From c7a741eabea9eec01b26d9c13591d0b48203a0e2 Mon Sep 17 00:00:00 2001 From: Thierry Vignaud Date: Wed, 3 Feb 2010 23:38:17 +0000 Subject: (setupBootloader__general, crypt_grub_password, is_already_crypted, read_grub_menu_lst, write_grub) add support for crypted grub passwords --- perl-install/NEWS | 1 + perl-install/any.pm | 2 ++ perl-install/bootloader.pm | 37 ++++++++++++++++++++++++++++++++++++- perl-install/install/NEWS | 1 + 4 files changed, 40 insertions(+), 1 deletion(-) (limited to 'perl-install') diff --git a/perl-install/NEWS b/perl-install/NEWS index 5eb8c0231..80af03867 100644 --- a/perl-install/NEWS +++ b/perl-install/NEWS @@ -1,4 +1,5 @@ - drakboot: + o add support for crypted grub passwords o always display security settings o allow timeout to be '0' diff --git a/perl-install/any.pm b/perl-install/any.pm index 7c1673eae..f8f81b60f 100644 --- a/perl-install/any.pm +++ b/perl-install/any.pm @@ -428,6 +428,8 @@ sub setupBootloader__general { disabled => sub { !$enable_lapic } }, { text => N("Enable Local APIC"), val => \$enable_lapic, type => 'bool', advanced => 1 }, { label => N("Security"), title => 1 }, + { text => N("Encrypted password"), val => \$b->{encrypted}, type => "bool", + disabled => sub { $b->{method} !~ /^grub/ } }, { label => N("Password"), val => \$b->{password}, hidden => 1, validate => sub { my $ok = $b->{password} eq $b->{password2} diff --git a/perl-install/bootloader.pm b/perl-install/bootloader.pm index 439ed1175..07ee0d606 100644 --- a/perl-install/bootloader.pm +++ b/perl-install/bootloader.pm @@ -323,6 +323,11 @@ sub _parse_grub_menu_lst() { %b; } +sub is_already_crypted { + my ($password) = @_; + $password =~ /^$1\$/; # CHECKME: EMPIRIC +} + sub read_grub_menu_lst { my ($fstab, $grub2dev) = @_; @@ -331,6 +336,7 @@ sub read_grub_menu_lst { foreach my $keyword (grep { $_ ne 'entries' } keys %b) { $b{$keyword} = $b{$keyword} eq '' ? 1 : grub2file($b{$keyword}, $grub2dev, $fstab, \%b); } + $b{encrypted} = is_already_crypted($b{password}); #- sanitize foreach my $e (@{$b{entries}}) { @@ -1666,6 +1672,28 @@ sub update_copy_in_boot { } } +sub crypt_grub_password { + my ($password) = @_; + require IPC::Open2; + local $ENV{LC_ALL} = 'C'; + my ($his_out, $his_in); + my $pid = IPC::Open2::open2($his_out, $his_in, "$::prefix/sbin/grub-md5-crypt"); + + my ($line, $res); + while (sysread($his_out, $line, 100)) { + if ($line =~ /Password/i) { + syswrite($his_in, "$password\n"); + } else { + $res = $line; + } + } + waitpid($pid, 0); + my $status = $? >> 8; + die "failed to encrypt password (status=$status)" if $status != 0; + chomp_($res); +} + + sub write_grub { my ($bootloader, $all_hds, $o_backup_extension) = @_; @@ -1714,7 +1742,14 @@ sub write_grub { my @conf; push @conf, $format->(grep { defined $bootloader->{$_} } qw(timeout)); - push @conf, $format->(grep { $bootloader->{$_} } qw(color password serial shade terminal viewport background foreground)); + push @conf, $format->(grep { $bootloader->{$_} } qw(color serial shade terminal viewport background foreground)); + if (my $pw = $bootloader->{password}) { + if ($bootloader->{encrypted} && !is_already_crypted($pw)) { + $bootloader->{password} = crypt_grub_password($pw); + } + push @conf, $format->('password'); + } + push @conf, map { $_ . ' ' . $file2grub->($bootloader->{$_}) } grep { $bootloader->{$_} } qw(gfxmenu); eval { diff --git a/perl-install/install/NEWS b/perl-install/install/NEWS index 31679356c..8ce59ddd6 100644 --- a/perl-install/install/NEWS +++ b/perl-install/install/NEWS @@ -1,4 +1,5 @@ - bootloader configuration: + O add support for crypted grub passwords o always display security settings o allow timeout to be '0' -- cgit v1.2.1