[PATCH 3/3] Collect LUKS passphrases to avoid making users enter them repeatedly.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This pretty much makes us behave like plymouth: We try every passphrase
we know until one works. If we have none, or none works, we prompt for
a passphrase. If that passphrase works, we add it to our list.

Resolves: rhbz#588942
---
 data/ui/lukspassphrase.glade     |   18 -------------
 pyanaconda/gui.py                |    5 +---
 pyanaconda/rescue.py             |    4 +-
 pyanaconda/storage/devicetree.py |   51 +++++++++++++++++++------------------
 pyanaconda/text.py               |   15 +++-------
 5 files changed, 34 insertions(+), 59 deletions(-)

diff --git a/data/ui/lukspassphrase.glade b/data/ui/lukspassphrase.glade
index b688e8a..0ec97b5 100644
--- a/data/ui/lukspassphrase.glade
+++ b/data/ui/lukspassphrase.glade
@@ -414,24 +414,6 @@
 	    </packing>
 	  </child>
 
-	  <child>
-	    <widget class="GtkCheckButton" id="globalcheckbutton">
-	      <property name="visible">True</property>
-	      <property name="can_focus">True</property>
-	      <property name="label" translatable="yes">This is a global passphrase</property>
-	      <property name="use_underline">True</property>
-	      <property name="relief">GTK_RELIEF_NORMAL</property>
-	      <property name="focus_on_click">True</property>
-	      <property name="active">False</property>
-	      <property name="inconsistent">False</property>
-	      <property name="draw_indicator">True</property>
-	    </widget>
-	    <packing>
-	      <property name="padding">0</property>
-	      <property name="expand">False</property>
-	      <property name="fill">False</property>
-	    </packing>
-	  </child>
 	</widget>
 	<packing>
 	  <property name="padding">0</property>
diff --git a/pyanaconda/gui.py b/pyanaconda/gui.py
index 12aeb8c..70c954a 100755
--- a/pyanaconda/gui.py
+++ b/pyanaconda/gui.py
@@ -596,7 +596,6 @@ class PassphraseEntryWindow:
         self.win = xml.get_widget("passphraseEntryDialog")
         self.passphraseLabel = xml.get_widget("passphraseLabel")
         self.passphraseEntry = xml.get_widget("passphraseEntry2")
-        self.globalcheckbutton = xml.get_widget("globalcheckbutton")
 
         if parent:
             self.win.set_transient_for(parent)
@@ -614,15 +613,13 @@ class PassphraseEntryWindow:
 
         rc = self.win.run()
         passphrase = None
-        isglobal = False
         if rc == gtk.RESPONSE_OK:
             passphrase = self.passphraseEntry.get_text()
-            isglobal = self.globalcheckbutton.get_active()
 
         if busycursor:
             setCursorToBusy()
 
-        self.rc = (passphrase, isglobal)
+        self.rc = passphrase
         return self.rc
 
     def getrc(self):
diff --git a/pyanaconda/rescue.py b/pyanaconda/rescue.py
index bb21bf3..f6e55dc 100644
--- a/pyanaconda/rescue.py
+++ b/pyanaconda/rescue.py
@@ -103,9 +103,9 @@ class RescueInterface(InstallInterfaceBase):
 
     def passphraseEntryWindow(self, device):
         w = PassphraseEntryWindow(self.screen, device)
-        (passphrase, isglobal) = w.run()
+        passphrase = w.run()
         w.pop()
-        return (passphrase, isglobal)
+        return passphrase
 
     def resetInitializeDiskQuestion(self):
         self._initLabelAnswers = {}
diff --git a/pyanaconda/storage/devicetree.py b/pyanaconda/storage/devicetree.py
index 3a1f417..72da38c 100644
--- a/pyanaconda/storage/devicetree.py
+++ b/pyanaconda/storage/devicetree.py
@@ -50,7 +50,7 @@ _ = lambda x: gettext.ldgettext("anaconda", x)
 import logging
 log = logging.getLogger("storage")
 
-def getLUKSPassphrase(intf, device, globalPassphrase):
+def getLUKSPassphrase(intf, device, passphrases):
     """ Obtain a passphrase for a LUKS encrypted block device.
 
         The format's mapping name must already be set and the backing
@@ -58,10 +58,7 @@ def getLUKSPassphrase(intf, device, globalPassphrase):
 
         If successful, this function leaves the device mapped.
 
