NS_IMETHODIMP nsPK11Token::ChangePassword(const nsACString& oldPassword, const nsACString& newPassword) { // PK11_ChangePW() has different semantics for the empty string and for // nullptr. In order to support this difference, we need to check IsVoid() to // find out if our caller supplied null/undefined args or just empty strings. // See Bug 447589. return MapSECStatus(PK11_ChangePW( mSlot.get(), oldPassword.IsVoid() ? nullptr : PromiseFlatCString(oldPassword).get(), newPassword.IsVoid() ? nullptr : PromiseFlatCString(newPassword).get())); }
NS_IMETHODIMP nsPK11Token::ChangePassword(const char16_t *oldPassword, const char16_t *newPassword) { nsNSSShutDownPreventionLock locker; if (isAlreadyShutDown()) return NS_ERROR_NOT_AVAILABLE; SECStatus rv; NS_ConvertUTF16toUTF8 aUtf8OldPassword(oldPassword); NS_ConvertUTF16toUTF8 aUtf8NewPassword(newPassword); rv = PK11_ChangePW(mSlot, (oldPassword ? const_cast<char *>(aUtf8OldPassword.get()) : nullptr), (newPassword ? const_cast<char *>(aUtf8NewPassword.get()) : nullptr)); return (rv == SECSuccess) ? NS_OK : NS_ERROR_FAILURE; }
NS_IMETHODIMP nsPK11Token::InitPassword(const nsACString& initialPassword) { const nsCString& passwordCStr = PromiseFlatCString(initialPassword); // PSM initializes the sqlite-backed softoken with an empty password. The // implementation considers this not to be a password (GetHasPassword returns // false), but we can't actually call PK11_InitPin again. Instead, we call // PK11_ChangePW with the empty password. bool hasPassword; nsresult rv = GetHasPassword(&hasPassword); if (NS_FAILED(rv)) { return rv; } if (!PK11_NeedUserInit(mSlot.get()) && !hasPassword) { return MapSECStatus(PK11_ChangePW(mSlot.get(), "", passwordCStr.get())); } return MapSECStatus(PK11_InitPin(mSlot.get(), "", passwordCStr.get())); }
bool nss_change_password(PK11SlotInfo* slot, const char* oldpass, const char* newpass) { SECStatus rv; const char *oldpw = NULL, *newpw = NULL; oldpw = oldpass; newpw = newpass; if (PK11_NeedUserInit(slot)) { rv = PK11_InitPin(slot, (char*)NULL, (char*)newpw); return true; } if (PK11_CheckUserPassword(slot, (char*)oldpw) != SECSuccess) { std::cerr<<"Invalid password to nss db"<<std::endl; return false; } if (PK11_ChangePW(slot, (char*)oldpw, (char*)newpw) != SECSuccess) { std::cerr<<"Failed to change password of nss db"<<std::endl; return false; } std::cout<<"Succeeded to change password"<<std::endl; return true; }
/************************************************************************ * * C h a n g e P W */ Error ChangePW(char *tokenName, char *pwFile, char *newpwFile) { char *oldpw = NULL, *newpw = NULL, *newpw2 = NULL; PK11SlotInfo *slot; Error ret = UNSPECIFIED_ERR; PRBool matching; slot = PK11_FindSlotByName(tokenName); if (!slot) { PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], tokenName); return NO_SUCH_TOKEN_ERR; } /* Get old password */ if (!PK11_NeedUserInit(slot)) { if (pwFile) { oldpw = SECU_FilePasswd(NULL, PR_FALSE, pwFile); if (PK11_CheckUserPassword(slot, oldpw) != SECSuccess) { PR_fprintf(PR_STDERR, errStrings[BAD_PW_ERR]); ret = BAD_PW_ERR; goto loser; } } else if (PK11_NeedLogin(slot)) { for (matching = PR_FALSE; !matching;) { oldpw = SECU_GetPasswordString(NULL, "Enter old password: "******"Enter new password: "******"Re-enter new password: "); if (strcmp(newpw, newpw2)) { PR_fprintf(PR_STDOUT, msgStrings[PW_MATCH_MSG]); PORT_ZFree(newpw, strlen(newpw)); PORT_ZFree(newpw2, strlen(newpw2)); } else { matching = PR_TRUE; } } } /* Change the password */ if (PK11_NeedUserInit(slot)) { if (PK11_InitPin(slot, NULL /*ssopw*/, newpw) != SECSuccess) { PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName); ret = CHANGEPW_FAILED_ERR; goto loser; } } else { if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) { PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName); ret = CHANGEPW_FAILED_ERR; goto loser; } } PR_fprintf(PR_STDOUT, msgStrings[CHANGEPW_SUCCESS_MSG], tokenName); ret = SUCCESS; loser: if (oldpw) { PORT_ZFree(oldpw, strlen(oldpw)); } if (newpw) { PORT_ZFree(newpw, strlen(newpw)); } if (newpw2) { PORT_ZFree(newpw2, strlen(newpw2)); } PK11_FreeSlot(slot); return ret; }