git: 9front

Download patch

ref: 2f850b4e65c8750b40a4447d11f4b0e0217997a2
parent: 4fa7f40aa26957841ebd53034a00120562e7b0f8
author: Jacob Moody <moody@posixcafe.org>
date: Sat May 13 13:50:51 EDT 2023 

libauthsrv: readnvram: prompt for use of p9sk1 in nvram, with a default of no

By default by writing the p9sk1 key out in to nvram, factotum would read it
and offer p9sk1 authentication for hostowner. This authentication will happen
regardless of the authsrv configuration. This change makes readnvram ask
if the user would like to use p9sk1 with a default of no.


--- a/sys/src/libauthsrv/readnvram.c
+++ b/sys/src/libauthsrv/readnvram.c
@@ -171,6 +171,7 @@
 {
 	int err;
 	char buf[512];		/* 512 for floppy i/o */
+	char *dodes;
 	Nvrsafe *safe;
 	Nvrwhere loc;
 
@@ -256,11 +257,18 @@
 				goto Out;
 			if(ask("password", pass, sizeof pass, 1))
 				goto Out;
+			if((dodes = readcons("enable legacy p9sk1", "no", 0)) == nil)
+				goto Out;
 			passtokey(&k, pass);
 			memset(pass, 0, sizeof pass);
-			memmove(safe->machkey, k.des, DESKEYLEN);
+			if(dodes[0] == 'y' || dodes[0] == 'Y')
+				memmove(safe->machkey, k.des, DESKEYLEN);
+			else
+				memset(safe->machkey, 0, DESKEYLEN);
 			memmove(safe->aesmachkey, k.aes, AESKEYLEN);
 			memset(&k, 0, sizeof k);
+			memset(dodes, 0, strlen(dodes));
+			free(dodes);
 		}
 
 		safe->machsum = nvcsum(safe->machkey, DESKEYLEN);
--