8 files changed, 123 insertions, 63 deletions
diff --git a/ldap/clients/dsgw/dsgwutil.c b/ldap/clients/dsgw/dsgwutil.c
index 4ce2be56..71235f7d 100644
--- a/ldap/clients/dsgw/dsgwutil.c
+++ b/ldap/clients/dsgw/dsgwutil.c
@@ -42,11 +42,7 @@
 #include <limits.h> /* PATH_MAX */
 #include "dsgw.h"
 #include "dbtdsgw.h"
-#ifdef NS_DS
 #include "../lib/libsi18n/gsslapd.h"
-#else /* Admin Server */
-#include "../lib/libsi18n/gsadmserv.h"
-#endif
 
 #ifdef DSGW_DEBUG
 #include <time.h>
@@ -96,11 +92,7 @@ dsgw_init( int argc, char **argv, int methods_handled )
 
     /* initialize the string database */
     XP_InitStringDatabase(
-#ifdef NS_DS
 	  SERVER_ROOT_PATH "/bin/slapd/property" /* Directory Server Gateway */
-#else
-	  SERVER_ROOT_PATH "/admin" /* Admin Server */
-#endif
 	  , DATABASE_NAME);
     /* set default default languages for string database */
     SetLanguage(CLIENT_LANGUAGE, "");
diff --git a/ldap/cm/newinstnt/Makefile b/ldap/cm/newinstnt/Makefile
index 2de27a4b..e05759d3 100644
--- a/ldap/cm/newinstnt/Makefile
+++ b/ldap/cm/newinstnt/Makefile
@@ -84,7 +84,7 @@ CONSOLOBJS= \
 LIBINSTOBJS = \
 	$(OUTDIR)/libinst.obj
 
-CFLAGS+= /I "$(BUILD_ROOT)/include/nt" /I "$(BUILD_ROOT)/ldap/include" /I "$(BUILD_ROOT)/include" $(ADMINUTIL_INCLUDE) $(NSPR_INCLUDE) /D "NS_DS" /D "XP_WIN32"
+CFLAGS+= /I "$(BUILD_ROOT)/include/nt" /I "$(BUILD_ROOT)/ldap/include" /I "$(BUILD_ROOT)/include" $(ADMINUTIL_INCLUDE) $(NSPR_INCLUDE) /D "XP_WIN32"
 
 CC=cl.exe
 LD=link.exe
diff --git a/ldap/servers/slapd/errormap.c b/ldap/servers/slapd/errormap.c
index ec484448..7aae4348 100644
--- a/ldap/servers/slapd/errormap.c
+++ b/ldap/servers/slapd/errormap.c
@@ -114,9 +114,6 @@ slapd_versatile_strerror( const PRErrorCode prerrno )
  *	Netscape Certificate Server team on 27-March-1998.
  *	Taken from the file ns/security/cmd/lib/secerror.c on NSS_1_BRANCH.
  *	Last updated from there: 24-July-1998 by Mark Smith <mcs>
- *
- * All of the Directory Server specific changes are enclosed inside
- *	#ifdef NS_DS.
  ****************************************************************************
  */
 #include "nspr.h"
@@ -137,17 +134,11 @@ typedef struct tuple_str tuple_str;
 static const tuple_str errStrings[] = {
 
 /* keep this list in ascending order of error numbers */
-#ifdef NS_DS
 #include "dberrstrs.h"
 #include "sslerrstrs.h"
 #include "secerrstrs.h"
 #include "prerrstrs.h"
 #include "disconnect_error_strings.h"
-#else /* NS_DS */
-#include "SSLerrs.h"
-#include "SECerrs.h"
-#include "NSPRerrs.h"
-#endif /* NS_DS */
 
 };
 
