80e1b8a6607e6f92d44a76c379276ea31709884b
[dragonfly.git] / crypto / openssl / apps / srp.c
1 /* apps/srp.c */
2 /* Written by Peter Sylvester (peter.sylvester@edelweb.fr)  
3  * for the EdelKey project and contributed to the OpenSSL project 2004.
4  */
5 /* ====================================================================
6  * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer. 
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in
17  *    the documentation and/or other materials provided with the
18  *    distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  *    software must display the following acknowledgment:
22  *    "This product includes software developed by the OpenSSL Project
23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  *    endorse or promote products derived from this software without
27  *    prior written permission. For written permission, please contact
28  *    licensing@OpenSSL.org.
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  *    nor may "OpenSSL" appear in their names without prior written
32  *    permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  *    acknowledgment:
36  *    "This product includes software developed by the OpenSSL Project
37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  *
53  * This product includes cryptographic software written by Eric Young
54  * (eay@cryptsoft.com).  This product includes software written by Tim
55  * Hudson (tjh@cryptsoft.com).
56  *
57  */
58 #include <openssl/opensslconf.h>
59
60 #ifndef OPENSSL_NO_SRP
61 #include <stdio.h>
62 #include <stdlib.h>
63 #include <string.h>
64 #include <openssl/conf.h>
65 #include <openssl/bio.h>
66 #include <openssl/err.h>
67 #include <openssl/txt_db.h>
68 #include <openssl/buffer.h>
69 #include <openssl/srp.h>
70
71 #include "apps.h"
72
73 #undef PROG
74 #define PROG srp_main
75
76 #define BASE_SECTION    "srp"
77 #define CONFIG_FILE "openssl.cnf"
78
79 #define ENV_RANDFILE            "RANDFILE"
80
81 #define ENV_DATABASE            "srpvfile"
82 #define ENV_DEFAULT_SRP         "default_srp"
83
84 static char *srp_usage[]={
85 "usage: srp [args] [user] \n",
86 "\n",
87 " -verbose        Talk alot while doing things\n",
88 " -config file    A config file\n",
89 " -name arg       The particular srp definition to use\n",
90 " -srpvfile arg   The srp verifier file name\n",
91 " -add            add an user and srp verifier\n",
92 " -modify         modify the srp verifier of an existing user\n",
93 " -delete         delete user from verifier file\n",
94 " -list           list user\n",
95 " -gn arg         g and N values to be used for new verifier\n",
96 " -userinfo arg   additional info to be set for user\n",
97 " -passin arg     input file pass phrase source\n",
98 " -passout arg    output file pass phrase source\n",
99 #ifndef OPENSSL_NO_ENGINE
100 " -engine e         - use engine e, possibly a hardware device.\n",
101 #endif
102 NULL
103 };
104
105 #ifdef EFENCE
106 extern int EF_PROTECT_FREE;
107 extern int EF_PROTECT_BELOW;
108 extern int EF_ALIGNMENT;
109 #endif
110
111 static CONF *conf=NULL;
112 static char *section=NULL;
113
114 #define VERBOSE if (verbose) 
115 #define VVERBOSE if (verbose>1) 
116
117
118 int MAIN(int, char **);
119
120 static int get_index(CA_DB *db, char* id, char type)
121         {
122         char ** pp;
123         int i;
124         if (id == NULL) return -1;
125         if (type == DB_SRP_INDEX) 
126         for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
127                 {
128                 pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
129                 if (pp[DB_srptype][0] == DB_SRP_INDEX  && !strcmp(id, pp[DB_srpid])) 
130                         return i;
131                 }
132         else for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
133                 {
134                 pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
135
136                 if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id,pp[DB_srpid])) 
137                         return i;
138                 }
139
140         return -1 ; 
141         }
142
143 static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s)
144         {
145         if (indx >= 0 && verbose)
146                 {
147                 int j;
148                 char **pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, indx);
149                 BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]);
150                 for (j = 0; j < DB_NUMBER; j++)
151                         {
152                         BIO_printf(bio_err,"  %d = \"%s\"\n", j, pp[j]);
153                         }
154                 }
155         }
156
157 static void print_index(CA_DB *db, BIO *bio, int indexindex, int verbose)
158         {
159         print_entry(db, bio, indexindex, verbose, "g N entry") ;
160         }
161
162 static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose)
163         {
164         if (verbose > 0)
165                 {
166                 char **pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
167
