Visopsys Security

General discussion about Visopsys. We'll create more specific forums if the number of posts justifies that.
Post Reply
User avatar
ap0r
Posts: 103
Joined: Tue Feb 14, 2012 12:40 am

Visopsys Security

Post by ap0r » Sat Feb 01, 2014 3:29 pm

Hello guys! As we know, eventually Visopsys will connect to the Internet, with all the pains that implies. I'm currently modifying the passwd utility, so that it advises you about strong/weak passwords, password lenght, etc. But before doing any more work on that i tought to ask you guys what do you think about it? should Visopsys restrict your freedom (i.e forcing you to use a strong password), or just giving advice?
Attachments
pass.jpg
pass.jpg (23.7 KiB) Viewed 8127 times
Image
Image

User avatar
andymc
Posts: 476
Joined: Tue Nov 16, 2010 7:20 pm

Re: Visopsys Security

Post by andymc » Sun Feb 02, 2014 11:39 am

Not a bad idea.

Maybe something like that belongs in the 'User Manager' program in the GUI, moreso than the text-mode 'passwd' program? But, no reason it can't be in both. I think it should only be advisory for now, though, and not enforced. Enforcing good passwords seems like something that should be added later as an optional setting.

User avatar
ap0r
Posts: 103
Joined: Tue Feb 14, 2012 12:40 am

Re: Visopsys Security

Post by ap0r » Thu Feb 13, 2014 3:53 am

Well, so i went and modified the User Manager (users.c)

Added many comments to increase readability of the source (It took me quite some time to understand how it worked so i added comments as i was reading it to help myself understand)
Added a new label: objectKey ShortPasswordLabel = NULL;
Added code on both password fields change event (old and new) in this fashion:

Code: Select all

///read the old password field and check for changes
status = windowComponentEventGet(passwordField1, &event);
if ((status > 0) && (event.type == EVENT_KEY_DOWN))
{
	if (event.key == (unsigned char) ASCII_ENTER)
		break;
	else
	///first of all, clear all existing labels
	windowComponentSetVisible(ShortPasswordLabel, 0);
          windowComponentSetVisible(noMatchLabel, 0);
	{
		///read data from the password fields
		windowComponentGetData(passwordField1, newPassword, 16);
		windowComponentGetData(passwordField2, confirmPassword, 16);

		///test to see if passwords match
		if (strncmp(newPassword, confirmPassword, 16))
		{
			///if passwords do not match
			///show the no match label and disable ok button
			windowComponentSetVisible(noMatchLabel, 1);
			windowComponentSetEnabled(okButton, 0);
		}
		else
		{
			///if passwords are matched enable ok button and check for password lenght.
			///The button is enabled because password lenght is not enforced

			windowComponentSetEnabled(okButton, 1);
			if (strlen(newPassword) <= 7)
			{
			windowComponentSetVisible(ShortPasswordLabel, 1);
			}
		}
	}
}
And the functionality works like this:
Image

Included is a Zip file that contains
*The modified Users.c source code file for revision or integration or whatever
*users.iso, wich contains the compiled user manager program, so that you can patch your existent visopsys installation
*users wich is the compiled user manager program, in case you want to patch from diferent media.
Attachments
security.zip
(14.1 KiB) Downloaded 511 times
Image
Image

User avatar
fosforito
Posts: 58
Joined: Mon Sep 09, 2013 12:16 am
Location: Paraguay
Contact:

Re: Visopsys Security

Post by fosforito » Thu Feb 13, 2014 1:31 pm

:banana-dance: Nice work ap0r, thanks!
My Homepage: http://www.fosforito.net/ :)

User avatar
andymc
Posts: 476
Joined: Tue Nov 16, 2010 7:20 pm

Re: Visopsys Security

Post by andymc » Sun Feb 16, 2014 3:59 pm

Good stuff, ap0r, thanks. I've integrated this change and it will be part of the 0.74 release. :animals-gerbil:

User avatar
ap0r
Posts: 103
Joined: Tue Feb 14, 2012 12:40 am

Re: Visopsys Security

Post by ap0r » Sun Feb 16, 2014 7:32 pm

Cool! :dance:
Image
Image

Post Reply