@@ -156,10 +147,7 @@ static const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str);
 /* Returns a UTF-8 encoded constant error string for "errNum".
  * Returns NULL of errNum is unknown.
  */
-#ifdef NS_DS
-static
-#endif /* NS_DS */
-const char *
+static const char *
 SECU_Strerror(PRErrorCode errNum) {
     PRInt32 low  = 0;
     PRInt32 high = numStrings - 1;
@@ -175,7 +163,6 @@ SECU_Strerror(PRErrorCode errNum) {
     	for (i = low + 1; i <= high; ++i) {
 	    num = errStrings[i].errNum;
 	    if (num <= lastNum) {
-#ifdef NS_DS
 		LDAPDebug( LDAP_DEBUG_ANY,
 			"sequence error in error strings at item %d\n"
 			"error %d (%s)\n",
@@ -184,15 +171,6 @@ SECU_Strerror(PRErrorCode errNum) {
 			"should come after \n"
 			"error %d (%s)\n",
 			num, errStrings[i].errString, 0 );
-#else /* NS_DS */
-	    	fprintf(stderr, 
-"sequence error in error strings at item %d\n"
-"error %d (%s)\n"
-"should come after \n"
-"error %d (%s)\n",
-		        i, lastNum, errStrings[i-1].errString, 
-			num, errStrings[i].errString);
-#endif /* NS_DS */
 	    }
 	    lastNum = num;
 	}
diff --git a/ldap/servers/slapd/ntperfdll/Makefile b/ldap/servers/slapd/ntperfdll/Makefile
index a639b0fc..448ef9bb 100644
--- a/ldap/servers/slapd/ntperfdll/Makefile
+++ b/ldap/servers/slapd/ntperfdll/Makefile
@@ -56,7 +56,7 @@ MC=mc	#message compiler?
 DLLS = nsldapctr
 
 # -D's get all screwed up: we need to fix them:
-CFLAGS+= -UNS_PERSONAL -DNS_DS
+CFLAGS+= -UNS_PERSONAL
 # this lets us pickup regparms.h
 CFLAGS += -I $(BUILD_ROOT)/include
 
diff --git a/ldap/servers/slapd/ntwdog/Makefile b/ldap/servers/slapd/ntwdog/Makefile
index 18d5ee1e..883aaf7f 100644
--- a/ldap/servers/slapd/ntwdog/Makefile
+++ b/ldap/servers/slapd/ntwdog/Makefile
@@ -46,7 +46,6 @@ BUILD_ROOT = ../../../..
 
 NOSTDCLEAN=true # don't let nsconfig.mk define target clean
 NOSTDSTRIP=true # don't let nsconfig.mk define target strip
-NSPR20=true	# probably should be defined somewhere else (not sure where)
 
 OBJDEST = $(OBJDIR)/ntwdog/obj
 SLAPD_OBJDEST= $(OBJDIR)/obj
@@ -62,7 +61,7 @@ endif
 
 #INCLUDES += -I$(BUILD_ROOT)/include/libadmin 
 
-DS_SERVER_DEFS = -DNS_DS
+DS_SERVER_DEFS =
 
 NTWDOG_OBJS=	ntwatchdog.o 
 
diff --git a/ldap/servers/slapd/prerrstrs.h b/ldap/servers/slapd/prerrstrs.h
index f7ae3f0a..f87f68cb 100644
--- a/ldap/servers/slapd/prerrstrs.h
+++ b/ldap/servers/slapd/prerrstrs.h
@@ -42,13 +42,8 @@
 
 /*
  ****************************************************************************
- * The code below this point was provided by Nelson Bolyard <nelsonb> of the
- *	Netscape Certificate Server team on 27-March-1998.
- *	Taken from the file ns/security/cmd/lib/NSPRerrs.h on NSS_1_BRANCH.
- *	Last updated from there: 24-July-1998 by Mark Smith <mcs>
- *
- * All of the Directory Server specific changes are enclosed inside
- *	#ifdef NS_DS.
+ * The code below this point was taken from the file 
+ * mozilla/security/nss/security/nss/cmd/lib/NSPRerrs.h on NSS_3_11_3_RTM.
  ****************************************************************************
  */
 /* General NSPR 2.0 errors */
@@ -138,16 +133,34 @@ ER2( PR_NO_MORE_FILES_ERROR, 	"No more entries in the directory." )
 ER2( PR_END_OF_FILE_ERROR, 	"Encountered end of file." )
 ER2( PR_FILE_SEEK_ERROR, 	"Seek error." )
 ER2( PR_FILE_IS_BUSY_ERROR, 	"The file is busy." )
-ER2( PR_OPERATION_ABORTED_ERROR,  "The I/O operation was aborted" )
 ER2( PR_IN_PROGRESS_ERROR,
 "Operation is still in progress (probably a non-blocking connect)." )
 ER2( PR_ALREADY_INITIATED_ERROR,
 "Operation has already been initiated (probably a non-blocking connect)." )
+
+#ifdef PR_GROUP_EMPTY_ERROR
 ER2( PR_GROUP_EMPTY_ERROR, 	"The wait group is empty." )
+#endif
+
+#ifdef PR_INVALID_STATE_ERROR
 ER2( PR_INVALID_STATE_ERROR, 	"Object state improper for request." )
-ER2( PR_NETWORK_DOWN_ERROR,       "Network is down" )
-ER2( PR_SOCKET_SHUTDOWN_ERROR,    "Socket shutdown" )
-ER2( PR_CONNECT_ABORTED_ERROR,    "Connection aborted" )
-ER2( PR_HOST_UNREACHABLE_ERROR,   "Host is unreachable" )
+#endif
+
+#ifdef PR_NETWORK_DOWN_ERROR
+ER2( PR_NETWORK_DOWN_ERROR,	"Network is down." )
+#endif
+
+#ifdef PR_SOCKET_SHUTDOWN_ERROR
+ER2( PR_SOCKET_SHUTDOWN_ERROR,	"The socket was previously shut down." )
+#endif
+
+#ifdef PR_CONNECT_ABORTED_ERROR
+ER2( PR_CONNECT_ABORTED_ERROR,	"TCP Connection aborted." )
+#endif
+
+#ifdef PR_HOST_UNREACHABLE_ERROR
+ER2( PR_HOST_UNREACHABLE_ERROR,	"Host is unreachable." )
+#endif
 
