factotum: cleanup getnvramkey()
- remove secstore password code, it is not used anymore. - zero the Nvrsafe structure on the stack before returning. - use smprint(), can't overflow.
This commit is contained in:
parent
0467b41972
commit
3f869a6894
|
@ -201,7 +201,7 @@ Keyinfo* mkkeyinfo(Keyinfo*, Fsstate*, Attr*);
|
||||||
int findkey(Key**, Keyinfo*, char*, ...);
|
int findkey(Key**, Keyinfo*, char*, ...);
|
||||||
int findp9authkey(Key**, Fsstate*);
|
int findp9authkey(Key**, Fsstate*);
|
||||||
Proto *findproto(char*);
|
Proto *findproto(char*);
|
||||||
char *getnvramkey(int, char**);
|
char *getnvramkey(int);
|
||||||
void initcap(void);
|
void initcap(void);
|
||||||
int isclient(char*);
|
int isclient(char*);
|
||||||
int matchattr(Attr*, Attr*, Attr*);
|
int matchattr(Attr*, Attr*, Attr*);
|
||||||
|
|
|
@ -148,7 +148,7 @@ main(int argc, char **argv)
|
||||||
}
|
}
|
||||||
|
|
||||||
if(sflag){
|
if(sflag){
|
||||||
s = getnvramkey(kflag ? NVwrite : NVwriteonerr, nil);
|
s = getnvramkey(kflag ? NVwrite : NVwriteonerr);
|
||||||
if(s == nil)
|
if(s == nil)
|
||||||
fprint(2, "factotum warning: cannot read nvram: %r\n");
|
fprint(2, "factotum warning: cannot read nvram: %r\n");
|
||||||
else if(ctlwrite(s, 0) < 0)
|
else if(ctlwrite(s, 0) < 0)
|
||||||
|
|
|
@ -472,11 +472,10 @@ findproto(char *name)
|
||||||
}
|
}
|
||||||
|
|
||||||
char*
|
char*
|
||||||
getnvramkey(int flag, char **secstorepw)
|
getnvramkey(int flag)
|
||||||
{
|
{
|
||||||
char *s;
|
|
||||||
Nvrsafe safe;
|
Nvrsafe safe;
|
||||||
char spw[CONFIGLEN+1];
|
char *s;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
memset(&safe, 0, sizeof safe);
|
memset(&safe, 0, sizeof safe);
|
||||||
|
@ -487,15 +486,6 @@ getnvramkey(int flag, char **secstorepw)
|
||||||
if(readnvram(&safe, flag)<0 && safe.authid[0]==0)
|
if(readnvram(&safe, flag)<0 && safe.authid[0]==0)
|
||||||
return nil;
|
return nil;
|
||||||
|
|
||||||
/*
|
|
||||||
* we're using the config area to hold the secstore
|
|
||||||
* password. if there's anything there, return it.
|
|
||||||
*/
|
|
||||||
memmove(spw, safe.config, CONFIGLEN);
|
|
||||||
spw[CONFIGLEN] = 0;
|
|
||||||
if(spw[0] != 0 && secstorepw != nil)
|
|
||||||
*secstorepw = estrdup(spw);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* only use nvram key if it is non-zero
|
* only use nvram key if it is non-zero
|
||||||
*/
|
*/
|
||||||
|
@ -505,11 +495,11 @@ getnvramkey(int flag, char **secstorepw)
|
||||||
if(i == DESKEYLEN)
|
if(i == DESKEYLEN)
|
||||||
return nil;
|
return nil;
|
||||||
|
|
||||||
s = emalloc(512);
|
|
||||||
fmtinstall('H', encodefmt);
|
fmtinstall('H', encodefmt);
|
||||||
sprint(s, "key proto=p9sk1 user=%q dom=%q !hex=%.*H !password=______",
|
s = smprint("key proto=p9sk1 user=%q dom=%q !hex=%.*H !password=______",
|
||||||
safe.authid, safe.authdom, DESKEYLEN, safe.machkey);
|
safe.authid, safe.authdom, DESKEYLEN, safe.machkey);
|
||||||
writehostowner(safe.authid);
|
writehostowner(safe.authid);
|
||||||
|
memset(&safe, 0, sizeof safe);
|
||||||
|
|
||||||
return s;
|
return s;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue