Multi-access database changes.

security/nss/lib/softoken/cdbhdl.h

@@ -34,7 +34,7 @@
  * cdbhdl.h - certificate database handle
  *   private to the certdb module
  *
- * $Id: cdbhdl.h,v 1.2 2001/11/08 00:15:30 relyea%netscape.com Exp $
+ * $Id: cdbhdl.h,v 1.3 2002/04/05 09:17:49 relyea%netscape.com Exp $
  */
 #ifndef _CDBHDL_H_
 #define _CDBHDL_H_
@@ -51,4 +51,19 @@ struct NSSLOWCERTCertDBHandleStr {
     PZMonitor *dbMon;
 };
 
+#ifdef DBM_USING_NSPR
+#define NO_RDONLY	PR_RDONLY
+#define NO_RDWR		PR_RDWR
+#define NO_CREATE	(PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE)
+#else
+#define NO_RDONLY	O_RDONLY
+#define NO_RDWR		O_RDWR
+#define NO_CREATE	(O_RDWR | O_CREAT | O_TRUNC)
+#endif
+
+typedef DB * (*rdbfunc)(const char *appName, const char *prefix, 
+				const char *type, int flags);
+
+DB * rdbopen(const char *appName, const char *prefix, 
+				const char *type, int flags);
 #endif

security/nss/lib/softoken/dbinit.c

@@ -32,7 +32,7 @@
  * may use your version of this file under either the MPL or the
  * GPL.
  *
- # $Id: dbinit.c,v 1.8 2001/12/07 01:36:17 relyea%netscape.com Exp $
+ # $Id: dbinit.c,v 1.9 2002/04/05 09:17:49 relyea%netscape.com Exp $
  */
 
 #include <ctype.h>
@@ -102,6 +102,29 @@ pk11_keydb_name_cb(void *arg, int dbVersion)
 #define CKR_CERTDB_FAILED	CKR_DEVICE_ERROR
 #define CKR_KEYDB_FAILED	CKR_DEVICE_ERROR
 
+const char *
+pk11_EvaluateConfigDir(const char *configdir,char **appName)
+{
+    if (PORT_Strncmp(configdir, MULTIACCESS, sizeof(MULTIACCESS)-1) == 0) {
+	char *cdir;
+
+	*appName = PORT_Strdup(configdir+sizeof(MULTIACCESS)-1);
+	if (*appName == NULL) {
+	    return configdir;
+	}
+	cdir = *appName;
+	while (*cdir && *cdir != ':') {
+	    cdir++;
+	}
+	if (*cdir == ':') {
+	   *cdir = 0;
+	   cdir++;
+	}
+	configdir = cdir;
+    }
+    return configdir;
+}
+
 static CK_RV
 pk11_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly,
     					    NSSLOWCERTCertDBHandle **certdbPtr)
@@ -110,11 +133,14 @@ pk11_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly,
     CK_RV        crv = CKR_CERTDB_FAILED;
     SECStatus    rv;
     char * name = NULL;
+    char * appName = NULL;
 
     if (prefix == NULL) {
 	prefix = "";
     }
 
+    configdir = pk11_EvaluateConfigDir(configdir, &appName);
+
     name = PR_smprintf("%s" PATH_SEPARATOR "%s",configdir,prefix);
     if (name == NULL) goto loser;
 
@@ -123,7 +149,7 @@ pk11_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly,
     	goto loser;
 
 /* fix when we get the DB in */
-    rv = nsslowcert_OpenCertDB(certdb, readOnly, 
+    rv = nsslowcert_OpenCertDB(certdb, readOnly, appName, prefix,
 				pk11_certdb_name_cb, (void *)name, PR_FALSE);
     if (rv == SECSuccess) {
 	crv = CKR_OK;
@@ -133,6 +159,7 @@ pk11_OpenCertDB(const char * configdir, const char *prefix, PRBool readOnly,
 loser: 
     if (certdb) PR_Free(certdb);
     if (name) PORT_Free(name);
+    if (appName) PORT_Free(appName);
     return crv;
 }
 
