Typo (PR2959).
[openssl.git] / apps / srp.c
1 /* apps/srp.c */
2 /* Written by Peter Sylvester (peter.sylvester@edelweb.fr)  
3  * for the EdelKey project and contributed to the OpenSSL project 2004.
4  */
5 /* ====================================================================
6  * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer. 
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in
17  *    the documentation and/or other materials provided with the
18  *    distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  *    software must display the following acknowledgment:
22  *    "This product includes software developed by the OpenSSL Project
23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  *    endorse or promote products derived from this software without
27  *    prior written permission. For written permission, please contact
28  *    licensing@OpenSSL.org.
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  *    nor may "OpenSSL" appear in their names without prior written
32  *    permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  *    acknowledgment:
36  *    "This product includes software developed by the OpenSSL Project
37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  *
53  * This product includes cryptographic software written by Eric Young
54  * (eay@cryptsoft.com).  This product includes software written by Tim
55  * Hudson (tjh@cryptsoft.com).
56  *
57  */
58 #include <openssl/opensslconf.h>
59
60 #ifndef OPENSSL_NO_SRP
61 #include <stdio.h>
62 #include <stdlib.h>
63 #include <string.h>
64 #include <openssl/conf.h>
65 #include <openssl/bio.h>
66 #include <openssl/err.h>
67 #include <openssl/txt_db.h>
68 #include <openssl/buffer.h>
69 #include <openssl/srp.h>
70
71 #include "apps.h"
72
73 #undef PROG
74 #define PROG srp_main
75
76 #define BASE_SECTION    "srp"
77 #define CONFIG_FILE "openssl.cnf"
78
79 #define ENV_RANDFILE            "RANDFILE"
80
81 #define ENV_DATABASE            "srpvfile"
82 #define ENV_DEFAULT_SRP         "default_srp"
83
84 static char *srp_usage[]={
85 "usage: srp [args] [user] \n",
86 "\n",
87 " -verbose        Talk alot while doing things\n",
88 " -config file    A config file\n",
89 " -name arg       The particular srp definition to use\n",
90 " -srpvfile arg   The srp verifier file name\n",
91 " -add            add an user and srp verifier\n",
92 " -modify         modify the srp verifier of an existing user\n",
93 " -delete         delete user from verifier file\n",
94 " -list           list user\n",
95 " -gn arg         g and N values to be used for new verifier\n",
96 " -userinfo arg   additional info to be set for user\n",
97 " -passin arg     input file pass phrase source\n",
98 " -passout arg    output file pass phrase source\n",
99 #ifndef OPENSSL_NO_ENGINE
100 " -engine e         - use engine e, possibly a hardware device.\n",
101 #endif
102 NULL
103 };
104
105 #ifdef EFENCE
106 extern int EF_PROTECT_FREE;
107 extern int EF_PROTECT_BELOW;
108 extern int EF_ALIGNMENT;
109 #endif
110
111 static CONF *conf=NULL;
112 static char *section=NULL;
113
114 #define VERBOSE if (verbose) 
115 #define VVERBOSE if (verbose>1) 
116
117
118 int MAIN(int, char **);
119
120 static int get_index(CA_DB *db, char* id, char type)
121         {
122         char ** pp;
123         int i;
124         if (id == NULL) return -1;
125         if (type == DB_SRP_INDEX) 
126         for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
127                 {
128                 pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
129                 if (pp[DB_srptype][0] == DB_SRP_INDEX  && !strcmp(id,pp[DB_srpid])) 
130                         return i;
131                 }
132         else for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
133                 {
134                 pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
135
136                 if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id,pp[DB_srpid])) 
137                         return i;
138                 }
139
140         return -1 ; 
141         }
142
143 static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s)
144         {
145         if (indx >= 0 && verbose)
146                 {
147                 int j;
148                 char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
149                 BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]);
150                 for (j = 0; j < DB_NUMBER; j++)
151                         {
152                         BIO_printf(bio_err,"  %d = \"%s\"\n", j, pp[j]);
153                         }
154                 }
155         }
156
157 static void print_index(CA_DB *db, BIO *bio, int indexindex, int verbose)
158         {
159         print_entry(db, bio, indexindex, verbose, "g N entry") ;
160         }
161
162 static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose)
163         {
164         if (verbose > 0)
165                 {
166                 char **pp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
167
168                 if (pp[DB_srptype][0] != 'I')
169                         {
170                         print_entry(db, bio, userindex, verbose, "User entry");
171                         print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose, "g N entry");
172                         }
173
174                 }
175         }
176
177 static int update_index(CA_DB *db, BIO *bio, char **row)
178         {
179         char ** irow;
180         int i;
181
182         if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
183                 {
184                 BIO_printf(bio_err,"Memory allocation failure\n");
185                 return 0;
186                 }
187
188         for (i=0; i<DB_NUMBER; i++)
189                 {
190                 irow[i]=row[i];
191                 row[i]=NULL;
192                 }
193         irow[DB_NUMBER]=NULL;
194
195         if (!TXT_DB_insert(db->db,irow))
196                 {
197                 BIO_printf(bio,"failed to update srpvfile\n");
198                 BIO_printf(bio,"TXT_DB error number %ld\n",db->db->error);
199                 OPENSSL_free(irow);
200                 return 0;
201                 }
202         return 1;
203         }
204
205 static void lookup_fail(const char *name, const char *tag)
206         {
207         BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
208         }
209
210
211 static char *srp_verify_user(const char *user, const char *srp_verifier,
212                              char *srp_usersalt, const char *g, const char *N,
213                              const char *passin, BIO *bio, int verbose)
214         {
215         char password[1024];
216         PW_CB_DATA cb_tmp;
217         char *verifier = NULL;
218         char *gNid = NULL;
219
220         cb_tmp.prompt_info = user;
221         cb_tmp.password = passin;
222
223         if (password_callback(password, 1024, 0, &cb_tmp) >0)
224                 {
225                 VERBOSE BIO_printf(bio,"Validating\n   user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,srp_verifier,srp_usersalt, g, N);
226                 BIO_printf(bio, "Pass %s\n", password);
227
228                 OPENSSL_assert(srp_usersalt != NULL);
229                 if (!(gNid=SRP_create_verifier(user, password, &srp_usersalt, &verifier,
230                                                                            N, g)))
231                         {
232                         BIO_printf(bio, "Internal error validating SRP verifier\n");
233                         }
234                 else
235                         {
236                         if (strcmp(verifier, srp_verifier))
237                                 gNid = NULL;
238                         OPENSSL_free(verifier);
239                         }
240                 }
241         return gNid;
242         }
243
244 static char *srp_create_user(char *user, char **srp_verifier,
245                              char **srp_usersalt, char *g, char *N,
246                              char *passout, BIO *bio, int verbose)
247         {
248         char password[1024];
249         PW_CB_DATA cb_tmp;
250         char *gNid = NULL;
251         char *salt = NULL;
252         cb_tmp.prompt_info = user;
253         cb_tmp.password = passout;
254
255         if (password_callback(password,1024,1,&cb_tmp) >0)
256                 {
257                 VERBOSE BIO_printf(bio,"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,g,N);
258                 if (!(gNid =SRP_create_verifier(user, password, &salt, srp_verifier, N, g)))
259                         {
260                         BIO_printf(bio,"Internal error creating SRP verifier\n");
261                         }
262                 else 
263                         *srp_usersalt = salt;
264                 VVERBOSE BIO_printf(bio,"gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid,salt, *srp_verifier);
265
266                 }
267         return gNid;
268         }
269
270 int MAIN(int argc, char **argv)
271         {
272         int add_user = 0;
273         int list_user= 0;
274         int delete_user= 0;
275         int modify_user= 0;
276         char * user = NULL;
277
278         char *passargin = NULL, *passargout = NULL;
279         char *passin = NULL, *passout = NULL;
280         char * gN = NULL;
281         int gNindex = -1;
282         char ** gNrow = NULL;
283         int maxgN = -1;
284
285         char * userinfo = NULL;
286
287         int badops=0;
288         int ret=1;
289         int errors=0;
290         int verbose=0;
291         int doupdatedb=0;
292         char *configfile=NULL;
293         char *dbfile=NULL;
294         CA_DB *db=NULL;
295         char **pp ;
296         int i;
297         long errorline = -1;
298         char *randfile=NULL;
299 #ifndef OPENSSL_NO_ENGINE
300         char *engine = NULL;
301 #endif
302         char *tofree=NULL;
303         DB_ATTR db_attr;
304
305 #ifdef EFENCE
306 EF_PROTECT_FREE=1;
307 EF_PROTECT_BELOW=1;
308 EF_ALIGNMENT=0;
309 #endif
310
311         apps_startup();
312
313         conf = NULL;
314         section = NULL;
315
316         if (bio_err == NULL)
