Project

General

Profile

Bug #11715

Base64 encoded Passwords get re-encoded on unattended/built call

Added by Nils Domrose over 7 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Tom Caspy
Category:
Host creation
Target version:
1.9.2
Difficulty:
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/2695
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Base64 encoded Passwords (i.e. used for windows template deployments) get re-encoded after a call to the built URL is made resulting in Base64 in Base64 encoded passwords.

Steps to reproduce:
  • create a operatingsystem with hash type base64
  • create a machine and set a password
  • as long as the machine is in status "build" the root_pass is only encoded once.
  • If a call to unattended/built is made, the root_pass is base64 encoded twice.

This is normally not a problem but I think it is not an intended behaviour.

Related issues

Related to Foreman - Feature #8890: Allow selection of plaintext "encryption" method for root passwordClosed2015-01-09

Associated revisions

Revision 75dc676f (diff)
Added by Tom Caspy over 7 years ago

fixes #11715 - base64 encoded passwords must not be reencoded

Revision 2011492b (diff)
Added by Tom Caspy over 7 years ago

fixes #11715 - base64 encoded passwords must not be reencoded

(cherry picked from commit 75dc676fe960d42b1e591b15d68ae6bfababc4a5)

History

#1 Updated by Dominic Cleal over 7 years ago

  • Related to Feature #8890: Allow selection of plaintext "encryption" method for root password added

#2 Updated by Dominic Cleal over 7 years ago

  • Category set to Host creation

Looks like a bug in the host which calls the crypt method. It normally checks for a regular crypt call if the password already has a $..$ type form, but obviously, that won't work for plain base64 so it's calling crypt each time the host is edited.

#3 Updated by larry campbell over 7 years ago

Thanks for writing this up Nils. Is there a suggestion for a workaround until something gets merged in? Right now we're having to hard-code a default password in the template, then change it later with puppet which is not ideal.

#4 Updated by Tom Caspy over 7 years ago

  • Assignee set to Tom Caspy

#5 Updated by The Foreman Bot over 7 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/2695 added
  • Pull request deleted ()

#6 Updated by Tom Caspy over 7 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#7 Updated by Dominic Cleal over 7 years ago

  • Legacy Backlogs Release (now unused) set to 88

Also available in: Atom PDF