6bc5671491
Apply: git diff --full-index --binary anaconda-23.19.10-1..anaconda-25.20.9-1 And resolve conflicts. QubesOS/qubes-issues#2574
232 lines
8.9 KiB
Python
232 lines
8.9 KiB
Python
# Dialog for creating new encryption passphrase
|
|
#
|
|
# Copyright (C) 2012 Red Hat, Inc.
|
|
#
|
|
# This copyrighted material is made available to anyone wishing to use,
|
|
# modify, copy, or redistribute it subject to the terms and conditions of
|
|
# the GNU General Public License v.2, or (at your option) any later version.
|
|
# This program is distributed in the hope that it will be useful, but WITHOUT
|
|
# ANY WARRANTY expressed or implied, including the implied warranties of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
|
|
# Public License for more details. You should have received a copy of the
|
|
# GNU General Public License along with this program; if not, write to the
|
|
# Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
# 02110-1301, USA. Any Red Hat trademarks that are incorporated in the
|
|
# source code or documentation are not subject to the GNU General Public
|
|
# License and may only be used or replicated with the express permission of
|
|
# Red Hat, Inc.
|
|
#
|
|
|
|
import gi
|
|
gi.require_version("Gtk", "3.0")
|
|
|
|
from gi.repository import Gtk
|
|
|
|
import pwquality
|
|
|
|
from pyanaconda.ui.helpers import InputCheck
|
|
from pyanaconda.ui.gui import GUIObject
|
|
from pyanaconda.ui.gui.helpers import GUIInputCheckHandler
|
|
from pyanaconda.constants import PW_ASCII_CHARS
|
|
from pyanaconda.i18n import _, N_
|
|
from pyanaconda.ui.gui.utils import really_hide, really_show, set_password_visibility
|
|
|
|
__all__ = ["PassphraseDialog"]
|
|
|
|
ERROR_WEAK = N_("You have provided a weak passphrase: %s")
|
|
ERROR_NOT_MATCHING = N_("Passphrases do not match.")
|
|
|
|
class PassphraseDialog(GUIObject, GUIInputCheckHandler):
|
|
builderObjects = ["passphrase_dialog"]
|
|
mainWidgetName = "passphrase_dialog"
|
|
uiFile = "spokes/lib/passphrase.glade"
|
|
|
|
def __init__(self, data):
|
|
GUIObject.__init__(self, data)
|
|
GUIInputCheckHandler.__init__(self)
|
|
|
|
self._confirm_entry = self.builder.get_object("confirm_pw_entry")
|
|
self._passphrase_entry = self.builder.get_object("passphrase_entry")
|
|
|
|
self._save_button = self.builder.get_object("passphrase_save_button")
|
|
|
|
self._strength_bar = self.builder.get_object("strength_bar")
|
|
self._strength_label = self.builder.get_object("strength_label")
|
|
|
|
self._passphrase_warning_image = self.builder.get_object("passphrase_warning_image")
|
|
self._passphrase_warning_label = self.builder.get_object("passphrase_warning_label")
|
|
|
|
# Set the offset values for the strength bar colors
|
|
self._strength_bar.add_offset_value("low", 2)
|
|
self._strength_bar.add_offset_value("medium", 3)
|
|
self._strength_bar.add_offset_value("high", 4)
|
|
self._strength_bar.add_offset_value("full", 4)
|
|
|
|
# Configure the password policy, if available. Otherwise use defaults.
|
|
self.policy = self.data.anaconda.pwpolicy.get_policy("luks")
|
|
if not self.policy:
|
|
self.policy = self.data.anaconda.PwPolicyData()
