindex, int verbose) 157{ 158 print_entry(db, bio, indexindex, verbose, "g N entry"); 159} 160 161static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose) 162{ 163 if (verbose > 0) { 164 char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex); 165 166 if (pp[DB_srptype][0] != 'I') { 167 print_entry(db, bio, userindex, verbose, "User entry"); 168 print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose, 169 "g N entry"); 170 } 171 172 } 173} 174 175static int update_index(CA_DB *db, BIO *bio, char **row) 176{ 177 char **irow; 178 int i; 179 180 if ((irow = 181 (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) { 182 BIO_printf(bio_err, "Memory allocation failure\n"); 183 return 0; 184 } 185 186 for (i = 0; i < DB_NUMBER; i++) { 187 irow[i] = row[i]; 188 row[i] = NULL; 189 } 190 irow[DB_NUMBER] = NULL; 191 192 if (!TXT_DB_insert(db->db, irow)) { 193 BIO_printf(bio, "failed to update srpvfile\n"); 194 BIO_printf(bio, "TXT_DB error number %ld\n", db->db->error); 195 OPENSSL_free(irow); 196 return 0; 197 } 198 return 1; 199} 200 201static void lookup_fail(const char *name, char *tag) 202{ 203 BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag); 204} 205 206static char *srp_verify_user(const char *user, const char *srp_verifier, 207 char *srp_usersalt, const char *g, const char *N, 208 const char *passin, BIO *bio, int verbose) 209{ 210 char password[1024]; 211 PW_CB_DATA cb_tmp; 212 char *verifier = NULL; 213 char *gNid = NULL; 214 215 cb_tmp.prompt_info = user; 216 cb_tmp.password = passin; 217 218 if (password_callback(password, 1024, 0, &cb_tmp) > 0) { 219 VERBOSE BIO_printf(bio, 220 "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", 221 user, srp_verifier, srp_usersalt, g, N); 222 BIO_printf(bio, "Pass %s\n", password); 223 224 if (! 225 (gNid = 226 SRP_create_verifier(user, password, &srp_usersalt, &verifier, N, 227 g))) { 228 BIO_printf(bio, "Internal error validating SRP verifier\n"); 229 } else { 230 if (strcmp(verifier, srp_verifier)) 231 gNid = NULL; 232 OPENSSL_free(verifier); 233 } 234 } 235 return gNid; 236} 237 238static char *srp_create_user(char *user, char **srp_verifier, 239 char **srp_usersalt, char *g, char *N, 240 char *passout, BIO *bio, int verbose) 241{ 242 char password[1024]; 243 PW_CB_DATA cb_tmp; 244 char *gNid = NULL; 245 char *salt = NULL; 246 cb_tmp.prompt_info = user; 247 cb_tmp.password = passout; 248 249 if (password_callback(password, 1024, 1, &cb_tmp) > 0) { 250 VERBOSE BIO_printf(bio, 251 "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", 252 user, g, N); 253 if (! 254 (gNid = 255 SRP_create_verifier(user, password, &salt, srp_verifier, N, 256 g))) { 257 BIO_printf(bio, "Internal error creating SRP verifier\n"); 258 } else 259 *srp_usersalt = salt; 260 VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", 261 gNid, salt, *srp_verifier); 262 263 } 264 return gNid; 265} 266 267int MAIN(int argc, char **argv) 268{ 269 int add_user = 0; 270 int list_user = 0; 271 int delete_user = 0; 272 int modify_user = 0; 273 char *user = NULL; 274 275 char *passargin = NULL, *passargout = NULL; 276 char *passin = NULL, *passout = NULL; 277 char *gN = NULL; 278 int gNindex = -1; 279 char **gNrow = NULL; 280 int maxgN = -1; 281 282 char *userinfo = NULL; 283 284 int badops = 0; 285 int ret = 1; 286 int errors = 0; 287 int verbose = 0; 288 int doupdatedb = 0; 289 char *configfile = NULL; 290 char *dbfile = NULL; 291 CA_DB *db = NULL; 292 char **pp; 293 int i; 294 long errorline = -1; 295 char *randfile = NULL; 296 ENGINE *e = NULL; 297 char *engine = NULL; 298 char *tofree = NULL; 299 DB_ATTR db_attr; 300 301# ifdef EFENCE 302 EF_PROTECT_FREE = 1; 303 EF_PROTECT_BELOW = 1; 304 EF_ALIGNMENT = 0; 305# endif 306 307 apps_startup(); 308 309 conf = NULL; 310 section = NULL; 311 312 if (bio_err == NULL) 313 if ((bio_err = BIO_new(BIO_s_file())) != NULL) 314 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT); 315 316 argc--; 317 argv++; 318 while (argc >= 1 && badops == 0) { 319 if (strcmp(*argv, "-verbose") == 0) 320 verbose++; 321 else if (strcmp(*argv, "-config") == 0) { 322 if (--argc < 1) 323 goto bad; 324 configfile = *(++argv); 325 } else if (strcmp(*argv, "-name") == 0) { 326 if (--argc < 1) 327 goto bad; 328 section = *(++argv); 329 } else if (strcmp(*argv, "-srpvfile") == 0) { 330 if (--argc < 1) 331 goto bad; 332 dbfile = *(++argv); 333 } else if (strcmp(*argv, "-add") == 0) 334 add_user = 1; 335 else if (strcmp(*argv, "-delete") == 0) 336 delete_user = 1; 337 else if (strcmp(*argv, "-modify") == 0) 338 modify_user = 1; 339 else if (strcmp(*argv, "-list") == 0) 340 list_user = 1; 341 else if (strcmp(*argv, "-gn") == 0) { 342 if (--argc < 1) 343 goto bad; 344 gN = *(++argv); 345 } else if (strcmp(*argv, "-userinfo") == 0) { 346 if (--argc < 1) 347 goto bad; 348 userinfo = *(++argv); 349 } else if (strcmp(*argv, "-passin") == 0) { 350 if (--argc < 1) 351 goto bad; 352 passargin = *(++argv); 353 } else if (strcmp(*argv, "-passout") == 0) { 354 if (--argc < 1) 355 goto bad; 356 passargout = *(++argv); 357 } 358# ifndef OPENSSL_NO_ENGINE 359 else if (strcmp(*argv, "-engine") == 0) { 360 if (--argc < 1) 361 goto bad; 362 engine = *(++argv); 363 } 364# endif 365 366 else if (**argv == '-') { 367 bad: 368 BIO_printf(bio_err, "unknown option %s\n", *argv); 369 badops = 1; 370 break; 371 } else 372 break; 373 374 argc--; 375 argv++; 376 } 377 378 if (dbfile && configfile) { 379 BIO_printf(bio_err, 380 "-dbfile and -configfile cannot be specified together.\n"); 381 badops = 1; 382 } 383 if (add_user + delete_user + modify_user + list_user != 1) { 384 BIO_printf(bio_err, 385 "Exactly one of the options -add, -delete, -modify -list must be specified.\n"); 386 badops = 1; 387 } 388 if (delete_user + modify_user + delete_user == 1 && argc <= 0) { 389 BIO_printf(bio_err, 390 "Need at least one user for options -add, -delete, -modify. \n"); 391 badops = 1; 392 } 393 if ((passin || passout) && argc != 1) { 394 BIO_printf(bio_err, 395 "-passin, -passout arguments only valid with one user.