317                 if ((bio_err=BIO_new(BIO_s_file())) != NULL)
318                         BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
319
320         argc--;
321         argv++;
322         while (argc >= 1 && badops == 0)
323                 {
324                 if      (strcmp(*argv,"-verbose") == 0)
325                         verbose++;
326                 else if (strcmp(*argv,"-config") == 0)
327                         {
328                         if (--argc < 1) goto bad;
329                         configfile= *(++argv);
330                         }
331                 else if (strcmp(*argv,"-name") == 0)
332                         {
333                         if (--argc < 1) goto bad;
334                         section= *(++argv);
335                         }
336                 else if (strcmp(*argv,"-srpvfile") == 0)
337                         {
338                         if (--argc < 1) goto bad;
339                         dbfile= *(++argv);
340                         }
341                 else if (strcmp(*argv,"-add") == 0)
342                         add_user=1;
343                 else if (strcmp(*argv,"-delete") == 0)
344                         delete_user=1;
345                 else if (strcmp(*argv,"-modify") == 0)
346                         modify_user=1;
347                 else if (strcmp(*argv,"-list") == 0)
348                         list_user=1;
349                 else if (strcmp(*argv,"-gn") == 0)
350                         {
351                         if (--argc < 1) goto bad;
352                         gN= *(++argv);
353                         }
354                 else if (strcmp(*argv,"-userinfo") == 0)
355                         {
356                         if (--argc < 1) goto bad;
357                         userinfo= *(++argv);
358                         }
359                 else if (strcmp(*argv,"-passin") == 0)
360                         {
361                         if (--argc < 1) goto bad;
362                         passargin= *(++argv);
363                         }
364                 else if (strcmp(*argv,"-passout") == 0)
365                         {
366                         if (--argc < 1) goto bad;
367                         passargout= *(++argv);
368                         }
369 #ifndef OPENSSL_NO_ENGINE
370                 else if (strcmp(*argv,"-engine") == 0)
371                         {
372                         if (--argc < 1) goto bad;
373                         engine= *(++argv);
374                         }
375 #endif
376
377                 else if (**argv == '-')
378                         {
379 bad:
380                         BIO_printf(bio_err,"unknown option %s\n",*argv);
381                         badops=1;
382                         break;
383                         }
384                 else 
385                         break;
386         
387                 argc--;
388                 argv++;
389                 }
390
391         if (dbfile && configfile)
392                 {
393                 BIO_printf(bio_err,"-dbfile and -configfile cannot be specified together.\n");
394                 badops = 1;
395                 }
396         if (add_user+delete_user+modify_user+list_user != 1)
397                 {
398                 BIO_printf(bio_err,"Exactly one of the options -add, -delete, -modify -list must be specified.\n");
399                 badops = 1;
400                 }
401         if (delete_user+modify_user+delete_user== 1 && argc <= 0)
402                 {
403                 BIO_printf(bio_err,"Need at least one user for options -add, -delete, -modify. \n");
404                 badops = 1;
405                 }
406         if ((passin || passout) && argc != 1 )
407                 {
408                 BIO_printf(bio_err,"-passin, -passout arguments only valid with one user.\n");
409                 badops = 1;
410                 }
411
412         if (badops)
413                 {
414                 for (pp=srp_usage; (*pp != NULL); pp++)
415                         BIO_printf(bio_err,"%s",*pp);
416
417                 BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
418                 BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
419                 BIO_printf(bio_err,"                 the random number generator\n");
420                 goto err;
421                 }
422
423         ERR_load_crypto_strings();
424
425 #ifndef OPENSSL_NO_ENGINE
426         setup_engine(bio_err, engine, 0);
427 #endif
428
429         if(!app_passwd(bio_err, passargin, passargout, &passin, &passout))
430                 {
431                 BIO_printf(bio_err, "Error getting passwords\n");
432                 goto err;
433                 }
434
435         if (!dbfile)
436                 {
437
438
439         /*****************************************************************/
440                 tofree=NULL;
441                 if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
442                 if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
443                 if (configfile == NULL)
