9front - general discussion about 9front
 help / color / mirror / Atom feed
* [9front] Password confirmation in auth/wrkey
@ 2023-08-23 22:10 Vadim Kotov
  2023-08-23 22:42 ` Jacob Moody
  0 siblings, 1 reply; 9+ messages in thread
From: Vadim Kotov @ 2023-08-23 22:10 UTC (permalink / raw)
  To: 9front

Hey folks,

I was wondering if there is a reason there is no password confirmation prompt when writing to nvram using auth/wrkey?

Cheers,
Vadím 

^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [9front] Password confirmation in auth/wrkey
  2023-08-23 22:10 [9front] Password confirmation in auth/wrkey Vadim Kotov
@ 2023-08-23 22:42 ` Jacob Moody
  2023-08-24 20:09   ` Jacob Moody
  2023-08-25  2:59   ` Vadim Kotov
  0 siblings, 2 replies; 9+ messages in thread
From: Jacob Moody @ 2023-08-23 22:42 UTC (permalink / raw)
  To: 9front

On 8/23/23 17:10, Vadim Kotov wrote:
> Hey folks,
> 
> I was wondering if there is a reason there is no password confirmation prompt when writing to nvram using auth/wrkey?
> 
> Cheers,
> Vadím 


I see no real reason other then that no one has bothered.
Looking at the code it calls in libauthsrv, you could get away with
just calling readcons() a second time and making sure they match.


^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [9front] Password confirmation in auth/wrkey
  2023-08-23 22:42 ` Jacob Moody
@ 2023-08-24 20:09   ` Jacob Moody
  2023-08-25  2:58     ` ieliedonge
  2023-08-27 19:42     ` cinap_lenrek
  2023-08-25  2:59   ` Vadim Kotov
  1 sibling, 2 replies; 9+ messages in thread
From: Jacob Moody @ 2023-08-24 20:09 UTC (permalink / raw)
  To: 9front

On 8/23/23 17:42, Jacob Moody wrote:
> On 8/23/23 17:10, Vadim Kotov wrote:
>> Hey folks,
>>
>> I was wondering if there is a reason there is no password confirmation prompt when writing to nvram using auth/wrkey?
>>
>> Cheers,
>> Vadím 
> 
> 
> I see no real reason other then that no one has bothered.
> Looking at the code it calls in libauthsrv, you could get away with
> just calling readcons() a second time and making sure they match.
> 

Tested this out. I asked around on the grid and the general consensus
was in favor.

diff 483ff27f9d5067fd597dae09161d07a3857293b6 uncommitted
--- a//sys/src/libauthsrv/readnvram.c
+++ b//sys/src/libauthsrv/readnvram.c
@@ -247,6 +247,7 @@
 	if((flag&(NVwrite|NVwritemem)) || (err && (flag&NVwriteonerr))){
 		if (!(flag&NVwritemem)) {
 			char pass[PASSWDLEN];
+			char pass2[PASSWDLEN];
 			Authkey k;

 			if(ask("authid", safe->authid, sizeof safe->authid, 0))
@@ -255,12 +256,20 @@
 				goto Out;
 			if(ask("secstore key", safe->config, sizeof safe->config, 1))
 				goto Out;
+Again:
 			if(ask("password", pass, sizeof pass, 1))
 				goto Out;
+			if(ask("confirm password", pass2, sizeof pass2, 1))
+				goto Out;
+			if(memcmp(pass, pass2, sizeof pass) != 0){
+				fprint(2, "password mismatch\n");
+				goto Again;
+			}
 			if((dodes = readcons("enable legacy p9sk1", "no", 0)) == nil)
 				goto Out;
 			passtokey(&k, pass);
 			memset(pass, 0, sizeof pass);
+			memset(pass2, 0, sizeof pass2);
 			if(dodes[0] == 'y' || dodes[0] == 'Y')
 				memmove(safe->machkey, k.des, DESKEYLEN);
 			else

^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [9front] Password confirmation in auth/wrkey
  2023-08-24 20:09   ` Jacob Moody
@ 2023-08-25  2:58     ` ieliedonge
  2023-08-25  3:12       ` Jacob Moody
  2023-08-27 19:42     ` cinap_lenrek
  1 sibling, 1 reply; 9+ messages in thread
From: ieliedonge @ 2023-08-25  2:58 UTC (permalink / raw)
  To: 9front

> Tested this out. I asked around on the grid and the general consensus
> was in favor.

