Bug #24600
Root password is sometimes not encrypted correctly
Pull request:
Fixed in Releases:
Found in Releases:
Description
Looks like we use SecureRandom in BASE64 for random seed and when it contains plus + it breaks the crypt method:
>> x = SecureRandom.base64(6); puts x; "test".crypt("$5$#{x}") ardeALd3 => "$5$ardeALd3$Qok7xO6ConFcg0KasVX4FRrm/FNABHsL7h2xnNh0uo1" >> x = SecureRandom.base64(6); puts x; "test".crypt("$5$#{x}") MWpOs+Y5 => "*0"
This is an ancient code in Foreman, root password had to “sometimes” set incorrectly when saved into database.
Linux crypt method accepts up to 16 characters long salt with characters [a-zA-Z0-9./]
while base64 encoding creates [a-zA-Z0-9+=/]
. This needs to be properly mapped. Maximum length without padding is 12 characters, therefore this is the suggested new salt.
Associated revisions
History
#1
Updated by The Foreman Bot over 1 year ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/5944 added
#2
Updated by Tomer Brisker over 1 year ago
- Fixed in Releases 1.20.0 added
#3
Updated by Lukas Zapletal over 1 year ago
- Status changed from Ready For Testing to Closed
Applied in changeset 37c3ca544d03638227c65b03102cbbc6afc1ead5.
#4
Updated by Ivan Necas about 1 year ago
SEO comment: I was this error message when hitting this issue:
Errno::EINVAL: Invalid argument - crypt
Perhaps it will help other folks finding solution when hitting similar problem :)
Fixes #24600 - crypt salt is always valid