@@ -142,15 +169,20 @@ pk11_OpenKeyDB(const char * configdir, const char *prefix, PRBool readOnly,
 {
     NSSLOWKEYDBHandle *keydb;
     char * name = NULL;
+    char * appName = NULL;
 
     if (prefix == NULL) {
 	prefix = "";
     }
+    configdir = pk11_EvaluateConfigDir(configdir, &appName);
+
     name = PR_smprintf("%s" PATH_SEPARATOR "%s",configdir,prefix);	
     if (name == NULL) 
 	return SECFailure;
-    keydb = nsslowkey_OpenKeyDB(readOnly, pk11_keydb_name_cb, (void *)name);
+    keydb = nsslowkey_OpenKeyDB(readOnly, appName, prefix, 
+					pk11_keydb_name_cb, (void *)name);
     PORT_Free(name);
+    if (appName) PORT_Free(appName);
     if (keydb == NULL)
 	return CKR_KEYDB_FAILED;
     *keydbPtr = keydb;
@@ -222,3 +254,39 @@ pk11_DBShutdown(NSSLOWCERTCertDBHandle *certHandle,
 	keyHandle= NULL;
     }
 }
+
+static rdbfunc pk11_rdbfunc;
+
+/* NOTE: SHLIB_SUFFIX is defined on the command line */
+#define RDBLIB "rdb."SHLIB_SUFFIX
+
+DB * rdbopen(const char *appName, const char *prefix, 
+				const char *type, int flags)
+{
+    PRLibrary *lib;
+    DB *db;
+
+    if (pk11_rdbfunc) {
+	db = (*pk11_rdbfunc)(appName,prefix,type,flags);
+	return db;
+    }
+
+    /*
+     * try to open the library.
+     */
+    lib = PR_LoadLibrary(RDBLIB);
+
+    if (!lib) {
+	return NULL;
+    }
+
+    /* get the entry point */
+    pk11_rdbfunc = (rdbfunc) PR_FindSymbol(lib,"rdbopen");
+    if (pk11_rdbfunc) {
+	return (*pk11_rdbfunc)(appName,prefix,type,flags);
+    }
+
+    /* couldn't find the entry point, unload the library and fail */
+    PR_UnloadLibrary(lib);
+    return NULL;
+}

security/nss/lib/softoken/keydb.c

@@ -32,7 +32,7 @@
  *
  * Private Key Database code
  *
- * $Id: keydb.c,v 1.14 2002/04/05 03:33:42 nelsonb%netscape.com Exp $
+ * $Id: keydb.c,v 1.15 2002/04/05 09:17:49 relyea%netscape.com Exp $
  */
 
 #include "lowkeyi.h"
@@ -47,6 +47,7 @@
 #include "mcom_db.h"
 #include "lowpbe.h"
 #include "secerr.h"
+#include "cdbhdl.h"
 
 #include "keydbi.h"
 
@@ -531,13 +532,6 @@ keyDBFilenameCallback(void *arg, int dbVersion)
     return(PORT_Strdup((char *)arg));
 }
 
-NSSLOWKEYDBHandle *
-nsslowkey_OpenKeyDBFilename(char *dbname, PRBool readOnly)
-{
-    return(nsslowkey_OpenKeyDB(readOnly, keyDBFilenameCallback,
-			   (void *)dbname));
-}
-
 static SECStatus
 ChangeKeyDBPasswordAlg(NSSLOWKEYDBHandle *handle,
 		       SECItem *oldpwitem, SECItem *newpwitem,
@@ -577,148 +571,12 @@ nsslowkey_version(DB *db)
 	return 255;
     }
 
-    if ( ret == 1 ) {
+    if ( ret >= 1 ) {
 	return 0;
     }
     return *( (unsigned char *)versionData.data);
 }
 
