/
sdb.c
2241 lines (2011 loc) · 66.8 KB
/
sdb.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* This file implements PKCS 11 on top of our existing security modules
*
* For more information about PKCS 11 See PKCS 11 Token Inteface Standard.
* This implementation has two slots:
* slot 1 is our generic crypto support. It does not require login.
* It supports Public Key ops, and all they bulk ciphers and hashes.
* It can also support Private Key ops for imported Private keys. It does
* not have any token storage.
* slot 2 is our private key support. It requires a login before use. It
* can store Private Keys and Certs as token objects. Currently only private
* keys and their associated Certificates are saved on the token.
*
* In this implementation, session objects are only visible to the session
* that created or generated them.
*/
#include "sdb.h"
#include "pkcs11t.h"
#include "seccomon.h"
#include <sqlite3.h>
#include "prthread.h"
#include "prio.h"
#include <stdio.h>
#include "secport.h"
#include "prmon.h"
#include "prenv.h"
#include "prprf.h"
#include "prsystem.h" /* for PR_GetDirectorySeparator() */
#include <sys/stat.h>
#if defined(_WIN32)
#include <io.h>
#include <windows.h>
#elif defined(XP_UNIX)
#include <unistd.h>
#endif
#if defined(LINUX) && !defined(ANDROID)
#include <linux/magic.h>
#include <sys/vfs.h>
#endif
#include "utilpars.h"
#ifdef SQLITE_UNSAFE_THREADS
#include "prlock.h"
/*
* SQLite can be compiled to be thread safe or not.
* turn on SQLITE_UNSAFE_THREADS if the OS does not support
* a thread safe version of sqlite.
*/
static PRLock *sqlite_lock = NULL;
#define LOCK_SQLITE() PR_Lock(sqlite_lock);
#define UNLOCK_SQLITE() PR_Unlock(sqlite_lock);
#else
#define LOCK_SQLITE()
#define UNLOCK_SQLITE()
#endif
typedef enum {
SDB_CERT = 1,
SDB_KEY = 2
} sdbDataType;
/*
* defines controlling how long we wait to acquire locks.
*
* SDB_SQLITE_BUSY_TIMEOUT specifies how long (in milliseconds)
* sqlite will wait on lock. If that timeout expires, sqlite will
* return SQLITE_BUSY.
* SDB_BUSY_RETRY_TIME specifies how many seconds the sdb_ code waits
* after receiving a busy before retrying.
* SDB_MAX_BUSY_RETRIES specifies how many times the sdb_ will retry on
* a busy condition.
*
* SDB_SQLITE_BUSY_TIMEOUT affects all opertions, both manual
* (prepare/step/reset/finalize) and automatic (sqlite3_exec()).
* SDB_BUSY_RETRY_TIME and SDB_MAX_BUSY_RETRIES only affect manual operations
*
* total wait time for automatic operations:
* 1 second (SDB_SQLITE_BUSY_TIMEOUT/1000).
* total wait time for manual operations:
* (1 second + 5 seconds) * 10 = 60 seconds.
* (SDB_SQLITE_BUSY_TIMEOUT/1000 + SDB_BUSY_RETRY_TIME)*SDB_MAX_BUSY_RETRIES
*/
#define SDB_SQLITE_BUSY_TIMEOUT 1000 /* milliseconds */
#define SDB_BUSY_RETRY_TIME 5 /* seconds */
#define SDB_MAX_BUSY_RETRIES 10
/*
* Note on use of sqlReadDB: Only one thread at a time may have an actual
* operation going on given sqlite3 * database. An operation is defined as
* the time from a sqlite3_prepare() until the sqlite3_finalize().