168                 if (pp[DB_srptype][0] != 'I')
169                         {
170                         print_entry(db, bio, userindex, verbose, "User entry");
171                         print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose, "g N entry");
172                         }
173
174                 }
175         }
176
177 static int update_index(CA_DB *db, BIO *bio, char **row)
178         {
179         char ** irow;
180         int i;
181
182         if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
183                 {
184                 BIO_printf(bio_err,"Memory allocation failure\n");
185                 return 0;
186                 }
187
188         for (i=0; i<DB_NUMBER; i++)
189                 {
190                 irow[i]=row[i];
191                 row[i]=NULL;
192                 }
193         irow[DB_NUMBER]=NULL;
194
195         if (!TXT_DB_insert(db->db,irow))
196                 {
197                 BIO_printf(bio,"failed to update srpvfile\n");
198                 BIO_printf(bio,"TXT_DB error number %ld\n",db->db->error);
199                 OPENSSL_free(irow);
200                 return 0;
201                 }
202         return 1;
203         }
204
205 static void lookup_fail(const char *name, char *tag)
206         {
207         BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
208         }
209
210
211 static char *srp_verify_user(const char *user, const char *srp_verifier,
212                              char *srp_usersalt, const char *g, const char *N,
213                              const char *passin, BIO *bio, int verbose)
214         {
215         char password[1024];
216         PW_CB_DATA cb_tmp;
217         char *verifier = NULL;
218         char *gNid = NULL;
219
220         cb_tmp.prompt_info = user;
221         cb_tmp.password = passin;
222
223         if (password_callback(password, 1024, 0, &cb_tmp) >0)
224                 {
225                 VERBOSE BIO_printf(bio,"Validating\n   user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,srp_verifier,srp_usersalt, g, N);
226                 BIO_printf(bio, "Pass %s\n", password);
227
228                 if (!(gNid=SRP_create_verifier(user, password, &srp_usersalt, &verifier, N, g)))
229                         {
230                         BIO_printf(bio, "Internal error validating SRP verifier\n");
231                         }
232                 else
233                         {
234                         if (strcmp(verifier, srp_verifier))
235                                 gNid = NULL;
236                         OPENSSL_free(verifier);
237                         }
238                 }
239         return gNid;
240         }
241
242 static char *srp_create_user(char *user, char **srp_verifier,
243                              char **srp_usersalt, char *g, char *N,
244                              char *passout, BIO *bio, int verbose)
245         {
246         char password[1024];
247         PW_CB_DATA cb_tmp;
248         char *gNid = NULL;
249         char *salt = NULL;
250         cb_tmp.prompt_info = user;
251         cb_tmp.password = passout;
252
253         if (password_callback(password,1024,1,&cb_tmp) >0)
254                 {
255                 VERBOSE BIO_printf(bio,"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,g,N);
256                 if (!(gNid =SRP_create_verifier(user, password, &salt, srp_verifier, N, g)))
257                         {
258                         BIO_printf(bio,"Internal error creating SRP verifier\n");
259                         }
260                 else 
261                         *srp_usersalt = salt;
262                 VVERBOSE BIO_printf(bio,"gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid,salt, *srp_verifier);
263
264                 }
265         return gNid;
266         }
267
268 int MAIN(int argc, char **argv)
269         {
270         int add_user = 0;
271         int list_user= 0;
272         int delete_user= 0;
273         int modify_user= 0;
274         char * user = NULL;
275
276         char *passargin = NULL, *passargout = NULL;
277         char *passin = NULL, *passout = NULL;
278         char * gN = NULL;
279         int gNindex = -1;
280         char ** gNrow = NULL;
281         int maxgN = -1;
282
283         char * userinfo = NULL;
284
285         int badops=0;
286         int ret=1;
287         int errors=0;
288         int verbose=0;
289         int doupdatedb=0;
290         char *configfile=NULL;
291         char *dbfile=NULL;
292         CA_DB *db=NULL;
293         char **pp ;
294         int i;
295         long errorline = -1;
296         char *randfile=NULL;
297 #ifndef OPENSSL_NO_ENGINE
298         char *engine = NULL;
299 #endif
300         char *tofree=NULL;
301         DB_ATTR db_attr;
302
303 #ifdef EFENCE
304 EF_PROTECT_FREE=1;
305 EF_PROTECT_BELOW=1;
306 EF_ALIGNMENT=0;
307 #endif
308
309         apps_startup();
310
311         conf = NULL;
312         section = NULL;
313
314         if (bio_err == NULL)
315                 if ((bio_err=BIO_new(BIO_s_file())) != NULL)
