1-- 2-- Copyright (c) 2015 Pedro Souza <pedrosouza@freebsd.org> 3-- Copyright (C) 2018 Kyle Evans <kevans@FreeBSD.org> 4-- All rights reserved. 5-- 6-- Redistribution and use in source and binary forms, with or without 7-- modification, are permitted provided that the following conditions 8-- are met: 9-- 1. Redistributions of source code must retain the above copyright 10-- notice, this list of conditions and the following disclaimer. 11-- 2. Redistributions in binary form must reproduce the above copyright 12-- notice, this list of conditions and the following disclaimer in the 13-- documentation and/or other materials provided with the distribution. 14-- 15-- THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16-- ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17-- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18-- ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19-- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20-- DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21-- OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22-- HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23-- LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24-- OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25-- SUCH DAMAGE. 26-- 27-- $FreeBSD$ 28-- 29 30local core = require("core") 31local screen = require("screen") 32 33local password = {} 34 35-- Module exports 36function password.read() 37 local str = "" 38 local n = 0 39 40 repeat 41 ch = io.getchar() 42 if ch == core.KEY_ENTER then 43 break 44 end 45 -- XXX TODO: Evaluate if we really want this or not, as a 46 -- security consideration of sorts 47 if ch == core.KEY_BACKSPACE or ch == core.KEY_DELETE then 48 if n > 0 then 49 n = n - 1 50 -- loader.printc("\008 \008") 51 str = str:sub(1, n) 52 end 53 else 54 -- loader.printc("*") 55 str = str .. string.char(ch) 56 n = n + 1 57 end 58 until n == 16 59 return str 60end 61 62function password.check() 63 screen.clear() 64 screen.defcursor() 65 -- pwd is optionally supplied if we want to check it 66 local function do_prompt(prompt, pwd) 67 while true do 68 loader.printc(prompt) 69 local read_pwd = password.read() 70 if pwd == nil or pwd == read_pwd then 71 -- Throw an extra newline after password prompt 72 print("") 73 return read_pwd 74 end 75 print("\n\nloader: incorrect password!\n") 76 loader.delay(3*1000*1000) 77 end 78 end 79 local function compare(prompt, pwd) 80 if pwd == nil then 81 return 82 end 83 do_prompt(prompt, pwd) 84 end 85 86 local boot_pwd = loader.getenv("bootlock_password") 87 compare("Boot password: ", boot_pwd) 88 89 local geli_prompt = loader.getenv("geom_eli_passphrase_prompt") 90 if geli_prompt ~= nil and geli_prompt:lower() == "yes" then 91 local passphrase = do_prompt("GELI Passphrase: ") 92 loader.setenv("kern.geom.eli.passphrase", passphrase) 93 end 94 95 local pwd = loader.getenv("password") 96 if pwd ~= nil then 97 core.autoboot() 98 end 99 compare("Password: ", pwd) 100end 101 102return password 103