* [9front] Password confirmation in auth/wrkey @ 2023-08-23 22:10 Vadim Kotov 2023-08-23 22:42 ` Jacob Moody 0 siblings, 1 reply; 9+ messages in thread From: Vadim Kotov @ 2023-08-23 22:10 UTC (permalink / raw) To: 9front Hey folks, I was wondering if there is a reason there is no password confirmation prompt when writing to nvram using auth/wrkey? Cheers, Vadím ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9front] Password confirmation in auth/wrkey 2023-08-23 22:10 [9front] Password confirmation in auth/wrkey Vadim Kotov @ 2023-08-23 22:42 ` Jacob Moody 2023-08-24 20:09 ` Jacob Moody 2023-08-25 2:59 ` Vadim Kotov 0 siblings, 2 replies; 9+ messages in thread From: Jacob Moody @ 2023-08-23 22:42 UTC (permalink / raw) To: 9front On 8/23/23 17:10, Vadim Kotov wrote: > Hey folks, > > I was wondering if there is a reason there is no password confirmation prompt when writing to nvram using auth/wrkey? > > Cheers, > Vadím I see no real reason other then that no one has bothered. Looking at the code it calls in libauthsrv, you could get away with just calling readcons() a second time and making sure they match. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9front] Password confirmation in auth/wrkey 2023-08-23 22:42 ` Jacob Moody @ 2023-08-24 20:09 ` Jacob Moody 2023-08-25 2:58 ` ieliedonge 2023-08-27 19:42 ` cinap_lenrek 2023-08-25 2:59 ` Vadim Kotov 1 sibling, 2 replies; 9+ messages in thread From: Jacob Moody @ 2023-08-24 20:09 UTC (permalink / raw) To: 9front On 8/23/23 17:42, Jacob Moody wrote: > On 8/23/23 17:10, Vadim Kotov wrote: >> Hey folks, >> >> I was wondering if there is a reason there is no password confirmation prompt when writing to nvram using auth/wrkey? >> >> Cheers, >> Vadím > > > I see no real reason other then that no one has bothered. > Looking at the code it calls in libauthsrv, you could get away with > just calling readcons() a second time and making sure they match. > Tested this out. I asked around on the grid and the general consensus was in favor. diff 483ff27f9d5067fd597dae09161d07a3857293b6 uncommitted --- a//sys/src/libauthsrv/readnvram.c +++ b//sys/src/libauthsrv/readnvram.c @@ -247,6 +247,7 @@ if((flag&(NVwrite|NVwritemem)) || (err && (flag&NVwriteonerr))){ if (!(flag&NVwritemem)) { char pass[PASSWDLEN]; + char pass2[PASSWDLEN]; Authkey k; if(ask("authid", safe->authid, sizeof safe->authid, 0)) @@ -255,12 +256,20 @@ goto Out; if(ask("secstore key", safe->config, sizeof safe->config, 1)) goto Out; +Again: if(ask("password", pass, sizeof pass, 1)) goto Out; + if(ask("confirm password", pass2, sizeof pass2, 1)) + goto Out; + if(memcmp(pass, pass2, sizeof pass) != 0){ + fprint(2, "password mismatch\n"); + goto Again; + } if((dodes = readcons("enable legacy p9sk1", "no", 0)) == nil) goto Out; passtokey(&k, pass); memset(pass, 0, sizeof pass); + memset(pass2, 0, sizeof pass2); if(dodes[0] == 'y' || dodes[0] == 'Y') memmove(safe->machkey, k.des, DESKEYLEN); else ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9front] Password confirmation in auth/wrkey 2023-08-24 20:09 ` Jacob Moody @ 2023-08-25 2:58 ` ieliedonge 2023-08-25 3:12 ` Jacob Moody 2023-08-27 19:42 ` cinap_lenrek 1 sibling, 1 reply; 9+ messages in thread From: ieliedonge @ 2023-08-25 2:58 UTC (permalink / raw) To: 9front > Tested this out. I asked around on the grid and the general consensus > was in favor. Dead simple. Nice. Dumb, noob question, but what is "the grid" here? ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9front] Password confirmation in auth/wrkey 2023-08-25 2:58 ` ieliedonge @ 2023-08-25 3:12 ` Jacob Moody 2023-08-25 3:27 ` ieliedonge 0 siblings, 1 reply; 9+ messages in thread From: Jacob Moody @ 2023-08-25 3:12 UTC (permalink / raw) To: 9front On 8/24/23 21:58, ieliedonge@wilsonb.com wrote: >> Tested this out. I asked around on the grid and the general consensus >> was in favor. > > Dead simple. Nice. Dumb, noob question, but what is "the grid" here? The grid is a collective of 9p services. perhaps most notably a chat. Due to recent influx of attention on this list and recent trolling in our chat I am apprehensive to provide direct links. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9front] Password confirmation in auth/wrkey 2023-08-25 3:12 ` Jacob Moody @ 2023-08-25 3:27 ` ieliedonge 0 siblings, 0 replies; 9+ messages in thread From: ieliedonge @ 2023-08-25 3:27 UTC (permalink / raw) To: 9front > The grid is a collective of 9p services. perhaps most notably a chat. > Due to recent influx of attention on this list and recent trolling in our chat I > am apprehensive to provide direct links. Cheers. That's probably enough for me to find the necessary details. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9front] Password confirmation in auth/wrkey 2023-08-24 20:09 ` Jacob Moody 2023-08-25 2:58 ` ieliedonge @ 2023-08-27 19:42 ` cinap_lenrek 2023-08-28 15:59 ` Jacob Moody 1 sibling, 1 reply; 9+ messages in thread From: cinap_lenrek @ 2023-08-27 19:42 UTC (permalink / raw) To: 9front probably a good idea to use tsmemcmp() here instead of memcmp(). make sure that the fqa also gets updated. -- cinap ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9front] Password confirmation in auth/wrkey 2023-08-27 19:42 ` cinap_lenrek @ 2023-08-28 15:59 ` Jacob Moody 0 siblings, 0 replies; 9+ messages in thread From: Jacob Moody @ 2023-08-28 15:59 UTC (permalink / raw) To: 9front On 8/27/23 14:42, cinap_lenrek@felloff.net wrote: > probably a good idea to use tsmemcmp() here > instead of memcmp(). > > make sure that the fqa also gets updated. Made the memcmp -> tsmemcmp change and sent fqa updates over to sl. Thanks! moody ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [9front] Password confirmation in auth/wrkey 2023-08-23 22:42 ` Jacob Moody 2023-08-24 20:09 ` Jacob Moody @ 2023-08-25 2:59 ` Vadim Kotov 1 sibling, 0 replies; 9+ messages in thread From: Vadim Kotov @ 2023-08-25 2:59 UTC (permalink / raw) To: 9front; +Cc: 9front Thank you for the response and the patch Jacob! Aug 23, 2023, 15:46 by moody@posixcafe.org: > On 8/23/23 17:10, Vadim Kotov wrote: > >> Hey folks, >> >> I was wondering if there is a reason there is no password confirmation prompt when writing to nvram using auth/wrkey? >> >> Cheers, >> Vadím >> > > > I see no real reason other then that no one has bothered. > Looking at the code it calls in libauthsrv, you could get away with > just calling readcons() a second time and making sure they match. > ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2023-08-28 16:03 UTC | newest] Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2023-08-23 22:10 [9front] Password confirmation in auth/wrkey Vadim Kotov 2023-08-23 22:42 ` Jacob Moody 2023-08-24 20:09 ` Jacob Moody 2023-08-25 2:58 ` ieliedonge 2023-08-25 3:12 ` Jacob Moody 2023-08-25 3:27 ` ieliedonge 2023-08-27 19:42 ` cinap_lenrek 2023-08-28 15:59 ` Jacob Moody 2023-08-25 2:59 ` Vadim Kotov
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).