316                         BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
317
318         argc--;
319         argv++;
320         while (argc >= 1 && badops == 0)
321                 {
322                 if      (strcmp(*argv,"-verbose") == 0)
323                         verbose++;
324                 else if (strcmp(*argv,"-config") == 0)
325                         {
326                         if (--argc < 1) goto bad;
327                         configfile= *(++argv);
328                         }
329                 else if (strcmp(*argv,"-name") == 0)
330                         {
331                         if (--argc < 1) goto bad;
332                         section= *(++argv);
333                         }
334                 else if (strcmp(*argv,"-srpvfile") == 0)
335                         {
336                         if (--argc < 1) goto bad;
337                         dbfile= *(++argv);
338                         }
339                 else if (strcmp(*argv,"-add") == 0)
340                         add_user=1;
341                 else if (strcmp(*argv,"-delete") == 0)
342                         delete_user=1;
343                 else if (strcmp(*argv,"-modify") == 0)
344                         modify_user=1;
345                 else if (strcmp(*argv,"-list") == 0)
346                         list_user=1;
347                 else if (strcmp(*argv,"-gn") == 0)
348                         {
349                         if (--argc < 1) goto bad;
350                         gN= *(++argv);
351                         }
352                 else if (strcmp(*argv,"-userinfo") == 0)
353                         {
354                         if (--argc < 1) goto bad;
355                         userinfo= *(++argv);
356                         }
357                 else if (strcmp(*argv,"-passin") == 0)
358                         {
359                         if (--argc < 1) goto bad;
360                         passargin= *(++argv);
361                         }
362                 else if (strcmp(*argv,"-passout") == 0)
363                         {
364                         if (--argc < 1) goto bad;
365                         passargout= *(++argv);
366                         }
367 #ifndef OPENSSL_NO_ENGINE
368                 else if (strcmp(*argv,"-engine") == 0)
369                         {
370                         if (--argc < 1) goto bad;
371                         engine= *(++argv);
372                         }
373 #endif
374
375                 else if (**argv == '-')
376                         {
377 bad:
378                         BIO_printf(bio_err,"unknown option %s\n",*argv);
379                         badops=1;
380                         break;
381                         }
382                 else 
383                         break;
384         
385                 argc--;
386                 argv++;
387                 }
388
389         if (dbfile && configfile)
390                 {
391                 BIO_printf(bio_err,"-dbfile and -configfile cannot be specified together.\n");
392                 badops = 1;
393                 }
394         if (add_user+delete_user+modify_user+list_user != 1)
395                 {
396                 BIO_printf(bio_err,"Exactly one of the options -add, -delete, -modify -list must be specified.\n");
397                 badops = 1;
398                 }
399         if (delete_user+modify_user+delete_user== 1 && argc <= 0)
400                 {
401                 BIO_printf(bio_err,"Need at least one user for options -add, -delete, -modify. \n");
402                 badops = 1;
403                 }
404         if ((passin || passout) && argc != 1 )
405                 {
406                 BIO_printf(bio_err,"-passin, -passout arguments only valid with one user.\n");
407                 badops = 1;
408                 }
409
410         if (badops)
411                 {
412                 for (pp=srp_usage; (*pp != NULL); pp++)
413                         BIO_printf(bio_err,"%s",*pp);
414
415                 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
416                 BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
417                 BIO_printf(bio_err,"                 the random number generator\n");
418                 goto err;
419                 }
420
421         ERR_load_crypto_strings();
422
423 #ifndef OPENSSL_NO_ENGINE
424         setup_engine(bio_err, engine, 0);
425 #endif
426
427         if(!app_passwd(bio_err, passargin, passargout, &passin, &passout))
428                 {
429                 BIO_printf(bio_err, "Error getting passwords\n");
430                 goto err;
431                 }
432
433         if (!dbfile)
434                 {
435
436
437         /*****************************************************************/
438                 tofree=NULL;
439                 if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
440                 if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
441                 if (configfile == NULL)
442                         {
