fix for bug #83160, change master password broken

r=javi, sr=blizzard, a=asa

security/manager/pki/resources/content/device_manager.js

@@ -345,19 +345,11 @@ function changePassword()
 {
   getSelectedItem();
   token = selected_slot.getToken();
-  try {
-    // this seems to be neccessary, otherwise it fails in the PKCS#11 layer.
-    // but it doesn't feel right...
-    if (!token.isLoggedIn()) {
-      token.login(true);
-    }
-    window.open("changepassword.xul",
-                selected_slot.tokenName, 
-                "chrome,width=300,height=350,resizable=0,modal=1,dialog=1");
-    showSlotInfo();
-    enableButtons();
-  } catch (e) {
-  }
+  window.open("changepassword.xul",
+              selected_slot.tokenName, 
+              "chrome,resizable=1,modal=1,dialog=1");
+  showSlotInfo();
+  enableButtons();
 }
 
 // browse fs for PKCS#11 device

security/manager/pki/resources/content/password.js

@@ -87,11 +87,17 @@ function setPassword()
 
   var oldpwbox = document.getElementById("oldpw");
   var initpw = oldpwbox.getAttribute("inited");
+  var bundle = srGetStrBundle("chrome://pippki/locale/pippki.properties");
   if (initpw == "false") {
     try {
-      token.changePassword(oldpwbox.value, pw1.value);
+      var passok = token.checkPassword(oldpwbox.value);
+      if (passok) {
+        token.changePassword(oldpwbox.value, pw1.value);
+        alert(bundle.GetStringFromName("pw_change_ok")); 
+      } else {
+        alert(bundle.GetStringFromName("incorrect_pw")); 
+      }
     } catch (e) {
-      var bundle = srGetStrBundle("chrome://pippki/locale/pippki.properties");
       alert(bundle.GetStringFromName("failed_pw_change")); 
     }
   } else {

security/manager/pki/resources/locale/en-US/pippki.properties

@@ -86,6 +86,8 @@ escrowFinalMessage=You should click OK only if you trust "%S" to protect your en
 #Token Manager
 password_not_set=(not set)
 failed_pw_change=Failed to change password.
+incorrect_pw=Incorrect password entered.
+pw_change_ok=Personal security password successfully changed.
 loadPK11TokenDialog=Choose a PKCS#11 device to load
 devinfo_modname=Module
 devinfo_modpath=Path

security/manager/ssl/src/nsPK11TokenDB.cpp

@@ -22,6 +22,8 @@
  */
 #include "nsISupports.h"
 #include "nsIPK11TokenDB.h"
+#include "prerror.h"
+#include "secerr.h"
 
 #include "nsPK11TokenDB.h"
 
@@ -180,7 +182,21 @@ NS_IMETHODIMP nsPK11Token::GetNeedsUserInit(PRBool *aNeedsUserInit)
 /* boolean checkPassword (in wstring password); */
 NS_IMETHODIMP nsPK11Token::CheckPassword(const PRUnichar *password, PRBool *_retval)
 {
-    return NS_ERROR_NOT_IMPLEMENTED;
+  SECStatus srv;
+  PRInt32 prerr;
+  srv = PK11_CheckUserPassword(mSlot, 
+                  NS_CONST_CAST(char *, NS_ConvertUCS2toUTF8(password).get()));
+  if (srv != SECSuccess) {
+    *_retval =  PR_FALSE;
+    prerr = PR_GetError();
+    if (prerr != SEC_ERROR_BAD_PASSWORD) {
+      /* something really bad happened - throw an exception */
+      return NS_ERROR_FAILURE;
+    }
+  } else {
+    *_retval =  PR_TRUE;
+  }
+  return NS_OK;
 }
 
 /* void initPassword (in wstring initialPassword); */