Some months ago, I started working on this part, but it didn't go far, and I abandonned it mainly because of a lack of time. I'd like to take some time to work on it again, this time until it (hopefully) gets accepted into Grub2. I'll try in this mail to describe how I propose to implement these 2 features. All comments, remarks will be highly appreciated.
What is needed / wanted ? All functions of Grub legacy should be offered. The authentication should be made extensible, in order to easily support various kind of authentication: password-based, network-based, two-factor, or any fancy authentication method one would think of. In order to achieve this, I propose to implement the following infrastructure: An "authentication" module. It would be in charge of: - (un)registering authentication methods, - managing user authentication state, - storing defined authentication data. This module would manage only one authentication challenge at a time. - asking the authentication method for user credential to check against authentication data when and as required. Several "authentication method". These modules would implement various authentication methods. An authentication method would be in charge of storing authentication data (whatever it is), asking user credentials, comparing user input to authentication data and deciding whether the user succeeded or failed. I am thinking of implementing, as a start: - Plain text password: insecure, but very easy to implement, and can be useful for tests, and would ensure compatibility with Grub Legacy. - MD5 summed password. More secure, and required for compatibility with Grub Legacy - probably also SHA-256: Even more secure since MD5 collisions exist. An "authentication_data" structure, It would store data relative to the authentication challenge (data used by the authentication module, and opaque data used and controlled by the authentication method). For example: plain text password, MD5 hash, a public RSA key read from a file specified in the grub configuration file, etc) Two new Grub 2 commands: lock and password. These commands, along with parameters, and use cases are describes below. The password command: This command would register an authentication challenge in the authentication module. The call to this command in transparent to the user (nothing displayed on screen, no user interaction needed). The command parameters would be: password --type AUTH_METHOD_NAME [authentication method parameters] The AUTH_METHOD_NAME parameter is used to call the authentication method handler that registered with this name. It could be, for example "plain" for plain texts, "md5", "sha256", etc. Then, the authentication method would be called to set up an "authentication_data" structure. It would be passed all the [authentication method parameters] in order to fill the opaque data in the structure. The lock command: This command would block the execution of the script until the user correctly authenticate. If the user correctly authenticated previously, and the password had not been changed (via a password command) since, then the lock command would return without locking the user again. I imagine two uses of the lock command: Firstly alone, with no additional parameter. This would use the latest defined authentication data. Or with the same exact syntax as the password command. This would lead to the following syntax: lock [--type AUTH_METHOD_NAME [authentication method parameters]] -- Julien RANC [EMAIL PROTECTED] _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