* Multiple sqlite3 * databases can be open and have simultaneous operations
* going. We use the sqlXactDB for all write operations. This database
* is only opened when we first create a transaction and closed when the
* transaction is complete. sqlReadDB is open when we first opened the database
* and is used for all read operation. It's use is protected by a monitor. This
* is because an operation can span the use of FindObjectsInit() through the
* call to FindObjectsFinal(). In the intermediate time it is possible to call
* other operations like NSC_GetAttributeValue */
struct SDBPrivateStr {
char *sqlDBName; /* invariant, path to this database */
sqlite3 *sqlXactDB; /* access protected by dbMon, use protected
* by the transaction. Current transaction db*/
PRThread *sqlXactThread; /* protected by dbMon,
* current transaction thread */
sqlite3 *sqlReadDB; /* use protected by dbMon, value invariant */
PRIntervalTime lastUpdateTime; /* last time the cache was updated */
PRIntervalTime updateInterval; /* how long the cache can go before it
* must be updated again */
sdbDataType type; /* invariant, database type */
char *table; /* invariant, SQL table which contains the db */
char *cacheTable; /* invariant, SQL table cache of db */
PRMonitor *dbMon; /* invariant, monitor to protect
* sqlXact* fields, and use of the sqlReadDB */
};
typedef struct SDBPrivateStr SDBPrivate;
/*
* known attributes
*/
static const CK_ATTRIBUTE_TYPE known_attributes[] = {
CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_LABEL, CKA_APPLICATION,
CKA_VALUE, CKA_OBJECT_ID, CKA_CERTIFICATE_TYPE, CKA_ISSUER,
CKA_SERIAL_NUMBER, CKA_AC_ISSUER, CKA_OWNER, CKA_ATTR_TYPES, CKA_TRUSTED,
CKA_CERTIFICATE_CATEGORY, CKA_JAVA_MIDP_SECURITY_DOMAIN, CKA_URL,
CKA_HASH_OF_SUBJECT_PUBLIC_KEY, CKA_HASH_OF_ISSUER_PUBLIC_KEY,
CKA_CHECK_VALUE, CKA_KEY_TYPE, CKA_SUBJECT, CKA_ID, CKA_SENSITIVE,
CKA_ENCRYPT, CKA_DECRYPT, CKA_WRAP, CKA_UNWRAP, CKA_SIGN, CKA_SIGN_RECOVER,
CKA_VERIFY, CKA_VERIFY_RECOVER, CKA_DERIVE, CKA_START_DATE, CKA_END_DATE,
CKA_MODULUS, CKA_MODULUS_BITS, CKA_PUBLIC_EXPONENT, CKA_PRIVATE_EXPONENT,
CKA_PRIME_1, CKA_PRIME_2, CKA_EXPONENT_1, CKA_EXPONENT_2, CKA_COEFFICIENT,
CKA_PRIME, CKA_SUBPRIME, CKA_BASE, CKA_PRIME_BITS,
CKA_SUB_PRIME_BITS, CKA_VALUE_BITS, CKA_VALUE_LEN, CKA_EXTRACTABLE,
CKA_LOCAL, CKA_NEVER_EXTRACTABLE, CKA_ALWAYS_SENSITIVE,
CKA_KEY_GEN_MECHANISM, CKA_MODIFIABLE, CKA_EC_PARAMS,
CKA_EC_POINT, CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
CKA_ALWAYS_AUTHENTICATE, CKA_WRAP_WITH_TRUSTED, CKA_WRAP_TEMPLATE,
CKA_UNWRAP_TEMPLATE, CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT,
CKA_HAS_RESET, CKA_PIXEL_X, CKA_PIXEL_Y, CKA_RESOLUTION, CKA_CHAR_ROWS,
CKA_CHAR_COLUMNS, CKA_COLOR, CKA_BITS_PER_PIXEL, CKA_CHAR_SETS,
CKA_ENCODING_METHODS, CKA_MIME_TYPES, CKA_MECHANISM_TYPE,
CKA_REQUIRED_CMS_ATTRIBUTES, CKA_DEFAULT_CMS_ATTRIBUTES,
CKA_SUPPORTED_CMS_ATTRIBUTES, CKA_NETSCAPE_URL, CKA_NETSCAPE_EMAIL,
CKA_NETSCAPE_SMIME_INFO, CKA_NETSCAPE_SMIME_TIMESTAMP,
CKA_NETSCAPE_PKCS8_SALT, CKA_NETSCAPE_PASSWORD_CHECK, CKA_NETSCAPE_EXPIRES,
CKA_NETSCAPE_KRL, CKA_NETSCAPE_PQG_COUNTER, CKA_NETSCAPE_PQG_SEED,
CKA_NETSCAPE_PQG_H, CKA_NETSCAPE_PQG_SEED_BITS, CKA_NETSCAPE_MODULE_SPEC,
CKA_TRUST_DIGITAL_SIGNATURE, CKA_TRUST_NON_REPUDIATION,
CKA_TRUST_KEY_ENCIPHERMENT, CKA_TRUST_DATA_ENCIPHERMENT,
CKA_TRUST_KEY_AGREEMENT, CKA_TRUST_KEY_CERT_SIGN, CKA_TRUST_CRL_SIGN,
CKA_TRUST_SERVER_AUTH, CKA_TRUST_CLIENT_AUTH, CKA_TRUST_CODE_SIGNING,
CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_IPSEC_END_SYSTEM,
CKA_TRUST_IPSEC_TUNNEL, CKA_TRUST_IPSEC_USER, CKA_TRUST_TIME_STAMPING,
CKA_TRUST_STEP_UP_APPROVED, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH,
CKA_NETSCAPE_DB, CKA_NETSCAPE_TRUST, CKA_NSS_OVERRIDE_EXTENSIONS,
CKA_PUBLIC_KEY_INFO, CKA_NSS_SERVER_DISTRUST_AFTER, CKA_NSS_EMAIL_DISTRUST_AFTER
};
static int known_attributes_size = sizeof(known_attributes) /
sizeof(known_attributes[0]);
/* Magic for an explicit NULL. NOTE: ideally this should be
* out of band data. Since it's not completely out of band, pick
* a value that has no meaning to any existing PKCS #11 attributes.
