mozilla-history/security/svrcore/README

49 строки
2.1 KiB
Plaintext

The Netscape svrcore library
Terry Hayes wrote the Netscape svrcore library in 1998.
Valerie Chu wrote the ntgetpin.c and related files.
svrcore used to contain two major parts.
The first part is what we released on mozilla. It is a kind of
object-oriented package for handling PIN requests from NSS. The
idea was to provide a standard way for servers to allow PIN input
from a file or from the terminal. There is also a PIN handler
that caches the PIN in memory after encrypting it with a key on
a device (such as a Fortezza card). This allowed a server to
restart without having to reenter the PIN. However since the PIN
is encrypted, a core dump would not expose it. In addition,
removing the device would also make the PIN inaccessible.
The files are:
svrcore.h - API definition
alt.c - allows two possible PIN request methods to be used (say
file and then terminal)
cache.c - caches the result from another PIN request method
errors.c - error text
file.c - reads the PIN from a specified file
ntgetpin.c - Windows version of a user prompt for PIN
ntgetpin.rc - Windows resource script for ntgetpin.c
ntresource.h - a generated include file used by ntgetpin.rc
key.ico - an icon used by ntgetpin.rc
logo.ico - an icon used by ntgetpin.rc
pin.c - functions to register a PIN request object with NSS
pk11.c - implementation of the encrypted in-memory caching
std.c - a "standard" PIN object that satisfies requests from a
file or the terminal and allows caching if desired.
user.c - prompts the user for the PIN
Note: the pk11.c file (secure PIN store) is a pretty good example
of how to encrypt/decrypt with NSS.
There was a second component of svrcore that handled export policy
configuration. It allowed patching of a single executable (single
program build) to create the export and domestic versions of a
server. This code was discontinued after the export policy changes.
The LDAP C SDK tools use svrcore. They also implemented their
own PIN object to allow command line PIN entry. The directory
server also implemented its own PIN object to allow a watchdog
process to cache the PIN and restart the server.