mturk 2005/06/07 02:13:22 Modified: jni/native/include ssl_private.h jni/native/src sslcontext.c sslutils.c Log: Remove all pass: and exec: pipe handling. This is not the responsibility of native, but rather the Java that uses the API. Higher level API has to provide a way to obtain a valid password if needed. Revision Changes Path 1.17 +1 -4 jakarta-tomcat-connectors/jni/native/include/ssl_private.h Index: ssl_private.h =================================================================== RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- ssl_private.h 7 Jun 2005 08:15:32 -0000 1.16 +++ ssl_private.h 7 Jun 2005 09:13:22 -0000 1.17 @@ -131,11 +131,8 @@ typedef struct { char password[SSL_MAX_PASSWORD_LEN]; - const char *pass; const char *prompt; tcn_ssl_ctxt_t *ctx; - apr_file_t *wrtty; - apr_file_t *rdtty; } tcn_pass_cb_t; struct tcn_ssl_ctxt_t { 1.25 +6 -3 jakarta-tomcat-connectors/jni/native/src/sslcontext.c Index: sslcontext.c =================================================================== RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslcontext.c,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- sslcontext.c 7 Jun 2005 09:01:00 -0000 1.24 +++ sslcontext.c 7 Jun 2005 09:13:22 -0000 1.25 @@ -468,6 +468,7 @@ jboolean rv = JNI_TRUE; TCN_ALLOC_CSTRING(cert); TCN_ALLOC_CSTRING(key); + TCN_ALLOC_CSTRING(password); const char *key_file, *cert_file; char err[256]; @@ -479,8 +480,10 @@ rv = JNI_FALSE; goto cleanup; } - if (password) - c->password.pass = tcn_pstrdup(e, password, c->pool); + if (J2S(password)) { + strncpy(c->password.password, J2S(password), SSL_MAX_PASSWORD_LEN); + c->password.password[SSL_MAX_PASSWORD_LEN-1] = '\0'; + } key_file = J2S(key); cert_file = J2S(cert); if (!key_file) 1.18 +3 -116 jakarta-tomcat-connectors/jni/native/src/sslutils.c Index: sslutils.c =================================================================== RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslutils.c,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- sslutils.c 7 Jun 2005 08:15:32 -0000 1.17 +++ sslutils.c 7 Jun 2005 09:13:22 -0000 1.18 @@ -73,92 +73,6 @@ return; } -/* - * Return APR_SUCCESS if the named file exists and is readable - */ -static apr_status_t exists_and_readable(const char *fname, apr_pool_t *pool, - apr_time_t *mtime) -{ - apr_status_t stat; - apr_finfo_t sbuf; - apr_file_t *fd; - - if ((stat = apr_stat(&sbuf, fname, APR_FINFO_MIN, pool)) != APR_SUCCESS) - return stat; - - if (sbuf.filetype != APR_REG) - return APR_EGENERAL; - - if ((stat = apr_file_open(&fd, fname, APR_READ, 0, pool)) != APR_SUCCESS) - return stat; - - if (mtime) { - *mtime = sbuf.mtime; - } - - apr_file_close(fd); - return APR_SUCCESS; -} - -static apr_status_t ssl_pipe_child_create(tcn_pass_cb_t *data, apr_pool_t *p, const char *progname) -{ - /* Child process code for 'ErrorLog "|..."'; - * may want a common framework for this, since I expect it will - * be common for other foo-loggers to want this sort of thing... - */ - apr_status_t rc; - apr_procattr_t *procattr; - apr_proc_t *procnew; - - if (((rc = apr_procattr_create(&procattr, p)) == APR_SUCCESS) && - ((rc = apr_procattr_io_set(procattr, - APR_FULL_BLOCK, - APR_FULL_BLOCK, - APR_NO_PIPE)) == APR_SUCCESS)) { - char **args; - const char *pname; - - apr_tokenize_to_argv(progname, &args, p); - pname = apr_pstrdup(p, args[0]); - procnew = (apr_proc_t *)apr_pcalloc(p, sizeof(*procnew)); - rc = apr_proc_create(procnew, pname, (const char * const *)args, - NULL, procattr, p); - if (rc == APR_SUCCESS) { - /* XXX: not sure if we aught to... - * apr_pool_note_subprocess(p, procnew, APR_KILL_AFTER_TIMEOUT); - */ - data->wrtty = procnew->in; - data->rdtty = procnew->out; - } - } - return rc; -} - -static int pipe_get_passwd_cb(tcn_pass_cb_t *data, char *buf, int length, - const char *prompt) -{ - apr_status_t rc; - char *p; - - apr_file_puts(prompt, data->wrtty); - - buf[0]='\0'; - rc = apr_file_gets(buf, length, data->rdtty); - apr_file_puts(APR_EOL_STR, data->wrtty); - - if (rc != APR_SUCCESS || apr_file_eof(data->rdtty)) { - memset(buf, 0, length); - return 1; /* failure */ - } - if ((p = strchr(buf, '\n')) != NULL) - *p = '\0'; -#ifdef WIN32 - if ((p = strchr(buf, '\r')) != NULL) - *p = '\0'; -#endif - return 0; -} - #define PROMPT_STRING "Enter password: " /* Simple echo password prompting */ int SSL_password_prompt(tcn_pass_cb_t *data) @@ -178,19 +92,11 @@ STARTUPINFO si; GetStartupInfo(&si); /* Display a new Console window */ - if (si.wShowWindow == 0) { - FreeConsole(); - AllocConsole(); - SetConsoleTitle("Enter password"); - } + if (si.wShowWindow == 0) + return 0; #endif des_read_pw_string(data->password, SSL_MAX_PASSWORD_LEN, data->prompt, 0); -#ifdef WIN32 - /* Destroy a new Console window */ - if (si.wShowWindow == 0) - FreeConsole(); -#endif rv = strlen(data->password); } if (rv > 0) { @@ -230,25 +136,6 @@ buf[bufsiz - 1] = '\0'; return strlen(buf); } - if (!cb_data->prompt) - cb_data->prompt = PROMPT_STRING; - if (cb_data->pass) { - if (strncmp(cb_data->pass, "pass:", 5) == 0) - strncpy(buf, cb_data->pass + 5, bufsiz); - else if (strncmp(cb_data->pass, "exec:", 5) == 0) { - apr_pool_t *p; - apr_pool_create(&p, cb_data->ctx->pool); - if (ssl_pipe_child_create(cb_data, p, - cb_data->pass + 5) == APR_SUCCESS) { - pipe_get_passwd_cb(cb_data, buf, bufsiz, cb_data->prompt); - } - apr_pool_destroy(p); - } - buf[bufsiz-1] = '\0'; - strncpy(cb_data->password, buf, SSL_MAX_PASSWORD_LEN); - cb_data->password[SSL_MAX_PASSWORD_LEN - 1] = '\0'; - return strlen(buf); - } else { if (SSL_password_prompt(cb_data) > 0) strncpy(buf, cb_data->password, bufsiz);
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]