* This value is 1) not a valid string (imbedded '\0'). 2) not a U_LONG
* or a normal key (too short). 3) not a bool (too long). 4) not an RSA
* public exponent (too many bits).
*/
const unsigned char SQLITE_EXPLICIT_NULL[] = { 0xa5, 0x0, 0x5a };
#define SQLITE_EXPLICIT_NULL_LEN 3
/*
* determine when we've completed our tasks
*/
static int
sdb_done(int err, int *count)
{
/* allow as many rows as the database wants to give */
if (err == SQLITE_ROW) {
*count = 0;
return 0;
}
if (err != SQLITE_BUSY) {
return 1;
}
/* err == SQLITE_BUSY, Dont' retry forever in this case */
if (++(*count) >= SDB_MAX_BUSY_RETRIES) {
return 1;
}
return 0;
}
#if defined(_WIN32)
/*
* NSPR functions and narrow CRT functions do not handle UTF-8 file paths that
* sqlite3 expects.
*/
static int
sdb_chmod(const char *filename, int pmode)
{
int result;
if (!filename) {
return -1;
}
wchar_t *filenameWide = _NSSUTIL_UTF8ToWide(filename);
if (!filenameWide) {
return -1;
}
result = _wchmod(filenameWide, pmode);
PORT_Free(filenameWide);
return result;
}
#else
#define sdb_chmod(filename, pmode) chmod((filename), (pmode))
#endif
/*
* find out where sqlite stores the temp tables. We do this by replicating
* the logic from sqlite.
*/
#if defined(_WIN32)
static char *
sdb_getFallbackTempDir(void)
{
/* sqlite uses sqlite3_temp_directory if it is not NULL. We don't have
* access to sqlite3_temp_directory because it is not exported from
* sqlite3.dll. Assume sqlite3_win32_set_directory isn't called and
* sqlite3_temp_directory is NULL.
*/
char path[MAX_PATH];
DWORD rv;
size_t len;
rv = GetTempPathA(MAX_PATH, path);
if (rv > MAX_PATH || rv == 0)
return NULL;
len = strlen(path);
if (len == 0)
return NULL;
/* The returned string ends with a backslash, for example, "C:\TEMP\". */
if (path[len - 1] == '\\')
path[len - 1] = '\0';
return PORT_Strdup(path);
}
#elif defined(XP_UNIX)
static char *
sdb_getFallbackTempDir(void)
{
const char *azDirs[] = {
NULL,
NULL,
"/var/tmp",
"/usr/tmp",
"/tmp",
NULL /* List terminator */
};
unsigned int i;
struct stat buf;
const char *zDir = NULL;
azDirs[0] = sqlite3_temp_directory;
azDirs[1] = PR_GetEnvSecure("TMPDIR");
for (i = 0; i < PR_ARRAY_SIZE(azDirs); i++) {
zDir = azDirs[i];
if (zDir == NULL)
continue;
if (stat(zDir, &buf))
continue;
if (!S_ISDIR(buf.st_mode))
continue;
if (access(zDir, 07))
continue;
break;
}
if (zDir == NULL)
return NULL;
return PORT_Strdup(zDir);
}
#else
#error "sdb_getFallbackTempDir not implemented"
#endif
#ifndef SQLITE_FCNTL_TEMPFILENAME
/* SQLITE_FCNTL_TEMPFILENAME was added in SQLite 3.7.15 */
#define SQLITE_FCNTL_TEMPFILENAME 16
#endif
static char *
sdb_getTempDir(sqlite3 *sqlDB)
{
int sqlrv;
char *result = NULL;
char *tempName = NULL;
char *foundSeparator = NULL;
/* Obtain temporary filename in sqlite's directory for temporary tables */
sqlrv = sqlite3_file_control(sqlDB, 0, SQLITE_FCNTL_TEMPFILENAME,
(void *)&tempName);
if (sqlrv == SQLITE_NOTFOUND) {
/* SQLITE_FCNTL_TEMPFILENAME not implemented because we are using
* an older SQLite. */
return sdb_getFallbackTempDir();
}
if (sqlrv != SQLITE_OK) {
return NULL;
}
/* We'll extract the temporary directory from tempName */
foundSeparator = PORT_Strrchr(tempName, PR_GetDirectorySeparator());
if (foundSeparator) {
/* We shorten the temp filename string to contain only
* the directory name (including the trailing separator).
