mirror of
				https://github.com/kepler155c/opus
				synced 2025-10-25 12:47:41 +00:00 
			
		
		
		
	Add a one-time password system (#47)
This commit adds a one-time password system. Users can generate passwords by using the `genotp` command (or manually queuing a set_otp event with the SHA-256 hash of the one-time password they want to set) and these passwords will be valid, along with the normal password, either until the computer shuts down (or the net daemon is killed), a new one-time password is generated, or the one-time password is used.
This commit is contained in:
		
							
								
								
									
										14
									
								
								sys/apps/genotp.lua
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										14
									
								
								sys/apps/genotp.lua
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,14 @@ | ||||
| local SHA = require("opus.crypto.sha2") | ||||
|  | ||||
| local acceptableCharacters = {"0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z"} | ||||
| local acceptableCharactersLen = #acceptableCharacters | ||||
|     | ||||
| local password = "" | ||||
|  | ||||
| for _i = 1, 8 do | ||||
|     password = password .. acceptableCharacters[math.random(acceptableCharactersLen)] | ||||
| end | ||||
|  | ||||
| os.queueEvent("set_otp", SHA.compute(password)) | ||||
|  | ||||
| print("Your one-time password is: " .. password) | ||||
| @@ -6,6 +6,22 @@ local Util     = require('opus.util') | ||||
|  | ||||
| local trustId = '01c3ba27fe01383a03a1785276d99df27c3edcef68fbf231ca' | ||||
|  | ||||
| local oneTimePassword -- nil by default | ||||
|  | ||||
| local function validateData(data, password, dhost) | ||||
| 	local s | ||||
| 	s, data = pcall(Crypto.decrypt, data, password) | ||||
|  | ||||
| 	if s and data and type(data) == "table" and data.pk and data.dh == dhost then | ||||
| 		local trustList = Util.readTable('usr/.known_hosts') or { } | ||||
| 		trustList[data.dh] = data.pk | ||||
| 		Util.writeTable('usr/.known_hosts', trustList) | ||||
| 		return true | ||||
| 	else | ||||
| 		return false | ||||
| 	end | ||||
| end | ||||
|  | ||||
| local function trustConnection(socket) | ||||
| 	local data = socket:read(2) | ||||
| 	if data then | ||||
| @@ -13,17 +29,22 @@ local function trustConnection(socket) | ||||
| 		if not password then | ||||
| 			socket:write({ msg = 'No password has been set' }) | ||||
| 		else | ||||
| 			local s | ||||
| 			s, data = pcall(Crypto.decrypt, data, password) | ||||
| 			if s and data and data.pk and data.dh == socket.dhost then | ||||
| 				local trustList = Util.readTable('usr/.known_hosts') or { } | ||||
| 				trustList[data.dh] = data.pk | ||||
| 				Util.writeTable('usr/.known_hosts', trustList) | ||||
|  | ||||
| 			if validateData(data, password, socket.dhost) then | ||||
| 				print("Accepted trust from " .. socket.dhost) | ||||
| 				socket:write({ success = true, msg = 'Trust accepted' }) | ||||
| 			else | ||||
| 				socket:write({ msg = 'Invalid password' }) | ||||
| 				return | ||||
| 			end | ||||
|  | ||||
| 			if oneTimePassword then | ||||
| 				if validateData(data, oneTimePassword, socket.dhost) then | ||||
| 					print("Accepted trust from " .. socket.dhost .. "using one-time password") | ||||
| 					socket:write({ success = true, msg = 'Trust accepted - this one-time password will not be usable again' }) | ||||
| 					oneTimePassword = nil -- Make sure nobody can use the one-time password again | ||||
| 					return | ||||
| 				end | ||||
| 			end | ||||
|  | ||||
| 			socket:write({ msg = 'Invalid password' }) | ||||
| 		end | ||||
| 	end | ||||
| end | ||||
| @@ -44,3 +65,12 @@ Event.addRoutine(function() | ||||
| 		end | ||||
| 	end | ||||
| end) | ||||
|  | ||||
| Event.addRoutine(function() | ||||
| 	while true do | ||||
| 		local _event, password = os.pullEvent("set_otp") | ||||
|  | ||||
| 		oneTimePassword = password | ||||
| 		print("got new one-time password") | ||||
| 	end | ||||
| end) | ||||
		Reference in New Issue
	
	Block a user
	 Kan18
					Kan18