-#ifdef NSS_USE_KEY4_DB
-nsslowkey_UpdateKey3DBPass1(NSSLOWKEYDBHandle *handle)
-{
-    SECStatus rv;
-    DBT checkKey;
-    DBT checkData;
-    DBT saltKey;
-    DBT saltData;
-    DBT key;
-    DBT data;
-    DBT newKey;
-    unsigned char buf[SHA1_LENGTH];
-    unsigned char version;
-    SECItem *rc4key = NULL;
-    NSSLOWKEYDBKey *dbkey = NULL;
-    SECItem *oldSalt = NULL;
-    int ret;
-    SECItem checkitem;
-
-    if ( handle->updatedb == NULL ) {
-	return(SECSuccess);
-    }
-
-    /*
-     * check the version record
-     */
-    version = nsslowkey_version(handle->updatedb);
-    if (version != 3) {
-	goto done;
-    }
-
-    saltKey.data = SALT_STRING;
-    saltKey.size = sizeof(SALT_STRING) - 1;
-
-    ret = (* handle->updatedb->get)(handle->updatedb, &saltKey, &saltData, 0);
-    if ( ret ) {
-	/* no salt in old db, so it is corrupted */
-	goto done;
-    }
-
-    oldSalt = decodeKeyDBGlobalSalt(&saltData);
-    if ( oldSalt == NULL ) {
-	/* bad salt in old db, so it is corrupted */
-	goto done;
-    }
-
-    /*
-     * look for a pw check entry
-     */
-    checkKey.data = KEYDB_PW_CHECK_STRING;
-    checkKey.size = KEYDB_PW_CHECK_LEN;
-    
-    ret = (* handle->updatedb->get)(handle->updatedb, &checkKey,
-				   &checkData, 0 );
-    if (ret) {
-	checkKey.data = KEYDB_FAKE_PW_CHECK_STRING;
-	checkKey.size = KEYDB_FAKE_PW_CHECK_LEN;
-	ret = (* handle->updatedb->get)(handle->updatedb, &checkKey,
-				   &checkData, 0 );
-	if (ret) {
-	    goto done;
-	}
-    } 
-
-    /* put global salt into the new database now */
-    ret = (* handle->db->put)( handle->db, &saltKey, &saltData, 0);
-    if ( ret ) {
-	goto done;
-    }
-
-    if (checkKey.size == KEYDB_PW_CHECK_LEN) {
-	dbkey = decode_dbkey(&checkData, 3);
-	if ( dbkey == NULL ) {
-	    goto done;
-	}
-	rv = put_dbkey(handle, &checkKey, dbkey, PR_FALSE);
-	ret = (rv != SECSuccess);
-    } else {
-	ret = (* handle->db->put)(handle->db, &checkKey, &checkData, 0);
-    }
-    if ( ret ) {
-	goto done;
-    }
-    
-    /* now traverse the database */
-    ret = (* handle->updatedb->seq)(handle->updatedb, &key, &data, R_FIRST);
-    if ( ret ) {
-	goto done;
-    }
-    
-    do {
-
-	/* skip version record */
-	if ( data.size > 1 ) {
-	    /* skip salt */
-	    if ( key.size == ( sizeof(SALT_STRING) - 1 ) ) {
-		if ( PORT_Memcmp(key.data, SALT_STRING, key.size) == 0 ) {
-		    continue;
-		}
-	    }
-	    /* skip pw check entry */
-	    if ( key.size == checkKey.size ) {
-		if ( PORT_Memcmp(key.data, checkKey.data, key.size) == 0 ) {
-		    continue;
-		}
-	    }
-	    dbkey = decode_dbkey(&data, 3);
-	    if ( dbkey == NULL ) {
-		continue;
-	    }
-	    SHA1_HashBuf(buf,key.data,key.size);
-	    newKey.data = buf;
-	    newKey.size = SHA1_LENGTH;
-
-	    rv = put_dbkey(handle, &newKey, dbkey, PR_FALSE);
-
-	    sec_destroy_dbkey(dbkey);
-
-	}
-    } while ( (* handle->updatedb->seq)(handle->updatedb, &key, &data,
-					R_NEXT) == 0 );
-
-done:
-    /* sync the database */
-    ret = (* handle->db->sync)(handle->db, 0);
-
-    (* handle->updatedb->close)(handle->updatedb);
-    handle->updatedb = NULL;
-
-    if ( oldSalt ) {
-	SECITEM_FreeItem(oldSalt, PR_TRUE);
-    }
-    return(SECSuccess);
-}
-#endif
-
 static PRBool
 seckey_HasAServerKey(DB *db)
 {
@@ -958,18 +816,9 @@ done:
     return(SECSuccess);
 }
 
-#ifdef DBM_USING_NSPR
-#define NO_RDONLY	PR_RDONLY
-#define NO_RDWR		PR_RDWR
-#define NO_CREATE	(PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE)
-#else
-#define NO_RDONLY	O_RDONLY
-#define NO_RDWR		O_RDWR
-#define NO_CREATE	(O_RDWR | O_CREAT | O_TRUNC)
-#endif
-
 NSSLOWKEYDBHandle *
-nsslowkey_OpenKeyDB(PRBool readOnly, NSSLOWKEYDBNameFunc namecb, void *cbarg)
+nsslowkey_OpenKeyDB(PRBool readOnly, const char *appName, const char *prefix,
+				NSSLOWKEYDBNameFunc namecb, void *cbarg)
 {
     NSSLOWKEYDBHandle *handle;
     int ret;
@@ -993,8 +842,12 @@ nsslowkey_OpenKeyDB(PRBool readOnly, NSSLOWKEYDBNameFunc namecb, void *cbarg)
 
     handle->dbname = PORT_Strdup(dbname);
     handle->readOnly = readOnly;
-    
+   
-    handle->db = dbopen( dbname, openflags, 0600, DB_HASH, 0 );
+    if (appName) {
+	handle->db = rdbopen( appName, prefix, "key", openflags);
+    } else {
+	handle->db = dbopen( dbname, openflags, 0600, DB_HASH, 0 );
+    }
 
