1 /* apps/srp.c */
2 /*
3 * Written by Peter Sylvester (peter.sylvester@edelweb.fr) for the EdelKey
4 * project and contributed to the OpenSSL project 2004.
5 */
6 /* ====================================================================
7 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59 #include <openssl/opensslconf.h>
60
61 #ifndef OPENSSL_NO_SRP
62 # include <stdio.h>
63 # include <stdlib.h>
64 # include <string.h>
65 # include <openssl/conf.h>
66 # include <openssl/bio.h>
67 # include <openssl/err.h>
68 # include <openssl/txt_db.h>
69 # include <openssl/buffer.h>
70 # include <openssl/srp.h>
71
72 # include "apps.h"
73
74 # undef PROG
75 # define PROG srp_main
76
77 # define BASE_SECTION "srp"
78 # define CONFIG_FILE "openssl.cnf"
79
80 # define ENV_RANDFILE "RANDFILE"
81
82 # define ENV_DATABASE "srpvfile"
83 # define ENV_DEFAULT_SRP "default_srp"
84
85 static char *srp_usage[] = {
86 "usage: srp [args] [user] \n",
87 "\n",
88 " -verbose Talk alot while doing things\n",
89 " -config file A config file\n",
90 " -name arg The particular srp definition to use\n",
91 " -srpvfile arg The srp verifier file name\n",
92 " -add add an user and srp verifier\n",
93 " -modify modify the srp verifier of an existing user\n",
94 " -delete delete user from verifier file\n",
95 " -list list user\n",
96 " -gn arg g and N values to be used for new verifier\n",
97 " -userinfo arg additional info to be set for user\n",
98 " -passin arg input file pass phrase source\n",
99 " -passout arg output file pass phrase source\n",
100 # ifndef OPENSSL_NO_ENGINE
101 " -engine e - use engine e, possibly a hardware device.\n",
102 # endif
103 NULL
104 };
105
106 # ifdef EFENCE
107 extern int EF_PROTECT_FREE;
108 extern int EF_PROTECT_BELOW;
109 extern int EF_ALIGNMENT;
110 # endif
111
112 static CONF *conf = NULL;
113 static char *section = NULL;
114
115 # define VERBOSE if (verbose)
116 # define VVERBOSE if (verbose>1)
117
118 int MAIN(int, char **);
119
get_index(CA_DB * db,char * id,char type)120 static int get_index(CA_DB *db, char *id, char type)
121 {
122 char **pp;
123 int i;
124 if (id == NULL)
125 return -1;
126 if (type == DB_SRP_INDEX) {
127 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
128 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
129 if (pp[DB_srptype][0] == DB_SRP_INDEX
130 && !strcmp(id, pp[DB_srpid]))
131 return i;
132 }
133 } else {
134 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
135 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
136
137 if (pp[DB_srptype][0] != DB_SRP_INDEX
138 && !strcmp(id, pp[DB_srpid]))
139 return i;
140 }
141 }
142
143 return -1;
144 }
145
print_entry(CA_DB * db,BIO * bio,int indx,int verbose,char * s)146 static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s)
147 {
148 if (indx >= 0 && verbose) {
149 int j;
150 char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
151 BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]);
152 for (j = 0; j < DB_NUMBER; j++) {
153 BIO_printf(bio_err, " %d = \"%s\"\n", j, pp[j]);
154 }
155 }
156 }
157
print_index(CA_DB * db,BIO * bio,int indexindex,int verbose)158 static void print_index(CA_DB *db, BIO *bio, int indexindex, int verbose)
159 {
160 print_entry(db, bio, indexindex, verbose, "g N entry");
161 }
162
print_user(CA_DB * db,BIO * bio,int userindex,int verbose)163 static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose)
164 {
165 if (verbose > 0) {
