18/20: installer: Turn passwords into opaque records.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

18/20: installer: Turn passwords into opaque records.

From:	guix-commits
Subject:	18/20: installer: Turn passwords into opaque records.
Date:	Wed, 2 Feb 2022 10:47:06 -0500 (EST)

mothacehe pushed a commit to branch master
in repository guix.

commit 112ef30b84744872b3a7617d9e54b3df5db95560
Author: Josselin Poiret <dev@jpoiret.xyz>
AuthorDate: Sat Jan 15 14:50:10 2022 +0100

    installer: Turn passwords into opaque records.
    
    * gnu/installer/user.scm (<secret>, secret?, make-secret,
    secret-content): Add opaque <secret> record that boxes its contents,
    with a custom printer that doesn't display anything.
    * gnu/installer/newt/user.scm (run-user-add-page, run-user-page): Box
    it.
    * gnu/installer/final.scm (create-user-database): Unbox it.
    
    Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
---
 gnu/installer/final.scm     |  5 +++--
 gnu/installer/newt/user.scm |  6 +++---
 gnu/installer/user.scm      | 19 ++++++++++++++++++-
 3 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/gnu/installer/final.scm b/gnu/installer/final.scm
index 63e5073ff4..2087536502 100644
--- a/gnu/installer/final.scm
+++ b/gnu/installer/final.scm
@@ -85,8 +85,9 @@ USERS."
                              (uid (if root? 0 #f))
                              (home-directory
                               (user-home-directory user))
-                             (password (crypt (user-password user)
-                                              (salt)))
+                             (password (crypt
+                                        (secret-content (user-password user))
+                                        (salt)))
 
                              ;; We need a string here, not a file-like, hence
                              ;; this choice.
diff --git a/gnu/installer/newt/user.scm b/gnu/installer/newt/user.scm
index 97141cfe64..7c1cc2249d 100644
--- a/gnu/installer/newt/user.scm
+++ b/gnu/installer/newt/user.scm
@@ -143,7 +143,7 @@ REAL-NAME, and HOME-DIRECTORY as the initial values in the 
form."
                              (name name)
                              (real-name real-name)
                              (home-directory home-directory)
-                             (password password))
+                             (password (make-secret password)))
                             (run-user-add-page #:name name
                                                #:real-name real-name
                                                #:home-directory
@@ -266,7 +266,7 @@ administrator (\"root\").")
                   (map (lambda (name real-name home password)
                          (user (name name) (real-name real-name)
                                (home-directory home)
-                               (password password)))
+                               (password (make-secret password))))
                        names real-names homes passwords))))))
           (lambda ()
             (destroy-form-and-pop form))))))
@@ -274,5 +274,5 @@ administrator (\"root\").")
   ;; Add a "root" user simply to convey the root password.
   (cons (user (name "root")
               (home-directory "/root")
-              (password (run-root-password-page)))
+              (password (make-secret (run-root-password-page))))
         (run '())))
diff --git a/gnu/installer/user.scm b/gnu/installer/user.scm
index 4e701e64ce..c894a91dc8 100644
--- a/gnu/installer/user.scm
+++ b/gnu/installer/user.scm
@@ -19,7 +19,14 @@
 (define-module (gnu installer user)
   #:use-module (guix records)
   #:use-module (srfi srfi-1)
-  #:export (<user>
+  #:use-module (srfi srfi-9)
+  #:use-module (srfi srfi-9 gnu)
+  #:export (<secret>
+            secret?
+            make-secret
+            secret-content
+
+            <user>
             user
             make-user
             user-name
@@ -30,6 +37,16 @@
 
             users->configuration))
 
+(define-record-type <secret>
+  (make-secret content)
+  secret?
+  (content secret-content))
+
+(set-record-type-printer!
+ <secret>
+ (lambda (secret port)
+   (format port "<secret>")))
+
 (define-record-type* <user>
   user make-user
   user?

[Prev in Thread]

Current Thread

[Next in Thread]

13/20: installer: Replace run-command by invoke in newt/page.scm., (continued)
- 13/20: installer: Replace run-command by invoke in newt/page.scm., guix-commits, 2022/02/02
- 03/20: installer: Generalize logging facility., guix-commits, 2022/02/02
- 15/20: installer: Use named prompt to abort or break installer steps., guix-commits, 2022/02/02
- 14/20: installer: Add nano to PATH., guix-commits, 2022/02/02
- 19/20: installer: Make dump archive creation optional and selective., guix-commits, 2022/02/02
- 16/20: installer: Add error page when running external commands., guix-commits, 2022/02/02
- 10/20: installer: Use run-command-in-installer in (gnu installer parted)., guix-commits, 2022/02/02
- 05/20: installer: Un-export syslog syntax., guix-commits, 2022/02/02
- 07/20: installer: Remove specific logging code., guix-commits, 2022/02/02
- 08/20: installer: Capture external commands output., guix-commits, 2022/02/02
- 18/20: installer: Turn passwords into opaque records., guix-commits <=

Prev by Date: 08/20: installer: Capture external commands output.
Next by Date: branch master updated: Add a crash-dump service.
Previous by thread: 08/20: installer: Capture external commands output.
Next by thread: branch master updated: Add a crash-dump service.
Index(es):
- Date
- Thread