(setupBootloader__general, crypt_grub_password, is_already_crypted,

read_grub_menu_lst, write_grub) add support for crypted grub passwords

4 files changed, 40 insertions, 1 deletions

diff --git a/perl-install/NEWS b/perl-install/NEWS
index 5eb8c0231..80af03867 100644
--- a/perl-install/NEWS
+++ b/perl-install/NEWS
@@ -1,4 +1,5 @@
 - drakboot:
+  o add support for crypted grub passwords
   o always display security settings
   o allow timeout to be '0'
 
diff --git a/perl-install/any.pm b/perl-install/any.pm
index 7c1673eae..f8f81b60f 100644
--- a/perl-install/any.pm
+++ b/perl-install/any.pm
@@ -428,6 +428,8 @@ sub setupBootloader__general {
               disabled => sub { !$enable_lapic } }, 
             { text => N("Enable Local APIC"), val => \$enable_lapic, type => 'bool', advanced => 1 },
             { label => N("Security"), title => 1 },
+            { text => N("Encrypted password"), val => \$b->{encrypted}, type => "bool",
+              disabled => sub { $b->{method} !~ /^grub/ } },
 	    { label => N("Password"), val => \$b->{password}, hidden => 1,
 	      validate => sub { 
 		  my $ok = $b->{password} eq $b->{password2}
diff --git a/perl-install/bootloader.pm b/perl-install/bootloader.pm
index 439ed1175..07ee0d606 100644
--- a/perl-install/bootloader.pm
+++ b/perl-install/bootloader.pm
@@ -323,6 +323,11 @@ sub _parse_grub_menu_lst() {
     %b;
 }
 
+sub is_already_crypted {
+    my ($password) = @_;
+    $password =~ /^$1\$/; # CHECKME: EMPIRIC 
+}
+
 sub read_grub_menu_lst {
     my ($fstab, $grub2dev) = @_;
 
@@ -331,6 +336,7 @@ sub read_grub_menu_lst {
     foreach my $keyword (grep { $_ ne 'entries' } keys %b) {
 	$b{$keyword} = $b{$keyword} eq '' ? 1 : grub2file($b{$keyword}, $grub2dev, $fstab, \%b);
     }
+    $b{encrypted} = is_already_crypted($b{password});
 
     #- sanitize
     foreach my $e (@{$b{entries}}) {
@@ -1666,6 +1672,28 @@ sub update_copy_in_boot {
     }
 }
 
+sub crypt_grub_password {
+    my ($password) = @_;
+    require IPC::Open2;
+    local $ENV{LC_ALL} = 'C';
+    my ($his_out, $his_in);
+    my $pid = IPC::Open2::open2($his_out, $his_in, "$::prefix/sbin/grub-md5-crypt");
+
+    my ($line, $res);
+    while (sysread($his_out, $line, 100)) {
+        if ($line =~ /Password/i) {
+            syswrite($his_in, "$password\n");
+        } else {
+            $res = $line;
+        }
+    }
+    waitpid($pid, 0);
+    my $status = $? >> 8;           
+    die "failed to encrypt password (status=$status)" if $status != 0;
+    chomp_($res);
+}
+
+
 sub write_grub {
     my ($bootloader, $all_hds, $o_backup_extension) = @_;
 
@@ -1714,7 +1742,14 @@ sub write_grub {
 	my @conf;
 
 	push @conf, $format->(grep { defined $bootloader->{$_} } qw(timeout));
-	push @conf, $format->(grep { $bootloader->{$_} } qw(color password serial shade terminal viewport background foreground));
+	push @conf, $format->(grep { $bootloader->{$_} } qw(color serial shade terminal viewport background foreground));
+        if (my $pw = $bootloader->{password}) {
+            if ($bootloader->{encrypted} && !is_already_crypted($pw)) {
+                $bootloader->{password} = crypt_grub_password($pw);
+            }
+            push @conf, $format->('password');
+        }
+
 	push @conf, map { $_ . ' ' . $file2grub->($bootloader->{$_}) } grep { $bootloader->{$_} } qw(gfxmenu);
 
 	eval {
diff --git a/perl-install/install/NEWS b/perl-install/install/NEWS
index 31679356c..8ce59ddd6 100644
--- a/perl-install/install/NEWS
+++ b/perl-install/install/NEWS
@@ -1,4 +1,5 @@
 - bootloader configuration:
+  O add support for crypted grub passwords
   o always display security settings
   o allow timeout to be '0'