\n"); 396 badops = 1; 397 } 398 399 if (badops) { 400 for (pp = srp_usage; (*pp != NULL); pp++) 401 BIO_printf(bio_err, "%s", *pp); 402 403 BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, 404 LIST_SEPARATOR_CHAR); 405 BIO_printf(bio_err, 406 " load the file (or the files in the directory) into\n"); 407 BIO_printf(bio_err, " the random number generator\n"); 408 goto err; 409 } 410 411 ERR_load_crypto_strings(); 412 413 e = setup_engine(bio_err, engine, 0); 414 415 if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { 416 BIO_printf(bio_err, "Error getting passwords\n"); 417 goto err; 418 } 419 420 if (!dbfile) { 421 422 /*****************************************************************/ 423 tofree = NULL; 424 if (configfile == NULL) 425 configfile = getenv("OPENSSL_CONF"); 426 if (configfile == NULL) 427 configfile = getenv("SSLEAY_CONF"); 428 if (configfile == NULL) { 429 const char *s = X509_get_default_cert_area(); 430 size_t len; 431 432# ifdef OPENSSL_SYS_VMS 433 len = strlen(s) + sizeof(CONFIG_FILE); 434 tofree = OPENSSL_malloc(len); 435 if (!tofree) { 436 BIO_printf(bio_err, "Out of memory\n"); 437 goto err; 438 } 439 strcpy(tofree, s); 440# else 441 len = strlen(s) + sizeof(CONFIG_FILE) + 1; 442 tofree = OPENSSL_malloc(len); 443 if (!tofree) { 444 BIO_printf(bio_err, "Out of memory\n"); 445 goto err; 446 } 447 BUF_strlcpy(tofree, s, len); 448 BUF_strlcat(tofree, "/", len); 449# endif 450 BUF_strlcat(tofree, CONFIG_FILE, len); 451 configfile = tofree; 452 } 453 454 VERBOSE BIO_printf(bio_err, "Using configuration from %s\n", 455 configfile); 456 conf = NCONF_new(NULL); 457 if (NCONF_load(conf, configfile, &errorline) <= 0) { 458 if (errorline <= 0) 459 BIO_printf(bio_err, "error loading the config file '%s'\n", 460 configfile); 461 else 462 BIO_printf(bio_err, "error on line %ld of config file '%s'\n", 463 errorline, configfile); 464 goto err; 465 } 466 if (tofree) { 467 OPENSSL_free(tofree); 468 tofree = NULL; 469 } 470 471 if (!load_config(bio_err, conf)) 472 goto err; 473 474 /* Lets get the config section we are using */ 475 if (section == NULL) { 476 VERBOSE BIO_printf(bio_err, 477 "trying to read " ENV_DEFAULT_SRP 478 " in \" BASE_SECTION \"\n"); 479 480 section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_SRP); 481 if (section == NULL) { 482 lookup_fail(BASE_SECTION, ENV_DEFAULT_SRP); 483 goto err; 484 } 485 } 486 487 if (randfile == NULL && conf) 488 randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); 489 490 VERBOSE BIO_printf(bio_err, 491 "trying to read " ENV_DATABASE 492 " in section \"%s\"\n", section); 493 494 if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) { 495 lookup_fail(section, ENV_DATABASE); 496 goto err; 497 } 498 499 } 500 if (randfile == NULL) 501 ERR_clear_error(); 502 else 503 app_RAND_load_file(randfile, bio_err, 0); 504 505 VERBOSE BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n", 506 dbfile); 507 508 db = load_index(dbfile, &db_attr); 509 if (db == NULL) 510 goto err; 511 512 /* Lets check some fields */ 513 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 514 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 515 516 if (pp[DB_srptype][0] == DB_SRP_INDEX) { 517 maxgN = i; 518 if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid])) 519 gNindex = i; 520 521 print_index(db, bio_err, i, verbose > 1); 522 } 523 } 524 525 VERBOSE BIO_printf(bio_err, "Database initialised\n"); 526 527 if (gNindex >= 0) { 528 gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex); 529 print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N"); 530 } else if (maxgN > 0 && !SRP_get_default_gN(gN)) { 531 BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN); 532 goto err; 533 } else { 534 VERBOSE BIO_printf(bio_err, "Database has no g N information.