* We know the byte after the foundSeparator position is
* safe to use, in the shortest scenario it contains the
* end-of-string byte.
* By keeping the separator at the found position, it will
* even work if tempDir consists of the separator, only.
* (In this case the toplevel directory will be used for
* access speed testing). */
++foundSeparator;
*foundSeparator = 0;
/* Now we copy the directory name for our caller */
result = PORT_Strdup(tempName);
}
sqlite3_free(tempName);
return result;
}
/*
* Map SQL_LITE errors to PKCS #11 errors as best we can.
*/
static CK_RV
sdb_mapSQLError(sdbDataType type, int sqlerr)
{
switch (sqlerr) {
/* good matches */
case SQLITE_OK:
case SQLITE_DONE:
return CKR_OK;
case SQLITE_NOMEM:
return CKR_HOST_MEMORY;
case SQLITE_READONLY:
return CKR_TOKEN_WRITE_PROTECTED;
/* close matches */
case SQLITE_AUTH:
case SQLITE_PERM:
/*return CKR_USER_NOT_LOGGED_IN; */
case SQLITE_CANTOPEN:
case SQLITE_NOTFOUND:
/* NSS distiguishes between failure to open the cert and the key db */
return type == SDB_CERT ? CKR_NETSCAPE_CERTDB_FAILED : CKR_NETSCAPE_KEYDB_FAILED;
case SQLITE_IOERR:
return CKR_DEVICE_ERROR;
default:
break;
}
return CKR_GENERAL_ERROR;
}
/*
* build up database name from a directory, prefix, name, version and flags.
*/
static char *
sdb_BuildFileName(const char *directory,
const char *prefix, const char *type,
int version)
{
char *dbname = NULL;
/* build the full dbname */
dbname = sqlite3_mprintf("%s%c%s%s%d.db", directory,
(int)(unsigned char)PR_GetDirectorySeparator(),
prefix, type, version);
return dbname;
}
/*
* find out how expensive the access system call is for non-existant files
* in the given directory. Return the number of operations done in 33 ms.
*/
static PRUint32
sdb_measureAccess(const char *directory)
{
PRUint32 i;
PRIntervalTime time;
PRIntervalTime delta;
PRIntervalTime duration = PR_MillisecondsToInterval(33);
const char *doesntExistName = "_dOeSnotExist_.db";
char *temp, *tempStartOfFilename;
size_t maxTempLen, maxFileNameLen, directoryLength;
/* no directory, just return one */
if (directory == NULL) {
return 1;
}
/* our calculation assumes time is a 4 bytes == 32 bit integer */
PORT_Assert(sizeof(time) == 4);
directoryLength = strlen(directory);
maxTempLen = directoryLength + strlen(doesntExistName) + 1 /* potential additional separator char */
+ 11 /* max chars for 32 bit int plus potential sign */
+ 1; /* zero terminator */
temp = PORT_Alloc(maxTempLen);
if (!temp) {
return 1;
}
/* We'll copy directory into temp just once, then ensure it ends
* with the directory separator, then remember the position after
* the separator, and calculate the number of remaining bytes. */
strcpy(temp, directory);
if (directory[directoryLength - 1] != PR_GetDirectorySeparator()) {
temp[directoryLength++] = PR_GetDirectorySeparator();
}
tempStartOfFilename = temp + directoryLength;
maxFileNameLen = maxTempLen - directoryLength;
/* measure number of Access operations that can be done in 33 milliseconds
* (1/30'th of a second), or 10000 operations, which ever comes first.
*/
time = PR_IntervalNow();
for (i = 0; i < 10000u; i++) {
PRIntervalTime next;
/* We'll use the variable part first in the filename string, just in
* case it's longer than assumed, so if anything gets cut off, it
* will be cut off from the constant part.