     /* check for correct version number */
     if (handle->db != NULL) {
@@ -1013,39 +866,18 @@ nsslowkey_OpenKeyDB(PRBool readOnly, NSSLOWKEYDBNameFunc namecb, void *cbarg)
     }
 
 newdb:
-	
+
     /* if first open fails, try to create a new DB */
     if ( handle->db == NULL ) {
-#ifdef NSS_USE_KEY4_DB
-	char *dbname3 = (*namecb)(cbarg, 3);
-
-	if ( readOnly ) {
-	    if (dbname3 == NULL) {
-		goto loser;
-	    }
-	    handle->db = dbopen( dbname3, NO_RDONLY, 0600, DB_HASH, 0 );
-	    PORT_Free(handle->dbname);
-    	    handle->dbname = dbname3;
-	    dbname3 = NULL;
-	    if (handle->db == NULL) {
-		goto loser;
-	    }
-	    handle->version = nsslowkey_version(handle->db);
-	    if (handle->version != 3) {
-		/* bogus version number record, reset the database */
-		(* handle->db->close)( handle->db );
-		handle->db = NULL;
-		goto loser;
-	    }
-	    goto done;
-	}
-#else
 	if ( readOnly ) {
 	    goto loser;
 	}
-#endif
 
-	handle->db = dbopen( dbname, NO_CREATE, 0600, DB_HASH, 0 );
+	if (appName) {
+	    handle->db = rdbopen( appName, prefix, "key", NO_CREATE);
+	} else {
+	    handle->db = dbopen( dbname, NO_CREATE, 0600, DB_HASH, 0 );
+	}
 
         PORT_Free( dbname );
         dbname = NULL;
@@ -1059,22 +891,6 @@ newdb:
 	if ( rv != SECSuccess ) {
 	    goto loser;
 	}
-
-#ifdef NSS_USE_KEY4_DB
-	handle->updatedb = dbopen( dbname3, NO_RDONLY, 0600, DB_HASH, 0 );
-	PORT_Free(dbname3);
-	dbname3 = NULL;
-	if (handle->updatedb) {
-	    /*
-	     * copy the key data, all the real work happens in pass2
-	     */
-	    rv = nsslowkey_UpdateKey3DBPass1(handle);
-	    if ( rv == SECSuccess ) {
-		updated = PR_TRUE;
-	    }
-	    goto skip_v2_db;
-	}
-#endif /* NSS_USE_KEY4_DB */
 	/*
 	 * try to update from v2 db
 	 */
@@ -1099,9 +915,6 @@ newdb:
 	    
 	}
 
-#ifdef NSS_USE_KEY4_DB
-skip_v2_db:
-#endif
 	/* we are using the old salt if we updated from an old db */
 	if ( ! updated ) {
 	    rv = makeGlobalSalt(handle);
@@ -1117,9 +930,6 @@ skip_v2_db:
 	}
     }
 
-#ifdef NSS_USE_KEY4_DB
-done:
-#endif
     handle->global_salt = GetKeyDBGlobalSalt(handle);
     if ( dbname )
         PORT_Free( dbname );

security/nss/lib/softoken/lowkeyi.h

@@ -32,7 +32,7 @@
  *
  * key.h - public data structures and prototypes for the private key library
  *
- * $Id: lowkeyi.h,v 1.5 2002/02/21 22:41:38 ian.mcgreer%sun.com Exp $
+ * $Id: lowkeyi.h,v 1.6 2002/04/05 09:17:50 relyea%netscape.com Exp $
  */
 
 #ifndef _LOWKEYI_H_
@@ -66,11 +66,11 @@ typedef char * (* NSSLOWKEYDBNameFunc)(void *arg, int dbVersion);
 ** Open a key database.
 */
 extern NSSLOWKEYDBHandle *nsslowkey_OpenKeyDB(PRBool readOnly,
+					   const char *domain,
+					   const char *prefix,
 					   NSSLOWKEYDBNameFunc namecb,
 					   void *cbarg);
 
-extern NSSLOWKEYDBHandle *nsslowkey_OpenKeyDBFilename(char *filename,
-						   PRBool readOnly);
 
 /*
  * Clear out all the keys in the existing database

security/nss/lib/softoken/manifest.mn

@@ -40,15 +40,7 @@ LIBRARY_NAME = softokn
 LIBRARY_VERSION = 3
 MAPFILE = $(OBJDIR)/softokn.def
 
-#
+DEFINES += -DSHLIB_SUFFIX=\"${DLL_SUFFIX}\"
-# turn this on to get key4 generation and use.
-#
-# key4.db is properly indexed so we don't have to do db traversals to find keys.
-# turning on key4.db will automatically upgrade to key4 on startup if we open
-# the directory R/W and key4.db doesn't exist. If we open the directory up
-# R/O it opens and used the old key3.db without any update at all.
-#
-#DEFINES += -DNSS_USE_KEY4_DB
 
