visopsys.org

Visopsys Forums
It is currently Fri Jan 19, 2018 12:49 pm

All times are UTC




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: Visopsys Security
PostPosted: Sat Feb 01, 2014 3:29 pm 
Offline
User avatar

Joined: Tue Feb 14, 2012 12:40 am
Posts: 103
Hello guys! As we know, eventually Visopsys will connect to the Internet, with all the pains that implies. I'm currently modifying the passwd utility, so that it advises you about strong/weak passwords, password lenght, etc. But before doing any more work on that i tought to ask you guys what do you think about it? should Visopsys restrict your freedom (i.e forcing you to use a strong password), or just giving advice?


Attachments:
pass.jpg
pass.jpg [ 23.7 KiB | Viewed 7256 times ]

_________________
Image
Image
Top
 Profile  
 
 Post subject: Re: Visopsys Security
PostPosted: Sun Feb 02, 2014 11:39 am 
Offline
User avatar

Joined: Tue Nov 16, 2010 7:20 pm
Posts: 460
Not a bad idea.

Maybe something like that belongs in the 'User Manager' program in the GUI, moreso than the text-mode 'passwd' program? But, no reason it can't be in both. I think it should only be advisory for now, though, and not enforced. Enforcing good passwords seems like something that should be added later as an optional setting.


Top
 Profile  
 
 Post subject: Re: Visopsys Security
PostPosted: Thu Feb 13, 2014 3:53 am 
Offline
User avatar

Joined: Tue Feb 14, 2012 12:40 am
Posts: 103
Well, so i went and modified the User Manager (users.c)

Added many comments to increase readability of the source (It took me quite some time to understand how it worked so i added comments as i was reading it to help myself understand)
Added a new label: objectKey ShortPasswordLabel = NULL;
Added code on both password fields change event (old and new) in this fashion:

Code:
///read the old password field and check for changes
status = windowComponentEventGet(passwordField1, &event);
if ((status > 0) && (event.type == EVENT_KEY_DOWN))
{
   if (event.key == (unsigned char) ASCII_ENTER)
      break;
   else
   ///first of all, clear all existing labels
   windowComponentSetVisible(ShortPasswordLabel, 0);
          windowComponentSetVisible(noMatchLabel, 0);
   {
      ///read data from the password fields
      windowComponentGetData(passwordField1, newPassword, 16);
      windowComponentGetData(passwordField2, confirmPassword, 16);

      ///test to see if passwords match
      if (strncmp(newPassword, confirmPassword, 16))
      {
         ///if passwords do not match
         ///show the no match label and disable ok button
         windowComponentSetVisible(noMatchLabel, 1);
         windowComponentSetEnabled(okButton, 0);
      }
      else
      {
         ///if passwords are matched enable ok button and check for password lenght.
         ///The button is enabled because password lenght is not enforced

         windowComponentSetEnabled(okButton, 1);
         if (strlen(newPassword) <= 7)
         {
         windowComponentSetVisible(ShortPasswordLabel, 1);
         }
      }
   }
}


And the functionality works like this:
Image

Included is a Zip file that contains
*The modified Users.c source code file for revision or integration or whatever
*users.iso, wich contains the compiled user manager program, so that you can patch your existent visopsys installation
*users wich is the compiled user manager program, in case you want to patch from diferent media.


Attachments:
security.zip [14.1 KiB]
Downloaded 468 times

_________________
Image
Image
Top
 Profile  
 
 Post subject: Re: Visopsys Security
PostPosted: Thu Feb 13, 2014 1:31 pm 
Offline
User avatar

Joined: Mon Sep 09, 2013 12:16 am
Posts: 58
Location: Paraguay
:banana-dance: Nice work ap0r, thanks!

_________________
My Homepage: http://www.fosforito.net/ :)


Top
 Profile  
 
 Post subject: Re: Visopsys Security
PostPosted: Sun Feb 16, 2014 3:59 pm 
Offline
User avatar

Joined: Tue Nov 16, 2010 7:20 pm
Posts: 460
Good stuff, ap0r, thanks. I've integrated this change and it will be part of the 0.74 release. :animals-gerbil:


Top
 Profile  
 
 Post subject: Re: Visopsys Security
PostPosted: Sun Feb 16, 2014 7:32 pm 
Offline
User avatar

Joined: Tue Feb 14, 2012 12:40 am
Posts: 103
Cool! :dance:

_________________
Image
Image


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group