MFC revisions 277693,278335,280382-280385,280923-280926,280931,

280933-280939,280974-280976,281002,281009,281081,281176-281180, 281271,281275,281616 (described in-breif below): r277693: Font fix (des) r278335: Revert that r280382: Whitespace, comments, and copyright update r280383: Prevent inadvertent bootlock condition r280384: Increase max passowrd length from 16 to 255 chars r280385: Add missing variable hints to loader.conf(5) defaults r280923: Whitespace r280924: Comments r280925: Optimize bootmsg to use fg/bg/me from screen.4th r280926: Whitespace and cleanup r280931: Comments r280933: Move beastie to logo-*.4th; brands to brand-*.4th r280934: Add remainder of supported ANSI escape sequences r280935: Securely overwrite (zero) user input after password checks r280936: Use equals for ASCII double frames r280937: Solve dreaded "dictionary full" issue r280938: Add "GELI Passphrase:" prompt to boot loader r280939: Revert that (premature commit) r280974: Use fg/b/me from screen.4th instead of literals r280975: Eliminate literal escape sequences from *.4th r280976: Use ^[[m mode-ending versus ^[[37m r281002: Install newly added brand-*.4th and logo-*.4th files (jkim) r281009: Revert .PATH changes to fix mips build (jkim) r281081: Make sure forth manpages are only installed once (bapt) r281176: Back to previous mode-endings based on feedback r281177: Back to previous mode-endings based on feedback r281178: Back to previous mode-endings based on feedback r281179: Back to previous mode-endings based on feedback r281180: Eliminate literal escape sequences from *.rc r281271: Fix a bootlock condition if loader_version is set NB: Commit message of r281271 has a typo, s/_logo/_version/ r281275: Re-do proper mode-endings r281616: Add "GELI Passphrase:" prompt to boot loader Relnotes: Added "GELI Passphrase:" prompt to boot loader
author: dteske <dteske@FreeBSD.org> 2015-04-22 01:08:40 +0000
committer: dteske <dteske@FreeBSD.org> 2015-04-22 01:08:40 +0000
commit: 8bc086afd36687c997b22a697e2b40543b248c21 (patch)
tree: ebacd763d78eeeb1bb3f049fbc90ab8bee84223c /sys/boot/forth/check-password.4th
parent: 3d58bff4f8d3d50515f7efaec955d0c92dfb2774 (diff)
download: FreeBSD-src-8bc086afd36687c997b22a697e2b40543b248c21.zip
FreeBSD-src-8bc086afd36687c997b22a697e2b40543b248c21.tar.gz
1 files changed, 85 insertions, 76 deletions
diff --git a/sys/boot/forth/check-password.4th b/sys/boot/forth/check-password.4th
index 26d6b94..d41777c 100644
--- a/sys/boot/forth/check-password.4th
+++ b/sys/boot/forth/check-password.4th
@@ -1,4 +1,4 @@
-\ Copyright (c) 2006-2012 Devin Teske <dteske@FreeBSD.org>
+\ Copyright (c) 2006-2015 Devin Teske <dteske@FreeBSD.org>
 \ All rights reserved.
 \ 
 \ Redistribution and use in source and binary forms, with or without
@@ -28,15 +28,19 @@ marker task-check-password.4th
 
 include /boot/screen.4th
 
-13 constant enter_key   \ The decimal ASCII value for Enter key
-8  constant bs_key      \ The decimal ASCII value for Backspace key
-16 constant readmax     \ Maximum number of characters for the password
+vocabulary password-processing
+only forth also password-processing definitions
 
-variable readX          \ Current X offset (column)(used by read)
-variable read-start     \ Starting X offset (column)(used by read)
+13  constant enter_key       \ The decimal ASCII value for Enter key
+8   constant bs_key          \ The decimal ASCII value for Backspace key
+21  constant ctrl_u          \ The decimal ASCII value for Ctrl-U sequence
+255 constant readmax         \ Maximum number of characters for the password
 
-create readval 16 allot \ input obtained (maximum 16 characters)
-variable readlen        \ input length
+variable read-tick           \ Twiddle position (used by read)
+variable read-start          \ Starting X offset (column)(used by read)
+
+create readval readmax allot \ input obtained (up to readmax characters)
+variable readlen             \ input length
 
 \ This function blocks program flow (loops forever) until a key is pressed.
 \ The key that was pressed is added to the top of the stack in the form of its
@@ -48,37 +52,50 @@ variable readlen        \ input length
 \ 
 : sgetkey ( -- )
 
-   begin \ Loop forever
-      key? if \ Was a key pressed? (see loader(8))
-
-         drop \ Remove stack-cruft
-         key  \ Get the key that was pressed
-
-         \ Check key pressed (see loader(8)) and input limit
-         dup 0<> if ( and ) readlen @ readmax < if
-
-            \ Echo an asterisk (unless Backspace/Enter)
-            dup bs_key <> if ( and ) dup enter_key <> if
-                  ." *" \ Echo an asterisk
-            then then
-
-            exit \ Exit from the function
-         then then
+	begin \ Loop forever
+		key? if \ Was a key pressed? (see loader(8))
+			drop \ Remove stack-cruft
+			key  \ Get the key that was pressed
+
+			\ Check key pressed (see loader(8)) and input limit
+			dup 0<> if ( and ) readlen @ readmax < if
+				\ Spin the twiddle and then exit this function
+				read-tick @ dup 1+ 4 mod read-tick !
+				2 spaces
+				dup 0 = if ( 1 ) ." /" else
+				dup 1 = if ( 2 ) ." -" else
+				dup 2 = if ( 3 ) ." \" else
+				dup 3 = if ( 4 ) ." |" else
+					1 spaces
+				then then then then drop
+				read-start @ 25 at-xy
+				exit
+			then then
+
+			\ Always allow Backspace, Enter, and Ctrl-U
+			dup bs_key = if exit then
+			dup enter_key = if exit then
+			dup ctrl_u = if exit then
+		then
+		50 ms \ Sleep for 50 milliseconds (see loader(8))
+	again
+;
 