166 char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
167
168 if (pp[DB_srptype][0] != 'I') {
169 print_entry(db, bio, userindex, verbose, "User entry");
170 print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose,
171 "g N entry");
172 }
173
174 }
175 }
176
update_index(CA_DB * db,BIO * bio,char ** row)177 static int update_index(CA_DB *db, BIO *bio, char **row)
178 {
179 char **irow;
180 int i;
181
182 irow = (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1));
183 if (irow == NULL) {
184 BIO_printf(bio_err, "Memory allocation failure\n");
185 return 0;
186 }
187
188 for (i = 0; i < DB_NUMBER; i++)
189 irow[i] = row[i];
190 irow[DB_NUMBER] = NULL;
191
192 if (!TXT_DB_insert(db->db, irow)) {
193 BIO_printf(bio, "failed to update srpvfile\n");
194 BIO_printf(bio, "TXT_DB error number %ld\n", db->db->error);
195 OPENSSL_free(irow);
196 return 0;
197 }
198 return 1;
199 }
200
lookup_fail(const char * name,char * tag)201 static void lookup_fail(const char *name, char *tag)
202 {
203 BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag);
204 }
205
srp_verify_user(const char * user,const char * srp_verifier,char * srp_usersalt,const char * g,const char * N,const char * passin,BIO * bio,int verbose)206 static char *srp_verify_user(const char *user, const char *srp_verifier,
207 char *srp_usersalt, const char *g, const char *N,
208 const char *passin, BIO *bio, int verbose)
209 {
210 char password[1025];
211 PW_CB_DATA cb_tmp;
212 char *verifier = NULL;
213 char *gNid = NULL;
214 int len;
215
216 cb_tmp.prompt_info = user;
217 cb_tmp.password = passin;
218
219 len = password_callback(password, sizeof(password)-1, 0, &cb_tmp);
220 if (len > 0) {
221 password[len] = 0;
222 VERBOSE BIO_printf(bio,
223 "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
224 user, srp_verifier, srp_usersalt, g, N);
225 VVERBOSE BIO_printf(bio, "Pass %s\n", password);
226
227 if (!(gNid = SRP_create_verifier(user, password, &srp_usersalt,
228 &verifier, N, g))) {
229 BIO_printf(bio, "Internal error validating SRP verifier\n");
230 } else {
231 if (strcmp(verifier, srp_verifier))
232 gNid = NULL;
233 OPENSSL_free(verifier);
234 }
235 OPENSSL_cleanse(password, len);
236 }
237 return gNid;
238 }
239
srp_create_user(char * user,char ** srp_verifier,char ** srp_usersalt,char * g,char * N,char * passout,BIO * bio,int verbose)240 static char *srp_create_user(char *user, char **srp_verifier,
241 char **srp_usersalt, char *g, char *N,
242 char *passout, BIO *bio, int verbose)
243 {
244 char password[1025];
245 PW_CB_DATA cb_tmp;
246 char *gNid = NULL;
247 char *salt = NULL;
248 int len;
249 cb_tmp.prompt_info = user;
250 cb_tmp.password = passout;
251
252 len = password_callback(password, sizeof(password)-1, 1, &cb_tmp);
253 if (len > 0) {
254 password[len] = 0;
255 VERBOSE BIO_printf(bio,
256 "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
257 user, g, N);
258 if (!(gNid = SRP_create_verifier(user, password, &salt,
259 srp_verifier, N, g))) {
260 BIO_printf(bio, "Internal error creating SRP verifier\n");
261 } else {
262 *srp_usersalt = salt;
263 }
264 OPENSSL_cleanse(password, len);
265 VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
266 gNid, salt, *srp_verifier);
267
268 }
269 return gNid;
270 }
271
MAIN(int argc,char ** argv)272 int MAIN(int argc, char **argv)
273 {
274 int add_user = 0;
275 int list_user = 0;
276 int delete_user = 0;
277 int modify_user = 0;
278 char *user = NULL;
