[lxc-devel] [lxd/master] Prevent empty passwords during init if password authentication is enabled

[komish on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 989 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20201003/9ce3a247/attachment.bin>
-------------- next part --------------
From 98193b9ee0b79a2e3dc2312384964993eb5d7245 Mon Sep 17 00:00:00 2001
From: "Jose R. Gonzalez" <josegonzalez89 at gmail.com>
Date: Sat, 3 Oct 2020 07:36:22 -0500
Subject: [PATCH] refuse empty passwords

Signed-off-by: Jose R. Gonzalez <josegonzalez89 at gmail.com>
---
 shared/cmd/ask.go | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/shared/cmd/ask.go b/shared/cmd/ask.go
index a8eace979e..eb5edd078b 100644
--- a/shared/cmd/ask.go
+++ b/shared/cmd/ask.go
@@ -110,7 +110,8 @@ func AskPassword(question string) string {
 		inSecond := string(pwd)
 		inSecond = strings.TrimSuffix(inSecond, "\n")
 
-		if inFirst == inSecond {
+		// refuse empty password or if password inputs do not match
+		if len(inFirst) > 0 && inFirst == inSecond {
 			return inFirst
 		}
 
@@ -122,11 +123,19 @@ func AskPassword(question string) string {
 //
 // It's the same as AskPassword, but it won't ask to enter it again.
 func AskPasswordOnce(question string) string {
-	fmt.Printf(question)
-	pwd, _ := terminal.ReadPassword(0)
-	fmt.Println("")
+	for {
+		fmt.Printf(question)
+		pwd, _ := terminal.ReadPassword(0)
+		fmt.Println("")
 
-	return string(pwd)
+		// refuse empty password
+		spwd := string(pwd)
+		if len(spwd) > 0 {
+			return spwd
+		}
+
+		invalidInput()
+	}
 }
 
 // Ask a question on the output stream and read the answer from the input stream