+/* always last */
 ER2( PR_MAX_ERROR, 		"Placeholder for the end of the list" )
diff --git a/ldap/servers/slapd/secerrstrs.h b/ldap/servers/slapd/secerrstrs.h
index 2fb17527..5056e7de 100644
--- a/ldap/servers/slapd/secerrstrs.h
+++ b/ldap/servers/slapd/secerrstrs.h
@@ -42,20 +42,14 @@
 
 /*
  ****************************************************************************
- * The code below this point was provided by Nelson Bolyard <nelsonb> of the
- *	Netscape Certificate Server team on 27-March-1998.
- *	Taken from the file ns/security/cmd/lib/SECerrs.h on NSS_1_BRANCH.
- *	Last updated from there: 24-July-1998 by Mark Smith <mcs>
- *
- * All of the Directory Server specific changes are enclosed inside
- *	#ifdef NS_DS.
+ * The code below this point was taken from the file 
+ * mozilla/security/nss/security/nss/cmd/lib/SECerrs.h on NSS_3_11_3_RTM.
  ****************************************************************************
  */
 
 /* General security error codes  */
 /* Caller must #include "secerr.h" */
 
-
 ER3(SEC_ERROR_IO,				SEC_ERROR_BASE + 0,
 "An I/O error occurred during security authorization.")
 
@@ -377,7 +371,8 @@ ER3(SEC_ERROR_BAD_NICKNAME,			(SEC_ERROR_BASE + 103),
 ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER,       	(SEC_ERROR_BASE + 104),
 "Peer FORTEZZA chain has a non-FORTEZZA Certificate.")
 
-/* ER3(SEC_ERROR_UNKNOWN, 			(SEC_ERROR_BASE + 105), */
+ER3(SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY, 	(SEC_ERROR_BASE + 105),
+"A sensitive key cannot be moved to the slot where it is needed.")
 
 ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, 		(SEC_ERROR_BASE + 106),
 "Invalid module name.")
@@ -461,3 +456,74 @@ ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE,		(SEC_ERROR_BASE + 131),
 
