On Sun, Oct 24, 2021 at 02:06:56PM +0000, Klemens Nanni wrote:
> On Sun, Oct 24, 2021 at 08:04:26AM -0600, Theo de Raadt wrote:
> > Theo Buehler <[email protected]> wrote:
> >
> > > On Sun, Oct 24, 2021 at 12:37:47PM +0000, Klemens Nanni wrote:
> > > > On Thu, Oct 21, 2021 at 10:29:02AM +0000, Klemens Nanni wrote:
> > > > > On Thu, Oct 21, 2021 at 04:06:53AM -0600, Theo de Raadt wrote:
> > > > > > Can people handle typing these passwords blindly? I suspect yes.
> > > > > >
> > > > > > Then this seems like a reasonable solution.
> > > > >
> > > > > Other systems do the redacted typing thing, so you see **** instead of
> > > > > what you actually typed; I think we're used to that and blindly
> > > > > typing
> > > > > is not much different... prompts like doas(1) do it as well.
> > > > >
> > > > > I didn't test autoinstall(8) and thought that was a problem since this
> > > > > diff changes the WEP/WPA passphrase questions from one to two answers
> > > > > if
> > > > > you will, but now I remembered that this obviously isn't a problem for
> > > > > the user password question either.
> > > > >
> > > > > Anyone willing to test this for me or even OK it?
> > > > > I can't do wifi installations here/now but am pretty confident that
> > > > > this
> > > > > does the right thing.
> > > >
> > > > New diff against -CURRENT.
> > > >
> > > > I'll commit this diff once I get positive feedback/an OK or tested it
> > > > myself.
> > >
> > > I'm not a fan. WiFi passwords tend to be on the longer side and
> > > nontrivial to type (they're also not things you tend to know by heart).
> > > I would not expect to be able to type my WiFi password blindly.
> >
> > So then we need a non-! parsing function, which doesn't disable echo.
>
> I guess so. Not a big deal, I just tried the simple way and not write
> any new install.sub code. Will post a diff later.
Introduce ask_passphrase() and use it solely for the WPA/WEP questions.
It is an adapted copy of ask_password() with ask_pass() inlined modulo
the `stty echo' handling.
OK?
Index: install.sub
===================================================================
RCS file: /cvs/src/distrib/miniroot/install.sub,v
retrieving revision 1.1183
diff -u -p -r1.1183 install.sub
--- install.sub 24 Oct 2021 12:32:42 -0000 1.1183
+++ install.sub 2 Nov 2021 13:26:18 -0000
@@ -885,6 +885,27 @@ ask_password() {
done
}
+# Ask for a passphrase once showing prompt $1. Ensure input is not empty
+# save it in $_passphrase.
+ask_passphrase() {
+ local _q=$1
+
+ if $AI; then
+ echo -n "$_q "
+ _autorespond "$_q"
+ echo '<provided>'
+ _passphrase=$resp
+ return
+ fi
+
+ while :; do
+ IFS= read -r _passphase?"$_q (will echo)"
+
+ [[ -n $_passphrase ]] && break
+
+ echo "Empty passphrase, try again."
+ done
+}
#
------------------------------------------------------------------------------
# Support functions for donetconfig()
@@ -1245,19 +1266,19 @@ ieee80211_config() {
quote join "$_nwid" >>$_hn
break
;;
- ?-[Ww]) ask_until "WEP key? (will echo)"
+ ?-[Ww]) ask_password "WEP key?" echo
# Make sure ifconfig accepts the key.
- if _err=$(ifconfig $_if join "$_nwid" nwkey
"$resp" 2>&1) &&
+ if _err=$(ifconfig $_if join "$_nwid" nwkey
"$_passphrase" 2>&1) &&
[[ -z $_err ]]; then
- quote join "$_nwid" nwkey "$resp" >>$_hn
+ quote join "$_nwid" nwkey
"$_passphrase" >>$_hn
break
fi
echo "$_err"
;;
- 1-[Pp]) ask_until "WPA passphrase? (will echo)"
+ 1-[Pp]) ask_passphrase "WPA passphrase?"
# Make sure ifconfig accepts the key.
- if ifconfig $_if join "$_nwid" wpakey "$resp";
then
- quote join "$_nwid" wpakey "$resp"
>>$_hn
+ if ifconfig $_if join "$_nwid" wpakey
"$_passphrase"; then
+ quote join "$_nwid" wpakey
"$_passphrase" >>$_hn
break
fi
;;
