Print this page
3882 remove xmod & friends


 139                         PL_strcpy(dir, d);
 140                 } else {
 141                         /* grab the prefix */
 142                         PL_strcpy(key, k);
 143                         *k = '\0';
 144                         PL_strcpy(prefix, ++s);
 145                         *s = '\0';
 146                         PL_strcpy(dir, d);
 147                 }
 148         } else {
 149                 /* neither *key[0-9].db nor *cert[0=9].db found */
 150                 return (-1);
 151         }
 152 
 153         return (0);
 154 }
 155 
 156 
 157 static PRStatus local_SSLPLCY_Install(void)
 158 {
 159         SECStatus s;
 160 
 161 #ifdef NS_DOMESTIC
 162         s = NSS_SetDomesticPolicy(); 
 163 #elif NS_EXPORT
 164         s = NSS_SetExportPolicy(); 
 165 #else
 166         s = PR_FAILURE;
 167 #endif
 168         return s?PR_FAILURE:PR_SUCCESS;
 169 }
 170 
 171 
 172 
 173 static void
 174 ldapssl_basic_init( void )
 175 {
 176 #ifndef _SOLARIS_SDK
 177         /*
 178          * NSPR is initialized in .init on SOLARIS
 179          */
 180     /* PR_Init() must to be called before everything else... */
 181     PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
 182 #endif
 183 
 184     PR_SetConcurrency( 4 );     /* work around for NSPR 3.x I/O hangs */
 185 }
 186 
 187 
 188 


 455     ldapssl_free(&enval);
 456 #endif
 457     if (rc != 0) {
 458         if ((rc = PR_GetError()) >= 0)
 459             rc = -1;
 460         mutex_unlock(&inited_mutex);
 461         return (rc);
 462     }
 463 
 464     if (SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_FALSE)
 465             || SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE)) {
 466         if (( rc = PR_GetError()) >= 0 ) {
 467             rc = -1;
 468         }
 469         mutex_unlock(&inited_mutex);
 470         return( rc );
 471     }
 472 
 473 
 474 
 475 #if defined(NS_DOMESTIC)
 476     if (local_SSLPLCY_Install() == PR_FAILURE) {
 477       mutex_unlock(&inited_mutex);
 478       return( -1 );
 479     }
 480 #elif(NS_EXPORT)
 481     if (local_SSLPLCY_Install() == PR_FAILURE) {
 482       mutex_unlock(&inited_mutex);
 483       return( -1 );
 484     }
 485 #else
 486     mutex_unlock(&inited_mutex);
 487     return( -1 );
 488 #endif
 489 
 490     inited = 1;
 491     mutex_unlock(&inited_mutex);
 492 
 493     return( 0 );
 494 
 495 }
 496 
 497 /*
 498  * Initialize ns/security so it can be used for SSL client authentication.
 499  * It is safe to call this more than once.
 500  *
 501  * If needkeydb == 0, no key database is opened and SSL server authentication
 502  * is supported but not client authentication.
 503  *
 504  * If "certdbpath" is NULL or "", the default cert. db is used (typically
 505  * ~/.netscape/cert7.db).
 506  *
 507  * If "certdbpath" ends with ".db" (case-insensitive compare), then
 508  * it is assumed to be a full path to the cert. db file; otherwise,


