NSS Shared DB: Difference between revisions

Jump to navigation Jump to search

NSS Shared DB (view source)

Revision as of 02:27, 1 February 2008

1,435 bytes added ,  1 February 2008
→‎How Applications Use Upgrade
Line 467: Line 467:
token name string.  If this function fails, stop.
token name string.  If this function fails, stop.


(Note: the present implementation has no way to pass the source DB
Step 2: Determine if a merge is even necessary. If a merge is necessary,
prefix to the function. This needs to be corrected.)
NSS will set the slot to a 'removable slot'. You can use PK11_IsPerm to
test for this.


Step 2: Determine if it is necessary to authenticate for the source DB.
If the DB slot token is removable, then an update/merge is necessary. However,
This will not be necessary if the merge operation has already completed,
if there is no database password on either the source or the target database,
or if the source DB had no password.  To determine this, the application
then NSS has already completed the merge. You can test for this with
calls a function to ask if the token in the DB slot is removable. '''FIX ME'' The
PK11_NeedLogin(). If PK11_NeedLogin() is true then it is necessary to authenticate to the source token, at step 3 below.
function to be called for that purpose has not yet been made public, so
If the token is not removable, then no merge is necessary and you can skip
those details are TBD.  That needs to be corrected.
to step 8.
 
If the DB slot token is removable, then it is necessary to authenticate
to the source token, at step 3 below. If the token is not removable,
then it NOT necessary to authenticate to the source DB.  Skip to step 4.


Step 3. Authenticate to the source token.  The substeps are:
Step 3. Authenticate to the source token.  The substeps are:


a) (optional) Call PK11_GetTokenName to get the name of the token.  With
a) (optional) Call PK11_GetTokenName to get the name of the token.  With
that name, you can be sure that you are authenticating to the source token. Skipping this step is not harmful, it is only necessary if the application absolutely needs to know which token the following PK11_Authenticate() will be called on. For most NSS applications the underlying password prompt system will properly disambiguate the appropriate password to the user.
that name, you can be sure that you are authenticating to the source token. Skipping this step is not harmful, it is only necessary if the application absolutely needs to know which token the following PK11_Authenticate() will be called on (for instance pwArg contains the actual password for the token). For most NSS applications the underlying password prompt system will properly disambiguate the appropriate password to the user (or it's password cache).


b) Call PK11_Authenticate() to authenticate to the source token.  This
b) Call PK11_Authenticate() to authenticate to the source token.  This
Line 559: Line 556:
source DB was empty.  It will record the unique source DB identifier
source DB was empty.  It will record the unique source DB identifier
string in the target DB and act as if the merger is complete. This is similiar to what happens in all previous versions of NSS during database update. See "Database Merge" below for how to recover from this.
string in the target DB and act as if the merger is complete. This is similiar to what happens in all previous versions of NSS during database update. See "Database Merge" below for how to recover from this.
    /* STEP 1: Signal that update/merge may be needed  */
    rv = NSS_InitWithMerge(SECU_ConfigDirectory(NULL),
                            certPrefix, certPrefix, "secmod.db",
                            updateDir, updCertPrefix, updCertPrefix,
                            updateID, updateTokenName,
                            readOnly ? NSS_INIT_READONLY: 0);
 
    slot = PK11_GetInternalKeySlot();
    /*
      * Step 2: Determine if update/merge is needed.
      */
    if (!PK11_IsPerm(slot) && !PK11_NeedLogin(slot)) {
/* need to update/Merge the database */
/*
        * Step 3: Authenticate to the token
*/
        rv = PK11_Authenticate(slot, PR_FALSE, pwArg);
if (rv != SECSuccess) {
    if (PORT_Strcmp(PK11_GetTokenName(slot), updateTokenName) == 0)) {
handle_failure_to_get_old_DB_Password();
    } else {
handle_failure_to_get_new_DB_Password();
    }
    goto fail;
}
       
        /* Step 4: */
        if (PK11_IsLoggedIn(slot, &pwdata)) {
                printf("update complete!\n");
                rv = SECSuccess;
                goto shutdown;
            }
        }
        /* Step 5: */
        if (!PK11_IsPresent(slot)) {
            Assert(); /* should not happen */
        }
        /* skipping optional step 6 */
        /* Step 7: */
        rv = PK11_Authenticate(slot, PR_FALSE, pwArg);
        if (rv != SECSuccess) {
    handle_failure_to_get_new_DB_Password();
       
        }
    }
    /* NSS is initialized and merged, start using it */


====== Database Upgrade Underlying Implementation ======
====== Database Upgrade Underlying Implementation ======
Line 757: Line 805:
                   V
                   V
                 done
                 done


===== Merge Conflicts (Mode 3A only) =====
===== Merge Conflicts (Mode 3A only) =====
Relyea
439

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/81804"

Navigation menu