Bug #24600
Root password is sometimes not encrypted correctly
Description
Looks like we use SecureRandom in BASE64 for random seed and when it contains plus + it breaks the crypt method:
>> x = SecureRandom.base64(6); puts x; "test".crypt("$5$#{x}")
ardeALd3
=> "$5$ardeALd3$Qok7xO6ConFcg0KasVX4FRrm/FNABHsL7h2xnNh0uo1"
>> x = SecureRandom.base64(6); puts x; "test".crypt("$5$#{x}")
MWpOs+Y5
=> "*0"
This is an ancient code in Foreman, root password had to “sometimes” set incorrectly when saved into database.
Linux crypt method accepts up to 16 characters long salt with characters [a-zA-Z0-9./] while base64 encoding creates [a-zA-Z0-9+=/]. This needs to be properly mapped. Maximum length without padding is 12 characters, therefore this is the suggested new salt.
Associated revisions
History
#1
Updated by The Foreman Bot about 1 year ago
Updated by - Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/5944 added
#2
Updated by Tomer Brisker about 1 year ago
Updated by - Fixed in Releases 1.20.0 added
#3
Updated by Lukas Zapletal about 1 year ago
Updated by - Status changed from Ready For Testing to Closed
Applied in changeset 37c3ca544d03638227c65b03102cbbc6afc1ead5.
#4
Updated by Ivan Necas 11 months ago
Updated by SEO comment: I was this error message when hitting this issue:
Errno::EINVAL: Invalid argument - crypt
Perhaps it will help other folks finding solution when hitting similar problem :)
Fixes #24600 - crypt salt is always valid