 559     }
 560 #endif
 561 
 562     rc = NSS_Init(certdbpath);
 563 #ifdef _SOLARIS_SDK
 564     /* Error from NSS_Init() more important! */
 565     if ((rcenv != 1) && (reset_nss_strict_fork_env(enval) != 0) && (rc == 0)) {
 566         ldapssl_free(&enval);
 567         mutex_unlock(&inited_mutex);
 568         return (-1);
 569     }
 570     ldapssl_free(&enval);
 571 #endif
 572     if (rc != 0) {
 573         if ((rc = PR_GetError()) >= 0)
 574             rc = -1;
 575         mutex_unlock(&inited_mutex);
 576         return (rc);
 577     }
 578 
 579 #if defined(NS_DOMESTIC)
 580     if (local_SSLPLCY_Install() == PR_FAILURE) {
 581       mutex_unlock(&inited_mutex);
 582       return( -1 );
 583     }
 584 #elif(NS_EXPORT)
 585     if (local_SSLPLCY_Install() == PR_FAILURE) {
 586       mutex_unlock(&inited_mutex);
 587       return( -1 );
 588     }
 589 #else
 590     mutex_unlock(&inited_mutex);
 591     return( -1 );
 592 #endif
 593 
 594     inited = 1;
 595     mutex_unlock(&inited_mutex);
 596 
 597     return( ldapssl_set_strength( NULL, sslstrength));
 598 
 599 }
 600 
 601 
 602 /*
 603  * Initialize ns/security so it can be used for SSL client authentication.
 604  * It is safe to call this more than once.
 605   */
 606 
 607 /* 
 608  * XXXceb  This is a hack until the new IO functions are done.
 609  * this function lives in ldapsinit.c
 610  */
 611 void set_using_pkcs_functions( int val );
 612 


 694         mutex_unlock(&inited_mutex);
 695         return (rc);
 696     }
 697 
 698 
 699 #if 0   /* UNNEEDED BY LIBLDAP */
 700     /* this is odd */
 701     PK11_ConfigurePKCS11(NULL, NULL, tokDes, ptokDes, NULL, NULL, NULL, NULL, 0, 0 );
 702 #endif  /* UNNEEDED BY LIBLDAP */
 703 
 704     if (SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_FALSE)
 705         || SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE)) {
 706         if (( rc = PR_GetError()) >= 0 ) {
 707             rc = -1;
 708         }
 709         
 710         mutex_unlock(&inited_mutex);
 711         return( rc );
 712     }
 713     
 714 #if defined(NS_DOMESTIC)
 715     if (local_SSLPLCY_Install() == PR_FAILURE) {
 716       mutex_unlock(&inited_mutex);
 717       return( -1 );
 718     }
 719 #elif(NS_EXPORT)
 720     if (local_SSLPLCY_Install() == PR_FAILURE) {
 721       mutex_unlock(&inited_mutex);
 722       return( -1 );
 723     }
 724 #else
 725     mutex_unlock(&inited_mutex);
 726     return( -1 );
 727 #endif
 728 
 729     inited = 1;
 730 
 731     if ( certdbName != NULL ) {
 732         ldapssl_free((void **) &certdbName );
 733     }
 734     
 735     return( ldapssl_set_strength( NULL, LDAPSSL_AUTH_CNCHECK));
 736 }
 737 
 738 
 739 /*
 740  * ldapssl_client_init() is a server-authentication only version of
 741  * ldapssl_clientauth_init().
 742  */
 743 int
 744 LDAP_CALL
 745 ldapssl_client_init(const char* certdbpath, void *certdbhandle )
 746 {
 747     return( ldapssl_clientauth_init( certdbpath, certdbhandle,




 139                         PL_strcpy(dir, d);
 140                 } else {
 141                         /* grab the prefix */
 142                         PL_strcpy(key, k);
 143                         *k = '\0';
 144                         PL_strcpy(prefix, ++s);
 145                         *s = '\0';
 146                         PL_strcpy(dir, d);
 147                 }
 148         } else {
 149                 /* neither *key[0-9].db nor *cert[0=9].db found */
 150                 return (-1);
 151         }
 152 
 153         return (0);
 154 }
 155 
 156 
 157 static PRStatus local_SSLPLCY_Install(void)
 158 {
 159         return NSS_SetDomesticPolicy() ? PR_FAILURE : PR_SUCCESS;









 160 }
 161 
 162 
 163 
 164 static void
 165 ldapssl_basic_init( void )
 166 {
 167 #ifndef _SOLARIS_SDK
 168         /*
 169          * NSPR is initialized in .init on SOLARIS
 170          */
 171     /* PR_Init() must to be called before everything else... */
 172     PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
 173 #endif
 174 
 175     PR_SetConcurrency( 4 );     /* work around for NSPR 3.x I/O hangs */
 176 }
 177 
 178 
 179 


