[PATCH] Add password support to pygrub for GRUB bootloader

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Michal Novotny <minovotn@redhat.com>
To: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
Subject: [PATCH] Add password support to pygrub for GRUB bootloader
Date: Thu, 20 Aug 2009 17:02:37 +0200	[thread overview]
Message-ID: <4A8D658D.1070406@redhat.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 755 bytes --]

Hi,
this is the patch to add password support to pygrub for GRUB bootloader. 
It basically checks for the presence of password line in grub.conf of 
the guest image and if this line is present, it supports both clear text 
and md5 versions of the password. Editing the grub entries and 
command-line are disabled when some password is set in domain's 
grub.conf file but the password was not entered yet. Also, new option to 
press 'p' in interactive pygrub has been added to allow entering the 
grub password. It's been tested on x86_64 with PV guests and was working 
fine. Also, the countdown has been stopped after key was pressed, ie. 
the user is probably editing the boot configuration.

Michal

Signed-off-by: Michal Novotny <minovotn@redhat.com>

[-- Attachment #2: xen-pygrub-password-support.patch --]
[-- Type: text/x-patch, Size: 4972 bytes --]

diff -r 145e49b8574c tools/pygrub/src/GrubConf.py
--- a/tools/pygrub/src/GrubConf.py	Tue May 19 23:44:28 2009 +0100
+++ b/tools/pygrub/src/GrubConf.py	Thu Aug 20 16:58:04 2009 +0200
@@ -157,6 +157,7 @@ class GrubConfigFile(object):
         self.images = []
         self.timeout = -1
         self._default = 0
+        self.passwordAccess = True
 
         if fn is not None:
             self.parse()
@@ -196,6 +197,7 @@ class GrubConfigFile(object):
             if self.commands.has_key(com):
                 if self.commands[com] is not None:
                     setattr(self, self.commands[com], arg.strip())
+                    #print "%s = %s => %s" % (com, self.commands[com], arg.strip() )
                 else:
                     logging.info("Ignored directive %s" %(com,))
             else:
@@ -203,6 +205,37 @@ class GrubConfigFile(object):
                 
         if len(img) > 0:
             self.add_image(GrubImage(img))
+
+        if self.hasPassword():
+            self.setPasswordAccess(False)
+
+    def hasPasswordAccess(self):
+        return self.passwordAccess
+
+    def setPasswordAccess(self, val):
+        self.passwordAccess = val
+
+    def hasPassword(self):
+        try:
+            getattr(self, self.commands['password'])
+            return True
+        except KeyError, e:
+            return False
+
+    def checkPassword(self, password):
+        try:
+            pwd = getattr(self, self.commands['password']).split()
+            if pwd[0] == '--md5':
+                import crypt
+                if crypt.crypt(password, pwd[1]) == pwd[1]:
+                    return True
+
+            if pwd[0] == password:
+                return True
+
+            return False
+        except:
+            return True
 
     def set(self, line):
         (com, arg) = grub_exact_split(line, 2)
diff -r 145e49b8574c tools/pygrub/src/pygrub
--- a/tools/pygrub/src/pygrub	Tue May 19 23:44:28 2009 +0100
+++ b/tools/pygrub/src/pygrub	Thu Aug 20 16:58:04 2009 +0200
@@ -418,7 +418,14 @@ class Grub:
             self.text_win.addstr(0, 0, "Use the U and D keys to select which entry is highlighted.")
             self.text_win.addstr(1, 0, "Press enter to boot the selected OS. 'e' to edit the")
             self.text_win.addstr(2, 0, "commands before booting, 'a' to modify the kernel arguments ")
-            self.text_win.addstr(3, 0, "before booting, or 'c' for a command line.")
+
+            # if grub has password defined we allow option to enter password
+            if not self.cf.hasPassword():
+                self.text_win.addstr(3, 0, "before booting, or 'c' for a command line.")
+            else:
+                self.text_win.addstr(3, 0, "before booting, or 'c' for a command line. You can also")
+                self.text_win.addstr(4, 0, "press 'p' to enter password for modifications...")
+
             self.text_win.addch(0, 8, curses.ACS_UARROW)
             self.text_win.addch(0, 14, curses.ACS_DARROW)
             (y, x) = self.text_win.getmaxyx()
@@ -457,9 +464,19 @@ class Grub:
 
             # handle keypresses
             if c == ord('c'):
+                # we disallow access without password specified
+                if not self.cf.hasPasswordAccess():
+                    self.text_win.addstr(6, 8, "You have to enter GRUB password first")
+                    break
+
                 self.command_line_mode()
                 break
             elif c == ord('a'):
+                # we disallow access without password specified
+                if not self.cf.hasPasswordAccess():
+                    self.text_win.addstr(6, 8, "You have to enter GRUB password first")
+                    break
+
                 # find the kernel line, edit it and then boot
                 img = self.cf.images[self.selected_image]
                 for line in img.lines:
@@ -471,8 +488,23 @@ class Grub:
                             break
                 break
             elif c == ord('e'):
+                # we disallow access without password specified
+                if not self.cf.hasPasswordAccess():
+                    self.text_win.addstr(6, 8, "You have to enter GRUB password first")
+                    break
+
                 img = self.cf.images[self.selected_image]
                 self.edit_entry(img)
+                break
+            elif c == ord('p') and self.cf.hasPassword():
+                self.text_win.addstr(6, 8, "Enter password: ")
+                pwd = self.text_win.getstr(6, 8)
+                if not self.cf.checkPassword(pwd):
+                    self.text_win.addstr(6, 8, "Incorrect password!")
+                    self.cf.setPasswordAccess( False )
+                else:
+                    self.text_win.addstr(6, 8, "Access granted     ")
+                    self.cf.setPasswordAccess( True )
                 break
             elif c in (curses.KEY_ENTER, ord('\n'), ord('\r')):
                 self.isdone = True


[-- Attachment #3: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

next             reply	other threads:[~2009-08-20 15:02 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-08-20 15:02 Michal Novotny [this message]
2009-08-21 10:18 ` [PATCH] Add password support to pygrub for GRUB bootloader Michal Novotny
2009-08-21 13:44   ` Michal Novotny

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4A8D658D.1070406@redhat.com \
    --to=minovotn@redhat.com \
    --cc=xen-devel@lists.xensource.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.