443                         const char *s=X509_get_default_cert_area();
444                         size_t len;
445
446 #ifdef OPENSSL_SYS_VMS
447                         len = strlen(s)+sizeof(CONFIG_FILE);
448                         tofree=OPENSSL_malloc(len);
449                         strcpy(tofree,s);
450 #else
451                         len = strlen(s)+sizeof(CONFIG_FILE)+1;
452                         tofree=OPENSSL_malloc(len);
453                         BUF_strlcpy(tofree,s,len);
454                         BUF_strlcat(tofree,"/",len);
455 #endif
456                         BUF_strlcat(tofree,CONFIG_FILE,len);
457                         configfile=tofree;
458                         }
459
460                 VERBOSE BIO_printf(bio_err,"Using configuration from %s\n",configfile);
461                 conf = NCONF_new(NULL);
462                 if (NCONF_load(conf,configfile,&errorline) <= 0)
463                         {
464                         if (errorline <= 0)
465                                 BIO_printf(bio_err,"error loading the config file '%s'\n",
466                                         configfile);
467                         else
468                                 BIO_printf(bio_err,"error on line %ld of config file '%s'\n"
469                                         ,errorline,configfile);
470                         goto err;
471                         }
472                 if(tofree)
473                         {
474                         OPENSSL_free(tofree);
475                         tofree = NULL;
476                         }
477
478                 if (!load_config(bio_err, conf))
479                         goto err;
480
481         /* Lets get the config section we are using */
482                 if (section == NULL)
483                         {
484                         VERBOSE BIO_printf(bio_err,"trying to read " ENV_DEFAULT_SRP " in \" BASE_SECTION \"\n");
485
486                         section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_SRP);
487                         if (section == NULL)
488                                 {
489                                 lookup_fail(BASE_SECTION,ENV_DEFAULT_SRP);
490                                 goto err;
491                                 }
492                         }
493          
494                 if (randfile == NULL && conf)
495                         randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
496
497         
498                 VERBOSE BIO_printf(bio_err,"trying to read " ENV_DATABASE " in section \"%s\"\n",section);
499
500                 if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
501                         {
502                         lookup_fail(section,ENV_DATABASE);
503                         goto err;
504                         }
505
506                 }
507         if (randfile == NULL)
508                 ERR_clear_error();
509         else 
510                 app_RAND_load_file(randfile, bio_err, 0);
511
512         VERBOSE BIO_printf(bio_err,"Trying to read SRP verifier file \"%s\"\n",dbfile);
513
514         db = load_index(dbfile, &db_attr);
515         if (db == NULL) goto err;
516
517         /* Lets check some fields */
518         for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
519                 {
520                 pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
521         
522                 if (pp[DB_srptype][0] == DB_SRP_INDEX)
523                         {
524                         maxgN = i;
525                         if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid]))
526                                 gNindex = i;
527
528                         print_index(db, bio_err, i, verbose > 1);
529                         }
530                 }
531         
532         VERBOSE BIO_printf(bio_err, "Database initialised\n");
533
534         if (gNindex >= 0)
535                 {
536                 gNrow = (char **)sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
537                 print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N") ;
538                 }
539         else if (maxgN > 0 && !SRP_get_default_gN(gN))
540                 {
541                 BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
542                 goto err;
543                 }
544         else
545                 {
546                 VERBOSE BIO_printf(bio_err, "Database has no g N information.\n");
547                 gNrow = NULL;
548                 }
549         
550
551         VVERBOSE BIO_printf(bio_err,"Starting user processing\n");
552
553         if (argc > 0)
554                 user = *(argv++) ;
555
556         while (list_user || user)
557                 {
558                 int userindex = -1;
559                 if (user) 
560                         VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n", user);
561                 if ((userindex = get_index(db, user, 'U')) >= 0)
562                         {
563                         print_user(db, bio_err, userindex, (verbose > 0) || list_user);
