WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [PATCH] Add password support to pygrub for GRUB bootloader

To: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [PATCH] Add password support to pygrub for GRUB bootloader
From: Michal Novotny <minovotn@xxxxxxxxxx>
Date: Thu, 20 Aug 2009 17:02:37 +0200
Delivery-date: Thu, 20 Aug 2009 08:02:57 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.22 (X11/20090609)
Hi,
this is the patch to add password support to pygrub for GRUB bootloader. It basically checks for the presence of password line in grub.conf of the guest image and if this line is present, it supports both clear text and md5 versions of the password. Editing the grub entries and command-line are disabled when some password is set in domain's grub.conf file but the password was not entered yet. Also, new option to press 'p' in interactive pygrub has been added to allow entering the grub password. It's been tested on x86_64 with PV guests and was working fine. Also, the countdown has been stopped after key was pressed, ie. the user is probably editing the boot configuration.

Michal

Signed-off-by: Michal Novotny <minovotn@xxxxxxxxxx>
diff -r 145e49b8574c tools/pygrub/src/GrubConf.py
--- a/tools/pygrub/src/GrubConf.py      Tue May 19 23:44:28 2009 +0100
+++ b/tools/pygrub/src/GrubConf.py      Thu Aug 20 16:58:04 2009 +0200
@@ -157,6 +157,7 @@ class GrubConfigFile(object):
         self.images = []
         self.timeout = -1
         self._default = 0
+        self.passwordAccess = True
 
         if fn is not None:
             self.parse()
@@ -196,6 +197,7 @@ class GrubConfigFile(object):
             if self.commands.has_key(com):
                 if self.commands[com] is not None:
                     setattr(self, self.commands[com], arg.strip())
+                    #print "%s = %s => %s" % (com, self.commands[com], 
arg.strip() )
                 else:
                     logging.info("Ignored directive %s" %(com,))
             else:
@@ -203,6 +205,37 @@ class GrubConfigFile(object):
                 
         if len(img) > 0:
             self.add_image(GrubImage(img))
+
+        if self.hasPassword():
+            self.setPasswordAccess(False)
+
+    def hasPasswordAccess(self):
+        return self.passwordAccess
+
+    def setPasswordAccess(self, val):
+        self.passwordAccess = val
+
+    def hasPassword(self):
+        try:
+            getattr(self, self.commands['password'])
+            return True
+        except KeyError, e:
+            return False
+
+    def checkPassword(self, password):
+        try:
+            pwd = getattr(self, self.commands['password']).split()
+            if pwd[0] == '--md5':
+                import crypt
+                if crypt.crypt(password, pwd[1]) == pwd[1]:
+                    return True
+
+            if pwd[0] == password:
+                return True
+
+            return False
+        except:
+            return True
 
     def set(self, line):
         (com, arg) = grub_exact_split(line, 2)
diff -r 145e49b8574c tools/pygrub/src/pygrub
--- a/tools/pygrub/src/pygrub   Tue May 19 23:44:28 2009 +0100
+++ b/tools/pygrub/src/pygrub   Thu Aug 20 16:58:04 2009 +0200
@@ -418,7 +418,14 @@ class Grub:
             self.text_win.addstr(0, 0, "Use the U and D keys to select which 
entry is highlighted.")
             self.text_win.addstr(1, 0, "Press enter to boot the selected OS. 
'e' to edit the")
             self.text_win.addstr(2, 0, "commands before booting, 'a' to modify 
the kernel arguments ")
-            self.text_win.addstr(3, 0, "before booting, or 'c' for a command 
line.")
+
+            # if grub has password defined we allow option to enter password
+            if not self.cf.hasPassword():
+                self.text_win.addstr(3, 0, "before booting, or 'c' for a 
command line.")
+            else:
+                self.text_win.addstr(3, 0, "before booting, or 'c' for a 
command line. You can also")
+                self.text_win.addstr(4, 0, "press 'p' to enter password for 
modifications...")
+
             self.text_win.addch(0, 8, curses.ACS_UARROW)
             self.text_win.addch(0, 14, curses.ACS_DARROW)
             (y, x) = self.text_win.getmaxyx()
@@ -457,9 +464,19 @@ class Grub:
 
             # handle keypresses
             if c == ord('c'):
+                # we disallow access without password specified
+                if not self.cf.hasPasswordAccess():
+                    self.text_win.addstr(6, 8, "You have to enter GRUB 
password first")
+                    break
+
                 self.command_line_mode()
                 break
             elif c == ord('a'):
+                # we disallow access without password specified
+                if not self.cf.hasPasswordAccess():
+                    self.text_win.addstr(6, 8, "You have to enter GRUB 
password first")
+                    break
+
                 # find the kernel line, edit it and then boot
                 img = self.cf.images[self.selected_image]
                 for line in img.lines:
@@ -471,8 +488,23 @@ class Grub:
                             break
                 break
             elif c == ord('e'):
+                # we disallow access without password specified
+                if not self.cf.hasPasswordAccess():
+                    self.text_win.addstr(6, 8, "You have to enter GRUB 
password first")
+                    break
+
                 img = self.cf.images[self.selected_image]
                 self.edit_entry(img)
+                break
+            elif c == ord('p') and self.cf.hasPassword():
+                self.text_win.addstr(6, 8, "Enter password: ")
+                pwd = self.text_win.getstr(6, 8)
+                if not self.cf.checkPassword(pwd):
+                    self.text_win.addstr(6, 8, "Incorrect password!")
+                    self.cf.setPasswordAccess( False )
+                else:
+                    self.text_win.addstr(6, 8, "Access granted     ")
+                    self.cf.setPasswordAccess( True )
                 break
             elif c in (curses.KEY_ENTER, ord('\n'), ord('\r')):
                 self.isdone = True

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
<Prev in Thread] Current Thread [Next in Thread>