[Pkg-fedora-ds-maintainers] [libapache2-mod-nss] 77/156: 204138
Timo Aaltonen
tjaalton-guest at moszumanska.debian.org
Wed Jul 2 13:55:30 UTC 2014
This is an automated email from the git hooks/post-receive script.
tjaalton-guest pushed a commit to branch master
in repository libapache2-mod-nss.
commit 555efa7bf2c4901a06297848f4b569c102cb7af1
Author: rcritten <>
Date: Fri Aug 25 20:19:48 2006 +0000
204138
Add new NSSPassPhraseDialog method, defer, where only the tokens that
are found in the file pointed to by this directive are initialized.
Otherwise every token that NSS finds it attempts to authenticate.
Syntax is: NSSPassPhraseDialog defer:/path/to/password.conf
---
mod_nss.h | 1 +
nss_engine_config.c | 16 +++++++++++++---
nss_engine_pphrase.c | 20 +++++++++++++++++++-
3 files changed, 33 insertions(+), 4 deletions(-)
diff --git a/mod_nss.h b/mod_nss.h
index e60281e..1e4ccd3 100644
--- a/mod_nss.h
+++ b/mod_nss.h
@@ -200,6 +200,7 @@ typedef enum {
SSL_PPTYPE_UNSET = UNSET,
SSL_PPTYPE_BUILTIN = 0,
SSL_PPTYPE_FILE = 1,
+ SSL_PPTYPE_DEFER = 2,
} nss_pphrase_t;
/*
diff --git a/nss_engine_config.c b/nss_engine_config.c
index 771fa0b..dd54fdb 100644
--- a/nss_engine_config.c
+++ b/nss_engine_config.c
@@ -546,12 +546,18 @@ const char *nss_cmd_NSSPassPhraseDialog(cmd_parms *cmd,
mc->pphrase_dialog_type = SSL_PPTYPE_BUILTIN;
mc->pphrase_dialog_path = NULL;
}
- else if ((arglen > 5) && strEQn(arg, "file:", 5)) {
+ else if (((arglen > 5) && strEQn(arg, "file:", 5)) ||
+ ((arglen > 6) && strEQn(arg, "defer:", 6))) {
apr_finfo_t finfo;
apr_status_t rc;
- mc->pphrase_dialog_type = SSL_PPTYPE_FILE;
- mc->pphrase_dialog_path = ap_server_root_relative(cmd->pool, arg+5);
+ if (strEQn(arg, "file:", 5)) {
+ mc->pphrase_dialog_type = SSL_PPTYPE_FILE;
+ mc->pphrase_dialog_path = ap_server_root_relative(cmd->pool, arg+5);
+ } else {
+ mc->pphrase_dialog_type = SSL_PPTYPE_DEFER;
+ mc->pphrase_dialog_path = ap_server_root_relative(cmd->pool, arg+6);
+ }
if (!mc->pphrase_dialog_path)
return apr_pstrcat(cmd->pool,
"Invalid NSSPassPhraseDialog file: path ",
@@ -631,6 +637,10 @@ const char *nss_cmd_NSSRandomSeed(cmd_parms *cmd,
seed->nSrc = SSL_RSSRC_EXEC;
seed->cpPath = ap_server_root_relative(mc->pPool, arg2+5);
}
+ else if ((arg2len > 6) && strEQn(arg2, "defer:", 6)) {
+ seed->nSrc = SSL_RSSRC_FILE;
+ seed->cpPath = ap_server_root_relative(mc->pPool, arg2+5);
+ }
else if (strcEQ(arg2, "builtin")) {
seed->nSrc = SSL_RSSRC_BUILTIN;
seed->cpPath = NULL;
diff --git a/nss_engine_pphrase.c b/nss_engine_pphrase.c
index c835d03..8ba489a 100644
--- a/nss_engine_pphrase.c
+++ b/nss_engine_pphrase.c
@@ -74,6 +74,15 @@ SECStatus nss_Init_Tokens(server_rec *s)
continue;
}
+ if (parg->mc->pphrase_dialog_type == SSL_PPTYPE_DEFER) {
+ char * passwd = nss_get_password(stdin, stdout, slot, nss_check_password, parg);
+ if (passwd == NULL) {
+ PK11_FreeSlot(slot);
+ continue;
+ }
+ free(passwd);
+ }
+
ret = PK11_Authenticate(slot, PR_TRUE, parg);
if (SECSuccess != ret) {
status = SECFailure;
@@ -209,7 +218,8 @@ static char *nss_get_password(FILE *input, FILE *output,
token_name = PK11_GetTokenName(slot);
- if (parg->mc->pphrase_dialog_type == SSL_PPTYPE_FILE) {
+ if (parg->mc->pphrase_dialog_type == SSL_PPTYPE_FILE ||
+ parg->mc->pphrase_dialog_type == SSL_PPTYPE_DEFER) {
/* Try to get the passwords from the password file if it exists.
* THIS IS UNSAFE and is provided for convenience only. Without this
* capability the server would have to be started in foreground mode.
@@ -235,6 +245,14 @@ static char *nss_get_password(FILE *input, FILE *output,
}
}
+ /* For SSL_PPTYPE_DEFER we only want to authenticate passwords found
+ * in the password file.
+ */
+ if ((parg->mc->pphrase_dialog_type == SSL_PPTYPE_DEFER) &&
+ (pwdstr == NULL)) {
+ return NULL;
+ }
+
/* This purposely comes after the file check because that is more
* authoritative.
*/
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-fedora-ds/libapache2-mod-nss.git
More information about the Pkg-fedora-ds-maintainers
mailing list