package prosody import ( "crypto/hmac" "crypto/sha1" "encoding/hex" "errors" "fmt" "log" "os/exec" "github.com/xdg-go/pbkdf2" ) func (p *Prosody) ChangePassword(user string, currentPwd string, newPwd string) error { acc, err := p.loadAccount(user) if err != nil { return fmt.Errorf("p.loadAccount %w", err) } storedKey, err := hashPassword(currentPwd, acc.Salt, acc.IterationCount) if err != nil { return fmt.Errorf("hashPassword: %w", err) } // Compare the hashes if storedKey != acc.StoredKey { return errors.New("password is incorrect") } result, err := exec.Command("/usr/bin/prosodyctl", "-c", "passwd -s 12 -scny 1").Output() if err != nil { return fmt.Errorf("prosodcytl: %w", err) } log.Println("string(result)", string(result)) return nil } func hashPassword(password, salt string, iterationCount int) (string, error) { // Hash the password using the SCRAM mechanism saltedPassword := pbkdf2.Key([]byte(password), []byte(salt), iterationCount, 20, sha1.New) clientKey := hmacSha1(saltedPassword, []byte("Client Key")) storedKey := sha1.Sum(clientKey) return hex.EncodeToString(storedKey[:]), nil } func hmacSha1(key, data []byte) []byte { mac := hmac.New(sha1.New, key) mac.Write(data) return mac.Sum(nil) }