Project

General

Profile

Actions

Bug #24600

closed

Root password is sometimes not encrypted correctly

Added by Lukas Zapletal almost 6 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Category:
Host creation
Target version:
-
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

Looks like we use SecureRandom in BASE64 for random seed and when it contains plus + it breaks the crypt method:

>> x = SecureRandom.base64(6); puts x; "test".crypt("$5$#{x}")
ardeALd3
=> "$5$ardeALd3$Qok7xO6ConFcg0KasVX4FRrm/FNABHsL7h2xnNh0uo1" 

>> x = SecureRandom.base64(6); puts x; "test".crypt("$5$#{x}")
MWpOs+Y5
=> "*0" 

This is an ancient code in Foreman, root password had to “sometimes” set incorrectly when saved into database.

Linux crypt method accepts up to 16 characters long salt with characters [a-zA-Z0-9./] while base64 encoding creates [a-zA-Z0-9+=/]. This needs to be properly mapped. Maximum length without padding is 12 characters, therefore this is the suggested new salt.

Actions #1

Updated by The Foreman Bot almost 6 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/5944 added
Actions #2

Updated by Tomer Brisker almost 6 years ago

  • Fixed in Releases 1.20.0 added
Actions #3

Updated by Lukas Zapletal almost 6 years ago

  • Status changed from Ready For Testing to Closed
Actions #4

Updated by Ivan Necas almost 6 years ago

SEO comment: I was this error message when hitting this issue:

Errno::EINVAL: Invalid argument - crypt

Perhaps it will help other folks finding solution when hitting similar problem :)

Actions

Also available in: Atom PDF