564                         }
565                 
566                 if (list_user)
567                         {
568                         if (user == NULL)
569                                 {
570                                 BIO_printf(bio_err,"List all users\n");
571
572                                 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
573                                         {
574                                         print_user(db,bio_err, i, 1);
575                                         }
576                                 list_user = 0;
577                                 }
578                         else if (userindex < 0)
579                                 {
580                                 BIO_printf(bio_err, "user \"%s\" does not exist, ignored. t\n",
581                                            user);
582                                 errors++;
583                                 }
584                         }
585                 else if (add_user)
586                         {
587                         if (userindex >= 0)
588                                 {
589                                 /* reactivation of a new user */
590                                 char **row = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
591                                 BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
592                                 row[DB_srptype][0] = 'V';
593
594                                 doupdatedb = 1;
595                                 }
596                         else
597                                 {
598                                 char *row[DB_NUMBER] ; char *gNid;
599                                 row[DB_srpverifier] = NULL;
600                                 row[DB_srpsalt] = NULL;
601                                 row[DB_srpinfo] = NULL;
602                                 if (!(gNid = srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:gN,gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
603                                         {
604                                                 BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned .\n", user);
605                                                 errors++;
606                                                 goto err;
607                                         }
608                                 row[DB_srpid] = BUF_strdup(user);
609                                 row[DB_srptype] = BUF_strdup("v");
610                                 row[DB_srpgN] = BUF_strdup(gNid);
611
612                                 if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
613                                         (userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))) || 
614                                         !update_index(db, bio_err, row))
615                                         {
616                                         if (row[DB_srpid]) OPENSSL_free(row[DB_srpid]);
617                                         if (row[DB_srpgN]) OPENSSL_free(row[DB_srpgN]);
618                                         if (row[DB_srpinfo]) OPENSSL_free(row[DB_srpinfo]);
619                                         if (row[DB_srptype]) OPENSSL_free(row[DB_srptype]);
620                                         if (row[DB_srpverifier]) OPENSSL_free(row[DB_srpverifier]);
621                                         if (row[DB_srpsalt]) OPENSSL_free(row[DB_srpsalt]);
622                                         goto err;
623                                         }
624                                 doupdatedb = 1;
625                                 }
626                         }
627                 else if (modify_user)
628                         {
629                         if (userindex < 0)
630                                 {
631                                 BIO_printf(bio_err,"user \"%s\" does not exist, operation ignored.\n",user);
632                                 errors++;
633                                 }
634                         else
635                                 {
636
637                                 char **row = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
638                                 char type = row[DB_srptype][0];
639                                 if (type == 'v')
640                                         {
641                                         BIO_printf(bio_err,"user \"%s\" already updated, operation ignored.\n",user);
642                                         errors++;
643                                         }
644                                 else
645                                         {
646                                         char *gNid;
647
648                                         if (row[DB_srptype][0] == 'V')
649                                                 {
650                                                 int user_gN;
651                                                 char **irow = NULL;
