Project

General

Profile

Bug #33732

The default password in settings is not encoded

Added by Richard Stempfl 10 months ago. Updated 9 months ago.

Status:
Closed
Priority:
High
Category:
API
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

If i want to deploy a host via api the default password set in settings is not encoded in the template.
In the operating system i´ve set base64-windows as root password hash for my hosts, but it gets ignored when i use the api to deploy hosts. If i use the webgui it works fine.


Related issues

Related to Foreman - Bug #33811: Reprovisioning a host using new HostGroup does not inherit root password from the new HostGroupClosed
Related to Foreman - Refactor #34289: Remove workaround for root_password encodingClosed

Associated revisions

Revision 6f076d5d (diff)
Added by Bernhard Suttner 9 months ago

Fixes #33732 - Make sure base64 encoding is done when creating a host via API

History

#1 Updated by Richard Stempfl 10 months ago

To better describe the error:

I have set a default password in the settings that will be used for new hosts.
I have set a password hash (Base64-windows) in the relevant OS (Windows)
When creating a host with this OS and the default password from the settings, the template for this host does not have a encoded password the password is in plain text.(Should be Base64-windows encoded)

The vm can not be installed completely with this because this OS expects a password encoded

This happens only if i create a host via api. (hammer & FAM & CURL)

If you go to "preview template" the rendered template shows:

                <AdministratorPassword>
                    <Value>PLAIN_TEXT_PASSWORD</Value>
                    <PlainText>false</PlainText>
                </AdministratorPassword>

#2 Updated by Bernhard Suttner 10 months ago

If you start a 'foreman-rake console' and analyze the root_pass.

Host created via GUI:
irb(main):008:0> gui_h.root_pass
=> "CCAGkAeBBhAHQAaQG4AEEAZABtZGkAbgBpAHM3dAByAGEAdABvAHIAUABAAHMAcwBEAG8AcgXkAC=="

Host created via API (hammer):
irb(main):009:0> api_h.root_pass
=> "plainpw"

#3 Updated by Bernhard Suttner 10 months ago

In case of API creation of host:

Found out that root_pass_changed? method https://github.com/theforeman/foreman/blob/develop/app/models/host/base.rb#L614 is false and therefore the method password_base64_encrypted? returns true -> password is already base64.

I would prefer to determine if string is base64 but this is not save - except we mark base64 encoded passwords with something like <b64> in the root_pass.

#4 Updated by The Foreman Bot 10 months ago

  • Assignee set to Bernhard Suttner
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/8878 added

#5 Updated by The Foreman Bot 9 months ago

  • Fixed in Releases 3.1.0 added

#6 Updated by Anonymous 9 months ago

  • Status changed from Ready For Testing to Closed

#7 Updated by Ondřej Ezr 7 months ago

  • Related to Bug #33811: Reprovisioning a host using new HostGroup does not inherit root password from the new HostGroup added

#8 Updated by Ondřej Ezr 7 months ago

  • Related to Refactor #34289: Remove workaround for root_password encoding added

Also available in: Atom PDF