|
|
|
|
# These will be set up later.
|
|
self._pwq = None
|
|
self._pwq_error = None
|
|
self.passphrase = ""
|
|
|
|
# the passphrase confirmation needs to be checked whenever either of the password
|
|
# fields change. attach to the confirm field and check changes to the
|
|
# password field in on_passphrase_changed
|
|
self._passphrase_match_check = self.add_check(self._confirm_entry, self._checkMatch)
|
|
self._strength_check = self.add_check(self._passphrase_entry, self._checkStrength)
|
|
self._ascii_check = self.add_check(self._passphrase_entry, self._checkASCII)
|
|
|
|
# set the visibility of the password entries
|
|
set_password_visibility(self._passphrase_entry, False)
|
|
set_password_visibility(self._confirm_entry, False)
|
|
|
|
def refresh(self):
|
|
super(PassphraseDialog, self).refresh()
|
|
|
|
# disable input methods for the passphrase Entry widgets
|
|
self._passphrase_entry.set_property("im-module", "")
|
|
self._confirm_entry.set_property("im-module", "")
|
|
|
|
# set up passphrase quality checker
|
|
self._pwq = pwquality.PWQSettings()
|
|
self._pwq.read_config()
|
|
self._pwq.minlen = self.policy.minlen
|
|
|
|
# initialize with the previously set passphrase
|
|
self.passphrase = self.data.autopart.passphrase
|
|
|
|
if not self.passphrase:
|
|
self._save_button.set_sensitive(False)
|
|
|
|
self._passphrase_entry.set_text(self.passphrase)
|
|
self._confirm_entry.set_text(self.passphrase)
|
|
|
|
self._update_passphrase_strength()
|
|
|
|
# Update the check states
|
|
self._passphrase_match_check.update_check_status()
|
|
self._strength_check.update_check_status()
|
|
self._ascii_check.update_check_status()
|
|
|
|
def run(self):
|
|
self.refresh()
|
|
self.window.show_all()
|
|
|
|
while True:
|
|
rc = self.window.run()
|
|
if rc == 1:
|
|
# Force an update of all the checks and then see what set_status
|
|
# did to the sensitivity of the save button
|
|
for check in self.checks:
|
|
check.update_check_status.run_now()
|
|
|
|
if self._save_button.get_sensitive():
|
|
# Input ok, save the passphrase
|
|
self.passphrase = self._passphrase_entry.get_text()
|
|
break
|
|
else:
|
|
# Input not ok, try again
|
|
continue
|
|
else:
|
|
# Cancel, destroy the window
|
|
break
|
|
|
|
self.window.destroy()
|
|
return rc
|
|
|
|
def _update_passphrase_strength(self):
|
|
passphrase = self._passphrase_entry.get_text()
|
|
strength = 0
|
|
self._pwq_error = ""
|
|
try:
|
|
strength = self._pwq.check(passphrase, None, None)
|
|
except pwquality.PWQError as e:
|
|
self._pwq_error = e.args[1]
|
|
|
|
if strength < 50:
|
|
val = 1
|
|
text = _("Weak")
|
|
elif strength < 75:
|
|
val = 2
|
|
text = _("Fair")
|
|
elif strength < 90:
|
|
val = 3
|
|
text = _("Good")
|
|
else:
|
|
val = 4
|
|
text = _("Strong")
|
|
|
|
self._strength_bar.set_value(val)
|
|
self._strength_label.set_text(text)
|
|
|
|
def set_status(self, inputcheck):
|
|
# Set the warning message with the result from the first failed check
|
|
failed_check = next(self.failed_checks_with_message, None)
|
|
|
|
if failed_check:
|
|
result_icon, result_message = failed_check.check_status
|
|
self._passphrase_warning_image.set_from_icon_name(result_icon, Gtk.IconSize.BUTTON)
|
|
self._passphrase_warning_label.set_text(result_message)
|
|
really_show(self._passphrase_warning_image)
|
|
really_show(self._passphrase_warning_label)
|
|
else:
|
|
really_hide(self._passphrase_warning_image)
|
|
really_hide(self._passphrase_warning_label)
|
|
|
|
# The save button should only be sensitive if the match check passes
|
|
if self._passphrase_match_check.check_status == InputCheck.CHECK_OK and \
|
|
(not self.policy.strict or self._strength_check.check_status == InputCheck.CHECK_OK):
|
|
self._save_button.set_sensitive(True)
|
|
else:
|
|
self._save_button.set_sensitive(False)
|
|
|
|
def _checkASCII(self, inputcheck):
|
|
passphrase = self.get_input(inputcheck.input_obj)
|
|
|
|
if passphrase and any(char not in PW_ASCII_CHARS for char in passphrase):
|
|
return ("dialog-warning", _("Passphrase contains non-ASCII characters"))
|
|
else:
|
|
return InputCheck.CHECK_OK
|
|
|
|
def _checkStrength(self, inputcheck):
|
|
if self._pwq_error:
|
|
return ("dialog-error", _(ERROR_WEAK) % self._pwq_error)
|
|
else:
|
|
return InputCheck.CHECK_OK
|
|
|
|
def _checkMatch(self, inputcheck):
|
|
passphrase = self._passphrase_entry.get_text()
|
|
confirm = self._confirm_entry.get_text()
|
|
if passphrase != confirm:
|
|
result = ("dialog-error", _(ERROR_NOT_MATCHING))
|
|
else:
|
|
result = InputCheck.CHECK_OK
|
|
|
|
return result
|
|
|
|
def on_passphrase_changed(self, entry):
|
|
self._update_passphrase_strength()
|
|
|
|
# Update the match check for changes in the main passphrase field
|
|
self._passphrase_match_check.update_check_status()
|
|
|
|
# Set the OK button to sensitive any time the passphrase or confirm
|
|
# entries change, so that the user can attempt to exit the dialog
|
|
# without waiting for the input validation timer
|
|
self._save_button.set_sensitive(True)
|
|
|
|
def on_confirm_changed(self, entry):
|
|
self._save_button.set_sensitive(True)
|
|
|
|
def on_entry_activated(self, entry):
|
|
if self._save_button.get_sensitive() and \
|
|
entry.get_text() == self._passphrase_entry.get_text():
|
|
self._save_button.emit("clicked")
|
|
|
|
def on_password_icon_clicked(self, entry, icon_pos, event):
|
|
"""Called by Gtk callback when the icon of a password entry is clicked."""
|
|
set_password_visibility(entry, not entry.get_visibility())
|