From c7a741eabea9eec01b26d9c13591d0b48203a0e2 Mon Sep 17 00:00:00 2001
From: Thierry Vignaud <tv@mandriva.org>
Date: Wed, 3 Feb 2010 23:38:17 +0000
Subject: (setupBootloader__general, crypt_grub_password, is_already_crypted,
 read_grub_menu_lst, write_grub) add support for crypted grub passwords

---
 perl-install/bootloader.pm | 37 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

(limited to 'perl-install/bootloader.pm')

diff --git a/perl-install/bootloader.pm b/perl-install/bootloader.pm
index 439ed1175..07ee0d606 100644
--- a/perl-install/bootloader.pm
+++ b/perl-install/bootloader.pm
@@ -323,6 +323,11 @@ sub _parse_grub_menu_lst() {
     %b;
 }
 
+sub is_already_crypted {
+    my ($password) = @_;
+    $password =~ /^$1\$/; # CHECKME: EMPIRIC 
+}
+
 sub read_grub_menu_lst {
     my ($fstab, $grub2dev) = @_;
 
@@ -331,6 +336,7 @@ sub read_grub_menu_lst {
     foreach my $keyword (grep { $_ ne 'entries' } keys %b) {
 	$b{$keyword} = $b{$keyword} eq '' ? 1 : grub2file($b{$keyword}, $grub2dev, $fstab, \%b);
     }
+    $b{encrypted} = is_already_crypted($b{password});
 
     #- sanitize
     foreach my $e (@{$b{entries}}) {
@@ -1666,6 +1672,28 @@ sub update_copy_in_boot {
     }
 }
 
+sub crypt_grub_password {
+    my ($password) = @_;
+    require IPC::Open2;
+    local $ENV{LC_ALL} = 'C';
+    my ($his_out, $his_in);
+    my $pid = IPC::Open2::open2($his_out, $his_in, "$::prefix/sbin/grub-md5-crypt");
+
+    my ($line, $res);
+    while (sysread($his_out, $line, 100)) {
+        if ($line =~ /Password/i) {
+            syswrite($his_in, "$password\n");
+        } else {
+            $res = $line;
+        }
+    }
+    waitpid($pid, 0);
+    my $status = $? >> 8;           
+    die "failed to encrypt password (status=$status)" if $status != 0;
+    chomp_($res);
+}
+
+
 sub write_grub {
     my ($bootloader, $all_hds, $o_backup_extension) = @_;
 
@@ -1714,7 +1742,14 @@ sub write_grub {
 	my @conf;
 
 	push @conf, $format->(grep { defined $bootloader->{$_} } qw(timeout));
-	push @conf, $format->(grep { $bootloader->{$_} } qw(color password serial shade terminal viewport background foreground));
+	push @conf, $format->(grep { $bootloader->{$_} } qw(color serial shade terminal viewport background foreground));
+        if (my $pw = $bootloader->{password}) {
+            if ($bootloader->{encrypted} && !is_already_crypted($pw)) {
+                $bootloader->{password} = crypt_grub_password($pw);
+            }
+            push @conf, $format->('password');
+        }
+
 	push @conf, map { $_ . ' ' . $file2grub->($bootloader->{$_}) } grep { $bootloader->{$_} } qw(gfxmenu);
 
 	eval {
-- 
cgit v1.2.1