154 lines
4.8 KiB
Diff
154 lines
4.8 KiB
Diff
From 386b59ddb42fa3f86ddfe557113b25c8fa16f88c Mon Sep 17 00:00:00 2001
|
|
From: Forest <forestix@nom.one>
|
|
Date: Mon, 6 May 2024 17:07:30 -0700
|
|
Subject: [PATCH] disk/cryptodisk: Allow user to retry failed passphrase
|
|
|
|
Give the user a chance to re-enter their cryptodisk passphrase after a typo,
|
|
rather than immediately failing (and likely dumping them into a GRUB shell).
|
|
|
|
By default, we allow 3 tries before giving up. A value in the
|
|
cryptodisk_passphrase_tries environment variable will override this default.
|
|
|
|
The user can give up early by entering an empty passphrase, just as they
|
|
could before this patch.
|
|
|
|
Signed-off-by: Forest <forestix@nom.one>
|
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
---
|
|
docs/grub.texi | 9 +++++
|
|
grub-core/disk/cryptodisk.c | 71 ++++++++++++++++++++++++++++---------
|
|
2 files changed, 64 insertions(+), 16 deletions(-)
|
|
|
|
Index: grub-2.12/docs/grub.texi
|
|
===================================================================
|
|
--- grub-2.12.orig/docs/grub.texi
|
|
+++ grub-2.12/docs/grub.texi
|
|
@@ -3278,6 +3278,7 @@ These variables have special meaning to
|
|
* color_normal::
|
|
* config_directory::
|
|
* config_file::
|
|
+* cryptodisk_passphrase_tries::
|
|
* debug::
|
|
* default::
|
|
* fallback::
|
|
@@ -3450,6 +3451,14 @@ processed by commands @command{configfil
|
|
(@pxref{normal}). It is restored to the previous value when command completes.
|
|
|
|
|
|
+@node cryptodisk_passphrase_tries
|
|
+@subsection cryptodisk_passphrase_tries
|
|
+
|
|
+When prompting the user for a cryptodisk passphrase, allow this many attempts
|
|
+before giving up. Defaults to @samp{3} if unset or set to an invalid value.
|
|
+(The user can give up early by entering an empty passphrase.)
|
|
+
|
|
+
|
|
@node debug
|
|
@subsection debug
|
|
|
|
Index: grub-2.12/grub-core/disk/cryptodisk.c
|
|
===================================================================
|
|
--- grub-2.12.orig/grub-core/disk/cryptodisk.c
|
|
+++ grub-2.12/grub-core/disk/cryptodisk.c
|
|
@@ -17,6 +17,7 @@
|
|
*/
|
|
|
|
#include <grub/cryptodisk.h>
|
|
+#include <grub/env.h>
|
|
#include <grub/mm.h>
|
|
#include <grub/misc.h>
|
|
#include <grub/dl.h>
|
|
@@ -1202,37 +1203,76 @@ grub_cryptodisk_scan_device_real (const
|
|
grub_free (part);
|
|
}
|
|
|
|
- if (!cargs->key_len)
|
|
+ if (cargs->key_len)
|
|
{
|
|
+ ret = cr->recover_key (source, dev, cargs);
|
|
+ if (ret != GRUB_ERR_NONE)
|
|
+ goto error;
|
|
+ }
|
|
+ else
|
|
+ {
|
|
+ /* Get the passphrase from the user, if no key data. */
|
|
+ unsigned long tries = 3;
|
|
+ const char *tries_env;
|
|
+
|
|
if (grub_errno)
|
|
{
|
|
grub_print_error ();
|
|
grub_errno = GRUB_ERR_NONE;
|
|
}
|
|
|
|
- /* Get the passphrase from the user, if no key data. */
|
|
askpass = 1;
|
|
- part = grub_partition_get_name (source->partition);
|
|
- grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
|
|
- source->partition != NULL ? "," : "",
|
|
- part != NULL ? part : N_("UNKNOWN"), dev->uuid);
|
|
- grub_free (part);
|
|
-
|
|
cargs->key_data = grub_malloc (GRUB_CRYPTODISK_MAX_PASSPHRASE);
|
|
if (cargs->key_data == NULL)
|
|
goto error;
|
|
|
|
- if (!grub_password_get ((char *) cargs->key_data, GRUB_CRYPTODISK_MAX_PASSPHRASE))
|
|
+ tries_env = grub_env_get ("cryptodisk_passphrase_tries");
|
|
+ if (tries_env != NULL && tries_env[0] != '\0')
|
|
{
|
|
- grub_error (GRUB_ERR_BAD_ARGUMENT, "passphrase not supplied");
|
|
- goto error;
|
|
+ unsigned long tries_env_val;
|
|
+ const char *p;
|
|
+
|
|
+ tries_env_val = grub_strtoul (tries_env, &p, 0);
|
|
+ if (*p == '\0' && tries_env_val != ~0UL)
|
|
+ tries = tries_env_val;
|
|
+ else
|
|
+ grub_printf_ (N_("Invalid cryptodisk_passphrase_tries value `%s'. Defaulting to %lu.\n"),
|
|
+ tries_env,
|
|
+ tries);
|
|
}
|
|
- cargs->key_len = grub_strlen ((char *) cargs->key_data);
|
|
- }
|
|
|
|
- ret = cr->recover_key (source, dev, cargs);
|
|
- if (ret != GRUB_ERR_NONE)
|
|
- goto error;
|
|
+ for (; tries > 0; tries--)
|
|
+ {
|
|
+ part = grub_partition_get_name (source->partition);
|
|
+ grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
|
|
+ source->partition != NULL ? "," : "",
|
|
+ part != NULL ? part : N_("UNKNOWN"),
|
|
+ dev->uuid);
|
|
+ grub_free (part);
|
|
+
|
|
+ if (!grub_password_get ((char *) cargs->key_data, GRUB_CRYPTODISK_MAX_PASSPHRASE))
|
|
+ {
|
|
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "passphrase not supplied");
|
|
+ goto error;
|
|
+ }
|
|
+ cargs->key_len = grub_strlen ((char *) cargs->key_data);
|
|
+
|
|
+ ret = cr->recover_key (source, dev, cargs);
|
|
+ if (ret == GRUB_ERR_NONE)
|
|
+ break;
|
|
+ if (ret != GRUB_ERR_ACCESS_DENIED || tries == 1)
|
|
+ goto error;
|
|
+ grub_puts_ (N_("Invalid passphrase."));
|
|
+
|
|
+ /*
|
|
+ * Since recover_key() calls a function that returns grub_errno,
|
|
+ * a leftover error value from a previously rejected passphrase
|
|
+ * will trigger a phantom failure. We therefore clear it before
|
|
+ * trying a new passphrase.
|
|
+ */
|
|
+ grub_errno = GRUB_ERR_NONE;
|
|
+ }
|
|
+ }
|
|
|
|
ret = grub_cryptodisk_insert (dev, name, source);
|
|
if (ret != GRUB_ERR_NONE)
|