279
280 char *passargin = NULL, *passargout = NULL;
281 char *passin = NULL, *passout = NULL;
282 char *gN = NULL;
283 int gNindex = -1;
284 char **gNrow = NULL;
285 int maxgN = -1;
286
287 char *userinfo = NULL;
288
289 int badops = 0;
290 int ret = 1;
291 int errors = 0;
292 int verbose = 0;
293 int doupdatedb = 0;
294 char *configfile = NULL;
295 char *dbfile = NULL;
296 CA_DB *db = NULL;
297 char **pp;
298 int i;
299 long errorline = -1;
300 char *randfile = NULL;
301 ENGINE *e = NULL;
302 char *engine = NULL;
303 char *tofree = NULL;
304 DB_ATTR db_attr;
305
306 # ifdef EFENCE
307 EF_PROTECT_FREE = 1;
308 EF_PROTECT_BELOW = 1;
309 EF_ALIGNMENT = 0;
310 # endif
311
312 apps_startup();
313
314 conf = NULL;
315 section = NULL;
316
317 if (bio_err == NULL)
318 if ((bio_err = BIO_new(BIO_s_file())) != NULL)
319 BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
320
321 argc--;
322 argv++;
323 while (argc >= 1 && badops == 0) {
324 if (strcmp(*argv, "-verbose") == 0) {
325 verbose++;
326 } else if (strcmp(*argv, "-config") == 0) {
327 if (--argc < 1)
328 goto bad;
329 configfile = *(++argv);
330 } else if (strcmp(*argv, "-name") == 0) {
331 if (--argc < 1)
332 goto bad;
333 section = *(++argv);
334 } else if (strcmp(*argv, "-srpvfile") == 0) {
335 if (--argc < 1)
336 goto bad;
337 dbfile = *(++argv);
338 } else if (strcmp(*argv, "-add") == 0) {
339 add_user = 1;
340 } else if (strcmp(*argv, "-delete") == 0) {
341 delete_user = 1;
342 } else if (strcmp(*argv, "-modify") == 0) {
343 modify_user = 1;
344 } else if (strcmp(*argv, "-list") == 0) {
345 list_user = 1;
346 } else if (strcmp(*argv, "-gn") == 0) {
347 if (--argc < 1)
348 goto bad;
349 gN = *(++argv);
350 } else if (strcmp(*argv, "-userinfo") == 0) {
351 if (--argc < 1)
352 goto bad;
353 userinfo = *(++argv);
354 } else if (strcmp(*argv, "-passin") == 0) {
355 if (--argc < 1)
356 goto bad;
357 passargin = *(++argv);
358 } else if (strcmp(*argv, "-passout") == 0) {
359 if (--argc < 1)
360 goto bad;
361 passargout = *(++argv);
362 }
363 # ifndef OPENSSL_NO_ENGINE
364 else if (strcmp(*argv, "-engine") == 0) {
365 if (--argc < 1)
366 goto bad;
367 engine = *(++argv);
368 }
369 # endif
370
371 else if (**argv == '-') {
372 bad:
373 BIO_printf(bio_err, "unknown option %s\n", *argv);
374 badops = 1;
375 break;
376 } else {
377 break;
378 }
379
380 argc--;
381 argv++;
382 }
383
384 if (dbfile && configfile) {
385 BIO_printf(bio_err,
386 "-dbfile and -configfile cannot be specified together.\n");
387 badops = 1;
388 }
389 if (add_user + delete_user + modify_user + list_user != 1) {
390 BIO_printf(bio_err,
391 "Exactly one of the options -add, -delete, -modify -list must be specified.\n");
392 badops = 1;
393 }
394 if (delete_user + modify_user + delete_user == 1 && argc <= 0) {
395 BIO_printf(bio_err,
396 "Need at least one user for options -add, -delete, -modify. \n");
397 badops = 1;
398 }
399 if ((passargin || passargout) && argc != 1) {
400 BIO_printf(bio_err,
401 "-passin, -passout arguments only valid with one user.\n");
402 badops = 1;
403 }
404
405 if (badops) {
406 for (pp = srp_usage; (*pp != NULL); pp++)
407 BIO_printf(bio_err, "%s", *pp);
408
409 BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
410 LIST_SEPARATOR_CHAR);
411 BIO_printf(bio_err,
412 " load the file (or the files in the directory) into\n");
413 BIO_printf(bio_err, " the random number generator\n");
414 goto err;
415 }
416
417 ERR_load_crypto_strings();
