From f4a12fc67689a830e9da1c87fd11afe5bc09deb3 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Thu, 2 Jan 2020 21:06:40 +0100 Subject: Issue #1338 - Part 2: Update NSS to 3.48-RTM --- security/nss/lib/sysinit/manifest.mn | 12 +-- security/nss/lib/sysinit/nsssysinit.c | 135 +++++++++++++++++--------------- security/nss/lib/sysinit/nsssysinit.def | 26 ++++++ security/nss/lib/sysinit/sysinit.gyp | 17 ++-- 4 files changed, 115 insertions(+), 75 deletions(-) create mode 100644 security/nss/lib/sysinit/nsssysinit.def (limited to 'security/nss/lib/sysinit') diff --git a/security/nss/lib/sysinit/manifest.mn b/security/nss/lib/sysinit/manifest.mn index 822f4fcbd..40a119e99 100644 --- a/security/nss/lib/sysinit/manifest.mn +++ b/security/nss/lib/sysinit/manifest.mn @@ -2,14 +2,16 @@ # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. +CORE_DEPTH = ../.. -CORE_DEPTH = ../.. - -# MODULE public and private header directories are implicitly REQUIRED. MODULE = nss -CSRCS = nsssysinit.c +CSRCS = \ + nsssysinit.c \ + $(NULL) LIBRARY_NAME = nsssysinit -#LIBRARY_VERSION = 3 +MAPFILE = $(OBJDIR)/nsssysinit.def +# This part of the code, including all sub-dirs, can be optimized for size +export ALLOW_OPT_CODE_SIZE = 1 diff --git a/security/nss/lib/sysinit/nsssysinit.c b/security/nss/lib/sysinit/nsssysinit.c index 39e2ad7a1..bd0fac2f4 100644 --- a/security/nss/lib/sysinit/nsssysinit.c +++ b/security/nss/lib/sysinit/nsssysinit.c @@ -15,11 +15,10 @@ * of pkcs11 modules common to all applications. */ -/* - * OS Specific function to get where the NSS user database should reside. - */ +#ifndef LINUX +#error __FILE__ only builds on Linux. +#endif -#ifdef XP_UNIX #include #include #include @@ -37,9 +36,41 @@ testdir(char *dir) return S_ISDIR(buf.st_mode); } +/** + * Append given @dir to @path and creates the directory with mode @mode. + * Returns 0 if successful, -1 otherwise. + * Assumes that the allocation for @path has sufficient space for @dir + * to be added. + */ +static int +appendDirAndCreate(char *path, char *dir, mode_t mode) +{ + PORT_Strcat(path, dir); + if (!testdir(path)) { + if (mkdir(path, mode)) { + return -1; + } + } + return 0; +} + +#define XDG_NSS_USER_PATH1 "/.local" +#define XDG_NSS_USER_PATH2 "/share" +#define XDG_NSS_USER_PATH3 "/pki" + #define NSS_USER_PATH1 "/.pki" #define NSS_USER_PATH2 "/nssdb" -static char * + +/** + * Return the path to user's NSS database. + * We search in the following dirs in order: + * (1) $HOME/.pki/nssdb; + * (2) $XDG_DATA_HOME/pki/nssdb if XDG_DATA_HOME is set; + * (3) $HOME/.local/share/pki/nssdb (default XDG_DATA_HOME value). + * If (1) does not exist, then the returned dir will be set to either + * (2) or (3), depending if XDG_DATA_HOME is set. + */ +char * getUserDB(void) { char *userdir = PR_GetEnvSecure("HOME"); @@ -50,22 +81,47 @@ getUserDB(void) } nssdir = PORT_Alloc(strlen(userdir) + sizeof(NSS_USER_PATH1) + sizeof(NSS_USER_PATH2)); - if (nssdir == NULL) { - return NULL; - } PORT_Strcpy(nssdir, userdir); - /* verify it exists */ - if (!testdir(nssdir)) { + PORT_Strcat(nssdir, NSS_USER_PATH1 NSS_USER_PATH2); + if (testdir(nssdir)) { + /* $HOME/.pki/nssdb exists */ + return nssdir; + } else { + /* either $HOME/.pki or $HOME/.pki/nssdb does not exist */ PORT_Free(nssdir); - return NULL; } - PORT_Strcat(nssdir, NSS_USER_PATH1); - if (!testdir(nssdir) && mkdir(nssdir, 0760)) { - PORT_Free(nssdir); + int size = 0; + char *xdguserdatadir = PR_GetEnvSecure("XDG_DATA_HOME"); + if (xdguserdatadir) { + size = strlen(xdguserdatadir); + } else { + size = strlen(userdir) + sizeof(XDG_NSS_USER_PATH1) + sizeof(XDG_NSS_USER_PATH2); + } + size += sizeof(XDG_NSS_USER_PATH3) + sizeof(NSS_USER_PATH2); + + nssdir = PORT_Alloc(size); + if (nssdir == NULL) { return NULL; } - PORT_Strcat(nssdir, NSS_USER_PATH2); - if (!testdir(nssdir) && mkdir(nssdir, 0760)) { + + if (xdguserdatadir) { + PORT_Strcpy(nssdir, xdguserdatadir); + if (!testdir(nssdir)) { + PORT_Free(nssdir); + return NULL; + } + + } else { + PORT_Strcpy(nssdir, userdir); + if (appendDirAndCreate(nssdir, XDG_NSS_USER_PATH1, 0755) || + appendDirAndCreate(nssdir, XDG_NSS_USER_PATH2, 0755)) { + PORT_Free(nssdir); + return NULL; + } + } + /* ${XDG_DATA_HOME:-$HOME/.local/share}/pki/nssdb */ + if (appendDirAndCreate(nssdir, XDG_NSS_USER_PATH3, 0760) || + appendDirAndCreate(nssdir, NSS_USER_PATH2, 0760)) { PORT_Free(nssdir); return NULL; } @@ -93,44 +149,6 @@ userCanModifySystemDB() return (access(NSS_DEFAULT_SYSTEM, W_OK) == 0); } -#else -#ifdef XP_WIN -static char * -getUserDB(void) -{ - /* use the registry to find the user's NSS_DIR. if no entry exists, create - * one in the users Appdir location */ - return NULL; -} - -static char * -getSystemDB(void) -{ - /* use the registry to find the system's NSS_DIR. if no entry exists, create - * one based on the windows system data area */ - return NULL; -} - -static PRBool -userIsRoot() -{ - /* use the registry to find if the user is the system administrator. */ - return PR_FALSE; -} - -static PRBool -userCanModifySystemDB() -{ - /* use the registry to find if the user has administrative privilege - * to modify the system's nss database. */ - return PR_FALSE; -} - -#else -#error "Need to write getUserDB, SystemDB, userIsRoot, and userCanModifySystemDB functions" -#endif -#endif - static PRBool getFIPSEnv(void) { @@ -146,7 +164,6 @@ getFIPSEnv(void) } return PR_FALSE; } -#ifdef XP_LINUX static PRBool getFIPSMode(void) @@ -171,14 +188,6 @@ getFIPSMode(void) return PR_TRUE; } -#else -static PRBool -getFIPSMode(void) -{ - return getFIPSEnv(); -} -#endif - #define NSS_DEFAULT_FLAGS "flags=readonly" /* configuration flags according to diff --git a/security/nss/lib/sysinit/nsssysinit.def b/security/nss/lib/sysinit/nsssysinit.def new file mode 100644 index 000000000..2e272be06 --- /dev/null +++ b/security/nss/lib/sysinit/nsssysinit.def @@ -0,0 +1,26 @@ +;+# +;+# This Source Code Form is subject to the terms of the Mozilla Public +;+# License, v. 2.0. If a copy of the MPL was not distributed with this +;+# file, You can obtain one at http://mozilla.org/MPL/2.0/. +;+# +;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS +;+# 1. For all unix platforms, the string ";-" means "remove this line" +;+# 2. For all unix platforms, the string " DATA " will be removed from any +;+# line on which it occurs. +;+# 3. Lines containing ";+" will have ";+" removed on SUN and LINUX. +;+# On AIX, lines containing ";+" will be removed. +;+# 4. For all unix platforms, the string ";;" will thave the ";;" removed. +;+# 5. For all unix platforms, after the above processing has taken place, +;+# all characters after the first ";" on the line will be removed. +;+# And for AIX, the first ";" will also be removed. +;+# This file is passed directly to windows. Since ';' is a comment, all UNIX +;+# directives are hidden behind ";", ";+", and ";-" +;+ +;+NSS_3.15 { # NSS 3.15 release +;+ global: +LIBRARY nsssysiniit ;- +EXPORTS ;- +NSS_ReturnModuleSpecData; +;+ local: +;+*; +;+}; diff --git a/security/nss/lib/sysinit/sysinit.gyp b/security/nss/lib/sysinit/sysinit.gyp index e961325f6..d76c27598 100644 --- a/security/nss/lib/sysinit/sysinit.gyp +++ b/security/nss/lib/sysinit/sysinit.gyp @@ -3,29 +3,32 @@ # file, You can obtain one at http://mozilla.org/MPL/2.0/. { 'includes': [ - '../../coreconf/config.gypi' + '../../coreconf/config.gypi', ], 'targets': [ { 'target_name': 'nsssysinit_static', 'type': 'static_library', 'sources': [ - 'nsssysinit.c' + 'nsssysinit.c', ], 'dependencies': [ '<(DEPTH)/exports.gyp:nss_exports', '<(DEPTH)/lib/util/util.gyp:nssutil3' - ] + ], }, { 'target_name': 'nsssysinit', 'type': 'shared_library', 'dependencies': [ - 'nsssysinit_static' - ] + 'nsssysinit_static', + ], + 'variables': { + 'mapfile': 'nsssysinit.def', + }, } ], 'variables': { - 'module': 'nss' + 'module': 'nss', } -} \ No newline at end of file +} -- cgit v1.2.3