49 строки
2.1 KiB
Plaintext
49 строки
2.1 KiB
Plaintext
The Netscape svrcore library
|
|
|
|
Terry Hayes wrote the Netscape svrcore library in 1998.
|
|
Valerie Chu wrote the ntgetpin.c and related files.
|
|
|
|
svrcore used to contain two major parts.
|
|
|
|
The first part is what we released on mozilla. It is a kind of
|
|
object-oriented package for handling PIN requests from NSS. The
|
|
idea was to provide a standard way for servers to allow PIN input
|
|
from a file or from the terminal. There is also a PIN handler
|
|
that caches the PIN in memory after encrypting it with a key on
|
|
a device (such as a Fortezza card). This allowed a server to
|
|
restart without having to reenter the PIN. However since the PIN
|
|
is encrypted, a core dump would not expose it. In addition,
|
|
removing the device would also make the PIN inaccessible.
|
|
|
|
The files are:
|
|
|
|
svrcore.h - API definition
|
|
alt.c - allows two possible PIN request methods to be used (say
|
|
file and then terminal)
|
|
cache.c - caches the result from another PIN request method
|
|
errors.c - error text
|
|
file.c - reads the PIN from a specified file
|
|
ntgetpin.c - Windows version of a user prompt for PIN
|
|
ntgetpin.rc - Windows resource script for ntgetpin.c
|
|
ntresource.h - a generated include file used by ntgetpin.rc
|
|
key.ico - an icon used by ntgetpin.rc
|
|
logo.ico - an icon used by ntgetpin.rc
|
|
pin.c - functions to register a PIN request object with NSS
|
|
pk11.c - implementation of the encrypted in-memory caching
|
|
std.c - a "standard" PIN object that satisfies requests from a
|
|
file or the terminal and allows caching if desired.
|
|
user.c - prompts the user for the PIN
|
|
|
|
Note: the pk11.c file (secure PIN store) is a pretty good example
|
|
of how to encrypt/decrypt with NSS.
|
|
|
|
There was a second component of svrcore that handled export policy
|
|
configuration. It allowed patching of a single executable (single
|
|
program build) to create the export and domestic versions of a
|
|
server. This code was discontinued after the export policy changes.
|
|
|
|
The LDAP C SDK tools use svrcore. They also implemented their
|
|
own PIN object to allow command line PIN entry. The directory
|
|
server also implemented its own PIN object to allow a watchdog
|
|
process to cache the PIN and restart the server.
|