From 237a0e61e249e4053120f55695ac45b3ae7b0297 Mon Sep 17 00:00:00 2001 From: Josselin Poiret Date: Sat, 15 Jan 2022 14:50:10 +0100 Subject: installer: Turn passwords into opaque records. * gnu/installer/user.scm (, secret?, make-secret, secret-content): Add opaque record that boxes its contents, with a custom printer that doesn't display anything. * gnu/installer/newt/user.scm (run-user-add-page, run-user-page): Box it. * gnu/installer/final.scm (create-user-database): Unbox it. Signed-off-by: Mathieu Othacehe --- gnu/installer/final.scm | 5 +++-- gnu/installer/newt/user.scm | 6 +++--- gnu/installer/user.scm | 19 ++++++++++++++++++- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/gnu/installer/final.scm b/gnu/installer/final.scm index 63e5073ff4..2087536502 100644 --- a/gnu/installer/final.scm +++ b/gnu/installer/final.scm @@ -85,8 +85,9 @@ USERS." (uid (if root? 0 #f)) (home-directory (user-home-directory user)) - (password (crypt (user-password user) - (salt))) + (password (crypt + (secret-content (user-password user)) + (salt))) ;; We need a string here, not a file-like, hence ;; this choice. diff --git a/gnu/installer/newt/user.scm b/gnu/installer/newt/user.scm index 97141cfe64..7c1cc2249d 100644 --- a/gnu/installer/newt/user.scm +++ b/gnu/installer/newt/user.scm @@ -143,7 +143,7 @@ REAL-NAME, and HOME-DIRECTORY as the initial values in the form." (name name) (real-name real-name) (home-directory home-directory) - (password password)) + (password (make-secret password))) (run-user-add-page #:name name #:real-name real-name #:home-directory @@ -266,7 +266,7 @@ administrator (\"root\").") (map (lambda (name real-name home password) (user (name name) (real-name real-name) (home-directory home) - (password password))) + (password (make-secret password)))) names real-names homes passwords)))))) (lambda () (destroy-form-and-pop form)))))) @@ -274,5 +274,5 @@ administrator (\"root\").") ;; Add a "root" user simply to convey the root password. (cons (user (name "root") (home-directory "/root") - (password (run-root-password-page))) + (password (make-secret (run-root-password-page)))) (run '()))) diff --git a/gnu/installer/user.scm b/gnu/installer/user.scm index 4e701e64ce..c894a91dc8 100644 --- a/gnu/installer/user.scm +++ b/gnu/installer/user.scm @@ -19,7 +19,14 @@ (define-module (gnu installer user) #:use-module (guix records) #:use-module (srfi srfi-1) - #:export ( + #:use-module (srfi srfi-9) + #:use-module (srfi srfi-9 gnu) + #:export ( + secret? + make-secret + secret-content + + user make-user user-name @@ -30,6 +37,16 @@ users->configuration)) +(define-record-type + (make-secret content) + secret? + (content secret-content)) + +(set-record-type-printer! + + (lambda (secret port) + (format port ""))) + (define-record-type* user make-user user? -- cgit 1.4.1