* This code assumes the directory name at the beginning of
* temp remains unchanged during our loop. */
PR_snprintf(tempStartOfFilename, maxFileNameLen,
".%lu%s", (PRUint32)(time + i), doesntExistName);
PR_Access(temp, PR_ACCESS_EXISTS);
next = PR_IntervalNow();
delta = next - time;
if (delta >= duration)
break;
}
PORT_Free(temp);
/* always return 1 or greater */
return i ? i : 1u;
}
/*
* some file sytems are very slow to run sqlite3 on, particularly if the
* access count is pretty high. On these filesystems is faster to create
* a temporary database on the local filesystem and access that. This
* code uses a temporary table to create that cache. Temp tables are
* automatically cleared when the database handle it was created on
* Is freed.
*/
static const char DROP_CACHE_CMD[] = "DROP TABLE %s";
static const char CREATE_CACHE_CMD[] =
"CREATE TEMPORARY TABLE %s AS SELECT * FROM %s";
static const char CREATE_ISSUER_INDEX_CMD[] =
"CREATE INDEX issuer ON %s (a81)";
static const char CREATE_SUBJECT_INDEX_CMD[] =
"CREATE INDEX subject ON %s (a101)";
static const char CREATE_LABEL_INDEX_CMD[] = "CREATE INDEX label ON %s (a3)";
static const char CREATE_ID_INDEX_CMD[] = "CREATE INDEX ckaid ON %s (a102)";
static CK_RV
sdb_buildCache(sqlite3 *sqlDB, sdbDataType type,
const char *cacheTable, const char *table)
{
char *newStr;
int sqlerr = SQLITE_OK;
newStr = sqlite3_mprintf(CREATE_CACHE_CMD, cacheTable, table);
if (newStr == NULL) {
return CKR_HOST_MEMORY;
}
sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
sqlite3_free(newStr);
if (sqlerr != SQLITE_OK) {
return sdb_mapSQLError(type, sqlerr);
}
/* failure to create the indexes is not an issue */
newStr = sqlite3_mprintf(CREATE_ISSUER_INDEX_CMD, cacheTable);
if (newStr == NULL) {
return CKR_OK;
}
sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
sqlite3_free(newStr);
newStr = sqlite3_mprintf(CREATE_SUBJECT_INDEX_CMD, cacheTable);
if (newStr == NULL) {
return CKR_OK;
}
sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
sqlite3_free(newStr);
newStr = sqlite3_mprintf(CREATE_LABEL_INDEX_CMD, cacheTable);
if (newStr == NULL) {
return CKR_OK;
}
sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
sqlite3_free(newStr);
newStr = sqlite3_mprintf(CREATE_ID_INDEX_CMD, cacheTable);
if (newStr == NULL) {
return CKR_OK;
}
sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
sqlite3_free(newStr);
return CKR_OK;
}
/*
* update the cache and the data records describing it.
* The cache is updated by dropping the temp database and recreating it.
*/
static CK_RV
sdb_updateCache(SDBPrivate *sdb_p)
{
int sqlerr = SQLITE_OK;
CK_RV error = CKR_OK;
char *newStr;
/* drop the old table */
newStr = sqlite3_mprintf(DROP_CACHE_CMD, sdb_p->cacheTable);
if (newStr == NULL) {
return CKR_HOST_MEMORY;
}
sqlerr = sqlite3_exec(sdb_p->sqlReadDB, newStr, NULL, 0, NULL);
sqlite3_free(newStr);
if ((sqlerr != SQLITE_OK) && (sqlerr != SQLITE_ERROR)) {
/* something went wrong with the drop, don't try to refresh...
* NOTE: SQLITE_ERROR is returned if the table doesn't exist. In
* that case, we just continue on and try to reload it */
return sdb_mapSQLError(sdb_p->type, sqlerr);
}
/* set up the new table */
error = sdb_buildCache(sdb_p->sqlReadDB, sdb_p->type,
sdb_p->cacheTable, sdb_p->table);
if (error == CKR_OK) {
/* we have a new cache! */
sdb_p->lastUpdateTime = PR_IntervalNow();
}
return error;
}
/*
* The sharing of sqlite3 handles across threads is tricky. Older versions
* couldn't at all, but newer ones can under strict conditions. Basically
* no 2 threads can use the same handle while another thread has an open
* stmt running. Once the sqlite3_stmt is finalized, another thread can then
* use the database handle.
*
* We use monitors to protect against trying to use a database before
* it's sqlite3_stmt is finalized. This is preferable to the opening and
* closing the database each operation because there is significant overhead
* in the open and close. Also continually opening and closing the database
* defeats the cache code as the cache table is lost on close (thus
* requiring us to have to reinitialize the cache every operation).
