Problem with expiration date and API C?

hcl-bot · April 1, 2003, 9:57am

Hi !

I’m working with an add-in (API 2.1 but i’ve got the same problem with 2.3) whose goal is to create Notes user accounts on server.

Here’s my problem : with the add-in -On R6.0 server-,the expiration date is no longer taken into account when user creation (it’s set by default to 2 years even if i specify another duree).

The add-in result is correct when running on R5.x server but no more with R6.0 server (all the new users are created with 2 years-certificate life)

See below for the code lines

// before the RegisterUser call, the expiration date is correct -orgunitcertifier.GetExpirationDate()-

lnerr = orgunitcertifier.RegisterUser(wks.GetIDFilePath(),reguseroptions,wks.GetLastName(),wks.GetFirstName(),wks.GetMiddleInitial());

// afterwards , the user account has a correct expiration date on R5.x server but not on R6.0 server

Any idea ?

Thanks

hcl-bot · August 3, 2004, 1:10pm

Subject: Problem with expiration date and API C ?

Well, the GOOD news is that this security bug finally got fixed in 6.5.3.

hcl-bot · April 7, 2003, 1:44pm

Subject: Problem with expiration date and API C ?

Sorry it’s taken me so long to respond to this; I’ve been out of the office for several days. I finally managed to set up an environment that will reproduce the problem.

The problem is actually at the C API level, not the C++ API. The C++ call to LNNotesSession::GetCertifier() passes the expiration date to the C API function SECKFMGetCertifierCtx(). The C++ call to LNCertifier::RegisterUser() simply gathers up all the information provided and passes it on to the C API call REGNewWorkstation().

In Release 5 of Notes and Domino, the expiration date for the certificates created by REGNewWorkstation() is set to the date provided in the call to SECKFMGetCertifierCtx(). In Domino 6, that’s not the case. However, if I insert a call to SECKFMSetCertifierExpiration(), the date is correctly set (even though I passed the same date to both SECKFM functions!).

I’ve entered a C API SPR to have the C API problem fixed.

There is a way to work around this problem, but it involves doing something mildly naughty in the C++ API: since LNCertifier::GetCertifierContext() is an in-line function, you can delete the “protected:” specifier for that function in lnreg.hpp. That function simply returns the certifier context handle originally obtained from the C++ API. Add the following to your application just after getting the LNCertifier:

HCERTIFIER    hCert;



hCert = certifier.GetCertifierContext ();



status = SECKFMSetCertifierExpiration (hCert, expirationDate.GetTIMEDATE());

and link with the C API library, notes.lib. That ought to correctly set the expiration date without disrupting operation of the C++ API. But don’t tell anyone I said to do this!!

                            - - Steve Boylan

                            Notes & Domino C++ API Team