1-- 2-- Copyright (c) 2015 Pedro Souza <pedrosouza@freebsd.org> 3-- All rights reserved. 4-- 5-- Redistribution and use in source and binary forms, with or without 6-- modification, are permitted provided that the following conditions 7-- are met: 8-- 1. Redistributions of source code must retain the above copyright 9-- notice, this list of conditions and the following disclaimer. 10-- 2. Redistributions in binary form must reproduce the above copyright 11-- notice, this list of conditions and the following disclaimer in the 12-- documentation and/or other materials provided with the distribution. 13-- 14-- THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15-- ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16-- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17-- ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18-- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19-- DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20-- OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21-- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22-- LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23-- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24-- SUCH DAMAGE. 25-- 26-- $FreeBSD$ 27-- 28 29local password = {}; 30 31local core = require("core"); 32local screen = require("screen"); 33 34function password.read() 35 local str = ""; 36 local n = 0; 37 38 repeat 39 ch = io.getchar(); 40 if (ch == core.KEY_ENTER) then 41 break; 42 end 43 -- XXX TODO: Evaluate if we really want this or not, as a 44 -- security consideration of sorts 45 if (ch == core.KEY_BACKSPACE) or (ch == core.KEY_DELETE) then 46 if (n > 0) then 47 n = n - 1; 48 -- loader.printc("\008 \008"); 49 str = str:sub(1, n); 50 end 51 else 52 -- loader.printc("*"); 53 str = str .. string.char(ch); 54 n = n + 1; 55 end 56 until (n == 16); 57 return str; 58end 59 60function password.check() 61 screen.clear(); 62 screen.defcursor(); 63 -- pwd is optionally supplied if we want to check it 64 local function do_prompt(prompt, pwd) 65 while (true) do 66 loader.printc(prompt); 67 local read_pwd = password.read(); 68 if (not pwd) or (pwd == read_pwd) then 69 -- Throw an extra newline after password prompt 70 print(""); 71 return read_pwd; 72 end 73 print("\n\nloader: incorrect password!\n"); 74 loader.delay(3*1000*1000); 75 end 76 end 77 local function compare(prompt, pwd) 78 if (pwd == nil) then 79 return; 80 end 81 do_prompt(prompt, pwd); 82 end 83 84 local boot_pwd = loader.getenv("bootlock_password"); 85 compare("Boot password: ", boot_pwd); 86 87 local geli_prompt = loader.getenv("geom_eli_passphrase_prompt"); 88 if (geli_prompt ~= nil) and (geli_prompt:lower() == "yes") then 89 local passphrase = do_prompt("GELI Passphrase: "); 90 loader.setenv("kern.geom.eli.passphrase", passphrase); 91 end 92 93 local pwd = loader.getenv("password"); 94 if (pwd ~= nil) then 95 core.autoboot(); 96 end 97 compare("Password: ", pwd); 98end 99 100return password; 101