444                         {
445                         const char *s=X509_get_default_cert_area();
446                         size_t len;
447
448 #ifdef OPENSSL_SYS_VMS
449                         len = strlen(s)+sizeof(CONFIG_FILE);
450                         tofree=OPENSSL_malloc(len);
451                         strcpy(tofree,s);
452 #else
453                         len = strlen(s)+sizeof(CONFIG_FILE)+1;
454                         tofree=OPENSSL_malloc(len);
455                         BUF_strlcpy(tofree,s,len);
456                         BUF_strlcat(tofree,"/",len);
457 #endif
458                         BUF_strlcat(tofree,CONFIG_FILE,len);
459                         configfile=tofree;
460                         }
461
462                 VERBOSE BIO_printf(bio_err,"Using configuration from %s\n",configfile);
463                 conf = NCONF_new(NULL);
464                 if (NCONF_load(conf,configfile,&errorline) <= 0)
465                         {
466                         if (errorline <= 0)
467                                 BIO_printf(bio_err,"error loading the config file '%s'\n",
468                                         configfile);
469                         else
470                                 BIO_printf(bio_err,"error on line %ld of config file '%s'\n"
471                                         ,errorline,configfile);
472                         goto err;
473                         }
474                 if(tofree)
475                         {
476                         OPENSSL_free(tofree);
477                         tofree = NULL;
478                         }
479
480                 if (!load_config(bio_err, conf))
481                         goto err;
482
483         /* Lets get the config section we are using */
484                 if (section == NULL)
485                         {
486                         VERBOSE BIO_printf(bio_err,"trying to read " ENV_DEFAULT_SRP " in \" BASE_SECTION \"\n");
487
488                         section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_SRP);
489                         if (section == NULL)
490                                 {
491                                 lookup_fail(BASE_SECTION,ENV_DEFAULT_SRP);
492                                 goto err;
493                                 }
494                         }
495          
496                 if (randfile == NULL && conf)
497                         randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
498
499         
500                 VERBOSE BIO_printf(bio_err,"trying to read " ENV_DATABASE " in section \"%s\"\n",section);
501
502                 if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
503                         {
504                         lookup_fail(section,ENV_DATABASE);
505                         goto err;
506                         }
507
508                 }
509         if (randfile == NULL)
510                 ERR_clear_error();
511         else 
512                 app_RAND_load_file(randfile, bio_err, 0);
513
514         VERBOSE BIO_printf(bio_err,"Trying to read SRP verifier file \"%s\"\n",dbfile);
515
516         db = load_index(dbfile, &db_attr);
517         if (db == NULL) goto err;
518
519         /* Lets check some fields */
520         for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
521                 {
522                 pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
523         
524                 if (pp[DB_srptype][0] == DB_SRP_INDEX)
525                         {
526                         maxgN = i;
527                         if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid]))
528                                 gNindex = i;
529
530                         print_index(db, bio_err, i, verbose > 1);
531                         }
532                 }
533         
534         VERBOSE BIO_printf(bio_err, "Database initialised\n");
535
536         if (gNindex >= 0)
537                 {
538                 gNrow = sk_OPENSSL_PSTRING_value(db->db->data,gNindex);
539                 print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N");
540                 }
541         else if (maxgN > 0 && !SRP_get_default_gN(gN))
542                 {
543                 BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
544                 goto err;
545                 }
546         else
547                 {
548                 VERBOSE BIO_printf(bio_err, "Database has no g N information.\n");
549                 gNrow = NULL;
550                 }
551         
552
553         VVERBOSE BIO_printf(bio_err,"Starting user processing\n");
554
555         if (argc > 0)
556                 user = *(argv++) ;
557
558         while (list_user || user)
559                 {
560                 int userindex = -1;
561                 if (user) 
562                         VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n", user);
563                 if ((userindex = get_index(db, user, 'U')) >= 0)
564                         {
565                         print_user(db, bio_err, userindex, (verbose > 0) || list_user);
