From 0208d6aa82c12600ecca5502357aa36ad928478d Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 11 Sep 2012 03:16:00 -0400 Subject: add a UUID to pair requests Pair requests the the same UUID are part of the same pairing session, which allows us to detect attempts to brute force the shared secret, as that will result in pair requests with the same UUID that are not verified with the right secret. --- Assistant/WebApp/Configurators/Pairing.hs | 2 ++ 1 file changed, 2 insertions(+) (limited to 'Assistant/WebApp/Configurators/Pairing.hs') diff --git a/Assistant/WebApp/Configurators/Pairing.hs b/Assistant/WebApp/Configurators/Pairing.hs index dab5bf4f8..be79d574d 100644 --- a/Assistant/WebApp/Configurators/Pairing.hs +++ b/Assistant/WebApp/Configurators/Pairing.hs @@ -24,6 +24,7 @@ import Assistant.Alert import Assistant.DaemonStatus import Utility.Verifiable import Utility.Network +import Annex.UUID #endif import Yesod @@ -91,6 +92,7 @@ startPairing stage oncancel displaysecret secret = do <*> liftIO getUserName <*> (fromJust . relDir <$> lift getYesod) <*> pure (sshPubKey keypair) + <*> liftIO genUUID liftIO $ do let sender = multicastPairMsg Nothing secret stage pairdata let pip = PairingInProgress secret Nothing keypair pairdata -- cgit v1.2.3