qubes-installer-qubes-os/anaconda/pyanaconda/ui/gui/spokes/lib/passphrase.py

232 lines
8.9 KiB
Python
Raw Normal View History

# Dialog for creating new encryption passphrase
#
# Copyright (C) 2012 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing to use,
# modify, copy, or redistribute it subject to the terms and conditions of
# the GNU General Public License v.2, or (at your option) any later version.
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY expressed or implied, including the implied warranties of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
# Public License for more details. You should have received a copy of the
# GNU General Public License along with this program; if not, write to the
# Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301, USA. Any Red Hat trademarks that are incorporated in the
# source code or documentation are not subject to the GNU General Public
# License and may only be used or replicated with the express permission of
# Red Hat, Inc.
#
import gi
gi.require_version("Gtk", "3.0")
from gi.repository import Gtk
import pwquality
from pyanaconda.ui.helpers import InputCheck
from pyanaconda.ui.gui import GUIObject
from pyanaconda.ui.gui.helpers import GUIInputCheckHandler
from pyanaconda.constants import PW_ASCII_CHARS
from pyanaconda.i18n import _, N_
from pyanaconda.ui.gui.utils import really_hide, really_show, set_password_visibility
__all__ = ["PassphraseDialog"]
ERROR_WEAK = N_("You have provided a weak passphrase: %s")
ERROR_NOT_MATCHING = N_("Passphrases do not match.")
class PassphraseDialog(GUIObject, GUIInputCheckHandler):
builderObjects = ["passphrase_dialog"]
mainWidgetName = "passphrase_dialog"
uiFile = "spokes/lib/passphrase.glade"
def __init__(self, data):
GUIObject.__init__(self, data)
GUIInputCheckHandler.__init__(self)
self._confirm_entry = self.builder.get_object("confirm_pw_entry")
self._passphrase_entry = self.builder.get_object("passphrase_entry")
self._save_button = self.builder.get_object("passphrase_save_button")
self._strength_bar = self.builder.get_object("strength_bar")
self._strength_label = self.builder.get_object("strength_label")
self._passphrase_warning_image = self.builder.get_object("passphrase_warning_image")
self._passphrase_warning_label = self.builder.get_object("passphrase_warning_label")
# Set the offset values for the strength bar colors
self._strength_bar.add_offset_value("low", 2)
self._strength_bar.add_offset_value("medium", 3)
self._strength_bar.add_offset_value("high", 4)
self._strength_bar.add_offset_value("full", 4)
# Configure the password policy, if available. Otherwise use defaults.
self.policy = self.data.anaconda.pwpolicy.get_policy("luks")
if not self.policy:
self.policy = self.data.anaconda.PwPolicyData()
# These will be set up later.
self._pwq = None
self._pwq_error = None
self.passphrase = ""
# the passphrase confirmation needs to be checked whenever either of the password
# fields change. attach to the confirm field and check changes to the
# password field in on_passphrase_changed
self._passphrase_match_check = self.add_check(self._confirm_entry, self._checkMatch)
self._strength_check = self.add_check(self._passphrase_entry, self._checkStrength)
self._ascii_check = self.add_check(self._passphrase_entry, self._checkASCII)
# set the visibility of the password entries
set_password_visibility(self._passphrase_entry, False)
set_password_visibility(self._confirm_entry, False)
def refresh(self):
super(PassphraseDialog, self).refresh()
# disable input methods for the passphrase Entry widgets
self._passphrase_entry.set_property("im-module", "")
self._confirm_entry.set_property("im-module", "")
# set up passphrase quality checker
self._pwq = pwquality.PWQSettings()
self._pwq.read_config()
self._pwq.minlen = self.policy.minlen
# initialize with the previously set passphrase
self.passphrase = self.data.autopart.passphrase
if not self.passphrase:
self._save_button.set_sensitive(False)
self._passphrase_entry.set_text(self.passphrase)
self._confirm_entry.set_text(self.passphrase)
self._update_passphrase_strength()
# Update the check states
self._passphrase_match_check.update_check_status()
self._strength_check.update_check_status()
self._ascii_check.update_check_status()
def run(self):
self.refresh()
self.window.show_all()
while True:
rc = self.window.run()
if rc == 1:
# Force an update of all the checks and then see what set_status
# did to the sensitivity of the save button
for check in self.checks:
check.update_check_status.run_now()
if self._save_button.get_sensitive():
# Input ok, save the passphrase
self.passphrase = self._passphrase_entry.get_text()
break
else:
# Input not ok, try again
continue
else:
# Cancel, destroy the window
break
self.window.destroy()
return rc
def _update_passphrase_strength(self):
passphrase = self._passphrase_entry.get_text()
strength = 0
self._pwq_error = ""
try:
strength = self._pwq.check(passphrase, None, None)
except pwquality.PWQError as e:
self._pwq_error = e.args[1]
if strength < 50:
val = 1
text = _("Weak")
elif strength < 75:
val = 2
text = _("Fair")
elif strength < 90:
val = 3
text = _("Good")
else:
val = 4
text = _("Strong")
self._strength_bar.set_value(val)
self._strength_label.set_text(text)
def set_status(self, inputcheck):
# Set the warning message with the result from the first failed check
failed_check = next(self.failed_checks_with_message, None)
if failed_check:
result_icon, result_message = failed_check.check_status
self._passphrase_warning_image.set_from_icon_name(result_icon, Gtk.IconSize.BUTTON)
self._passphrase_warning_label.set_text(result_message)
really_show(self._passphrase_warning_image)
really_show(self._passphrase_warning_label)
else:
really_hide(self._passphrase_warning_image)
really_hide(self._passphrase_warning_label)
# The save button should only be sensitive if the match check passes
if self._passphrase_match_check.check_status == InputCheck.CHECK_OK and \
(not self.policy.strict or self._strength_check.check_status == InputCheck.CHECK_OK):
self._save_button.set_sensitive(True)
else:
self._save_button.set_sensitive(False)
def _checkASCII(self, inputcheck):
passphrase = self.get_input(inputcheck.input_obj)
if passphrase and any(char not in PW_ASCII_CHARS for char in passphrase):
return ("dialog-warning", _("Passphrase contains non-ASCII characters"))
else:
return InputCheck.CHECK_OK
def _checkStrength(self, inputcheck):
if self._pwq_error:
return ("dialog-error", _(ERROR_WEAK) % self._pwq_error)
else:
return InputCheck.CHECK_OK
def _checkMatch(self, inputcheck):
passphrase = self._passphrase_entry.get_text()
confirm = self._confirm_entry.get_text()
if passphrase != confirm:
result = ("dialog-error", _(ERROR_NOT_MATCHING))
else:
result = InputCheck.CHECK_OK
return result
def on_passphrase_changed(self, entry):
self._update_passphrase_strength()
# Update the match check for changes in the main passphrase field
self._passphrase_match_check.update_check_status()
# Set the OK button to sensitive any time the passphrase or confirm
# entries change, so that the user can attempt to exit the dialog
# without waiting for the input validation timer
self._save_button.set_sensitive(True)
def on_confirm_changed(self, entry):
self._save_button.set_sensitive(True)
def on_entry_activated(self, entry):
if self._save_button.get_sensitive() and \
entry.get_text() == self._passphrase_entry.get_text():
self._save_button.emit("clicked")
def on_password_icon_clicked(self, entry, icon_pos, event):
"""Called by Gtk callback when the icon of a password entry is clicked."""
set_password_visibility(entry, not entry.get_visibility())