[Midnightbsd-cvs] src [10195] trunk/sys/boot/forth: update check password
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Fri Jun 1 19:50:54 EDT 2018
Revision: 10195
http://svnweb.midnightbsd.org/src/?rev=10195
Author: laffer1
Date: 2018-06-01 19:50:53 -0400 (Fri, 01 Jun 2018)
Log Message:
-----------
update check password
Modified Paths:
--------------
trunk/sys/boot/forth/check-password.4th
trunk/sys/boot/forth/check-password.4th.8
Modified: trunk/sys/boot/forth/check-password.4th
===================================================================
--- trunk/sys/boot/forth/check-password.4th 2018-06-01 23:44:37 UTC (rev 10194)
+++ trunk/sys/boot/forth/check-password.4th 2018-06-01 23:50:53 UTC (rev 10195)
@@ -1,4 +1,4 @@
-\ Copyright (c) 2006-2012 Devin Teske <dteske at FreeBSD.org>
+\ Copyright (c) 2006-2015 Devin Teske <dteske at FreeBSD.org>
\ All rights reserved.
\
\ Redistribution and use in source and binary forms, with or without
@@ -23,21 +23,26 @@
\ SUCH DAMAGE.
\
\ $MidnightBSD$
+\ $FreeBSD: stable/10/sys/boot/forth/check-password.4th 281843 2015-04-22 01:08:40Z dteske $
marker task-check-password.4th
include /boot/screen.4th
-13 constant enter_key \ The decimal ASCII value for Enter key
-8 constant bs_key \ The decimal ASCII value for Backspace key
-16 constant readmax \ Maximum number of characters for the password
+vocabulary password-processing
+only forth also password-processing definitions
-variable readX \ Current X offset (column)(used by read)
-variable read-start \ Starting X offset (column)(used by read)
+13 constant enter_key \ The decimal ASCII value for Enter key
+8 constant bs_key \ The decimal ASCII value for Backspace key
+21 constant ctrl_u \ The decimal ASCII value for Ctrl-U sequence
+255 constant readmax \ Maximum number of characters for the password
-create readval 16 allot \ input obtained (maximum 16 characters)
-variable readlen \ input length
+variable read-tick \ Twiddle position (used by read)
+variable read-start \ Starting X offset (column)(used by read)
+create readval readmax allot \ input obtained (up to readmax characters)
+variable readlen \ input length
+
\ This function blocks program flow (loops forever) until a key is pressed.
\ The key that was pressed is added to the top of the stack in the form of its
\ decimal ASCII representation. Note: the stack cannot be empty when this
@@ -48,37 +53,50 @@
\
: sgetkey ( -- )
- begin \ Loop forever
- key? if \ Was a key pressed? (see loader(8))
+ begin \ Loop forever
+ key? if \ Was a key pressed? (see loader(8))
+ drop \ Remove stack-cruft
+ key \ Get the key that was pressed
- drop \ Remove stack-cruft
- key \ Get the key that was pressed
+ \ Check key pressed (see loader(8)) and input limit
+ dup 0<> if ( and ) readlen @ readmax < if
+ \ Spin the twiddle and then exit this function
+ read-tick @ dup 1+ 4 mod read-tick !
+ 2 spaces
+ dup 0 = if ( 1 ) ." /" else
+ dup 1 = if ( 2 ) ." -" else
+ dup 2 = if ( 3 ) ." \" else
+ dup 3 = if ( 4 ) ." |" else
+ 1 spaces
+ then then then then drop
+ read-start @ 25 at-xy
+ exit
+ then then
- \ Check key pressed (see loader(8)) and input limit
- dup 0<> if ( and ) readlen @ readmax < if
+ \ Always allow Backspace, Enter, and Ctrl-U
+ dup bs_key = if exit then
+ dup enter_key = if exit then
+ dup ctrl_u = if exit then
+ then
+ 50 ms \ Sleep for 50 milliseconds (see loader(8))
+ again
+;
- \ Echo an asterisk (unless Backspace/Enter)
- dup bs_key <> if ( and ) dup enter_key <> if
- ." *" \ Echo an asterisk
- then then
+: cfill ( c c-addr/u -- )
+ begin dup 0> while
+ -rot 2dup c! 1+ rot 1-
+ repeat 2drop drop
+;
- exit \ Exit from the function
- then then
-
- \ Always allow Backspace and Enter
- dup bs_key = if exit then
- dup enter_key = if exit then
-
- then
- 50 ms \ Sleep for 50 milliseconds (see loader(8))
- again
+: read-reset ( -- )
+ 0 readlen !
