summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/sysinit
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/sysinit')
-rw-r--r--security/nss/lib/sysinit/manifest.mn12
-rw-r--r--security/nss/lib/sysinit/nsssysinit.c135
-rw-r--r--security/nss/lib/sysinit/nsssysinit.def26
-rw-r--r--security/nss/lib/sysinit/sysinit.gyp17
4 files changed, 115 insertions, 75 deletions
diff --git a/security/nss/lib/sysinit/manifest.mn b/security/nss/lib/sysinit/manifest.mn
index 822f4fcbd..40a119e99 100644
--- a/security/nss/lib/sysinit/manifest.mn
+++ b/security/nss/lib/sysinit/manifest.mn
@@ -2,14 +2,16 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
-CORE_DEPTH = ../..
-
-# MODULE public and private header directories are implicitly REQUIRED.
MODULE = nss
-CSRCS = nsssysinit.c
+CSRCS = \
+ nsssysinit.c \
+ $(NULL)
LIBRARY_NAME = nsssysinit
-#LIBRARY_VERSION = 3
+MAPFILE = $(OBJDIR)/nsssysinit.def
+# This part of the code, including all sub-dirs, can be optimized for size
+export ALLOW_OPT_CODE_SIZE = 1
diff --git a/security/nss/lib/sysinit/nsssysinit.c b/security/nss/lib/sysinit/nsssysinit.c
index 39e2ad7a1..bd0fac2f4 100644
--- a/security/nss/lib/sysinit/nsssysinit.c
+++ b/security/nss/lib/sysinit/nsssysinit.c
@@ -15,11 +15,10 @@
* of pkcs11 modules common to all applications.
*/
-/*
- * OS Specific function to get where the NSS user database should reside.
- */
+#ifndef LINUX
+#error __FILE__ only builds on Linux.
+#endif
-#ifdef XP_UNIX
#include <unistd.h>
#include <sys/stat.h>
#include <sys/types.h>
@@ -37,9 +36,41 @@ testdir(char *dir)
return S_ISDIR(buf.st_mode);
}
+/**
+ * Append given @dir to @path and creates the directory with mode @mode.
+ * Returns 0 if successful, -1 otherwise.
+ * Assumes that the allocation for @path has sufficient space for @dir
+ * to be added.
+ */
+static int
+appendDirAndCreate(char *path, char *dir, mode_t mode)
+{
+ PORT_Strcat(path, dir);
+ if (!testdir(path)) {
+ if (mkdir(path, mode)) {
+ return -1;
+ }
+ }
+ return 0;
+}
+
+#define XDG_NSS_USER_PATH1 "/.local"
+#define XDG_NSS_USER_PATH2 "/share"
+#define XDG_NSS_USER_PATH3 "/pki"
+
#define NSS_USER_PATH1 "/.pki"
#define NSS_USER_PATH2 "/nssdb"
-static char *
+
+/**
+ * Return the path to user's NSS database.
+ * We search in the following dirs in order:
+ * (1) $HOME/.pki/nssdb;
+ * (2) $XDG_DATA_HOME/pki/nssdb if XDG_DATA_HOME is set;
+ * (3) $HOME/.local/share/pki/nssdb (default XDG_DATA_HOME value).
+ * If (1) does not exist, then the returned dir will be set to either
+ * (2) or (3), depending if XDG_DATA_HOME is set.
+ */
+char *
getUserDB(void)
{
char *userdir = PR_GetEnvSecure("HOME");
@@ -50,22 +81,47 @@ getUserDB(void)
}
nssdir = PORT_Alloc(strlen(userdir) + sizeof(NSS_USER_PATH1) + sizeof(NSS_USER_PATH2));
- if (nssdir == NULL) {
- return NULL;
- }
PORT_Strcpy(nssdir, userdir);
- /* verify it exists */
- if (!testdir(nssdir)) {
+ PORT_Strcat(nssdir, NSS_USER_PATH1 NSS_USER_PATH2);
+ if (testdir(nssdir)) {
+ /* $HOME/.pki/nssdb exists */
+ return nssdir;
+ } else {
+ /* either $HOME/.pki or $HOME/.pki/nssdb does not exist */
PORT_Free(nssdir);
- return NULL;
}
- PORT_Strcat(nssdir, NSS_USER_PATH1);
- if (!testdir(nssdir) && mkdir(nssdir, 0760)) {
- PORT_Free(nssdir);
+ int size = 0;
+ char *xdguserdatadir = PR_GetEnvSecure("XDG_DATA_HOME");
+ if (xdguserdatadir) {
+ size = strlen(xdguserdatadir);
+ } else {
+ size = strlen(userdir) + sizeof(XDG_NSS_USER_PATH1) + sizeof(XDG_NSS_USER_PATH2);
+ }
+ size += sizeof(XDG_NSS_USER_PATH3) + sizeof(NSS_USER_PATH2);
+
+ nssdir = PORT_Alloc(size);
+ if (nssdir == NULL) {
return NULL;
}
- PORT_Strcat(nssdir, NSS_USER_PATH2);
- if (!testdir(nssdir) && mkdir(nssdir, 0760)) {
+
+ if (xdguserdatadir) {
+ PORT_Strcpy(nssdir, xdguserdatadir);
+ if (!testdir(nssdir)) {
+ PORT_Free(nssdir);
+ return NULL;
+ }
+
+ } else {