 446     ldapssl_free(&enval);
 447 #endif
 448     if (rc != 0) {
 449         if ((rc = PR_GetError()) >= 0)
 450             rc = -1;
 451         mutex_unlock(&inited_mutex);
 452         return (rc);
 453     }
 454 
 455     if (SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_FALSE)
 456             || SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE)) {
 457         if (( rc = PR_GetError()) >= 0 ) {
 458             rc = -1;
 459         }
 460         mutex_unlock(&inited_mutex);
 461         return( rc );
 462     }
 463 
 464 
 465 

 466     if (local_SSLPLCY_Install() == PR_FAILURE) {
 467       mutex_unlock(&inited_mutex);
 468       return( -1 );
 469     }









 470 
 471     inited = 1;
 472     mutex_unlock(&inited_mutex);
 473 
 474     return( 0 );
 475 
 476 }
 477 
 478 /*
 479  * Initialize ns/security so it can be used for SSL client authentication.
 480  * It is safe to call this more than once.
 481  *
 482  * If needkeydb == 0, no key database is opened and SSL server authentication
 483  * is supported but not client authentication.
 484  *
 485  * If "certdbpath" is NULL or "", the default cert. db is used (typically
 486  * ~/.netscape/cert7.db).
 487  *
 488  * If "certdbpath" ends with ".db" (case-insensitive compare), then
 489  * it is assumed to be a full path to the cert. db file; otherwise,


 540     }
 541 #endif
 542 
 543     rc = NSS_Init(certdbpath);
 544 #ifdef _SOLARIS_SDK
 545     /* Error from NSS_Init() more important! */
 546     if ((rcenv != 1) && (reset_nss_strict_fork_env(enval) != 0) && (rc == 0)) {
 547         ldapssl_free(&enval);
 548         mutex_unlock(&inited_mutex);
 549         return (-1);
 550     }
 551     ldapssl_free(&enval);
 552 #endif
 553     if (rc != 0) {
 554         if ((rc = PR_GetError()) >= 0)
 555             rc = -1;
 556         mutex_unlock(&inited_mutex);
 557         return (rc);
 558     }
 559 

 560     if (local_SSLPLCY_Install() == PR_FAILURE) {
 561       mutex_unlock(&inited_mutex);
 562       return( -1 );
 563     }









 564 
 565     inited = 1;
 566     mutex_unlock(&inited_mutex);
 567 
 568     return( ldapssl_set_strength( NULL, sslstrength));
 569 
 570 }
 571 
 572 
 573 /*
 574  * Initialize ns/security so it can be used for SSL client authentication.
 575  * It is safe to call this more than once.
 576   */
 577 
 578 /* 
 579  * XXXceb  This is a hack until the new IO functions are done.
 580  * this function lives in ldapsinit.c
 581  */
 582 void set_using_pkcs_functions( int val );
 583 


 665         mutex_unlock(&inited_mutex);
 666         return (rc);
 667     }
 668 
 669 
 670 #if 0   /* UNNEEDED BY LIBLDAP */
 671     /* this is odd */
 672     PK11_ConfigurePKCS11(NULL, NULL, tokDes, ptokDes, NULL, NULL, NULL, NULL, 0, 0 );
 673 #endif  /* UNNEEDED BY LIBLDAP */
 674 
 675     if (SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_FALSE)
 676         || SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE)) {
 677         if (( rc = PR_GetError()) >= 0 ) {
 678             rc = -1;
 679         }
 680         
 681         mutex_unlock(&inited_mutex);
 682         return( rc );
 683     }
 684     

 685     if (local_SSLPLCY_Install() == PR_FAILURE) {
 686       mutex_unlock(&inited_mutex);
 687       return( -1 );
 688     }









 689 
 690     inited = 1;
 691 
 692     if ( certdbName != NULL ) {
 693         ldapssl_free((void **) &certdbName );
 694     }
 695     
 696     return( ldapssl_set_strength( NULL, LDAPSSL_AUTH_CNCHECK));
 697 }
 698 
 699 
 700 /*
 701  * ldapssl_client_init() is a server-authentication only version of
 702  * ldapssl_clientauth_init().
 703  */
 704 int
 705 LDAP_CALL
 706 ldapssl_client_init(const char* certdbpath, void *certdbhandle )
 707 {
 708     return( ldapssl_clientauth_init( certdbpath, certdbhandle,