Visopsys Security

General discussion about Visopsys.
Post Reply
User avatar
ap0r
Posts: 105
Joined: Tue Feb 14, 2012 12:40 am

Visopsys Security

Post by ap0r »

Hello guys! As we know, eventually Visopsys will connect to the Internet, with all the pains that implies. I'm currently modifying the passwd utility, so that it advises you about strong/weak passwords, password lenght, etc. But before doing any more work on that i tought to ask you guys what do you think about it? should Visopsys restrict your freedom (i.e forcing you to use a strong password), or just giving advice?
Attachments
pass.jpg
pass.jpg (23.7 KiB) Viewed 22719 times
Image
Image
User avatar
andymc
Posts: 589
Joined: Tue Nov 16, 2010 7:20 pm

Re: Visopsys Security

Post by andymc »

Not a bad idea.

Maybe something like that belongs in the 'User Manager' program in the GUI, moreso than the text-mode 'passwd' program? But, no reason it can't be in both. I think it should only be advisory for now, though, and not enforced. Enforcing good passwords seems like something that should be added later as an optional setting.
User avatar
ap0r
Posts: 105
Joined: Tue Feb 14, 2012 12:40 am

Re: Visopsys Security

Post by ap0r »

Well, so i went and modified the User Manager (users.c)

Added many comments to increase readability of the source (It took me quite some time to understand how it worked so i added comments as i was reading it to help myself understand)
Added a new label: objectKey ShortPasswordLabel = NULL;
Added code on both password fields change event (old and new) in this fashion:

Code: Select all

///read the old password field and check for changes
status = windowComponentEventGet(passwordField1, &event);
if ((status > 0) && (event.type == EVENT_KEY_DOWN))
{
	if (event.key == (unsigned char) ASCII_ENTER)
		break;
	else
	///first of all, clear all existing labels
	windowComponentSetVisible(ShortPasswordLabel, 0);
          windowComponentSetVisible(noMatchLabel, 0);
	{
		///read data from the password fields
		windowComponentGetData(passwordField1, newPassword, 16);
		windowComponentGetData(passwordField2, confirmPassword, 16);

		///test to see if passwords match
		if (strncmp(newPassword, confirmPassword, 16))
		{
			///if passwords do not match
			///show the no match label and disable ok button
			windowComponentSetVisible(noMatchLabel, 1);
			windowComponentSetEnabled(okButton, 0);
		}
		else
		{
			///if passwords are matched enable ok button and check for password lenght.
			///The button is enabled because password lenght is not enforced

			windowComponentSetEnabled(okButton, 1);
			if (strlen(newPassword) <= 7)
			{
			windowComponentSetVisible(ShortPasswordLabel, 1);
			}
		}
	}
}
And the functionality works like this:
Image

Included is a Zip file that contains
*The modified Users.c source code file for revision or integration or whatever
*users.iso, wich contains the compiled user manager program, so that you can patch your existent visopsys installation
*users wich is the compiled user manager program, in case you want to patch from diferent media.
Attachments
security.zip
(14.1 KiB) Downloaded 1092 times
Image
Image
fosforito

Re: Visopsys Security

Post by fosforito »

:banana-dance: Nice work ap0r, thanks!
User avatar
andymc
Posts: 589
Joined: Tue Nov 16, 2010 7:20 pm

Re: Visopsys Security

Post by andymc »

Good stuff, ap0r, thanks. I've integrated this change and it will be part of the 0.74 release. :animals-gerbil:
User avatar
ap0r
Posts: 105
Joined: Tue Feb 14, 2012 12:40 am

Re: Visopsys Security

Post by ap0r »

Cool! :dance:
Image
Image
Post Reply