ref: 3f869a689403c385ca761be5535a5de2db054db4
parent: 0467b41972b62604c8a22b355569413890b9757c
author: cinap_lenrek <[email protected]>
date: Sun Mar 1 06:17:21 EST 2015
factotum: cleanup getnvramkey() - remove secstore password code, it is not used anymore. - zero the Nvrsafe structure on the stack before returning. - use smprint(), can't overflow.
--- a/sys/src/cmd/auth/factotum/dat.h
+++ b/sys/src/cmd/auth/factotum/dat.h
@@ -201,7 +201,7 @@
int findkey(Key**, Keyinfo*, char*, ...);
int findp9authkey(Key**, Fsstate*);
Proto *findproto(char*);
-char *getnvramkey(int, char**);
+char *getnvramkey(int);
void initcap(void);
int isclient(char*);
int matchattr(Attr*, Attr*, Attr*);
--- a/sys/src/cmd/auth/factotum/fs.c
+++ b/sys/src/cmd/auth/factotum/fs.c
@@ -148,7 +148,7 @@
}
if(sflag){- s = getnvramkey(kflag ? NVwrite : NVwriteonerr, nil);
+ s = getnvramkey(kflag ? NVwrite : NVwriteonerr);
if(s == nil)
fprint(2, "factotum warning: cannot read nvram: %r\n");
else if(ctlwrite(s, 0) < 0)
--- a/sys/src/cmd/auth/factotum/util.c
+++ b/sys/src/cmd/auth/factotum/util.c
@@ -472,11 +472,10 @@
}
char*
-getnvramkey(int flag, char **secstorepw)
+getnvramkey(int flag)
{- char *s;
Nvrsafe safe;
- char spw[CONFIGLEN+1];
+ char *s;
int i;
memset(&safe, 0, sizeof safe);
@@ -488,15 +487,6 @@
return nil;
/*
- * we're using the config area to hold the secstore
- * password. if there's anything there, return it.
- */
- memmove(spw, safe.config, CONFIGLEN);
- spw[CONFIGLEN] = 0;
- if(spw[0] != 0 && secstorepw != nil)
- *secstorepw = estrdup(spw);
-
- /*
* only use nvram key if it is non-zero
*/
for(i = 0; i < DESKEYLEN; i++)
@@ -505,11 +495,11 @@
if(i == DESKEYLEN)
return nil;
- s = emalloc(512);
fmtinstall('H', encodefmt);- sprint(s, "key proto=p9sk1 user=%q dom=%q !hex=%.*H !password=______",
+ s = smprint("key proto=p9sk1 user=%q dom=%q !hex=%.*H !password=______", safe.authid, safe.authdom, DESKEYLEN, safe.machkey);
writehostowner(safe.authid);
+ memset(&safe, 0, sizeof safe);
return s;
}