Overview
Comment: | Added verification system so that passwords are only updated if they currently contain a valid password |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
d12f13c9776d4b5d96bd544188013f1a |
User & Date: | rkeene on 2016-03-15 18:28:46 |
Other Links: | manifest | tags |
Context
2016-03-15
| ||
18:32 | Added a "whoami" command to determine the current users check-in: 92d30d85bb user: rkeene tags: trunk | |
18:28 | Added verification system so that passwords are only updated if they currently contain a valid password check-in: d12f13c977 user: rkeene tags: trunk | |
2016-03-11
| ||
21:45 | Added README check-in: 47680a1e16 user: rkeene tags: trunk | |
Changes
Modified build/pre.sh from [7d2c051364] to [7789bf77c1].
︙ | |||
16 17 18 19 20 21 22 | 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | - + | rm -rf lib if [ "$1" = 'clean' -o "$1" = 'distclean' ]; then exit 0 fi |
︙ |
Modified hunter2 from [7cb1f824eb] to [e039ea66c1].
︙ | |||
100 101 102 103 104 105 106 107 108 109 110 111 112 113 | 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 | + | lappend ::auto_path [file join [file dirname [info script]] lib [platform::identify]] lappend ::auto_path [file join [file dirname [info script]] lib [platform::generic]] lappend ::auto_path [file join [file dirname [info script]] lib] package require pki package require pki::pkcs11 package require aes package require sha256 # Backports for older versions of "pki" proc ::pki::pkcs::parse_public_key {key {password ""}} { array set parsed_key [::pki::_parse_pem $key "-----BEGIN PUBLIC KEY-----" "-----END PUBLIC KEY-----" $password] set key_seq $parsed_key(data) |
︙ | |||
203 204 205 206 207 208 209 210 211 212 213 214 | 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 | + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - - - - + + + + - - + + + + + - + - + - + + + + - + + | lappend slotInfo [list handle $handle id $slotID prompt $slotPromptForPIN cert $cert pubkey $pubkey] } } return $slotInfo } proc _verifyPassword {name password} { set publicKeys [list] db eval {SELECT publicKey, verification FROM passwords WHERE name = $name} row { set salt [dict get $row(verification) salt] set hashAlgorithm [dict get $row(verification) hashAlgorithm] set publicKey $row(publicKey) set plaintext "${salt}|${publicKey}|${password}" switch -- $hashAlgorithm { "sha256" { set verificationHash [sha2::sha256 -hex -- $plaintext] } default { return -code error "Unknown hashing algorithm: $hashAlgorithm" } } set row(verificationHash) [dict get $row(verification) hash] if {$verificationHash ne $row(verificationHash)} { puts stderr "FAILED: verification failed for $name with public key $publicKey -- it will not get the new password." continue } lappend publicKeys $publicKey } return $publicKeys } proc _addPassword {name password publicKeys} { set fd [open "/dev/urandom" r] fconfigure $fd -translation binary set keySize 16 # Pad the password with 0 bytes until it is a multiple of the key size set blockPassword $password append blockPassword [string repeat "\x00" [expr {-[string length $password] % $keySize}]] db transaction { |
︙ | |||
277 278 279 280 281 282 283 | 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 | - + | set prompted($slotInfo(id)) 1 } db eval {SELECT encryptedPass, encryptedKey FROM passwords WHERE name = $name AND publicKey = $pubkey;} row { set key [::pki::decrypt -binary -priv -- [binary decode base64 $row(encryptedKey)] $slotInfo(cert)] set password [::aes::aes -dir decrypt -key $key -- [binary decode base64 $row(encryptedPass)]] |
︙ | |||
452 453 454 455 456 457 458 | 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 | + - - + + + + + | } proc updatePassword {passwordName password} { if {$password eq ""} { set password [_prompt "Please enter the new password: "] } set oldPassword [_getPassword $passwordName] |
︙ | |||
511 512 513 514 515 516 517 | 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 | - + | ### MAIN sqlite3 db $passwordFile db eval { CREATE TABLE IF NOT EXISTS users(name, publicKey BLOB); |
︙ |