Move crypto functions into its own subdir

A refactoring patch that creates a common util/crypto subdir with
per-implementation subdirectories for each underlying crypto library
supported by SSSD.

8 files changed, 119 insertions, 47 deletions

diff --git a/Makefile.am b/Makefile.am
index 4d8467c68..b0e04b5d5 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -117,11 +117,12 @@ noinst_LTLIBRARIES = \
     libsss_crypt.la
 
 if HAVE_NSS
-    SSS_CRYPT_SOURCES = src/util/nss_sha512crypt.c
+    SSS_CRYPT_SOURCES = src/util/crypto/nss/nss_sha512crypt.c \
+                        src/util/crypto/nss/nss_util.c
     SSS_CRYPT_CFLAGS = $(NSS_CFLAGS)
     SSS_CRYPT_LIBS = $(NSS_LIBS)
 else
-    SSS_CRYPT_SOURCES = src/util/crypto_sha512crypt.c
+    SSS_CRYPT_SOURCES = src/util/crypto/libcrypto/crypto_sha512crypt.c
     SSS_CRYPT_CFLAGS = $(CRYPTO_CFLAGS)
     SSS_CRYPT_LIBS = $(CRYPTO_LIBS)
 endif
@@ -296,7 +297,7 @@ endif
 
 dist_noinst_HEADERS = \
     src/monitor/monitor.h \
-    src/util/sha512crypt.h \
+    src/util/crypto/sss_crypto.h \
     src/util/dlinklist.h \
     src/util/util.h \
     src/util/strtonum.h \
@@ -350,6 +351,10 @@ dist_noinst_HEADERS = \
     src/resolv/ares/ares_data.h \
     src/tests/common.h
 
+if HAVE_NSS
+    dist_noinst_HEADERS += src/util/crypto/nss/nss_util.h
+endif
+
 
 ####################
 # Program Binaries #
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index d86c35d6c..017f8ebce 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -21,7 +21,7 @@
 
 #include "util/util.h"
 #include "db/sysdb_private.h"
-#include "util/sha512crypt.h"
+#include "util/crypto/sss_crypto.h"
 #include <time.h>
 
 static int add_string(struct ldb_message *msg, int flags,
diff --git a/src/responder/pam/pam_LOCAL_domain.c b/src/responder/pam/pam_LOCAL_domain.c
index d6c532e01..0df9499dd 100644
--- a/src/responder/pam/pam_LOCAL_domain.c
+++ b/src/responder/pam/pam_LOCAL_domain.c
@@ -24,7 +24,7 @@
 
 #include "util/util.h"
 #include "db/sysdb.h"
-#include "util/sha512crypt.h"
+#include "util/crypto/sss_crypto.h"
 #include "providers/data_provider.h"
 #include "responder/pam/pamsrv.h"
 
diff --git a/src/util/crypto_sha512crypt.c b/src/util/crypto/libcrypto/crypto_sha512crypt.c
index 9cd03a1e1..29900cc9c 100644
--- a/src/util/crypto_sha512crypt.c
+++ b/src/util/crypto/libcrypto/crypto_sha512crypt.c
@@ -379,4 +379,3 @@ int s3crypt_gen_salt(TALLOC_CTX *memctx, char **_salt)
 
     return EOK;
 }
-
diff --git a/src/util/nss_sha512crypt.c b/src/util/crypto/nss/nss_sha512crypt.c
index 8ba16d4aa..514e4d9a3 100644
--- a/src/util/nss_sha512crypt.c
+++ b/src/util/crypto/nss/nss_sha512crypt.c
@@ -21,41 +21,13 @@
 #include <sys/types.h>
 
 #include "util/util.h"
+#include "util/crypto/nss/nss_util.h"
 
 #include <prinit.h>
 #include <nss.h>
 #include <sechash.h>
 #include <pk11func.h>
 