418
419 e = setup_engine(bio_err, engine, 0);
420
421 if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
422 BIO_printf(bio_err, "Error getting passwords\n");
423 goto err;
424 }
425
426 if (!dbfile) {
427
428 /*****************************************************************/
429 tofree = NULL;
430 if (configfile == NULL)
431 configfile = getenv("OPENSSL_CONF");
432 if (configfile == NULL)
433 configfile = getenv("SSLEAY_CONF");
434 if (configfile == NULL) {
435 const char *s = X509_get_default_cert_area();
436 size_t len;
437
438 # ifdef OPENSSL_SYS_VMS
439 len = strlen(s) + sizeof(CONFIG_FILE);
440 tofree = OPENSSL_malloc(len);
441 if (!tofree) {
442 BIO_printf(bio_err, "Out of memory\n");
443 goto err;
444 }
445 strcpy(tofree, s);
446 # else
447 len = strlen(s) + sizeof(CONFIG_FILE) + 1;
448 tofree = OPENSSL_malloc(len);
449 if (!tofree) {
450 BIO_printf(bio_err, "Out of memory\n");
451 goto err;
452 }
453 BUF_strlcpy(tofree, s, len);
454 BUF_strlcat(tofree, "/", len);
455 # endif
456 BUF_strlcat(tofree, CONFIG_FILE, len);
457 configfile = tofree;
458 }
459
460 VERBOSE BIO_printf(bio_err, "Using configuration from %s\n",
461 configfile);
462 conf = NCONF_new(NULL);
463 if (NCONF_load(conf, configfile, &errorline) <= 0) {
464 if (errorline <= 0)
465 BIO_printf(bio_err, "error loading the config file '%s'\n",
466 configfile);
467 else
468 BIO_printf(bio_err, "error on line %ld of config file '%s'\n",
469 errorline, configfile);
470 goto err;
471 }
472 if (tofree) {
473 OPENSSL_free(tofree);
474 tofree = NULL;
475 }
476
477 if (!load_config(bio_err, conf))
478 goto err;
479
480 /* Lets get the config section we are using */
481 if (section == NULL) {
482 VERBOSE BIO_printf(bio_err,
483 "trying to read " ENV_DEFAULT_SRP
484 " in \" BASE_SECTION \"\n");
485
486 section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_SRP);
487 if (section == NULL) {
488 lookup_fail(BASE_SECTION, ENV_DEFAULT_SRP);
489 goto err;
490 }
491 }
492
493 if (randfile == NULL && conf)
494 randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
495
496 VERBOSE BIO_printf(bio_err,
497 "trying to read " ENV_DATABASE
498 " in section \"%s\"\n", section);
499
500 if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
501 lookup_fail(section, ENV_DATABASE);
502 goto err;
503 }
504
505 }
506 if (randfile == NULL)
507 ERR_clear_error();
508 else
509 app_RAND_load_file(randfile, bio_err, 0);
510
511 VERBOSE BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
512 dbfile);
513
514 db = load_index(dbfile, &db_attr);
515 if (db == NULL)
516 goto err;
517
518 /* Lets check some fields */
519 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
520 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
521
522 if (pp[DB_srptype][0] == DB_SRP_INDEX) {
523 maxgN = i;
524 if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid]))
525 gNindex = i;
526
527 print_index(db, bio_err, i, verbose > 1);
528 }
529 }
530
531 VERBOSE BIO_printf(bio_err, "Database initialised\n");
532
533 if (gNindex >= 0) {
534 gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
535 print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N");
536 } else if (maxgN > 0 && !SRP_get_default_gN(gN)) {
537 BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
538 goto err;
539 } else {
540 VERBOSE BIO_printf(bio_err, "Database has no g N information.\n");
541 gNrow = NULL;
542 }
543
544 VVERBOSE BIO_printf(bio_err, "Starting user processing\n");
