Project

General

Profile

Bug #24600

Root password is sometimes not encrypted correctly

Added by Lukas Zapletal 10 months ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Category:
Host creation
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Looks like we use SecureRandom in BASE64 for random seed and when it contains plus + it breaks the crypt method:

>> x = SecureRandom.base64(6); puts x; "test".crypt("$5$#{x}")
ardeALd3
=> "$5$ardeALd3$Qok7xO6ConFcg0KasVX4FRrm/FNABHsL7h2xnNh0uo1" 

>> x = SecureRandom.base64(6); puts x; "test".crypt("$5$#{x}")
MWpOs+Y5
=> "*0" 

This is an ancient code in Foreman, root password had to “sometimes” set incorrectly when saved into database.

Linux crypt method accepts up to 16 characters long salt with characters [a-zA-Z0-9./] while base64 encoding creates [a-zA-Z0-9+=/]. This needs to be properly mapped. Maximum length without padding is 12 characters, therefore this is the suggested new salt.

Associated revisions

Revision 37c3ca54 (diff)
Added by Lukas Zapletal 10 months ago

Fixes #24600 - crypt salt is always valid

History

#1 Updated by The Foreman Bot 10 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/5944 added

#2 Updated by Tomer Brisker 10 months ago

  • Fixed in Releases 1.20.0 added

#3 Updated by Lukas Zapletal 10 months ago

  • Status changed from Ready For Testing to Closed

#4 Updated by Ivan Necas 9 months ago

SEO comment: I was this error message when hitting this issue:

Errno::EINVAL: Invalid argument - crypt

Perhaps it will help other folks finding solution when hitting similar problem :)

Also available in: Atom PDF