* [PATCH] Add password support to pygrub for GRUB bootloader
@ 2009-08-20 15:02 Michal Novotny
2009-08-21 10:18 ` Michal Novotny
0 siblings, 1 reply; 3+ messages in thread
From: Michal Novotny @ 2009-08-20 15:02 UTC (permalink / raw)
To: xen-devel@lists.xensource.com
[-- Attachment #1: Type: text/plain, Size: 755 bytes --]
Hi,
this is the patch to add password support to pygrub for GRUB bootloader.
It basically checks for the presence of password line in grub.conf of
the guest image and if this line is present, it supports both clear text
and md5 versions of the password. Editing the grub entries and
command-line are disabled when some password is set in domain's
grub.conf file but the password was not entered yet. Also, new option to
press 'p' in interactive pygrub has been added to allow entering the
grub password. It's been tested on x86_64 with PV guests and was working
fine. Also, the countdown has been stopped after key was pressed, ie.
the user is probably editing the boot configuration.
Michal
Signed-off-by: Michal Novotny <minovotn@redhat.com>
[-- Attachment #2: xen-pygrub-password-support.patch --]
[-- Type: text/x-patch, Size: 4972 bytes --]
diff -r 145e49b8574c tools/pygrub/src/GrubConf.py
--- a/tools/pygrub/src/GrubConf.py Tue May 19 23:44:28 2009 +0100
+++ b/tools/pygrub/src/GrubConf.py Thu Aug 20 16:58:04 2009 +0200
@@ -157,6 +157,7 @@ class GrubConfigFile(object):
self.images = []
self.timeout = -1
self._default = 0
+ self.passwordAccess = True
if fn is not None:
self.parse()
@@ -196,6 +197,7 @@ class GrubConfigFile(object):
if self.commands.has_key(com):
if self.commands[com] is not None:
setattr(self, self.commands[com], arg.strip())
+ #print "%s = %s => %s" % (com, self.commands[com], arg.strip() )
else:
logging.info("Ignored directive %s" %(com,))
else:
@@ -203,6 +205,37 @@ class GrubConfigFile(object):
if len(img) > 0:
self.add_image(GrubImage(img))
+
+ if self.hasPassword():
+ self.setPasswordAccess(False)
+
+ def hasPasswordAccess(self):
+ return self.passwordAccess
+
+ def setPasswordAccess(self, val):
+ self.passwordAccess = val
+
+ def hasPassword(self):
+ try:
+ getattr(self, self.commands['password'])
+ return True
+ except KeyError, e:
+ return False
+
+ def checkPassword(self, password):
+ try:
+ pwd = getattr(self, self.commands['password']).split()
+ if pwd[0] == '--md5':
+ import crypt
+ if crypt.crypt(password, pwd[1]) == pwd[1]:
+ return True
+
+ if pwd[0] == password:
+ return True
+
+ return False
+ except:
+ return True
def set(self, line):
(com, arg) = grub_exact_split(line, 2)
diff -r 145e49b8574c tools/pygrub/src/pygrub
--- a/tools/pygrub/src/pygrub Tue May 19 23:44:28 2009 +0100
+++ b/tools/pygrub/src/pygrub Thu Aug 20 16:58:04 2009 +0200
@@ -418,7 +418,14 @@ class Grub:
self.text_win.addstr(0, 0, "Use the U and D keys to select which entry is highlighted.")
self.text_win.addstr(1, 0, "Press enter to boot the selected OS. 'e' to edit the")
self.text_win.addstr(2, 0, "commands before booting, 'a' to modify the kernel arguments ")
- self.text_win.addstr(3, 0, "before booting, or 'c' for a command line.")
+
+ # if grub has password defined we allow option to enter password
+ if not self.cf.hasPassword():
+ self.text_win.addstr(3, 0, "before booting, or 'c' for a command line.")
+ else:
+ self.text_win.addstr(3, 0, "before booting, or 'c' for a command line. You can also")
+ self.text_win.addstr(4, 0, "press 'p' to enter password for modifications...")
+
self.text_win.addch(0, 8, curses.ACS_UARROW)
self.text_win.addch(0, 14, curses.ACS_DARROW)
(y, x) = self.text_win.getmaxyx()
@@ -457,9 +464,19 @@ class Grub:
# handle keypresses
if c == ord('c'):
+ # we disallow access without password specified
+ if not self.cf.hasPasswordAccess():
+ self.text_win.addstr(6, 8, "You have to enter GRUB password first")
+ break
+
self.command_line_mode()
break
elif c == ord('a'):
+ # we disallow access without password specified
+ if not self.cf.hasPasswordAccess():
+ self.text_win.addstr(6, 8, "You have to enter GRUB password first")
+ break
+
# find the kernel line, edit it and then boot
img = self.cf.images[self.selected_image]
for line in img.lines:
@@ -471,8 +488,23 @@ class Grub:
break
break
elif c == ord('e'):
+ # we disallow access without password specified
+ if not self.cf.hasPasswordAccess():
+ self.text_win.addstr(6, 8, "You have to enter GRUB password first")
+ break
+
img = self.cf.images[self.selected_image]
self.edit_entry(img)
+ break
+ elif c == ord('p') and self.cf.hasPassword():
+ self.text_win.addstr(6, 8, "Enter password: ")
+ pwd = self.text_win.getstr(6, 8)
+ if not self.cf.checkPassword(pwd):
+ self.text_win.addstr(6, 8, "Incorrect password!")