-        Return value is a two-tuple: (passphrase, isglobal)
-
-        passphrase is the passphrase string, if obtained
-        isglobal is a boolean indicating whether the passphrase is global
+        Return value is the passphrase string, if obtained
 
         Either or both can be None, depending on the outcome.
     """
@@ -77,20 +74,20 @@ def getLUKSPassphrase(intf, device, globalPassphrase):
         # the device is already mapped
         raise RuntimeError("device is already mapped")
 
-    if not device.format.configured and globalPassphrase:
-        # try the given passphrase first
-        device.format.passphrase =  globalPassphrase
-    
-        try:
-            device.format.setup()
-        except CryptoError as e:
-            device.format.passphrase = None
-        else:
-            # we've opened the device so we're done.
-            return (globalPassphrase, False)
+    if not device.format.configured and passphrases:
+        for passphrase in passphrases:
+            device.format.passphrase =  passphrase
+
+            try:
+                device.format.setup()
+            except CryptoError as e:
+                device.format.passphrase = None
+            else:
+                # we've opened the device so we're done.
+                return passphrase
 
     if not intf:
-        return (None, None)
+        return None
     
     buttons = [_("Back"), _("Continue")]
     passphrase_incorrect = False
@@ -99,7 +96,7 @@ def getLUKSPassphrase(intf, device, globalPassphrase):
             # TODO: add a flag to passphraseEntryWindow to say the last
             #       passphrase was incorrect so try again
             passphrase_incorrect = False
-        (passphrase, isglobal) = intf.passphraseEntryWindow(device.name)
+        passphrase = intf.passphraseEntryWindow(device.name)
         if not passphrase:
             rc = intf.messageWindow(_("Confirm"),
                                     _("Are you sure you want to skip "
@@ -116,7 +113,6 @@ def getLUKSPassphrase(intf, device, globalPassphrase):
                 continue
             else:
                 passphrase = None
-                isglobal = None
                 log.info("skipping passphrase for %s" % (device.name,))
                 break
 
@@ -131,7 +127,7 @@ def getLUKSPassphrase(intf, device, globalPassphrase):
             # we've opened the device so we're done.
             break
 
-    return (passphrase, isglobal)
+    return passphrase
 
 
 class DeviceTree(object):
@@ -189,10 +185,15 @@ class DeviceTree(object):
         self.__multipaths = {}
         self.__multipathConfigWriter = devicelibs.mpath.MultipathConfigWriter()
 
-        self.__passphrase = passphrase
+        self.__passphrases = []
+        if passphrase:
+            self.__passphrases.append(passphrase)
+
         self.__luksDevs = {}
         if luksDict and isinstance(luksDict, dict):
             self.__luksDevs = luksDict
+            self.__passphrases.extend(luksDict.values())
+
         self._ignoredDisks = []
         for disk in getattr(conf, "ignoredDisks", []):
             self.addIgnoredDisk(disk)
@@ -1150,11 +1151,11 @@ class DeviceTree(object):
                     # this makes device.configured return True
                     device.format.passphrase = 'yabbadabbadoo'
             else:
-                (passphrase, isglobal) = getLUKSPassphrase(self.intf,
+                passphrase = getLUKSPassphrase(self.intf,
                                                 device,
-                                                self.__passphrase)
-                if isglobal and device.format.status:
-                    self.__passphrase = passphrase
+                                                self.__passphrases)
+                if passphrase and passphrase not in self.__passphrases:
+                    self.__passphrases.append(passphrase)
 
             luks_device = LUKSDevice(device.format.mapName,
                                      parents=[device],
diff --git a/pyanaconda/text.py b/pyanaconda/text.py
index 17e3911..cbf1ebc 100644
--- a/pyanaconda/text.py
+++ b/pyanaconda/text.py
@@ -230,7 +230,7 @@ class PassphraseEntryWindow:
         self.rc = None
 
     def run(self):
-        toplevel = GridForm(self.screen, _("Passphrase"), 1, 4)
+        toplevel = GridForm(self.screen, _("Passphrase"), 1, 3)
 
         txt = TextboxReflowed(65, self.txt)
         toplevel.add(txt, 0, 0)
@@ -238,22 +238,17 @@ class PassphraseEntryWindow:
         passphraseentry = Entry(60, password = 1)
         toplevel.add(passphraseentry, 0, 1, (0,0,0,1))
 
-        globalcheckbox = Checkbox(_("This is a global passphrase"))
-        toplevel.add(globalcheckbox, 0, 2)
-
         buttons = ButtonBar(self.screen, [TEXT_OK_BUTTON, TEXT_CANCEL_BUTTON])
-        toplevel.add(buttons, 0, 3, growx=1)
+        toplevel.add(buttons, 0, 2, growx=1)
 
         rc = toplevel.run()
         res = buttons.buttonPressed(rc)
 
         passphrase = None
-        isglobal = False
         if res == TEXT_OK_CHECK:
             passphrase = passphraseentry.value().strip()
-            isglobal = globalcheckbox.selected()
 
-        self.rc = (passphrase, isglobal)
+        self.rc = passphrase
         return self.rc
 
     def pop(self):
@@ -405,9 +400,9 @@ class InstallInterface(InstallInterfaceBase):
 
     def passphraseEntryWindow(self, device):
         w = PassphraseEntryWindow(self.screen, device)
-        (passphrase, isglobal) = w.run()
+        passphrase = w.run()
         w.pop()
-        return (passphrase, isglobal)
+        return passphrase
 
     def enableNetwork(self):
         if len(self.anaconda.network.netdevices) == 0:
-- 
1.7.3.5

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list


[Index of Archives]     [Kickstart]     [Fedora Users]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]
  Powered by Linux