566                         }
567                 
568                 if (list_user)
569                         {
570                         if (user == NULL)
571                                 {
572                                 BIO_printf(bio_err,"List all users\n");
573
574                                 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
575                                         {
576                                         print_user(db,bio_err, i, 1);
577                                         }
578                                 list_user = 0;
579                                 }
580                         else if (userindex < 0)
581                                 {
582                                 BIO_printf(bio_err, "user \"%s\" does not exist, ignored. t\n",
583                                            user);
584                                 errors++;
585                                 }
586                         }
587                 else if (add_user)
588                         {
589                         if (userindex >= 0)
590                                 {
591                                 /* reactivation of a new user */
592                                 char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
593                                 BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
594                                 row[DB_srptype][0] = 'V';
595
596                                 doupdatedb = 1;
597                                 }
598                         else
599                                 {
600                                 char *row[DB_NUMBER] ; char *gNid;
601                                 row[DB_srpverifier] = NULL;
602                                 row[DB_srpsalt] = NULL;
603                                 row[DB_srpinfo] = NULL;
604                                 if (!(gNid = srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:gN,gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
605                                         {
606                                                 BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned .\n", user);
607                                                 errors++;
608                                                 goto err;
609                                         }
610                                 row[DB_srpid] = BUF_strdup(user);
611                                 row[DB_srptype] = BUF_strdup("v");
612                                 row[DB_srpgN] = BUF_strdup(gNid);
613
614                                 if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
615                                         (userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))) || 
616                                         !update_index(db, bio_err, row))
617                                         {
618                                         if (row[DB_srpid]) OPENSSL_free(row[DB_srpid]);
619                                         if (row[DB_srpgN]) OPENSSL_free(row[DB_srpgN]);
620                                         if (row[DB_srpinfo]) OPENSSL_free(row[DB_srpinfo]);
621                                         if (row[DB_srptype]) OPENSSL_free(row[DB_srptype]);
622                                         if (row[DB_srpverifier]) OPENSSL_free(row[DB_srpverifier]);
623                                         if (row[DB_srpsalt]) OPENSSL_free(row[DB_srpsalt]);
624                                         goto err;
625                                         }
626                                 doupdatedb = 1;
627                                 }
628                         }
629                 else if (modify_user)
630                         {
631                         if (userindex < 0)
632                                 {
633                                 BIO_printf(bio_err,"user \"%s\" does not exist, operation ignored.\n",user);
634                                 errors++;
635                                 }
636                         else
637                                 {
638
639                                 char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
640                                 char type = row[DB_srptype][0];
641                                 if (type == 'v')
642                                         {
643                                         BIO_printf(bio_err,"user \"%s\" already updated, operation ignored.\n",user);
644                                         errors++;
645                                         }
646                                 else
647                                         {
648                                         char *gNid;
649
650                                         if (row[DB_srptype][0] == 'V')
651                                                 {
652                                                 int user_gN;
653                                                 char **irow = NULL;
