NS_IMETHODIMP
nsPK11Token::ChangePassword(const nsACString& oldPassword,
const nsACString& newPassword)
{
// PK11_ChangePW() has different semantics for the empty string and for
// nullptr. In order to support this difference, we need to check IsVoid() to
// find out if our caller supplied null/undefined args or just empty strings.
// See Bug 447589.
return MapSECStatus(PK11_ChangePW(
mSlot.get(),
oldPassword.IsVoid() ? nullptr : PromiseFlatCString(oldPassword).get(),
newPassword.IsVoid() ? nullptr : PromiseFlatCString(newPassword).get()));
}
NS_IMETHODIMP nsPK11Token::ChangePassword(const char16_t *oldPassword, const char16_t *newPassword)
{
nsNSSShutDownPreventionLock locker;
if (isAlreadyShutDown())
return NS_ERROR_NOT_AVAILABLE;
SECStatus rv;
NS_ConvertUTF16toUTF8 aUtf8OldPassword(oldPassword);
NS_ConvertUTF16toUTF8 aUtf8NewPassword(newPassword);
rv = PK11_ChangePW(mSlot,
(oldPassword ? const_cast<char *>(aUtf8OldPassword.get()) : nullptr),
(newPassword ? const_cast<char *>(aUtf8NewPassword.get()) : nullptr));
return (rv == SECSuccess) ? NS_OK : NS_ERROR_FAILURE;
}
NS_IMETHODIMP
nsPK11Token::InitPassword(const nsACString& initialPassword)
{
const nsCString& passwordCStr = PromiseFlatCString(initialPassword);
// PSM initializes the sqlite-backed softoken with an empty password. The
// implementation considers this not to be a password (GetHasPassword returns
// false), but we can't actually call PK11_InitPin again. Instead, we call
// PK11_ChangePW with the empty password.
bool hasPassword;
nsresult rv = GetHasPassword(&hasPassword);
if (NS_FAILED(rv)) {
return rv;
}
if (!PK11_NeedUserInit(mSlot.get()) && !hasPassword) {
return MapSECStatus(PK11_ChangePW(mSlot.get(), "", passwordCStr.get()));
}
return MapSECStatus(PK11_InitPin(mSlot.get(), "", passwordCStr.get()));
}
bool nss_change_password(PK11SlotInfo* slot, const char* oldpass, const char* newpass) {
SECStatus rv;
const char *oldpw = NULL, *newpw = NULL;
oldpw = oldpass; newpw = newpass;
if (PK11_NeedUserInit(slot)) {
rv = PK11_InitPin(slot, (char*)NULL, (char*)newpw);
return true;
}
if (PK11_CheckUserPassword(slot, (char*)oldpw) != SECSuccess) {
std::cerr<<"Invalid password to nss db"<<std::endl;
return false;
}
if (PK11_ChangePW(slot, (char*)oldpw, (char*)newpw) != SECSuccess) {
std::cerr<<"Failed to change password of nss db"<<std::endl;
return false;
}
std::cout<<"Succeeded to change password"<<std::endl;
return true;
}
/************************************************************************
*
* C h a n g e P W
*/
Error
ChangePW(char *tokenName, char *pwFile, char *newpwFile)
{
char *oldpw = NULL, *newpw = NULL, *newpw2 = NULL;
PK11SlotInfo *slot;
Error ret = UNSPECIFIED_ERR;
PRBool matching;
slot = PK11_FindSlotByName(tokenName);
if (!slot) {
PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], tokenName);
return NO_SUCH_TOKEN_ERR;
}
/* Get old password */
if (!PK11_NeedUserInit(slot)) {
if (pwFile) {
oldpw = SECU_FilePasswd(NULL, PR_FALSE, pwFile);
if (PK11_CheckUserPassword(slot, oldpw) != SECSuccess) {
PR_fprintf(PR_STDERR, errStrings[BAD_PW_ERR]);
ret = BAD_PW_ERR;
goto loser;
}
} else if (PK11_NeedLogin(slot)) {
for (matching = PR_FALSE; !matching;) {
oldpw = SECU_GetPasswordString(NULL, "Enter old password: "******"Enter new password: "******"Re-enter new password: ");
if (strcmp(newpw, newpw2)) {
PR_fprintf(PR_STDOUT, msgStrings[PW_MATCH_MSG]);
PORT_ZFree(newpw, strlen(newpw));
PORT_ZFree(newpw2, strlen(newpw2));
} else {
matching = PR_TRUE;
}
}
}
/* Change the password */
if (PK11_NeedUserInit(slot)) {
if (PK11_InitPin(slot, NULL /*ssopw*/, newpw) != SECSuccess) {
PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName);
ret = CHANGEPW_FAILED_ERR;
goto loser;
}
} else {
if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) {
PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName);
ret = CHANGEPW_FAILED_ERR;
goto loser;
}
}
PR_fprintf(PR_STDOUT, msgStrings[CHANGEPW_SUCCESS_MSG], tokenName);
ret = SUCCESS;
loser:
if (oldpw) {
PORT_ZFree(oldpw, strlen(oldpw));
}
if (newpw) {
PORT_ZFree(newpw, strlen(newpw));
}
if (newpw2) {
PORT_ZFree(newpw2, strlen(newpw2));
}
PK11_FreeSlot(slot);
return ret;
}