 
 EXPORTS = \

security/nss/lib/softoken/pcert.h

@@ -139,6 +139,7 @@ nsslowcert_DestroyDBEntry(certDBEntry *entry);
 
 SECStatus
 nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
+		const char *domain, const char *prefix,
                 NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile);
 
 void

security/nss/lib/softoken/pcertdb.c

@@ -34,7 +34,7 @@
 /*
  * Permanent Certificate database handling code 
  *
- * $Id: pcertdb.c,v 1.14 2002/04/05 03:33:42 nelsonb%netscape.com Exp $
+ * $Id: pcertdb.c,v 1.15 2002/04/05 09:17:50 relyea%netscape.com Exp $
  */
 #include "prtime.h"
 
@@ -541,7 +541,7 @@ static SECStatus
 DecodeDBCertEntry(certDBEntryCert *entry, SECItem *dbentry)
 {
     unsigned int nnlen;
-    int headerlen;
+    unsigned int headerlen;
     int lenoff;
 
     /* allow updates of old versions of the database */
@@ -2602,6 +2602,7 @@ ReadDBVersionEntry(NSSLOWCERTCertDBHandle *handle)
     certDBEntryVersion *entry;
     SECItem dbkey;
     SECItem dbentry;
+    SECStatus rv;
     
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if ( arena == NULL ) {
@@ -2633,7 +2634,10 @@ ReadDBVersionEntry(NSSLOWCERTCertDBHandle *handle)
     PORT_Memcpy(&dbkey.data[SEC_DB_KEY_HEADER_LEN], SEC_DB_VERSION_KEY,
 	      SEC_DB_VERSION_KEY_LEN);
 
-    ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena);
+    rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena);
+    if (rv != SECSuccess) {
+	goto loser;
+    }
 
     PORT_FreeArena(tmparena, PR_FALSE);
     return(entry);
@@ -2758,11 +2762,11 @@ AddPermSubjectNode(certDBEntrySubject *entry, NSSLOWCERTCertificate *cert,
 								char *nickname)
 {
     SECItem *newCertKeys, *newKeyIDs;
-    int i;
+    unsigned int i;
     SECStatus rv;
     NSSLOWCERTCertificate *cmpcert;
     unsigned int nnlen;
-    int ncerts;
+    unsigned int ncerts;
     
 
     PORT_Assert(entry);    
@@ -2860,7 +2864,7 @@ nsslowcert_TraversePermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
 				 NSSLOWCERTCertCallback cb, void *cbarg)
 {
     certDBEntrySubject *entry;
-    int i;
+    unsigned int i;
     NSSLOWCERTCertificate *cert;
     SECStatus rv = SECSuccess;
     
@@ -3551,7 +3555,8 @@ nsslowcert_CertNicknameConflict(char *nickname, SECItem *derSubject,
  */
 static SECStatus
 nsslowcert_OpenPermCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
-		   NSSLOWCERTDBNameFunc namecb, void *cbarg)
+		   		const char *appName, const char *prefix,
+				NSSLOWCERTDBNameFunc namecb, void *cbarg)
 {
     SECStatus rv;
     int openflags;
@@ -3572,7 +3577,11 @@ nsslowcert_OpenPermCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
     /*
      * first open the permanent file based database.
      */
-    handle->permCertDB = dbopen( certdbname, openflags, 0600, DB_HASH, 0 );
+    if (appName) {
+	handle->permCertDB = rdbopen( appName, prefix, "cert", openflags);
+    } else {
+	handle->permCertDB = dbopen( certdbname, openflags, 0600, DB_HASH, 0 );
+    }
 
     /* check for correct version number */
     if ( handle->permCertDB ) {
@@ -3593,7 +3602,6 @@ nsslowcert_OpenPermCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
 	}
     }
 
-
     /* if first open fails, try to create a new DB */
     if ( handle->permCertDB == NULL ) {
 
@@ -3602,7 +3610,11 @@ nsslowcert_OpenPermCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
 	    goto loser;
 	}
 	
-	handle->permCertDB = dbopen(certdbname, NO_CREATE, 0600, DB_HASH, 0);
+	if (appName) {
+	    handle->permCertDB=rdbopen( appName, prefix, "cert", NO_CREATE);
+	} else {
+	    handle->permCertDB=dbopen(certdbname, NO_CREATE, 0600, DB_HASH, 0);
+	}
 
 	/* if create fails then we lose */
 	if ( handle->permCertDB == 0 ) {
@@ -4049,6 +4061,7 @@ done:
  */
 SECStatus
 nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
+	        const char *appName, const char *prefix,
 		NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile)
 {
     int rv;
@@ -4058,7 +4071,8 @@ nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
     handle->dbMon = PZ_NewMonitor(nssILockCertDB);
     PORT_Assert(handle->dbMon != NULL);
 