*
* An execption to the shared handle is transations. All writes happen
* through a transaction. When we are in a transaction, we must use the
* same database pointer for that entire transation. In this case we save
* the transaction database and use it for all accesses on the transaction
* thread. Other threads use the common database.
*
* There can only be once active transaction on the database at a time.
*
* sdb_openDBLocal() provides us with a valid database handle for whatever
* state we are in (reading or in a transaction), and acquires any locks
* appropriate to that state. It also decides when it's time to refresh
* the cache before we start an operation. Any database handle returned
* just eventually be closed with sdb_closeDBLocal().
*
* The table returned either points to the database's physical table, or
* to the cached shadow. Tranactions always return the physical table
* and read operations return either the physical table or the cache
* depending on whether or not the cache exists.
*/
static CK_RV
sdb_openDBLocal(SDBPrivate *sdb_p, sqlite3 **sqlDB, const char **table)
{
*sqlDB = NULL;
PR_EnterMonitor(sdb_p->dbMon);
if (table) {
*table = sdb_p->table;
}
/* We're in a transaction, use the transaction DB */
if ((sdb_p->sqlXactDB) && (sdb_p->sqlXactThread == PR_GetCurrentThread())) {
*sqlDB = sdb_p->sqlXactDB;
/* only one thread can get here, safe to unlock */
PR_ExitMonitor(sdb_p->dbMon);
return CKR_OK;
}
/*
* if we are just reading from the table, we may have the table
* cached in a temporary table (especially if it's on a shared FS).
* In that case we want to see updates to the table, the the granularity
* is on order of human scale, not computer scale.
*/
if (table && sdb_p->cacheTable) {
PRIntervalTime now = PR_IntervalNow();
if ((now - sdb_p->lastUpdateTime) > sdb_p->updateInterval) {
sdb_updateCache(sdb_p);
}
*table = sdb_p->cacheTable;
}
*sqlDB = sdb_p->sqlReadDB;
/* leave holding the lock. only one thread can actually use a given
* database connection at once */
return CKR_OK;
}
/* closing the local database currenly means unlocking the monitor */
static CK_RV
sdb_closeDBLocal(SDBPrivate *sdb_p, sqlite3 *sqlDB)
{
if (sdb_p->sqlXactDB != sqlDB) {
/* if we weren't in a transaction, we got a lock */
PR_ExitMonitor(sdb_p->dbMon);
}
return CKR_OK;
}
/*
* wrapper to sqlite3_open which also sets the busy_timeout
*/
static int
sdb_openDB(const char *name, sqlite3 **sqlDB, int flags)
{
int sqlerr;
int openFlags;
*sqlDB = NULL;
if (flags & SDB_RDONLY) {
openFlags = SQLITE_OPEN_READONLY;
} else {
openFlags = SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE;
}
/* Requires SQLite 3.5.0 or newer. */
sqlerr = sqlite3_open_v2(name, sqlDB, openFlags, NULL);
if (sqlerr != SQLITE_OK) {
return sqlerr;
}
sqlerr = sqlite3_busy_timeout(*sqlDB, SDB_SQLITE_BUSY_TIMEOUT);
if (sqlerr != SQLITE_OK) {
sqlite3_close(*sqlDB);
*sqlDB = NULL;
return sqlerr;
}
return SQLITE_OK;
}
/* Sigh, if we created a new table since we opened the database,
* the database handle will not see the new table, we need to close this
* database and reopen it. Caller must be in a transaction or holding
* the dbMon. sqlDB is changed on success. */
static int
sdb_reopenDBLocal(SDBPrivate *sdb_p, sqlite3 **sqlDB)
{
sqlite3 *newDB;
int sqlerr;
/* open a new database */
sqlerr = sdb_openDB(sdb_p->sqlDBName, &newDB, SDB_RDONLY);
if (sqlerr != SQLITE_OK) {
return sqlerr;
}
/* if we are in a transaction, we may not be holding the monitor.