-         \ Always allow Backspace and Enter
-         dup bs_key = if exit then
-         dup enter_key = if exit then
+: cfill ( c c-addr/u -- )
+	begin dup 0> while
+		-rot 2dup c! 1+ rot 1-
+	repeat 2drop drop
+;
 
-      then
-      50 ms \ Sleep for 50 milliseconds (see loader(8))
-   again
+: read-reset ( -- )
+	0 readlen !
+	0 readval readmax cfill
 ;
 
-: read ( String prompt -- )
+: read ( c-addr/u -- ) \ Expects string prompt as stack input
 
 	0 25 at-xy           \ Move the cursor to the bottom-left
 	dup 1+ read-start !  \ Store X offset after the prompt
-	read-start @ readX ! \ copy value to the current X offset
 	0 readlen !          \ Initialize the read length
 	type                 \ Print the prompt
 
@@ -90,63 +107,53 @@ variable readlen        \ input length
 		\ security reasons). If Enter is pressed, we process the
 		\ password, otherwise augment the key to a string.
 
-		\ If the key that was entered was not Enter, advance
-		dup enter_key <> if
-			readX @ 1+ readX !     \ Advance the column
-			readlen @ 1+ readlen ! \ Increment input length
-		then
-
-		\ Handle backspacing
-		dup bs_key = if
-			readX @ 2 - readX !     \ Set new cursor position
-			readlen @ 2 - readlen ! \ Decrement input length
-
-			\ Don't move behind starting position
-			readX @ read-start @ < if
-				read-start @ readX !
-			then
-			readlen @ 0< if
-				0 readlen !
-			then
-
-			\ Reposition cursor and erase character
-			readX @ 25 at-xy 1 spaces readX @ 25 at-xy
-		then
-
 		dup enter_key = if
-			drop    \ Clean up stack cruft
-			10 emit \ Echo new line
+			drop     \ Clean up stack cruft
+			3 spaces \ Erase the twiddle
+			10 emit  \ Echo new line
 			exit
-		then
-
-		\ If not Backspace or Enter, store the character
-		dup bs_key <> if ( and ) dup enter_key <> if
-
-			\ store the character in our buffer
-			dup readval readlen @ 1- + c!
-
-		then then
-
-		drop \ drop the last key that was entered
-
+		else dup ctrl_u = if
+			3 spaces read-start @ 25 at-xy \ Erase the twiddle
+			0 readlen ! \ Reset input to NULL
+		else dup bs_key = if
+			readlen @ 1 - dup readlen ! \ Decrement input length
+			dup 0< if drop 0 dup readlen ! then \ Don't go negative
+			0= if 3 spaces read-start @ 25 at-xy then \ Twiddle
+		else dup \ Store the character
+			\ NB: sgetkey prevents overflow by way of blocking
+			\     at readmax except for Backspace or Enter
+			readlen @ 1+ dup readlen ! 1- readval + c!
+		then then then
+
+		drop \ last key pressed
 	again \ Enter was not pressed; repeat
 ;
 
+only forth definitions also password-processing
+
 : check-password ( -- )
 
 	\ Do not allow the user to proceed beyond this point if a boot-lock
 	\ password has been set (preventing even boot from proceeding)
 	s" bootlock_password" getenv dup -1 <> if
+		dup readmax > if drop readmax then
 		begin
 			s" Boot Password: " read ( prompt -- )
 			2dup readval readlen @ compare 0<>
 		while
 			3000 ms ." loader: incorrect password" 10 emit
 		repeat
-		2drop ( c-addr/u )
-	else
-		drop ( -1 ) \ getenv cruft
-	then
+		2drop read-reset
+	else drop then
+
+	\ Prompt for GEOM ELI (geli(8)) passphrase if enabled
+	s" geom_eli_passphrase_prompt" getenv dup -1 <> if
+		s" YES" compare-insensitive 0= if
+			s" GELI Passphrase: " read ( prompt -- )
+			readval readlen @ s" kern.geom.eli.passphrase" setenv
+			read-reset
+		then
+	else drop then
 
 	\ Exit if a password was not set
 	s" password" getenv -1 = if exit else drop then
@@ -159,12 +166,14 @@ variable readlen        \ input length
 	\ Only reached if autoboot fails for any reason (including if/when
 	\ the user aborts/escapes the countdown sequence leading to boot).
 
-	s" password" getenv
+	s" password" getenv dup readmax > if drop readmax then
 	begin
 		s" Password: " read ( prompt -- )
-		2dup readval readlen @ compare 0= if
-			2drop exit \ Correct password
+		2dup readval readlen @ compare 0= if \ Correct password?
+			2drop read-reset exit
 		then
 		3000 ms ." loader: incorrect password" 10 emit
 	again
 ;
+
+only forth definitions
author	dteske <dteske@FreeBSD.org>	2015-04-22 01:08:40 +0000
committer	dteske <dteske@FreeBSD.org>	2015-04-22 01:08:40 +0000
commit	8bc086afd36687c997b22a697e2b40543b248c21 (patch)
tree	ebacd763d78eeeb1bb3f049fbc90ab8bee84223c /sys/boot/forth/check-password.4th
parent	3d58bff4f8d3d50515f7efaec955d0c92dfb2774 (diff)
download	FreeBSD-src-8bc086afd36687c997b22a697e2b40543b248c21.zip FreeBSD-src-8bc086afd36687c997b22a697e2b40543b248c21.tar.gz