-    rv = nsslowcert_OpenPermCertDB(handle, readOnly, namecb, cbarg);
+    rv = nsslowcert_OpenPermCertDB(handle, readOnly, appName, prefix, 
+							namecb, cbarg);
     if ( rv ) {
 	goto loser;
     }

security/nss/lib/softoken/pk11db.c

@@ -39,6 +39,7 @@
 #include "pk11pars.h"
 #include "pkcs11i.h"
 #include "mcom_db.h"
+#include "cdbhdl.h"
 
 #define FREE_CLEAR(p) if (p) { PORT_Free(p); p = NULL; }
 
@@ -247,13 +248,14 @@ secmod_freeParams(pk11_parameters *params)
 
 
 char *
-secmod_getSecmodName(char *param, PRBool *rw)
+secmod_getSecmodName(char *param, char **appName, char **filename,PRBool *rw)
 {
     int next;
     char *configdir = NULL;
     char *secmodName = NULL;
     char *value = NULL;
     char *save_params = param;
+    char *lconfigdir;
     param = pk11_argStrip(param);
 	
 
@@ -268,13 +270,15 @@ secmod_getSecmodName(char *param, PRBool *rw)
 	pk11_argHasFlag("flags","noModDB",save_params)) *rw = PR_FALSE;
 
    if (!secmodName || *secmodName == '\0') secmodName = PORT_Strdup(SECMOD_DB);
+   *filename = secmodName;
 
-   if (configdir) {
+   lconfigdir = pk11_EvaluateConfigDir(configdir, appName);
+
+   if (lconfigdir) {
 	value = PR_smprintf("%s" PATH_SEPARATOR "%s",configdir,secmodName);
    } else {
-	value = PORT_Strdup(secmodName);
+	value = PR_smprintf("%s",secmodName);
    }
-   PORT_Free(secmodName);
    if (configdir) PORT_Free(configdir);
    return value;
 }
@@ -631,22 +635,26 @@ secmod_DecodeData(char *defParams, DBT *data, PRBool *retInternal)
 }
 
 
-#ifdef DBM_USING_NSPR
-#define NO_RDONLY	PR_RDONLY
-#define NO_RDWR		PR_RDWR
-#define NO_CREATE	(PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE)
-#else
-#define NO_RDONLY	O_RDONLY
-#define NO_RDWR		O_RDWR
-#define NO_CREATE	(O_RDWR | O_CREAT | O_TRUNC)
-#endif
-
 
 static DB *
-secmod_OpenDB(char *dbName, PRBool readOnly) 
+secmod_OpenDB(const char *appName, 
+		const char *filename, const char *dbName, PRBool readOnly)
 {
     DB *pkcs11db = NULL;
-   
+
+
+    if (appName) {
+	char *secname = PORT_Strdup(filename);
+	int len = strlen(secname);
+
+	if (len >= 3 && PORT_Strcmp(&secname[len-3],".db") == 0) {
+	   secname[len-3] = 0;
+	}
+    	pkcs11db=rdbopen(appName, "", secname, readOnly ? NO_RDONLY:NO_CREATE);
+	PORT_Free(secname);
+	return pkcs11db;
+    }
+  
     /* I'm sure we should do more checks here sometime... */
     pkcs11db = dbopen(dbName, readOnly ? NO_RDONLY : NO_RDWR, 0600, DB_HASH, 0);
 
@@ -702,7 +710,8 @@ secmod_addEscape(const char *string, char quote)
  * Read all the existing modules in
  */
 char **
-secmod_ReadPermDB(char *dbname, char *params, PRBool rw) 
+secmod_ReadPermDB(const char *appName, const char *filename,
+				const char *dbname, char *params, PRBool rw)
 {
     DBT key,data;
     int ret;
@@ -714,7 +723,7 @@ secmod_ReadPermDB(char *dbname, char *params, PRBool rw)
     moduleList = (char **) PORT_ZAlloc(useCount*sizeof(char **));
     if (moduleList == NULL) return NULL;
 
-    pkcs11db = secmod_OpenDB(dbname,PR_TRUE);
+    pkcs11db = secmod_OpenDB(appName,filename,dbname,PR_TRUE);
     if (pkcs11db == NULL) goto done;
 
     /* read and parse the file or data base */
@@ -756,16 +765,29 @@ done:
     if (pkcs11db) {
 	secmod_CloseDB(pkcs11db);
     } else {
-	secmod_AddPermDB(dbname,moduleList[0], rw) ;
+	secmod_AddPermDB(appName,filename,dbname,moduleList[0], rw) ;
     }
     return moduleList;
 }
 