545
546 if (argc > 0)
547 user = *(argv++);
548
549 while (list_user || user) {
550 int userindex = -1;
551 if (user)
552 VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n", user);
553 if ((userindex = get_index(db, user, 'U')) >= 0) {
554 print_user(db, bio_err, userindex, (verbose > 0) || list_user);
555 }
556
557 if (list_user) {
558 if (user == NULL) {
559 BIO_printf(bio_err, "List all users\n");
560
561 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
562 print_user(db, bio_err, i, 1);
563 }
564 list_user = 0;
565 } else if (userindex < 0) {
566 BIO_printf(bio_err,
567 "user \"%s\" does not exist, ignored. t\n", user);
568 errors++;
569 }
570 } else if (add_user) {
571 if (userindex >= 0) {
572 /* reactivation of a new user */
573 char **row =
574 sk_OPENSSL_PSTRING_value(db->db->data, userindex);
575 BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
576 row[DB_srptype][0] = 'V';
577
578 doupdatedb = 1;
579 } else {
580 char *row[DB_NUMBER];
581 char *gNid;
582 row[DB_srpverifier] = NULL;
583 row[DB_srpsalt] = NULL;
584 row[DB_srpinfo] = NULL;
585 if (!
586 (gNid =
587 srp_create_user(user, &(row[DB_srpverifier]),
588 &(row[DB_srpsalt]),
589 gNrow ? gNrow[DB_srpsalt] : gN,
590 gNrow ? gNrow[DB_srpverifier] : NULL,
591 passout, bio_err, verbose))) {
592 BIO_printf(bio_err,
593 "Cannot create srp verifier for user \"%s\", operation abandoned .\n",
594 user);
595 errors++;
596 goto err;
597 }
598 row[DB_srpid] = BUF_strdup(user);
599 row[DB_srptype] = BUF_strdup("v");
600 row[DB_srpgN] = BUF_strdup(gNid);
601
602 if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype]
603 || !row[DB_srpverifier] || !row[DB_srpsalt] || (userinfo
604 &&
605 (!(row
606 [DB_srpinfo]
607 =
608 BUF_strdup
609 (userinfo))))
610 || !update_index(db, bio_err, row)) {
611 if (row[DB_srpid])
612 OPENSSL_free(row[DB_srpid]);
613 if (row[DB_srpgN])
614 OPENSSL_free(row[DB_srpgN]);
615 if (row[DB_srpinfo])
616 OPENSSL_free(row[DB_srpinfo]);
617 if (row[DB_srptype])
618 OPENSSL_free(row[DB_srptype]);
619 if (row[DB_srpverifier])
620 OPENSSL_free(row[DB_srpverifier]);
621 if (row[DB_srpsalt])
622 OPENSSL_free(row[DB_srpsalt]);
623 goto err;
624 }
625 doupdatedb = 1;
626 }
627 } else if (modify_user) {
628 if (userindex < 0) {
629 BIO_printf(bio_err,
630 "user \"%s\" does not exist, operation ignored.\n",
631 user);
632 errors++;
633 } else {
634
635 char **row =
636 sk_OPENSSL_PSTRING_value(db->db->data, userindex);
637 char type = row[DB_srptype][0];
638 if (type == 'v') {
639 BIO_printf(bio_err,
640 "user \"%s\" already updated, operation ignored.\n",
641 user);
642 errors++;
643 } else {
644 char *gNid;
645
646 if (row[DB_srptype][0] == 'V') {
647 int user_gN;
648 char **irow = NULL;
649 VERBOSE BIO_printf(bio_err,
650 "Verifying password for user \"%s\"\n",
651 user);
652 if ((user_gN =
653 get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
654 irow =
655 (char **)sk_OPENSSL_PSTRING_value(db->
656 db->data,
657 userindex);
658
659 if (!srp_verify_user
660 (user, row[DB_srpverifier], row[DB_srpsalt],
661 irow ? irow[DB_srpsalt] : row[DB_srpgN],
662 irow ? irow[DB_srpverifier] : NULL, passin,
663 bio_err, verbose)) {
664 BIO_printf(bio_err,
665 "Invalid password for user \"%s\", operation abandoned.\n",
666 user);
667 errors++;
668 goto err;
669 }
670 }
671 VERBOSE BIO_printf(bio_err,
672 "Password for user \"%s\" ok.\n",
673 user);
674
675 if (!