+ PORT_Strcpy(nssdir, userdir);
+ if (appendDirAndCreate(nssdir, XDG_NSS_USER_PATH1, 0755) ||
+ appendDirAndCreate(nssdir, XDG_NSS_USER_PATH2, 0755)) {
+ PORT_Free(nssdir);
+ return NULL;
+ }
+ }
+ /* ${XDG_DATA_HOME:-$HOME/.local/share}/pki/nssdb */
+ if (appendDirAndCreate(nssdir, XDG_NSS_USER_PATH3, 0760) ||
+ appendDirAndCreate(nssdir, NSS_USER_PATH2, 0760)) {
PORT_Free(nssdir);
return NULL;
}
@@ -93,44 +149,6 @@ userCanModifySystemDB()
return (access(NSS_DEFAULT_SYSTEM, W_OK) == 0);
}
-#else
-#ifdef XP_WIN
-static char *
-getUserDB(void)
-{
- /* use the registry to find the user's NSS_DIR. if no entry exists, create
- * one in the users Appdir location */
- return NULL;
-}
-
-static char *
-getSystemDB(void)
-{
- /* use the registry to find the system's NSS_DIR. if no entry exists, create
- * one based on the windows system data area */
- return NULL;
-}
-
-static PRBool
-userIsRoot()
-{
- /* use the registry to find if the user is the system administrator. */
- return PR_FALSE;
-}
-
-static PRBool
-userCanModifySystemDB()
-{
- /* use the registry to find if the user has administrative privilege
- * to modify the system's nss database. */
- return PR_FALSE;
-}
-
-#else
-#error "Need to write getUserDB, SystemDB, userIsRoot, and userCanModifySystemDB functions"
-#endif
-#endif
-
static PRBool
getFIPSEnv(void)
{
@@ -146,7 +164,6 @@ getFIPSEnv(void)
}
return PR_FALSE;
}
-#ifdef XP_LINUX
static PRBool
getFIPSMode(void)
@@ -171,14 +188,6 @@ getFIPSMode(void)
return PR_TRUE;
}
-#else
-static PRBool
-getFIPSMode(void)
-{
- return getFIPSEnv();
-}
-#endif
-
#define NSS_DEFAULT_FLAGS "flags=readonly"
/* configuration flags according to
diff --git a/security/nss/lib/sysinit/nsssysinit.def b/security/nss/lib/sysinit/nsssysinit.def
new file mode 100644
index 000000000..2e272be06
--- /dev/null
+++ b/security/nss/lib/sysinit/nsssysinit.def
@@ -0,0 +1,26 @@
+;+#
+;+# This Source Code Form is subject to the terms of the Mozilla Public
+;+# License, v. 2.0. If a copy of the MPL was not distributed with this
+;+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;+#
+;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
+;+# 1. For all unix platforms, the string ";-" means "remove this line"
+;+# 2. For all unix platforms, the string " DATA " will be removed from any
+;+# line on which it occurs.
+;+# 3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
+;+# On AIX, lines containing ";+" will be removed.
+;+# 4. For all unix platforms, the string ";;" will thave the ";;" removed.
+;+# 5. For all unix platforms, after the above processing has taken place,
+;+# all characters after the first ";" on the line will be removed.
+;+# And for AIX, the first ";" will also be removed.
+;+# This file is passed directly to windows. Since ';' is a comment, all UNIX
+;+# directives are hidden behind ";", ";+", and ";-"
+;+
+;+NSS_3.15 { # NSS 3.15 release
+;+ global:
+LIBRARY nsssysiniit ;-
+EXPORTS ;-
+NSS_ReturnModuleSpecData;
+;+ local:
+;+*;
+;+};
diff --git a/security/nss/lib/sysinit/sysinit.gyp b/security/nss/lib/sysinit/sysinit.gyp
index e961325f6..d76c27598 100644
--- a/security/nss/lib/sysinit/sysinit.gyp
+++ b/security/nss/lib/sysinit/sysinit.gyp
@@ -3,29 +3,32 @@
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
{
'includes': [
- '../../coreconf/config.gypi'
+ '../../coreconf/config.gypi',
],
'targets': [
{
'target_name': 'nsssysinit_static',
'type': 'static_library',
'sources': [
- 'nsssysinit.c'
+ 'nsssysinit.c',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'<(DEPTH)/lib/util/util.gyp:nssutil3'
- ]
+ ],
},
{
'target_name': 'nsssysinit',
'type': 'shared_library',
'dependencies': [
- 'nsssysinit_static'
- ]
+ 'nsssysinit_static',
+ ],
+ 'variables': {
+ 'mapfile': 'nsssysinit.def',
+ },
}
],
'variables': {
- 'module': 'nss'
+ 'module': 'nss',
}
-} \ No newline at end of file
+}