add a UUID to pair requests

Pair requests the the same UUID are part of the same pairing session, which allows us to detect attempts to brute force the shared secret, as that will result in pair requests with the same UUID that are not verified with the right secret.
author: Joey Hess <joey@kitenet.net> 2012-09-11 03:16:00 -0400
committer: Joey Hess <joey@kitenet.net> 2012-09-11 03:16:00 -0400
commit: 0208d6aa82c12600ecca5502357aa36ad928478d (patch)
tree: 6a9d81568b239fbeb78592ec9d728c580c62182d /Assistant/WebApp/Configurators/Pairing.hs
parent: b3f4c6eb683ebedf0e73bbca8305bb3f97cac6f1 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/Assistant/WebApp/Configurators/Pairing.hs b/Assistant/WebApp/Configurators/Pairing.hs
index dab5bf4f8..be79d574d 100644
--- a/Assistant/WebApp/Configurators/Pairing.hs
+++ b/Assistant/WebApp/Configurators/Pairing.hs
@@ -24,6 +24,7 @@ import Assistant.Alert
 import Assistant.DaemonStatus
 import Utility.Verifiable
 import Utility.Network
+import Annex.UUID
 #endif
 
 import Yesod
@@ -91,6 +92,7 @@ startPairing stage oncancel displaysecret secret = do
 		<*> liftIO getUserName
 		<*> (fromJust . relDir <$> lift getYesod)
 		<*> pure (sshPubKey keypair)
+		<*> liftIO genUUID
 	liftIO $ do
 		let sender = multicastPairMsg Nothing secret stage pairdata
 		let pip = PairingInProgress secret Nothing keypair pairdata
author	Joey Hess <joey@kitenet.net>	2012-09-11 03:16:00 -0400
committer	Joey Hess <joey@kitenet.net>	2012-09-11 03:16:00 -0400
commit	0208d6aa82c12600ecca5502357aa36ad928478d (patch)
tree	6a9d81568b239fbeb78592ec9d728c580c62182d /Assistant/WebApp/Configurators/Pairing.hs
parent	b3f4c6eb683ebedf0e73bbca8305bb3f97cac6f1 (diff)