installer: Turn passwords into opaque records.

* gnu/installer/user.scm (<secret>, secret?, make-secret,
secret-content): Add opaque <secret> record that boxes its contents,
with a custom printer that doesn't display anything.
* gnu/installer/newt/user.scm (run-user-add-page, run-user-page): Box
it.
* gnu/installer/final.scm (create-user-database): Unbox it.

Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
This commit is contained in:
Josselin Poiret 2022-01-15 14:50:10 +01:00 committed by Mathieu Othacehe
parent 41eb0f01fc
commit 112ef30b84
No known key found for this signature in database
GPG key ID: 8354763531769CA6
3 changed files with 24 additions and 6 deletions

View file

@ -85,8 +85,9 @@ (define root?
(uid (if root? 0 #f)) (uid (if root? 0 #f))
(home-directory (home-directory
(user-home-directory user)) (user-home-directory user))
(password (crypt (user-password user) (password (crypt
(salt))) (secret-content (user-password user))
(salt)))
;; We need a string here, not a file-like, hence ;; We need a string here, not a file-like, hence
;; this choice. ;; this choice.

View file

@ -143,7 +143,7 @@ (define (pad-label label)
(name name) (name name)
(real-name real-name) (real-name real-name)
(home-directory home-directory) (home-directory home-directory)
(password password)) (password (make-secret password)))
(run-user-add-page #:name name (run-user-add-page #:name name
#:real-name real-name #:real-name real-name
#:home-directory #:home-directory
@ -266,7 +266,7 @@ (define (run users)
(map (lambda (name real-name home password) (map (lambda (name real-name home password)
(user (name name) (real-name real-name) (user (name name) (real-name real-name)
(home-directory home) (home-directory home)
(password password))) (password (make-secret password))))
names real-names homes passwords)))))) names real-names homes passwords))))))
(lambda () (lambda ()
(destroy-form-and-pop form)))))) (destroy-form-and-pop form))))))
@ -274,5 +274,5 @@ (define (run users)
;; Add a "root" user simply to convey the root password. ;; Add a "root" user simply to convey the root password.
(cons (user (name "root") (cons (user (name "root")
(home-directory "/root") (home-directory "/root")
(password (run-root-password-page))) (password (make-secret (run-root-password-page))))
(run '()))) (run '())))

View file

@ -19,7 +19,14 @@
(define-module (gnu installer user) (define-module (gnu installer user)
#:use-module (guix records) #:use-module (guix records)
#:use-module (srfi srfi-1) #:use-module (srfi srfi-1)
#:export (<user> #:use-module (srfi srfi-9)
#:use-module (srfi srfi-9 gnu)
#:export (<secret>
secret?
make-secret
secret-content
<user>
user user
make-user make-user
user-name user-name
@ -30,6 +37,16 @@ (define-module (gnu installer user)
users->configuration)) users->configuration))
(define-record-type <secret>
(make-secret content)
secret?
(content secret-content))
(set-record-type-printer!
<secret>
(lambda (secret port)
(format port "<secret>")))
(define-record-type* <user> (define-record-type* <user>
user make-user user make-user
user? user?