\n"); 535 gNrow = NULL; 536 } 537 538 VVERBOSE BIO_printf(bio_err, "Starting user processing\n"); 539 540 if (argc > 0) 541 user = *(argv++); 542 543 while (list_user || user) { 544 int userindex = -1; 545 if (user) 546 VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n", user); 547 if ((userindex = get_index(db, user, 'U')) >= 0) { 548 print_user(db, bio_err, userindex, (verbose > 0) || list_user); 549 } 550 551 if (list_user) { 552 if (user == NULL) { 553 BIO_printf(bio_err, "List all users\n"); 554 555 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 556 print_user(db, bio_err, i, 1); 557 } 558 list_user = 0; 559 } else if (userindex < 0) { 560 BIO_printf(bio_err, 561 "user \"%s\" does not exist, ignored. t\n", user); 562 errors++; 563 } 564 } else if (add_user) { 565 if (userindex >= 0) { 566 /* reactivation of a new user */ 567 char **row = 568 sk_OPENSSL_PSTRING_value(db->db->data, userindex); 569 BIO_printf(bio_err, "user \"%s\" reactivated.\n", user); 570 row[DB_srptype][0] = 'V'; 571 572 doupdatedb = 1; 573 } else { 574 char *row[DB_NUMBER]; 575 char *gNid; 576 row[DB_srpverifier] = NULL; 577 row[DB_srpsalt] = NULL; 578 row[DB_srpinfo] = NULL; 579 if (! 580 (gNid = 581 srp_create_user(user, &(row[DB_srpverifier]), 582 &(row[DB_srpsalt]), 583 gNrow ? gNrow[DB_srpsalt] : gN, 584 gNrow ? gNrow[DB_srpverifier] : NULL, 585 passout, bio_err, verbose))) { 586 BIO_printf(bio_err, 587 "Cannot create srp verifier for user \"%s\", operation abandoned .\n", 588 user); 589 errors++; 590 goto err; 591 } 592 row[DB_srpid] = BUF_strdup(user); 593 row[DB_srptype] = BUF_strdup("v"); 594 row[DB_srpgN] = BUF_strdup(gNid); 595 596 if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] 597 || !row[DB_srpverifier] || !row[DB_srpsalt] || (userinfo 598 && 599 (!(row 600 [DB_srpinfo] 601 = 602 BUF_strdup 603 (userinfo)))) 604 || !update_index(db, bio_err, row)) { 605 if (row[DB_srpid]) 606 OPENSSL_free(row[DB_srpid]); 607 if (row[DB_srpgN]) 608 OPENSSL_free(row[DB_srpgN]); 609 if (row[DB_srpinfo]) 610 OPENSSL_free(row[DB_srpinfo]); 611 if (row[DB_srptype]) 612 OPENSSL_free(row[DB_srptype]); 613 if (row[DB_srpverifier]) 614 OPENSSL_free(row[DB_srpverifier]); 615 if (row[DB_srpsalt]) 616 OPENSSL_free(row[DB_srpsalt]); 617 goto err; 618 } 619 doupdatedb = 1; 620 } 621 } else if (modify_user) { 622 if (userindex < 0) { 623 BIO_printf(bio_err, 624 "user \"%s\" does not exist, operation ignored.\n", 625 user); 626 errors++; 627 } else { 628 629 char **row = 630 sk_OPENSSL_PSTRING_value(db->db->data, userindex); 631 char type = row[DB_srptype][0]; 632 if (type == 'v') { 633 BIO_printf(bio_err, 634 "user \"%s\" already updated, operation ignored.