652                                                 VERBOSE BIO_printf(bio_err,"Verifying password for user \"%s\"\n",user);
653                                                 if ( (user_gN = get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
654                                                         irow = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
655
656                                                 if (!srp_verify_user(user, row[DB_srpverifier], row[DB_srpsalt], irow ? irow[DB_srpsalt] : row[DB_srpgN], irow ? irow[DB_srpverifier] : NULL, passin, bio_err, verbose))
657                                                         {
658                                                         BIO_printf(bio_err, "Invalid password for user \"%s\", operation abandoned.\n", user);
659                                                         errors++;
660                                                         goto err;
661                                                         }
662                                                 } 
663                                         VERBOSE BIO_printf(bio_err,"Password for user \"%s\" ok.\n",user);
664
665                                         if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL, gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
666                                                 {
667                                                         BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user);
668                                                         errors++;
669                                                         goto err;
670                                                 }
671
672                                         row[DB_srptype][0] = 'v';
673                                         row[DB_srpgN] = BUF_strdup(gNid);
674  
675                                         if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
676                                                 (userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))))  
677                                                 goto err;
678
679                                         doupdatedb = 1;
680                                         }
681                                 }
682                         }
683                 else if (delete_user)
684                         {
685                         if (userindex < 0)
686                                 {
687                                 BIO_printf(bio_err, "user \"%s\" does not exist, operation ignored. t\n", user);
688                                 errors++;
689                                 }
690                         else
691                                 {
692                                 char **xpp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);
693                                 BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
694
695                                 xpp[DB_srptype][0] = 'R';
696                                 
697                                 doupdatedb = 1;
698                                 }
699                         }
700                 if (--argc > 0)
701                         user = *(argv++) ;
702                 else
703                         {
704                         user = NULL;
705                         list_user = 0;
706                         }
707                 }
708
709         VERBOSE BIO_printf(bio_err,"User procession done.\n");
710
711
712         if (doupdatedb)
713                 {
714                 /* Lets check some fields */
715                 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
716                         {
717                         pp = (char **)sk_OPENSSL_PSTRING_value(db->db->data, i);
718         
719                         if (pp[DB_srptype][0] == 'v')
720                                 {
721                                 pp[DB_srptype][0] = 'V';
722                                 print_user(db, bio_err, i, verbose);
723                                 }
724                         }
725
726                 VERBOSE BIO_printf(bio_err, "Trying to update srpvfile.\n");
727                 if (!save_index(dbfile, "new", db)) goto err;
728                                 
729                 VERBOSE BIO_printf(bio_err, "Temporary srpvfile created.\n");
730                 if (!rotate_index(dbfile, "new", "old")) goto err;
731
732                 VERBOSE BIO_printf(bio_err, "srpvfile updated.\n");
733                 }
734
735         ret = (errors != 0);
736 err:
737         if (errors != 0)
738         VERBOSE BIO_printf(bio_err,"User errors %d.\n",errors);
739
740         VERBOSE BIO_printf(bio_err,"SRP terminating with code %d.\n",ret);
741         if(tofree)
742                 OPENSSL_free(tofree);
743         if (ret) ERR_print_errors(bio_err);
744         if (randfile) app_RAND_write_file(randfile, bio_err);
745         if (conf) NCONF_free(conf);
746         if (db) free_index(db);
747
748         OBJ_cleanup();
749         apps_shutdown();
750         OPENSSL_EXIT(ret);
751         }
752
753
754
755 #endif
756