Project

General

Profile

Actions

Bug #33732

closed

The default password in settings is not encoded

Added by Richard Stempfl over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
High
Category:
API
Target version:
-
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

If i want to deploy a host via api the default password set in settings is not encoded in the template.
In the operating system i´ve set base64-windows as root password hash for my hosts, but it gets ignored when i use the api to deploy hosts. If i use the webgui it works fine.


Related issues 2 (0 open2 closed)

Related to Foreman - Bug #33811: Reprovisioning a host using new HostGroup does not inherit root password from the new HostGroupClosedDominik MatoulekActions
Related to Foreman - Refactor #34289: Remove workaround for root_password encodingClosedOndřej EzrActions
Actions #1

Updated by Richard Stempfl over 2 years ago

To better describe the error:

I have set a default password in the settings that will be used for new hosts.
I have set a password hash (Base64-windows) in the relevant OS (Windows)
When creating a host with this OS and the default password from the settings, the template for this host does not have a encoded password the password is in plain text.(Should be Base64-windows encoded)

The vm can not be installed completely with this because this OS expects a password encoded

This happens only if i create a host via api. (hammer & FAM & CURL)

If you go to "preview template" the rendered template shows:

                <AdministratorPassword>
                    <Value>PLAIN_TEXT_PASSWORD</Value>
                    <PlainText>false</PlainText>
                </AdministratorPassword>

Actions #2

Updated by Bernhard Suttner over 2 years ago

If you start a 'foreman-rake console' and analyze the root_pass.

Host created via GUI:
irb(main):008:0> gui_h.root_pass
=> "CCAGkAeBBhAHQAaQG4AEEAZABtZGkAbgBpAHM3dAByAGEAdABvAHIAUABAAHMAcwBEAG8AcgXkAC=="

Host created via API (hammer):
irb(main):009:0> api_h.root_pass
=> "plainpw"

Actions #3

Updated by Bernhard Suttner over 2 years ago

In case of API creation of host:

Found out that root_pass_changed? method https://github.com/theforeman/foreman/blob/develop/app/models/host/base.rb#L614 is false and therefore the method password_base64_encrypted? returns true -> password is already base64.

I would prefer to determine if string is base64 but this is not save - except we mark base64 encoded passwords with something like <b64> in the root_pass.

Actions #4

Updated by The Foreman Bot over 2 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Bernhard Suttner
  • Pull request https://github.com/theforeman/foreman/pull/8878 added
Actions #5

Updated by The Foreman Bot over 2 years ago

  • Fixed in Releases 3.1.0 added
Actions #6

Updated by Anonymous over 2 years ago

  • Status changed from Ready For Testing to Closed
Actions #7

Updated by Ondřej Ezr about 2 years ago

  • Related to Bug #33811: Reprovisioning a host using new HostGroup does not inherit root password from the new HostGroup added
Actions #8

Updated by Ondřej Ezr about 2 years ago

  • Related to Refactor #34289: Remove workaround for root_password encoding added
Actions

Also available in: Atom PDF