Add AdminSP auth retry with provided password if MSID auth fails. Also add the same password retry for EraseMaster

jhindersson · ChriMarMe · commit a36421cabf5f · 2023-09-20T11:52:25.000+02:00
diff --git a/cmd/gosedctl/cmd.go b/cmd/gosedctl/cmd.go
@@ -330,12 +330,14 @@ func (i *initialSetupEnterpriseCmd) Run(ctx *context) error {
 		return fmt.Errorf("Admin_C_PIN_MSID_GetPin() failed: %v", err)
 	}
 
+	pwhash := pbkdf2.Key([]byte(i.SIDPassword), []byte(salt[:20]), 75000, 32, sha1.New)
+
 	if err := table.ThisSP_Authenticate(adminSession, uid.AuthoritySID, msid); err != nil {
-		return fmt.Errorf("authenticating as AdminSP failed: %v", err)
+		if err := table.ThisSP_Authenticate(adminSession, uid.AuthoritySID, pwhash); err != nil {
+			return fmt.Errorf("authenticating as AdminSP failed: %v", err)
+		}
 	}
 
-	pwhash := pbkdf2.Key([]byte(i.SIDPassword), []byte(salt[:20]), 75000, 32, sha1.New)
-
 	if err := table.Admin_C_Pin_SID_SetPIN(adminSession, pwhash); err != nil {
 		return fmt.Errorf("Admin_C_PIN_SID_SetPIN() failed: %v", err)
 	}
@@ -365,14 +367,16 @@ func (i *initialSetupEnterpriseCmd) Run(ctx *context) error {
 		return fmt.Errorf("failed to set BandMaster0 PIN: %v", err)
 	}
 
+	erasePw := pbkdf2.Key([]byte(i.EraseMasterPW), []byte(salt[:20]), 75000, 32, sha1.New)
+
 	if err := table.ThisSP_Authenticate(lockingSession, uid.EraseMaster, msid); err != nil {
 		if err := table.ThisSP_Authenticate(lockingSession, uid.EraseMaster, pwhash); err != nil {
-			return fmt.Errorf("authenticating as EraseMaster failed: %v", err)
+			if err := table.ThisSP_Authenticate(lockingSession, uid.EraseMaster, erasePw); err != nil {
+				return fmt.Errorf("authenticating as EraseMaster failed: %v", err)
+			}
 		}
 	}
 
-	erasePw := pbkdf2.Key([]byte(i.EraseMasterPW), []byte(salt[:20]), 75000, 32, sha1.New)
-
 	if err := table.SetEraseMasterPin(lockingSession, erasePw); err != nil {
 		return fmt.Errorf("failed to set EraseMaster PIN: %v", err)
 	}

Original file line number	Diff line number	Diff line change
`@@ -330,12 +330,14 @@ func (i initialSetupEnterpriseCmd) Run(ctx context) error {`
`330`	`330`	`return fmt.Errorf("Admin_C_PIN_MSID_GetPin() failed: %v", err)`
`331`	`331`	`}`
`332`	`332`
	`333`	`+ pwhash := pbkdf2.Key([]byte(i.SIDPassword), []byte(salt[:20]), 75000, 32, sha1.New)`
	`334`	`+`
`333`	`335`	`if err := table.ThisSP_Authenticate(adminSession, uid.AuthoritySID, msid); err != nil {`
`334`		`- return fmt.Errorf("authenticating as AdminSP failed: %v", err)`
	`336`	`+ if err := table.ThisSP_Authenticate(adminSession, uid.AuthoritySID, pwhash); err != nil {`
	`337`	`+ return fmt.Errorf("authenticating as AdminSP failed: %v", err)`
	`338`	`+ }`
`335`	`339`	`}`
`336`	`340`
`337`		`- pwhash := pbkdf2.Key([]byte(i.SIDPassword), []byte(salt[:20]), 75000, 32, sha1.New)`
`338`		`-`
`339`	`341`	`if err := table.Admin_C_Pin_SID_SetPIN(adminSession, pwhash); err != nil {`
`340`	`342`	`return fmt.Errorf("Admin_C_PIN_SID_SetPIN() failed: %v", err)`
`341`	`343`	`}`
`@@ -365,14 +367,16 @@ func (i initialSetupEnterpriseCmd) Run(ctx context) error {`
`365`	`367`	`return fmt.Errorf("failed to set BandMaster0 PIN: %v", err)`
`366`	`368`	`}`
`367`	`369`
	`370`	`+ erasePw := pbkdf2.Key([]byte(i.EraseMasterPW), []byte(salt[:20]), 75000, 32, sha1.New)`
	`371`	`+`
`368`	`372`	`if err := table.ThisSP_Authenticate(lockingSession, uid.EraseMaster, msid); err != nil {`
`369`	`373`	`if err := table.ThisSP_Authenticate(lockingSession, uid.EraseMaster, pwhash); err != nil {`
`370`		`- return fmt.Errorf("authenticating as EraseMaster failed: %v", err)`
	`374`	`+ if err := table.ThisSP_Authenticate(lockingSession, uid.EraseMaster, erasePw); err != nil {`
	`375`	`+ return fmt.Errorf("authenticating as EraseMaster failed: %v", err)`
	`376`	`+ }`
`371`	`377`	`}`
`372`	`378`	`}`
`373`	`379`
`374`		`- erasePw := pbkdf2.Key([]byte(i.EraseMasterPW), []byte(salt[:20]), 75000, 32, sha1.New)`
`375`		`-`
`376`	`380`	`if err := table.SetEraseMasterPin(lockingSession, erasePw); err != nil {`
`377`	`381`	`return fmt.Errorf("failed to set EraseMaster PIN: %v", err)`
`378`	`382`	`}`