\n", 635 user); 636 errors++; 637 } else { 638 char *gNid; 639 640 if (row[DB_srptype][0] == 'V') { 641 int user_gN; 642 char **irow = NULL; 643 VERBOSE BIO_printf(bio_err, 644 "Verifying password for user \"%s\"\n", 645 user); 646 if ((user_gN = 647 get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0) 648 irow = 649 (char **)sk_OPENSSL_PSTRING_value(db-> 650 db->data, 651 userindex); 652 653 if (!srp_verify_user 654 (user, row[DB_srpverifier], row[DB_srpsalt], 655 irow ? irow[DB_srpsalt] : row[DB_srpgN], 656 irow ? irow[DB_srpverifier] : NULL, passin, 657 bio_err, verbose)) { 658 BIO_printf(bio_err, 659 "Invalid password for user \"%s\", operation abandoned.\n", 660 user); 661 errors++; 662 goto err; 663 } 664 } 665 VERBOSE BIO_printf(bio_err, 666 "Password for user \"%s\" ok.\n", 667 user); 668 669 if (! 670 (gNid = 671 srp_create_user(user, &(row[DB_srpverifier]), 672 &(row[DB_srpsalt]), 673 gNrow ? gNrow[DB_srpsalt] : NULL, 674 gNrow ? gNrow[DB_srpverifier] : NULL, 675 passout, bio_err, verbose))) { 676 BIO_printf(bio_err, 677 "Cannot create srp verifier for user \"%s\", operation abandoned.\n", 678 user); 679 errors++; 680 goto err; 681 } 682 683 row[DB_srptype][0] = 'v'; 684 row[DB_srpgN] = BUF_strdup(gNid); 685 686 if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] 687 || !row[DB_srpverifier] || !row[DB_srpsalt] 688 || (userinfo 689 && (!(row[DB_srpinfo] = BUF_strdup(userinfo))))) 690 goto err; 691 692 doupdatedb = 1; 693 } 694 } 695 } else if (delete_user) { 696 if (userindex < 0) { 697 BIO_printf(bio_err, 698 "user \"%s\" does not exist, operation ignored. t\n", 699 user); 700 errors++; 701 } else { 702 char **xpp = 703 sk_OPENSSL_PSTRING_value(db->db->data, userindex); 704 BIO_printf(bio_err, "user \"%s\" revoked. t\n", user); 705 706 xpp[DB_srptype][0] = 'R'; 707 708 doupdatedb = 1; 709 } 710 } 711 if (--argc > 0) 712 user = *(argv++); 713 else { 714 user = NULL; 715 list_user = 0; 716 } 717 } 718 719 VERBOSE BIO_printf(bio_err, "User procession done.\n"); 720 721 if (doupdatedb) { 722 /* Lets check some fields */ 723 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { 724 pp = sk_OPENSSL_PSTRING_value(db->db->data, i); 725 726 if (pp[DB_srptype][0] == 'v') { 727 pp[DB_srptype][0] = 'V'; 728 print_user(db, bio_err, i, verbose); 729 } 730 } 731 732 VERBOSE BIO_printf(bio_err, "Trying to update srpvfile.\n"); 733 if (!save_index(dbfile, "new", db)) 734 goto err; 735 736 VERBOSE BIO_printf(bio_err, "Temporary srpvfile created.\n"); 737 if (!rotate_index(dbfile, "new", "old")) 738 goto err; 739 740 VERBOSE BIO_printf(bio_err, "srpvfile updated.\n"); 741 } 742 743 ret = (errors != 0); 744 err: 745 if (errors != 0) 746 VERBOSE BIO_printf(bio_err, "User errors %d.\n", errors); 747 748 VERBOSE BIO_printf(bio_err, "SRP terminating with code %d.\n", ret); 749 if (tofree) 750 OPENSSL_free(tofree); 751 if (ret) 752 ERR_print_errors(bio_err); 753 if (randfile) 754 app_RAND_write_file(randfile, bio_err); 755 if (conf) 756 NCONF_free(conf); 757 if (db) 758 free_index(db); 759 760 release_engine(e); 761 OBJ_cleanup(); 762 apps_shutdown(); 763 OPENSSL_EXIT(ret); 764} 765 766#else 767static void *dummy = &dummy; 768#endif 769