+SECStatus
+secmod_ReleasePermDBData(const char *appName, const char *filename, 
+			const char *dbname, char **moduleSpecList, PRBool rw)
+{
+    char **index;
+    for(index = moduleSpecList; *index; index++) {
+	PR_smprintf_free(*index);
+    }
+    PORT_Free(moduleSpecList);
+    return SECSuccess;
+}
+
 /*
  * Delete a module from the Data Base
  */
 SECStatus
-secmod_DeletePermDB(char *dbname, char *args, PRBool rw) 
+secmod_DeletePermDB(const char *appName, const char *filename, 
+			const char *dbname, char *args, PRBool rw)
 {
     DBT key;
     SECStatus rv = SECFailure;
@@ -775,7 +797,7 @@ secmod_DeletePermDB(char *dbname, char *args, PRBool rw)
     if (!rw) return SECFailure;
 
     /* make sure we have a db handle */
-    pkcs11db = secmod_OpenDB(dbname,PR_FALSE);
+    pkcs11db = secmod_OpenDB(appName,filename,dbname,PR_FALSE);
     if (pkcs11db == NULL) {
 	return SECFailure;
     }
@@ -800,7 +822,8 @@ done:
  * Add a module to the Data base 
  */
 SECStatus
-secmod_AddPermDB(char *dbname, char *module, PRBool rw) 
+secmod_AddPermDB(const char *appName, const char *filename, 
+			const char *dbname, char *module, PRBool rw)
 {
     DBT key,data;
     SECStatus rv = SECFailure;
@@ -811,7 +834,7 @@ secmod_AddPermDB(char *dbname, char *module, PRBool rw)
     if (!rw) return SECFailure;
 
     /* make sure we have a db handle */
-    pkcs11db = secmod_OpenDB(dbname,PR_FALSE);
+    pkcs11db = secmod_OpenDB(appName,filename,dbname,PR_FALSE);
     if (pkcs11db == NULL) {
 	return SECFailure;
     }

security/nss/lib/softoken/pkcs11.c

@@ -2257,29 +2257,37 @@ pk11_DestroySlotData(PK11Slot *slot)
  * handle the SECMOD.db
  */
 char **
-NSC_ModuleDBFunc(unsigned long function,char *parameters, char *args)
+NSC_ModuleDBFunc(unsigned long function,char *parameters, void *args)
 {
-    char *secmod;
+    char *secmod = NULL;
+    char *appName = NULL;
+    char *filename = NULL;
     PRBool rw;
     static char *success="Success";
     char **rvstr = NULL;
 
-    secmod = secmod_getSecmodName(parameters,&rw);
+    secmod = secmod_getSecmodName(parameters,&appName,&filename, &rw);
 
     switch (function) {
     case SECMOD_MODULE_DB_FUNCTION_FIND:
-	rvstr = secmod_ReadPermDB(secmod,parameters,rw);
+	rvstr = secmod_ReadPermDB(appName,filename,secmod,(char *)parameters,rw);
 	break;
     case SECMOD_MODULE_DB_FUNCTION_ADD:
-	rvstr = (secmod_AddPermDB(secmod,args,rw) == SECSuccess) 
+	rvstr = (secmod_AddPermDB(appName,filename,secmod,(char *)args,rw) 
-							? &success: NULL;
+				== SECSuccess) ? &success: NULL;
 	break;
     case SECMOD_MODULE_DB_FUNCTION_DEL:
-	rvstr = (secmod_DeletePermDB(secmod,args,rw) == SECSuccess) 
+	rvstr = (secmod_DeletePermDB(appName,filename,secmod,(char *)args,rw)
-							? &success: NULL;
+				 == SECSuccess) ? &success: NULL;
+	break;
+    case SECMOD_MODULE_DB_FUNCTION_RELEASE:
+	rvstr = (secmod_ReleasePermDBData(appName,filename,secmod,
+			(char **)args,rw) == SECSuccess) ? &success: NULL;
 	break;
     }
     if (secmod) PR_smprintf_free(secmod);
+    if (appName) PORT_Free(appName);
+    if (filename) PORT_Free(filename);
     return rvstr;
 }
 
@@ -2425,6 +2433,7 @@ CK_RV  NSC_GetInfo(CK_INFO_PTR pInfo)
     return CKR_OK;
 }
 
