Project

General

Profile

Actions
Copy link

Bug #24600

closed

Root password is sometimes not encrypted correctly

Added by Lukas Zapletal about 5 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Lukas Zapletal
Category:
Host creation
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/5944
Fixed in Releases:
1.20.0
Found in Releases:
Red Hat JIRA:

Description

Looks like we use SecureRandom in BASE64 for random seed and when it contains plus + it breaks the crypt method:

>> x = SecureRandom.base64(6); puts x; "test".crypt("$5$#{x}")
ardeALd3
=> "$5$ardeALd3$Qok7xO6ConFcg0KasVX4FRrm/FNABHsL7h2xnNh0uo1" 

>> x = SecureRandom.base64(6); puts x; "test".crypt("$5$#{x}")
MWpOs+Y5
=> "*0"

This is an ancient code in Foreman, root password had to “sometimes” set incorrectly when saved into database.

Linux crypt method accepts up to 16 characters long salt with characters [a-zA-Z0-9./] while base64 encoding creates [a-zA-Z0-9+=/]. This needs to be properly mapped. Maximum length without padding is 12 characters, therefore this is the suggested new salt.

Actions
Copy link
 #1

Updated by The Foreman Bot about 5 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/5944 added
Actions
Copy link
 #2

Updated by Tomer Brisker about 5 years ago

  • Fixed in Releases 1.20.0 added
Actions
Copy link
 #3

Updated by Lukas Zapletal about 5 years ago

  • Status changed from Ready For Testing to Closed
Actions
Copy link
 #4

Updated by Ivan Necas almost 5 years ago

SEO comment: I was this error message when hitting this issue:

Errno::EINVAL: Invalid argument - crypt

Perhaps it will help other folks finding solution when hitting similar problem :)

Actions
Copy link

Also available in: Atom PDF