* grab it before we update the transaction database. This is
* safe since are using monitors. */
PR_EnterMonitor(sdb_p->dbMon);
/* update our view of the database */
if (sdb_p->sqlReadDB == *sqlDB) {
sdb_p->sqlReadDB = newDB;
} else if (sdb_p->sqlXactDB == *sqlDB) {
sdb_p->sqlXactDB = newDB;
}
PR_ExitMonitor(sdb_p->dbMon);
/* close the old one */
sqlite3_close(*sqlDB);
*sqlDB = newDB;
return SQLITE_OK;
}
struct SDBFindStr {
sqlite3 *sqlDB;
sqlite3_stmt *findstmt;
};
static const char FIND_OBJECTS_CMD[] = "SELECT ALL id FROM %s WHERE %s;";
static const char FIND_OBJECTS_ALL_CMD[] = "SELECT ALL id FROM %s;";
CK_RV
sdb_FindObjectsInit(SDB *sdb, const CK_ATTRIBUTE *template, CK_ULONG count,
SDBFind **find)
{
SDBPrivate *sdb_p = sdb->private;
sqlite3 *sqlDB = NULL;
const char *table;
char *newStr, *findStr = NULL;
sqlite3_stmt *findstmt = NULL;
char *join = "";
int sqlerr = SQLITE_OK;
CK_RV error = CKR_OK;
unsigned int i;
LOCK_SQLITE()
*find = NULL;
error = sdb_openDBLocal(sdb_p, &sqlDB, &table);
if (error != CKR_OK) {
goto loser;
}
findStr = sqlite3_mprintf("");
for (i = 0; findStr && i < count; i++) {
newStr = sqlite3_mprintf("%s%sa%x=$DATA%d", findStr, join,
template[i].type, i);
join = " AND ";
sqlite3_free(findStr);
findStr = newStr;
}
if (findStr == NULL) {
error = CKR_HOST_MEMORY;
goto loser;
}
if (count == 0) {
newStr = sqlite3_mprintf(FIND_OBJECTS_ALL_CMD, table);
} else {
newStr = sqlite3_mprintf(FIND_OBJECTS_CMD, table, findStr);
}
sqlite3_free(findStr);
if (newStr == NULL) {
error = CKR_HOST_MEMORY;
goto loser;
}
sqlerr = sqlite3_prepare_v2(sqlDB, newStr, -1, &findstmt, NULL);
sqlite3_free(newStr);
for (i = 0; sqlerr == SQLITE_OK && i < count; i++) {
const void *blobData = template[i].pValue;
unsigned int blobSize = template[i].ulValueLen;
if (blobSize == 0) {
blobSize = SQLITE_EXPLICIT_NULL_LEN;
blobData = SQLITE_EXPLICIT_NULL;
}
sqlerr = sqlite3_bind_blob(findstmt, i + 1, blobData, blobSize,
SQLITE_TRANSIENT);
}
if (sqlerr == SQLITE_OK) {
*find = PORT_New(SDBFind);
if (*find == NULL) {
error = CKR_HOST_MEMORY;
goto loser;
}
(*find)->findstmt = findstmt;
(*find)->sqlDB = sqlDB;
UNLOCK_SQLITE()
return CKR_OK;
}
error = sdb_mapSQLError(sdb_p->type, sqlerr);
loser:
if (findstmt) {
sqlite3_reset(findstmt);
sqlite3_finalize(findstmt);
}
if (sqlDB) {
sdb_closeDBLocal(sdb_p, sqlDB);
}
UNLOCK_SQLITE()
return error;
}
CK_RV
sdb_FindObjects(SDB *sdb, SDBFind *sdbFind, CK_OBJECT_HANDLE *object,
CK_ULONG arraySize, CK_ULONG *count)
{
SDBPrivate *sdb_p = sdb->private;
sqlite3_stmt *stmt = sdbFind->findstmt;
int sqlerr = SQLITE_OK;
int retry = 0;
*count = 0;
if (arraySize == 0) {
return CKR_OK;
}
LOCK_SQLITE()
do {
sqlerr = sqlite3_step(stmt);
if (sqlerr == SQLITE_BUSY) {
PR_Sleep(SDB_BUSY_RETRY_TIME);
}
if (sqlerr == SQLITE_ROW) {
/* only care about the id */
*object++ = sqlite3_column_int(stmt, 0);
arraySize--;
(*count)++;
}
} while (!sdb_done(sqlerr, &retry) && (arraySize > 0));
/* we only have some of the objects, there is probably more,
* set the sqlerr to an OK value so we return CKR_OK */
if (sqlerr == SQLITE_ROW && arraySize == 0) {
sqlerr = SQLITE_DONE;
}
UNLOCK_SQLITE()
return sdb_mapSQLError(sdb_p->type, sqlerr);
}
CK_RV
sdb_FindObjectsFinal(SDB *sdb, SDBFind *sdbFind)
{
SDBPrivate *sdb_p = sdb->private;
sqlite3_stmt *stmt = sdbFind->findstmt;
sqlite3 *sqlDB = sdbFind->sqlDB;