654                                                 VERBOSE BIO_printf(bio_err,"Verifying password for user \"%s\"\n",user);
655                                                 if ( (user_gN = get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
656                                                         irow = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
657
658                                                 if (!srp_verify_user(user, row[DB_srpverifier], row[DB_srpsalt], irow ? irow[DB_srpsalt] : row[DB_srpgN], irow ? irow[DB_srpverifier] : NULL, passin, bio_err, verbose))
659                                                         {
660                                                         BIO_printf(bio_err, "Invalid password for user \"%s\", operation abandoned.\n", user);
661                                                         errors++;
662                                                         goto err;
663                                                         }
664                                                 } 
665                                         VERBOSE BIO_printf(bio_err,"Password for user \"%s\" ok.\n",user);
666
667                                         if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL, gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
668                                                 {
669                                                 BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user);
670                                                 errors++;
671                                                 goto err;
672                                                 }
673
674                                         row[DB_srptype][0] = 'v';
675                                         row[DB_srpgN] = BUF_strdup(gNid);
676  
677                                         if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
678                                                 (userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))))  
679                                                 goto err;
680
681                                         doupdatedb = 1;
682                                         }
683                                 }
684                         }
685                 else if (delete_user)
686                         {
687                         if (userindex < 0)
688                                 {
689                                 BIO_printf(bio_err, "user \"%s\" does not exist, operation ignored. t\n", user);
690                                 errors++;
691                                 }
692                         else
693                                 {
694                                 char **xpp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
695                                 BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
696
697                                 xpp[DB_srptype][0] = 'R';
698                                 
699                                 doupdatedb = 1;
700                                 }
701                         }
702                 if (--argc > 0)
703                         user = *(argv++) ;
704                 else
705                         {
706                         user = NULL;
707                         list_user = 0;
708                         }
709                 }
710
711         VERBOSE BIO_printf(bio_err,"User procession done.\n");
712
713
714         if (doupdatedb)
715                 {
716                 /* Lets check some fields */
717                 for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
718                         {
719                         pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
720         
721                         if (pp[DB_srptype][0] == 'v')
722                                 {
723                                 pp[DB_srptype][0] = 'V';
724                                 print_user(db, bio_err, i, verbose);
725                                 }
726                         }
727
728                 VERBOSE BIO_printf(bio_err, "Trying to update srpvfile.\n");
729                 if (!save_index(dbfile, "new", db)) goto err;
730                                 
731                 VERBOSE BIO_printf(bio_err, "Temporary srpvfile created.\n");
732                 if (!rotate_index(dbfile, "new", "old")) goto err;
733
734                 VERBOSE BIO_printf(bio_err, "srpvfile updated.\n");
735                 }
736
737         ret = (errors != 0);
738 err:
739         if (errors != 0)
740         VERBOSE BIO_printf(bio_err,"User errors %d.\n",errors);
741
742         VERBOSE BIO_printf(bio_err,"SRP terminating with code %d.\n",ret);
743         if(tofree)
744                 OPENSSL_free(tofree);
745         if (ret) ERR_print_errors(bio_err);
746         if (randfile) app_RAND_write_file(randfile, bio_err);
747         if (conf) NCONF_free(conf);
748         if (db) free_index(db);
749
750         OBJ_cleanup();
751         apps_shutdown();
752         OPENSSL_EXIT(ret);
753         }
754
755
756
757 #endif
758