Date: Sat, 17 Feb 2018 05:26:28 +0000 (UTC) From: Kyle Evans <kevans@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r329433 - head/stand/lua Message-ID: <201802170526.w1H5QSit082885@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kevans Date: Sat Feb 17 05:26:28 2018 New Revision: 329433 URL: https://svnweb.freebsd.org/changeset/base/329433 Log: stand/lua: Add optional GELI passphrase prompt Prompt for GELI passphrase when geom_eli_passphrase_prompt has been set to "YES" in loader.conf(5). This entailed breaking out the password prompt into its own function that can be reused between the password compare bits and this prompt that simply takes the entered password and passes it along in the environment as kern.geom.eli.passphrase. I've also added a TODO to re-evaluate later if we want the "password masking" -- it is currently not functional, so one still can't observe the length of the password typed at the prompt. Modified: head/stand/lua/password.lua Modified: head/stand/lua/password.lua ============================================================================== --- head/stand/lua/password.lua Sat Feb 17 05:02:38 2018 (r329432) +++ head/stand/lua/password.lua Sat Feb 17 05:26:28 2018 (r329433) @@ -40,7 +40,8 @@ function password.read() if ch == core.KEY_ENTER then break; end - + -- XXX TODO: Evaluate if we really want this or not, as a + -- security consideration of sorts if (ch == core.KEY_BACKSPACE) or (ch == core.KEY_DELETE) then if n > 0 then n = n - 1; @@ -58,22 +59,35 @@ end function password.check() screen.defcursor(); - local function compare(prompt, pwd) - if (pwd == nil) then - return; - end + -- pwd is optionally supplied if we want to check it + local function do_prompt(prompt, pwd) while true do loader.printc(prompt); - if (pwd == password.read()) then - break; + local read_pwd = password.read(); + if (not pwd) or (pwd == read_pwd) then + return read_pwd; end print("\n\nloader: incorrect password!\n"); loader.delay(3*1000*1000); end + -- Throw an extra newline out after the password prompt + print("") end + local function compare(prompt, pwd) + if (pwd == nil) then + return; + end + do_prompt(prompt, pwd); + end local boot_pwd = loader.getenv("bootlock_password"); compare("Boot password: ", boot_pwd); + + local geli_pass_prompt = loader.getenv("geom_eli_passphrase_prompt"); + if (geli_pass_prompt:lower() == "yes") then + local passphrase = do_prompt("GELI Passphrase: "); + loader.setenv("kern.geom.eli.passphrase", passphrase) + end local pwd = loader.getenv("password"); if (pwd ~=nil) then
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201802170526.w1H5QSit082885>