int sqlerr = SQLITE_OK;
LOCK_SQLITE()
if (stmt) {
sqlite3_reset(stmt);
sqlerr = sqlite3_finalize(stmt);
}
if (sqlDB) {
sdb_closeDBLocal(sdb_p, sqlDB);
}
PORT_Free(sdbFind);
UNLOCK_SQLITE()
return sdb_mapSQLError(sdb_p->type, sqlerr);
}
CK_RV
sdb_GetAttributeValueNoLock(SDB *sdb, CK_OBJECT_HANDLE object_id,
CK_ATTRIBUTE *template, CK_ULONG count)
{
SDBPrivate *sdb_p = sdb->private;
sqlite3 *sqlDB = NULL;
sqlite3_stmt *stmt = NULL;
const char *table = NULL;
int sqlerr = SQLITE_OK;
CK_RV error = CKR_OK;
int found = 0;
int retry = 0;
unsigned int i;
if (count == 0) {
error = CKR_OBJECT_HANDLE_INVALID;
goto loser;
}
/* open a new db if necessary */
error = sdb_openDBLocal(sdb_p, &sqlDB, &table);
if (error != CKR_OK) {
goto loser;
}
char *columns = NULL;
for (i = 0; i < count; i++) {
char *newColumns;
if (columns) {
newColumns = sqlite3_mprintf("%s, a%x", columns, template[i].type);
sqlite3_free(columns);
columns = NULL;
} else {
newColumns = sqlite3_mprintf("a%x", template[i].type);
}
if (!newColumns) {
error = CKR_HOST_MEMORY;
goto loser;
}
columns = newColumns;
}
PORT_Assert(columns);
char *statement = sqlite3_mprintf("SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;",
columns, table);
sqlite3_free(columns);
columns = NULL;
if (!statement) {
error = CKR_HOST_MEMORY;
goto loser;
}
sqlerr = sqlite3_prepare_v2(sqlDB, statement, -1, &stmt, NULL);
sqlite3_free(statement);
statement = NULL;
if (sqlerr != SQLITE_OK) {
goto loser;
}
// NB: indices in sqlite3_bind_int are 1-indexed
sqlerr = sqlite3_bind_int(stmt, 1, object_id);
if (sqlerr != SQLITE_OK) {
goto loser;
}
do {
sqlerr = sqlite3_step(stmt);
if (sqlerr == SQLITE_BUSY) {
PR_Sleep(SDB_BUSY_RETRY_TIME);
}
if (sqlerr == SQLITE_ROW) {
PORT_Assert(!found);
for (i = 0; i < count; i++) {
unsigned int blobSize;
const char *blobData;
// NB: indices in sqlite_column_{bytes,blob} are 0-indexed
blobSize = sqlite3_column_bytes(stmt, i);
blobData = sqlite3_column_blob(stmt, i);
if (blobData == NULL) {
/* PKCS 11 requires that get attributes process all the
* attributes in the template, marking the attributes with
* issues with -1. Mark the error but continue */
template[i].ulValueLen = -1;
error = CKR_ATTRIBUTE_TYPE_INVALID;
continue;
}
/* If the blob equals our explicit NULL value, then the
* attribute is a NULL. */
if ((blobSize == SQLITE_EXPLICIT_NULL_LEN) &&
(PORT_Memcmp(blobData, SQLITE_EXPLICIT_NULL,
SQLITE_EXPLICIT_NULL_LEN) == 0)) {
blobSize = 0;
}
if (template[i].pValue) {
if (template[i].ulValueLen < blobSize) {
/* like CKR_ATTRIBUTE_TYPE_INVALID, continue processing */
template[i].ulValueLen = -1;
error = CKR_BUFFER_TOO_SMALL;
continue;
}
PORT_Memcpy(template[i].pValue, blobData, blobSize);
}
template[i].ulValueLen = blobSize;
}
found = 1;
}
} while (!sdb_done(sqlerr, &retry));
sqlite3_reset(stmt);
sqlite3_finalize(stmt);
stmt = NULL;
loser:
/* fix up the error if necessary */
if (error == CKR_OK) {
error = sdb_mapSQLError(sdb_p->type, sqlerr);
if (!found && error == CKR_OK) {
error = CKR_OBJECT_HANDLE_INVALID;
}
}
if (stmt) {
sqlite3_reset(stmt);
sqlite3_finalize(stmt);
}
/* if we had to open a new database, free it now */
if (sqlDB) {
sdb_closeDBLocal(sdb_p, sqlDB);
}
return error;
}
CK_RV
sdb_GetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE object_id,
CK_ATTRIBUTE *template, CK_ULONG count)
{
CK_RV crv;