[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#321109: [PATCH] grub-installer password confirmation, debian #321109

On Monday 14 August 2006 16:21, Julian Graham wrote:
> Find attached a revised version of the patch that asks the questions
> together.

After looking at the patch a bit more I noticed that it conflicts with 
current preseeding:
- it does not allow preseeding anymore because it empties password
- the grub-installer/password-mismatch does not really need its own db_go.

Also, when I suggested to combine the two questions into one dialog, I did 
not realize that an empty password is a valid option. That makes 
combining the questions less logical as 'password-again' would always be 
asked, even if 'password' was empty, so I've reverted that. Sorry about 
that.

Current preseeding looks at password + a boolean password-crypted to tell 
if the password is encrypted or not. This is not in line with preseeding 
an encrypted password in user-setup. So I have changed this too.
Because this change of the definition of password-crypted has the risk of 
breaking existing preseed files, I have included a somewhat rough check 
to prevent disasters.

With preseeding, the following situation also needs to be supported.
Passwords are preseeded, but with different values (typo in one); the 
install is being run at critical priority. This would mean that the check 
fails and an error is shown, but the user never gets a chance to correct 
his entry as the password questions are never shown (being at low 
priority).

I think the attached alternative patch resolves all these issues. Could 
you please review it and test if this works?

Note that I've also changed the indentation to use tabs only. This is 
standard for scripts in d-i as it helps reduce memory usage (1 tab is 
less than 8 spaces...).

Cheers,
FJP


Index: debian/grub-installer.templates
===================================================================
--- debian/grub-installer.templates	(revision 39802)
+++ debian/grub-installer.templates	(working copy)
@@ -61,11 +61,23 @@
  .
  If you do not wish to set a GRUB password, leave this field blank.
 
+Template: grub-installer/password-again
+Type: password
+_Description: Re-enter password to verify:
+ Please enter the same GRUB password again to verify you have typed it
+ correctly.
+
+Template: grub-installer/password-mismatch
+Type: note
+_Description: Password mismatch
+ The two passwords you entered were not the same. Please enter a password
+ again.
+
+# Allow preseeding the GRUB password with a crypted password
+# rather than cleartext
 Template: grub-installer/password-crypted
-Type: boolean
-Default: false
-# Only for preseeding, not translatable.
-Description: Has the value of grub-installer/password already been encrypted?
+Type: password
+Description: For internal use only
 
 Template: grub-installer/apt-install-failed
 Type: boolean
Index: grub-installer
===================================================================
--- grub-installer	(revision 39802)
+++ grub-installer	(working copy)
@@ -365,21 +365,56 @@
 rm -f $ROOT/boot/grub/menu.lst
 update_grub
 
-# Set up a password if asked.
-db_input low grub-installer/password || true
-if ! db_go; then
-	# back up to menu
-	db_progress STOP
-	exit 10
-fi
-db_get grub-installer/password
+# Set up a password if asked or preseeded.
+db_get grub-installer/password-crypted
 if [ "$RET" ]; then
+	# password-crypted used to be a boolean template
+	if [ $RET = false ] || [ $RET = true ]; then
+		error "Preseeding of encrypted passwords changed! Check installation guide."
+		exit 1
+	fi
 	password="$RET"
-	# check if the password is crypted
-	db_get grub-installer/password-crypted
-	if [ "$RET" = true ]; then
-		password_opts=--md5
-	fi
+	password_opts="--md5"
+else
+	PW_PRIO=low
+	while [ 1 ]; do
+		password=""
+		db_input $PW_PRIO grub-installer/password || true
+		if ! db_go; then
+			# back up to menu
+			db_progress STOP
+			exit 10
+		fi
+
+		db_get grub-installer/password
+		if [ "$RET" ]; then
+			password="$RET"
+			db_input $PW_PRIO grub-installer/password-again || true
+			if ! db_go; then
+				# back up to menu
+				db_progress STOP
+				exit 10
+			fi
+			db_get grub-installer/password-again
+			if [ $RET = "$password" ]; then
+				break
+			else 
+				db_input critical grub-installer/password-mismatch || true
+			fi
+		else
+			# No password is allowed
+			break
+		fi
+		# We only get here if passwords don't match
+		PW_PRIO=critical
+		db_set grub-installer/password ""
+		db_set grub-installer/password-again ""
+		db_fset grub-installer/password seen false
+		db_fset grub-installer/password-again seen false
+	done
+fi
+
+if [ "$password" ]; then
 	echo "password ${password_opts:+$password_opts }$password" \
 		> /tmp/menu.lst.password
 	# Add a line to menu.lst to use the given password

Attachment: pgptmOzRY6jaP.pgp
Description: PGP signature

Reply to: