diff options
author | Kyle Evans <kevans@FreeBSD.org> | 2018-02-17 05:26:28 +0000 |
---|---|---|
committer | Kyle Evans <kevans@FreeBSD.org> | 2018-02-17 05:26:28 +0000 |
commit | 11cac4319737600bf02fd10ca007664cfdd08bc1 (patch) | |
tree | 469db45876c721d288d001c9bddd0bd4e5826d6a /stand/lua/password.lua | |
parent | 18c286a0ac51432b13366c40f5f6ee28693a3a3c (diff) | |
download | src-11cac4319737600bf02fd10ca007664cfdd08bc1.tar.gz src-11cac4319737600bf02fd10ca007664cfdd08bc1.zip |
stand/lua: Add optional GELI passphrase prompt
Prompt for GELI passphrase when geom_eli_passphrase_prompt has been set to
"YES" in loader.conf(5).
This entailed breaking out the password prompt into its own function that
can be reused between the password compare bits and this prompt that simply
takes the entered password and passes it along in the environment as
kern.geom.eli.passphrase.
I've also added a TODO to re-evaluate later if we want the "password
masking" -- it is currently not functional, so one still can't observe the
length of the password typed at the prompt.
Notes
Notes:
svn path=/head/; revision=329433
Diffstat (limited to 'stand/lua/password.lua')
-rw-r--r-- | stand/lua/password.lua | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/stand/lua/password.lua b/stand/lua/password.lua index bac3a27a11e8..7257e1ee9ee3 100644 --- a/stand/lua/password.lua +++ b/stand/lua/password.lua @@ -40,7 +40,8 @@ function password.read() if ch == core.KEY_ENTER then break; end - + -- XXX TODO: Evaluate if we really want this or not, as a + -- security consideration of sorts if (ch == core.KEY_BACKSPACE) or (ch == core.KEY_DELETE) then if n > 0 then n = n - 1; @@ -58,23 +59,36 @@ end function password.check() screen.defcursor(); - local function compare(prompt, pwd) - if (pwd == nil) then - return; - end + -- pwd is optionally supplied if we want to check it + local function do_prompt(prompt, pwd) while true do loader.printc(prompt); - if (pwd == password.read()) then - break; + local read_pwd = password.read(); + if (not pwd) or (pwd == read_pwd) then + return read_pwd; end print("\n\nloader: incorrect password!\n"); loader.delay(3*1000*1000); end + -- Throw an extra newline out after the password prompt + print("") + end + local function compare(prompt, pwd) + if (pwd == nil) then + return; + end + do_prompt(prompt, pwd); end local boot_pwd = loader.getenv("bootlock_password"); compare("Boot password: ", boot_pwd); + local geli_pass_prompt = loader.getenv("geom_eli_passphrase_prompt"); + if (geli_pass_prompt:lower() == "yes") then + local passphrase = do_prompt("GELI Passphrase: "); + loader.setenv("kern.geom.eli.passphrase", passphrase) + end + local pwd = loader.getenv("password"); if (pwd ~=nil) then core.autoboot(); |