+
 /* NSC_GetSlotList obtains a list of slots in the system. */
 CK_RV NSC_GetSlotList(CK_BBOOL tokenPresent,
 	 		CK_SLOT_ID_PTR	pSlotList, CK_ULONG_PTR pulCount)
@@ -3213,7 +3222,6 @@ CK_RV NSC_CopyObject(CK_SESSION_HANDLE hSession,
     if (crv != CKR_OK) {
 	pk11_FreeObject(destObject);
 	pk11_FreeSession(session);
-	return crv;
     }
 
     crv = pk11_handleObject(destObject,session);

security/nss/lib/softoken/pkcs11i.h

@@ -113,6 +113,8 @@
 #endif
 #define MAX_KEY_LEN 256
 
+#define MULTIACCESS "multiaccess:"
+
 /*
  * LOG2_BUCKETS_PER_SESSION_LOCK must be a prime number.
  * With SESSION_HASH_SIZE=1024, LOG2 can be 9, 5, 1, or 0.
@@ -594,10 +596,16 @@ extern PRBool pk11_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type);
 extern CK_RV secmod_parseParameters(char *param, pk11_parameters *parsed,
 								PRBool isFIPS);
 extern void secmod_freeParams(pk11_parameters *params);
-extern char *secmod_getSecmodName(char *params, PRBool *rw);
+extern char *secmod_getSecmodName(char *params, char **domain, 
-extern char ** secmod_ReadPermDB(char *dbname, char *params, PRBool rw);
+						char **filename, PRBool *rw);
-extern SECStatus secmod_DeletePermDB(char *dbname,char *args, PRBool rw);
+extern char ** secmod_ReadPermDB(const char *domain, const char *filename, 
-extern SECStatus secmod_AddPermDB(char *dbname, char *module, PRBool rw);
+			const char *dbname, char *params, PRBool rw);
+extern SECStatus secmod_DeletePermDB(const char *domain, const char *filename,
+			const char *dbname, char *args, PRBool rw);
+extern SECStatus secmod_AddPermDB(const char *domain, const char *filename,
+			const char *dbname, char *module, PRBool rw);
+extern SECStatus secmod_ReleasePermDBData(const char *domain, 
+	const char *filename, const char *dbname, char **specList, PRBool rw);
 /*
  * OK there are now lots of options here, lets go through them all:
  *
@@ -623,6 +631,8 @@ CK_RV pk11_DBInit(const char *configdir, const char *certPrefix,
 void pk11_DBShutdown(NSSLOWCERTCertDBHandle *certHandle, 
 		     NSSLOWKEYDBHandle *keyHandle);
 
+const char *pk11_EvaluateConfigDir(const char *configdir, char **domain);
+
 /*
  * narrow objects
  */

security/nss/lib/softoken/pkcs11n.h

@@ -36,7 +36,7 @@
 #define _PKCS11N_H_
 
 #ifdef DEBUG
-static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.3 $ $Date: 2002/03/02 00:52:04 $ $Name:  $";
+static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.4 $ $Date: 2002/04/05 09:17:51 $ $Name:  $";
 #endif /* DEBUG */
 
 /*
@@ -213,11 +213,13 @@ typedef CK_ULONG          CK_TRUST;
  * The function 'ADD' takes a PKCS #11 initialization string and stores it.
  * The function 'DEL' takes a 'name= library=' value and deletes the associated
  *  string.
+ * The function 'RELEASE' frees the array returned by 'FIND'
  */
 #define SECMOD_MODULE_DB_FUNCTION_FIND  0
 #define SECMOD_MODULE_DB_FUNCTION_ADD   1
 #define SECMOD_MODULE_DB_FUNCTION_DEL   2
+#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3 
 typedef char ** (PR_CALLBACK *SECMODModuleDBFunc)(unsigned long function,
-                                        char *parameters, char *moduleSpec);
+                                        char *parameters, void *moduleSpec);
 
 #endif /* _PKCS11N_H_ */

security/nss/lib/softoken/softokn.rc

@@ -34,13 +34,21 @@
 #include "nss.h"
 #include <winver.h>
 
-#define MY_LIBNAME "softokn"
+#define MY_LIBNAME "softoken"
 #ifdef MOZ_CLIENT
-#define MY_FILEDESCRIPTION "NSS Builtin Crypto PKCS #11 Library for Clients"
+#define CLIENTS " for Clients"
 #else
-#define MY_FILEDESCRIPTION "NSS Builtin Crypto PKCS #11 Library"
+#define CLIENTS ""
 #endif
 
+#ifdef REMOTE_DBM
+#define DBM " with Shared Database"
+#else
+#define DBM ""
+#endif
+
+#define MY_FILEDESCRIPTION "NSS PKCS #11 Library" CLIENTS DBM
+
 #define STRINGIZE(x) #x
 #define STRINGIZE2(x) STRINGIZE(x)
 #define NSS_VMAJOR_STR STRINGIZE2(NSS_VMAJOR)