[Midnightbsd-cvs] src [9867] U trunk/sys/boot/forth: passwords

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Wed May 23 09:17:53 EDT 2018 

Revision: 9867
          http://svnweb.midnightbsd.org/src/?rev=9867
Author:   laffer1
Date:     2018-05-23 09:17:53 -0400 (Wed, 23 May 2018)
Log Message:
-----------
passwords

Modified Paths:
--------------
    trunk/sys/boot/forth/check-password.4th
    trunk/sys/boot/forth/check-password.4th.8

Property Changed:
----------------
    trunk/sys/boot/forth/check-password.4th
    trunk/sys/boot/forth/check-password.4th.8

Modified: trunk/sys/boot/forth/check-password.4th
===================================================================
--- trunk/sys/boot/forth/check-password.4th	2018-05-23 13:16:28 UTC (rev 9866)
+++ trunk/sys/boot/forth/check-password.4th	2018-05-23 13:17:53 UTC (rev 9867)
@@ -1,4 +1,4 @@
-\ Copyright (c) 2006-2011 Devin Teske <devinteske at hotmail.com>
+\ Copyright (c) 2006-2012 Devin Teske <dteske at FreeBSD.org>
 \ All rights reserved.
 \ 
 \ Redistribution and use in source and binary forms, with or without
@@ -74,7 +74,7 @@
    again
 ;
 
-: read ( -- String prompt )
+: read ( String prompt -- )
 
 	0 25 at-xy           \ Move the cursor to the bottom-left
 	dup 1+ read-start !  \ Store X offset after the prompt
@@ -134,23 +134,37 @@
 
 : check-password ( -- )
 
-	\ Exit if a password was not set
-	s" password" getenv dup -1 = if
-		drop exit
+	\ Do not allow the user to proceed beyond this point if a boot-lock
+	\ password has been set (preventing even boot from proceeding)
+	s" bootlock_password" getenv dup -1 <> if
+		begin
+			s" Boot Password: " read ( prompt -- )
+			2dup readval readlen @ compare 0<>
+		while
+			3000 ms ." loader: incorrect password" 10 emit
+		repeat
+		2drop ( c-addr/u )
+	else
+		drop ( -1 ) \ getenv cruft
 	then
 
-	begin \ Loop as long as it takes to get the right password
+	\ Exit if a password was not set
+	s" password" getenv -1 = if exit else drop then
 
-		s" Password: " \ Output a prompt for a password
-		read           \ Read the user's input until Enter
+	\ We should prevent the user from visiting the menu or dropping to the
+	\ interactive loader(8) prompt, but still allow the machine to boot...
 
+	0 autoboot
+
+	\ Only reached if autoboot fails for any reason (including if/when
+	\ the user aborts/escapes the countdown sequence leading to boot).
+
+	s" password" getenv
+	begin
+		s" Password: " read ( prompt -- )
 		2dup readval readlen @ compare 0= if
 			2drop exit \ Correct password
 		then
-
-		\ Bad Password
-		3000 ms
-		." loader: incorrect password" 10 emit
-
-	again \ Not the right password; repeat
+		3000 ms ." loader: incorrect password" 10 emit
+	again
 ;


Property changes on: trunk/sys/boot/forth/check-password.4th
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property
Modified: trunk/sys/boot/forth/check-password.4th.8
===================================================================
--- trunk/sys/boot/forth/check-password.4th.8	2018-05-23 13:16:28 UTC (rev 9866)
+++ trunk/sys/boot/forth/check-password.4th.8	2018-05-23 13:17:53 UTC (rev 9867)
@@ -1,4 +1,4 @@
-.\" Copyright (c) 2011 Devin Teske
+.\" Copyright (c) 2011-2012 Devin Teske
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -24,7 +24,7 @@
 .\"
 .\" $MidnightBSD$
 .\"
-.Dd May 18, 2011
+.Dd December 10, 2012
 .Dt CHECK-PASSWORD.4TH 8
 .Os
 .Sh NAME
@@ -33,7 +33,8 @@
 .Sh DESCRIPTION
 The file that goes by the name of
 .Nm
-is a set of commands designed to prevent booting without the proper password.
+is a set of commands designed to either prevent booting or prevent modification
+of boot options without an appropriately configured password.
 The commands of
 .Nm
 by themselves are not enough for most uses.
@@ -57,30 +58,36 @@
 .Pp
 .Bl -tag -width disable-module_module -compact -offset indent
 .It Ic check-password
-Once called, the user cannot continue until the correct password is entered.
-If the user enters the correct password the function returns.
+Dual-purpose function that can either protect the interactive boot menu or
+prevent boot without password (separately).
 .Pp
-The password that is required is configured by setting the
-.Ic password
-variable in
-.Xr loader.conf 5 .
+First checks
+.Va bootlock_password
+and if-set, the user cannot continue until the correct password is entered.
 .Pp
-Subsequent calls after a successful password
-has been entered will not cause reprompting
-\(em the function will silently return.
+Next checks
+.Va password
+and if-set, tries to
+.Ic autoboot
+and only prompts for password on failure or user-interrupt.
+See
+.Xr loader.conf 5
+for additional information.
 .El
 .Pp
 The environment variables that effect its behavior are:
-.Bl -tag -width bootfile -offset indent
+.Bl -tag -width bootlock_password -offset indent
+.It Va bootlock_password
+Sets the bootlock password (up to 16 characters long) that is required by
+.Ic check-password
+to be entered before the system is allowed to boot.
 .It Va password
 Sets the password (up to 16 characters long) that is required by
 .Ic check-password
-to be entered before the system is allowed to boot. If unset (default) or NULL,
-.Ic check-password
-will silently abort.
+before the user is allowed to visit the boot menu.
 .El
 .Sh FILES
-.Bl -tag -width /boot/loader.4th -compact
+.Bl -tag -width /boot/check-password.4th -compact
 .It Pa /boot/loader
 The
 .Xr loader 8 .
@@ -101,11 +108,20 @@
 .Ed
 .Pp
 Set a password in
-.Xr loader.conf 5 :
+.Xr loader.conf 5
+to prevent modification of boot options:
 .Pp
 .Bd -literal -offset indent -compact
 password="abc123"
 .Ed
+.Pp
+Set a password in
+.Xr loader.conf 5
+to prevent booting without password:
+.Pp
+.Bd -literal -offset indent -compact
+bootlock_password="boot"
+.Ed
 .Sh SEE ALSO
 .Xr loader.conf 5 ,
 .Xr loader 8 ,
@@ -120,4 +136,4 @@
 .Nm
 set of commands was written by
 .An -nosplit
-.An Devin Teske Aq devinteske at hotmail.com .
+.An Devin Teske Aq dteske at FreeBSD.org .


Property changes on: trunk/sys/boot/forth/check-password.4th.8
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+MidnightBSD=%H
\ No newline at end of property

More information about the Midnightbsd-cvs mailing list