1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
|
.. _mozilla_projects_nss_nss_sample_code_sample2_-_initialize_nss_database:
Initialize NSS database - sample 2
==================================
.. _nss_sample_code_2_initialize_the_nss_database.:
`NSS sample code 2: initialize the NSS database. <#nss_sample_code_2_initialize_the_nss_database.>`__
-----------------------------------------------------------------------------------------------------
.. container::
The NSS sample code below demonstrates how to initialize the NSS database.
.. code:: brush:
/*
* Print a usage message and exit
*/
static void
Usage(const char *progName)
{
fprintf(stderr, "\nUsage: %s -d [-p ]"
" [-f ]\n\n",
progName);
fprintf(stderr, "%-15s Specify a DB directory path\n\n",
"-d ");
fprintf(stderr, "%-15s Specify a plaintext password\n\n",
"-p ");
fprintf(stderr, "%-15s Specify a password file\n\n",
"-f ");
exit(-1);
}
/*
* InitSlotPassword
*/
char *
InitSlotPassword(PK11SlotInfo *slot, PRBool retry, void *arg)
{
FILE *input;
FILE *output;
char *p0 = NULL;
char *p1 = NULL;
secuPWData *pwdata = (secuPWData *) arg;
if (pwdata->source == PW_FROMFILE) {
return FilePasswd(slot, retry, pwdata->data);
}
if (pwdata->source == PW_PLAINTEXT) {
return PL_strdup(pwdata->data);
}
/* open terminal */
input = fopen("/dev/tty", "r");
if (input == NULL) {
PR_fprintf(PR_STDERR, "Error opening input terminal for read\n");
return NULL;
}
/* we have no password, so initialize database with one */
PR_fprintf(PR_STDERR,
"Enter a password which will be used to encrypt your keys.\n"
"The password should be at least 8 characters long,\n"
"and should contain at least one non-alphabetic character.\n\n");
output = fopen("/dev/tty", "w");
if (output == NULL) {
PR_fprintf(PR_STDERR, "Error opening output terminal for write\n");
return NULL;
}
for (;;) {
if (p0)
PORT_Free(p0);
p0 = GetPassword(input, output, "Enter new password: ",
CheckPassword);
if (p1)
PORT_Free(p1);
p1 = GetPassword(input, output, "Re-enter password: ",
CheckPassword);
if (p0 && p1 && !PORT_Strcmp(p0, p1)) {
break;
}
PR_fprintf(PR_STDERR, "Passwords do not match. Try again.\n");
}
/* clear out the duplicate password string */
if (p1) {
PORT_Memset(p1, 0, PORT_Strlen(p1));
PORT_Free(p1);
}
fclose(input);
fclose(output);
return p0;
}
/*
* ChangePW
*/
SECStatus
ChangePW(PK11SlotInfo *slot, char *oldPass, char *newPass,
char *oldPwFile, char *newPwFile)
{
SECStatus rv;
secuPWData pwdata;
secuPWData newpwdata;
char *oldpw = NULL;
char *newpw = NULL;
if (oldPass) {
pwdata.source = PW_PLAINTEXT;
pwdata.data = oldPass;
} else if (oldPwFile) {
pwdata.source = PW_FROMFILE;
pwdata.data = oldPwFile;
} else {
pwdata.source = PW_NONE;
pwdata.data = NULL;
}
if (newPass) {
newpwdata.source = PW_PLAINTEXT;
newpwdata.data = newPass;
} else if (newPwFile) {
newpwdata.source = PW_FROMFILE;
newpwdata.data = NULL;
} else {
newpwdata.source = PW_NONE;
newpwdata.data = NULL;
}
if (PK11_NeedUserInit(slot)) {
newpw = InitSlotPassword(slot, PR_FALSE, &pwdata);
rv = PK11_InitPin(slot, (char*)NULL, newpw);
if (rv == SECSuccess) {
PR_fprintf(PR_STDERR, "PK11_InitPin failed.\n");
return SECFailure;
}
}
else {
for (;;) {
oldpw = GetModulePassword(slot, PR_FALSE, &pwdata);
if (PK11_CheckUserPassword(slot, oldpw) != SECSuccess) {
if (pwdata.source == PW_NONE) {
PR_fprintf(PR_STDERR, "Invalid password. Try again.\n");
} else {
PR_fprintf(PR_STDERR, "Invalid password.\n");
PORT_Memset(oldpw, 0, PL_strlen(oldpw));
PORT_Free(oldpw);
return SECFailure;
}
} else {
break;
}
PORT_Free(oldpw);
}
newpw = InitSlotPassword(slot, PR_FALSE, &newpwdata);
if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) {
PR_fprintf(PR_STDERR, "Failed to change password.\n");
return SECFailure;
}
PORT_Memset(oldpw, 0, PL_strlen(oldpw));
PORT_Free(oldpw);
PR_fprintf(PR_STDOUT, "Password changed successfully.\n");
}
PORT_Memset(newpw, 0, PL_strlen(newpw));
PORT_Free(newpw);
return SECSuccess;
}
/*
* This example illustrates initialization of the NSS database.
* It creates an nss configuration directory with empty databases
* and initializes the databases. It also illustrates techniques for
* password handling.
*/
int main(int argc, char **argv)
{
PLOptState *optstate;
PLOptStatus status;
SECStatus rv;
SECStatus rvShutdown;
char *slotname = "internal";
PK11SlotInfo *slot = NULL;
char *dbdir = NULL;
char *plainPass = NULL;
char *pwFile = NULL;
char * progName = strrchr(argv[0], '/');
progName = progName ? progName + 1 : argv[0];
/* Parse command line arguments */
optstate = PL_CreateOptState(argc, argv, "d:p:q:f:g:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case 'd':
dbdir = strdup(optstate->value);
break;
case 'p':
plainPass = strdup(optstate->value);
break;
case 'f':
pwFile = strdup(optstate->value);
break;
default:
Usage(progName);
break;
}
}
PL_DestroyOptState(optstate);
if (!dbdir)
Usage(progName);
PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
/* Create the database */
rv = NSS_InitReadWrite(dbdir);
if (rv != SECSuccess) {
PR_fprintf(PR_STDERR, "NSS_Initialize Failed");
PR_Cleanup();
exit(rv);
}
if (PL_strcmp(slotname, "internal") == 0)
slot = PK11_GetInternalKeySlot();
/* If creating new database, initialize the password. */
rv = ChangePW(slot, plainPass, 0, pwFile, 0);
if (rv != SECSuccess) {
PR_fprintf(PR_STDERR, "Failed to change password\n");
}
if (slot) {
PK11_FreeSlot(slot);
}
rvShutdown = NSS_Shutdown();
if (rvShutdown != SECSuccess) {
PR_fprintf(PR_STDERR, "Failed : NSS_Shutdown()\n");
rv = SECFailure;
}
PR_Cleanup();
return rv;
}
|