Dead simple. Nice. Dumb, noob question, but what is "the grid" here?

^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [9front] Password confirmation in auth/wrkey
  2023-08-23 22:42 ` Jacob Moody
  2023-08-24 20:09   ` Jacob Moody
@ 2023-08-25  2:59   ` Vadim Kotov
  1 sibling, 0 replies; 9+ messages in thread
From: Vadim Kotov @ 2023-08-25  2:59 UTC (permalink / raw)
  To: 9front; +Cc: 9front

Thank you for the response and the patch Jacob!


Aug 23, 2023, 15:46 by moody@posixcafe.org:

> On 8/23/23 17:10, Vadim Kotov wrote:
>
>> Hey folks,
>>
>> I was wondering if there is a reason there is no password confirmation prompt when writing to nvram using auth/wrkey?
>>
>> Cheers,
>> Vadím 
>>
>
>
> I see no real reason other then that no one has bothered.
> Looking at the code it calls in libauthsrv, you could get away with
> just calling readcons() a second time and making sure they match.
>

^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [9front] Password confirmation in auth/wrkey
  2023-08-25  2:58     ` ieliedonge
@ 2023-08-25  3:12       ` Jacob Moody
  2023-08-25  3:27         ` ieliedonge
  0 siblings, 1 reply; 9+ messages in thread
From: Jacob Moody @ 2023-08-25  3:12 UTC (permalink / raw)
  To: 9front

On 8/24/23 21:58, ieliedonge@wilsonb.com wrote:
>> Tested this out. I asked around on the grid and the general consensus
>> was in favor.
> 
> Dead simple. Nice. Dumb, noob question, but what is "the grid" here?

The grid is a collective of 9p services. perhaps most notably a chat.
Due to recent influx of attention on this list and recent trolling in our chat I
am apprehensive to provide direct links.


^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [9front] Password confirmation in auth/wrkey
  2023-08-25  3:12       ` Jacob Moody
@ 2023-08-25  3:27         ` ieliedonge
  0 siblings, 0 replies; 9+ messages in thread
From: ieliedonge @ 2023-08-25  3:27 UTC (permalink / raw)
  To: 9front

> The grid is a collective of 9p services. perhaps most notably a chat.
> Due to recent influx of attention on this list and recent trolling in our chat I
> am apprehensive to provide direct links.

Cheers. That's probably enough for me to find the necessary details.

^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [9front] Password confirmation in auth/wrkey
  2023-08-24 20:09   ` Jacob Moody
  2023-08-25  2:58     ` ieliedonge
@ 2023-08-27 19:42     ` cinap_lenrek
  2023-08-28 15:59       ` Jacob Moody
  1 sibling, 1 reply; 9+ messages in thread
From: cinap_lenrek @ 2023-08-27 19:42 UTC (permalink / raw)
  To: 9front

probably a good idea to use tsmemcmp() here
instead of memcmp().

make sure that the fqa also gets updated.

--
cinap

^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [9front] Password confirmation in auth/wrkey
  2023-08-27 19:42     ` cinap_lenrek
@ 2023-08-28 15:59       ` Jacob Moody
  0 siblings, 0 replies; 9+ messages in thread
From: Jacob Moody @ 2023-08-28 15:59 UTC (permalink / raw)
  To: 9front

On 8/27/23 14:42, cinap_lenrek@felloff.net wrote:
> probably a good idea to use tsmemcmp() here
> instead of memcmp().
> 
> make sure that the fqa also gets updated.

Made the memcmp -> tsmemcmp change and sent
fqa updates over to sl.

Thanks!
moody



^ permalink raw reply	[flat|nested] 9+ messages in thread
end of thread, other threads:[~2023-08-28 16:03 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-23 22:10 [9front] Password confirmation in auth/wrkey Vadim Kotov
2023-08-23 22:42 ` Jacob Moody
2023-08-24 20:09   ` Jacob Moody
2023-08-25  2:58     ` ieliedonge
2023-08-25  3:12       ` Jacob Moody
2023-08-25  3:27         ` ieliedonge
2023-08-27 19:42     ` cinap_lenrek
2023-08-28 15:59       ` Jacob Moody
2023-08-25  2:59   ` Vadim Kotov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).