visopsys.org
http://visopsys.org/forums/

Visopsys Security
http://visopsys.org/forums/viewtopic.php?f=3&t=217
Page 1 of 1

Author:  ap0r [ Sat Feb 01, 2014 3:29 pm ]
Post subject:  Visopsys Security

Hello guys! As we know, eventually Visopsys will connect to the Internet, with all the pains that implies. I'm currently modifying the passwd utility, so that it advises you about strong/weak passwords, password lenght, etc. But before doing any more work on that i tought to ask you guys what do you think about it? should Visopsys restrict your freedom (i.e forcing you to use a strong password), or just giving advice?

Attachments:
pass.jpg
pass.jpg [ 23.7 KiB | Viewed 7304 times ]

Author:  andymc [ Sun Feb 02, 2014 11:39 am ]
Post subject:  Re: Visopsys Security

Not a bad idea.

Maybe something like that belongs in the 'User Manager' program in the GUI, moreso than the text-mode 'passwd' program? But, no reason it can't be in both. I think it should only be advisory for now, though, and not enforced. Enforcing good passwords seems like something that should be added later as an optional setting.

Author:  ap0r [ Thu Feb 13, 2014 3:53 am ]
Post subject:  Re: Visopsys Security

Well, so i went and modified the User Manager (users.c)

Added many comments to increase readability of the source (It took me quite some time to understand how it worked so i added comments as i was reading it to help myself understand)
Added a new label: objectKey ShortPasswordLabel = NULL;
Added code on both password fields change event (old and new) in this fashion:

Code:
///read the old password field and check for changes
status = windowComponentEventGet(passwordField1, &event);
if ((status > 0) && (event.type == EVENT_KEY_DOWN))
{
   if (event.key == (unsigned char) ASCII_ENTER)
      break;
   else
   ///first of all, clear all existing labels
   windowComponentSetVisible(ShortPasswordLabel, 0);
          windowComponentSetVisible(noMatchLabel, 0);
   {
      ///read data from the password fields
      windowComponentGetData(passwordField1, newPassword, 16);
      windowComponentGetData(passwordField2, confirmPassword, 16);

      ///test to see if passwords match
      if (strncmp(newPassword, confirmPassword, 16))
      {
         ///if passwords do not match
         ///show the no match label and disable ok button
         windowComponentSetVisible(noMatchLabel, 1);
         windowComponentSetEnabled(okButton, 0);
      }
      else
      {
         ///if passwords are matched enable ok button and check for password lenght.
         ///The button is enabled because password lenght is not enforced

         windowComponentSetEnabled(okButton, 1);
         if (strlen(newPassword) <= 7)
         {
         windowComponentSetVisible(ShortPasswordLabel, 1);
         }
      }
   }
}


And the functionality works like this:
Image

Included is a Zip file that contains
*The modified Users.c source code file for revision or integration or whatever
*users.iso, wich contains the compiled user manager program, so that you can patch your existent visopsys installation
*users wich is the compiled user manager program, in case you want to patch from diferent media.

Attachments:
security.zip [14.1 KiB]
Downloaded 468 times

Author:  fosforito [ Thu Feb 13, 2014 1:31 pm ]
Post subject:  Re: Visopsys Security

:banana-dance: Nice work ap0r, thanks!

Author:  andymc [ Sun Feb 16, 2014 3:59 pm ]
Post subject:  Re: Visopsys Security

Good stuff, ap0r, thanks. I've integrated this change and it will be part of the 0.74 release. :animals-gerbil:

Author:  ap0r [ Sun Feb 16, 2014 7:32 pm ]
Post subject:  Re: Visopsys Security

Cool! :dance:

Page 1 of 1 All times are UTC
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/