Page 1 of 1

Visopsys Security

Posted: Sat Feb 01, 2014 3:29 pm
by ap0r
Hello guys! As we know, eventually Visopsys will connect to the Internet, with all the pains that implies. I'm currently modifying the passwd utility, so that it advises you about strong/weak passwords, password lenght, etc. But before doing any more work on that i tought to ask you guys what do you think about it? should Visopsys restrict your freedom (i.e forcing you to use a strong password), or just giving advice?

Re: Visopsys Security

Posted: Sun Feb 02, 2014 11:39 am
by andymc
Not a bad idea.

Maybe something like that belongs in the 'User Manager' program in the GUI, moreso than the text-mode 'passwd' program? But, no reason it can't be in both. I think it should only be advisory for now, though, and not enforced. Enforcing good passwords seems like something that should be added later as an optional setting.

Re: Visopsys Security

Posted: Thu Feb 13, 2014 3:53 am
by ap0r
Well, so i went and modified the User Manager (users.c)

Added many comments to increase readability of the source (It took me quite some time to understand how it worked so i added comments as i was reading it to help myself understand)
Added a new label: objectKey ShortPasswordLabel = NULL;
Added code on both password fields change event (old and new) in this fashion:

Code: Select all

///read the old password field and check for changes
status = windowComponentEventGet(passwordField1, &event);
if ((status > 0) && (event.type == EVENT_KEY_DOWN))
{
	if (event.key == (unsigned char) ASCII_ENTER)
		break;
	else
	///first of all, clear all existing labels
	windowComponentSetVisible(ShortPasswordLabel, 0);
          windowComponentSetVisible(noMatchLabel, 0);
	{
		///read data from the password fields
		windowComponentGetData(passwordField1, newPassword, 16);
		windowComponentGetData(passwordField2, confirmPassword, 16);

		///test to see if passwords match
		if (strncmp(newPassword, confirmPassword, 16))
		{
			///if passwords do not match
			///show the no match label and disable ok button
			windowComponentSetVisible(noMatchLabel, 1);
			windowComponentSetEnabled(okButton, 0);
		}
		else
		{
			///if passwords are matched enable ok button and check for password lenght.
			///The button is enabled because password lenght is not enforced

			windowComponentSetEnabled(okButton, 1);
			if (strlen(newPassword) <= 7)
			{
			windowComponentSetVisible(ShortPasswordLabel, 1);
			}
		}
	}
}
And the functionality works like this:
Image

Included is a Zip file that contains
*The modified Users.c source code file for revision or integration or whatever
*users.iso, wich contains the compiled user manager program, so that you can patch your existent visopsys installation
*users wich is the compiled user manager program, in case you want to patch from diferent media.

Re: Visopsys Security

Posted: Thu Feb 13, 2014 1:31 pm
by fosforito
:banana-dance: Nice work ap0r, thanks!

Re: Visopsys Security

Posted: Sun Feb 16, 2014 3:59 pm
by andymc
Good stuff, ap0r, thanks. I've integrated this change and it will be part of the 0.74 release. :animals-gerbil:

Re: Visopsys Security

Posted: Sun Feb 16, 2014 7:32 pm
by ap0r
Cool! :dance: