Challenge for password when using cdr auth.

oxidecomputer · Jan 1, 2025 · d38bd8e · d38bd8e
1 parent 77b8a62
commit d38bd8e
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/src/secret_reader.rs b/src/secret_reader.rs
@@ -18,6 +18,7 @@ use zeroize::Zeroizing;
 use crate::{
     backup::{Share, Verifier},
     cdrw::{CdReader, IsoReader},
+    util,
 };
 
 #[derive(ValueEnum, Copy, Clone, Debug, Default, PartialEq)]
@@ -131,10 +132,24 @@ impl CdrPasswordReader {
 
 impl PasswordReader for CdrPasswordReader {
     fn read(&mut self, _prompt: &str) -> Result<Zeroizing<String>> {
-        let password = self.cdr.read("password")?;
+        match self.cdr.eject() {
+            Ok(()) => (),
+            Err(e) => return Err(e),
+        }
+
+        print!(
+            "Place authentication CD in the drive, close the drive, then press \n\
+               any key to continue: "
+        );
+        match io::stdout().flush() {
+            Ok(()) => (),
+            Err(e) => return Err(e.into()),
+        }
+        util::wait_for_line()?;
 
         // Passwords are utf8 and `String::from_utf8` explicitly does *not*
         // copy the Vec<u8>.
+        let password = self.cdr.read("password")?;
         let password = Zeroizing::new(String::from_utf8(password)?);
         debug!("read password: {:?}", password.deref());