676 (gNid =
677 srp_create_user(user, &(row[DB_srpverifier]),
678 &(row[DB_srpsalt]),
679 gNrow ? gNrow[DB_srpsalt] : NULL,
680 gNrow ? gNrow[DB_srpverifier] : NULL,
681 passout, bio_err, verbose))) {
682 BIO_printf(bio_err,
683 "Cannot create srp verifier for user \"%s\", operation abandoned.\n",
684 user);
685 errors++;
686 goto err;
687 }
688
689 row[DB_srptype][0] = 'v';
690 row[DB_srpgN] = BUF_strdup(gNid);
691
692 if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype]
693 || !row[DB_srpverifier] || !row[DB_srpsalt]
694 || (userinfo
695 && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))))
696 goto err;
697
698 doupdatedb = 1;
699 }
700 }
701 } else if (delete_user) {
702 if (userindex < 0) {
703 BIO_printf(bio_err,
704 "user \"%s\" does not exist, operation ignored. t\n",
705 user);
706 errors++;
707 } else {
708 char **xpp =
709 sk_OPENSSL_PSTRING_value(db->db->data, userindex);
710 BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
711
712 xpp[DB_srptype][0] = 'R';
713
714 doupdatedb = 1;
715 }
716 }
717 if (--argc > 0) {
718 user = *(argv++);
719 } else {
720 user = NULL;
721 list_user = 0;
722 }
723 }
724
725 VERBOSE BIO_printf(bio_err, "User procession done.\n");
726
727 if (doupdatedb) {
728 /* Lets check some fields */
729 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
730 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
731
732 if (pp[DB_srptype][0] == 'v') {
733 pp[DB_srptype][0] = 'V';
734 print_user(db, bio_err, i, verbose);
735 }
736 }
737
738 VERBOSE BIO_printf(bio_err, "Trying to update srpvfile.\n");
739 if (!save_index(dbfile, "new", db))
740 goto err;
741
742 VERBOSE BIO_printf(bio_err, "Temporary srpvfile created.\n");
743 if (!rotate_index(dbfile, "new", "old"))
744 goto err;
745
746 VERBOSE BIO_printf(bio_err, "srpvfile updated.\n");
747 }
748
749 ret = (errors != 0);
750 err:
751 if (errors != 0)
752 VERBOSE BIO_printf(bio_err, "User errors %d.\n", errors);
753
754 VERBOSE BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
755 if (tofree)
756 OPENSSL_free(tofree);
757 if (ret)
758 ERR_print_errors(bio_err);
759 if (randfile)
760 app_RAND_write_file(randfile, bio_err);
761 if (conf)
762 NCONF_free(conf);
763 if (db)
764 free_index(db);
765
766 release_engine(e);
767 OBJ_cleanup();
768 apps_shutdown();
769 OPENSSL_EXIT(ret);
770 }
771
772 #else
773 static void *dummy = &dummy;
774 #endif
775