Project

General

Profile

Bug #24600

Root password is sometimes not encrypted correctly

Added by Lukas Zapletal 4 months ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Category:
Host creation
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Looks like we use SecureRandom in BASE64 for random seed and when it contains plus + it breaks the crypt method:

>> x = SecureRandom.base64(6); puts x; "test".crypt("$5$#{x}")
ardeALd3
=> "$5$ardeALd3$Qok7xO6ConFcg0KasVX4FRrm/FNABHsL7h2xnNh0uo1" 

>> x = SecureRandom.base64(6); puts x; "test".crypt("$5$#{x}")
MWpOs+Y5
=> "*0" 

This is an ancient code in Foreman, root password had to “sometimes” set incorrectly when saved into database.

Linux crypt method accepts up to 16 characters long salt with characters [a-zA-Z0-9./] while base64 encoding creates [a-zA-Z0-9+=/]. This needs to be properly mapped. Maximum length without padding is 12 characters, therefore this is the suggested new salt.

Associated revisions

Revision 37c3ca54 (diff)
Added by Lukas Zapletal 4 months ago

Fixes #24600 - crypt salt is always valid

History

#1 Updated by The Foreman Bot 4 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/5944 added

#2 Updated by Tomer Brisker 4 months ago

  • Fixed in Releases 1.20.0 added

#3 Updated by Lukas Zapletal 4 months ago

  • Status changed from Ready For Testing to Closed

#4 Updated by Ivan Necas 3 months ago

SEO comment: I was this error message when hitting this issue:

Errno::EINVAL: Invalid argument - crypt

Perhaps it will help other folks finding solution when hitting similar problem :)

Also available in: Atom PDF