-static int nspr_nss_init_done = 0;
-
-static int nspr_nss_init(void)
-{
-    int ret;
-    PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
-    ret = NSS_NoDB_Init(NULL);
-    if (ret != SECSuccess) {
-        return ret;
-    }
-    nspr_nss_init_done = 1;
-    return 0;
-}
-
-/* added for completness, so far not used */
-#if 0
-static int nspr_nss_cleanup(void)
-{
-    int ret;
-    ret = NSS_Shutdown();
-    if (ret != SECSuccess) {
-        return ret;
-    }
-    PR_Cleanup();
-    nspr_nss_init_done = 0;
-    return 0;
-}
-#endif
-
 /* Define our magic string to mark salt for SHA512 "encryption" replacement. */
 const char sha512_salt_prefix[] = "$6$";
 #define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1)
@@ -153,12 +125,10 @@ static int sha512_crypt_r(const char *key,
         salt = copied_salt = memcpy(tmp + ALIGN64 - PTR_2_INT(tmp) % ALIGN64, salt, salt_len);
     }
 
-    if (!nspr_nss_init_done) {
-        ret = nspr_nss_init();
-        if (ret != SECSuccess) {
-            ret = EIO;
-            goto done;
-        }
+    ret = nspr_nss_init();
+    if (ret != EOK) {
+        ret = EIO;
+        goto done;
     }
 
     ctx = HASH_Create(HASH_AlgSHA512);
@@ -387,11 +357,9 @@ int s3crypt_gen_salt(TALLOC_CTX *memctx, char **_salt)
     size_t slen;
     int ret;
 
-    if (!nspr_nss_init_done) {
-        ret = nspr_nss_init();
-        if (ret != SECSuccess) {
-            return EIO;
-        }
+    ret = nspr_nss_init();
+    if (ret != EOK) {
+        return EIO;
     }
 
     salt = talloc_size(memctx, SALT_LEN_MAX + 1);
@@ -416,4 +384,3 @@ int s3crypt_gen_salt(TALLOC_CTX *memctx, char **_salt)
 
     return EOK;
 }
-
diff --git a/src/util/crypto/nss/nss_util.c b/src/util/crypto/nss/nss_util.c
new file mode 100644
index 000000000..59390eb96
--- /dev/null
+++ b/src/util/crypto/nss/nss_util.c
@@ -0,0 +1,74 @@
+/*
+   SSSD
+
+   NSS crypto wrappers
+
+   Authors:
+        Sumit Bose <sbose@redhat.com>
+        Jakub Hrozek <jhrozek@redhat.com>
+
+   Copyright (C) Red Hat, Inc 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "config.h"
+
+#include <prinit.h>
+#include <prerror.h>
+#include <nss.h>
+#include <pk11func.h>
+
+#include "util/util.h"
+
+static int nspr_nss_init_done = 0;
+
+int nspr_nss_init(void)
+{
+    SECStatus sret;
+
+    /* nothing to do */
+    if (nspr_nss_init_done == 1) return SECSuccess;
+
+    PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
+
+    sret = NSS_NoDB_Init(NULL);
+    if (sret != SECSuccess) {
+        DEBUG(1, ("Error initializing connection to NSS [%d]\n",
+                  PR_GetError()));
+        return EIO;
+    }
+
+    nspr_nss_init_done = 1;
+    return EOK;
+}
+
+int nspr_nss_cleanup(void)
+{
+    SECStatus sret;
+
+    /* nothing to do */
+    if (nspr_nss_init_done == 0) return SECSuccess;
+
+    sret = NSS_Shutdown();
+    if (sret != SECSuccess) {
+        DEBUG(1, ("Error shutting down connection to NSS [%d]\n",
+                  PR_GetError()));
+        return EIO;
+    }
+
+    PR_Cleanup();
+    nspr_nss_init_done = 0;
+    return EOK;
+}
diff --git a/src/util/crypto/nss/nss_util.h b/src/util/crypto/nss/nss_util.h
new file mode 100644
index 000000000..7387b9a7e
--- /dev/null
+++ b/src/util/crypto/nss/nss_util.h
@@ -0,0 +1,27 @@
+/*
+   SSSD
+
+   NSS crypto wrappers
+
+   Authors:
+        Jakub Hrozek <jhrozek@redhat.com>
+
+   Copyright (C) Red Hat, Inc 2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+int nspr_nss_init(void);
+int nspr_nss_cleanup(void);
diff --git a/src/util/sha512crypt.h b/src/util/crypto/sss_crypto.h
index 5512c5d96..5512c5d96 100644
--- a/src/util/sha512crypt.h
+++ b/src/util/crypto/sss_crypto.h