Posts: 46
Joined: Nov 2004
Reputation:
0
hi,
i've written a simple digit-based password protection for locking access to any drive or share. this is my first time writing code in c++, but i've written stuff in assembly, c#, vb5 and various scripting languages so i was able to stumble my way through it after ingesting a sufficient amount of caffeine...
currently i'm using a new guiwindowpassword dialog, which i copied from guiwindowyesno and modified to have an onscreen digit keypad. i added reading two new tags <lockmode> and <lockcode> from the bookmarks in xboxmediacenter.xml, and check the lockmode value in the havediscorconnection functions throughout the app. currently if lockmode is set to 1, i show the new password dialog and verify the input against the lockcode string. i also changed the menus so that they load defaultlocked.png as the share item's icon if its lock value is greater than zero.
i've got it all working right now, but before i submit my first patch i want to implement a few more things:
- shutting down xbmc after exhausting the specified # of max retries (i count and display # of retries now, but it gets lost every time the dialog is closed)
- "remembering" when a share has already been unlocked (currently it prompts for password every time you reopen the share), and reverting the share icon from defaultlocked.png to its normal icon in subsequent menus
- allow user to specify in the config file settings whether password characters are displayed or hidden (1234 vs ****) and what the max # of retries are before shutdown
also on the to-do list, if time permits and you guys think it useful:
- enable digit input directly from remote control keypad
- xbox controller button style password entry dialog (b, a, up, black, lshoulder, etc), rather than using an osd numpad. this way password entry can be hidden from other viewers in the room, and we can later use this to prompt for the parental control code stored in the xbox eeprom when launching a movie or game disc
- full qwerty password input, probably using existing osd keyboard dialog
- ability to pass the user's password input directly to samba shares for authentication, rather than comparing it against a locally stored password
i may ask for help when trying to create the patch for submission. i barely know how to use wincvs as it is. also on an unrelated note, there is a bug in the picture slideshow when viewing very large jpgs-- they sometimes don't display, i'll see if i can locate the problem if i get some time.
Posts: 26,215
Joined: Oct 2003
Reputation:
187
sounds great!
a couple of things:
i'd personally err on the side of only providing 1 single input method, and having no fixed number of tries. the reason being, that if anyone really wants to get into the share, they're going to know how to edit the xml file and remove any set password anyway. futhermore, a combo of say 4 keys will present enough of a slow down for the kiddies. this also means that you don't need to bother with any options/settings - i don't see the point when most people will stick to the defaults anyway.
i think a button combination that can also be done on the remote would be the best solution - 4 button presses perhaps. obviously we'd need some smart way to map the password so that it can be done with the remote num keys (0->9) as well as with the gamepad.
suggestions are welcome.
as for supplying a patch - the best way is to upload both diffs + full source files to sf. the developers will then sync to cvs.
and a final note regarding the slideshow - it should theoretically be using less memory than it used to, but ofcourse there could well be a memory usage bug in there somewhere. please let me know if you find anything. it works perfectly on 3.2mp images for me.
cheers,
jonathan
Posts: 46
Joined: Nov 2004
Reputation:
0
good points.
currently the remote should be usable to enter the password, but you'll just be using the dpad on it to select the osd numpad buttons rather than just pressing the numbers on the remote. not ideal, but it's a start for now.
the max # of retries before shutdown is specifically there to put off otherwise very determined children and house guests from making too many educated password guesses. it will be an optional thing, and the default will be to allow infinite retries.
i like the idea of limiting simple passwords to four characters/button presses. if max # of retries is infinite, i'll also submit it automatically upon fourth keypress.
the qwerty password input and sending that input to samba for authentication is something that will thwart the more savvy teenager from just going in and modifying the xml; for that matter, if they've opened the xml file they already have direct access to the filesystem/samba credentials and no longer need xbmc or even the xbox. but by allowing the user to type the password at runtime, they no longer have to leave it lying around in plaintext and the xml file won't have anything interesting in it.
Posts: 1,899
Joined: Sep 2003
Reputation:
0
maybe you could use the qwerty solution only if xbmc gets the "access denied" message from the smb server. this way you don't have to decide if you gonna show the simple numpad/buttonpress dialog or the whole keyboard.
and to the max # of reties i would suggest to set a masterpassword for xbmc which can be activated by default to prevent ppl to get into xbmc at all or which will be cativated if the max # of sharepass retrys is hit (xbmc will restart with active masterpass in this case).
read the xbmc
online-manual,
faq and
search the forums before posting! do not e-mail the xbmc-team asking for support!
read/follow the
forum rules! note! team-xbmc never have and never will host or distribute ms-xdk binaries/executables!
Posts: 46
Joined: Nov 2004
Reputation:
0
i would rather force the user to specify in the xml file that they want to explicitly prompt for the samba password. it's as simple as setting the <lockmode> value to some integer, that's it. they won't need to specify a <lockcode> value, and whatever samba password is set in the xml file will get replaced by the string the user inputs at runtime.
the master xbmc password counter is a good idea. unfortunately for this to work right i will have to store a failed attempt counter tag <badpwdcount> for each locked share, since otherwise i could run the counter almost to zero on one folder and then access a different folder successfully to reset a shared master counter to zero. this tag wouldn't normally be present in the xml; i would write it out whenever a failure happens and erase it later after either that folder or the master password is authenticated.
one other idea i was kicking around would be to accept xbox memory cards as a form of "password". this would work by storing some simple identifying file on the card itself, and looking for it in all the card drives upon folder launch. this is a great way to temporarily grant xbox access to kids: you don't have to tell them any password at all, and access restriction is as easy as locking the card up or taking it to work with you :-)
i haven't gotten a chance to work on this stuff all week, it will probably be this weekend or sometime next week before i've got anything ready for submission.