 ER3(SEC_ERROR_OCSP_OLD_RESPONSE,		(SEC_ERROR_BASE + 132),
 "The OCSP response contains out-of-date information.")
+
+ER3(SEC_ERROR_DIGEST_NOT_FOUND,			(SEC_ERROR_BASE + 133),
+"The CMS or PKCS #7 Digest was not found in signed message.")
+
+ER3(SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE,		(SEC_ERROR_BASE + 134),
+"The CMS or PKCS #7 Message type is unsupported.")
+
+ER3(SEC_ERROR_MODULE_STUCK,			(SEC_ERROR_BASE + 135),
+"PKCS #11 module could not be removed because it is still in use.")
+
+ER3(SEC_ERROR_BAD_TEMPLATE,			(SEC_ERROR_BASE + 136),
+"Could not decode ASN.1 data. Specified template was invalid.")
+
+ER3(SEC_ERROR_CRL_NOT_FOUND,			(SEC_ERROR_BASE + 137),
+"No matching CRL was found.")
+
+ER3(SEC_ERROR_REUSED_ISSUER_AND_SERIAL,        (SEC_ERROR_BASE + 138),
+"You are attempting to import a cert with the same issuer/serial as \
+an existing cert, but that is not the same cert.")
+
+ER3(SEC_ERROR_BUSY,				(SEC_ERROR_BASE + 139),
+"NSS could not shutdown. Objects are still in use.")
+
+ER3(SEC_ERROR_EXTRA_INPUT,			(SEC_ERROR_BASE + 140),
+"DER-encoded message contained extra unused data.")
+
+ER3(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE,	(SEC_ERROR_BASE + 141),
+"Unsupported elliptic curve.")
+
+ER3(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM,	(SEC_ERROR_BASE + 142),
+"Unsupported elliptic curve point form.")
+
+ER3(SEC_ERROR_UNRECOGNIZED_OID,			(SEC_ERROR_BASE + 143),
+"Unrecognized Object IDentifier.")
+
+ER3(SEC_ERROR_OCSP_INVALID_SIGNING_CERT,	(SEC_ERROR_BASE + 144),
+"Invalid OCSP signing certificate in OCSP response.")
+
+ER3(SEC_ERROR_REVOKED_CERTIFICATE_CRL,          (SEC_ERROR_BASE + 145),
+"Certificate is revoked in issuer's certificate revocation list.")
+
+ER3(SEC_ERROR_REVOKED_CERTIFICATE_OCSP,         (SEC_ERROR_BASE + 146),
+"Issuer's OCSP responder reports certificate is revoked.")
+
+ER3(SEC_ERROR_CRL_INVALID_VERSION,              (SEC_ERROR_BASE + 147),
+"Issuer's Certificate Revocation List has an unknown version number.")
+
+ER3(SEC_ERROR_CRL_V1_CRITICAL_EXTENSION,        (SEC_ERROR_BASE + 148),
+"Issuer's V1 Certificate Revocation List has a critical extension.")
+
+ER3(SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION,   (SEC_ERROR_BASE + 149),
+"Issuer's V2 Certificate Revocation List has an unknown critical extension.")
+
+ER3(SEC_ERROR_UNKNOWN_OBJECT_TYPE,	        (SEC_ERROR_BASE + 150),
+"Unknown object type specified.")
+
+ER3(SEC_ERROR_INCOMPATIBLE_PKCS11,	        (SEC_ERROR_BASE + 151),
+"PKCS #11 driver violates the spec in an incompatible way.")
+
+ER3(SEC_ERROR_NO_EVENT,	        		(SEC_ERROR_BASE + 152),
+"No new slot event is available at this time.")
+
+ER3(SEC_ERROR_CRL_ALREADY_EXISTS,      		(SEC_ERROR_BASE + 153),
+"CRL already exists.")
+
+ER3(SEC_ERROR_NOT_INITIALIZED,      		(SEC_ERROR_BASE + 154),
+"NSS is not initialized.")
+
+ER3(SEC_ERROR_TOKEN_NOT_LOGGED_IN,  		(SEC_ERROR_BASE + 155),
+"The operation failed because the PKCS#11 token is not logged in.")
+
diff --git a/ldap/servers/slapd/sslerrstrs.h b/ldap/servers/slapd/sslerrstrs.h
index 17cc08eb..a5f309a7 100644
--- a/ldap/servers/slapd/sslerrstrs.h
+++ b/ldap/servers/slapd/sslerrstrs.h
@@ -42,13 +42,8 @@
 
 /*
  ****************************************************************************
- * The code below this point was provided by Nelson Bolyard <nelsonb> of the
- *	Netscape Certificate Server team on 27-March-1998.
- *	Taken from the file ns/security/cmd/lib/SSLerrs.h on NSS_1_BRANCH.
- *	Last updated from there: 24-July-1998 by Mark Smith <mcs>
- *
- * All of the Directory Server specific changes are enclosed inside
- *	#ifdef NS_DS.
+ * The code below this point was taken from the file 
+ * mozilla/security/nss/security/nss/cmd/lib/SSLerrs.h on NSS_3_11_3_RTM.
  ****************************************************************************
  */
 
@@ -385,3 +380,20 @@ ER3(SSL_ERROR_USER_CANCELED_ALERT         , (SSL_ERROR_BASE + 101),
 ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT      , (SSL_ERROR_BASE + 102),
 "Peer does not permit renegotiation of SSL security parameters.")
 
+ER3(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED , (SSL_ERROR_BASE + 103),
+"SSL server cache not configured and not disabled for this socket.")
+
+ER3(SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT    , (SSL_ERROR_BASE + 104),
+"SSL peer does not support requested TLS hello extension.")
+
+ER3(SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT , (SSL_ERROR_BASE + 105),
+"SSL peer could not obtain your certificate from the supplied URL.")
+
+ER3(SSL_ERROR_UNRECOGNIZED_NAME_ALERT        , (SSL_ERROR_BASE + 106),
+"SSL peer has no certificate for the requested DNS name.")
+
+ER3(SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT , (SSL_ERROR_BASE + 107),
+"SSL peer was unable to get an OCSP response for its certificate.")
+
+ER3(SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT      , (SSL_ERROR_BASE + 108),
+"SSL peer reported bad certificate hash value.")