Merge branch 'NSS-335'

author: wolfbeast <mcwerewolf@gmail.com> 2018-06-06 21:27:04 +0200
committer: wolfbeast <mcwerewolf@gmail.com> 2018-06-06 21:27:04 +0200
commit: 4a71b30364a4b6d1eaf16fcfdc8e873e6697f293 (patch)
tree: a47014077c14579249859ad34afcc5a8f2f0730a /security/nss/cmd/modutil
parent: d7da72799521386c110dbba73b1e483b00a0a56a (diff)
parent: 2dad0ec41d0b69c0a815012e6ea4bdde81b2875b (diff)
download: UXP-4a71b30364a4b6d1eaf16fcfdc8e873e6697f293.tar
UXP-4a71b30364a4b6d1eaf16fcfdc8e873e6697f293.tar.gz
UXP-4a71b30364a4b6d1eaf16fcfdc8e873e6697f293.tar.lz
UXP-4a71b30364a4b6d1eaf16fcfdc8e873e6697f293.tar.xz
UXP-4a71b30364a4b6d1eaf16fcfdc8e873e6697f293.zip
5 files changed, 41 insertions, 6 deletions
diff --git a/security/nss/cmd/modutil/error.h b/security/nss/cmd/modutil/error.h
index b328afebc..d9f06592f 100644
--- a/security/nss/cmd/modutil/error.h
+++ b/security/nss/cmd/modutil/error.h
@@ -57,6 +57,7 @@ typedef enum {
     UNSPECIFIED_ERR,
     NOCERTDB_MISUSE_ERR,
     NSS_INITIALIZE_FAILED_ERR,
+    INITPW_FAILED_ERR,
 
     LAST_ERR /* must be last */
 } Error;
@@ -109,8 +110,9 @@ static char *errStrings[] = {
     "ERROR: Failed to change default.\n",
     "ERROR: Unable to read from standard input.\n",
     "ERROR: Unknown error occurred.\n",
-    "ERROR: -nocertdb option can only be used with the -jar command.\n"
-    "ERROR: NSS_Initialize() failed.\n"
+    "ERROR: -nocertdb option can only be used with the -jar command.\n",
+    "ERROR: NSS_Initialize() failed.\n",
+    "ERROR: Unable to set initial password on the database.\n"
 };
 
 typedef enum {
diff --git a/security/nss/cmd/modutil/install-ds.c b/security/nss/cmd/modutil/install-ds.c
index c8fef7897..030568762 100644
--- a/security/nss/cmd/modutil/install-ds.c
+++ b/security/nss/cmd/modutil/install-ds.c
@@ -975,8 +975,7 @@ Pk11Install_Platform_Print(Pk11Install_Platform* _this, int pad)
         printf("Doesn't use equiv\n");
     }
     PAD(pad);
-    printf("Module File: %s\n", _this->moduleFile ? _this->moduleFile
-                                                  : "<NULL>");
+    printf("Module File: %s\n", _this->moduleFile ? _this->moduleFile : "<NULL>");
     PAD(pad);
     printf("mechFlags: %lx\n", _this->mechFlags);
     PAD(pad);
diff --git a/security/nss/cmd/modutil/modutil.c b/security/nss/cmd/modutil/modutil.c
index 02972f7b4..c1b44be53 100644
--- a/security/nss/cmd/modutil/modutil.c
+++ b/security/nss/cmd/modutil/modutil.c
@@ -865,7 +865,7 @@ main(int argc, char* argv[])
             errcode = ChangePW(tokenName, pwFile, newpwFile);
             break;
         case CREATE_COMMAND:
-            /* The work was already done in init_crypto() */
+            errcode = InitPW();
             break;
         case DEFAULT_COMMAND:
             errcode = SetDefaultModule(moduleName, slotName, mechanisms);
diff --git a/security/nss/cmd/modutil/modutil.h b/security/nss/cmd/modutil/modutil.h
index 127d0d0da..04aa908c8 100644
--- a/security/nss/cmd/modutil/modutil.h
+++ b/security/nss/cmd/modutil/modutil.h
@@ -29,6 +29,7 @@ Error AddModule(char *moduleName, char *libFile, char *ciphers,
 Error DeleteModule(char *moduleName);
 Error ListModule(char *moduleName);
 Error ListModules();
+Error InitPW(void);
 Error ChangePW(char *tokenName, char *pwFile, char *newpwFile);
 Error EnableModule(char *moduleName, char *slotName, PRBool enable);
 Error RawAddModule(char *dbmodulespec, char *modulespec);
diff --git a/security/nss/cmd/modutil/pk11.c b/security/nss/cmd/modutil/pk11.c
index 834469af1..1efc1895c 100644
--- a/security/nss/cmd/modutil/pk11.c
+++ b/security/nss/cmd/modutil/pk11.c
@@ -670,6 +670,39 @@ loser:
 
 /************************************************************************
  *
+ * I n i t P W
+ */
+Error
+InitPW(void)
+{
+    PK11SlotInfo *slot;
+    Error ret = UNSPECIFIED_ERR;
+
+    slot = PK11_GetInternalKeySlot();
+    if (!slot) {
+        PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], "internal");
+        return NO_SUCH_TOKEN_ERR;
+    }
+
+    /* Set the initial password to empty */
+    if (PK11_NeedUserInit(slot)) {
+        if (PK11_InitPin(slot, NULL, "") != SECSuccess) {
+            PR_fprintf(PR_STDERR, errStrings[INITPW_FAILED_ERR]);
+            ret = INITPW_FAILED_ERR;
+            goto loser;
+        }
+    }
+
+    ret = SUCCESS;
+
+loser:
+    PK11_FreeSlot(slot);
+
+    return ret;
+}
+
+/************************************************************************
+ *
  * C h a n g e P W
  */
 Error
@@ -695,7 +728,7 @@ ChangePW(char *tokenName, char *pwFile, char *newpwFile)
                 ret = BAD_PW_ERR;
                 goto loser;
             }
-        } else {
+        } else if (PK11_NeedLogin(slot)) {
             for (matching = PR_FALSE; !matching;) {
                 oldpw = SECU_GetPasswordString(NULL, "Enter old password: ");
                 if (PK11_CheckUserPassword(slot, oldpw) == SECSuccess) {
author	wolfbeast <mcwerewolf@gmail.com>	2018-06-06 21:27:04 +0200
committer	wolfbeast <mcwerewolf@gmail.com>	2018-06-06 21:27:04 +0200
commit	4a71b30364a4b6d1eaf16fcfdc8e873e6697f293 (patch)
tree	a47014077c14579249859ad34afcc5a8f2f0730a /security/nss/cmd/modutil
parent	d7da72799521386c110dbba73b1e483b00a0a56a (diff)
parent	2dad0ec41d0b69c0a815012e6ea4bdde81b2875b (diff)
download	UXP-4a71b30364a4b6d1eaf16fcfdc8e873e6697f293.tar UXP-4a71b30364a4b6d1eaf16fcfdc8e873e6697f293.tar.gz UXP-4a71b30364a4b6d1eaf16fcfdc8e873e6697f293.tar.lz UXP-4a71b30364a4b6d1eaf16fcfdc8e873e6697f293.tar.xz UXP-4a71b30364a4b6d1eaf16fcfdc8e873e6697f293.zip