mirror of
https://github.com/mozilla/gecko-dev.git
synced 2025-01-24 21:58:06 +00:00
3ab3b65c43
week.
The Netscape svrcore library Terry Hayes wrote the Netscape svrcore library in 1998. Valerie Chu wrote the ntgetpin.c and related files. svrcore used to contain two major parts. The first part is what we released on mozilla. It is a kind of object-oriented package for handling PIN requests from NSS. The idea was to provide a standard way for servers to allow PIN input from a file or from the terminal. There is also a PIN handler that caches the PIN in memory after encrypting it with a key on a device (such as a Fortezza card). This allowed a server to restart without having to reenter the PIN. However since the PIN is encrypted, a core dump would not expose it. In addition, removing the device would also make the PIN inaccessible. The files are: svrcore.h - API definition alt.c - allows two possible PIN request methods to be used (say file and then terminal) cache.c - caches the result from another PIN request method errors.c - error text file.c - reads the PIN from a specified file ntgetpin.c - Windows version of a user prompt for PIN ntgetpin.rc - Windows resource script for ntgetpin.c ntresource.h - a generated include file used by ntgetpin.rc key.ico - an icon used by ntgetpin.rc logo.ico - an icon used by ntgetpin.rc pin.c - functions to register a PIN request object with NSS pk11.c - implementation of the encrypted in-memory caching std.c - a "standard" PIN object that satisfies requests from a file or the terminal and allows caching if desired. user.c - prompts the user for the PIN Note: the pk11.c file (secure PIN store) is a pretty good example of how to encrypt/decrypt with NSS. There was a second component of svrcore that handled export policy configuration. It allowed patching of a single executable (single program build) to create the export and domestic versions of a server. This code was discontinued after the export policy changes. The LDAP C SDK tools use svrcore. They also implemented their own PIN object to allow command line PIN entry. The directory server also implemented its own PIN object to allow a watchdog process to cache the PIN and restart the server.