From 8c9cbbb142cfbe595ead3d0003638e079053e683 Mon Sep 17 00:00:00 2001 From: Ori Bernstein Date: Sun, 17 Jan 2021 18:01:53 -0800 Subject: passwd: make legacy mode explicit Passwd used to produce a very confusing error about DES not being enabled whenever the password was mistyped. This happened because we attempted to guess what authentication method to use, and preseneted the error from the wrong one on failure. This puts the legacy mode behind a flag, so that we don't even try the old method unless it's explicitly requested. --- sys/src/cmd/auth/passwd.c | 33 +++++++++++++-------------------- 1 file changed, 13 insertions(+), 20 deletions(-) (limited to 'sys/src') diff --git a/sys/src/cmd/auth/passwd.c b/sys/src/cmd/auth/passwd.c index db551d67c..eb14ddca8 100644 --- a/sys/src/cmd/auth/passwd.c +++ b/sys/src/cmd/auth/passwd.c @@ -7,7 +7,7 @@ void main(int argc, char **argv) { - int fd, n, try; + int fd, n, dp9ik; Ticketreq tr; Ticket t; Passwordreq pr; @@ -15,7 +15,14 @@ main(int argc, char **argv) char buf[512]; char *s, *user; + dp9ik = 1; ARGBEGIN{ + case '1': + dp9ik = 0; + break; + default: + fprint(2, "%s [-1]\n", argv0); + exits("usage"); }ARGEND argv0 = "passwd"; @@ -48,31 +55,17 @@ main(int argc, char **argv) memset(&pr, 0, sizeof(pr)); getpass(&key, pr.old, 0, 0); - /* - * negotiate PAK key. we need to retry in case the AS does - * not support the AuthPAK request or when the user has - * not yet setup a new key and the AS made one up. - */ - try = 0; - authpak_hash(&key, tr.uid); - if(_asgetpakkey(fd, &tr, &key) < 0){ -Retry: - try++; - close(fd); - fd = authdial(nil, s); - if(fd < 0) - error("authdial: %r"); + if(dp9ik){ + authpak_hash(&key, tr.uid); + if(_asgetpakkey(fd, &tr, &key) < 0) + error("%r"); } - /* send ticket request to AS */ if(_asrequest(fd, &tr) < 0) error("%r"); if(_asgetresp(fd, &t, nil, &key) < 0) error("%r"); - if(t.num != AuthTp || strcmp(t.cuid, tr.uid) != 0){ - if(try == 0) - goto Retry; + if(t.num != AuthTp || strcmp(t.cuid, tr.uid) != 0) error("bad password"); - } /* loop trying new passwords */ for(;;){ -- cgit v1.2.3