MozillaWiki

NSS Shared DB: Difference between revisions

Page Discussion

NSS Shared DB (view source)

Revision as of 19:45, 1 February 2008

1,094 bytes added ,  1 February 2008
→‎Database Merge
Line 969: Line 969:
Database merge is different from database update, and in particular, database update with merge, in the following ways.
Database merge is different from database update, and in particular, database update with merge, in the following ways.


1) Database merge is not part of the automatic update support which is handled at initialization time. As such it does not need to record things like "this particular database has already been 'updated'".
# Database merge is not part of the automatic update support which is handled at initialization time. As such it does not need to record things like "this particular database has already been 'updated'".
# Database merge is typically instigated under the control of the user or administrator, so much of the automated support is not necessary.
# Because merge does not require the complicated state machine to manage password acquisition, it can (and is) implemented outside the softoken itself.


2) Database merge is typically instigated under the control of the user or administrator, so much of the automated support is not necessary.  
Characteristic 3 allows database merge to work on arbitrary databases and types (in fact, to a point, on arbitrary tokens).
 
To merge 2 databases, the application simply opens the both databases and calls the new PK11_MergeTokens() call. PK11_MergeTokens() has the following signature:
 
SECStatus PK11_MergeTokens(
    PK11SlotInfo *targetSlot,
    PK11SlotInfo *sourceSlot,
    PK11MergeLog *log,
    void *pwdata);
 
Where:


3) Because merge does not require the complicated state machine to manage password acquisition, it can (and is) implemented outside the softoken itself.
targetSlot


Characteristic 3 allows database merge to work on arbitrary databases and types (in fact, to a point, on arbitrary tokens).
sourceSlot
 
log
 
pwdata
 
 
<pre>
        rv = PK11_Authenticate(targetSlot, PR_FALSE, &pwdata);
        if (rv != SECSuccess) {
            SECU_PrintError(progName, "Couldn't get password for %s",
                                        PK11_GetTokenName(targetSlot));
            goto merge_fail;
        }
 
        rv = PK11_Authenticate(sourceSlot, PR_FALSE, &pwdata2);
        if (rv != SECSuccess) {
            SECU_PrintError(progName, "Couldn't get password for %s",
                                        PK11_GetTokenName(sourceSlot));
            goto merge_fail;
        }
 
        rv = PK11_MergeTokens(targetSlot, sourceSlot, NULL, &pwdata);
        if (rv != SECSuccess) {
            SECU_PrintError(progName, "one or more objects were not merged");
        }
<pre>


==== Layering ====
==== Layering ====
Relyea
439

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/81891"