+ 0 readval readmax cfill
;
-: read ( String prompt -- )
+: read ( c-addr/u -- ) \ Expects string prompt as stack input
0 25 at-xy \ Move the cursor to the bottom-left
dup 1+ read-start ! \ Store X offset after the prompt
- read-start @ readX ! \ copy value to the current X offset
0 readlen ! \ Initialize the read length
type \ Print the prompt
@@ -90,53 +108,36 @@
\ security reasons). If Enter is pressed, we process the
\ password, otherwise augment the key to a string.
- \ If the key that was entered was not Enter, advance
- dup enter_key <> if
- readX @ 1+ readX ! \ Advance the column
- readlen @ 1+ readlen ! \ Increment input length
- then
-
- \ Handle backspacing
- dup bs_key = if
- readX @ 2 - readX ! \ Set new cursor position
- readlen @ 2 - readlen ! \ Decrement input length
-
- \ Don't move behind starting position
- readX @ read-start @ < if
- read-start @ readX !
- then
- readlen @ 0< if
- 0 readlen !
- then
-
- \ Reposition cursor and erase character
- readX @ 25 at-xy 1 spaces readX @ 25 at-xy
- then
-
dup enter_key = if
- drop \ Clean up stack cruft
- 10 emit \ Echo new line
+ drop \ Clean up stack cruft
+ 3 spaces \ Erase the twiddle
+ 10 emit \ Echo new line
exit
- then
+ else dup ctrl_u = if
+ 3 spaces read-start @ 25 at-xy \ Erase the twiddle
+ 0 readlen ! \ Reset input to NULL
+ else dup bs_key = if
+ readlen @ 1 - dup readlen ! \ Decrement input length
+ dup 0< if drop 0 dup readlen ! then \ Don't go negative
+ 0= if 3 spaces read-start @ 25 at-xy then \ Twiddle
+ else dup \ Store the character
+ \ NB: sgetkey prevents overflow by way of blocking
+ \ at readmax except for Backspace or Enter
+ readlen @ 1+ dup readlen ! 1- readval + c!
+ then then then
- \ If not Backspace or Enter, store the character
- dup bs_key <> if ( and ) dup enter_key <> if
-
- \ store the character in our buffer
- dup readval readlen @ 1- + c!
-
- then then
-
- drop \ drop the last key that was entered
-
+ drop \ last key pressed
again \ Enter was not pressed; repeat
;
+only forth definitions also password-processing
+
: check-password ( -- )
\ Do not allow the user to proceed beyond this point if a boot-lock
\ password has been set (preventing even boot from proceeding)
s" bootlock_password" getenv dup -1 <> if
+ dup readmax > if drop readmax then
begin
s" Boot Password: " read ( prompt -- )
2dup readval readlen @ compare 0<>
@@ -143,11 +144,18 @@
while
3000 ms ." loader: incorrect password" 10 emit
repeat
- 2drop ( c-addr/u )
- else
- drop ( -1 ) \ getenv cruft
- then
+ 2drop read-reset
+ else drop then
+ \ Prompt for GEOM ELI (geli(8)) passphrase if enabled
+ s" geom_eli_passphrase_prompt" getenv dup -1 <> if
+ s" YES" compare-insensitive 0= if
+ s" GELI Passphrase: " read ( prompt -- )
+ readval readlen @ s" kern.geom.eli.passphrase" setenv
+ read-reset
+ then
+ else drop then
+
\ Exit if a password was not set
s" password" getenv -1 = if exit else drop then
@@ -159,12 +167,14 @@
\ Only reached if autoboot fails for any reason (including if/when
\ the user aborts/escapes the countdown sequence leading to boot).
- s" password" getenv
+ s" password" getenv dup readmax > if drop readmax then
begin
s" Password: " read ( prompt -- )
- 2dup readval readlen @ compare 0= if
- 2drop exit \ Correct password
+ 2dup readval readlen @ compare 0= if \ Correct password?
+ 2drop read-reset exit
then
3000 ms ." loader: incorrect password" 10 emit
again
;
+
+only forth definitions
Modified: trunk/sys/boot/forth/check-password.4th.8
===================================================================
--- trunk/sys/boot/forth/check-password.4th.8 2018-06-01 23:44:37 UTC (rev 10194)
+++ trunk/sys/boot/forth/check-password.4th.8 2018-06-01 23:50:53 UTC (rev 10195)
@@ -1,4 +1,5 @@
-.\" Copyright (c) 2011-2012 Devin Teske
+.\" $MidnightBSD$
+.\" Copyright (c) 2011-2015 Devin Teske
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -22,9 +23,9 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $MidnightBSD$
+.\" $FreeBSD: stable/10/sys/boot/forth/check-password.4th.8 281843 2015-04-22 01:08:40Z dteske $
.\"
-.Dd December 10, 2012
+.Dd March 20, 2015
.Dt CHECK-PASSWORD.4TH 8
.Os
.Sh NAME
@@ -33,8 +34,12 @@
.Sh DESCRIPTION
The file that goes by the name of
.Nm
-is a set of commands designed to either prevent booting or prevent modification
-of boot options without an appropriately configured password.
+is a set of commands designed to do one or more of the following:
+.Pp
+.Dl o Prevent booting without password
+.Dl o Prevent modification of boot options without password
+.Dl o Provide a password to mount geli(8) encrypted root disk(s)
+.Pp
The commands of
.Nm
by themselves are not enough for most uses.
@@ -58,14 +63,23 @@
.Pp
.Bl -tag -width disable-module_module -compact -offset indent
.It Ic check-password
-Dual-purpose function that can either protect the interactive boot menu or
-prevent boot without password (separately).
+Multi-purpose function that can protect the interactive boot menu,
+prevent boot without password, or prompt for geli(8) passphrase
+.Pq depending on Xr loader.conf 5 settings .
.Pp
First checks
.Va bootlock_password
and if-set, the user cannot continue until the correct password is entered.
.Pp
-Next checks
+Next, checks
+.Va geom_eli_passphrase_prompt
+and if set to
+.Li YES
+.Pq case-insensitive
+prompts the user to enter their GELI password for later mounting of the root
+device(s) during boot.
+.Pp
+Last, checks
.Va password
and if-set, tries to
.Ic autoboot
@@ -81,6 +95,11 @@
Sets the bootlock password (up to 16 characters long) that is required by
.Ic check-password
to be entered before the system is allowed to boot.
+.It Va geom_eli_passphrase_prompt
+Selects whether loader(8) will prompt for GELI credentials, handing-off to the
+kernel for later mounting of
+.Xr geli 8
+encrypted root device(s).
.It Va password
Sets the password (up to 16 characters long) that is required by
.Ic check-password
@@ -122,6 +141,16 @@
.Bd -literal -offset indent -compact
bootlock_password="boot"
.Ed
+.Pp
+Add the following to
+.Xr loader.conf 5
+to generate a prompt at boot to collect GELI credentials for mounting
+.Xr geli 8
+encrypted root device(s):
+.Pp
+.Bd -literal -offset indent -compact
+geom_eli_passphrase_prompt="YES"
+.Ed
.Sh SEE ALSO
.Xr loader.conf 5 ,
.Xr loader 8 ,
More information about the Midnightbsd-cvs
mailing list