+ self.cf.setPasswordAccess( False )
+ else:
+ self.text_win.addstr(6, 8, "Access granted ")
+ self.cf.setPasswordAccess( True )
break
elif c in (curses.KEY_ENTER, ord('\n'), ord('\r')):
self.isdone = True
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] Add password support to pygrub for GRUB bootloader
2009-08-20 15:02 [PATCH] Add password support to pygrub for GRUB bootloader Michal Novotny
@ 2009-08-21 10:18 ` Michal Novotny
2009-08-21 13:44 ` Michal Novotny
0 siblings, 1 reply; 3+ messages in thread
From: Michal Novotny @ 2009-08-21 10:18 UTC (permalink / raw)
To: xen-devel@lists.xensource.com
[-- Attachment #1: Type: text/plain, Size: 1444 bytes --]
Hi,
this patch (applied as
http://xenbits.xensource.com/xen-unstable.hg?rev/8f783adc0ee3 , c/s
20099) introduced a problem for Itanium systems using LiloConf. This
patch is the fix for elilo. Since I am unable to find information
whether eLilo supports password protection or not, this patch makes the
entry and command-line editing on IA64 systems as if no patch with c/s
20099 was applied.
Thanks,
Michal
Michal Novotny wrote:
> Hi,
> this is the patch to add password support to pygrub for GRUB
> bootloader. It basically checks for the presence of password line in
> grub.conf of the guest image and if this line is present, it supports
> both clear text and md5 versions of the password. Editing the grub
> entries and command-line are disabled when some password is set in
> domain's grub.conf file but the password was not entered yet. Also,
> new option to press 'p' in interactive pygrub has been added to allow
> entering the grub password. It's been tested on x86_64 with PV guests
> and was working fine. Also, the countdown has been stopped after key
> was pressed, ie. the user is probably editing the boot configuration.
>
> Michal
>
> Signed-off-by: Michal Novotny <minovotn@redhat.com>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
[-- Attachment #2: xen-pygrub-password-support-lilo-fix.patch --]
[-- Type: text/x-patch, Size: 490 bytes --]
diff -r 7dad2e23bf89 tools/pygrub/src/LiloConf.py
--- a/tools/pygrub/src/LiloConf.py Thu Aug 20 22:26:16 2009 +0100
+++ b/tools/pygrub/src/LiloConf.py Fri Aug 21 12:15:02 2009 +0200
@@ -138,6 +138,12 @@ class LiloConfigFile(object):
if len(img) > 0:
self.add_image(LiloImage(img, path))
+ def hasPassword(self):
+ return False
+
+ def hasPasswordAccess(self):
+ return True
+
def add_image(self, image):
self.images.append(image)
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] Add password support to pygrub for GRUB bootloader
2009-08-21 10:18 ` Michal Novotny
@ 2009-08-21 13:44 ` Michal Novotny
0 siblings, 0 replies; 3+ messages in thread
From: Michal Novotny @ 2009-08-21 13:44 UTC (permalink / raw)
To: xen-devel@lists.xensource.com
[-- Attachment #1: Type: text/plain, Size: 1946 bytes --]
Hi,
this patch (applied as
http://xenbits.xensource.com/xen-unstable.hg?rev/8f783adc0ee3 , c/s
20099) introduced a problem for Itanium systems using LiloConf. This
patch is the fix for elilo. Since I am unable to find information
whether eLilo supports password protection or not, this patch makes the
entry and command-line editing on IA64 systems as if no patch with c/s
20099 was applied. Also, this version changes the exception trapping
from KeyError to every exception because of pyGrub would return no
result and tools would complain about that having exception instead of
providing data...
Michal
Signed-off-by: Michal Novotny <minovotn@redhat.com>
> Michal Novotny wrote:
>> Hi,
>> this is the patch to add password support to pygrub for GRUB
>> bootloader. It basically checks for the presence of password line in
>> grub.conf of the guest image and if this line is present, it supports
>> both clear text and md5 versions of the password. Editing the grub
>> entries and command-line are disabled when some password is set in
>> domain's grub.conf file but the password was not entered yet. Also,
>> new option to press 'p' in interactive pygrub has been added to allow
>> entering the grub password. It's been tested on x86_64 with PV guests
>> and was working fine. Also, the countdown has been stopped after key
>> was pressed, ie. the user is probably editing the boot configuration.
>>
>> Michal
>>
>> Signed-off-by: Michal Novotny <minovotn@redhat.com>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@lists.xensource.com
>> http://lists.xensource.com/xen-devel
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
[-- Attachment #2: xen-pygrub-password-support-lilo-fix.patch --]
[-- Type: text/x-patch, Size: 929 bytes --]
diff -r 7dad2e23bf89 tools/pygrub/src/GrubConf.py
--- a/tools/pygrub/src/GrubConf.py Thu Aug 20 22:26:16 2009 +0100
+++ b/tools/pygrub/src/GrubConf.py Fri Aug 21 15:41:27 2009 +0200
@@ -219,7 +219,7 @@ class GrubConfigFile(object):
try:
getattr(self, self.commands['password'])
return True
- except KeyError, e:
+ except:
return False
def checkPassword(self, password):
diff -r 7dad2e23bf89 tools/pygrub/src/LiloConf.py
--- a/tools/pygrub/src/LiloConf.py Thu Aug 20 22:26:16 2009 +0100
+++ b/tools/pygrub/src/LiloConf.py Fri Aug 21 15:41:27 2009 +0200
@@ -138,6 +138,12 @@ class LiloConfigFile(object):
if len(img) > 0:
self.add_image(LiloImage(img, path))
+ def hasPassword(self):
+ return False
+
+ def hasPasswordAccess(self):
+ return True
+
def add_image(self, image):
self.images.append(image)
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-08-21 13:44 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-08-20 15:02 [PATCH] Add password support to pygrub for GRUB bootloader Michal Novotny
2009-08-21 10:18 ` Michal Novotny
2009-08-21 13:44 ` Michal Novotny
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.