Posts: 835
Joined: Feb 2004
hi will i be able to lock a path from the xml like if i have set
<video>
<default>f:\videos\</default>
<bookmark>
<name>videos</name>
<path>f:\videos\</path>
</bookmark>
<bookmark>
<name>late night</name>
<path>f:\late night\</path>
</bookmark>
<bookmark>
<name>dvd</name>
<path>d:\</path>
</bookmark>
would i be able to lock late night path
or if thats not possible will i be able to lock f drive or g drive
i know it will lock network use but can i lock stuff allready on xbox
ps if i can that would be great
:bowdown:
Posts: 46
Joined: Nov 2004
Reputation:
0
thanks jmarshall for the response, i will try adding those tags to the dialog xml. regarding the virtual keyboard, i actually have five different lock types planned:
1: numeric code
2: xbox controller button sequence (i.e. up down b a start)
3: qwerty alphanumeric input, using either virtual on screen keyboard or usb keyboard
4: samba password, this uses the same stuff as #3 but it sends the password straight to the smb server (this way you don't have to store the password in the xml)
5: xbox parental control lock, this uses the same stuff as #2 but it gets the parental control password from xbox eeprom
britneyspairs, yes you will be able to lock any bookmark by adding a couple tags in the bookmark.
Posts: 835
Joined: Feb 2004
slacker your not so slack
Posts: 46
Joined: Nov 2004
Reputation:
0
update: i've got the numeric lock almost completely functional. the buttons aren't overlapping each other anymore. it remembers when you unlock a share and dynamically updates the icon to no longer be locked. it also remembers how many bad passwords you put in, even through a reboot, and optionally denies you access if you put n too many bad ones in (this is configurable). i just have a few things left to do before i can send it in:
- add code in either application.cpp or settings.cpp which resets the previously unlocked bookmarks to their locked state on boot
- fix a weird input bug where pressing start causes my password dialog lines to update with strings "16 objects", "view: icons", "sort by: name". it seems like the window behind it is getting the keypress and updating my strings, even though my dialog should be modal. any ideas?
- finish adding the xbmc master lock. this is about 70% done, but i might just send the patch without it since it's not necessary for basic usage.
Posts: 46
Joined: Nov 2004
Reputation:
0
hi geminiserver,
the masterlock is going to be used for a couple different things. mainly it's used to manage properties and behaviors of the bookmark locks. there will also be an ability to prompt for masterlock on startup, but at your suggestion i am going to wait until later to implement that part. here is an excerpt from the modified xboxmediacenter.xml:
<masterlock>
<!-- set to 0 to allow infinite password retries in xbmc. setting a positive !-->
<!-- number n will deny access to any locked bookmark if n consecutive bad !-->
<!-- passwords are sent for that bookmark. !-->
<maxretry>0</maxretry>
<!-- set to 1 to force xbmc to always prompt for mastercode on startup !-->
<startuplock>0</startuplock>
<!-- set mastercode to a number between four and eight digits long. if you !-->
<!-- set an alphanumeric code, you will be unable to unlock xbmc on startup! !-->
<mastercode>1234</mastercode>
</masterlock>
i have not added context menu functionality yet, but it's the very next thing on my list after adding masterlock config ui to xbmc settings. i will add the following context menus:
"enable lock" <- only appears if the item is a currently unlocked bookmark, and prompts for <mastercode> to allow function. prompts user to choose lock type and set its password.
"unlock" <- only appears if the item is currently a locked bookmark. unlocks item.
"remove lock" <- only appears if the item is a bookmark that has a lock that is enabled and unlocked (you have to unlock it before you can remove the lock), and prompts for <mastercode> to allow function. sets the lock and password values for the item to nothing.
a note about the context menus: i made a change to the params in csettings::updatebookmark. it now works like this:
bool csettings::updatebookmark(const cstdstring &strtype, const cstdstring &stroldname, const cstdstring &strupdateelement, const cstdstring &strupdatetext)
this allows you to use it to update any element inside a bookmark (previously it only set the name and path), and if you specify an element that does not yet exist it will create it for you. i also updated the existing context menu code to use this new behavior.
i have never used the web interface before or looked through its code, and it doesn't seem to work for me (i get error 404 when i enable the service and try to view the page). i will look into this, i hope i didn't break it. the masterlock and bookmark locks currently have nothing to do with the web interface, so i would imagine they are unaffected. thank you for calling this to my attention.
Posts: 46
Joined: Nov 2004
Reputation:
0
figured out why the web interface wasn't working-- i forgot to unzip the content to the web folder :-) geminiserver, the locks i've implemented have no effect whatsoever on the web interface because i did not modify xbmcweb.cpp. it ignores the locks and lets you get into whatever bookmarks you want. but the web interface already has its own lock, and we could prompt for <mastercode> when users try to modify the web interface settings.
one potential problem for xbmcweb may happen if i get around to implementing samba locks, i.e. where the user directly types in the password for sending to the samba server without storing them in the xml file. web users have no way to input the smb password, so opening those folders will fail. i'm actually fine with that, as i wouldn't want to send smb credentials over an unsecured http connection anyway. the whole point of the planned samba locks is for users who don't want their login credentials lying around in plaintext...
