From 8a64d2350eb8f019f8f6d392300f2f352f42e4f5 Mon Sep 17 00:00:00 2001
From: John Baublitz <john.m.baublitz@gmail.com>
Date: Tue, 13 Aug 2024 11:40:23 -0400
Subject: [PATCH] Add password verification for stratis-min

---
 dracut/90stratis/stratis-rootfs-setup |  5 +++--
 src/jsonrpc/client/utils.rs           | 16 +++++++++++++---
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/dracut/90stratis/stratis-rootfs-setup b/dracut/90stratis/stratis-rootfs-setup
index aa9af1ca57..b5814bbfa0 100755
--- a/dracut/90stratis/stratis-rootfs-setup
+++ b/dracut/90stratis/stratis-rootfs-setup
@@ -20,8 +20,9 @@ if $(stratis-min pool is-stopped "$STRATIS_ROOTFS_UUID"); then
 		ATTEMPTS_REMAINING=3
 		if
 			! while [ $((ATTEMPTS_REMAINING--)) -gt 0 ]; do
-				systemd-ask-password --id="stratis:$STRATIS_ROOTFS_UUID" "Enter password for Stratis pool with UUID $STRATIS_ROOTFS_UUID containing root filesystem" |
-					stratis-min pool start --prompt --unlock-method=keyring "$STRATIS_ROOTFS_UUID" && break
+				PASSWORD=$(systemd-ask-password --id="stratis:$STRATIS_ROOTFS_UUID" "Enter password for Stratis pool with UUID $STRATIS_ROOTFS_UUID containing root filesystem")
+				 
+				echo -e "$PASSWORD\n$PASSWORD\n" | stratis-min pool start --prompt --unlock-method=keyring "$STRATIS_ROOTFS_UUID" && break
 			done
 		then
 			echo Failed to start pool with UUID $STRATIS_ROOTFS_UUID using a passphrase >&2
diff --git a/src/jsonrpc/client/utils.rs b/src/jsonrpc/client/utils.rs
index a410e60c6b..f7e54f25cd 100644
--- a/src/jsonrpc/client/utils.rs
+++ b/src/jsonrpc/client/utils.rs
@@ -10,7 +10,7 @@ use std::{
 use nix::unistd::isatty;
 use termios::{tcsetattr, Termios, ECHO, ECHONL, TCSADRAIN};
 
-use crate::stratis::StratisResult;
+use crate::stratis::{StratisError, StratisResult};
 
 #[macro_export]
 macro_rules! do_request {
@@ -217,8 +217,8 @@ pub fn to_suffix_repr(size: u128) -> String {
     })
 }
 
-pub fn prompt_password() -> StratisResult<Option<String>> {
-    print!("Enter passphrase followed by return: ");
+pub fn get_passphrase(msg: &str) -> StratisResult<Option<String>> {
+    print!("{}", msg);
     stdout().flush()?;
 
     let stdin = stdin();
@@ -252,6 +252,16 @@ pub fn prompt_password() -> StratisResult<Option<String>> {
     }
 }
 
+pub fn prompt_password() -> StratisResult<Option<String>> {
+    let pass = get_passphrase("Enter passphrase followed by return: ")?;
+    let verify_pass = get_passphrase("Verify passphrase: ")?;
+    if pass != verify_pass {
+        Err(StratisError::Msg("Passphrases did not match".to_string()))
+    } else {
+        Ok(pass)
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;